[Samba] pam_winbind didn't work after DC restarted, had to restart winbindd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, this night our DC was restarted (controlled), however my debian machine with samba 3.0.22 stopped doing authentication on all services relying on pam_winbind. I traced it back that winbindd, for some reason, didn't worked properly anymore. All I got in the log was a message from pam_winbindd: Sep 1 07:23:17 entwicklung pam_winbind[15896]: request failed: Invalid computer name, PAM error was 4, NT error was NT_STATUS_INVALID_COMPUTER_NAME Sep 1 07:23:17 entwicklung pam_winbind[15896]: internal module error (retval = 4, user = `markus') I got this two entries every time I tried to authenticate. After I stopped and restarted winbindd it worked without problems. Is there anything which an be done to prevent winbindd from stop working after the DC restarted? thanks, - - Markus -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE98WT1nS0RcInK9ARAjVdAKCMEpaDpXQNsBv2WVox3JfVgECw0gCg170u XhfPDB90tP2HVgZ1ZcVPo14= =bOoS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer Properties Don't Work After Update
On Thu, 2006-08-31 at 21:46 +, John Goerzen wrote: > We recently migrated our Samba server to Samba 3.0.22 and Cups 1.2.2, > running on Debian. > > Since the migration, we have noticed an odd problem: Windows clients > that hit the Properties box in their print dialog, then navigate over to > the Driver Settings tab (the one with all the settings from the cups PPD > file), and make changes, will have those changes ignored. That means > that people can't enable things like Duplex printing, etc. We have > tried this with both the vendor driver and the CUPS driver going through > Samba, and have problems with both. Setting these options coming from > pure Linux clients to the CUPS server works fine. This is a bug in CUPS, which should be fixed when 1.2.3 is released. http://www.cups.org/str.php?L1839 Cheers, Kevin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [SOLVED (well, the ntlmssp part)] RE: mod_ntlm_winbind / Apache2
On Tue, 2006-08-29 at 20:33 +0930, Kevin Shanahan wrote: > I'm trying to set up Apache2 with mod_ntlm_winbind so our Windows users > can log onto our Intranet automatically without having to type in their > username / password. > > I've gotten part of the way there, but things aren't behaving the way > I'd like/expect. So far, I've been able to log on using Firefox but only > with the password dialog popping up, and then only if I enter my > username as DOMAIN\username. Okay, I found out the issue with Firefox was just a client configuration issue. Firefox needs to have the intranet uri added to the network.automatic-ntlm-auth.trusted-uris setting in about:config. The issue with IE6 turned out to be Debian's mod_ssl config file disabling keepalive for all user agents matching '.*MSIE.*'. Once that was removed, it works fine. > > NTLMAuth on > NTLMBasicAuthoritative on > NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" > AuthType NTLM > AuthName "NTLM Authentication Test" > require valid-user > This config is now working, but there are still problems if I add spnego. IE6 seems to respond to the "WWW-Authenticate: Negotiate" reply from apache with an NTLMSSP challenge. Haven't figured that one out yet. Regards, Kevin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Installing Samba4
"Montervino, Mariano" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] We have trouble installing samba4 and we can´t found documentation about setup, join domains, etc... Is this is a test installation? No production grade version of Samba 4 has been released. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Domain SID does not match built in domain groups' SIDs...
>>Would remapping them correct the SIDs? Can I just >>use a LDAP editor and >>manually change the SID to what it should be without >>screwing up other >>things? To my understanding, all the important Samba >>data is stored in >>LDAP. So I shouldn't have to worry about the >>contents of smbpasswd, >>secrets.tdb, or anything of that nature, right? >>Given I can just edit the SIDs, I do know that I may >>have to restart the >>SMB daemon, rejoin some users to groups, correct >>the local >>administrators group on workstations, etc. I >>understand the clean up, I >>don't want to ruin anything else that's not a simple text >>edit or >>command call. There is a utility that allows you to change the domain's SID. Search the archives and the documentation for "net setlocalsid" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printer Properties Don't Work After Update
Hello, We recently migrated our Samba server to Samba 3.0.22 and Cups 1.2.2, running on Debian. Since the migration, we have noticed an odd problem: Windows clients that hit the Properties box in their print dialog, then navigate over to the Driver Settings tab (the one with all the settings from the cups PPD file), and make changes, will have those changes ignored. That means that people can't enable things like Duplex printing, etc. We have tried this with both the vendor driver and the CUPS driver going through Samba, and have problems with both. Setting these options coming from pure Linux clients to the CUPS server works fine. I couldn't find anything in my logs, and google hasn't been helpful either. As far as I know, our CUPS and Samba are set up exactly as suggested in the Samba docs (and we're of course using cupsaddsmb). Any ideas? -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rev #2 of the 3.02.3c patch
From: "Greg Freemyer" <[EMAIL PROTECTED]> Thanks for all your and the team's hard work! Now if Lars will just build the 3.0.23c binaries for SuSE, well be in great shape. I still can't figure out how to get it to compile with all the options he has in the SuSE spec file. Oh well David, I have not been following this too closely, but your comment caught my eye. Have you experimented with rpmbuild? For this situation I think you would just get the old 3.0.23b source rpm from lars. then rpmbuild -bp # this will extract the 23b source and apply any suse specific patches. apply the 3.0.23c patch to the source rpmbuild -bc # this will compile the patched code with the suse options rpmbuild -bi# This should install the compiled code I did not test the above process, but I've used rpmbuild -bb before to back compile suse factory code to a released distro. I did not have any issues. Greg Greg, Thanks! I have thought about doing the rpmbuild, but I hadn't had the time to figure out how to get the patched source into the source rpm other than patching it and then zipping the source up and moving it to the SOURCE directory and then doing a rpmbuild --rebuild on the .srpm. Thanks, I'll give it a try -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows SID are unknown for a samba member server?
On Thu, 31 Aug 2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Lazarevich wrote: testparm on smb.conf is fine: [EMAIL PROTECTED] lib]# testparm Load smb config files from /usr/local/encap/samba-3.0.23a/lib/smb.conf Processing section "[homes]" Processing section "[staff]" Processing section "[users]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER This is wrong for security = server. What version are you running ? I'd also suggest security = domain instead. We run samba 3.0.23a. Looking at smb.conf man pages, maybe you are right. Security = server has worked great for us for years, and it still works fine in older versions of samba. We don't want our samba servers to be domain members, we just want them to auth to an NT4 PDC. That's what I thought security = server was supposed to do. But maybe a switch to security = domain will fix our SID problems. What is odd is that the samba server that does NOT have this SID problem (RHEL3-AS x86, running the stock redhat RPM [samba-3.0.9-1.3E.10]) also reports back a testparm of the same thing: [EMAIL PROTECTED] root]# testparm Load smb config files from /etc/samba/smb.conf Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER The smb.conf here is: [global] server string = Samba server interfaces = x wins server = x domain master = no domain logons = no preferred master = no netbios name = hostname announce version = 1.0 getwd cache = yes wide links = yes preserve case = yes load printers = no password level = 8 security = server password server = IP of NT4 PDC workgroup = DUDESDOMAIN time server = no #status = yes encrypt passwords = yes socket options = TCP_NODELAY IPTOS_LOWDELAY hosts allow = xxx log file = /var/log/samba/hostname-samba.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] DOS client cannot execute BATCH file on samba share
On Thu, Aug 31, 2006 at 04:21:52PM -0300, Roberto João Lopes Garcia wrote: > Here is the logs > > I do not know samba insides and could not find any info that help-me solve > the problem. > > Maybe some one can help > > Please note: From DOS I can type, dir and copy the test Z:\T.BAT file but can > not execute it. > > I did the follow. > > 1 - Setup a single share and mount it on a PC DOS 6 MSLANMAN as Z: > 2 - Create, from PC DOS, a single T.BAT file in Z:\ > 3 - At the especified time run, from PC DOS, Z:\T.BAT and record the LOG FILE > > DOS REPORT: Invalid command or file-name > > I did it for debug level 3, 6 and 10. > > ERRO_DOS_D3 == log level 3. Comand start at [2006/08/31 15:37:40, 3] > ERRO_DOS_D6 == log level 6. Comand start at [2006/08/31 15:42:00, 6] > ERRP_DOS_D10 == log level 10. Comand start at [2006/08/31 15:31:00, 5] Please log this as a bug report with bugzilla.samba.org, I don't need anything bug the debug level 10 log please - plus the smb.conf would also help. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Follow-Up] Domain login - XP 64 -> Samba
On Friday 01 September 2006 00:28, Michael Gasch wrote: > hi list, > > just read this http://www.gatago.com/linux/samba/14522736.html and > this seems to be my solution 'cause i'm also hitting the same > problem. unfortunately i can't use original debian packages anymore, > because they seem to not integrate the patch, yet (still sub-releases > of 3.0.14). or does anyone made other experiences? seems like not > many people are using x64 win xp. i think i have to use sernet > packages and upgrade to 3.0.21c. > > any comments/ideas/help appreciated! > > greez I ran a Samba 3.0.22 PDC and used a WinXP x64 client. I managed to join the domain fine. I encountered issues with Roaming Profiles at first. Windows couldn't find the profile on the Samba server. I was following the steps in Using Samba, 2nd Edition. I managed to solve the issue in a few hours. That's the only problem I faced with x64. I'm on Gentoo btw. The package I have installed is samba-3.0.22-r3 -- Mrugesh Karnik GPG Key 0xBA6F1DA8 Public key on http://wwwkeys.pgp.net pgpcIdNAcSaw8.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] DOS client cannot execute BATCH file on samba share
Here is the logs I do not know samba insides and could not find any info that help-me solve the problem. Maybe some one can help Please note: From DOS I can type, dir and copy the test Z:\T.BAT file but can not execute it. I did the follow. 1 - Setup a single share and mount it on a PC DOS 6 MSLANMAN as Z: 2 - Create, from PC DOS, a single T.BAT file in Z:\ 3 - At the especified time run, from PC DOS, Z:\T.BAT and record the LOG FILE DOS REPORT: Invalid command or file-name I did it for debug level 3, 6 and 10. ERRO_DOS_D3 == log level 3. Comand start at [2006/08/31 15:37:40, 3] ERRO_DOS_D6 == log level 6. Comand start at [2006/08/31 15:42:00, 6] ERRP_DOS_D10 == log level 10. Comand start at [2006/08/31 15:31:00, 5] Thank you Roberto at 11:44 31-08-2006, Miguel Da Silva - Servicio de Informát wrote: >Roberto João Lopes Garcia wrote: >>Hi >>I just upgrade from 3.0.13 to samba 3.0.23b and after upgrade DOS Lanman >>Clients could not execute BATCH or EXE files stored on a samba share. >>Client can see, type and copy the file but cannot execute ! It can execute >>the batch file copy to C: >>I dig a little and found: >>http://lists.samba.org/archive/samba/1997-November/004734.html >> >>>Further investigation has revealed that it seems this error is caused by >>>the fact that smbd is unable to update the file access time, as the error >>>happens within file_utime(). What I don't get is: Why does WinZip run? >>>The files and directories have the same permissions... Strange >>So I try to disable dos filetimes >> dos filetimes = no >>But did not work. >>I'm now seting up a server for test and see more debug messages. >>Please, some one could help me? >>Thank you >>Roberto > >No error messages in the logs? > >Greetings. > >-- >Miguel Da Silva. >Servicio de Informatica. >Facultad de Ciencias. >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba [2006/08/31 15:37:40, 3] smbd/process.c:process_smb(1110) Transaction 17 of length 54 [2006/08/31 15:37:40, 3] smbd/process.c:switch_message(914) switch message SMBsearch (pid 26532) conn 0x9940f20 [2006/08/31 15:37:40, 3] smbd/dir.c:dptr_create(511) creating new dirptr 2 for path ., expect_close = 0 [2006/08/31 15:37:40, 3] smbd/dir.c:get_dir_entry(816) get_dir_entry mask=[T.BAT] found ./t.bat fname=t.bat [2006/08/31 15:37:40, 3] smbd/process.c:process_smb(1110) Transaction 18 of length 69 [2006/08/31 15:37:40, 3] smbd/process.c:switch_message(914) switch message SMBsearch (pid 26532) conn 0x9940f20 [2006/08/31 15:37:40, 3] smbd/dir.c:dptr_fetch(696) fetching dirptr 2 for path . at offset 1145375056 [2006/08/31 15:37:40, 3] smbd/error.c:error_packet(162) error packet at smbd/reply.c(1245) cmd=129 (SMBsearch) eclass=1 ecode=18 [2006/08/31 15:41:17, 5] lib/util.c:show_msg(488) size=45 smb_com=0x80 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=128 smb_flg2=1 smb_tid=1 smb_pid=4331 smb_uid=100 smb_mid=888 smt_wct=5 smb_vwv[ 0]=65535 (0x) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]=65535 (0x) smb_vwv[ 4]=0 (0x0) smb_bcc=0 [2006/08/31 15:42:00, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x32 [2006/08/31 15:42:00, 3] smbd/process.c:process_smb(1110) Transaction 7 of length 54 [2006/08/31 15:42:00, 5] lib/util.c:show_msg(478) [2006/08/31 15:42:00, 5] lib/util.c:show_msg(488) size=50 smb_com=0x81 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=1 smb_tid=1 smb_pid=4331 smb_uid=100 smb_mid=896 smt_wct=2 smb_vwv[ 0]= 47 (0x2F) smb_vwv[ 1]= 19 (0x13) smb_bcc=11 [2006/08/31 15:42:00, 3] smbd/process.c:switch_message(914) switch message SMBsearch (pid 26600) conn 0x8d88648 [2006/08/31 15:42:00, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/08/31 15:42:00, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "T.BAT" [2006/08/31 15:42:00, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = T.BAT, dirpath = , start = T.BAT [2006/08/31 15:42:00, 5] smbd/statcache.c:stat_cache_add(140) stat_cache_add: Added entry (8d22d20:size6) T.BAT -> t.bat [2006/08/31 15:42:00, 5] smbd/statcache.c:stat_cache_add(140) stat_cache_add: Added entry (8d22d20:size6) T.BAT -> t.bat [2006/08/31 15:42:00, 5] smbd/filename.c:unix_convert(400) conversion finished T.BAT -> t.bat [2006/08/31 15:42:00, 5] smbd/dir.c:dptr_create(391) dptr_create dir=. [2006/08/31 15:42:00, 3] smbd/dir.c:dptr_create(511) creating new dirptr 2 for path ., expect_close = 0 [2006/08/31 15:42:00, 4] smbd/reply.c:reply_search(1186) dptr_num is 2 [2006/08/31 15:42:00, 6] smbd/dir.c:get_dir_entry(775) readdir on dirptr 0x8d82b80 now at offset 0 [2006/08/31 15:42:00, 5] smbd/mangle_hash.c:name_map(615) name_map( ., need83 = True, cache83 = False) [2006/08/31 15:42:00, 5] smbd/mangle_hash.c:name_map(641) name_map()
Re: [Samba] Rev #2 of the 3.02.3c patch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: >Downloaded the patch and installed it. Mandriva 2005LE. ... > >All went well > >For my simple non-domain; non-winbind setup > using smbpasswd; all looks great! Samba works like > it should and I can connect. I just fixed one small bug. So the final 3.0.23c will be slightly better than the patch. We'll still on track for 3.0.23c tomorrow. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9z0oIR7qMdg1EfYRArWeAKDqNtsV8py+e48yGrBm1K/JTLFO3ACg7qMh yEJwg/5nO0KO9ovcI/EWORo= =KMPw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rev #2 of the 3.02.3c patch
Thanks for all your and the team's hard work! Now if Lars will just build the 3.0.23c binaries for SuSE, well be in great shape. I still can't figure out how to get it to compile with all the options he has in the SuSE spec file. Oh well -- David C. Rankin, J.D., P.E. David, I have not been following this too closely, but your comment caught my eye. Have you experimented with rpmbuild? For this situation I think you would just get the old 3.0.23b source rpm from lars. then rpmbuild -bp # this will extract the 23b source and apply any suse specific patches. apply the 3.0.23c patch to the source rpmbuild -bc # this will compile the patched code with the suse options rpmbuild -bi# This should install the compiled code I did not test the above process, but I've used rpmbuild -bb before to back compile suse factory code to a released distro. I did not have any issues. Greg -- Greg Freemyer The Norcross Group Forensics for the 21st Century -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rev #2 of the 3.02.3c patch
From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> Folks, I've uploaded the *final* 3.0.23c roll up patch to http://samba.org/~jerry/patches/patch-3.0.23b-3.0.23c-gwc-2.diffs.gz. I've already cut the 3.0.23c tarballs so unless there is a major problem, this will be the final change set. Please report *any* bugs that you find. I'd like to wrap this one up and do the public 3.0.23c release on Friday. Jerry, Downloaded the patch and installed it. Mandriva 2005LE. (I applied it to a fresh source of 3.0.23b because patch kept complaining when I tried to apply it over the gwc-1.diffs patched source) ./configure --prefix=/usr --infodir=/usr/share --mandir=/usr/share --with-configdir=/etc/samba --enable-cups --with-privatedir=/etc/samba --with-automount --with-smbmount make proto make make install /etc/rc.d/init.d/smb restart All went well For my simple non-domain; non-winbind setup using smbpasswd; all looks great! Samba works like it should and I can connect. My setup (from testparm): [global] workgroup = RB_LAW server string = Samba Server %v map to guest = Bad User log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts bcast time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups show add printer wizard = No os level = 60 preferred master = Yes dns proxy = No wins support = Yes hosts allow = 192.168.7., 192.168.8., 127., 66.76.63.120 The confirmation: [EMAIL PROTECTED] source]# smbclient -U% -L localhost Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23c-gwc-2] Sharename Type Comment - --- office Disk Shared Office Files rankin Disk Rankin Law Firm PLLC allen Disk T Stefan Allen bertin Disk Darren Bertin guilloryDisk David Guillory jointcases Disk Joint Client Files lawtoolsDisk Case Development - Summation forms Disk Shared Forms and Briefs computerDisk Computer Drivers and Software closed Disk Closed Case Files print$ Disk pdf-gen Printer PDF Generator (only valid users) IPC$IPC IPC Service (Samba Server 3.0.23c-gwc-2) Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23c-gwc-2] Server Comment ---- BACKUP This is the backup computer BONZASamba Server 3.0.23c-gwc-2 CW-DESK cynthia desktop GUILLORY LISHALisha RANKIN-P35 P35-S629 Laptop RECEPTIONDell 2400 2.6 GHz SECRETARYFront Office TSA-LAPTOP stefan laptop WorkgroupMaster ---- RB_LAW BONZA Thanks for all your and the team's hard work! Now if Lars will just build the 3.0.23c binaries for SuSE, well be in great shape. I still can't figure out how to get it to compile with all the options he has in the SuSE spec file. Oh well -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows SID are unknown for a samba member server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Lazarevich wrote: >> testparm on smb.conf is fine: >> >> [EMAIL PROTECTED] lib]# testparm >> Load smb config files from /usr/local/encap/samba-3.0.23a/lib/smb.conf >> Processing section "[homes]" >> Processing section "[staff]" >> Processing section "[users]" >> Loaded services file OK. >> Server role: ROLE_DOMAIN_MEMBER This is wrong for security = server. What version are you running ? I'd also suggest security = domain instead. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9zOjIR7qMdg1EfYRAo15AJ9iUOUuGKYfBgqLJvQhYvK7DCouAwCfbrIC Z/PllrTZCt4sJNLsfvE4V7w= =LVcz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Follow-Up] Domain login - XP 64 -> Samba
hi list, just read this http://www.gatago.com/linux/samba/14522736.html and this seems to be my solution 'cause i'm also hitting the same problem. unfortunately i can't use original debian packages anymore, because they seem to not integrate the patch, yet (still sub-releases of 3.0.14). or does anyone made other experiences? seems like not many people are using x64 win xp. i think i have to use sernet packages and upgrade to 3.0.21c. any comments/ideas/help appreciated! greez -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbd panic on security = ADS
Brian Milco napisał(a): > I have a samba server that was updated to samba v3.0.22 and is not working. > > It is a fileserver for the network, it's a member of the ADS and it was > working perfectly up until saturday. > > It doesn't panic when I change security = ADS to security = server, > unfortunately I need ADS auth. > > I've tried to down grade back to 3.0.14a with no luck, It looks like it > might be samba's interaction with libldap and or libnss_mdns, both of > which I've tried to downgrade as well. > > Thanks for any help, I had a similar problem. I have worked around it by removing "mdns" entries from /etc/nsswitch.conf. After that I could join domain. HTH Krzysztof Lichota -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] vim timestamp issues on CIFS mounted shares
First: this is my first post on this list so any suggestions, let me know. I recently had to make the move from SMBFS to CIFS when I upgraded from Fedora 4 to 5. Changing settings in my /etc/fstab was easy and no errors come up but now I'm having an issue very similar to post I found on your list that got no response back in April: http://lists.samba.org/archive/samba/2006-April/119813.html Just as he describes in his second point, while editing a file from a CIFS mounted share, something is confusing vim as to the timestamp of the file and it thinks that the file has changed since my last writing. My first write always works without a warning but all subsequent writes produce the warning. I can guarantee that I am in fact the only person editing this file This occurs regardless of what OS owns the share. I'm experiencing the same situation on mounted shares from a Windows 2003 server as well another Linux server running Fedora 5 as well. This leads me to believe it's more a client-side issue than improperly configured shares. To a further point, I attempted to alter the date/time on the Windows 2003 server to both before and after the date/time on my client machine w/ no change in situation. I've encountered some Vim discussions/documentation alluding to an issue on Windows relating to daylight savings but, again, since this appears to be happening regardless of server OS, I've again weeded that out as a cause. This issue never occurred while using SMBFS so I can only attribute it to the new, forced, use of CIFS. Likewise, I'm hesitant to blame vim as I'm not having this problem on local files or files mounted through NFS or other means. Here's a run-down of my specs if it helps: OS: Fedora Core 5 Linux Kernel version: 2.6.17 (from 2.6.17-1.2174_FC5 RPM) Samba version: 3.0.23b (from samba.org provided RPMs) /etc/fstab: //SERVER/SHARE /PATHTO/MOUNTPOINT cifs auto,setuids,user=XXX,password=XXX,gid=celston,uid=celston,dir_mode=0775,file_mode=0664 0 0 As I mentioned, the only post I found through some Google searching was the one from above. If this has been covered before, I apologize. I appreciate any feedback. Chris Elston -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: XP home & saba
ignore this .. was a router / filter problem ... smb was blocked. Matthias Henze wrote: > hi, > > i've some XP pro and one XP home workstation. samba runs in sharemode: > > [global] > workgroup = SCHNELL > server string = SERVER > security = SHARE > obey pam restrictions = Yes > passdb backend = tdbsam > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > time server = Yes > dns proxy = No > ldap ssl = no > panic action = /usr/share/samba/panic-action %d > invalid users = root > > the xp pro clients and the server are on the subnet 192.168.1.0/24 and the > xp home is on 192.168.10.0/24 connected by a router. > > the xp pro workstations work with out any problem. but the xp home asks > for a username and password. why ? > > any suggestions ? > > TIA > matthias > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2 PDC upgrade to Samba 3 - group mapping problem
I'm in the process of replacing a Samba 2.2.12 PDC with Samba 3.0.14a-Debian. An LDAP database serves as the user data store, and I've made no changes to the Samba 2.2.x-compatible LDAP records. Since I don't relish LDAP schema changes, I've specified ldapsam_compat as my passdb backend; I figured that since I was already running a compatible LDAP schema, there was no need to make use of the updated, Samba3-compatible LDAP schemas. However, I'm starting to doubt that assumption, because every time I try to list group mappings or assign security rights, I get the following search in my LDAP log: filter="(&(objectClass=sambaGroupMapping)(gidNumber=1000))" attrs="gidNumber sambasid sambagrouptype sambasidlist description displayName cn objectClass" [My already-defined group "Domain Admins" has GID 1000] Since sambaGroupMapping is part of the updated Samba LDAP schema, I suppose I'll have to make those schemas available; or do I have my ldapsam_compat configuration wrong? Again, I would have thought that specifying ldapsam_compat would have meant maintaining operational capability with a working Samba 2.2.x+LDAP installation, but apparently I was wrong...? On a possibly-related note, does anyone know where I could find SunOne DS-compatible Samba schemas? The latest version I've been able to find was listed compatible with Samba <= 3.0.10. TIA, Ryan relevant smb.conf: [global] workgroup = DOMAIN netbios name = DOMAIN-PDC server string = Samba 3 PDC encrypt passwords = Yes passwd program = passwd chat debug = No passwd chat timeout = 6 passwd chat = *new*password* %n\n *new*password* %n\n *successfully* . unix password sync = Yes ; remember to lower the log level in real life :-) log level = 3 max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = Yes os level = 255 preferred master = True domain master = True dns proxy = No wins support = Yes preexec = sh -c 'echo Welcome to domain | /usr/bin/smbclient -M "%m" -I "%i" ' & passdb backend = ldapsam_compat:"ldap://ldapserver.domain.com"; ldap suffix = o=example.com ldap admin dn = cn=LDAP Manager ldap timeout = 60 add user script = /usr/sbin/smbldap-useradd -w %u >/tmp/smbldap-useradd-user 2>&1 add machine script = /usr/sbin/smbldap-useradd -w %u >/tmp/smbldap-useradd-machine 2>&1 - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NET JOIN ERROR WITH SOL 10 and W2K3
Thanks, We are going to try 3.0.23b next week. Thanks again, Lee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felipe Augusto van de Wiel Sent: Thursday, August 31, 2006 8:02 AM To: samba@lists.samba.org Subject: Re: [Samba] NET JOIN ERROR WITH SOL 10 and W2K3 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/30/2006 11:58 AM, Slack, Leon escreveu: > We are currently working on a new systems design which is changing out > our hardware, OSs and applications all at the same. This is our first > crack at trying to get SOL 10 (1/06) and W2K3 server to play nice > together and we can't get the Windows domain controller to pass the > SID to our UNIX server. Any help would be greatly appreciated. We > are currently required to use Samba 3.0.2.0b but we may be able to > move to 3.0.2.3b if upgrading fixes our problem. Below is our smb,conf file: 'net getsid' is not working? It should grab the domain SID and store it in your secrets.tdb. Using the latest version of Samba is always a good idea, specially with regards to recent versions of Microsoft Windows. > # Global parameters [...] > Here is our net join command and output: > sysadmin-n1svr (8) ./net join -U administrator -S diegogcsdc01 -l -d 10 [...] > [2006/08/25 13:58:39, 5] lib/debug.c:(368) [...] > [2006/08/25 13:58:39, 4] libsmb/namequery.c:(548) > startlmhosts: Can't open lmhosts file > /h/COTS/CIFS/bin/Samba/lib/lmhosts. Error was Permission denied > [2006/08/25 13:58:39, 3] libsmb/namequery.c:(752) > resolve_wins: Attempting wins lookup for name diegogcsdc01<0x20> > [2006/08/25 13:58:39, 3] libsmb/namequery.c:(755) > resolve_wins: WINS server resolution selected and no WINS servers > listed. You should tell your samba about the WINS server in the network. [...] > [2006/08/25 13:58:39, 0] rpc_client/cli_pipe.c:(1473) > cli_nt_session_open: cli_nt_create failed on pipe \lsarpc to machine > diegogcsdc01. Error was NT_STATUS_ACCESS_DENIED > could not initialise lsa pipe > could not obtain sid for domain If you are using AD, you could try to: ./net ads join > Thanks, Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9vn9Cj65ZxU4gPQRAvZVAJ9NFFepVEYG5SV7Fs9DN8Q7dz6JewCfQgaU n6TIyfvRjJFCQ+O/oza66W4= =zxQ1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rev #2 of the 3.02.3c patch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don Meyer wrote: > In the future, when doing these pre-release tests, would > it make sense to adjust the Release tags in the RPM > packaging sections to reflect an ordered but prerelease > nature of the builds? > > For instance, the first patch set built "3.0.23c-1" rpms. > The second patch set also builds "3.0.23c-1" rpms. These > aren't seen as updates, and would have to be force-installed. Really I don't want the RPMs to be called 3.0.23c anywaysI was hoping to keep things simple. I really only did the patch sets on impulse to get testing from people who were experiencing certain bugs. Now it appears you are going to make me do real work with it :-) You comments are a fair assessment. I'll think about it more for 3.0.23d cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9yknIR7qMdg1EfYRArLfAKCszQcXxwCVsSSNHQbjSJu9Dox+kACffiPr tu4qx3VLTR5VHnRO5ne7UAs= =sxbm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACL primary group change
I'm using samba 3.0.22 as a domain member in a AD domain and it is setup with winbind and idmapping. I am unable to change the primary group on a directory using the WinXP File->Properties->Security dialog although I am able to change it with smbcacls: smbcacls '//localhost/acltest' "/dir" -G "TDOM\staff" -U myuser Is this intended functionality or something not yet implemented? This machine is running HP-UX 11i and the filesystem is vxfs. [EMAIL PROTECTED]:/->testparm -sv|grep acl Load smb config files from /opt/samba322/lib/smb.conf Processing section "[acltest]" Loaded services file OK. WARNING: passdb expand explicit = yes is deprecated Server role: ROLE_DOMAIN_MEMBER acl compatibility = acl check permissions = Yes acl group control = Yes acl map full control = Yes force unknown acl user = No inherit acls = No nt acl support = Yes profile acls = No map acl inherit = No -- Tomas Edwardsson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rev #2 of the 3.02.3c patch
Jerry, In the future, when doing these pre-release tests, would it make sense to adjust the Release tags in the RPM packaging sections to reflect an ordered but prerelease nature of the builds? For instance, the first patch set built "3.0.23c-1" rpms. The second patch set also builds "3.0.23c-1" rpms. These aren't seen as updates, and would have to be force-installed. I manually adjusted the Release tag in the SPEC file from "1" to "2", to build "3.0.23c-2" rpms, which will then update cleanly. When the release tarball comes out, you'll probably still have the RPM Release tags still at "1", and then I'll have to adjust the SPEC's Release: tag to "3". May I suggest adjusting the Release tags in the SPEC files upward for each successive patch/release? One could (I think) even adopt a strategy of using Release values of "0.1", "0.2", etc. for prerelease patches/tests/etc., and then jumping to "1" for the actual "release" versions. Cheers, -D At 01:38 PM 8/30/2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, I've uploaded the *final* 3.0.23c roll up patch to http://samba.org/~jerry/patches/patch-3.0.23b-3.0.23c-gwc-2.diffs.gz. I've already cut the 3.0.23c tarballs so unless there is a major problem, this will be the final change set. Please report *any* bugs that you find. I'd like to wrap this one up and do the public 3.0.23c release on Friday. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9dsfIR7qMdg1EfYRAha2AKCngC4YgJ9zLj0S8nTmU193lNWe1wCgmDK4 gM8YRMtJ/KzdLzlUk2Pjcfk= =Ggf7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Don Meyer <[EMAIL PROTECTED]> Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety." -- Benjamin Franklin, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows SID are unknown for a samba member server?
More info: In additon, samba logs indicate the problem with this message: [2006/08/31 11:08:06, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797) Returning domain sid for domain DUDESDOMAIN -> S-1-5-21-744321777-3942209422-1033525612 That SID is not DUDESDOMAIN\dudeman SID. That SID must be created by samba when it can't resolve the SID for the DUDESMAN domain. It is very odd that it *says* it's getting that SID from the DUDESDOMAIN, but I assure you the SID is not correct. Thanks, Alex On Thu, 31 Aug 2006, Alexander Lazarevich wrote: We run samba on at least two of our linux servers. Both smb.conf's are domain members of an NT4 windows server, so all security information is gathered from the NT4 domain controller. We have a problem on one of the samba servers whereby samba is unable to recognize the account SID for a domain user. This is a new problem, only on newer versions of samba. The problem manifests itself on the windows clients as such: - let's say our domain is DUDESDOMAIN - let's say the username is dudeman - thus, permissions on files used to be "dudeman (DUDESDOMAIN\dudeman)" - but now, only on newer versions of samba, permissions are now showing up as: "dudeman (Unix User\dudeman)", and the older permission object is showing up as an "Account Unknown (SID#)" I'm not sure there are any other symptoms of this problem, windows machines work okay. However, just today we discovered that WinZip files complain about bad permissions on all .zip files, and I'm wondering if this is another symptom. Either way, samba should be able to resolve the SID the the DUDESDOMAIN domain, like it used to just fine. The older server is RHEL3-AS x86 running samba-3.0.9-1.3E.10 RPM from RedHat. This server is working fine, the permissions are correct on all files as "dudeman (DUDESDOMAIN\dudeman)". The new server is RHEL4-AS x64 running a compiled samba-3.0.23a. I have verified that the older samba server does NOT have this problem at all. The newer samba server has the problem on all files. Any ideas? I'm looking through the smb.conf to find the answer, thought it might be related to the "windbind use default domain", but no matter what I set that to, the behavior is the same. Anyone else see this problem, know the solution? Here is a snippit from our global smb.conf on the newer samba server, the smb.conf on the older server is exactly the same, except for minor changes in hostnames and such: [global] server string = Samba File Server interfaces = xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx wins server = xxx.xxx.xxx.xxx domain master = no preferred master = no netbios name = samba-hostname announce version = 1.0 load printers = no password level = 8 security = server password server = IP-of-NT4-PDC workgroup = DUDESDOMAIN encrypt passwords = yes large readwrite = no hosts allow = xxx.xxx.xxx.xxx log file = /var/log/samba/hostname-samba.log log level = 2 max log size = 0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE # idmap uid = 16777216-33554431 # idmap gid = 16777216-33554431 template shell = /bin/false # winbind use default domain = no testparm on smb.conf is fine: [EMAIL PROTECTED] lib]# testparm Load smb config files from /usr/local/encap/samba-3.0.23a/lib/smb.conf Processing section "[homes]" Processing section "[staff]" Processing section "[users]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Like I said before, samba has worked fine until a recent upgrade, I'm not sure when these permissions issues first started showing up though. Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windows SID are unknown for a samba member server?
We run samba on at least two of our linux servers. Both smb.conf's are domain members of an NT4 windows server, so all security information is gathered from the NT4 domain controller. We have a problem on one of the samba servers whereby samba is unable to recognize the account SID for a domain user. This is a new problem, only on newer versions of samba. The problem manifests itself on the windows clients as such: - let's say our domain is DUDESDOMAIN - let's say the username is dudeman - thus, permissions on files used to be "dudeman (DUDESDOMAIN\dudeman)" - but now, only on newer versions of samba, permissions are now showing up as: "dudeman (Unix User\dudeman)", and the older permission object is showing up as an "Account Unknown (SID#)" I'm not sure there are any other symptoms of this problem, windows machines work okay. However, just today we discovered that WinZip files complain about bad permissions on all .zip files, and I'm wondering if this is another symptom. Either way, samba should be able to resolve the SID the the DUDESDOMAIN domain, like it used to just fine. The older server is RHEL3-AS x86 running samba-3.0.9-1.3E.10 RPM from RedHat. This server is working fine, the permissions are correct on all files as "dudeman (DUDESDOMAIN\dudeman)". The new server is RHEL4-AS x64 running a compiled samba-3.0.23a. I have verified that the older samba server does NOT have this problem at all. The newer samba server has the problem on all files. Any ideas? I'm looking through the smb.conf to find the answer, thought it might be related to the "windbind use default domain", but no matter what I set that to, the behavior is the same. Anyone else see this problem, know the solution? Here is a snippit from our global smb.conf on the newer samba server, the smb.conf on the older server is exactly the same, except for minor changes in hostnames and such: [global] server string = Samba File Server interfaces = xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx wins server = xxx.xxx.xxx.xxx domain master = no preferred master = no netbios name = samba-hostname announce version = 1.0 load printers = no password level = 8 security = server password server = IP-of-NT4-PDC workgroup = DUDESDOMAIN encrypt passwords = yes large readwrite = no hosts allow = xxx.xxx.xxx.xxx log file = /var/log/samba/hostname-samba.log log level = 2 max log size = 0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE # idmap uid = 16777216-33554431 # idmap gid = 16777216-33554431 template shell = /bin/false # winbind use default domain = no testparm on smb.conf is fine: [EMAIL PROTECTED] lib]# testparm Load smb config files from /usr/local/encap/samba-3.0.23a/lib/smb.conf Processing section "[homes]" Processing section "[staff]" Processing section "[users]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Like I said before, samba has worked fine until a recent upgrade, I'm not sure when these permissions issues first started showing up though. Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain SID does not match built in domain groups' SIDs...
>> It appears that the built in domain groups' SIDs do not match the >> domain's SID. I used the IDEALX scripts to create these accounts and I >> obviously thought everything was fine before proceeding to add users and >> groups. > >Did you change the SID inside the IDEALX scripts? I bet I populated these groups before I changed the SID in the IDEALX scripts while testing things out and I never went back to correct it. I see that the SID is currently set correctly for them. Thanks for pointing that out! Seeing that set correctly makes me a bit more comfortable using those scripts. >> Any suggestions on how I can correct this without wiping out the users >> and groups I've already added? > >Hmmm, you can remap it. :) Would remapping them correct the SIDs? Can I just use a LDAP editor and manually change the SID to what it should be without screwing up other things? To my understanding, all the important Samba data is stored in LDAP. So I shouldn't have to worry about the contents of smbpasswd, secrets.tdb, or anything of that nature, right? Given I can just edit the SIDs, I do know that I may have to restart the SMB daemon, rejoin some users to groups, correct the local administrators group on workstations, etc. I understand the clean up, I don't want to ruin anything else that's not a simple text edit or command call. Thank you, Jason Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/30/2006 04:16 PM, Jason Shaw escreveu: Hello, I'm having a few problems, but I'm thinking this should be fixed first. It may solve my other issues. It appears that the built in domain groups' SIDs do not match the domain's SID. I used the IDEALX scripts to create these accounts and I obviously thought everything was fine before proceeding to add users and groups. Did you change the SID inside the IDEALX scripts? Any suggestions on how I can correct this without wiping out the users and groups I've already added? Hmmm, you can remap it. :) Samba PDC 3.0.20b OpenLDAP backend # net groupmap list Domain Admins (S-1-5-21-220492119-3728255649-3324185874-512) -> Domain Admins Domain Users (S-1-5-21-220492119-3728255649-3324185874-513) -> Domain Users Domain Guests (S-1-5-21-220492119-3728255649-3324185874-514) -> Domain Guests Domain Computers (S-1-5-21-220492119-3728255649-3324185874-515) -> Domain Computers # net getlocalsid SID for domain FS02 is: S-1-5-21-580359677-1468577533-2286006929 Much appreciated! Jason Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9vNxCj65ZxU4gPQRAr+8AJ4vYKoKwbZ99LHFBU71PqnwzK7VhgCgpIwx wFJ4M2ngWacJ1FK5pEW5hgo= =k0AI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Groups Vanished
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/31/2006 07:05 AM, Diarmuid Bourke escreveu: >>>On 08/28/2006 09:49 AM, Diarmuid Bourke escreveu: [...] Our Samba Groups appear to have vanished. I've verified this by trying, "net group /domain" in windows and it returns no results. Trying "net rpc group -S nuada" on our master server returns nothing either. "net rpc info" on both our master and backup return Domain Name: DIAS Domain SID: S-1-5-21-463069746-3761697030-3888642000 Sequence number: 1156762378 Num users: 63 Num domain groups: 0 Num local groups: 0 >>> >>> Try improve the debuglevel (-d) when using net, it could >>>reveal some nice information to help you out (and also help the >>>rest of us to help you). :-) > > Heres the output of "net rpc group list -d3 -S nuada" > using debug > -- > [2006/08/31 10:26:57, 3] param/loadparm.c:lp_load(4207) > lp_load: refreshing parameters > [2006/08/31 10:26:57, 3] param/loadparm.c:init_globals(1393) > Initialising global parameters > [2006/08/31 10:26:57, 3] param/params.c:pm_process(574) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2006/08/31 10:26:57, 3] param/loadparm.c:do_section(3662) > Processing section "[global]" > [2006/08/31 10:26:57, 2] lib/interface.c:add_interface(81) > added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0 > [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_lmhosts(855) > resolve_lmhosts: Attempting lmhosts lookup for name nuada<0x20> > [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_wins(752) > resolve_wins: Attempting wins lookup for name nuada<0x20> > [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_wins(755) > resolve_wins: WINS server resolution selected and no WINS servers listed. > [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_hosts(917) > resolve_hosts: Attempting host lookup for name nuada<0x20> > Password: > [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_start_connection(1389) > Connecting to host=nuada > [2006/08/31 10:27:02, 3] lib/util_sock.c:open_socket_out(870) > Connecting to 160.6.1.102 at port 445 > [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(710) > Doing spnego session setup (blob length=58) > [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(735) > got OID=1 3 6 1 4 1 311 2 2 10 > [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(744) > got principal=NONE > [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(929) > Got challenge flags: > [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60890215 > [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(951) > NTLMSSP: Set final flags: > [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60080215 > [2006/08/31 10:27:02, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: > [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60080215 > [2006/08/31 10:27:03, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine nuada pipe \lsarpc fnum 0x7624 bind > request returned ok. > [2006/08/31 10:27:03, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine nuada pipe \samr fnum 0x7625 bind > request returned ok. > [2006/08/31 10:27:03, 2] utils/net.c:main(878) > return code = 0 > --- > > and for "net rpc info -d3 -S nuada" > - > [2006/08/31 10:28:27, 3] param/loadparm.c:lp_load(4207) > lp_load: refreshing parameters > [2006/08/31 10:28:27, 3] param/loadparm.c:init_globals(1393) > Initialising global parameters > [2006/08/31 10:28:27, 3] param/params.c:pm_process(574) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2006/08/31 10:28:27, 3] param/loadparm.c:do_section(3662) > Processing section "[global]" > [2006/08/31 10:28:27, 2] lib/interface.c:add_interface(81) > added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0 > [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_lmhosts(855) > resolve_lmhosts: Attempting lmhosts lookup for name nuada<0x20> > [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_wins(752) > resolve_wins: Attempting wins lookup for name nuada<0x20> > [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_wins(755) > resolve_wins: WINS server resolution selected and no WINS servers listed. > [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_hosts(917) > resolve_hosts: Attempting host lookup for name nuada<0x20> > [2006/08/31 10:28:27, 3] libsmb/cliconnect.c:cli_start_connection(1389) > Connecting to host=nuada > [2006/08/31 10:28:27, 3] lib/util_sock.c:open_socket_out(870) > Connecting to 160.6.1.102 at port 445 > [2006/08/31 10:28:28, 3
Re: [Samba] DOS client cannot execute BATCH file on samba share
Roberto João Lopes Garcia wrote: Hi I just upgrade from 3.0.13 to samba 3.0.23b and after upgrade DOS Lanman Clients could not execute BATCH or EXE files stored on a samba share. Client can see, type and copy the file but cannot execute ! It can execute the batch file copy to C: I dig a little and found: http://lists.samba.org/archive/samba/1997-November/004734.html Further investigation has revealed that it seems this error is caused by the fact that smbd is unable to update the file access time, as the error happens within file_utime(). What I don't get is: Why does WinZip run? The files and directories have the same permissions... Strange So I try to disable dos filetimes dos filetimes = no But did not work. I'm now seting up a server for test and see more debug messages. Please, some one could help me? Thank you Roberto No error messages in the logs? Greetings. -- Miguel Da Silva. Servicio de Informatica. Facultad de Ciencias. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Concern about 3.0.22->3.0.23b upgrade (algorithmic SIDs issue)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Deutschmann wrote: > On Sat, 26 Aug 2006, you wrote: >>> I'm running as a lone Samba PDC, and -not- >>> using winbindd. >> The RID algorithm in 3.0.23c will potentially impact you. >> Have I already suggested testing the 3.02.3c-gwc patch >> at http://www.samba.org/~jerryy/patches/ ? You might >> want to get the patch and read over the release notes >> at least. > > I've installed it and it seems to work. Excellent! > I think the problem I was fearing rests on a > misunderstanding. The text said this would affect > "unmapped" SIDs. I took this to mean all SIDs > that I did not explictly map -- which is > everything except the magic privelege > determining groups (ie: Domain Admins, Power Users). > So I was afraid that my users would lose > ownership to all the files they created on > their own harddrives. > > It's now apparent that an entry in smbpasswd > counts as a SID mapping (which just so happens > to match exactly the SIDs that would have > been generated for an unmapped users at > the same unix uid.) Correct. > While no change to the code is needed, the documentation > about the 3.0.23 changes should be updated to clarify > that: Perhaps I should have just said an entry in Samba's passdb. This covers both users and groups. Would that have been better ? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9vwrIR7qMdg1EfYRAu4RAKCLuiKJVZc9R4KhnnWP9PJx92o6CACg8wkA ZLWTqKFWPiww/NOON3DE2YI= =G6YQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NET JOIN ERROR WITH SOL 10 and W2K3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/30/2006 11:58 AM, Slack, Leon escreveu: > We are currently working on a new systems design which is changing out > our hardware, OSs and applications all at the same. This is our first > crack at trying to get SOL 10 (1/06) and W2K3 server to play nice > together and we can't get the Windows domain controller to pass the SID > to our UNIX server. Any help would be greatly appreciated. We are > currently required to use Samba 3.0.2.0b but we may be able to move to > 3.0.2.3b if upgrading fixes our problem. Below is our smb,conf file: 'net getsid' is not working? It should grab the domain SID and store it in your secrets.tdb. Using the latest version of Samba is always a good idea, specially with regards to recent versions of Microsoft Windows. > # Global parameters [...] > Here is our net join command and output: > sysadmin-n1svr (8) ./net join -U administrator -S diegogcsdc01 -l -d 10 [...] > [2006/08/25 13:58:39, 5] lib/debug.c:(368) [...] > [2006/08/25 13:58:39, 4] libsmb/namequery.c:(548) > startlmhosts: Can't open lmhosts file > /h/COTS/CIFS/bin/Samba/lib/lmhosts. Error was Permission denied > [2006/08/25 13:58:39, 3] libsmb/namequery.c:(752) > resolve_wins: Attempting wins lookup for name diegogcsdc01<0x20> > [2006/08/25 13:58:39, 3] libsmb/namequery.c:(755) > resolve_wins: WINS server resolution selected and no WINS servers > listed. You should tell your samba about the WINS server in the network. [...] > [2006/08/25 13:58:39, 0] rpc_client/cli_pipe.c:(1473) > cli_nt_session_open: cli_nt_create failed on pipe \lsarpc to machine > diegogcsdc01. Error was NT_STATUS_ACCESS_DENIED > could not initialise lsa pipe > could not obtain sid for domain If you are using AD, you could try to: ./net ads join > Thanks, Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9vn9Cj65ZxU4gPQRAvZVAJ9NFFepVEYG5SV7Fs9DN8Q7dz6JewCfQgaU n6TIyfvRjJFCQ+O/oza66W4= =zxQ1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] backing up samba?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/30/2006 11:58 AM, Henrik Hudson escreveu: > Hey List- > > What are the appropriate files to be backing up on a samba PDC? > > I'm thinking: > smb.conf > /usr/local/etc/samba/ directory > /var/db/samba/ directory > /etc/passwd & /etc/master.passwd Are you copying the .tdb files? It is a good idea to use tdbbackup. http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html#id2615988 > This is running on FreeBSD as the PDC of the domain. If I need > to rebuild or wipe and upgrade this box I do not want to have > to re-install all the Windows clients into the domain and into > the machine. > > Did I miss anything or need anything else? And here is where Murphy comes in. :-) Try to setup a sparing server and check if one of your workstations are able to work with it, be sure that your backup will work after restored by testing the restoring procedure is probably the only way to be a little bit more relaxed about that. > Henrik Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9ve1Cj65ZxU4gPQRAnc0AJ9Dvo1soXAFpbAPFPw8OPxAIjLO2gCgi7rC xaQyCnqwHcVygb0eo8EIOO4= =4RoO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] obligatory roaming profile
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/30/2006 12:28 PM, azzouz escreveu: > hi, > > with samba pdc could we configure obligatory roaming profile ? > and how to do it ? Did you read Chapter 27 of the Samba Official HOWTO? It is an entire chapter dedicated to Desktop Profile Management. And yes, it is possible to use mandatory profiles. http://samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html > thanks Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9vWHCj65ZxU4gPQRApfNAJ49HZF88cFRViI/SvsB2A0e09MI0gCcDtGk iAp4J+bZJwLD7xHqB3tilYk= =PgBL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cifs error 0xffffff90
Samba 3.0.22 and RedHat Enterprise Linux 4. I'm getting these errors, and searching mailing list archives shows other people had similiar errors, but I haven't found a response. Aug 30 19:18:21 nfssrv2-cx kernel: CIFS VFS: No response buffer Aug 30 19:18:36 nfssrv2-cx kernel: CIFS VFS: No response buffer Aug 30 19:18:36 nfssrv2-cx kernel: CIFS VFS: Error 0xff90 or on cifs_get_inode_info in lookup The machine has one mounted directory from a Win2k3 server, and also offers mount points to windows machines via smbd. How would I diagnose this problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain SID does not match built in domain groups' SIDs...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/30/2006 04:16 PM, Jason Shaw escreveu: > Hello, > I'm having a few problems, but I'm thinking this should be fixed first. > It may solve my other issues. > > It appears that the built in domain groups' SIDs do not match the > domain's SID. I used the IDEALX scripts to create these accounts and I > obviously thought everything was fine before proceeding to add users and > groups. Did you change the SID inside the IDEALX scripts? > Any suggestions on how I can correct this without wiping out the users > and groups I've already added? Hmmm, you can remap it. :) > Samba PDC 3.0.20b > OpenLDAP backend > > # net groupmap list > Domain Admins (S-1-5-21-220492119-3728255649-3324185874-512) -> Domain > Admins > Domain Users (S-1-5-21-220492119-3728255649-3324185874-513) -> Domain Users > Domain Guests (S-1-5-21-220492119-3728255649-3324185874-514) -> Domain > Guests > Domain Computers (S-1-5-21-220492119-3728255649-3324185874-515) -> > Domain Computers > > # net getlocalsid > SID for domain FS02 is: S-1-5-21-580359677-1468577533-2286006929 > Much appreciated! > Jason Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9vNxCj65ZxU4gPQRAr+8AJ4vYKoKwbZ99LHFBU71PqnwzK7VhgCgpIwx wFJ4M2ngWacJ1FK5pEW5hgo= =k0AI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configure Printing with Samba part of W2K3 Domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/30/2006 10:46 PM, Nolan Garrett escreveu: > Hello! > I've read various information on the web, including the > HOWTO on how to configure Printers, but I am struggling > with making my printers publicly printable. My samba > server is joined to a W2K3 domain. How do I configure > it to be printable by anyone, even a user/system not > part of the domain? Here is my current config: > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > # Set public = yes to allow user 'guest account' to print > public = yes > guest ok = yes > ; writeable = no > printable = yes Are you using 'use client driver' and 'disable spoolss' parameters? How they are configured? What testparm tells you about them? Take a look at the manpage of smb.conf about these two parameters, on our network we use both enabled and it solves the problem with 'access denied' printers. > I'm using CUPS which automatically adds the printer to Samba. > I've also got: > > [print$] > comment = Printer Driver Download Area > path = /etc/samba/drivers > browseable = yes > guest ok = yes > read only = no > > which I cannot get to work properly. I can upload drivers, when I go > back and look at the page, it shows that the drivers are not installed. > This is less of a problem for me now - I really just want public printing! > At what page? CUPS page? If you are speaking about CUPS it won't work that way, it will give the drivers to the clients but it won't install the drivers on the CUPS server. > I'm running samba 3.0.23a, still waiting on an FC5 version of 3.0.23b > (or maybe 3.0.23c, since that's coming). > > Thanks! > Nolan I hope this helps. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9vLACj65ZxU4gPQRAiQJAJwNK7HNMqMRuhUVTCEF/j5Tg8XncwCbBY/E S4u87PUrKM6ah3YHovk5P3o= =xBRx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] DOS client cannot execute BATCH file on samba share
Hi I just upgrade from 3.0.13 to samba 3.0.23b and after upgrade DOS Lanman Clients could not execute BATCH or EXE files stored on a samba share. Client can see, type and copy the file but cannot execute ! It can execute the batch file copy to C: I dig a little and found: http://lists.samba.org/archive/samba/1997-November/004734.html > >Further investigation has revealed that it seems this error is caused by >the fact that smbd is unable to update the file access time, as the error >happens within file_utime(). What I don't get is: Why does WinZip run? >The files and directories have the same permissions... Strange > So I try to disable dos filetimes dos filetimes = no But did not work. I'm now seting up a server for test and see more debug messages. Please, some one could help me? Thank you Roberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/31/2006 01:00 AM, jiang yajing escreveu: > I set a samba server, and from the ubuntu or some other windows, I can > login to server to upload file without problem, but from several window > XP, when I login to samba server, the user name column can't input any > words just show guest. > how do I solve the problem. > > many thanks Please, send you smb.conf for review. Also run a tesparm -v to check it. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFE9u++Cj65ZxU4gPQRAqd4AKC0obUhnXYFaIzjVhRX/FiX1OrKGQCghCKx 0f+wPXvAX6zeTcv8otsStWg= =ug3C -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] winbind auth against ads not working via remote login-solaris 10.
update: OS not allowing a winbind auth on Solaris 10 console. I added the below winbind options(see smb.conf). I now get "NT_STATUS_OS" for the user(see winbind log) as I try to login but Solaris 10 still reports a "Login Incorrect". What other OS configure am I missing? Does the nss_winbind.so libraries need to be copied anywhere else? I copied the libnss_winbind.so to /lib and /usr/lib and made the below links. /lib/nss_winbind.so /lib/nss_winbind.so.1 Nsswitch.conf is using "file nis winbind" . See pam.conf below. Thanks and God bless! Winbind Log:-- [2006/08/31 08:17:43, 5] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(445) Plain-text authentication for user jgarrett returned NT_STATUS_OK (PAM: 0) Smb.conf # cat smb.conf # Global parameters [global] workgroup = MYDOMAIN server string = Samba Server pdtsun03 password server = MYPWDSERVERS encrypt passwords = yes log level = 10 log file = /usr/local/samba/var/log.%m max log size = 50 dns proxy = No guest account = visitor realm = MYREALM security = ads ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind cache time = 2 winbind use default domain = Yes winbind trusted domains only = Yes winbind nested groups = Yes winbind uid = 20001-4 winbind gid = 20001-4 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if they have telnet access) Pam.conf-- # cat /etc/pam.conf # #ident "@(#)pam.conf 1.2804/04/21 SMI" # # Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # PAM configuration # # Unless explicitly defined, all services use the modules # defined in the "other" section. # # Modules are defined with relative pathnames, i.e., they are # relative to /usr/lib/security/$ISA. Absolute path names, as # present in this file in previous releases are still acceptable. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_cred.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 login auth sufficient /usr/lib/security/pam_winbind.so try_first_pass debug # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth required pam_unix_auth.so.1 rlogin auth sufficient /usr/lib/security/pam_winbind.so try_first_pass debug # # Kerberized rlogin service # krlogin auth required pam_unix_cred.so.1 krlogin auth bindingpam_krb5.so.1 krlogin auth required pam_unix_auth.so.1 krlogin auth sufficient /usr/lib/security/pam_winbind.so try_first_pass debug # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 rsh auth sufficient /usr/lib/security/pam_winbind.so try_first_pass debug # # Kerberized rsh service # krshauth required pam_unix_cred.so.1 krshauth bindingpam_krb5.so.1 krshauth required pam_unix_auth.so.1 krshauth sufficient /usr/lib/security/pam_winbind.so try_first_pass debug # # Kerberized telnet service # ktelnet auth required pam_unix_cred.so.1 ktelnet auth bindingpam_krb5.so.1 ktelnet auth required pam_unix_auth.so.1 ktelnet auth sufficient /usr/lib/security/pam_winbind.so try_first_pass debug # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_cred.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 ppp auth sufficient /usr/lib/security/pam_winbind.so try_first_pass debug # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth required pam_unix_auth.so.1 other auth sufficient /usr/lib/security/pam_winbind.so try_first_pass debug # # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 passwd auth sufficient /usr/lib/security/pam_winbind.so try_first_pass debu
Re: [Samba] ftp 8x faster than samba
I have just been doing some more reading (Google: Samba Test Results) on benchmarking results and it looks like Samba is capable of performing upwards of 2.5 times faster then Windows 2003, especially as the number of clients begins to ramp up in quantity. If you aren't getting those kind of results with direct comparisons between Windows File sharing and Linux File sharing on the same hardware, then I believe your problem is wholly unrelated to Samba. Also, from my understanding of the differences between how FTP and both Windows and Samba file sharing functions, you will never receive the kind of speeds from either Windows or Samba that you can through FTP. Regards, Robert Adkins Robert Adkins wrote: Yoink wrote: Robert Adkins wrote: Yoink wrote: This gigabit connection should always be performing as it does under ftp, any advice? I copied a 600MB file from my workstation to our Samba server and it took approximately two minutes. I copied the same file from the Samba server to my workstation using the Command prompt and it took roughly 1 minute 30 seconds. Well I should get -25% performance too, no? Mine is more like -400%. My test was very unscientific and it is very likely that copying the file took exactly the same amount of time whether I used the command line or the Windows GUI. I know nothing of the hardware, installation setup and other testing variables you have in place, such as the testing environment, in order to be able to answer your question. Again, I suggest that you test like things with like things, test a Windows server's file sharing and then Samba file sharing. Test FTP on a Windows server and then FTP on a Linux server and do this on a controlled network where only the workstation and the server are connected via one hub that has no other network connected to it. That way you can more clearly determine which is faster. I understand that there has been significant testing performed like the above and the last time I checked, which was more then a few years ago, Samba performed musch faster then Windows for file sharing. I do recall reading a more recent article (maybe 2 years back) that suggested Windows Server 2003 same closer if not equal to Samba in file serving speed. You would also have to look at other factors, such as the underlying file system used on your server. I have been assuming you are using Linux with Samba, if that is the case you could be using a variety of different file systems for your Linux partitions. For example, if you are using ReiserFS, then you would see a marked increase in reading/writing and subsequently file sharing for relatively small files in, I believe, the sub-32kb range as ReiserFS is tuned for sharing many small files very quickly. However, ReiserFS (At least the last version I was using) wasn't great for serving large files, like the 700MB test file you are using. From what I know of EXT3FS, it is a well rounded file system that is neither particularly fast nor particularly slow in serving files of various sizes. It is a good middle ground file system and the one that I primarily use on my servers and other Linux installations. Beyond that, there are numerous other factors that can lead to a slowdown in file sharing speeds, which is something that I am hardly an expert in determining. So, I am posting this back to the list, perhaps someone there will be able to better advise you towards what to look into. Regards, Robert Adkins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP home & saba
hi, i've some XP pro and one XP home workstation. samba runs in sharemode: [global] workgroup = SCHNELL server string = SERVER security = SHARE obey pam restrictions = Yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes dns proxy = No ldap ssl = no panic action = /usr/share/samba/panic-action %d invalid users = root the xp pro clients and the server are on the subnet 192.168.1.0/24 and the xp home is on 192.168.10.0/24 connected by a router. the xp pro workstations work with out any problem. but the xp home asks for a username and password. why ? any suggestions ? TIA matthias -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind issue
Show us your smb.conf. David David Shapiro Distributed Systems Unix Team Lead office: 919-765-2011 cellphone: 730-0538 >>> "Karthik R" <[EMAIL PROTECTED]> 8/28/2006 2:00 PM >>> i was able to successfully joined the linux machine ie. RHEL 3 to windows 2003 domain and able to pull the AD users and groups using wbinfo -u and wbinfo -g command. Am trying to authenticate the AD user using radtest, a command tool used in freeradius to authenticate the user logon credentials. It rejects AD user logon credentials. I have linux nis server running under same subnet. This machine is binded to this linux NIS domain and joined to windows 2003 domain. Here is my nsswitch.conf file. passwd: files winbind nis dns shadow: files nis dns group: files winbind nis dns #hosts: db files nisplus nis dns hosts: files dns winbind nis Also i tried removing it from linux nis domain and running only with winbind service, it didnt help me. Here is the log file i found about winbind service. winbindd[16208]: [2006/08/28 10:57:31, 0] nsswitch/winbindd_util.c:winbindd_param_init(560) winbindd[16208]: winbindd: idmap uid range missing or invalid winbindd[16208]: [2006/08/28 10:57:31, 0] nsswitch/winbindd_util.c:winbindd_param_init(561) winbindd[16208]: winbindd: cannot continue, exiting. winbind: winbindd startup succeeded I have another linux machine running good with the same error message. could someone throw some light to resolve my issue. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ftp 8x faster than samba
Yoink wrote: Robert Adkins wrote: Yoink wrote: This gigabit connection should always be performing as it does under ftp, any advice? I copied a 600MB file from my workstation to our Samba server and it took approximately two minutes. I copied the same file from the Samba server to my workstation using the Command prompt and it took roughly 1 minute 30 seconds. Well I should get -25% performance too, no? Mine is more like -400%. My test was very unscientific and it is very likely that copying the file took exactly the same amount of time whether I used the command line or the Windows GUI. I know nothing of the hardware, installation setup and other testing variables you have in place, such as the testing environment, in order to be able to answer your question. Again, I suggest that you test like things with like things, test a Windows server's file sharing and then Samba file sharing. Test FTP on a Windows server and then FTP on a Linux server and do this on a controlled network where only the workstation and the server are connected via one hub that has no other network connected to it. That way you can more clearly determine which is faster. I understand that there has been significant testing performed like the above and the last time I checked, which was more then a few years ago, Samba performed musch faster then Windows for file sharing. I do recall reading a more recent article (maybe 2 years back) that suggested Windows Server 2003 same closer if not equal to Samba in file serving speed. You would also have to look at other factors, such as the underlying file system used on your server. I have been assuming you are using Linux with Samba, if that is the case you could be using a variety of different file systems for your Linux partitions. For example, if you are using ReiserFS, then you would see a marked increase in reading/writing and subsequently file sharing for relatively small files in, I believe, the sub-32kb range as ReiserFS is tuned for sharing many small files very quickly. However, ReiserFS (At least the last version I was using) wasn't great for serving large files, like the 700MB test file you are using. From what I know of EXT3FS, it is a well rounded file system that is neither particularly fast nor particularly slow in serving files of various sizes. It is a good middle ground file system and the one that I primarily use on my servers and other Linux installations. Beyond that, there are numerous other factors that can lead to a slowdown in file sharing speeds, which is something that I am hardly an expert in determining. So, I am posting this back to the list, perhaps someone there will be able to better advise you towards what to look into. Regards, Robert Adkins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Preliminary 3.0.23c patch for testing and review
Dear Jerry, > > However, the group membership problem ( > > https://bugzilla.samba.org/show_bug.cgi?id=3990 ) still remains. > > I've already got 2 issues plus this one for a possible > 3.0.23d release. Patch #2 also applied fine, but the problem still remains. So I will wait for 3.0.23d. With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: username map problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jamie Bohr wrote: > Does any one know what version "username map script" > first shoulded up in? I would like to know what > release to look for the RHEL v3. Search the WHATSNEW.txt file. It's included in the section on smb.conf changes (each release has its own section). cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9tFeIR7qMdg1EfYRAlTyAJ0fAJiLjciG6JZdXoVlVsepBtGVnwCggEpK xqKuCV2g15LC0FEDN8RKv7M= =HiZv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rev #2 of the 3.02.3c patch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mario Lipinski wrote: > Am Mittwoch, den 30.08.2006, 20:24 -0500 schrieb Gerald (Jerry) Carter: >> if you get a chance, would you also please try this patch >> just to make sure we have already fixed this. >> >> http://samba.org/~jerry/patches/patch-3.0.23b-3.0.23c-gwc-2.diffs.gz > > Since this was the Thread I were following up to was > about the second relase of the patch I think I am > already running this version. Or did something change > since your email 30.8. 13:38:23 -0500? Nope. Nothing changed. I just wanted to make sure since I remembered you posting the bug before the patch was posted. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9s+dIR7qMdg1EfYRAjRRAKC19OI44ehp3MkA0Qij90+gA4w6wACfXoA3 C7OKDph6AJHvpVgfC8MhTOo= =lXF/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Groups Vanished
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > On 08/28/2006 09:49 AM, Diarmuid Bourke escreveu: > > Hi, > > Our Samba Groups appear to have vanished. > > > > I've verified this by trying, "net group /domain" in windows and it > > returns no results. Trying "net rpc group -S nuada" on our master server > > returns nothing either. > > "net rpc info" on both our master and backup return > > > > Domain Name: DIAS > > Domain SID: S-1-5-21-463069746-3761697030-3888642000 > > Sequence number: 1156762378 > > Num users: 63 > > Num domain groups: 0 > > Num local groups: 0 > Try improve the debuglevel (-d) when using net, it could > reveal some nice information to help you out (and also help the > rest of us to help you). :-) Heres the output of "net rpc group list -d3 -S nuada" using debug - -- [2006/08/31 10:26:57, 3] param/loadparm.c:lp_load(4207) lp_load: refreshing parameters [2006/08/31 10:26:57, 3] param/loadparm.c:init_globals(1393) Initialising global parameters [2006/08/31 10:26:57, 3] param/params.c:pm_process(574) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2006/08/31 10:26:57, 3] param/loadparm.c:do_section(3662) Processing section "[global]" [2006/08/31 10:26:57, 2] lib/interface.c:add_interface(81) added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0 [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name nuada<0x20> [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name nuada<0x20> [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_wins(755) resolve_wins: WINS server resolution selected and no WINS servers listed. [2006/08/31 10:26:57, 3] libsmb/namequery.c:resolve_hosts(917) resolve_hosts: Attempting host lookup for name nuada<0x20> Password: [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_start_connection(1389) Connecting to host=nuada [2006/08/31 10:27:02, 3] lib/util_sock.c:open_socket_out(870) Connecting to 160.6.1.102 at port 445 [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(710) Doing spnego session setup (blob length=58) [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(735) got OID=1 3 6 1 4 1 311 2 2 10 [2006/08/31 10:27:02, 3] libsmb/cliconnect.c:cli_session_setup_spnego(744) got principal=NONE [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(929) Got challenge flags: [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60890215 [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(951) NTLMSSP: Set final flags: [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080215 [2006/08/31 10:27:02, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/08/31 10:27:02, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080215 [2006/08/31 10:27:03, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine nuada pipe \lsarpc fnum 0x7624 bind request returned ok. [2006/08/31 10:27:03, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine nuada pipe \samr fnum 0x7625 bind request returned ok. [2006/08/31 10:27:03, 2] utils/net.c:main(878) return code = 0 - --- and for "net rpc info -d3 -S nuada" - - [2006/08/31 10:28:27, 3] param/loadparm.c:lp_load(4207) lp_load: refreshing parameters [2006/08/31 10:28:27, 3] param/loadparm.c:init_globals(1393) Initialising global parameters [2006/08/31 10:28:27, 3] param/params.c:pm_process(574) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2006/08/31 10:28:27, 3] param/loadparm.c:do_section(3662) Processing section "[global]" [2006/08/31 10:28:27, 2] lib/interface.c:add_interface(81) added interface ip=160.6.1.26 bcast=160.6.1.255 nmask=255.255.255.0 [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name nuada<0x20> [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name nuada<0x20> [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_wins(755) resolve_wins: WINS server resolution selected and no WINS servers listed. [2006/08/31 10:28:27, 3] libsmb/namequery.c:resolve_hosts(917) resolve_hosts: Attempting host lookup for name nuada<0x20> [2006/08/31 10:28:27, 3] libsmb/cliconnect.c:cli_start_connection(1389) Connecting to host=nuada [2006/08/31 10:28:27, 3] lib/util_sock.c:open_socket_out(870) Connecting to 160.6.1.102 at port 445 [2006/08/31 10:28:28, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine nuada pipe \lsarpc fnum 0x76f4 bind request returned ok. [2006/08/31 10:28:28, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bin
Re: [Samba] Rev #2 of the 3.02.3c patch
Am Mittwoch, den 30.08.2006, 20:24 -0500 schrieb Gerald (Jerry) Carter: > if you get a chance, would you also please try this patch > just to make sure we have already fixed this. > > http://samba.org/~jerry/patches/patch-3.0.23b-3.0.23c-gwc-2.diffs.gz Since this was the Thread I were following up to was about the second relase of the patch I think I am already running this version. Or did something change since your email 30.8. 13:38:23 -0500? Mario signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] upgrading from 3.0.13 to 3.0.23
Felipe Augusto van de Wiel a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/28/2006 07:10 AM, Jean-Baptiste Estival escreveu: Hi all I just downloaded the latest sable rlease (3.0.23b). I compiled it and installed it without any problems. When I restart servers, shares configured like this : [xdavid] read list = user browseable = no path = /home/users/xdavid write list = xdavid only user = yes user = xdavid works fine, but these shares (using goups names) doesn't work: [utilisateurs] write list = @root writeable = yes user = @utilisateurs,@root path = /home/users only user = yes read list = @utilisateurs,@root What do you mean with "doesn't work"? The share didn't appear? I have a strong feeling that the problem is related with "only user = yes". I mean : users from group "utilisateurs" are not able to connect to the share : access denied log files says that "only user = yes" is ignored like 3.0.13 does. groups and users are local to the samba server (running under Linux FC1). Using smbpasswd? yes I use webmin to configure samba. Does anyone has an idea ? thanks Try to disable "only user" and see if it works. Kind regards, i will try that thanks ---END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba