Re: [Samba] accessing windows shared folders from vmware guest linux
pagod wrote: if i try something like this: smbmount //fili/xlibs /mnt/temp -o username=dvergnaud i get the following error: 3600: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed the weird thing is, it all works fine when doing it from another linux computer (where linux runs natively). that means, as i see it, that either there's a problem with VMware and samba working together, or my samba client is not properly configured -- although i'm not aware that it's much configurable... has anyone already had such a problem? or does anyone have an idea what i'm doing wrong? Vmware itself is not a problem. I use it without problem and I believe some of the samba developement is done on vmware machines. Things to check are firewalling on the Linux box, and which of the available vmware network options you used. Bridged, private or NAT. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: samba Digest, Vol 45, Issue 19
When is samba 4 expected? regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Time take to copy file from Samba to Windows XP
Hello, How much time should it take to copy 1Gb to 5Gb from from Samba server to Windows Xp in gigabit network? Default Samba configs, a single copy of a 1GB file takes about 70 seconds to complete, about 14MBps, 117Mbps, about 11% network utilization. A Windows 2003 server, similar hardware, same network connection, can transfer the same 1GB file in about 28 seconds, 36MBps, 292Mbps, almost 30% network utilization. Apache takes 16 seconds, 64MBps, 512Mbps, over 50% network utilization. What can be done to speed up transfer rate? Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.23c Upgrade Errors
On my 3rd and final Debian server (upgraded in reverse order of importance), the upgrade from 3.0.22 to 3.0.23c is producing segfault errors ( Security is ADS). The log from the system attempting to connect is provided below. The other two had a few issues, but were fixable. To make the other two work, I had to change the winbind separator from "+" to the default "\". I changed all references in smb.conf and the user mapping file to reflect that. My one username mapping was changed from root = DOMAIN\Administrator to root = @"DOMAIN\Domain Admins". I then had to rejoin the domain and reboot the system. On the broken system wbinfo -u and -g pull in all users and groups from the active directory pdc. Logs smbd, nmbd, and winbindd do not show anything indicating trouble. I'm really stumped after two successful upgrades. Thanks, Dale [2006/09/15 16:04:14, 0] lib/fault.c:fault_report(41) === [2006/09/15 16:04:14, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 6 in pid 2566 (3.0.23c) Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/09/15 16:04:14, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2006/09/15 16:04:14, 0] lib/fault.c:fault_report(45) === [2006/09/15 16:04:14, 0] lib/util.c:smb_panic(1592) PANIC (pid 2566): internal error [2006/09/15 16:04:14, 0] lib/util.c:log_stack_trace(1699) BACKTRACE: 24 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x23) [0x822d243] #1 /usr/sbin/smbd(smb_panic+0x48) [0x822d0c8] #2 /usr/sbin/smbd [0x821adec] #3 [0xe420] #4 /lib/tls/libc.so.6(abort+0x109) [0x401df0c9] #5 /usr/sbin/smbd [0x823285b] #6 /usr/sbin/smbd(_talloc_realloc+0x3d) [0x82330ed] #7 /usr/sbin/smbd(add_sid_to_array+0x40) [0x82276f0] #8 /usr/sbin/smbd(create_token_from_username+0x571) [0x826c9f1] #9 /usr/sbin/smbd(user_in_group_sid+0x65) [0x826cf25] #10 /usr/sbin/smbd(user_in_group+0xf3) [0x826d123] #11 /usr/sbin/smbd(user_in_list+0xdc) [0x809841c] #12 /usr/sbin/smbd(map_username+0x3f2) [0x8094002] #13 /usr/sbin/smbd [0x80bece7] #14 /usr/sbin/smbd [0x80bfc05] #15 /usr/sbin/smbd [0x80c0334] #16 /usr/sbin/smbd(reply_sesssetup_and_X+0xfb7) [0x80c1647] #17 /usr/sbin/smbd [0x80e9c5f] #18 /usr/sbin/smbd [0x80e9e84] #19 /usr/sbin/smbd [0x80ea0a2] #20 /usr/sbin/smbd(smbd_process+0x155) [0x80eaf85] #21 /usr/sbin/smbd(main+0x92e) [0x82c273e] #22 /lib/tls/libc.so.6(__libc_start_main+0xc8) [0x401c9ea8] #23 /usr/sbin/smbd [0x8082dd1] [2006/09/15 16:04:14, 0] lib/util.c:smb_panic(1600) smb_panic(): calling panic action [/usr/share/samba/panic-action 2566] [2006/09/15 16:04:14, 0] lib/util.c:smb_panic(1608) smb_panic(): action returned status 0 [2006/09/15 16:04:14, 0] lib/fault.c:dump_core(173) dumping core in /var/log/samba/cores/smbd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password problem, W2000, Samba3, Debian-Etch
Hello, we have been running SuSE 9.3 on server and Win98SE, Win2000 and XP-Clients with Samba 3 without any problems After setting up the server with Debian Etch and Samba 3 (PDC) only WIN98SE users can logon. On Win2000 and XP only one user can logon without problems (password not changed, everything the same as all the other users), all others are being rejected. Machine-accounts seem okay useradd -g100 -u9100 -d /home/XP/winclient1 -s /sbin/false -c"winclient1" winclient1$ smbpasswd -a -m winclient1 The clients are the same as with SuSE, no change. Since on user can logon in SuSE as well as on Debian, the password-encrypting seems to be compatible. But why do all the other get the announcement: bad password. [2006/09/14 14:45:08, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [dg] -> [dg] -> [dg] succeeded [2006/09/14 14:45:16, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [dg] -> [dg] -> [dg] succeeded [2006/09/14 14:45:46, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [dg] -> [dg] FAILED with error NT_STATUS_WRONG_PASSWORD Why Thank you for helping __ Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach! Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] restrict ssh login by Win2K AD group
Hello again. I'm hoping there is some way I can restrict ssh login through the AD to my Linux servers. I only have one group of users on the domain that needs ssh access. So far I see lots of ways to add or map or join Linux to Windows groups but I would rather be able to say: "no" to all AD users and groups and "yes" to all users in the specific AD group named "developers" Is there some way to specify just one AD valid group for ssh access? Thanks. -- Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Machine account question / unjoining a domain
Hi to all, When I join a machine to a Samba domain, a machine account is created in the Samba domain controller's database. When I unjoin a machine from a Samba domain, the machine account is not deleted, but remains in the PDC's database. Is that - because I misconfigured something in smb.conf - a script specified in my smb.conf is not working correctly - by design. If by design, is it - by Microsoft design - by Samba design If it is by Samba design, why so ? Best regards, Peter Rindfuss -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + start tls
On Fri, Sep 15, 2006 at 04:32:13PM -0300, Felipe Augusto van de Wiel wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > I have winbind working nicely with AD here. It took a while to > > figure out but now AD user accounts can ssh into my Linux boxen > > reliably, which is really all I needed; just ssh access. But I > > want to make sure all the LDAP traffic is secured via TLS/SSL. > > Ok, but this is not Samba part of the job. :) > > If Samba is not talking with your LDAP server, then this > parameter has no effect. You should do the TLS/SSL configurations > on your LDAP server. And you should use kerberos to have real > security in your smb network. There is no pure LDAP server. There is only the Win2K server that does Microsoft's AD which (unless I am mistaken) is part LDAP, part Kerberos and part SMB. The Kerberos part works fine. The ssh logins through AD work fine. The problem is that I'm connected on port [EMAIL PROTECTED] ~]# net ads info LDAP server: 198.78.123.2 LDAP server name: battu Realm: BINTERACTIVE.COM Bind Path: dc=BINTERACTIVE,dc=COM LDAP port: 389 Server time: Fri, 15 Sep 2006 15:53:49 GMT KDC server: 198.78.123.2 Server time offset: 97 > If it is a PEM with private certificate, shouldn't be > world readable. OK, so what should the perms be? 0400? > Ok, it is a configuration of libldap and other software > that will use resources to query LDAP server. But AIUI you are > not using Samba to query LDAP, you are using winbind to do that, > and then, your question is a little bit off-topic here. ;) Yes. I suppose you are right. I need to subscribe to an LDAP list as well. -- Announcing your plans is a good way to hear the gods' laughter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd wont start
On Friday 15 September 2006 07:42, you wrote: > Hi Tim, > > > Here the contents of /var/lib/samba > > > > Titan:/var/lib/samba# ls > > account_policy.tdb ntforms.tdb perfmon secrets.tdb > > group_mapping.tdb ntprinters.tdb printers share_info.tdb > > ntdrivers.tdb passdb.tdb registry.tdb > > Yep. > > tdbbackup -v group_mapping.tdb > > gives here: > > group_mapping.tdb : 16 records > > > and /var/run/samba > > > > Titan:/var/run/samba# ls > > lang_en.tdb messages.tdb nmbd.pid perfmon unexpected.tdb > > is the nmbd still running? But the smbd is not? If you use > > ps aux | grep nmbd > is there a process? Otherwise you might have a stale pid, then you can just > delete the pid file and start the services again. Titan:/var/lib/samba# ps aux | grep nmbd root 4792 0.0 0.1 5872 1380 ?Ss Sep13 0:01 /usr/sbin/nmbd -D root 23882 0.0 0.0 1952 608 pts/1R+ 20:50 0:00 grep nmbd I killed the nmbd process off and tried restarting both, nmbd started and smbd failed > > > I assume when you typed NAME I should of used one of the .tdb files, but > > which one??? > > Try first passwd.tdb Titan:/var/lib/samba# tdbbackup -v group_mapping.tdb group_mapping.tdb : 13 records Titan:/var/lib/samba# tdbbackup -v passdb.tdb passdb.tdb : 51 records Titan:/var/lib/samba# tdbbackup -v ntdrivers.tdb ntdrivers.tdb : 1 records Titan:/var/lib/samba# tdbbackup -v ntprinters.tdb ntprinters.tdb : 4 records Titan:/var/lib/samba# tdbbackup -v registry.tdb registry.tdb : 48 records Titan:/var/lib/samba# tdbbackup -v share_info.tdb share_info.tdb : 1 records Titan:/var/lib/samba# tdbbackup -v ntforms.tdb ntforms.tdb : 0 records Titan:/var/lib/samba# tdbbackup -v secrets.tdb secrets.tdb : 1 records Still no Samba Tim Yahoo! Photos is now offering a quality print service from just 7p a photo. http://uk.photos.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.10 - nmb problems
When I first startup smb service smb restart nmbd seems to be starting up correctly. nmblookup -M chemistry querying chemistry on 128.148.nnn.255 128.148.nnn.server's-ip chemistry<1d> and nmblookup -B SERVER __SAMBA__ querying __SAMBA__ on 128.148.nnn.server's-ip server's ip __SAMBA__ <00> This quickly changes to nmblookup -M chemistry querying chemistry on 128.148.nnn.255 some client's ip chemistry <1d> nmblookup -B SERVER __SAMBA__ querying __SAMBA__ on 128.148.nnn.server's-ip name_query failed to find name __SAMBA__ I tried using the same smb.conf from samba3.0.9. I have tried and am still trying minor modifications. For instance I changed interfaces = 128.148.nnn.nnn/24 127.0.0.1 to interfaces = eth0, lo bind interfaces only = yes I added remote browse sync with the subnets which the server is used. Is there a simple solution? Should I downgrade to 3.0.9 if I can? Should I upgrade to which version of samba I am running a RedHat system 2.6.9-42.0.2ELsmp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] inherit owner
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 04:47 PM, Scott M Parrish escreveu: >> Which version of Samba do you use? >> >> There is a thread that myabe could help you: >> >> http://www.gatago.com/linux/samba/14523698.html > > I'm using 3.0.23a for Fedora Core 5. > > If I'm reading that posting series right, than the problem was that > his version was too early, and that as of 3.0.15 the "Inherit owner" > option is there. Yes, that's why I asked your Samba version. And considering this, there is a chance that it might be a bug, but I don't have the time to check it on a near future, so perhaps you could try to test it on another box (with other distribution, just in case) and report it as a bug (if it was confirmed). You can also check other points like FileSystem ACL and other policies that could have an impact in your configuration. > Still not working for me though :-( Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCwB7Cj65ZxU4gPQRAkXCAKDN9tQRx8lQpDIbixwl7OSJTpAu+ACfdCD/ GVxb3iFsnFiwumHJM7fnUMc= =ud2K -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + start tls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 12:24 PM, Matt Herzog escreveu: > On Fri, Sep 15, 2006 at 11:34:04AM -0300, Felipe Augusto van de Wiel wrote: >> The correct option is "start_tls", but it is the default >>option, you don't need to setup this. And the key server is not >>related with Samba, this option just tells samba to use SSL when >>talking with the LDAP server. > > I have winbind working nicely with AD here. It took a while to > figure out but now AD user accounts can ssh into my Linux boxen > reliably, which is really all I needed; just ssh access. But I > want to make sure all the LDAP traffic is secured via TLS/SSL. Ok, but this is not Samba part of the job. :) If Samba is not talking with your LDAP server, then this parameter has no effect. You should do the TLS/SSL configurations on your LDAP server. And you should use kerberos to have real security in your smb network. > On my network if I run nmap on the Win2K AD server I see that > port 636 is open. So I generated a cert file on the Win2K > server and converted it to a PEM file (using openssl on Linux) > and placed it in /etc/openldap/cacerts and made sure > it was world readable. My ldap.conf file looks like this: If it is a PEM with private certificate, shouldn't be world readable. > #--- > BASEdc=cinteractive, dc=com > URI ldaps://attu.binteractive.com:636 > debug 256 > logdir /var/log/ldap.errors > host BATTU > base BINTERACTIVE.COM > ssl yes > TLS_CACERT /etc/openldap/cacerts/battu.pem > pam_password md5 > # > > The ldap log file I set up is empty. Nothing ever gets written to it. Increase the log level on slapd.conf. > Every time I su to root on the Linux servers I see: > > TLS certificate verification: Error, unable to get local issuer certificate > TLS: can't connect. > > I'm not looking to run slapd on this server. LDAP and winbind are used only > to allow users to login via ssh with their AD credentials. Ok, it is a configuration of libldap and other software that will use resources to query LDAP server. But AIUI you are not using Samba to query LDAP, you are using winbind to do that, and then, your question is a little bit off-topic here. ;) Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCv+9Cj65ZxU4gPQRAoKCAKCqXb+x1B3XI929b5gVoAmZW0c/CgCgxsQw 8UqEnltKCKcDWYGw4mgxnAQ= =5y38 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] SAMBA TO AD MIGRATION
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 12:45 PM, Patrick AUDON escreveu: > Hi, > > Thanks for the the answer. > > I must migrate because my site communicate with 2 other, which are using > Windows 2003 AD server, and I can't trust there domain. Also, we use > applications which need W2K3. > > Do you have informations about the regkey parameter using ? "regkey" is not a parameter it is just a way to view it. :) Basically, there are parameters that were created to work in the same way that some of the Windows keys, just it. > Thanks. > Regards. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCv7zCj65ZxU4gPQRAq4tAJ4yOICyRRDuLj4kd8CgSNGHsM+AIwCfeLlD IwBPkT3A12AjujQ1MTQvP34= =vqaB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to change perimissions across a directory tree
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 09:52 AM, Gianluca Cecchi escreveu: > Hello all, > I have samba 3 with a share named shareA using these settings: > > [shareA] > comment = Directory Amministrazione > path = /col/shareA > browseable = no > valid users = @amm > force group = amm > public = no > writable = yes > create mask = 0770 > directory mask = 0770 > printable = no > > where user1, user2, user3 and user4 belong to "amm" group. > > I would like to differentiate permissions and have them become something > like: > > 1) these users: > user1 > user2 > > read only to the directory: > > \shareA\dir1 > \shareA\dir2 > > > 2) these users: > user3 > user4 > > read wrtite to the directory: > > \shareA\dir1 > \shareA\dir2 > > 3) > user1 > user2 > user3 > user4 > > read wrtite to the directories > \shareA\dir3 > \shareA\dir4 > > 4) full control for user1, user2, user3 and user4 to the other > directories under \shareA (as is now for all what is under \shareA) You should look for ACLs. You can use it in your filesystem to achieve what you want. The Samba documentation covers it. (BTW, I'm talking about POSIX ACL). :-) > Thanks in advance. > Bye, > Gianluca Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCv4jCj65ZxU4gPQRApbmAJ9l/uUJsDX7uWimjRuSEcEM9uSHXgCfTBML VbBxT++AwWw71cY9ApYJHwU= =F53G -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] /etc/init.d/samba profile
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 02:45 PM, Renee Ramsdell escreveu: > I have a question about using the /etc/init.d/samba script on irix. I see > that in that script, the acceptable arguments to it are start, stop and > profile. Start and stop are pretty obvious, but can anyone explain to me > what profile does? I'm using Debian and I don't have profile as an option in my samba init.d script, but one easy way to find out is to edit the file and check it out. ;) If you don't like bash script, just attach the file and send to the list so we can check it out and tell you. > -Renee Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCv2tCj65ZxU4gPQRAlLWAKCi43XquCUv6rvH+cARVreYXDrjSgCgqcu2 xheTU8YurjC0LDiX1JZeHGU= =JrDI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] /etc/init.d/samba profile
I have a question about using the /etc/init.d/samba script on irix. I see that in that script, the acceptable arguments to it are start, stop and profile. Start and stop are pretty obvious, but can anyone explain to me what profile does? -Renee -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security with normal profiles
Thanks a lot. > It is not advisable that the NTuser.dat file be made read-only This indeed limits my options. I guess I'll have to stik to mandatory profiles. Can somebody share his experience with redirecting Favorites to the user's home share? I fond contradictory informations wether it's possible to do that. Regards, Thierry. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 45, Issue 18
David Bear <[EMAIL PROTECTED]> wrote : > I have read through some of the info on using dfs roots and I am > needing some advice. Since a unc is still \\servername\ based it > occurs to me that the only way to do this properly is to create a > smb.conf file that publishes a netbios name like \\dfsroot -- Then, to > create a failover system, I would take that config file and copy it > around to multiple samba server. Then, have some kind of watch or > heartbeat like monitor (that would only monitor where the name and > services called \\dfsroot was still alive and responding) that would > wait untill \\dfsroot no longer responded (where ever it was). Then, > if \\dfsroot failed to respond, it new \\dfsroot smbserver would be > launched to take over. > > Conceptually, the smb service that is known as \\dfsroot really is > just a 'share directory service'. It doesn't have to have any other > shares that it serves. It could be guest readable. You got it! If you have significant users mapping through \\dfsroot, you want a high availiabilty setup. We have \\dfs1 & \\dfs2 that are "frontended" with a old network load balancer. We're about to move to sles 10 w/ Linux Virtual Server and Linux HA. The name we tell the users - \\dfs is registered in WINS & DNS to point to the IP of the load balancer. Our code that creates the dfs symlinks makes the links on dfs1 & dfs2 -- you could also rsync regularly, etc. Very infrequently we have a problem with the 2 systems linking to different places. If you want to use a something closer to your model you can use smbclient to probe \\dfsroot and then startup your backup system on a failure. If I remember right you could have \\dfsroot guest readable -- however I think users would not get a bad password error on the "net use" and get confused. They would be into the dfs server as guest, but then fail to map to the final server if they used a bad password. Hopefully your users are signed on to the desktops w/ domain userids. We've found that net use \\dfs\home\userid /user:different doesn't work well because winxp will connect to \\dfs as "different" but then goes back to the default (logged on) userid on the dfs redirect. Bill Marshall Integrated Technology Delivery, Server Operations Rochester PC Server Team Rochester, MN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba/PAM/winbind/ssh
On Fri, Sep 15, 2006 at 11:42:12AM -0300, Felipe Augusto van de Wiel wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 09/12/2006 06:50 PM, Matt Herzog escreveu: > > I have the winbind login working on FC5 but now logins to local accounts > > cannot authenticate. > > > > My config files are here: > > > > http://www.pigeonnier.org/nsswitch.conf > > http://www.pigeonnier.org/pam.d/ > > http://www.pigeonnier.org/krb.conf > > > > Again, if I try to ssh in as a user that exists only as a local account on > > the remote > > host, I am rejected. User msh is -not- a AD account and only exists on the > > FC5 server "province" > > > >>From the /var/log/secure file: > > > > Sep 12 16:58:29 province sshd[11521]: reverse mapping checking getaddrinfo > > for zogness.cinteractive.com failed - POSSIBLE BREAK-IN ATTEMPT! > > Sep 12 16:58:33 province sshd[11521]: pam_unix(sshd:auth): authentication > > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.76.121.62 user=msh > > Sep 12 16:58:35 province sshd[11521]: Failed password for msh from > > 198.76.121.62 port 58069 ssh2 > > Sep 12 16:58:39 province sshd[11521]: pam_succeed_if(sshd:account): > > requirement "uid < 100" not met by user "msh" > > Sep 12 16:58:39 province sshd[11521]: fatal: Access denied for user msh by > > PAM account configuration > > Well, for some reason your pam requires that your user has > an uid less than 100, I don't know why, but it doesn't looks like > to be related with Samba. > > Kind regards, Thanks. My problem was solved by Red Hat's authconfig utility. I am still kicking myself for not having run it before. As it turns out, Red Hat's PAM config for winbind authentication puts the line: session sufficientpam_mkhomedir.so skel=/etc/skel umask=0027 in /etc/pam.d/sshd while in Debian that same line needs to be in /etc/pam.d/system-auth. -- Announcing your plans is a good way to hear the gods' laughter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Support of Samba on RHEL4?
Alex, I tried running Samba on RHEL4 Update 2 (on VMWare) and ran into some issues and I can provide you my opinion. Take care when making any decisions. There are quite a few things to consider: 1) Is having support from Red Hat on Samba necessary? 2) Are you confident enough in yourself to go off the beaten path from Red Hat? 3) Have you considered other vendors for support on Samba itself? 4) Would upper management (if any) hold you responsible for going off the support path in the event of an issue? 5) Do you have an adequate test environment? If you are going away from Red Hat support, #5 is critical. They test and test and test (or at least should) packages prior to pushing them out. They will know or be able to quickly find solutions to common problems with their packages. There are some caveats to that statement, so let me get to a bit more meat. Let's face it--the packages in RHEL4 for Samba are just plain old. Red Hat has back-ported security fixes and even some bug fixes, but I know without a doubt that not all bugs have been addressed. RHEL5 will be out in the coming future. Perhaps it will provide newer packages. I urge you to investigate and consider that route if you are extremely nervous about losing support on Samba from them. In my case, I've chosen to move my production File Server to Ubuntu 6.06 Server (well, I have loaded the latest distro upgrade) running Samba 3.0.22 after I complete quite a bit of testing. I just found myself banging my head against the wall with my smb.conf in ways that I shouldn't have to since the problems were with bugs in the older Samba that haven't been back-ported. The instant I transferred my smb.conf over to the new Ubuntu server, my bugs went away. The one exception is the archive bit issue I've been posting about lately. The bottom line in my humble opinion is that if you go your own way, you shift burden of responsibility more to yourself than Red Hat. Of course, if you have the hardware (or a VMWare/Xen virtual server) you could always run parallel using two servers with a Red Hat approved Samba version as a control and your own Samba server with identical configurations (minus Samba version) for production and work out non-bug related issues with their help on your reference server. This won't help you in resolving bug-related issues, but it could help provide you with a warm fuzzy-feeling. This would be less than ideal since the versions are so far apart. I know you asked for technical reasons, but you should be aware that not all of the factors in the equation are technical when considering a production server. Hope that helps. Aaron Kincer Alex de Vaal wrote: Hello, A while ago I asked what kind of Samba packages I could use on RHEL4. If I use the packages from www.samba.org then I'd void the support agreement with Red Hat. (...) Downloading and investigating the latest Samba source package from RHN (samba-3.0.10-1.4E.9.src.rpm) told me that the Samba package of RHN is based on the native 3.0.10 Samba package of samba.org with some necessary patches (samba-3.0.10-winbindd_2k3sp1.patch, samba-3.0.10-ldap-failover-timeout-backport.patch are the most important ones for me), while even the patches come from samba.org In samba-3.0.10-ldap-failover-timeout-backport.patch I found this statement: + /* Setup alarm timeout Do we need both of these ? JRA. */ This is from Jeremy Allison of samba.org... Is there any technical reason NOT to use the packages of samba.org on RHEL4? Regarding the above info I'd like to use the original samba packages on RHEL4. If I only void support for Samba at Red Hat, so be it. I'm convinced I'm better off with Samba support at samba.org... Regards, Alex. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday 12 July 2006 13:22 To: Alex de Vaal Cc: samba@lists.samba.org Subject: Re: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex de Vaal wrote: Can somebody of the Samba team explain me the difference of Fedora packages or Enterprise packages (http://enterprisesamba.com/) of Samba on Red Hat Enterprise Linux 4? ... First I tried the RHEL4 packages from enterprisesamba.com, but these packages always ended up with the error message "Segmentation fault" while I used "net ads join"; If you need support for the SerNet packages, you will have to contact SerNet. Therefore I compiled the Fedora source package on RHEL4; this went well. ... I'd like to continue with the Fedora Samba package on my RHEL4 server, but I'd like to know why or why NOT to use it! (and why I have to use the packages of enterprisesamba.com) The Fedora specfile provided with Samba is compatible with RHEL4. I don't build RHEL4 packages only because IMO if you pay for support for RedHat, installing non-vendor supplied packages would voi
RE : [Samba] SAMBA TO AD MIGRATION
Hi, Thanks for the the answer. I must migrate because my site communicate with 2 other, which are using Windows 2003 AD server, and I can't trust there domain. Also, we use applications which need W2K3. Do you have informations about the regkey parameter using ? Thanks. Regards. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Felipe Augusto van de Wiel Envoyé : vendredi 15 septembre 2006 16:37 À : samba@lists.samba.org Objet : Re: [Samba] SAMBA TO AD MIGRATION -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 09:26 AM, Patrick AUDON escreveu: > Hi to all, > I know that a few posts treat this subject, but I can't found the good > answer to my problem. > I actually have a Samba domain based on a smbpasswd backend. That's good. :) > I must migrate to an AD 2003 and all is working correctly if I don't select > the SID history migration. That's sad. :( > If I select this 'SID history migration' option, I received a message 'Could > not verify Auditing and TcpipClientSupport on Domains' and the end of the > message is 'A specified privilege does not exist'. > > > > Could someone help me ? In the Microsoft documentation, it is specified that > the auditing must be enabled, but Samba can't support it. It is also > specified that a regkey must be set to 1 ; how to do it in Samba ? I'm not quite sure why do you migrate from Samba to Microsoft Windows, but it looks like one of the problems with lots of registry option on the MS Windows part, which would be hard to figure out and help you. :( "regkeys" in samba usually are options inside the smb.conf file, but it is not the exactly same thing. > Thanks. > Patrick Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrpzCj65ZxU4gPQRApJyAKCZvBilF+V5ssyTbAhpFjAt4skhdwCfa0dI fogM2uM4lAok5P3bYq7d074= =jX9j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Solution to archive bit problem
For all of you out there using Google (or whatever your favorite search engine) to try to find a solution to archive bit madness with Samba, I have a workaround for you. Call it a solution if you want to, because it will solve the problem regardless of whether it is an application or Samba issue. Prerequisites: 1) You must have the the acl packages installed 2) user_xattr and acl must be set on the volume where your Samba shares reside in fstab 3) The time stamp for file modification must be updated when modified even when the archive bit is not being set (verify this by using stat -c %y foo.txt) Resolution: Add this command to a nightly cron to run BEFORE your backups (run as root): find /share/ -name '*' -mtime 0 -exec setfattr --name=user.DOSATTRIB --value=0x30783230 {} \; Replace /share/ with whatever the path to the root of your Samba share directory where all of your shares are located. This SHOULD set the archive bit properly for files modified within the past 24 hours. Make sure that the user account your backup software uses has full access to all files and folders. If you are having trouble as I was with the archive bit, I hope you find this and it solves your problem. Thanks to all that helped me with this issue. If anyone sees an error in the above, please follow up with a correction. Thanks, Aaron Kincer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authentication problems after upgrading to 3.0.23c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 08:51 AM, Giddings, Bret escreveu: > Hi there, > > Since upgrading our debian sarge boxes to 3.0.23c, we have found that we > are unable to connect to shares using the official hostname of the > servers (short or fully qualified) but can still use its netbios aliases > (again, short or fully qualified). As nothing else has changed in our > configuration, I think that the change of behaviour is down to the newer > release and can find nothing in the release notes that would indicate > that we have to add any new settings into smb.conf. > > Anyone else seen this and have any solutions? "Jerry" is reading the list (don't know if he saw this message), but you could forward your message to samba-technical if it really looks like a bug/regression. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCsbdCj65ZxU4gPQRAnR8AKC6wl+gbJ8FsABk6A6RStUiqaog4QCfckWB Bvhd2/yuxwVTC/d7xbpH6fw= =LfZt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP Machine,
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 09:05 AM, Per Qvindesland escreveu: > Hello List, > > I have a odd problem and I should perhaps ask this on msn or something > like that :) but I am running a ldc with ldap, everything works like a > charm but on one of the machine a newly installed one which is joined to > the domain can't for some reason see the files on one machine, now both > machines can see shares on other machines but not between each other, > does anyone has any idea of what could be causing this? by the way both > machines are getting their ips from the same dhcp server so there should > not be any conflict there. Name conflict? Special permissions or policies? > Kind regards > Per Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCsY6Cj65ZxU4gPQRAm7XAKChSiR6hr6mqBpbFHWfER4GfBAi4wCgj+Bm km0tPIHWKp6e3Pe69VxnSis= =1AOD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Copying file failed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 10:08 AM, Benoit Delagarde escreveu: > Hello, > I have a Debian Stable (Sarge) with a samba to share file with windows > client. > > All is working fine but 2 files generates errors when i try to copy it. The > transfer begins, but stops in the middle of the file, and freeze. > > The error message is (French translation): Network name is no more available > > > I do not understand why I cannot copy those files from Samba. All other file > in this folder are downloadable, I can copy it using the Linux command cp, > ect... I also shared bigger file without problems. It is usually related to DNS problems or name resolution problems (WINS), it could also be a network problem, althought it is a little bit rare. > To obtain it I have upload it on an FTP (from the server) and > then download on my windows, and the file come without error. > > > > Does anybody help me? I can't found any valid raison for the problem. > I join the smb.conf. You could check with testparm your smb.conf, also send it attached in the next message, but probably we will need a log with increased loglevel/debuglevel. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCsXvCj65ZxU4gPQRAqppAJkBjTEr8iXkI/dfv6griBxcVcQ/YgCeO0p5 dGPFhxVh0DXdjZwiHVKqoO8= =O+4J -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + start tls
On Fri, Sep 15, 2006 at 11:34:04AM -0300, Felipe Augusto van de Wiel wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > The correct option is "start_tls", but it is the default > option, you don't need to setup this. And the key server is not > related with Samba, this option just tells samba to use SSL when > talking with the LDAP server. I have winbind working nicely with AD here. It took a while to figure out but now AD user accounts can ssh into my Linux boxen reliably, which is really all I needed; just ssh access. But I want to make sure all the LDAP traffic is secured via TLS/SSL. On my network if I run nmap on the Win2K AD server I see that port 636 is open. So I generated a cert file on the Win2K server and converted it to a PEM file (using openssl on Linux) and placed it in /etc/openldap/cacerts and made sure it was world readable. My ldap.conf file looks like this: #--- BASEdc=cinteractive, dc=com URI ldaps://attu.binteractive.com:636 debug 256 logdir /var/log/ldap.errors host BATTU base BINTERACTIVE.COM ssl yes TLS_CACERT /etc/openldap/cacerts/battu.pem pam_password md5 # The ldap log file I set up is empty. Nothing ever gets written to it. Every time I su to root on the Linux servers I see: TLS certificate verification: Error, unable to get local issuer certificate TLS: can't connect. I'm not looking to run slapd on this server. LDAP and winbind are used only to allow users to login via ssh with their AD credentials. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.23c and CUPS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 10:56 AM, Dale Schroeder escreveu: > After upgrading to 3.0.23c, only 3 of 12 installed printers reappeared. > Which tdb or other file got corrupted? Maybe ntprinters? > Dale Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCr/8Cj65ZxU4gPQRAibXAJ9h5amKgpNLjkYtVNL4FVao0itmogCeJk6r fQw8jlrWOg3nmht4yayiEPk= =DQtp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba/PAM/winbind/ssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 06:50 PM, Matt Herzog escreveu: > I have the winbind login working on FC5 but now logins to local accounts > cannot authenticate. > > My config files are here: > > http://www.pigeonnier.org/nsswitch.conf > http://www.pigeonnier.org/pam.d/ > http://www.pigeonnier.org/krb.conf > > Again, if I try to ssh in as a user that exists only as a local account on > the remote > host, I am rejected. User msh is -not- a AD account and only exists on the > FC5 server "province" > >>From the /var/log/secure file: > > Sep 12 16:58:29 province sshd[11521]: reverse mapping checking getaddrinfo > for zogness.cinteractive.com failed - POSSIBLE BREAK-IN ATTEMPT! > Sep 12 16:58:33 province sshd[11521]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.76.121.62 user=msh > Sep 12 16:58:35 province sshd[11521]: Failed password for msh from > 198.76.121.62 port 58069 ssh2 > Sep 12 16:58:39 province sshd[11521]: pam_succeed_if(sshd:account): > requirement "uid < 100" not met by user "msh" > Sep 12 16:58:39 province sshd[11521]: fatal: Access denied for user msh by > PAM account configuration Well, for some reason your pam requires that your user has an uid less than 100, I don't know why, but it doesn't looks like to be related with Samba. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrvECj65ZxU4gPQRAuiQAJ9f6kbvBFaZw8RQ/4WdQEHdMQvHYwCeLGHC 96WqOsJkCUNBjpbax4FV7K0= =EsSt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 PDC - trouble renaming domain member computer
Sorry, forgot the obvious stuff: Samba 3.0.14a on Debian Sarge (stock install). LDAP backend, using ldapsam_compat. Everything else works great, so I don't think it's a Samba config problem. >>> "ryan punt" <[EMAIL PROTECTED]> 9/15/2006 9:04:09 AM >>> All, I've got a Samba 3 PDC serving numerous XP clients, and I'm getting an error I wouldn't have expected. When trying to rename an XP machine joined to the domain (via "netdom renamecomputer"), the command fails unless the specified domain user has UID 0. The command in question: netdom renamecomputer %COMPUTERNAME% /newname:%NEWNAME% /userD:DOMAIN\USER /passwordd:PASSWORD /force fails with "error 5: Access is denied" for UID >0 accounts, and succeeds for an account with UID 0. Some background: I have the following group mappings: net groupmap list Domain Administrators (S-1-5-21-1079125125-2089603153-60846589-512) -> Domain Admins Domain Users (S-1-5-21-1079125125-2089603153-60846589-513) -> Domain Users Domain Guests (S-1-5-21-1079125125-2089603153-60846589-514) -> Domain Guests Domain Admins has a few members; among them, account testadmin has UID 0, and account printsetup has UID 12632. Domain Admins has the following rights: net rpc rights list "Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege "Domain Admins" members have no individual rights assigned; rights are assigned to the group only. So, it comes down to this: printsetup and testadmin have the same rights, the same group memberships, the same everything except UID. I've looked through the available rights list in the Samba docs and didn't see a specific "rename computer" right, and I would have expected membership in "Domain Admins" to be sufficient. However, I've found that UID >0 accounts can't rename domain computers; UID 0 accounts can. Is this a known issue? I haven't seen anything in the docs, but I'll be digging in again shortly. High-level debugs available upon request. Thanks, Ryan - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security with normal profiles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 08:28 AM, Thierry Lacoste escreveu: > Following TOSHARG and "Samba 3 by examples" I implemented > Folder redirection plus some security restrictions by building > a custom NTUSER.DAT which is the default profile of my users. > The problem is that each user has read/write access to its profile > share therefore he can replace its NTUSER.DAT. > > This is why I chose mandatory profiles. > Is there another solution? From the beloved smb.conf manpage: The share and the path must be readable by the user for the preferences and directories to be loaded onto the Windows NT client. The share must be writeable when the user logs in for the first time, in order that the Windows NT client can create the NTuser.dat and other directories. Thereafter, the directo‐ ries and any of the contents can, if required, be made read-only. It is not advisable that the NTuser.dat file be made read-only - rename it to NTuser.man to achieve the desired effect (aMANdatory profile). > The problem with mandatory profiles is that some settings are not > saved: for instance the Favorites folder; I did not redirect it because > I read in several books that only the Desktop, My documents, > Application Data and Start Menu can be redirected. > > Is there a way to save Favorites with mandatory profiles? Hmmm, not sure... probably no, because it is a mandatory profile, but you can save it on alternative paths, I don't why to do that. :( > Regards, > Thierry. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrsJCj65ZxU4gPQRArfQAKCGmwLy6Y10iOBw1g1CnhlhzqWXbQCgzR8e xLdR7DZXmW+2ZTuIr+3Hnno= =yppA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA TO AD MIGRATION
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 09:26 AM, Patrick AUDON escreveu: > Hi to all, > I know that a few posts treat this subject, but I can't found the good > answer to my problem. > I actually have a Samba domain based on a smbpasswd backend. That's good. :) > I must migrate to an AD 2003 and all is working correctly if I don't select > the SID history migration. That's sad. :( > If I select this 'SID history migration' option, I received a message 'Could > not verify Auditing and TcpipClientSupport on Domains' and the end of the > message is 'A specified privilege does not exist'. > > > > Could someone help me ? In the Microsoft documentation, it is specified that > the auditing must be enabled, but Samba can't support it. It is also > specified that a regkey must be set to 1 ; how to do it in Samba ? I'm not quite sure why do you migrate from Samba to Microsoft Windows, but it looks like one of the problems with lots of registry option on the MS Windows part, which would be hard to figure out and help you. :( "regkeys" in samba usually are options inside the smb.conf file, but it is not the exactly same thing. > Thanks. > Patrick Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrpzCj65ZxU4gPQRApJyAKCZvBilF+V5ssyTbAhpFjAt4skhdwCfa0dI fogM2uM4lAok5P3bYq7d074= =jX9j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + start tls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 11:09 AM, aza zel escreveu: > hi people, i have problems with samba option "ldap ssl= start tls". > ¿where samba looks public key server certificate?, because when i try with > this option, i cant connect to samba shares, and i think is because the > samba cant found the public key certificate to use. The correct option is "start_tls", but it is the default option, you don't need to setup this. And the key server is not related with Samba, this option just tells samba to use SSL when talking with the LDAP server. > Salu2 Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrncCj65ZxU4gPQRAn1vAJ9R7y+pz4DT2tr4fr8cyHMXbfJ5UQCbBOgI kVFWs2BNDOc6ZSBGp8He2Vs= =lYz+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sizing a print server for 10'000 users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 11:18 AM, Charles Bueche escreveu: > Hi, > > I'm building a print-to-PDF queue system for a customer. A > Samba queue pass jobs to Ghostscript. The PDF output is > then provided back to the user (by email or web URL). Do you really need to use samba for that? You can have CUPS working as a print-to-PDF system. I don't have anything against Samba, but you could reduce one layer in your design. > My question is on server sizing. It will be on Linux > (SLES 9) and will only host the print queue, nothing > else. Samba will be joined in the ADS domain, so I can > recognize the submitting user (%u). Hmmm, ok, it answer partially the above question, perhaps you can have the same behaviour using IPP. > Every Windows client will have the print queue defined. > What happen with the connection ? do I assume Samba > will see 10'000 permanent connections ? Or only when > printing ? AFAIR, printer shares don't stay "open", which means that the share will be _really_ used when you print to it. > And then, when several client submit print jobs at the > same time, does Samba serialize the calls to my script ? > Or should I assume I can be called 10'000x in parallel > (assuming 10'000 users click "Print" at the same time) ? I think you will have bottlenecks in Samba and Ghostscript itself, because you need time to generate the PDFs and you will also have the bottleneck of write to disk and send e-mails. Depends on the implementation of your script, but you can easily figure that out testing with only two clients and big files, I don't think your problem will be related to the number of clients but with the size of files. > I'm as well interested at building a small "admin" web > page where one can see the queue, the last 10 job > entries, the load, possibly a usage graph, etc. Sounds like CUPS to me. :) > Hints from a similar setup are welcome. > TIA, > Charles I think you can extend CUPS to what you need. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrjECj65ZxU4gPQRApwBAJ90q58Ly6Okl0djO1uE9JkiqoPjSgCgvmLb +x7MMVzGKHL5CxdOauQNSfA= =8wGV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rogue smbd processes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 06:08 PM, Jonathan M. Prigot escreveu: > This is a follow-on to my previous message about some 3.0.23b Solaris smbd > processes going rogue and eating CPU time. One characteristic of the > processes are that the effective UID of the process is the user's UID, rather > than root's which is what a see for the well behaved processes. Any ideas how > that could be happening so that I can get closer to a solution? Thanks. Are you upgrading? It could be a regression in the code. Can you outline changes in the server and environment between the last working version and the new one? If this is a new setup, are you using system policies or other time of resource limitation/control? Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrZ6Cj65ZxU4gPQRAlZLAJ9Ick8k6XK2x8e/TKPYw/bVCRgOQACfUbn0 xqx/zN8zFO50BQaeJIvA6Gc= =s8Nc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 04:40 AM, [EMAIL PROTECTED] escreveu: > Hi everyone! > > I have two strange problems I cannot solve with my PDC SAMBA: > 1) >>From every XP Pro PC I can access but sometimes I have to try 5 or 6 times > to enter my domain. Then, once entered, everything works good, until next > login, when I have the same problem. > This is what I can see in SAMBA log file: > [2006/09/12 09:17:42, 1] smbd/service.c:close_cnum(835) > mario (192.168.1.101) closed connection to service mario > [2006/09/12 09:19:44, 0] lib/util_sock.c:get_peer_addr(1150) > getpeername failed. Error was Transport endpoint is not connected > [2006/09/12 09:19:44, 0] lib/util_sock.c:write_socket_data(430) > write_socket_data: write failure. Error = Connection reset by peer > [2006/09/12 09:19:44, 0] lib/util_sock.c:write_socket(455) > write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection > reset by peer > [2006/09/12 09:19:44, 0] lib/util_sock.c:send_smb(647) > Error writing 4 bytes to client. -1. (Connection reset by peer) > [2006/09/12 09:19:47, 1] smbd/service.c:make_connection_snum(642) > > > > 2) >>From a Win 2000 Pro PC I cannot login as the same user that works on the > XP. It says something like there is not enough space on the server and it > cannot create profile, but it's impossible,I have more than GBs free on my > server. > > Plase, help me! :-) We will need the smb.conf to check your configuration and try to figure out what's going on. Did you really have space and permission in the profiles directory on your Samba Server? > Thanks a lot in advance > Stefano Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrSRCj65ZxU4gPQRAozTAJ4s2EMJRZMGwhf/OCL4JRI51fcyiACfePMV lcenXW7WOETStMgfmGE4LSA= =mZ1+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/14/2006 10:16 AM, Kashif Ali Bukhari escreveu: > Hello list >i want to configure samba as PDC along with linux > accounting system > and also tell me if any webbased configuration tool for such thing Read the official Samba HOWTO from the samba.org webpage, and also the Samba By Example, both documents can lead you to sucessful PDC configuration. There are webbased tools depending on what you need/want, you could check phpLdapAdmin, LAM (LDAP-Account-Manager), Samba Console (IDEALX), SWAT and probably the new tools from the Google Summer of Code, you can also check Pagode/Jegue (Brazilian tool). Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrRDCj65ZxU4gPQRAsu3AJ48syA6SCyVZ8n9UJ8K8+yyZnq7+gCfSEUB j5j+iBwwhmZLplO/Rwc6ixc= =l098 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] No predefined Groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 06:12 PM, Sven Kusig escreveu: > Hello, > > I have set up a Samba-Server (samba-3.0.23a-0.1.34.x86_64.rpm and after that > samba-3.0.23c-0.1.36.x86_64.rpm) as PDC and tdbsam-passdb backend. I can > add XP-Computers and Users to the Domain, but the Domain-Users has problems > with Access-Rights on the Win-XP-Systems. The Reason is (i think so) that > samba has not generated the typical Groups: Result from 'net groupmap list' > => nothing ! > I have added the 'Domain Admins' & 'Domain Guests' manualy with the 'net > groupmap add ...', but this was not the hit. > > On a second machine with the identical smb.conf-File but Samba version > '3.0.20b-3.3-SUSE' all is fine ('net groupmap list' shows 3 Domaingroups and > 9 Localgroups). > > What can be the reason and how i can fix that ? The default group entries changed in the new 3.0.23, did you the changes in the 3.0.23 release notes? LDAP Changes There has also been a minor update the Samba LDAP schema file. A substring matching rule has been added to the sambaSID attribute definition. For OpenLDAP servers, this will require the addition of 'index sambaSID sub' to the slapd.conf configuration file. It will be necessary to run slapindex after making this change. There has been no change to actual data storage schema. > Thanks > Sven Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrO/Cj65ZxU4gPQRAv0+AJ92DtiVeRbN50SS2iuDGIUTRGhUHgCgqMLN rLsWHxsRkZt7/lZz/ChgQDE= =jlgS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour when joining the domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 10:56 AM, Christian Tardif escreveu: > Felipe Augusto van de Wiel wrote: >> Hmmm, AFAIK, the master should be on the PDC. My best >> guest (if I understood correctly) is that your problem is the >> use of slave LDAP as PDC. > > You're probably right, but the fact that I'll have more than > one samba server to be served by the same directory tree does > not allow me to go into this direction. I HAVE to stick with > a master/slave scheme. No problem at all. But the PDC and the master should work together. I have a network with one master (PDC) and eight slaves (BDCs). > Unless > you have a way to permit machine accounts to be created on a local > directory tree while users are on a master directory tree and replicated > locally. On my network it is alittle bit different because we keep manual control of all the machines on the domain, so we create them manually. :) > I don't think I had any problem when I did my first testss. The > ldap database whas, in fact, locally defined. As I said, you can have multiple servers, as long as the PDC plays with the LDAP master. :) The don't need to be in the same machine. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrMrCj65ZxU4gPQRArHAAKCSIjIO5okSy0eCYtqh8bCKReMmLwCgnr9Q mVEdRn9NU99NUNvdGXrXQTU= =FvEg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 PDC - trouble renaming domain member computer
All, I've got a Samba 3 PDC serving numerous XP clients, and I'm getting an error I wouldn't have expected. When trying to rename an XP machine joined to the domain (via "netdom renamecomputer"), the command fails unless the specified domain user has UID 0. The command in question: netdom renamecomputer %COMPUTERNAME% /newname:%NEWNAME% /userD:DOMAIN\USER /passwordd:PASSWORD /force fails with "error 5: Access is denied" for UID >0 accounts, and succeeds for an account with UID 0. Some background: I have the following group mappings: net groupmap list Domain Administrators (S-1-5-21-1079125125-2089603153-60846589-512) -> Domain Admins Domain Users (S-1-5-21-1079125125-2089603153-60846589-513) -> Domain Users Domain Guests (S-1-5-21-1079125125-2089603153-60846589-514) -> Domain Guests Domain Admins has a few members; among them, account testadmin has UID 0, and account printsetup has UID 12632. Domain Admins has the following rights: net rpc rights list "Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege "Domain Admins" members have no individual rights assigned; rights are assigned to the group only. So, it comes down to this: printsetup and testadmin have the same rights, the same group memberships, the same everything except UID. I've looked through the available rights list in the Samba docs and didn't see a specific "rename computer" right, and I would have expected membership in "Domain Admins" to be sufficient. However, I've found that UID >0 accounts can't rename domain computers; UID 0 accounts can. Is this a known issue? I haven't seen anything in the docs, but I'll be digging in again shortly. High-level debugs available upon request. Thanks, Ryan - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour when joining the domain
Felipe Augusto van de Wiel wrote: Hmmm, AFAIK, the master should be on the PDC. My best guest (if I understood correctly) is that your problem is the use of slave LDAP as PDC. You're probably right, but the fact that I'll have more than one samba server to be served by the same directory tree does not allow me to go into this direction. I HAVE to stick with a master/slave scheme. Unless you have a way to permit machine accounts to be created on a local directory tree while users are on a master directory tree and replicated locally. I don't think I had any problem when I did my first testss. The ldap database whas, in fact, locally defined. Strange things could happen on Microsoft Windows networks. :) Let's try to work on te samba side first to check if it is the problem, if you can change the slave LDAP to a master one and test again, it could lead us to better ideas/conclusions. -- Christian Tardif Servinfo [EMAIL PROTECTED] 514.237.6332 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Time take to copy file from Samba to Windows XP
You could increase your transfer rate changing the socket options. Increase the SO_SNDBUF and SO_RCVBUF to bigger values such as 16384 for 16 Mbps buffer size. Test higher values for your environment. On 9/15/06, Komal Shah <[EMAIL PROTECTED]> wrote: Hello, How much time should it take to copy 1Gb to 5Gb from from Samba server to Windows Xp in gigabit network? Default Samba configs, a single copy of a 1GB file takes about 70 seconds to complete, about 14MBps, 117Mbps, about 11% network utilization. A Windows 2003 server, similar hardware, same network connection, can transfer the same 1GB file in about 28 seconds, 36MBps, 292Mbps, almost 30% network utilization. Apache takes 16 seconds, 64MBps, 512Mbps, over 50% network utilization. What can be done to speed up transfer rate? Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with FC4 Samba 3.0.23a and Windows XP PRO 2002
On Friday September 15 2006 9:19 am, Mark L. Wise wrote: > > > I upgraded the server to a FC4 Box with SAMBA 3.0.23a > > > > There are several changes in the 3.0.23 series, did > > you read about that changes and how it could impact your > > installation/configuration? > > I'm going to show my ignorance here, but I need the information :-) > > Where do I read about the changes between the versions? www.samba.org/samba/history/samba-3.0.23.html > > > Probably, you will need to attach your smb.conf and > > a more verbose log, increase the loglevel/debuglevel). > > How do I increase the loglevel/debuglevel? smb.conf > > Mark > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hide files not work
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 06:38 AM, C.Rathnasinghe escreveu: > Hi > > I'm using samba 3 I want to hide dot files I used > hide files = .* > hide dot files = yes 'hide dot files' should be yes (default). Remove the options from your smb.conf and run a testparm -v, and then check what is the value of 'hide dot files'. If should work out of the box, without extra options like 'hide files = .*', anyway, if it is really not working it looks like a bug, let's test a couple of things first before "bug" the Samba Developers. ;) > and even veto file no success at all, help would be greatly > appreciate. It is really strange. Can you please send you smb.conf and the version of samba you are using. > cheers > chaminda Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCqmuCj65ZxU4gPQRAjvpAJ0dbouhZPSqFeeXxPWJGR4MbBgw4wCfat6K bdt5PF4dJOWwNg6johYTH+0= =tt01 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password Change & WinXP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 02:53 AM, Martin Hochreiter escreveu: > Hi! > > I am running Samba 3.23c with Ldap. > > Recently I changed my password via smbpasswd on the PDC. > The mailserver and the Webserver (both are querying a replication > of the ldap) have the new password - also a W2K workstation does but > on the WinXP clients that are using the domain too I have to use the > old password. > > Is there a reason for that? No. Something is wrong somewhere. Do you have a local account on WinXP? > lg > Martin Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCqojCj65ZxU4gPQRAk25AJoDZXXc96YZnUMKxSR28y9n8BqTugCZAWPr dRrUHmMk3VQ/3z1QLDYEUvA= =JgtV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] re: Support of Samba on RHEL4?
Alex, I could not agree more with you. BTW, perhaps you already know, but just in case: If you want to see the patches applied to a package during its history, and you don't need to dig into the sources themselves, you can query the changelog for an rpm package without having to download sources: rpm -q --changelog package for example for my samba-3.0.10-1.4E.2 rpm -q --changelog samba * Wed May 11 2005 Jay Fenlason <[EMAIL PROTECTED]> 3.0.10-1.4E.2 - include the -bug157208 patch. to close bz#157208 CRM 511318 - smbfs dont respect uid and gid options when mounting * Fri Apr 29 2005 Jay Fenlason <[EMAIL PROTECTED]> - include the -smbspool pattch from RHEL-3, to close bz#155350 SAMBA client working, printer configuration not working - include the -winbindd_2k3sp1 patch to allow Samba to authenticate against a Windows 2003 SP1 machine. This closes bz#154558 Winbind refuses to authenticate against Windows 2003 SP1 * Wed Mar 30 2005 Jay Fenlason <[EMAIL PROTECTED]> 3.0.10-1.4E.1 - try the -gcc4 patch, to see if it solves problems with nmbd crashing. bz#150582 ? nmbd dies when windows client requests browse list * Tue Jan 04 2005 Jay Fenlason <[EMAIL PROTECTED]> 3.0.10-1.4E - Upgrade to 3.0.10, to close bz#143983 This obsoletes the -CAN-2004-1154 patch. - Include the -64bit patch from Nalin. This closes bz#142873 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour when joining the domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 01:24 AM, Christian Tardif escreveu: > Just installed a new SAMBA-LDAP-PDC server on my network. I followed > the Linux Samba-OpenLDAP Howto, revision 20060710, so I would assume my > setup is correct. > > My LDAP setup is a master/slave setup. The master is on a remote server, > and the lave is local. When joining the domain (WinXP), it sometimes > takes three-four times to be able to reach the domain(user administrator > with uidNumber to 0). I machine account not as a sambaSamAccount, but as a regular posix > account. After some trials, it finally welcomes me to the domain. But > the problem is that this machine account is created in a disabled > status. In order to log on the domain with a regular user account, I > have to first enable the machine account (which is OK but...). Hmmm, AFAIK, the master should be on the PDC. My best guest (if I understood correctly) is that your problem is the use of slave LDAP as PDC. > My questions are why is it so long to create the machine account? > Why is it creating it asa posix-only account at first? Why, finally, is > it creating it in a disabled state? Strange things could happen on Microsoft Windows networks. :) Let's try to work on te samba side first to check if it is the problem, if you can change the slave LDAP to a master one and test again, it could lead us to better ideas/conclusions. > Thanks, Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCq2dCj65ZxU4gPQRAk1nAJ9H+CY9fxO8l+T70tQy4q6FXY9oyQCgicR4 27x/JXGFjCZBgwQ+0xpIRzY= =Da75 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Time take to copy file from Samba to Windows XP
Hello, How much time should it take to copy 1Gb to 5Gb from from Samba server to Windows Xp in gigabit network? Default Samba configs, a single copy of a 1GB file takes about 70 seconds to complete, about 14MBps, 117Mbps, about 11% network utilization. A Windows 2003 server, similar hardware, same network connection, can transfer the same 1GB file in about 28 seconds, 36MBps, 292Mbps, almost 30% network utilization. Apache takes 16 seconds, 64MBps, 512Mbps, over 50% network utilization. What can be done to speed up transfer rate? Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hide files not work
I have the same problem... For several workstation, I have the desktop.ini that is displayed in several menu. I try to put "hide files = /RECYCLER/desktop.ini/Desktop.ini/Thumbs.db/" in the profile section, but it doesn't work!!! Should I change the parameter declaration on an other section? But I try in the global but no changes!! Thanks for your help, Mike - Original Message - From: C.Rathnasinghe <[EMAIL PROTECTED]> To: samba@lists.samba.org Sent: vendredi 15 septembre 2006 11 h 38 GMT+0100 Subject: [Samba] hide files not work Hi I'm using samba 3 I want to hide dot files I used hide files = .* hide dot files = yes and even veto file no success at all, help would be greatly appreciate. cheers chaminda -- This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure.Ministry of Finance & Planning does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by Ministry of Finance & Planning Sri Lanka in this regard. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems with FC4 Samba 3.0.23a and Windows XP PRO 2002
> > I upgraded the server to a FC4 Box with SAMBA 3.0.23a > > There are several changes in the 3.0.23 series, did > you read about that changes and how it could impact your > installation/configuration? > I'm going to show my ignorance here, but I need the information :-) Where do I read about the changes between the versions? > Probably, you will need to attach your smb.conf and > a more verbose log, increase the loglevel/debuglevel). > How do I increase the loglevel/debuglevel? Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More problems with samba 3.0.23c and NT4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/14/2006 03:33 AM, A. Pohl escreveu: > Hi everyone! > > I have some trouble with samba 3.0.23 as PDC for NT4 workstations with SP6a. > I have upgraded from samba2. There are an important number of changes in the Samba 3.0.23 series, did you check the NEWS and upgrade information to see how it impacts your configuration? > 1. The ntconfig.pol from the netlogon-share does'nt work. > I get a prf1.tmp in the User-Profile-Folder and the policy > wouldn't mix to the registry. In the Event-Log I found an > entry "RegLoadKey ist mit dem Fehler 87 für > C:\WINNT\Profiles\aba\prfD.tmp gescheitert." EventId:1000 > from Userenv. > The same with an XP-computer works without problems. Are you upgrading from one version of Samba to a new one, or is this a fresh installation? > 2. I haven't the security-tag in the property-window of a > file or directory on the samba-shares. The tab is there > under winxp but not in NT4. Sorry, I don't know about this detail. > Is there something broken?? Maybe. Can you send your smb.conf? If you can, increase the loglevel and send the important part (while doing a login). > Thanks, > Andreas Pohl > [EMAIL PROTECTED] Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCqeeCj65ZxU4gPQRAsh6AJ9mlY0lFGBhWOBh6tt5O6v3KdxP2wCgnMM2 os5gjvv2uYdksrqDOYLh3A8= =4Asv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to change perimissions across a directory tree
Hello all, I have samba 3 with a share named shareA using these settings: [shareA] comment = Directory Amministrazione path = /col/shareA browseable = no valid users = @amm force group = amm public = no writable = yes create mask = 0770 directory mask = 0770 printable = no where user1, user2, user3 and user4 belong to "amm" group. I would like to differentiate permissions and have them become something like: 1) these users: user1 user2 read only to the directory: \shareA\dir1 \shareA\dir2 2) these users: user3 user4 read wrtite to the directory: \shareA\dir1 \shareA\dir2 3) user1 user2 user3 user4 read wrtite to the directories \shareA\dir3 \shareA\dir4 4) full control for user1, user2, user3 and user4 to the other directories under \shareA (as is now for all what is under \shareA) Thanks in advance. Bye, Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba tuning advise
You should also consider increase the SO_SNDBUF and SO_RCVBUF in socket options. I have used values like 16384 and got some performance increase for reading and writing to the shares. Increase this value in your environment to get and test one good for you. On 9/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Helo, We use a big fileserver running Linux/Samba as fileshare. We are facing performances problems for which we'd like some advise : Clients are OS2(LanManager) and windows 2000 reading and writing lots of files in the same directory on the fileshare. We currently have more than 80 000 files in the directory (files size is about 100 Bytes). Could you please advise us some Samba tuning you would apply in a such situation. I'm sure you also have some recommendations on Linux parameters like filsystem type, general kernel/network settings. Feel free to forward this to whoever who could help us. Regards. Salutations / Kind Regards Fabrice -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with FC4 Samba 3.0.23a and Windows XP PRO 2002
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 03:15 PM, Mark L. Wise escreveu: > Hello all! > > I have just upgraded a system that previously had SAMBA running on an SCO > Unix server with various flavors of Window clients XP, 98, ME, Media, > 2000, etc. > > I was using plain text passwords and USER authentication. > > I upgraded the server to a FC4 Box with SAMBA 3.0.23a There are several changes in the 3.0.23 series, did you read about that changes and how it could impact your installation/configuration? > All of the clients reconnected to their shares/printers EXCEPT the Windows > XP PRO 2002 clients (2). > > The log files for samba show: > > [2006/09/12 11:40:24, 0] auth/pampass.c:smb_pam_passcheck(810) > smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User graham ! > > I am confused as to why these two machines are asking for (getting) > smb_pam_auth when I am using plain text passwords > > Any help out there? Probably, you will need to attach your smb.conf and a more verbose log, increase the loglevel/debuglevel). > Thanks for any thoughts > Mark Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCpuJCj65ZxU4gPQRAk03AJ498Pzoc9skF/V/BSbIScsZlygGBwCdGghM Qd4s1SFOrRphSJXJWUAFVMk= =MpJh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo -t error when samba server is restarted and windows 2000 domain server keeps running
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 11:52 AM, Urik escreveu: > I allways use 'net rpc join' - allways with 'rpc' option. I did not run > 'net join' when machine is working normally. > By mistake I included content of smb.conf that was made for testing. > "Production" smb.conf has workgroup = METAL, other setting are same. Ok, can you try a 'net join' under normal circunstances? :) Increase the loglevel/debuglevel and attach the relevant part (the one while you are joining). Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCpr1Cj65ZxU4gPQRAhtDAJ4zVACGhbF4vYVLxbXSxqF9ze58JACgkq3g fnfyom+PyRhEZF+9bIfBncs= =011W -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] accessing windows shared folders from vmware guest linux
Hi, i've just installed vmware 5.5 on a win2k SP4 machine, and i've installed a Suse 10.1 on the virtual machine. actually i'm using *only* the command line interface on linux, my goal is only to be able to compile the C++ source files i have on my windows partition with gcc on linux. in order to do this, i need to mount my windows partition in my linux, and i need to be able to write as well, as some files (other than just the object files) are generated while compiling. i think this should be possible by mounting the windows folders using samba. so i've installed samba on my linux (Version 3.0.22-11-SUSE-CODE10), and tried to connect to my windows shared folders. however, i always get some authentication or access failure. for instance, the following command: smbclient //fili/xlibs -U dvergnaud raises the following error: session setup failed: NT_STATUS_LOGON_FAILURE of course the computer does exist, the windows folder is shared, and the username and password are correct. if i try something like this: smbmount //fili/xlibs /mnt/temp -o username=dvergnaud i get the following error: 3600: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed the weird thing is, it all works fine when doing it from another linux computer (where linux runs natively). that means, as i see it, that either there's a problem with VMware and samba working together, or my samba client is not properly configured -- although i'm not aware that it's much configurable... has anyone already had such a problem? or does anyone have an idea what i'm doing wrong? thx a lot for helping me out! David -- View this message in context: http://www.nabble.com/accessing-windows-shared-folders-from-vmware-guest-linux-tf2276814.html#a6322998 Sent from the Samba - General forum at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] profiles on two domains
Hi, We (being a College dept) have a staff network and a student lab, each residing on separate networks and samba domains. Staff can log into STAFFNET, whose PDC is STAFFSERVER. Students can log into STULAB, whose PDC is STUDENTSERVER. There's a one-way trust relationship between the two domains. STUDENTSERVER is the only machine on the student network allowed to talk to STAFFSERVER. STULAB trusts STAFFNET. Passwords are all stored in the same LDAP database. The SIDs refer to STAFFNET. I'd like staff to be able to log in to STULAB, but be given a student-like experience. With the above setup, they can authenticate to STAFFNET and so log in to Windows, but they can't retrieve their (STAFFNET) profile or access their home directory. Is it possible for samba on STUDENTSERVER to mangle the profile path and home directory for our STAFFNET users, or possibly force in what it thinks is right for STULAB? Thanks Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CIFS file permission
Hello, I am facing a weired problem with CIFS.I am mounting Windows Share using CIFS.Mount works properly.Permission of files and folders are -rwxrwxrwx Now the problem is if I change the read only attribute from Windows machine of the share permission of Linux is r-xr-xr-x, which is expected behaviour. But if i remove the read only attribute on Windows Linux permission is not getting updated. Any idea? Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba tuning advise
On Thu, Sep 14, 2006 at 08:08:07PM +0200, [EMAIL PROTECTED] wrote: > Helo, > > We use a big fileserver running Linux/Samba as fileshare. > We are facing performances problems for which we'd like some advise : > > Clients are OS2(LanManager) and windows 2000 reading and writing lots of > files in the same directory on the fileshare. > We currently have more than 80 000 files in the directory (files size is > about 100 Bytes). > > Could you please advise us some Samba tuning you would apply in a such > situation. I'm sure you also have some > recommendations on Linux parameters like filsystem type, general > kernel/network settings. > > Feel free to forward this to whoever who could help us. Here's a copy of an old mail of mine > So here's how to set up an application that needs large > number of files per directory in a way that doesn't damage > performance. > > Firstly, you need to canonicalize all the files in the > directory to have one case, upper or lower - take your > pick (I chose upper as all my files were already upper > case names). Then set up a new custom share for the > application as follows: > > [bigshare] > path = /home/jeremy/tmp/manyfilesdir > read only = no > case sensitive = True > default case = upper > preserve case = no > short preserve case = no > > Of course, use your own path and settings, but set the > case options to match the case of all the files in your > directory. The path should point at the large directory > needed for the application - any new files created in > there and in any paths under it will be forced by smbd > into upper case - but smbd will no longer have to scan > the directory for names - it knows that if a file doesn't > exist in upper case then it doesn't exist at all. > > The secret to this is really in the "case sensitive = True" > line - it tells smbd never to scan for case-insensitive > versions of names. So if an application asks for a file > called "FOO", and it can't be found by a simple stat call, > then smbd will return file not found immediately without > scanning the containing directory for a version of a different > case. The other "xxx case xxx" lines make this work by forcing > a consistent case on all files created by smbd. > > Remember, all files and directories under the "path" directory > must be in upper case with this smb.conf stanza as smbd won't > be able to find lower case filenames with these settings. Also > note this is done on a per-share basis, allowing this to be set > only for a share servicing an application with this problematic > behaviour (using large numbers of entries in a directory) - the > rest of your smbd shares don't need to be affected. > > This makes smbd *much* faster when dealing with large directories. > My test case has over 100,000 files and smbd now deals with this > very efficiently. > > So please give this a test if you have problems with > Samba and large sized directories. Remember this is in SVN code > only, it isn't in the 3.0.11 pre releases or rc candidates, > as we need to ensure this new code is correct. If you > can help me test it it'll be in 3.0.12 (security problems > notwithstanding :-). > > Cheers, > > Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Printing problems with samba 3.0.23c and NT4
Hi, I have the same problem on a NT4 SP3. I must made a workaround (using direct print, without pass by samba), but the problem still present. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 13/09/2006 10:36:01 : > Hi everyone! > > I have upgrade my fileserver from samba2-smbpasswd to samba3.0.23c > with LDAP-PDC. > Now i can't print to the printers on that server with NT4. "net use > ..." is functional, but if I print to that printer, I get the > error - free translated from german message - "The syntax of the > filename, directory name or the disc-label is wrong." > > WinXP hasn't that problem. > The share is defined in this way: > > [global] > ... > printing = BSD > ... > [pspdf] > path = /tmp > printable = yes > print command = /usr/local/bin/samba2pdf %s %U > use client driver = yes > > I have played with "use client driver", with no success. > > Is the printing-support for NT4 broken? > > Thanks a lot in advance > > Andreas Pohl > [EMAIL PROTECTED] > -- > INTERMET Ueckermünde > D-17373 Ueckermünde, Eggesiner Str. 11 > Tel.: +49 (0) 39771 2120, Fax: +49 (0) 39771 21210 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.23c compatibility with openldap versions
Are all versions of openldap compatible with Samba 3.0.23c? If no, please let me know the least version of openldap which I need to have for Samba 3.0.23c working? Thanks, Dil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Support of Samba on RHEL4?
Hello, A while ago I asked what kind of Samba packages I could use on RHEL4. If I use the packages from www.samba.org then I'd void the support agreement with Red Hat. (...) Downloading and investigating the latest Samba source package from RHN (samba-3.0.10-1.4E.9.src.rpm) told me that the Samba package of RHN is based on the native 3.0.10 Samba package of samba.org with some necessary patches (samba-3.0.10-winbindd_2k3sp1.patch, samba-3.0.10-ldap-failover-timeout-backport.patch are the most important ones for me), while even the patches come from samba.org In samba-3.0.10-ldap-failover-timeout-backport.patch I found this statement: + /* Setup alarm timeout Do we need both of these ? JRA. */ This is from Jeremy Allison of samba.org... Is there any technical reason NOT to use the packages of samba.org on RHEL4? Regarding the above info I'd like to use the original samba packages on RHEL4. If I only void support for Samba at Red Hat, so be it. I'm convinced I'm better off with Samba support at samba.org... Regards, Alex. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday 12 July 2006 13:22 To: Alex de Vaal Cc: samba@lists.samba.org Subject: Re: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex de Vaal wrote: > > Can somebody of the Samba team explain me the difference of Fedora > packages or Enterprise packages > (http://enterprisesamba.com/) of Samba on Red Hat Enterprise Linux 4? ... > First I tried the RHEL4 packages from enterprisesamba.com, but these > packages always ended up with the error message "Segmentation fault" > while I used "net ads join"; If you need support for the SerNet packages, you will have to contact SerNet. > Therefore I compiled the Fedora source package on RHEL4; this went > well. ... > I'd like to continue with the Fedora Samba package on my RHEL4 server, > but I'd like to know why or why NOT to use it! (and why I have to use > the packages of > enterprisesamba.com) The Fedora specfile provided with Samba is compatible with RHEL4. I don't build RHEL4 packages only because IMO if you pay for support for RedHat, installing non-vendor supplied packages would void your support agreement. Althought I could provide RPMS for the lates version of CentOS which should be binary comatible with RHEL4 systems. While I'm at it, is there any pressing need for 64-bit rpms as well? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEtNtRIR7qMdg1EfYRAisqAKDja37hQJsPyRdnflsgIefpmdCdBACg6iBC HrDJ2aTmeSFe5WkZa6UlxH0= =8Vw4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba tuning advise
Helo, We use a big fileserver running Linux/Samba as fileshare. We are facing performances problems for which we'd like some advise : Clients are OS2(LanManager) and windows 2000 reading and writing lots of files in the same directory on the fileshare. We currently have more than 80 000 files in the directory (files size is about 100 Bytes). Could you please advise us some Samba tuning you would apply in a such situation. I'm sure you also have some recommendations on Linux parameters like filsystem type, general kernel/network settings. Feel free to forward this to whoever who could help us. Regards. Salutations / Kind Regards Fabrice -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2003 SP1 breaks kerberos on samba?
Hi I have got a Windows 2003 With SP1 domain controller and I'm moving my ISA Proxy to the Squid but I need to integrate the authentication. If I use the basic authentication it works but I need to integrate with AD. I have seen that after the SP1 on Windows it have been impossible to implemented. I not expert on Linux, could you help me to implement that solution? Sorry about my English I'm from Mozambique(not English native language). Thx Arafat M. Bique IT Management Administering and Supporting Systems MCSE - Microsoft Certified System Engineer MCSA - Microsoft Certified System Administrator CCNA - Cisco Certified Network Associate email:[EMAIL PROTECTED] Web:http://www.bci.co.mz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NMB not starting when SMB started
Hi, NMB service is not started when i start smb service. I got to started manually the nmb service after i have started the smb service. Linux version : SLES10 and SLES9 samba version : 3.0.22 What could be wrong ? _ Block pop-up ads with MSN Toolbar. http://toolbar.msn.com.my/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd wont start
Hi Tim, maybe you have a corrupted tdb. You could check with tdbbackup -v NAME.tdb in /var/lib/samba/ also, normally I would expect the tdb's to be in /var/lib/samba and only the PID's in /var/run/samba/ Rolf On Thu, 14 Sep 2006, Tim wrote: > > My samba has been setup in its current configuration for around 9 months and > has worked without a problem, over the weekend my windows boxes were unable > to access the samba shares. Using SWAT I found that the smbd was not > starting. I have tried the following: > > Trying to start smbd (as root) from the cli with: > > smbd start > > Seems to execute the command and gave no errors but still swat says that smbd > has not been started. > > If I run smbstatus (as root) from the cli I get > > Titan:/home/mit# smbstatus > sessionid.tdb not initialised > /var/run/samba/connections.tdb not initialised > This is normal if an SMB client has never connected to your server. > /var/run/samba/locking.tdb not initialised > This is normal if an SMB client has never connected to your server. > Titan:/home/mit# > > If I run testparm from cli I get > > Titan:/home/mit# testparm > Load smb config files from /etc/samba/smb.conf > Processing section "[homes]" > Processing section "[printers]" > Processing section "[print$]" > Processing section "[MP3]" > Processing section "[PICTURES]" > Processing section "[VIDEO]" > Loaded services file OK. > Server role: ROLE_STANDALONE > Press enter to see a dump of your service definitions > > [global] > ? ? ? ? workgroup = HOME > ? ? ? ? server string = %h server (Samba %v) > ? ? ? ? obey pam restrictions = Yes > ? ? ? ? passdb backend = tdbsam, > ? ? ? ? passwd program = /usr/bin/passwd %u > ? ? ? ? passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . > ? ? ? ? syslog = 0 > ? ? ? ? log file = /var/log/samba/log.%m > ? ? ? ? max log size = 1000 > ? ? ? ? server signing = auto > ? ? ? ? preferred master = No > ? ? ? ? domain master = No > ? ? ? ? panic action = /usr/share/samba/panic-action %d > ? ? ? ? invalid users = root > > [homes] > ? ? ? ? comment = Home Directories > ? ? ? ? invalid users = > ? ? ? ? read only = No > ? ? ? ? create mask = 0640 > ? ? ? ? directory mask = 0750 > ? ? ? ? browseable = No > > [printers] > ? ? ? ? comment = All Printers > ? ? ? ? path = /tmp > ? ? ? ? create mask = 0700 > ? ? ? ? printable = Yes > ? ? ? ? browseable = No > > [print$] > ? ? ? ? comment = Printer Drivers > ? ? ? ? path = /var/lib/samba/printers > > [MP3] > ? ? ? ? path = /mnt/usbhd/mp3/ > ? ? ? ? read only = No > ? ? ? ? hosts allow = **.**.**.**/**.**.**.** > > [PICTURES] > ? ? ? ? path = /mnt/usbhd/Pictures/ > ? ? ? ? read only = No > ? ? ? ? hosts allow = **.**.**.**/**.**.**.** > > [VIDEO] > ? ? ? ? path = /mnt/usbhd/Video > ? ? ? ? read only = No > > I have checked the logs for any error and this is the smbd log which give > this: > > [2006/09/13 20:12:20, 0] lib/util.c:log_stack_trace(1699) > ? BACKTRACE: 7 stack frames: > ? ?#0 smbd(log_stack_trace+0x23) [0x822b763] > ? ?#1 smbd(smb_panic+0x46) [0x822b856] > ? ?#2 smbd [0x81ea941] > ? ?#3 smbd(initialize_password_db+0xe) [0x81ea98e] > ? ?#4 smbd(main+0x591) [0x82c1cd1] > ? ?#5 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7c44ea8] > ? ?#6 smbd [0x8082a31] > [2006/09/13 20:12:20, 0] lib/util.c:smb_panic(1600) > ? smb_panic(): calling panic action [/usr/share/samba/panic-action 6192] > [2006/09/13 20:12:20, 0] lib/util.c:smb_panic(1608) > ? smb_panic(): action returned status 0 > [2006/09/13 20:12:20, 0] lib/fault.c:dump_core(173) > ? dumping core in /var/log/samba/cores/smbd > > I checked the reference /var/log/samba/cores/smbd but its not a txt based > file > so I can't say what is in it. > > My distro is debian testing with 2.6.15 kernel (from debian) Samba is 3.0.23 > (normal apt install from debian) > > Any suggestions > > Tim > > P.S. Sorry for then long post-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] New Samba GroupMapping
Hello List, In my logfile I found: Sep 11 18:40:58 gateway smbd[92133]: [2006/09/11 18:40:58, 0] auth/auth_util.c:create_builtin_administrators(785) Sep 11 18:40:58 gateway smbd[92133]: create_builtin_administrators: Failed to create Administrators Sep 11 18:40:58 gateway smbd[92133]: [2006/09/11 18:40:58, 0] auth/auth_util.c:create_builtin_users(751) Sep 11 18:40:58 gateway smbd[92133]: create_builtin_users: Failed to create Users Someone gave me the advice to read 'WhatsNEW'! Group Mapping Changes = The default mapping entries for groups such as "Domain Admins" are no longer created when using an smbpasswd file or a tdbsam passdb backend. This means that it is necessary to use 'net groupmap add' rather than 'net groupmap modify' to set these entries. This change has no effect on winbindd's IDmap functionality for domain groups. What does that means? The default mapping entries were now made only whenn using LDAP? It is not a problem to create the entries by hand or script but it would be usefull having a table with the sid key's or am i wrong? Another Problem ist getting the usersidlist. # net usersidlist [2006/09/14 12:30:00, 0] utils/net_rpc.c:net_usersidlist(4716) Could not get the user/sid list Why? I foudn no answer in the web. Thnx regards CAT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with FC4 Samba 3.0.23a and Windows XP PRO 2002
Hello all! I have just upgraded a system that previously had SAMBA running on an SCO Unix server with various flavors of Window clients XP, 98, ME, Media, 2000, etc. I was using plain text passwords and USER authentication. I upgraded the server to a FC4 Box with SAMBA 3.0.23a All of the clients reconnected to their shares/printers EXCEPT the Windows XP PRO 2002 clients (2). The log files for samba show: [2006/09/12 11:40:24, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User graham ! I am confused as to why these two machines are asking for (getting) smb_pam_auth when I am using plain text passwords Any help out there? Thanks for any thoughts Mark Mark L. Wise, President Alpha II Service, Inc. 1312 Epworth Ave Reynoldsburg, Ohio 43068-2116 614 868-5033 (Phone) 614 868-1060 (Fax) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] More problems with samba 3.0.23c and NT4
Hi everyone! I have some trouble with samba 3.0.23 as PDC for NT4 workstations with SP6a. I have upgraded from samba2. 1. The ntconfig.pol from the netlogon-share does'nt work. I get a prf1.tmp in the User-Profile-Folder and the policy wouldn't mix to the registry. In the Event-Log I found an entry "RegLoadKey ist mit dem Fehler 87 für C:\WINNT\Profiles\aba\prfD.tmp gescheitert." EventId:1000 from Userenv. The same with an XP-computer works without problems. 2. I haven't the security-tag in the property-window of a file or directory on the samba-shares. The tab is there under winxp but not in NT4. Is there something broken?? Thanks, Andreas Pohl [EMAIL PROTECTED] -- INTERMET Ueckermünde D-17373 Ueckermünde, Eggesiner Str. 11 Tel.: +49 (0) 39771 2120, Fax: +49 (0) 39771 21210 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printing problems with samba 3.0.23c and NT4
Hi everyone! I have upgrade my fileserver from samba2-smbpasswd to samba3.0.23c with LDAP-PDC. Now i can't print to the printers on that server with NT4. "net use ..." is functional, but if I print to that printer, I get the error - free translated from german message - "The syntax of the filename, directory name or the disc-label is wrong." WinXP hasn't that problem. The share is defined in this way: [global] ... printing = BSD ... [pspdf] path = /tmp printable = yes print command = /usr/local/bin/samba2pdf %s %U use client driver = yes I have played with "use client driver", with no success. Is the printing-support for NT4 broken? Thanks a lot in advance Andreas Pohl [EMAIL PROTECTED] -- INTERMET Ueckermünde D-17373 Ueckermünde, Eggesiner Str. 11 Tel.: +49 (0) 39771 2120, Fax: +49 (0) 39771 21210 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] hide files not work
Hi I'm using samba 3 I want to hide dot files I used hide files = .* hide dot files = yes and even veto file no success at all, help would be greatly appreciate. cheers chaminda -- This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure.Ministry of Finance & Planning does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by Ministry of Finance & Planning Sri Lanka in this regard. To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind and SBS 2003
Hi, I want vpn clients which have a valid x509 Cert and a valid user account in the M$ domain can access to the LAN. The M$ DC is an SBS2003 Server in mixed mode. I don't want to manage two user db's. I want the vpn server to ask the domain controller for a valid user account.So I've installed the nessecary stuff on the vpn server. The interresting things here are: samba/winbind 3.0.22 samba-common. After a while of testings and changes everything was working fine. Then one day the vpn/samba server became the same netbios name like the M$ DC accidantily.Now every time the vpn server becomes online, the SBS Server is inaccessible for the internal M$ clients, but the vpn client can still access the LAN. On some machines are popups like "The IP you are using is already in use", but it isn't. Nevertheless the NIC is getting disabled. The DC is also the dhcp server. I've renamed the samba netbios- name of course and deleted the machine account on the DC. Also I've deleted the *.tdb's on the samba machine and the samba machine became another IP-address. Then I've let the samba server rejoin the M$ Domain successfully. I can get the DC accounts by using wbinfo -u and -g. getent is working also. ntlm_auth username=<> also. Everything seems to be fine, but the internal network is breaking down by DC strike. DC's system eventlog is saying: The session could not be established, because the security database could not determine a trust account accordingly the asking computer. (Sorry, this is my translation from german. It may be not exactly the same word by word, like the original english event description. Event ID is: 5723, source: NETLOGON) That's it in the event logs. A browstat status on DC is listing: Status for domain DOMAIN on transport \Device\NetBT_Tcpip_{0D040CB9-B2E6-4BE5-BF6A-59E9C86B54EA} Browsing is active on domain. Master browser name is: TEST Master browser is running build 3790 2 backup servers retrieved from master TEST \\UMS \\TEST There are 13 servers in domain DOMAIN on transport \Device\NetBT_Tcpip_{0D040CB9-B2E6-4BE5-BF6A-59E9C86B54EA} There are 2 domains in domain DOMAIN on transport \Device\NetBT_Tcpip_{0D040CB9-B2E6-4BE5-BF6A-59E9C86B54EA} A nmblookup -M DOMAIN: TEST When network is going down on the samba server, everything awakes... The event log o n the local XP clients complains something like: There is no Domain Controller available by following reason: the RPC call was aborting Event ID:5719 The event log on UMS, the backup browser complains:The reading of the backuplist aborted because there is no master browser accessible The backup browser could not get a serverlist from the master browser on the network {... }Event ID:8021. It looks like the SBS2003 machine can't 'forget' that a second machine with the same netbios name was appearing in the network. Perhaps the reason therefore is the special SBS license. However, perhaps someone has done the same experiences and maybe, much more important, worked out a solution for this problem. The smb.conf: [global] workgroup = DOMAIN os level = 0 preferred master = No local master = No domain master = No wins server = 172.16.5.60 interfaces = eth1 log file = /var/log/samba/log.%m max log size = 1000 syslog = 6 security = Domain passdb backend = tdbsam obey pam restrictions = yes invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . ;domain logons = yes ;logon drive = H: ;logon home = \\%N\%U ;logon script = logon.cmd socket options = TCP_NODELAY winbind separator = + winbind enum users = yes winbind enum groups = yes idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false Thanks for answer Hugo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba