Re: [Samba] Samba PDC...password question

2006-10-05 Thread Steve 
On Wednesday 04 October 2006 1:20 pm, you wrote:
>   Cannot change password - "Permission denied" error
>
>
>   smbd/chgpasswd.c:findpty(73): findpty: Unable to create
>   master/slave pty pair
>
> Make sure that /dev/pts is mounted properly. This will vary depending on
> your server distribution

Hi Scott,

Thanks for the tip.  Apparently in Mandriva /dev/pts is mounted by udev on the 
fly.  Mandriva 2006 notes the following:
for udev-068-34mdk.i586
- remaining bug is lack of /dev/ptmx support in PAM
So apparently /dev/pty never gets created when /usr/bin/passwd gets called 
from samba.

Setting unix password sync = no enables windows users to change their password 
from windoze.  This is what we're going with now, as windoze users never log 
onto Linux boxen.

Steve
>
> Steve Glasser wrote:
> > On Wed, 2006-10-04 at 11:59 -0600, Scott Mecham wrote:
> >> Actually, we have that set back to sync. It does work fine.
> >
> > Hey Scott,
> >
> > Thanks for writing back.
> >
> > What the bleep are we doing wrong?  We keep getting the message: "You do
> > not have permission to change your password"
> >
> > I thought that was an issue created by winXP sp1, which was fixed long
> > ago.  WTF?
> >
> > Steve

-- 
Steve Glasser
Network Administrator
Flying Pig Computer Svc.
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ADS authentication issues.

2006-10-05 Thread Jeff Honey 
log.winbindd
[2006/10/05 17:14:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(310)
  Username MYDOMAIN\MYCOMPUTER$ is invalid on this system


I get the above-listed entry in my winbindd log and my smbd log when attempting 
to access a simple network share I've created.


[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.NET
security = ADS
auth methods = guest, sam, winbind
password server = kds.mydomain.net
wins server = 1.2.3.4
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
guest ok = Yes
[me]
path = /home/me
valid users = me
admin users = me, root
read list = @users
read only = No
guest ok = No


This is my, seemingly simple, smb.conf setup. I've done all of the other 
requisite setup with Kerberos and have joined successfully to the domain as a 
member. I can also perform all of the tests (wbinfo, getent, etc) successfully 
against the local machine and against the domain. I can browse to the share but 
I get a logon box when I attempt to access its contents, which won't go away. 
Oh, I've also done net ads groupmap for the local users group to the domain's 
"Domain Users" group.

My goal is to setup ubiquitous SMB shares for my Windows domain users to a 
simple domain member server and compartmentalize that access based upon group 
membership.

I've steeled myself against the inevitable lambasting I'm sure to get for 
whatever boneheaded mistake I've made, so I'm asking for help from the group on 
this one. After doing my RTFM research I'm stumped.


¤¤¤
¤ Jeff Honey, Network Administrator
¤ PS America, Inc.
¤ 4426 N. Orange Blossom Trl
¤ Orlando, FL  32804
¤ 407-521-1011 voice
¤ 407-521-1007 fax
¤¤¤  
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbd hanging on OS X 10.4.8

2006-10-05 Thread nicerobot 
Hi,
If process all my mounts prior to the "..." bit below. It looks as if
it's hanging while processing some printer config. On that assumption
and since I don't and never have had any printers attached, I've
commented out the '[printers]' section from smb.conf. No section
contains a 'printable = yes'. I've tried with all sections containing
'printable = no'. The '[global]' section includes 'load printers = no'.
Still it hangs. Any clue or tips on things to try are greatly
appreciated. Apple hasn't been able to reproduce the problem and haven't
been able to come up with any recommendations that I haven't already tried.
Thanks

$ smbd -V
Version 3.0.10
$ smbd -i -d 100 -s /etc/smb.conf
...
lp_servicenumber: couldn't find printers
lp_file_list_changed()
file /etc/smb.conf -> /etc/smb.conf last mod_time: Mon Oct 2 13:46:25 2006

added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="DODO"
loaded services
fcntl_lock 6 8 0 1 3
fcntl_lock: Lock call successful
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Opening cache file at /private/var/samba/gencache.tdb
namecache_enable: enabling netbios namecache, timeout 30 seconds
reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print]
sorted_tree_add: Enter
sorted_tree_find_child: Did not find [HKLM]
sorted_tree_birth_child: First child of node [NULL]! [HKLM]
sorted_tree_find_child: Did not find [SYSTEM]
sorted_tree_birth_child: First child of node [HKLM]! [SYSTEM]
sorted_tree_find_child: Did not find [CurrentControlSet]
sorted_tree_birth_child: First child of node [SYSTEM]! [CurrentControlSet]
sorted_tree_find_child: Did not find [Control]
sorted_tree_birth_child: First child of node [CurrentControlSet]! [Control]
sorted_tree_find_child: Did not find [Print]
sorted_tree_birth_child: First child of node [Control]! [Print]
sorted_tree_add: Successfully added node
[HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree
sorted_tree_add: Exit
reghook_dump_cache: Starting cache dump now...
ROOT/: [HKLM] (NULL)
ROOT/HKLM/: [SYSTEM] (NULL)
ROOT/HKLM/SYSTEM/: [CurrentControlSet] (NULL)
ROOT/HKLM/SYSTEM/CurrentControlSet/: [Control] (NULL)
ROOT/HKLM/SYSTEM/CurrentControlSet/Control/: [Print] (data)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 6713 auth requests from single user

2006-10-05 Thread Tom Brown 

OS: Debian Woody
Samba: 3.0.4

I am seeing the following lines show up over 6713 times over the course of a 
day in the log:

[2006/10/05 16:05:55, 2, pid=7233, effective(65534, 65534), real(65534, 0)] 
auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [GEER] -> [GEER] -> [geer] 
succeeded

This user also cannot access the internet when the fileserver is down. This 
leads me to believe that the user is being authenticated through the 
fileserver everytime the user tries to access the internet. Any ideas on what 
would be causing this?

Thanks,
Tom
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbindd and getent group problem

2006-10-05 Thread Todd Barbera 
Hi,

 

I installed and configured Samba 3.0.23c as a domain member. I am
running winbindd on Solaris 8 Sparc. I am seeing a strange behavior
after the configuration. If I issue a "wbinfo -g" I see all the NT
groups. Likewise, if I issue a "wbinfo -u" I see all the NT users.
Continuing on with a "getent passwd" shows me the combined Unix and NT
accounts, but "getent group" shows me my Unix groups and ONLY the Domain
Admins group. Has anyone seen this behavior before? Thanks. 

 

Todd 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: RES: [Samba] Samba 3.0.23c-1.fc5 problem - groups

2006-10-05 Thread Luis Felipe Marzagao/Yahoo 

Thanks for your concern, anyway!

-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de
Felipe Augusto van de Wiel
Enviada em: quinta-feira, 5 de outubro de 2006 13:49
Para: samba@lists.samba.org
Assunto: Re: RES: [Samba] Samba 3.0.23c-1.fc5 problem - groups

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



On 10/05/2006 11:43 AM, Luis Felipe Marzagao/Yahoo escreveu:
> Hi, Felipe.
> 
> Thanks a lot for replying.
> 
> Are you from Brazil? I ask because of the domain "paranacidade.org". 
> I´m from Brazil.

Yes, I am! :)


> Well, I´m not a expert on Samba or anything, so I really can´t tell if 
> its a problem or not.
> 
> Actually, Volker Lendecke was kind enough to tip me a workaround this 
> issue, as follows. It seems it´s something about fc5.

Forget what I said! :-)

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de
Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFJTeVCj65ZxU4gPQRAtNHAKCSjbqpKJlvegcO/KtUylo47kODRwCfTgXK
78LljS3Kk20bSDtKkAtS1DE=
=PfF3
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba




___
O Yahoo! está de cara nova. Venha conferir!
http://br.yahoo.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Re: Samba 3.0.23c-1.fc5 problem - groups

2006-10-05 Thread Rex Dieter 
Felipe Augusto van de Wiel wrote:

> On 10/05/2006 11:31 AM, Rex Dieter escreveu:

>> groupmap sounds interesting, but does that imply that the old-style group
>> usage is now invalid/deprecated?  It seems so (intentionally or not)
>> because I can't seem to get valid users = @group to work with
>> samba-3.0.23c either (on my rhel4 boxen).
> 
> Check the workaround proposed by Volger on this thread,
> try to use +group instead of @group, if it works that way, it
> should be a problem related to libc. ;)

Tried it, didn't help for me, but we're using NIS too.

-- Rex

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: NT Workstation and Samba PDC

2006-10-05 Thread Marcelo Terres 

SOLVED !!!

I found in a closed samba bug that NT workstations need the gid=513,
but I in my smbldap.conf the defaultComputerGid=515.

I think it's strange, to have a machine account in the Domain Users,
not in Domain Computers, but anyway...

And for W2K and XP it does not matter if the gid is 513 or 515.

I send an e-mail to Mr. Carter suggesting to put it the Samba3-Howto.

I hope my "tip" help others too, cause It takes me 3 or 4 days to be solved.

Bye.

On 10/5/06, Marcelo Terres <[EMAIL PROTECTED]> wrote:

Hi again.

I found my error in  Samba3-HOWTO:

"
The Machine Trust Account Is Not Accessible

 "When I try to join the domain I get the message, "The machine
account  for this computer either does not exist or is not
accessible." What's wrong?"

This problem is caused by the PDC not having a suitable Machine Trust
Account.  If you are using the add machine script method to create
accounts, then this would indicate that it has not worked. Ensure the
domain admin user system is working.
"

The problem is that is not working just in NT workstations. W2K e XP
works great. So, it's not a problem with the smbldap-tools scripts.
Looks like a samba bug.

I tried again with 3.0.22 and 3.0.23c.

Any ideas ?

Thanks,

On 10/4/06, Marcelo Terres <[EMAIL PROTECTED]> wrote:
> Hi.
>
> I'm having a big trouble.
>
> We migrate a NT PDC to a Samba PDC. No problems in migration. Everything 
works fine.
>
> The problem is: I can't add a NT machine to Domain. Simply does not work. XP 
and W2K works great.
>
> I started using Debian Sarge Package 3.0.14. In this version I could not 
manage groups using the Domain User Manager from NT. So I updated to 3.0.23c 
packages from samba.org. Same problem with adding a NT machine, but the User 
Manager now works.
>
> I tried the 3.0.22 from backports.org but with the same problem.
>
> The behaviour changes depending of the version of Samba. I'm using 
smbldap-useradd (0.9.2) in the add machine script.
>
> In 3.0.14 I saw in logs this error:
> 2006/10/04 13:03:42, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)
>   ldapsam_update_sam_account: failed to modify user with uid = testing$, 
error: modify/delete: sambaPrimaryGroupSID: no such value (Success)
>
>
> In 3.0.22 the error is similar, but because the LDAP timed out, looks like 
the account is created and NT thinks that it joined in the domain, but when I 
tried to login does not work. Look the logs:
>
> 2006/10/04 14:28:38, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1873)
>   ldapsam_update_sam_account: failed to modify user with uid = testing$, 
error: modify/delete: sambaPrimaryGroupSID: no such value (Success)
> [2006/10/04 14:28:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (12384, 513) - sec_ctx_stack_ndx = 0
> [2006/10/04 14:28:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526)
>   free_pipe_context: destroying talloc pool of size 924
> [2006/10/04 14:28:38, 3] smbd/process.c:process_smb(1194)
>   Transaction 21 of length 132
> [2006/10/04 14:28:38, 3] smbd/process.c:switch_message(993)
>   switch message SMBtrans (pid 3026) conn 0x83cd180
> [2006/10/04 14:28:38, 3] smbd/ipc.c:reply_trans(539)
>   trans <\PIPE\> data=44 params=0 setup=2
> [2006/10/04 14:28:38, 3] smbd/ipc.c:named_pipe(334)
>   named pipe command on <> name
> [2006/10/04 14:28:38, 3] smbd/ipc.c:api_fd_reply(294)
>   Got API command 0x26 on pipe "samr" (pnum 7494)
> [2006/10/04 14:28:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526)
>   free_pipe_context: destroying talloc pool of size 0
> [2006/10/04 14:28:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(2237)
>   api_rpcTNP: rpc command: SAMR_DELETE_DOM_USER
> [2006/10/04 14:28:38, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:38, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 1 try!
> [2006/10/04 14:28:39, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:39, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 2 try!
> [2006/10/04 14:28:40, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:40, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 3 try!
> [2006/10/04 14:28:41, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:41, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 4 try!
> [2006/10/04 14:28:42, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:42, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 5 try!
> [2006/10/04 14:28:43, 0] lib/smbldap.c:smbldap_open(922)
>   smbldap_open: cannot access LDAP when not root..
> [2006/10/04 14:28:43, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server

Re: [Samba] Re: Horrible write performance from XP to Samba

2006-10-05 Thread Jeremy Allison 
On Thu, Oct 05, 2006 at 03:55:00PM +0200, Sebastian Held wrote:
> Hi,
> 
> Am Donnerstag, 5. Oktober 2006 14:56 schrieb Peter Daum:
> > maybe some people would be adventurous enough to just try it out:
> 
> My results (only 1 measurement taken)
> WinXP64 -> Samba-3.0.23b/SuSE-Linux-9.2:2:08 min => 8192 kiB/s   (smbd 
> @18% CPU)
> other direction: 2:21 min => 7437 kiB/s (smbd @10% CPU)
> 
> Samba -> Win2k:   4:52 min => 3591 kiB/s (smbd @5% CPU)
> Win2k -> Samba:   2:22 min => 7384 kiB/s (smbd @15% CPU)
> 
> The windows machines are not the same.
> 
> compare to nfs performance:
> Samba machine -> other nfs machine:   1:58 min => 8886 kiB/s
> other direction: 1:55 min => 9118 kiB/s

Unless the "other nfs machine" is also windows this is
an apples to oranges comparison. If you want an apples 
to apples comparison compare using cifsfs on the linux
client as your cifs client, not windows.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Horrible write performance from XP to Samba

2006-10-05 Thread Peter Daum 
Sebastian Held wrote:

> But the only thing I wanted to show is, that my WinXP has no problems writing 
> to a Samba share. Performance is good (at least in my opinion).

... so obviously the problems that I encounter do not occur in all
cases - of course it would be good to know what makes the
difference. I could reproduce the issue on 4 different Samba
servers (with totally different configuration) and with 5
differently configured Windows-XP clients (all XP professional+
SP2) and with different network switches in between ?!

Any clues?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: NT Workstation and Samba PDC

2006-10-05 Thread Marcelo Terres 

Hi again.

I found my error in  Samba3-HOWTO:

"
The Machine Trust Account Is Not Accessible

"When I try to join the domain I get the message, "The machine
account  for this computer either does not exist or is not
accessible." What's wrong?"

This problem is caused by the PDC not having a suitable Machine Trust
Account.  If you are using the add machine script method to create
accounts, then this would indicate that it has not worked. Ensure the
domain admin user system is working.
"

The problem is that is not working just in NT workstations. W2K e XP
works great. So, it's not a problem with the smbldap-tools scripts.
Looks like a samba bug.

I tried again with 3.0.22 and 3.0.23c.

Any ideas ?

Thanks,

On 10/4/06, Marcelo Terres <[EMAIL PROTECTED]> wrote:

Hi.

I'm having a big trouble.

We migrate a NT PDC to a Samba PDC. No problems in migration. Everything works 
fine.

The problem is: I can't add a NT machine to Domain. Simply does not work. XP 
and W2K works great.

I started using Debian Sarge Package 3.0.14. In this version I could not manage 
groups using the Domain User Manager from NT. So I updated to 3.0.23c packages 
from samba.org. Same problem with adding a NT machine, but the User Manager now 
works.

I tried the 3.0.22 from backports.org but with the same problem.

The behaviour changes depending of the version of Samba. I'm using 
smbldap-useradd (0.9.2) in the add machine script.

In 3.0.14 I saw in logs this error:
2006/10/04 13:03:42, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)
  ldapsam_update_sam_account: failed to modify user with uid = testing$, error: 
modify/delete: sambaPrimaryGroupSID: no such value (Success)


In 3.0.22 the error is similar, but because the LDAP timed out, looks like the 
account is created and NT thinks that it joined in the domain, but when I tried 
to login does not work. Look the logs:

2006/10/04 14:28:38, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1873)
  ldapsam_update_sam_account: failed to modify user with uid = testing$, error: 
modify/delete: sambaPrimaryGroupSID: no such value (Success)
[2006/10/04 14:28:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (12384, 513) - sec_ctx_stack_ndx = 0
[2006/10/04 14:28:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526)
  free_pipe_context: destroying talloc pool of size 924
[2006/10/04 14:28:38, 3] smbd/process.c:process_smb(1194)
  Transaction 21 of length 132
[2006/10/04 14:28:38, 3] smbd/process.c:switch_message(993)
  switch message SMBtrans (pid 3026) conn 0x83cd180
[2006/10/04 14:28:38, 3] smbd/ipc.c:reply_trans(539)
  trans <\PIPE\> data=44 params=0 setup=2
[2006/10/04 14:28:38, 3] smbd/ipc.c:named_pipe(334)
  named pipe command on <> name
[2006/10/04 14:28:38, 3] smbd/ipc.c:api_fd_reply(294)
  Got API command 0x26 on pipe "samr" (pnum 7494)
[2006/10/04 14:28:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526)
  free_pipe_context: destroying talloc pool of size 0
[2006/10/04 14:28:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(2237)
  api_rpcTNP: rpc command: SAMR_DELETE_DOM_USER
[2006/10/04 14:28:38, 0] lib/smbldap.c:smbldap_open(922)
  smbldap_open: cannot access LDAP when not root..
[2006/10/04 14:28:38, 1] lib/smbldap.c:another_ldap_try(1051)
  Connection to LDAP server failed for the 1 try!
[2006/10/04 14:28:39, 0] lib/smbldap.c:smbldap_open(922)
  smbldap_open: cannot access LDAP when not root..
[2006/10/04 14:28:39, 1] lib/smbldap.c:another_ldap_try(1051)
  Connection to LDAP server failed for the 2 try!
[2006/10/04 14:28:40, 0] lib/smbldap.c:smbldap_open(922)
  smbldap_open: cannot access LDAP when not root..
[2006/10/04 14:28:40, 1] lib/smbldap.c:another_ldap_try(1051)
  Connection to LDAP server failed for the 3 try!
[2006/10/04 14:28:41, 0] lib/smbldap.c:smbldap_open(922)
  smbldap_open: cannot access LDAP when not root..
[2006/10/04 14:28:41, 1] lib/smbldap.c:another_ldap_try(1051)
  Connection to LDAP server failed for the 4 try!
[2006/10/04 14:28:42, 0] lib/smbldap.c:smbldap_open(922)
  smbldap_open: cannot access LDAP when not root..
[2006/10/04 14:28:42, 1] lib/smbldap.c:another_ldap_try(1051)
  Connection to LDAP server failed for the 5 try!
[2006/10/04 14:28:43, 0] lib/smbldap.c:smbldap_open(922)
  smbldap_open: cannot access LDAP when not root..
[2006/10/04 14:28:43, 1] lib/smbldap.c:another_ldap_try(1051)
  Connection to LDAP server failed for the 6 try!
[2006/10/04 14:28:44, 0] lib/smbldap.c:smbldap_open(922)
  smbldap_open: cannot access LDAP when not root..
[2006/10/04 14:28:44, 1] lib/smbldap.c:another_ldap_try(1051)
  Connection to LDAP server failed for the 7 try!
[2006/10/04 14:28:45, 0] lib/smbldap.c:smbldap_open(922)
  smbldap_open: cannot access LDAP when not root..
[2006/10/04 14:28:45, 1] lib/smbldap.c:another_ldap_try(1051)
  Connection to LDAP server failed for the 8 try!
[2006/10/04 14:28:46, 0] lib/smbldap.c:smbldap_open(922)
  smbldap_open: cannot access LDAP when not root..
[2006/10/04 14:28:46, 1] lib/smbldap.c:another_ldap_try(1051)
  Conne

Re: [Samba] Re: Samba 3.0.23c-1.fc5 problem - groups

2006-10-05 Thread Felipe Augusto van de Wiel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/05/2006 11:31 AM, Rex Dieter escreveu:
> Felipe Augusto van de Wiel wrote:
> 
>>>I use FC5.
>>>I discovered, for an exemple, if you have a user group with 3 members
>>>(Alan, Baker, Clive), before 3.0.23c this line at smb.conf worked fine:
>>> 
>>>valid users = @user
>>> 
>>>But with 3.0.23c update it doesn't work anymore.
>>> 
>>>You have to replace the line like this:
>>>valid users = Alan, Baker, Clive
>>>
>>>I mean, replace the "@groupname" with the complete userlist of the group
>>>separated by commas.
> 
> ...
> 
>>>I´d appreciate any help or comments.
>>
>>Did you saw that the groupmap feature changed in 3.0.23c?
>>http://us1.samba.org/samba/history/samba-3.0.23c.html
> 
> 
> groupmap sounds interesting, but does that imply that the old-style group
> usage is now invalid/deprecated?  It seems so (intentionally or not)
> because I can't seem to get valid users = @group to work with samba-3.0.23c
> either (on my rhel4 boxen).

Check the workaround proposed by Volger on this thread,
try to use +group instead of @group, if it works that way, it
should be a problem related to libc. ;)


> -- Rex

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFJTfvCj65ZxU4gPQRAm4OAKCbO3H1tY9twRjh3CfViKi2AdOpxgCfRa++
ZmOLmgKDkd5fXMh2zzI1r2U=
=gpaZ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RES: [Samba] Samba 3.0.23c-1.fc5 problem - groups

2006-10-05 Thread Felipe Augusto van de Wiel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



On 10/05/2006 11:43 AM, Luis Felipe Marzagao/Yahoo escreveu:
> Hi, Felipe.
> 
> Thanks a lot for replying.
> 
> Are you from Brazil? I ask because of the domain "paranacidade.org". I´m
> from Brazil.

Yes, I am! :)


> Well, I´m not a expert on Samba or anything, so I really can´t tell if its a
> problem or not.
> 
> Actually, Volker Lendecke was kind enough to tip me a workaround this issue,
> as follows. It seems it´s something about fc5.

Forget what I said! :-)

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFJTeVCj65ZxU4gPQRAtNHAKCSjbqpKJlvegcO/KtUylo47kODRwCfTgXK
78LljS3Kk20bSDtKkAtS1DE=
=PfF3
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Horrible write performance from XP to Samba

2006-10-05 Thread Sebastian Held 
Am Donnerstag, 5. Oktober 2006 18:01 schrieb Sebastian Held:
> Maybe rerunning the test will
> clearify that. Otherwise the system is idle.

It has no impact.


pgpdF1XX6SdaB.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Horrible write performance from XP to Samba

2006-10-05 Thread Sebastian Held 
Am Donnerstag, 5. Oktober 2006 17:48 schrieben Sie:
> Have you shut down all other processes including anti-virus to make sure
> there isn't something else causing a wide variance?

Antivirus (Sophos) is running on both machines, but I expect Sophos to do 
nothing, because it's not an executable. Maybe rerunning the test will 
clearify that. Otherwise the system is idle.

But the only thing I wanted to show is, that my WinXP has no problems writing 
to a Samba share. Performance is good (at least in my opinion).

br,
Sebastian


pgp0NAbEtREpg.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Horrible write performance from XP to Samba

2006-10-05 Thread Aaron Kincer 
Have you shut down all other processes including anti-virus to make sure 
there isn't something else causing a wide variance?


Sebastian Held wrote:

Am Donnerstag, 5. Oktober 2006 16:41 schrieben Sie:
  

How about Windows client to Windows client speeds?

I'm getting the feeling the problem might be the speed of the hard
drives on your clients.



For me and my budget, 8 MB/s must be enough.

But here are the requested values:

Copying initiated from WinXP64:
WinXP64 -> Win2k: 3:10 min
Win2k -> WinXP64: 2:08 min

Copying initiated from Win2k:
WinXP64 -> Win2k: 5:28 min
Win2k -> WinXP64: 1:53 min

I don't know, why these values differ that much, if the copying machine is 
changed...


br, Sebastian
  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Horrible write performance from XP to Samba

2006-10-05 Thread Sebastian Held 
Am Donnerstag, 5. Oktober 2006 16:41 schrieben Sie:
> How about Windows client to Windows client speeds?
>
> I'm getting the feeling the problem might be the speed of the hard
> drives on your clients.

For me and my budget, 8 MB/s must be enough.

But here are the requested values:

Copying initiated from WinXP64:
WinXP64 -> Win2k: 3:10 min
Win2k -> WinXP64: 2:08 min

Copying initiated from Win2k:
WinXP64 -> Win2k: 5:28 min
Win2k -> WinXP64: 1:53 min

I don't know, why these values differ that much, if the copying machine is 
changed...

br, Sebastian


pgpwdj2PJl1wp.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RES: [Samba] Samba 3.0.23c-1.fc5 problem - groups

2006-10-05 Thread Luis Felipe Marzagao/Yahoo 

Hi, Felipe.

Thanks a lot for replying.

Are you from Brazil? I ask because of the domain "paranacidade.org". I´m
from Brazil.

Well, I´m not a expert on Samba or anything, so I really can´t tell if its a
problem or not.

Actually, Volker Lendecke was kind enough to tip me a workaround this issue,
as follows. It seems it´s something about fc5.


 --- Comment #1 From Volker Lendecke  2006-10-03 12:58 MST  [reply]
---

Quick test: Does +group instead of @group work? Assuming you're not using
NIS
this should lead to the same results.

Volker


--- Comment #2 From Luis Felipe Marzagao 2006-10-03 13:20 MST [reply]
---

(In reply to comment #1)
> Quick test: Does +group instead of @group work? Assuming you're not using
NIS
> this should lead to the same results.
> 
> Volker
> 

Yes, not using NIS.

Yes, +group worked.

Luis Felipe


--- Comment #3 From Volker Lendecke 2006-10-03 14:39 MST [reply] ---

Ok. 99% this is a libc problem on fc5. I'd need access to such a box
including
a compilation environment to step through it to really nail it. If you can
live
with + instead of @ then I'd say I'd leave that for later.

Volker


--- Comment #4 From Luis Felipe Marzagao 2006-10-03 14:49 MST [reply]
---

(In reply to comment #3)
> Ok. 99% this is a libc problem on fc5. I'd need access to such a box
including
> a compilation environment to step through it to really nail it. If you can
live
> with + instead of @ then I'd say I'd leave that for later.
> 
> Volker
> 

Yes, no problem at all about the +!!

I´ve also informed other people at fedora forum with the same problem and it
worked for them as well.

Sure it can be left later.

I´m just glad I could help in some way the project, since I´m not a
programmer or anything.

Thanks a lot for the immediate help and all of the attention.

Luis Felipe"

(source: https://bugzilla.samba.org/show_bug.cgi?id=4145)


Thank you very much for you answer!

Best regards,
Luis Felipe


 

-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de
Felipe Augusto van de Wiel
Enviada em: quinta-feira, 5 de outubro de 2006 10:16
Para: samba@lists.samba.org
Assunto: Re: [Samba] Samba 3.0.23c-1.fc5 problem - groups

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/30/2006 03:34 PM, Luis Felipe Marzagao/RBSM escreveu:
> Hi there,

Hey!


> I use FC5.
> I discovered, for an exemple, if you have a user group with 3 members 
> (Alan, Baker, Clive), before 3.0.23c this line at smb.conf worked fine:
>  
> valid users = @user
>  
> But with 3.0.23c update it doesn't work anymore.
>  
> You have to replace the line like this:
>  
> valid users = Alan, Baker, Clive
> 
> I mean, replace the "@groupname" with the complete userlist of the 
> group separated by commas.
>  
> It´s a quick solution, but some groups are big and it´s kind of hard 
> to do that with all of them.
>  
> Apparently, other people are experiencing the same problem, as related 
> at fedora forum 
> (http://www.fedoraforum.org/forum/showthread.php?t=125460
>  mba>
> &highlight=samba).
>  
>  
> I´d appreciate any help or comments.

Did you saw that the groupmap feature changed in 3.0.23c?

http://us1.samba.org/samba/history/samba-3.0.23c.html


Not sure if that is your problem, but it could be. ;)


> Attached my smb.conf and logs.
>  
> The workstation I´m trying to access the shares from is a Windows XP 
> one, and it´s name is "rbsm204".
>  
> The user is "felipe" and he belongs to "admin" group.
>  
> I found this at my workstation log (attached):
>  
> [2006/09/30 14:58:35, 3] lib/util_sid.c:string_to_sid(223)
> 
> string_to_sid: Sid @admin does not start with 'S-'.
> 
> [2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(423)
> 
> Unable to get default yp domain, let's try without specifying it 
> [2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(427)
> 
> looking for user felipe of domain (ANY) in netgroup admin [2006/09/30 
> 14:58:35, 0] lib/fault.c:fault_report(41)

Yes, great chances that it is the groupmap problem. ;)


[...]
> Thanks again!
> Cheers.
> Luis Felipe

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de
Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFJQV0Cj65ZxU4gPQRAqVmAJ9gj309Ws1fjC0h5kDIW0sDzbpREQCgyhOH
hyB0sHrxghYWxEeRNy9GOpY=
=ZgP6
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba







___
Você quer respostas para suas perguntas? Ou você sabe muito e quer compartilhar 
seu conhecimento? Experimente o Yahoo! Resp

[Samba] Re: Samba 3.0.23c-1.fc5 problem - groups

2006-10-05 Thread Rex Dieter 
Felipe Augusto van de Wiel wrote:

>> I use FC5.
>> I discovered, for an exemple, if you have a user group with 3 members
>> (Alan, Baker, Clive), before 3.0.23c this line at smb.conf worked fine:
>>  
>> valid users = @user
>>  
>> But with 3.0.23c update it doesn't work anymore.
>>  
>> You have to replace the line like this:
>> valid users = Alan, Baker, Clive
>> 
>> I mean, replace the "@groupname" with the complete userlist of the group
>> separated by commas.
...
>> I´d appreciate any help or comments.
> 
> Did you saw that the groupmap feature changed in 3.0.23c?
> http://us1.samba.org/samba/history/samba-3.0.23c.html

groupmap sounds interesting, but does that imply that the old-style group
usage is now invalid/deprecated?  It seems so (intentionally or not)
because I can't seem to get valid users = @group to work with samba-3.0.23c
either (on my rhel4 boxen).

-- Rex



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Horrible write performance from XP to Samba

2006-10-05 Thread Aaron Kincer 

How about Windows client to Windows client speeds?

I'm getting the feeling the problem might be the speed of the hard 
drives on your clients.


Sebastian Held wrote:

Hi,

Am Donnerstag, 5. Oktober 2006 14:56 schrieb Peter Daum:
  

maybe some people would be adventurous enough to just try it out:



My results (only 1 measurement taken)
WinXP64 -> Samba-3.0.23b/SuSE-Linux-9.2:2:08 min => 8192 kiB/s   (smbd 
@18% CPU)

other direction: 2:21 min => 7437 kiB/s (smbd @10% CPU)

Samba -> Win2k:   4:52 min => 3591 kiB/s (smbd @5% CPU)
Win2k -> Samba:   2:22 min => 7384 kiB/s (smbd @15% CPU)

The windows machines are not the same.

compare to nfs performance:
Samba machine -> other nfs machine:   1:58 min => 8886 kiB/s
other direction: 1:55 min => 9118 kiB/s


br,
Sebastian

  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Horrible write performance from XP to Samba

2006-10-05 Thread Sebastian Held 
Hi,

Am Donnerstag, 5. Oktober 2006 14:56 schrieb Peter Daum:
> maybe some people would be adventurous enough to just try it out:

My results (only 1 measurement taken)
WinXP64 -> Samba-3.0.23b/SuSE-Linux-9.2:2:08 min => 8192 kiB/s   (smbd 
@18% CPU)
other direction: 2:21 min => 7437 kiB/s (smbd @10% CPU)

Samba -> Win2k:   4:52 min => 3591 kiB/s (smbd @5% CPU)
Win2k -> Samba:   2:22 min => 7384 kiB/s (smbd @15% CPU)

The windows machines are not the same.

compare to nfs performance:
Samba machine -> other nfs machine:   1:58 min => 8886 kiB/s
other direction: 1:55 min => 9118 kiB/s


br,
Sebastian



pgpTBNdRpJ8G8.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC...need help granting domain admin access

2006-10-05 Thread Felipe Augusto van de Wiel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



On 10/04/2006 02:44 PM, Scott Mecham escreveu:
> #net groupmap list
> Domain Users (S-1-5-21-1294588444-3772336984-2656111346-513) -> users
> Domain Guests (S-1-5-21-1294588444-3772336984-2656111346-514) -> nobody
> Domain Admins (S-1-5-21-1294588444-3772336984-2656111346-512) -> admin
> 
> #Global parameters
> [global]
[...]

I didn't see any configuration problems related to what
you describe earlier. Could you try to increase the loglevel and
send the important part of the logs?


Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFJRI9Cj65ZxU4gPQRAh7vAKDCdKHvU+H7ADHVflDVKl+e+QGRpgCgsOcF
JgwjlOEUVYRj2C0JPkykl1g=
=d7HQ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] mssql, problem authenticating from stored procedure...

2006-10-05 Thread Felipe Augusto van de Wiel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/04/2006 06:05 PM, Kristoffer Egefelt escreveu:
> Hi Felipe,
> 
> Thanks alot for your help.

You are welcome. ;)


> I finally got it to work... :)
> 
> I'm afraid I can't get closer to a explanation than this:
> 
> Reboot mssql server... Then it works... (I might should have figured this
> out to start with...:()
> 
> I really can't explain why, but I did it on 4 sql servers now, and no
> matter
> what I did, it won't work until sql server is rebooted...
> 
> /Kristoffer

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFJREaCj65ZxU4gPQRApSdAJ9B5dxoaKpyrqXR8qZoxqMsZQTn9wCgnseJ
YWEUJShoxjmdulCgVZSd0Gc=
=cUG8
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] change passwd from windows--more grief

2006-10-05 Thread Felipe Augusto van de Wiel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/02/2006 07:50 PM, Steve Glasser escreveu:
> Hi group,
> 
> I can't seem to get passwd change from windows to work.  I am running
> samba 3.0.20-3.1.20060mdk installed from rpms on Mandriva 2006; the
> clients are windows XP sp2.  When I try to change passwd from windows I
> get "You do not have permission to change your password".
> 
> What am I doing wrong? 

I saw that you are using "pam password change", are
you aware of [1]how it works?

1.http://lists.samba.org/archive/samba/2002-November/055729.html


> My global smb.conf is below.  
>>From log.smbd I think this error pertains to the windows error: 
> 
> [2006/10/02 15:25:00, 3] smbd/chgpasswd.c:chgpasswd(457)
>   chgpasswd: Password change (as_root=Yes) for user: foo
>   PAM: unable to obtain the new authentication token - is password to
> weak?

It looks like something related with your pam options.
The manpage says that usually no change is needed in the
passwd chat, but maybe you found a corner case. ;)

Does it works with you turn off the 'pam password change'
paramenter in smb.conf?


> This is while using a new passwd of 9 random letters/numbers.
> Any suggestions welcome, thanks in advance
> 
> 
> 
> dos charset = 850
> unix charset = ISO8859-1
> workgroup = DELTAGRADING
> server string = %h server (Samba, Mandrake)
> passdb backend = tdbsam
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew
> \sUNIX\spassword:* %n\n .
> passwd chat debug = Yes
> username map = /etc/samba/smbusers
> unix password sync = Yes
> log level = 3
> name resolve order = wins bcast hosts
> time server = Yes
> printcap name = CUPS
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/usermod -G %g %u
> add machine script = /usr/sbin/useradd -s /bin/false
> -d /dev/null %u
> logon script = scripts\%U.bat
> logon path =
> logon drive = H:
> domain logons = Yes
> os level = 128
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> ldap passwd sync = Yes
> idmap uid = 15000-2
> idmap gid = 15000-2

I don't know if it has an impact, but you don't need
'ldap passwd sync' if you are not using LDAP, and looks like
you are not using it.

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFJQ9UCj65ZxU4gPQRAnoeAKCMdmVkHvIUX2WaR7RR7OO4VAiFkACfW9SC
3itThn6cPZc4pUkjU17By94=
=a6Jh
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] XP/W2K on Samba 3

2006-10-05 Thread Aaron Kincer 
You can easily redirect the typical data store for user documents (i.e. 
My Documents) to any network share you want. That isn't difficult. 
Additionally, you can configure just about any mail client on the planet 
(Outlook included) to put the data store there. No big deal. There are 
several problems with that:


1) If the network is down, mail isn't available (or any documents in My 
Documents for that matter).
2) If this is a road warrior, mail isn't available while they are on the 
road.
3) This doesn't solve the "application settings" requisite that I 
thought I understood.


You can solve #1 and #2 by any number of synchronization options out 
there and direct the mail client to a local data store and sync the data 
to a network store. #3 is a whole different issue. I am not aware of any 
other reliable method of retaining settings from desktop to desktop 
(assuming a fat client) than roaming profiles. If you are using the 
standard store for some mail clients (Outlook for example) that creates 
the massive data push/pull I mentioned. You can work around that with 
some planning by putting all heavy stores such as email in places that 
aren't profile specific (i.e. not in C:\Documents and 
Settings\username\.).


Doing that creates even more headaches if you are concerned about 
security for user separation and would require quite a bit of work. Oh, 
and let's not forget the non-homogenous client issues.


Doug VanLeuven wrote:

Aaron Kincer wrote:

I am having trouble envisioning a network where people are constantly
signing onto different computers (outside of schools and libraries). If
users move around that much, perhaps a VNC/Citrix/Terminal Services 
approach

would be better.

Roaming profiles are a solution to a problem that existed before 
email boxes

measured in hundreds of megabytes or even gigabytes. They will work (for
Windows clients), but can bring your network to its knees. And as 
mentioned,

the mixing of client OS has an amusing effect sometimes.
Think certificates.  Certificates encrypt files, establish VPN's, sign 
& encrypt email, things like that.  There are long standing 
alternatives to local store for email.
The main and easiest way to keep one's certificates in windows is to 
use roaming profiles else manually export and import and manually 
renew.  Actually kind of cutting edge, not a throwback to earlier times.


Users don't typically move around, but what if the hard drive fails?  
Does one roll out windows with something like ghost and consider 
workstations disposable?  If yes, the certificates and any private 
user data are lost.  System admins move around.  Want to use the 
machine in the conference room for a presentation.  Frequently easier 
with roaming profiles.


Regards, Doug



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem accessing Windows XP as a client

2006-10-05 Thread Felipe Augusto van de Wiel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/02/2006 08:40 PM, Norman S. Clerman escreveu:
> Samba friends,
> 
>   I have a computer running SUSE Linux 10.1. At work all the computers on
> the network, except this one, are running either Windows 2000 Pro or
> Windows 2000 Server. The computers are physically connected through a
> router. I am an administrator on all the Windows computers and have no
> problem whatsoever mounting administrative shares such as C$ using smbmnt.
> 
>   Using the same Linux computer at home, I try to access a computer
> running Windows XP Pro, on which I'm also an administrator. I have
> turned off simple file sharing on the Windows XP computer. The computers
> are also connected through a router. I can't access using smbclient, and
> I can't mount using smbmnt. The Windows XP computer has the name of
> APPLE, and when I try
> 
> smbclient -L APPLE
> or
> smbclient -L apple
> 
> I get a message
> connection to apple failed.
> 
> Any suggestions?

In the past I got problems after changing Windows NT/2K/XP
shares and related services, I remember one time that we want
change some options of the administrative share and the computer
stop browsing the entire network. If you turn on the simple file
sharing, does it works?

Any chances that you have a firewall in XP? Or some other
device blocking access? Looks like it is more related with the
home network and home machines.


> Norm Clerman

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFJQjnCj65ZxU4gPQRAoCuAJsHr6m7aEUmF9c+P2WubabMGRH3rwCfbh7W
rH+vbgFx3jansT4pm1HnmFE=
=SYv4
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.23c-1.fc5 problem - groups

2006-10-05 Thread Felipe Augusto van de Wiel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/30/2006 03:34 PM, Luis Felipe Marzagao/RBSM escreveu:
> Hi there,

Hey!


> I use FC5.
> I discovered, for an exemple, if you have a user group with 3 members (Alan,
> Baker, Clive), before 3.0.23c this line at smb.conf worked fine:
>  
> valid users = @user
>  
> But with 3.0.23c update it doesn't work anymore.
>  
> You have to replace the line like this:
>  
> valid users = Alan, Baker, Clive
> 
> I mean, replace the "@groupname" with the complete userlist of the group
> separated by commas.
>  
> It´s a quick solution, but some groups are big and it´s kind of hard to do
> that with all of them.
>  
> Apparently, other people are experiencing the same problem, as related at
> fedora forum (http://www.fedoraforum.org/forum/showthread.php?t=125460
> 
> &highlight=samba).
>  
>  
> I´d appreciate any help or comments.

Did you saw that the groupmap feature changed in 3.0.23c?

http://us1.samba.org/samba/history/samba-3.0.23c.html


Not sure if that is your problem, but it could be. ;)


> Attached my smb.conf and logs.
>  
> The workstation I´m trying to access the shares from is a Windows XP one,
> and it´s name is "rbsm204".
>  
> The user is "felipe" and he belongs to "admin" group.
>  
> I found this at my workstation log (attached):
>  
> [2006/09/30 14:58:35, 3] lib/util_sid.c:string_to_sid(223)
> 
> string_to_sid: Sid @admin does not start with 'S-'.
> 
> [2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(423)
> 
> Unable to get default yp domain, let's try without specifying it [2006/09/30
> 14:58:35, 5] smbd/password.c:user_in_netgroup(427)
> 
> looking for user felipe of domain (ANY) in netgroup admin [2006/09/30
> 14:58:35, 0] lib/fault.c:fault_report(41)

Yes, great chances that it is the groupmap problem. ;)


[...]
> Thanks again!
> Cheers.
> Luis Felipe

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFJQV0Cj65ZxU4gPQRAqVmAJ9gj309Ws1fjC0h5kDIW0sDzbpREQCgyhOH
hyB0sHrxghYWxEeRNy9GOpY=
=ZgP6
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Horrible write performance from XP to Samba

2006-10-05 Thread Peter Daum 
maybe some people would be adventurous enough to just try it out:
- Create a 1Gb file on a Samba server
  (dd if=/dev/zero of=1gm.tmp bs=1024k count=1024)
- Use a windows client to copy the file to a local disk and measure
  the time it takes to transfer the data
- copy the file back to a share on the Samba server and again
   measure the time
- post your results here

I assume that some more people would notice a problem somewhere ...

Regards,
 Peter Daum

Peter Daum wrote:
> I noted an extremely poor performance when copying big files from
> a windows xp client to a samba share. The exact version of samba
> does not seem to matter: I tried several different samba servers
> with versions between 3.014 and 3.0.23b running on Linux 2.4.32
> and 2.6.17 (machines and network otherwise idle, clients connected
> via fast ethernet, servers via Gbit; network performance in both
> directions around 95 Mbit/s). I made several tests copying a 1GB
> file with Windows 98 and Windows XP clients. Reading the file from
> the server takes predictably around 105 seconds (~9.75 MB/s).
> 
> Writing to the server takes only slightly longer on Win98 (130
> seconds, ~8 MB/s) while the same takes approximately 45 minutes
> from a XP client (I don't know whether this matters, I noted that
> on the XP write test, the directory listing on the server
> immediately shows a file with the final size - obviously a sparse
> file, repeatedly invoking du shows the gradually increasing actual
> size).
> 
> I wrote a little test program that just writes data to a file and
> shows the throughput; the transfer rates I get that way are pretty
> reasonable, so it is not a general problem but something that only
> occurs on specific operations like copying.
> 
> Tracing the network traffic also didn't tell me what the problem
> might be: XP uses for copying as well as for other write
> operations WriteAndXRequest, the only peculiarity I noticed is the
> slightly exotic block size of 61440 bytes per request when copying
> (which also doesn't seem to be the problem - Win98 uses the same
> block size with WriteRaw)
> 
> Has anybody else made similar experiences? (Since I could see this
> issue with differently configured servers/clients, it should not
> be just my personal problem. Of course in most settings where the
> data usually goes mostly from the server to the client it is not
> obvious)
> 
> Any ideas what's going on and what to do about it?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] How to map locked account connection to guest ?

2006-10-05 Thread Buozis, Martynas 
Hello

I am running SAMBA in ADS mode as client and got following question. Is it 
possible to enforce somehow mapping to guest if account is locked?

I get following entries in samba log file:

domain_client_validate: unable to validate password for user testuser in domain 
DOM to Domain controller \\AD1. Error was NT_STATUS_ACCOUNT_LOCKED
_OUT.

check_ntlm_password:  Authentication for user [testuser] -> [nobody] FAILED 
with error NT_STATUS_ACCOUNT_LOCKED_OUT


In above case Samba is denying connection. I have a need for Samba to act as if 
it was bad password entered and map connection to guest.

Thanks for any tips on above.


With best regards
Martynas Buozis 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Issues after Samba updating a Samba PDC to 3.0.23c

2006-10-05 Thread Daniel Bramkamp 

Hi,

last Saturday we reinstalled our fileserver to setup redundancy using  
DRBD and Heartbeat. We also upgraded Samba to 3.0.23c, which is acting  
as a PDC. We are using OpenLDAP to store accounts.


I populated the OpenLDAP database using a LDIF file that I created on  
the old server before shutting it down. I also transfered all Samba  
tdb files to the new server. Everything went pretty smooth. I could  
logon to the domain on different terminalservers and workstations. To  
make sure things are not coming from some cache I logged on users that  
never logged on to a particular terminalserver. The terminalserver  
created a user profile and accessing files was possible. However, on  
Monday a user called me up because he could not logon to his  
workstation. I removed his computer from the domain. I renamed the  
workstation and joined it up to the domain again, which worked  
flawlessly as far as I can tell. However, it did not solve the  
problem. Yesterday the problem happened again on a different  
workstation. I tried the same procedure, again without success. I have  
no idea why, but the user, which had the problem a day earlier could  
log on to the domain again. A bit later the other user was able to  
login as well.


I had a look through the logfiles and found 2 messages that may be a problem :

"ldapsam_getgroup: Did not find group"
"smbldap_open: cannot access LDAP when not root"

Also, when running "pdbedit -L -v username" I get a message about a  
SID, that cannot be found. That also happens if username is a machine  
account. The error message did not appear on the old server.


--- Output pdbedit -L -v administrator ---
WARNING: The "printer admin" option is deprecated
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to find an passdb backend to match  
ldapsam:ldap://localhost:389 (ldapsam)

Found pdb backend ldapsam
smbldap_search_domain_info: Searching  
for:[(&(objectClass=sambaDomain)(sambaDomainName=STW-GMH))]

smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
pdb backend ldapsam:ldap://localhost:389 has a valid init
Attempting to find an passdb backend to match  
ldapsam:ldap://localhost:389 (ldapsam)

Found pdb backend ldapsam
smbldap_search_domain_info: Searching  
for:[(&(objectClass=sambaDomain)(sambaDomainName=STW-GMH))]

smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
pdb backend ldapsam:ldap://localhost:389 has a valid init
init_sam_from_ldap: Entry found for user: administrator
Opening cache file at /var/cache/samba/login_cache.tdb
Unix username:administrator
NT username:  administrator
Account Flags:[U  ]
User SID: S-1-5-21-3718409077-3004042761-2237186970-21000
init_group_from_ldap: Entry found for group: 512
lookup_global_sam_rid: looking up RID 512.
ldapsam_getsampwsid: Unable to locate SID  
[S-1-5-21-3718409077-3004042761-2237186970-512] count=0

init_group_from_ldap: Entry found for group: 512
lookup_rids: Domain Admins:2
Primary Group SID:S-1-5-21-3718409077-3004042761-2237186970-512
Full Name:Administrator
Home Directory:
HomeDir Drive:H:
Logon Script: administrator.bat
Profile Path:
Domain:   STW-GMH
Account desc: administrator
Workstations:
Munged dial:
Logon time:   0
Logoff time:  Tue, 19 Jan 2038 04:14:07 CET
Kickoff time: Tue, 19 Jan 2038 04:14:07 CET
Password last set:Mon, 02 Oct 2006 17:53:12 CEST
Password can change:  Tue, 04 Jul 2006 17:05:04 CEST
Password must change: Tue, 19 Jan 2038 04:14:07 CET
Last bad password   : 0
Bad password count  : 0
Logon hours : FF

--- Output pdbedit -L -v stw-031$ ---
WARNING: The "printer admin" option is deprecated
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting