Re: [Samba] Solved for 1/1300?
On Sun, Oct 29, 2006 at 11:35:22AM -0500, [EMAIL PROTECTED] wrote: Hello, Discrete Mathematics Question; how did the samba developers conclude that the default mangling method hash results in a probability-of-name-clash of 1/1300? Please note, I am not looking for samba solutions here, just intensely curious on how this number was solved for. For instance, Q: What is considered the sample space of all possible file names here, were the - and _ taken into account? Q: Are we considering all possible filename are equally likely to occur? Jeremy A, perhaps you know? Tridge did the original calculation, maybe he remembers. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Solved for 1/1300?
Hello, Discrete Mathematics Question; how did the samba developers conclude that the default mangling method hash results in a probability-of-name-clash of 1/1300? Please note, I am not looking for samba solutions here, just intensely curious on how this number was solved for. For instance, Q: What is considered the sample space of all possible file names here, were the - and _ taken into account? Q: Are we considering all possible filename are equally likely to occur? Jeremy A, perhaps you know? dotBomb [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] namecache_shutdown: Couldn't close namecache on top of gencache
I have this warning when I mount MS Windows shares, tunneling SMB over SSH in order to create a VPN-like shares management. Here the steps: # ssh -2 -N -L 445:shares_server:445 [EMAIL PROTECTED] And after creating the port forwarding: # smbmount //share_server_netbios_name/share_directory /mnt/Samba -o username=user%pass,ip=127.0.0.1 On the shares_server runs a MS Windows XP Professional, with Cygwin installed for sshd emulating. I disable NetBios over TCP/IP because of well-known security flaws. Although the warning, the mounted resources are OK. I used also Ethereal for analyzing packets and nothing seems wrong... So, I want to ask you how to solve this problem. Thanks in advance. With best regard, David __ Do You Yahoo!? Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi http://mail.yahoo.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Limiting smbd process / active sessions of Samba server
As described in the Samba documentation, one smbd process is started for each new session/connection. When a new client connects to a Samba server, a new smbd process is started. During out tests, we noticed that : - The owner of this smbd process on the samba server is the id of the client . - If the client is inactive for 60 seconds, the owner of smbd process become root. - If the client reuse the connection after 60 seconds, the client reuses the same smbd process on the samba server and the smbd process owner become the id of the client again. - If the client explicitly disconnect from the samba server, the smbd process is stopped on the samba server. As we plan to use Samba server for 1000 clients and as each client doesn't use the samba server very ofter, we would like to limit the number of smbd process. These clients are running applications that doesn't disconnect explicitely. Is there a way to tune the 60 seconds timeout ? Is there a way to stop smbd process when this timeout is reached ? Is there a way to limit the max number of smbd process ? (we tried to use max smbd processes but it doesn't seem to work). Regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] How do I ask samba to synch database with ldap?
[EMAIL PROTECTED] wrote: Do you have ACL in your ldap server --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Yes of course, but it does not prevent the samba acount to get full write access to the directory (in fact for other operation is succesfull) . --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Followup re: pam_winbind and never expires passwords
More info on the problem that users could access shares, but not login, if their passwords were expired by days, but had password never expires flagged. During further experimentation, I discovered (I'm not a Windows person) that in addition to flagging a user as password never expires, there is an account policy flag specifying the same thing globally. If the account policy flag is set, the users can log in; if only the per-user flag is set, they cannot. So to refine my previous statement, it appears pam_winbind ignores the per-user password never expires flag. -- bill (I'm reading the list in summary, so my apologies if someone else has already commented on this.) Bill Greene Rubicon Group Ltd. Oak Brook Illinois USA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.23c Profile issues
Has anyone been having issues with profiles. We ran fine on 3.0.21 and our upgrade to 3.0.23c for SOX reasons has been filled with lots of profile issues. 1. Can't find roaming profiles when logging in. 2. Some users are completely locked out of their pc because of their profile. They can logon to another pc just not the one they usually use. 3. Some users get logged on and are missing their desktops. 4. I'm getting a lot of errors from machines not listening to their own name. _ Get the new Windows Live Messenger! http://get.live.com/messenger/overview-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join segfault (samba 3.0.23c)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I just tried to join my SLES9 (Suese Linux Enterprise Server 9) to my ads. I follow a mixture of the howtos [1], [2], [3]. Everything works fine (kinit gives me a valid kerberos ticket), but the `net ads join -U $DOMAIN\\$USER` command segfaults. Software I have intalled: - - samba 3.0.23c (from ftp.samba.org) - - heimdal 0.6.1rc2 Here a debug 5 of `net -d5 -s /etc/samba/smb.conf.ads -U [EMAIL PROTECTED] ads join`: [2006/10/30 16:21:37, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/5 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2006/10/30 16:21:37, 3] param/loadparm.c:lp_load(4945) lp_load: refreshing parameters [2006/10/30 16:21:37, 3] param/loadparm.c:init_globals(1410) Initialising global parameters [2006/10/30 16:21:37, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf.ads [2006/10/30 16:21:37, 3] param/loadparm.c:do_section(3687) Processing section [global] doing parameter workgroup = DOMAIN doing parameter netbios name = host [2006/10/30 16:21:37, 4] param/loadparm.c:handle_netbios_name(3045) handle_netbios_name: set global_myname to: HOST doing parameter security = ads doing parameter encrypt passwords = yes doing parameter client use spnego = yes doing parameter realm = REALM.NET doing parameter idmap uid = 1-2 doing parameter idmap gid = 1-2 doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind use default domain = Yes doing parameter template homedir = /home/ads/%D/%U doing parameter template shell = /bin/true [2006/10/30 16:21:37, 4] param/loadparm.c:lp_load(4976) pm_process() returned Yes [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(113) Registered charset ASCII [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset 646 [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(113) Registered charset 646 [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ISO-8859-1 [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(113) Registered charset ISO-8859-1 [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS2-HEX [2006/10/30 16:21:37, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS2-HEX [2006/10/30 16:21:37, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2006/10/30 16:21:37, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2006/10/30 16:21:37, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2006/10/30 16:21:37, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2006/10/30 16:21:37, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2006/10/30 16:21:37, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2006/10/30 16:21:37, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2006/10/30 16:21:37, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2006/10/30 16:21:37, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2006/10/30 16:21:37, 5]
[Samba] Samba Breaks with ACLs
Hello, We are running Samba 3.0.23c on Debian. Over the weekend, we updated out file server to Debian's kernel 2.6.18. We had previously never run a kernel with ACL support enabled. Since the upgrade, we are seeing very strange permission behavior. It appears to be related to POSIX ACL support in Samba. It seems that what's happening is this. We have a number of files that are user/group writable (permissions 0664). When a user that is someone other than the Unix owner of the file writes to it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added with this second user getting read/write permission to it. Unfortunately, the Unix owner of the file now is locked out of writing to it. We never had any problem with permissions on these files before using the ACL-enabled kernel. Is there a way to completely disable POSIX ACL support at runtime, and have Samba just revert back to its behavior when on a filesystem that does not support POSIX ACLs? Or, better yet, is there a way to fix this behavior? Thanks, -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cant login to Samba PDC
I have a gentoo install, running samba with ldap. I can access the PDC shares and the auth works fine. I can even add a computer to the domain, but after I reboot I can login. Something about not being able to fine the domain. I am not sure where to start looking for the problem. Any Ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant login to Samba PDC
2006/10/30, timothy johnson [EMAIL PROTECTED]: I have a gentoo install, running samba with ldap. I can access the PDC shares and the auth works fine. I can even add a computer to the domain, but after I reboot I can login. Something about not being able to fine the domain. I am not sure where to start looking for the problem. Any Ideas? First of all: which OS is your client running? If it's Windows 2k/XP, are you able to select with the drop-down menu your domain name? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Excel Read only file bug back on 3.0.23x?
Hi, I believe that the BUG 2346 which was resolved in samba 3.0.14 has come back in the 3.0.23 series. Here is what I have noticed on two separate configurations. The samba packages were built on each machine using rpmbuild with the SRPMS provided for Fedora in the samba web site. Configuration 1. Two machines running with RHEL4, samba 3.0.23b-1, drbd-0.7.21 protocol C. Kernel: 2.6.9-42.0.3.ELsmp Configuration 2. Two machines running with CentOS 4, samba 3.0.23c-4, drbd-0.7.21 protocol C. Kernel: 2.6.9-42.0.2.ELsmp I do not believe none of this is related to DRBD, but I mention it just in case. The problem occurs as follows: 1. User Alice opens an excel files owned by her, makes changes and saves it. 2. User Bob opens the same file which Alice just saved and makes come changes. When Bob saves the file, he gets a warning that there is a problem and that changes could not be saved, however changes are saved. 3. Either Alice or Bob try to open the file and now it is a read only file. The only way anyone can save the file is if they first right click on it and uncheck the read-only checkbos prior to openning. However, the next time a different user opens the file and saves it, the problem comes back. Are there any settings that can be changed in smb.conf to help prevent this front happening? Is anyone else experiencing this behaviour? Is it possible that the BUG 2346 came back? Any help would be greatly appreciated. Thanks, Diego -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Excel Read only file bug back on 3.0.23x?
Is your problem repeatable, for all users, and even on a fresh smb restart? For me it is not and this is the trickiest part of tracing this bug. I am desperately trying to resolve this as well. Have not received any replies from this board whatsoever. Currently re-visiting every parameter and samba default setting change across releases. Good luck and please post any results. thanks, Roland; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Diego Julian Remolina Sent: Monday, October 30, 2006 10:50 AM To: samba@lists.samba.org Subject: [Samba] Excel Read only file bug back on 3.0.23x? Hi, I believe that the BUG 2346 which was resolved in samba 3.0.14 has come back in the 3.0.23 series. Here is what I have noticed on two separate configurations. The samba packages were built on each machine using rpmbuild with the SRPMS provided for Fedora in the samba web site. Configuration 1. Two machines running with RHEL4, samba 3.0.23b-1, drbd-0.7.21 protocol C. Kernel: 2.6.9-42.0.3.ELsmp Configuration 2. Two machines running with CentOS 4, samba 3.0.23c-4, drbd-0.7.21 protocol C. Kernel: 2.6.9-42.0.2.ELsmp I do not believe none of this is related to DRBD, but I mention it just in case. The problem occurs as follows: 1. User Alice opens an excel files owned by her, makes changes and saves it. 2. User Bob opens the same file which Alice just saved and makes come changes. When Bob saves the file, he gets a warning that there is a problem and that changes could not be saved, however changes are saved. 3. Either Alice or Bob try to open the file and now it is a read only file. The only way anyone can save the file is if they first right click on it and uncheck the read-only checkbos prior to openning. However, the next time a different user opens the file and saves it, the problem comes back. Are there any settings that can be changed in smb.conf to help prevent this front happening? Is anyone else experiencing this behaviour? Is it possible that the BUG 2346 came back? Any help would be greatly appreciated. Thanks, Diego -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant login to Samba PDC
I have tried it on both windows XP Pro, and windows 2k. Yes, it does have the domain on the drop down menu. On 10/30/06, Boniforti Flavio [EMAIL PROTECTED] wrote: 2006/10/30, timothy johnson [EMAIL PROTECTED]: I have a gentoo install, running samba with ldap. I can access the PDC shares and the auth works fine. I can even add a computer to the domain, but after I reboot I can login. Something about not being able to fine the domain. I am not sure where to start looking for the problem. Any Ideas? First of all: which OS is your client running? If it's Windows 2k/XP, are you able to select with the drop-down menu your domain name? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Documentation Inconsistency - enable privileges
Hi, In the 3.0.23c swat documentation, it indicates the default for enable privileges parameter is both yes and no. Does anyone know what the actual default is? Details below - relevant sections in CAPS. Thank you. Roland Hordos enable privileges (G) This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either net rpc rights or one of the Windows user and group manager tools. This parameter is DISABLED BY DEFAULT to prevent members of the Domain Admins group from being able to assign privileges to users or groups which can then result in certain smbd operations running as root that would normally run under the context of the connected user. An example of how privileges can be used is to assign the right to join clients to a Samba controlled domain without providing root access to the server via smbd. Please read the extended description provided in the Samba documentation. DEFAULT: enable privileges = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba locking fails over NFS
Good day, Our Windows users aren't able to edit their MS Office files over our Samba shares (Samba 3.0.10, CentOS4 w/ their i386 RPM). It looks like the clients' attempts to lock the files fails. When their client attempts to open such a file, Samba reports: --8--- [2006/10/27 15:55:57, 0] locking/posix.c:posix_fcntl_lock(657) posix_fcntl_lock: WARNING: lock request at offset 2147483538, length 1 returned [2006/10/27 15:55:57, 0] locking/posix.c:posix_fcntl_lock(658) an No locks available error. This can happen when using 64 bit lock offsets [2006/10/27 15:55:57, 0] locking/posix.c:posix_fcntl_lock(659) on 32 bit NFS mounted file systems. --8--- The filesystem the file is on is indeed a NFS filesystem mounted from a Netapp device, although I have no idea if Samba tried a 64-bit lock. The machine and Samba binary are 32-bit, although I am guessing Samba thinks it's supposed to use 64-bit locks. But, I have no idea how to actually fix this problem. I've found lots of posts with people with this issue, and a couple others describing the details of the problem and why it happens, but none actually resolving it- other than one suggestion to set locking no, which is obviously not desirable at all! Can someone suggest how this could be resolved? Thanks! Darren Gamble Systems Architect, Regional Services Shaw Cablesystems GP 630 - 3rd Avenue SW Calgary, Alberta, Canada T2P 4L4 (403) 781-4948 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant login to Samba PDC
2006/10/30, timothy johnson [EMAIL PROTECTED]: I have tried it on both windows XP Pro, and windows 2k. Yes, it does have the domain on the drop down menu. Well, I'm not any kind of Samba-guru, but would you be posting your smb.conf and maybe some log files? To me, it seems rather a Windoze issue... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
You could always edit your fstab file and mount your fs without acl support. But you can also take some time and study the ACL support in Samba. Correctly implemented its a powerful feature. Cheers, Henrik 30 okt 2006 kl. 16:51 skrev John Goerzen: Hello, We are running Samba 3.0.23c on Debian. Over the weekend, we updated out file server to Debian's kernel 2.6.18. We had previously never run a kernel with ACL support enabled. Since the upgrade, we are seeing very strange permission behavior. It appears to be related to POSIX ACL support in Samba. It seems that what's happening is this. We have a number of files that are user/group writable (permissions 0664). When a user that is someone other than the Unix owner of the file writes to it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added with this second user getting read/write permission to it. Unfortunately, the Unix owner of the file now is locked out of writing to it. We never had any problem with permissions on these files before using the ACL-enabled kernel. Is there a way to completely disable POSIX ACL support at runtime, and have Samba just revert back to its behavior when on a filesystem that does not support POSIX ACLs? Or, better yet, is there a way to fix this behavior? Thanks, -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel Read only file bug back on 3.0.23x?
Hi Roland, You are totally right, I restarted samba and the problem is gone on the RHEL4 machines. I will have to do some more testing to see if it is as random as you have seen. I will probably get a chance to restart samba on the CentOS 4 machines this evenning after hours and find if the problem goes away for a while. I already informed my users who experienced the problem today to notify me as soon as they see it happening again to try and figure out if there is a pattern. Thanks for your fast response. Will keep you posted on my findings, Diego Roland Hordos wrote: Is your problem repeatable, for all users, and even on a fresh smb restart? For me it is not and this is the trickiest part of tracing this bug. I am desperately trying to resolve this as well. Have not received any replies from this board whatsoever. Currently re-visiting every parameter and samba default setting change across releases. Good luck and please post any results. thanks, Roland; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Diego Julian Remolina Sent: Monday, October 30, 2006 10:50 AM To: samba@lists.samba.org Subject: [Samba] Excel Read only file bug back on 3.0.23x? Hi, I believe that the BUG 2346 which was resolved in samba 3.0.14 has come back in the 3.0.23 series. Here is what I have noticed on two separate configurations. The samba packages were built on each machine using rpmbuild with the SRPMS provided for Fedora in the samba web site. Configuration 1. Two machines running with RHEL4, samba 3.0.23b-1, drbd-0.7.21 protocol C. Kernel: 2.6.9-42.0.3.ELsmp Configuration 2. Two machines running with CentOS 4, samba 3.0.23c-4, drbd-0.7.21 protocol C. Kernel: 2.6.9-42.0.2.ELsmp I do not believe none of this is related to DRBD, but I mention it just in case. The problem occurs as follows: 1. User Alice opens an excel files owned by her, makes changes and saves it. 2. User Bob opens the same file which Alice just saved and makes come changes. When Bob saves the file, he gets a warning that there is a problem and that changes could not be saved, however changes are saved. 3. Either Alice or Bob try to open the file and now it is a read only file. The only way anyone can save the file is if they first right click on it and uncheck the read-only checkbos prior to openning. However, the next time a different user opens the file and saves it, the problem comes back. Are there any settings that can be changed in smb.conf to help prevent this front happening? Is anyone else experiencing this behaviour? Is it possible that the BUG 2346 came back? Any help would be greatly appreciated. Thanks, Diego -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
2006/10/30, Henrik Zagerholm [EMAIL PROTECTED]: But you can also take some time and study the ACL support in Samba. Correctly implemented its a powerful feature. I'm adding my comment here, as I read you talking about ACL support: is there any sort of how-to for that ACL implementation? Regards, Flavio. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant login to Samba PDC
I think I had that issue in the past and was related to netbios. If you are running a firewall, did you open all the samba ports on your gentoo box to the network? This is an iptables sample used on a RHEL4 machine: # Allow samba shares to my subnets -A RH-Firewall-1-INPUT -s X.Y.Z.0/24 -m multiport -p tcp --dports 139,445 -j ACCEPT -A RH-Firewall-1-INPUT -s X.Y.Z.0/24 -m multiport -p tcp --dports 139,445 -j ACCEPT -A RH-Firewall-1-INPUT -s X.Y.Z.0/24 -m multiport -p tcp --dports 139,445 -j ACCEPT -A RH-Firewall-1-INPUT -s X.Y.Z.0/24 -m multiport -p udp --dports 137,138 -j ACCEPT -A RH-Firewall-1-INPUT -s X.Y.Z.0/24 -m multiport -p udp --dports 137,138 -j ACCEPT -A RH-Firewall-1-INPUT -s X.Y.Z.0/24 -m multiport -p udp --dports 137,138 -j ACCEPT If your gentoo system has the tcp wrappers option enabled as a USE flag, then make sure your smb.conf file has: hosts allow = X.Y.Z. 127.0.0. hosts deny = ALL X.Y.Z. is your network, note the . at the end. Try each solution at a time, remember to restart iptables after changing the file and restarting samba if you change smb.conf or at list forcing it to reload. Diego timothy johnson wrote: I have tried it on both windows XP Pro, and windows 2k. Yes, it does have the domain on the drop down menu. On 10/30/06, Boniforti Flavio [EMAIL PROTECTED] wrote: 2006/10/30, timothy johnson [EMAIL PROTECTED]: I have a gentoo install, running samba with ldap. I can access the PDC shares and the auth works fine. I can even add a computer to the domain, but after I reboot I can login. Something about not being able to fine the domain. I am not sure where to start looking for the problem. Any Ideas? First of all: which OS is your client running? If it's Windows 2k/XP, are you able to select with the drop-down menu your domain name? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote: You could always edit your fstab file and mount your fs without acl support. Unfortunately, XFS does not have such an option. I verified this with both the mount manpage and the XFS source code. According to mount(8), only ext2/3 have that option. -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote: You could always edit your fstab file and mount your fs without acl support. But you can also take some time and study the ACL support in Samba. Correctly implemented its a powerful feature. At the moment, we just want to stop getting the regular Unix permissions screwed up... Yes, I probably should do that at some point, but I don't understand why enabling it will cause users to lose write permissions to files that they own. -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking fails over NFS
On Mon, Oct 30, 2006 at 11:03:45AM -0700, Darren Gamble wrote: Good day, Our Windows users aren't able to edit their MS Office files over our Samba shares (Samba 3.0.10, CentOS4 w/ their i386 RPM). It looks like the clients' attempts to lock the files fails. When their client attempts to open such a file, Samba reports: --8--- [2006/10/27 15:55:57, 0] locking/posix.c:posix_fcntl_lock(657) posix_fcntl_lock: WARNING: lock request at offset 2147483538, length 1 returned [2006/10/27 15:55:57, 0] locking/posix.c:posix_fcntl_lock(658) an No locks available error. This can happen when using 64 bit lock offsets [2006/10/27 15:55:57, 0] locking/posix.c:posix_fcntl_lock(659) on 32 bit NFS mounted file systems. --8--- The filesystem the file is on is indeed a NFS filesystem mounted from a Netapp device, although I have no idea if Samba tried a 64-bit lock. The machine and Samba binary are 32-bit, although I am guessing Samba thinks it's supposed to use 64-bit locks. But, I have no idea how to actually fix this problem. I've found lots of posts with people with this issue, and a couple others describing the details of the problem and why it happens, but none actually resolving it- other than one suggestion to set locking no, which is obviously not desirable at all! Can someone suggest how this could be resolved? Thanks! You can set the parameter posix locking = no which prevents Samba from mapping the 64-bit Windows locks onto the underlying NFS filesystem. Windows clients to the same Samba server will still see the Windows locks, they're preserved inside Samba. The only difference is local UNIX processes won't see the Windows locks - but I doubt that you have anyone editing the Word files simultaneously anywy. This is a bug in the NetApp NFS locking, not in Samba. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password from Windows XP
Hello, I have a network between my Ubuntu computer and my Windows XP computer. Accessing windows from Linux works fine, but... when I try to access Linux from windows I get a password prompt. How do I cancel that password prompt? (I don't want password protection) Or at least how do I set a password? (Right now I don't know the password) Regards, Ofir P.S I have Ubuntu 6 with samba 3.0.22 built-in with Ubuntu. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba not authenticating AD users on shares
Hi all, I'm new to the Samba world, so excuse me if this is a simple question. I have Samba 3.0.10-1.4E.9 running on a RHEL 4 install. I have successfully joined the server to our Windows 2003 Active Directory domain. I am able to authenticate users with the kinit command and everything seems to be configured the way the Samba How-To document outlines. The problem I am having is that when I try to connect to one of the shares on this server, I get a dialog box prompting for authentication. None of the credentials I enter works. It just continues to prompt for authentication. Is there anything I can do to troubleshoot this problem? Thanks. ___ Aaron Giuoco Systems Admin Atlantia Offshore Limited e: [EMAIL PROTECTED] ph: 281-899-4385 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] What is the difference between 3.013 and 3.020?
I have a basic mandriva 2006 setup with samba 3.020. I am migrating a samba domain from the old pdc server to a new pdc server. The old server was mandrake 2003 with samba 3.013. I copied over the directories and etc. even changed the sid. But it didn't work (the workstations cannot find the domain!)? Is there something I need to change in my samba.conf file? # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2006/10/30 11:47:36 # Global parameters [global] workgroup = CARBYDOMAIN netbios aliases = FILESERVER server string = Samba Server %v map to guest = Bad User passwd chat = *New*Password* \%n\n *Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers syslog = 0 log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins bcast hosts show add printer wizard = No add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = scripts\logon.bat logon drive = F: domain logons = Yes os level = 66 domain master = Yes wins support = Yes lock spin time = 15 ldap ssl = no printer admin = @adm [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No [print$] path = /var/lib/samba/printers write list = @adm, root inherit permissions = Yes guest ok = Yes [pdf-generator] comment = PDF Generator (only valid users) path = /var/tmp printable = Yes [QKBKS] path = /home/cabinets/QKBKS force user = root read only = No create mask = 0775 guest ok = Yes browseable = No [acct_rec] path = /home/cabinets/acct_rec admin users = @officeGROUP read only = No create mask = 0775 directory mask = 0777 guest ok = Yes browseable = No Kevin Kallsen Owner E101 Technology Solutions www.e101.com 203-525-2558 PO Box 535 Thomaston, CT 06787 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cant Login - Config Logs
Here is the smb.conf and log.nmbd/log.smbd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Cant Login - Config Logs
The system could not log you on. Make sure yout User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case. this is the error on get on the client machine(XP) On 10/30/06, timothy johnson [EMAIL PROTECTED] wrote: Here is the smb.conf and log.nmbd/log.smbd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem's from Rehat to OSX
I am a Samba newbie but I have a samba server running and connect to my established shared directories with My PC no problem but with the other people in the office that use Macs with OSX 10.4.8 I am having the following problem that I cannot figure out On the Mac side the user can connect their home directory on the Linux Server (RedHat Enterprise 3.+ HP Proliant) that matches their user name and password that they are using on the Mac no problem but as soon as try to connect to any other of the shared directories it just errors out. It is not a security issue as I have them read|write|execute enabled and have the them listed in the smb.conf files like this [projects] path = /root/projects read only = no guest = ok Thanks for any pointers. Jordan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
On Mon, 2006-10-30 at 13:41 -0600, John Goerzen wrote: On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote: You could always edit your fstab file and mount your fs without acl support. But you can also take some time and study the ACL support in Samba. Correctly implemented its a powerful feature. At the moment, we just want to stop getting the regular Unix permissions screwed up... Yes, I probably should do that at some point, but I don't understand why enabling it will cause users to lose write permissions to files that they own. Maybe posting the relevant part of your smb.conf (masks/modes/inheritance options) may help. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Cant Login - Config Logs
Can you login with smbclient from another gentoo box? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of timothy johnson Sent: Monday, October 30, 2006 12:45 PM To: samba@lists.samba.org Subject: [Samba] Re: Cant Login - Config Logs The system could not log you on. Make sure yout User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case. this is the error on get on the client machine(XP) On 10/30/06, timothy johnson [EMAIL PROTECTED] wrote: Here is the smb.conf and log.nmbd/log.smbd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + Mac OS 9
Hi guys, Is there anything out of the ordinary I have to do for an OS 9 Mac to be able to talk to samba? When I try connect to server (or something like that), it doesn't matter in what format I enter the IP address - I simply cannot connect to it. Thanks Hans -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-OpenLDAP and AD question..
Hi all We have slowly been migrating our NT4 domain to Samba+OpenLDAP. Today I was told that we were going to to create an AD 'resource' domain, put all of the workstations in it and create a trust relationship between the two domains. In other words the users would be in the Samba+OpenLDAP domain and the workstations in the AD 'resource' domain. If it matters we have about 1750 workstations with about 2000 users. Is this a reasonable model to follow or thing to do? If we do this what sort of pitfalls, if any, should I expect to encounter? Any ideas, opinions, knowledge of this are greatly appreciated. Thanks, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
On Mon, Oct 30, 2006 at 03:48:20PM -0500, simo wrote: On Mon, 2006-10-30 at 13:41 -0600, John Goerzen wrote: On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote: You could always edit your fstab file and mount your fs without acl support. But you can also take some time and study the ACL support in Samba. Correctly implemented its a powerful feature. At the moment, we just want to stop getting the regular Unix permissions screwed up... Yes, I probably should do that at some point, but I don't understand why enabling it will cause users to lose write permissions to files that they own. Maybe posting the relevant part of your smb.conf (masks/modes/inheritance options) may help. Sure: [data] comment = General Data browseable = yes writeable = yes create mask = 0664 directory mask = 0775 path = /data/general We have no ACL options, and no inheritance options, anywhere. -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Excel Read only file bug back on 3.0.23x?
Hi This is a workaround, not a solution, if you want the Excel timestamp feature enabled . add veto oplock files = /*.xls/ for each share in smb.conf SHARE section ! Or you edit the XP / W2K reg database see Microsoft official site for bug http://support.microsoft.com/kb/324491 Best regards Silas Wind Roland Hordos [EMAIL PROTECTED] draeng.comTo Sent by: Diego Julian Remolina samba-bounces+swi [EMAIL PROTECTED], =clipper-group.co samba@lists.samba.org [EMAIL PROTECTED] samba@lists.samba.org cc 30-10-2006 19:55 Subject RE: [Samba] Excel Read only file bug back on 3.0.23x? Is your problem repeatable, for all users, and even on a fresh smb restart? For me it is not and this is the trickiest part of tracing this bug. I am desperately trying to resolve this as well. Have not received any replies from this board whatsoever. Currently re-visiting every parameter and samba default setting change across releases. Good luck and please post any results. thanks, Roland; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Diego Julian Remolina Sent: Monday, October 30, 2006 10:50 AM To: samba@lists.samba.org Subject: [Samba] Excel Read only file bug back on 3.0.23x? Hi, I believe that the BUG 2346 which was resolved in samba 3.0.14 has come back in the 3.0.23 series. Here is what I have noticed on two separate configurations. The samba packages were built on each machine using rpmbuild with the SRPMS provided for Fedora in the samba web site. Configuration 1. Two machines running with RHEL4, samba 3.0.23b-1, drbd-0.7.21 protocol C. Kernel: 2.6.9-42.0.3.ELsmp Configuration 2. Two machines running with CentOS 4, samba 3.0.23c-4, drbd-0.7.21 protocol C. Kernel: 2.6.9-42.0.2.ELsmp I do not believe none of this is related to DRBD, but I mention it just in case. The problem occurs as follows: 1. User Alice opens an excel files owned by her, makes changes and saves it. 2. User Bob opens the same file which Alice just saved and makes come changes. When Bob saves the file, he gets a warning that there is a problem and that changes could not be saved, however changes are saved. 3. Either Alice or Bob try to open the file and now it is a read only file. The only way anyone can save the file is if they first right click on it and uncheck the read-only checkbos prior to openning. However, the next time a different user opens the file and saves it, the problem comes back. Are there any settings that can be changed in smb.conf to help prevent this front happening? Is anyone else experiencing this behaviour? Is it possible that the BUG 2346 came back? Any help would be greatly appreciated. Thanks, Diego -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
On Mon, 2006-10-30 at 15:59 -0600, John Goerzen wrote: On Mon, Oct 30, 2006 at 03:48:20PM -0500, simo wrote: On Mon, 2006-10-30 at 13:41 -0600, John Goerzen wrote: On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote: You could always edit your fstab file and mount your fs without acl support. But you can also take some time and study the ACL support in Samba. Correctly implemented its a powerful feature. At the moment, we just want to stop getting the regular Unix permissions screwed up... Yes, I probably should do that at some point, but I don't understand why enabling it will cause users to lose write permissions to files that they own. Maybe posting the relevant part of your smb.conf (masks/modes/inheritance options) may help. Sure: [data] comment = General Data browseable = yes writeable = yes create mask = 0664 directory mask = 0775 path = /data/general We have no ACL options, and no inheritance options, anywhere. If you have ACLs you also have XATTRs, in this case you may want to try do move all dos bits to an EA and see if the readonly mapping is what is causing you trouble. map read only = no map archive = no map system = no map hidden = no store dos attributes = yes Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba locking fails over NFS
Good day, Thanks for your reply! You can set the parameter posix locking = no which prevents Samba from mapping the 64-bit Windows locks onto the underlying NFS filesystem. Windows clients to the same Samba server will still see the Windows locks, they're preserved inside Samba. The only difference is local UNIX processes won't see the Windows locks - but I doubt that you have anyone editing the Word files simultaneously anywy. OK, I'll try this out, thanks! This looks like it should be safe to do in our setup. This is a bug in the NetApp NFS locking, not in Samba. If Samba is trying to issue a 64-bit lock, that obviously is not going to work since NFS is 32-bit. I'm not sure how this could be a NFS issue, unless you're expecting the server to re-map it as 32-bit. Maybe I'm missing something here? Here is more information on the topic. This user suggested to hack the configure script to force 32-bit locks to get around this. Perhaps the right solution is to detect the right lock size, or retry with 32-bit if 64-bit fails? http://lists.samba.org/archive/samba/2004-January/079217.html Darren Gamble Systems Architect, Regional Services Shaw Cablesystems GP 630 - 3rd Avenue SW Calgary, Alberta, Canada T2P 4L4 (403) 781-4948 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Excel Read only file bug back on 3.0.23x?
Thanks Silas, I think I'll try that in the mean time, for .xls and .doc files. I really don't know how deep the problem goes, though -- could two AutoCAD users overwrite each other's drafting files?! Do you know what level of logging is required to see this oplock behavior in action? At level 3 I get open_file and close_normal_file with read and write = Yes or No. I am currently running this share with no oplocking at all (smbd.conf entries below), when I think it's only Excel and Word docs that are vulnerable. This causes a lot of user activity to have to save to their local hard drive, then move to the Share in explorer. At least this works consistently and I'm confident that no two users can overwrite each other's open files directly. Current Workaround Setup strict locking = yes oplocks = no level2 oplocks = no Roland; -Original Message- From: Silas Wind [mailto:[EMAIL PROTECTED] Sent: Monday, October 30, 2006 3:09 PM To: Roland Hordos Cc: samba@lists.samba.org Subject: RE: [Samba] Excel Read only file bug back on 3.0.23x? Hi This is a workaround, not a solution, if you want the Excel timestamp feature enabled . add veto oplock files = /*.xls/ for each share in smb.conf SHARE section ! Or you edit the XP / W2K reg database see Microsoft official site for bug http://support.microsoft.com/kb/324491 Best regards Silas Wind Roland Hordos [EMAIL PROTECTED] draeng.com To Sent by: Diego Julian Remolina samba-bounces+swi [EMAIL PROTECTED], =clipper-group.co samba@lists.samba.org [EMAIL PROTECTED] samba@lists.samba.org cc 30-10-2006 19:55 Subject RE: [Samba] Excel Read only file bug back on 3.0.23x? Is your problem repeatable, for all users, and even on a fresh smb restart? For me it is not and this is the trickiest part of tracing this bug. I am desperately trying to resolve this as well. Have not received any replies from this board whatsoever. Currently re-visiting every parameter and samba default setting change across releases. Good luck and please post any results. thanks, Roland; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Diego Julian Remolina Sent: Monday, October 30, 2006 10:50 AM To: samba@lists.samba.org Subject: [Samba] Excel Read only file bug back on 3.0.23x? Hi, I believe that the BUG 2346 which was resolved in samba 3.0.14 has come back in the 3.0.23 series. Here is what I have noticed on two separate configurations. The samba packages were built on each machine using rpmbuild with the SRPMS provided for Fedora in the samba web site. Configuration 1. Two machines running with RHEL4, samba 3.0.23b-1, drbd-0.7.21 protocol C. Kernel: 2.6.9-42.0.3.ELsmp Configuration 2. Two machines running with CentOS 4, samba 3.0.23c-4, drbd-0.7.21 protocol C. Kernel: 2.6.9-42.0.2.ELsmp I do not believe none of this is related to DRBD, but I mention it just in case. The problem occurs as follows: 1. User Alice opens an excel files owned by her, makes changes and saves it. 2. User Bob opens the same file which Alice just saved and makes come changes. When Bob saves the file, he gets a warning that there is a problem and that changes could not be saved, however changes are saved. 3. Either Alice or Bob try to open the file and now it is a read only file. The only way anyone can save the file is if they first right click on it and uncheck the read-only checkbos prior to openning. However, the next time a different user opens the file and saves it, the problem comes back. Are there any settings that can be changed in smb.conf to help prevent this front happening? Is anyone else experiencing this behaviour? Is it possible that the BUG 2346 came back? Any help would be greatly appreciated. Thanks, Diego -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] severe problem with ms-word 97-2000 read only saving files
Hi ML, I got this problem on my linux box SMB3 PDC with ACLs(xfs filesystem) Samba 3.0.20 look: I encounter a problem with ONLY msword 97-2000 files ( yes, I hate this product, but for now I have not the choice of changing it in my case!): creating a new word file test.doc is ok -- user have good permissions : rwx modifing and saving this document result in changing permissions to my user that is now : r-- So doing another modification and saving on this same document again result in saving failure cause it is read only ! perhaps something with .tmp file created by msword temporary, but I've tried some things I've seen on ML without success. Any idea is welcome, cause I really don't anderstand what happen here ... my homedir share for my users is as follow : [homes] comment = Home Directories path = /home/utilisateurs/%U valid users = %S # force user = %U (tried to leave it for testing purpose) read only = No # create mask = 0700 # directory mask = 0700 # security mask = 0770 inherit permissions = Yes inherit acls = Yes hide files = /.*/desktop.ini/Folder*/ browseable = No oplocks = No level2 oplocks = No ACL of my homedir user is : # file: rthes2 # owner: rthes2 # group: root user::rwx user:rthes2:rwx group::--- group:root:rwx mask::rwx other::--- default:user::rwx default:user:rthes2:rwx default:group::--- default:group:root:rwx default:mask::rwx default:other::--- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] On Solaris8 install samba show error: libsendfile.so.1: open failed: No such file or directory
samba everyone: How do you do! I have a question about install samba on solaris8.I search internet a lot.but don't find useful info. wish can get work it out there.Hope any advices and tips.Thanks lot. OS: solaris8 I have installed follow softeware: gcc-3.3.2-sol8-sparc-local.gz libiconv-1.9.2-sol8-sparc-local.gz ncurses-5.4-sol8-sparc-local.gz popt-1.7-sol8-sparc-local.gz readline-5.1-sol8-sparc-local.gz samba-3.0.10-sol8-sparc-local.gz gettext-0.14.1.tar.gz after configure . /usr/local/samba/bin/testparm /usr/local/samba/lib/smb.conf it show error: # truss -f /usr/local/samba/bin/testparm -L elsbeth 21 | more 24844: execve(/usr/local/samba/bin/testparm, 0xFFBEFBE4, 0xFFBEFBF4) argc = 3 24844: resolvepath(/usr/lib/ld.so.1, /usr/lib/ld.so.1, 1023) = 16 24844: open(/var/ld/ld.config, O_RDONLY) = 3 24844: fstat(3, 0xFFBEF468)= 0 24844: mmap(0x, 160, PROT_READ, MAP_SHARED, 3, 0) = 0xFF3A 24844: close(3)= 0 24844: stat(/usr/lib/libthread.so.1, 0xFFBEF304) = 0 24844: open(/usr/lib/libthread.so.1, O_RDONLY) = 3 24844: fstat(3, 0xFFBEF304)= 0 24844: mmap(0x, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF39 24844: mmap(0x, 245760, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF35 24844: mmap(0xFF37E000, 6644, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 122880) = 0xFF37E000 24844: mmap(0xFF38, 45704, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFF38 24844: munmap(0xFF36E000, 65536) = 0 24844: memcntl(0xFF35, 31224, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0 24844: close(3)= 0 24844: stat(/usr/lib/libsendfile.so.1, 0xFFBEF304) Err#2 ENOENT 24844: stat(/usr/local/lib/libsendfile.so.1, 0xFFBEF304) Err#2 ENOENT 24844: stat(/usr/local/BerkeleyDB.4.2/lib/libsendfile.so.1, 0xFFBEF304) Err#2 ENOENT 24844: stat(/usr/local/ssl/lib/libsendfile.so.1, 0xFFBEF304) Err#2 ENOENT 24844: stat(/usr/openwin/lib/libsendfile.so.1, 0xFFBEF304) Err#2 ENOENT 24844: stat(/usr/local/lib/libsendfile.so.1, 0xFFBEF304) Err#2 ENOENT 24844: stat(/lib/libsendfile.so.1, 0xFFBEF304) Err#2 ENOENT 24844: stat(/usr/lib/libsendfile.so.1, 0xFFBEF304) Err#2 ENOENT 24844: stat(/u5/pgsqldba/pgsql/lib/libsendfile.so.1, 0xFFBEF304) Err#2 ENOENT 24844: stat(/u8/apache_bbs2/libexec//libsendfile.so.1, 0xFFBEF304) Err#2 ENOENT 24844: mmap(0x, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF34 ld.so.1: /usr/local/samba/bin/testparm: fatal: libsendfile.so.1: open failed: No such file or directory 24844: write(2, l d . s o . 1 : / u s.., 104) = 104 24844: munmap(0xFF39, 8192)= 0 24844: lwp_self() = 1 24844: *** process killed *** # I seach internet , not found right method resolve it.Maybe you can give me some advice and tips.Thanks very much. Best regards. - Betty - 抢注雅虎免费邮箱-3.5G容量,20M附件! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind mappings change over time
Hi all I have a peculiar problem that has been ongoing over the last few years. I have a mail server which is running winbind and giving distributed authentication from a Windows server. Winbind UID mapping is in the typical 1-2 range. Everything works fine... for the first little while at least anyway. From what I can tell, when winbind is first set up it allocates UIDs for all existing Windows users, in order of their SID on the Windows server (eg, the lowest SID on the Windows server gets the UID of 1, the next gets 10001 and so on). Again, this works fine. However, this is where things start to get messy. The problem I'm getting is that over time, these Windows - Unix ID maps get muddled up. I've deployed some 40 odd Linux servers, some talking to AD, some talking to Windows NT, some using Postfix for mail, some using Exim. In all cases, this problem comes up at one time or another. You notice it because the mailboxes (/var/mail/username) start having different owners. This effectively kills a particular person's mail. For example, the user 'jsmith' should have 'jsmith' as the mailbox owner, but they might have 'jbloggs' as the owner. This is because the UID that was assigned to jsmith has now been assigned to jbloggs. And yet there was never any change to the jsmith or jbloggs account on the Windows server. Has anybody else had this problem? I'm using a range of samba builds up to 3.0.14a which, I realise is rather old. However I'm loathed to upgrade when this is the only problem I'm getting, if the problem isn't fixed in later versions. I've tried a search in bugzilla but couldn't seem to come up with a query that returned less than 200 bugs. relevant part of smb.conf: winbind separator = ~ winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 15 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/false winbind use default domain = yes Thanks in advance Richard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dmapi doesn't work on aix; possible fix included
Below is an updated patch. I did test it, and it worked fine.
*** dmapi.c.origSat Oct 28 11:19:04 2006
--- dmapi.c Mon Oct 30 22:26:00 2006
***
*** 246,252
DEBUG(DMAPI_TRACE, (dm_path_to_handle(%s): %s\n,
path, strerror(errno)));
! if (errno != EPERM) {
return 0;
}
--- 246,252
DEBUG(DMAPI_TRACE, (dm_path_to_handle(%s): %s\n,
path, strerror(errno)));
! if (errno != EPERM errno != EACCES) {
return 0;
}
***
*** 259,266
--- 259,275
set_effective_capability(DMAPI_ACCESS_CAPABILITY);
+ #if !defined(HAVE_POSIX_CAPABILITIES)
+ become_root();
+ #endif
+
err = dm_path_to_handle(CONST_DISCARD(char *, path),
dm_handle, dm_handle_len);
+
+ #if !defined(HAVE_POSIX_CAPABILITIES)
+ unbecome_root();
+ #endif
+
if (err 0) {
DEBUG(DMAPI_TRACE,
(retrying dm_path_to_handle(%s): %s\n,
***
*** 269,276
--- 278,294
}
}
+ #if !defined(HAVE_POSIX_CAPABILITIES)
+ become_root();
+ #endif
+
err = dm_get_eventlist(dmapi_session, dm_handle, dm_handle_len,
DM_NO_TOKEN, DM_EVENT_MAX, events, nevents);
+
+ #if !defined(HAVE_POSIX_CAPABILITIES)
+ unbecome_root();
+ #endif
+
if (err 0) {
DEBUG(DMAPI_TRACE, (dm_get_eventlist(%s): %s\n,
path, strerror(errno)));
James Peach wrote:
On 29/10/06, J Raynor [EMAIL PROTECTED] wrote:
I'm running samba 3.0.23c on aix 5.3 TL4. I'm using Tivoli HSM 5.3.4.0
on a JFS2 filesystem. Samba compiled fine, and I set dmapi support =
yes in smb.conf, but samba wouldn't recognize offline files (migrated
files in tsm terminology). After setting a higher log level I think
I've tracked down the problem. The patch is at the bottom of this email.
The first problem is this snippet in dmapi_file_flags() in smbd/dmapi.c:
err = dm_path_to_handle(CONST_DISCARD(char *, path),
dm_handle, dm_handle_len);
if (err 0) {
DEBUG(DMAPI_TRACE, (dm_path_to_handle(%s): %s\n,
path, strerror(errno)));
if (errno != EPERM) {
return 0;
}
On AIX, dm_path_to_handle() is returning EACCES instead of EPERM, so it
hits the return 0. Is EPERM supposed to be the only allowed error, or
is this something that's likely implementation dependent?
This code was originally written for Linux and IRIX. IIRC in Linux there
was
a problem where the process capabilities were reset across fork() because
Samba changes its effective user ID. So when we get a permission error
we go back and try to re-acquire our capabilities.
Changing the if-condition to (errno != EPERM errno != EACCES) lets
things continue on. The rest of the problem in dmapi_file_flags() is
that things are running with the effective uid of the user, so dmapi
calls are failing. The posix capability DMAPI_ACCESS_CAPABILITY is
Note that DMAPI_ACCESS_CAPABILITY is not a real capability, it's just
a name for whatever capability set is needed to do DMAPI operations on
the current platform.
supposed to allow the functions to work, but to my knowledge AIX doesn't
have posix capabilties.
This is well beyond my knowledge of AIX. I used capabilities for this,
rather than
(un)become_root for performance reasons. If there's no other way to
achieve the
functionality, then I guess this is fine.
I'd prefer a feature-based test for whether this is necessary, rather
than a platform-
based test. Something like
#if !defined(HAVE_POSIX_CAPABILITIES)
become_root();
#endif
I used become_root/unbecome_root around the dmapi calls, and this
appeared to get things to work. Samba's log messages are indicating
that files are offline, and Windows Explorer is picking up on this and
changing the file icons to indicate that the files are offline. However,
I don't know if my solution is entirely correct. Here's the patch:
*** dmapi.c.origSat Oct 28 02:33:13 2006
--- dmapi.c Sat Oct 28 11:12:54 2006
***
*** 246,252
DEBUG(DMAPI_TRACE, (dm_path_to_handle(%s): %s\n,
path, strerror(errno)));
! if (errno != EPERM) {
return 0;
}
--- 246,252
DEBUG(DMAPI_TRACE, (dm_path_to_handle(%s): %s\n,
path, strerror(errno)));
! if (errno != EPERM errno != EACCES) {
return 0;
}
***
*** 259,266
--- 259,274
Re: [Samba] Documentation Inconsistency - enable privileges
On Monday 30 October 2006 12:59, Roland Hordos wrote: Hi, In the 3.0.23c swat documentation, it indicates the default for enable privileges parameter is both yes and no. Does anyone know what the actual default is? Details below - relevant sections in CAPS. Thank you. Roland Hordos enable privileges (G) This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either net rpc rights or one of the Windows user and group manager tools. This parameter is DISABLED BY DEFAULT to prevent members of the Domain Admins group from being able to assign privileges to users or groups which can then result in certain smbd operations running as root that would normally run under the context of the connected user. An example of how privileges can be used is to assign the right to join clients to a Samba controlled domain without providing root access to the server via smbd. Please read the extended description provided in the Samba documentation. DEFAULT: enable privileges = yes Thanks for pointing that out. It has been fixed in the master code tree. By default this parameter is enabled in all recent versions of Samba-3.0. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking fails over NFS
On Mon, Oct 30, 2006 at 04:11:34PM -0700, Darren Gamble wrote: If Samba is trying to issue a 64-bit lock, that obviously is not going to work since NFS is 32-bit. I'm not sure how this could be a NFS issue, unless you're expecting the server to re-map it as 32-bit. Maybe I'm missing something here? Well if the underlying OS exports a 64-bit locking interface then Samba expects it to actually work. If it's running over a filesystem that doesn't support it then it's the kernel's job to map the 64-bit requests to whatever the underlying transport expects. So maybe it'd be more accurate to describe it as a nfs client redirector bug :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Status
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachmentPLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r19513 - in branches/SAMBA_4_0/source/torture: .
Author: jelmer
Date: 2006-10-30 11:34:59 + (Mon, 30 Oct 2006)
New Revision: 19513
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=19513
Log:
Add support for recipes (using '@')
Modified:
branches/SAMBA_4_0/source/torture/smbtorture.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/smbtorture.c
===
--- branches/SAMBA_4_0/source/torture/smbtorture.c 2006-10-30 01:19:31 UTC
(rev 19512)
+++ branches/SAMBA_4_0/source/torture/smbtorture.c 2006-10-30 11:34:59 UTC
(rev 19513)
@@ -425,6 +425,33 @@
.test_result = quiet_test_result
};
+void run_recipe(struct torture_context *tctx, const char *recipe)
+{
+ int numlines, i, ret;
+ char **lines;
+
+ lines = file_lines_load(recipe, numlines, NULL);
+ if (lines == NULL) {
+ fprintf(stderr, Unable to load file %s\n, recipe);
+ return;
+ }
+
+ for (i = 0; i numlines; i++) {
+ int argc;
+ char **argv;
+
+ ret = poptParseArgvString(lines[i], argc, argv);
+ if (ret != 0) {
+ fprintf(stderr, Error parsing line\n);
+ continue;
+ }
+
+ run_test(tctx, argv[0]);
+ }
+
+ talloc_free(lines);
+}
+
void run_shell(struct torture_context *tctx)
{
char *cline;
@@ -523,7 +550,7 @@
setlinebuf(stdout);
/* we are never interested in SIGPIPE */
- BlockSignals(true,SIGPIPE);
+ BlockSignals(true, SIGPIPE);
pc = poptGetContext(smbtorture, argc, (const char **) argv,
long_options,
POPT_CONTEXT_KEEP_FIRST);
@@ -649,7 +676,9 @@
double rate;
int unexpected_failures;
for (i=2;iargc_new;i++) {
- if (!run_test(torture, argv_new[i])) {
+ if (argv_new[i][0] == '@') {
+ run_recipe(torture, argv_new[i]+1);
+ } else if (!run_test(torture, argv_new[i])) {
correct = false;
}
}
svn commit: samba r19514 - in branches/SAMBA_3_0_24/source/utils: .
Author: jra
Date: 2006-10-30 13:39:30 + (Mon, 30 Oct 2006)
New Revision: 19514
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=19514
Log:
Fix net ads join with missing realm.
Jeremy.
Modified:
branches/SAMBA_3_0_24/source/utils/net.c
branches/SAMBA_3_0_24/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_0_24/source/utils/net.c
===
--- branches/SAMBA_3_0_24/source/utils/net.c2006-10-30 11:34:59 UTC (rev
19513)
+++ branches/SAMBA_3_0_24/source/utils/net.c2006-10-30 13:39:30 UTC (rev
19514)
@@ -77,6 +77,7 @@
int opt_machine_pass = 0;
BOOL opt_localgroup = False;
BOOL opt_domaingroup = False;
+static BOOL do_talloc_report=False;
const char *opt_newntname = ;
int opt_rid = 0;
int opt_acls = 0;
@@ -159,6 +160,7 @@
/
connect to \\server\service
/
+
NTSTATUS connect_to_service(struct cli_state **c, struct in_addr *server_ip,
const char *server_name,
const char *service_name,
@@ -172,13 +174,13 @@
opt_password = SMB_STRDUP(pass);
}
}
-
+
nt_status = cli_full_connection(c, NULL, server_name,
server_ip, opt_port,
service_name, service_type,
opt_user_name, opt_workgroup,
opt_password, 0, Undefined, NULL);
-
+
if (NT_STATUS_IS_OK(nt_status)) {
return nt_status;
} else {
@@ -235,20 +237,57 @@
}
/
+ Return malloced [EMAIL PROTECTED] for krb5 login.
+/
+
+static char *get_user_and_realm(const char *username)
+{
+ char *user_and_realm = NULL;
+
+ if (!username) {
+ return NULL;
+ }
+ if (strchr_m(username, '@')) {
+ user_and_realm = SMB_STRDUP(username);
+ } else {
+ if (asprintf(user_and_realm, [EMAIL PROTECTED], username,
lp_realm()) == -1) {
+ user_and_realm = NULL;
+ }
+ }
+ return user_and_realm;
+}
+
+/
connect to \\server\ipc$ using KRB5
/
+
NTSTATUS connect_to_ipc_krb5(struct cli_state **c,
struct in_addr *server_ip, const char *server_name)
{
NTSTATUS nt_status;
+ char *user_and_realm = NULL;
+ if (!opt_password !opt_machine_pass) {
+ char *pass = getpass(Password:);
+ if (pass) {
+ opt_password = SMB_STRDUP(pass);
+ }
+ }
+
+ user_and_realm = get_user_and_realm(opt_user_name);
+ if (!user_and_realm) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
nt_status = cli_full_connection(c, NULL, server_name,
server_ip, opt_port,
IPC$, IPC,
- opt_user_name, opt_workgroup,
+ user_and_realm, opt_workgroup,
opt_password,
CLI_FULL_CONNECTION_USE_KERBEROS,
Undefined, NULL);
+ SAFE_FREE(user_and_realm);
+
if (NT_STATUS_IS_OK(nt_status)) {
return nt_status;
} else {
@@ -480,7 +519,7 @@
static int net_join(int argc, const char **argv)
{
- if (net_ads_check() == 0) {
+ if (net_ads_check_our_domain() == 0) {
if (net_ads_join(argc, argv) == 0)
return 0;
else
@@ -491,7 +530,7 @@
static int net_changetrustpw(int argc, const char **argv)
{
- if (net_ads_check() == 0)
+ if (net_ads_check_our_domain() == 0)
return net_ads_changetrustpw(argc, argv);
return net_rpc_changetrustpw(argc, argv);
@@ -513,7 +552,7 @@
set_line_buffering(stdout);
set_line_buffering(stderr);
}
-
+
trust_pw = get_pass(Enter machine password: , opt_stdin);
if (!secrets_store_machine_password(trust_pw, lp_workgroup(),
sec_channel_type)) {
@@ -884,6 +923,7 @@
{timestamps, 0, POPT_ARG_NONE, opt_timestamps},
{exclude, 'e', POPT_ARG_STRING, opt_exclude},
{destination, 0, POPT_ARG_STRING, opt_destination},
+
svn commit: samba r19515 - in branches/SAMBA_3_0_23/source/utils: .
Author: gd
Date: 2006-10-30 14:06:06 + (Mon, 30 Oct 2006)
New Revision: 19515
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=19515
Log:
Fix bad merge from 3_0.
Guenther
Modified:
branches/SAMBA_3_0_23/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_0_23/source/utils/net_ads.c
===
--- branches/SAMBA_3_0_23/source/utils/net_ads.c2006-10-30 13:39:30 UTC
(rev 19514)
+++ branches/SAMBA_3_0_23/source/utils/net_ads.c2006-10-30 14:06:06 UTC
(rev 19515)
@@ -278,7 +278,7 @@
NT_STATUS_NO_LOGON_SERVERS)) {
DEBUG(0,(ads_connect: %s\n, ads_errstr(status)));
ads_destroy(ads);
- return status;
+ return NULL;
}
if (!need_password !second_time) {
Build status as of Tue Oct 31 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-10-30 00:00:09.0 + +++ /home/build/master/cache/broken_results.txt 2006-10-31 00:00:09.0 + @@ -1,21 +1,21 @@ -Build status as of Mon Oct 30 00:00:02 2006 +Build status as of Tue Oct 31 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 build_farm 0 0 0 -ccache 7 1 0 -distcc 1 0 0 -ldb 41 4 0 -libreplace 5 0 0 -lorikeet-heimdal 0 0 0 -ppp 2 0 0 -rsync45 4 0 +ccache 6 0 0 +distcc 0 0 0 +ldb 41 3 0 +libreplace 3 0 0 +lorikeet-heimdal 36 24 0 +ppp 1 0 0 +rsync46 5 0 samba0 0 0 samba-docs 0 0 0 -samba4 43 21 1 -samba_3_08 3 0 -smb-build0 0 0 -talloc 44 4 0 -tdb 6 0 0 +samba4 44 15 1 +samba_3_03 2 0 +smb-build1 0 0 +talloc 6 0 0 +tdb 5 0 0
svn commit: samba-docs r992 - in trunk/smbdotconf/logon: .
Author: jht Date: 2006-10-31 04:54:41 + (Tue, 31 Oct 2006) New Revision: 992 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=992 Log: Correct clashing information for this parameter. Modified: trunk/smbdotconf/logon/enableprivileges.xml Changeset: Modified: trunk/smbdotconf/logon/enableprivileges.xml === --- trunk/smbdotconf/logon/enableprivileges.xml 2006-10-17 20:50:27 UTC (rev 991) +++ trunk/smbdotconf/logon/enableprivileges.xml 2006-10-31 04:54:41 UTC (rev 992) @@ -4,20 +4,22 @@ advanced=1 developer=1 xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; description - paraThis parameter controls whether or not smbd will honor -privileges assigned to specific SIDs via either commandnet rpc rights/command -or one of the Windows user and group manager tools. This parameter is - disabled by default to prevent members of the Domain Admins group from - being able to assign privileges to users or groups which can then result in certain - smbd operations running as root that would normally run under the context - of the connected user. /para + para + This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either + commandnet rpc rights/command or one of the Windows user and group manager tools. This parameter is + enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to + assign privileges to users or groups which can then result in certain smbd operations running as root that + would normally run under the context of the connected user. + /para - paraAn example of how privileges can be used is to assign - the right to join clients to a Samba controlled domain without - providing root access to the server via smbd./para + para + An example of how privileges can be used is to assign the right to join clients to a Samba controlled + domain without providing root access to the server via smbd. + /para - paraPlease read the extended description provided in the - Samba documentation./para + para + Please read the extended description provided in the Samba HOWTO documentation. + /para /description value type=defaultyes/value
