[Samba] CentOS samba upgrade

[M Azer]

Centos samba version is 3.0.10 which is the package that comes with the
disto - is the only way to upgrade to the latest samba 3.0.24 is to
recompile the samba source? I have tried "yum update samba" however it says
3.0.10 is the latest so i downloaded 3.0.24 and tried rpm -Uvh or yum
localinstall but i get the following dependency errors



to # yum install samba-common-3.0.24-1.i386.rpm
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Examining samba-common-3.0.24-1.i386.rpm: samba-common - 3.0.24-1.i386
Marking samba-common-3.0.24-1.i386.rpm as an update to samba-common -
3.0.10-1.4E.9.i386
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package samba-common.i386 0:3.0.24-1 set to be updated
--> Running transaction check
--> Processing Dependency: libc.so.6(GLIBC_2.4) for package: samba-common
--> Processing Dependency: libkrb5.so.3(krb5_3_MIT) for package:
samba-common
--> Processing Dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT) for
package: samba-common
--> Processing Dependency: libldap-2.3.so.0 for package: samba-common
--> Processing Dependency: libpam.so.0(LIBPAM_1.0) for package: samba-common
--> Processing Dependency: liblber-2.3.so.0 for package: samba-common
--> Processing Dependency: samba-common = 0:3.0.10 for package: samba-client
--> Processing Dependency: rtld(GNU_HASH) for package: samba-common
--> Processing Dependency: libk5crypto.so.3(k5crypto_3_MIT) for package:
samba-common
--> Finished Dependency Resolution
*Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package
samba-common
Error: Missing Dependency: libkrb5.so.3(krb5_3_MIT) is needed by package
samba-common
Error: Missing Dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT) is needed
by package samba-common
Error: Missing Dependency: libldap-2.3.so.0 is needed by package
samba-common
Error: Missing Dependency: libpam.so.0(LIBPAM_1.0) is needed by package
samba-common
Error: Missing Dependency: liblber-2.3.so.0 is needed by package
samba-common
Error: Missing Dependency: samba-common = 0:3.0.10 is needed by package
samba-client
Error: Missing Dependency: rtld(GNU_HASH) is needed by package samba-common
Error: Missing Dependency: libk5crypto.so.3(k5crypto_3_MIT) is needed by
package samba-common*
--
"Unless you try to do something beyond what you have already mastered, you
will never grow." Ronald E. Osborn
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Cannot change case of existing file names

[Jordan Russell]

Server OS: Linux / Fedora Core 6
Samba version: 3.0.24, 3.0.23 (binary packages for FC6)
Samba configuration: All defaults
Client OS: Windows XP SP2, Windows 2000 SP4

In recent versions of Samba (including 3.0.24), attempting to rename a
file to a new name that differs only in case appears to have no effect:

X:\tmp>echo . > FILE.txt

X:\tmp>dir
02/05/2007  08:21p   4 FILE.txt

X:\tmp>ren FILE.txt file.txt

X:\tmp>dir
02/05/2007  08:21p   4 FILE.txt

I'm pretty sure this worked in older versions.
Any ideas?

Thanks.

-- 
Jordan Russell

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Trusted domains?

[Anton Solovyev]

Hi,

I am having a problem with "security = domain" and users trying to log in from 
trusted AD domains.


I was wondering if I can get some more information here on how it is actually 
supposed to work.


Does Samba need to talk directly to the controller of the trusted domain? That 
sort of thing. I can't find a good explanation in the standard documentation.


I see in the logs that Samba server is unable to find trusted domain information 
and maps the user from trusted domain to a local one. How is the trusted domain 
list normally populated?


Please note that there's no "security = ADS" or winbindd in the picture. All the 
AD domains are related by the implicit AD trusts since they are in the same 
domain tree.


I remember this working fine with versions 2.x.x, but it may have involved 
explicit trusts between AD domains.


Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Domain Account Lock

[EMOTO Masahiko]

When a certain user tries to access shared folder provided by Samba,
his account is always locked. I can't figure out where the problem is.
Please help.

--Masahiko

Detail:
We're using Active Directory by Windows 2000 Servers and use it
for samba's authentication.
When a certain domain user, say, MYDOMAIN\user1, tries to access to
the remote resource \\LINUX1\user1 on a Linux server from his
Windows XP PC (PC1), a pop-up window shows up and he types
his account and password, but he always fails to access due to
the account lock.

His account was not locked when he tried to access to the remote resource,
but now his account is locked. I'm sure his account and password are
correct.

I look for the logs stored in /var/log/samba, but I can't find any
access log
from PC1.

However,
1) MYDOMAIN\user1 can access to PC1 using ssh or ftp
2) MYDOMAIN\user1 can access to shared folders \\PC2\shared or etc, in
Windows Servers (PC2)
3) MYDOMAIN\user1 can access \\LINUX1\user1 from another PC (PC3)
4) Another user MYDOMAIN\user2 can use remote resource from PC1.

In short, it causes problem only when MYDOMAIN\user1 tries to access
from PC1 to the remote resources
provided by samba.

Enviroment:

Dc1, dc2: windows 2000 server
Linux1 : Fedora Core 4 (x86_64) + kernel 2.6.17 + samba 3.0.22c
PC2 : Windows 2000 Server
PC1, PC3 : Windows XP SP2

=
Smb.conf
=
[global]

netbios name = LINUX1
workgroup = MYDOMAIN
server string = Samba Server
printcap name = /etc/printcap
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
security = ads
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
dns proxy = no
idmap uid = 1000-2000
idmap gid = 1000-2000
idmap backend = idmap_rid:MYDOMAIN=1000-2000
allow trusted domains = No
template shell = /bin/bash
password server = dc1 dc2
winbind use default domain = no
realm = MYDOMAIN
[homes]
comment = Home Directories
browseable = no
writable = yes

===
/etc/krb5.conf
=
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}

MYDOMAIN = {
kdc = dc2
kdc = dc1
}

[domain_realm]
.mydomain = .MYDOMAIN
mydomain.com = MYDOMAIN

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}


 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] kerberos/Samba integration questions

[Jon Allingham]

I'm trying to integrate Samba with my kerberos configuration on Solaris 10 
(with Samba 3.0.23d) and I have one basic issue - probably I don't 
understand something. Hopefully one of you experts can help.

We have an AD based organization but we do a lot of Unix work on Solaris 10 
and AIX 5.3 - I have about 75 *nix servers of various flavors. There's a lot 
of value in SSO solutions/credential consolidation to us, but we're a small 
organization.

I have a functional Solaris configuration talking LDAP to AD, using kerberos 
for password authentication, successfully pulling UID/GID from SFU on Server 
2003 R2. LDAP mapping using the built in LDAP client in Solaris 10 works 
smoothly; getent returns everything it should. kerberos versions of telnet 
etc all work fine and forward credentials. This config uses the pam_krb5 
module, not winbind and uses ldap in the nssswitch.conf

Alternatively, I can not run the kinit -k for the host, leave out the 
krb5.keytab (and of course fix all the SPN information in AD from the above 
configuration) and configure Samba in AD mode and it properly joins the 
domain. User names get mapped properly. File access through samba works.

What I can't seem to figure out how to do is have a functional kerberos 
configuration with a keytab entry at the same time I have samba working - 
Samba wants to join the domain using a machine account and assigns the 
principal host/hostname.myorg.com and I don't see any way of getting that 
same information exported into the krb5.keytab so I can run kinit -k to get 
the proper host credentials. And I need the same host/hostname.myorg.com 
principal to be set on the account that is mapped to the system.

AD isn't terribly happy about using a machine account anyway to configure 
kerberos, at least not on Solaris - it works much better to use a user 
account and then set the principal with the ktpass utility on the windows 
DC.

It seems that conceptually what I need is to be able to set the samba 
created information as the keytab entry, but I haven't the faintest idea how 
to do that.

I tried setting the verify_ap_req_nofail = false value in the krb5.conf file 
to keep it from requiring a host entry, but that didn't seem to make any 
difference.

I suppose what I'd really like to do is be able to manually export the 
keytab from AD using ktpass and use the SAME information for both the OS 
controlled kerberos based services as well as for Samba. Or alternatively be 
able to point my krb5.conf file to a samba controlled keytab entry for 
host/hostname.myorg.com

Any ideas are appreciated.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba]Daylight Savings time change

[Wayne Rasmussen]

-Original Message-
From: Jeremy Allison [mailto:[EMAIL PROTECTED] 
Sent: Monday, February 05, 2007 2:21 PM
To: Wayne Rasmussen
Cc: samba@lists.samba.org
Subject: Re: [Samba]Daylight Savings time change

On Mon, Feb 05, 2007 at 01:06:33PM -0800, Wayne Rasmussen wrote:
> 
> In August 2005, the Congress passed and the President signed into law
> the Energy Policy Act of 2005. Among many other important energy
saving
> measures, this law changes the start and end dates of Daylight Saving
> Time (DST). Beginning in 2007, DST will begin three weeks earlier
(March
> 11, 2007) and end one week later (November 4, 2007).
> 
> I know that Solaris and Java need to be patched for this.  Does anyone
> know if any version of Samba or related libraries (ex: openLDAP, gcc,
> etc) need to be updated for this change?
> 
> My company is still using Samba-3.0.10 for Active Directory because it
> just works.

The glibc patch should take care of this.

Jeremy.

Anyone got a link to this patch for Solaris sparc?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] WERR_ACCESS_DENIED trying to set printer driver in samba-3.0.23d

[John Drescher]

I am having problems getting Pont and Print to work with
samba-3.0.23d, cups and ldap.


I used an XP box to install the windows drivers on the samba server by
adding the drivers in the "Printers and Faxes" section (using the
server properties tab) for the samba server. This part worked fine but
when I want to associate the driver to the printer I get an access
denied in windows and in linux when I try to do the same I get this
error:

fileserver # rpcclient -U RADIMG\\root -c 'setdriver HP-2100 "HP
LaserJet 2100"' FILESERVER  Password:
Connecting to host=FILESERVER
Connecting to 192.168.1.6 at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
rpc_pipe_bind: Remote machine FILESERVER pipe \lsarpc fnum 0x7352 bind
request returned ok.
lsa_io_sec_qos: length c does not match size 8
rpc_pipe_bind: Remote machine FILESERVER pipe \spoolss fnum 0x7353
bind request returned ok.
SetPrinter call failed!
result was WERR_ACCESS_DENIED

I have tried several other logins but I can not get by this access denied.

Here are the printer settings from smb.conf

[global]
   ldap ssl = false
   host msdfs = no
   lpq cache time = 30
   time server = no
   netbios name = FILESERVER
   printing = cups
   local master = yes
   workgroup = RADIMG
   os level = 33
   ldap admin dn = "cn=Manager,dc=radimg,dc=pitt,dc=edu"
   printcap name = cups
   security = domain
   max log size = 2048
   log level = 3
   log file = /var/log/samba/%m.log
   printer = ar337PCL
   load printers = yes
   ldap user suffix = "ou=People,dc=radimg,dc=pitt,dc=edu"
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   domain master = no
   passdb backend = ldapsam:ldap://sysserv0.radimg.pitt.edu
   keepalive = 0
   ldap delete dn = yes
   server string = File Server
   ldap machine suffix = "ou=Hosts,dc=radimg,dc=pitt,dc=edu"
   ldap group suffix = ou=Groups
   kernel oplocks = no
   ldap suffix = dc=radimg,dc=pitt,dc=edu
   preferred master = no
   domain logons = no
   hide files = desktop.ini
   profile acls = yes

[printers]
 printable = yes
 path = /var/spool/samba
 guest ok = yes
 comment = All Printers
 create mode = 777
 directory mask = 777
 public = yes
 browsable = yes
#  use client driver = yes
#  enable privileges = yes

[print$]
  comment = Printer Drivers
  public = yes
  browsable = yes
  path = /usr/share/cups/drivers
  guest ok = yes
  read only = no
  create mask = 777
  directory mask = 777
  write list = root Administrator @"Domain Admins" @"Printer Admins"



--
John M. Drescher
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba]Daylight Savings time change

[Jeremy Allison]

On Mon, Feb 05, 2007 at 01:06:33PM -0800, Wayne Rasmussen wrote:
> 
> In August 2005, the Congress passed and the President signed into law
> the Energy Policy Act of 2005. Among many other important energy saving
> measures, this law changes the start and end dates of Daylight Saving
> Time (DST). Beginning in 2007, DST will begin three weeks earlier (March
> 11, 2007) and end one week later (November 4, 2007).
> 
> I know that Solaris and Java need to be patched for this.  Does anyone
> know if any version of Samba or related libraries (ex: openLDAP, gcc,
> etc) need to be updated for this change?
> 
> My company is still using Samba-3.0.10 for Active Directory because it
> just works.

The glibc patch should take care of this.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Urgent help request!

[Michael St. Laurent]

Okay, I found the issue I think.  It seems that if winbind is running on
the system Samba refuses to use local accounts. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Elio Tondo
Sent: Monday, February 05, 2007 1:18 PM
To: samba@lists.samba.org
Subject: Re: [Samba] Urgent help request!

From: "Michael St. Laurent" <[EMAIL PROTECTED]>

> I've gone further down the food chain in diagnosing the problem:
> 
> A net rpc join command works but wbinfo -u or wbinfo -g fails:
> ...
> I've tried removing the server from the domain and rejoining it to no
avail.
> The domain has a Windows ADS controller running in mixed-mode.

Hi,

I don't know if this can help, but you can find attached a post I sent
some months ago, that had no reply so far on the list. Basically,
I had to switch to ADS mode for the same problem you have, and
that worked for some time, but then, after a Samba release update,
it stopped working (and the situation is the same with the current
release). Older Samba versions work well in ADS mode with
exactly the same Win2000 server.

I managed to compile both the working and the failing version from
sources, and I tried some debugging, but without any detailed
knowledge of the sources I only managed to narrow down the
problem to  something related to the LDAP connection to the ADS
server; maybe some hint about the debugging process could help.

Elio
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Urgent help request!

[Elio Tondo]

From: "Michael St. Laurent" <[EMAIL PROTECTED]>

> I've gone further down the food chain in diagnosing the problem:
> 
> A net rpc join command works but wbinfo -u or wbinfo -g fails:
> ...
> I've tried removing the server from the domain and rejoining it to no avail.
> The domain has a Windows ADS controller running in mixed-mode.

Hi,

I don't know if this can help, but you can find attached a post I sent
some months ago, that had no reply so far on the list. Basically,
I had to switch to ADS mode for the same problem you have, and
that worked for some time, but then, after a Samba release update,
it stopped working (and the situation is the same with the current
release). Older Samba versions work well in ADS mode with
exactly the same Win2000 server.

I managed to compile both the working and the failing version from
sources, and I tried some debugging, but without any detailed
knowledge of the sources I only managed to narrow down the
problem to  something related to the LDAP connection to the ADS
server; maybe some hint about the debugging process could help.

Elio
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba]Daylight Savings time change

[Wayne Rasmussen]

In August 2005, the Congress passed and the President signed into law
the Energy Policy Act of 2005. Among many other important energy saving
measures, this law changes the start and end dates of Daylight Saving
Time (DST). Beginning in 2007, DST will begin three weeks earlier (March
11, 2007) and end one week later (November 4, 2007).

I know that Solaris and Java need to be patched for this.  Does anyone
know if any version of Samba or related libraries (ex: openLDAP, gcc,
etc) need to be updated for this change?

My company is still using Samba-3.0.10 for Active Directory because it
just works.

BTW, my list of software to build samba for AD is:
cyrus-sasl-2.1.19
krb5-1.3.5
openldap-2.2.17
samba-3.0.10
gcc_small-3.4.1
libiconv-1.8
tk-8.4.6
tcl-8.4.6
db-4.2.52.NC
openssl-0.9.7d
make-3.80
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Urgent help request!

[Michael St. Laurent]

I've gone further down the food chain in diagnosing the problem:

A net rpc join command works but wbinfo -u or wbinfo -g fails:

[EMAIL PROTECTED] samba]# net rpc join -U Administrator
Password:
Joined domain MERCURY.
[EMAIL PROTECTED] samba]# net rpc info -U Administrator
Password:
Domain Name: MERCURY
Domain SID: S-1-5-21-356471451-824197641-1237804090
Sequence number: 20543
Num users: 625
Num domain groups: 96
Num local groups: 109
[EMAIL PROTECTED] samba]# wbinfo --set-auth-user=Administrator
Password:
[EMAIL PROTECTED] samba]# wbinfo -u
Error looking up domain users
[EMAIL PROTECTED] samba]# wbinfo -g
BUILTIN\administrators
BUILTIN\users
[EMAIL PROTECTED] samba]#

I've tried removing the server from the domain and rejoining it to no avail.  
The domain has a Windows ADS controller running in mixed-mode.

Please help!  This is seriously impacting the network and my stress levels are 
peaking!  ;)

Here is the global section from our smb.conf file:

[global]
workgroup = MERCURY
server string = Network Attached Storage
security = DOMAIN
winbind use default domain = yes
encrypt passwords = Yes
password server = HCDC
winbind nested groups = yes
log file = /var/log/samba/log.%m
log level = 3
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = no
os level = 0
local master = No
dns proxy = No
wins server = 10.11.10.3
writeable = Yes
inherit acls = Yes
map to guest = Bad Uid


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael St. 
Laurent
Sent: Monday, February 05, 2007 9:59 AM
To: samba@lists.samba.org
Subject: RE: [Samba] Samba-3.0.23 problem

I've tried using the plus sign with no change.  I also tried adding the machine 
name with no result.

In other words:

@mis
+mis
@HCNAS\mis
+HCNAS\mis

Have not worked.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael St. 
Laurent
Sent: Monday, February 05, 2007 9:15 AM
To: samba@lists.samba.org
Subject: RE: [Samba] Samba-3.0.23 problem

Well, why would it change after a power off?  No software upgrades were done.  
In fact, that same server had been powered off before while still on the same 
software version (samba-3.0.23c) without any problem.  It was only after we 
took all servers offline simultaneously that this happened.

I'll try your suggestion of course (and thank you very much!), I'm just 
confused about why this happened.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felipe Augusto 
van de Wiel
Sent: Monday, February 05, 2007 5:37 AM
To: samba@lists.samba.org
Subject: Re: [Samba] Samba-3.0.23 problem

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/04/2007 06:51 PM, Michael St. Laurent wrote:
> We had to power down all servers today for electrical maintenance in the
> building and for some reason I began having access problems related to
> the valid users lists when power was restored.
>  
> The dialog from the 'Samba-3.0.23 broke my network' thread seemed as if
> it might be related even though I had not performed any software upgrade
> so I tried adding the group mappings as discussed in that thread.  It
> didn't seem to help.  If I remove the valid users parameter it works
> fine.
>  
> The below logfile snippet shows that it's having a problem with the
> group membership aspect of the valid users list.  Please note that user
> 'mikes' is most definitely a member of the unix group 'mis':
>  
>   looking for user mikes of domain (ANY) in netgroup mis
> [2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64)
>   lookup_name: HCNAS\mis => HCNAS (domain), mis (name)
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208)
>   User mikes not in 'valid users'
> [2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580)
>   user 'mikes' (from session setup) not permitted to access this share
> (exec_share)
> [2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146)
>   error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
>  
> [EMAIL PROTECTED] samba]# groups mikes
> mikes : avante mis
> [EMAIL PROTECTED] samba]#
>

Re: [Samba] cleaning up duplicate files on the file server

[Aaron Kincer]

Dealing with data duplication is not always particularly easy. What I 
would suggest is the following:


1) Identify the duplicates with the oldest modification date
2) Notify your users that you are making changes and to be on the 
lookout for any problems
3) Change the file permissions so that they can't be accessed by anyone 
other than you
4) If after some predetermined length of time (measured in months 
preferably) nobody has complained, delete the duplicates


Changing the permissions offers you an easy way to simulate deleting 
without actually deleting. You could issue a command to dump the ACLs 
for each file into a log by using a modified form of the command I've 
posted in the past for setting the archive bit of files that have been 
modified. Here is is for your convenience:


/usr/bin/find /share/ -name '*' -mtime 0 -exec setfattr 
--name=user.DOSATTRIB --value=0x30783230 {} \;


You could change the find command to use your find duplicates and change 
the setfattr to getfacl. With some fancy footwork, you should be able to 
do all of that and redirect output into a text file in the event that 
you have to restore permissions to their previous state. Of course, you 
could also use this command to set permissions on all of the files by 
using setfacl.


Just a suggestion. Any shell gurus out there that can offer up better or 
more clear advice please do so.


James A. Dinkel wrote:

I imagine we can save some space on our file server by cleaning up all
the files that are saved multiple times by different people.  There is
already the fdupes command in linux that will scan a directory tree and
report what files have duplicates.  This could be easily scripted to
turn those duplicate files into symlinks to one file.

 


The problem is see, then, is what would happen if someone tries to
change a duplicate file that they think is their own copy.  Of course,
everyone with a symlink to that file would get the changes, which is not
what I would want.  What it would need is some sort of copy-on-edit
mechanism, so when the file is changed, instead of changing the original
file, the symlink is replaced with the edited version of the file.

 


Does this make sense?  Has anyone else thought about this, or found an
elegant solution to this?

 


James Dinkel

Network Engineer

Butler County of Kansas

 


There are 10 types of people in the world:  those who understand binary,
and those who don't.

 

  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Disapearing Drives

[admin-listas]

Ron Garcia-Vidal escribió:
> I have been having a problem with my Samba server for about a month
> now and need help.  I am having users mysteriously losing access to
> drives during the day.  The drive will un-map itself and any further
> attempt to access it through wither Windows Explorer or just typing
> the UNC in the "Run" window will result in a "Drive or path not
> accessible" error.  On the samba side, nothing shows up in the logs on
> subsequent connections, so I'm unsure how to diagnose what the problem
> is.  Attempts to access the share from another machine as the same
> user are successful.
>

it happens to me the same. I have not found the solution

Suse 10.1, Samba 3.0.23d

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Connection dropped when copying large files toa SambaServer

[Volker Lendecke]

On Mon, Feb 05, 2007 at 11:57:37AM -0500, Michelle Dupuis wrote:
> But SAMBA showed in the stack dump during the crash (and this system was
> running stable for months - and crashed during our first big samba
> transfer).
> 
> I suppose you are right technically...but it points a big finger at Samba

Sure, we're kind of used to that. Samba tends to use
features of OS'es that apparently many other applications
don't excercise so much. One of the more recent (user-level,
not kernel-level) crashes of smbd turned out to be a
segfault in the Fedora NIS+ libs, I could easily reproduce
it with a 5-line C program. But Samba got the blame.

I'm not saying that Samba does not have bugs, no way! Just
look at the 3.0.24 release announcements. But a kernel crash
is a kernel crash. No app should be able to crash a kernel
except when being root and *deliberately* evil. And I do
know that Samba is *not* deliberately evil :-)

Volker


pgpBXK1hnAEh4.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba-3.0.23 problem

[Michael St. Laurent]

I've tried using the plus sign with no change.  I also tried adding the machine 
name with no result.

In other words:

@mis
+mis
@HCNAS\mis
+HCNAS\mis

Have not worked.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael St. 
Laurent
Sent: Monday, February 05, 2007 9:15 AM
To: samba@lists.samba.org
Subject: RE: [Samba] Samba-3.0.23 problem

Well, why would it change after a power off?  No software upgrades were done.  
In fact, that same server had been powered off before while still on the same 
software version (samba-3.0.23c) without any problem.  It was only after we 
took all servers offline simultaneously that this happened.

I'll try your suggestion of course (and thank you very much!), I'm just 
confused about why this happened.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felipe Augusto 
van de Wiel
Sent: Monday, February 05, 2007 5:37 AM
To: samba@lists.samba.org
Subject: Re: [Samba] Samba-3.0.23 problem

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/04/2007 06:51 PM, Michael St. Laurent wrote:
> We had to power down all servers today for electrical maintenance in the
> building and for some reason I began having access problems related to
> the valid users lists when power was restored.
>  
> The dialog from the 'Samba-3.0.23 broke my network' thread seemed as if
> it might be related even though I had not performed any software upgrade
> so I tried adding the group mappings as discussed in that thread.  It
> didn't seem to help.  If I remove the valid users parameter it works
> fine.
>  
> The below logfile snippet shows that it's having a problem with the
> group membership aspect of the valid users list.  Please note that user
> 'mikes' is most definitely a member of the unix group 'mis':
>  
>   looking for user mikes of domain (ANY) in netgroup mis
> [2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64)
>   lookup_name: HCNAS\mis => HCNAS (domain), mis (name)
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208)
>   User mikes not in 'valid users'
> [2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580)
>   user 'mikes' (from session setup) not permitted to access this share
> (exec_share)
> [2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146)
>   error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
>  
> [EMAIL PROTECTED] samba]# groups mikes
> mikes : avante mis
> [EMAIL PROTECTED] samba]#
>  
> [exec_share]
> comment = Exec Share
> path = /usr/netshare/exec_share
> writeable = Yes
> valid users = @exec, @exasst, @mis
> admin users = @mis
> force group = exec
> force create mode = 0666
> force directory mode = 0777
>  
> Please help!

What happens if you try with:

valid users = +mis


Did you checked the "Release Notes" for 3.0.23b?

http://us1.samba.org/samba/history/samba-3.0.23d.html


Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzLhCj65ZxU4gPQRAsYTAKCG5tIRP3Hkz3fvRexU3pU6vZb6hgCgrDAu
dNND4PP6sa6bFAJR0aq2fAI=
=dq8E
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] cleaning up duplicate files on the file server

[James A. Dinkel]

I imagine we can save some space on our file server by cleaning up all
the files that are saved multiple times by different people.  There is
already the fdupes command in linux that will scan a directory tree and
report what files have duplicates.  This could be easily scripted to
turn those duplicate files into symlinks to one file.

 

The problem is see, then, is what would happen if someone tries to
change a duplicate file that they think is their own copy.  Of course,
everyone with a symlink to that file would get the changes, which is not
what I would want.  What it would need is some sort of copy-on-edit
mechanism, so when the file is changed, instead of changing the original
file, the symlink is replaced with the edited version of the file.

 

Does this make sense?  Has anyone else thought about this, or found an
elegant solution to this?

 

James Dinkel

Network Engineer

Butler County of Kansas

 

There are 10 types of people in the world:  those who understand binary,
and those who don't.

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba v3.0.23a BROKE my network

[Andrew Morgan]

On Sat, 3 Feb 2007, Chris Hall wrote:


On Mon, 29 Jan 2007 Gerald (Jerry) Carter wrote

Chris Hall wrote:

...but doesn't change my opinion that software should be written to
avoid obscure failure caused by obvious misconfiguration -- particularly
in the case of an upgrade which turns a previously working configuration
into a broken one !



Chris,

This is not a pass the buck argument, but I would push back
on the Fedora folks (IIRC the original context correctly).
No one should have pushed out a 3.0.23a from 3.0.14a via yum.
We have been constantly saying that upgrade releases
(when the minor number changes) has significant differences
from past releases.  The letter releases are bug fix only.


Well, OK... but is there a 3.0.14x which contains all the bug and *security* 
fixes that 3.0.23 contains ?



So you can tell us (developers) that we should make such
sweeping changes and in response I would state that package
maintainers for a distro should not push out such sweeping
changes without properly notifying the distro users.


These days one feels nervous if one is not running the latest, stable 
version, on the basis that it should be the most secure.


Last time I ran yum it updated 171 packages.  The only way that it is 
practical for me to keep up to date is to depend on the developers to ensure:


 - either, the updates are upwards compatible (if necessary, by
   updating configuration)

 - or, the new software stops gracefully and points me in the right
   direction to complete the update

And I would expect the second case to be (very) rare, and driven by a serious 
need or (better) a significant feature advantage.


As a developer I understand the cost of upwards compatibility.  But where it 
used to be a matter of convenience when occasionally upgrading for new 
features, it is now a matter of necessity when frequently upgrading to 
maintain maximum security.


If I were maintaining a distribution, running to many hundreds of packages, I 
doubt I would feel it was practical if each one could carry its own little 
surprise !


Or, you could use Debian Linux which backports security fixes for their 
stable releases.  :)


Andy
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba ntlm_auth fails on Fedora core 6

[ken]

Recently installed Fedora core 6  to support, amongst other 
things, Radius-based JANET roaming service. 
(http://www.ja.net/roaming/) To do that we want to authenticate 
against our existing Windows Active Directory, and are hoping to 
use ntlm_auth as described at 
http://www.ja.net/roaming/documents/jrs-compliance-case-study.pdf


Samba (& everything else) installed as default on Fedora, and 
updated to current level with yum:


samba.i386 3.0.23c-2 installed

All of Samba seems to work except ntlm_auth.  PAM, krb5, and 
niss are configured, winbindd is running. We can join the 
domain, list resources, use smbclient, & so on.


When we try ntlm_auth we see this:

# ntlm_auth
ntlm_auth: error opening config file /etc/samba/smb.conf. Error 
was Invalid or incomplete multibyte or wide character


But /etc/samba/smb.conf is perfectly fine as far as we can tell.

Also we see the same error when using a 0-byte empty 
/etc/samba/smb.conf


Any clues?

Ken Brown
CCS Systems Team
Birkbeck College

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Disapearing Drives

[Ron Garcia-Vidal]

I have been having a problem with my Samba server for about a month now 
and need help.  I am having users mysteriously losing access to drives 
during the day.  The drive will un-map itself and any further attempt to 
access it through wither Windows Explorer or just typing the UNC in the 
"Run" window will result in a "Drive or path not accessible" error.  On 
the samba side, nothing shows up in the logs on subsequent connections, 
so I'm unsure how to diagnose what the problem is.  Attempts to access 
the share from another machine as the same user are successful.


The fix for this seems to be, either reboot the client (less preferable 
because the user gets upset) or restart the smbd on the server.  Either 
way, subsequent share access is restored.  Unfortunately, this problem 
is reoccurring several times a day and I find myself restarting samba 
about 4-5 times daily.  This has reached a crisis point, so any help 
would be appreciated.


In terns of samba version, this problem first appeared when I upgraded 
to samba_3.0.23d-2+b1 (on Debian Testing).  Subsequently, I rolled back 
to samba_3.0.23c-1, but the problem still persisted.  I have since 
upgraded to samba_3.0.23d-4, and am still having this problem.  Please help!

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap machine account pb since 3.0.23c-1

[Cédric Delfosse]

Le lundi 05 février 2007 à 09:45 +0100, emmanuel musso a écrit :
> Hello
> 
> When a windows xp workstation join a domain, by windows gui parameters, ldap
> machine attributes are not filled correctly:
> 
> - No attribute sambaprimarygroupsid (before, there was one terminated by 515)

AFAIK, the gid number of a computer/user account entry is now used to
determine its primary group SID (if sambaPrimaryGroupSID is not set).

> - rid (of sambasid) is not equal a 2*uid+1000
> 
> If i create a user, rid (sambasid) equal a 2*uid + 1000 (and 
> sambaprimarygrousid
> terminated by 513)
> 
> All the others samba attributes are ok
> Same problem if i use "smbldap-useradd -w" before joining the domain; Posix
> attributes are created by "smbldap-useradd -w", and samba attributes are
> created the first time workstation join the domain, allways with bad sambasid
> and without sambaprimarygroupsid.
> 
> Same problem if i use "net join" on a linux smbclient with winbind
> 
> In all cases, my workstation is connected to the domain, and user can use it.
> 
> I didn't change my config, i didn't modify idealx tools. I think the problem
> exits since 3.0.23c-1 update in month september. I know my computers who 
> joined
> the domain before samba 3.0.23c-1 update (debian apt-get) are ok, with
> sambaprimarygroupsid present, and valid sambasid
> (rid = 2* uid + 1000).
> I have 2 Domain with the same problem

I have one domain that also showed this behaviour (samba 3.0.23d), and
another that works « like before ».

Looks like that SAMBA was using the sambaNextRid field from the
sambaDomainName entry to build the SAMBA SID of the computer accounts,
but I don't know why.

Regards,

-- 
Cedric Delfosse Linbox / Free&ALter Soft
152, rue de Grigy - Technopole Metz  57070 METZ - FRANCE
tel: +33 (0)3 87 50 87 90  http://linbox.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba-3.0.23 problem

[Charles Marcus]

Michael St. Laurent wrote:

Well, why would it change after a power off? No software upgrades
were done. In fact, that same server had been powered off before
while still on the same software version (samba-3.0.23c) without any

> problem. It was only after we took all servers offline simultaneously

that this happened.



I'll try your suggestion of course (and thank you very much!), I'm
just confused about why this happened.


I've seen similar things happen before.

It is possible - at least for someone of my lowly skills - that when 
updating s/w without rebooting, some things don't get completely 
reloaded after a simple service restart, that DO get completely reloaded 
upon a reboot.


I always reboot after any major updates, just to make sure that a server 
will *survive* a reboot, not because it is required.


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba-3.0.23 problem

[Michael St. Laurent]

Well, why would it change after a power off?  No software upgrades were done.  
In fact, that same server had been powered off before while still on the same 
software version (samba-3.0.23c) without any problem.  It was only after we 
took all servers offline simultaneously that this happened.

I'll try your suggestion of course (and thank you very much!), I'm just 
confused about why this happened.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felipe Augusto 
van de Wiel
Sent: Monday, February 05, 2007 5:37 AM
To: samba@lists.samba.org
Subject: Re: [Samba] Samba-3.0.23 problem

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/04/2007 06:51 PM, Michael St. Laurent wrote:
> We had to power down all servers today for electrical maintenance in the
> building and for some reason I began having access problems related to
> the valid users lists when power was restored.
>  
> The dialog from the 'Samba-3.0.23 broke my network' thread seemed as if
> it might be related even though I had not performed any software upgrade
> so I tried adding the group mappings as discussed in that thread.  It
> didn't seem to help.  If I remove the valid users parameter it works
> fine.
>  
> The below logfile snippet shows that it's having a problem with the
> group membership aspect of the valid users list.  Please note that user
> 'mikes' is most definitely a member of the unix group 'mis':
>  
>   looking for user mikes of domain (ANY) in netgroup mis
> [2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64)
>   lookup_name: HCNAS\mis => HCNAS (domain), mis (name)
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208)
>   User mikes not in 'valid users'
> [2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580)
>   user 'mikes' (from session setup) not permitted to access this share
> (exec_share)
> [2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146)
>   error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
>  
> [EMAIL PROTECTED] samba]# groups mikes
> mikes : avante mis
> [EMAIL PROTECTED] samba]#
>  
> [exec_share]
> comment = Exec Share
> path = /usr/netshare/exec_share
> writeable = Yes
> valid users = @exec, @exasst, @mis
> admin users = @mis
> force group = exec
> force create mode = 0666
> force directory mode = 0777
>  
> Please help!

What happens if you try with:

valid users = +mis


Did you checked the "Release Notes" for 3.0.23b?

http://us1.samba.org/samba/history/samba-3.0.23d.html


Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzLhCj65ZxU4gPQRAsYTAKCG5tIRP3Hkz3fvRexU3pU6vZb6hgCgrDAu
dNND4PP6sa6bFAJR0aq2fAI=
=dq8E
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Valid users not working on 3.0.23d

[Papo Napolitano]

Felipe Augusto van de Wiel wrote:
> On 02/02/2007 01:08 PM, Papo Napolitano wrote:
>> Any one still having problems with "valid users" on 3.0.23d?
>> I'm working in "security = USER" mode and with local users only.
> 
>> Share configuration :
> 
>> [private]
>> path = /home/private
>> valid users = papo
>> force user = root
>> force group = root
>> read only = No
>> create mask = 0600
>> directory mask = 0700
> 
> [...]
>> Second test, using a valid but not listed user :
> 
>> [EMAIL PROTECTED] /]# smbclient //julieta/private -U administrator
>> Password:
>> Domain=[JULIETA] OS=[Unix] Server=[Samba 3.0.23d]
>> smb: \> mkdir 1
>> smb: \> rmdir 1
>> smb: \> quit
> 
>> This is wrong, administrator shouldn't write, not even connect 
>> to the share. "invalid users" seems to work ok though.
>> I can provide debug logs for both versions if needed.
>> Any hints?
> 
>   Is your administrator in the list of 'admin users'?
> 
> 
>> Thanks.-
> 
>   Kind regards,
> 

No, 'admin users' is empty.
Anyway, I'm observing the same behaviour with any account.
Downgrading to 3.0.22 and using the same smb.conf works, I'm going to
try 3.0.24 in the next couple of days just to be sure.

Thanks.-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Connection dropped when copying large files toa SambaServer

[Michelle Dupuis]

But SAMBA showed in the stack dump during the crash (and this system was
running stable for months - and crashed during our first big samba
transfer).

I suppose you are right technically...but it points a big finger at Samba

 

-Original Message-
From: Volker Lendecke [mailto:[EMAIL PROTECTED] On Behalf Of Volker
Lendecke
Sent: Monday, February 05, 2007 10:52 AM
To: Michelle Dupuis
Cc: 'Toby Bluhm'; samba@lists.samba.org
Subject: Re: [Samba] Connection dropped when copying large files toa
SambaServer

On Mon, Feb 05, 2007 at 10:36:18AM -0500, Michelle Dupuis wrote:
> > I run Samba 3.0.23c (on FC6 64 bit), and am backing up from a 
> > Windows box to my Samba share.  Sometimes it works great; other 
> > times the samba share locks up (I need to restart the smb service); 
> > and last week samba caused a kernel panic.  I can sometimes get 65GB 
> > onto the share
> before it locks up.

A kernel panic is by definition not a Samba problem.

Volker


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Connection dropped when copying large files toa SambaServer

[Volker Lendecke]

On Mon, Feb 05, 2007 at 10:36:18AM -0500, Michelle Dupuis wrote:
> > I run Samba 3.0.23c (on FC6 64 bit), and am backing up from a Windows 
> > box to my Samba share.  Sometimes it works great; other times the 
> > samba share locks up (I need to restart the smb service); and last 
> > week samba caused a kernel panic.  I can sometimes get 65GB onto the share
> before it locks up.

A kernel panic is by definition not a Samba problem.

Volker


pgp51APHmCtkk.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.24 Available for Download

[Aaron Kincer]

I missed that. Can't read all messages and get any work done :)

Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Aaron Kincer wrote:

  
Is this why the "Explanation of each Parameter" section 
of the on-line smb.conf documentation is jacked

and shows only ?



I replied yesterday that I would look in to this today.
It has nothing to do with the security release.





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFx0/YIR7qMdg1EfYRArFgAKCxMFwZKVrjli+1dRgeTZcRwN8o5QCgw1wu
V80LLsUNC4l3uAm84tJX0s0=
=pbVf
-END PGP SIGNATURE-

  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.24 Available for Download

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Aaron Kincer wrote:

> Is this why the "Explanation of each Parameter" section 
> of the on-line smb.conf documentation is jacked
> and shows only ?

I replied yesterday that I would look in to this today.
It has nothing to do with the security release.





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFx0/YIR7qMdg1EfYRArFgAKCxMFwZKVrjli+1dRgeTZcRwN8o5QCgw1wu
V80LLsUNC4l3uAm84tJX0s0=
=pbVf
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Connection dropped when copying large files toa SambaServer

[Michelle Dupuis]

Just another clue for you:

The samba crash/lockup appears to happen at the END of a large file write.
I can write 2gb or 65gb files across the lan to the samba share, but when
the file is (or is about to be) closed, samba locks up the share.

I already tried with NO socket options - same results

MD 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Toby
Bluhm
Sent: Monday, February 05, 2007 9:36 AM
To: samba@lists.samba.org
Subject: Re: [Samba] Connection dropped when copying large files toa
SambaServer

Michelle Dupuis wrote:
> Not hijacking the thread here...just adding more info as I have the 
> same issue.
>
> I run Samba 3.0.23c (on FC6 64 bit), and am backing up from a Windows 
> box to my Samba share.  Sometimes it works great; other times the 
> samba share locks up (I need to restart the smb service); and last 
> week samba caused a kernel panic.  I can sometimes get 65GB onto the share
before it locks up.
>
> I can backup to the share using NFS (using Windows Services for Unix) 
> without issue, but not to Samba.  My relevant smb.conf settings are:
>
> reset on zero vc = yes
> read raw = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
>   

Recent thinking is that so_rcvbuf & so_sndbuf are probably not needed
anymore and may actually degrade performance. Try commenting them out & test
again.

-- 

-Toby


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.24 Available for Download

[Aaron Kincer]

Is this why the "Explanation of each Parameter" section of the on-line 
smb.conf documentation is jacked and shows only ?


Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
  I can say 'no' in 4 different languages.
 -- Jeremy Allison
==
Release Announcements
=

This is the latest stable release of Samba. This is a security
fix release and is the version that production Samba servers
should be running for all current bug-fixes.

This release contains fixes for the following security
advisories:

  o CVE-2007-0452 (Potential Denial of Service bug in smbd)
  o CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
  o CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)



Download Details


The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

http://download.samba.org/samba/ftp/

The release notes are available online at:

http://www.samba.org/samba/history/samba-3.0.24.html

Binary packages are available at

http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

--Enjoy
The Samba Team
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFx0XOIR7qMdg1EfYRAs6PAKCNxyMhWRPpK43e854jaB0WeD2oOQCg3yRw
ckdme7342OGufMvOHr5no1A=
=e8vg
-END PGP SIGNATURE-

  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.24 Available for Download

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
  I can say 'no' in 4 different languages.
 -- Jeremy Allison
==
Release Announcements
=

This is the latest stable release of Samba. This is a security
fix release and is the version that production Samba servers
should be running for all current bug-fixes.

This release contains fixes for the following security
advisories:

  o CVE-2007-0452 (Potential Denial of Service bug in smbd)
  o CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
  o CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)



Download Details


The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

http://download.samba.org/samba/ftp/

The release notes are available online at:

http://www.samba.org/samba/history/samba-3.0.24.html

Binary packages are available at

http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

--Enjoy
The Samba Team
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFx0XOIR7qMdg1EfYRAs6PAKCNxyMhWRPpK43e854jaB0WeD2oOQCg3yRw
ckdme7342OGufMvOHr5no1A=
=e8vg
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
==
== Subject: Format string bug in afsacl.so VFS plugin.
== CVE ID#: CVE-2007-0454
==
== Versions:The AFS ACL mapping VFS plugin distributed
==  in Samba 3.0.6 - 3.0.23d (inclusive)
==
== Summary: The name of a file on the server's share
==  is used as the format string when setting
==  an NT security descriptor through the
==  afsacl.so VFS plugin.
==
==

===
Description
===

NOTE: This security advisory only impacts Samba servers
that share AFS file systems to CIFS clients and which have
been explicitly instructed in smb.conf to load the afsacl.so
VFS module.

The source defect results in the name of a file stored on
disk being used as the format string in a call to snprintf().
This bug becomes exploitable only when a user is able
to write to a share which utilizes Samba's afsacl.so library
for setting Windows NT access control lists on files residing
on an AFS file system.


==
Patch Availability
==

A patch against Samba 3.0.23d has been attached to this
email.  This fix has be incorporated into the Samba 3.0.24
release.  Patches are also available from at the Samba Security
page (http://www.samba.org/samba/security).


==
Workaround
==

An unpatched server may be protected by removing all
references to the afsacl.so VFS module from shares in
smb.conf.


===
Credits
===

This vulnerability was reported (including a proposed patch)
to Samba developers by <[EMAIL PROTECTED]>.  Much thanks
to zybadawg333 for the cooperation and patience in the
announcement of this defect.  The time line is as follows:

* Jan 8, 2007: Defect first reported to the [EMAIL PROTECTED]
  email alias.
* Jan 8, 2007: Initial developer response by Jeremy Allison
  confirming the issue.
* Jan 29, 2007: Announcement to vendor-sec mailing list
* Feb 5, 2007: Public issue of security advisory.


==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzArIR7qMdg1EfYRAmV6AKCfuADBCdmKqOxp5yVbKkjHHx6VZgCgsjzp
4VVFaQsDiVSS2014Q3Tk9c8=
=H5bC
-END PGP SIGNATURE-
diff -urN samba-3.0.23d/source/modules/vfs_afsacl.c 
samba/source/modules/vfs_afsacl.c
--- samba-3.0.23d/source/modules/vfs_afsacl.c   2006-06-23 08:16:50.0 
-0500
+++ samba/source/modules/vfs_afsacl.c   2007-01-29 20:11:07.0 -0600
@@ -901,7 +901,7 @@
ZERO_STRUCT(dir_acl);
ZERO_STRUCT(file_acl);
 
-   pstr_sprintf(name, fsp->fsp_name);
+   pstrcpy(name, fsp->fsp_name);
 
if (!fsp->is_directory) {
/* We need to get the name of the directory containing the









-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQBFvrtvIR7qMdg1EfYRAqGvAJ4onsF4xrEJRULF8wELiui9gWtHJQCcD9Od
GLlJYcMRe3wLaXf5ddU7FPc=
=tb2W
-END PGP SIGNATURE-









-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [SAMBA-SECURITY] CVE-2007-0453: Buffer overrun in nss_winbind.so.1 on Solaris

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
==
== Subject: Buffer overrun in NSS host lookup Winbind
==  library on Solaris
== CVE ID#: CVE-2007-0453
==
== Versions:Samba 3.0.21 - 3.0.23d (inclusive) running on
==  Sun Solaris
==
== Summary: A potential overrun in the gethostbyname()
==  and getipnodebyname() in the nss_winbind.so.1
==  library on Solaris can potentially allow
==  for code execution.
==
==

===
Description
===

NOTE: This security advisory only affects Sun Solaris
systems running Samba's winbindd daemon and configured to
make use of the nss_winbind.so.1 library for gethostbyname()
and getipnodebyname() name resolution queries.  For example,

## /etc/nsswitch.conf
...
ipnodes: files winbind
hosts: files winbind

The buffer overrun is caused by copying a string passed
into the NSS interface into a static buffer prior to sending
the request to the winbindd daemon.


==
Patch Availability
==

A patch against Samba 3.0.23d has been attached to this
email.  This fix has be incorporated into the Samba 3.0.24
release.  Patches are also available from at the Samba Security
page (http://www.samba.org/samba/security).

==
Workaround
==

An unpatched Solaris server may be protected by removing
the 'winbind' entry from the hosts and ipnodes services in
/etc/nsswitch.conf.


===
Credits
===

This vulnerability was reported (including a proposed patch)
to Samba developers by Olivier Gay <[EMAIL PROTECTED]>.   Much thanks
to Olivier for his cooperation and patience in the announcement
of this defect.  The time line is as follows:

* Dec 15, 2006: Defect first reported to the [EMAIL PROTECTED]
  email alias.
* Dec 21, 2006: Initial developer response by Andrew Tridgell
  confirming the issue.
* Jan 29, 2007: Announcement to vendor-sec mailing list
* Feb 5, 2007: Public issue of security advisory.


==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzAeIR7qMdg1EfYRAjwjAKDUQSDOa+d2XYIH8sJRNgXKww+3qwCfTplC
ewBBvddJuefPIrXXCegGHu0=
=phWR
-END PGP SIGNATURE-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQBFvqTIIR7qMdg1EfYRAtaeAJ481DWXPQZcVTGpVT08I3JL3MSa/wCgsrHG
TVy0PqEZqIscoUa0DBegnL4=
=sQHh
-END PGP SIGNATURE-













diff -urN samba-3.0.23d/source/nsswitch/winbind_nss_solaris.c 
samba/source/nsswitch/winbind_nss_solaris.c
--- samba-3.0.23d/source/nsswitch/winbind_nss_solaris.c 2006-04-19 
21:29:21.0 -0500
+++ samba/source/nsswitch/winbind_nss_solaris.c 2007-01-29 19:51:11.0 
-0600
@@ -493,7 +493,8 @@
af = AF_INET6;
 #endif
 
-   strncpy(request.data.winsreq, argp->key.name, strlen(argp->key.name)) ;
+   strncpy(request.data.winsreq, argp->key.name, 
sizeof(request.data.winsreq) - 1);
+   request.data.winsreq[sizeof(request.data.winsreq) - 1] = '\0';
 
if( (ret = winbindd_request_response(WINBINDD_WINS_BYNAME, &request, 
&response))
== NSS_STATUS_SUCCESS ) {
@@ -515,7 +516,8 @@
ZERO_STRUCT(response);
ZERO_STRUCT(request);

-   strncpy(request.data.winsreq, argp->key.name, strlen(argp->key.name));
+   strncpy(request.data.winsreq, argp->key.name, 
sizeof(request.data.winsreq) - 1);
+   request.data.winsreq[sizeof(request.data.winsreq) - 1] = '\0';
 
if( (ret = winbindd_request_response(WINBINDD_WINS_BYNAME, &request, 
&response))
== NSS_STATUS_SUCCESS ) {













-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
==
== Subject: Potential Denial of Service bug in smbd
== CVE ID#: CVE-2007-0452
==
== Versions:Samba 3.0.6 - 3.0.23d (inclusive)
==
== Summary: A logic error in the deferred open code
==  can lead to an infinite loop in smbd
==
==

===
Description
===

Internally Samba's file server daemon, smbd, implements
support for deferred file open calls in an attempt to serve
client requests that would otherwise fail due to a share mode
violation.  When renaming a file under certain circumstances
it is possible that the request is never removed from the deferred
open queue.  smbd will then become stuck is a loop trying to
service the open request.

This bug may allow an authenticated user to exhaust resources
such as memory and CPU on the server by opening multiple CIFS
sessions, each of which will normally spawn a new smbd process,
and sending each connection into an infinite loop.


==
Patch Availability
==

A patch against Samba 3.0.23d has been attached to this
email.  This fix has be incorporated into the Samba 3.0.24
release.  Patches are also available from at the Samba Security
page (http://www.samba.org/samba/security).


==
Workaround
==

The bug is believed to be exploitable only by an authenticated
user.  The server's exposure can be alleviated by disabling
any suspect or hostile user accounts.


===
Credits
===

This vulnerability was found during internal regression
testing by Samba developers.


==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxy/tIR7qMdg1EfYRAmI4AJ9Kvr4MgFPvAXiRpgj+8+hzvu7mNgCfZ41T
BrlCtaKlatCvLBoEk7bla6s=
=SHQU
-END PGP SIGNATURE-
diff -urN samba-3.0.23d/source/printing/nt_printing.c 
samba/source/printing/nt_printing.c
--- samba-3.0.23d/source/printing/nt_printing.c 2006-07-10 11:27:50.0 
-0500
+++ samba/source/printing/nt_printing.c 2007-01-30 15:00:45.0 -0600
@@ -4839,7 +4839,7 @@
pstrcpy( file, s );
driver_unix_convert(file, conn, NULL, &bad_path, &st);
DEBUG(10,("deleting driverfile [%s]\n", s));
-   unlink_internals(conn, 0, file, False);
+   unlink_internals(conn, 0, file, False, False);
}
}

@@ -4848,7 +4848,7 @@
pstrcpy( file, s );
driver_unix_convert(file, conn, NULL, &bad_path, &st);
DEBUG(10,("deleting configfile [%s]\n", s));
-   unlink_internals(conn, 0, file, False);
+   unlink_internals(conn, 0, file, False, False);
}
}

@@ -4857,7 +4857,7 @@
pstrcpy( file, s );
driver_unix_convert(file, conn, NULL, &bad_path, &st);
DEBUG(10,("deleting datafile [%s]\n", s));
-   unlink_internals(conn, 0, file, False);
+   unlink_internals(conn, 0, file, False, False);
}
}

@@ -4866,7 +4866,7 @@
pstrcpy( file, s );
driver_unix_convert(file, conn, NULL, &bad_path, &st);
DEBUG(10,("deleting helpfile [%s]\n", s));
-   unlink_internals(conn, 0, file, False);
+   unlink_internals(conn, 0, file, False, False);
}
}

@@ -4882,7 +4882,7 @@
pstrcpy( file, p );
driver_unix_convert(file, conn, NULL, 
&bad_path, &st);
DEBUG(10,("deleting dependent file [%s]\n", 
file));
-   unlink_internals(conn, 0, file, False);
+   unlink_internals(conn, 0, file, False, False);
}

i++;
diff -urN samba-3.0.23d/source/smbd/nttrans.c samba/source/smbd/nttrans.c
--- samba-3.0.23d/source/smbd/nttrans.c 2006-06-23 08:16:49.0 -0500
+++ samba/source/smbd/nttrans.c 2007-01-30 15:00:45.0 -0600
@@ -664,7 +664,7 @@
if (lp_acl_check_permissions(SNUM(conn)) && (share_access & 
FILE_SHARE_DELETE)
&& (access_mask & DELETE_ACCESS)) {
 #endif
-   status = can_delete(conn, fname, file_attributes, bad_path, 
True);
+   status = can_delete(conn, fname, file_attributes, bad_path, 
True, False);
/* We're o

Re: [Samba] Connection dropped when copying large files to a SambaServer

[Toby Bluhm]

Michelle Dupuis wrote:

Not hijacking the thread here...just adding more info as I have the same
issue.

I run Samba 3.0.23c (on FC6 64 bit), and am backing up from a Windows box to
my Samba share.  Sometimes it works great; other times the samba share locks
up (I need to restart the smb service); and last week samba caused a kernel
panic.  I can sometimes get 65GB onto the share before it locks up.

I can backup to the share using NFS (using Windows Services for Unix)
without issue, but not to Samba.  My relevant smb.conf settings are:

reset on zero vc = yes
read raw = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

  


Recent thinking is that so_rcvbuf & so_sndbuf are probably not needed 
anymore and may actually degrade performance. Try commenting them out & 
test again.


--

-Toby


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] application 'allway sync' evades sticky bit?!

[Rainer Traut]

Hi,

am running:
Redhat EL4.4 i386, Samba 3.0.23d from Sernet, ext3 fs
Samba as PDC

Someone's got the idea to have one big share with access managed by 
directory's sticky bit.
This works perfectly well when normal XP or W2k clients work with their 
explorer.


But: With 'allway sync', an app to synchronize for example between 
laptop and fileserver the program is somehow able to circumvent the 
sticky bit settings.


A file created locally on the notebook and synced to the server hast the 
wrong group rights:


# ls -la
insgesamt 2116
drwxrws---   2 cmueller sales4096  5. Feb 15:14 .
drwxrws---  25 root sales4096  5. Feb 15:14 ..
-rw-rw   1 cmueller awaromgmt 2151561 24. Jan 12:07 
SCN_20070122100735_001.pdf


# id cmueller
uid=2(cmueller) gid=1001(awaromgmt) 
Gruppen=1001(awaromgmt),1000(awaro),1004(sales)


The sticky bit is set but the file belongs to the user's primary group!

A file created in Explorer is fine though...
How is this possible?

Thx
Rainer
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] replacing a samba pdc server.

[Felipe Augusto van de Wiel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/26/2007 05:59 AM, Collen Blijenberg wrote:
> Hmm, my new server is installed as BDC!,
> 
> but using RPC VAMPIRE against a samba PDC or Domain, ain't working...

Check Andrew's reply, you can't vampire Samba, even
if you are a BDC. You should use pdbedit "-i|-e" instead. :)


> guess it's going to be import/export then,  that's all there is left

Yes.


Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxz/vCj65ZxU4gPQRAihNAJ40oKNUGR+oD2E/ai6YP8HSTatbagCfYJ+y
Tgx3KnCOiUUsxEhkoHVfOb8=
=oFA/
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Connection dropped when copying large files to a SambaServer

[Toby Bluhm]

Michelle Dupuis wrote:

Not hijacking the thread here...just adding more info as I have the same
issue.

I run Samba 3.0.23c (on FC6 64 bit), and am backing up from a Windows box to
my Samba share.  Sometimes it works great; other times the samba share locks
up (I need to restart the smb service); and last week samba caused a kernel
panic.  I can sometimes get 65GB onto the share before it locks up.

I can backup to the share using NFS (using Windows Services for Unix)
without issue, but not to Samba.  My relevant smb.conf settings are:

reset on zero vc = yes
read raw = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  


The current thinking on this list sez that SO_RCVBUF and  SO_SNDBUF are 
not needed and may actually degrade performance. Try commenting those 
out & test again.




--

-Toby


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Valid users not working on 3.0.23d

[Felipe Augusto van de Wiel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/02/2007 01:08 PM, Papo Napolitano wrote:
> Any one still having problems with "valid users" on 3.0.23d?
> I'm working in "security = USER" mode and with local users only.
> 
> Share configuration :
> 
> [private]
> path = /home/private
> valid users = papo
> force user = root
> force group = root
> read only = No
> create mask = 0600
> directory mask = 0700
> 
[...]
> Second test, using a valid but not listed user :
> 
> [EMAIL PROTECTED] /]# smbclient //julieta/private -U administrator
> Password:
> Domain=[JULIETA] OS=[Unix] Server=[Samba 3.0.23d]
> smb: \> mkdir 1
> smb: \> rmdir 1
> smb: \> quit
> 
> This is wrong, administrator shouldn't write, not even connect 
> to the share. "invalid users" seems to work ok though.
> I can provide debug logs for both versions if needed.
> Any hints?

Is your administrator in the list of 'admin users'?


> Thanks.-

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxz9zCj65ZxU4gPQRAjVQAKCMWQl39luBMWXxMcN73Z3pSiHnPwCgk1DR
8+0HSyl7roKBwGPxZyZZKrs=
=khZ1
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Error : Doing a node status request to the domain master browser at IP aaaa.bbbb.cccc.dddd failed

[Felipe Augusto van de Wiel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/28/2007 06:08 PM, Roger Brailly wrote:
> I've the following  error : Doing a node status request to the domain
> master browser at IP ... failed
> 
> First time I configure my smb.conf file on a server with the adress
> ...
> For some raison I have to change this address for another.
> 
> When I restart samba I the message :
> 
> nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(486)
> get_domain_master_name_node_status_fail:
> Doing a node status request to the domain master browser at IP
> 192.168.69.253 failed.
> Cannot get workgroup name.
> nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
> *
> 
> Samba name server LINUX is now a local master browser for workgroup
> LAMDRA on subnet 192.168.69.69
> 
> The server run whell but after a moment, I have the message :
> 
> get_domain_master_name_node_status_fail:
> Doing a node status request to the domain master browser at IP
> 192.168.69.253 failed.
> Cannot get workgroup name.
> 
> 
> How  can I do, not to have this error

Without your smb.conf it is a little bit hard to guess,
but usually this error is connected to misconfigurations of
netbios name and workgroup, or with network misconfigurations.


> Thanks
> Roger Brailly

Kind regards,
- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxz2iCj65ZxU4gPQRAi/dAJ4zHyaVGEDcfPTN1MB+xkOyipCHBQCgytjD
k+q6mAMoy3b1LjbE3f1GGqQ=
=4/rZ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbclient and name resolv timeouts

[Nicklas Bondesson]

Hi list,

I have some problems with long timeouts in samba when using smbclient. The
problem occurs when any listed nameserver in /resolv.conf is unreachable.

Samba is setup with security = ADS and auth methods = winbind. DNS is
serving _ldap and _kerberos SRV records.

After ~200 secs I get the following in my debug output:

ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration
tis, 06 feb 2007 01:03:12 CET
SPNEGO login failed: NT_STATUS_END_OF_FILE
session setup failed: Call returned zero bytes (EOF)

I have tried setting "options timeout:1" in resolv.conf but that only takes
it down to a good 25 secs.

Question: Is there a way to reduce the total time smbclient takes to decide
if a nameserver is available or not (if this is the actual problem)?

Any pointers are greatly appreciated.

Thanks,
Nicklas



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Connection dropped when copying large files to a SambaServer

[Michelle Dupuis]

Not hijacking the thread here...just adding more info as I have the same
issue.

I run Samba 3.0.23c (on FC6 64 bit), and am backing up from a Windows box to
my Samba share.  Sometimes it works great; other times the samba share locks
up (I need to restart the smb service); and last week samba caused a kernel
panic.  I can sometimes get 65GB onto the share before it locks up.

I can backup to the share using NFS (using Windows Services for Unix)
without issue, but not to Samba.  My relevant smb.conf settings are:

reset on zero vc = yes
read raw = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

Strangely, smb logs NO errors!  Trying to browse to the share from any
windows client times out.  But, after an smb restart everything is fine
again.

-MD-
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Felipe
Augusto van de Wiel
Sent: Monday, February 05, 2007 9:05 AM
To: samba@lists.samba.org
Subject: Re: [Samba] Connection dropped when copying large files to a
SambaServer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/30/2007 02:44 PM, mactek - Manuel Teixeira wrote:
> Hi all
>  
> I have a CentOS 4.4
>  
> Kernel 2.6.9-11.EL
> Samba (smbd -V)
> 3.0.10-1.4E.9

As a side note, you _really_ should install a newer version of
Samba, the last stable release is 3.0.23d.


> I've been using this server as a small file server recently i needed 
> to do a backup (ntbackup to file) and the backup fails randomly, the 
> largest backup file i managed was about 3GBytes I tried copying large 
> files and randomly the connection is lost I tried with a ping at the 
> same time and the replies don't get interrupted so it seems to me it 
> is a samba issue
>  
> I have the latest versions (except the kernel) or so the updater tells 
> me

If you are talking about samba then, no, definetely you don't have
the latest version. Could you please post your smb.conf so the list can take
a look at it?

Good tips would include to check the oplocks and the socket options.


> thanks all
> Manuel Teixeira

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de
Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzl6Cj65ZxU4gPQRAiyiAJ9yLZrnR2fPG4Dk5Km3ATVEIgnw+ACgphJk
LhmgDczhEI+NjnEJzmozc2g=
=lgWl
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] simple rights question

[Jeroen Vriesman]

Dear all,

I got the following situation, a share called "Bureaus", with the follwong
subdirs:

/Bureaus/A
/Bureaus/B
/Bureaus/C
etc.

where A,B,C.. are the bureau names

under all the bureau names are directories:

A/Task1
A/Task2
A/Task3
A/Archive

For all the bureau names.

Groups: everyone is a member of "Domain Users", and that's
always the primary group.
And, a group A, a group B etc, and groups "Task1 A", Task1 B"..."Task2 
A" etc.


The simple idea is to give everyone access to Bureaus, only those who 
are member

of group A can go into /Bureaus/A, and only those who are a member of group
"Task1 A" can go to /Bureaus/A/Task1 and do there whatever they want.

So fa so good, I've made acl's which allow "Domain Users" to r-x /Bureau,
without passing this on to the subdirectories, an acl which allows r-x 
to group A

(also without allowing this to subdirectories) for /Bureau/A, and for
/Bureau/A/Task1 including subdirectories the acl is "allow group Task1
everything".

That works fine.

But now for the Archive directory, the /Bureau/A/Archive should be 
read-only for
members of the group A, and read-write for members of the group 
"Archive Mods

A".

And that's the problem, if I add an acl (with the windows rights management
stuff) for the group A to have read-only right for /Bureau/A/Archive and
subdirectories, and for the same directories an acl with "allow 
everything" for
members of the group "Archive Mods A", then the effitive rights for 
members of

"Archive Mods A" is read-only, since the most restrictive rights apply.

What I expected at first was that the rights would be additive and only 
a deny

would have the effect which I'm seeing now.

How can I make it work?

smb.conf:
global: map acl inherit = Yes

The share /Bureaus:

   path = /samba/Bureau
   public = no
   browseable = yes
   writable = yes
   printable = no
   force create mode = 0770
   directory mask = 0770
   security mask = 0777
   force security mode = 0
   directory security mask = 0777
   force directory security mode = 0
   hide unreadable = yes



Kind regards,
Jeroen Vriesman.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Group policies and Vista

[Felipe Augusto van de Wiel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/30/2007 05:23 AM, Gunther Schlegel wrote:
> Hi,
> 
> coming back to my old topic: How to manage clients. Up to 
> Windows XP one could use the NT4-style policies, but Vista
> does not seem to obey them.
> 
> Are there any plans to get group policy functions on a samba-only
> domain? Or are there other ways to manage the clients?

There are plans to add group policies to Samba4, not sure
about Samba3.


You can manage the clients applying local policies or
trying WPKG, it could help depending on what you want.


> best regards, Gunther

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzoeCj65ZxU4gPQRAnGSAJsHQsc+P1qcrjmHURp1mhcxq/sg4gCgqUX7
JU6zvBa9iLuk2UliLT2CkHk=
=3puo
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Connection dropped when copying large files to a Samba Server

[Felipe Augusto van de Wiel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/30/2007 02:44 PM, mactek - Manuel Teixeira wrote:
> Hi all
>  
> I have a CentOS 4.4
>  
> Kernel 2.6.9-11.EL
> Samba (smbd -V)
> 3.0.10-1.4E.9

As a side note, you _really_ should install a newer
version of Samba, the last stable release is 3.0.23d.


> I've been using this server as a small file server
> recently i needed to do a backup (ntbackup to file)
> and the backup fails randomly, the largest backup file i 
> managed was about 3GBytes
> I tried copying large files and randomly the connection is lost
> I tried with a ping at the same time and the replies don't get 
> interrupted so it seems to me it is a samba issue
>  
> I have the latest versions (except the kernel) or so the updater 
> tells me

If you are talking about samba then, no, definetely you
don't have the latest version. Could you please post your
smb.conf so the list can take a look at it?

Good tips would include to check the oplocks and the
socket options.


> thanks all
> Manuel Teixeira

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzl6Cj65ZxU4gPQRAiyiAJ9yLZrnR2fPG4Dk5Km3ATVEIgnw+ACgphJk
LhmgDczhEI+NjnEJzmozc2g=
=lgWl
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] FW: smb.conf

[Felipe Augusto van de Wiel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/02/2007 02:01 PM, [EMAIL PROTECTED] wrote:
> Hello , 
> 
>   I need to configure samba on aix and this is the first time 
>   I am doing , require your help , can you please send me a
>   sample smb.conf file with notes for my reference.
>
>   your help is much appreciated.

Please, take a look at the Samba Docs, you will find the
Official Samba HOWTO and Samba By Example, both documents have
configuration files examples and scenarios.

http://www.samba.org/samba/docs/


Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzh2Cj65ZxU4gPQRAoeHAKCrQjuHoeFykZQIsJ1l9yOSkDyriACfdNOF
aIEKrFRuRoRFFnK2OoSVeuw=
=gIoR
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with [homes] under 3.0.23x

[Felipe Augusto van de Wiel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/04/2007 02:14 PM, Matthias Schuendehuette wrote:
> Hello,
> 
> I found another strange problem while migrating from 3.0.22 to 3.0.23x
> (with 'x' eq 'd' now):
> 
> I can't access my [homes]-share anymore - if i try, the samba-server
> prompts me for a password. What *is* working is accessing the same
> directory as []...
> 
> E.g.: \\Sambaserver\matthias works  whereas
>  \\Sambaserver\homesworks *not*
> 
> Unfortunaely it is essential for some of our processes to access the
> specific homedir of each user with the same sharename. It did work again
> after downgrade to 3.0.22. This implies that I didn't change anything on
> the samba configuration. The server is a member of an W2k3-AD-Domain. OS
> is FreeBSD 5.5 and 6.2
> 
> If I look at the log-files, everything looks fairly good, the
> homes-Service is mapped to the right directory, the (Win-) Username is
> mapped to the right unix account - no obvious problems in this area.
> 
> The only problem I found in the logfiles is a failure to decrypt
> incoming ticket (I think, this is why the password request pops up) when
> I try to access the homes-share. As said before, no problems when
> accessing all the other shares (there are lots!). What is different when
> accessing the homes-share?
> 
> I tried MIT-Kerberos as well as Heimdal 0.64 (IIRC, FreeBSD base), no
> difference. This makes kind of sense to me, because *if* it's a
> kerberos-problem it should be there with 3.0.22 as well, isn't it?

[homes] is a special share, AFAIK (and AIUI) it will share
the home of the user, not all the homes. If you can use another name,
just create a new share called [home] or [homedirs] and it probably
will do the tricky.


> The most strange thing at the end: On my workstation (FreeBSD 6.2 as
> well) it works. Same config (I checked *every line, /etc/krb5 *and*
> /usr/local/etc/smb.conf), same kerberos, also samba 3.0.23d - I have no
> idea what's going right here and wrong on the other machines. Perhaps a
> different encryption of the tickets? But how can I influence this? The
> ticket I get after 'kinit' is arcfour-encrypted - on the (not working)
> server as well as on the (working) workstation.

Are you sure that you have the same environment user? It
seems that something is a little bit different with regards to
the users available and also on the share configuration (sometimes
it is more than the smb.conf).


> Any suggestions and further questions are welcome...

Maybe posting your smb.conf and relevant logs would help
to identifiy where's the problem.


> Matthew

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzaOCj65ZxU4gPQRAljPAKCj/iacGQDO4nHYHy7jXHDlXugdOACgoeQu
eY8It2AD/PhesZsTIFMhCKo=
=j/Lu
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba-3.0.23 problem

[Felipe Augusto van de Wiel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/04/2007 06:51 PM, Michael St. Laurent wrote:
> We had to power down all servers today for electrical maintenance in the
> building and for some reason I began having access problems related to
> the valid users lists when power was restored.
>  
> The dialog from the 'Samba-3.0.23 broke my network' thread seemed as if
> it might be related even though I had not performed any software upgrade
> so I tried adding the group mappings as discussed in that thread.  It
> didn't seem to help.  If I remove the valid users parameter it works
> fine.
>  
> The below logfile snippet shows that it's having a problem with the
> group membership aspect of the valid users list.  Please note that user
> 'mikes' is most definitely a member of the unix group 'mis':
>  
>   looking for user mikes of domain (ANY) in netgroup mis
> [2007/02/04 12:43:17, 10] passdb/lookup_sid.c:lookup_name(64)
>   lookup_name: HCNAS\mis => HCNAS (domain), mis (name)
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(208)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 3] smbd/uid.c:push_conn_ctx(345)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2007/02/04 12:43:17, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2007/02/04 12:43:17, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/02/04 12:43:17, 10] smbd/share_access.c:user_ok_token(208)
>   User mikes not in 'valid users'
> [2007/02/04 12:43:17, 2] smbd/service.c:make_connection_snum(580)
>   user 'mikes' (from session setup) not permitted to access this share
> (exec_share)
> [2007/02/04 12:43:17, 3] smbd/error.c:error_packet(146)
>   error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
> NT_STATUS_ACCESS_DENIED
>  
> [EMAIL PROTECTED] samba]# groups mikes
> mikes : avante mis
> [EMAIL PROTECTED] samba]#
>  
> [exec_share]
> comment = Exec Share
> path = /usr/netshare/exec_share
> writeable = Yes
> valid users = @exec, @exasst, @mis
> admin users = @mis
> force group = exec
> force create mode = 0666
> force directory mode = 0777
>  
> Please help!

What happens if you try with:

valid users = +mis


Did you checked the "Release Notes" for 3.0.23b?

http://us1.samba.org/samba/history/samba-3.0.23d.html


Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzLhCj65ZxU4gPQRAsYTAKCG5tIRP3Hkz3fvRexU3pU6vZb6hgCgrDAu
dNND4PP6sa6bFAJR0aq2fAI=
=dq8E
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Failed join a domain, root found ok, Administrator not found

[Jason Baker]

Check the file /etc/samba/smbusers and make sure it contains the 
following entry:


   root = Administrator

This maps the administrator account when joining a domain to the root user.

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 



On 2/2/2007 7:17 AM, jamurph wrote:

I'm trying to join a Windows PC to a domain. I've got a root user set-up to
add machines to the domain. When prompted by windows, I enter in root and
the password. But I get a windows error dialog, indicating a user was not
found. 


However, in the samba log file for the machine I'm trying to connect to the
domain, I can see that the root user was found in ldap, however, for some
reason I can see samba is trying to find another user "Administrator" entry
in LDAP. There is no entry in ldap for Administrator. Anyone know why it is
looking for this "Administrator" user? I'm relatively comfortable with LDAP,
but my samba knowledge isn't good to be honest.

I've used smbldap-populate to create entries in LDAP.  The entry for the PC
is added to LDAP ok on my attempt to join the domain.

I did change /etc/samba/smbusers and added a mapping for Administrator =
root, but this didn't help

Following is more details and log file output

Any help much appreciated


Microsoft Windows Server 2003 Service Pack 1
Samba installed on Centos 4.3
smbd -V =>Version 3.0.22
winbindd -V => Version 3.0.10-1.4E.9

Running Openldap

[2007/02/02 11:32:08, 2] lib/smbldap.c:smbldap_open_connection(722)
  smbldap_open_connection: connection opened
[2007/02/02 11:32:08, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: root
[2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root]
succeeded
[2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2007/02/02 11:32:09, 2] smbd/server.c:exit_server(614)
  Closing connections
[2007/02/02 11:32:09, 2] lib/smbldap.c:smbldap_open_connection(722)
  smbldap_open_connection: connection opened
[2007/02/02 11:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: root
[2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root]
succeeded
[2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2007/02/02 11:32:09, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
  Returning domain sid for domain XXXDEV ->
S-1-5-21-3798003437-3932026004-3600456286
[2007/02/02 11:32:10, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
  _samr_create_user: Running the command `/opt/IDEALX/sbin/smbldap-useradd
-t 1 -w "dev-prefect-1$"' gave 9
[2007/02/02 11:32:10, 2] smbd/server.c:exit_server(614)
  Closing connections



# Global parameters
[global]
   workgroup = XXXDEV
netbios name = XXXDEV-PDC
   security = user
#enable privileges = yes
#interfaces = 10.192.3.21
#username map = /etc/samba/smbusers
server string = Samba Server
encrypt passwords = Yes
#pam password change = no
#obey pam restrictions = No
#ldap passwd sync = Yes
unix password sync = Yes
passwd program = /usr/sbin/ldap_userPassword_change %u
passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n
*Result**Success
# Settings to debug passwd chat
#passwd chat debug = Yes
#debug level = 103
#log level = passdb:5
# Crackcheck settings to allow NT style password complexity checks
check password script = /sbin/crackcheck -c -d
/usr/lib/cracklib_dict
log level = 2
syslog = 0
log file = /var/log/samba/%m.log
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
#   logon script = logon.bat
#   logon drive = H:
logon home = ""
logon path = ""
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2";
ldap admin dn = cn=Manager,dc=blah,dc=co,dc=uk
ldap suffix = dc=blah,dc=co,dc=uk
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2";
add user script = /opt/IDEALX/sbin/smbldap-user

Re: [Samba] configure SAMBA(PDC)+LDAP for win XP clients

[Jason Baker]

There are plenty of good on-line resources on how to do this. Google the 
following: Samba 3 by Example, The Official Samba How To and The Linux 
Samba-OpenLDAP Howto (from IdealX). These will get you started. Then you 
can use the board for more specific questions.


*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 



On 2/2/2007 12:51 AM, suresh bollu wrote:

Hi all,

i want to setup SAMBA(PDC) with LDAP for my work
place,
server is on FC5, and clients are Win XP,
when user login to samba it will save the profile of
the user and retrive back when he login again.

please help me to setup the above,

Regards,

Suresh Bollu

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Roaming Profiles won't save

[Jason Baker]

One thing to note is the profiles live on the old Samba server and are being 
mounted on the new server with NFS.
This is a tricky thing. You will have some strange permissions issues to 
deal with if you are tying to access the profiles from a mounted share. 
Why not just copy the profiles to the new PDC?
In the mean time, can you send a copy of the command used to create the 
mount?


*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 



On 1/12/2007 10:50 AM, Jason Martin wrote:
Hello! I am migrating an old Red Hat Samba 3.0.9 server to a new Debian Etch 
Samba 3.0.23d with an OpenLDAP backend. I've got almost everything working 
with the new server except the roaming profiles. When a user logs off, 
Windows complains that the permissions are not correct and the profile can't 
be saved. 


I would LOVE to get rid of roaming profiles but that isn't an option here.

I have read Samba-3 By Example, Second Edition and followed the roaming 
profiles example, but it still gives the errors. 

One thing to note is the profiles live on the old Samba server and are being 
mounted on the new server with NFS.


This is a small sample from the samba logs:

[2007/01/12 10:27:25, 2] smbd/open.c:open_file(352)
  jmartin opened file jmartin/Desktop/prf11A.tmp read=Yes write=No (numopen=6)
[2007/01/12 10:27:25, 2] smbd/open.c:open_file(352)
  jmartin opened file jmartin/Desktop/prf11B.tmp read=Yes write=No (numopen=7)
[2007/01/12 10:27:25, 2] smbd/close.c:close_normal_file(344)
  jmartin closed file jmartin/Desktop/prf11A.tmp (numopen=6)
[2007/01/12 10:27:25, 2] smbd/close.c:close_normal_file(344)
  jmartin closed file jmartin/Desktop/prf11B.tmp (numopen=5)
[2007/01/12 10:27:25, 2] smbd/open.c:open_file(352)
  jmartin opened file jmartin/Desktop/prf11A.tmp read=Yes write=Yes 
(numopen=6)

[2007/01/12 10:27:25, 2] smbd/open.c:open_file(352)
  jmartin opened file jmartin/Desktop/prf11B.tmp read=Yes write=Yes 
(numopen=7)

[2007/01/12 10:27:37, 2] smbd/close.c:close_normal_file(344)
  jmartin closed file jmartin/Desktop/prf119.tmp (numopen=6)

I will gladly provide any other conf files and logs if they are asked for.

Thank you for your help!

  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbldap machine account pb since 3.0.23c-1

[emmanuel musso]

Hello

When a windows xp workstation join a domain, by windows gui parameters, ldap
machine attributes are not filled correctly:

- No attribute sambaprimarygroupsid (before, there was one terminated by 515)
- rid (of sambasid) is not equal a 2*uid+1000

If i create a user, rid (sambasid) equal a 2*uid + 1000 (and sambaprimarygrousid
terminated by 513)

All the others samba attributes are ok
Same problem if i use "smbldap-useradd -w" before joining the domain; Posix
attributes are created by "smbldap-useradd -w", and samba attributes are
created the first time workstation join the domain, allways with bad sambasid
and without sambaprimarygroupsid.

Same problem if i use "net join" on a linux smbclient with winbind

In all cases, my workstation is connected to the domain, and user can use it.

I didn't change my config, i didn't modify idealx tools. I think the problem
exits since 3.0.23c-1 update in month september. I know my computers who joined
the domain before samba 3.0.23c-1 update (debian apt-get) are ok, with
sambaprimarygroupsid present, and valid sambasid
(rid = 2* uid + 1000).
I have 2 Domain with the same problem

My config:
- Server
samba 3.0.23d-4 on debian testing, with daily updates
smbldap-tools 0.9.2-3
- smb.conf:
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
- worstation:
windows xp sp2
windows 2000 sp4
kdm on debian with smbclient and winbind

Thank you very much

Best regards
-- 
Emmanuel musso
technicien informatique
I.U.T. Paul Sabatier
Dépt Génie électrique 0562258241
Service informatique 0562258025






This message was sent using IMP, the Internet Messaging Program.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba