Re: [Samba] FreeBSD and Winbind
On Saturday 10 February 2007 12:06, [EMAIL PROTECTED] wrote: [snip] I've only used smb/nss_ldap and I didn't need to copy it into /usr/lib. Can you try recompiling nss_winbind with -DDEBUG_NSS? It should print stuff to stderr (of the calling application). Note that this can produce "interesting" results in some programs because there is extra stuff coming out of stderr :) If you run winbindd with debugging do you see it print debugging messages when you run getent/id/etc..? -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpMXpDy9Y2vM.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
Ok, Jay, This is a real long shot, but I did run into a similar problem on SLE9 Suse Linux system. Same sort of symptoms, wbinfo would work but getent, etc would not. Finally determined that the ncsd service was interfering with the operation of winbind - so it had to be turned off: /etc/rc.d/nscd stop chkconfig nscd off After that, it all worked. I'm not familar with FreeBSD, don't even know if there IS an nscd service on it, but it's the last thing I can think of. Don - Original Message From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Friday, February 9, 2007 8:36:07 PM Subject: RE: [Samba] FreeBSD and Winbind Thanks to everyone for the help. I still cannot get getent passwd or getent group to work. This is what I have done since last round of e-mails. If anyone sees anything glaringly obvious, please let me know. 1. Compiled samba from source with --prefix=/usr/local/samba --with-smbtar --with winbind. 2. Modified /etc/nsswitch.conf with passwd: files winbind group: files winbind 3. Copied nss_winbind.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_winbind.so.2. libnss_winbind.so has permissions of 444 and is owned by root:wheel. 4. Copied nss_wins.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_wins.so.2. libness_wins.so has permissions of 444 and is owned by root:wheel. 5. Ran ldconfig -r to reload shared objects. libnss_winbind and libnss_wins are listed. 6. Started winbind. No errors. 7. wbinfo -u and wbinfo -g return the user and group names. 8. getent passwd and getent group only return local groups and users. If anyone sees anything obviously wrong, please let me know. Thanks, Jay > Hi Jay, > > I just went through something similar on the list. If you are able to > use > wbinfo -u to see the users, but cannot see them with getent, the issue is > almost certainly with the libnss_winbind.so library or in your > nsswitch.conf > configuration. > > I believe where the libraries need to be located depends on your linux > flavor. I can tell you that on Gentoo with 3.024, they are the following: > > /usr/lib/libnss_winbind.so > /usr/lib/libnss_winbind.so.2 -> libnss_winbind.so > /usr/lib/libnss_wins.so > /usr/lib/libnss_wins.so.2 -> libnss_wins.so > > I believe I have seen documentation which locates them in lib/security > for > Solaris, and I have seen them as both nss_ and libnss_ in various > documentation and posts, so you should check the install documentation for > FreeBSD. > > The nsswitch.conf check is quite simple - you need to make sure winbind > is > listed as an information source. My nsswitch.conf on gentoo needed to > have > winbind added on the following: > > passwd: files winbind > group: files winbind > > Depending on what you have installed, you may need compat, db, nis, or > other information stores listed at appropriate places in nsswitch.conf or > the FreeBSD equivalent. Since I don't run FreeBSD, I don't want to steer > you too far off track. > > Sincerely, > Donald > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, February 07, 2007 7:15 PM > To: samba@lists.samba.org > Subject: [Samba] FreeBSD and Winbind > > I'm hoping this is an easy question, but the way my day has gone I > seriously doubt it is going to be. > > Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 > server. I am able to join my domain and get information concerning groups > and passwords from the domain controller (Windows 2003) without any > problem. > > Where I have run into a problem is using getent to get a copy of the > usernames/passwords and groups moved to the Samba machine. When I run > getent, only information from the local passwd and group files is > displayed. Which leads me to believe this is an nsswitch problem. > > To be more specific I think I have made a mistake copying the libraries to > the proper location. I was not able to find libnss_winbind.so in > /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the > correct file to copy? And, where should these files be copied to on > FreeBSD? From what I have read so far, I am guessing these should be > copied to /usr/lib. > > I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and > libnss_winbind.so.2 being listed in the hints file. > > My nsswitch has the following configuration > passwd: files winbind > group: files winbind > group_compat: nis > hosts: files dns > networks: files > passwd_compat: nis > shells: files > > Any suggestions concerning how to proceed would be greatly appreciated. > > Thanks, > > > Jay > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > -- To unsubscribe from
RE: [Samba] FreeBSD and Winbind
Thanks to everyone for the help. I still cannot get getent passwd or getent group to work. This is what I have done since last round of e-mails. If anyone sees anything glaringly obvious, please let me know. 1. Compiled samba from source with --prefix=/usr/local/samba --with-smbtar --with winbind. 2. Modified /etc/nsswitch.conf with passwd: files winbind group: files winbind 3. Copied nss_winbind.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_winbind.so.2. libnss_winbind.so has permissions of 444 and is owned by root:wheel. 4. Copied nss_wins.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_wins.so.2. libness_wins.so has permissions of 444 and is owned by root:wheel. 5. Ran ldconfig -r to reload shared objects. libnss_winbind and libnss_wins are listed. 6. Started winbind. No errors. 7. wbinfo -u and wbinfo -g return the user and group names. 8. getent passwd and getent group only return local groups and users. If anyone sees anything obviously wrong, please let me know. Thanks, Jay > Hi Jay, > > I just went through something similar on the list. If you are able to > use > wbinfo -u to see the users, but cannot see them with getent, the issue is > almost certainly with the libnss_winbind.so library or in your > nsswitch.conf > configuration. > > I believe where the libraries need to be located depends on your linux > flavor. I can tell you that on Gentoo with 3.024, they are the following: > > /usr/lib/libnss_winbind.so > /usr/lib/libnss_winbind.so.2 -> libnss_winbind.so > /usr/lib/libnss_wins.so > /usr/lib/libnss_wins.so.2 -> libnss_wins.so > > I believe I have seen documentation which locates them in lib/security > for > Solaris, and I have seen them as both nss_ and libnss_ in various > documentation and posts, so you should check the install documentation for > FreeBSD. > > The nsswitch.conf check is quite simple - you need to make sure winbind > is > listed as an information source. My nsswitch.conf on gentoo needed to > have > winbind added on the following: > > passwd: files winbind > group: files winbind > > Depending on what you have installed, you may need compat, db, nis, or > other information stores listed at appropriate places in nsswitch.conf or > the FreeBSD equivalent. Since I don't run FreeBSD, I don't want to steer > you too far off track. > > Sincerely, > Donald > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, February 07, 2007 7:15 PM > To: samba@lists.samba.org > Subject: [Samba] FreeBSD and Winbind > > I'm hoping this is an easy question, but the way my day has gone I > seriously doubt it is going to be. > > Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 > server. I am able to join my domain and get information concerning groups > and passwords from the domain controller (Windows 2003) without any > problem. > > Where I have run into a problem is using getent to get a copy of the > usernames/passwords and groups moved to the Samba machine. When I run > getent, only information from the local passwd and group files is > displayed. Which leads me to believe this is an nsswitch problem. > > To be more specific I think I have made a mistake copying the libraries to > the proper location. I was not able to find libnss_winbind.so in > /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the > correct file to copy? And, where should these files be copied to on > FreeBSD? From what I have read so far, I am guessing these should be > copied to /usr/lib. > > I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and > libnss_winbind.so.2 being listed in the hints file. > > My nsswitch has the following configuration > passwd: files winbind > group: files winbind > group_compat: nis > hosts: files dns > networks: files > passwd_compat: nis > shells: files > > Any suggestions concerning how to proceed would be greatly appreciated. > > Thanks, > > > Jay > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with XP Client: The user name could not be found
Ah, if you are attempting to join the domain, then it could be that the user name has not been set up properly. Samba can map Windows users if the names are different or use the Windows name if it is the same as a Unix name (handy in XP Home workstations which don't have domain logins). Have you joined the computer to the domain? Have you set up the Windows user account on the Samba server? Have you enabled the Windows user account on the Samba server? Monte L. Early wrote: I just tried that and it and I am getting the same error when I attempt to join the domain. - Original Message - From: "Gary Dale" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, February 09, 2007 1:03 PM Subject: Re: [Samba] Samba with XP Client: The user name could not be found Monte L. Early wrote: I am trying to connect an XP Pro workstation to a Samba server configured as PDC. I can access shares from the XP client by simply mapping the resource and entering login/pass. However, whenever I attempt to connect to the domain, it gives me the error: "The user name could not be found." I am using the same user name in Samba, Linux and XP. Any suggestions? Have you tried "profile acls = yes" in smb.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] My Net is busted
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Davidson wrote: > I was guessing that, but it will not let me create them: > > [EMAIL PROTECTED] os]# net groupmap add rid=512 unixgroup=cnrg > ntgroup="Domain Admins" > [2007/02/09 16:45:06, 0] > passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(2330) > ldapsam_add_group_mapping_entry: failed to add group 102 error: �_ > (Internal (implementation specific) error) > adding entry for group Domain Admins failed! > > Otherwise, your book would be keeping me from > posting here. LOL! ok. Fair enough. Basic questions: * Is cnrg a posixGroup in the directory? * Are you using the smbldap tools ? * Have you set the 'ldap group suffix'? * Have you looked at the LDAP modify request on the wire (in Wireshark)? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzQIIIR7qMdg1EfYRAiMgAJ9f/OZw5DAY3xUzlYuQ1UcNsSTEtgCeJt0v g5JPZtEL8t7zzKPgTO4nb7E= =Ikqb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] My Net is busted
I was guessing that, but it will not let me create them: [EMAIL PROTECTED] os]# net groupmap add rid=512 unixgroup=cnrg ntgroup="Domain Admins" [2007/02/09 16:45:06, 0] passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(2330) ldapsam_add_group_mapping_entry: failed to add group 102 error: �_ (Internal (implementation specific) error) adding entry for group Domain Admins failed! Otherwise, your book would be keeping me from posting here. Dan On Fri, 2007-02-09 at 15:59 -0600, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Daniel Davidson wrote: > > > [EMAIL PROTECTED] sbin]# net groupmap list > > [EMAIL PROTECTED] sbin]# > > > > With and LDAP backend that is working properly > > for users, what could cause that? > > Until you create mappings, you won't see any reported. > > > > > > cheers, jerry > = > Samba--- http://www.samba.org > Centeris --- http://www.centeris.com > "What man is a man who does not make the world better?" --Balian > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.3 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFzO7KIR7qMdg1EfYRAompAKDX44+XRmMB4frpzFP5a13CdMBgoQCg8ElI > cB1fRRGK90ZhRLkzi0bKyDs= > =9a2c > -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] What is the difference between %u and %U
> From: Don McCall > > %U returns the username the client requested over the wire > %u returns the username that he actually mapped to. > > > From: Gerald (Jerry) Carter > > %u is based on the uid of the connected userand > is only available with the context of a share > connection. That's a little over simplified explanation > but a good rule of thumb. > > cheers, jerry Don's answer was the same as what's in the documentation... Jerry, I still don't get it. Basically this is for setting the path for the Homes share and what to use in the script to create the Homes share folder. Right now I am using %S (per suggestion) but that is also creating shares and folders for computer accounts. I don't want computer accounts to create shares so I thought I would use %u or %U instead. >From what Jerry says then, I should use %u, but I'm still a little curious as to what %U would be used for then. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smb.conf man page on www.samba.org
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Taylor, Marc wrote: > I was trying to lookup some things in the > online smb.conf man page on > http://us4.samba.org/samba/docs/man/manpages-3/smb.conf.5.html > find that a substantial portion of it is missing. > On my windows box using Firefox, I see something > like this: > > EXPLANATION OF EACH PARAMETER > > > Thought you should know. All fixed now. Mirrors will take a bit to update. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzO+cIR7qMdg1EfYRAiozAJ91gdX9xHw4stALd2VuGLsJP9e9CwCgoUWI MkfkwNpoKIJHmBWFwIAvl/0= =I87p -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] difference between %u and %U
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James A. Dinkel wrote: > What is the difference between %u and %U? The > documentation says they both return the value > of the connected username, but will they return > different values? %u is based on the uid of the connected userand is only available with the context of a share connection. That's a little over simplified explanation but a good rule of thumb. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzO8MIR7qMdg1EfYRArppAKDl3+1gd/sBNj2Gqpp/J76emGTv3QCg5kkF Ob30Bx8eK7o9ZeCNak62N1Q= =THHh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] My Net is busted
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Davidson wrote: > [EMAIL PROTECTED] sbin]# net groupmap list > [EMAIL PROTECTED] sbin]# > > With and LDAP backend that is working properly > for users, what could cause that? Until you create mappings, you won't see any reported. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzO7KIR7qMdg1EfYRAompAKDX44+XRmMB4frpzFP5a13CdMBgoQCg8ElI cB1fRRGK90ZhRLkzi0bKyDs= =9a2c -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] What is the difference between %u and %U
What is the difference between %u and %U? The documentation says they both return the value of the connected username, but will they return different values? Or the same values? Or different values in different situations? James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] My Net is busted
I cannot find the source of this problem for the life of me. I have a samba server I have had set up for ages, that I am finally needing to do groupmapping on. On that system if I do a net groupmap, I get noting at all returned except for a newline. In fact almost all net commands seem to not work properly, with the exception of net status. For instance: [EMAIL PROTECTED] sbin]# net usersidlist [2007/02/09 14:35:18, 0] utils/net_rpc.c:net_usersidlist(3726) Could not get the user/sid list [EMAIL PROTECTED] sbin]# net groupmap list [EMAIL PROTECTED] sbin]# With and LDAP backend that is working properly for users, what could cause that? thanks, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] difference between %u and %U
What is the difference between %u and %U? The documentation says they both return the value of the connected username, but will they return different values? James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] name query returning all ip addresses for server instead of primary one
On Friday 09 February 2007, Antony Sargent wrote: > # only bind to the loopback and first ethernet interfaces > interfaces = lo eth0 > bind interfaces only = yes And one more thought. Always use testparm to see what's really being set. One time I had made some changes but further down in the conf file the change was being reversed by the distros default conf entry that I missed when skimming the file. So if you had: --- bind interfaces only = yes ... ... bind interfaces only = no --- The "no" entry is coming after the "yes" entry and therefore "no" will take precedence, which testparm would confirm, eliminating a skimming error and guesswork. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] name query returning all ip addresses for server instead of primary one
On Friday 09 February 2007, Antony Sargent wrote: > # only bind to the loopback and first ethernet interfaces > interfaces = lo eth0 > bind interfaces only = yes Back on 10/15/06 I posted about an issue - titled: "nmbd problems with secondary lo". No responses were received. It's not the same problem you have but they might be related. The workaround I posted then was to use an IP address in place of an interface name. You might want to try that. Ex: - interfaces = 192.168.1.2, 127.0.0.1 bind interfaces only = Yes hosts allow = 192.168.1. 127. - Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] name query returning all ip addresses for server instead of primary one
Our server is multihomed, and I've been finding that sometimes clients doing a NetBIOS Name Service (NBNS) query to our samba server sometimes end up getting and using one of the non-primary addresses. I used ethereal to look at the actual NBNS response from the server and notice that all of its ip addresses are listed, with the primary one first but all the others as well. I guess the client somehow picks randomly among them? Clients picking the wrong one seems to happen particularly often on vpn connections via the pptpd server running on the same machine. I've perused the samba o'reilly book, online documentation, and the mailing list archives, and I had thought that the "interfaces" and "bind interfaces only" commands in smb.conf should restrict the samba server to only vending the ip address of the primary interface eth0, but that doesn't seem to work. Does anyone know how to get samba to only reply with one of its ip addresses to NBNS queries? Thanks! Antony System info: CentOS 4, Linux 2.6.9-42.0.3.ELsmp Samba rpm's installed: samba-common-3.0.10-1.4E.9 samba-3.0.10-1.4E.9 Here is our smb.conf: (I've changed the actual server name changed to "servername", and workgroup changed to "serverworkgroup") [global] netbios name = servername server string = workgroup = serverworkgroup encrypt passwords = yes domain master = yes local master = yes preferred master = yes os level = 33 security = user domain logons = yes # We set these to empty so that we don't use roaming profiles logon path = logon home = time server = yes admin users = root wins support = yes # only bind to the loopback and first ethernet interfaces interfaces = lo eth0 bind interfaces only = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [home] path = /home/ veto files = /lost+found/ writeable = yes browseable = yes guest ok = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Howto setup printing with Windows XP Clients, cups and samba..
Patrick, I can't remember if you posted your Samba version or not. If you are using a Samba version between 3.0.11 and 3.0.22, you will need to add "enable privileges = Yes" to the global section. The default was changed from No to Yes in 3.0.23. If this isn't the issue, I'm running out of ideas. Also, see link at bottom of post for cupsaddsmb/adobe driver problem. Dale schönfeld / in-medias-res.com wrote: Hi, okay. With your help I'm a step further, but the problem itself persists. In fact something must have gone wrong, when i added PrintOP privileges to the admin user, cause it didn't have the flags I've added. Now the Admin User does have the necessary privileges: majestix-linux:~# net -U Administrator rpc rights list Administrator [2007/02/09 11:28:30, 0] param/loadparm.c:map_parameter(2698) Unknown parameter encountered: "privileges" [2007/02/09 11:28:30, 0] param/loadparm.c:lp_do_parameter(3428) Ignoring unknown parameter "privileges" Password: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege The user is in the right group to be a Domain Admin. SID of the Domain Admins group is correct. Writing to the print$ share is possible. What else could be the problem? Patrick schönfeld / in-medias-res.com wrote: Hi Dale, Hi Martin, thanks for your good explanations. I will try to follow them in order to get driver upload working properly. Thanks and best Regards Patrick Dale Schroeder wrote: Don't forget to enable the privilege to add printers as described in http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html#id341486 . Required for cupsaddsmb with postscript drivers, or to directly upload windows drivers to a raw CUPS queue. Dale Martin Zielinski wrote: Hi, That's really not the way you should do this. Try this: 1st Check your permissions : Enter on your windows client: Start->Run-> \\\print$ (Note the $) You should see at least the W32X86 folder you previously created in the driver section of your Samba server. Try to add a new folder - or (if exists) change into W32X86\3 and create a file (or folder) *from your windows client*. If this fails - you have a permission problem and have to solve it first. 2nd Install your driver: - Enter on your windows client: Start->Run-> \\ - Change into the "Printers and Faxes" folder - Right click -> Server Properties - Middle tab "Drivers" - Click "Add" and follow the instructions 3rd Assign your driver: - In the "printers and faxes" folder right-click on a printer - Select Properties - Tab "Advanced" - Select the driver from the drop down box - Ok Your done. Most problems with permissions will be caused because of the unix rights of your driver directories. You could try to "chmod 0777" them all "e.g. /var/drivers /var/driver/W32X86 ..." Hope that helps, Martin Hi there, > > slowly but sure I'm getting absolutely *insane* with the > printer setup on a *Samba* PDC. I got Cups to work. It works > like a charm if someone *installs* a printer via the cups > *interface*. It also prints *in* a good quality. On *Samba* side I > even have those "Printers and fax devices" *in* the visible > shares. And if i *install* CUPS6 Drivers manual on the target > system i can even print on the printers *in* there. Everything good. > But how do i get drivers uploaded to my *samba*, so that it > works to download them automatically on the clients. And > which drivers should i take? I've tried to add the cups > drivers with cupsaddsmb, but that fails because this util is > searching for adobe postscript drivers.** **You can use MS postscript files: ps5ui.dll, pscript.hlp, pscript ntf, and pscript5.dll. They can be copied from any Windows machine that has a postscript printer installed. See: http://www.cups.org/doc-1.2/man-cupsaddsmb.html . > I then tried to *install* the adobe postscript drivers, but it's hard to find a > package which can be extracted just like it is and it is even > harder to find out what these damn .exe does *install*. > > Then: I searched those files, that cupsaddsmb is accessing on > a windows xp system and *installed* them to cupsaddsmb's source > folder. That worked for running it successful. I'm also able > to connect windows xp printers, > but printing is a catastrophe. It's like someone has thrown > the letters *in* a random order on the paper. > > I also tried to *install* drivers by usage of the (Domain-) > Administrator account on a windows xp system, but i keep > getting messages that i do not have the permission to do so :-( > > What do i do wrong? > > See testparm output below. > > Greets and Thanks *in* advance > > Patrick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with XP Client: The user name could not be found
Monte L. Early wrote: I am trying to connect an XP Pro workstation to a Samba server configured as PDC. I can access shares from the XP client by simply mapping the resource and entering login/pass. However, whenever I attempt to connect to the domain, it gives me the error: "The user name could not be found." I am using the same user name in Samba, Linux and XP. Any suggestions? Have you tried "profile acls = yes" in smb.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with XP Client: The user name could not be found
I am trying to connect an XP Pro workstation to a Samba server configured as PDC. I can access shares from the XP client by simply mapping the resource and entering login/pass. However, whenever I attempt to connect to the domain, it gives me the error: "The user name could not be found." I am using the same user name in Samba, Linux and XP. Any suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind separator = +
> -Original Message- > From: Michael Davidson > Sent: Friday, February 09, 2007 10:48 AM > > I have read many opinions on what character to use for the winbind > separator. Many people urge changing the default to '+'. According to > testparm: > > 'winbind separator = +' might cause problems with group membership. > > The man page for smb.conf says this on the subject: > > "Please note that setting [winbind separator] to + causes problems with > group membership at least on glibc systems, as the character + is used as > a special character for NIS in /etc/group." > > > What *exactly* are the implications of using '+' as the winbind separator > (in the absence of NIS)? > > Thank you, > > Michael Davidson > I've never understood why anyone would change it from the default. Especially since '+' specifically is know to cause problems. I've always used the default and have not had a problem. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cygwin and linux permissions?
On Fri, 09 Feb 2007, mikee might have said: > On Fri, 09 Feb 2007, Tim Boneko might have said: > > > mikee schrieb: > > > > >> On linux if I 'chmod 0600 $file' and then 'ls -l $file' on windows the > > >> file permissions still show 0644. No change, like the file permissions ar > > >> cached somewhere. > > > > I had the very same problem during the last weeks. I kept trying and > > testing and in the end i finally had working ACLs (hooray!), but this > > didn't help. I created a file from Windows and set the permissions > > really restrictive (like "0600", no access to anyone but me). OpenSSH > > still complained. > > > > My "solution": Putty. Runs perfectly now. Make sure to download the > > puttygen packet if you want to use your existing ssh keys - the program > > converts them to .ppk keys used in putty. Couldn't find any downsides > > except for the key conversion. > > > > http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html > > Thanks for the reply. Very restrictive permissions are what I need. I think > the problem may be how cygwin is interpreting the windows/samba > permissions. I have a user that is ssh'ing into windows to compile an > application (they are developers). For this compiling the user's scripts > (Makefiles actually I think) ssh back to unix servers to do something. As > this is an automated script I need the ssh to go through without asking > for a password. This works unix-to-unix, bot not windows-to-unix. The solution (just found it) is add 'smbntsec' to the CYGWIN environment variable. In cygwin I fixed by adding the code below to /etc/profile: if [ "$CYGWIN" = '' ] ; then CYGWIN='tty ntsec smbntsec' else CYGWIN="$CYGWIN tty ntsec smbntsec" fi export CYGWIN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind separator = +
I have read many opinions on what character to use for the winbind separator. Many people urge changing the default to '+'. According to testparm: 'winbind separator = +' might cause problems with group membership. The man page for smb.conf says this on the subject: "Please note that setting [winbind separator] to + causes problems with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group." What *exactly* are the implications of using '+' as the winbind separator (in the absence of NIS)? Thank you, Michael Davidson Mount Washington Observatory www.mountwashington.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cygwin and linux permissions?
On Fri, 09 Feb 2007, Tim Boneko might have said: > mikee schrieb: > > >> On linux if I 'chmod 0600 $file' and then 'ls -l $file' on windows the > >> file permissions still show 0644. No change, like the file permissions ar > >> cached somewhere. > > I had the very same problem during the last weeks. I kept trying and > testing and in the end i finally had working ACLs (hooray!), but this > didn't help. I created a file from Windows and set the permissions > really restrictive (like "0600", no access to anyone but me). OpenSSH > still complained. > > My "solution": Putty. Runs perfectly now. Make sure to download the > puttygen packet if you want to use your existing ssh keys - the program > converts them to .ppk keys used in putty. Couldn't find any downsides > except for the key conversion. > > http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Thanks for the reply. Very restrictive permissions are what I need. I think the problem may be how cygwin is interpreting the windows/samba permissions. I have a user that is ssh'ing into windows to compile an application (they are developers). For this compiling the user's scripts (Makefiles actually I think) ssh back to unix servers to do something. As this is an automated script I need the ssh to go through without asking for a password. This works unix-to-unix, bot not windows-to-unix. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cygwin and linux permissions?
mikee schrieb: >> On linux if I 'chmod 0600 $file' and then 'ls -l $file' on windows the >> file permissions still show 0644. No change, like the file permissions ar >> cached somewhere. I had the very same problem during the last weeks. I kept trying and testing and in the end i finally had working ACLs (hooray!), but this didn't help. I created a file from Windows and set the permissions really restrictive (like "0600", no access to anyone but me). OpenSSH still complained. My "solution": Putty. Runs perfectly now. Make sure to download the puttygen packet if you want to use your existing ssh keys - the program converts them to .ppk keys used in putty. Couldn't find any downsides except for the key conversion. http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html timbo -- In the Top 40, half the songs are secret messages to the teen world to drop out, turn on, and groove with the chemicals and light shows at discotheques. -- Art Linkletter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdbedit: '-G rid' doesn't seem to have any effect
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Hall wrote: > OK. I'm guessing that the real problem is that > the passdb.tdb contains an entry for Primary Group SID at all. > With the change to group handling in v3.0.23 the Group SIDs > should be found by UNIX UID -> UNIX GID(s) -> Windows Group SID(s). true. The groupSID entry in the passdb is ignored currently. We decided to do that rather than force a version change on the tdb format or LDAP schema. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzJ7lIR7qMdg1EfYRAjwsAKCng4rPDPoZfvsxRIHFEkgn0YtmkQCgmYul WakPOSDBR9onFr3DFDVAueo= =aeyt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] copying a folder removes the 'hidden' attribute
> -Original Message- > From: Jeremy Allison > Sent: Thursday, February 01, 2007 4:29 PM > > On Thu, Feb 01, 2007 at 04:24:48PM -0600, James A. Dinkel wrote: > > I have extended attributes enable in the file system so the 'hidden' and > > other attributes should be saved as an extended attribute. > > > > When connecting to the share from a Windows computer, if I copy a FILE > > then the new file stays hidden, but if I copy a FOLDER then the new > > folder is NOT hidden. > > > > I tried this on a Windows file server and it does preserve the 'hidden' > > attribute, which is what I want. I know this isn't really critical, but > > it's annoying when copying a folder with hidden subfolders. All the > > hidden subfolders are now un-hidden and I have to go through and re-hide > > them. > > > > Is this a bug, or maybe there is something I can do about it? I'm using > > Samba 3.0.23d from the Debian Etch repository. > > Sounds like a bug. Can you log it at bugzilla, but I need the *exact* > steps to reproduce it (including client version etc. etc.). > > Jeremy. Ok, I finally got an account set up and filed the bug here: https://bugzilla.samba.org/show_bug.cgi?id=4385 I hope the bug report is satisfactory :) James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connection from WinXP 64 Bit to Samba server broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Michael! Thanks for your reply! Michael Gasch schrieb: > hi andreas, > > i just can tell you that we migrated from debian (samba 3.0.14 orig > debian) to SLES10 (samba 3.0.22 orig novell) last weekend to make > winxp64 work with our samba DCs. before that you could join the domain > but not authenticate. i know that almost all of your samba versions are >> 3.0.20 which contain the fix for 64bit. we use "security = domain" > w/out specifying a password server on our member servers (SLES9/ > SLES10). which versions are your DCs running? can you connect to the > IPC$ share of any DC? can you login to winxp64 on the domain? > The WinXP 64 Machine can join its assigned domain without problems, the domain controller is running samba-3.0.8! But the servers in question are *not* in this domain, they are all in a different workgroup. - - andreas - -- Andreas Haumer | mailto:[EMAIL PROTECTED] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzIwvxJmyeGcXPhERAriHAJ9uhfnPVUyJj0Wh583T9sJloi2OZwCgrIKn EV4CcLf4ra21F9lNFPDjVLg= =2shJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Valid users not working on 3.0.23d
I've been watching this thread because I have several shares where like Felipe I'll do valid users = user1, user2, user3 force user = user4 so if there is actually some sort of problem as Felipe is describing, it concerns me. As far as reading the WHATSNEW.txt file, I've gone through it again and maybe its just me but I can't figure out what John might be referring to that could be causing Felipe's issue. I'm speculating John is referring to the way it may now be necessary to include the domain portion in the valid users parameter, ie something along the lines of.. valid users = mydomain\user1, mydomain\user2, mydomain\user3 (actually I've taken to creating a username map with entries like user1=mydomain\user1 user2=mydomain\user2 user3=mydomain\user3 user4=mydomain\user4 and leaving the valid users parameters as they where) Not having the domain portion could cause users Felipe intends allowing to be denied. But, he is having the exact opposite problem, users he intends denying are being allowed. Also, he says that downgrading to 3.0.22 and using the same smb.conf fixes his problem. Personally I can't replicate his issue, although I use domain level security instead of user level level like he is so perhaps thats part of it. Also, I'm curious about what his username map file might be and wonder if the issue could be in there. Tom Schaefer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John H Terpstra Sent: Monday, February 05, 2007 7:31 PM To: samba@lists.samba.org Subject: Re: [Samba] Valid users not working on 3.0.23d On Monday 05 February 2007 11:05, Papo Napolitano wrote: > Felipe Augusto van de Wiel wrote: > > On 02/02/2007 01:08 PM, Papo Napolitano wrote: > >> Any one still having problems with "valid users" on 3.0.23d? > >> I'm working in "security = USER" mode and with local users only. > >> > >> Share configuration : > >> > >> [private] > >> path = /home/private > >> valid users = papo > >> force user = root > >> force group = root > >> read only = No > >> create mask = 0600 > >> directory mask = 0700 > > > > [...] > > > >> Second test, using a valid but not listed user : > >> > >> [EMAIL PROTECTED] /]# smbclient //julieta/private -U administrator > >> Password: > >> Domain=[JULIETA] OS=[Unix] Server=[Samba 3.0.23d] > >> smb: \> mkdir 1 > >> smb: \> rmdir 1 > >> smb: \> quit > >> > >> This is wrong, administrator shouldn't write, not even connect to > >> the share. "invalid users" seems to work ok though. > >> I can provide debug logs for both versions if needed. > >> Any hints? > > > > Is your administrator in the list of 'admin users'? > > > >> Thanks.- > > > > Kind regards, > > No, 'admin users' is empty. > Anyway, I'm observing the same behaviour with any account. > Downgrading to 3.0.22 and using the same smb.conf works, I'm going to > try 3.0.24 in the next couple of days just to be sure. > > Thanks.- Please read the WHATSNEW.txt file that ships with Samba-3.0.x. You'll see that the semantics of "valid users" was changed around 3.0.8. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating from 3.0.7 to 3.0.23c problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/08/2007 05:03 PM, Gary Martin wrote: > We built a new server running Samba 3.0.23c and configured it to replace > our corporate PDC that was running Samba 3.0.7. The PDC uses tdbsam and > has the "admin users" directive defined. All user accounts were copied > to the new server. Using the output of "net groupmap list" from the old > server we mapped the windows accounts and SIDs to their unix group > counterparts on the new server. When we started using the new server we > experienced some problems, users could log in to the domain and access > samba shares but not could not access windows shares on the domain. > Also our Domain Admins had a uid of 0 as expected but could not perform > administrative duties on pc domain members. We downgraded the system to > samba version 3.0.21b and got it running properly performing the same > steps. We would still like to upgrade to 3.0.24 though. Does anybody > have an idea of what went wrong with our upgrade? Can anyone offer tips > or instructions on how to upgrade from 3.0.21b to 3.0.24? Did you check the Release Notes and WHATSNEW? There are a few changes between 3.0.21 and 3.0.24 that impacts the way that groups are handled. In our setup, we add users in Domain Admins group and that's enough to let them do administrative tasks on the clients, we also did the 'net rpc rights' to the Domain Admins group, considering that, we don't need 0-uid users. After 3.0.8 and 3.0.14 there are some changes in the way groups are handled and also other important changes on how Samba checks permissions and control access. Perhaps you could post your smb.conf and some logs so we can try to help you find out what are the missing points. > Thanks, > Gary Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzIR7Cj65ZxU4gPQRAqN+AJ9dz4YVUGC26fH5AIdhv4ihHCZywgCgmlRk cKsOiviZYgwC/aAf7UJ4MII= =Vr4+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RH Enterprise Question
Danny, These are the options that I explicitly set to make Samba/CUPS printing work for me. Note: These may or may not be what _you_ want. [global] load printers = Yes show add printer wizard = Yes printing = cups printcap name = cups use client driver = No [printers] comment = All Printers path = /your/path public = Yes guest ok = Yes browseable = No printable = Yes admin users = @"DOMAIN\Domain Admins", DOMAIN\dale writeable = No [print$] comment = Printer Driver Download Area path = /your/path browseable = Yes guest ok = No read only = Yes write list = @"DOMAIN\Domain Admins", DOMAIN\dale admin users = @"DOMAIN\Domain Admins", DOMAIN\dale As you can see, we are on a domain, and the permissions that I used on the directory that contains the print drivers are 775 and owned by root:"domain users". If you are using the postscript drivers in CUPS, have you tried printing from within Linux to verify that CUPS is OK? Since the steps were not intuitive for me, the first time I set this up took a lot of trial and error. I hope this gives a clue as to what might work for you. Good luck, Dale Danny Ho wrote: I modifed the smb.conf then kill -1 processid for smb and nmbd but is still not showing up my printers in xp. -Original Message- *From:* Dale Schroeder [mailto:[EMAIL PROTECTED] *Sent:* Friday, 9 February 2007 3:46 AM *To:* Danny Ho *Subject:* Re: [Samba] RH Enterprise Question Danny, Every configuration that I've seen that uses "printing = cups" also sets "printcap name = cups". See if that helps you. Good luck, Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Summary] Bugzilla Day, Feb 8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, I've posted a short summary of the bug bash from yesterday at http://wiki.samba.org/index.php/Bugzilla_Day#8_Feb_2007. I've also updated the suggested patches for 3.0.24 at http://www.samba.org/samba/patches/. All of these are fixes for problems with Vista clients. If you want all the patches, it is probably easiest just to use quilt as described on the patches page. The fetch-patches script will pull all the patches for a given version (currently only 3.0.24 but the same patches should apply to 3.0.23d as well). Thanks to all who helped out with debugging, testing, and reporting issues. We'll do this again in a couple of weeks as soon as I check around and see what works best for most people. Right now I'm looking at Feb 22, 6am - 6pm Pacific Standard Time US (GMT - 8). But that is just tentative at the moment. I'll update the wiki page at http://wiki.samba.org/index.php/Bugzilla_Day once we have a solid time and date. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzIDVIR7qMdg1EfYRAuuyAKCzUNQyeuBAfModw7icVTQsGCQRQACfanfs r0W1cjJBR8JNuNGfL9yPGUM= =xuwI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Connection problems from WinXP SP2 to Samba Server Ubuntu 6.10
Hi All! I have a - I suppose - simple question: I experience problems when I try to copy large ammounts of data off my Linux-Server (Ubuntu 6.10) down to my Windows XP client. Every now and then the Windows Client seems to lose the connection, and it cancels the copying-command giving the error message "the network resource can not be found or does not exist". For a moment or so it seems to lose connection to the mounted network share (S: drive in my case), but in the next moment drive S is there again. Enough, though, to interrupt the copy process. My setup is SAMBA with user/password authentication as a simple File Server (small home network), no active directory no nothing. The connection goes through a Netgear router. This is pretty annoying, for it stops the copying process altogether. Is this a known problem? What can I do to fix it? In case this is a non-standard probelm I can provide logs and config-files, of course! Thanx for support, Sulla -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] opendir messages with log level = 1 and extd_audit
Hi, I'm using samba 3.0.23d on Debian Etch and wat to use the extd_audit vfs module. In the global section of my smb.conf I use: log level = 1 vfs:0 And in the share section: vfs objects = extd_audit With log lovel 0 for the vfs module I expected to see messages about deleted/unlinked files and directories + mkdir commands. In fact I get opendir messages too. This is filling up the logfile rather quickly. [2007/02/09 13:32:48, 1] modules/vfs_extd_audit.c:audit_opendir(164) vfs_extd_audit: opendir tmp [2007/02/09 13:32:48, 1] modules/vfs_extd_audit.c:audit_opendir(164) vfs_extd_audit: opendir ./ >From http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html: ### * extd_audit This module is identical with the audit module above except that it sends audit logs to both syslog as well as the smbd log files. The log level for this module is set in the smb.conf file. Valid settings and the information that will be recorded are shown in the next table. Table 23.1. Extended Auditing Log Information Log Level Log Details - File and Directory Operations 0 Make Directory, Remove Directory, Unlink 1 Open Directory, Rename File, Change Permissions/ACLs 2 Open & Close File 10 Maximum Debug Level ### Is it the expected behaviour that extd_audit logs the opendir commands? I found a bug report about this with the comment that "the ext_audit module works as designed". https://bugzilla.samba.org/show_bug.cgi?id=1950 I'm now plying around with the full_audit option, but it seems to be poorly documented. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA in separate Domains/Forests ...
Hi, as a partial solution to my problem I found that the (very) recently released sernet Samba 3.0.24 Kit does at least allow the Users/Groups to be listed - if security is changed from ADS to DOMAIN after net ads join has been performed. Looks like ADS Support (or documentation) in Samba is yet incomplete for mixed mode domains. Kind regards, Pascal On 2/6/07, pascal p <[EMAIL PROTECTED]> wrote: Hello .. Does anyone have a description or hints on how to get Samba to see users from two separate Windows ADS Domains/Forests ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connection dropped when copying large files to a SambaServer
On Fri, Feb 09, 2007 at 08:12:24AM -0500, Michelle Dupuis wrote: > I'm not sure how best to proceed with this one either...short of generating > a huge amount of debug info. > > One clue (should someone be reviewing the nearby code), is that the failure > appears to occur around the time of file close! In my tests, I can write > out 65GB of data no problem, but around the time of file close smb hangs up. > > > I don't think it's an underlying filesystem issue since an equivalent write > using NFS to the same server works great. What do you mean with "smbd hangs up"? It might help to see in what syscall it hangs. strace -p should tell you that. You could also compile smbd with -g and in the hang state attach to it with gdb and give us the output of the bt (for backtrace) command. Volker pgpN5sDkI0xNH.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ads_join_realm: Insufficient access
Brijesh Shukla wrote: Hi Samba List; Kindly help me, I am stuck with this problem since long time. I am trying to join windows 2003 Active Directory using Linux client. I am able to join Windows 2003 Active directory using administrator account (I mean if i am giving the command like net ads join -U administrator then it work perfectly ) Perfectly normal default operation. on the other hand if i try to with normal user account let say "bshukla" then I am always getting this problem..."ads_join_realm: Insufficient access".. User "bshukla" does not have rights to add machines to the domain. Again, perfectly normal default operation. On the same time I am able to access Windows 2003 Active directory with bshukla account using windows-xp based PC.. I am astonish kerberos is working fine because I am able to get ticket on bshukla user account but "net ads join -U bshukla" is not giving desired result.. What are you trying to achieve? You are already able to add your Linux box to the domain and only need to do it once. By default, non-admin users cannot join machines to the domain. If you want user "bshukla" to be able to do that, the right will have to be granted in Windows AD. I am attaching the log of my work... Kindly suggest me what i have to do.. **LOG FILE* [EMAIL PROTECTED] ~]# kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: [EMAIL PROTECTED] ~]# net ads join -U bshukla [2007/02/09 20:21:36, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for localhost already exists - modifying old account [2007/02/09 20:21:36, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (localhost): Insufficient access ads_join_realm: Insufficient access ***End of Log Thanks in advance Brijesh Shukla -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Connection dropped when copying large files to a SambaServer
I'm not sure how best to proceed with this one either...short of generating a huge amount of debug info. One clue (should someone be reviewing the nearby code), is that the failure appears to occur around the time of file close! In my tests, I can write out 65GB of data no problem, but around the time of file close smb hangs up. I don't think it's an underlying filesystem issue since an equivalent write using NFS to the same server works great. MD -Original Message- From: Volker Lendecke [mailto:[EMAIL PROTECTED] On Behalf Of Volker Lendecke Sent: Friday, February 09, 2007 4:22 AM To: Michelle Dupuis Cc: samba@lists.samba.org Subject: Re: [Samba] Connection dropped when copying large files to a SambaServer On Thu, Feb 08, 2007 at 02:04:18PM -0500, Michelle Dupuis wrote: > I can see h/w being a cause in many cases. We've reproduced this on 2 > different servers with 2 different storage technologies. And once > using Backup Exec and once using Ghost. > > Starting to smell a lot like a s/w problem... We would need much more information. I know it's difficult to do higher debug levels for this data rate, but without more info we just can't diagnose this remotely. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ads_join_realm: Insufficient access
Hi Samba List; Kindly help me, I am stuck with this problem since long time. I am trying to join windows 2003 Active Directory using Linux client. I am able to join Windows 2003 Active directory using administrator account (I mean if i am giving the command like net ads join -U administrator then it work perfectly ) on the other hand if i try to with normal user account let say "bshukla" then I am always getting this problem..."ads_join_realm: Insufficient access".. On the same time I am able to access Windows 2003 Active directory with bshukla account using windows-xp based PC.. I am astonish kerberos is working fine because I am able to get ticket on bshukla user account but "net ads join -U bshukla" is not giving desired result.. I am attaching the log of my work... Kindly suggest me what i have to do.. **LOG FILE* [EMAIL PROTECTED] ~]# kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: [EMAIL PROTECTED] ~]# net ads join -U bshukla [2007/02/09 20:21:36, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for localhost already exists - modifying old account [2007/02/09 20:21:36, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (localhost): Insufficient access ads_join_realm: Insufficient access ***End of Log Thanks in advance Brijesh Shukla -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is that possible to use Samba with LDAP authentication in WorkGround mode?
Hi, I have used smbpasswd to maange my samba accounts all the while. Due to the growth of network users, I feel it's tedious to mange the accounts in smbpasswd. I have learned that LDAP can solve my problem. Some network services like CVS, X-Windows, Telnet and FTP have successfully working with a LDAP server I setup. However, I still encounter problems with SAMBA using with the LDAP Server. I have studied SAMBA HOWTO and articles that talks about LDAP. However, these topics are always deal with PDC or Domain. I just wish to use Samba in workgroup mode. Just like the smbpasswd ways I have used long time ago. Is that possible to do that with SAMBA + LDAP? Please advice. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] sambaSamAccount and posixAccount cohabitation
Hi all,
I'm new on this list and I'm french, so my english could be worst !;)
My question is about sambaSamAccount and posixAccount objectClasses.
I want the user "test" be mapped to user root (uid=0, gid=0) when logged
into pam over ldap mechanism (such as ssh)
And I want the same user "test" be mapped to user test (uid=1003,
gid=513) when logged to Samba server.
The user test looks like :
userPassword={SHA}...
sambaNTPassword=219AF2CFBB1146232E95BB289D4B4907
sambaPrimaryGroupSID=S-1-5-21-3332956327-150401671-1105301019-513
...*
gidNumber=513
uidNumber=1003*
uid=syvo
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetOrgPerson
objectClass=posixAccount
objectClass=sambaSamAccount
cn=syvo
Is it possible to map this user to root when it's logging to unix and
map this same user to gid=513,uid=1003 when it's logging to samba ?
Without making a second account...
Maybe the solution is on the smb.conf file; maybe I can force this user
to be mapped to gid=513,uid=1003 when it logs to Samba ? or, on the
opposite, maybe I can force user gid=513,uid=1003 to be mapped to root
(gid=0,uid=0) when it logs to unix mechanism ?
I hope i'm on the right list for this question and I hope my english is
sufficient to understand my query,
Thanks in advance :)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best procedure for migration?
Sherwood Botsford wrote:
Looking in both Samba3 by example and in Samba HowTo has come up empty.
There is a chapter in Howto on migrating from 2.2.8, but it mostly
describes the changes in 3 from 2. Nothing on best practices on how to
do it.
I have two servers running samba 2.2.8a. on FreeBSD 4.5 I have two new
(new to me anyway... 2nd hand netfinity boxes) running FreeBSD 6.1 along
with a fresh install from packages of samba 3.0.21b.
Now I have a task that I think is akin to changing the spark plugs
without turning off the engine.
Q1. Has anyone produced a guide on how to migrate samba gracefully to
another machine?
Q2. Is it a bad idea to couple the machine migration along with the
samba upgrade?
Heres how I see the problems:
0. make a backup
1. Move files.
This would be done using rsync, so that the new server would remain
consistent with the old server.
tar would be another method. scp would also suffice. at least tar makes
a backup as you go 8P
2. Move unix logins. Fairly easy. The PDC is also the YP server.
Make the new server a ypslave. Later we can reverse the two roles.
if you're not running NIS then you would have to copy the file logins
/etc/{passwd,group,shadow,gshadow} and filter out the system users
3. Move the samba logins. Initially do this by copying over the
smbpasswd file. Later convert to LDAP or TDBsam.
sure
Now it starts getting tricky:
What do I need to do so that the new server appears as the PDC of my
domain?
What do I need to do so that the users don't notice the switch.
At present there are a whole bunch of shares that are mapped via a logon
script. The shares will map the same way, except that \\conan will be
replaced by \\peon.
change your logon.bat script
you probably need to retain the old PDC/DOMAIN SID information from the
secrets.tdb. I think that gets set into the new PDC secrets.tdb with
net setlocalsid.
What happens to memories of the old shares?
the logon.bat can delete share mappings with something like
net use f: /delete
I'm sure there are a million gotchas in here.
probably a few more now!
--
Tom Robinson
Systems Adminstrator
Intelligent Space
Parchment House
13 Northburgh Street
London
EC1V 0JP
t: 020 7014 5980
f: 020 7014 5981
e: [EMAIL PROTECTED]
w: http://www.intelligentspace.com
The information in this e-mail and any attachment is confidential. It
isintended only for the named recipient(s). If you are not a named
recipient please notify the sender immediately and then delete it
without disclosing the contents to another person or taking copies.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Howto setup printing with Windows XP Clients, Cups and samba..
Hi, okay. With your help I'm a step further, but the problem itself persists. In fact something must have gone wrong, when i added PrintOP privileges to the admin user, cause it didn't have the flags I've added. Now the Admin User does have the necessary privileges: majestix-linux:~# net -U Administrator rpc rights list Administrator [2007/02/09 11:28:30, 0] param/loadparm.c:map_parameter(2698) Unknown parameter encountered: "privileges" [2007/02/09 11:28:30, 0] param/loadparm.c:lp_do_parameter(3428) Ignoring unknown parameter "privileges" Password: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege The user is in the right group to be a Domain Admin. SID of the Domain Admins group is correct. Writing to the print$ share is possible. What else could be the problem? Patrick schönfeld / in-medias-res.com wrote: > Hi Dale, > Hi Martin, > > thanks for your good explanations. I will try to follow them in order to > get driver upload working properly. > > Thanks and best Regards > > Patrick > > Dale Schroeder wrote: >> Don't forget to enable the privilege to add printers as described in >> http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html#id341486 >> . Required for cupsaddsmb with postscript drivers, or to directly >> upload windows drivers to a raw CUPS queue. >> >> Dale >> >> Martin Zielinski wrote: >>> Hi, >>> >>> That's really not the way you should do this. >>> >>> Try this: >>> 1st Check your permissions : >>> Enter on your windows client: Start->Run-> \\\print$ >>> >>> (Note the $) >>> You should see at least the W32X86 folder you previously created in >>> the driver section of your Samba server. >>> >>> Try to add a new folder - or (if exists) change into W32X86\3 and create >>> a file (or folder) *from your windows client*. >>> If this fails - you have a permission problem and have to solve it first. >>> >>> 2nd Install your driver: >>> - Enter on your windows client: Start->Run-> \\ >>> - Change into the "Printers and Faxes" folder >>> - Right click -> Server Properties >>> - Middle tab "Drivers" >>> - Click "Add" and follow the instructions >>> >>> 3rd Assign your driver: >>> >>> - In the "printers and faxes" folder right-click on a printer >>> - Select Properties >>> - Tab "Advanced" >>> - Select the driver from the drop down box >>> - Ok >>> >>> Your done. >>> Most problems with permissions will be caused because of the unix >>> rights of your driver directories. >>> You could try to "chmod 0777" them all "e.g. /var/drivers >>> /var/driver/W32X86 ..." >>> >>> Hope that helps, >>> >>> Martin >>> >>> stephen mulcahy schrieb: Hi, I (unsuccessfully) tried to set this up about 12 months ago. To get the printer drivers I downloaded them from the printer vendor, extracted the downloaded driver package (or ran it to install them) and then copied the resulting files to the server. This seemed to work ok but I tripped over permissions problems (possibly because at the time the print server wasn't functioning as a pdc). Not sure if that helps though. -stephen >>> [...] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Reference Documentation Server
On Thu, Feb 08, 2007 at 12:28:57PM +, - Reyneke wrote: > Fixed. > > The problem turned out to be an endian issue. The target embedded platform > is big-endian and the host little. The build setup doesn't seem to handle > this very well. > > Might be worth putting together a cross-compilation guide for samba. You know about wiki.samba.org? I think the wiki would be a perfect place for this. Volker pgpHz40cL8SYX.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Howto setup printing with Windows XP Clients, Cups and samba..
Hi Dale, Hi Martin, thanks for your good explanations. I will try to follow them in order to get driver upload working properly. Thanks and best Regards Patrick Dale Schroeder wrote: > Don't forget to enable the privilege to add printers as described in > http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html#id341486 > . Required for cupsaddsmb with postscript drivers, or to directly > upload windows drivers to a raw CUPS queue. > > Dale > > Martin Zielinski wrote: >> Hi, >> >> That's really not the way you should do this. >> >> Try this: >> 1st Check your permissions : >> Enter on your windows client: Start->Run-> \\\print$ >> >> (Note the $) >> You should see at least the W32X86 folder you previously created in >> the driver section of your Samba server. >> >> Try to add a new folder - or (if exists) change into W32X86\3 and create >> a file (or folder) *from your windows client*. >> If this fails - you have a permission problem and have to solve it first. >> >> 2nd Install your driver: >> - Enter on your windows client: Start->Run-> \\ >> - Change into the "Printers and Faxes" folder >> - Right click -> Server Properties >> - Middle tab "Drivers" >> - Click "Add" and follow the instructions >> >> 3rd Assign your driver: >> >> - In the "printers and faxes" folder right-click on a printer >> - Select Properties >> - Tab "Advanced" >> - Select the driver from the drop down box >> - Ok >> >> Your done. >> Most problems with permissions will be caused because of the unix >> rights of your driver directories. >> You could try to "chmod 0777" them all "e.g. /var/drivers >> /var/driver/W32X86 ..." >> >> Hope that helps, >> >> Martin >> >> stephen mulcahy schrieb: >>> Hi, >>> >>> I (unsuccessfully) tried to set this up about 12 months ago. To get the >>> printer drivers I downloaded them from the printer vendor, extracted the >>> downloaded driver package (or ran it to install them) and then copied >>> the resulting files to the server. This seemed to work ok but I tripped >>> over permissions problems (possibly because at the time the print server >>> wasn't functioning as a pdc). >>> >>> Not sure if that helps though. >>> >>> -stephen >>> >> [...] -- in medias res Gesellschaft für Kommunikationstechnologien mbH Dahlenerstr. 570 41239 Mönchengladbach tel. +49 (0) 2166 - 685 fax. +49 (0) 2166 - 800 email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connection dropped when copying large files to a SambaServer
On Thu, Feb 08, 2007 at 02:04:18PM -0500, Michelle Dupuis wrote: > I can see h/w being a cause in many cases. We've reproduced this on 2 > different servers with 2 different storage technologies. And once using > Backup Exec and once using Ghost. > > Starting to smell a lot like a s/w problem... We would need much more information. I know it's difficult to do higher debug levels for this data rate, but without more info we just can't diagnose this remotely. Volker pgpRWvi3ML7Jo.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Domain Member Server -- tdbsam/winbind/idmap_rid -- file ownership ?
I have just struggled to implement a Samba Domain Server, and have some remaining issues. I have a Samba PDC using tdbsam, managing a domain called RHEA. I have (finally) configured a new Samba Domain Server (AUREUS) using winbind and idmap_rid. When I am logged in to RHEA as user GMCH I can access a TMP share on AUREUS (at last). Running 'getent passwd' I get (inter alia): RHEA\gmch:*:12000:10513: and 'getent group' gives: RHEA\domain users:*:1053:RHEA\gmch:... When I create files on TMP I find that they are owned by 'root' and in the group 'RHEA\domain users', eg: -rwxr--r-- 1 root RHEA\domain users 8 Feb 8 20:29 Hello Samba The group is fine. QUESTION: why is the file owner not RHEA\gmch ? I note that 'RHEA\gmch' and 'RHEA\domain users' are apparently disabled as far as getent can see -- so I suppose that's what winbindd is telling it. Is this the problem ? BTW I discover that it is a good idea to set 'root' in the tdbsam, along with groupmap for 'Domain Admins' etc. Windows then reports ownership of 'AUREUS\root'. Chris -- Chris Hall @ Home +44 (0)7970 277 383 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdbedit: '-G rid' doesn't seem to have any effect
On Thu, 8 Feb 2007 Gerald (Jerry) Carter ("Gerald (Jerry) Carter"
<[EMAIL PROTECTED]>) wrote
Chris Hall wrote:
'pdbedit -r -u agrotera$ -G 515', produced:
Unix username:agrotera$
NT username:
Account Flags:[W ]
User SID: S-1-5-21-4211105910-4270789338-3787013593-1414
Primary Group SID:S-1-5-21-4211105910-4270789338-3787013593-513
which is to say, nothing changed and no error or warning message was
given.
I'll remove the -G option today. But the reported primary group
should reflect the real Unix group membership if in fact that
group has been mapped to a domain group. So I'd say there's a
bug here in pdbedit.
OK. I'm guessing that the real problem is that the passdb.tdb contains
an entry for Primary Group SID at all. With the change to group
handling in v3.0.23 the Group SIDs should be found by UNIX UID -> UNIX
GID(s) -> Windows Group SID(s).
Thanks,
Chris
--
Chris Hall @ Home +44 (0)7970 277 383
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
