[Samba] Hide workgroup names in network neighborhood ?
Hi, since we have have a working wins server all kind of workgroups from private laptops, or from special devices are visible in the network neighborhood in our institute. Is it possible to hide or mask all of them ? -- Bye, Peer _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Deleted files reappear after login
Hi, problem is, if someone deletes files e.g. from Desktop in XP, logs out and logs in again, the files reappear. They are not deleted in the profile on the server. The profile is syncing so that changes to files and new files are ok. Only deleting does not work. am using: Redhat EL4 U4, Samba 3.0.24-SerNet-RedHat, XP SP2 Clients. smb.conf parts: logon path = \\%L\profiles\%U logon script = login.cmd %U %G logon drive = h: [netlogon] comment = Network Logon Service path = /etc/samba/netlogon public = no read only = yes writeable = no browseable = no valid users = @xyz root [profiles] comment = Roaming profiles share path = /shares/profiles writeable = yes create mask = 0660 directory mask = 0770 browsable = no valid users = @xyz root force user = %U profile acls = yes hide dot files = no csc policy = disable Any ideas? Thx Rainer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba: offer public share to Windows 98 and writable share to Windows XP
On Wed, 2007-04-11 at 14:40 +0100, Mark Adams wrote: > Did you set a password for the music user with smbpasswd -a music ? No. After done what you suggested everything's working the way expected. I never heard of the command smbpasswd before. I am a new samba user. > > On Wed, Apr 11, 2007 at 12:17:46PM +0800, Zhang Weiwu wrote: > > On Wed, 2007-04-11 at 11:57 +0800, Zhang Weiwu wrote: > > > Dear List. My requirement is to set up a samba share named "music" > > > that: > > > I. it's read-only accessible from both Windows 98 and Windows > > > 2000/XP not requiring password; > > > II. it's write-accessible from Windows XP protected by a password. > > > > In my last email I forgot to mention my "uname -a" and my smb.conf > > > > [global] > > server string = File Server Sappho %v > > log file = /var/log/samba/log.%m > > map to guest = nobody > > hosts allow = 218.193.55. > > security = share > > encrypt passwords = no > > bind interfaces only = 218.193.55.205 > > dos charset = 936 > > unix charset = UTF-8 > > > > [music] > >comment = /var/music > >path = /var/music > >guest ok = yes > >read only = no > > > > Later I am aware that Windows NT (including XP) probably doesn't work > > with "encrypt passwords = no" so I removed that line, the result is, > > Windows XP user can always map the share as user "music" but after > > mounted the user still don't have permission to write to the share. > > Sambe log shows the user is still "nobody" but not "music". > > > > [2007/04/11 02:15:59, 1] > > smbd/service.c:make_connection_snum(693) > > 218.193.55.233 (218.193.55.233) connect to service music > > initially as user nobody (uid=65534, gid=65534) (pid 15327) > > > > my system information: > > sappho ~ # equery which samba > > /usr/portage/net-fs/samba/samba-3.0.24.ebuild > > sappho ~ # uname -a > > Linux sappho.realss.com 2.6.18-gentoo-r3 #23 Mon Apr 9 23:27:21 HKT 2007 > > sparc64 sun4u TI UltraSparc IIi (Sabre) GNU/Linux > > > > My latest smb.conf: > > > > sappho ~ # cat /etc/samba/smb.conf > > [global] > > server string = File Server Sappho %v > > log file = /var/log/samba/log.%m > > map to guest = nobody > > hosts allow = 218.193.55. > > security = share > > bind interfaces only = 218.193.55.205 > > dos charset = 936 > > unix charset = UTF-8 > > > > [music] > >comment = /var/music > >path = /var/music > >guest ok = yes > >read only = no > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba -- Zhang Weiwu Real Softservice http://www.realss.com +86 592 2091112 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Poor Quickbooks Performance
At 08:36 PM Monday, 4/9/2007, Ben wrote -=> I am using Samba (3.0.23) on FreeBSD (5.4 and 6.0) to share a Quickbooks 2007 file, with poor performance relative to Windows XP filesharing (4-5x worse). The file is large (about 600MB), and I am aware of the differing locking mechanisms versus Windows, but is there anything that can be done to tweak this? A quick Google of the key words produced this link: http://www.edoceo.com/liber/network-samba-quickbooks.php It works for me and we have a number of clients with files between 200 and 700 mb. Ed Kasky ~ Randomly Generated Quote (80 of 557): "I do not take a single newspaper, nor read one a month, and I feel myself infinitely the happier for it." --Thomas Jefferson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WinME can't log immediately after restart (Samba as PDC).
Hello list. I use Slackware 10.2 with Samba 3.0.20 as PDC/WINS server in a LAN with 6 more PCs running WinME (I'm not to blame, they were there when I arrived). I've followed step by step the HOW-TO in setting up Samba as a PDC and a WINS server, but when I reboot one of the WinMEs I can't log on to the domain immediately. I have to hit [Esc], enter MS-DOS and do c:\> nbtstat -R c:\> nbtstat -RR and close the no user session. After that if I'm lucky I can log on. If not lucky, I do it again and after the third time or so I get to log on. I did # tail -f samba.nmbd and I got this in the samba.nmbd when trying to log on and get rejected: Unique name registration for name ADMINISTRADOR<03> IP 192.168.0.10 Original client at IP 192.168.0.1 still wants the name ADMINISTRADOR<03>. Rejecting registration request. Unique name release for name ADMINISTRADOR<03> IP 192.168.0.10 Refusing request to release name name ADMINISTRADOR<03> as IP 192.168.0.10 is not one of the known IP's for this name. The user called "Administrador" (me) was logged on the PC with IP 192.168.0.1, and was trying to log on into 192.168.0.10. ¿Does anybody have a clue on what I'm doing wrong? Attached goes my smb.conf. Thanks a lot in advance. -- :: Nicolás Conde:: "...querer informarse sin esfuerzo es una ilusión que remite al mito publicitario antes que a la movilización cívica. Informarse fatiga. Ese es el precio que un ciudadano paga para tener el derecho de participar con inteligencia en la vida democrática." Ignacio Ramonet (Le Monde Diplomatique, oct/93). [global] netbios name = Servidor workgroup = ESTACION server string = Samba %v en %L # Primary Domain Controller y Domain Master Browser domain logons = yes domain master = yes local master = yes preferred master = yes # Fin # Inhabilitar perfiles itinerantes (roaming profiles) logon home = logon path = # Fin os level = 64 wins support = Yes security = user passdb backend = smbpasswd encrypt passwords = No log level = 3 log file = /var/log/samba.%m max log size = 50 name resolve order = wins bcast host [netlogon] comment = Servicio netlogon path = /export/samba/netlogon read only = yes browseable = no [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [bases] comment = Bases de Combex path = /export/samba/combex browseable = Yes read only = No create mask = 0771 directory mask = 0775 veto oplock files = /*.dbf/*.ntx/ [alejandrawin] path = /export/samba/alejandrawin browseable = No read only = No create mask = 0600 directory mask = 0700 case sensitive = No oplocks = No level2 oplocks = No fstype = FAT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hybrid Mode for Security
On Tue, Apr 10, 2007 at 02:52:21PM -0400, Bob Mauti wrote: > > Our smb.conf file reads as of below: > > # Samba config file created using SWAT > # from 192.168.145.40 (192.168.145.40) > # Date: 2007/04/10 13:32:58 > > # Global parameters > [global] > workgroup = FACS > ldap ssl = no > hosts allow = 192.168.145. > > [homes] > > [public] > path = /public > username = smbuser > force user = smbuser > read only = No > guest ok = Yes > > Any suggestion or additional reading will be helpful. Use the following instead, Jeremy. # Samba config file created using SWAT # from 192.168.145.40 (192.168.145.40) # Date: 2007/04/10 13:32:58 # Global parameters [global] workgroup = FACS ldap ssl = no hosts allow = 192.168.145. map to guest = Bad Password [homes] guest ok = no [public] path = /public force user = smbuser read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] w2k3 memberserver as terminal server in samba domain
Hi, we are using a samba domain which is distrubuted by UCS (ww.univention.de). A w2k3 Server RC2 is configured as a memerserver. Authentication on its resources controlled by samba via ldap is functional. Right now we have the Problem of getting members to logon to that server using terminal services . I created a group in which all domain users are gathered who should have access. This group is member of the local group "remote desktop users" on the terminal server, but when trying to connect with one of these account, access is denied. Only members of domain\domain admins are allowed to log on. At this moment I am not quite sure if this is a samba problem, or a microsoft one. I have set level of security to the least on the terminal server and it does seem that there could be any restrictions preventing the tsuser group from logging on to that server. I am aware, that the domain controller is not a samba pdc with ldap out of the box. The server is based on Debian and the manufacturer of that product has made several changes to it. I have allready posted problem on their forum, but think that this mailing list might also a good start to gather some information on how to solve that problem. Maybe somebody here could point me to the right path. Regards, Torsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems sharing HP Officejet 6210 Linux --> XP
[cross-posted from www.tek-tips.com] Dear samba forum, I've now wasted most of a weekend on this issue, so now it's time to swallow my pride and ask for help! Background: My main home computer died. I can't afford to replace it right now, so I'm attempting to retread an old AMD PC into a linux print/file server. Clients are a mixed bag of Windows XP home/professional PCs. The printer is an HP Officejet 6210 multifunction print/scan/fax. I'm only attempting to get basic printing working between Windows/Linux. File shares to the PCs are working great. The printer is working locally via cups and hplip. The printer is exported via Samba and is visible from the windows boxes (i.e., you can see it in Network Neighborhood and get the status of the print queue using the DOS 'net print' command). You can see my smb.conf file at the bottom of this post. Problem: The basic catch-22 with this printer model is that the drivers aren't part of the standard XP distro. The XP printer installation wizard expects the drivers to be available from the print server. After searching the net, I came across this basic installation method: 1. Temporarily plug the printer into the XP PC and install the drivers from the Printer CD. Then plug the printer back into the linux server. At this point 2 techniques were suggested, neither of which worked for me: 2a. Go back to the wizard and install the remote printer, using the correct driver this time. This apparantly succeeds, but printint the test page fails with an uninformative popup inviting me to go to the troubleshooting wizard (which is equally unhelpful). or 2b. Hack the local printer configuration by going to properties-->ports and creating a Local port with the value \\\, as shared by Samba. This step fails for me with error 66 "The network resource type is not correct". So that's it, I'm stuck. I would love to hear from anyone who has worked through this problem already. Failing that, how can I pick apart this problem to figure out what's failing? Note: There was also some discussion in the forums about the print$ share and loading drivers on the Linux box, but I never figured out if that was relevant to my use case (Linux server/Windows client). Many thanks in advance to those who reply. Cheers, Larry My smb.conf # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2007/04/08 18:33:12 [global] workgroup = HOMENET server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s /bin/false -M %u os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no cups options = raw [homes] comment = Home Directories read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [hp6210] comment = The HP multifunction printer w. scan and fax capability path = /usr/spool/samba printer admin = root, lbarnett read only = No guest ok = Yes min print space = 2000 printable = Yes cups options = printer name = hp6210 oplocks = No share modes = No [shared] available = No [print$] comment = Samba print driver download area path = /etc/samba/drivers admin users = root, lbarnett guest ok = Yes -- View this message in context: http://www.nabble.com/Problems-sharing-HP-Officejet-6210-Linux---%3E-XP-tf3556303.html#a9930048 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hybrid Mode for Security
Good Afternoon, We are trying to setup SAMBA to use the security set as user, but would like to have one share setup as shared without any user logins or passwords. We are trying to setup the standard homes share that requires a user name a password to access the person home directory and a public share that will share /public directory without a user login/password. We are unable to get both types of security to work together. The help note mentions hybrid mode, but no information about setup or examplers with it. Our smb.conf file reads as of below: # Samba config file created using SWAT # from 192.168.145.40 (192.168.145.40) # Date: 2007/04/10 13:32:58 # Global parameters [global] workgroup = FACS ldap ssl = no hosts allow = 192.168.145. [homes] [public] path = /public username = smbuser force user = smbuser read only = No guest ok = Yes Any suggestion or additional reading will be helpful. Thanks Bob Mauti Support Supervisor FACS Management -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.0.0/754 - Release Date: 4/9/2007 10:59 PM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Poor Quickbooks Performance
I am using Samba (3.0.23) on FreeBSD (5.4 and 6.0) to share a Quickbooks 2007 file, with poor performance relative to Windows XP filesharing (4-5x worse). The file is large (about 600MB), and I am aware of the differing locking mechanisms versus Windows, but is there anything that can be done to tweak this? BH -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba problems
I have a question about samba. I found the smbmnt documentation but my fedora core 6 doesn't seem to recognize the command. Is there something Else I need to check to see why this is the case? The swat program seems to think things are OK. Thanks Jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ntprinters.tdb and ntdrivers.tdb
Hello, I am trying to migrate a samba printing server (with cups). (3.0.10fc3) by renaming it localhost=drlinux=the test machine newscribe=the production machine I did the following operations : 1/ Install a basic samba and cups 2/ copy all the configuration files and other from our running samba to our test server (including all tdb files ..) 3/ Adding the new server to the domain net rpc join -->OK 4/ I can see all the domain member (pdbedit -L) 5/ But when I do a " rpcclient -U'root%ingwie' -c 'enumdrivers' localhost" I get nothing so I don't understand. My question is " how can I get all the drivers installed on a samba server to another ?" Thanks in advance -- Guillaume RENARD http://glmrenard.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WinME can't log immediately after restart (Samba as PDC).
Hello list. I use Slackware 10.2 with Samba 3.0.20 as PDC/WINS server in a LAN with 6 more PCs running WinME (I'm not to blame, they were there when I arrived). I've followed step by step the HOW-TO in setting up Samba as a PDC and a WINS server, but when I reboot one of the WinMEs I can't log on to the domain immediately. I have to hit [Esc], enter MS-DOS and do c:\> nbtstat -R c:\> nbtstat -RR and close the no user session. After that if I'm lucky I can log on. If not lucky, I do it again and after the third time or so I get to log on. I did # tail -f samba.nmbd and I got this in the samba.nmbd when trying to log on and get rejected: Unique name registration for name ADMINISTRADOR<03> IP 192.168.0.10 Original client at IP 192.168.0.1 still wants the name ADMINISTRADOR<03>. Rejecting registration request. Unique name release for name ADMINISTRADOR<03> IP 192.168.0.10 Refusing request to release name name ADMINISTRADOR<03> as IP 192.168.0.10 is not one of the known IP's for this name. The user called "Administrador" (me) was logged on the PC with IP 192.168.0.1, and was trying to log on into 192.168.0.10. ¿Does anybody have a clue on what I'm doing wrong? Attached goes my smb.conf. Thanks a lot in advance. -- :: Nicolás Conde:: "...querer informarse sin esfuerzo es una ilusión que remite al mito publicitario antes que a la movilización cívica. Informarse fatiga. Ese es el precio que un ciudadano paga para tener el derecho de participar con inteligencia en la vida democrática." Ignacio Ramonet (Le Monde Diplomatique, oct/93). [global] netbios name = Servidor workgroup = ESTACION server string = Samba %v en %L # Primary Domain Controller y Domain Master Browser domain logons = yes domain master = yes local master = yes preferred master = yes # Fin # Inhabilitar perfiles itinerantes (roaming profiles) logon home = logon path = # Fin os level = 64 wins support = Yes security = user passdb backend = smbpasswd encrypt passwords = No log level = 3 log file = /var/log/samba.%m max log size = 50 name resolve order = wins bcast host [netlogon] comment = Servicio netlogon path = /export/samba/netlogon read only = yes browseable = no [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [bases] comment = Bases de Combex path = /export/samba/combex browseable = Yes read only = No create mask = 0771 directory mask = 0775 veto oplock files = /*.dbf/*.ntx/ [alejandrawin] path = /export/samba/alejandrawin browseable = No read only = No create mask = 0600 directory mask = 0700 case sensitive = No oplocks = No level2 oplocks = No fstype = FAT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Help with samba on Solaris 9
If you just applied a Sun patch cluster, it likely overwrote your /etc/pam.conf file. (This can be confirmed by reading the CLEANUP file left after the install_cluster script runs, but you have to remember to save it if the file lived in volatile space like /tmp.) - Will -- Will Enestvedt UNIX System Administrator Providence, RI -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] env-entry problem in Pluto portal
Hi, Kurt. I have same problem as you on my Pluto portal ("...element "env-entry" occurs more than once.") I have read your solution with help of pluto.war/WEB-INF/data/xml/servletdefinitionmapping.xml. But I need solution which allow me deploy portlet on Pluto portal and on Sun Java Portal. Have you any other solutions of this problem or may be advices. Thanks Best Regards, Denis Tuchin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMB Signature verification failed when establish trust with win2003 domain
I have a samba PDC (using samba 3.0.24). When I try to establish trust with a win2003 domain, I got signing error, see the log below. Trust with NT domain and win2000 domain works. Any help are appreciated. Thanks, Lin [2007/04/04 17:00:13, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2007/04/04 17:00:13, 3] param/loadparm.c:lp_load(4953) lp_load: refreshing parameters [2007/04/04 17:00:13, 3] param/loadparm.c:init_globals(1418) Initialising global parameters [2007/04/04 17:00:13, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2007/04/04 17:00:13, 3] param/loadparm.c:do_section(3695) Processing section "[global]" doing parameter admin users = XANSMB+administrator @XANSMB+admins doing parameter add machine script = /opt/xandros/bin/dvaddcomputer %u doing parameter client use spnego = no doing parameter display charset = UTF8 [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113) Registered charset ASCII [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset 646 [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113) Registered charset 646 [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ISO-8859-1 [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113) Registered charset ISO-8859-1 [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS2-HEX [2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS2-HEX doing parameter dns proxy = no doing parameter domain logons = yes doing parameter domain master = yes doing parameter dos filetimes = yes doing parameter encrypt passwords = yes doing parameter idmap gid = 1-2 doing parameter idmap uid = 1-2 doing parameter invalid users = root doing parameter ldap admin dn = "cn=admin,dc=xpassdb,dc=xsmb" doing parameter ldap delete dn = yes doing parameter ldap group suffix = ou=Groups doing parameter ldap machine suffix = ou=Computers doing parameter ldap suffix = dc=xpassdb,dc=xsmb doing parameter ldap user suffix = ou=People doing parameter load printers = no doing parameter local master = yes doing parameter log file = /var/log/samba/log.%m doing parameter logon drive = Z: doing parameter logon home = \\%N\%U doing parameter logon path = \\%N\profiles\%U doing parameter map to guest = Bad User doing parameter max log size = 1000 doing parameter name resolve order = lmhosts host wins bcast doing parameter obey pam restrictions = yes doing parameter os level = 65 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter passdb backend = ldapsam:ldap://127.0.0.1:4389 doing parameter passwd chat = *Enter\snew\spassword:* %n\n . doing parameter passwd program = /opt/xandros/bin/gumpasswdsync %u doing parameter password server = * doing parameter preferred master = yes doing parameter printcap name = cups doing parameter printing = cups doing parameter security = USER doing parameter server string = %h (Xandros Server) doing parameter socket options = TCP_NODELAY doing parameter syslog = 0 doing parameter template shell = /bin/bash doing parameter unix charset = UTF8 doing parameter unix password sync
[Samba] NT_STATUS_IO_TIMEOUT
Samba occasionally fails with the following. I have seen many questions regarding this but no answers unfortunately. I am wondering what the setting is where I can increase this time out value of 1 milliseconds in case that specific request is just slow. This is called many times a day and only just occasionally fails. I have looked through the entire manual for smb.conf and can't find a relevant parameters. Many Thanks rpc_client/cli_pipe.c:rpc_api_pipe(785) rpc_api_pipe: Remote machine DCServer01 pipe \NETLOGON fnum 0xc005returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/03/19 15:56:07, 0] auth/auth_domain.c:domain_client_validate(238) domain_client_validate: unable to validate password for user ProcessManager in domain SLAC to Domain controller DCServer01. Error was NT_STATUS_IO_TIMEOUT. [2007/03/19 15:56:07, 0] libsmb/clientgen.c:cli_rpc_pipe_close(369) cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xc005 to machine DCServer01. Error was Call timed out: server did not respond after 1 milliseconds [2007/03/19 15:56:07, 2] auth/auth.c:check_ntlm_password(315) check_ntlm_password: Authentication for user [ProcessManager] -> [ProcessManager] FAILED with error NT_STATUS_IO_TIMEOUT Gordon Allan The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee and access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. At present the integrity of e-mail across the Internet cannot be guaranteed and messages sent via this medium are potentially at risk. Therefore we will not accept liability for any claims arising as a result of the use of this medium to transmit messages by or to the Royal London Group. All incoming and outgoing e-mail communications are scanned automatically by software designed to quarantine e-mails containing material which is in contravention of our Company e-mail usage policy. The Royal London Mutual Insurance Society Limited for life and pension products Registered in England and Wales No. 99604. Registered Office: 55 Gracechurch Street, London, EC3V 0RL Royal London Asset Management Limited for investment management services Registered in England and Wales No. 2244297. Registered Office: 55 Gracechurch Street, London EC3V 0UF Royal London Savings Limited for Individual Savings Accounts Registered in England and Wales No. 3642633. Registered Office: 55 Gracechurch Street, London, EC3V 0RL Royal London Unit Trust Managers Limited for unit trusts Registered in England and Wales No. 2372439. Registered Office: 55 Gracechurch Street, London, EC3V 0UF Royal London Marketing Limited acting as an insurance intermediary for general insurance products Registered in England and Wales No. 4414137. Registered Office 55 Gracechurch Street, London, EC3V 0RL. All the above Royal London group companies are authorised and regulated by The Financial Services Authority. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_IO_TIMEOUT
Samba occasionally fails with the following. I have seen many questions regarding this but no answers unfortunately. I am wondering what the setting is where I can increase this time out value of 1 milliseconds in case that specific request is just slow. This is called many times a day and only just occasionally fails. I have looked through the entire manual for smb.conf and can't find a relevant parameters. Many Thanks rpc_client/cli_pipe.c:rpc_api_pipe(785) rpc_api_pipe: Remote machine DCServer01 pipe \NETLOGON fnum 0xc005returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/03/19 15:56:07, 0] auth/auth_domain.c:domain_client_validate(238) domain_client_validate: unable to validate password for user ProcessManager in domain SLAC to Domain controller DCServer01. Error was NT_STATUS_IO_TIMEOUT. [2007/03/19 15:56:07, 0] libsmb/clientgen.c:cli_rpc_pipe_close(369) cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xc005 to machine DCServer01. Error was Call timed out: server did not respond after 1 milliseconds [2007/03/19 15:56:07, 2] auth/auth.c:check_ntlm_password(315) check_ntlm_password: Authentication for user [ProcessManager] -> [ProcessManager] FAILED with error NT_STATUS_IO_TIMEOUT Gordon Allan The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee and access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. At present the integrity of e-mail across the Internet cannot be guaranteed and messages sent via this medium are potentially at risk. Therefore we will not accept liability for any claims arising as a result of the use of this medium to transmit messages by or to the Royal London Group. All incoming and outgoing e-mail communications are scanned automatically by software designed to quarantine e-mails containing material which is in contravention of our Company e-mail usage policy. The Royal London Mutual Insurance Society Limited for life and pension products Registered in England and Wales No. 99604. Registered Office: 55 Gracechurch Street, London, EC3V 0RL Royal London Asset Management Limited for investment management services Registered in England and Wales No. 2244297. Registered Office: 55 Gracechurch Street, London EC3V 0UF Royal London Savings Limited for Individual Savings Accounts Registered in England and Wales No. 3642633. Registered Office: 55 Gracechurch Street, London, EC3V 0RL Royal London Unit Trust Managers Limited for unit trusts Registered in England and Wales No. 2372439. Registered Office: 55 Gracechurch Street, London, EC3V 0UF Royal London Marketing Limited acting as an insurance intermediary for general insurance products Registered in England and Wales No. 4414137. Registered Office 55 Gracechurch Street, London, EC3V 0RL. All the above Royal London group companies are authorised and regulated by The Financial Services Authority. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bind or samba configuration preventing browsing network
On Wednesday 11 April 2007, Erik Anderson wrote: > security = domain start with "man smb.conf" and the "security =" parameter the "how to" and examples at samba.org can clarify as well Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB Signature verification failed when establish trust with win2003 domain
On Tue, Apr 10, 2007 at 01:18:17PM -0400, Lin Li wrote: > I have a samba PDC (using samba 3.0.24). When I try to establish trust > with a win2003 domain, I got signing error, see the log below. Trust > with NT domain and win2000 domain works. Any help are appreciated. Can you get me an ethereal/wireshark capture trace of this please ? Looks like the server is simply reflecting back the signature sent be the client, but I'd like to be sure. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Any pointers for multiple subnets?
Hi Nathan > > Thanks for your interest. In reply to your question, the answer is > yes. Both the linux machines are on both the LANs. Both are browseable > from Windows clients in both networks by \\netbiosname and \\ipaddress To confirm, You can connect across these subnets with netbios or ip, but only browsing through "My Network Places" does not work? and the only shares you are trying to browse for are the samba shares on your linux box? if not do the windows based shares show? Have you set the workgroup in the samba config? or are you choosing 'View Entire Network' when browsing through My network places? > . > > My intent is to have a client from 192.168.1.0/24 to browse > 192.168.1.0/24 windows network (and vice versa) using my linux box as > gateway. Is this possible? This might interest you, I'm not sure how old it is. http://brneurosci.org/linuxsetup38.html > I'm also not sure if this is an iptables problem or a samba problem. > > Thanks, > > Nandan Regards, Mark > > > On 4/11/07, Mark Adams <[EMAIL PROTECTED]> wrote: > >> With this setup, some things work as desired. I am able to connect to > >> 192.168.0.10 (Email server) from 192.168.1.5 after setting my linux box > >> as the gateway. Vice versa, I am able to connect to 192.168.1.6 (Email > >> server) from 192.168.0.2 by setting 192.168.0.177 (my linux box's IP on > >> outside LAN). > >> > >> I am beginning to think so far so good. But, Windows networking does > >> not follow suit. I am not able to browse the network when these settings > >> are active. > >> > >> What gives? My guess is I will be castigated for rushing with an email > >> before reading the Archives. > >> > >> But hope springs eternal. Regards, > >> > >> Nandan > > > >Can you browse to \\ip.of.samba.box and see the shares? > > > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > -- > Nandan Bhat > 403 Kasturi Towers > L.B.S. Marg, Naupada, > Thane 400601 INDIA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] bind or samba configuration preventing browsing network
I have a networking problem where I am not certain if the problem is samba or bind. I am still pretty much a nb at linux. The machine in question is running openSuSE 10.2 and is named rd1. I had samba working fine before I started to make it a WINS server and DNS host. I have a small LAN with no real administration functionality. The network is used for simple file sharing and dial-up internet connectivity. The SuSE box is the only linux box on the network, and a fairly new addition. I am attempting to setup rd1 to handle DNS and WINS and participate in the network filesharing activities. The windows boxes are running XP. Internet access is on a XP computer located at 192.168.0.1 and is hence setup as the gateway. rd1 is located at 192.168.0.4 and I decided to use the m$ domain of mshome.net, but create a workgroup called radio Using the following configuration, the XP boxes can see all the machines on the network. At times, the XP boxes can access rd1 (not not currently, as I must have broken something). rd1 cannot browse the “Windows Network” but, a cifs automount permits access to points mounted on 192.168.0.1 An nslookup performed on rd1 always works right (nslookup rd1 or nslookup rd1.mshome.net). An nslookup using full hostnames (e.g. nslookup rd1.mshome.net) works, but dropping the domain does not (e.g. nslookup rd1) on the XP box. I have spent a bunch of time trying to resolve this. I am stuck. Where have I gone wrong? Thank you for your help... -- smb.conf -- [global] workgroup = RADIO printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = Yes add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ netbios name = rd1 security = domain usershare max shares = 100 server string = rd1 hosts allow = 192.168.0. 192.168.10. local master = Yes os level = 32 preferred master = Yes domain master = Yes wins support = Yes name resolve order = wins lmhosts bcast hosts dns proxy = yes idmap gid = 1-2 idmap uid = 1-2 [export] comment = All groups path = /var/test read only = No create mask = 0777 directory mask = 0777 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root # named.conf options { version "707070707070707070707 - A custom compile"; directory "/var/lib/named"; dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats"; listen-on port 53 { 127.0.0.1; 192.168.0.4; }; listen-on-v6 { 192.168.0.4; }; query-source address * port 53; allow-query { 192.168.0.1/24; 127.0.0.1; }; notify no; include "/etc/named.d/forwarders.conf"; hostname "mshome.net"; }; zone "localhost" in { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; zone "mshome.net" in { allow-update {192.168.0.1/24; }; allow-transfer { none; }; file "master/mshome.netX"; type master; }; zone "0.168.192.in-addr.arpa" in { allow-transfer { none; }; file "master/0.168.192.in-addr.arpaX"; type master; }; // RFC 3152 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA " { type master; file "master/localhost-v6.rev"; };; // RFC 1886 -- deprecated zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT " { type master; file "master/localhost-v6.rev"; };; logging { category queries { log_file; }; category xfer-in { log_file; }; category xfer-out { log_file; }; category default { log_file; }; channel log_file { file "/var/log/bind-dns" size 5M; }; }; -- master/mshome.netX -- $TTL 2d @ IN SOA mshome.net. root.rd1.mshome.net. ( 2007040900 ; serial 3h ; refresh 1h ; retry 1w ; expiry 1d ) ; minimum @ IN NS 192.168.0.4 mshome.net. IN A 192.168.0.4 rd1 IN A 192.168.0.4 localhost IN A 127.0.0.1 inetlive IN A 192.168.0.1 --master/0.168.192.in-addr.arpaX -- $TTL 2d @ IN SOA mshome.net. root.rd1.mshome.net. ( 2007040900 ; serial 3h ; refresh 1h ; retry 1w ; expiry 1d ) ; minimum @ IN NS mshome.net. 4 IN PTR mshome.net. --log.nmbd -- [2007/04/11 13:30:51, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(351) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name RADIO<1b> for the workgroup RADIO. Unable to sync browse lists in this workgroup. -- bind-dns.log -- empty file -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fwd: machine authentication at Active Directory
Can anybody help me with this issue or tell me where I can get help? Thanks -- Otto Fuchshuber Filho [EMAIL PROTECTED] -- Forwarded message -- From: Otto Fuchshuber Filho <[EMAIL PROTECTED]> Date: 10/04/2007 22:08 Subject: machine authentication at Active Directory To: samba@lists.samba.org On a 802.1X environment, it's possible to permit a windows desktop gain access to the network by using only machine authentication at the Active Directory (no need for login + password). Is it possible to do the same with a Linux desktop with samba? I mean a Linux desktop pass machine credentials to Active Directory as windows do (SID), without any login and password. -- Otto Fuchshuber Filho [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc vampire umlauts (äöüß) pro blem
I changed the charset to UTF8, but nothing changes. Smbldap-usershow shows me the malformed umlauts, with ldapsearch i get "displayname:: Qs19dnttIFRidKxlej==". I tried to change unix charset to UTF8, ISO8859-1, ISO8850-15, but the displayname doesn`t change. I also changed the locales to UTF-8, [EMAIL PROTECTED], de_DE, [EMAIL PROTECTED], but the displayname doesn´t change, too. net rpc vampire ignores the settings. Any other ideas? Regards S.Drees Wolfgang Ratzka schrieb: > Stefan Drees schrieb: > > >> Hi, >> im using net rpc vampire to migrate users/ groups from nt4 to samba3 >> with ldap backend. >> But the umlauts (äöüß) in the displayname are malformend. >> Unix charset in smb.conf is set to ISO8859-1. >> >> Any hint how to correct this? >> >> Regards >> S.Drees >> >> > > Did you consider switching your unix charset from ISO8859-1 to UTF-8? > Windows does allow unicode characters in file names and in other places. > Translating them to ISO8859-1 will not always work. > > Kind regards > Wolfgng Ratzka > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0 and XP roaming profiles
Here's my logon script (edited... This is just for mapping drives. I have others that get called from here also.)(XP clients. Domain Members) The ifmember part is optional. It checks for group membership and only maps the drives that the user needs, based on his group membership. I have a mixed environment so far. Migrating from a peer to peer workgroup to a domain. Machines that are part of the domain run this when a user logs on. No roaming profiles for me, though. Public is read only, so everyone gets that mapped. Ifmember.exe is part of the W2K (or later) server resource kit. Ifmember.exe only exists in the netlogon share. net time \\server /set /yes :accts \\server\netlogon\ifmember "domainname\acctsdep" if not errorlevel 1 goto parts net use j: \\server\accounts :parts \\server\netlogon\ifmember "domainname\partsdept" if not errorlevel 1 goto service net use k: \\server\parts :service \\server\netlogon\ifmember "domainname\servicedept" if not errorlevel 1 goto sales net use s: \\server\service :sales \\server\netlogon\ifmember "domainname\salesdept" if not errorlevel 1 goto hr net use l: \\server\sales :hr \\server\netlogon\ifmember "domainname\hr" if not errorlevel 1 goto public net use m: \\server\hr :public net use p: \\server\public It's named logon.bat (you can name it whatever you want.) It's in /var/lib/samba/netlogon/scripts My smb.conf says: [GLOBAL] .. logon script = scripts\logon.bat (this has to match what you named the above.) . [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon (path=/var/samba/netlogon/%U would have a subfolder with each user name, and you could build a script for each user) public = no writeable = no browsable = no Hope this helps. Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of contact_mahajan Sent: Wednesday, April 11, 2007 1:06 PM To: samba@lists.samba.org Subject: Re: [Samba] Samba 3.0 and XP roaming profiles Thanks for the suggestion. I havn't tried login scripts. I can create a login script and put it under the base netlogon path which is /var/samba/netlogon in my case. But my question is what shoudl be the name of this script so that every profile can grab it. Moreover what permissions should be set on it so that every profile can run it. Also regarding my logon script, my smb.conf fille says like this: [GLOBAL] .. logon script = scripts\login.bat . [netlogon] ... path= /var/samba/netlogon/%U Actually this configuration was designed by an earlier admin and I dont know why he put that "script\login.bat". I dont see any directory called scripts on the server. My question is, that what should I put here so that all my profiles can catch this script and what permissions should be set for the script? Thanks in advance, Gigs -- View this message in context: http://www.nabble.com/Samba-3.0-and-XP-roaming-profiles-tf3561201.html#a9947 378 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 and XP roaming profiles
Thanks for the suggestion. I havn't tried login scripts. I can create a login script and put it under the base netlogon path which is /var/samba/netlogon in my case. But my question is what shoudl be the name of this script so that every profile can grab it. Moreover what permissions should be set on it so that every profile can run it. Also regarding my logon script, my smb.conf fille says like this: [GLOBAL] .. logon script = scripts\login.bat . [netlogon] ... path= /var/samba/netlogon/%U Actually this configuration was designed by an earlier admin and I dont know why he put that "script\login.bat". I dont see any directory called scripts on the server. My question is, that what should I put here so that all my profiles can catch this script and what permissions should be set for the script? Thanks in advance, Gigs -- View this message in context: http://www.nabble.com/Samba-3.0-and-XP-roaming-profiles-tf3561201.html#a9947378 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 and XP roaming profiles
contact_mahajan wrote: Hello friends, I am running Samba 3.0 on RHEL4 server. Around 200 roaming profiles are also configured and they login to XP machines. Things are working for us except in network rollout scenarios. We dont know how to roll out patches or some global changes to all the profiles. We have to visit each and every profile (loggin each of them) to do even the small changes. Today we have to map a network share in all the profiles and we are stuck again. I will appreciate if you can please suggest me something. I can script a batch file to map the network drives. But dont know how my to automate this at the logon for all the profiles. http://tinyurl.com/37htp3 -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 and XP roaming profiles
contact_mahajan schrieb: > I will appreciate if you can please suggest me something. I can script a > batch file to map the network drives. But dont know how my to automate this > at the logon for all the profiles. Have you ever tried a login script? Kind regards, Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 and XP roaming profiles
Hello friends, I am running Samba 3.0 on RHEL4 server. Around 200 roaming profiles are also configured and they login to XP machines. Things are working for us except in network rollout scenarios. We dont know how to roll out patches or some global changes to all the profiles. We have to visit each and every profile (loggin each of them) to do even the small changes. Today we have to map a network share in all the profiles and we are stuck again. I will appreciate if you can please suggest me something. I can script a batch file to map the network drives. But dont know how my to automate this at the logon for all the profiles. Please suggest. Thanks, Gigs -- View this message in context: http://www.nabble.com/Samba-3.0-and-XP-roaming-profiles-tf3561201.html#a9945615 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: ham,Re: [Samba] Problem to start services nmbd and smbd
Or to get the latest deb's from Samba and still be able to use apt, add to /etc/apt/sources.list something similar to: deb http://us3.samba.org/samba/ftp/Binary_Packages/Debian sarge samba Dale Mark Adams wrote: Hi Rodrigo, It is likely you are missing some dependancies. Why is it that you did not use apt to install samba? I would recommend you do this as apt will install all dependancies for you. A simple apt-get install samba should do the job. Regards, Mark On Tue, Apr 10, 2007 at 08:45:33PM +0300, Rodrigo Hashimoto wrote: Hi, I'm new in the Linux world, I've worked for about tree months with Debian and I've a big problem to start the samba services (nmbd and smbd). I downloaded the samba-latest.tar.gz from the www.samba.org and tried to compile it. I didn't have problem with it, but I can't initialize the services. What can I do? Thanks a lot. -- Rodrigo Hashimoto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Win32 services management?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm moving this thread to the samba-technical list if anyone wants to follow it there. Danny Tylman wrote: > I am facing some difficulties in implementing the parser function. > Somehow - I keep getting a 'nca_s_fault_ndr' responses. > > I guess this is due invalid parsing of parameters. I am counting on the > IDL specified here: > > http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/svcctl.idl?rev=18639&view=markup > > > And having couple of problems: > > 1. > > svcctl_CreateServiceW defines [in,size_is(dependencies_size)] uint8 > *dependencies and [in] uint32 dependencies_size. Which are uint8 type - > I think I can use a RPC_DATA_BLOB for that. This type appear in several > places - including the username/pass combination for the service user. > Looking at a Windows packet created with the CreateService() API, I can > see the password is encrypted. I don't know how to resolve this issue. > > 2. I am trying to create a simple service, ignoring all the > complicated issues, that is: passing 'null' at all places I don't > have to implement. But yet - all I am getting is a 'nca_s_fault_ndr'. > 3. Questions: > 1. How much should I count on the Samba4 IDL? How is it >generated? I found no official documentation on that. > 2. Looking at the SMB package data I see that the >'Policy_handle' part is larger (in size) than the Windows >counterpart, my function does the same as the others >regarding this handle, so I am just ignoring this issue. Is >it wise? > 3. I don't quite understand if it matters to declare a pointer >in the code (UNISTR2 *str) and then use the prs_pointer() >function rather than declaring a variable (UNISTR2 str) and >using the smb_io_unistr2() function. I saw the latter do >some padding (prs_align()), but I keep getting gaps in my >packets which I can't explain - no matter which function I use. > > Regards, Danny. > > Gerald (Jerry) Carter wrote: > > [EMAIL PROTECTED] wrote: > > I am interested in implementing the 'createservice()' functionality using the RPC protocol. I need this functionality badly, and I understand it is not implemented. > > I understand vaguely how this should be working and found some documentation, here: http://www.hsc.fr/ressources/articles/win_net_srv/ here:http://www.hsc.fr/ressources/articles/win_net_srv/ well_known_named_pipes.html and here: http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_srvsvc.html. > > Also look at the svcctl.ild definition in SAMBA_4_0. > > http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/svcctl.idl?rev=18639&view=markup > > > I guess the issue here is to use the same method used in the 'net' command ('net.c' - util) and try to call the rpc-client with just different parameter as the above mentioned links state. I don't have much experience in samba programming and I need to know: (a) how complicate is that? should it be an easy task? (b) I need some starting point. (of course - if this is already implemented somewhere, i would be glad to know!) > > It's not too hard. Look at > svn://svnanon.samba.org/samba/SAMBA_3_0/source/utils/net_rpc_service.c > > You'll need to do a few things. > > * Add request/reply structures to include/rpc_svcctl.h > * Add the parsing functions to rpc_parse/parse_svcctl > * Add the client function to rpc_client/cli_svcctl.c > * Add in the new command to net_rpc_service.c > > Start by looking at how the existing service management > calls are implemented and then start adapting that to the > new call. All make sure you have a current release of > wireshark to anaylze the traffic and make sure that > parsing functions are doing the right thing. Might even be > good idea to get comfortable with the trafiic between > two windows servers while playing with the Service Control > MMC plugin. > > Hope this helps get you started. > > > > > cheers, jerry > = > Samba--- http://www.samba.org > Centeris --- http://www.centeris.com > "What man is a man who does not make the world better?" --Balian - -- = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHRSgIR7qMdg1EfYRAhXPAKCv7SbL2f/r
Re: [Samba] Re: psexec for Linux and svcctl.idl changes
I am currently trying to implement a CreateService() call in Samba 3; this is all what's left for a writing a psexec clone. Kinda stuck. will appreciate help though... :) Danny. David Fischer (DHL US) wrote: On Thu, 2006-07-06 at 21:33 +, an unknown sender wrote: On Thu, Jul 06, 2006 at 11:27:55PM +0200, Henrik Zagerholm wrote: Hi and thanks AH for a very good initiative of building this kind of tool. I just wonder if it would be possible to port this to the SAMBA 3 branch? Yes it would be quite easy, but AH needs to post his patch to the list so we can work on it first. Thanks, Jeremy. Question, Has there been and further work on this or is it dead? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Win32 services management?
Hi, I am facing some difficulties in implementing the parser function. Somehow - I keep getting a 'nca_s_fault_ndr' responses. I guess this is due invalid parsing of parameters. I am counting on the IDL specified here: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/svcctl.idl?rev=18639&view=markup And having couple of problems: 1. svcctl_CreateServiceW defines [in,size_is(dependencies_size)] uint8 *dependencies and [in] uint32 dependencies_size. Which are uint8 type - I think I can use a RPC_DATA_BLOB for that. This type appear in several places - including the username/pass combination for the service user. Looking at a Windows packet created with the CreateService() API, I can see the password is encrypted. I don't know how to resolve this issue. 2. I am trying to create a simple service, ignoring all the complicated issues, that is: passing 'null' at all places I don't have to implement. But yet - all I am getting is a 'nca_s_fault_ndr'. 3. Questions: 1. How much should I count on the Samba4 IDL? How is it generated? I found no official documentation on that. 2. Looking at the SMB package data I see that the 'Policy_handle' part is larger (in size) than the Windows counterpart, my function does the same as the others regarding this handle, so I am just ignoring this issue. Is it wise? 3. I don't quite understand if it matters to declare a pointer in the code (UNISTR2 *str) and then use the prs_pointer() function rather than declaring a variable (UNISTR2 str) and using the smb_io_unistr2() function. I saw the latter do some padding (prs_align()), but I keep getting gaps in my packets which I can't explain - no matter which function I use. Regards, Danny. Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: I am interested in implementing the 'createservice()' functionality using the RPC protocol. I need this functionality badly, and I understand it is not implemented. I understand vaguely how this should be working and found some documentation, here: http://www.hsc.fr/ressources/articles/win_net_srv/ here:http://www.hsc.fr/ressources/articles/win_net_srv/ well_known_named_pipes.html and here: http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_srvsvc.html. Also look at the svcctl.ild definition in SAMBA_4_0. http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/svcctl.idl?rev=18639&view=markup I guess the issue here is to use the same method used in the 'net' command ('net.c' - util) and try to call the rpc-client with just different parameter as the above mentioned links state. I don't have much experience in samba programming and I need to know: (a) how complicate is that? should it be an easy task? (b) I need some starting point. (of course - if this is already implemented somewhere, i would be glad to know!) It's not too hard. Look at svn://svnanon.samba.org/samba/SAMBA_3_0/source/utils/net_rpc_service.c You'll need to do a few things. * Add request/reply structures to include/rpc_svcctl.h * Add the parsing functions to rpc_parse/parse_svcctl * Add the client function to rpc_client/cli_svcctl.c * Add in the new command to net_rpc_service.c Start by looking at how the existing service management calls are implemented and then start adapting that to the new call. All make sure you have a current release of wireshark to anaylze the traffic and make sure that parsing functions are doing the right thing. Might even be good idea to get comfortable with the trafiic between two windows servers while playing with the Service Control MMC plugin. Hope this helps get you started. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGFW2FIR7qMdg1EfYRAo5zAJ0YPqvjTdWsCPiUvCCoYmbFaC0BjgCgg2+n pdRXnahzWjL6NzMUcr/sjyU= =ShmY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: psexec for Linux and svcctl.idl changes
On Thu, 2006-07-06 at 21:33 +, an unknown sender wrote: > On Thu, Jul 06, 2006 at 11:27:55PM +0200, Henrik Zagerholm wrote: > > Hi and thanks AH for a very good initiative of building this kind of > > tool. > > I just wonder if it would be possible to port this to the SAMBA 3 > > branch? > > Yes it would be quite easy, but AH needs to post his patch > to the list so we can work on it first. > > Thanks, > > Jeremy. Question, Has there been and further work on this or is it dead? thanks -- David R. Fischer Sr Systems Support Engineer DHL Information Services (Americas) 8701 East Hartford Drive Scottsdale, Arizona 85255 USA Contact: +1.480.375.6428 Cell:+1.480.226.3779 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Drag and Drop and Crash
Thought I would post this for Rhiannon. As mentioned that patch can not be removed safely. When I tried to remove it, it listed four or five other patches that may not work correctly. So I cancelled out. I may try and do a windows repair and see if that will put a fresh copy of the affected file(s) back on the machine. The repair I mention is the repair option you get when the installer finds a copy of windows on the hd and then asks to repair or whatever. Not the one where you use recovery console. Ideas / Suggestions. Many Thanks [EMAIL PROTECTED] wrote: Hi, I have tried to post this to the samba list a couple times but keeps getting bounced back for some reason...anyway here's my response -- I am running samba version 3.0.23 on RHEL 4. Last week I had experienced a similar problem with a couple samba users. The reboot would occur when trying to perform a save or save as...from a Word or Excel file on the samba share. What I discovered to be the problem is the recent MS patch, KB925902. I tried uninstalling the patch but for whatever reason it does not fully uninstall, so I had to reinstall WinXP SP2 to fix the issue. If your users are trying to copy MS office files, I would check to see if your users have this patch installed. Rhiannon If this fixes the problem for you feel free to post to the list for me. Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Summers Sent: Wednesday, April 11, 2007 9:01 AM To: Samba Subject: Re: [Samba] Drag and Drop and Crash New Update. Went to the user machine this morning. Using regedit I went through the registry and removed any keys / values that contained the samba server name. Rebooted and then re-mapped a drive. Still no joy. Trying to do a simple drag and drop copy form one location in the share to another location in the same share causes the machine to reboot. Ideas / suggestions? Many Thanks Jim Summers wrote: More info. I went the user's workstation and created a new user. Then mapped a drive to a different share. Attempted to copy a file within that share and boom, reboot. H. TIA Jim Summers wrote: Hello List, I am running a 3.0.24 server on redhat EL4. I have a user that has mapped a drive to his home directory on the server. When he copies a file from the share to a local disk location, desktop for example, it goes just fine. When he attempts to copy / move / cut and paste a file from one location on the share to another location in the same share, it will literally crash his local machine and it reboots. Other users can do the same no problems. He can map to a different samba server and is able to copy a file within that share. I am suspecting some corrupt file entry or possibly something strange in the registry not sure. I have looked in his home directory and do not see any thing out of the ordinary. Ideas / Suggestions? Many Thanks -- Jim Summers School of Computer Science-University of Oklahoma - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Group Policy install MSI from Samba share
I'm assigning this to the Computer Accounts, not publishing to groups/users. The only thing I could think of was to give permission to the Domain Computers group, but that does not work. James Dinkel -Original Message- From: Daniel Samson Sent: Wednesday, April 11, 2007 2:32 AM Is you samba server using the ldap database on the domain controller for authentication? This sounds like an authentication problem. Try telling samba to inherit the permissions of the directory that the MSI file lives in. Then simply change the owner or group owner of that directory and file to the group you wish it to apply to. Do this use chmod and chown in konsole or alternatively right click the file (in your linux/unix variant) and go to permissions. Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Drag and Drop and Crash
New Update. Went to the user machine this morning. Using regedit I went through the registry and removed any keys / values that contained the samba server name. Rebooted and then re-mapped a drive. Still no joy. Trying to do a simple drag and drop copy form one location in the share to another location in the same share causes the machine to reboot. Ideas / suggestions? Many Thanks Jim Summers wrote: More info. I went the user's workstation and created a new user. Then mapped a drive to a different share. Attempted to copy a file within that share and boom, reboot. H. TIA Jim Summers wrote: Hello List, I am running a 3.0.24 server on redhat EL4. I have a user that has mapped a drive to his home directory on the server. When he copies a file from the share to a local disk location, desktop for example, it goes just fine. When he attempts to copy / move / cut and paste a file from one location on the share to another location in the same share, it will literally crash his local machine and it reboots. Other users can do the same no problems. He can map to a different samba server and is able to copy a file within that share. I am suspecting some corrupt file entry or possibly something strange in the registry not sure. I have looked in his home directory and do not see any thing out of the ordinary. Ideas / Suggestions? Many Thanks -- Jim Summers School of Computer Science-University of Oklahoma - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] reset on zero vc, global parameter or not
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: > Schaefer Jr, Thomas R. wrote: >>> Hello, >>> >>> Accoring to the smb.conf man page "reset on zero vc" can be specified >>> for a share. It has (S) after it in the man page. >>> >>> I set it on 4 shares I want it enabled on. Now when I run smbstatus the >>> first 4 lines displayed are >>> >>> Global parameter reset on zero vc found in service section! >>> Global parameter reset on zero vc found in service section! >>> Global parameter reset on zero vc found in service section! >>> Global parameter reset on zero vc found in service section! >>> >>> So, which is correct, smbstatus or the man page? > > Code trumps docs in this case. Docs have been updated. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHPAHIR7qMdg1EfYRAh09AKCqAbcHUuwqDkNZX9UOXwy+8PU0kwCdGhIp WBOXkgsEmdqwFgOcd9hvnUU= =05sr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] reset on zero vc, global parameter or not
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Schaefer Jr, Thomas R. wrote: > Hello, > > Accoring to the smb.conf man page "reset on zero vc" can be specified > for a share. It has (S) after it in the man page. > > I set it on 4 shares I want it enabled on. Now when I run smbstatus the > first 4 lines displayed are > > Global parameter reset on zero vc found in service section! > Global parameter reset on zero vc found in service section! > Global parameter reset on zero vc found in service section! > Global parameter reset on zero vc found in service section! > > So, which is correct, smbstatus or the man page? Code trumps docs in this case. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHO3FIR7qMdg1EfYRAhWGAKCOoootXNOXueH2CtW5gCbL/bqkQACeO251 7VMxamRYRvc4smNt5ax4OEs= =eyMA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] reset on zero vc, global parameter or not
Hello, Accoring to the smb.conf man page "reset on zero vc" can be specified for a share. It has (S) after it in the man page. I set it on 4 shares I want it enabled on. Now when I run smbstatus the first 4 lines displayed are Global parameter reset on zero vc found in service section! Global parameter reset on zero vc found in service section! Global parameter reset on zero vc found in service section! Global parameter reset on zero vc found in service section! So, which is correct, smbstatus or the man page? Thankyou, Tom Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with subfolder permissions within share
Further to the below, you will want to use create mask = 774 directory mask = 2775 > > Hi Jethro, > > Please make sure when you reply to mailing list messages that you 'Reply > All' as the information may be useful for other users if they have > similar issues. > > To answer your question, No i'm not talking about adding an extra entry > in the smb.conf, as it is in the same container as your first share it > would still be visible even if you did this. > > I am talking about setting the folder permissions in linux. You can do > what you are asking effectively using groups. > > I suggest you do the following; > > Create 2 groups on your linux server; group1 and group2 > > Add user1, user2, and user3 to group1. > Add user1 and user3 to group2. > > Change your smb.conf config for "test" so it has > > valid users = @group1 > > using the @ sign means it will allow the people in that group, rather > than having to add multiple users > > Then set the perms (chmod) on the "test" folder in the filesystem to 2774 > (the 2 is important as this sets "SGID or Set group id" this will > ensure any files created in this folder, no matter by what user, will > always set the group) > > Change the group ownership (chgrp) recursively to group1 for "test" > > cd in to "test" and change the group ownership of "subtest" to group2 > > Set the perms of 2774 for the "subtest" folder. > > Once this is done it should work as you desire, if user1 or user3 logs > in, they will have access to all folders. If user2 logs in, they will > not have access to "subtest". > > I would recommend you read a bit more about linux if you intend to use > it. Especially about permissions, see the following link for more > information; > > http://www.zzee.com/solutions/linux-permissions.shtml > > Regards, > Mark > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba: offer public share to Windows 98 and writable share to Windows XP
Did you set a password for the music user with smbpasswd -a music ? On Wed, Apr 11, 2007 at 12:17:46PM +0800, Zhang Weiwu wrote: > On Wed, 2007-04-11 at 11:57 +0800, Zhang Weiwu wrote: > > Dear List. My requirement is to set up a samba share named "music" > > that: > > I. it's read-only accessible from both Windows 98 and Windows > > 2000/XP not requiring password; > > II. it's write-accessible from Windows XP protected by a password. > > In my last email I forgot to mention my "uname -a" and my smb.conf > > [global] > server string = File Server Sappho %v > log file = /var/log/samba/log.%m > map to guest = nobody > hosts allow = 218.193.55. > security = share > encrypt passwords = no > bind interfaces only = 218.193.55.205 > dos charset = 936 > unix charset = UTF-8 > > [music] >comment = /var/music >path = /var/music >guest ok = yes >read only = no > > Later I am aware that Windows NT (including XP) probably doesn't work > with "encrypt passwords = no" so I removed that line, the result is, > Windows XP user can always map the share as user "music" but after > mounted the user still don't have permission to write to the share. > Sambe log shows the user is still "nobody" but not "music". > > [2007/04/11 02:15:59, 1] > smbd/service.c:make_connection_snum(693) > 218.193.55.233 (218.193.55.233) connect to service music initially > as user nobody (uid=65534, gid=65534) (pid 15327) > > my system information: > sappho ~ # equery which samba > /usr/portage/net-fs/samba/samba-3.0.24.ebuild > sappho ~ # uname -a > Linux sappho.realss.com 2.6.18-gentoo-r3 #23 Mon Apr 9 23:27:21 HKT 2007 > sparc64 sun4u TI UltraSparc IIi (Sabre) GNU/Linux > > My latest smb.conf: > > sappho ~ # cat /etc/samba/smb.conf > [global] > server string = File Server Sappho %v > log file = /var/log/samba/log.%m > map to guest = nobody > hosts allow = 218.193.55. > security = share > bind interfaces only = 218.193.55.205 > dos charset = 936 > unix charset = UTF-8 > > [music] >comment = /var/music >path = /var/music >guest ok = yes >read only = no > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Summary from Tuesday's Bugzilla Day
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FYI Thanks to all who reported and helped track down a few annoying and visible bugs (compile failures, crashes, etc...) in 3.0.25rc1. I've add a short summary of the day's work at http://wiki.samba.org/index.php/Bugzilla_Day (includes links to the list of 3.0.25 fixed bugs, current patch file for 3.0.25rc1, and plans for 3.0.25rc2). cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHOUaIR7qMdg1EfYRArfCAKDZnBXgx0iT8X1gFlv09c1JBQzAuQCfX4pn GGNnU55fjH130n3p1Yl73E4= =gsos -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB Signature verification failed when establish trust with win2003 domain
I found the solution. When the problem happens I set the "client use spnego" to no. If I set it to yes, the trust works. Thanks, Lin Daniel Samson wrote: Could you please send a copy of your configuration files to me so that i can check if it is a configuration problem. daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with subfolder permissions within share
> On Wed, Apr 11, 2007 at 10:14:49AM +0200, Jethro Hermans wrote: > > > I want to do the following set-up but I don't succeed in it: > > > > > > e.g.: > > > > > > users: user1 > > >user2 > > >user3 > > > > > >share: "test" with access from user1,2 and 3 > > > > > > Now I want to create a subfolder in "test" e.g. "subtest" but only with > > > access for user1 and 3 but I'm not able to do that. > > > Is there a solution for this? > > > I assume that all of these users are in a group e.g "group1" that has > > read/write access, and you are allowing @group1 for the valid users = > > access in smb.conf? > > > > To get what you want you could create another group "group2" that > > allows read/write permission to "subtest" with only user1 and user3 in > > the group. > > Jethro wrote privately > Do you want to say that I have to create a second folder (as > subfolder) > in the smb.conf with only these users as valid? Is this the only > right way to do this or is there maybe a way to do this in windows. > Because I created the subfolder via windows so it would be more easy to > manage the permissions and allowed users also that way.< Hi Jethro, Please make sure when you reply to mailing list messages that you 'Reply All' as the information may be useful for other users if they have similar issues. To answer your question, No i'm not talking about adding an extra entry in the smb.conf, as it is in the same container as your first share it would still be visible even if you did this. I am talking about setting the folder permissions in linux. You can do what you are asking effectively using groups. I suggest you do the following; Create 2 groups on your linux server; group1 and group2 Add user1, user2, and user3 to group1. Add user1 and user3 to group2. Change your smb.conf config for "test" so it has valid users = @group1 using the @ sign means it will allow the people in that group, rather than having to add multiple users Then set the perms (chmod) on the "test" folder in the filesystem to 2774 (the 2 is important as this sets "SGID or Set group id" this will ensure any files created in this folder, no matter by what user, will always set the group) Change the group ownership (chgrp) recursively to group1 for "test" cd in to "test" and change the group ownership of "subtest" to group2 Set the perms of 2774 for the "subtest" folder. Once this is done it should work as you desire, if user1 or user3 logs in, they will have access to all folders. If user2 logs in, they will not have access to "subtest". I would recommend you read a bit more about linux if you intend to use it. Especially about permissions, see the following link for more information; http://www.zzee.com/solutions/linux-permissions.shtml Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap password sync
>Ok, in this case you must look at pdb_nds >Volker worked a charm - many thanks. I owe you a beer the next time your in Melbourne. Regards, David Pinkerton The contents of this email may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. PLAN Australia is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Desktops with Linux Clients
On Wednesday, 11.04.2007 at 21:07 +0930, Daniel O'Connor wrote: > On Wednesday 11 April 2007 20:44, Dave Ewart wrote: > > Well, we clearly have different opinions here. I don't fancy > > mounting /home (via NFS) on every Linux box. That just strikes me > > as the wrong way to do it: a local machine root compromise puts the > > entirety of /home at risk. pam_mount at least ensures that you only > > get the home directory for the current logged-in user > > remotely-mounted. > > I wasn't thinking straight and was under the impression that local > root would need special access to the LDAP server but that isn't > necessary with the correct ACLs. > > Yes, you're right :) :-) Yes, local root needs to be told to *trust* the LDAP server, as far as authentication and users/groups are concerned, but no special access is required. Dave. -- Dave Ewart [EMAIL PROTECTED] Computing Manager, Cancer Epidemiology Unit Cancer Research UK / Oxford University PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370 Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc N 51.7518, W 1.2016 signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Desktops with Linux Clients
On Wednesday 11 April 2007 20:44, Dave Ewart wrote: > Well, we clearly have different opinions here. I don't fancy mounting > /home (via NFS) on every Linux box. That just strikes me as the wrong > way to do it: a local machine root compromise puts the entirety of /home > at risk. pam_mount at least ensures that you only get the home > directory for the current logged-in user remotely-mounted. I wasn't thinking straight and was under the impression that local root would need special access to the LDAP server but that isn't necessary with the correct ACLs. Yes, you're right :) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgp5iWGWEpqGX.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap password sync
On Wed, Apr 11, 2007 at 09:20:22PM +1000, David Pinkerton wrote: > A little more background. > LDAP directory is Novell eDirectory. cn=admin,o=dhp is a > "god" user. R/W rights to every object. The reason I > need to sync the password is for the rollout of Zenworks. > It uses the userPassword to authenticate the zen client. Ok, in this case you must look at pdb_nds Volker pgp4ODUhXgtQK.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Any pointers for multiple subnets?
> With this setup, some things work as desired. I am able to connect to > 192.168.0.10 (Email server) from 192.168.1.5 after setting my linux box > as the gateway. Vice versa, I am able to connect to 192.168.1.6 (Email > server) from 192.168.0.2 by setting 192.168.0.177 (my linux box's IP on > outside LAN). > > I am beginning to think so far so good. But, Windows networking does > not follow suit. I am not able to browse the network when these settings > are active. > > What gives? My guess is I will be castigated for rushing with an email > before reading the Archives. > > But hope springs eternal. Regards, > > Nandan Can you browse to \\ip.of.samba.box and see the shares? > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap password sync
Thank you to everyone who replied. workgroup = HOME netbios name = DHP security = user encrypt passwords = yes enable privileges = yes passdb backend = ldapsam:ldap://127.0.0.1 log file = /var/log/samba/%m.log utmp = yes max log size = 50 log level = 1 syslog = 0 add user script = /usr/local/sbin/smbldap-useradd -m "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" domain logons = yes domain master = yes os level = 65 preferred master = yes wins support = yes ldap admin dn = cn=admin,o=dhp ldap passwd sync = yes ldap delete dn = yes ldap suffix = o=dhp ldap machine suffix = ou=machine ldap user suffix = ou=staff ldap group suffix = ou=group ldap idmap suffix = ou=idmap idmap uid = 1-2 idmap gid = 1-2 I removed the unix password syn and passwd program directive - no luck :-( It will still not sync the users password change to the userPassword attribute. Again packet traces show NO modify request for userPassword, only the samba attributes. A little more background. LDAP directory is Novell eDirectory. cn=admin,o=dhp is a "god" user. R/W rights to every object. The reason I need to sync the password is for the rollout of Zenworks. It uses the userPassword to authenticate the zen client. The /usr/local/sbin/smbldap-passwd scripts works when called from command line. Has anyone ever had this working - can't find anyone who says they have, just lots of "should" work. I'm beginning to think it is a samba myth. Regard, David Pinkerton The contents of this email may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. PLAN Australia is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Desktops with Linux Clients
On Wednesday, 11.04.2007 at 20:35 +0930, Daniel O'Connor wrote: > On Wednesday 11 April 2007 19:40, Dave Ewart wrote: > > > That combined with pam_winbind and nss_winbind should get you what > > > you want. > > > > Seconded. > > > > We use direct LDAP authentication for the Linux workstations > > (Windows PCs use LDAP via Samba) and pam_mount - works very nicely. > > If I was using LDAP directly then I would just mount /home on each of > the Linux machines. > > IMO pam_mount is only useful if you don't trust root on the Linux > boxes, or the master repository for files doesn't do NFS, or the home > directories aren't available in a single directory. > > (pam_mount seems more evil than using NFS like that IMO :) Well, we clearly have different opinions here. I don't fancy mounting /home (via NFS) on every Linux box. That just strikes me as the wrong way to do it: a local machine root compromise puts the entirety of /home at risk. pam_mount at least ensures that you only get the home directory for the current logged-in user remotely-mounted. Dave. -- Dave Ewart [EMAIL PROTECTED] Computing Manager, Cancer Epidemiology Unit Cancer Research UK / Oxford University PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370 Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc N 51.7518, W 1.2016 signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Any pointers for multiple subnets?
Hi, I am trying to have some routing done between two subnets. One is 192.168.1.0/24 and has my LAN computers running a mix of Windows 98/XP clients. There are two linux machines on this network running Samba. Another is 192.168.0.0/24 and has the other LAN. Only my linux machines have two NICs, one for each LAN. I am trying out one of these linux machines to be the gateway for both the LANs. My routing table is as follows Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 00 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0 At present, I am testing my system, so I have adopted a VERY liberal iptables ruleset. It has the following entries #! /bin/sh # # definitions IPTABLES=/sbin/iptables DEPMOD=/sbin/depmod MODPROBE=/sbin/modprobe EXTIF="eth1" INTIF="eth0" UNIVERSE=0.0.0.0/0 # # Load modules $DEPMOD -a $MODPROBE ip_tables $MODPROBE ip_conntrack $MODPROBE ip_conntrack_ftp $MODPROBE ip_conntrack_irc $MODPROBE iptable_nat $MODPROBE ip_nat_ftp $MODPROBE ip_nat_irc # # Enable IP forwarding echo "1" > /proc/sys/net/ipv4/ip_forward # # Begin iptables rules $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD ACCEPT $IPTABLES -F FORWARD $IPTABLES -t nat -F #$IPTABLES -A INPUT -j ACCEPT #$IPTABLES -A OUTPUT -j ACCEPT #$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT #$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT #$IPTABLES -A FORWARD -j LOG $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE $IPTABLES -t nat -A POSTROUTING -o $INTIF -j MASQUERADE With this setup, some things work as desired. I am able to connect to 192.168.0.10 (Email server) from 192.168.1.5 after setting my linux box as the gateway. Vice versa, I am able to connect to 192.168.1.6 (Email server) from 192.168.0.2 by setting 192.168.0.177 (my linux box's IP on outside LAN). I am beginning to think so far so good. But, Windows networking does not follow suit. I am not able to browse the network when these settings are active. What gives? My guess is I will be castigated for rushing with an email before reading the Archives. But hope springs eternal. Regards, Nandan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with subfolder permissions within share
On Wed, Apr 11, 2007 at 10:14:49AM +0200, Jethro Hermans wrote: > Dear, > > I want to do the following set-up but I don't succeed in it: > > e.g.: > > users: user1 > user2 > user3 > > share: "test" with access from user1,2 and 3 > > Now I want to create a subfolder in "test" e.g. "subtest" but only with > access for user1 and 3 but I'm not able to do that. > Is there a solution for this? I assume that all of these users are in a group e.g "group1" that has read/write access, and you are allowing @group1 for the valid users = access in smb.conf? To get what you want you could create another group "group2" that allows read/write permission to "subtest" with only user1 and user3 in the group. > > Thank you, > Jethro Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with subfolder permissions
Dear, I want to do the following set-up but I don't succeed in it: e.g.: users: user1 user2 user3 share: "test" with access from user1,2 and 3 Now I want to create a subfolder in "test" e.g. "subtest" but only with access for user1 and 3 but I'm not able to do that. Is there a solution for this? Thank you, Jethro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Desktops with Linux Clients
On Wednesday 11 April 2007 19:40, Dave Ewart wrote: > > That combined with pam_winbind and nss_winbind should get you what you > > want. > > Seconded. > > We use direct LDAP authentication for the Linux workstations (Windows > PCs use LDAP via Samba) and pam_mount - works very nicely. If I was using LDAP directly then I would just mount /home on each of the Linux machines. IMO pam_mount is only useful if you don't trust root on the Linux boxes, or the master repository for files doesn't do NFS, or the home directories aren't available in a single directory. (pam_mount seems more evil than using NFS like that IMO :) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpk2rgRkMbtW.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem to start services nmbd and smbd
Hi Rodrigo, It is likely you are missing some dependancies. Why is it that you did not use apt to install samba? I would recommend you do this as apt will install all dependancies for you. A simple apt-get install samba should do the job. Regards, Mark On Tue, Apr 10, 2007 at 08:45:33PM +0300, Rodrigo Hashimoto wrote: > Hi, I'm new in the Linux world, I've worked for about tree months with > Debian and I've a big problem to start the samba services (nmbd and smbd). > > I downloaded the samba-latest.tar.gz from the www.samba.org and tried to > compile it. I didn't have problem with it, but I can't initialize the > services. > > What can I do? > > Thanks a lot. > > -- > Rodrigo Hashimoto > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Desktops with Linux Clients
On Tuesday, 10.04.2007 at 22:03 +0930, Daniel O'Connor wrote: > On Wednesday 11 April 2007 06:55, Jimmy Perkins wrote: > > I have Samba setup on a Debian server and have implemented roaming desktops > > for the windows clients. In this network, there > > are also LINUX clients that i would like to use roaming desktops and the > > users be able to access their home directory on the server > > when they login to one of these linux clients. > > > > Is this possible using Samba? And can anyone point me to a > > website/tutorial or any information regarding this? I have searched a lot > > and have not found much related to my problem. > > You could try pam_mount - http://pam-mount.sourceforge.net/ > > That combined with pam_winbind and nss_winbind should get you what you want. Seconded. We use direct LDAP authentication for the Linux workstations (Windows PCs use LDAP via Samba) and pam_mount - works very nicely. Dave. -- Dave Ewart [EMAIL PROTECTED] Computing Manager, Cancer Epidemiology Unit Cancer Research UK / Oxford University PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370 Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc N 51.7518, W 1.2016 signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with subfolder permissions within share
Dear, I want to do the following set-up but I don't succeed in it: e.g.: users: user1 user2 user3 share: "test" with access from user1,2 and 3 Now I want to create a subfolder in "test" e.g. "subtest" but only with access for user1 and 3 but I'm not able to do that. Is there a solution for this? Thank you, Jethro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with subfolder permissions within share
Dear, I want to do the following set-up but I don't succeed in it: e.g.: users: user1 user2 user3 share: "test" with access from user1,2 and 3 Now I want to create a subfolder in "test" e.g. "subtest" but only with access for user1 and 3 but I'm not able to do that. Is there a solution for this? Thank you, Jethro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba