Re: [Samba] unix network printing

[Jerome Alet]

On Mon, May 14, 2007 at 11:53:46PM -0500, Shaun Marolf wrote:
> On Monday 14 May 2007 11:34:44 pm John Nietzsche wrote:
> >
> > Some time ago, i reached an internet site related to printer in unix
> > environment. It was very useful since there was detailed information
> > for hundreds of printer device capabilities and quality of support for
> > each one; as also manufacturers.
> >
> > I remenber that based on such information i was able to perform a good
> > purchase.
> >
> > The problem is that now, to the best of my recollection i can't
> > recollect the site url!
> >
> > I wonder is someone here aware the site i am talking about could share
> > the url with all the list.

Probably http://www.linuxprinting.org

hth

Jerome Alet
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] unix network printing

[Shaun Marolf]

On Monday 14 May 2007 11:34:44 pm John Nietzsche wrote:
>
> Some time ago, i reached an internet site related to printer in unix
> environment. It was very useful since there was detailed information
> for hundreds of printer device capabilities and quality of support for
> each one; as also manufacturers.
>
> I remenber that based on such information i was able to perform a good
> purchase.
>
> The problem is that now, to the best of my recollection i can't
> recollect the site url!
>
> I wonder is someone here aware the site i am talking about could share
> the url with all the list.
>
This is what you are looking for.

--Shaun

-- 
It isn't about it being free. Rather, its about the freedom it brings.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] unix network printing

[John Nietzsche]

Dear gentleman,

i am deploying and unix/windows network and samba has been doing a
great job since so far. But now, i am in need to set my network
printers to be able to receive jobs from any machine in the network.

Some time ago, i reached an internet site related to printer in unix
environment. It was very useful since there was detailed information
for hundreds of printer device capabilities and quality of support for
each one; as also manufacturers.

I remenber that based on such information i was able to perform a good purchase.

The problem is that now, to the best of my recollection i can't
recollect the site url!

I wonder is someone here aware the site i am talking about could share
the url with all the list.

Thanks a lot for your time and cooperation.

Very best regards.

Sincerely yours,

john.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] user are able to access "/" partition.

[Tim Bates]

Dhillon, Gurjit wrote:

We have the system customized, there are few user whose home directory
is under /corp/home/gurjit or /fem/home/gurjit1 or /family/home/gurjit2.
so I cannot mention path = /home/ 


How can I go about this now ??
  
Isn't there a variable for the user's home dir? Something like %H? Check 
the man page for smb.conf (there's an online version if you don't have it).
You can also include files based on groups ("include = 
/etc/samba/homes-%G.conf" is a real example of what I use at work to get 
different forced permissions for each group).


TB

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] user are able to access "/" partition.

[Dhillon, Gurjit]

-Original Message-
From: Gianluca Culot [mailto:[EMAIL PROTECTED] 
Sent: Monday, May 14, 2007 6:44 AM
To: Dhillon, Gurjit; samba@lists.samba.org
Subject: R: [Samba] user are able to access "/" partition.


> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> conto di Dhillon, Gurjit
> Inviato: lunedi 14 maggio 2007 11.37
> A: samba@lists.samba.org
> Oggetto: [Samba] user are able to access "/" partition.
>
>
> Hi All.
>
>
>
> We have a samba server at our location. We are facing out with some
> issue. User who have the account on the server are able to access "/"
> root access.
>
> I have tried to add an extra line In Home sharing, which is "path =
%H",
> this lined solved my issue, but gave other issue. After implementing
> this line under Home share, I am not able to open any other user's
home
> directory which is shared to me or have access to open. If I try to
> access other user home, it simply open my own home directory, even the
> directory which I am not author... , I endup opening my own home
> directory instead of getting error.
>
>
>
> Can any one out some light in this issue, how can I configure My
samba,
> where I can access other's shared home directory and stop other user
to
> access "/" partition.
>
>
>
>
>
> Below is the output of configuration file. There are 2 conf file ,
> /etc/samba/smb.conf and /usr/samba/lib/smb.conf.NU-DEV0
>
>
>
> Cat  /etc/samba/smb.conf
>
>
>
> # Global parameters
>
> [global]
>
> workgroup = TEST
>
> server string = Test Samba Server
>
> security = share
>
> encrypt passwords = Yes
>
> passwd program = /usr/bin/passwd %u
>
> passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n
>
> max log size = 5000
>
> log level = 2
>
> name resolve order = host
>
> socket options = TCP_NODELAY
>
> #   vfs objects = sgistats
>
> use sendfile = No
>
> max xmit = 65535
>
> strict locking = no
>
> printcap name = lpstat -t
>
> os level = 0
>
> oplocks = No
>
> kernel oplocks = No
>
> level2 oplocks = No
>
> preferred master = No
>
> local master = No
>
> domain master = No
>
> dns proxy = No
>
> comment = Samba %v
>
> guest account = guest
>
> #WARNING: The "printer admin" option is deprecated
>
> #   printer admin = lp
>
> printing = bsd
>
> print command = /usr/samba/bin/sambalp %p %s %U %m
>
> #   dmapi support = yes
>
>
>
> smb passwd file =
> /usr/samba/dmf/journals/.samba/CAENFS/private/smbpasswd
>
> private dir = /usr/samba//dmf/journals/.samba/CAENFS/private
>
> log file = /usr/samba/dmf/journals/.samba/CAENFS/log/log.%m
>
> #lock dir = /usr/samba/dmf/journals/.samba/CAENFS/locks
>
> #pid directory = /dmf/journals/.samba/CAENFS/locks
>
> #bind interfaces only = yes
>
> netbios name = nu-dev0
>
> #interfaces = 143.5.145.55/255.255.255.192
>
> include=/usr/samba/lib/smb.conf.%L
>
>
>
> include=/usr/samba/lib/smb.conf.%L is  opening a file called
> /usr/samba/lib/smb.conf.NU-DEV0
>
>
>
> cat /usr/samba/lib/smb.conf.NU-DEV0
>
>
>
> [homes]
>
> comment = Home Directories
>
> read only = No
>
> max connections = 5
>
> browseable = YES
>
>
>
>
>
> [temp]
>
> comment = test temp dirctory
>
> path = /temp
>
> admin users = bf6364, be9532
>
> #write list = be9532
>
> #   browseable = Yes
>
> read only = No
>
>
>
>
>
>
>
>
>
> Thanks
>
> Gurjit Dhillon
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

I would try to add
path = /usr/home
into [home] section

or some reason it's likely your implementation of samba is defaulting
path
to
path = /

this could be considered a security breach but... just add path to
the
section and try again





We have the system customized, there are few user whose home directory
is under /corp/home/gurjit or /fem/home/gurjit1 or /family/home/gurjit2.
so I cannot mention path = /home/ 

How can I go about this now ??

Thanks
Gurjit Dhillon



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Solved: [Samba] ldapsam backend for standalone server - is it possible?

[J Xu]

Hi, List,

Now this works, as expected. Top-posted here for a
simple confirmation.

Once I rebooted the samba+ldap server, everything
started working. So maybe it was just cached ldap
indexes together with the cached samba info that
blocked the authentication.

Thanks,

J


--- J Xu <[EMAIL PROTECTED]> wrote:

> 
> --- Volker Lendecke <[EMAIL PROTECTED]>
> wrote:
> 
> > On Thu, May 10, 2007 at 08:58:44PM +1000, Andrew
> > Bartlett wrote:
> > > > 1) I know how to set up a standalone server
> with
> > > > tdbsam backend and I can  setup a ldapsam
> based
> > domain
> > > > controller. Just that I could't get a
> standalone
> > > > server with ldapsam backend.
> > > 
> > > I always hoped this kind of thing would work,
> but
> > I don't
> > > think anybody ever tests it...
> > 
> > Wait a second -- LDAP has nothing to do with DC or
> > not. I
> > would be very suprised if this did not work.
> 
> That is what I had thought. But I just could not get
> it work - always got login failure: no matter how I
> set sambaSID/sambaPrimaryGroupSID values according
> to
> different sambaDomain values; no matter if I deleted
> and recreated secrets.tdb and/or other cached samba
> TDBs in /var/lib/samba directory.
> 
> I am running Debian Etch with samba v3.0.24 by the
> way. I also tried with CentOS v4.4 with samba
> v3.0.10
> to the same error.



  ___ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today 
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: install opt-samba-base on aix 5.3

[Steve Romanow]

Hillel Seltzer wrote:

On Mon, 14 May 2007 14:07:54 -0700 (PDT), Steve Romanow wrote
  

Just to add a little more detail, we tried to install the package
pware.samba-3.0.24 first, thinking it would install its prerequisites.

There is a .toc file in the pwd that seems to be for the 3.0.24, did 
it come from the tar.gz file?


I think it ight be getting in the way of the subsequent attempts to install
pware.base 5.2.2.0




The .toc file was created by installp when you ran it the first time.
Assuming you are in a temp directory, just delete that .toc file.
Untzip and untar the opt-samba-3.0.24-AIX5.tar.gz and opt-samba-base
packages from http://us1.samba.org/samba/ftp/Binary_Packages/AIX/
in the same directory.  Then follow the instructions from the README
file with the "installp -lE -d." and "installp -agYX -d. all" commands.

Hope this helps.
---Hillel

  

Thank You Hillel.  I will try it in the morning.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.25 *breaks* stand alone server, 3.0.24 works fine

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David,

>It looks like 3.0.25 breaks "stand alone/no winbind/no domain"
> servers. This is remeniscent of the 3.0.23b SID/GID problem. 

No user/SID changes like the ones in 3.0.23.  Is
this the first 3.0.25 snapshot you've tested?  If not,
did the others fail similarly?  Standalone servers
worked fine for me prior to release.  So we need
much more information.  Please open a bug an attach
your smb.conf and full level 10 debug log (gzipped)
if possible.  Thanks.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGSQ+4IR7qMdg1EfYRAggeAKCGe0ez3WOp+lP4b32FqR3xm8hxbgCgo8lD
km9OYAsT6MoMTjFT7QoZc7Y=
=BeNx
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Printing and file share problems

[Ivan Arteaga]

Hello List,

I have a samba PDC (3.0.10-1.4E11) running on centos, and 
workstations running WinXP, Vista and Win98 under the 
samba domain. The PDC is also a file and print server; 
everything was working fine but suddenly this morning all 
win98 stations stop printing also couldn’t access a 
database in a share. The XP and Vista works fine.
I checked the samba logs and found these messages ( a lot 
of them…)


[2007/05/14 17:54:40, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/cache/samba/printing/xerox.tdb): rec_read bad 
magic 0x6d732f2f at offset=22048

[2007/05/14 17:54:40, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/cache/samba/printing/xerox.tdb): rec_read bad 
magic 0x6d732f2f at offset=22048
[2007/05/14 17:54:49, 1] 
libsmb/clispnego.c:parse_negTokenTarg(251)

  Failed to parse negTokenTarg at offset 21
[2007/05/14 17:54:50, 0] tdb/tdbutil.c:tdb_log(725)

googled some threats about it but no replies, I will 
appreciate any help about this issue. I don’t know if it 
is smbd related, maybe it went corrupt.


 


Thanks in advance,

--Ivan.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] BUIILTIN accounts with Samba 3.0.24 + LDAP

[Justin Zipperle]

I'm having a problem with BUILTIN accounts on a Samba 3.0.24 PDC with an 
LDAP backend on Ubuntu.  I followed this guide for setting up the server:


http://samba.org/samba/docs/man/Samba-Guide/happy.html

...and everything worked well until I migrated all the user, machine, 
and group accounts from the old domain and the PDC went into production 
this morning.  Once the machine went live, I started to notice that 
there were significant delays when connecting to shares or viewing 
security on files or folders within shares from WinXP Pro SP2 
workstations.  When viewing security, certain builtin accounts (Domain 
Users, Domain Admins, etc) wouldn't resolve to their DisplayNames and 
would instead show the SID...this after much delay.


I've reindexed LDAP w/ slapindex thinking this was part of the problem, 
but it had no effect.  I can see all of the BUILTIN accounts using net 
groupmap list and getent group, but I don't see them with net rpc rights 
list accounts.


Any idea what I may have changed that broke this?

-Justin
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.25 *breaks* stand alone server, 3.0.24 works fine

[Jeremy Allison]

On Mon, May 14, 2007 at 04:00:37PM -0500, david rankin wrote:
> Gerry,
> 
>It looks like 3.0.25 breaks "stand alone/no winbind/no domain" servers. 
> This is remeniscent of the 3.0.23b SID/GID problem. The only thing that 
> jumps out at me is that you can't access your home share and other shares 
> just quit working. Looking at the log files, I see this:
> 
> [2007/05/14 15:24:55, 10] smbd/open.c:share_conflict(389)
>  share_conflict: entry->access_mask = 0x11, entry->share_access = 0x7, 
> entry->private_options = 0x1
> [2007/05/14 15:24:55, 10] smbd/open.c:share_conflict(392)
>  share_conflict: access_mask = 0x81, share_access = 0x3
> [2007/05/14 15:24:55, 10] smbd/open.c:share_conflict(441)
>  share_conflict: [1] am (0x11) & right (0x6) = 0x0
> 
> 
> 
> Nothing else has changed other than installing 3.0.25. "make revert" to 
> 3.0.24 fixes the problem. The log is attached.

No log attached. I can't reproduce any problems here
going against 3.0.25 from Vista. Can you give more
details on how you're reproducing this please ?

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.25 *breaks* stand alone server, 3.0.24 works fine

[david rankin]

Gerry,

   It looks like 3.0.25 breaks "stand alone/no winbind/no domain" servers. 
This is remeniscent of the 3.0.23b SID/GID problem. The only thing that 
jumps out at me is that you can't access your home share and other shares 
just quit working. Looking at the log files, I see this:


[2007/05/14 15:24:55, 10] smbd/open.c:share_conflict(389)
 share_conflict: entry->access_mask = 0x11, entry->share_access = 0x7, 
entry->private_options = 0x1

[2007/05/14 15:24:55, 10] smbd/open.c:share_conflict(392)
 share_conflict: access_mask = 0x81, share_access = 0x3
[2007/05/14 15:24:55, 10] smbd/open.c:share_conflict(441)
 share_conflict: [1] am (0x11) & right (0x6) = 0x0



Nothing else has changed other than installing 3.0.25. "make revert" to 
3.0.24 fixes the problem. The log is attached.




--
David C. Rankin, J.D., P.E.
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: install opt-samba-base on aix 5.3

[Hillel Seltzer]

On Mon, 14 May 2007 14:07:54 -0700 (PDT), Steve Romanow wrote
> Just to add a little more detail, we tried to install the package
> pware.samba-3.0.24 first, thinking it would install its prerequisites.
> 
> There is a .toc file in the pwd that seems to be for the 3.0.24, did 
> it come from the tar.gz file?
> 
> I think it ight be getting in the way of the subsequent attempts to install
> pware.base 5.2.2.0
> 

The .toc file was created by installp when you ran it the first time.
Assuming you are in a temp directory, just delete that .toc file.
Untzip and untar the opt-samba-3.0.24-AIX5.tar.gz and opt-samba-base
packages from http://us1.samba.org/samba/ftp/Binary_Packages/AIX/
in the same directory.  Then follow the instructions from the README
file with the "installp -lE -d." and "installp -agYX -d. all" commands.

Hope this helps.
---Hillel

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba users and group mapping

[simo]

On Mon, 2007-05-14 at 18:13 -0300, Sebastian Firpo wrote:
> HI!, I need to know how Sids numers are generated when I create a user 
> or when I mapped a posix group with a samba group.

Depending on the version of samba generated algorithmically for the
uid/gid or assigned monotonically incrementing an index.

> Could I have a samba group and a samba user with the same SID? Will it 
> bring me problems?

Many, Windows machines will not be able to distinguish between the user
and the group, and neither samba.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: [EMAIL PROTECTED]
http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba users and group mapping

[Sebastian Firpo]

HI!, I need to know how Sids numers are generated when I create a user 
or when I mapped a posix group with a samba group.


Could I have a samba group and a samba user with the same SID? Will it 
bring me problems?


Thank you!
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] RE: install opt-samba-base on aix 5.3

[Steve Romanow]

Just to add a little more detail, we tried to install the package
pware.samba-3.0.24 first, thinking it would install its prerequisites.

There is a .toc file in the pwd that seems to be for the 3.0.24, did it come
from the tar.gz file?

I think it ight be getting in the way of the subsequent attempts to install
pware.base 5.2.2.0

[EMAIL PROTECTED] /tmp/samba # cat .toc
0 051419552207 2
pware.samba-3.0.24.3.0.24.0.bff 4 R I pware.samba-3.0.24 {
pware.samba-3.0.24.rte 03.00.0024. 1 N U en_US Samba 3.0.24
[
*prereq pware.base.rte 5.2.0.0
*prereq pware.libiconv.rte 1.9.2.0
*prereq pware.openldap.rte 2.3.27.0
*prereq pware.MIT-krb5.rte 1.4.4.1
*prereq pware.cyrus-sasl.rte 2.1.22.0
*prereq pware.gcc-shared-libs.rte 4.1.1.0
%
/opt/pware/samba/3.0.24 8
/opt/pware/samba/3.0.24/bin 101648
/opt/pware/samba/3.0.24/examples 40
/opt/pware/samba/3.0.24/examples/LDAP 184
/opt/pware/samba/3.0.24/examples/LDAP/smbldap-tools-0.9.2 544
/opt/pware/samba/3.0.24/examples/LDAP/smbldap-tools-0.9.2/doc 520
/opt/pware/samba/3.0.24/examples/LDAP/smbldap-tools-0.9.2/doc/html 384
/opt/pware/samba/3.0.24/examples/VFS 176
/opt/pware/samba/3.0.24/examples/auth 16
/opt/pware/samba/3.0.24/examples/auth/crackcheck 16
/opt/pware/samba/3.0.24/examples/autofs 8
/opt/pware/samba/3.0.24/examples/dce-dfs 16
/opt/pware/samba/3.0.24/examples/libmsrpc 0
/opt/pware/samba/3.0.24/examples/libmsrpc/cacusermgr 112
/opt/pware/samba/3.0.24/examples/libmsrpc/test 56
/opt/pware/samba/3.0.24/examples/libmsrpc/test/lsa 80
/opt/pware/samba/3.0.24/examples/libmsrpc/test/reg 96
/opt/pware/samba/3.0.24/examples/libmsrpc/test/sam 96
/opt/pware/samba/3.0.24/examples/libmsrpc/test/smbc_test 8
/opt/pware/samba/3.0.24/examples/libmsrpc/test/svcctl 24
/opt/pware/samba/3.0.24/examples/libsmbclient 192
/opt/pware/samba/3.0.24/examples/libsmbclient/smbwrapper 296
/opt/pware/samba/3.0.24/examples/logon 0
/opt/pware/samba/3.0.24/examples/logon/genlogon 8
/opt/pware/samba/3.0.24/examples/logon/mklogon 40
/opt/pware/samba/3.0.24/examples/logon/ntlogon 56
/opt/pware/samba/3.0.24/examples/misc 136
/opt/pware/samba/3.0.24/examples/nss 32
/opt/pware/samba/3.0.24/examples/pam_winbind 8
/opt/pware/samba/3.0.24/examples/pdb 32
/opt/pware/samba/3.0.24/examples/perfcounter 128
/opt/pware/samba/3.0.24/examples/printer-accounting 48
/opt/pware/samba/3.0.24/examples/printing 168
/opt/pware/samba/3.0.24/examples/scripts 0
/opt/pware/samba/3.0.24/examples/scripts/debugging 0
/opt/pware/samba/3.0.24/examples/scripts/debugging/linux 8
/opt/pware/samba/3.0.24/examples/scripts/debugging/solaris 16
/opt/pware/samba/3.0.24/examples/scripts/eventlog 8
/opt/pware/samba/3.0.24/examples/scripts/printing 0
/opt/pware/samba/3.0.24/examples/scripts/printing/cups 16
/opt/pware/samba/3.0.24/examples/scripts/shares 0
/opt/pware/samba/3.0.24/examples/scripts/shares/perl 8
/opt/pware/samba/3.0.24/examples/scripts/shares/python 104
/opt/pware/samba/3.0.24/examples/scripts/wins_hook 16
/opt/pware/samba/3.0.24/examples/tridge 48
/opt/pware/samba/3.0.24/examples/validchars 64
/opt/pware/samba/3.0.24/include 376
/opt/pware/samba/3.0.24/lib 20840
/opt/pware/samba/3.0.24/lib/auth 544
/opt/pware/samba/3.0.24/lib/charset 1072
/opt/pware/samba/3.0.24/lib/idmap 1168
/opt/pware/samba/3.0.24/lib/pdb 0
/opt/pware/samba/3.0.24/lib/rpc 0
/opt/pware/samba/3.0.24/lib/security 600
/opt/pware/samba/3.0.24/lib/vfs 6200
/opt/pware/samba/3.0.24/private 0
/opt/pware/samba/3.0.24/sbin 37280
/opt/pware/samba/3.0.24/share 0
/opt/pware/samba/3.0.24/share/man 0
/opt/pware/samba/3.0.24/share/man/man1 304
/opt/pware/samba/3.0.24/share/man/man5 576
/opt/pware/samba/3.0.24/share/man/man7 32
/opt/pware/samba/3.0.24/share/man/man8 304
/opt/pware/samba/3.0.24/swat 0
/opt/pware/samba/3.0.24/swat/help 24
/opt/pware/samba/3.0.24/swat/help/Samba3-ByExample 3432
/opt/pware/samba/3.0.24/swat/help/Samba3-ByExample/images 3120
/opt/pware/samba/3.0.24/swat/help/Samba3-Developers-Guide 680
/opt/pware/samba/3.0.24/swat/help/Samba3-HOWTO 6168
/opt/pware/samba/3.0.24/swat/help/Samba3-HOWTO/images 2552
/opt/pware/samba/3.0.24/swat/help/manpages 1784
/opt/pware/samba/3.0.24/swat/images 80
/opt/pware/samba/3.0.24/swat/include 16
/opt/pware/samba/3.0.24/swat/js 0
/opt/pware/samba/3.0.24/swat/lang 0
/opt/pware/samba/3.0.24/swat/lang/ja 0
/opt/pware/samba/3.0.24/swat/lang/ja/help 16
/opt/pware/samba/3.0.24/swat/lang/ja/images 0
/opt/pware/samba/3.0.24/swat/lang/ja/include 0
/opt/pware/samba/3.0.24/swat/lang/ja/js 0
/opt/pware/samba/3.0.24/swat/lang/tr 0
/opt/pware/samba/3.0.24/swat/lang/tr/help 16
/opt/pware/samba/3.0.24/swat/lang/tr/images 64
/opt/pware/samba/3.0.24/swat/lang/tr/include 0
/opt/pware/samba/3.0.24/swat/lang/tr/js 0
/opt/pware/samba/3.0.24/swat/using_samba 3592
/opt/pware/samba/3.0.24/swat/using_samba/figs 5408
/opt/pware/samba/3.0.24/var 0
/opt/pware/samba/3.0.24/var/locks 0
/usr/lib/objrepos 819
INSTWORK 528 528
LAF/usr/swlag/en_US/pware.la 8
LAR/usr/swlag/en_US/pware.la 0
%
%
%
]
}
-- 
To unsubscribe from this list go to the following URL 

[Samba] install opt-samba-base on aix 5.3

[Steve Romanow]

I am trying to install samba 3.0.24 on aix 5.3.  I have downlaoded the binaries
from samba.org and I am using the directions found at:

http://us4.samba.org/samba/ftp/Binary_Packages/AIX/

The directions dont specify installing the base.  WHen I try to install the
pware 3.0.24, it fails due to required packages missing.  

I do not see a way to get opt-samba-base installed.

Included below is the preview from installp of the install from /tmp/samba


[EMAIL PROTECTED] /tmp/samba # installp -lE -d.

***

installp PREVIEW:  installation will not actually occur.

***

 

+-+

Pre-installation Verification...

+-+

Verifying selections...done

Verifying requisites...done

Results...

 

FAILURES



  Filesets listed in this section failed pre-installation verification

  and will not be installed.

 

  Requisite Failures

  --

  SELECTED FILESETS:  The following is a list of filesets that you asked to

  install.  They cannot be installed until all of their requisite filesets

  are also installed.  See subsequent lists for details of requisites.

 

pware.samba-3.0.24.rte 3.0.24.0   # Samba 3.0.24

 

  MISSING REQUISITES:  The following filesets are required by one or more

  of the selected filesets listed above.  They are not currently installed

  and could not be found on the installation media.

 

pware.MIT-krb5.rte 1.4.4.1# Fileset Update

pware.base.rte 5.2.0.0# Base Level Fileset

pware.cyrus-sasl.rte 2.1.22.0 # Base Level Fileset

pware.gcc-shared-libs.rte 4.1.1.0 # Base Level Fileset

pware.libiconv.rte 1.9.2.0# Base Level Fileset

pware.openldap.rte 2.3.27.0   # Base Level Fileset

 

  << End of Failure Section >>

 

FILESET STATISTICS

--

1  Selected to be installed, of which:

1  FAILED pre-installation verification

  

0  Total to be installed

 

**

End of installp PREVIEW.  No apply operation has actually occurred.

**


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Method for binding Swat to a certain IP address?

[Volker Lendecke]

On Mon, May 14, 2007 at 09:22:48PM +0200, Peter Pfannenschmid wrote:
> we are running a server with a NIC which has been assigned multiple IP
> addresses. If we start Swat on this machine (via inetd), it will listen
> on all IP adresses on port 901.
> 
> Is there a method to restrict Swat to listening on only one of these
> addresses?

Use xinetd.

Volker


pgpmBvrMUDAto.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Method for binding Swat to a certain IP address?

[Peter Pfannenschmid]

Dear list,

we are running a server with a NIC which has been assigned multiple IP
addresses. If we start Swat on this machine (via inetd), it will listen
on all IP adresses on port 901.

Is there a method to restrict Swat to listening on only one of these
addresses?

Thank you very much,

Peter

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 4 and OpenLDAP (and other LDAP servers)

[Alex Crow]

All, devels,

I would like to put in a request the those working on Samba 4 - at our
company, we already have a significant investment in Samba 3 and
OpenLDAP - LDAP is our primary authentication backend, controls access
and configuration of our email infrastructure, and we have written many
scripts and web applications that use OpenLDAP, not least of which is an
automated user account request (by HR) approval and creation system (by
IT). We have even applied for our own unique OID to add our own schemas
to the LDAP namespace.

It would be rather frustrating if we were to have to give this up to
support the many wonderful things that Samba 4 will bring, most
important of which for us would be fully integrated Kerberos and Group
Policy objects. I have seen on the roadmap that it is being considered
to provide support for external LDAP servers in 4; I'd urge that it is
an absolute necessity, not only for OpenLDAP users, but for those using
products from Novell, Sun, Netscape etc in a current production
environment.

I also realise there is another approach, ie that of using delegation to
other LDAP servers, but I'd love to know what the current state of
thinking is for v4.

Cheers

Alex

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] UNIX vs. AD group permissions

[David Pullman]

We've just built a RHEL 5 ES server to test the issues we've been having 
with group permissions since 3.0.23 (re: 3.0.23d UNIX vs. AD group 
permissions) and we found we have the same issue with the Redhat built 
rpm of version 3.0.23c.


The following is the ldap and winbind portion of our smb.conf, the same 
as used on our current Solaris production servers:


   # ldap settings
   ldap admin dn = cn=ldapmaster,dc=mel,dc=nist,dc=gov
   idmap backend = ldap:ldap://ldap1.mel.nist.gov
   ldap idmap suffix = ou=Idmap
   ldap suffix = dc=mel,dc=nist,dc=gov

   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   winbind use default domain = no
   winbind trusted domains only = yes

We don't allocate uids or gids with this setup, only map the sids so 
that a user can work with ACLs on the Windows workstations.  (The NIS 
uids and gids are handed out from a superior database to ensure common 
account ids across labs with no common authentication system.)


We have all usernames manually the same in NIS and in AD, and we don't 
have any groups in AD.  The UNIX file system permissions have always 
worked before 3.0.23, specifically if you are a member of a group in NIS 
then you can access the files and directories on the SAMBA server from a 
Windows AD workstation.


Since 3.0.23, if winbind is running, the SAMBA server will get a list of 
groups from AD and not from NIS.  If winbind is not running, it gets the 
list of groups from NIS.  We don't maintain groups in AD, so any shared 
directories will not allow group members.


I think I've checked all of the release notes and the updated man pages 
and while there are lots of changes in the 3.0.23 to 3.0.25 versions, I 
can't find anything that indicates this should be happening.  I'd be 
glad to create level 10 logs to show what's happening (as I did in the 
previous posts and the bugzilla entry 4348).


If anyone has any suggestions I'd greatly appreciate it.  We're still 
running 3.0.14 and can't update production until we can sort this out.


--
David Pullman

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Step by Step guide: Samba + Ldap backend

[Alex Crow]

Aaron,

The best has to be to follow the "Samba 3 by Example" guide on the
samba.org website. You can also get a dead-tree version, I think it's
now on the second edition.

The section dealing with starting with an LDAP backend is, I believe,
entitled "Making Happy Users".

Cheers

Alex

On Mon, 2007-05-14 at 12:48 -0500, Aaron Souza wrote:
> All,
> 
> I've looked around and cannot find an easy way to set up samba with an ldap
> server. I have a working ldap server (email and other systems use it) and
> I'd love to use that as our authentication backend to samba, so users just
> have one name/password combination.
> 
> Can anyone link me to a good samba + ldap howto?
> 
> Thanks,
> 
> ~ Aaron

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Step by Step guide: Samba + Ldap backend

[Aaron Souza]

All,

I've looked around and cannot find an easy way to set up samba with an ldap
server. I have a working ldap server (email and other systems use it) and
I'd love to use that as our authentication backend to samba, so users just
have one name/password combination.

Can anyone link me to a good samba + ldap howto?

Thanks,

~ Aaron
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] A new user with a strange problem

[james LeSage]

I am new user of samba and I'm running in a non standard environment. I
would presume that this is a pilot error.

I'm running Red Hat Fedora 4 Linux on Microsoft's Virtual PC on my laptop
running Windows XP. I have a samba share (/tmp) on the vPC on Linux that is
visible/mountable on laptop.

The problem is:
using 'cp' and/or 'mv' on files in the samba share are not viewable from in
an XP explorer window (even after several minutes, refreshing, rebooting,
'touch'-ing the file on Linux, restarting smbd on linux, setting permissions
equivalent to visible files etc).  If I cp or mv a dir-tree on the samba
share on Linux, the directories in the directory tree are immediately
visible on Windows, the files in the directories are not visible.

I can edit (vim) a Windows visible file in the samba share on Linux and the
change is viewable on Windows and the reverse is also true.

I can also 'rm' a Windows visible file in the samba share on Linux and the
file is deleted from the Windows view.

I looked at the smbd and nmbd logs and I don't see any errors. My
smb.confis very simple and testparm doesn't report any errors. I've
included my
smb.conf below.  The share in question is [tmp].

I went through the Samba recommended debugging path and while things aren't
perfect I don't think the imperfections are causing the problem as I do
appear to have bidirectional communication. If anyone has any ideas or input
as next steps or things to check I would appreciate it.

Jim

# Global parameters
[global]
;   server string = RH4VPC
   server string = Samba-Server
   log file = /var/log/samba/%m.log
   max log size = 50
   hide unreadable = no
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   printcap name = /etc/printcap
   dns proxy = No
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   strict sync = Yes
   cups options = raw

[homes]
   comment = Home Directories
   read only = No
   browseable = No

[printers]
   comment = All Printers
   path = /var/spool/samba
   printable = Yes
   browseable = No

[tmp]
   comment = Temporary file space
   path = /tmp
   admin users = jlesage, root
   read only = No
   guest ok = Yes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA on AIX --> nsswitch.conf?

[Urs Golla]

thanks a lot for all the support!

my samba is now running like a dream! :-)

On 5/14/07, Hillel Seltzer <[EMAIL PROTECTED]> wrote:

On Mon, 14 May 2007 10:34:32 +0200, Urs Golla wrote
> nsswitch.conf does not exist on AIX! It works after changing
> /etc/security/user and copying WINBIND etc...
>

On AIX, instead of nsswitch, there is /etc/netsvc.conf.
There is a nice description commented in the default file
installed with AIX.

It is also overriden with the NSORDER environment variable.

---Hillel



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA on AIX --> nsswitch.conf?

[Hillel Seltzer]

On Mon, 14 May 2007 10:34:32 +0200, Urs Golla wrote
> nsswitch.conf does not exist on AIX! It works after changing
> /etc/security/user and copying WINBIND etc...
> 

On AIX, instead of nsswitch, there is /etc/netsvc.conf.
There is a nice description commented in the default file
installed with AIX.

It is also overriden with the NSORDER environment variable.

---Hillel

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.25 Available for Download

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ed Kasky wrote:

> SRPM for redhat is still at 3.0.24-1

I've removed that now.  If you want the SRPM for the patched
tarball, just download and extract
http://www.samba.org/samba/ftp/people/jerry/3.0.24/samba-3.0.24-gc1.tar.gz

Then run:

  $ cd samba-3.0.24-gc1/packaging/RedHat/
  $ sh makerpms.sh

I'm not providing RPMS for RedHat 9 and earlier platforms
any longer.  The demand is just too low.






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGSIdkIR7qMdg1EfYRAoskAJ9uSKJ14U6aduwYbBmMIX8/aYZn9gCg1g0m
eB81iLlbzBXAs8hPLRgDsCQ=
=4hNl
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.25 Available for Download

[Ed Kasky]

At 06:30 AM Monday, 5/14/2007, Gerald (Jerry) Carter wrote -=>

==
Release Announcements
=

This is the first production release of the Samba 3.0.25 code
base and is the version that servers should be run for for all
current bug fixes.





Download Details


Binary packages are available at

http://download.samba.org/samba/ftp/Binary_Packages/


FYI -

SRPM for redhat is still at 3.0.24-1

Ed

. . . . . . . . . . . . . . . . . .
Randomly Generated Quote (1071 of 1221):
To enter one’s own self, it is necessary to go
armed to the teeth.  ~ Paul Valéry

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Microsoft programs overwrite default mask

[Help]

I have a Unix directory with permission set using ACL as follows:
 
# file: testdir
# owner: sftp
# group: student
user::rwx
user:user1:rwx #effective:rwx
user:user2:rwx  #effective:rwx
group::---  #effective:---
mask:rwx
other:---
default:user::rw-
default:user:user1:rwx
default:user:user2:rwx
default:user:sftp:rwx
default:group::---
default:mask:rwx
default:other:---
 
When user1 drops a file - copies it from a directory on the windows machine - 
into this share (testdir), it gets the following permissions:
 
# file: testfile
# owner: user1
# group: student
user::rwx
user:user1:rwx #effective:rw-
user:user2:rwx  #effective:rw-
user:sftp:rwx#effective:rw-
group::---  #effective:---
mask:rw-
other:---

Which is correct.  However, if he uses MS word or Excel and "Save As" directly 
to the testdir share, it gets the following permissions:
 
# file: testfile
# owner: user1
# group: student
user::rwx
user:user1:rwx #effective:-w-
user:user2:rwx  #effective:-w-
user:sftp:rwx#effective:-w-
group::---  #effective:---
mask:-w-
other:---

Which is wrong?
 
I have tried to change samba options, but no luck. The current options are as 
follows:
 
[testdata]
   comment = Transfer area
   browseable = no
   read only = no
   path = /home/sftp/Data
   public = no
   writeable = yes
   inherit permissions = yes
   create mask = 0700
 
   #force create mode = 0660
   #force directory mode = 0770
   #create mask = 
   #directory mask = 
   #force create mode = 0660
   #nt acl support = no
   #security mask = 
   #inherit acls = yes

 
PS. the commented options are some of my tries.
 
Thanks,
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Microsoft programs overwrite default mask

[Help]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] A regression in 3.0.25rc3?

[Alex Crow]

Jerry,

No, the DC is a 64-bit Linux box. The Server 2003 box was required to
provide remote users with terminal services.

Sorry for posting a confusing message.

Did you download my dump file OK?

Many thanks,

Alex

On Mon, 2007-05-14 at 10:17 -0500, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Alex Crow wrote:
> > Jerry,
> > 
> > Any ideas yet? I've reverted my Server 2003 box to 32-bit for now, so
> > it's not so pressing to use 3.0.25.
> 
> So the DC was a 64bit Windows 2003 DC (netbios domain
> IFA_NET, dns domain ifa.net)?  And reverting the DC to
> a 32bit WIndows 2003 DC solved the problem ?  That's odd.
> 
> 
> 
> 
> cheers, jerry
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFGSH2lIR7qMdg1EfYRAl8ZAJ9KFuiQzzA/wuhgBxClaSctwEjfxQCguDK0
> sPg9s4BZp5ymVVJUpooT/tA=
> =bq/R
> -END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] A regression in 3.0.25rc3?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Alex Crow wrote:
> Jerry,
> 
> Any ideas yet? I've reverted my Server 2003 box to 32-bit for now, so
> it's not so pressing to use 3.0.25.

So the DC was a 64bit Windows 2003 DC (netbios domain
IFA_NET, dns domain ifa.net)?  And reverting the DC to
a 32bit WIndows 2003 DC solved the problem ?  That's odd.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGSH2lIR7qMdg1EfYRAl8ZAJ9KFuiQzzA/wuhgBxClaSctwEjfxQCguDK0
sPg9s4BZp5ymVVJUpooT/tA=
=bq/R
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Userrights problem: Samba PDC + OpenLDAP

[Jens Schmidt]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello there,

i have a new problem with my samba :-).

i'd created a new user in the OpenLDAP. Then i joined the Domain and
tried to browse in the homedir of the new user.

Here are the rights under Linux:

[16:27:52] [EMAIL PROTECTED]:~ > ll
total 1.8M
drwxrwx---  7 jens   Domain Users  632 May 14 16:27 .
drwxrwxrwx 15 nobody root  360 May 12 02:15 ..
- -rw---  1 jens   Domain Users  265 May 14 16:27 .Xauthority
- -rwxrwx---  1 jens   Domain Users 1.1K May 13 02:24 .bash_history
- -rwxrwx---  1 jens   Domain Users  382 May 12 02:39 .bash_logout
- -rwxrwx---  1 jens   Domain Users  333 May  9 14:29 .bash_profile
- -rwxrwx---  1 jens   Domain Users 2.4K May 12 02:36 .bashrc
- -rwxrwx---  1 jens   Domain Users  707 May 12 02:38 .inputrc
drwxrwx---  3 jens   Domain Users  144 May  9 14:14 .irssi
- -rwxrwx---  1 jens   Domain Users   35 May 10 00:17 .lesshst
- -rwxrwx---  1 jens   Domain Users  14K May 12 00:07 .linux_changelog
- -rwxrwx---  1 jens   Domain Users 5.5K May 12 15:54 .viminfo
- -rwxrwx---  1 jens   Domain Users  778 May  9 14:12 .vimrc
drwxrwx---  2 jens   Domain Users   48 May  8 20:49 .vmware
drwxrwx---  2 jens   Domain Users   48 May  9 17:06 Mail
drwxr-xr-x  2 jens   Domain Users   48 May 13 01:17 Neuer Ordner
[16:27:54] [EMAIL PROTECTED]:~ >

As you can see, only the Folder called "Neuer Ordner" is r-x for
"others". The Folder called "Mail" isnt readeble for others.

And here is my problem: I cant see the Folder Mail (because of the
Option "hide unreadable = yes" in samba) but i should read it, becaus
iam logged in as "jens". And "jens" is a user of the group "Domain Users":

[16:27:54] [EMAIL PROTECTED]:~ > id
uid=1337(jens) gid=513(Domain Users)
groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),512(Domain
Admins),513(Domain Users)
[16:30:53] [EMAIL PROTECTED]:~ >

So, i think i should read the folder Mail. But i can only see "Neuer
Ordner", because its readable for "others".

Furthermore i created the Folder "Neuer Ordner" over Samba. So, its
created automatically as "jens" and "Domain Users".

This is my Samba Configuration:

[global]

workgroup= JJAGS
netbios name = saphira
server string= JJags Fileserver im Centuri Network

dns proxy= no
wins support = yes

interfaces   = 192.168.1.0/24 eth0
bind interfaces only = true
profile acls = Yes

log file = /var/log/samba/log.%m
max log size = 3000
log level= 2
syslog   = 0
panic action = /usr/share/samba/panic-action %d

passdb backend   = ldapsam:ldap://localhost/
unix password sync   = no
domain logons= yes
local master = yes
preferred master = yes
os level = 64
dos charset  = 850
unix charset = ISO-8859-15
display charset  = ISO-8859-15

time server  = Yes
socket options   = SO_KEEPALIVE IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192

add user script  = /usr/sbin/smbldap-useradd -m '%u'
delete user script   = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script  = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script   = /usr/sbin/smbldap-useradd -w '%u'

logon path   = \\%L\profiles\%U
logon drive  = H:
logon home   = \\%L\%U
logon script = logon.cmd

socket options   = TCP_NODELAY

domain master= yes

ldap suffix  = dc=centuri,dc=lan
ldap admin dn= cn=manager,dc=centuri,dc=lan
ldap user suffix = ou=Users
ldap group suffix= ou=Groups
ldap machine suffix  = ou=Machine
ldap ssl = no
ldap delete dn   = Yes

admin users  = root, Administrator

security = user
encrypt passwords= yes

#ntlm auth= no
#lanman auth  = no
#client ntlmv2 auth   = yes

null passwords   = no
hide unreadable  = yes

hide dot files   = yes

#=== Share Definitions ===

[netlogon]
   comment = Network Logon Service
   path = /var/samba/netlogon
   public = no
   ; guest ok = yes
   writable = no
   share modes = no
   browseable = no

[profiles]
   comment = Users profiles
   path = /var/samba/profiles
   ; guest ok = no
   guest ok = yes
   writeable = yes
   browseable = no
   preserve case = no
   case sensitive = no
   create mask = 0666
   directory mask = 0777
   hide files = /desktop.ini/ntuser.ini/NTUSER.*/
   write list = "@Domain Users" "@Domain Admins"
   default case = lower

[homes]
   comment = Home Directory
   path = /home/%U
   browseable = no
   #valid users = %S
   writable = yes
   #guest ok = no
   #inherit permissions = yes
   #create mask = 0700
   #directory m

Fwd: [Samba] Samba-PDC+LDAP Domain logon problem

[John Drescher]

-- Forwarded message --
From: John Drescher <[EMAIL PROTECTED]>
Date: May 14, 2007 10:33 AM
Subject: Re: [Samba] Samba-PDC+LDAP Domain logon problem
To: Aki Vuorinen <[EMAIL PROTECTED]>


On 5/14/07, Aki Vuorinen <[EMAIL PROTECTED]> wrote:

Hello!

I have Samba with LDAP password backend.
-Logging to shell works with ldap accounts
-Logging to smb-share works with ldap accounts
-Adding computers to domain with (shown in conf. file) and without (manually)
works

But here's my problem:
-Logging to domain with username & passwd doesn't work

When using smbpasswd -file as backend it works

After 3 days of googling I'm quite bored to find help anywhere else. Can anyone
help me with this problem..?


Thanks,
Aki



OS details and conf files:

I'm running:
Debian lenny with 2.6.18-4
Samba 3.0.24
OpenLDAP 2.3.30

---smb.conf:--

[global]
workgroup = 
passdb backend = ldapsam:ldap://127.0.0.1
log level = 1
max xmit = 65535
time server = Yes
deadtime = 15
socket options = TCP_NODELAY IPTOS_LOWDELAY
add machine script = /usr/local/smbldaptools/smbldap-useradd.pl -w "%m"
logon script = logon.bat
logon path = \\%N\profiles\%u
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap suffix = dc=
ldap user suffix = ou=users
dos filetime resolution = Yes

[homes]
read only = No

[netlogon]
path = /home/netlogon
browseable = No

[profiles]
path = /home/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No



You seem to be missing IDEALX entries:

add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"


 passwd program = /opt/IDEALX/sbin/smbldap-passwd -p %n  %u


John


--
John M. Drescher
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Patched 3.0.24 tree for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Folks,

As a small means of community service, I've decided to provide
an unofficial patched version of 3.0.24 (tagged as 3.0.24-gc-1)
to address the CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
security advisories.


The bzr branch is hosted at
  http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/

The source tarball is available from
  http://download.samba.org/samba/ftp/people/jerry/3.0.24/

The Fedora Core 6 RPMS have been uploaded to
  http://download.samba.org/samba/ftp/Binary_Packages/Fedora/

This is it *not* an official release from samba.org and therefore
has been signed with my GPG private key (ID D83511F6).  The
security issues have been officially fixed in Samba 3.0.25
upgrade release.  However, if you don't want to make the jump
to 3.0.25 just yet, this 3.0.24 based snapshot might be just
for you.




cheers, jerry
- --
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian


=
ATTENTION
=

The Samba 3.0.24-gc-X releases are not official samba.org releases.
They are cut from a privately maintained branch which can be found
at http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/
This is done as a service to community to include backported fixes
to the Samba 3.0.24 release in case people do not wish to upgrade.

The 3.0.24-gc-X tree is not an active development tree but rather
a stable release branch similar to the Linux kernel 2.6.xx.yy releases.
My hope is that this will be helpful to some people.

More information about Samba.org official production releases
may be found at http://www.samba.org/.


cheers, jerry
Gerald Carter
<[EMAIL PROTECTED]>


Changes in 3.0.24-gc-1:
- ---

* Merged patches for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
  (More information available at http://www.samba.org/samba/security/)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGSG5jIR7qMdg1EfYRAv6gAJkBEtpnUCe42B+tnhhXrNeFphMQFwCcCok4
d9zV0yubJmUVK4l94WL+FDU=
=axMU
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3 as PDC and hidden folders

[Charles Marcus]

Jason Baker wrote:

However, the "Local Settings" folder and everything within it are
"hidden" folders in Windows, and seem not to get synced with the
server when user logs out of domain.

Is there a way to make this folder sync? Any notable downsides to 
doing so?



What you are referring to is roaming profiles.


Not necessarily - he may be talking about 'Offline Files'...

This is generally not used in a domain except for often disconnected 
users (like laptop users), but it can be...



The Local Settings folder by default does not get saved back to the
server at logout. You can change this however, but it could result in
some minor problems. I have a similar issue running AutoCAD on
workstations that have roaming profiles. I have it set so that the
profile is removed from the workstation at logout. You could probably
get away with leaving the profile on the machines, but that wouldn't
solve your problem if someone wanted to get their mail when logged
into a different workstation. I would find out if there is a way to
move the location of the .pst file in Outlook.


You can, but it is generally not recommended to put it on a network 
share. If we used Outlook, I'd use a Group Policy to place it in a 
folder that does get Synced (whether with Offline Files or a roaming 
Profile).


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
==
== Subject: Multiple Heap Overflows Allow Remote
==  Code Execution
== CVE ID#: CVE-2007-2446
==
== Versions:Samba 3.0.0 - 3.0.25rc3 (inclusive)
==
== Summary: Various bugs in Samba's NDR parsing
==  can allow a user to send specially
==  crafted MS-RPC requests that will
==  overwrite the heap space with user
==  defined data.
==
==

===
Description
===

Various bugs in Samba's NDR parsing can allow a user
to send specially crafted MS-RPC requests that will
overwrite the heap space with user defined data.


==
Patch Availability
==

A patch against Samba 3.0.24 has been posted at

  http://www.samba.org/samba/security/


==
Workaround
==

There is no immediate workaround for this defect that does
not involve changing the server code in the smbd daemon.
The Samba Team always encourages users to run the latest
stable release as a defense against attacks.  If this
is not immediately possible, administrators should read
the "Server Security" documentation found at

  http://www.samba.org/samba/docs/server_security.html


===
Credits
===

This vulnerability was reported to Samba developers by Brian
Schafer, TippingPoint Security Response Lead, as part
of the Zero Day Initiative (http://www.zerodayinitiative.com).

The time line is as follows:

* April 25, 2007: Four individual defects reported to the
  [EMAIL PROTECTED] email alias.
* April 25, 2007: Initial developer response by Samba
  developer Volker Lendecke.
* April 28, 2007: Patches for four defects released by
  Samba developer Jeremy Allison to ZDI for testing.
* May 3, 2007: Fixed confirmed by original reporter.
* May 5, 2007: Fifth defect reported to [EMAIL PROTECTED]
* May 5, 2007: Patches for fifth defects released to ZDI
  for testing by Samba developer Jeremy Allison.
* May 10, Announcement to vendor-sec mailing list
* May 14, 2007: Public announcement of the security issue.



==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGSGSzIR7qMdg1EfYRAnGjAKC/v8xzQWm6vlG1IvD2lhdgeZsbmACeNeSj
8rfmvQ3SFf2I4ef4FPjST1I=
=9DAl
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
==
== Subject: Remote Command Injection Vulnerability
== CVE ID#: CVE-2007-2447
==
== Versions:Samba 3.0.0 - 3.0.25rc3 (inclusive)
==
== Summary: Unescaped user input parameters are passed
==  as arguments to /bin/sh allowing for remote
==  command execution
==
==

===
Description
===

This bug was originally reported against the anonymous calls
to the SamrChangePassword() MS-RPC function in combination
with the "username map script" smb.conf option (which is not
enabled by default).

After further investigation by Samba developers, it was
determined that the problem was much broader and impacts
remote printer and file share management as well.  The root
cause is passing unfiltered user input provided via MS-RPC
calls to /bin/sh when invoking externals scripts defined
in smb.conf.  However, unlike the "username map script"
vulnerability, the remote file and printer management scripts
require an authenticated user session.


==
Patch Availability
==

A patch against Samba 3.0.24 has been posted at

  http://www.samba.org/samba/security/


==
Workaround
==

This defect may be alleviated by removing all defined
external script invocations (username map script, add
printer command, etc...) from smb.conf.

The Samba Team always encourages users to run the latest
stable release as a defense against attacks.  If this
is not immediately possible, administrators should read
the "Server Security" documentation found at

  http://www.samba.org/samba/docs/server_security.html


===
Credits
===

This vulnerability was  discovered by an anonymous researcher
and reported to Samba developers by Joshua J. Drake, iDefense
Labs (http://www.idefense.com/), as part of their Vulnerability
Contributor Program.

The time line is as follows:

* May 7, 2007: Initial defect disclosure to the [EMAIL PROTECTED]
  email alias.
* May 7, 2007: Initial developer response by Samba
  developer Gerald Carter.
* May 9, 2007: Patch released by Samba developer Jeremy
  Allison to iDefense for testing.
* May 10, Announcement to vendor-sec mailing list
* May 14, 2007: Public announcement of the security issue.



==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==






-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGSGTJIR7qMdg1EfYRAvxbAJ9u/3d1CcgDF3hGkh4uiPfWBYN+ugCfcWu3
XWkh9kFpHh9nXttNSHTaZ0M=
=NUTG
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.25 Available for Download

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
  I'm thinking with sand here!
  -- JFK in "Bubba Ho-Tep"
==
Release Announcements
=

This is the first production release of the Samba 3.0.25 code
base and is the version that servers should be run for for all
current bug fixes.

The 3.0.25 release is an upgrade release over the 3.0.23/3.0.24
series which means that a substantial amount of development has
occurred and many new features have been added since the last
Samba production release.  We would like to thank everyone in
the Samba community that help to test the preview snapshots and
release candidates.  We believe that the this production release
is in much better shape due to your help.

Major features included in the 3.0.25 code base include:

  o Significant improvements in the winbind off-line logon support.
  o Support for secure DDNS updates as part of the 'net ads join'
process.
  o Rewritten IdMap interface which allows for TTL based caching and
per domain backends.
  o New plug-in interface for the "winbind nss info" parameter.
  o New file change notify subsystem which is able to make use of
inotify on Linux.
  o Support for passing Windows security descriptors to a VFS
plug-in allowing for multiple Unix ACL implements to running side
by side on the Same server.
  o Improved compatibility with Windows Vista clients including
improved read performance with Linux servers.
  o Man pages for IdMap and VFS plug-ins.

Security Fixes included in the Samba 3.0.25 release are:

  o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation

  o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution

  o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution


Off-line Logons and AD Site Support
===

Winbind's capability to support offline logons has been greatly
improved with the 3.0.25 release including support for locating
domain controllers asynchronously using Active Directory Site
information.


New IdMap Interface for Winbindd


The 3.0.25 release of Samba includes a rewritten IdMap interface
for winbindd which replaces the "idmap backend" parameter.  Please
refer to the "idmap domains" description in the smb.conf(5) man
page for more details.


Dynamic DNS Updates
===

The "net ads join" command is now able to register the host's DNS A
records with Windows 2000 SP4 and 2003 DNS servers.  This
feature must be enabled at compile time using the --with-dnsupdate
when running the ./configure script.  There is also a related "net ads
dns" command for refreshing a host's records which could be launched
from a dhcp client script when a new IP address is obtained.


Support for Additional ACL Modules
==

Samba's POSIX ACL support has been moved inside of the VFS layer
which means it is now possible to support multiple ACL implementations
on the same server including NFSv4 and GPFS ACLs.


VFS ReadAhead Plugin


Windows Vista introduces pipe-lined read support for improved
performance when transferring files.  The new vfs_readahead plugin
allows Linux file servers to utilize additional Kernel buffers
for caching files in order to avoid Disk I/O wait time when serving
Vista clients.  If you experience poor read performance between
Linux servers and Vista clients, please test the vfs_readahead
module by adding the following lines to the share definition
in smb.conf:

[file_share]
vfs objects = readahead

Note that this plugin will result in additional RAM requirements
due to the increased amount of kernel buffer caches used by smbd.
Please refer to vfs_readahead(8) for more information.


Windows Vista, Office 2007, and Offline Files
=

Research surrounding offline files, Windows Vista, and Microsoft
Office 2007 has revealed a incompatibility between these
applications and the "map acl inherit = no" setting in smb.conf.
Users requiring support client side caching (csc) and offline
files are encouraged to enable the "map acl inherit" for any
affected share definitions in the server's configuration.
Future versions of Samba will enable this setting by default.

Please refer to the smb.conf(5) man page for more details on
"map acl inherit".


smb.conf Parameter Changes
==

Please refer to the smb.conf(5) man page for full details.


Parameter Name  Description Default
-

[Samba] [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
==
== Subject: Local SID/Name translation bug can result
==  in user privilege elevation
== CVE ID#: CVE-2007-2444
==
== Versions:Samba 3.0.23d - 3.0.25pre2 (inclusive)
==
== Summary: A bug in the local SID/Name translation
==  routines may potentially result in a user
==  being able to issue SMB/CIFS protocol
==  operations as root.
==
==

===
Description
===

When translating SIDs to/from names using Samba local
list of user and group accounts, a logic error in the
smbd daemon's internal security stack may result in a
transition to the root user id rather than the non-root
user.  The user is then able to temporarily issue SMB/CIFS
protocol operations as the root user.  This window of
opportunity may allow the attacker to establish additional
means of gaining root access to the server.


==
Patch Availability
==

A patch against Samba 3.0.23d/3.0.24 has posted at

  http://www.samba.org/samba/security/


==
Workaround
==

There is no immediate workaround for this defect that does
not involve changing the server code in the smbd daemon.
The Samba Team always encourages users to run the latest
stable release as a defense against attacks.  If this
is not immediately possible, administrators should read
the "Server Security" documentation found at

  http://www.samba.org/samba/docs/server_security.html


===
Credits
===

This vulnerability was reported to Samba developers by Paul
Griffith <[EMAIL PROTECTED]> and Andrew Hogue.  Much thanks
to Paul and Andrew for their cooperation and patience in the
announcement of this defect.  Thanks also to Samba developers
James Peach and Jeremy Allison for the analysis and resolution
of this issue.

The time line is as follows:

* March 20, 2007: Defect first reported to the [EMAIL PROTECTED]
  email alias.
* March 30, 2007: Initial developer response by Gerald Carter.
* April 4, 2007: Patch released to bug reporter for testing.
* April 9, 2007: Fixed confirmed by original reporter.
* May 3, 2007: Announcement to vendor-sec mailing list
* May 14, 2007: Public announcement of the security issue.



==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGR5ZEIR7qMdg1EfYRArriAJ0QPZb9wviwT1nu9FJolpcFZVRYLQCdF8cn
mfmDyI7/7oPuPL04K4NbLUg=
=9g1k
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Fwd: permissions on samba share change automatically

[jan vereecke]

I already sent the mail below to linux-cifs-client, but got no reaction
there. Sorry if this is considered crossposting.

I have a problem executing certain actions on a share, which is shared by a
windows XP Home machine and mounted by a linux machine


First of all some information:

in /etc/fstab
Quote:
//Venus/D_ /mnt/D cifs
users,gid=smb,file_mode=0770,dir_mode=0770,iocharset=iso8859-15,credentials=/etc/samba/credentials
0 0


Venus is a Windows XP home machine, sharing D_ using 'Simple Sharing' (which
as I understand gives rw access to anybody, including guest.)

if I open xterm, I can do

Code:
cd /mnt/D
mkdir test6
ls -ld test* # in previous attempts I had already created the other testx
directories
drwxrwx--- 1 root smb 0 Feb 28 21:50 test3/
drwxrwx--- 1 root smb 0 Feb 28 21:52 test4/
drwxrwx--- 1 root smb 0 Feb 28 21:52 test5/
drwxr-xr-x 2 root smb 0 Feb 28 21:52 test6/
ls -ld test* # I can repeat the command as many times as I want, without the
permissions of test6 being different from 750, although I had expected 770

ls -ld test6
drwxrwx--- 1 root smb 0 Feb 28 21:52 test6/
# WOW, permissions suddenly changed

ls -ld test*
drwxrwx--- 1 root smb 0 Feb 28 21:50 test3/
drwxrwx--- 1 root smb 0 Feb 28 21:52 test4/
drwxrwx--- 1 root smb 0 Feb 28 21:52 test5/
drwxrwx--- 1 root smb 0 Feb 28 21:52 test6/
# and they remain changed as of now !!


I see similar behaviour in thunar (that's how I first found out about this),
where I sometimes could write files in newly created directories or
sometimes not. Specifically, I cannot currently use cp -r to the share.

Anyhow, I believe this must be a problem with the way cifs has been setup.
Can anyone explain what is happening here ?

By the way, in my kernel's .config, I have for kernel 2.6.18
Quote:
#
# Network File Systems
#
CONFIG_NFS_FS=m
CONFIG_NFS_V3=y
# CONFIG_NFS_V3_ACL is not set
# CONFIG_NFS_V4 is not set
# CONFIG_NFS_DIRECTIO is not set
CONFIG_NFSD=m
CONFIG_NFSD_V3=y
# CONFIG_NFSD_V3_ACL is not set
# CONFIG_NFSD_V4 is not set
CONFIG_NFSD_TCP=y
CONFIG_LOCKD=m
CONFIG_LOCKD_V4=y
CONFIG_EXPORTFS=m
CONFIG_NFS_COMMON=y
CONFIG_SUNRPC=m
# CONFIG_RPCSEC_GSS_KRB5 is not set
# CONFIG_RPCSEC_GSS_SPKM3 is not set
CONFIG_SMB_FS=m
CONFIG_SMB_NLS_DEFAULT=y
CONFIG_SMB_NLS_REMOTE="cp850"
CONFIG_CIFS=m
CONFIG_CIFS_STATS=y
# CONFIG_CIFS_STATS2 is not set
# CONFIG_CIFS_XATTR is not set
# CONFIG_CIFS_EXPERIMENTAL is not set
# CONFIG_NCP_FS is not set
# CONFIG_CODA_FS is not set
# CONFIG_AFS_FS is not set
# CONFIG_9P_FS is not set

I saw that permissions are not the only thing that changes. after doing ls
-ld test6, the number immediately after the permissions decreases too.
According to `man ls`, this number indicates the number of links to the
file. From checking with other directories, I understand this number
indicates the number of subdirectories.

FYI, I can mount the same share with mount -t smbfs without the above
problem

The summary: a newly created directory does not show the correct permissions
until the contents of the directory is listed.
How should I mount to get the correct permissions immediately upon creation
of a directory ?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba-PDC+LDAP Domain logon problem

[Aki Vuorinen]

Hello!

I have Samba with LDAP password backend.
-Logging to shell works with ldap accounts
-Logging to smb-share works with ldap accounts
-Adding computers to domain with (shown in conf. file) and without (manually)
works

But here's my problem:
-Logging to domain with username & passwd doesn't work

When using smbpasswd -file as backend it works

After 3 days of googling I'm quite bored to find help anywhere else. Can anyone
help me with this problem..?


Thanks,
Aki



OS details and conf files:

I'm running:
Debian lenny with 2.6.18-4
Samba 3.0.24
OpenLDAP 2.3.30

---smb.conf:--

[global]
workgroup = 
passdb backend = ldapsam:ldap://127.0.0.1
log level = 1
max xmit = 65535
time server = Yes
deadtime = 15
socket options = TCP_NODELAY IPTOS_LOWDELAY
add machine script = /usr/local/smbldaptools/smbldap-useradd.pl -w "%m"
logon script = logon.bat
logon path = \\%N\profiles\%u
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap suffix = dc=
ldap user suffix = ou=users
dos filetime resolution = Yes

[homes]
read only = No

[netlogon]
path = /home/netlogon
browseable = No

[profiles]
path = /home/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ldapi socket

[[EMAIL PROTECTED]]

Hello List,

i was wondering where ubuntu gets its /var/run/ldapi socket from?
I am trying to run samba with "passdb backend = 
ldapsam:ldapi://%2fvar%2frun%2fldapi/"


Any hint or idea is welcome :)

Thanks, Mario
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Transition 3.0.14a-3sarge4 / 3.0.24-6 Performance deterioration

[Johann Zuschlag]

Hi,

we are working for many years with Samba and it was working always very 
smooth. No complaints, no nothing. Well, it still works like a charm, 
but slower. ;-)


But after the transition from Debian Sarge (2.4.27-2-686) to edge 
(2.6.18-4-686) (samba 3.0.14a-3sarge4 to 3.0.24-6) we are suffering from 
a performance deterioration.


We didn't change our smb.conf file, since we didn't have to for the 
Woody / Sarge transition. Of course we started checking it after we 
found this problem. We checked the network, changed the ports on the 
switch. The network chip in the server is an Intel eepro100, so no problem.


Our users are working mainly on one large database file (260MB), so 
oplocks are set to no.

socket options = TCP_NODELAY.
security = user

Access to single files, copying doesn't seem to be slower.

Any hints? Any further information you need?

I can send the whole smb.conf file.

Thanks and regards,

Johann

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] That new user changes password at start first session

[Jason Baker]

It is, but you will need to use LDAP for your password backend.

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 

-BEGIN GEEK CODE BLOCK- 
Version: 3.1

GIT$ d- s: a C++$ LU+++$ P+ L++>L !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

--END GEEK CODE BLOCK--



Ricardo Chamorro wrote:

How apply I, in Samba 3.0.24 with tdbsam backend, that  new user changes the 
password (the passw has been applied by the administrator) in the first 
sessions start, just as in MSWindos? It is this possible one?
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3 as PDC and hidden folders

[Jason Baker]

However, the "Local Settings" folder and everything within it are
"hidden" folders in Windows, and seem not to get synced with the
server when user logs out of domain.

Is there a way to make this folder sync? Any notable downsides to 
doing so?
What you are referring to is roaming profiles. The Local Settings folder 
by default does not get saved back to the server at logout. You can 
change this however, but it could result in some minor problems. I have 
a similar issue running AutoCAD on workstations that have roaming 
profiles. I have it set so that the profile is removed from the 
workstation at logout. You could probably get away with leaving the 
profile on the machines, but that wouldn't solve your problem if someone 
wanted to get their mail when logged into a different workstation. I 
would find out if there is a way to move the location of the .pst file 
in Outlook.


*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 

-BEGIN GEEK CODE BLOCK- 
Version: 3.1

GIT$ d- s: a C++$ LU+++$ P+ L++>L !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

--END GEEK CODE BLOCK--



John Sherling wrote:

I'm running Samba 3.0.10 as a PDC for Win XP Pro (SP2) workstations.
User Outlook .pst files on desktop machines are (obviously) very
important, and must be synced with server at logout for proper backup
(which occurs on server).

I've noticed that said Outlook .pst files are stored on the XP Pro
desktops in a folder called:

"C:\Documents and Settings\\Local Settings\Application
Data\Microsoft\Outlook"

However, the "Local Settings" folder and everything within it are
"hidden" folders in Windows, and seem not to get synced with the
server when user logs out of domain.

Is there a way to make this folder sync? Any notable downsides to 
doing so?


Better to just move the .pst file to a visible folder in the user 
profile?


Would love to hear any best practice advice frmm folks who've done this.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cannot join Win XP SP2 client to domain

[Jason Baker]

When trying to join the client to the domain I get an error message 
that the user does not exist (although connecting to the shares works 
with this username). Furthermore the user has the 
SeMachineAccountPrivilege set. 
I had this same problem. I ended up creating the machine accounts via 
the LDAP Account Manager. I never did figure out why I cannot add a 
machine to the domain through the Windows Network ID Wizard. Have you 
tried to create the machine account manually on the server, and then 
join the machine to the domain?


*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 

-BEGIN GEEK CODE BLOCK- 
Version: 3.1

GIT$ d- s: a C++$ LU+++$ P+ L++>L !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

--END GEEK CODE BLOCK--



Thomas Ußmüller wrote:

Dear all,

I have created two virtual machines on my computer (With Vmware 
5.5.3). One is running SuSE Linux Enterprise Server 10 with Samba 
3.0.22. The other one is runnung a WinXP SP2 client (name: test01).


I can browse the shares of the Samba Server. Furthermore I can connect 
to them with different user names.


When trying to join the client to the domain I get an error message 
that the user does not exist (although connecting to the shares works 
with this username). Furthermore the user has the 
SeMachineAccountPrivilege set.


What might cause this error? I have added the log.test01, log.smbd and 
the smb.conf file.


Hope somebody can help me

Regards
Thomas


log.test01:
---

[2007/05/16 17:51:41, 2] lib/smbldap.c:smbldap_open_connection(724)
  smbldap_open_connection: connection opened
[2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: root
[2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_group_from_ldap()
  init_group_from_ldap: Entry found for group: 512
[2007/05/16 17:51:41, 2] smbd/server.c:exit_server(614)
  Closing connections
[2007/05/16 17:51:41, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded
[2007/05/16 17:51:41, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
  Returning domain sid for domain LTE -> 
S-1-5-21-4205727931-4131263253-1851132061

[2007/05/16 17:51:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
  _samr_create_user: Running the command 
`/usr/local/sbin/smbldap-useradd -w "test01$"' gave 9

[2007/05/16 17:51:42, 2] smbd/server.c:exit_server(614)
  Closing connections

the error message in smbldap-useradd script only means that the 
account has already been created in the LDAP directory (only unix 
attributes are set, no win or samba specific stuff). When deleting the 
user from the directory the message disappears, but nothing else changes.



log.smbd:
-
[2007/05/16 17:51:36, 0] smbd/server.c:main(805)
  smbd version 3.0.22-13.16-SUSE-SLES10 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2006
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
  Processing section "[homes]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
  Processing section "[profiles]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
  Processing section "[netlogon]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
  Processing section "[intranet]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
  Processing section "[literatur]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
  Processing section "[projekte]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
  Processing section "[software]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
  Processing section "[transfer]"
[2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721)
  Processing section "[sekretariat]"
[2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85)
  Unable to connect to CUPS server localhost - Connection refused
[2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85)
  Unable to connect to CUPS server localhost - Connection refused
[2007/05/16 17:51:36, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.1.50 bcast=192.168.1.255 nmask=255.255.255.0
[2007/05/16 17:51:36, 2] 
lib/smbldap_util.c:smbldap_search_domain_info(228)

  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LTE))]
[2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724)
  smbldap_open_connection: connection opened
[2007/05/16 17:51:36, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
  Registered MSG_REQ_POOL_USAGE
[2007/05/16 17:51:36, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724)
  smbldap_open_connection: connection opened
[2007/05/16 17:51:36, 2] pa

Re: [Samba] Cannot connect to NT 4 BDC Server

[Marc-Henri PAMISEUX]

Cybionet a écrit :
> Salut Marc-Henri!  :-)
> 
> Ok the message "A peripheral connected to this system doesn't works"
> mean that the SID of your user/group are not the same of the Domain
> Controller. Check the SID between the result of 'net groupmap list' and
> 'net getlocalsid'.
> 
> Robert
> 

So there is no other idea from this problem ?
What research must i investigate now ?

Regards,

-- 

Marc-Henri PAMISEUX

mél. [EMAIL PROTECTED]
Tél. +33 0 243 020 161

31, rue des closeaux
53240 SAINT JEAN SUR MAYENNE
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: R: [Samba] Fwd: SAMBA on AIX --> nsswitch.conf?

[William Jojo]

 Original message 
>Date: Mon, 14 May 2007 10:34:32 +0200
>From: "Urs Golla" <[EMAIL PROTECTED]>  
>Subject: Re: R: [Samba] Fwd: SAMBA on AIX --> nsswitch.conf?  
>To: "Gianluca Culot" <[EMAIL PROTECTED]>
>Cc: samba@lists.samba.org
>
>nsswitch.conf does not exist on AIX! It works after changing
>/etc/security/user and copying WINBIND etc...
>

Correct. There is no nsswitch.conf. You edit /etc/security/user default stanza 
with:

   SYSTEM=WINBIND
   registry=WINBIND


NEVER change the root entry. You'll always want root to be local in case 
winbindd is non-responsive or have network problems.


>I changed the idmap uid range in my smb.conf and if I now remove the
>winbindd_cache.tdb and winbindd_idmap.tdb (+ restart winbind & samba)
>it says "sid2uid returned an error" in the winbind logfile... "wbinfo
>-i username" does also not work anymore... any idea?
>

The uid ranges should be set before you go production. These mappings are local 
to your AIX machine and represent local uid /gid mappings to remote SID values.

Therefore, whenever you create objects on the local server via WINBIND based 
ids, they will have the uid/gid values assinged and stored in the 
winbind_idmap.tdb.

These values are used to map back to SIDs on the remote host to determine 
access rights and such. When you deleted your tdb, you deleted your map. Once 
in place and in production, guard this file as if it were your child. It's 
contents are precious and should be carried forward when performing upgrades.



Cheers,

Bill
>thanks a lot!
>
>On 5/14/07, Gianluca Culot <[EMAIL PROTECTED]> wrote:
>>
>> > -Messaggio originale-
>> > Da: [EMAIL PROTECTED]
>> > [mailto:[EMAIL PROTECTED]
>> > conto di Urs Golla
>> > Inviato: domenica 13 maggio 2007 10.35
>> > A: samba@lists.samba.org
>> > Oggetto: [Samba] Fwd: SAMBA on AIX --> nsswitch.conf?
>> >
>> >
>> > it works if i create the user xy on AIX.
>> > any ideas?
>> >
>> > -- Forwarded message --
>> > From: Urs Golla <[EMAIL PROTECTED]>
>> > Date: May 13, 2007 9:26 AM
>> > Subject: SAMBA on AIX --> nsswitch.conf?
>> > To: samba@lists.samba.org
>> >
>> >
>> > Hi
>> >
>> > I am still trying to run SAMBA on AIX with "security = ads" and I have
>> > a few questions:
>> >
>> > - on AIX is no such file as /etc/nsswitch.conf --> Do I have to add
>> > the configuration somewhere else?
>> >
>> > - I allways get this "User xy is invalid on this system" if try to map
>> > a share from Windows. What does this mean? Is the user invalid on the
>> > Domain? on AIX? on SAMBA? Is the User known by SAMBA but has no access
>> > rights on this share?
>> >
>> > - Has "security = ads" on AIX ever been tested?
>> >
>> > Any help would be appreciated!!!
>> >
>> > cheers
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/listinfo/samba
>> >
>>
>> Don't think it depends on system...
>> I think you are missing parts in Samab configuration
>>
>> if nsswitch doesn't exist... create it
>>
>> here is mine.
>> passwd: files winbind
>> shadow: files winbind
>> group: files winbind
>>
>> #hosts: db files nisplus nis dns
>> #hosts: files dns wins
>> hosts: files dns
>>
>> # Example - obey only what nisplus tells us...
>> #services: nisplus [NOTFOUND=return] files
>> #networks: nisplus [NOTFOUND=return] files
>> #protocols: nisplus [NOTFOUND=return] files
>> #rpc: nisplus [NOTFOUND=return] files
>> #ethers: nisplus [NOTFOUND=return] files
>> #netmasks: nisplus [NOTFOUND=return] files
>>
>> bootparams: nisplus [NOTFOUND=return] files
>>
>> ethers: db files
>> netmasks: files
>> networks: files dns
>> protocols: db files
>> rpc: files
>> services: files
>>
>> netgroup: files
>>
>> publickey: nisplus
>>
>> automount: files
>> aliases: files nisplus
>>
>>
>>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

R: [Samba] user are able to access "/" partition.

[Gianluca Culot]

> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> conto di Dhillon, Gurjit
> Inviato: lunedi 14 maggio 2007 11.37
> A: samba@lists.samba.org
> Oggetto: [Samba] user are able to access "/" partition.
>
>
> Hi All.
>
>
>
> We have a samba server at our location. We are facing out with some
> issue. User who have the account on the server are able to access "/"
> root access.
>
> I have tried to add an extra line In Home sharing, which is "path = %H",
> this lined solved my issue, but gave other issue. After implementing
> this line under Home share, I am not able to open any other user's home
> directory which is shared to me or have access to open. If I try to
> access other user home, it simply open my own home directory, even the
> directory which I am not author... , I endup opening my own home
> directory instead of getting error.
>
>
>
> Can any one out some light in this issue, how can I configure My samba,
> where I can access other's shared home directory and stop other user to
> access "/" partition.
>
>
>
>
>
> Below is the output of configuration file. There are 2 conf file ,
> /etc/samba/smb.conf and /usr/samba/lib/smb.conf.NU-DEV0
>
>
>
> Cat  /etc/samba/smb.conf
>
>
>
> # Global parameters
>
> [global]
>
> workgroup = TEST
>
> server string = Test Samba Server
>
> security = share
>
> encrypt passwords = Yes
>
> passwd program = /usr/bin/passwd %u
>
> passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n
>
> max log size = 5000
>
> log level = 2
>
> name resolve order = host
>
> socket options = TCP_NODELAY
>
> #   vfs objects = sgistats
>
> use sendfile = No
>
> max xmit = 65535
>
> strict locking = no
>
> printcap name = lpstat -t
>
> os level = 0
>
> oplocks = No
>
> kernel oplocks = No
>
> level2 oplocks = No
>
> preferred master = No
>
> local master = No
>
> domain master = No
>
> dns proxy = No
>
> comment = Samba %v
>
> guest account = guest
>
> #WARNING: The "printer admin" option is deprecated
>
> #   printer admin = lp
>
> printing = bsd
>
> print command = /usr/samba/bin/sambalp %p %s %U %m
>
> #   dmapi support = yes
>
>
>
> smb passwd file =
> /usr/samba/dmf/journals/.samba/CAENFS/private/smbpasswd
>
> private dir = /usr/samba//dmf/journals/.samba/CAENFS/private
>
> log file = /usr/samba/dmf/journals/.samba/CAENFS/log/log.%m
>
> #lock dir = /usr/samba/dmf/journals/.samba/CAENFS/locks
>
> #pid directory = /dmf/journals/.samba/CAENFS/locks
>
> #bind interfaces only = yes
>
> netbios name = nu-dev0
>
> #interfaces = 143.5.145.55/255.255.255.192
>
> include=/usr/samba/lib/smb.conf.%L
>
>
>
> include=/usr/samba/lib/smb.conf.%L is  opening a file called
> /usr/samba/lib/smb.conf.NU-DEV0
>
>
>
> cat /usr/samba/lib/smb.conf.NU-DEV0
>
>
>
> [homes]
>
> comment = Home Directories
>
> read only = No
>
> max connections = 5
>
> browseable = YES
>
>
>
>
>
> [temp]
>
> comment = test temp dirctory
>
> path = /temp
>
> admin users = bf6364, be9532
>
> #write list = be9532
>
> #   browseable = Yes
>
> read only = No
>
>
>
>
>
>
>
>
>
> Thanks
>
> Gurjit Dhillon
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

I would try to add
path = /usr/home
into [home] section

or some reason it's likely your implementation of samba is defaulting path
to
path = /

this could be considered a security breach but... just add path to the
section and try again


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Net command question. Samba 3.0.25 rc3

[Henrik Zagerholm]

Hello list,

I wonder which user flags can be specified when adding users with the  
net command.


The documentation shows:

[RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]

But the user flags are not mentioned anywhere.

Are they implemented?

Regards,
Henrik
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] user are able to access "/" partition.

[Mark Blake-Smith]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Dhillon, Gurjit
Sent: 14 May 2007 10:27
To: samba@lists.samba.org
Subject: [Samba] user are able to access "/" partition.

Hi All.



We have a samba server at our location. We are facing out with some
issue. User who have the account on the server are able to access "/"
root access.

I have tried to add an extra line In Home sharing, which is "path = %H",
this lined solved my issue, but gave other issue. After implementing
this line under Home share, I am not able to open any other user's home
directory which is shared to me or have access to open. If I try to
access other user home, it simply open my own home directory, even the
directory which I am not author... , I endup opening my own home
directory instead of getting error.



Can any one out some light in this issue, how can I configure My samba,
where I can access other's shared home directory and stop other user to
access "/" partition.





Below is the output of configuration file. There are 2 conf file ,
/etc/samba/smb.conf and /usr/samba/lib/smb.conf.NU-DEV0



Cat  /etc/samba/smb.conf



# Global parameters

[global]

workgroup = TEST

server string = Test Samba Server

security = share

encrypt passwords = Yes

passwd program = /usr/bin/passwd %u

passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n

max log size = 5000

log level = 2

name resolve order = host

socket options = TCP_NODELAY

#   vfs objects = sgistats

use sendfile = No

max xmit = 65535

strict locking = no

printcap name = lpstat -t

os level = 0

oplocks = No

kernel oplocks = No

level2 oplocks = No

preferred master = No

local master = No

domain master = No

dns proxy = No

comment = Samba %v

guest account = guest

#WARNING: The "printer admin" option is deprecated

#   printer admin = lp

printing = bsd

print command = /usr/samba/bin/sambalp %p %s %U %m

#   dmapi support = yes



smb passwd file =
/usr/samba/dmf/journals/.samba/CAENFS/private/smbpasswd

private dir = /usr/samba//dmf/journals/.samba/CAENFS/private

log file = /usr/samba/dmf/journals/.samba/CAENFS/log/log.%m

#lock dir = /usr/samba/dmf/journals/.samba/CAENFS/locks

#pid directory = /dmf/journals/.samba/CAENFS/locks

#bind interfaces only = yes

netbios name = nu-dev0

#interfaces = 143.5.145.55/255.255.255.192

include=/usr/samba/lib/smb.conf.%L



include=/usr/samba/lib/smb.conf.%L is  opening a file called
/usr/samba/lib/smb.conf.NU-DEV0



cat /usr/samba/lib/smb.conf.NU-DEV0



[homes]

comment = Home Directories

read only = No

max connections = 5

browseable = YES





[temp]

comment = test temp dirctory

path = /temp

admin users = bf6364, be9532

#write list = be9532

#   browseable = Yes

read only = No









Thanks

Gurjit Dhillon

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba




P Before printing, please think about the environment!
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you are not the named addressee you should not disseminate, distribute or copy 
this e-mail. Please notify the sender immediately by e-mail if you have 
received this e-mail by mistake and delete this e-mail from your system. Any 
views or opinions presented in this email are solely those of the author and do 
not necessarily represent those of Sandicliffe. Employees of Sandicliffe are 
expressly required not to make defamatory statements and not to infringe or 
authorize any infringement of copyright or any other legal right by email 
communications. Any such communication is contrary to company policy and 
outside the scope of the employment of the individual concerned. Sandicliffe 
will not accept any liability in respect of such communication, and the 
employee responsible will be personally liable for any damages or other 
liability arising. No employee or agent is authorized to conclude any binding 
agreement on behalf of Sandicliffe with another party by email without express 
written confirmation by a Director. Sandicliffe accepts no liability for the 
content of this email, or for the consequences of any actions taken on the 
basis of the information provided, unless that information is subsequently 
confirmed in writing. All quotes from Sandicliffe are valid for 30 days 
following the date of email transmission. Finally, the recipient should check 
this email and any attachments for the presence of viruses.

Sandicliffe is a trading name of Sandicliffe Motor Holdings Ltd. registered in 
England and Wales. Company regis

[Samba] user are able to access "/" partition.

[Dhillon, Gurjit]

Hi All.

 

We have a samba server at our location. We are facing out with some
issue. User who have the account on the server are able to access "/"
root access.

I have tried to add an extra line In Home sharing, which is "path = %H",
this lined solved my issue, but gave other issue. After implementing
this line under Home share, I am not able to open any other user's home
directory which is shared to me or have access to open. If I try to
access other user home, it simply open my own home directory, even the
directory which I am not author... , I endup opening my own home
directory instead of getting error.

 

Can any one out some light in this issue, how can I configure My samba,
where I can access other's shared home directory and stop other user to
access "/" partition.

 

 

Below is the output of configuration file. There are 2 conf file ,
/etc/samba/smb.conf and /usr/samba/lib/smb.conf.NU-DEV0

 

Cat  /etc/samba/smb.conf

 

# Global parameters

[global]

workgroup = TEST

server string = Test Samba Server

security = share

encrypt passwords = Yes

passwd program = /usr/bin/passwd %u

passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n

max log size = 5000

log level = 2

name resolve order = host

socket options = TCP_NODELAY

#   vfs objects = sgistats

use sendfile = No

max xmit = 65535

strict locking = no

printcap name = lpstat -t

os level = 0

oplocks = No

kernel oplocks = No

level2 oplocks = No

preferred master = No

local master = No

domain master = No

dns proxy = No

comment = Samba %v

guest account = guest

#WARNING: The "printer admin" option is deprecated

#   printer admin = lp

printing = bsd

print command = /usr/samba/bin/sambalp %p %s %U %m

#   dmapi support = yes

 

smb passwd file =
/usr/samba/dmf/journals/.samba/CAENFS/private/smbpasswd

private dir = /usr/samba//dmf/journals/.samba/CAENFS/private

log file = /usr/samba/dmf/journals/.samba/CAENFS/log/log.%m

#lock dir = /usr/samba/dmf/journals/.samba/CAENFS/locks

#pid directory = /dmf/journals/.samba/CAENFS/locks

#bind interfaces only = yes

netbios name = nu-dev0

#interfaces = 143.5.145.55/255.255.255.192

include=/usr/samba/lib/smb.conf.%L

 

include=/usr/samba/lib/smb.conf.%L is  opening a file called
/usr/samba/lib/smb.conf.NU-DEV0

 

cat /usr/samba/lib/smb.conf.NU-DEV0

 

[homes]

comment = Home Directories

read only = No

max connections = 5

browseable = YES

 

 

[temp]

comment = test temp dirctory

path = /temp

admin users = bf6364, be9532

#write list = be9532

#   browseable = Yes

read only = No

 

 

 

 

Thanks

Gurjit Dhillon

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba + Quotas in Ldap

[pedro amado]

Hello,

I want to know if it is possible to have samba working with Ldap quotas. I
have googled a lot and cant find how to do it.
My samba server is already working with system quotas and authenticating in
Ldap.

tia,
Pedro
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] user are able to access "/" partition.

[Dhillon, Gurjit]

Hi All.

 

We have a samba server at our location. We are facing out with some
issue. User who have the account on the server are able to access "/"
root access.

I have tried to add an extra line In Home sharing, which is "path = %H",
this lined solved my issue, but gave other issue. After implementing
this line under Home share, I am not able to open any other user's home
directory which is shared to me or have access to open. If I try to
access other user home, it simply open my own home directory, even the
directory which I am not author... , I endup opening my own home
directory instead of getting error.

 

Can any one out some light in this issue, how can I configure My samba,
where I can access other's shared home directory and stop other user to
access "/" partition.

 

 

Below is the output of configuration file. There are 2 conf file ,
/etc/samba/smb.conf and /usr/samba/lib/smb.conf.NU-DEV0

 

Cat  /etc/samba/smb.conf

 

# Global parameters

[global]

workgroup = TEST

server string = Test Samba Server

security = share

encrypt passwords = Yes

passwd program = /usr/bin/passwd %u

passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n

max log size = 5000

log level = 2

name resolve order = host

socket options = TCP_NODELAY

#   vfs objects = sgistats

use sendfile = No

max xmit = 65535

strict locking = no

printcap name = lpstat -t

os level = 0

oplocks = No

kernel oplocks = No

level2 oplocks = No

preferred master = No

local master = No

domain master = No

dns proxy = No

comment = Samba %v

guest account = guest

#WARNING: The "printer admin" option is deprecated

#   printer admin = lp

printing = bsd

print command = /usr/samba/bin/sambalp %p %s %U %m

#   dmapi support = yes

 

smb passwd file =
/usr/samba/dmf/journals/.samba/CAENFS/private/smbpasswd

private dir = /usr/samba//dmf/journals/.samba/CAENFS/private

log file = /usr/samba/dmf/journals/.samba/CAENFS/log/log.%m

#lock dir = /usr/samba/dmf/journals/.samba/CAENFS/locks

#pid directory = /dmf/journals/.samba/CAENFS/locks

#bind interfaces only = yes

netbios name = nu-dev0

#interfaces = 143.5.145.55/255.255.255.192

include=/usr/samba/lib/smb.conf.%L

 

include=/usr/samba/lib/smb.conf.%L is  opening a file called
/usr/samba/lib/smb.conf.NU-DEV0

 

cat /usr/samba/lib/smb.conf.NU-DEV0

 

[homes]

comment = Home Directories

read only = No

max connections = 5

browseable = YES

 

 

[temp]

comment = test temp dirctory

path = /temp

admin users = bf6364, be9532

#write list = be9532

#   browseable = Yes

read only = No

 

 

 

 

Thanks

Gurjit Dhillon

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: R: [Samba] Fwd: SAMBA on AIX --> nsswitch.conf?

[Urs Golla]

nsswitch.conf does not exist on AIX! It works after changing
/etc/security/user and copying WINBIND etc...

I changed the idmap uid range in my smb.conf and if I now remove the
winbindd_cache.tdb and winbindd_idmap.tdb (+ restart winbind & samba)
it says "sid2uid returned an error" in the winbind logfile... "wbinfo
-i username" does also not work anymore... any idea?

thanks a lot!

On 5/14/07, Gianluca Culot <[EMAIL PROTECTED]> wrote:


> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> conto di Urs Golla
> Inviato: domenica 13 maggio 2007 10.35
> A: samba@lists.samba.org
> Oggetto: [Samba] Fwd: SAMBA on AIX --> nsswitch.conf?
>
>
> it works if i create the user xy on AIX.
> any ideas?
>
> -- Forwarded message --
> From: Urs Golla <[EMAIL PROTECTED]>
> Date: May 13, 2007 9:26 AM
> Subject: SAMBA on AIX --> nsswitch.conf?
> To: samba@lists.samba.org
>
>
> Hi
>
> I am still trying to run SAMBA on AIX with "security = ads" and I have
> a few questions:
>
> - on AIX is no such file as /etc/nsswitch.conf --> Do I have to add
> the configuration somewhere else?
>
> - I allways get this "User xy is invalid on this system" if try to map
> a share from Windows. What does this mean? Is the user invalid on the
> Domain? on AIX? on SAMBA? Is the User known by SAMBA but has no access
> rights on this share?
>
> - Has "security = ads" on AIX ever been tested?
>
> Any help would be appreciated!!!
>
> cheers
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

Don't think it depends on system...
I think you are missing parts in Samab configuration

if nsswitch doesn't exist... create it

here is mine.
passwd: files winbind
shadow: files winbind
group: files winbind

#hosts: db files nisplus nis dns
#hosts: files dns wins
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: db files
netmasks: files
networks: files dns
protocols: db files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

R: [Samba] Fwd: SAMBA on AIX --> nsswitch.conf?

[Gianluca Culot]

> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> conto di Urs Golla
> Inviato: domenica 13 maggio 2007 10.35
> A: samba@lists.samba.org
> Oggetto: [Samba] Fwd: SAMBA on AIX --> nsswitch.conf?
> 
> 
> it works if i create the user xy on AIX.
> any ideas?
> 
> -- Forwarded message --
> From: Urs Golla <[EMAIL PROTECTED]>
> Date: May 13, 2007 9:26 AM
> Subject: SAMBA on AIX --> nsswitch.conf?
> To: samba@lists.samba.org
> 
> 
> Hi
> 
> I am still trying to run SAMBA on AIX with "security = ads" and I have
> a few questions:
> 
> - on AIX is no such file as /etc/nsswitch.conf --> Do I have to add
> the configuration somewhere else?
> 
> - I allways get this "User xy is invalid on this system" if try to map
> a share from Windows. What does this mean? Is the user invalid on the
> Domain? on AIX? on SAMBA? Is the User known by SAMBA but has no access
> rights on this share?
> 
> - Has "security = ads" on AIX ever been tested?
> 
> Any help would be appreciated!!!
> 
> cheers
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 

Don't think it depends on system...
I think you are missing parts in Samab configuration

if nsswitch doesn't exist... create it

here is mine.
passwd: files winbind
shadow: files winbind
group: files winbind

#hosts: db files nisplus nis dns
#hosts: files dns wins
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: db files
netmasks: files
networks: files dns
protocols: db files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba