Re: [Samba] Endless Password Expiration in 3.0.25
Quoting Jeremy Allison ([EMAIL PROTECTED]): > People who have reported this bug (Endless Password Expiration in > 3.0.25, bugzilla id #4630) can you please let me know if you're > working on 64-bit machines please ? I'm trying to track this > down for 3.0.25a and am working on a theory The bug was also reported in Debian (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425083), though not by the user who reported #4630 in Samba's BTS, and some indices show that our user seems to be running the i386 port of Debian, so non 64-bit. Waiting for his answer, though... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Connection to failed
I have a problem connecting to samba (3.0.24): localhost ~ # smbclient -L desktop -U rh Password: Domain=[DESKTOP] OS=[Unix] Server=[Samba 3.0.24] Sharename Type Comment - --- homes Disk Home Directories dataDisk Daten SuSEDisk SuSE Disk IPC$IPC IPC Service (Desktop (Samba Server 3.0.24)) OJ6110 Printer HP Officejet 6110 rh Disk Home Directories Domain=[DESKTOP] OS=[Unix] Server=[Samba 3.0.24] Server Comment ---- WorkgroupMaster ---- WORKGROUPDESKTOP shows the shares i have created. But if i want to connect with smbclient the following happens: localhost ~ # smbclient //Desktop/rh Password: Domain=[DESKTOP] OS=[Unix] Server=[Samba 3.0.24] Connection to failed 'rh' is a valid user to linux (gentoo) and i have added 'rh' to smbpasswd. This is my smb.conf # smb.conf is the main Samba configuration file. [global] debug level = 0 server string = Desktop (Samba Server %v) netbios name = DESKTOP guest account = root encrypt passwords = yes security = user directory mask = 0777 create mask = 0777 force directory mode = 777 dos filetimes = true os level = 65 time server = yes map to guest= Bad User printcap name = cups use client driver = yes show add printer wizard = yes cups options = raw username map = /etc/samba/smbusers name resolve order = wins host bcast socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8760 interfaces = 192.168.178.21/24 bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 100 log level = 0 guest ok = yes passdb backend = smbpasswd wins support = yes domain master = yes preferred master = yes winbind uid = 1-2 winbind gid = 1-2 veto oplock files = /*.mdb/*.ldb/*.MDB/*.LDB/ getwd cache = yes restrict anonymous = no max protocol = smb2 acl compatibility = winnt server signing = Auto [homes] comment = Home Directories browseable = yes read only = no #inherit permissions = yes guest ok = yes dos filetimes = yes case sensitive = no strict locking = no msdfs proxy = no wide links=yes user=rh [printers] comment = All Printers path = /tmp/spool printable = yes create mask = 0600 browseable = yes read only = no guest ok = yes [SuSE] comment = SuSE Disk path = /mnt/SuSE read only = no guest ok = yes create mask = 777 dos filetimes = yes case sensitive = no strict locking = no msdfs proxy = no user=rh --- On my Windows notebook (Windows Vista Home Premium 6.0) i try to net use x: \\Desktop\rh and get s a systemerror 67 networkname not found Has anyone an idea what goes wrong? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] force group to Unix group in 3.0.25
> Jerry, > >The patch is working fine. I have had it running on the production > machine at work since 12:00 am and there have been no *howls* from the rest > of the minions and I haven't run into any trouble. Guys, I want to double check the patch to 3.0.24 (thanks, Jerry, for it) but I need a test case... Given that I have to coordinate that update with Debian's security team, I better have to be triple secured..:-) However, I still haven't understood what *exactly* is the bug..:-) David, do you have a smb.conf excerpt which I could use for testing this ? signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] roaming profiles for XP RPO Vista 2000 and automounted home directorys
Background on setup Here is some basic background of my setup I have 3 domains setup running over a IPSEC tunnel over the Internet with one PDC BDC and some file servers at each location all running samba (I am sorry I do not have the version number in front of me for samba) from SUSE enterprise 10 using the LDAP backend. There is a trust setup between all the domains and the IPSEC tunnels is setup so I can access it using client software on my laptop even if I am not plugged in to any of the networks. Problem Background on problem I have a Windows 2000 XP PRO and Vista Ultimate client that connect to the domains. The 2000 and XP PRO computers are able to automount my home directory from any of the domains I login to and both use the same roaming profile. But the Vista Ultimate client when I connected that one to the network it created a new profile directory for the same account and added .V2 at the end of the name using that as the location for storing the vista profile. And the vista client does not automount the home directory for any of the domains. But I am able to browse and mount it after I have the desktop up and running. Question Is there a way to make samba use the same roaming profile directory for all 3 type of clients. I have files in my documents folder and other stuff in my profile that I would like to have access to using any of the clients. Also is there a change that needs to be made to vista or samba in order to get vista to automount my home directory. Once again I am sorry I do not have access to the samba version right now and the smb.conf file. It is running the latest version of samba that is automatically installed with SUSE Enterprise 10. I have made no changes to the home shares and the roaming profiles sections of the smb.conf file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] roaming profiles for XP RPO Vista 2000 and automounted home directorys
Background on setup Here is some basic background of my setup I have 3 domains setup running over a IPSEC tunnel over the Internet with one PDC BDC and some file servers at each location all running samba (I am sorry I do not have the version number in front of me for samba) from SUSE enterprise 10 using the LDAP backend. There is a trust setup between all the domains and the IPSEC tunnels is setup so I can access it using client software on my laptop even if I am not plugged in to any of the networks. Problem Background on problem I have a Windows 2000 XP PRO and Vista Ultimate client that connect to the domains. The 2000 and XP PRO computers are able to automount my home directory from any of the domains I login to and both use the same roaming profile. But the Vista Ultimate client when I connected that one to the network it created a new profile directory for the same account and added .V2 at the end of the name using that as the location for storing the vista profile. And the vista client does not automount the home directory for any of the domains. But I am able to browse and mount it after I have the desktop up and running. Question Is there a way to make samba use the same roaming profile directory for all 3 type of clients. I have files in my documents folder and other stuff in my profile that I would like to have access to using any of the clients. Also is there a change that needs to be made to vista or samba in order to get vista to automount my home directory. Once again I am sorry I do not have access to the samba version right now and the smb.conf file. It is running the latest version of samba that is automatically installed with SUSE Enterprise 10. I have made no changes to the home shares and the roaming profiles sections of the smb.conf file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.25 smbclient problem
On Fri, May 18, 2007 at 02:32:02PM -0500, Schaefer Jr, Thomas R. wrote: > I updated all my servers to 3.0.25 early this morning. Everything seems > 100% A-OK except for the most surprising thing, all my Windows and > Macintosh clients, no problems. But I'm having severe difficulty with > the 3.0.25 smbclient. If I use smbclient from 3.0.24 it too can connect > to my 3.0.25 servers without issue. > > Its bizarre. Before I go into it let me say, I've got some 3.0.25 > servers in share level security and the 3.0.25 smbclient CAN connect to > those just fine. > > But, I've got other servers using security = domain and those are the > ones 3.0.25 smbclient can't connect to, in general. Its very very > strange because I've tested with 4 seperate userids. 3 of the userids > will not work using 3.0.25 client period, 1 of them always will, I can't > put my finger on anything that might be different about that 1 userid > but its consistent even to different servers. Again, using 3.0.24 > client I can connect to any of the 3.0.25 servers using any of the 4 > userids no problem. > > So, is this a known issue or should I file a bug report, or any > suggestions on what to try?? I'm guessing this is the uid bug that Jerry fixed yesterday, will be in 3.0.25a. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cups, firefox + acrobat (Getting PJL output)
Hello, I am having a problem when printing pdf files as viewed from firefox/acroread to a samba print share. When I print from firefox, I get PJL output. If I print the very same file directly from Acrobat, the file prints properly. Standard web pages print from firfox just fine. #Sample output [EMAIL PROTECTED] COMMENT MS PCLXL NT DRIVER @PJl JOB NAME ... I can print from firefox/acroread "if" I print directly to the printer and skip samba/cups. I have uncommitted "application/octet..." in mime.types and mime.conv. I have tried setting "cups options = raw" and I still get the same output. Is there something else I could be missing? When I tail cups error_log, I can see that the file is getting filtered when it should not be if I am using 'cups options' correctly. I [18/May/2007:16:10:42 -0700] Adding start banner page "standard" to job 16413. I [18/May/2007:16:10:42 -0700] Adding end banner page "none" to job 16413. I [18/May/2007:16:10:42 -0700] Job 16413 queued on 'hpduplex1' by 'exchtest'. I [18/May/2007:16:10:42 -0700] Started filter /usr/lib64/cups/filter/pstops (PID 24802) for job 16413. I [18/May/2007:16:10:42 -0700] Started backend /usr/lib64/cups/backend/ipp (PID 24803) for job 16413. N [18/May/2007:16:10:42 -0700] [Job 16413] : Print file accepted - job ID 498. I [18/May/2007:16:10:42 -0700] Started filter /usr/lib64/cups/filter/texttops (PID 24804) for job 16413. I [18/May/2007:16:10:42 -0700] Started filter /usr/lib64/cups/filter/pstops (PID 24805) for job 16413. I [18/May/2007:16:10:42 -0700] Started backend /usr/lib64/cups/backend/ipp (PID 24806) for job 16413. N [18/May/2007:16:10:46 -0700] [Job 16413] : Print file accepted - job ID 499. testparm -L samba Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[groups]" Processing section "[public]" Processing section "[projects]" Processing section "[tools]" Processing section "[technology]" Processing section "[schedule]" WARNING: The "printer admin" option is deprecated Processing section "[printers]" Processing section "[print$]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = MONTALVO-US netbios aliases = samba, mserver server string = Montalvo Samba Server security = DOMAIN password server = PDCUS log level = 2 log file = /var/log/samba/%m.log max log size = 50 lpq cache time = 3 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE printcap name = cups cups server = printsrv01 dns proxy = No printer admin = @it, root, kpatton cups options = raw include = /etc/samba/conf.samba [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers write list = @it, root guest ok = Yes ... I am running Samba 3.0.23c any suggestions are appreciated Thanks, Kirk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] win xp home media edition / Samba 3.023c
I have an issue where one client machine (out of 10, the only one running 'xp home media') is being forced off periodically and closing XP's file browser. It seems to be random. My Samba configuration is a simple one -- just sharing files, it is not handling authentication. All other clients work as expected: Log in, for the first time, access as many times as desired after the log in, until you log off. Are there any known issues with 3.23c... and xp home media? thanks! --J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbd spamming centos5 log
I get many of the following messages: "create_builtin_users: failed to create Users" ... "create_builtin_administrators: failed to create Administrators" ... I didn't see these messages in Centos4.4 ... does anyone know what they mean? SELinux is set to permissive mode. ( I also get messages saying that SELinux is interfering with Samba, but I don't see how when it's not supposed to be enforcing anything. ) Thanks! --J. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind - wbinfo -u works, getent passwd only gives local users
David, Did my advice help? I think this should probably go into the "Interdomain Trusts" section of "By Example" as I was banging my head against a brick wall for ages until I realised that you need these args on the *trusting* domain's PDC to be able to log on to the trusted domain (unless you add local accounts on the trusted DC). Thanks Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Endless Password Expiration in 3.0.25
People who have reported this bug (Endless Password Expiration in 3.0.25, bugzilla id #4630) can you please let me know if you're working on 64-bit machines please ? I'm trying to track this down for 3.0.25a and am working on a theory Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind in Win2003 ADS: wbinfo -u works, wbinfo -g does not
With samba 3.0.24 (Debian Etch packages) I joined a Windows 2003 ADS domain. Now wbinfo -u works fine, but wbinfo -g only says: Error looking up domain groups. smb.conf: [global] workgroup = wise realm = wise.vub.ac.be server string = %h server dns proxy = no password server = wisepc1 log file = /var/log/samba/log.%m log level = 10 max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . socket options = TCP_NODELAY winbind use default domain = yes idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash template homedir = /home/%U winbind enum groups = yes winbind enum users = yes This can be found in log: [2007/05/18 19:46:16, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 19 [2007/05/18 19:46:16, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn LIST_GROUPS [2007/05/18 19:46:16, 3] nsswitch/winbindd_group.c:winbindd_list_groups(907) [0]: list groups [2007/05/18 19:46:16, 4] nsswitch/winbindd_group.c:get_sam_group_entries(605) get_sam_group_entries: BUILTIN or local domain; enumerating local groups as well [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105) Attempting to register passdb backend ldapsam [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118) Successfully added passdb backend 'ldapsam' [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105) Attempting to register passdb backend ldapsam_compat [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118) Successfully added passdb backend 'ldapsam_compat' [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105) Attempting to register passdb backend NDS_ldapsam [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118) Successfully added passdb backend 'NDS_ldapsam' [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105) Attempting to register passdb backend NDS_ldapsam_compat [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118) Successfully added passdb backend 'NDS_ldapsam_compat' [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105) Attempting to register passdb backend smbpasswd [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118) Successfully added passdb backend 'smbpasswd' [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(105) Attempting to register passdb backend tdbsam [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:smb_register_passdb(118) Successfully added passdb backend 'tdbsam' [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:make_pdb_method_name(158) Attempting to find an passdb backend to match tdbsam (tdbsam) [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:make_pdb_method_name(179) Found pdb backend tdbsam [2007/05/18 19:46:16, 5] passdb/pdb_interface.c:make_pdb_method_name(190) pdb backend tdbsam has a valid init [2007/05/18 19:46:16, 3] nsswitch/winbindd_group.c:get_sam_group_entries(610) get_sam_group_entries: Failed to enumerate domain local groups! [2007/05/18 19:46:16, 4] nsswitch/winbindd_group.c:get_sam_group_entries(605) get_sam_group_entries: BUILTIN or local domain; enumerating local groups as well [2007/05/18 19:46:16, 3] nsswitch/winbindd_group.c:get_sam_group_entries(610) get_sam_group_entries: Failed to enumerate domain local groups! [2007/05/18 19:46:16, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(430) refresh_sequence_number: WISE time ok [2007/05/18 19:46:16, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: WISE seq number is now 647240 [2007/05/18 19:46:16, 10] nsswitch/winbindd_cache.c:enum_dom_groups(1136) enum_dom_groups: [Cached] - doing backend query for list for domain WISE [2007/05/18 19:46:16, 3] nsswitch/winbindd_ads.c:enum_dom_groups(290) ads: enum_dom_groups [2007/05/18 19:46:16, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/05/18 19:46:16, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1179546374, time is now 1179510376 [2007/05/18 19:46:16, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=4 gave 0 replies [2007/05/18 19:46:16, 1] nsswitch/winbindd_ads.c:enum_dom_groups(339) enum_dom_groups: No groups found [2007/05/18 19:46:16, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(430) refresh_sequence_number: WISE time ok [2007/05/18 19:46:16, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: WISE se
Re: [Samba] 3.0.25 Winbind high CPU usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Lanclos wrote: > Only other things running on this server are bind and apache(rarely > used). > This is our mail fileserver which is connected to a CoRaid. Do you mean main ? Or mail server? > I made the changes as you stated, and cpu usage went > down some .. One process is using about 35% and the > other is at about 15%. > > When I look on the domian controller I see LSASS.EXE > running around 25-40%. How many connections is this box serving at a given time (e.g. how many smbd processes are running)? > I'm courious as to why these entries are showing up: > > [0]: getpwnam offiCeDirEcTOrIes > [0]: getpwnam OFFICeDirEctoriEs > [0]: getpwnam officEdiRECToRIes > [0]: getpwnam officediREcToRIEs > [0]: getpwnam OFFicedIREcToRies > [0]: getpwnam OFfIcEDireCtoRiEs > > > OfficeDirectories is a Share.. Why is winbind running > a getpwnam on a Share name? Winbindd is only trying to service a getpwnam() request. So some applications is running a getpwnam() on different case permutations off the string "officedirectories". This looks like something I would expect from smbd providing the [homes] share and configured with a non-zero value for the "username level" parameter in smb.conf. But I don't see that in your posting. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTgn6IR7qMdg1EfYRAnbhAKDW7026tREVII6r2GmxZDOJKY2KOwCgiPEi UVCBxosKp3q/0Tzu832gdr8= =1E6o -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.0.25 Winbind high CPU usage
Only other things running on this server are bind and apache(rarely used). This is our mail fileserver which is connected to a CoRaid. I made the changes as you stated, and cpu usage went down some .. One process is using about 35% and the other is at about 15%. When I look on the domian controller I see LSASS.EXE running around 25-40%. I'm courious as to why these entries are showing up: [2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam offiCeDirEcTOrIes [2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam OFFICeDirEctoriEs [2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam officEdiRECToRIes [2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam officediREcToRIEs [2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam OFFicedIREcToRies [2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam OFfIcEDireCtoRiEs OfficeDirectories is a Share.. Why is winbind running a getpwnam on a Share name? smb.conf : --- [global] workgroup = WORKGROUP netbios name = dataserver1 netbios aliases = imageserver webshare profiles server string = "" kernel oplocks = yes printcap name = cups load printers = no printing = cups cups options = raw log file = /var/log/samba/smbd-%L.log log level = 1 winbind:4 syslog = 0 max log size = 50 security = ads #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY socket options = TCP_NODELAY IPTOS_LOWDELAY #deadtime = 90 interfaces = lo 10.11.50.1/16 10.10.50.1/16 remote announce = 10.11.255.255 10.10.255.255 local master = yes os level = 65 domain master = yes preferred master = yes name resolve order = wins bcast wins support = yes wins proxy = yes dns proxy = yes idmap domains = WORKGROUP idmap config WORKGROUP: default =yes idmap config WORKGROUP: backend =rid idmap config WORKGROUP: read_only = yes idmap config WORKGROUP: range = 16777216-33554431 idmap alloc config: range = 16777216-33554431 idmap cache time = 1800 idmap negative cache time = 300 winbind offline logon = true winbind nested groups = no winbind enum users = no winbind enum groups = no winbind cache time = 900 template shell = /bin/bash winbind use default domain = yes password server = dc2.ldaf.state.la.us usershare.ldaf.state.la.us print.ldaf.state.la.us agchem.ldaf.state.la.us * realm = LDAF.STATE.LA.US template homedir = /data/HomeDirectories/%U dos filetimes = yes fake directory create times = yes dos filetime resolution = yes veto oplock files = /*.pst/*.PST/ max disk size = 102400 enable privileges = yes deadtime=480 read raw = yes write raw = yes max xmit = 65535 getwd cache = yes include = /etc/samba/smb.conf.%i # There are 3 virtual servers dataserver1 imageserver webshare smb.conf.10.11.50.1 (smb.conf.10.10.50.1 is symlinked to the same file) [global] interfaces = 10.11.50.1 10.10.50.1 bind interfaces only = yes netbios name = dataserver1 server string = winbind use default domain = yes load printers = yes #host dfs = yes [root] path = /data browseable = no writable = yes map acl inherit = yes valid users = @"WORKGROUP\Domain Admins" admin users = @"WORKGROUP\Domain Admins" #vfs object = vscan-clamav #vscan-clamav: config-file = /etc/samba/vscan-clamav.conf [exmail-backup] copy = root path = /data/SharedData/exmail-backup [homes] comment = Home Directories browseable = no writeable = yes inherit acls = yes #inherit owner = yes inherit permissions = yes map acl inherit = yes root preexec = /etc/samba/setup_homedir %S veto files = /.recycle/.webshare/.profile/ #vfs object = recycle full_audit vscan-clamav vfs object = recycle full_audit recycle:repository = .recycle recycle:keeptree = yes recycle:versions = yes recycle:touch = yes recycle:touch_mtime = no #recycle:exclude = *.tmp *.TMP *.temp ~* full_audit:prefix = %m|%u|%S full_audit:success = unlink rename mkdir pwrite rmdir full_audit:failure = pwrite #vscan-clamav: config-file = /etc/samba/vscan-clamav.conf [webshare] copy = homes path = /data/HomeDirectories/%U/.webshare root preexec = /etc/samba/setup_homedir %U map acl inherit = yes [printers] comment = All Printers path = /var/spool/samba browseable = no
[Samba] 3.0.25 smbclient problem
I updated all my servers to 3.0.25 early this morning. Everything seems 100% A-OK except for the most surprising thing, all my Windows and Macintosh clients, no problems. But I'm having severe difficulty with the 3.0.25 smbclient. If I use smbclient from 3.0.24 it too can connect to my 3.0.25 servers without issue. Its bizarre. Before I go into it let me say, I've got some 3.0.25 servers in share level security and the 3.0.25 smbclient CAN connect to those just fine. But, I've got other servers using security = domain and those are the ones 3.0.25 smbclient can't connect to, in general. Its very very strange because I've tested with 4 seperate userids. 3 of the userids will not work using 3.0.25 client period, 1 of them always will, I can't put my finger on anything that might be different about that 1 userid but its consistent even to different servers. Again, using 3.0.24 client I can connect to any of the 3.0.25 servers using any of the 4 userids no problem. So, is this a known issue or should I file a bug report, or any suggestions on what to try?? Thankyou, Tom Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba, wins, netbios
El Viernes, 18 de Mayo de 2007 20:48, Jack Mendez escribió: > I am trying to setup the samba server to ping machines on the network via > the netbios name. > i have the following lines in smb.conf under global > wins support = yes > domain logons = Yes > preferred master = Yes > domain master = Yes > local master = yes > os level = 34 > > my /etc/nsswitch.conf looks like. > hosts: files wins dns As far as I know, network utilities in Windows work with netbios so you can execute the ping command to a machine with his netbios name. Your setup looks well... perhaps your browse list in /var/lib/samba/wins.dat isn't fully populated or has incorrect info. You can try to stop Samba, delete that file and restart it and se how is being populated. -- Asier. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.25 smbclient problem
I updated all my servers to 3.0.25 early this morning. Everything seems 100% A-OK except for the most surprising thing, all my Windows and Macintosh clients, no problems. But I'm having severe difficulty with the 3.0.25 smbclient. If I use smbclient from 3.0.24 it too can connect to my 3.0.25 servers without issue. Its bizarre. Before I go into it let me say, I've got some 3.0.25 servers in share level security and the 3.0.25 smbclient CAN connect to those just fine. But, I've got other servers using security = domain and those are the ones 3.0.25 smbclient can't connect to, in general. Its very very strange because I've tested with 4 seperate userids. 3 of the userids will not work using 3.0.25 client period, 1 of them always will, I can't put my finger on anything that might be different about that 1 userid but its consistent even to different servers. Again, using 3.0.24 client I can connect to any of the 3.0.25 servers using any of the 4 userids no problem. So, is this a known issue or should I file a bug report, or any suggestions on what to try?? Thankyou, Tom Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba, wins, netbios
On Friday 18 May 2007, Jack Mendez wrote: > I added the address of the samba server into the wins configuration tab in > the advanced section of tcp properties in windows xp. When i try to ping > that machine from the samba server, i get unknown host. > i can ping the samba server by netbios name from the xp machine just fine > domain logons work, its just the ping from the samba server thats the > problem. I would also like to b able to ping other machines on the > network from this xp box in question as well. First step is to make sure your XP workstation is registering itself with the WINS server. Take a peek at your wins.dat file to verify. If the system is registered then you can look elsewhere for the problem. I did notice at one point that libnss_wins.so is not built if one specifies --without-winbind. The file is needed for the hosts lookup in WINS even when not using winbind. That's why I think it should always be built. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba, wins, netbios
I am trying to setup the samba server to ping machines on the network via the netbios name. i have the following lines in smb.conf under global wins support = yes domain logons = Yes preferred master = Yes domain master = Yes local master = yes os level = 34 my /etc/nsswitch.conf looks like. hosts: files wins dns I added the address of the samba server into the wins configuration tab in the advanced section of tcp properties in windows xp. When i try to ping that machine from the samba server, i get unknown host. i can ping the samba server by netbios name from the xp machine just fine domain logons work, its just the ping from the samba server thats the problem. I would also like to b able to ping other machines on the network from this xp box in question as well. the samba server is running ubuntu feisty and samba 3.0.24 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] New snapshot of patched 3.0.24 posted
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've posted an updated version of my 3.0.24-gc dev branch to deal with the break in "force group" caused by the CVE-2007-2444 patch and backported the Vista related bug fixes from the Samba patches page. The bzr branch is hosted at http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/ The source tarball is available from http://download.samba.org/samba/ftp/people/jerry/3.0.24/ The Fedora Core 6 RPMS have been uploaded to http://download.samba.org/samba/ftp/Binary_Packages/Fedora/ This is it *not* an official release from samba.org and therefore has been signed with my GPG private key (ID D83511F6). If you don't want to make the jump to 3.0.25 just yet, this 3.0.24 based snapshot might be just for you. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian Changes in 3.0.24-gc-2: - --- * Backport force group fix after applying patch for CVE-2007-2444 * Apply several VIsta related fixes for 3.0.24 from Samba patches page: o security = share and NTLMv2 o Vista Point-n-Print o BUG 4361 - Fix failure when using the Vista backup utility. o BUG 4093 - Fix expansion of the %a smb.conf variable for Vista clients. o BUG 4356 - Fix MS-DFS referrals with Windows Vista clients. o BUG 4188 - Fix for Vista failing to delete directories on a Samba share. Changes in 3.0.24-gc-1: - --- * Merged patches for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447 (More information available at http://www.samba.org/samba/security/) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTe/PIR7qMdg1EfYRApjSAKCxTVQdxBUgRBZ++X0X9FKgw2Nt/ACfVfGx lRu2Y1GT6yED08aQeDkn1TA= =Ffop -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] force group to Unix group in 3.0.25
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: >The patch is working fine. I have had it running on > the production machine at work since 12:00 am and there > have been no *howls* from the rest of the minions > and I haven't run into any trouble. OK. Thanks. I'll push out a new patched 3.0.24 snapshot for people if they don't want to patch on their own. Thanks for testing. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTe9qIR7qMdg1EfYRAmp7AKDzoQmu7GH7akyDdBlZA/HjfsNwYgCg4yb2 oM6eI8lAJSnHrI3prx/da+0= =OOxm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating Samba RPM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dimitri Yioulos wrote: > Hello to all. > > With recent versions of Samba, it seems that I've built the > Samba RPM from source RPM which, in turn. The single RPM > that was created installs samba, winbind, smbclient, > etc. With version 3.0.25, I can't find that source RPM. Yup. I stopped providing support for RedHat 9 and the single RPM specfile in 3.0.25. It was discussed on this list some time ago. You can grab the packaging/RedHat-9 directory fromthe 3.0.24 RPM and and build from that after cleaning up a few things. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTe2xIR7qMdg1EfYRAst4AKClumvJ7wd8GDDk84zNlhrgJCQBlwCfTaDd p98seDcrS1LxD2WJxzo16XY= =bVl3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Werr Access Denied
Hello List, Does anyone have any idea of what this error message means: init_services_keys: key lookup failed (WERR_ACCESS_DENIED) ERROR: failed to setup guest info I am trying to run the latest tp of version 4, the setup did not give me any errors but when I run smbd -i -M single I get this error message. Kind regards Per Qvindesland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] force group to Unix group in 3.0.25
From: "Gerald (Jerry) Carter"
Christian Perrier wrote:
Our bug. I fixed it last night for next week's 3.0.25a release
(http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0).
You can either retest against the SAMBA_3_0_25 svn tree or I
can send you a patch.
Jerry, apparently this bug hits Debian's version in etch as it
appeared after the security fix for CVE-2007-2444. See
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424629
As you certainly know, upgrading the version in etch
to 3.0.25a is out of question, so we need to patch the
3.0.24 version to fix this.
So, if you have the patch handy, we'd be deeply interested.
Ah yeah. I didn't think about that. Attached.
Is there a bug report for this issue in Samba's BTS? I can't
find one.
Note sure. We went back and forth with David Rankin on it
getting the necessary information.
Jerry,
The patch is working fine. I have had it running on the production
machine at work since 12:00 am and there have been no *howls* from the rest
of the minions and I haven't run into any trouble.
--
David C. Rankin, J.D., P.E.
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--
=== modified file 'source/smbd/uid.c'
--- source/smbd/uid.c 2007-05-12 16:45:55 +
+++ source/smbd/uid.c 2007-05-18 17:33:11 +
@@ -151,7 +151,9 @@
char group_c;
BOOL must_free_token = False;
NT_USER_TOKEN *token = NULL;
-
+ int num_groups = 0;
+ gid_t *group_list = NULL;
+
if (!conn) {
DEBUG(2,("change_to_user: Connection not open\n"));
return(False);
@@ -190,14 +192,14 @@
if (conn->force_user) /* security = share sets this too */ {
uid = conn->uid;
gid = conn->gid;
- current_user.ut.groups = conn->groups;
- current_user.ut.ngroups = conn->ngroups;
+ group_list = conn->groups;
+ num_groups = conn->ngroups;
token = conn->nt_user_token;
} else if (vuser) {
uid = conn->admin_user ? 0 : vuser->uid;
gid = vuser->gid;
- current_user.ut.ngroups = vuser->n_groups;
- current_user.ut.groups = vuser->groups;
+ num_groups = vuser->n_groups;
+ group_list = vuser->groups;
token = vuser->nt_user_token;
} else {
DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
@@ -230,8 +232,8 @@
*/
int i;
- for (i = 0; i < current_user.ut.ngroups; i++) {
- if (current_user.ut.groups[i] == conn->gid) {
+ for (i = 0; i < num_groups; i++) {
+ if (group_list[i] == conn->gid) {
gid = conn->gid;
gid_to_sid(&token->user_sids[1], gid);
break;
@@ -243,6 +245,12 @@
}
}
+ /* Now set current_user since we will immediately also call
+set_sec_ctx() */
+
+ current_user.ut.ngroups = num_groups;
+ current_user.ut.groups = group_list;
+
set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
token);
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba3 pdc on freebsd
Hello, I've got further on this but i don't think i'm getting everything. I've not got the add machine script working at all, and the add user to group script which i use pw for, adds the user to one group but if he's already in other groups it removes membership. If anyone has samba3 on a freebsd 5.x or 6.x box i'd love to hear from you. Thanks. Dave. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Creating Samba RPM
Hello to all. With recent versions of Samba, it seems that I've built the Samba RPM from source RPM which, in turn. The single RPM that was created installs samba, winbind, smbclient, etc. With version 3.0.25, I can't find that source RPM. All I can find are source RPMs that create individual RPMs for Samba and each of its components. If I try to create the RPM from source tarball, it needs smbldap-tools-0.9.2.tgz. I DL smbldap-tools-0.9.2a.tgz (the only version available), and try again. No joy until I rename smbldap-tools-0.9.2.tgz to smbldap-tools-0.9.2a.tgz and add lots of perl modules. I try again, and smbldap-tools-0.9.2-1.rpm is created, but the samba RPM isn't. I'm trying this on a CentOS 3.8 box. Sorry for the long and perhaps, somewhat unclear description of my issue. Where might I find the "single install" Samba source RPM? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd breaks after first unsuccessfull authentication
Gerald (Jerry) Carter wrote: # wbinfo -a anyuser%goodpassword plaintext password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc008) error messsage was: Invalid handle I think we fixed this in SVN a long time ago. have you searched through the release notes in 3.02.5 for any clue as to when it was fixed. I have tried, but found nothing on NT_STATUS_INVALID_HANDLE, 0xc008 nor "invalid handle". ok. Something regressed apparently in 3.0.25 and I have another report of this. See the open bug report here: https://bugzilla.samba.org/show_bug.cgi?id=4579. If you can add any additional information, it would be appreciated. Failing winbindd 3.0.24 runs on domain member client. Now I realize that I don't know if the problem is on the client side (all XP workstations work, only this single Samba client), or on the server side. PDC runs Samba 3.0.20, does it matter? Thanks, Janusz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] force group to Unix group in 3.0.25
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christian Perrier wrote:
>> Our bug. I fixed it last night for next week's 3.0.25a release
>> (http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0).
>>
>> You can either retest against the SAMBA_3_0_25 svn tree or I
>> can send you a patch.
>
>
> Jerry, apparently this bug hits Debian's version in etch as it
> appeared after the security fix for CVE-2007-2444. See
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424629
>
> As you certainly know, upgrading the version in etch
> to 3.0.25a is out of question, so we need to patch the
> 3.0.24 version to fix this.
>
> So, if you have the patch handy, we'd be deeply interested.
Ah yeah. I didn't think about that. Attached.
> Is there a bug report for this issue in Samba's BTS? I can't
> find one.
Note sure. We went back and forth with David Rankin on it
getting the necessary information.
cheers, jerry
=
Samba--- http://www.samba.org
Centeris --- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGTeSIIR7qMdg1EfYRAoygAJ9zPh6jIMt5ri9UzuNLtEgiiDekHQCgndPF
DyDNcagDKoir8QjGfBZPY1o=
=w3wZ
-END PGP SIGNATURE-
=== modified file 'source/smbd/uid.c'
--- source/smbd/uid.c 2007-05-12 16:45:55 +
+++ source/smbd/uid.c 2007-05-18 17:33:11 +
@@ -151,7 +151,9 @@
char group_c;
BOOL must_free_token = False;
NT_USER_TOKEN *token = NULL;
-
+ int num_groups = 0;
+ gid_t *group_list = NULL;
+
if (!conn) {
DEBUG(2,("change_to_user: Connection not open\n"));
return(False);
@@ -190,14 +192,14 @@
if (conn->force_user) /* security = share sets this too */ {
uid = conn->uid;
gid = conn->gid;
- current_user.ut.groups = conn->groups;
- current_user.ut.ngroups = conn->ngroups;
+ group_list = conn->groups;
+ num_groups = conn->ngroups;
token = conn->nt_user_token;
} else if (vuser) {
uid = conn->admin_user ? 0 : vuser->uid;
gid = vuser->gid;
- current_user.ut.ngroups = vuser->n_groups;
- current_user.ut.groups = vuser->groups;
+ num_groups = vuser->n_groups;
+ group_list = vuser->groups;
token = vuser->nt_user_token;
} else {
DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
@@ -230,8 +232,8 @@
*/
int i;
- for (i = 0; i < current_user.ut.ngroups; i++) {
- if (current_user.ut.groups[i] == conn->gid) {
+ for (i = 0; i < num_groups; i++) {
+ if (group_list[i] == conn->gid) {
gid = conn->gid;
gid_to_sid(&token->user_sids[1], gid);
break;
@@ -243,6 +245,12 @@
}
}
+ /* Now set current_user since we will immediately also call
+ set_sec_ctx() */
+
+ current_user.ut.ngroups = num_groups;
+ current_user.ut.groups = group_list;
+
set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
token);
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba breaks after upgrading to 3.0.24
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wu Yinghui, Freddie wrote: > When I run "smbclient //myhost/myshare -U myid", it shows this: > Password: > Domain=[MYHOST] OS=[Unix] Server=[Samba 3.0.24] > Connection to ���▒v�� failed > > (The garbled error message shows up as slightly different mixture of > unreadable characters on each run of samba. But the message is not > readable at all times.) Haven't seen that one before. Sounds like misconfigured unix charset and LOCALE setting perhaps. > > log.myhost shows this: > > [2007/05/16 22:30:59, 0] auth/auth_util.c:create_builtin_administrators(785) > create_builtin_administrators: Failed to create Administrators > [2007/05/16 22:30:59, 0] auth/auth_util.c:create_builtin_users(751) > create_builtin_users: Failed to create Users If you are not running winbindd. this is normal. The log msgs were cleaned up post 3.0.24. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTeMCIR7qMdg1EfYRAs38AJ41sA7pA+XSynUVnQuffpJY/Tzo+gCg2Ykr 78iA4pr+AtQLymsazRtMvYE= =VpsV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba shares OK- but only after 'getent passwd' ?
Hi there, I have just configured Samba on a new server and Im having a bit of trouble with it - after it boots, it dosn't want to share until I've issued the 'getent passwd' command...? Otherwise, it appears to be running fine; 'wbinfo -g' and -u are showing the correct info (that is, the same as 'getent...' ) Anyone have any idea why this could be? Thanks, Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] force group to Unix group in 3.0.25
> Our bug. I fixed it last night for next week's 3.0.25a release > (http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0). > > You can either retest against the SAMBA_3_0_25 svn tree or I > can send you a patch. Jerry, apparently this bug hits Debian's version in etch as it appeared after the security fix for CVE-2007-2444. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424629 As you certainly know, upgrading the version in etch to 3.0.25a is out of question, so we need to patch the 3.0.24 version to fix this. So, if you have the patch handy, we'd be deeply interested. Is there a bug report for this issue in Samba's BTS? I can't find one. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.25 Winbind high CPU usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Lanclos wrote: > I just upgraded from 3.0.23d to 3.0.25 and I'm noticing that winbind is > chewing up a lot of CPU usage. > > There are always 2 winbindd processes and one uses about 80% cpu and the > other use 15% cpu. > > When I run a tcpdump and look at the traffic going to/from the domain > controller winbindd is connected to, there is a constant flow of > traffic. > > > Here is the winbind setup from my smb.conf file: > >#idmap uid = 16777216-33554431 >#idmap gid = 16777216-33554431 >allow trusted domains = no >#idmap backend = idmap_rid:WORKGROUP=16777216-33554431 >idmap alloc backend = tdb > >idmap domains = WORKGROUP >idmap config WORKGROUP: default =yes >idmap config WORKGROUP: backend =rid >idmap config WORKGROUP: read_only = yes >idmap config WORKGROUP: range = 16777216-33554431 >idmap alloc config: range = 16777216-33554431 > >winbind offline logon = true >winbind nested groups = no >winbind enum users = yes >winbind enum groups = yes >winbind cache time = 900 First I would disable thwe winbindd enum users/group options. Second, you might want to push the "idmap cache time" and "idmap negative cache time" value up from their default values. Finally, I have it on my TODO list to move the winbindd and idmap cache managers into the main winbindd proces so we don't have to cross process boundaries unless we actually hitting the backend (i.e. xpired cache entries). Can you give me a better idea of what is going on in smbd and other applications running on the server? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTd1MIR7qMdg1EfYRAoJMAJ9Nye7WhjjOOklNJsVbTfGCBSSn9ACgsCeq KgPypRDG/SoGuhyb0J1A1BA= =oc5C -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd breaks after first unsuccessfull authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: > Janusz Krzysztofik wrote: >> I have the following problem: > >> # wbinfo -V >> Version 3.0.24 >> # wbinfo -a anyuser%goodpassword >> plaintext password authentication succeeded >> challenge/response password authentication succeeded >> # wbinfo -a anyuser%badpassword >> plaintext password authentication failed >> error code was NT_STATUS_WRONG_PASSWORD (0xc06a) >> error messsage was: Wrong Password >> Could not authenticate user anyuser%badpassword with plaintext password >> challenge/response password authentication failed >> error code was NT_STATUS_INVALID_HANDLE (0xc008) >> error messsage was: Invalid handle >> Could not authenticate user anyuser with challenge/response >> # wbinfo -a anyuser%goodpassword >> plaintext password authentication failed >> error code was NT_STATUS_INVALID_HANDLE (0xc008) >> error messsage was: Invalid handle > > I think we fixed this in SVN a long time ago. have you > searched through the release notes in 3.02.5 for any clue > as to when it was fixed. Sounds very familiar to me. ok. Something regressed apparently in 3.0.25 and I have another report of this. See the open bug report here: https://bugzilla.samba.org/show_bug.cgi?id=4579. If you can add any additional information, it would be appreciated. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTdeKIR7qMdg1EfYRAnbwAJ4y57KvB9wzhGHyz+IfERQf2toiyQCcC2dL S1PANh51y52zOb1RiyX5m8o= =GXWN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.25 Winbind high CPU usage
I just upgraded from 3.0.23d to 3.0.25 and I'm noticing that winbind is chewing up a lot of CPU usage. There are always 2 winbindd processes and one uses about 80% cpu and the other use 15% cpu. When I run a tcpdump and look at the traffic going to/from the domain controller winbindd is connected to, there is a constant flow of traffic. Here is the winbind setup from my smb.conf file: #idmap uid = 16777216-33554431 #idmap gid = 16777216-33554431 allow trusted domains = no #idmap backend = idmap_rid:WORKGROUP=16777216-33554431 idmap alloc backend = tdb idmap domains = WORKGROUP idmap config WORKGROUP: default =yes idmap config WORKGROUP: backend =rid idmap config WORKGROUP: read_only = yes idmap config WORKGROUP: range = 16777216-33554431 idmap alloc config: range = 16777216-33554431 winbind offline logon = true winbind nested groups = no winbind enum users = yes winbind enum groups = yes winbind cache time = 900 #winbind cache time = 300 template shell = /bin/bash winbind use default domain = yes password server = print.ldaf.state.la.us dc2.ldaf.state.la.us usershare.ldaf.state.la.us agchem.ldaf.state.la.us * realm = LDAF.STATE.LA.US template homedir = /data/HomeDirectories/%U Lookin at the smbd logs I'm seeing a lot of user lookups for Shares... DocumentImaging and OfficeDirectories are Shares.. [2007/05/18 11:21:06, 5] nsswitch/winbindd_async.c:lookupname_recv2(801) lookup_name returned an error [2007/05/18 11:21:06, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(390) Could not lookup name for user dOcUMenTimagING [2007/05/18 11:21:06, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam dOcUMentIMAGing [2007/05/18 11:21:06, 5] nsswitch/winbindd_async.c:lookupname_recv2(801) lookup_name returned an error [2007/05/18 11:21:06, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(390) Could not lookup name for user docUMentImaginG [2007/05/18 11:21:06, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam docUMentiMAging [2007/05/18 11:21:06, 5] nsswitch/winbindd_async.c:lookupname_recv2(801) lookup_name returned an error [2007/05/18 11:21:06, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(390) Could not lookup name for user ofFIcEdirEctoRies [2007/05/18 11:21:06, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam ofFIcEdirEctorIes [2007/05/18 11:21:06, 5] nsswitch/winbindd_async.c:lookupname_recv2(801) lookup_name returned an error [2007/05/18 11:21:06, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(390) Could not lookup name for user dOCUMenTimAgiNG [2007/05/18 11:21:06, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam dOCUMenTimaGINg [2007/05/18 11:21:06, 5] nsswitch/winbindd_async.c:lookupname_recv2(801) lookup_name returned an error [2007/05/18 11:21:06, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(390) Could not lookup name for user dOcuMeNtimAgIng [2007/05/18 11:21:06, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam dOcuMeNtimAgiNg [2007/05/18 11:21:06, 5] nsswitch/winbindd_async.c:lookupname_recv2(801) lookup_name returned an error [2007/05/18 11:21:06, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(390) Could not lookup name for user OFFicEdirECtoriEs [2007/05/18 11:21:06, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam OFFicEdirECtorieS [2007/05/18 11:21:06, 5] nsswitch/winbindd_async.c:lookupname_recv2(801) lookup_name returned an error [2007/05/18 11:21:06, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(390) Could not lookup name for user DoCumentIMAGinG [2007/05/18 11:21:06, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [0]: getpwnam DoCumentIMAgINg There are also a lot of lookups being logged in wb-BUILTIN log ==> /var/log/samba/log.wb-BUILTIN <== [2007/05/18 11:24:41, 4] nsswitch/winbindd_dual.c:fork_domain_child(989) child daemon request 20 [2007/05/18 11:24:41, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupsid(754) [29981]: lookupsid S-1-5-32-544 [2007/05/18 11:24:41, 4] nsswitch/winbindd_dual.c:fork_domain_child(989) child daemon request 20 [2007/05/18 11:24:41, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupsid(754) [29981]: lookupsid S-1-5-32-545 [2007/05/18 11:24:42, 4] nsswitch/winbindd_dual.c:fork_domain_child(989) child daemon request 20 [2007/05/18 11:24:42, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupsid(754) [29981]: lookupsid S-1-5-32-544 [2007/05/18 11:24:42, 4] nsswitch/winbindd_dual.c:fork_domain_child(989) child daemon request 20 [2007/05/18 11:24:42, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupsid(754) [29981]: lookupsid S-1-5-32-545 [2007/05/18 11:24:42, 4] nsswitch/winbindd_dual.c:fork_domain_child(989) child daemon request 20 [2007/05/18 11:24:42, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupsid(754) [29981]: lookupsid S-1-5-32-544 [2007/05/18 11:24:42, 4] nsswitc
Re: ham,[Samba] Samba breaks after upgrading to 3.0.24
Hi, I believe Edgy was using some patched version of 3.0.23 (sorry, I'm still having some X problem with Feisty now, so not easy for me to verify this online yet). I've read the release note you indicated, but as you can see below, Feisty appearantly distributes 3.0.24 only.--Do I need to find the 3.0.25 package for Ubuntu somewhere and upgrade samba first? I'm now attaching my smb.conf as a bzip2-compressed archive. On Feisty, here is my samba status: === snip === [EMAIL PROTECTED]:~$ smbstatus Samba version 3.0.24 PID Username Group Machine --- Service pid machine Connected at --- No locked files === snip === Hope I can solve this problem soon, since I need the samba access back ASAP. TIA for any further advice. Cheers, Freddie Dale Schroeder wrote: > Hello, > > I don't know what version of Samba was on Edgy, but I am suspecting it > was before 3.0.23. If that is the case, check the release notes from > 3.0.23 upward for changes that might affect you. > > http://us3.samba.org/samba/history/samba-3.0.25.html > > If you don't see anything there, then repost with your samba version and > smb.conf. > > Good luck, > > Dale > > > > Wu Yinghui, Freddie wrote: >> Hi all, >> >> I upgraded my samba as part of my Ubuntu Edgy to Feisty upgrade. But >> ever since this upgrade, my samba, which used to work smoothly in Edgy, >> no longer works. >> >> I've posted the details at >> http://kubuntuforums.net/forums/index.php?topic=3083275.0 >> >> But just in case, I'm repeating some of the findings here: >> >> When I run "smbclient //myhost/myshare -U myid", it shows this: >> Password: >> Domain=[MYHOST] OS=[Unix] Server=[Samba 3.0.24] >> Connection to ���▒v�� failed >> >> (The garbled error message shows up as slightly different mixture of >> unreadable characters on each run of samba. But the message is not >> readable at all times.) >> >> log.myhost shows this: >> >> [2007/05/16 22:30:59, 0] auth/auth_util.c:create_builtin_administrators(785) >> create_builtin_administrators: Failed to create Administrators >> [2007/05/16 22:30:59, 0] auth/auth_util.c:create_builtin_users(751) >> create_builtin_users: Failed to create Users >> >> Any clue? >> >> Thanks, >> >> Freddie >> >> >> >> >> No virus found in this incoming message. >> Checked by AVG. >> Version: 7.5.467 / Virus Database: 269.7.1/805 - Release Date: 5/15/2007 >> 10:47 AM >> -- Wu Yinghui, Freddie Senior Software Engineer Advanced Technology Research and Development Group Volume Interactions Pte Ltd 1 Kim Seng Promenade, #12-01 Great World City East Tower Singapore 237994 Tel: +65 62226962 (Ext 216) Fax: +65 62226215 Email: [EMAIL PROTECTED] URL: http://www.volumeinteractions.com http://www.dextroscope.com Important: This message is intended for the recipient(s) addressed above. It contains privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it from your system. You must not read, copy, use, or disseminate this communication in any form. Thank you. signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: ham,[Samba] Samba breaks after upgrading to 3.0.24
Hi, I believe Edgy was using some patched version of 3.0.23 (sorry, I'm still having some X problem with Feisty now, so not easy for me to verify this online yet). I've read the release note you indicated, but as you can see below, Feisty appearantly distributes 3.0.24 only.--Do I need to find the 3.0.25 package for Ubuntu somewhere and upgrade samba first? I'm now attaching my smb.conf as a bzip2-compressed archive. On Feisty, here is my samba status: === snip === [EMAIL PROTECTED]:~$ smbstatus Samba version 3.0.24 PID Username Group Machine --- Service pid machine Connected at --- No locked files === snip === Hope I can solve this problem soon, since I need the samba access back ASAP. TIA for any further advice. Cheers, Freddie Dale Schroeder wrote: > Hello, > > I don't know what version of Samba was on Edgy, but I am suspecting it > was before 3.0.23. If that is the case, check the release notes from > 3.0.23 upward for changes that might affect you. > > http://us3.samba.org/samba/history/samba-3.0.25.html > > If you don't see anything there, then repost with your samba version and > smb.conf. > > Good luck, > > Dale > > > > Wu Yinghui, Freddie wrote: >> Hi all, >> >> I upgraded my samba as part of my Ubuntu Edgy to Feisty upgrade. But >> ever since this upgrade, my samba, which used to work smoothly in Edgy, >> no longer works. >> >> I've posted the details at >> http://kubuntuforums.net/forums/index.php?topic=3083275.0 >> >> But just in case, I'm repeating some of the findings here: >> >> When I run "smbclient //myhost/myshare -U myid", it shows this: >> Password: >> Domain=[MYHOST] OS=[Unix] Server=[Samba 3.0.24] >> Connection to ���▒v�� failed >> >> (The garbled error message shows up as slightly different mixture of >> unreadable characters on each run of samba. But the message is not >> readable at all times.) >> >> log.myhost shows this: >> >> [2007/05/16 22:30:59, 0] auth/auth_util.c:create_builtin_administrators(785) >> create_builtin_administrators: Failed to create Administrators >> [2007/05/16 22:30:59, 0] auth/auth_util.c:create_builtin_users(751) >> create_builtin_users: Failed to create Users >> >> Any clue? >> >> Thanks, >> >> Freddie >> >> >> >> >> No virus found in this incoming message. >> Checked by AVG. >> Version: 7.5.467 / Virus Database: 269.7.1/805 - Release Date: 5/15/2007 >> 10:47 AM >> -- Wu Yinghui, Freddie Senior Software Engineer Advanced Technology Research and Development Group Volume Interactions Pte Ltd 1 Kim Seng Promenade, #12-01 Great World City East Tower Singapore 237994 Tel: +65 62226962 (Ext 216) Fax: +65 62226215 Email: [EMAIL PROTECTED] URL: http://www.volumeinteractions.com http://www.dextroscope.com Important: This message is intended for the recipient(s) addressed above. It contains privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it from your system. You must not read, copy, use, or disseminate this communication in any form. Thank you. signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can new ACL entries be inherited to existing subdirectories.
As also, you got it dead right. set "map acl inherit = yes" Solaris does seem to support "extended attributes". Thanks Andrew Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Watkins wrote: Hello, My samba drive works well on my XP machines and ACLs work fine as well. XP users can add new user permissions to files and folders and they are inherited for all NEW files and folders created in the future. But, adding a new permission on the security tab to a folder does not alter the EXISTING files/sub-folders like it does on a real windows network drive. I am running Samba 3.0.24/25 on Solaris 10/9 machines and here are my current settings: You need EA support on the file systems and to set "map acl inherit = yes" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] "net sam set workstations ..." prevents users from using domain resources from non-domain member systems
On Friday 18 May 2007, Gerald (Jerry) Carter wrote: > My suggestion is to start looking at the level 10 debug logs > from the failed connections and see what is going on. Thank you. At this point I'm wondering if it's a lack of understanding on my part, a difference between XP Pro and XP Home, or a bit of both. It appears (although not yet verified) that users with XP Pro systems were unaffected by the change while users with XP Home systems were. I assumed that users on non-domain member/controlled systems using local logins would have no issues when they used their domain credentials to access domain resources, this appears to be true with XP Pro but with XP Home the name of the users workstation must be added to the allowed workstation list or the "unexpected network error" occurs. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: "os level" of Vista? Samba should always win Browser Elections
Gerald (Jerry) Carter wrote: Haven't looked but I doubt it changed from 16. Very well then. I will assume that my setting of 33 will perform as well as it always has. I think that was my last remaining point to polish in preparation for an upcoming speaking engagement: "Samba 3 PDC for Windows Clients and Samba 3 Book Review". So, much thanks for keeping Samba my favorite OSS/FS project! :-) -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't create workstation account
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sascha Bieler wrote: > Hi there, > > trying to setup ntlm authentication for vpn-networking and now having trouble > to get the machin in domain account trust state. > > wbinfo -u and -g works well > smbclient works well also > > > Starting winbind daemons generates following error: > > cli_pipe_validate_current_pdu: RPC fault code > DCERPC_FAULT_OP_RNG_ERROR received from remote machine > MEATLOAF pipe \lsarpc fnum 0x75af! Are you joining a Samba domain ? If so, that error msg is probably not your problem. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTczmIR7qMdg1EfYRAibbAJ4mpZNXbBuhFpyBRCrQuurKRTpJ8ACgvSnM l+7Ij5gCJDjTLvZLcPbcRwE= =XYqS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can't create workstation account
Hi there, trying to setup ntlm authentication for vpn-networking and now having trouble to get the machin in domain account trust state. wbinfo -u and -g works well smbclient works well also Starting winbind daemons generates following error: cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine MEATLOAF pipe \lsarpc fnum 0x75af! net join -U administrator -> Creation of workstation account failed Unable to join domain Having a look in the ldif extracted from slapcat says: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1011 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: f9b8d4d6-99a0-102b-9a06-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070518153413Z entryCSN: 20070518153413Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070518153413Z So the machine account is "half alive"... smb.conf: [global] workgroup = MUSIC netbios name = BLACKHAWK security = domain server string = VPN Gateway %v password server = 192.168.100.1 wins support = no wins server = 192.168.100.1 max log size = 1 local master = no winbind enum users = yes winbind enum groups = yes #winbind use default domain = yes winbind separator = / idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false interfaces = lo, eth0 bind interfaces only = Yes syslog = 0 os level = 16 DNS works correctly. WINS too. # /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis Linux is debian 4.0 Has anyone a hint what may go wrong? Best regards Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd breaks after first unsuccessfull authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Janusz Krzysztofik wrote: > I have the following problem: > > # wbinfo -V > Version 3.0.24 > # wbinfo -a anyuser%goodpassword > plaintext password authentication succeeded > challenge/response password authentication succeeded > # wbinfo -a anyuser%badpassword > plaintext password authentication failed > error code was NT_STATUS_WRONG_PASSWORD (0xc06a) > error messsage was: Wrong Password > Could not authenticate user anyuser%badpassword with plaintext password > challenge/response password authentication failed > error code was NT_STATUS_INVALID_HANDLE (0xc008) > error messsage was: Invalid handle > Could not authenticate user anyuser with challenge/response > # wbinfo -a anyuser%goodpassword > plaintext password authentication failed > error code was NT_STATUS_INVALID_HANDLE (0xc008) > error messsage was: Invalid handle I think we fixed this in SVN a long time ago. have you searched through the release notes in 3.02.5 for any clue as to when it was fixed. Sounds very familiar to me. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTcncIR7qMdg1EfYRAibEAJ45dd7NQGXfdDiPQLNN1oErmteKWQCfSn1Y SZnp8FYRERGYqmWvu4h+frY= =MwIM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] "net sam set workstations ..." prevents users from using domain resources from non-domain member systems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris, > Running into a serious problem here with 3.0.24 + patches. > The shop has a mix of domain member computers and privately owned non-domain > member computers. I'm trying to use "net sam set workstations" to limit the > workstations domain users can log onto. This limitation works as expected. > And domain member workstations all work properly. > > But once the workstation limit is put in place the users on their own > workstations (non-domain member boxes) can no longer access domain resources > such as mapped drives which they could previously do after supplying the > proper credentials. Now even with proper credentials Windows > returns "unexpected network error" when these users try to use the domain > resources. If I remove the workstation logon limitation all works again as > expected. My suggestion is to start looking at the level 10 debug logs from the failed connections and see what is going on. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTclOIR7qMdg1EfYRAhKkAKDKcYDSkYimNzZOmEyVuekgoprh8ACfcFHE eC4nCOtlBsOxO6dC2s/ihB4= =n2Ij -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rids disappeared from net groupmap list output
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vincent Régnard wrote: > [EMAIL PROTECTED]:/tmp# net groupmap add > sid="S-1-5-21-774874489-2272698005-2144578956" rid=512 ntgroup="Domain > Admins" unixgroup="smbadmins" type=b When adding a nwe mapping, only define either the SID or the RID. Not both. This requirement has not changed. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTciuIR7qMdg1EfYRApPRAKDZl9k+VivTAnDwzyOogofMJ7YPuwCgonhc jZeT1qWeQS7UJjrevMWyT1U= =3x2/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] "os level" of Vista? Samba should always win Browser Elections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Lueck wrote: > What is the "os level" of Vista? I always set the number on Samba > servers one higher than Microsoft's value as we want Samba not to be > challenged in browser elections. Haven't looked but I doubt it changed from 16. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTcf3IR7qMdg1EfYRAqTbAJ9LHEQEr3dRIdxAeSPOQpw7Ao2HbQCfZsqY guNznb0NL4BKs96WxWIRnGY= =WiKd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] force group to Unix group in 3.0.25
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > Hi, > > I'm currently using v3.0.24 in production and all works well. > I'm testing 3.0.25 to see if I'm going to have any problems with it if > I have to upgrade. I have a problem with the "force group" setting if > it is set to a local Unix group. This same setting works fine in > 3.0.24 but I'm denied access to the same share > in 3.0.25. If I comment off the "force group" line in 3.0.25, I can > access the share fine. It also works if I set the "force group" > setting to a domain group. It only fails with a local Unix group. > Any pointers to what I can try to resolve this in 3.0.25 ? Our bug. I fixed it last night for next week's 3.0.25a release (http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0). You can either retest against the SAMBA_3_0_25 svn tree or I can send you a patch. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTcfUIR7qMdg1EfYRAiBCAJ9UlrdQYcMn45nOj2qSAtwNU7hVugCgy5gy p0RdUHw/x7q+fD1r0HXdRNc= =nJ47 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as a AD domain member server with idmap backend = ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Zach Chambers wrote: > Can someone confirm for me that when Samba is only an Active Directory > domain MEMBER server with an LDAP idmap backend, the "nsswitch.conf" > must still be set with: > > passwd: files winbind > shadow: files winbind > group: files winbind Correct. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTccNIR7qMdg1EfYRArLbAKDtGP9Pzq3b2mQh0ikUzJcBOwc71wCdFCoo p4utM5UnajVp3VW4CGORIJU= =I9IY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vista Sync and Samba Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Umut Arus wrote: > Dear All, > > I use Vista sync tool for synchronization Vista between samba-3.0.10 on > RHEL AS4. There is some problem on files to copy samba home sharing. But > if target directory is being Windows sharing does not happen the below > problem. > > Vista error screen says below messages; > These items are in conflict and did not sync > ~wrd.tmp A file was deleted on this computer and > changed on the server while this computer was offline. > New Text Document A file changed on this computer while offline has > been deleted or renamed on the server. > > Is there any resolution this problem? Haven't tried it myself. Have you tested a newer release than 3.0.10? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTca9IR7qMdg1EfYRAvRKAKCM2ddX9sLcILa82UcHPXNeBI8e4QCeJIeW Z+OSZBlWRDuM2/w7fZoQML4= =GeAe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strange winbind connection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > tcp 0 0 server-A:44539 server-B.:microsoft-ds VERBUNDEN > 27631/winbindd Domain trust ? jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTcaRIR7qMdg1EfYRAgcvAJ4mJ+emyFlFhW05IwwfLGUn3VU+AgCg62bi WHtim7tnT1ZO4JtSTUw0+a8= =sl7U -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Wierd interaction between Samba and HTTP?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff Coffler wrote: > This problem goes away when I run samba-3.0.24-1. > So, somehow, some change in Samba is causing a Windows > mount request to somehow get redirected to http ... Nah. Just disable the Webclient on XP. Other than that, be aware of the change to the default "msdfs root" parameter value. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTcWAIR7qMdg1EfYRAu29AKDdJSrTcC94YlsQEvffrBW83gWPngCcCo6I c0mH0GXv9GMTl58w8YLn66E= =QuRe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.25 plugin changes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Griffith wrote: > > Greetings, > > Before I start digging into making our local passdb > plugin work with Samba 3.0.25, is there any heads up I > need to know about? Paul, Mostly I would suggest looking at include/passdb.h. Prety standard porting work I expect. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTcUBIR7qMdg1EfYRAtJxAKCyPNxZD1F3R5vDxH3QJtGVR+z33wCcDvy9 vlnN26qlZFrJtooMs/M3JgM= =QHel -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can new ACL entries be inherited to existing subdirectories.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Watkins wrote: > > > Hello, > > My samba drive works well on my XP machines and ACLs work fine as well. > XP users can add new user permissions to files and folders and they are > inherited for all NEW files and folders created in the future. > > But, adding a new permission on the security tab to a folder does not > alter the EXISTING files/sub-folders like it does on a real windows > network drive. > > I am running Samba 3.0.24/25 on Solaris 10/9 machines and here are my > current settings: You need EA support on the file systems and to set "map acl inherit = yes" cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTcLjIR7qMdg1EfYRAhHRAJ9jhX5RrPO9oBHNlp+2/VtuVIPdIgCfYUQc dwS1C0nQvP0SVUxWzYS5liQ= =i649 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.25: non-Kerberos authentication fails when security=ads?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Ralston wrote: > Is it the case that now one *must* run winbind > in security=ads mode? Nope. Recommended but not required. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTcI/IR7qMdg1EfYRAqMWAKDJPLnQ4bFbY90fzPRYcRZ4vncctwCgo7sc eji3SIsiYtszyTLqxN7RSxY= =fwxp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printing from dos works...not from smbclient
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jørgen Kold wrote:
> Hi
>
> We have a newly started server(Sun-Fire-T200) running samba.
> From one day to another samba printing just stopped working. We have
> found out following:
>
> When forwarding printing to another server through printers.conf it works.
> When printing from dos through the command: echo ^MHello^L >
> \\servername\printer it also works.
> When right clicking on the printer choosing "Print test print" it does
> not work.
> When using smbclient to print from the server it also works.
> Whenever we create a printer with the original name it just dosn't work.
ERRNotEnoughDetails ("not enough details provided to
generate an adequate response")
cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGTcH5IR7qMdg1EfYRAjP8AJ470D7h6iKeOKMy0QgOHIQCtItONQCdHV/L
73mrj4njVgwIrR6fnXCSG4Y=
=5xzx
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Centos4 x86_64 upgrade from samba sernet 3.0.24 to sernet 3.0.25
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > Hi. > > I have problems, when upgraded from samba sernet 3.0.24 to 3.0.25 (too > early ?): > > 1) always must change password, when log in to windows XP professonall - > samba 3.0.25 PDC - password expired Known issue. Working on a fix for 3.0.25a. https://bugzilla.samba.org/show_bug.cgi?id=4630 > 2) I can't browse widnows network on client machine - network > broswer in WinXP don't respond - just hangs See the threads about the change is the default option for "msdfs root". Clients require a reboot in order to clear their cache settings of the server configuration here. > 3) I cann't print any more to printers attached to another > widnows machines connected to samba 3.0.25 PDC First I've heard of this, but there's not enough details to comment. btw...Release plans are posted in the wiki: http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.0 cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTcGwIR7qMdg1EfYRAmclAKC+4X27T00P+husTlL9umgaTDsOQQCfSKsa GR1sazmHZtdp1afqpg2hLDI= =8OH+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd breaks after first unsuccessfull authentication
I have the following problem: # wbinfo -V Version 3.0.24 # wbinfo -a anyuser%goodpassword plaintext password authentication succeeded challenge/response password authentication succeeded # wbinfo -a anyuser%badpassword plaintext password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user anyuser%badpassword with plaintext password challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc008) error messsage was: Invalid handle Could not authenticate user anyuser with challenge/response # wbinfo -a anyuser%goodpassword plaintext password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc008) error messsage was: Invalid handle Could not authenticate user anyuser%goodpassword with plaintext password challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc008) error messsage was: Invalid handle Could not authenticate user anyuser with challenge/response # /etc/init.d/winbind restart Stopping the Winbind daemon: winbind. Starting the Winbind daemon: winbind. # wbinfo -a anyuser%goodpassword plaintext password authentication succeeded challenge/response password authentication succeeded The same happens using ntlm_auth. Any ideas? Janusz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA: Share specific log files
Maybe the file descriptors wasn't properly closed yet.
I think that a stop and start will force the process to immediately obeys you.
On 5/18/07, Srini <[EMAIL PROTECTED]> wrote:
Hi all,
We find that the log messages gets correctly redirected after a
certain period of time from a samba service restart (3 or 4 minutes).
Till this initial period of time, it looks like the log messages are
getting redirected to the default log file but after this time and
with the below code change, it is getting redirected into the
appropriate share specific log file. Does anyone have any ideas on why
this is not happening from beginning??
Thanks
Srini
On 5/17/07, Srini <[EMAIL PROTECTED]> wrote:
> No. They dont seem to work for being used in log file. Apparently
> these can not be used for log file names in the configuration file but
> for other execution scripts (preexec and postexec).
>
> Srini
>
> On 5/16/07, Cleber P. de Souza <[EMAIL PROTECTED]> wrote:
> > The share variables %P and %S don't help you?
> > Like this:
> > log file = /var/log/samba/%S.log
> >
> >
> > On 5/16/07, Srini <[EMAIL PROTECTED]> wrote:
> > > Hi all,
> > >
> > > We are trying to print the log messages pertaining to each share in a
> > > different log file for auditing purposes.
> > >
> > > We are using Samba v3.0.20b.
> > >
> > > We are trying to modify the file
> > > smbd/service.c::make_connection_snum() function by changing the log
> > > file full path. The code changes that is done are as follows:
> > >
> > >char logfilefullpath[70];
> > >char sharename[256];
> > >
> > >safe_strcpy_fn (__FILE__, __LINE__ ,logfilefullpath,
> > > "/log/sharenet/", sizeof ("/log/sharenet/"));
> > >safe_strcat_fn
> > > (__FILE__,__LINE__,logfilefullpath,lp_servicename(snum),
> > > sizeof("/log/sharenet/")+sizeof(lp_servicename(snum)));
> > >safe_strcat_fn (__FILE__,__LINE__,logfilefullpath,".log",
> > > sizeof("/log/sharenet/")+sizeof(lp_servicename(snum))+sizeof(".log"));
> > >
> > >safe_strcpy_fn
> > > (__FILE__,__LINE__,sharename,lp_servicename(snum),
> > > sizeof("/log/sharenet/")+sizeof(lp_servicename(snum)));
> > >lp_set_logfile(logfilefullpath);
> > >safe_strcpy_fn
> > > (__FILE__,__LINE__,debugf,logfilefullpath,sizeof(logfilefullpath));
> > >
> > >if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
> > >dbgtext( "%s (%s) ", get_remote_machine_name(),
> > > conn->client_address );
> > >dbgtext( "%s", srv_is_signing_active() ? "signed " : "");
> > >dbgtext( "connect to service %s ", lp_servicename(snum) );
> > >dbgtext( "initially as user %s ", user );
> > >dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(),
(int)getegid() );
> > >dbgtext( "(pid %d)\n", (int)sys_getpid() );
> > >}
> > >
> > > We have done a similar code snipped in the relevant portion of the
> > > code in open_file part of Samba as well. However we find that the log
> > > file randomly gets written to the default log file (log file= variable
> > > in smb.conf) or sometimes to the share specific log file (that we have
> > > attempted above). It looks like that this was a buffering problem and
> > > so we tried to put in dbgflush() routine as well after calling
> > > dbgtext() macro. Still with no success...
> > >
> > > Has anyone tried to modify the source code to generate share specific
> > > log trails - either by modifying the source code or without? If so,
> > > can the experts guide us on this?
> > >
> > > Thanks in advance for all your inputs and help,
> > >
> > > Srini
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/listinfo/samba
> > >
> >
> >
> > --
> > ***
> > Cleber P. de Souza
> >
>
--
***
Cleber P. de Souza
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem setting ntlm authentication for apache using mod_auth_winbind
[EMAIL PROTECTED] wrote: Hello list, I'm trying to set up ntlm authentication for using mod_auth_winbind. Unfortunately during the "ntlm dance" some errors occurs. It complains about Oversized message, Invalid request and ntlm_auth goes to defunc... ( broken pipe as we can see in apache error log file ) apache 31623 31578 1 19:25 ?00:00:00 [ntlm_auth] Log file from apache is here: http://ncpnc.obsysa.net/combor/apache_arror.log I was trying to trace problem with strace but logfile contains nothing useful ( except the broken pipe information :) ). http://ncpnc.obsysa.net/combor/strace.log My share definition looks like below. Alias /auth/ntlm/ "/var/www/auth/ntlm/" AuthType NTLM NTLMAuth on NegotiateAuth off NTLMBasicAuth on NTLMAuthHelper "/usr/bin/ntlm_auth -d10 --option='auth methods = winbind' --helper-protocol=squid-2.5-ntlmssp" NTLMBasicAuthoritative off Require valid-user Host is correctly joined to AD and users can browse thru samba shares. The most useful information about errors are in attached log files so im not going to repeat them here. Is there any other information I could supply to resolve the problem? Did you ever find a solution to this problem? Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rids disappeared from net groupmap list output
Vincent Régnard a écrit : ** on 3.0.25: [EMAIL PROTECTED]:/tmp# net groupmap add sid="S-1-5-21-774874489-2272698005-2144578956" rid=512 ntgroup="Domain Admins" unixgroup="smbadmins" type=b Successfully added group Domain Admins to the mapping db as a wellknown group But: [EMAIL PROTECTED]:/tmp# net groupmap list Domain Admins (S-1-5-21-774874489-2272698005-2144578956) -> smbadmins No rid shows up ? (same with type domain option) After a few more tests, I realize I have to write explicitly the RID in the SID string to get it work properly: [EMAIL PROTECTED]:/tmp# net groupmap add sid="S-1-5-21-774874489-2272698005-2144578956-512" ntgroup="Domain Admins" unixgroup="smbadmins" type=b or this way also works: [EMAIL PROTECTED]:/tmp# net groupmap add rid=512 ntgroup="Domain Admins" unixgroup="smbadmins" type=b It was not clear to me at first glance but now works as expected ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] rids disappeared from net groupmap list output
Hi all, I used to see clearly rids in groupmaps whith my old 3.0.20. I am planning to switch to 3.0.25 but when I create the wellknowns and other groupmaps the same way as I did before, rid seams not to show up anymore: ** on 3.0.20 I can read my groupmap rids (512 here): [EMAIL PROTECTED] net groupmap list Domain Admins (S-1-5-21-362411026-3941723405-3168679234-512) -> smbadmin ** on 3.0.25: [EMAIL PROTECTED]:/tmp# net groupmap add sid="S-1-5-21-774874489-2272698005-2144578956" rid=512 ntgroup="Domain Admins" unixgroup="smbadmins" type=b Successfully added group Domain Admins to the mapping db as a wellknown group But: [EMAIL PROTECTED]:/tmp# net groupmap list Domain Admins (S-1-5-21-774874489-2272698005-2144578956) -> smbadmins No rid shows up ? (same with type domain option) Is this a normal expected behaviour ? Or should I still have the rid appear as before ? Did I misuse the configuration tools or missed something ? Thanks for your comments. Vincent -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible? Mount vfat, share, have full use of R/A/S/H attributes?
On Thu, May 17, 2007 at 11:14:09AM -0400, groups, freeman wrote: > At this time I'm wondering if I can expect to be able to use a linux box > to host a vfat volume with 100% of the FAT attributes supported, and > keeping the volume compatible with MS operating systems thereafter ... > i.e. is this even possible? I would doubt this is possible. At least, I don't know of anybody who has looked at this in detail. Sorry, Volker pgp9O6gdDu32e.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and AD via ldap.
Hi All, I am relatively new to samba but recently I have been working a lot with it in order to unite ID/GID on our unix clients.we have Active Directory DC and I would like to allow users to use their accounts when working on these clients (clearcase related). I have started working with winbind and reached to a point when I Joined the domain,got details using wbinfo -u/-g and su works fine. Next stage was to be able to get same UID/GID on all clients,so after some reading I have installed AD4Unix on the DC in order to extend the AD schema to hold unix accounts details,and planned to use ldap to reach it from the clients.so far so good. My problem is that I could not get the samba/pam.d/nsswitch/kerb5 configuration to work with ldap.I am not able to su to a as it is not recognized by the machine now, so I can't even check if the ID's are correct. I was wondering if someone could help me with going from a clean working winbind env to a working ldap one. what are the changes necessary to make it work correctly ? from reading some of mails in the list I understand that many of you already have done it before. I addition, which version of samba best support it ? 20 and later ? Thanks, Gabby. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Some problems updating to 3.0.25 (minor,warnings)
Jeremy Allison escribió: On Thu, May 17, 2007 at 09:04:47AM +0200, Emilio Casbas wrote: We've updated from 3.0.24 to 3.0.25 and we've noticed some minor problems such as some clients had to reboot in order to mount the share. That's due to the msdfs root = no parameter change. It was listed in the release notes. Yes, I noticed it this behaviour in a previous mail, thanks. And the log is now showing this warning all the time: WARNING: Winbindd not running, mapping ids with legacy code [2007/05/17 08:57:37, 2] passdb/lookup_sid.c:sid_to_gid(1435) We are thinking to revert to the previous version 3.0.24 which works correctly. What specificly is not working, or is it just this debug message that is concerning you ? Jeremy. The major problems were the previous one with the users, as you said, it was solved changing msdfs root = yes OR rebooting the client machine. The debug message was concerning me due to his intensity but I have seen it's not a problem in our environment. Thanks Emilio C. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind - wbinfo -u works, getent passwd only gives local users
In smb.conf, do you have winbind enum groups = yes winbind enum users = yes ? I got stumped by this myself but these seem now to be off by default and need to be added for nsswitch to enumerate users/groups. Cheers Alex On Thu, 2007-05-17 at 18:30 +0100, David Lee wrote: > Hi Rune > I have > > passwd: compat winbind > group: compat winbind > shadow: compat > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc:db files > > netgroup: nis > > and am now wondering what the netgroup entry is doing. > Other than that, it looks OK to me. > > Removing the netgroup entry does not help. > > David Lee > > -- Forwarded Message -- > > Subject: Re: [Samba] Winbind - wbinfo -u works, getent passwd only gives > local users > Date: Thursday 17 May 2007 01:20 > From: Rune Tønnesen > > Hi' David > > have you checked your setup in the /etc/nsswitch.conf file? > -- > Rune Tønnesen > Venlig Hilsen/Best Regards > > > I only have limited Samba experience, and expect this is a silly mistake, > > but have been unable to find a solution > > > > I have installed Samba and Winbind on my desktop Linux (Debian) machine > > (SPARKSTONELX), aiming to unify logins with other windows machines > > accessing the PDC, again samba/Debian, with tdbsam password backend. All is > > well, joining the domain, and getting account details using wbinfo -u, but > > getent passwd only gives the local account details. > > > > The log file on the PDC (FILESTONE) reports > > > > [2007/05/15 22:31:48, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) > > get_md4pw: Workstation SPARKSTONELX$: no account in domain > > [2007/05/15 22:31:48, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) > > _net_auth2: failed to get machine password for account SPARKSTONELX$: > > NT_STATUS_ACCESS_DENIED > > > > [2007/05/15 22:31:52, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259) > > group sparkstonelx$ in domain STONES does not exist > > > > and on the Linux desktop > > > > [2007/05/15 22:30:18, 1] > > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) > > cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR > > received from remo > > te machine FILESTONE pipe \lsarpc fnum 0x767a! > > [2007/05/15 22:30:18, 1] > > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601) > > cli_pipe_validate_current_pdu: Bind NACK received from remote > > machinesparkstonelx:/var/log/samba# wbinfo --own-domain > > STONES > > sparkstonelx:/var/log/samba# wbinfo -t > > checking the trust secret via RPC calls succeeded > > sparkstonelx:/var/log/samba# wbinfo -D stones > > Name : STONES > > Alt_Name : > > SID : S-1-5-21-835963941-2627181251-1431239077 > > Active Directory : No > > Native: No > > Primary : Yes > > Sequence : 1179266454 > > FILESTONE pipe \samr > > fnum 0x767b! > > [2007/05/15 22:30:18, 0] > > rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356) > > cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error > > NT_STATUS_NETWORK_ > > ACCESS_DENIED > > [2007/05/15 22:30:18, 1] > > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601) > > cli_pipe_validate_current_pdu: Bind NACK received from remote machine > > FILESTONE pipe \lsar > > pc fnum 0x767e! > > [2007/05/15 22:30:18, 0] > > rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356) > > cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error > > NT_STATUS_NETWORK_ > > ACCESS_DENIED > > > > but > > > > sparkstonelx:/var/log/samba# wbinfo --own-domain > > STONES > > sparkstonelx:/var/log/samba# wbinfo -t > > checking the trust secret via RPC calls succeeded > > sparkstonelx:/var/log/samba# wbinfo -D stones > > Name : STONES > > Alt_Name : > > SID : S-1-5-21-835963941-2627181251-1431239077 > > Active Directory : No > > Native: No > > Primary : Yes > > Sequence : 1179266454 > > > > Any ideas? > > > > My network is about 6 machines in a Christian community, some being XP > > home, which limits my possible security settings! > > -- > > David Lee > > > > Living Stones, Flore, UK > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > --- > > -- > David Lee > > Living Stones, Flore, UK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.25 on Debian (Debian bug #424637)
> > That sounds like > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424637, I'm afraid. > > > > Not much hop yet...there is nothing in that bug except a kind of proof > > that you're not alone...:-| > > The error indicates that the packages were not built > to include krb5/ldap/ads support. Just a packaging issue. Further investigation confirms this. The i386 version of the samba package in Debian was built without Kerberos support. Indeed, this build was done by me and this is what was uploaded to the Debian archive. *That* build is the one that sucks (for a reason I can't explain yet: I built as usual, with pbuilder in a chroot). Packages in Debian unstable for other architectures are correct. If I rebuild the Debian package on my machine *now*, it is also correctly linked to the Kerberos libraries. We will probably solve this with a binNMU on i386 (Debian jargon: we will ask the autobuilder to rebuild the i386 package). Waiting for Steve Langasek's advice For people who are hit hard by this and still want 3.0.25, I have put locally built packages on http://people.debian.org/~bubulle/samba 8ae56e88e4334f024fa94f30535fe1e7 libpam-smbpass_3.0.25-2_i386.deb 92b3aec20e62401404dd623abb0deed6 libsmbclient_3.0.25-2_i386.deb ef48e8cada483d4851d7cd3867aae8bf libsmbclient-dev_3.0.25-2_i386.deb a4be9761f93ee61645a9fe4d2d4fb0b6 python-samba_3.0.25-2_i386.deb d1a29e45bcb20c16a970f88950c43458 samba_3.0.25-2_i386.deb ca419eca1fa8624c997ed186ba33b95f samba-common_3.0.25-2_i386.deb a217f0a1e0316d089f5a79cc19fc1fa4 samba-dbg_3.0.25-2_i386.deb da0b37c7438668400c2d1b8f73d493e5 samba-doc_3.0.25-2_all.deb 4df17aee3ef6a5ecfa116fb2caa905b2 samba-doc-pdf_3.0.25-2_all.deb d1c9f67fbb0841b624acfc220138e9b3 smbclient_3.0.25-2_i386.deb 30494629044a9b863c20278b12c8e712 smbfs_3.0.25-2_i386.deb afd86362acd52920105ca720e970e76a swat_3.0.25-2_i386.deb fbd592ca08b2b55306894c486f41cbd4 winbind_3.0.25-2_i386.deb Please be aware that the -2 release is likely to prevent you to upgrade to further official versions of the package. I rebuilt these packages in a hurry. You have been warned...:) signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
