[Samba] smbd write failure, kernel

[Филипп Филиппов]

Hello!
I have samba 3.0.23c-2 installed on Fedora Core 7. Smbd and nmbd daemons 
start automotically with computer via commands in rc.local:

smbd -D
nmbd -D

But there is one problem. When smbd starts via rc.local, it can't write 
files to the disk.

And when I start it myself, everything is fine.

smbd.log:
[2007/05/21 09:49:06, 0] lib/util_sock.c:write_data(562)   write_data: 
write failure in writing to client 192.168.0.56. Error Connection reset 
by peer


syslog(kern.debug):
May 22 16:57:37 server kernel: audit(1179827857.498:149): avc:  denied  
{ write } for  pid=10734 comm="smbd" name="log" dev=tmpfs ino=24665 
scontext=system_u:system_r:smbd_t:s0 tcontext=root:object_r:device_t:s0 
tclass=sock_file


Please, help.

Philipp.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.25a Available for Download

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
   Old Mother Hubbard went to the NULL
  To get her NULL NULL a bone.
 When she got there, the NULL was NULL
 And so her NULL dog had none.

 -- Anonymous CS undergrad attempt
   at programming Mad Libs
==
Release Announcements
=

This is the second production release of the Samba 3.0.25 code
base and is the version that servers should be run for for all
current bug fixes.

Major bug fixes included in Samba 3.0.25a are:

  o Missing supplementary Unix group membership when using
"force group".
  o Premature expiration of domain user passwords when using a
Samba domain controller.
  o Failure to open the Windows object picker against a server
configured to use "security = domain".
  * Authentication failures when using security = server.


Changes to MS-DFS Root Share Behavior
=

Please be aware that the initial value for the "msdfs root"
share parameter was changed in the 3.0.25 release series and
that this option is now disabled by default.  Windows clients
frequently require a reboot in order to clear any cached
information about MS-DFS root shares on a server and you may
experience failures accessing file services on Samba 3.0.25
servers until the client reboot is performed.  Alternately,
you may explicitly re-enable the parameter in smb.conf.   Please
refer to the smb.conf(5) man page for more details.




Download Details


The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

http://download.samba.org/samba/ftp/

The release notes are available online at:

http://www.samba.org/samba/history/samba-3.0.25a.html

Binary packages are available at

http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

--Enjoy
The Samba Team
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGVm/pIR7qMdg1EfYRAosCAJwOwri/jvJTPsf9++fsY7tVe4nH5ACguy52
dGgO2/iqbeZYP3yl+iclfig=
=ASEr
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Advice about samba + GFS

[Andrew Bartlett]

On Mon, 2007-05-21 at 17:04 +0200, [EMAIL PROTECTED] wrote:
> Hi people,
> 
> Actually, I have a samba server with XFS filesystem.
> It run fine with no problem.
> 
> But, I must change machine (replacement cycle).
> The hardware is from HP which distribute some tools and package for 
> managing server.
> This tools run only with update and kernel from supported distribution (in 
> this case RedHat).
> 
> The problem is the support of XFS on RedHat distrib.
> If I want XFS on my server, I must recompile the kernel with problem about 
> Hp package !
> 
> Another project have the objective to find a solution for clustering the 
> data and the samba server.
> And Redhat have a solution named GFS.
> 
> And now I would like to know some experience of sysadmin about GFS and 
> samba ( on LVM and ACL )
> A little bechmarl between XFS and GFS and other link if possible.

GFS on a single node should work fine, but if you want to use the
cluster features, then you will need to use the CTDB cluster work:

http://wiki.samba.org/index.php/CTDB_Setup

You will want to discuss any cluster work on the samba-technical list. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Red Hat Inc.  http://redhat.com


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] I can't get mod_auth_ntlm_winbind to work

[Andrew Bartlett]

On Mon, 2007-05-21 at 15:01 +0200, Mogens Kjaer wrote:
> Scenario:
> 
> Centos 5 x86_64 machine with samba-3.0.23c-2.el5.2.0.2
> 
> The machine is a PDC, Windows 2000 users logon, get
> profiles, etc.
> 
> I'm trying to set up a folder in apache that uses
> NTLM authentication using mod_auth_ntlm_winbind.

> [2007/05/21 14:51:59, 10] utils/ntlm_auth.c:manage_squid_request(1615)
>Got '' from squid (length: 89).
> [2007/05/21 14:51:59, 2] utils/ntlm_auth.c:manage_squid_request(1618)
>Invalid Request
> ERR
>Got 'This is intended to read lines from modules imported -- hence 
> if a filPãÃ]ÿ^?' from squid (length: 127).

> 
> Any suggestions?

Something is sending very weird things down the pipe to ntlm_auth.  It's
been a long while since I worked on this, but chase down that cross-talk
and you should be able to make this work. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Red Hat Inc.  http://redhat.com


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.24 and disappearing ACL entries

[notinh notien]

Interaction with the Standard Samba “create mask” Parameters

There are four parameters that control interaction with the standard Samba 
create mask parameters:


   *

 security mask
   *

 force security mode
   *

 directory security mask
   *

 force directory security mode

When a user clicks on OK to apply the permissions, Samba maps the given 
permissions into a user/group/world r/w/x triplet set, and then checks the 
changed permissions for a file against the bits set in the security mask 
parameter. Any bits that were changed that are not set to 1 in this 
parameter are left alone in the file permissions.


Essentially, zero bits in the security mask may be treated as a set of bits 
the user is not allowed to change, and one bits are those the user is 
allowed to change.


If not explicitly set, this parameter defaults to the same value as the 
create mask parameter. To allow a user to modify all the user/group/world 
permissions on a file, set this parameter to 0777.


Next Samba checks the changed permissions for a file against the bits set in 
the force security mode parameter. Any bits that were changed that 
correspond to bits set to 1 in this parameter are forced to be set.


Essentially, bits set in the force security mode parameter may be treated as 
a set of bits that, when modifying security on a file, the user has always 
set to be on.


If not explicitly set, this parameter defaults to the same value as the 
force create mode parameter. To allow a user to modify all the 
user/group/world permissions on a file with no restrictions, set this 
parameter to 000. The security mask and force security mode parameters are 
applied to the change request in that order.


For a directory, Samba performs the same operations as described above for a 
file except it uses the parameter directory security mask instead of 
security mask, and force directory security mode parameter instead of force 
security mode .


The directory security mask parameter by default is set to the same value as 
the directory mask parameter and the force directory security mode parameter 
by default is set to the same value as the force directory mode parameter. 
In this way Samba enforces the permission restrictions that an administrator 
can set on a Samba share, while still allowing users to modify the 
permission bits within that restriction.


If you want to set up a share that allows users full control in modifying 
the permission bits on their files and directories and does not force any 
particular bits to be set on, then set the following parameters in the 
smb.conf file in that share-specific section:

security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0

_
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Need help: Centos 5, Samba as file server + ACL for WORKGROUP

[notinh notien]

Hi, all.  I could not add any additional users to a file or directory using 
the Windows Security tab in Windows XP Sp2.  Here is my configuration for 
samba-3.0.23c-2.el5.2.0.2.


# grep ACL config-2.6.18-8.el5
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_NFS_V3_ACL=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFS_ACL_SUPPORT=m

# smbd -b | grep ACL
  HAVE_SYS_ACL_H
  HAVE_POSIX_ACLS

# cat /etc/fstab
/dev/VolGroup00/LogVol00/ext3defaults,acl,user_xattr 
   1 1


#mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw,acl,user_xattr)

#getfacl /storage/Engineers/abc.txt
getfacl: Removing leading '/' from absolute path names
# file: storage/Engineers/abc.txt
# owner: nntien
# group: Engineers
user::rwx
group::rwx
other::---

[EMAIL PROTECTED] Engineers]# id mly
uid=501(mly) gid=501(mly) 
groups=501(mly),5000(Engineers),6000(Accounting),7000(Manufacturing)

[EMAIL PROTECTED] Engineers]# id nntien
uid=500(nntien) gid=500(nntien) groups=500(nntien),5000(Engineers)

# cat /etc/samba/smbpasswd
nntien:500::5AF11A754A88475E68E3BFA04E552711:[U 
 ]:LCT-465460BD:
mly:501::5AF11A754A88475E68E3BFA04E552711:[U 
 ]:LCT-46549197:



My samba server has local ip as 192.168.0.203 and here is my smb.conf file:

[global]
   workgroup = BEEINC
   server string = FILER TEST Server
   passdb backend = smbpasswd:/etc/samba/smbpasswd
   lanman auth = No
   client NTLMv2 auth = Yes
   client lanman auth = No
   client plaintext auth = No
   log file = /var/log/samba/%m.log
   max log size = 50
   deadtime = 15
   preferred master = No
   local master = No
   domain master = No
   dns proxy = No
   admin users = mly
   force create mode = 0660
   force directory mode = 0770

[Engineers]
   path = /storage/Engineers
   read only = No
   security mask = 0770
   force security mode = 0770
   directory security mask = 0770
   force directory security mode = 0770
   inherit permissions = Yes
   inherit acls = Yes
   follow symlinks = No

When I accessed this Engineers share from Windows XP with nntien account, I 
was able to create new files and directories.  When it came to add 
additional user to the ACL, I used Windows Security tab to add but I could 
not. At times, a pop up windows prompted for user name and password, I 
entered root and root's passowrd.  After that I enter user name as mly into 
the field, or [EMAIL PROTECTED] or anything suggested but I always got the 
error message of: "An object named "mly" cannot be found. I tried other 
users that are not in the same owner group of this folder too but nothing 
worked.


ls -lhat
total 32K
drwxrws--- 10 nntien Engineers 4.0K May 24 10:14 Engineers

-rwxrwx---   1 nntien Engineers7 May 23 11:37 abc.txt

I still could add new user in Linux:
[EMAIL PROTECTED] Engineers]# setfacl -m user:hmtien:rx abc.txt
[EMAIL PROTECTED] Engineers]# getfacl abc.txt
# file: abc.txt
# owner: nntien
# group: Engineers
user::rwx
user:hmtien:r-x
group::rwx
mask::rwx
other::---

# id hmtien
uid=502(hmtien) gid=502(hmtien) groups=502(hmtien),7000(Manufacturing)

When I opened the Windows Security tab in Windows Explorer, I saw this new 
entry set correctly there.  I really do not want to use the command line to 
do this anytime a new entry needs to be included.


Could somebody here tell me how I should go about adding more entries using 
Windows Security tab?  What did I miss for my configuration?  What could be 
wrong?


Thank you very much for your helps.

_
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] problem with synchronize samba and unix password - ldap

[adrian sender]

It could be a problem with you slapd.conf & ACL's, you need something like 
this:


access to attrs=userPassword
   by self write
   by dn="cn=Manager,dc=domainname,dc=com" write
   by * auth

access to attrs=sambaLMPassword,sambaNTPassword
   by dn="cn=Manager,dc=domainname,dc=com" write

access to *
   by dn="cn=Manager,dc=domainname,dc=com" write
   by * read

Samba needs access to this, replace "Manager" with the bind dn that samba 
uses to bind to the ldap database.


Cheers,

Adrian Sender.



From: empirium <[EMAIL PROTECTED]>
To: samba@lists.samba.org
Subject: [Samba] problem with synchronize samba and unix password - ldap 
Date: Thu, 24 May 2007 12:26:59 +0200

I have a such problem.
I have samba 3 as a PDC  with ldap as a authentication backend.
When I use script  "smbldap-passwd user", samba password and unix password 
is changing correct, but when i use Ctr+Alt+Del from windows computer samba 
is changing corectly its password, and I see that unix password is also 
changing but I cannot to log to system with that unix password.

Somebody knows why?

part of smb.conf

ldap password sync = Yes
#unix password sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
update encrypted = yes
encrypt passwords = yes


smbldap.conf

hash_encrypt="CRYPT"
crypt_salt_format="%s"

Thanks in advance
luk


_
Advertisement: Its simple! Sell your car for just $30 at carsales.com.au 
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801577%2Fpi%5F1005244%2Fai%5F838588&_t=762955845&_r=tig_may07&_m=EXT


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] enable privileges = yes doesn't work

[Ray Klassen]

I can't do any domain level stuff as anybody but root. I've given the 
Domain Admins group SeMachineAccount Privilege for instance, but when I 
try to add a machine as a non root member of Domain Admins I get the 
error smbldap_open: cannot access LDAP when not root




enable privileges = yes  --- > is in my smb.conf

I'm running samba-3.0.24 (compiled from Source RPM) on Centos 5

--
Ray Klassen
Computer SysAdmin
MCC Supportive Care Services
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Net command question. Samba 3.0.25 rc3

[Henrik Zagerholm]

Hello list,

I wonder which user flags can be specified when adding users with the  
net command.


The documentation shows:

[RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]

But the user flags are not mentioned anywhere.

Are they implemented?

Regards,
Henrik
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Sharp AR-M550N and SAMBA

[jhall]

Recently, we added a Sharp AR-M550N copier to our network.  This device
functions as an MFC (scanner/printer/copier).

When I attempt to install the drivers to the SAMBA server, I receive an
error message which displays briefly and then I receive the following
error message when trying to access the properties of the printer.

Function address 0x3119c9f caused a protection fault. (exception code
0xc05).  Some or all property pages may not be displayed.

I have tried this with the PCL5e and the PCL6 driver with the same results.

Has anyone else seen this type of behavior?  And, do you think uploading
the drivers using rpcclient as opposed to the Add Printer Wizard, would
make any difference?

Thanks in advance for your assistance.



Jay

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbind - wbinfo -u works, getent passwd only gives local users

[Henrik Zagerholm]

Did you link libnss_winbind correctly?

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ 
winbind.html#id412579


Cheers,
henrik
23 maj 2007 kl. 00:02 skrev David Lee:


Thanks for the suggestion, but these are already set.

I am not making any progress on this.

David Lee

On Friday 18 May 2007 08:53, Alex Crow wrote:

In smb.conf, do you have
winbind enum groups = yes
winbind enum users = yes ?

I got stumped by this myself but these seem now to be off by  
default and

need to be added for nsswitch to enumerate users/groups.

Cheers

Alex

On Thu, 2007-05-17 at 18:30 +0100, David Lee wrote:

Hi Rune
I have

passwd: compat winbind
group:  compat winbind
shadow: compat

hosts:  files dns
networks:   files

protocols:  db files
services:   db files
ethers: db files
rpc:db files

netgroup:   nis

and am now wondering what the netgroup entry is doing.
Other than that, it looks OK to me.

Removing the netgroup entry does not help.

David Lee

--  Forwarded Message  --

Subject: Re: [Samba] Winbind  - wbinfo -u works, getent passwd  
only gives

local users
Date: Thursday 17 May 2007 01:20
From: Rune Tønnesen

Hi' David

have you checked your setup in the /etc/nsswitch.conf file?
--
Rune Tønnesen
Venlig Hilsen/Best Regards


I only have limited Samba experience, and expect this is a silly
mistake, but have been unable to find a solution

I have installed Samba and Winbind on my desktop Linux (Debian)  
machine

(SPARKSTONELX), aiming to unify logins with other windows machines
accessing the PDC, again samba/Debian, with tdbsam password  
backend.

All is well, joining the domain, and getting account details using
wbinfo -u, but getent passwd only gives the local account details.

The log file on the PDC (FILESTONE) reports

[2007/05/15 22:31:48, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
  get_md4pw: Workstation SPARKSTONELX$: no account in domain
[2007/05/15 22:31:48, 0] rpc_server/srv_netlog_nt.c:_net_auth_2 
(461)
  _net_auth2: failed to get machine password for account  
SPARKSTONELX$:

NT_STATUS_ACCESS_DENIED

[2007/05/15 22:31:52, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(259) group  
sparkstonelx$ in

domain STONES does not exist

and on the Linux desktop

[2007/05/15 22:30:18, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code
DCERPC_FAULT_OP_RNG_ERROR received from remo
te machine FILESTONE pipe \lsarpc fnum 0x767a!
[2007/05/15 22:30:18, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
  cli_pipe_validate_current_pdu: Bind NACK received from remote
machinesparkstonelx:/var/log/samba# wbinfo --own-domain
STONES
sparkstonelx:/var/log/samba# wbinfo -t
checking the trust secret via RPC calls succeeded
sparkstonelx:/var/log/samba# wbinfo -D stones
Name  : STONES
Alt_Name  :
SID   : S-1-5-21-835963941-2627181251-1431239077
Active Directory  : No
Native: No
Primary   : Yes
Sequence  : 1179266454
 FILESTONE pipe \samr
 fnum 0x767b!
[2007/05/15 22:30:18, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356)
  cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with
error NT_STATUS_NETWORK_
ACCESS_DENIED
[2007/05/15 22:30:18, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
  cli_pipe_validate_current_pdu: Bind NACK received from remote  
machine

FILESTONE pipe \lsar
pc fnum 0x767e!
[2007/05/15 22:30:18, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356)
  cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with
error NT_STATUS_NETWORK_
ACCESS_DENIED

but

sparkstonelx:/var/log/samba# wbinfo --own-domain
STONES
sparkstonelx:/var/log/samba# wbinfo -t
checking the trust secret via RPC calls succeeded
sparkstonelx:/var/log/samba# wbinfo -D stones
Name  : STONES
Alt_Name  :
SID   : S-1-5-21-835963941-2627181251-1431239077
Active Directory  : No
Native: No
Primary   : Yes
Sequence  : 1179266454

Any ideas?

My network is about 6 machines in a Christian community, some  
being XP

home, which limits my possible security settings!
--
David Lee

Living Stones, Flore, UK

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


---

--
David Lee

Living Stones, Flore, UK


--
David Lee

Living Stones, Flore, UK
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Fedora] Re: [Samba] NFS locking ...maybe?

[Ashley M. Kirchner]

Don Meyer wrote:
We saw a similar behavior -- users could not write/create new files, 
but could generally do everything else.   The failure to write/create 
manifested as a permission denied error, and not a locking error, 
however.   If you are seeing a locking error, you may have a different 
problem.
   Turning locking off in smb.conf solved the problem.  Since this is a 
single user, internally control setup, we're not concerned about file 
corruption.  Now, there may be another hidden problem somewhere by me 
turning off locking, but there's no way of knowing till we actually 
start using it.


--
W | It's not a bug - it's an undocumented feature.
 +
 Ashley M. Kirchner    .   303.442.6410 x130
 IT Director / SysAdmin / Websmith . 800.441.3873 x130
 Photo Craft Imaging   . 3550 Arapahoe Ave. #6
 http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A. 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NFS locking ...maybe?

[Don Meyer]

First off, I'll save the devs the trouble/time -- they'll say that 
re-sharing an NFS-mounted resource with Samba is not supported and is 
generally a bad idea.   (Some might even go so far as to say a 
"really bad idea"... ;-)


That said, I've done this successfully.  Somewhat.  It worked fine - 
until we started putting real users on the system and adding groups 
to fill out the security model.  Then we discovered the "16 
groups/user" hard limit built into NFS.   That alone sunk the effort...


We saw a similar behavior -- users could not write/create new files, 
but could generally do everything else.   The failure to write/create 
manifested as a permission denied error, and not a locking error, 
however.   If you are seeing a locking error, you may have a different problem.


Cheers,
-D


At 12:07 PM 5/24/2007, Ashley M. Kirchner wrote:

   Hi folks,

   After some more trial and error, I was able to get a bit further 
in the game with the permission issues I had (previous message was 
titled 'Samba permissions...)  Now I'm able to get onto the system, 
browse and read/copy/delete files off of the shares.  What I can't 
do is put stuff on because I get a locking error.


   The setup is as follows:

   Server 1 --> exports /storage/ftpusers

   Server 2 --> NFS mounts (autofs) the above export as /mnt/ftpusers
   At the same time, it also shares that mount through samba

   Server 3 (which is a WinBox) then accesses the above share.


   What I CAN do:

   From Server 3, I can go into network places, click on the samba 
share and get on it.  I can browse everything that's on the share 
(which translates to everything that's on Server 1 in 
/storage/ftpusers/ )  I can copy files OFF of that share, and I can 
delete files off of that share.


   What I CANNOT do:

   From Server 3, I cannot PUT any files on that share.  I get an 
error message that says:


   "Cannot copy testfile.txt: The process cannot access the file 
because another process has locked a portion of the file."



   I know with absolute certainty that there is no actual program 
trying to access the file on either Server 2 or Server 1, which 
leads me to believe that maybe NFS locking is having something to do with it.
Somewhere in the mounting of the NFS, or the share through samba, 
things get locked.  What I don't understand is, why can I read, 
copy, AND delete from the share, but I can't PUT anything.


   The NFS mount is done with rw, as is the Samba share.  I don't 
think it would've allowed me to delete files otherwise, but I could be wrong.


   Anyone have any ideas why I'm getting locking issues?  And which 
one is the culprit?



--
W | It's not a bug - it's an undocumented feature.
 +
 Ashley M. Kirchner    .   303.442.6410 x130
 IT Director / SysAdmin / Websmith . 800.441.3873 x130
 Photo Craft Imaging   . 3550 Arapahoe Ave. #6
 http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Don Meyer   <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

  "They that can give up essential liberty to obtain a little 
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] more than smbldap

[[EMAIL PROTECTED]]

Hello,

Luis Daniel Lucio Quiroz schrieb:

Hi Mario,

I have a proyect at www.linuxchange.com that is what you want.  Take a look.
  

It does look very intresting!
Although i am quite confused.

Is the project opensource?
Is there some sort of installer?

Do you have to subscribe and log in in order to download the documentation?

Thanks, Mario

Regards,

LD

Le Thursday 24 May 2007 03:40:51 [EMAIL PROTECTED], vous avez écrit :
  

Hello List,

I set up a samba pdc with ldap, smbldap-tools about one year ago.

Now i would like to extend it with OX, squid, etc...
After checking out the LDAP Directory tree i was wondering what the
Organisation Units "DSA" and "ldmap" are good for?

My current tree looks like this:

dc=example,dc=com
+ ou=Computers
+ ou=DSA
+ ou=Groups
+ ou=Idmap
+ ou=Users
+ sambaDomainName=MyDomain



I also had a look at Collax?s PDC and they even have an additional
PosixGroup. Their tree looks like this:
dc=example,dc=com
+ ou=ABook
+ ou=groups
+ ou=Infrastructure
+ ou=people
+ ou=posixgroups
+ sambaDomainName=MyDomain


Any idea why they have "groups" and "posixgroups"?


If i would like to add other services than samba, would a directory tree
like Collax has make more sense than my current "samba-only" tree?

Or should i stick to the smbldap-Tree to be able to use the smbldap
tools, or can they be easily adjusted?

Thanks, Mario




  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PHP/Samba Authentication w/ tdb files.

[Paul Griffith]

On Thu, 24 May 2007 13:48:58 -0400, Ryan Neufeld <[EMAIL PROTECTED]>  
wrote:



Hello,

I am working on a web based file system access solution for the company I
work for. I need to authenticate users against samba's password  
database, I
found a project called PEAR::File_SMBPasswd that works with the older  
(and
now depricated?) smbpasswd file format, however it fails spectacularly  
when

using it with sambas TDB formatted files.

I have googled for the last week trying to find a solution, or even some
docs on the tdb format so I could read it with PHP but I am at the end  
of my

rope (and soon my deadline) for this one.

Any ideas?



I am not sure if this will help you, but from a quick google search.

http://freshmeat.net/projects/smbwebclient/
About:
SMB Web Client is a simple PHP script that allows users to access Windows  
networks from a Web browser (using Samba tools).


smbwebclient - looks like a PHP wrapper for the Samba tools.


Hope this help!

Thanks


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] PHP/Samba Authentication w/ tdb files.

[Ryan Neufeld]

Hello,

I am working on a web based file system access solution for the company I
work for. I need to authenticate users against samba's password database, I
found a project called PEAR::File_SMBPasswd that works with the older (and
now depricated?) smbpasswd file format, however it fails spectacularly when
using it with sambas TDB formatted files.

I have googled for the last week trying to find a solution, or even some
docs on the tdb format so I could read it with PHP but I am at the end of my
rope (and soon my deadline) for this one.

Any ideas?

--
--Ryan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] more than smbldap

[Luis Daniel Lucio Quiroz]

Hi Mario,

I have a proyect at www.linuxchange.com that is what you want.  Take a look.

Regards,

LD

Le Thursday 24 May 2007 03:40:51 [EMAIL PROTECTED], vous avez écrit :
> Hello List,
>
> I set up a samba pdc with ldap, smbldap-tools about one year ago.
>
> Now i would like to extend it with OX, squid, etc...
> After checking out the LDAP Directory tree i was wondering what the
> Organisation Units "DSA" and "ldmap" are good for?
>
> My current tree looks like this:
>
> dc=example,dc=com
> + ou=Computers
> + ou=DSA
> + ou=Groups
> + ou=Idmap
> + ou=Users
> + sambaDomainName=MyDomain
>
>
>
> I also had a look at Collax?s PDC and they even have an additional
> PosixGroup. Their tree looks like this:
> dc=example,dc=com
> + ou=ABook
> + ou=groups
> + ou=Infrastructure
> + ou=people
> + ou=posixgroups
> + sambaDomainName=MyDomain
>
>
> Any idea why they have "groups" and "posixgroups"?
>
>
> If i would like to add other services than samba, would a directory tree
> like Collax has make more sense than my current "samba-only" tree?
>
> Or should i stick to the smbldap-Tree to be able to use the smbldap
> tools, or can they be easily adjusted?
>
> Thanks, Mario


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] NFS locking ...maybe?

[Ashley M. Kirchner]

   Hi folks,

   After some more trial and error, I was able to get a bit further in 
the game with the permission issues I had (previous message was titled 
'Samba permissions...)  Now I'm able to get onto the system, browse and 
read/copy/delete files off of the shares.  What I can't do is put stuff 
on because I get a locking error.


   The setup is as follows:

   Server 1 --> exports /storage/ftpusers

   Server 2 --> NFS mounts (autofs) the above export as /mnt/ftpusers
   At the same time, it also shares that mount through samba

   Server 3 (which is a WinBox) then accesses the above share.


   What I CAN do:

   From Server 3, I can go into network places, click on the samba 
share and get on it.  I can browse everything that's on the share (which 
translates to everything that's on Server 1 in /storage/ftpusers/ )  I 
can copy files OFF of that share, and I can delete files off of that share.


   What I CANNOT do:

   From Server 3, I cannot PUT any files on that share.  I get an error 
message that says:


   "Cannot copy testfile.txt: The process cannot access the file 
because another process has locked a portion of the file."



   I know with absolute certainty that there is no actual program 
trying to access the file on either Server 2 or Server 1, which leads me 
to believe that maybe NFS locking is having something to do with it.  
Somewhere in the mounting of the NFS, or the share through samba, things 
get locked.  What I don't understand is, why can I read, copy, AND 
delete from the share, but I can't PUT anything.


   The NFS mount is done with rw, as is the Samba share.  I don't think 
it would've allowed me to delete files otherwise, but I could be wrong.


   Anyone have any ideas why I'm getting locking issues?  And which one 
is the culprit?



--
W | It's not a bug - it's an undocumented feature.
 +
 Ashley M. Kirchner    .   303.442.6410 x130
 IT Director / SysAdmin / Websmith . 800.441.3873 x130
 Photo Craft Imaging   . 3550 Arapahoe Ave. #6
 http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A. 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [samba] all users prompted for username and passwd

[Kris Monstad]

Hi,

No success with that. Thanks for the suggestion nonetheless.

The log files show the line:

Smbd/sesssetup.c:reply_spnego_kerberos(173)
 Failed to verify incoming ticket!

Thanks,
Kris

Varun Agarwal wrote:

Hi,
 
Change the shared folder permissions to 755.
 
Kind Regards,

Varun

 
On 5/24/07, *Kris Monstad* <[EMAIL PROTECTED] 
> wrote:



Hi there,

I've recently configured a new server on our network...still
having some
(newbie) samba issues:

Whenever anyone tries to access the new share they get prompted for a
username and password (these would smb users and passwords and not the
windows AD details, right?). I want the share to be accessed by
anyone
with the correct group permissions without this prompt...

I did 'chmod -R 777' on the folder I am sharing, so currently everyone
should have access regardless of group.

here is my smb.conf:

[global]
   workgroup = ABSOLUTESTUDIOS
   server string = Samba Server
   printcap name = /etc/printcap
   load printers = yes
   cups options = raw
   log file = /var/log/samba/%m.log
   max log size = 50
   security = ads
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no
   veto files = /*.mp3/*.divx/*.wma/*.m4a/
   inherit permissions = yes
   map acl inherit = yes
   nt acl support = yes
   panic action = /usr/share/samba/panic-action %d
   smb ports = 445
   template shell = /bin/false
   winbind separator = +
   idmap uid = 1-2
   idmap gid = 1-2
   winbind use default domain = yes
   winbind enum users = yes
   winbind enum groups = yes
   winbind nested groups = yes
   password server = absads1.absolutestudios.co.uk

   realm = ABSOLUTESTUDIOS.CO.UK 
   host msdfs = yes
   vfs object = recycle
   recycle:repository = Recycle Bin/%U
   recycle:keeptree = Yes
   recycle:versions = Yes
   recycle:exclude = *.iff *.ng
[dump]
   path = /projects/dump
   writeable = yes
   guest ok = yes
   msdfs root = yes
   directory mask = 0700
   veto files = *.mp3/*.divx/*.wma/*.m4a/
   vfs object = recycle:repository="Recycle Bin"
recycle:keeptree=True

Thought I should mention that I get this problem if I start from
scratch.

I am using samba-3.0.10-1.4E with Redhat ES4

Any advice would be appreciated,

Thanks again,
Kris






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Not able to add domain users to local groups

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Aravinda Guzzar wrote:
> Hi,
> 
> Further to the above I found that WINBIND Daemon is necessary for this type
> of operation as noted below in smb.conf file:
> 
> ==
>   winbind nested groups (G)

The "Winbind nested groups" feature requires a working winbindd
installation.



jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGVbDZIR7qMdg1EfYRAtonAJsHb9SOKxHCQffyEXtkS/plpxi9DQCdH7ec
ajaNT86uZATmSAZPcT5p7Jg=
=f35h
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[samba] all users prompted for username and passwd

[Kris Monstad]

Hi there,

I've recently configured a new server on our network...still having some 
(newbie) samba issues:


Whenever anyone tries to access the new share they get prompted for a 
username and password (these would smb users and passwords and not the 
windows AD details, right?). I want the share to be accessed by anyone 
with the correct group permissions without this prompt...


I did 'chmod -R 777' on the folder I am sharing, so currently everyone 
should have access regardless of group.


here is my smb.conf:

[global]
   workgroup = ABSOLUTESTUDIOS
   server string = Samba Server
   printcap name = /etc/printcap
   load printers = yes
   cups options = raw
   log file = /var/log/samba/%m.log
   max log size = 50
   security = ads
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no
   veto files = /*.mp3/*.divx/*.wma/*.m4a/
   inherit permissions = yes
   map acl inherit = yes
   nt acl support = yes
   panic action = /usr/share/samba/panic-action %d
   smb ports = 445
   template shell = /bin/false
   winbind separator = +
   idmap uid = 1-2
   idmap gid = 1-2
   winbind use default domain = yes
   winbind enum users = yes
   winbind enum groups = yes
   winbind nested groups = yes
   password server = absads1.absolutestudios.co.uk
   realm = ABSOLUTESTUDIOS.CO.UK
   host msdfs = yes
   vfs object = recycle
   recycle:repository = Recycle Bin/%U
   recycle:keeptree = Yes
   recycle:versions = Yes
   recycle:exclude = *.iff *.ng
[dump]
   path = /projects/dump
   writeable = yes
   guest ok = yes
   msdfs root = yes
   directory mask = 0700
   veto files = *.mp3/*.divx/*.wma/*.m4a/
   vfs object = recycle:repository="Recycle Bin" recycle:keeptree=True

Thought I should mention that I get this problem if I start from scratch.

I am using samba-3.0.10-1.4E with Redhat ES4

Any advice would be appreciated,

Thanks again,
Kris






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Not able to add domain users to local groups

[Aravinda Guzzar]

Hi,

Further to the above I found that WINBIND Daemon is necessary for this type
of operation as noted below in smb.conf file:

==
  winbind nested groups (G)

 If  set  to  yes,  this  parameter  activates the support for
nested groups. Nested groups are also
 called local groups or aliases. They work like their counterparts
in  Windows:  Nested  groups  are
 defined  locally  on  any  machine (they are shared between DC's
through their SAM) and can contain
 users and global groups from any trusted SAM. To be able to use
nested  groups,  you  need  to  run
 nss_winbind.

 Default: winbind nested groups = yes
===

I have not currently configured WINBIND Daemon.

I wanted to know whether the WINBIND Daemon is must for this type of
operation. Can any one help me in getting this clarified. If NO, what is the
steps required to do this?

Thanks in advance for any kind of information regarding this.

regards
Aravind
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Fwd: [Samba] Help with permissions]

[Ashley M. Kirchner]

   Is this simply impossible?  No one's replied, or suggested another 
alternative...  Am I asking on the wrong list perhaps?


   -- A

 Original Message 
Subject:[Samba] Help with permissions
Date:   Tue, 22 May 2007 12:47:24 -0600
From:   Ashley M. Kirchner <[EMAIL PROTECTED]>
To: samba@lists.samba.org



 Hi Folks.  I'm trying to setup Samba and having a bit of a 
problem...  However, I'm not sure if it's a Samba issue, or NFS issue.  
The setup is as follows:


 Server 1  --> exports /storage/ftpusers
In that folder, there are numerous user folders that are owned by 
each specific user.



 Server 2  --> nfs mounts server1:/storage/ftpusers as /mnt/ftpusers
At the same time, it also has /mnt/ftpusers setup to be shared 
through Samba as follows:


 [ftpusers]
comment = Client FTP
browseable = yes
writable = yes
path = /mnt/ftpusers
guest ok = yes
public = yes
read only = no


 Server 3 (which is a windows box) will then get onto //server2/ftpusers


 The problem I'm having is that I can't see/write anything inside any 
of the user folders that's within /ftpusers from the windows box.  My 
guess is because the WinBox accesses it as a guest user, where the 
folder are owned by real users.  I need to be able to do this so we can 
place files for our clients into their respective folders (from within 
our network - hence the convoluted way of doing things.)


 Suggestions?



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Any docs to convert samba server to Win2003 server?

[Josh Kelley]

On 5/23/07, Gary MacKay <[EMAIL PROTECTED]> wrote:

Yeah I know. Not a good question to ask on a samba newsgroup.
Unfortunately for this client, the software they use requires a Windows
server. Since the box is less than a year old, they do not want to
purchase a second server for two applications. So, I am left with the
task of converting the linux/samba server to WinBloze 2003 Server. There
are only 10 workstations so if I have to unjoin them from the current
domain and rejoin them I guess I could, but just wondered if there was a
way to migrate the SID and such over to the new server?


The Active Directory Migration Tool (ADMT) off of Microsoft's web site
can migrate users and computers from an NT 4 domain (including a Samba
domain) to Active Directory.  This can save you from disjoining and
rejoining workstations and from recreating user accounts.

However, since it is a Samba domain and not a "true" NT domain,
there's no way that I'm aware of to migrate user passwords or SID
histories.  If there was a way to set SID history yourself, then that
would work; however, Windows doesn't directly let the administrator
set the SID history attribute on an account in Active Directory.  I'm
sure it's possible to work around that (maybe by running a process as
the LOCALSYSTEM account?), but I don't know how.

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [samba] User/group enumeration range not being used

[Kris Monstad]

Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Kris Monstad wrote:
  

Hi all,

Samba newbie again...I thought I was sorted out yesterday but a few more
thing are plaguing me

I have in my smb.conf:

idmap uid = 1-2
idmap gid = 1-2

and

winbind enum users = yes
winbind enum groups = yes

however, 'getent passwd' shows users within the default enumeration
range (ie:16777550 or something like that!).This goes for groups too.  I
can't shake them off. All users are currently being asked for a username
and password which are rejected (which I assume is due to this mix up -
im not sure)



Sounds like you are on RedHat and the high watermark
in winbindd_idmap.tdb is already set above you range defined
in smb.conf.  I suggest you rename winbindd_idmap.tdb to something
else and restart winbindd (if you don't care about the existing
SID/uid/gid mappings).







cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGVYCMIR7qMdg1EfYRAugzAKDbih7qNBRngwkfxN2ZbQ/WyhzECQCfV0zW
FSonnVh7t12ssTbzRyS3aqQ=
=hanX
-END PGP SIGNATURE-
  
Yeah, Im using RedHat. I tried as suggested above and the enumeration is 
behaving now.


Thanks again,
Kris



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Can not add machine to the domain

[Sascha Bieler]

No problem, that's why we have this fabulous list here...

Have fun. 

Sascha

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Boyd 
Sent: Thursday, May 24, 2007 2:04 PM
To: samba@lists.samba.org
Subject: RE: [Samba] Can not add machine to the domain


That would be the very problem. Jaysus I don't know how I overlooked
that...smbldap-useradd was in /usr/sbin/ 
Thanks a million 
-Original Message-
From: Sascha Bieler [mailto:[EMAIL PROTECTED] 
Sent: 24 May 2007 09:10
To: 'Chris Boyd '; samba@lists.samba.org
Subject: RE: [Samba] Can not add machine to the domain


This say it all, no?!?
> /usr/local/smbldap-tools/smbldap-useradd: No such file or directory


Your path is wrong! Smbldap-useradd is not available there. Check where your
binaries are and try again.

Best regards

Sascha



-
This email message is intended only for the addressee(s) 
and contains information that may be confidential and/or 
copyrighted.  If you are not the intended recipient please 
notify the sender by reply email and immediately delete 
this email. Use, disclosure or reproduction of this email 
by anyone other than the intended recipient(s) is strictly 
prohibited. USIT has scanned this email for viruses and 
dangerous content and believes it to be clean. However, 
virus scanning is ultimately the responsibility of the recipient.
-
USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin 
2.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [samba] User/group enumeration range not being used

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Kris Monstad wrote:
> Hi all,
> 
> Samba newbie again...I thought I was sorted out yesterday but a few more
> thing are plaguing me
> 
> I have in my smb.conf:
> 
> idmap uid = 1-2
> idmap gid = 1-2
> 
> and
> 
> winbind enum users = yes
> winbind enum groups = yes
> 
> however, 'getent passwd' shows users within the default enumeration
> range (ie:16777550 or something like that!).This goes for groups too.  I
> can't shake them off. All users are currently being asked for a username
> and password which are rejected (which I assume is due to this mix up -
> im not sure)

Sounds like you are on RedHat and the high watermark
in winbindd_idmap.tdb is already set above you range defined
in smb.conf.  I suggest you rename winbindd_idmap.tdb to something
else and restart winbindd (if you don't care about the existing
SID/uid/gid mappings).







cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGVYCMIR7qMdg1EfYRAugzAKDbih7qNBRngwkfxN2ZbQ/WyhzECQCfV0zW
FSonnVh7t12ssTbzRyS3aqQ=
=hanX
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Can not add machine to the domain

[Chris Boyd]

That would be the very problem. Jaysus I don't know how I overlooked
that...smbldap-useradd was in /usr/sbin/ 
Thanks a million 
-Original Message-
From: Sascha Bieler [mailto:[EMAIL PROTECTED] 
Sent: 24 May 2007 09:10
To: 'Chris Boyd '; samba@lists.samba.org
Subject: RE: [Samba] Can not add machine to the domain


This say it all, no?!?
> /usr/local/smbldap-tools/smbldap-useradd: No such file or directory


Your path is wrong! Smbldap-useradd is not available there. Check where your
binaries are and try again.

Best regards

Sascha



-
This email message is intended only for the addressee(s)
and contains information that may be confidential and/or
copyrighted.  If you are not the intended recipient please
notify the sender by reply email and immediately delete
this email. Use, disclosure or reproduction of this email
by anyone other than the intended recipient(s) is strictly
prohibited. USIT has scanned this email for viruses and
dangerous content and believes it to be clean. However,
virus scanning is ultimately the responsibility of the recipient.
-
USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin 
2.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[samba] User/group enumeration range not being used

[Kris Monstad]

Hi all,

Samba newbie again...I thought I was sorted out yesterday but a few more 
thing are plaguing me


I have in my smb.conf:

idmap uid = 1-2
idmap gid = 1-2

and

winbind enum users = yes
winbind enum groups = yes

however, 'getent passwd' shows users within the default enumeration 
range (ie:16777550 or something like that!).This goes for groups too.  I 
can't shake them off. All users are currently being asked for a username 
and password which are rejected (which I assume is due to this mix up - 
im not sure)


If anyone can offer advice I'd be extremely grateful!

Cheers,
Kris





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] printing problems

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Lutieri G. wrote:

> This refers to an MS-RPC handle not a file descriptor.  The
> 1024 limit is hard coded in smbd ot prevent DoS attacks.
> You'll need to determine which pipe this is actually
> affected and which client is opening up so many handles
> and why.
> 
>> is there any way to do it?!

A level 10 debug log will give you the detail to know which
open call was refused.  And breaking the logs out by client
name (log file = /var/log/samba/log.%m) will show you which
client is causing the problem.






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGVXtZIR7qMdg1EfYRAp8sAKCScWfYi604i1m67yjGQFdfX6JjZwCglJhB
SUygMq9v6inmndaUs2sZvUM=
=Cku6
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] printing problems

[Lutieri G.]

2007/5/23, Gerald (Jerry) Carter <[EMAIL PROTECTED]>:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Lutieri G. wrote:
> I'm using samba Version 3.0.24-1.fc5 with cups 1.2.8. I've 23 printers
> installed and my clients are w2k and WinXP.
>
> This mornig i got in logs:
>
> [2007/05/23 10:35:16, 0] rpc_server/srv_lsa_hnd.c:create_policy_hnd(111)
>  create_policy_hnd: ERROR: too many handles (1025) on this pipe.
>
> After restart the samba service it works fine.

This refers to an MS-RPC handle not a file descriptor.  The
1024 limit is hard coded in smbd ot prevent DoS attacks.
You'll need to determine which pipe this is actually
affected and which client is opening up so many handles
and why.


is there any way to do it?!


cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGVFpYIR7qMdg1EfYRAmP+AKC9XCsI5nlSb9xoE9g1az/pAwKKJQCg15p3
iPGHOZCdW8+J0sKluWThFhE=
=8eH+
-END PGP SIGNATURE-




--
Att.
Lutieri G. B.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem with synchronize samba and unix password - ldap

[empirium]

I have a such problem.
I have samba 3 as a PDC  with ldap as a authentication backend.
When I use script  "smbldap-passwd user", samba password and unix 
password is changing correct, but when i use Ctr+Alt+Del from windows 
computer samba is changing corectly its password, and I see that unix 
password is also changing but I cannot to log to system with that unix 
password.

Somebody knows why?

part of smb.conf

ldap password sync = Yes
#unix password sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
update encrypted = yes
encrypt passwords = yes


smbldap.conf

hash_encrypt="CRYPT"
crypt_salt_format="%s"


Thanks in advance
luk

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.25 crash

[Volker Lendecke]

On Thu, May 24, 2007 at 10:11:56AM +0200, Andrea Lorenz wrote:
> I install the new version 3.0.25 on
> SunOS name.rz.RWTH-Aachen.DE 5.10 Generic_118855-33 i86pc i386 i86pc

We'd need a full debug level 10 log of the trace, but you
might want to try the attachement from
https://bugzilla.samba.org/show_bug.cgi?id=4645 which is in
https://bugzilla.samba.org/attachment.cgi?id=2718&action=view

Volker


pgpWxRXExdBw5.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] more than smbldap

[[EMAIL PROTECTED]]

Hello List,

I set up a samba pdc with ldap, smbldap-tools about one year ago.

Now i would like to extend it with OX, squid, etc...
After checking out the LDAP Directory tree i was wondering what the 
Organisation Units "DSA" and "ldmap" are good for?


My current tree looks like this:

dc=example,dc=com
+ ou=Computers
+ ou=DSA
+ ou=Groups
+ ou=Idmap
+ ou=Users
+ sambaDomainName=MyDomain



I also had a look at Collax?s PDC and they even have an additional 
PosixGroup. Their tree looks like this:

dc=example,dc=com
+ ou=ABook
+ ou=groups
+ ou=Infrastructure
+ ou=people
+ ou=posixgroups
+ sambaDomainName=MyDomain


Any idea why they have "groups" and "posixgroups"?


If i would like to add other services than samba, would a directory tree 
like Collax has make more sense than my current "samba-only" tree?


Or should i stick to the smbldap-Tree to be able to use the smbldap 
tools, or can they be easily adjusted?


Thanks, Mario
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.25 crash

[Andrea Lorenz]

Hello,

I install the new version 3.0.25 on
SunOS name.rz.RWTH-Aachen.DE 5.10 Generic_118855-33 i86pc i386 i86pc
But it crashes if I try to write something at a share.
In the samba logs I can find the lines
INTERNAL ERROR: Signal 11 in pid 13573 (3.0.25)
  Please read the Trouble-Shooting section of the Samba3-HOWTO

and in the syslog I see
enunix: [ID 603404 kern.notice] NOTICE: core_log: smbd[12396] core 
dumped: /var/core/core.smbd.12396


If I analyze the core file I get
Program terminated with signal 6, Aborted.
#0  0xfeae0c57 in ?? ()

Does anybody run 3.0.25 on the same architekture?
The samba server is an AD member.
Any hints?

Thanks,
Andrea

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Can not add machine to the domain

[Sascha Bieler]

This say it all, no?!?
> /usr/local/smbldap-tools/smbldap-useradd: No such file or directory


Your path is wrong! Smbldap-useradd is not available there. Check where your 
binaries are and try again.

Best regards

Sascha


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can't contact LDAP server,

[adrian sender]

Hi Markus,

You will need to check your ldap.conf and tell it where to find the ldap 
server.


Should be something like this in there:

#/etc/ldap.conf

hostldap1.domainname.com ldap2.domainname.com
or
host192.168.0.100

Cheers,

Adrian Sender.




From: Markus Krause <[EMAIL PROTECTED]>
To: samba@lists.samba.org
Subject: Re: [Samba] Can't contact LDAP server,
Date: Wed, 23 May 2007 08:34:33 +0200
Zitat von empirium <[EMAIL PROTECTED]>:

I have samba 3 with ldap as a authentication backend. When I use
pdbedit -a user everything works ok and the user is adding to the ldap
database.
But I have problem with exporting smbpasswd to ldap, when I try pdbedit
-i smbpasswd:/etc/samba/smbpasswd -e ldapsam
I've got a problem that failed to bind to server ldap://localhost
Error: Can't contact LDAP server,
but my ldap serwer is on the other host than localhost. I dont know why
it choose localhost as a ldap server.
And it is strange because if I use pdbedit -a user everything works ok.
do you know anybody what is wrong?

part of my smb.conf
passdb backend = ldapsam:ldap://10.0.1.57
ldap suffix = dc=test,dc=pl
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=admin,dc=test,dc=pl
ldap delete dn = no

  -- To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


we had a similar problem some time ago, there seems to be a bug in  
pdbedit. we got around it by calling "pdbedit -i  
smbpasswd:/etc/samba/smbpasswd -e ldapsam:

ldap://myldapserv.domain";

hth
  markus


_
Join the millions of Australians using Live Search. Try live.com.au 
http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=740&referral=million&URL=http://live.com.au


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba