Re: [Samba] Re: [3.0.25] bug: net ignors kerberos tickets

[Volker Lendecke]

On Thu, Jul 19, 2007 at 01:50:50AM +0200, Bernd Schubert wrote:
> > Seems to be a bug in samba, I think it always asks for a password ignoring 
> > already available kerberos tickets.
> 
> Attached is a first patch.

No patch attached.

Volker


pgpkOmmlIb2dt.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd truncates password to 8 chars on Solaris sparc?

[Zube]

On Wed Jul 18 02:57:07 PM, Zube wrote:

> Good Day.  In June, I posted a small query under the Subject of
> 
> _odd smbpasswd / smbclient error from Linux to Solaris_
> 
> Briefly, a Solaris sparc server running 3.0.25a would not accept passwords 
> from the Linux smbclient program if the password was 9 characters or greater.
> Instead, one would get this:
> 
> session setup failed: NT_STATUS_LOGON_FAILURE
> 
> but it worked fine with the Solaris sparc smbclient.  Again, this with
> just with a passwd backend, very simple.
> 
> Now running 3.0.25b and after digging deeper, it appears that things are
> worse than I first thought.  smbpasswd is truncating passwords at 8 
> characters.  For example, set a 9+ character password for a user with:
> 
> smbpasswd dummy
> 
> then try to mount the dummy share from windows using the dummy user and 
> password or use smbclient from linux.  In both cases, it fails.  However,
> if one types only the first 8 characters of the password, it works fine.
> 
> Any pointers are greatly appreciated.

Following up to my own query, it appears that bugs 4782 and 4677 in
bugzilla.samba.org also mention this issue.  Using the smbpasswd from
3.0.24 seems to work around the problem.

Cheers,
Zube
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: smbfs patch for 2.6 [PATCH]

[Andrew Bartlett]

On Wed, 2007-07-18 at 14:24 -0600, Craig Matsuura wrote:
> First I will apologize for posting my patch here if this is not the correct 
> place to post a patch.

Try the linux-kernel list.  As the Samba team, we only ever maintained
the userspace utilities, but not the kernel portions. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Red Hat Inc.  http://redhat.com


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: [3.0.25] bug: net ignors kerberos tickets

[Bernd Schubert]

> Seems to be a bug in samba, I think it always asks for a password ignoring 
> already available kerberos tickets.

Attached is a first patch.

Cheers,
Bernd
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: [3.0.25] bug: net ignors kerberos tickets

[Bernd Schubert]

On Wed, Jul 18, 2007 at 08:29:32PM +0200, Bernd Schubert wrote:
> On Wednesday 18 July 2007 16:35:42 Bernd Schubert wrote:
> > On Wednesday 18 July 2007 12:14:38 Bernd Schubert wrote:
> > > [2007/07/18 12:12:07, 2] libads/ldap.c:ldap_open_with_timeout(70)
> > >   Could not open LDAP connection to ads-2k3.ads2k3.q-leap.de:389: No such
> >
> > This could be solved by adding ads-2k3.ads2k3.q-leap.de to the /etc/hosts,
> > the problem is probably due to a windows misconfiguration. I just wonder
> > why it hasn't been a problem with samba-3.0.22
> >
> > Still, our main problems remains.
> >
> >
> > 255 ha-test-1(new):/var/lock# net ads join
> > Password:
> >
> 
> Well, it works now by just pressing enter, I had to add another entry 
> to /etc/hosts. How can I convince it that no password is required?

Seems to be a bug in samba, I think it always asks for a password ignoring 
already available kerberos tickets.

I get it working by just commenting out the password request 
in source/utils/net.c: connect_to_ipc_krb5() 


//  if (!opt_password && !opt_machine_pass) {
//  char *pass = getpass("Password:");
//  if (pass) {
//  opt_password = SMB_STRDUP(pass);
//  }
//  }


Bernd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbmount Permission Denied

[Chris Smith]

On Wednesday 18 July 2007, Server Gremlin wrote:
> The uid= and gid= parameters are being ignored, so I
> can't change the ownership to anything that my local workstation user
> can work with.

Normal when the CIFS Unix extensions are negotiated (man mount.cifs).
Between controlling unix extensions on the share and perm/noperm, 
setuids/nosetuids on the client, plus whether or not your user/group ids 
match up an the client and server, you can probably find a satisfactory 
solution.

There some additional documentation pointed by the cifs.txt file in the kernel 
source documentation.
-- 
Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbmount Permission Denied

[Chris Smith]

On Wednesday 18 July 2007, Server Gremlin wrote:
> What are CIFS Unix Extensions?

man smb.conf

-- 
Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using LDAP and Unix Group Group Mappings

[Edmundo Valle Neto]

Svancara, Randall escreveu:

Hello all,

I could not find anything in the discussion groups or documentation
about using LDAP and Unix group mappings.  


The documentation states that in order to map unix groups to samba
groups, you need to use the net group add command.  However, I have an
ldap backend and all my groups, that I care about are in LDAP.
  


Yes, it states that, but in all examples a tdbsam backend is used not ldap.

So I have a group called mainwdev. 


dn: cn=test,ou=Group,dc=somewhere,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-582185903-2148186938-2210701745-801
sambaGroupType: 2
objectClass: top
cn: test
gidNumber: 801
memberUid: user1
memberUid: user2
memberUid: user3
memberUid: user4
memberUid: user5
memberUid: user6

Now, if I run "net groupmap list", I can see the group mapping as
follows.

test (S-1-5-21-582185903-2148186938-2210701745-801) -> test

But when I attempt to log onto a share that only allows anyone that
belongs to the group test (say user1), i get permission denied errors.
  


It should be another problem not related to group mapping.


Do I still have to run "net group map" command to establish a
relationship between unix and samba groups?
  


No. When using ldap, the objectClass sambaGroupMapping represents the 
relationship of the UNIX and NT groups (that in ldap are stored normally 
in the same dn, and almost all tools creates the accounts that way by 
default).


You can use "net groupmap" with ldap when you have UNIX and NT groups in 
different places (lest suppose that you have a container for UNIX groups 
and another to NT groups), and it works, but normally nobody creates 
groups that way unless have a good reason.



Randall
  


Regards.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Fwd: smbfs patch for 2.6 [PATCH]

[Craig Matsuura]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd truncates password to 8 chars on Solaris sparc?

[Zube]

Good Day.  In June, I posted a small query under the Subject of

_odd smbpasswd / smbclient error from Linux to Solaris_

Briefly, a Solaris sparc server running 3.0.25a would not accept passwords 
from the Linux smbclient program if the password was 9 characters or greater.
Instead, one would get this:

session setup failed: NT_STATUS_LOGON_FAILURE

but it worked fine with the Solaris sparc smbclient.  Again, this with
just with a passwd backend, very simple.

Now running 3.0.25b and after digging deeper, it appears that things are
worse than I first thought.  smbpasswd is truncating passwords at 8 
characters.  For example, set a 9+ character password for a user with:

smbpasswd dummy

then try to mount the dummy share from windows using the dummy user and 
password or use smbclient from linux.  In both cases, it fails.  However,
if one types only the first 8 characters of the password, it works fine.

Any pointers are greatly appreciated.

Cheers,
Zube
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using LDAP and Unix Group Group Mappings

[Adam Tauno Williams]

On Wed, 2007-07-18 at 09:10 -0700, Randall Svancara wrote:
> On Wed, 2007-07-18 at 11:48 -0400, Adam Tauno Williams wrote:
> > > I could not find anything in the discussion groups or documentation
> > > about using LDAP and Unix group mappings.  
> > > The documentation states that in order to map unix groups to samba
> > > groups, you need to use the net group add command.  However, I have an
> > > ldap backend and all my groups, that I care about are in LDAP.
> > It makes no difference;  groups from LDAP presented via NSS are "unix
> > groups"
> > > So I have a group called mainwdev. 
> > > dn: cn=test,ou=Group,dc=somewhere,dc=com
> > > objectClass: posixGroup
> > > objectClass: sambaGroupMapping
> > > sambaSID: S-1-5-21-582185903-2148186938-2210701745-801
> > > sambaGroupType: 2
...
> #getent group test
>  test::801:user1,user2,user3,user4,user5,user6
> 
> user1 clearly is being recognized by ldap, otherwise it would not show
> up in getent. 
> > > Do I still have to run "net group map" command to establish a
> > > relationship between unix and samba groups?
> > Looks like you already did.
> Actually, I did not run the net group add command.  
> In SID, you will notice that the group id (GID) 801 appended to the end
> of the SID.  Is Samba smart enough to automatically recognize the
> relationship between the Unix groups and Samba groups via ldap.

No, SIDs do not work that way.

> Here is the stanza from the smb.conf I am trying to access:

> [Data]
>   comment   = "Data files"
>   path  = /path/somewhere
>   browseable= yes
>   read only = no
>   guest ok  = no
>   force create mode = 0660
>   force directory mode  = 0770
>   force group   = test 
>   valid users   = @test
> Will this even work?

Sure, we've got dozens of shares set up this way.

(a) Do things properly, use the tools (like the "net" command).  You
have to honor the mechanics of Windows networking;  you can't just
make-up SIDs.

(b) Check your versions;  how Winbind and smb.conf treat groups changed
somewhat in recent versions. > 3.0.23 (?)  Might be worth trying "valid
users = +test"


-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbfs patch for 2.6 [PATCH]

[Craig Matsuura]

First I will apologize for posting my patch here if this is not the correct 
place to post a patch.

I know that smbfs is being removed, but we still use it and need it to work.

We have a patch to contribute back to the smbfs in the 2.6 kernel.  I have 
noticed multiply posts on this issue and we have basically patch the smbiod.c 
to fix the reconnect bug in 2.6

Something we did for our patch is to reduce the timeout from 30*HZ to 10*HZ, 
so you may want to change this back to 30*HZ.

This solved the issue of a smbfs mount becoming invalid due to the smbd going 
down or a lost connection.  smbmount listens to SIGUSR1 to reconnect.  smbfs 
sends this signal.  In all our test it never reconnected.  We patch the 
smbiod_retry() to work like the old retry code in 2.4.  all appears well in 
our tests.

So instead of getting just smb_add_request timeout message or smb_lookup 
failed.  You will now see the SMB connection re-established (-5)
and smbiod_retry: successful, new pid=-815016760, generation=2.

If you see the later message, your mount will work again.

Craig

# Patch contributed by Control4 Inc.
# Created by Craig Matsuura and Tom Wheeler
# [EMAIL PROTECTED] and [EMAIL PROTECTED]
#
#
--- linux-2.6.21.4/fs/smbfs/request.c   2007-06-07 15:27:31.0 -0600
+++ linux-2.6.21.4.new/smbfs/request.c  2007-07-18 00:01:24.0 -0600
@@ -333,7 +333,7 @@
smbiod_wake_up();
 
timeleft = wait_event_interruptible_timeout(req->rq_wait,
-   req->rq_flags & SMB_REQ_RECEIVED, 30*HZ);
+   req->rq_flags & SMB_REQ_RECEIVED, 10*HZ);
if (!timeleft || signal_pending(current)) {
/*
 * On timeout or on interrupt we want to try and remove the
--- linux-2.6.21.4/fs/smbfs/smbiod.c2007-06-07 15:27:31.0 -0600
+++ linux-2.6.21.4.new/smbfs/smbiod.c   2007-07-18 00:01:24.0 -0600
@@ -232,6 +232,48 @@
 
/* FIXME: The retried requests should perhaps get a "time boost". */
 
+   /*
+   CYM - Added from 2.4 kernel to wait for the retry to connect, 
basically 
waiting for the signal sent to smbmount to remount the samba mount that was 
lost.
+   */
+   /*
+* Wait for the new connection.
+*/
+#ifdef SMB_RETRY_INTR
+   smb_unlock_server(server);
+   wait_event_interruptible_timeout(smbiod_wait, 0,  10*HZ);
+   smb_lock_server(server);
+   if (signal_pending(current))
+   printk(KERN_INFO "smb_retry: caught signal\n");
+#else
+   /*
+* We don't want to be interrupted. For example, what if 'current'
+* already has received a signal? sleep_on would terminate immediately
+* and smbmount would not be able to re-establish connection.
+*
+* smbmount should be able to reconnect later, but it can't because
+* it will get an -EIO on attempts to open the mountpoint!
+*
+* FIXME: go back to the interruptable version now that smbmount
+* can avoid -EIO on the mountpoint when reconnecting?
+*/
+   smb_unlock_server(server);
+   wait_event_timeout(smbiod_wait, 0, 10*HZ);
+   smb_lock_server(server);
+
+   /*
+* Check for a valid connection.
+*/
+   if (server->state == CONN_VALID) {
+   /* This should be changed to VERBOSE, except many smbfs
+  problems is with the userspace daemon not reconnecting. */
+   PARANOIA("successful, new pid=%d, generation=%d\n",
+server->conn_pid, server->generation);
+   result = 1;
+   } else if (server->state == CONN_RETRYING) {
+   /* allow further attempts later */
+   server->state = CONN_RETRIED;
+   }
+#endif
 out:
put_pid(pid);
return result;
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbmount Permission Denied

[Server Gremlin]

Chris Smith wrote:

On Wednesday 18 July 2007, Server Gremlin wrote:
  

What?  I'm running the latest version of Ubuntu (Feisty Fawn, 7.04
Desktop Version) and nothing of the sort appears anywhere in the man page.



Nothing I can do about that.

Although it hasn't been a secret that smbfs has been, at best, "out of 
fashion" for a long time.


  

I tried mount -t cifs, and that mounted the filesystem with the server's
uid and gid numbers.  Anything owned by root on the server shows up as
root when I mount it on the client, though I can't change anything.  
Everything owned by something other than root on the server shows up as

random numbers.  The uid= and gid= parameters are being ignored, so I
can't change the ownership to anything that my local workstation user
can work with.  Any suggestions?



Does the server support the  CIFS  Unix Extensions?

man mount.cifs

maybe peek at "noperm"
  
Thanks, that finally did it.  I've finally managed to mount the smb/cifs 
share on a local mount point by adding something like the following line 
to my fstab:


//servername/sharename   /local/mountpoint   cifs   
exec,credentials=/path/to/myfile,noperm   0   0


I have a few lingering questions if anyone could please help me out.

1)  The man page for mount.cifs seems to imply that using "noperm" 
allows anyone logged into my workstation to mess with my files.  This is 
fine for me because I'm the only one with a login on this workstation, 
but this really seems like an awful solution under any other 
circumstances.  Isn't there a better way to do what I want...?  (Just to 
reiterate:  I have an SMB/CIFS share on a  Linux Samba Server that I 
want to mount locally on a Linux workstation.)


2)  What are CIFS Unix Extensions?  I Googled and Wikipedia'ed around 
and found little...  sounds like they're a part of Samba that makes 
Samba return uid and gid information from the server's filesystem to the 
client.  If that's so, why in the world would I ever want to do this?


Thanks very much for your help,
- SG
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: [3.0.25] "net ads join" problems

[Bernd Schubert]

On Wednesday 18 July 2007 16:35:42 Bernd Schubert wrote:
> On Wednesday 18 July 2007 12:14:38 Bernd Schubert wrote:
> > [2007/07/18 12:12:07, 2] libads/ldap.c:ldap_open_with_timeout(70)
> >   Could not open LDAP connection to ads-2k3.ads2k3.q-leap.de:389: No such
>
> This could be solved by adding ads-2k3.ads2k3.q-leap.de to the /etc/hosts,
> the problem is probably due to a windows misconfiguration. I just wonder
> why it hasn't been a problem with samba-3.0.22
>
> Still, our main problems remains.
>
>
> 255 ha-test-1(new):/var/lock# net ads join
> Password:
>

Well, it works now by just pressing enter, I had to add another entry 
to /etc/hosts. How can I convince it that no password is required?

Thanks,
Bernd

-- 
Bernd Schubert
Q-Leap Networks GmbH
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] session request to *SMBSERVER failed (Call returned zero bytes (EOF))

[Philip J. Brunner]

Samba running on Aix 5.2 – system rebooted due to power problem and since
then samba server is not working

Prior to the power problem, all was well. So, I assume that the smb.conf is
still fine.

Ran smbclient –L hostname 

 

session request to *SMBSERVER failed (Call returned zero bytes (EOF))

 

netstat –a show netbios udp is listening

 

Since, it was working before, I baffled as to what is wrong now

 

Phil

 

Philip J. Brunner

IT Coordinator

Wilson Pet Supply

6450 Muirfield Ct.

Hanover Park, IL 60133

Phone: (630)671-0100

Fax: (630)671-9900

 


No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.476 / Virus Database: 269.10.8/906 - Release Date: 7/17/2007
6:30 PM
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbmount Permission Denied

[Chris Smith]

On Wednesday 18 July 2007, Server Gremlin wrote:
> What?  I'm running the latest version of Ubuntu (Feisty Fawn, 7.04
> Desktop Version) and nothing of the sort appears anywhere in the man page.

Nothing I can do about that.

Although it hasn't been a secret that smbfs has been, at best, "out of 
fashion" for a long time.

> I tried mount -t cifs, and that mounted the filesystem with the server's
> uid and gid numbers.  Anything owned by root on the server shows up as
> root when I mount it on the client, though I can't change anything.  
> Everything owned by something other than root on the server shows up as
> random numbers.  The uid= and gid= parameters are being ignored, so I
> can't change the ownership to anything that my local workstation user
> can work with.  Any suggestions?

Does the server support the  CIFS  Unix Extensions?

man mount.cifs

maybe peek at "noperm"
-- 
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.25b-1.1.72-1411 - copy from and to the same samba share

[Jeremy Allison]

On Wed, Jul 18, 2007 at 04:01:45PM +0200, Franz Sirl wrote:
> Hi,
> 
> I can confirm that a re-build of the current SUSE 3.0.25b RPMs plus 
> today's diff between SAMBA_3_0_RELEASE and SAMBA_3_0_25 fixes the 
> strange file corruption problem I was seeing with LIB.EXE from 
> VisualStudio6 working on a Samba share. Though this was already true 
> with yesterdays diff, but didn't work with a diff from last week.

Great - thanks for the update. I'm hoping I've now got this
right for 3.0.25c.

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] APW issue and excessive Get-Printer-Attributes in CUPS access_log

[Jeff Hardy]

Hello all,

I am trying to get to the bottom of a printing issue with
samba-3.0.25b-2.fc7 and cups-1.2.11-2.fc7.  I wasn't sure whether to
start here or the CUPS list.

When left running for an hour or two, the CUPS process will often be
left using nearly 100% CPU.  At this point, printing and add printer
wizard operations from Windows clients over Samba are unreliable.
Dialog boxes pertaining to the latter are of the form:

"Printer settings could not be saved. Operation could not be completed."

However the CUPS error_log shows that my addprinter script, which simply
runs lpadmin, completed immediately.  Also, any changes that were made
to the 'windows-ish" properties of the printer (ie, driver, comments,
etc.) are also done successfully, despite this error message.

I think that Samba seems to never finish its reload and re-stat of all
the printers on the system after the addprinter.  With loglevel set to
3, Samba ends with this message:

[2007/07/18 10:42:28, 3] printing/pcap.c:pcap_cache_reload(117)
  reloading printcap cache

I can restart CUPS and Samba at this point and things are back to
normal.  If I let it sit, printing is mostly reliable, but no addprinter
operations will complete unless I restart both daemons.  A successful
addprinter run is normally:

[2007/07/18 13:12:27, 3] printing/pcap.c:pcap_cache_reload(117)
  reloading printcap cache
[2007/07/18 13:12:33, 3] printing/pcap.c:pcap_cache_reload(223)
  reload status: ok

Now for what I think is related...the CUPS access_log is filled with
entries like this, dozens every second:

localhost - - [18/Jul/2007:11:15:04 -0400] "POST / HTTP/1.1" 200 190
Get-Printer-Attributes client-error-not-found
localhost - - [18/Jul/2007:11:15:04 -0400] "POST / HTTP/1.1" 200 265
Get-Jobs successful-ok
localhost - - [18/Jul/2007:11:15:04 -0400] "POST / HTTP/1.1" 200 186
Get-Printer-Attributes successful-ok
localhost - - [18/Jul/2007:11:15:04 -0400] "POST / HTTP/1.1" 200 190
Get-Printer-Attributes client-error-not-found
localhost - - [18/Jul/2007:11:15:04 -0400] "POST / HTTP/1.1" 200 190
Get-Printer-Attributes client-error-not-found
localhost - - [18/Jul/2007:11:15:04 -0400] "POST / HTTP/1.1" 200 190
Get-Printer-Attributes client-error-not-found

As soon as I turn Samba off on this machine, there is no activity at
all.  That makes sense, as this is primarily an SMB/LPD print server
with all raw queues.  My smb.conf settings for printing are simply:

load printers = yes
printing = cups
printcap name = cups
cups options = raw
show add printer wizard = yes
addprinter command = /usr/local/bin/smbaddprinter.pl
deleteprinter command = /usr/local/bin/smbdelprinter.pl


Whether or not this amount of log activity is related, is this normal?
Also, has anyone else seen anything like this?  Current workaround is
hourly restarts of both daemons in cron.

Thanks very much.

-Jeff


-- 
Jeff Hardy
Systems Analyst
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ldap and sharing SID

[James]

without creating a domain for samba is there a way i can get to or three 
samba servers to share the same SID for authentication for different shares?


say have:
server1
server2
server3

edit their ldap entries for their SID and set them the same
and use
security = user

have them all user the same ldap passdb for authentication?
or is there more to it than that?
server1 is already working fine with ldapsam
cause i'm trying to login on server2 that has the same SID as server1 
that's already working on ldap but i get a

smbd/service.c:make_connection_snum(920)
 '/home/tester' does not exist or permission denied when connecting to 
[tester] Error was Permission denied


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] still about winbind idmap customization

[Jerome Haltom]

I would like to see some more options for this as well. I don't really
like the only option being the Windows user-name form of SHORTDOM\user.
I wouldn't mind FULL.REALM\user. Only having Windows short name as an
option really doesn't make integration into non-Windows realms very
easy.

I've expressed this on the list before.

On Wed, 2007-07-18 at 16:11 +0200, miolinux wrote:
> Hi,
> 
> i've read the thread about idmap customization, i'm planning an
> integration between windows AD and MIT kerberos, and i was very
> interested on the subject.
> 
> Now we are authenticating windows AD user against mit kerberos realm
> with a cross-domain trust, and with windows client everythings works.
> 
> Ie. Authentication is done with kerberos mit and authorization is done
> with windows AD.
> 
> Now i'm working to let linux computers authenticate users. What i need
> it to Authenticate user agains mit kerberos with pam_krb5 ([EMAIL PROTECTED]),
> and get authorization from windows AD (DOMAIN+user).
> 
> The main problem is that i can force user to append @REALM for
> pam_krb5, but i need user to be in form "user" and not "DOMAIN+user"
> for a domain that is not the "workgroup" of the computer.
> 
> Would it be much work to add a parameter to specify windbind default
> domain to be different from computer workgroup?
> 
> even if a complete customization of user name and group name would be
> preferred a custom default domain could be enought for me.
> 
> Is this possible?
> 
> Regards,
> 
> --
> Miolinux

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [Urgent] Cannot make changes via pdbedit

[Jason Baker]

In case anyone was following this thread, I finally did find the solution.
Apparently you can no long expire a user's password by issuing the command:

   pdbedit --pwd-must-change-time...

If you want to require a user to change their password at next login, 
you need to issue the command:


   net sam set pwdmustchangenow  yes

This will ask the user to change their password the next time they 
attempt to login. The --pwd-must-change-time is actually reserved for 
the time when a password is set to expire by using policies (such as 
every 30 days, etc.).


*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 

-BEGIN GEEK CODE BLOCK- 
Version: 3.1

GIT$ d- s: a C++$ LU+++$ P+ L++>L !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

--END GEEK CODE BLOCK--



Jason Baker wrote:
I have been having some problems since I updated from Samba 3.0.23 to 
3.0.25b. I have installed the latest version of smbldap-tools but I am 
still not able to make certain changes to a user's account. I have 
created a new user named JROLFE.
After I set up a new user, I will set it so they are required to 
change their password when they first login. I usually do this through 
LDAP Account Manager.
I set User can change password to a date in the past and User must 
change password to a date in the past. But for some reason it didn't 
work. If I run pdbedit -Lv -u jrolfe, I get:


   Password last set:Mon, 01 Jan 2007 03:00:00 EST
   Password can change:  Mon, 08 Jan 2007 03:00:00 EST
   Password must change: never

If I run ../smbldap-usershow jrolfe, I get:

   sambaPwdCanChange: 1183795200
   sambaPwdLastSet: 1167638400
   sambaPwdMustChange: 1167638400

The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 GMT 
and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates do 
not match between pdbedit and smbldap-tools.
This is really causing a problem because I am trying to set up a new 
user and cannot get his password to expire.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba roaming profile

[Lukasz Szybalski]

Debian stable: Samba -3.0.24-6etch2
I set up a samba server as a pdc.

smb.conf
logon path = \\%L\profiles\%U
logon home = \\%L\%U

[profiles]
comment = Network PRofiles Share
path = /home/samba/profiles
#read only = No
#store dos attributes = Yes
#create mask = 0600
#directory  mask = 0700
#browseable = no
#guest ok = no
#printable = no
writable = yes

I created the folders
/home/samba
drwxr-xr-x 4 root  root   4096 2007-07-16 10:09 samba

/home/samba/profiles
drwxr-xr-x 3 root root 4096 2007-07-17 10:27 netlogon
drwxr-xr-x 7 root root 4096 2007-07-17 12:36 profiles

I create user and add it to samba
adduser newuser
adduser newuser2
smbpasswd -a newuser
smbpasswd -a newuser2

I am able to log in.
Then I get an error from windows XP saying that it is not able to
update/get my profile on the server.

I read the
http://lists.samba.org/archive/samba/2004-September/093587.html
so I decided to add

[profiles]
admin users = newuser2

This means that newuser2 can act root.
In my profile I get another folder created automatically only for newuser2
1. Why is the folder created only for newuser2 and not newuser?

drwxr-xr-x  2 root   newuser2 4096 2007-07-18 09:20 newuser2

2. Why is the /home/samba/profiles/newuser2 empty? It is not filled
with roaming profile after I logging  out of windows XP?



I log in to newuser:
cannot load a  roaming profile, loading your local profile
cannot locate local profile

I log in to newuser2:
cannot locate roaming profile on server

3. How do I make the roaming profile working. It is the case that
setting up the users and adding logon path, logon home, profiles to
smb.conf is not enough?
What else needs to be done?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using LDAP and Unix Group Group Mappings

[Randall Svancara]

On Wed, 2007-07-18 at 11:48 -0400, Adam Tauno Williams wrote:
> > I could not find anything in the discussion groups or documentation
> > about using LDAP and Unix group mappings.  
> > The documentation states that in order to map unix groups to samba
> > groups, you need to use the net group add command.  However, I have an
> > ldap backend and all my groups, that I care about are in LDAP.
> 
> It makes no difference;  groups from LDAP presented via NSS are "unix
> groups" 
> 
> > So I have a group called mainwdev. 
> > dn: cn=test,ou=Group,dc=somewhere,dc=com
> > objectClass: posixGroup
> > objectClass: sambaGroupMapping
> > sambaSID: S-1-5-21-582185903-2148186938-2210701745-801
> > sambaGroupType: 2
> > objectClass: top
> > cn: test
> > gidNumber: 801
> > memberUid: user1
> > memberUid: user2
> > memberUid: user3
> > memberUid: user4
> > memberUid: user5
> > memberUid: user6
> > Now, if I run "net groupmap list", I can see the group mapping as
> > follows.
> > test (S-1-5-21-582185903-2148186938-2210701745-801) -> test
> > But when I attempt to log onto a share that only allows anyone that
> > belongs to the group test (say user1), i get permission denied errors.
> 
> Are you running nscd?  Did you restart/stop it and do your test?  Always
> test with nscd disabled.  Does "id user1" show him/her in group "test"?

I have had these groups configured for a long time.  So they should be
cached by nscd already.  Never the less, I ran getent with the following
output.

#getent group test
 test::801:user1,user2,user3,user4,user5,user6

user1 clearly is being recognized by ldap, otherwise it would not show
up in getent.  

> 
> > Do I still have to run "net group map" command to establish a
> > relationship between unix and samba groups?
> 
> Looks like you already did.

Actually, I did not run the net group add command.  

In SID, you will notice that the group id (GID) 801 appended to the end
of the SID.  Is Samba smart enough to automatically recognize the
relationship between the Unix groups and Samba groups via ldap.

Here is the stanza from the smb.conf I am trying to access:

[Data]
  comment   = "Data files"
  path  = /path/somewhere
  browseable= yes
  read only = no
  guest ok  = no
  force create mode = 0660
  force directory mode  = 0770
  force group   = test 
  valid users   = @test

Will this even work?




> 
> -- 
> Adam Tauno Williams, Network & Systems Administrator
> Consultant - http://www.whitemiceconsulting.com
> Developer - http://www.opengroupware.org
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using LDAP and Unix Group Group Mappings

[Adam Tauno Williams]

> I could not find anything in the discussion groups or documentation
> about using LDAP and Unix group mappings.  
> The documentation states that in order to map unix groups to samba
> groups, you need to use the net group add command.  However, I have an
> ldap backend and all my groups, that I care about are in LDAP.

It makes no difference;  groups from LDAP presented via NSS are "unix
groups" 

> So I have a group called mainwdev. 
> dn: cn=test,ou=Group,dc=somewhere,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> sambaSID: S-1-5-21-582185903-2148186938-2210701745-801
> sambaGroupType: 2
> objectClass: top
> cn: test
> gidNumber: 801
> memberUid: user1
> memberUid: user2
> memberUid: user3
> memberUid: user4
> memberUid: user5
> memberUid: user6
> Now, if I run "net groupmap list", I can see the group mapping as
> follows.
> test (S-1-5-21-582185903-2148186938-2210701745-801) -> test
> But when I attempt to log onto a share that only allows anyone that
> belongs to the group test (say user1), i get permission denied errors.

Are you running nscd?  Did you restart/stop it and do your test?  Always
test with nscd disabled.  Does "id user1" show him/her in group "test"?

> Do I still have to run "net group map" command to establish a
> relationship between unix and samba groups?

Looks like you already did.

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbmount Permission Denied

[Server Gremlin]

Chris Smith wrote:

On Wednesday 18 July 2007, Server Gremlin wrote:
  

When I mount the share
with smbmount using the exact same credentials, I mysteriously can't
write to it.  I get "Permission Denied".  Can someone please clue me in
to what could be so different about smbmount?



man smbmount

Maybe this:

"WARNING:  smbmount  is deprecated and not maintained any longer.  mount.cifs 
(mount -t cifs) should be used instead of smbmount."


Chris
  
What?  I'm running the latest version of Ubuntu (Feisty Fawn, 7.04 
Desktop Version) and nothing of the sort appears anywhere in the man page.


I tried mount -t cifs, and that mounted the filesystem with the server's 
uid and gid numbers.  Anything owned by root on the server shows up as 
root when I mount it on the client, though I can't change anything.  
Everything owned by something other than root on the server shows up as 
random numbers.  The uid= and gid= parameters are being ignored, so I 
can't change the ownership to anything that my local workstation user 
can work with.  Any suggestions?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Using LDAP and Unix Group Group Mappings

[Svancara, Randall]

Hello all,

I could not find anything in the discussion groups or documentation
about using LDAP and Unix group mappings.  

The documentation states that in order to map unix groups to samba
groups, you need to use the net group add command.  However, I have an
ldap backend and all my groups, that I care about are in LDAP.

So I have a group called mainwdev. 

dn: cn=test,ou=Group,dc=somewhere,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-582185903-2148186938-2210701745-801
sambaGroupType: 2
objectClass: top
cn: test
gidNumber: 801
memberUid: user1
memberUid: user2
memberUid: user3
memberUid: user4
memberUid: user5
memberUid: user6

Now, if I run "net groupmap list", I can see the group mapping as
follows.

test (S-1-5-21-582185903-2148186938-2210701745-801) -> test

But when I attempt to log onto a share that only allows anyone that
belongs to the group test (say user1), i get permission denied errors.
Do I still have to run "net group map" command to establish a
relationship between unix and samba groups?

Randall

  




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbmount Permission Denied

[Chris Smith]

On Wednesday 18 July 2007, Server Gremlin wrote:
> When I mount the share
> with smbmount using the exact same credentials, I mysteriously can't
> write to it.  I get "Permission Denied".  Can someone please clue me in
> to what could be so different about smbmount?

man smbmount

Maybe this:

"WARNING:  smbmount  is deprecated and not maintained any longer.  mount.cifs 
(mount -t cifs) should be used instead of smbmount."

Chris
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbmount Permission Denied

[Server Gremlin]

Hey everyone,

I have an SMB/CIFS share on a Samba Server that I am trying to mount on 
a workstation via the smbmount command.  When I just connect to the 
share using smbclient everything works fine.  When I mount the share 
with smbmount using the exact same credentials, I mysteriously can't 
write to it.  I get "Permission Denied".  Can someone please clue me in 
to what could be so different about smbmount?


I'm using uid= and gid= to set appropriate local permissions.  In fact, 
all permissions seem fine, and I assume they are since I can do whatever 
I want with smbclient.


Thanks!
- SG
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: [3.0.25] "net ads join" problems

[Bernd Schubert]

On Wednesday 18 July 2007 12:14:38 Bernd Schubert wrote:
> [2007/07/18 12:12:07, 2] libads/ldap.c:ldap_open_with_timeout(70)
>   Could not open LDAP connection to ads-2k3.ads2k3.q-leap.de:389: No such

This could be solved by adding ads-2k3.ads2k3.q-leap.de to the /etc/hosts, the 
problem is probably due to a windows misconfiguration. I just wonder why it 
hasn't been a problem with samba-3.0.22

Still, our main problems remains.


255 ha-test-1(new):/var/lock# net ads join
Password:

Password? We have a kerberos ticket and with samba-3.0.22 it doesn't ask for a 
password.

===
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/[EMAIL PROTECTED]

Valid starting ExpiresService principal
07/18/07 16:27:37  07/19/07 02:27:37  krbtgt/[EMAIL PROTECTED]
renew until 07/25/07 16:27:37


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

===

So lets proceed without providing a password, but now with debug messages 
enabled.

[2007/07/18 16:28:58, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration 
Thu, 19 Jul 2007 02:27:37 CEST
[2007/07/18 16:28:58, 10] libsmb/clikrb5.c:ads_krb5_mk_req(624)
  ads_krb5_mk_req: Ticket ([EMAIL PROTECTED]) in ccache 
(FILE:/tmp/krb5cc_0) is valid until: (Thu, 19 Jul 2007 02:27:37 CEST - 
1184804857)
[2007/07/18 16:28:58, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(735)
  Got KRB5 session key of length 16
Password:   

[...]
[2007/07/18 16:29:38, 10] libads/sasl.c:ads_sasl_spnego_bind(262)
  ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling 
kinit
[2007/07/18 16:29:38, 10] libads/kerberos.c:kerberos_kinit_password_ext(91)
  kerberos_kinit_password: using [MEMORY:net_ads] as ccache and config 
[/var/lock/smb_krb5/krb5.conf.ADS2K3]
[2007/07/18 16:29:38, 0] libads/kerberos.c:ads_kinit_password(228)
  kerberos_kinit_password [EMAIL PROTECTED] failed: Client not found in 
Kerberos database
Failed to disable machine account in AD.  Please do so manually.
Failed to join domain: Type or value exists
[2007/07/18 16:29:39, 2] utils/net.c:main(1032)
  return code = -1

Why is it here trying to get a ticket for "[EMAIL PROTECTED]"? With 
samba-3.0.22 it only tried to get tickets 
like "[EMAIL PROTECTED]"


I'm rather lost here, the sources differ rather much between 3.0.22 and 3.0.25 
and its behaviour also does differ. But so far I didn't find any 
documentation about ads configuration changes.

Any help is appreciated.

Thanks in advance,
Bernd

-- 
Bernd Schubert
Q-Leap Networks GmbH
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] still about winbind idmap customization

[miolinux]

Hi,

i've read the thread about idmap customization, i'm planning an
integration between windows AD and MIT kerberos, and i was very
interested on the subject.

Now we are authenticating windows AD user against mit kerberos realm
with a cross-domain trust, and with windows client everythings works.

Ie. Authentication is done with kerberos mit and authorization is done
with windows AD.

Now i'm working to let linux computers authenticate users. What i need
it to Authenticate user agains mit kerberos with pam_krb5 ([EMAIL PROTECTED]),
and get authorization from windows AD (DOMAIN+user).

The main problem is that i can force user to append @REALM for
pam_krb5, but i need user to be in form "user" and not "DOMAIN+user"
for a domain that is not the "workgroup" of the computer.

Would it be much work to add a parameter to specify windbind default
domain to be different from computer workgroup?

even if a complete customization of user name and group name would be
preferred a custom default domain could be enought for me.

Is this possible?

Regards,

--
Miolinux
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] still about winbind idmap customization

[miolinux]

Hi,

i've read the thread about idmap customization, i'm planning an
integration between windows AD and MIT kerberos, and i was very
interested on the subject.

Now we are authenticating windows AD user against mit kerberos realm
with a cross-domain trust, and with windows client everythings works.

Ie. Authentication is done with kerberos mit and authorization is done
with windows AD.

Now i'm working to let linux computers authenticate users. What i need
it to Authenticate user agains mit kerberos with pam_krb5 ([EMAIL PROTECTED]),
and get authorization from windows AD (DOMAIN+user).

The main problem is that i can force user to append @REALM for
pam_krb5, but i need user to be in form "user" and not "DOMAIN+user"
for a domain that is not the "workgroup" of the computer.

Would it be much work to add a parameter to specify windbind default
domain to be different from computer workgroup?

even if a complete customization of user name and group name would be
preferred a custom default domain could be enought for me.

Is this possible?

Regards,

--
Miolinux
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] does samba support non-flat /home

[Felipe Augusto van de Wiel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

john wrote, On 15-07-2007 20:19:
> Hi all,
> 
> I hope this is an easy one:
> 
> We've just set up a samba server and We're using winbind 
> with the idmap_rid backend option to authenticate users
> via AD. So far so good! Now we want window users to have
> there home shares on the samba server.
> 
> When Winbind pulls a list of users from AD it appears to 
> use the template homedir option in our smb.conf to figure
> out where users home directories should be located (Am I
> wrong about this?) This relationship seems to get "hard
> coded" into the idmap.

I wouldn't say "hard coded", I would say it has a
default value /home/%D/%U


> My question is can the smb.conf Global Option "template 
> homedir =" be used to allow users to log in to their
> home dir if /home isn't flat? Is there another way to do
> this?

Yes, 'template homedir' can be used to change the
value, but I'm not sure if it will work for you, because
you have years in the template.

You could use a "envvar":

%$(envvar)
  the value of the environment variable envar.


But I'm not sure how would you tell samba on
a per-user basis about that, except by my suggestion
below to use primary groups.


> We have about 1500 hundred kids whose home directories 
> should look like /home/graduationYear/studentName
> 
> So student a's home directory should look like:
>  /home/2008/astudent
> 
> and student b's  might be:
>  /home/2009/bstudent

That's the point, I don't know how you could use
a variable for the "year".  /home/$year/%U, not sure but
maybe you can have your students in the primary group of
their graduation year and use that as a variable:

/home/g2008/astudent
/home/g2009/bstudent

template homedir = /home/%G/%U

astudent primary group is g2008
bstudent primary group is g2009


> Would it be better to just leave out template homedir, remove the
> tdb's and rebind to windows? What would SAMBA's process be to map
> windows users to unix home directories then?

Not sure about that, but I think if you can afford
that change, you could opt to change the primary groups and
go with the above solution or something similar. Check the
variables available in smb.conf.


> Perhaps the real solution is to create shares like this:
> 
> [2007]
>   path = /home/students/2007
>   valid users = %S
>   readonly = no
>   writable = yes
>   printable = no
>   create mode = 0600
>   directory mode = 0600
> 
> 
> [2008]
>   path = /home/students/2008
>   valid users = %S
>   readonly = no
>   writable = yes
>   printable = no
>   create mode = 0600
>   directory mode = 0600

Uhhh... sorry, that's ugly and will give you
a lot of work every year, the group approach seems
to be more maintainable. ;)


> Any advice would be appreciated!
> Thanks!
> John

Hope this helps.
Kind regards,
- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGnh6QCj65ZxU4gPQRCOn3AJ9Gp51+Y70UBahF3aEMiTNEMX0HUQCfeY+D
TOFQ5p4E2Z2hHPp5eZjWK6U=
=7TPS
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 55, Issue 18

[Dragan Krnic]

What's wrong with WARLOCK?
Just kidding. If you don't like it, change it, but do expect problems.
It's not something you will find a recipee for in a How-to book.

The SETLOCALSID changes only the LOCAL SID, not the
GLOBAL SID, for which we would probably need SETGLOBALSID.

When I faced the same problem, I did something really wrong
but it worked. I copy-pasted the LOCAL SID to the GLOBAL SID
in "secrets.tdb".

Now in your case, it would probably be even easier to just think up
a new 7-letter word to overwrite the current name in both "smb.conf"
and "secrets.tdb".

Unfortunately WARLOCK is also tatooed in several places in each
client's registry. Hopefully, pasting over the new name with a .reg script
will obviate the need to re-join the domain. Try it out, when there is no
one to disturb. Back up "/etc/samba" and "/var/lock/samba" with smb
and nmb stopped so that you can back out of it if necessary.


From: Didster <[EMAIL PROTECTED]>
To: samba@lists.samba.org
Date: Tue, 17 Jul 2007 12:31:52 +0100
Subject: [Samba] Changing domain name
Hi,

For reasons best known to the IT admin before myself, we currently
have a domain name of WARLOCK.  I want to change this.  We have about
15 WinXP Pro client machines on the domain as well as a few linux
domain clients.

A bit of reading shows that it should be as simple as doing a net
getlocalsid, making the change, followed by a net setlocalsid.

I started doing this when I noticed something [The PDC machine name is North]:

north:~# net getlocalsid

SID for domain NORTH is: S-1-5-21-2864586203-3687421127-69847892

north:~# net getlocalsid WARLOCK

SID for domain WARLOCK is: S-1-5-21-403220451-921850273-241492889

According to this in the how to: Chapter 13. Remote and Local
Management: The Net Command

"First, do not forget to store the local SID in a file. It is a good
idea to put this in the directory in which the smb.conf file is also
stored. Here is a simple action to achieve this:

root#  net getlocalsid > /etc/samba/my-sid

Good, there is now a safe copy of the local machine SID. On a PDC/BDC
this is the domain SID also."

It says that on a PDC, it should give the domain SID.  So, why on my
PDC do I get different results for getlocalsid and getlocalsid
?

I'm probably being stupid, but worried if I change the domain name,
and do a "setlocalsid S-1-5-21-403220451-921850273-241492889" it will
just change the SID of the machine, and I wont be able to restore the
domain SID.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.25b-1.1.72-1411 - copy from and to the same samba share

[Franz Sirl]

Jeremy Allison wrote:

On Tue, Jul 17, 2007 at 05:07:11PM -0400, Josh Kelley wrote:

On 7/16/07, Jeremy Allison <[EMAIL PROTECTED]> wrote:

On Mon, Jul 16, 2007 at 03:08:01PM +0200, Dragan Krnic wrote:

WinXP logs an obscure NetBT Event ID 4322, which says
"NetBT could not process a request, because at least one
OutOfResources-Exception occurred in the last hour".

Open a bug and attach an ethereal/wireshare network trace please.

I've been tracking this same problem and managed to get a Wireshark
capture, so I posted it to
https://bugzilla.samba.org/show_bug.cgi?id=4796.  If there's any other
information I can provide or testing I can perform, please let me
know.


I've just posted a fix for this as an attachment for this bug (#4796).
If someone would like to test it for 3.0.25c I'd be very grateful.


Hi,

I can confirm that a re-build of the current SUSE 3.0.25b RPMs plus 
today's diff between SAMBA_3_0_RELEASE and SAMBA_3_0_25 fixes the 
strange file corruption problem I was seeing with LIB.EXE from 
VisualStudio6 working on a Samba share. Though this was already true 
with yesterdays diff, but didn't work with a diff from last week.


Franz.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Getting Owner of Files on Mounted Windows Share

[Terlson, Adam (STP)]

Hello everyone,
I have an obscure issue that I have been so far unable to find the
answer to.  I have successfully mounted a windows NTFS file share using
samba via the following command:

mount -t smbfs -o username=,workgroup=
//winserver/winpath /mnt/win

It mounts just fine but performing an ls -al command shows my user (or
"root") as the owner of all files, when this isn't the case.  Is it
possible to get the proper owner of files through a samba-mounted
windows file share?

Thanks in advance.

Adam



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Release timeframe for 3.0.26?

[Brian H. Nelson]

Andrew Bartlett wrote:

Just to note, the next release will be numbered 3.2.0, and licenced
under GPLv3.  It will contain was was to be 3.0.26.

Andrew Bartlett

  


Just out of curiosity, what happened to 3.1.0?

-Brian

--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] cannot access shares

[Felipe Augusto van de Wiel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ryan Johnson wrote, On 16-07-2007 02:49:
[...]
> so why might i be able to access the user directories, but 
> not my self made one? i have tried adding another that points
> to another random directory i created to test out, and that
> too does not work.
> 
> i should mention that /netshare is the mount point for 
> /dev/hdb1 (just a 120GB drive that is used to store shared
> stuff)

Hi Ryan,

Do you have any logs?

Can you try increase the log level and check what the
logs says about your tries to access 'netshare'?



Kind regards
- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGnhlNCj65ZxU4gPQRCP9BAJ9JWQ8cJE9zSbCHgYbo9vxwvn5rxgCgjPwT
pgat8/u9gETXI85LA6eSc60=
=hBbm
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [Urgent] Cannot make changes via pdbedit

[Jason Baker]

Also, If I run the command:
pdbedit --pwd-must-change-time="2007-07-14" --time-format="%Y-%m-%d" jrolfe
It doesn't have any effect. I run pdbedit -Lv -u jrolfe and get:

<---cut>
Logoff time:  never
Kickoff time: Tue, 31 Dec 2030 08:00:00 EST
Password last set:Mon, 01 Jan 2007 03:00:00 EST
Password can change:  Mon, 01 Jan 2007 03:00:00 EST
Password must change: never

So for some reason pdbedit is not effecting the users LDAP data, but if 
I use smbldap-tools, the changes show up, but they don't work when I try 
to log in under windows xp.


*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 

-BEGIN GEEK CODE BLOCK- 
Version: 3.1

GIT$ d- s: a C++$ LU+++$ P+ L++>L !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

--END GEEK CODE BLOCK--



Edmundo Valle Neto wrote:

Edmundo Valle Neto escreveu:

Jason Baker escreveu:
I have been having some problems since I updated from Samba 3.0.23 
to 3.0.25b. I have installed the latest version of smbldap-tools but 
I am still not able to make certain changes to a user's account. I 
have created a new user named JROLFE.
After I set up a new user, I will set it so they are required to 
change their password when they first login. I usually do this 
through LDAP Account Manager.
I set User can change password to a date in the past and User must 
change password to a date in the past. But for some reason it didn't 
work. If I run pdbedit -Lv -u jrolfe, I get:


   Password last set:Mon, 01 Jan 2007 03:00:00 EST
   Password can change:  Mon, 08 Jan 2007 03:00:00 EST
   Password must change: never

If I run ../smbldap-usershow jrolfe, I get:

   sambaPwdCanChange: 1183795200
   sambaPwdLastSet: 1167638400
   sambaPwdMustChange: 1167638400

The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 
GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates 
do not match between pdbedit and smbldap-tools.
This is really causing a problem because I am trying to set up a new 
user and cannot get his password to expire.


According the samba documentation:

sambaPwdLastSet: The integer time in seconds since 1970 when the 
sambaLMPassword and sambaNTPassword attributes were last set.


sambaPwdCanChange: Specifies the time (UNIX time format) after which 
the user is allowed to change his password. If this attribute is not 
set, the user will be free to change his password whenever he wants.


sambaPwdMustChange: Specifies the time (UNIX time format) when the 
user is forced to change his password. If this value is set to 0, the 
user will have to change his password at first login. If this 
attribute is not set, then the password will never expire.


"UNIX time format" (1) means exactly that time measured in seconds 
since 1970, and your results appears to be coherent with time 
measured in seconds.


sambaPwdCanChange: 1183795200
sambaPwdLastSet: 1167638400

Your sambaPwdCanChange is 7 days (measured in seconds) beyond 
sambaPwdLastSet (thats is exactly the same result that pdbedit is 
showing).


Passwords can be forced to change using smbldap-tools 
"smbldap-usermod -B 1 user" too. And as the docs say, users are 
forced to change their passwords when sambaPwdMustChange is set to 0.


I don't know how your system used to be, but the docs says how it 
should behaves.


1. http://en.wikipedia.org/wiki/Unix_time


Regards.

Edmundo Valle Neto


Sorry, calculating the times seems that one of the results is really 
incorrect, even with Unix time format.


Password last set is correct, the difference is between GMT and EST.
But Password can change isn't.

Do you have any policy set about password changing?

Regards.

Edmundo Valle Neto



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Getting Owner of Files on Mounted Windows Share

[C.Scheeder]

Hi,
What you are trying *is NOT POSSIBLE with smbf*
smbfs does not support to get the remote-users from the windows-machine.
it maps each and every file to be owned by the user doing the mount,
if not otherwise instructed.

see 'man smbmount' for more infos on this.
have a nice day.
Christoph

Mark Adams schrieb:

On Tue, Jul 17, 2007 at 08:27:32AM -0500, Terlson, Adam (STP) wrote:

Hello everyone,
I have an obscure issue that I have been so far unable to find the
answer to.  I have successfully mounted a windows NTFS file share using
samba via the following command:

mount -t smbfs -o username=,workgroup=
//winserver/winpath /mnt/win

It mounts just fine but performing an ls -al command shows my user (or
"root") as the owner of all files, when this isn't the case.  Is it
possible to get the proper owner of files through a samba-mounted
windows file share?


Are you mounting the fs with the root user ? does it change if you mount
with another user?


Thanks in advance.

Adam






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [Urgent] Cannot make changes via pdbedit

[Jason Baker]

Do you have any policy set about password changing?

Users are allowed to change their passwords every 7 days.

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.
www.glastender.com 

-BEGIN GEEK CODE BLOCK- 
Version: 3.1

GIT$ d- s: a C++$ LU+++$ P+ L++>L !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

--END GEEK CODE BLOCK--



Edmundo Valle Neto wrote:

Edmundo Valle Neto escreveu:

Jason Baker escreveu:
I have been having some problems since I updated from Samba 3.0.23 
to 3.0.25b. I have installed the latest version of smbldap-tools but 
I am still not able to make certain changes to a user's account. I 
have created a new user named JROLFE.
After I set up a new user, I will set it so they are required to 
change their password when they first login. I usually do this 
through LDAP Account Manager.
I set User can change password to a date in the past and User must 
change password to a date in the past. But for some reason it didn't 
work. If I run pdbedit -Lv -u jrolfe, I get:


   Password last set:Mon, 01 Jan 2007 03:00:00 EST
   Password can change:  Mon, 08 Jan 2007 03:00:00 EST
   Password must change: never

If I run ../smbldap-usershow jrolfe, I get:

   sambaPwdCanChange: 1183795200
   sambaPwdLastSet: 1167638400
   sambaPwdMustChange: 1167638400

The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 
GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates 
do not match between pdbedit and smbldap-tools.
This is really causing a problem because I am trying to set up a new 
user and cannot get his password to expire.


According the samba documentation:

sambaPwdLastSet: The integer time in seconds since 1970 when the 
sambaLMPassword and sambaNTPassword attributes were last set.


sambaPwdCanChange: Specifies the time (UNIX time format) after which 
the user is allowed to change his password. If this attribute is not 
set, the user will be free to change his password whenever he wants.


sambaPwdMustChange: Specifies the time (UNIX time format) when the 
user is forced to change his password. If this value is set to 0, the 
user will have to change his password at first login. If this 
attribute is not set, then the password will never expire.


"UNIX time format" (1) means exactly that time measured in seconds 
since 1970, and your results appears to be coherent with time 
measured in seconds.


sambaPwdCanChange: 1183795200
sambaPwdLastSet: 1167638400

Your sambaPwdCanChange is 7 days (measured in seconds) beyond 
sambaPwdLastSet (thats is exactly the same result that pdbedit is 
showing).


Passwords can be forced to change using smbldap-tools 
"smbldap-usermod -B 1 user" too. And as the docs say, users are 
forced to change their passwords when sambaPwdMustChange is set to 0.


I don't know how your system used to be, but the docs says how it 
should behaves.


1. http://en.wikipedia.org/wiki/Unix_time


Regards.

Edmundo Valle Neto


Sorry, calculating the times seems that one of the results is really 
incorrect, even with Unix time format.


Password last set is correct, the difference is between GMT and EST.
But Password can change isn't.

Do you have any policy set about password changing?

Regards.

Edmundo Valle Neto



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] mounting an AD share upon login

[Juan Miscaro]

Hi everyone,

I am having trouble mounting a share on my AD server upon login.

I am using pam_mount.  Here is log activity when user 'peter' logs in
(with Ubuntu client) and is authenticated by AD server.  There is a
share called 'peter' on the server (netbios name WIN2003) and the mount
point is /home/PRIVATE/peter (see later for pam_mount.conf file):


=
Jul  9 13:03:25 feisty-s86-1 pam_winbind[7393]: user 'peter' granted
access
Jul  9 13:03:25 feisty-s86-1 pam_winbind[7393]: user 'peter' OK
Jul  9 13:03:25 feisty-s86-1 pam_winbind[7393]: user 'peter' granted
access
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: (pam_unix) session opened for
user peter by (uid=0)
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(pam_mount.c:428) back
from global readconfig 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(pam_mount.c:430)
per-user configurations not allowed by pam_mount.conf 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(pam_mount.c:461)
pam_sm_open_session: real uid/gid=0:502, effective uid/gid=0:502 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(readconfig.c:418)
checking sanity of volume record (peter) 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(pam_mount.c:476)
about to perform mount operations 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:368)
information for mount: 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:369)
-- 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:370) (defined
by globalconf) 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:373) user:   
  peter 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:374) server: 
  WIN2003 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:375) volume: 
  peter 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:376)
mountpoint:/home/PRIVATE/peter 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:377) options:
  uid=peter,gid=peter,dmask=0750,workgroup=WORKGROUP
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:378)
fs_key_cipher:  
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:379)
fs_key_path:
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:380)
use_fstab:   0 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:381)
-- 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:177) realpath
of volume "/home/PRIVATE/peter" is "/home/PRIVATE/peter" 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:182) checking
to see if //WIN2003/peter is already mounted at /home/PRIVATE
/peter 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:799) checking
for encrypted filesystem key configuration 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:819) about to
start building mount command 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(misc.c:264) command:
/bin/mount [-t] [cifs] [//WIN2003/peter] [/home/PRIVATE/peter]
 [-o] [user=peter,uid=502,gid=502,uid=peter,gid=peter,dmask=0750, 
Jul  9 13:03:26 feisty-s86-1 gdm[7407]: pam_mount(misc.c:341)
set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:502 
Jul  9 13:03:26 feisty-s86-1 gdm[7407]: pam_mount(misc.c:376)
set_myuid(post): real uid/gid=0:502, effective uid/gid=0:502 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:851) mount
errors (should be empty): 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:100)
pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:502, effective ui
d/gid=0:502 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:100)
pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:502, effective u
id/gid=0:502 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:854) waiting
for mount 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(pam_mount.c:480)
mount of peter failed 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(pam_mount.c:123)
clean system authtok (0) 
Jul  9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(misc.c:264) command:
/usr/sbin/pmvarrun [-u] [peter] [-o] [1]
Jul  9 13:03:27 feisty-s86-1 gdm[7411]: pam_mount(misc.c:341)
set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:502 
Jul  9 13:03:27 feisty-s86-1 gdm[7411]: pam_mount(misc.c:376)
set_myuid(post): real uid/gid=0:502, effective uid/gid=0:502 
Jul  9 13:03:27 feisty-s86-1 gdm[7393]: pam_mount(pam_mount.c:360)
pmvarrun says login count is 1 
Jul  9 13:03:27 feisty-s86-1 gdm[7393]: pam_mount(pam_mount.c:493) done
opening session
=


There are no "mount errors" but still "mount of peter failed".


Here is pam_mount.conf:

=
debug 1
mkmountpoint 1
fsckloop /dev/loop7

luserconf .pam_mount.conf
options_allow nosuid,nodev
options_deny suid,dev
options_require nosuid,nodev

lsof /usr/bin/lsof %(MNTPT)
fsck /sbin/fsck -p %(FSCKTARGET)

cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o
"user=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)"
smbmount /usr/bin/smbmount   //%(SERVER)/%(VOLUME) %(MNTP

[Samba] ADS users authentication problem where win2k and pre-win2k names of user differ

[Arvind Deshpande]

Hello,

I am new to the list and this is my first posting to the list.

I have an ADS running on Win2k3 in Native Mode. I have a user created in
ADS. While creating the user I have specified the "Win2K name of user" as
testbug and "Pre-Win2k Name of user" is bugtest. Essentially they are not
same and do differ.
I have a samba 3.0.25d running on Fedora Core 7 which has joined this ADS
domain.

I also have a share whose definition goes as

[myshare]
  comment = Mary's and Fred's stuff
  path = /music
  valid users = "DOMAIN\testbug" "DOMAIN\foobar"
  public = no
  writable = yes
  printable = no
  create mask = 0765

Security is setup to ADS and Realm is specified correctly.

Now when I try to map this share through samba as //10.52.10.20/myshare
using username DOMAIN\testbug fails authentication. NTLMSSP authentication
mechanism is tried ( I have seen wireshark logs ) and ADS returns back an
error NT_STATUS_USER_NOT_FOUND.
When I provide the user "DOMAIN\bugtest" - the pre-win2k user I can see in
the logs that authentication is successful. Basically in winbindd logs I see
PAM returning 0. But further more after authentication winbindd gets the
valid users list and tries to verify that "DOMAIN\bugtest" is indeed in the
valid users list. As you can see in the share definition that user is not
there. Hence winbindd does not allow access to the share in spite of
successful authentication.

If I specify the user as "DOMAIN\foobar" for the authentication from Windows
everything is hunky dory and user foobar is able to mount the share.

So in essense "When win2k and pre-win2k names of user differ I am not able
to mount the share using win2k name of the user"

Has anyone ever faced this issue? Or aware of any solution?

Thanks for the help.

Arvind Deshpande
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba problems

[Mark Adams]

What happens when you run "which smbmnt"

I'm not a fedora core user - does it come with smbfs standard? if not
you will need to install the package.

If these fail your $PATH may be messed up. try /usr/bin/smbmnt to see if
the binary exists.

Mark

On Sat, Apr 07, 2007 at 04:55:55PM -0400, Jim Mills wrote:
> I have a question about samba.
> I found the smbmnt documentation but my fedora core 6 doesn't seem to
> recognize the command. Is there something Else I need to check to see
> why this is the case? The swat program seems to think things are OK.
> Thanks Jim
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Getting Owner of Files on Mounted Windows Share

[Mark Adams]

On Tue, Jul 17, 2007 at 08:27:32AM -0500, Terlson, Adam (STP) wrote:
> Hello everyone,
> I have an obscure issue that I have been so far unable to find the
> answer to.  I have successfully mounted a windows NTFS file share using
> samba via the following command:
> 
> mount -t smbfs -o username=,workgroup=
> //winserver/winpath /mnt/win
> 
> It mounts just fine but performing an ls -al command shows my user (or
> "root") as the owner of all files, when this isn't the case.  Is it
> possible to get the proper owner of files through a samba-mounted
> windows file share?

Are you mounting the fs with the root user ? does it change if you mount
with another user?

> 
> Thanks in advance.
> 
> Adam
> 
> 
> 

> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: upgrade to 3.0.25 and ads

[Bernd Schubert]

On Wednesday 18 July 2007 12:12:26 Bernd Schubert wrote:
> Hi,
>
> I'm presently testing to upgrade from 3.0.22 to 3.0.25 and have an ads
> problem.
>
> net -d 10 -s /etc/samba/smb.conf ads join
>
> 3.0.25:
> ===
> [2007/07/18 12:03:11, 4] libsmb/namequery_dc.c:ads_dc_name(131)
>   ads_dc_name: using server='ADS-2K3.ADS2K3.Q-LEAP.DE' IP=192.168.53.212
> [...]
>
> [2007/07/18 12:03:11, 3] libads/ldap.c:ads_connect(394)
>   Connected to LDAP server 192.168.53.212
> [2007/07/18 12:03:11, 2] libads/ldap.c:ldap_open_with_timeout(70)
>   Could not open LDAP connection to ".ads2k3.q-leap.de:389: No such file or
> directory

Sorry, that was supposed to be 


[2007/07/18 12:12:07, 2] libads/ldap.c:ldap_open_with_timeout(70)
  Could not open LDAP connection to ads-2k3.ads2k3.q-leap.de:389: No such file 
or directory



-- 
Bernd Schubert
Q-Leap Networks GmbH
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] upgrade to 3.0.25 and ads

[Bernd Schubert]

Hi,

I'm presently testing to upgrade from 3.0.22 to 3.0.25 and have an ads 
problem.

net -d 10 -s /etc/samba/smb.conf ads join

3.0.25:
===
[2007/07/18 12:03:11, 4] libsmb/namequery_dc.c:ads_dc_name(131)
  ads_dc_name: using server='ADS-2K3.ADS2K3.Q-LEAP.DE' IP=192.168.53.212
[...]

[2007/07/18 12:03:11, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 192.168.53.212
[2007/07/18 12:03:11, 2] libads/ldap.c:ldap_open_with_timeout(70)
  Could not open LDAP connection to ".ads2k3.q-leap.de:389: No such file or 
directory

3.0.22
==
[2007/07/18 12:04:27, 4] libsmb/namequery.c:get_dc_list(1406)
  get_dc_list: returning 1 ip addresses in an ordered list
[2007/07/18 12:04:27, 4] libsmb/namequery.c:get_dc_list(1407)
  get_dc_list: 192.168.53.212:389
[2007/07/18 12:04:27, 5] libads/ldap.c:ads_try_connect(126)
  ads_try_connect: trying ldap server '192.168.53.212' port 389
[2007/07/18 12:04:27, 3] libads/ldap.c:ads_connect(288)
  Connected to LDAP server 192.168.53.212
[2007/07/18 12:04:27, 3] libads/ldap.c:ads_server_info(2542)
  got ldap server name [EMAIL PROTECTED], using bind path: 
dc=ADS2K3,dc=Q-LEAP,dc=DE


Well, I have absolutely no idea were it takes "ads-2k3" from, does it get it 
itself from from the ads server? Its not in the smb.conf, not in the 
krb5.conf, simply nowhere configured.

Anyway, in samba-3.0.25 it seems to try to interprete ads-2k3 as part of the 
domain name and not as username, which I guess is the main problem.

Any idea whats wrong?

Thanks in advance,
Bernd

-- 
Bernd Schubert
Q-Leap Networks GmbH
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba