Re: [Samba] winbind doc error?

[John H Terpstra]

On Friday 09 November 2007 23:13, Guido Lorenzutti wrote:
> Hi People: In the how to posted on ..
> http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
>
> The docs says several times to the option -B in the winbindd , but I
> can't find anything on the manpage about that switch and I can't notice
> any difference by using it.
>
> The docs are outdated? or my 3.0.24 dosen't have this feature?
>
> Tnxs in advance.

Yes, the docs had suffered bit-rot and were outdated. I have removed the info 
regarding the -B option.  Give the system a day or two to stablize, then 
please check that I have not missed any -B references.  Please let me know if 
you find I have goofed.  Thanks for the heads-up.

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] get_sam_group_entries: Failed to enumerate domain local groups!

[Guido Lorenzutti]

Hi People: I run into a problem when I upgrade my sarge proxy to etch.
My winbind now, with the same smb.conf that use to have, know tells me
that can't find the groups with winbind.

When I do a wbinfo -g gives me:

Error looking up domain groups

I google a lot and I can't find a way to solve this. The problem is that
if this dosen't work, It seems that the samba is unable to know the
group of the users, and I have policies by group that I can't apply.

Any light on these would be great...

Tnxs in advance.

PS: This is my smb.conf

[global]
workgroup = DOMAIN
netbios name = PROXY
security = DOMAIN
passdb backend = tdbsam
restrict anonymous = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
domain master = No
dns proxy = No
wins server = 10.200.0.2
idmap uid = 1-2
idmap gid = 1-2
winbind separator = \  
load printers = no
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbind doc error?

[Guido Lorenzutti]

Hi People: In the how to posted on ..
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html

The docs says several times to the option -B in the winbindd , but I
can't find anything on the manpage about that switch and I can't notice
any difference by using it.

The docs are outdated? or my 3.0.24 dosen't have this feature?

Tnxs in advance.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbldap-passwd fails

[Bernhard D Rohrer]

Hi folks

I am getting this error:

[EMAIL PROTECTED]:/home/admin# smbldap-passwd testuser
Changing UNIX and samba passwords for testuser
New password:
Retype new password:
I cannot generate the proper hash!

uncle google was rather quiet on the subject :(

what do you need config file wise?

thanks

Bernhard

--
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SMB Shares with subversion backing store

[Jeremy Allison]

On Fri, Nov 09, 2007 at 02:48:11PM -0500, Ross S. W. Walker wrote:
> 
> I suppose I could contract it out to a development firm, but
> to put something like that together myself. Would the anti-virus
> VFS filter that's floating around provide a good enough framework
> for creating something like this?
> 
> I don't know if the anti-virus VFS filter calls out to external
> applications or if it uses a library API, but even if I had to
> adapt it to an API (in fact a better approach) I could always
> use John Madden's FUSE svnfs as an example of how to write for
> that API.
> 
> Even if I do decide to contract it out, I still need to get a
> feeling for the amount of work it will take so I don't get
> bilked on the job costs.

Indeed. An anti-virus VFS would be a possible start point,
but you'll need a more complete VFS implementation than
just virus scanning.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: binary does not run on samba-3.0.26a

[herman]

Did you remember to run 'testparm'?

H.

Henrik Carlqvist wrote:

hce <[EMAIL PROTECTED]> wrote:
  

I built the samba from source samba-3.0.26a on FC6. But when I run
"nmbd -F --debuglevel=5 --configfile=/home/test/smb.conf
--log-basename=/home/test/log.txt", nothing happens. The process is
not there, the log file is not created. What could I be missing here?



Not really samba-specific, but whenever I need to track down errors like
this on any program I usually try strace to see what is missing. Something
like:

"strace nmbd -F --debuglevel=5 --configfile=/home/test/smb.conf
--log-basename=/home/test/log.txt"

The above will show you any files it is trying to open and might give a
clue why it doesn't work. If "strace" is not enough you might also try
"strace -f" to follow forked processes.

regards Henrik
  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Heartbeat and secrets.tdb

[Henrik Carlqvist]

I'm configuring a HA-cluster to share disks using heartbeat from
http://www.linux-ha.org/

Two machines, lets call them server1 and server2 share the same disk with
an ocfs2 file system. However, the two machines have separate disks for
their OS installations. The two physical servers have two gigabit nics
each and on those nics I place four virtual IP addresses which heartbeat
makes sure is working as long at as least one server is up. Lets say the
four IP addresses get host names samba1, samba2, samba3 and samba4.

When both servers are up and running it looks something like this:

samba1server1, eth0:0
samba2server1, eth1:0
samba3server2, eth0:0
samba4server2, eth1:0

If one server would go down, either for a planned maintenance or by
accident heartbeat will rearrange the configuration to something like
this:

samba1server2, eth0:1
samba2server2, eth1:1
samba3server2, eth0:0
samba4server2, eth1:0

Once the failed server gets back heartbeat will again distribute the IP
addresses over both servers in an active/active configuration.

Smb.conf look the same on both servers and all four IP adresses are listed
as interfaces on both machines. This works fine, when a server takes over
IP addresses from the other server samba immediately works on those
addresses without need for any restart.

My problem is that the samba servers use security=domain. I have used net
join to join the domain and all works fine for a while. However, after
some time the servers get locked out from the domain and I don't really
know why. 

Is it because samba use several IP addresses on the same machine and the
same secrets.tdb? If so, would it work better if I used four different
smb.conf, one for each IP address pointing to different secrets.tdb? Would
this work with local copies of secrets.tdb on the two servers?

Is it because the same IP adresses move between two different machines
with different secrets.tdb? If so, would it work better if secrets.tdb
would be placed on a ocfs2 file system shared between the two servers?

regards Henrik
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: binary does not run on samba-3.0.26a

[Henrik Carlqvist]

hce <[EMAIL PROTECTED]> wrote:
> I built the samba from source samba-3.0.26a on FC6. But when I run
> "nmbd -F --debuglevel=5 --configfile=/home/test/smb.conf
> --log-basename=/home/test/log.txt", nothing happens. The process is
> not there, the log file is not created. What could I be missing here?

Not really samba-specific, but whenever I need to track down errors like
this on any program I usually try strace to see what is missing. Something
like:

"strace nmbd -F --debuglevel=5 --configfile=/home/test/smb.conf
--log-basename=/home/test/log.txt"

The above will show you any files it is trying to open and might give a
clue why it doesn't work. If "strace" is not enough you might also try
"strace -f" to follow forked processes.

regards Henrik
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: tdb search optimization

[simo]

On Fri, 2007-11-09 at 21:07 +, Bruno Gomes Pessanha wrote:
> > You might try to do a "tdbbackup -n 1 ntprinters.tdb"
> 
> But, this makes tdb bigger, right?

Yes

> Sorry, but I didn't understand why increasing
> the hash would make search operations faster.

Should make a lot less collisions, therefore each search should have
more probability to be fullfilled with one lookup without needing to
down a list of matches that have the same hash.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <[EMAIL PROTECTED]>
Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: tdb search optimization

[Volker Lendecke]

On Fri, Nov 09, 2007 at 09:07:26PM +, Bruno Gomes Pessanha wrote:
> > You might try to do a "tdbbackup -n 1 ntprinters.tdb"
> 
> But, this makes tdb bigger, right? Sorry, but I didn't
> understand why increasing the hash would make search
> operations faster.

Well, then you have to find other solutions.

Sorry for the noise then.

Volker


pgpTSEI5343b0.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: tdb search optimization

[Bruno Gomes Pessanha]

> You might try to do a "tdbbackup -n 1 ntprinters.tdb"

But, this makes tdb bigger, right? Sorry, but I didn't understand why increasing
the hash would make search operations faster.

Bruno Gomes Pessanha

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Joining a win2k3 ads fails

[herman]

I have seen things behave differently between identical boxes and 
eventually the problem was solved on the server side, by rolling ADS 
back to a previous version.  So, you got to make things as simple as 
possible in order to rule out as many weird interactions as possible.  
Bear in mind that Windows is not a finite state machine - actually, I 
think Heisenberg used to work for Microsoft...


Cheers,

H.

Lex Brugman wrote:
The problem described in my post occurs on a debian box running on an 
ARM processor and is using the same configuration as on an Gentoo box 
running on a x86 processor (where it works fine). Both are running the 
same version of samba (3.0.26a).




David kacuba wrote:

no what do you mean

*/Lex Brugman <[EMAIL PROTECTED]>/* wrote:

Please note that the same configuration works on another box in the
same network (same win2k3 PDC)
-- To unsubscribe from this list go to the following URL and 
read the

instructions: https://lists.samba.org/mailman/listinfo/samba


__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] help with Nitrobit Policy

[Roylan Suarez Reyes]

Hello friends

  Someone on this list uses nitrobit policy?


-- 
--
Roylan Suarez Reyes
Admin. Redes JC. Vinales
[EMAIL PROTECTED]
Telef: 793210

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Joining a win2k3 ads fails

[herman]

Hmm, I hear you, but since MS Windows is involved that doesn't mean 
anything...

;)

H.

Lex Brugman wrote:
Please note that the same configuration works on another box in the 
same network (same win2k3 PDC)


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Joining a win2k3 ads fails

[Lex Brugman]

The problem described in my post occurs on a debian box running on an ARM processor and is using the 
same configuration as on an Gentoo box running on a x86 processor (where it works fine). Both are 
running the same version of samba (3.0.26a).




David kacuba wrote:

no what do you mean

*/Lex Brugman <[EMAIL PROTECTED]>/* wrote:

Please note that the same configuration works on another box in the
same network (same win2k3 PDC)
-- 
To unsubscribe from this list go to the following URL and read the

instructions: https://lists.samba.org/mailman/listinfo/samba


__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] SMB Shares with subversion backing store

[Ross S. W. Walker]

Jeremy Allison wrote:
> 
> On Fri, Nov 09, 2007 at 10:05:34AM -0500, Ross S. W. Walker wrote:
> > To all,
> >  
> > I was wondering if it was possible to setup samba shares 
> that use subversion as a backing store for the files.
> >  
> > Whenever a new file is created it is added to the 
> subversion tree, whenever a file is opened it is checked out 
> of the subversion tree, and whenever it is deleted it is 
> removed from the subversion tree.
> >  
> > The idea is that one could use subversion to retain 
> previous versions of files and the subversion tree can be 
> replicated using subversion replication tools.
> >  
> > This would avoid costly COW operations for volume 
> snapshots, provide better file control and auditing and allow 
> files to be replicated in a consistent fashion.
> >  
> > A bonus would be allowing access to previous subversion 
> versions using the "Previous Versions" feature.
> 
> You'd need to get a VFS written to do this. It's not
> difficult, but requires custom programming. There
> are various Samba support companies available that
> could do this on contract.

Thanks Jeremy,

I suppose I could contract it out to a development firm, but
to put something like that together myself. Would the anti-virus
VFS filter that's floating around provide a good enough framework
for creating something like this?

I don't know if the anti-virus VFS filter calls out to external
applications or if it uses a library API, but even if I had to
adapt it to an API (in fact a better approach) I could always
use John Madden's FUSE svnfs as an example of how to write for
that API.

Even if I do decide to contract it out, I still need to get a
feeling for the amount of work it will take so I don't get
bilked on the job costs.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Joining a win2k3 ads fails

[Lex Brugman]

Please note that the same configuration works on another box in the same 
network (same win2k3 PDC)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Joining a win2k3 ads fails

[herman]

Hmm, you have a whole bunch of stuff in smb.conf that I would not put 
there.  Some of them may be obsolete and won't matter, but whether it 
will break things is hard to tell.  I think you should look at the 
Official Howto and pare the settings down to the bare necessities, then 
try again. 


Also have a look my guide here:
http://www.aeronetworks.ca/LinuxActiveDirectory.html

I have found that KISS is a very important principle with ADS.  Make an 
OU for your Linux users, define your groups and users in that OU, then 
apply security policies to the OU and don't reference anything outside 
the OU.


Also note that it is possible to do things in ADS that you are not 
supposed to do, which can cause Winbind to get its balls in a twist.  In 
general, don't rename records, don't drag records from one OU to another 
OU, don't make a user in one OU a member of a group in another OU.  You 
are not supposed to do those things and it may cause ADS to complain, 
but while WinXP clients will still work, Winbind will blow up.  The only 
way to fix it is to find the offending records and delete them, but how 
to find them?  It is a situation that is best avoided!


Cheers,

Herman


Lex Brugman wrote:

Hello,

I'm trying to join a win2k3 ADS domain using a working config on a 
debian 'Lenny' (arm processor)
from another machine running gentoo (x86 processor) (only changed the 
netbios name).


Samba versions are 3.0.26a on both the machines.
I'm pretty sure this is not a kerberos or ldap problem, anyone has a 
clue what else it could be?



# net -d 3 ads join -U administrator
[2007/11/07 23:31:00, 3] param/loadparm.c:lp_load(5039)
  lp_load: refreshing parameters
[2007/11/07 23:31:00, 3] param/loadparm.c:init_globals(1438)
  Initialising global parameters
[2007/11/07 23:31:00, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file 
"/etc/samba/smb.conf"

[2007/11/07 23:31:00, 3] param/loadparm.c:do_section(3778)
  Processing section "[global]"
[2007/11/07 23:31:01, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file 
"/etc/samba/dhcp.conf"

[2007/11/07 23:31:01, 2] lib/interface.c:add_interface(81)
  added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2007/11/07 23:31:01, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.22 bcast=10.0.0.255 nmask=255.255.255.0
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:02, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
administrator's password:
[2007/11/07 23:31:05, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:05, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache 
found)

[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] 
expiration Thu, 08 Nov 2007 09:31:23 CET

[2007/11/07 23:31:05, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:05, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] 
expir

Re: [Samba] SMB Shares with subversion backing store

[Jeremy Allison]

On Fri, Nov 09, 2007 at 10:05:34AM -0500, Ross S. W. Walker wrote:
> To all,
>  
> I was wondering if it was possible to setup samba shares that use subversion 
> as a backing store for the files.
>  
> Whenever a new file is created it is added to the subversion tree, whenever a 
> file is opened it is checked out of the subversion tree, and whenever it is 
> deleted it is removed from the subversion tree.
>  
> The idea is that one could use subversion to retain previous versions of 
> files and the subversion tree can be replicated using subversion replication 
> tools.
>  
> This would avoid costly COW operations for volume snapshots, provide better 
> file control and auditing and allow files to be replicated in a consistent 
> fashion.
>  
> A bonus would be allowing access to previous subversion versions using the 
> "Previous Versions" feature.

You'd need to get a VFS written to do this. It's not
difficult, but requires custom programming. There
are various Samba support companies available that
could do this on contract.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Mapped username then gets mapped to "Anonymous"

[Luke Pittman]

Hi Everyone,

I have setup a Samba share to work on our local network with a username 
map to accommodate Windows XP usernames with spaces, but it seems that 
Samba maps the username correctly but then immediately changes it to an 
Anonymous request.  Am I missing something?  Clip from log file:


--
[2007/11/09 09:58:49, 3] smbd/sesssetup.c:reply_sesssetup_and_X(995)
 Domain=[OFFICE]  NativeOS=[Windows 2002 Service Pack 2 2600] 
NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]

[2007/11/09 09:58:49, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1010)
 sesssetupX:[EMAIL PROTECTED]
[2007/11/09 09:58:49, 3] smbd/map_username.c:map_username(54)
 Mapped user Luke to lpittman
[2007/11/09 09:58:49, 3] smbd/sesssetup.c:check_guest_password(136)
 Got anonymous request
[2007/11/09 09:58:49, 3] auth/auth.c:check_ntlm_password(221)
 check_ntlm_password:  Checking password for unmapped user [EMAIL PROTECTED] 
with the new password interface

[2007/11/09 09:58:49, 3] auth/auth.c:check_ntlm_password(224)
 check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
--

My smb.conf file:
--
[global]
#workgroup = Hewlettpackard
workgroup = C22
server string =
netbios name = Server2
security = share
wins support = no
log level = 1
load printers = no
log file = /var/log/samba/%m.log
log level = 3
username map = /etc/samba/smbusers
os level = 2
time server = yes
encrypt passwords = yes

# log size in Kb
max log size = 500

[Raid0]
public = no
path = /raid0
valid users = cflatman
read only = no
writeable = yes

[Raid1]
public = no
path = /raid1
valid users = cflatman
read only = no
writeable = yes
--

Any ideas/help/advice/links would be great - I've been searching for 
hours and have not found anything.


Thanks a bunch!

Luke Pittman

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] hide unreadable files

[Charles Marcus]

On 11/9/2007, Diego Alejandro Cheda ([EMAIL PROTECTED]) wrote:

profile acls = Yes
map acl inherit = Yes
hide unreadable = Yes
map hidden = Yes


Do you really have these in the Global section?

1. The 'Yes' is supposed to be 'yes' - but don't know if 'case' is a 
problem with these settings, I've always just used them the way they are 
in 'the book' (yes/no, not Yes/No).


2. profile acls = yes should only be added to the profiles share, and 
only if you are using roaming profiles - but this is NOT intended to be 
on ALL shares, and may be causing you weird problems.


3. The 'hide unreadable = yes' should be under your [groups] section, 
but maybe it should still work in the global section...


Maybe some of this helps...

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] multi-subneted network browsing problem

[Dmitriy Chumack]

Hi *

I have a question about windows network browsing from linux box in a
multi-subneted network. I have such network topology: my subnet is
10.105.27.224/27, there are 10 boxes in my subnet; also there are
several other subnets - 10.105.27.0/27, 10.105.27.96/27, ...,
172.17.51.64/27, ..., 172.17.48.0/26, ...

In our network we have one wins server with ip 172.17.48.13 that very
likely configured as a domain controller and several domains, that
spans across several subnetworks: DOMAIN1, DOMAIN2, DOMAIN3.

When I config my samba server not be a local master browser, than all
my subnet doesn't have access to local network, because no one other
box wants to become a LMB (I've tried to wait about 2 hours).

When I config my samba server as a LMB, than I and all boxes in my
subnet could see only our DOMAIN2 and only boxes from our subnet in
it.

In this case samba log says, that:

find_domain_master_name_query_fail(351)
Unable to find the Domain Master Browser name DOMAIN1<1b> for the
workgroup DOMAIN1

So how can I properly config my samba server to see all domains and
all computers?

-
Here is my smb.conf:

Samba version 3.0.25b
--

[global]
   workgroup = DOMAIN2
   server string = My Server
   security = share
   hosts allow = ALL
   load printers = no
   log file = /var/log/samba/samba.%m
   max log size = 50
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   interfaces = eth0
   local master = yes
   domain master = no
   preferred master = yes
   wins support = no
   wins server = 172.17.48.13
   wins proxy = yes
   dns proxy = no
   name resolve order = wins host bcast
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
[public]
   path = /home/samba
   public = yes
   guest ok = yes
   only guest = yes
   writable = yes
   printable = no
-

Thanks in advance
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] User connexions stats

[Emmanuel Lacour]

On Fri, Nov 09, 2007 at 04:23:10PM +0100, Francis Galiegue wrote:
> 
> (c'est "connection" en anglais ;))
> 

merci ;)

> Unfortunately, no, there's no such thing as a logon/logoff sequence. You can 
> scan for entries telling that someone has initiated a connection to the 
> [profiles] as user , that would be the most accurate you can 
> guess. But you cannot tell when the person logs off AFAIK.
> 

Ok, that's what I worried :(

Thanks.

-- 
Emmanuel Lacour
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba writes to disk each 5 minutes...

[Kai Schäfer]

Hello,
 
I am using samba on a NAS. I use hdparm to put my disk to standby.
Unfortunatelle the disk wakes up appr. each 5 minutes and I get entries in
/var/cache/samba and /var/log
 
Is there a way to disable the cache and the logging? I did not find anything
in the smb.conf.
 
Thx in advance
Kai
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] A device attached to the system is not functioning.

[Adam Williams]

Windows XP w/ SP2 is giving me that error message when I'm trying to log 
into my domain:


A device attached to the system is not functioning.

error log:

[2007/11/09 10:21:01, 1] 
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004)

 _net_sam_logon: user TEST\testuser has user sid S-1-1-0
  but group sid S-1-5-21-3536689092-529281149-710501220-513.
 The conflicting domain portions are not supported for NETLOGON calls

[EMAIL PROTECTED] ~]# cat /etc/samba/smb.conf
[global]
 unix charset = LOCALE
  workgroup = TEST
 netbios name = GOMER
 server string = Samba Server %v on gomer
#  interfaces = eth0, lo
 interfaces = 10.8.3.37/24 127.0.0.1/8
 bind interfaces only = Yes
 hosts allow = 10.8.
 passdb backend = ldapsam:ldap://gomer.mdah.state.ms.us
 enable privileges = Yes
 username map = /etc/samba/smbusers
 log level = 1
 syslog = 0
 log file = /var/log/samba/%m
 max log size = 50
 name resolve order = wins bcast hosts
 time server = Yes
 printcap name = CUPS
 show add printer wizard = no
 add user script = /usr/sbin/smbldap-useradd -a -m "%u"
 delete user script = /usr/sbin/smbldap-userdel "%u"
 add group script = /usr/sbin/smbldap-groupadd -p "%g"
 delete group script = /usr/sbin/smbldap-groupdel "%g"
 add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
 delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
 set primary group script = /usr/sbin/smbldap-groupmod -g "%g" "%u"
 add machine script = /usr/sbin/smbldap-useradd -w "%u"
 logon script = scripts\logon.bat
 logon path = \\%L\profiles\%U
 logon drive = X:
 domain logons = Yes
 preferred master = Yes
 wins support = Yes
 ldap suffix = dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
 ldap machine suffix = ou=People
 ldap user suffix = ou=People
 ldap group suffix = ou=Groups
 ldap idmap suffix = ou=Idmap
 ldap admin dn = cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
 idmap backend = ldap:ldap://gomer.mdah.state.ms.us
  idmap uid = 1-2
  idmap gid = 1-2
 map acl inherit = Yes
 printing = cups
 printer admin = root, awilliam
 ldap passwd sync = yes
  winbind separator = +
# use uids from 1 to 2 for domain users
  idmap uid = 1-2
# use gids from 1 to 2 for domain groups
  idmap gid = 1-2
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
  template homedir = /home/winnt/%D/%U
  template shell = /bin/bash

winbind enum users = yes
winbind enum groups = yes

  winbind use default domain = no
[homes]
 comment = Home Directories
 valid users = %S
 read only = no
 browseable = No

[accounts]
 comment = Accounting Files
 path = /data/accounts
 read only = No

[netlogon]
 comment = network logon service
 path = /var/lib/samba/netlogon
 guest ok = Yes
 locking = No

[profiles]
 comment = Profile Share
 path = /var/lib/samba/profiles
 read only = No
 profile acls = Yes

[print$]
 comment = Printer Drivers
 path = /var/lib/samba/drivers
 browseable = yes
 guest ok = no
 read only = yes
 write list = root, awilliam

and the user exists in ldap:

ldapsearch -D 'cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us' -b 
"uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" -w x -x

# extended LDIF
#
# LDAPv3
# base  
with scope subtree

# filter: (objectclass=*)
# requesting: ALL
#

# testuser, People, gomer.mdah.state.ms.us
dn: uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
uid: testuser
cn: test user
telephoneNumber: 5766888
roomNumber: IS
homePhone: 3738042
givenName: test
sn: user
mail: [EMAIL PROTECTED],dc=state,dc=ms,dc=us
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: sambaSamAccount
loginShell: /bin/bash
uidNumber: 501
gidNumber: 101
homeDirectory: /home/testuser
gecos: test user,IS,5766888,3738042
sambaSID: S-1-1-0
sambaLMPassword: xxx
sambaAcctFlags: [U]
sambaNTPassword: xxx
sambaPwdMustChange: 1194624706
shadowLastChange: 0
shadowMax: 9
shadowWarning: 7
sambaPasswordHistory: 



sambaPwdLastSet: 1194624832
userPassword:: xx

# search result
search: 2
result: 0 Success

any ideas?
# numResponses: 2
# numEntries: 1




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] hide unreadable files

[Diego Alejandro Cheda]

Hi Charles! Thanks for your ideas! 
 
I read this post http://lists.samba.org/archive/samba/2007-July/133723.html and 
found some similarities with the behavior of my configuration. For example, 
sometimes a user can delete files or directories with "r-x" permissions. Then, 
I upgrade to samba 3.0.26a. I don't know if this is a good idea, but at least 
users can't delete files/directories now (I think).
 
However, the problem still existing with the "hide unreadable = Yes" option. I 
understand now the behavior. For example, I have two directories in a share 
directory "groups" with the following ACL entries:
 
# file: groups# owner: root# group: rootuser::rwxgroup::r-x
group:admins:rwx
group:users:r-x
mask::rwxother::---
 
# file: dir1# owner: root# group: 
rootuser::rwxgroup::r-xgroup:admins:rwxmask::rwxother::---
# file: dir2# owner: root# group: rootuser::rwxgroup::---other::---And I have a 
user "joe" that belongs to the group "users". Then, if "joe" map the share 
directory, he can see only dir1 and dir2 is not visible for his. Also, "joe" 
should not see dir1. 
Now, if I change the ACL permissions of dir2 to the following:
 
# file: dir2# owner: root# group: 
rootuser::rwxgroup::r-xgroup:admins:rwxmask::rwxother::---
"joe" can see (incorrectly) both directories. Believe me, I don't understand. I 
don't know if this "errors" are for a bad configuration or what...
 
I'm using: debian etch 4.0r1 amd64, kernel 2.6.18-5-amd64, samba 3.0.26a, XFS 
file system with acl support and quotas and LDAP for user authentication.
 
This is my smb.conf:
 [global]
workgroup = NT-DEQ
server string = %h server
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://127.0.0.1
passwd program = /usr/sbin/smbldap-passwd '%u'
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -a -m -k '%u'
delete user script = /usr/sbin/smbldap-userdel -r '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m -k '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
dns proxy = No
ldap admin dn = cn=admin,dc=upc,dc=es
ldap group suffix = ou=groups
ldap suffix = dc=upc,dc=es
ldap ssl = no
ldap user suffix = ou=users
panic action = /usr/share/samba/panic-action %d
invalid users = root
profile acls = Yes
map acl inherit = Yes
hide unreadable = Yes
map hidden = Yes

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0700
directory mask = 0700
browseable = No
[groups]
comment = Grups Files
path = /home/groups
read only = No Thank you very much!!!Diego 
_
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: tdb search optimization

[Volker Lendecke]

On Fri, Nov 09, 2007 at 03:56:48PM +, Bruno Gomes Pessanha wrote:
> Is it possible to split the ntprinters.tdb in many 
> parts as print queues quantity?
> 
> Sorry if I asked something too far from reality
>  but I was wondering if could make things work faster.

You might try to do a "tdbbackup -n 1 ntprinters.tdb"
and replace the ntprinters.tdb by its backup file. The -n
1 sets the new hash table size to 1, much more than
the default 131.

Volker


pgp6fecSit1SH.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: tdb search optimization

[Bruno Gomes Pessanha]

Is it possible to split the ntprinters.tdb in many 
parts as print queues quantity?

Sorry if I asked something too far from reality
 but I was wondering if could make things work faster.

Bruno Gomes Pessanha

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] De-duplication vfs plug-in?

[Charles Marcus]

Hi,

I've been looking at differnet options for implementing this, and was 
wondering...


How hard would this be to do as a vfs plug-in in Samba?

Or, is anyone aware of any stable FLOSS options on a Linux platform?

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] SMB Shares with subversion backing store

[Ross S. W. Walker]

John Drescher wrote:
> 
> On Nov 9, 2007 10:05 AM, Ross S. W. Walker 
> <[EMAIL PROTECTED]> wrote:
> > To all,
> >
> > I was wondering if it was possible to setup samba shares 
> that use subversion as a backing store for the files.
> >
> > Whenever a new file is created it is added to the 
> subversion tree, whenever a file is opened it is checked out 
> of the subversion tree, and whenever it is deleted it is 
> removed from the subversion tree.
> >
> > The idea is that one could use subversion to retain 
> previous versions of files and the subversion tree can be 
> replicated using subversion replication tools.
> 
> Have you looked at svnfs? A fuse module that makes a filesystem for
> accessing subversion repositories.
> 
> http://www.jmadden.eu/index.php/svnfs/

I just looked at it now.

I am not really looking to use it outside of samba, so a linux
pseudo-filesystem is more overkill for me. It may turn out helpful
later though for providing a "point in time" snapshot of the svn
tree, that could be used via the existing "Previous Versions"
feature, or for backup/restore purposes.

I was wondering if there was a samba plug-in module for this already,
it would be a big boon for compliance over here because it would
provide a track-changes log of activity that couldn't be modified by
the user.


Thanks,

Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Fwd: [Samba] SMB Shares with subversion backing store

[John Drescher]

On Nov 9, 2007 10:05 AM, Ross S. W. Walker <[EMAIL PROTECTED]> wrote:
> To all,
>
> I was wondering if it was possible to setup samba shares that use subversion 
> as a backing store for the files.
>
> Whenever a new file is created it is added to the subversion tree, whenever a 
> file is opened it is checked out of the subversion tree, and whenever it is 
> deleted it is removed from the subversion tree.
>
> The idea is that one could use subversion to retain previous versions of 
> files and the subversion tree can be replicated using subversion replication 
> tools.

Have you looked at svnfs? A fuse module that makes a filesystem for
accessing subversion repositories.

http://www.jmadden.eu/index.php/svnfs/

John



-- 
John M. Drescher
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] User connexions stats

[Francis Galiegue]

Le vendredi 09 novembre 2007, Emmanuel Lacour a écrit :
> Dear samba users/developpers,
> 
> I would like to make stats on user desktop login/logout and I ask myself
> if it's possible to do this on the samba PDC. But it doesn't seems to be
> so easy.
> Maybe parsing logs or using smbstatus?
> 
> Is there anyone who did something like this and who can share he's
> knowledge ;)
> 
> Or maybe it's ... impossible to get accurate datas about this, I don't
> know exactly the smb protocol so I'm not sure that the connexion between
> client and server is maintained during the whole user session.
> 
> Well, many doubts and not a lot of idea ... any hint would be welcome ;)
> 

(c'est "connection" en anglais ;))

Unfortunately, no, there's no such thing as a logon/logoff sequence. You can 
scan for entries telling that someone has initiated a connection to the 
[profiles] as user , that would be the most accurate you can 
guess. But you cannot tell when the person logs off AFAIK.


-- 
Francis Galiegue, One2team - [EMAIL PROTECTED]
[ATTENTION : CHANGEMENT DE COORDONNÉES !]
+33178945552, +33683877875, http://www.one2team.com
40 avenue Raymond Poincaré - 75116 PARIS
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SMB Shares with subversion backing store

[Ross S. W. Walker]

To all,
 
I was wondering if it was possible to setup samba shares that use subversion as 
a backing store for the files.
 
Whenever a new file is created it is added to the subversion tree, whenever a 
file is opened it is checked out of the subversion tree, and whenever it is 
deleted it is removed from the subversion tree.
 
The idea is that one could use subversion to retain previous versions of files 
and the subversion tree can be replicated using subversion replication tools.
 
This would avoid costly COW operations for volume snapshots, provide better 
file control and auditing and allow files to be replicated in a consistent 
fashion.
 
A bonus would be allowing access to previous subversion versions using the 
"Previous Versions" feature.
 

Ross S. W. Walker
Information Systems Manager
Medallion Financial, Corp.
437 Madison Avenue
38th Floor
New York, NY 10022
Tel: (212) 328-2165
Fax: (212) 328-2125
WWW: http://www.medallion.com   

 

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] User connexions stats

[Emmanuel Lacour]

Dear samba users/developpers,

I would like to make stats on user desktop login/logout and I ask myself
if it's possible to do this on the samba PDC. But it doesn't seems to be
so easy.
Maybe parsing logs or using smbstatus?

Is there anyone who did something like this and who can share he's
knowledge ;)

Or maybe it's ... impossible to get accurate datas about this, I don't
know exactly the smb protocol so I'm not sure that the connexion between
client and server is maintained during the whole user session.

Well, many doubts and not a lot of idea ... any hint would be welcome ;)

-- 
Emmanuel Lacour
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: XFS and inherit permissions bug?

[[EMAIL PROTECTED]]

Hello

Here are some more informations.

General infos on my Samba configuration
###

The server is a Debian Etch with distro kernel & Samba package
(2.6.18-5-686 & 3.0.24-6etch4).
Users shell is set to /bin/false, they are only accessing this server
through Samba.

All files are owned by user root (Administrator) and group
smb-Administrators (Domain Admins). The basic rights are rwx for root
and smb-Administrators and nothing for other.
The inherit permissions parameter is set in smb.conf for Administrator
user and Domain Admins group to have access to all the files, the
inherit owner is set to have all files owned by user root, and all
folders are setgid to have all files owned by group smb-Administrators.

The users get their access rights using acls and the inherit acls
parameter is set in smb.conf.

The windows attributes (archive, hidden and system) are stored in
extended attributes.


Reproducing the problem
###

In the base dir of one of my shares I have:

[EMAIL PROTECTED]:~ # ll /srv/samba/data_inf/
total 436
drwxrws---+  7 root smb-Administrators .
drwxr-xr-x  16 root root   ..
drwxrws---+ 11 root smb-Administrators ARCHIVES_INF
drwxrws---+  5 root smb-Administrators BROUILLON_INF
-rw-rwx---+  1 root smb-Administrators DCI-INF-L-001-F.xls
drwxrws---+ 10 root smb-Administrators ESPACE_INF
drwxrws---+  6 root smb-Administrators ESPACE_INF_PUBLIC
drwxrws---+  2 root smb-Administrators MODELES_INF
[EMAIL PROTECTED]:~ # getfacl /srv/samba/data_inf/
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/data_inf
# owner: root
# group: smb-Administrators
user::rwx
group::rwx
group:smb-Inf:rwx
group:smb-Bme-Fr:r-x
mask::rwx
other::---

>From a Windows client I create a new dir test1:

[EMAIL PROTECTED]:~ # ll /srv/samba/data_inf/
total 440
drwxrws---+  8 root smb-Administrators .
drwxr-xr-x  16 root root   ..
drwxrws---+ 11 root smb-Administrators ARCHIVES_INF
drwxrws---+  5 root smb-Administrators BROUILLON_INF
-rw-rwx---+  1 root smb-Administrators DCI-INF-L-001-F.xls
drwxrws---+ 10 root smb-Administrators ESPACE_INF
drwxrws---+  6 root smb-Administrators ESPACE_INF_PUBLIC
drwxrws---+  2 root smb-Administrators MODELES_INF
drwxrwx---+  2 root smb-Administrators test1
[EMAIL PROTECTED]:~ # getfacl /srv/samba/data_inf/test1/
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/data_inf/test1
# owner: root
# group: smb-Administrators
user::rwx
group::rwx
group:smb-Inf:rwx
group:smb-Bme-Fr:r-x
mask::rwx
other::---

The test1 dir is owned by the group smb-Administrators because the . dir
is setgid, but it is not setgid.
>From a Windows client I create a new dir test2 in dir test1:

[EMAIL PROTECTED]:~ # ll /srv/samba/data_inf/test1/
total 16
drwxrwx---+ 3 root smb-Administrators   18 2007-11-09 14:37 .
drwxrws---+ 8 root smb-Administrators 4096 2007-11-09 14:33 ..
drwxrwx---+ 2 root smb-DomainUsers   6 2007-11-09 14:37 test2
[EMAIL PROTECTED]:~ # getfacl /srv/samba/data_inf/test1/test2/
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/data_inf/test1/test2
# owner: root
# group: smb-DomainUsers
user::rwx
group::rwx
group:smb-Inf:rwx
group:smb-Bme-Fr:r-x
mask::rwx
other::---

The test2 dir is owned by group smb-DomainUsers (Domain Users) that is
the primary group of all users.


my smb.conf
###

#=== Global Settings ===

[global]

   netbios name = data
   workgroup = bme-fr
   server string = Samba %v

   smb ports = 139 445

   domain master = yes
   preferred master = yes

   wins support = yes
   name resolve order = wins bcast hosts

   time server = yes

   interfaces = eth1, lo
   bind interfaces only = yes


 Debugging/Accounting 

# One logfile per client
   log file = /var/log/samba/log.%m

# Minimum logs in syslog, logs go to /var/log/samba/log.{smbd,nmbd}
   syslog = 0

   log level = 1
   max log size = 1000

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d


### Authentication ###

   security = user
   encrypt passwords = true
   domain logons = yes
   passdb backend = tdbsam
   username map = /etc/samba/smbusers

   guest account = nobody
   map to guest = bad password


## Printing ##

   disable spoolss = yes


### File sharing 

   browseable = no
   read only = yes
   guest ok = no

   inherit owner = yes
   inherit permissions = yes
   inherit acls = yes

   map archive = no
   map hidden = no
   map system = no
   store dos attributes = yes

   unix charset = utf8
   dos charset = 850


 Misc 

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
;   socket options = TCP_

[Samba] Joining a win2k3 ads fails

[Lex Brugman]

Hello,

I'm trying to join a win2k3 ADS domain using a working config on a debian 
'Lenny' (arm processor)
from another machine running gentoo (x86 processor) (only changed the netbios 
name).

Samba versions are 3.0.26a on both the machines.
I'm pretty sure this is not a kerberos or ldap problem, anyone has a clue what 
else it could be?


# net -d 3 ads join -U administrator
[2007/11/07 23:31:00, 3] param/loadparm.c:lp_load(5039)
  lp_load: refreshing parameters
[2007/11/07 23:31:00, 3] param/loadparm.c:init_globals(1438)
  Initialising global parameters
[2007/11/07 23:31:00, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2007/11/07 23:31:00, 3] param/loadparm.c:do_section(3778)
  Processing section "[global]"
[2007/11/07 23:31:01, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file "/etc/samba/dhcp.conf"
[2007/11/07 23:31:01, 2] lib/interface.c:add_interface(81)
  added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2007/11/07 23:31:01, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.22 bcast=10.0.0.255 nmask=255.255.255.0
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:02, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
administrator's password:
[2007/11/07 23:31:05, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:05, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Thu, 
08 Nov 2007 09:31:23 CET
[2007/11/07 23:31:05, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:05, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Thu, 
08 Nov 2007 09:31:23 CET
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_start_connection(1509)
  Connecting to host=server2.thuis.local
[2007/11/07 23:31:05, 3] lib/util_sock.c:open_socket_out(874)
  Connecting to 10.0.0.2 at port 445
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(793)
  Doing spnego session setup (blob length=108)
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(826)
  got [EMAIL PROTECTED]
[2007/11/07 23:31:06, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613)
  Doing kerberos session setup
[2007/11/07 23:31:06, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration 
Thu, 08 Nov 2007
09:31:23 CET
[2007/11/07 23:31:06, 3] rpc_client/