[Samba] Call timed out: server did not respond...

2007-12-19 Thread JWA 
Hello All,

I don't know how, but I managed to get my no logon server found error
to go away, but now I am experiencing another problem.  When I run
"net join ads -d 3" I get the following error message.  I know it's
authenticating, because if I enter an incorrect password it says "The
username or password was not correct." So it's accessing the correct
server, but then timing out for some reason.

[2007/12/19 21:21:26, 3] param/loadparm.c:lp_load(5031)
  lp_load: refreshing parameters
[2007/12/19 21:21:26, 3] param/loadparm.c:init_globals(1430)
  Initialising global parameters
[2007/12/19 21:21:26, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2007/12/19 21:21:26, 3] param/loadparm.c:do_section(3770)
  Processing section "[global]"
[2007/12/19 21:21:26, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0
[2007/12/19 21:21:26, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: ", 10.0.0.10"
[2007/12/19 21:21:26, 1] libads/cldap.c:recv_cldap_netlogon(219)
  no reply received to cldap netlogon
[2007/12/19 21:21:26, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 10.0.0.10 failed.
[2007/12/19 21:21:26, 3] libsmb/namequery.c:resolve_lmhosts(966)
  resolve_lmhosts: Attempting lmhosts lookup for name S2<0x1b>
[2007/12/19 21:21:26, 3] libsmb/namequery.c:resolve_wins(863)
  resolve_wins: Attempting wins lookup for name S2<0x1b>
[2007/12/19 21:21:26, 3] libsmb/namequery.c:resolve_wins(902)
  resolve_wins: using WINS server 10.0.0.10 and tag '*'
[2007/12/19 21:21:26, 2] libsmb/namequery.c:name_query(604)
  Got a positive name query response from 10.0.0.10 ( 10.0.0.10 )
[2007/12/19 21:21:26, 3] libsmb/cliconnect.c:cli_start_connection(1509)
  Connecting to host=LEOPARD
[2007/12/19 21:21:26, 3] lib/util_sock.c:open_socket_out(874)
  Connecting to 10.0.0.10 at port 445
[2007/12/19 21:21:26, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine LEOPARD pipe \lsarpc fnum 0x73f7 bind
request returned ok.
[2007/12/19 21:21:26, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine LEOPARD pipe \NETLOGON fnum 0x73f8
bind request returned ok.
[2007/12/19 21:21:36, 0] libsmb/clientgen.c:cli_receive_smb(112)
  Receiving SMB: Server stopped responding
[2007/12/19 21:21:36, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine LEOPARD pipe \NETLOGON fnum
0x73f8returned critical error. Error was Call timed out: server did
not respond after 1 milliseconds
[2007/12/19 21:21:36, 3] libsmb/trusts_util.c:just_change_the_password(57)
  just_change_the_password: unable to setup creds (NT_STATUS_IO_TIMEOUT)!
[2007/12/19 21:21:36, 1] utils/net_rpc.c:run_rpc_command(170)
  rpc command function failed! (NT_STATUS_IO_TIMEOUT)
[2007/12/19 21:21:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(387)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x73f8
to machine LEOPARD.  Error was Call timed out: server did not respond
after 1 milliseconds
Password:
[2007/12/19 21:21:41, 3] libsmb/cliconnect.c:cli_start_connection(1509)
  Connecting to host=LEOPARD
[2007/12/19 21:21:41, 3] lib/util_sock.c:open_socket_out(874)
  Connecting to 10.0.0.10 at port 445
[2007/12/19 21:21:41, 3] libsmb/cliconnect.c:cli_session_setup_spnego(793)
  Doing spnego session setup (blob length=58)
[2007/12/19 21:21:41, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 3 6 1 4 1 311 2 2 10
[2007/12/19 21:21:41, 3] libsmb/cliconnect.c:cli_session_setup_spnego(826)
  got principal=NONE
[2007/12/19 21:21:41, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1018)
  Got challenge flags:
[2007/12/19 21:21:41, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60898215
[2007/12/19 21:21:41, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1040)
  NTLMSSP: Set final flags:
[2007/12/19 21:21:41, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60088215
[2007/12/19 21:21:41, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2007/12/19 21:21:41, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60088215
[2007/12/19 21:21:42, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine LEOPARD pipe \lsarpc fnum 0x73df bind
request returned ok.
[2007/12/19 21:21:42, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
  lsa_io_sec_qos: length c does not match size 8
[2007/12/19 21:21:42, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine LEOPARD pipe \samr fnum 0x73e0 bind
request returned ok.
[2007/12/19 21:21:52, 0] libsmb/clientgen.c:cli_receive_smb(112)
  Receiving SMB: Server stopped responding
[2007/12/19 21:21:52, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine LEOPARD pipe \samr fnum 0x73e0returned
critical error. Error was Call timed out: server did not respond

Re: [Samba] Unanswered question

2007-12-19 Thread simo 

On Wed, 2007-12-19 at 20:20 -0800, Michael Dykstra wrote:
> How long does one have to typically wait for an answer to a post?
>   Tomorrow my message will have been up a week, and I've gotten no
> replies.
>   It was about whether a file, while it was being written to, could
> subsequently be opened by another client for reading.  I used a DVR
> with chasing play as an example.  Didn't seem like that difficult of a
> question, but maybe it isn't geeky enough for some.  (Or perhaps the
> answer is "No" and people are too embarrassed to admit Samba can't do
> it.)

Or perhaps the question is naive and the answer is: "it depends".

Samba supports locking, so if the application that is writing to a file
locks it then you may be out of luck.

>From a protocol and server point of view, however, there is absolutely
no limitation on concurrent file reading/writing.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <[EMAIL PROTECTED]>
Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unanswered question

2007-12-19 Thread Michael Dykstra 
How long does one have to typically wait for an answer to a post?
  Tomorrow my message will have been up a week, and I've gotten no replies.
  It was about whether a file, while it was being written to, could 
subsequently be opened by another client for reading.  I used a DVR with 
chasing play as an example.  Didn't seem like that difficult of a question, but 
maybe it isn't geeky enough for some.  (Or perhaps the answer is "No" and 
people are too embarrassed to admit Samba can't do it.)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA under window?

2007-12-19 Thread Yan Seiner 

hce wrote:

On Dec 20, 2007 9:14 AM, Hugo Monteiro <[EMAIL PROTECTED]> wrote:
  

I happen to know there was a port of an early version of samba (version
2.0.10 stripped down) to a system that operates on embedded devices,
such as a large set of wireless access points/routers using a certain
broadcom board. Google for samba + openwrt. I'm not sure your "small"
linux systems use the same architecture, but it's at least a good
starting point IMHO.



Thanks Hugo, it is good to know and I'll try this. Also thanks for all
other responses, your professional comments are greate approciated.
  


I have a port of samba 3.0.25b for embedded devices running openwrt.  It 
takes anywhere from 500K to about 4 MB depending on what you need and 
the architecture you built it for.


I'll be out of touch for about a week; if you still need it let me know 
around New Years.


--Yan

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA under window?

2007-12-19 Thread hce 
On Dec 20, 2007 9:14 AM, Hugo Monteiro <[EMAIL PROTECTED]> wrote:
>
> hce wrote:
> > On Dec 19, 2007 12:27 PM, Curtis Maloney <[EMAIL PROTECTED]> wrote:
> >
> >> hce wrote:
> >>
> >>> It is actually to mount a dumb linux device to a window file system,
> >>> just like to mount an usb stick to the window file system. Yes, if the
> >>> linux device (without samba on it) can be mounted by a window file
> >>> syste, then the window can config the linux device, modify data and
> >>> transfer data to it.
> >>>
> >> So, your actual goal is to allow remote configuration of these Linux 
> >> devices?
> >>
> >> Why must it be done via mounting them like a disk?  There are many simpler
> >> options that would require less code.
> >>
> >>
> >>> Please let me know if above explanation is still insufficient.
> >>>
> >> You keep talking about mounting these devices... I don't see why you're so 
> >> hung
> >> up on this approach.  Why must they be treated like a disk?  Why can't 
> >> you, for
> >> instance, have them accept config updates via a simple web interface?  Or 
> >> use
> >> dropbear and scp the files into place?  Or put a FTP server on them?
> >>
> >> Why take the very complex route of mounting a remote filesystem?
> >>
> >
> > Yes, you are right, there are many solutions if you are a computer
> > skilled people or at least can play anothing on the computers. I am a
> > linux user myself, I can do whatever you want to play from my linux
> > box, I don't even need windows. But what about those who can only run
> > window file system, and only simply copy or delete files from the
> > window file systm, who has no idea to intall and run window ssh, scp
> > or ftp? (please don't ask me again why I should support them.)
> >
> > My questions were:
> > (a) if we have some solution to install Samba to a window system or not;
> >
>
>
> You don't need to install samba on a windows system to access a remote
> samba share. You just use your regular windows explorer to do that.
>
> > (b) if there is small size of mini samba I can use to port it to a
> > small linux device?
> >
>
>
> I happen to know there was a port of an early version of samba (version
> 2.0.10 stripped down) to a system that operates on embedded devices,
> such as a large set of wireless access points/routers using a certain
> broadcom board. Google for samba + openwrt. I'm not sure your "small"
> linux systems use the same architecture, but it's at least a good
> starting point IMHO.

Thanks Hugo, it is good to know and I'll try this. Also thanks for all
other responses, your professional comments are greate approciated.

Thank you.

Kind Regards,

Jim
> > Clearly (a) has been answed, (b) is still not sure.
> >
> > Thank you.
> >
> > Kind Regards,
> >
> > Jim
> >
>
> Hopefully i was able to help.
>
> Regards,
>
>
> Hugo Monteiro.
>
> --
> ci.fct.unl.pt:~# cat .signature
>
> Hugo Monteiro
> Email: [EMAIL PROTECTED]
> Telefone : +351 212948300 Ext.15307
>
> Centro de Informática
> Faculdade de Ciências e Tecnologia da
>Universidade Nova de Lisboa
> Quinta da Torre   2829-516 Caparica   Portugal
> Telefone: +351 212948596   Fax: +351 212948548
> www.ci.fct.unl.pt [EMAIL PROTECTED]
>
> ci.fct.unl.pt:~# _
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with ACL and Samba

2007-12-19 Thread Cybionet 

Greeting Felipe,

Here a solution for your problem (I hope so). It works for me with 
MSOffice 2000/2003.


First you need to set the POSIX rights before ACL(EA). These rights will 
be the base for your "real" permissions.


- Create your folder, and set 2775 or 2770 permissions.
- The assign the owner and group to root:root (you will understand 
shortly why).

- Now you are ready to set the ACL(EA) permissions.

The use of the 2775 permissions will gave access to the folder and his 
subdirectory for the share of the files. Or use directly the 2770 
permissions to limit access and share immediately your files in the folder.


The SGID define in this permission allow the group to never be change, 
whatever the group of the owner who create a new file ou change a 
existing file. The owner has no importance, because it will be change at 
the creation ou modification of the file (it is the goal to know who 
have made the change).


The share configuration, I suggest you something like this. The only 
parameters very important is "force create mode = 660" and "directory 
mode = 770".


[workspace]

comment = Whatever
path = /pat/to/my/folder

browseable = yes
read only = no

force create mode = 660
directory mode = 770

csc policy = disable


Best Regards

Robert

--
Cybionet - Solution reseautique
http://www.cybionet.com


Dear All

I am facing a strange problem that I could not solve, so, maybe you 
can help

me.

Look at this situation:

I created a new directory with those ACLs (through Samba using Windows 
XP)


[EMAIL PROTECTED] /home/smb/adm]# getfacl teste
#file:teste
#owner:1002
#group:1006
user::rwx
group::rwx
group:suporte:rwx
group:administ:rwx
mask::rwx
other::---

[EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste
#file:teste
#owner:1002
#group:1006
user::rwx
group::rwx
group:suporte:rwx
group:administ:rwx
mask::rwx
other::---

My ACLs are right, ok, now I will copy a XLS file to that folder:

[EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
#file:teste/excel-test.xls
#owner:1002
#group:1006
user::rwx
group::rw-
group:suporte:rwx
group:administ:rwx
mask::rwx
other::---

OK, the samba server inhert the permissions and the ACLs, everything 
is fine

until now.

But when I edit this file with MS Excel, and save it, look what happen to
the ACLs:

[EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
#file:teste/excel-test.xls
#owner:1002
#group:1006
user::rwx
group::---
group:suporte:rwx
mask::rwx
other::---

The ACL entry "group:administ:rwx" just have gone after I save the file.

It happens with Windows XP, Vista, Office 2003 and 2007. My samba 
version is

Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through
Ports.

Anybody knows what is wrong?

Thanks a lot!
  



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] performance problem with windows 2003 client

2007-12-19 Thread Stephen Roylance 

I've run into an odd (at least to me) performance issue between a samba
server and windows 2003.  The windows side is w2k3 w/ SP2 on an HP DL585
with HP EVA SAN storage.  Linux is CentOS 5 on a Sun X4200 with samba
package samba-3.0.25b-1.el5_1.4and a FUSE mounted filesystem
(glusterFS).  Watching the network tab of task manager while pulling a
few large files from the samba server to the fast drive on the windows
end I see an oscillation between 50% (of gigabit) and 0%.  A trace
captured on the linux side and analyzed in wireshark corroborates,
periods of high throughput alternating with periods of near-inactivity.
The periods are roughly of equal length, usually between 4 and 8
seconds.  As far as I can tell during the slow periods windows slows
down on sending ACKs and issuing andx requests, it looks like samba
continues to answer requests quickly, but windows doesn't send them at
the same rate.  I don't see the TCP window dropping to less than the
size of a frame at any time.

I assume this is windows client-side behavior, I'm not even sure if it's
samba-specific at all, but I don't have any windows file server that I
expect would be able to push 50MB/s consistently to test against.  I get
close to 60MB/s using a CIFS mount locally on the samba server.

Any suggestions or recommendations would be appreciated.
-Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] write list and valid users

2007-12-19 Thread John Drescher 
On Dec 19, 2007 6:26 PM, Sam Bayne <[EMAIL PROTECTED]> wrote:
> The way we handle this is to ignore he valid user and write list settings.
>
> Our shares look like this:
> [Shares]
> path=/home/shares
> browseable = yes
> writable = yes
> force create mode = 0770
> force directory mode = 2770
>
> Then we chown and set unix permissions on subdirectories of /home/shares
> that restrict the folder access to groups.
>
I do that as well because I all my users have windows and linux
accounts and if the unix permissions are not correct then they will be
able to see the files on the linux side anyways...
>
> The minor drawback is that users can see that other departments exist,
> but they can only enter their own folders.
>
I think you can hide these with the hide unreadable option of smb.conf

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] pdb_multi - any docs?

2007-12-19 Thread Tim Bates 
I've just been looking at pdb_multi to use as a method of transitioning 
a client's samba server to LDAP. Unfortunately it appears to be rather 
undocumented...


Is there any info out there on using it?
Does the 0.2 release work on Samba 3.0.24? It says it's for 3.0.23
Does it work reliably enough that I can just slip it in there overnight 
and not have to worry about the client's PCs not letting them on the 
next day?

Is anyone even using it?


TB

**
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with date created attribute

2007-12-19 Thread Jeremy Allison 
On Wed, Dec 19, 2007 at 03:48:24PM -0800, David Lee wrote:
> Thanks for the reply. After a bit of digging I found that FreeBSD does 
> support a 'created' timestamp field for a file, but it seems (and I could be 
> mistaken) that Samba doesn't take advantage of it. 

We've got the internal infrastructure to use this, but the
code isn't filled in yet. If you can point me at the
relevent man pages I'll try and get this done for 3.2
official.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with date created attribute

2007-12-19 Thread David Lee 
Thanks for the reply. After a bit of digging I found that FreeBSD does support 
a 'created' timestamp field for a file, but it seems (and I could be mistaken) 
that Samba doesn't take advantage of it. 

An example: When I copy over a file it will not copy the 'created' timestamp 
from the original, but Samba will copy the 'modified' timestamp. Once the file 
is on the FreeBSD server Samba clones the last 'modified' timestamp into the 
'created' timestamp field. So there are two field's with the same values.

When you view the file attributes on Samba from a windows or mac machine the 
'created' timestamp and the 'modified' timestamp are always the same. Luckily, 
I when you view the fields in FreeBSD itself, the new 'created' timestamp 
doesn't change even if you modify/view/access the file. (Just as it should). 
But the date created is now set to the original (precopy) 'modified' timestamp, 
instead of the 'created' timestamp.

So if we look at the file attributes on Samba from a windows or mac machine, I 
noticed that both 'created' and 'modified' fields are always the same, even if 
from FreeBSD's point of view it's not. 

It seems that Samba doesn't take advantage of this attribute in FreeBSD. Am I 
mistaken?

Any suggestions?
Oh btw I've tried this on two different Samba servers. Same result.

Mark Adams <[EMAIL PROTECTED]> wrote: How did you copy the files? If you stat 
them in bsd are the date  
attribs right?

Mark.


On 18 Dec 2007, at 00:51, David Lee  wrote:

> I'm having trouble with files moved to my FreeBSD Samba server from  
> either Mac OS X or Windows. When I move the files the date the files  
> were originally created do not get copied. I looked into FreeBSD to  
> see if a date created attribute was supported; from the stat man  
> pages and the field specifier 'B' it seems so, but I can't confirm  
> for sure.
>
> Is there a solution for this or is it not possible?
> Thanks
>
>
> -
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile.   
> Try it now.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba


   
-
Looking for last minute shopping deals?  Find them fast with Yahoo! Search.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] write list and valid users

2007-12-19 Thread Sam Bayne 

The way we handle this is to ignore he valid user and write list settings.

Our shares look like this:
[Shares]
   path=/home/shares
   browseable = yes
   writable = yes
   force create mode = 0770
   force directory mode = 2770

Then we chown and set unix permissions on subdirectories of /home/shares 
that restrict the folder access to groups.


The minor drawback is that users can see that other departments exist, 
but they can only enter their own folders.


But we allow remote sftp access, so we need to use the Unix permissions 
anyway.



Michael Heydon wrote:

Jason Greene wrote:

We finally got our server to migrate to the new domain.

Now when we access a share anyone can write to it.

I removed the write list and valid users list and restarted samba... 
anyone

can still access and write to it.

Can some one school me on samba permissions?
  
I don't want to sound like a jerk, but this is fairly clearly explained 
in the man page.

here is the share info

drwxrwsrwx  10 user group4096 Dec 19 08:16 dev

[dev]
path = /apps/dev
create mask = 666
directory mask = 2777
valid user =  removed for security (a bunch of domain groups)
write list = removed for security  (a bunch of domain groups)
  
write list: This is a list of users that are given  read-write  access  
to  a

service. If the connecting user is in this list then they will be
given write access, no matter what the read only  option  is  set to.

writeable = yes
  

writeable: Inverted synonym for read only.

read only: If  this parameter is yes, then users of a service may not 
create

or modify files in the service's directory.

As you can see, setting "writeable = yes" allows anyone who connects to 
write to the share (depending on unix permissions). "write list" will 
overrule the "read only" ("writeable") setting on a share for certain 
users. If you remove the "writeable = yes" line it will default to read 
only and only users in the write list will be able to make changes.


*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] write list and valid users

2007-12-19 Thread Jason Greene 
We found the problem...

It was the fact that we had
valid user =

and it needs to be
valid users =


then we needed to remove  writeable = yes and change it to browseable = yes

Thanks for the responses

Jason


On 12/19/07, Michael Heydon <[EMAIL PROTECTED]> wrote:
>
> Jason Greene wrote:
> > We finally got our server to migrate to the new domain.
> >
> > Now when we access a share anyone can write to it.
> >
> > I removed the write list and valid users list and restarted samba...
> anyone
> > can still access and write to it.
> >
> > Can some one school me on samba permissions?
> >
> I don't want to sound like a jerk, but this is fairly clearly explained
> in the man page.
> > here is the share info
> >
> > drwxrwsrwx  10 user group4096 Dec 19 08:16 dev
> >
> > [dev]
> > path = /apps/dev
> > create mask = 666
> > directory mask = 2777
> > valid user =  removed for security (a bunch of domain groups)
> > write list = removed for security  (a bunch of domain groups)
> >
> write list: This is a list of users that are given  read-write  access
> to  a
> service. If the connecting user is in this list then they will be
> given write access, no matter what the read only  option  is  set to.
> > writeable = yes
> >
> writeable: Inverted synonym for read only.
>
> read only: If  this parameter is yes, then users of a service may not
> create
> or modify files in the service's directory.
>
> As you can see, setting "writeable = yes" allows anyone who connects to
> write to the share (depending on unix permissions). "write list" will
> overrule the "read only" ("writeable") setting on a share for certain
> users. If you remove the "writeable = yes" line it will default to read
> only and only users in the write list will be able to make changes.
>
> *Michael Heydon - IT Administrator *
> [EMAIL PROTECTED] 
>



-- 
Jason Greene
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Big problems with 3.0.24-6etch6 Debian packages

2007-12-19 Thread Marcus Sobchak <[EMAIL PROTECTED]> 
Hi,

Am Dienstag, den 27.11.2007, 09:58 +0100 schrieb Marco De Vitis:
> Hi,
> I'm using Samba as a PDC with roaming profiles on a Debian Etch machine, 
> the clients are Windows XP/2000 machines.
> 
> I just installed security upgrades with aptitude, and this upgraded all 
> samba 3.0.24-6etch4 packages to 3.0.24-6etch6 (except for samba-doc 
> which was upgraded to 3.0.24-6etch7).
> Immediately after the upgrade, my users could not load their profiles at 
> login anymore. Errors popped out regarding problems loading 
> insignificant files from their profiles, such as cookies, links to 
> recently opened files, Java cache files, etc.
> This caused Windows to open up a new temporary profile, making everyone 
> lose their settings. PANIC!!
> 
> I now downgraded back to all 3.0.24-6etch4 packages, and things seem to 
> be working fine again.
> 
> What's happening with Samba packages for Debian Etch?
> I saw a security announce yesterday by Steve Kemp, but it's a bit 
> confusing, for Etch it lists some 6etch6 packages and some 6etch7 others.
> Are the current packages broken?
> 
> And... is there anyone officially working on more up-to-date Samba 
> packages for Debian Etch? Or will we have to live with 3.0.24 until the 
> next Debian stable upgrade?


>From time to time we still have broken profiles although I've downgraded
our machine back to a working debian package on 27th Nov. to avoid more
damage. At the moment a samba 3.0.24-6etch9 is installed. But it seems
that the broken samba package has crashed the profiles of those users,
which were logged in when the broken package was installed. Those users
have problems to load their profiles. At the first login the default
profile is loaded, because the client has problems to sync files from
the server. The user has to log out and start a second login, which
works fine then. In some hard cases we have to remove the local and the
server profile to get it working again. Any idea how to fix this? It's a
kind of horror the get up to ten calls a day to fix roaming profiles.

Ciao!
Marcus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] write list and valid users

2007-12-19 Thread Michael Heydon 

Jason Greene wrote:

We finally got our server to migrate to the new domain.

Now when we access a share anyone can write to it.

I removed the write list and valid users list and restarted samba... anyone
can still access and write to it.

Can some one school me on samba permissions?
  
I don't want to sound like a jerk, but this is fairly clearly explained 
in the man page.

here is the share info

drwxrwsrwx  10 user group4096 Dec 19 08:16 dev

[dev]
path = /apps/dev
create mask = 666
directory mask = 2777
valid user =  removed for security (a bunch of domain groups)
write list = removed for security  (a bunch of domain groups)
  
write list: This is a list of users that are given  read-write  access  
to  a

service. If the connecting user is in this list then they will be
given write access, no matter what the read only  option  is  set to.

writeable = yes
  

writeable: Inverted synonym for read only.

read only: If  this parameter is yes, then users of a service may not create
or modify files in the service's directory.

As you can see, setting "writeable = yes" allows anyone who connects to 
write to the share (depending on unix permissions). "write list" will 
overrule the "read only" ("writeable") setting on a share for certain 
users. If you remove the "writeable = yes" line it will default to read 
only and only users in the write list will be able to make changes.


*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Enabling Profiles

2007-12-19 Thread Michael Heydon 

odi wrote:
use pdbedit -Lv  to determine if there is a profile path, if there ist 
no path specified, profile for this user is disabled, maybe I'm wrong, but I 
think so. It doesn't depend on the password backend, definitly.
  
Actually that sounds about right, I've never really used pdbedit as all 
of the fancy setups I have been involved with are LDAP based. I didn't 
realise you could set a profile path property with other backends.



regards

Am Dienstag, 18. Dezember 2007 16:21:40 schrieb Net Warrior:
  

HI there guys.
Sorry for disturbing you with a very basic question, log time ago,
searching in the archives I found that profiles can be enabled or disabled
for everyone, and that cannot be enabled for a gorup of users or a specific
user.

I read the how-tos, they explain very well how to manage them, but could
not find that doubt, nor even I could not find that thread
in the arvhives.

Can some tell me if that behavior still applies?

Thanks in advance



  


*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA under window?

2007-12-19 Thread Hugo Monteiro 

hce wrote:

On Dec 19, 2007 12:27 PM, Curtis Maloney <[EMAIL PROTECTED]> wrote:
  

hce wrote:


It is actually to mount a dumb linux device to a window file system,
just like to mount an usb stick to the window file system. Yes, if the
linux device (without samba on it) can be mounted by a window file
syste, then the window can config the linux device, modify data and
transfer data to it.
  

So, your actual goal is to allow remote configuration of these Linux devices?

Why must it be done via mounting them like a disk?  There are many simpler
options that would require less code.



Please let me know if above explanation is still insufficient.
  

You keep talking about mounting these devices... I don't see why you're so hung
up on this approach.  Why must they be treated like a disk?  Why can't you, for
instance, have them accept config updates via a simple web interface?  Or use
dropbear and scp the files into place?  Or put a FTP server on them?

Why take the very complex route of mounting a remote filesystem?



Yes, you are right, there are many solutions if you are a computer
skilled people or at least can play anothing on the computers. I am a
linux user myself, I can do whatever you want to play from my linux
box, I don't even need windows. But what about those who can only run
window file system, and only simply copy or delete files from the
window file systm, who has no idea to intall and run window ssh, scp
or ftp? (please don't ask me again why I should support them.)

My questions were:
(a) if we have some solution to install Samba to a window system or not;
  



You don't need to install samba on a windows system to access a remote 
samba share. You just use your regular windows explorer to do that.



(b) if there is small size of mini samba I can use to port it to a
small linux device?
  



I happen to know there was a port of an early version of samba (version 
2.0.10 stripped down) to a system that operates on embedded devices, 
such as a large set of wireless access points/routers using a certain 
broadcom board. Google for samba + openwrt. I'm not sure your "small" 
linux systems use the same architecture, but it's at least a good 
starting point IMHO.



Clearly (a) has been answed, (b) is still not sure.

Thank you.

Kind Regards,

Jim
  


Hopefully i was able to help.

Regards,


Hugo Monteiro.

--
ci.fct.unl.pt:~# cat .signature

Hugo Monteiro
Email: [EMAIL PROTECTED]
Telefone : +351 212948300 Ext.15307

Centro de Informática
Faculdade de Ciências e Tecnologia da
   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.ci.fct.unl.pt [EMAIL PROTECTED]

ci.fct.unl.pt:~# _

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Tearing my hair out:

2007-12-19 Thread Sherwood Botsford 

Sherwood Botsford wrote:

I have a samba 2.2.8a PDC, no windows servers at all.
The local network works.  Conan, the PDC also acts as a WINS server.  
Postie, the DHCP server sets:

option netbios-name-servers 192.168.1.241 ;
option netbios-node-type 2 ;

All clients have lmhosts file with:
192.168.1.241   conan   #pre #dom:sjsa
192.168.1.242   postie  #pre


Last week I needed to reinstall a computer, named pixel
On server I ran
smbpasswd -a -m pixel
to reset the machine account password.


Pixel runs Win2k SP4

I go to Pixel and move it to the domain.
Usual signin and password of domain administrator.
Long Pause.  "Welcome to SJSA domain"

Reboot.

Now if I try to log in to a domain account, I get the message:
"The system cannot log you on to this domain because the system computer 
account in its primary domain is missing or the password on that account 
is incorrect."


Looking in pixel.log I see:

[2007/12/11 10:41:25, 0] smbd/password.c:domain_client_validate(1558)
  domain_client_validate: could not fetch trust account password for 
domain SJSA



Looking further, this is a common message in the log files, occuring 
just before shares connect normally.


Not sure what else to look for.


Problem solved.

I had two hosts with the same UID in both master.passwd and in 
smbpasswd.  So in this case both jabberwocky$ and pixel$ had 
UID's of 5100.


How did this happen?  Easy.  All machines are group 5000.  I use 
the last octet of the IP to give them a unique UID.  Jabberwocky 
was turfed.  In recycling the IP I failed to remove the old name 
from master.passwd and smbpasswd.


(So many places:
DNS
DHCP
Password
smbpasswd
hosts.yp

Sigh.  Anyway, posting this so that the Next Guy can find it 
faster.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] editpostfix setup

2007-12-19 Thread Gunnar Thielebein 
Hi,

i've setup the samba environment like described in the wiki:
http://wiki.samba.org/index.php/Ldapsam_Editposix

I can now easily add windows user / machines when using the policies for
"Administrator".

I have also setup unix account session auth via libpam_ldap, libnss_ldap
like described here:

http://www.gentoo.org/doc/en/ldap-howto.xml

Some things i dont understand:

1. How is the unix password set for the windows users?
When i su  it is not accepting the win password.
I also tried editing the unix password via ldap-account-manager but also
with no luck.

Is a unix password set in general when creating new accounts?

With my unixuseraccounts migrated to ldap via migrationsscipt (the ones
used in the gentoo article) it is possible to su .

2. How do I make a sambadomain user out of such a migrated unix user?

3. When creating accounts the user homes per default points to
/home/domainname/user. How can I change that?

Thanks for any reply/feedback for my configs

Gunnar

my smb.conf:
---
[global]
#pdc
netbios name = TIGGER
workgroup = th-domain
domain logons = yes

#path
logon home = \\%N\%U
logon path = \\%N\%U\.winprofile

#password
encrypt passwords = true
passdb backend = ldapsam

#ldap
ldap suffix = dc=th-domain,dc=lan
ldapsam:trusted = yes
ldapsam:editposix = yes
ldap admin dn = cn=admin,dc=th-domain,dc=lan
ldap delete dn = yes
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=peoples
ldap idmap suffix = ou=idmap

#idmap
idmap domains = th-domain
idmap config th-domain:backend = ldap
idmap config th-domain:readonly = no
idmap config th-domain:default = yes
idmap config th-domain:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan
idmap config th-domain:ldap_user_dn = cn=admin,dc=th-domain,dc=lan
idmap config th-domain:ldap_url = ldap://localhost
idmap config th-domain:range = 5-50
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan
idmap alloc config:ldap_user_dn = cn=admin,dc=th-domain,dc=lan
idmap alloc config:ldap_url = ldap://localhost
idmap alloc config:range = 5-50

#logging
log level = 1
---
my nsswitch/pam /etc/ldap.conf
---
ssl off
suffix "dc=th-domain,dc=lan"
uri ldap://localhost
pam_password exop

rootbinddn "cn=root,dc=th-domain,dc=lan"

ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=peoples,dc=th-domain,dc=lan
nss_base_shadow ou=peoples,dc=th-domain,dc=lan
nss_base_group  ou=groups,dc=th-domain,dc=lan
nss_base_hosts  ou=hosts,dc=th-domain,dc=lan

scope one


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Authentication issue?

2007-12-19 Thread Tom Elsesser 

I have a centos box using kernel 2.6.9-42.0.2.ELsmp that had a samba
server running very nicely until 2 days ago. Out of the blue, users 
can't access any shares. We have 5 users and 6 shares, one of which is 
an MS access database that gets the most use. I thought the smbpasswd 
database may be corrupt so I replaced it with a backup, but no go. I 
deleted the smbpasswd database, re-added users, that didn't work either.


Checking a users samba log, I found this series of errors when trying to 
get to any samba share:

[2007/12/19 13:16:15, 0] auth/pampass.c:smb_pam_error_handler(73)
  smb_pam_error_handler: PAM: session setup failed : System error
[2007/12/19 13:16:15, 1] smbd/session.c:session_claim(143)
  pam_session rejected the session for tom [smb/32352/109]
[2007/12/19 13:16:15, 1] smbd/password.c:register_vuid(310)
  Failed to claim session for vuid=109
[2007/12/19 13:16:31, 0] auth/pampass.c:smb_pam_error_handler(73)
  smb_pam_error_handler: PAM: session setup failed : System error
[2007/12/19 13:16:31, 1] smbd/session.c:session_claim(143)
  pam_session rejected the session for tom [smb/32359/109]
[2007/12/19 13:16:31, 1] smbd/password.c:register_vuid(310)
  Failed to claim session for vuid=109


The smbd.log shows this:
[2007/12/19 13:16:08, 0] lib/util_sock.c:get_peer_addr(1232)
  getpeername failed. Error was Transport endpoint is not connected

I can 'smbclient -L' to the workstations, and all other services (httpd,
sendmail, squid) are running as usual. I can smbmount from the linux 
machine to a workstation and use the files in the shares, but can't get 
from teh workstations to the linux box. From my limited experience, it

seems authentication is whacked, but I can't flesh it out. Any help is
appreciated.

--
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with date created attribute

2007-12-19 Thread Mark Adams 
How did you copy the files? If you stat them in bsd are the date  
attribs right?


Mark.


On 18 Dec 2007, at 00:51, David Lee <[EMAIL PROTECTED]> wrote:

I'm having trouble with files moved to my FreeBSD Samba server from  
either Mac OS X or Windows. When I move the files the date the files  
were originally created do not get copied. I looked into FreeBSD to  
see if a date created attribute was supported; from the stat man  
pages and the field specifier 'B' it seems so, but I can't confirm  
for sure.


Is there a solution for this or is it not possible?
Thanks


-
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.   
Try it now.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File name symbols

2007-12-19 Thread Jeremy Allison 
On Wed, Dec 19, 2007 at 02:32:27PM +0300, Vitaly Protsko wrote:
> Hi!
> 
> So, anybody? :(
> 
> Is it possible to make samba creating files with byte-to-byte,
> not translated, names?

>From Linux CIFS or from smbclient yes. You need UNIX extensions
turned on an they'll use POSIX pathnames.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems printing

2007-12-19 Thread Lutieri G. 
Hello!

I've a samba version 3.0.25a and cups version 1.2.7 running on a solaris box.

I'm using samba to share drivers and printrers to windows xp and 2k clients.
OK. Some days i got samba stoped and my logs has a lot of this messages:

create_policy_hnd: ERROR: too many handles (1025) on this pipe.

Last week a change log level to 10 to a specific client and I got 218
printer handles in use. But sometimes this number increase very quick
and samba stop to responde. Then after restart the service all come
back to normal.

I think 218 handles opened is a number very high. Because In other
situations i can see just 4 or 5 handles opened.

here is the log file: http://www.cgtee.gov.br/se1003.log.n10.128handles

In additional, sudenlly, others printers and clients, some times,
show same problem even using different drivers.


Here is the drivers used for the printer:
http://printer.konicaminolta.com/support/current_printers/mc2430dl_sup.htm#drivers

I'm using drivers for windows XP/2k.

I hope someone can help me.


thaks a lot!
-- 
Att.
Lutieri G. B.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] IDMAP RID problems and documentation

2007-12-19 Thread Plant, Dean 
Charles Marcus wrote:
> Plant, Dean, on 12/19/2007 8:58 AM, said the following:
>> John wrote:
>>> Hello List,
>>> 
>>> After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use
>>> of the new syntax for IDMAP. But I failed, Also there is a lack on
>>> documentation how to us it. (Yes there is a man, but it contains
>>> limited explanation and examples).
>>> 
>>> What do I want?  What (I think a lot of people wants)
>>> I have two samba domain members and a Windows 2003 DC without R2 /
>>> SFU shema extension. So I want make use of the RID facility.
>>> Same GID/ UID mappings on all samba servers in the domain, with
>>> support of BUILTIN groups, and without installing schema extensions
>>>  on the DC. I assume that RID was designed for this scenario
>>> Can anyone assist me and everyone on list struggling with the same
>>> problems, how to proper configure SAMBA for this scenario?
>>> 
>>> Old syntax works, but lack support for BUILT-IN groups, and gives
>>> following complaints in syslog
>>> Module '/usr/lib/samba/idmap/rid.so' initialization failed:
>>> NT_STATUS_OBJECT_NAME_COLLISION
>>> and:
>>> lib/util_str.c:safe_strcpy_fn(659)
>>> Dec 19 13:12:47 s-0009 winbindd[5454]:   ERROR: string overflow by 1
>>> (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255)
>>> in safe_strcpy [Added timed event "async_request_timeout": 8843878
>>> 
>> 
>> I have just fixed one of our Samba servers this morning after an the
>> upgrade from CentOS 5 -> 5.1 broke winbind resolution.
>> 
>> The below winbind config worked for me.
> 
> I'm curious - what exactly CHANGED (or, what did you have to change)?
> 
 
We had been running with these idmap settings for an AD integrated file
server.
 
 idmap uid = 16777216-33554431
 idmap gid = 16777216-33554431
 idmap backend = rid:"US=16777216-33554431"

After the upgrade to CentOS 5.1 our winbind mappings were lost and group
permissions were no longer working. Reading the Samba release notes and
trawling the net I found the below settings, although as it has been
pointed out the "idmap alloc config" is not required. With these
settings all winbind mappings were restored and everything seems to be
working as normal.

idmap domains = US
idmap config US: default = yes
idmap config US: backend = rid
idmap config US: range = 16777216-33554431
idmap alloc config: range = 16777216-33554431

Dean
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with samba 3.0.28/Solaris 8/smbclient

2007-12-19 Thread Volker Lendecke 
On Wed, Dec 19, 2007 at 09:35:15AM -0600, Kenneth Marshall wrote:
> Is there anything else I can do to help track this problem down?
> Is anyone else running Samba 3.0.28 on Solaris 8? With Heimdal Kerberos
> or with MIT Kerberos? I would appreciate any feedback.

I'd be surprised if this is kerberos specific. Can we see a
tcpdump of smbclient doing its job up to the crash?

Volker


pgpmBHEuxB9q8.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA ADS integration - windows user account rights

2007-12-19 Thread Eric Roseme 



Bert Verhaeghe wrote:

Hi all,

first of all is it possible to join a Linux machine to AD using a
windows user account that is not a member of the group Domain Admins?
Cause when I do this I get the following error while executing `net ads
join -d 3 -U syncuser`: 



#net ads join -d 3 -U  syncuser
[2007/12/11 13:47:12, 3] param/loadparm.c:lp_load(4953)  lp_load:
refreshing parameters
[2007/12/11 13:47:12, 3] param/loadparm.c:init_globals(1418)
Initialising global parameters 
[2007/12/11 13:47:12, 3] param/params.c:pm_process(572)

params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2007/12/11 13:47:12, 3] param/loadparm.c:do_section(3695) Processing
section "[global]" 
[2007/12/11 13:47:12, 2] lib/interface.c:add_interface(81) added
interface ip=10.0.0.3 bcast=10.0.0.255 nmask=255.255.255.0 
octopussync's password: 
[2007/12/11 13:47:17, 3] libsmb/namequery.c:get_dc_list(1426)

get_dc_list: preferred server list: ", DC"
[2007/12/11 13:47:17, 3] libsmb/namequery.c:resolve_lmhosts(939)
resolve_lmhosts: Attempting lmhosts lookup for name DC<0x20> 
[2007/12/11 13:47:17, 3] libsmb/namequery.c:resolve_wins(836)

resolve_wins: Attempting wins lookup for name DC<0x20>
[2007/12/11 13:47:17, 3] libsmb/namequery.c:resolve_wins(839)
resolve_wins: WINS server resolution selected and no WINS servers
listed. 
[2007/12/11 13:47:17, 3] libsmb/namequery.c:resolve_hosts(1002)

resolve_hosts: Attempting host lookup for name DC<0x20>
[2007/12/11 13:47:17, 3] libads/ldap.c:ads_connect(287) Connected to
LDAP server 10.0.0.1
[2007/12/11 13:47:17, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/12/11 13:47:17, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 
[2007/12/11 13:47:17, 3] libads/sasl.c:ads_sasl_spnego_bind(210)

ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/12/11 13:47:17, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 
[2007/12/11 13:47:17, 3] libads/sasl.c:ads_sasl_spnego_bind(219)

ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED]
[2007/12/11 13:47:17, 3] libsmb/clikrb5.c:ads_krb5_mk_req(552)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found) 
[2007/12/11 13:47:17, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488)

ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Tue, 11 Dec 2007 23:47:05 UTC
[2007/12/11 13:47:17, 3] libsmb/cliconnect.c:cli_start_connection(1426)
Connecting to host= DC.domain.local
[2007/12/11 13:47:17, 3] lib/util_sock.c:open_socket_out(874) Connecting
to 10.0.0.1 at port 445
[2007/12/11 13:47:17, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(721) Doing spnego session
setup (blob length=107) 
[2007/12/11 13:47:17, 3]

libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 48018
1 2 2
[2007/12/11 13:47:17, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 113554
1 2 2
[2007/12/11 13:47:17, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 113554
1 2 2 3 
[2007/12/11 13:47:17, 3]

libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 3 6 1 4 1
311 2 2 10
[2007/12/11 13:47:17, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(754) got principal=dc
[EMAIL PROTECTED]
[2007/12/11 13:47:17, 2]
libsmb/cliconnect.c:cli_session_setup_kerberos(546) Doing kerberos
session setup
[2007/12/11 13:47:17, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect]
expiration Tue, 11 Dec 2007 23:47:05 UTC 
[2007/12/11 13:47:17, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)

rpc_pipe_bind: Remote machine DC.domain.local pipe \lsarpc fnum 0x400c
bind request returned ok.
[2007/12/11 13:47:17, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
lsa_io_sec_qos: length c does not match size 8 
[2007/12/11 13:47:17, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)

rpc_pipe_bind: Remote machine DC.domain.local pipe \samr fnum 0x400a
bind request returned ok.
Failed to set password for machine account (NT_STATUS_ACCESS_DENIED) 
Failed to join domain!

[2007/12/11 13:47:17, 2] utils/net.c:main(988) return code = -1


But when the user is added to the Domain Admins group, the join is
successful.

And if the latter is possible, which permissions should the windows user
account have? 


Thx in advance

bert



Hi Bert,

I do not know about the Domain Admins group angle, but if you want to 
know what the minimal user rights necessary for a "net ads join" are, 
then this whitepaper explains it.  It says "HP CIFS Server", but holds 
true for Opensource Samba as well.


http://www.docs.hp.com/en/7212/ADSJoinMinimumPerms.pdf

Eric Roseme
Hewlett-Packard


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Invalid request size nsswitch/winbindd

2007-12-19 Thread Volker Lendecke 
On Wed, Dec 19, 2007 at 11:37:36AM -0500, Charles Marcus wrote:
> On 12/19/2007, Volker Lendecke ([EMAIL PROTECTED]) wrote:
> >Reboot your box. It's not only smbd, all processes in the
> >system potentially can trigger this error.
> 
> Just to be clear - you're saying that anytime Samba is upgraded, I 
> should REBOOT??

Well, I think almost everything uses nss. So it's not a
Samba thing, it's a problem that the nss subsystem does not
reload the shared libraries when they change. For example if
you install a new libnss_ldap.so, you have exactly the same
problem.

Volker


pgpJ2X66wV11z.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Invalid request size nsswitch/winbindd

2007-12-19 Thread simo 

On Wed, 2007-12-19 at 11:37 -0500, Charles Marcus wrote:
> On 12/19/2007, Volker Lendecke ([EMAIL PROTECTED]) wrote:
> > Reboot your box. It's not only smbd, all processes in the
> > system potentially can trigger this error.
> 
> Just to be clear - you're saying that anytime Samba is upgraded, I 
> should REBOOT??

No, you just have to restart services that use nss_winbindd because the
winbindd protocol may change, rebooting is the easiest way, but is not
required.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <[EMAIL PROTECTED]>
Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Invalid request size nsswitch/winbindd

2007-12-19 Thread Charles Marcus 

On 12/19/2007, Volker Lendecke ([EMAIL PROTECTED]) wrote:

Reboot your box. It's not only smbd, all processes in the
system potentially can trigger this error.


Just to be clear - you're saying that anytime Samba is upgraded, I 
should REBOOT??


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] IDMAP RID problems and documentation

2007-12-19 Thread Charles Marcus 

Plant, Dean, on 12/19/2007 8:58 AM, said the following:

John wrote:

Hello List,

After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of
the new syntax for IDMAP. But I failed, Also there is a lack on
documentation how to us it. (Yes there is a man, but it contains
limited explanation and examples).

What do I want?  What (I think a lot of people wants)
I have two samba domain members and a Windows 2003 DC without R2 /
SFU shema extension. So I want make use of the RID facility.
Same GID/ UID mappings on all samba servers in the domain, with
support of BUILTIN groups, and without installing schema extensions
 on the DC. I assume that RID was designed for this scenario
Can anyone assist me and everyone on list struggling with the same
problems, how to proper configure SAMBA for this scenario?

Old syntax works, but lack support for BUILT-IN groups, and gives
following complaints in syslog
Module '/usr/lib/samba/idmap/rid.so' initialization failed:
NT_STATUS_OBJECT_NAME_COLLISION
and:
lib/util_str.c:safe_strcpy_fn(659)
Dec 19 13:12:47 s-0009 winbindd[5454]:   ERROR: string overflow by 1
(256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255)
in safe_strcpy [Added timed event "async_request_timeout": 8843878



I have just fixed one of our Samba servers this morning after an the
upgrade from CentOS 5 -> 5.1 broke winbind resolution.

The below winbind config worked for me.


I'm curious - what exactly CHANGED (or, what did you have to change)?


[global]
   workgroup = COMM
server string = Samba Server
log file = /var/log/samba/%m.log
max log size = 50
dns proxy = No
cups options = raw

   password server = amachine.us.domain.co.uk
   realm = US.DOMAIN.CO.UK
   security = ads
# OLD IDMAP settings
#   idmap uid = 16777216-33554431
#   idmap gid = 16777216-33554431
#   idmap backend = rid:"US=16777216-33554431"
# NEW IDMAP settings
   idmap domains = US
   idmap config US: default = yes
   idmap config US: backend = rid
   idmap config US: range = 16777216-33554431
   idmap alloc config: range = 16777216-33554431

   template shell = /sbin/nologin
   winbind use default domain = yes
   allow trusted domains = no
   host msdfs = no
   winbind enum users = no
   winbind enum groups = no
   wins server = 192.168.1.10

Hope this helps

Dean



--

Best regards,

Charles Marcus
I.T. Director
Media Brokers International
678.514.6200 x224
678.514.6299 fax
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] (UPDATE) Problems adding a NTSp6a machine to a SAMBA PDC Domain + LDAP: sambaPrimaryGroupSID

2007-12-19 Thread Carlos Terrón 


I have the problem also with 3.0.28. I have attach the relevant log  
file section


El 19/12/2007, a las 15:23, Carlos Terrón escribió:



Hello everybody

I have configure a Samba PDC machine, using LDAP as password  
backend. The scripts smbldap-tools are used to create the accounts  
in the LDAP. I can add Windows XP machines to the domain without  
problems. But today, I tried to add a Windows NT Server SP6a  
machine to the domain, and there is the next error:


  smbldap_get_single_attribute: [sambaLogonHours] = []
[2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528)
  smbldap_make_mod: adding attribute |sambaLogonHours| value | 
FF|

[2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(519)
  smbldap_make_mod: deleting attribute |sambaAcctFlags| values | 
[DW ]|

[2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528)
  smbldap_make_mod: adding attribute |sambaAcctFlags| value | 
[W  ]|

[2007/12/19 14:38:03, 5] lib/smbldap.c:smbldap_modify(1377)
  smbldap_modify: dn => [uid=windowsntldap 
$,ou=machines,ou=samba,dc=itdeusto,dc=local]

[2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_modify(1397)
  Failed to modify dn: uid=windowsntldap 
$,ou=machines,ou=samba,dc=x,dc=local, error: 20 (Type or value  
exists) (modify/add: sambaPrimaryGroupSID: value #0 already exists)

[2007/12/19 14:38:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
  00 samr_io_r_set_userinfo

The smbd proccess have a problem trying to modify the LDAP entry  
that have been created


I have been using the Samba version that came with CentOS 5.1  
(samba-3.0.25b) I also have a tcpdump file from the Samba <-> LDAP  
comunication and I can see the same error:
attributeOrValueExists (modify/add: sambaPrimaryGroupSID: value #0  
already exists)


I don't know what is the problem. Can someone help me?. Thank you  
very much


Greetings
Carlos
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with samba 3.0.28/Solaris 8/smbclient

2007-12-19 Thread Kenneth Marshall 
On Tue, Dec 18, 2007 at 07:15:23AM -0600, Kenneth Marshall wrote:
> On Mon, Dec 17, 2007 at 01:26:51PM -0600, Kenneth Marshall wrote:
> > Dear Samba users,
> > 
> > I am trying to update our local samba packages to 3.0.28.
> > They are built against heimdal-1.0.1 and openldap-2.3.38.
> > The Redhat Enterprise Linux 3 and 4 packages are working
> > fine so far in my limited testing. The problem with heimdal
> > and "net ads join..." has been fixed on all 3 platforms.
> > On the Solaris 8 server, the "net ads join..." works
> > correctly and the machine registers with the domain. The
> > problem is that the smbclient segfaults on the ls command.
> > A put command worked correctly. Here is what a truss
> > returned:
> > 
> > 21056:  ioctl(1, TCGETA, 0xFFBECFA4)= 0
> > 21056:  write(1, " s m b :   \ k \ k t m \".., 14)  = 14
> > 21056:  read(0, 0xFFBED3E3, 1)  (sleeping...)
> > 21056:  signotifywait() (sleeping...)
> > 21056:  door_return(0x, 0, 0x, 0) (sleeping...)
> > 21056:  lwp_cond_wait(0xFF3834E8, 0xFF3834F8, 0xFF37CD80) (sleeping...)
> > 21056:  read(0, " l", 1)= 1
> > 21056:  write(1, " l", 1)   = 1
> > 21056:  read(0, " s", 1)= 1
> > 21056:  write(1, " s", 1)   = 1
> > 21056:  read(0, "\r", 1)= 1
> > 21056:  write(1, "\n", 1)   = 1
> > 21056:  ioctl(0, TCSETSW, 0xFF345C28)   = 0
> > 21056:  sigaction(SIGINT, 0xFFBED4C0, 0xFFBED5C0)   = 0
> > 21056:  sigaction(SIGTERM, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGQUIT, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGALRM, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGTSTP, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGTTOU, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGTTIN, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGWINCH, 0xFFBED4C0, 0xFFBED5C0) = 0
> > 21056:  time()  = 1197919173
> > 21056:  write(6, "\0\0\0 bFF S M B 2\0\0\0".., 102) = 102
> > 21056:  poll(0xFFBEAF18, 1, 2)  = 1
> > 21056:  read(6, "\0\003AC", 4)  = 4
> > 21056:  poll(0xFFBEAF88, 1, 2)  = 1
> > 21056:  read(6, "FF S M B 2\0\0\0\08801C8".., 940)  = 940
> > 21056:  open("/usr/share/lib/zoneinfo/US/Central", O_RDONLY) = 8
> > 21056:  read(8, " T Z i f\0\0\0\0\0\0\0\0".., 8192) = 1279
> > 21056:  close(8)= 0
> > 21056:  stat64("/usr/site/samba-3.0.28/lib/C.msg", 0xFFBEA948) Err#2 ENOENT
> > 21056:  Incurred fault #6, FLTBOUNDS  %pc = 0xFE833218
> > 21056:siginfo: SIGSEGV SEGV_MAPERR addr=0x40498000
> > 21056:  Received signal #11, SIGSEGV [default]
> > 21056:siginfo: SIGSEGV SEGV_MAPERR addr=0x40498000
> > 21056:  *** process killed ***
> > 
> > Here is a gdb backtrace:
> > 
> > (gdb) run -U 'AD\ktm' //storage.rice.edu/home -D k/ktm
> > Starting program: /build/samba-3.0.28/sunos5/bin/smbclient -U 'AD\ktm' 
> > //storage.rice.edu/home -D k/ktm
> > [New LWP 1]
> > [New LWP 2]
> > [New LWP 3]
> > params.c:OpenConfFile() - Unable to open configuration file 
> > "/usr/site/samba-3.0.28/lib/smb.conf":
> > No such file or directory
> > [New LWP 4]
> > [New LWP 5]
> > /build/samba-3.0.28/sunos5/bin/smbclient: Can't load 
> > /usr/site/samba-3.0.28/lib/smb.conf - run testparm to debug it
> > Password: 
> > Domain=[AD] OS=[BlueArc Titan 4.3.990q] Server=[BlueArc Titan 4.3.990q]
> > smb: \k\ktm\> ls
> > 
> > Program received signal SIGSEGV, Segmentation fault.
> > 0xfe833218 in strlen () from /usr/lib/libc.so.1
> > (gdb) bt
> > #0  0xfe833218 in strlen () from /usr/lib/libc.so.1
> > #1  0xfedcadcc in wait_for_process () from 
> > /usr/site/samba-3.0.28/ext/libroken.so.18
> > #2  0xfedcadcc in wait_for_process () from 
> > /usr/site/samba-3.0.28/ext/libroken.so.18
> > Previous frame identical to this frame (corrupt stack?)
> > (gdb) 
> > 
> > I am building a debug version of the heimdal 1.0.1 libraries to
> > try and get some more information, but I wanted to post a preliminary
> > message to see if this is a know issue or not and whether there are
> > some other debugging measures that could be tried.
> > 
> > Cheers,
> > Ken
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > 
> 
> Dear Samba users,
> 
> As promised here s the backtrace from the debug version of the
> Heimdal 1.0.1 libraries:
> 
> Starting program: /build/samba-3.0.28/sunos5/bin/smbclient -U 'ADRICE\ktm' 
> //storage.rice.edu/home -D k/ktm
> [New LWP 1]
> [New LWP 2]
> [New LWP 3]
> params.c:OpenConfFile() - Unable to open configuration file 
> "/usr/site/samba-3.0.28/lib/smb.conf":
> No

RE: [Samba] IDMAP RID problems and documentation

2007-12-19 Thread Plant, Dean 
simo wrote:
> On Wed, 2007-12-19 at 13:58 +, Plant, Dean wrote:
> 
>> # NEW IDMAP settings
>>idmap domains = US
>>idmap config US: default = yes
>>idmap config US: backend = rid
>>idmap config US: range = 16777216-33554431
>>idmap alloc config: range = 16777216-33554431
> ^^^
> You don't need an alloc config range when using the RID backend, but
> if you want to use (eg for trusted domains) then you *ABSOLUTELY
> DON'T* want it to *conflict* with the same range used for the RID
> backend. 

Ok, point noted. I have removed that option and all is still working.

Thanks.

Dean

Although
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] "force create mode" not enforced from linux client

2007-12-19 Thread Steve Snyder 
My Samba v3.0.25b (in CentOS v5.1) has the smb.conf shown below.  What
I'm seeing is that "force create mode" is not enforced when accessed by
a Linux CIFS client (Fedora 7).

On the server, user steve has a home directory of /home/steve, and the public
directory is /home/samba/public.

The shares are mounted from the client fstab like this:

//nemesis/steve  /mnt/cifs/myhome   cifs credentials=/etc/fstab.cifs0 0
//nemesis/public /mnt/cifs/public   cifs credentials=/etc/fstab.cifs0 0

This is the view of a file on this client:

$ ll testfile
-rw-r--r-- 1 steve users 21 2007-12-19 09:11 testfile

When this file is copied to either share its permissions should be
changed by the "force create mode" parameter in each share definition.

Now the test file is copied to each share.  I use the '-p' switch,
which preserves the timestamp and permissions.  The Samba server should
override these permissions as specified in each share, right?

$ cp -p testfile /mnt/cifs/myhome/
cp: setting permissions for `/mnt/cifs/myhome/testfile': Permission denied
$ cp -p testfile /mnt/cifs/public/
cp: cannot create regular file `/mnt/cifs/public/testfile': Permission denied

The copy correctly complains about the permissions, since they are
enforced on the server.  But look which permissions are enforced:

$ ll /mnt/cifs/myhome/testfile /mnt/cifs/public/testfile
-rwx-- 1 steve users 21 2007-12-19 09:11 /mnt/cifs/myhome/testfile
-rw--w--w- 1 steve users 21 2007-12-19 09:11 /mnt/cifs/public/testfile

Here we see that the user share has the permissions correctly enforced
while the public share does not (should be 666).

After deleting the copies on the server, I'll copy the files again, but
without the '-p' switch.

$ cp testfile /mnt/cifs/myhome/
$ cp testfile /mnt/cifs/public/
$ ll /mnt/cifs/myhome/testfile /mnt/cifs/public/testfile
-rwxr--r-- 1 steve users 21 2007-12-19 09:32 /mnt/cifs/myhome/testfile
-rw-rw-rw- 1 steve users 21 2007-12-19 09:32 /mnt/cifs/public/testfile

Now we see that the file on the user share has incorrect permissions
(should be 777) but the permissions on the public share are correctly
enforced.

Can someone please tell what it takes to actually enforce the
permissions specified by the "force create mode" parameter?

Thanks.



[global]
   workgroup = TESTWG
   server string = Test Samba 3.0.2x

   interfaces = lo eth0
   bind interfaces only = True
   hosts deny = all
   hosts allow = 127.0.0.1 192.168.0.

   dns proxy = yes
   netbios name = nemesis
   name resolve order = hosts wins bcast
   wins support = yes

   max log size = 1024
   log file = /var/log/samba/%m.log

   security = user
   passdb backend = tdbsam
   null passwords = yes
   guest account = smbguest

   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd

   os level = 65
   local master = yes
   domain master = yes
   preferred master = yes

   time server = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

[homes]
   comment = Home Directory
   path = %H
   valid users = %S
   create mask = 0700
   directory mask = 0700
   volume = %U
   writeable = Yes
   browseable = No
   hide dot files = Yes

[public]
   comment = All Users
   path = /home/samba/public
   create mask = 0666
   force create mode = 0666
   directory mask = 0777
   force directory mode = 0777
   guest ok = Yes
   writeable = Yes
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] write list and valid users

2007-12-19 Thread Jason Greene 
We finally got our server to migrate to the new domain.

Now when we access a share anyone can write to it.

I removed the write list and valid users list and restarted samba... anyone
can still access and write to it.

Can some one school me on samba permissions?

here is the share info

drwxrwsrwx  10 user group4096 Dec 19 08:16 dev

[dev]
path = /apps/dev
create mask = 666
directory mask = 2777
valid user =  removed for security (a bunch of domain groups)
write list = removed for security  (a bunch of domain groups)
writeable = yes

-- 
Jason Greene
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems adding a NTSp6a machine to a SAMBA PDC Domain + LDAP: sambaPrimaryGroupSID

2007-12-19 Thread Carlos Terrón 


Hello everybody

I have configure a Samba PDC machine, using LDAP as password backend.  
The scripts smbldap-tools are used to create the accounts in the  
LDAP. I can add Windows XP machines to the domain without problems.  
But today, I tried to add a Windows NT Server SP6a machine to the  
domain, and there is the next error:


  smbldap_get_single_attribute: [sambaLogonHours] = []
[2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528)
  smbldap_make_mod: adding attribute |sambaLogonHours| value | 
FF|

[2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(519)
  smbldap_make_mod: deleting attribute |sambaAcctFlags| values | 
[DW ]|

[2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528)
  smbldap_make_mod: adding attribute |sambaAcctFlags| value | 
[W  ]|

[2007/12/19 14:38:03, 5] lib/smbldap.c:smbldap_modify(1377)
  smbldap_modify: dn => [uid=windowsntldap 
$,ou=machines,ou=samba,dc=itdeusto,dc=local]

[2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_modify(1397)
  Failed to modify dn: uid=windowsntldap 
$,ou=machines,ou=samba,dc=x,dc=local, error: 20 (Type or value  
exists) (modify/add: sambaPrimaryGroupSID: value #0 already exists)

[2007/12/19 14:38:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
  00 samr_io_r_set_userinfo

The smbd proccess have a problem trying to modify the LDAP entry that  
have been created


I have been using the Samba version that came with CentOS 5.1  
(samba-3.0.25b) I also have a tcpdump file from the Samba <-> LDAP  
comunication and I can see the same error:
attributeOrValueExists (modify/add: sambaPrimaryGroupSID: value #0  
already exists)


I don't know what is the problem. Can someone help me?. Thank you  
very much


Greetings
Carlos
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA under window?

2007-12-19 Thread Ryan Novosielski 
.. Original Message ...
On Wed, 19 Dec 2007 14:17:25 +1100 "Curtis Maloney" <[EMAIL PROTECTED]> 
wrote:
>hce wrote:
>> Yes, you are right, there are many solutions if you are a computer
>> skilled people or at least can play anothing on the computers. I am a
>> linux user myself, I can do whatever you want to play from my linux
>> box, I don't even need windows. But what about those who can only run
>> window file system, and only simply copy or delete files from the
>> window file systm, who has no idea to intall and run window ssh, scp
>> or ftp? (please don't ask me again why I should support them.)
>
>So, instead of developing a point-and-drool remote configuration tool, or 
a 
>simple web configuration interface, you'd rather go the complex path of 
mounting 
>remote file systems?
>
>WHY WHY WHY are you so fixed on mounting file systems, instead of 
investigating 
>other options to allow untrained users to change the configuration?  Hell, 
>asking your average Windows user to edit or produce a plain text file can 
be 
>difficult enough.
>
>I give up... you seem hell bent on mounting remote file systems, so I'll 
leave 
>you to figure it out.

What it seems this gentleman wants to do is to use a piece of client 
software, not Samba -- I will state unequivocally that Samba is to give 
Linux machines the ability to "talk Windows," not for any other purpose 
that would cause one to want to install it on Windows (for example, it does 
NOT allow Wndows to "talk Linux"). I think something like DriveX or or 
WebDAV or something like that is really what he wants. Something that will 
mount an SFTP area as a "filesystem" on Windows. This is not Samba, so 
beyond offering anecdotal advice, this is the wrong mailing list.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] IDMAP RID problems and documentation

2007-12-19 Thread simo 

On Wed, 2007-12-19 at 13:58 +, Plant, Dean wrote:

> # NEW IDMAP settings
>idmap domains = US
>idmap config US: default = yes
>idmap config US: backend = rid
>idmap config US: range = 16777216-33554431
>idmap alloc config: range = 16777216-33554431
^^^
You don't need an alloc config range when using the RID backend, but if
you want to use (eg for trusted domains) then you *ABSOLUTELY DON'T*
want it to *conflict* with the same range used for the RID backend.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <[EMAIL PROTECTED]>
Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] kernel log (smbfs): smb_proc_readdir_long: error=-2, breaking

2007-12-19 Thread Charles Marcus 

On 12/18/2007, Simon Jolle ([EMAIL PROTECTED]) wrote:

filesystem type:
smbfs


Not sure if this will fix your problem, but fyi...

http://samba.org/samba/smbfs/

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] (no subject)

2007-12-19 Thread Tom Elsesser 
I have a centos box using kernel 2.6.9-42.0.2.ELsmp that had a samba
server running very nicely until 2 days ago. Out of the blue, users can't
access any shares. We have 5 users and 6 shares, one of which is an MS
access database that gets the most use. I thought the smbpasswd database
may be corrupt so I replaced it with a backup, but no go. I deleted the
smbpasswd database, readded users, that didn't work either. Checking the
samba logs, I found this series of errors when trying to get to any samba
share:

[2007/12/19 08:28:18, 1] smbd/session.c:session_claim(143)
  pam_session rejected the session for tom [smb/19550/113]
[2007/12/19 08:28:18, 1] smbd/password.c:register_vuid(310)
  Failed to claim session for vuid=113
[2007/12/19 08:29:08, 0] auth/pampass.c:smb_pam_error_handler(73)
  smb_pam_error_handler: PAM: session setup failed : System error
[2007/12/19 08:29:08, 1] smbd/session.c:session_claim(143)
  pam_session rejected the session for tom [smb/21374/104]
[2007/12/19 08:29:08, 1] smbd/password.c:register_vuid(310)
  Failed to claim session for vuid=104

I can 'smbclient -L' to the workstations, and all other services (httpd,
sendmail, squid) are running as usual.  From my limited experience, it
seems authentication is whacked, but I can't flesh it out. ANy help is
appreciated.

-- 
Tom


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] IDMAP RID problems and documentation

2007-12-19 Thread Plant, Dean 
John wrote:
> Hello List,
> 
> After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of
> the new syntax for IDMAP. But I failed, Also there is a lack on
> documentation how to us it. (Yes there is a man, but it contains
> limited explanation and examples).
> 
> What do I want?  What (I think a lot of people wants)
> I have two samba domain members and a Windows 2003 DC without R2 /
> SFU shema extension. So I want make use of the RID facility.
> Same GID/ UID mappings on all samba servers in the domain, with
> support of BUILTIN groups, and without installing schema extensions
>  on the DC. I assume that RID was designed for this scenario
> Can anyone assist me and everyone on list struggling with the same
> problems, how to proper configure SAMBA for this scenario?
> 
> Old syntax works, but lack support for BUILT-IN groups, and gives
> following complaints in syslog
> Module '/usr/lib/samba/idmap/rid.so' initialization failed:
> NT_STATUS_OBJECT_NAME_COLLISION
> and:
> lib/util_str.c:safe_strcpy_fn(659)
> Dec 19 13:12:47 s-0009 winbindd[5454]:   ERROR: string overflow by 1
> (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255)
> in safe_strcpy [Added timed event "async_request_timeout": 8843878
> 

I have just fixed one of our Samba servers this morning after an the
upgrade from CentOS 5 -> 5.1 broke winbind resolution.

The below winbind config worked for me.

[global]
   workgroup = COMM
server string = Samba Server
log file = /var/log/samba/%m.log
max log size = 50
dns proxy = No
cups options = raw

   password server = amachine.us.domain.co.uk
   realm = US.DOMAIN.CO.UK
   security = ads
# OLD IDMAP settings
#   idmap uid = 16777216-33554431
#   idmap gid = 16777216-33554431
#   idmap backend = rid:"US=16777216-33554431"
# NEW IDMAP settings
   idmap domains = US
   idmap config US: default = yes
   idmap config US: backend = rid
   idmap config US: range = 16777216-33554431
   idmap alloc config: range = 16777216-33554431

   template shell = /sbin/nologin
   winbind use default domain = yes
   allow trusted domains = no
   host msdfs = no
   winbind enum users = no
   winbind enum groups = no
   wins server = 192.168.1.10

Hope this helps

Dean
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Invalid request size nsswitch/winbindd

2007-12-19 Thread simo 

On Wed, 2007-12-19 at 14:24 +0100, Gianluca Culot wrote:
>  
> actually this error doesn't seem to bring any problem to the user and
> server
> operations...
> but it is reported VERY frequently !
>  
> any suggestion ?

Every service that query user information using nss_winbindd may need to
be restarted when you upgrade winbindd.
You can either restart every service one by one or reboot the box.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <[EMAIL PROTECTED]>
Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Invalid request size nsswitch/winbindd

2007-12-19 Thread Volker Lendecke 
On Wed, Dec 19, 2007 at 02:24:37PM +0100, Gianluca Culot wrote:
> Hello list
>  
> I've seen there is a discussion about this error 
>  
> Dec 19 10:30:00 antares winbindd[90393]: [2007/12/19 10:30:00, 0]
> nsswitch/winbindd.c:request_len_recv(544)
> Dec 19 10:30:00 antares winbindd[90393]:   request_len_recv: Invalid request
> size received: 2084 (expected 2088)
> 
> but the suggested remedy of sttoping and starting samba granting all
> winbindd processes died doesn't work for me
>  
> I'm running e freebsd 6 box with
> samba-3.0.28,1
>  
> I ALWAYS portupgraded, never built custom packages or from sources.
>  
> a completely similar box (portupgraded in the same way and running the SAME
> samba version) doesn't report this error
> both samba are attached and referring to the same domain.
>  
> actually this error doesn't seem to bring any problem to the user and server
> operations...
> but it is reported VERY frequently !
>  
> any suggestion ?

Reboot your box. It's not only smbd, all processes in the
system potentially can trigger this error.

Volker


pgpSWz67diuJD.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with ACL and Samba

2007-12-19 Thread Greg Byshenk 
On Wed, Dec 19, 2007 at 08:57:41AM -0200, Felipe Tocchetto wrote:
 
> I put the defaults acls in my previous email, take a look:
> 
> [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste
> #file:teste
> #owner:1002
> #group:1006
> user::rwx
> group::rwx
> group:suporte:rwx
> group:administ:rwx
> mask::rwx
> other::---
 
> The default acls have the entries:
 
> group:suporte:rwx
> group:administ:rwx

Sorry, my mistake (they were there, but I misread).

 
> But after I edit the file, one of these disapear.
 
> I read something about a samba bug:
> https://bugzilla.samba.org/show_bug.cgi?id=2346
> 
> But it has been fixed a long time ago.
 
> Any tips?

Not certain. Are there any masks set in your smb.conf?  If you create
a new file within Excel, what are the permissions on it?

I've just tested this myself, and cannot recreate the problem.  I can
copy in an Excel file, edit it (WinXP SP2), and save it, and I get the
correct ACLs on the server. Server is very slightly different than 
yours, but not much:

   FreeBSD 6.3-PRERELEASE (Nov 12 2007)
   samba-3.0.26a_1,1

Also, you could try turning up the log level and then looking for 
errors.

-greg

 
> On Dec 19, 2007 8:50 AM, Greg Byshenk <[EMAIL PROTECTED]> wrote:
> 
> > On Tue, Dec 18, 2007 at 10:15:42PM -0200, Felipe Tocchetto wrote:
> >
> > > I am facing a strange problem that I could not solve, so, maybe you can
> > help
> > > me.
> > >
> > > Look at this situation:
> > >
> > > I created a new directory with those ACLs (through Samba using Windows
> > XP)
> > >
> > > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste
> > > #file:teste
> > > #owner:1002
> > > #group:1006
> > > user::rwx
> > > group::rwx
> > > group:suporte:rwx
> > > group:administ:rwx
> > > mask::rwx
> > > other::---
> > >
> > > [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste
> > > #file:teste
> > > #owner:1002
> > > #group:1006
> > > user::rwx
> > > group::rwx
> > > group:suporte:rwx
> > > group:administ:rwx
> > > mask::rwx
> > > other::---
> > >
> > > My ACLs are right, ok, now I will copy a XLS file to that folder:
> > >
> > > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
> > > #file:teste/excel-test.xls
> > > #owner:1002
> > > #group:1006
> > > user::rwx
> > > group::rw-
> > > group:suporte:rwx
> > > group:administ:rwx
> > > mask::rwx
> > > other::---
> > >
> > > OK, the samba server inhert the permissions and the ACLs, everything is
> > fine
> > > until now.
> > >
> > > But when I edit this file with MS Excel, and save it, look what happen
> > to
> > > the ACLs:
> > >
> > > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
> > > #file:teste/excel-test.xls
> > > #owner:1002
> > > #group:1006
> > > user::rwx
> > > group::---
> > > group:suporte:rwx
> > > mask::rwx
> > > other::---
> > >
> > > The ACL entry "group:administ:rwx" just have gone after I save the file.
> > >
> > > It happens with Windows XP, Vista, Office 2003 and 2007. My samba
> > version is
> > > Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through
> > > Ports.
> > >
> > > Anybody knows what is wrong?
> >
> >
> > I'm not sure if it is the cause, but what are your default ACLs for the
> > directory in question?
> >
> > When you copy in a file from Windows, I think that it will preserve its
> > permissions, but if you edit and save, you are actually creating a new
> > file, which will be created based on the defaults for that location/user.
> >
> > Check the output of 'gefacl -d teste'.

-- 
greg byshenk  -  [EMAIL PROTECTED]  -  Leiden, NL
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Invalid request size nsswitch/winbindd

2007-12-19 Thread Gianluca Culot 
Hello list
 
I've seen there is a discussion about this error 
 
Dec 19 10:30:00 antares winbindd[90393]: [2007/12/19 10:30:00, 0]
nsswitch/winbindd.c:request_len_recv(544)
Dec 19 10:30:00 antares winbindd[90393]:   request_len_recv: Invalid request
size received: 2084 (expected 2088)

but the suggested remedy of sttoping and starting samba granting all
winbindd processes died doesn't work for me
 
I'm running e freebsd 6 box with
samba-3.0.28,1
 
I ALWAYS portupgraded, never built custom packages or from sources.
 
a completely similar box (portupgraded in the same way and running the SAME
samba version) doesn't report this error
both samba are attached and referring to the same domain.
 
actually this error doesn't seem to bring any problem to the user and server
operations...
but it is reported VERY frequently !
 
any suggestion ?
 
 

--
Gianluca Culot
DMS Multimedia
Via delle Arti e dei Mestieri, 6
20050 Sulbiate (Mi) - Italy
Tel: +39 039 5968925
Fax: +39 039 3309813

www.dmsware.com 

Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in
questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora
il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza
copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il
mittente comunica che il presente messaggio ed ogni suo allegato, al momento
dell’invio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri
tipo di codice software dannoso. Questo messaggio e i suoi allegati
potrebbero essere stati infettati durante la trasmissione. Leggendo il
messaggio e/o aprendo gli allegati, il Destinatario si prende la piena
responsabilità nei confronti di ogni azione protettiva o di rimedio per la
rimozione di virus ed altri difetti. DMS Multimedia non potrà essere
considerata responsabile per qualsivoglia danno o perdita derivata qualunque
modo da questo messaggio o dai suoi allegati.

The information in this electronic mail message, including any attachments,
is confidential and may be legally privileged. It is intended solely for the
addressee(s). Access to this Internet electronic mail message by anyone else
is unauthorised. If you are not the intended recipient, any disclosure,
copying, distribution or action taken or omitted to be taken in reliance on
it is prohibited and may be unlawful. The sender believes that this E-mail
and any attachments were free of any virus, worm, Trojan horse, and/or
malicious code when sent. This message and its attachments could have been
infected during transmission. By reading the message and opening the
attachments, the recipient accepts full responsibility for taking protective
and remedial action about viruses and other defects.DMS Multimedia is not
liable for any loss or damage arising in any way from this message or its
attachments 

 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] IDMAP RID problems and documentation

2007-12-19 Thread John 
Hello List,

After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of the 
new syntax for IDMAP. But I failed, Also there is a lack on documentation 
how to us it. (Yes there is a man, but it contains limited explanation and 
examples).

What do I want?  What (I think a lot of people wants)
I have two samba domain members and a Windows 2003 DC without R2 / SFU shema 
extension. So I want make use of the RID facility.
Same GID/ UID mappings on all samba servers in the domain, with support of 
BUILTIN groups, and without installing schema extensions on the DC.
 I assume that RID was designed for this scenario
Can anyone assist me and everyone on list struggling with the same problems, 
how to proper configure SAMBA for this scenario?

Old syntax works, but lack support for BUILT-IN groups, and gives following 
complaints in syslog
Module '/usr/lib/samba/idmap/rid.so' initialization failed: 
NT_STATUS_OBJECT_NAME_COLLISION
and:
lib/util_str.c:safe_strcpy_fn(659)
Dec 19 13:12:47 s-0009 winbindd[5454]:   ERROR: string overflow by 1 (256 - 
255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255) in safe_strcpy 
[Added timed event "async_request_timeout": 8843878



The new syntax I tried:
   idmap domains= DOMAIN-NL
   idmap config DOMAIN:default   = yes
   idmap configDOMAIN:backend =  rid
   idmap config DOMAIN:base_rid   = 1000
   idmap config DOMAIN:range= 1000-100

# For BUILTIN GROUPS
   idmap alloc backend = tdb
   idmap alloc config:range= 800-999

After restarting samba/ winbind, it fails after 2-3 minutus
wbinfo -u and wbinfo -g works ok
getent group works also ok, but getent passwd does not shown domain users 
anymore.
Leave ADS cleaning up all tdb's and rejoining ADS did not provide the 
solution.

I also tried several other options but all failed the same way.
 idmap domains=  BUILTIN, DOMAIN
   idmap config DOMAIN:default   = yes
   idmap configDOMAIN:backend =  rid
   idmap config DOMAIN:base_rid   = 1000
   idmap config DOMAIN:range= 1000-100
   idmap config BUILTIN:backend= tdb
   idmap config BUILTIN:base_rid   = 800
   idmap config BUILTIN:range  = 800-999


OS: CentOS 4.6
Samba version: CentOS/ RH 3.0.25b (with backported fixes from 3.0.28) and 
samba 3.0.28
No nscd running
Snipped of /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group:  files winbind

Full smb.conf
 Global parameters
[global]
workgroup = DOMAIN-NL
security = ADS
netbiosname = s-0009-a
realm = CORP.DOMAIN.NL
server string = SAMBA DOOS
 Loglevel = 10
interfaces = eth2 lo
bind interfaces only = yes
preferred master = no
domain master = no
allow trusted domains = no
winbind separator = /
# Officially supported old syntax
idmap backend = rid
idmap uid = 1000-100
idmap gid = 1000-100

# New syntax equivilent to pre3.0.25 tdb
# idmap domains = DOMAIN-NL
# idmap config DOMAIN-NL:default = yes
# idmap config DOMAIN-NL:backend = tdb
# idmap configDOMAIN-NL:range   = 1000 - 100
# idmap alloc backend = tdb
# idmap alloc config:range = 1000 - 100

# New syntax rid
#   idmap domains  = DOMAIN-NL
#   idmap config DOMAIN-NL:default  = yes
#   idmap config DOMAIN-NL:backend= rid
#   idmap config DOMAIN-NL:base_rid= 1000
#   idmap config DOMAIN-NL:range = 1000-100

#   idmap config BUILTIN:backend= tdb
#   idmap config BUILTIN:base_rid   = 800
#   idmap config BUILTIN:range  = 800-999

#   idmap alloc backend = tdb
#   idmap alloc config:range= 800-999


winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes

template homedir = /home/domain-nl/%U
template shell = /bin/bash
wins server = 192.168.0.51
load printers = no
printing = cups
printcap name = cups
show add printer wizard = yes
use client driver = yes


[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writable = no
printable = yes
printer admin = @"Domain Admins"
# Printer shares

[print$]
comment = Printer Driver Download Area
path = /var/lib/samba/drivers
browseable = yes
guest ok = yes
read only = no
write list = @ntadmin, @"Domain Admins", root
admin users = @"Domain Admins", @ntadmin, root, admin

RE: [Samba] File name symbols

2007-12-19 Thread Vitaly Protsko 
Hi!

So, anybody? :(

Is it possible to make samba creating files with byte-to-byte,
not translated, names?

/aTan
 
> I have following situation:
> 3.0.27a works perfectly, speedy NAS server in AD domain
> 
> But we decided to make backup of a whole users file junk
> to this speedy NAS. Near all files have names in russian.
> 
> What I see: "unix charset = UTF8" makes characters in
> file names as ":d0:c1" for one (ok, understandable), but
> "unix charset = koi8r" makes only one-byte ":ee".
> 
> Filesystem accepts bytes, not chars from some charset in filenames.
> 
> The problem in long file names - 3 chars instead of one!
> Many files in our archive have longer than 100-byte names.
> 
> Why convert bytes, if they are accepted by filesystem?
> Can it be controlled from smb.conf ?


/aTan

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] speed and connection problems after samba upgrade - RH 5 -> RH 5.1, samba 3.0.23c -> 3.0.25b

2007-12-19 Thread Götz Reinicke 
Hi,

recently we upgraded a central RHEL 5 fileserver to the latest RH EL 5.1
rpms, including samba. (samba-3.0.23c-2.el5.2 update to
samba-3.0.25b-1.el5_1.4)

Now some users have the problem, that opening a word or excel file saved
on a samba share takes up to 30 seconds. Today I could verify this on
the users desktop XP PC.

This problem occures only from time to time, so it may be also a problem
on the client side or the networkswitch, so I did a test download from
an ftp server (ftp-stud.fht-esslingen.de) and I can download files with
up to 6MBytes(!) - that's o.k.

Copying files from the server (e.g. an 600MB iso) takes about 60 seconds
- that's also o.k.

But opening smal files on the server takes sometimes that long ...

My question is: Could it be, that the update includes some changes in
timeouts or locking funtions? Which options may I check? Or are there
some cachefiles to be checked?

The logfile has no obvious hints for me right now...

Thanks for any hints and tips!


Best regards

Götz
-- 
Götz Reinicke
IT Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail [EMAIL PROTECTED]

Filmakademie Baden-Württemberg GmbH
Mathildenstr. 20
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzender des Aufsichtsrats:
Dr. Christoph Palmer, MdL, Minister a.D.

Geschäftsführer:
Prof. Thomas Schadt


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with ACL and Samba

2007-12-19 Thread Felipe Tocchetto 
Hey Greg, thanks your reply:

I put the defaults acls in my previous email, take a look:

[EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste
#file:teste
#owner:1002
#group:1006
user::rwx
group::rwx
group:suporte:rwx
group:administ:rwx
mask::rwx
other::---

The default acls have the entries:

group:suporte:rwx
group:administ:rwx

But after I edit the file, one of these disapear.

I read something about a samba bug:
https://bugzilla.samba.org/show_bug.cgi?id=2346

But it has been fixed a long time ago.

Any tips?

On Dec 19, 2007 8:50 AM, Greg Byshenk <[EMAIL PROTECTED]> wrote:

> On Tue, Dec 18, 2007 at 10:15:42PM -0200, Felipe Tocchetto wrote:
>
> > I am facing a strange problem that I could not solve, so, maybe you can
> help
> > me.
> >
> > Look at this situation:
> >
> > I created a new directory with those ACLs (through Samba using Windows
> XP)
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste
> > #file:teste
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rwx
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste
> > #file:teste
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rwx
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > My ACLs are right, ok, now I will copy a XLS file to that folder:
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
> > #file:teste/excel-test.xls
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rw-
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > OK, the samba server inhert the permissions and the ACLs, everything is
> fine
> > until now.
> >
> > But when I edit this file with MS Excel, and save it, look what happen
> to
> > the ACLs:
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
> > #file:teste/excel-test.xls
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::---
> > group:suporte:rwx
> > mask::rwx
> > other::---
> >
> > The ACL entry "group:administ:rwx" just have gone after I save the file.
> >
> > It happens with Windows XP, Vista, Office 2003 and 2007. My samba
> version is
> > Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through
> > Ports.
> >
> > Anybody knows what is wrong?
>
>
> I'm not sure if it is the cause, but what are your default ACLs for the
> directory in question?
>
> When you copy in a file from Windows, I think that it will preserve its
> permissions, but if you edit and save, you are actually creating a new
> file, which will be created based on the defaults for that location/user.
>
> Check the output of 'gefacl -d teste'.
>
>
> --
> greg byshenk  -  [EMAIL PROTECTED]  -  Leiden, NL
>



-- 
Felipe Tocchetto
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with ACL and Samba

2007-12-19 Thread Greg Byshenk 
On Tue, Dec 18, 2007 at 10:15:42PM -0200, Felipe Tocchetto wrote:
 
> I am facing a strange problem that I could not solve, so, maybe you can help
> me.
> 
> Look at this situation:
> 
> I created a new directory with those ACLs (through Samba using Windows XP)
> 
> [EMAIL PROTECTED] /home/smb/adm]# getfacl teste
> #file:teste
> #owner:1002
> #group:1006
> user::rwx
> group::rwx
> group:suporte:rwx
> group:administ:rwx
> mask::rwx
> other::---
> 
> [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste
> #file:teste
> #owner:1002
> #group:1006
> user::rwx
> group::rwx
> group:suporte:rwx
> group:administ:rwx
> mask::rwx
> other::---
> 
> My ACLs are right, ok, now I will copy a XLS file to that folder:
> 
> [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
> #file:teste/excel-test.xls
> #owner:1002
> #group:1006
> user::rwx
> group::rw-
> group:suporte:rwx
> group:administ:rwx
> mask::rwx
> other::---
> 
> OK, the samba server inhert the permissions and the ACLs, everything is fine
> until now.
> 
> But when I edit this file with MS Excel, and save it, look what happen to
> the ACLs:
> 
> [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
> #file:teste/excel-test.xls
> #owner:1002
> #group:1006
> user::rwx
> group::---
> group:suporte:rwx
> mask::rwx
> other::---
> 
> The ACL entry "group:administ:rwx" just have gone after I save the file.
> 
> It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is
> Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through
> Ports.
> 
> Anybody knows what is wrong?


I'm not sure if it is the cause, but what are your default ACLs for the 
directory in question?

When you copy in a file from Windows, I think that it will preserve its
permissions, but if you edit and save, you are actually creating a new
file, which will be created based on the defaults for that location/user.

Check the output of 'gefacl -d teste'.


-- 
greg byshenk  -  [EMAIL PROTECTED]  -  Leiden, NL
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Enabling Profiles

2007-12-19 Thread odi 
use pdbedit -Lv  to determine if there is a profile path, if there ist 
no path specified, profile for this user is disabled, maybe I'm wrong, but I 
think so. It doesn't depend on the password backend, definitly.

regards

Am Dienstag, 18. Dezember 2007 16:21:40 schrieb Net Warrior:
> HI there guys.
> Sorry for disturbing you with a very basic question, log time ago,
> searching in the archives I found that profiles can be enabled or disabled
> for everyone, and that cannot be enabled for a gorup of users or a specific
> user.
>
> I read the how-tos, they explain very well how to manage them, but could
> not find that doubt, nor even I could not find that thread
> in the arvhives.
>
> Can some tell me if that behavior still applies?
>
> Thanks in advance


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

R: [Samba] unauthorized acess attempt

2007-12-19 Thread Gianluca Culot 
 I'M SORRY

The log file is MESSAGES

/var/log/messages

AND NOT /var/log/maillog... As I reported in my last email !
Actually there is no error message in /var/log/maillog

> -Messaggio originale-
> Da: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]
> g] Per conto di Gianluca Culot
> Inviato: mercoledì 19 dicembre 2007 10.16
> A: [EMAIL PROTECTED]; '[EMAIL PROTECTED] Samba. Org'
> Oggetto: R: [Samba] unauthorized acess attempt
> 
> The dovecot logs to syslog to the /var/log/maillog 
> 
> # Syslog facility to use if you're logging to syslog. Usually 
> if you don't # want to use "mail", you'll use local0..local7. 
> Also other standard # facilities are supported.
> syslog_facility = mail
> 
> And in SYSLOG.CONF
> mail.*  /var/log/maillog
> 
> The message I reported in taken from /var/log/maillog
> 
> So... Actualy I do not receive any Error message from dovecot...
> Looks like dovecot rely on the error message of winbind and 
> doesn't log any more message...
> Possible?
> Strange ?
> 
> > -Messaggio originale-
> > Da: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]
> > g] Per conto di [EMAIL PROTECTED]
> > Inviato: sabato 15 dicembre 2007 15.16
> > A: '[EMAIL PROTECTED] Samba. Org'
> > Oggetto: Re: [Samba] unauthorized acess attempt
> > 
> > Gianluca Culot wrote:
> > > Hello list
> > >  
> > > I'm facing a little security problem
> > >  
> > > I get A LOT (3 a minute) a such a message
> > >  
> > >  mail dovecot-auth: pam_winbind(dovecot): request failed: No such 
> > > user, PAM error was unknown user (13), NT error was 
> > > NT_STATUS_NO_SUCH_USER
> > > 
> > > I'd like to know which is the user name used in such
> > attempts How can
> > > I get such info without raising log level to an 
> inacceptable level 
> > > (which would cause my log file to explode !?! )
> > 
> > Have you looked at your dovecot logs to see who's trying to 
> login at 
> > that time?
> > 
> > Don Piven
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

R: [Samba] unauthorized acess attempt

2007-12-19 Thread Gianluca Culot 
The dovecot logs to syslog to the /var/log/maillog 

# Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use "mail", you'll use local0..local7. Also other standard
# facilities are supported.
syslog_facility = mail

And in SYSLOG.CONF
mail.*  /var/log/maillog

The message I reported in taken from /var/log/maillog

So... Actualy I do not receive any Error message from dovecot...
Looks like dovecot rely on the error message of winbind and doesn't log any
more message...
Possible?
Strange ?

> -Messaggio originale-
> Da: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]
> g] Per conto di [EMAIL PROTECTED]
> Inviato: sabato 15 dicembre 2007 15.16
> A: '[EMAIL PROTECTED] Samba. Org'
> Oggetto: Re: [Samba] unauthorized acess attempt
> 
> Gianluca Culot wrote:
> > Hello list
> >  
> > I'm facing a little security problem
> >  
> > I get A LOT (3 a minute) a such a message
> >  
> >  mail dovecot-auth: pam_winbind(dovecot): request failed: No such 
> > user, PAM error was unknown user (13), NT error was 
> > NT_STATUS_NO_SUCH_USER
> > 
> > I'd like to know which is the user name used in such 
> attempts How can 
> > I get such info without raising log level to an inacceptable level 
> > (which would cause my log file to explode !?! )
> 
> Have you looked at your dovecot logs to see who's trying to 
> login at that time?
> 
> Don Piven
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

R: [Samba] unauthorized acess attempt

2007-12-19 Thread Gianluca Culot 
Hello Jeremy

Sorry for my late answer. 
Your message went unseen and I got really busy with some urgent projects.

About my box (freebsd6 + samba + dovecot + postfix)
samba-3.0.26a_2,1 
dovecot-1.0.7 
postfix-2.3.13,1

I'm building from ports, and as it is a production machine I'd like to let
it be managed by ports, as I usually run portupgrade to update the packages.

Anyway Are you sure it is a bug ?
This message is not generated at regular times, and not always near user
activity. I get A LOT of such a message even at full night, with no user
activity at all.
I suspect it is not a bug but a foreign user trying to gain access to my
mail server trying random passwords for a user. 
BUT I CANNOT READ the account being tampered... 

Maybe I could adjust the log level... But please consider this box manages
something like 5000 emails/day... I cannot rise the log level too much !
And I cannot put it in a "idle" state any way !

Thanks


> -Messaggio originale-
> Da: Jeremy Allison [mailto:[EMAIL PROTECTED] 
> Inviato: venerdì 14 dicembre 2007 19.08
> A: Gianluca Culot
> Cc: '[EMAIL PROTECTED] Samba. Org'
> Oggetto: Re: [Samba] unauthorized acess attempt
> 
> On Fri, Dec 14, 2007 at 04:26:13PM +0100, Gianluca Culot wrote:
> > Hello list
> >  
> > I'm facing a little security problem
> >  
> > I get A LOT (3 a minute) a such a message
> >  
> >  mail dovecot-auth: pam_winbind(dovecot): request failed: No such 
> > user, PAM error was unknown user (13), NT error was 
> > NT_STATUS_NO_SUCH_USER
> > 
> > I'd like to know which is the user name used in such 
> attempts How can 
> > I get such info without raising log level to an inacceptable level 
> > (which would cause my log file to explode !?! )
> 
> This needs a patch I think. I'll look into this. Can you log 
> a bug at bugzilla.samba.org please ?
> 
> If you can build from source, I can send you something you 
> can use quicker than waiting for an official release :-).
> 
> Jeremy.
> 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba