[Samba] malloc problem on smbd
Hi guys, I have samba 3.0.24 on AIX 5.3 ML 6 and sometimes in smbd.log, I found many entry like this : get_print_db: malloc fail ! To recover situation, smbd must be restarted. Any idea ? bye ** Le e-mail provenienti dalla Banca d'Italia sono trasmesse in buona fede e non comportano alcun vincolo ne' creano obblighi per la Banca stessa, salvo che cio' non sia espressamente previsto da un accordo scritto. Questa e-mail e' confidenziale. Qualora l'avesse ricevuta per errore, La preghiamo di comunicarne via e-mail la ricezione al mittente e di distruggerne il contenuto. La informiamo inoltre che l'utilizzo non autorizzato del messaggio o dei suoi allegati potrebbe costituire reato. Grazie per la collaborazione. -- E-mails from the Bank of Italy are sent in good faith but they are neither binding on the Bank nor to be understood as creating any obligation on its part except where provided for in a written agreement. This e-mail is confidential. If you have received it by mistake, please inform the sender by reply e-mail and delete it from your system. Please also note that the unauthorized disclosure or use of the message or any attachments could be an offence. Thank you for your cooperation. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.28 and dropboxes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CJ Keist wrote: > All, >I searched archives and found one related to our problem, with > subject "samba 3.0.26a and dropboxes", but there was no solution. So > posting this again for hopes of a fix. > >We have dropboxes where users can drop files in someone else's > dropbox folder. You have write permissions but not read for the folder. > In UNIX the dropbox permision is set as 2733. This all worked fine with > Samba 3.0.6a. But now have upgraded to Samba 3.0.28 and > they are no longer working. > > My settings for the share is: > > [ens] > comment = ENS Groups > path = /top/admin/ENS > valid users = +admin > force group = admin > read only = No > create mask = 0770 > directory mask = 02770 > inherit permissions = Yes > inherit acls = Yes > inherit owner = Yes > dos filemode = Yes > > This is on Solaris 9 UFS filesystem with quotas enabled. You do realize how vague "no longer working" is, right? - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHa1Bomb+gadEcsb4RAl7JAKCqVRj97RmjGPSiLXUTF0r7oOuLmACg0CzY TfOFCrrKmDM2OcqJD4+pzCY= =pWNy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
On Dec 20, 2007 10:32 PM, John Drescher <[EMAIL PROTECTED]> wrote: > On Dec 20, 2007 7:56 PM, J <[EMAIL PROTECTED]> wrote: > > The answer, to my biggest problem, was that the user needed the same > > smbpasswd on both Samba servers. (d'oh!) > > Take a look at using ldap. That way you can have a central password > server and not have that problem. > > John > -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CIFS Duplicating the Mount Point
My file server (Debian stable; SMB 3.0.24) has several CIFS shares, one of which is named "music". My desktop client (Ubuntu gutsy, SMB 3.0.26a) can mount the "music" share as either CIFS of SMBFS, but when mounted using CIFS, something very weird happens - data in the root of the share appears in 2nd-level folders in the share when the name is the same (using a case insensitive comparison). When mounted Under SMBFS, it works as expected. For instance, I have the following directory structure: music |- 311 |- Music |- songs, etc. |- other albums, etc. |- other bands, etc. When the music share is mounted using CIFS, it appears as: music |- 311 |- Music |- 311 |- Music |- songs, etc. |- other bands, etc. After a quick test, the problem seems to be with the subfolder with the same name as the share (case insensitive comparison). Even stranger, this issue only appears with folders named "music" on the 2nd level: "music/music" and "music/test1/test2/Music" both work as expected. Do I have something misconfigured, a known issue, or a bug (or something else entirely)? Windows machines can use the share properly. I can post my server's configuration files if someone is interested. Thanks, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
The answer, to my biggest problem, was that the user needed the same smbpasswd on both Samba servers. (d'oh!) The PDC would handle the authentication, and then attempt to access shares on the file server, but since the smbpasswd was different on the file server, access would not be granted... I still have strange behaviors to figure out (like why I'm not getting consistent results from different machines), but the hurdle that took me two weeks to figure out is conquered... J wrote: Incidentally, this is being written (at log level 2), when I attempt to log bryan in: [2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [bryan] -> [bryan] -> [bryan] succeeded If authentication is succeeding, why am I getting the message that the user doesn't exist in Windows? J wrote: I am trying to test a Samba PDC on our network that currently shares files as a workgroup (with a different name, of course). Microsoft states that this can be done, with no issues (so long as the workgroup and the domain have different names). The permanent home for the shares is on //receptionist. ( The temporary home for the Samba PDC is on //haze. ) Once the PDC has been set up successfully and tested, //receptionist will be switched to work as the PDC, and not a file share. The Windows client I'm testing on is a virtual machine, "virtualx-ray", on the network. Please, does anyone have any ideas??: I have successfully joined the domain, and I can log into the domain with the first user I set up on //haze. (jae) jae is able to log in, successfully loads the custom profile (changing the network neighborhood to use a customized list of network resources), but does not currently update the profile. (one thing at a time) bryan, on the other hand, gets the following messages (and does not log in): Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Logon failure: unknown user name or bad password. bryan is a valid user name (see the passwd file settings below) , and I'm using the correct password. I have restarted both Samba servers every time I made a change in the smb.conf files. There is nothing in the logs (on //haze) that another user is trying to log on, other than jae. Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - The system cannot find the path specified. bryan does NOT exist as a local account on the Windows client. "Jae" did exist, at one time on the Windows client. ( The login name was later changed to "jnorm". Logging in as "Jae" with the valid password on the local client does not work, as it shouldn't. ) I have tinkered with the settings for weeks now, so they are more "open" than they started out. Here are the (appropriate) settings: (//receptionist): [receptionist 133] server.files > smbclient --version Version 3.0.23c-2.el5.2.0.2 [ls -l]: /home/win-profiles: drwxr-xr-x 22 root root 4096 Dec 8 11:37 home drwxrwxrwx 4 jaeusers4096 Dec 17 13:18 win-profiles /misc2/shares/netlogon: drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon [/etc/passwd]: jae:x:500:500:J:/home/jae:/bin/bash bryan:x:501:501::/home/bryan:/bin/bash [/etc/group]: users:x:100:bryan,jae jae:x:500: bryan:x:501: ntadmins:x:550: [/etc/samba/smb.conf]: [global] workgroup = platinum server string = Receptionist security = user hosts allow = 192.168.1. 192.168.0. 127. ;load printers = yes ;printing = cups cups options = raw log level = 2 log file = /var/log/samba/%m.log max log size = 50 interfaces = lo eth0 os level = 33 ;preferred master = yes wins support = yes dns proxy = no username map = /etc/samba/smbusers veto files = /lost+found encrypt passwords = yes ;guest ok = no ;guest account = nobody [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /misc2/shares/netlogon guest ok = yes browseable = No [network-resources] path = /misc2/shares/network-resources guest ok = no browseable = yes writeable = yes writelist = jae [printers] comment = All Printers path = /usr/spool/samba printable = yes guest ok = yes [win-profiles] path = /home/win-profiles browseable = yes writeable = yes #create mask = 0666 #directory mask = 0777 csc policy = disable [SharePPSI] path =
Re: Fwd: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
ah -- that's a switch similar to the registry settings I've been using, then?: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters "RequireSignOrSeal"=dword: Registry setting is giving me inconsistent results (when applied, obviously) -- I'll try the acl profiles switch. Thanks. John Drescher wrote: On Dec 20, 2007 5:53 PM, J <[EMAIL PROTECTED]> wrote: I wasn't aware that I was using acls (at all). Are they set up by default, with these versions of Samba? The problem is XP tries to verify that the user of the profile is the same as the user who has full permissions on the profile. This switch (or a registry setting) will fix that problem (if this is indeed the problem you have). Previous versions of samba and previous XP security packs did not have need this and it may not happen for all users. I saw this problem about 6 months ago when I upgraded to samba-3.0.23. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ACL and Samba
Hey Robert
Thanks for your mail, here is what a did:
1. Set the ACLs to all dirs and files in the ADM dir:
find adm/ -type f -exec setfacl -m g:administ:rwx {} \;
find adm/ -type f -exec setfacl -m g:administ:rwx {} \;
3. Setting the default ACLs to the ADM dir:
setfacl -d -m u::rwx,g::rwx,o::--- adm/
setfacl -d -m g:administ:rwx adm/
4. Setting the default ACLs to all subdirs on ADM
find adm/ -type d -exec setfacl -d -m u::rwx,g::rwx,o::--- {} \;
find adm/ -type d -exec setfacl -d -m g:administ:rwx {} \;
5. In the Samba server I did this conf:
valid users = suporte,administ
write list = suporte,administ
read only = No
* force security mode = 0770
force create mode = 0777
force directory mode = 0777
inherit permissions = Yes
The more important flag, that solve the problem is force security mode =
0770.
Thanks a lot for all replyes!
Felipe
On Dec 19, 2007 11:21 PM, Cybionet <[EMAIL PROTECTED]> wrote:
> Greeting Felipe,
>
> Here a solution for your problem (I hope so). It works for me with
> MSOffice 2000/2003.
>
> First you need to set the POSIX rights before ACL(EA). These rights will
> be the base for your "real" permissions.
>
> - Create your folder, and set 2775 or 2770 permissions.
> - The assign the owner and group to root:root (you will understand
> shortly why).
> - Now you are ready to set the ACL(EA) permissions.
>
> The use of the 2775 permissions will gave access to the folder and his
> subdirectory for the share of the files. Or use directly the 2770
> permissions to limit access and share immediately your files in the
> folder.
>
> The SGID define in this permission allow the group to never be change,
> whatever the group of the owner who create a new file ou change a
> existing file. The owner has no importance, because it will be change at
> the creation ou modification of the file (it is the goal to know who
> have made the change).
>
> The share configuration, I suggest you something like this. The only
> parameters very important is "force create mode = 660" and "directory
> mode = 770".
>
> [workspace]
>
> comment = Whatever
> path = /pat/to/my/folder
>
> browseable = yes
> read only = no
>
> force create mode = 660
> directory mode = 770
>
> csc policy = disable
>
>
> Best Regards
>
> Robert
>
> --
> Cybionet - Solution reseautique
> http://www.cybionet.com
>
> > Dear All
> >
> > I am facing a strange problem that I could not solve, so, maybe you
> > can help
> > me.
> >
> > Look at this situation:
> >
> > I created a new directory with those ACLs (through Samba using Windows
> > XP)
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste
> > #file:teste
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rwx
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste
> > #file:teste
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rwx
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > My ACLs are right, ok, now I will copy a XLS file to that folder:
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
> > #file:teste/excel-test.xls
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rw-
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > OK, the samba server inhert the permissions and the ACLs, everything
> > is fine
> > until now.
> >
> > But when I edit this file with MS Excel, and save it, look what happen
> to
> > the ACLs:
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
> > #file:teste/excel-test.xls
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::---
> > group:suporte:rwx
> > mask::rwx
> > other::---
> >
> > The ACL entry "group:administ:rwx" just have gone after I save the file.
> >
> > It happens with Windows XP, Vista, Office 2003 and 2007. My samba
> > version is
> > Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through
> > Ports.
> >
> > Anybody knows what is wrong?
> >
> > Thanks a lot!
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
Felipe Tocchetto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] re: editposix setup
Keep traffic on the list. > Thanks, for your answer and pointing to the samba howto collection . > I had a look in the howtos and of course manfiles in first place. > But they didnt answered my question. > I also use exop for password handling (see my my config file ldap.conf) > I had checked my logs and now I see this in my log.winbindd-idmap > > === > [2007/12/20 16:58:40, 0] lib/fault.c:fault_report(42) > INTERNAL ERROR: Signal 11 in pid 6122 (3.0.26a) > Please read the Trouble-Shooting section of the Samba3-HOWTO > [2007/12/20 16:58:40, 0] lib/fault.c:fault_report(44) > > From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf > [2007/12/20 16:58:40, 0] lib/fault.c:fault_report(45) This is very very bad. You should never see a "Signal 11". Your hardware is bad, your build is smashed, or something is very seriously mis-configured. > === > [2007/12/20 16:58:40, 0] lib/util.c:smb_panic(1632) > PANIC (pid 6122): internal error > [2007/12/20 16:58:40, 0] lib/util.c:log_stack_trace(1736) > BACKTRACE: 12 stack frames: >#0 /usr/sbin/winbindd(log_stack_trace+0x1c) [0x4d3e9c] >#1 /usr/sbin/winbindd(smb_panic+0x43) [0x4d3f83] >#2 /usr/sbin/winbindd [0x4c1992] >#3 /lib/libc.so.6 [0x2b69c7fe87d0] >#4 /usr/sbin/winbindd(idmap_unixids_to_sids+0x345) [0x5d4a05] >#5 /usr/sbin/winbindd(idmap_uid_to_sid+0x6c) [0x5d7edc] >#6 /usr/sbin/winbindd(winbindd_dual_uid2sid+0x38) [0x479838] >#7 /usr/sbin/winbindd [0x476a27] >#8 /usr/sbin/winbindd [0x44efa8] >#9 /usr/sbin/winbindd(main+0x85c) [0x44fcdc] >#10 /lib/libc.so.6(__libc_start_main+0xf4) [0x2b69c7fd4b44] >#11 /usr/sbin/winbindd [0x44e319] > --- -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.28 and dropboxes
All, I searched archives and found one related to our problem, with subject "samba 3.0.26a and dropboxes", but there was no solution. So posting this again for hopes of a fix. We have dropboxes where users can drop files in someone else's dropbox folder. You have write permissions but not read for the folder. In UNIX the dropbox permision is set as 2733. This all worked fine with Samba 3.0.6a. But now have upgraded to Samba 3.0.28 and they are no longer working. My settings for the share is: [ens] comment = ENS Groups path = /top/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes inherit owner = Yes dos filemode = Yes This is on Solaris 9 UFS filesystem with quotas enabled. Thanks... -- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fwd: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
On Dec 20, 2007 5:53 PM, J <[EMAIL PROTECTED]> wrote: > I wasn't aware that I was using acls (at all). > Are they set up by default, with these versions of Samba? > The problem is XP tries to verify that the user of the profile is the same as the user who has full permissions on the profile. This switch (or a registry setting) will fix that problem (if this is indeed the problem you have). Previous versions of samba and previous XP security packs did not have need this and it may not happen for all users. I saw this problem about 6 months ago when I upgraded to samba-3.0.23. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntconfig.pol not even being loaded
Yep. As it turns out, it does load for some users now. It wasn't before, but a few of the newer users have started getting things applied. I'm planning to do a new policy file from scratch and see what happens. I have a feeling it's just a messed up policy file. TB Adam Williams wrote: did you name it NTConfig.POL and put it in /samba/netlogon and only 2000-Vista clients will load that. for win 95/98 clients I think it needs to be called Config.POL. Tim Bates wrote: At one site I support, I have just recently put a policy file on their server to try and make some stuff easier to manage. Only problem is Windows is not even trying to load it. I watched the traffic in Wireshark, and there's no request for the ntconfig.pol file at all. And of course nothing from it is being applied. I had read that this can happen if someone has set the policy refresh settings to never refresh (or manually or whatever it is), but I have checked this and tried with a newly installed Windows machine, and it still doesn't work. Is there some special setting I am missing? What is the bare minimum for ntconfig.pol to apply? What should the netlogon share definition look like? Global config options that seem relevent are: [global] workgroup = CRDC domain master = yes prefered master = yes domain logons = yes logon path = \\%L\profiles\%U logon script = logon.bat dns proxy = no name resolve order = lmhosts host wins bcast security = user guest account = nobody encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . pam password change = yes socket options = TCP_NODELAY The share definition looks like this: [netlogon] comment = Network Logon Service path = /samba/netlogon guest ok = no writable = yes browsable = no write list = mwheeler, tin, root TB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fwd: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
I wasn't aware that I was using acls (at all). Are they set up by default, with these versions of Samba? John Drescher wrote: On Dec 20, 2007 4:58 PM, J <[EMAIL PROTECTED]> wrote: Incidentally, this is being written (at log level 2), when I attempt to log bryan in: [2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [bryan] -> [bryan] -> [bryan] succeeded If authentication is succeeding, why am I getting the message that the user doesn't exist in Windows? Try adding profile acls = yes to your smb.conf John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unanswered question
Hi Michael, Yeah, if someone is writing to a file in a Samba share, and another user opens it up, they'll be notified that the file is currently in use, and that it's available for read only. This happens all of the time where I work (unfortunately). Depending on what kind of information is stored in your file, you may want to look into storing your data in a database. Hope this helps! --- Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Dykstra Sent: Wednesday, December 19, 2007 10:20 PM To: samba@lists.samba.org Subject: [Samba] Unanswered question How long does one have to typically wait for an answer to a post? Tomorrow my message will have been up a week, and I've gotten no replies. It was about whether a file, while it was being written to, could subsequently be opened by another client for reading. I used a DVR with chasing play as an example. Didn't seem like that difficult of a question, but maybe it isn't geeky enough for some. (Or perhaps the answer is "No" and people are too embarrassed to admit Samba can't do it.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
On Dec 20, 2007 4:58 PM, J <[EMAIL PROTECTED]> wrote: > Incidentally, this is being written (at log level 2), when I attempt to > log bryan in: > > [2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [bryan] -> [bryan] -> > [bryan] succeeded > > If authentication is succeeding, why am I getting the message that the > user doesn't exist in Windows? > Try adding profile acls = yes to your smb.conf John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
Incidentally, this is being written (at log level 2), when I attempt to log bryan in: [2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [bryan] -> [bryan] -> [bryan] succeeded If authentication is succeeding, why am I getting the message that the user doesn't exist in Windows? J wrote: I am trying to test a Samba PDC on our network that currently shares files as a workgroup (with a different name, of course). Microsoft states that this can be done, with no issues (so long as the workgroup and the domain have different names). The permanent home for the shares is on //receptionist. ( The temporary home for the Samba PDC is on //haze. ) Once the PDC has been set up successfully and tested, //receptionist will be switched to work as the PDC, and not a file share. The Windows client I'm testing on is a virtual machine, "virtualx-ray", on the network. Please, does anyone have any ideas??: I have successfully joined the domain, and I can log into the domain with the first user I set up on //haze. (jae) jae is able to log in, successfully loads the custom profile (changing the network neighborhood to use a customized list of network resources), but does not currently update the profile. (one thing at a time) bryan, on the other hand, gets the following messages (and does not log in): Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Logon failure: unknown user name or bad password. bryan is a valid user name (see the passwd file settings below) , and I'm using the correct password. I have restarted both Samba servers every time I made a change in the smb.conf files. There is nothing in the logs (on //haze) that another user is trying to log on, other than jae. Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - The system cannot find the path specified. bryan does NOT exist as a local account on the Windows client. "Jae" did exist, at one time on the Windows client. ( The login name was later changed to "jnorm". Logging in as "Jae" with the valid password on the local client does not work, as it shouldn't. ) I have tinkered with the settings for weeks now, so they are more "open" than they started out. Here are the (appropriate) settings: (//receptionist): [receptionist 133] server.files > smbclient --version Version 3.0.23c-2.el5.2.0.2 [ls -l]: /home/win-profiles: drwxr-xr-x 22 root root 4096 Dec 8 11:37 home drwxrwxrwx 4 jaeusers4096 Dec 17 13:18 win-profiles /misc2/shares/netlogon: drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon [/etc/passwd]: jae:x:500:500:J:/home/jae:/bin/bash bryan:x:501:501::/home/bryan:/bin/bash [/etc/group]: users:x:100:bryan,jae jae:x:500: bryan:x:501: ntadmins:x:550: [/etc/samba/smb.conf]: [global] workgroup = platinum server string = Receptionist security = user hosts allow = 192.168.1. 192.168.0. 127. ;load printers = yes ;printing = cups cups options = raw log level = 2 log file = /var/log/samba/%m.log max log size = 50 interfaces = lo eth0 os level = 33 ;preferred master = yes wins support = yes dns proxy = no username map = /etc/samba/smbusers veto files = /lost+found encrypt passwords = yes ;guest ok = no ;guest account = nobody [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /misc2/shares/netlogon guest ok = yes browseable = No [network-resources] path = /misc2/shares/network-resources guest ok = no browseable = yes writeable = yes writelist = jae [printers] comment = All Printers path = /usr/spool/samba printable = yes guest ok = yes [win-profiles] path = /home/win-profiles browseable = yes writeable = yes #create mask = 0666 #directory mask = 0777 csc policy = disable [SharePPSI] path = /misc2/shares/share.ppsi writeable = yes force create mode = 0660 force directory mode = 2771 # More directory shares, omitted for sake of brevity; # No shares directly off of /home, except for win-profiles. (//haze): [EMAIL PROTECTED] server.files]$ smbclient --version Version 3.0.24-11.fc6 [ls -l]: /home/shares/: ( This is an NFS to //receptionist ) dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon drwxrws--- 3 jaeppsi-employees 4096 Dec 10 12:25 network-r
[Samba] difficulty setting up Samba PDC.. please help... out of ideas
I am trying to test a Samba PDC on our network that currently shares files as a workgroup (with a different name, of course). Microsoft states that this can be done, with no issues (so long as the workgroup and the domain have different names). The permanent home for the shares is on //receptionist. ( The temporary home for the Samba PDC is on //haze. ) Once the PDC has been set up successfully and tested, //receptionist will be switched to work as the PDC, and not a file share. The Windows client I'm testing on is a virtual machine, "virtualx-ray", on the network. Please, does anyone have any ideas??: I have successfully joined the domain, and I can log into the domain with the first user I set up on //haze. (jae) jae is able to log in, successfully loads the custom profile (changing the network neighborhood to use a customized list of network resources), but does not currently update the profile. (one thing at a time) bryan, on the other hand, gets the following messages (and does not log in): Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Logon failure: unknown user name or bad password. bryan is a valid user name (see the passwd file settings below) , and I'm using the correct password. I have restarted both Samba servers every time I made a change in the smb.conf files. There is nothing in the logs (on //haze) that another user is trying to log on, other than jae. Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - The system cannot find the path specified. bryan does NOT exist as a local account on the Windows client. "Jae" did exist, at one time on the Windows client. ( The login name was later changed to "jnorm". Logging in as "Jae" with the valid password on the local client does not work, as it shouldn't. ) I have tinkered with the settings for weeks now, so they are more "open" than they started out. Here are the (appropriate) settings: (//receptionist): [receptionist 133] server.files > smbclient --version Version 3.0.23c-2.el5.2.0.2 [ls -l]: /home/win-profiles: drwxr-xr-x 22 root root 4096 Dec 8 11:37 home drwxrwxrwx 4 jaeusers4096 Dec 17 13:18 win-profiles /misc2/shares/netlogon: drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon [/etc/passwd]: jae:x:500:500:J:/home/jae:/bin/bash bryan:x:501:501::/home/bryan:/bin/bash [/etc/group]: users:x:100:bryan,jae jae:x:500: bryan:x:501: ntadmins:x:550: [/etc/samba/smb.conf]: [global] workgroup = platinum server string = Receptionist security = user hosts allow = 192.168.1. 192.168.0. 127. ;load printers = yes ;printing = cups cups options = raw log level = 2 log file = /var/log/samba/%m.log max log size = 50 interfaces = lo eth0 os level = 33 ;preferred master = yes wins support = yes dns proxy = no username map = /etc/samba/smbusers veto files = /lost+found encrypt passwords = yes ;guest ok = no ;guest account = nobody [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /misc2/shares/netlogon guest ok = yes browseable = No [network-resources] path = /misc2/shares/network-resources guest ok = no browseable = yes writeable = yes writelist = jae [printers] comment = All Printers path = /usr/spool/samba printable = yes guest ok = yes [win-profiles] path = /home/win-profiles browseable = yes writeable = yes #create mask = 0666 #directory mask = 0777 csc policy = disable [SharePPSI] path = /misc2/shares/share.ppsi writeable = yes force create mode = 0660 force directory mode = 2771 # More directory shares, omitted for sake of brevity; # No shares directly off of /home, except for win-profiles. (//haze): [EMAIL PROTECTED] server.files]$ smbclient --version Version 3.0.24-11.fc6 [ls -l]: /home/shares/: ( This is an NFS to //receptionist ) dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon drwxrws--- 3 jaeppsi-employees 4096 Dec 10 12:25 network-resources [/etc/passwd]: jae:x:500:500:J:/home/jae:/bin/bash virtualx-ray$:x:503:526:Machine:/dev/null:/bin/false bryan:x:501:501:bryan:/home/bryan:/bin/bash [/etc/group]: users:x:100:jae,games,bryan jae:x:500: machines:x:526: ntadmins:x:550:jae bryan:x:501: [/etc/samba/smb.conf]: [global] workgroup = ppsi-austin netbios name = fdesk server
[Samba] Complicated upgrade problem
I appologize for the length of this email in advance. I hope someone can help us upgrade our aging samba network environment. === The Environment = We have an ldap-based samba security=domain environment. We have two sets of users/computers administrative and instructional. There are about 1500 admin users on 958 computers in the admin domain, and 11000 users on 821 computers on the instruct domain. Not all the users in these domains are active. (We keep student accounts disabled but not deleted for up to a year after they leave in case they come back.) We're using openldap as the back end store for both domains. We started this before we understood domain trust, so we made some odd decisions for our ldap. ldap schematic: top-level domain +-instruct domain +-users +-groups +-computers +-admin domain +-users +-groups +-computers That's right, the admin domain is a child of the instruct domain. The instruct domain controller/logon server has it's ldapsam set to look at the instruct domain, and by virtue of parenthood, it can "see" the admin accounts. The admin domain controller/logon server can only "see" the lower half of the tree. The result is that students can login on student lab computers, but not on administrative office computers, while instructors can log into their office computers as well as the labs. The ldap entries for each account specify where to find profiles and home directories, so roaming profiles work and everyone can see their home directory as I: and so forth. We even do policies by pushing down .pol files in the login scripts. Samba is 3.014 openldap is 2.0.27 Servers are FC4 Clients are a mix of XP/Win2k(Vista upcoming) === Our Issue = We would like to upgrade to more recent versions of samba. And LDAP. Currently there is a single ldap server, because we had replication issues. So we just back up the ldap data more often. And use nscd to cut down on queries. I'd like to take advantage of newer OS's for things like iscsi, and larger file systems. We'd also like to get samba support for aging passwords. Anyway, when we try, we run into some issues. It turns out that our two domains have the same domain sid. This apparently disturbs Samba 3.020+. So I think that our odd ldap structure won't work going forward. What I need is some guidance on: 1. What should our new ldap schematic be? 2. How do I migrate there one domain at a time (if possible)? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with samba 3.0.28/Solaris 8/smbclient
On Wed, Dec 19, 2007 at 06:18:50PM +0100, Volker Lendecke wrote: > On Wed, Dec 19, 2007 at 09:35:15AM -0600, Kenneth Marshall wrote: > > Is there anything else I can do to help track this problem down? > > Is anyone else running Samba 3.0.28 on Solaris 8? With Heimdal Kerberos > > or with MIT Kerberos? I would appreciate any feedback. > > I'd be surprised if this is kerberos specific. Can we see a > tcpdump of smbclient doing its job up to the crash? > > Volker I agree with you that this problem is not kerberos specific. My suspicion is that, as was suggested in another reply, there is a problem with one of the function definitions. I am currently looking at the vasprintf() function provided with Samba in the replace library and also by Heimdal in the roken library. I will follow-up to the list with my results. Cheers, Ken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntconfig.pol not even being loaded
did you name it NTConfig.POL and put it in /samba/netlogon and only 2000-Vista clients will load that. for win 95/98 clients I think it needs to be called Config.POL. Tim Bates wrote: At one site I support, I have just recently put a policy file on their server to try and make some stuff easier to manage. Only problem is Windows is not even trying to load it. I watched the traffic in Wireshark, and there's no request for the ntconfig.pol file at all. And of course nothing from it is being applied. I had read that this can happen if someone has set the policy refresh settings to never refresh (or manually or whatever it is), but I have checked this and tried with a newly installed Windows machine, and it still doesn't work. Is there some special setting I am missing? What is the bare minimum for ntconfig.pol to apply? What should the netlogon share definition look like? Global config options that seem relevent are: [global] workgroup = CRDC domain master = yes prefered master = yes domain logons = yes logon path = \\%L\profiles\%U logon script = logon.bat dns proxy = no name resolve order = lmhosts host wins bcast security = user guest account = nobody encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . pam password change = yes socket options = TCP_NODELAY The share definition looks like this: [netlogon] comment = Network Logon Service path = /samba/netlogon guest ok = no writable = yes browsable = no write list = mwheeler, tin, root TB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Browsing List
HI there guys, I,m having the same problem like this guys in the link bellow, but noone aswered it. http://lists.samba.org/archive/samba/2006-August/124015.html Do no know what really happened in my configuration, the day after I was able to add machines to the domain and the like, yesterday I could not, and I'm having the same problem, the smbclient -L localhost shows only my machine, is this related to samba or can I thinks that this is something external to samba?, the firewall is down, policy accept by default, I'm using samba with ldap as a backend The machine is debian etch with samba 3.0.24, when I try to add a user to the domain it comlain ( win machine ) that the user doesn exist or wrong password, genten passwd and groiup show susers and machines. Any clue what can I check? Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Giving access only to a particular share from an IP (hosts allow)?
Jari Aalto wrote: > [Please keep CC] > > There are options like these: > > [global] > hosts allow = \ > 127.0.0.0/8 \ > 192.168.1.0/29 > > hosts deny = ALL > > If I put the IP to the global section (hosts allow), that IP would be > allowed to access all shares. > > I'd like an outside (internet) IP to be allowed to access only a certain > share and not others. Is this kind of finer control possible? Take a look at: http://wiki.samba.org/index.php/1.4_Samba_Security > > Jari -- andreas signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] re: editposix setup
> > i've setup the samba environment like described in the wiki: > > http://wiki.samba.org/index.php/Ldapsam_Editposix > > I can now easily add windows user / machines when using the policies for > > "Administrator". > > I have also setup unix account session auth via libpam_ldap, libnss_ldap > > like described here: > > http://www.gentoo.org/doc/en/ldap-howto.xml > > Some things i dont understand: > > 1. How is the unix password set for the windows users? Depends on your settings; usually Samba will set both passwords or use exop which should set both passwords. Note - I haven't bothered to look at the Wikis you mentioned. If you want to setup Samba you should do so using the Samba documentation. > > When i su it is not accepting the win password. > > I also tried editing the unix password via ldap-account-manager but also > > with no luck. > > Is a unix password set in general when creating new accounts? In general, yes, but it depends on your settings. > > With my unixuseraccounts migrated to ldap via migrationsscipt (the ones > > used in the gentoo article) it is possible to su . Have no idea about your migration script but yes; we can su in our Samba-PDC/LDAP environment. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ http://us1.samba.org/samba/docs/man/Samba-Guide/ Use the official documentation, except no substitutes, and don't use Wikis. There is really nothing distro-specific about setting up Samba and/or LDAP. > > 2. How do I make a sambadomain user out of such a migrated unix user? You use smbpasswd or generate the required data with a script. > > 3. When creating accounts the user homes per default points to > > /home/domainname/user. How can I change that? This is a setting in your user add scripts (I'd assume). -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] re: editposix setup
Oh dear, I apologise for my typo in subject. Obviously it should mean: EDITPOSIX SETUP. > Hi, > > i've setup the samba environment like described in the wiki: > http://wiki.samba.org/index.php/Ldapsam_Editposix > > I can now easily add windows user / machines when using the policies for > "Administrator". > > I have also setup unix account session auth via libpam_ldap, libnss_ldap > like described here: > > http://www.gentoo.org/doc/en/ldap-howto.xml > > Some things i dont understand: > > 1. How is the unix password set for the windows users? > When i su it is not accepting the win password. > I also tried editing the unix password via ldap-account-manager but also > with no luck. > > Is a unix password set in general when creating new accounts? > > With my unixuseraccounts migrated to ldap via migrationsscipt (the ones > used in the gentoo article) it is possible to su . > > 2. How do I make a sambadomain user out of such a migrated unix user? > > 3. When creating accounts the user homes per default points to > /home/domainname/user. How can I change that? > > Thanks for any reply/feedback for my configs > > Gunnar > > my smb.conf: > --- > [global] > #pdc > netbios name = TIGGER > workgroup = th-domain > domain logons = yes > > #path > logon home = \\%N\%U > logon path = \\%N\%U\.winprofile > > #password > encrypt passwords = true > passdb backend = ldapsam > > #ldap > ldap suffix = dc=th-domain,dc=lan > ldapsam:trusted = yes > ldapsam:editposix = yes > ldap admin dn = cn=admin,dc=th-domain,dc=lan > ldap delete dn = yes > ldap group suffix = ou=groups > ldap machine suffix = ou=computers > ldap user suffix = ou=peoples > ldap idmap suffix = ou=idmap > > #idmap > idmap domains = th-domain > idmap config th-domain:backend = ldap > idmap config th-domain:readonly = no > idmap config th-domain:default = yes > idmap config th-domain:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan > idmap config th-domain:ldap_user_dn = cn=admin,dc=th-domain,dc=lan > idmap config th-domain:ldap_url = ldap://localhost > idmap config th-domain:range = 5-50 > idmap alloc backend = ldap > idmap alloc config:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan > idmap alloc config:ldap_user_dn = cn=admin,dc=th-domain,dc=lan > idmap alloc config:ldap_url = ldap://localhost > idmap alloc config:range = 5-50 > > #logging > log level = 1 > --- > my nsswitch/pam /etc/ldap.conf > --- > ssl off > suffix "dc=th-domain,dc=lan" > uri ldap://localhost > pam_password exop > > rootbinddn "cn=root,dc=th-domain,dc=lan" > > ldap_version 3 > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute memberuid > nss_base_passwd ou=peoples,dc=th-domain,dc=lan > nss_base_shadow ou=peoples,dc=th-domain,dc=lan > nss_base_group ou=groups,dc=th-domain,dc=lan > nss_base_hosts ou=hosts,dc=th-domain,dc=lan > > scope one > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] reload smbd by smbcontrol and current smbd behavor
Dear list, I want to reload new smb.conf by smbcontrol command. When invoke smbcontrol relload command, all current smbd close session? I tested "smbcontrol smbd reload-config" , all running smbd is still rinning and no seccion disconnect. Is this behavor is right operation? -- --- Oota Toshiya --- oota at mail.linux.bs1.fc.nec.co.jp NEC Computers Software Operations Unit Shiba,Minato,Tokyo Open Source Software Platform Development Division Japan,Earth,Solar system (samba-jp/ldap-jp Staff,mutt-j admin,analog-jp/samba-jp postmaster) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unanswered question
On Dec 20, 2007 4:20 AM, Michael Dykstra <[EMAIL PROTECTED]> wrote: > How long does one have to typically wait for an answer to a post? > Tomorrow my message will have been up a week, and I've gotten no replies. > It was about whether a file, while it was being written to, could > subsequently be opened by another client for reading. I used a DVR with > chasing play as an example. Didn't seem like that difficult of a question, > but maybe it isn't geeky enough for some. (Or perhaps the answer is "No" and > people are too embarrassed to admit Samba can't do it.) > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Hello Michael, With open source projects, people involved are volunteering their time and skills. As such, people asking for help shouldn't really _demand_ for answers (of course, if you want to demand anything, there are plenty of companies giving Samba support - not free, I'm afraid). Please handle it gently :). If Samba can't do it, you'll be told upfront (no one will be embarassed). Cheers, Ari Constancio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unanswered question
On 19 Dec 2007 at 20:20 Michael Dykstra fed the net: > How long does one have to typically wait for an answer to a post? > (...) Didn't seem like that > difficult of a question, but maybe it isn't geeky enough for some. > (Or perhaps the answer is "No" and people are too embarrassed to > admit Samba can't do it.) There is not a deterministic time ta get a reply: assume two hypothesis, H0: there is an answer and someone know what is, whether is positive or negative. H1: there is an answer, many people know that there is but is not able to give it. on H1 the reply should _not_ come: the only answer that could come is "i know it is possible but i do not know how" ... and this does not help a lot. on H0 the time is indefinite too: if the reply is not "easy" (or is even really easy, but only few people knopw, think of an obscure setting used only once every five years) you have to wait that your question is noticed by someone that know what is and have the time to reply it ! Once i got an answer on a program 18 months after i posted the question on the list (the reply was correct and useful, but in the meantime i had decided to use another application). -- Leonardo Boselli Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze tel +39 0554796431 cell +39 3488605348 fax +39 055495333 http://www.dicea.unifi.it/~leo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Giving access only to a particular share from an IP (hosts allow)?
[Please keep CC] There are options like these: [global] hosts allow = \ 127.0.0.0/8 \ 192.168.1.0/29 hosts deny = ALL If I put the IP to the global section (hosts allow), that IP would be allowed to access all shares. I'd like an outside (internet) IP to be allowed to access only a certain share and not others. Is this kind of finer control possible? Jari -- Welcome to FOSS revolution: we fix and modify until it shines -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
