[Samba] Re: Need help with SWAT
Donald Woeltje wrote: No matter what I try, I cannot get SWAT to work. No, I'm new to solaris, so maybe I'm not doing something that should be done prior to trying to use SWAT. Samba does seem to be working, somewhat. I can connect to a share using the smbclient on the same solaris system that I installed samba onbut I cannot connect to the share on the solaris system with my Windows XP system. Since it is part of a domain, it's possible that the sysadmins may have some sort of AD policy in affect that is preventing me from connecting to the solaris system's Windows-compatible resources. So, until I try at home, I can't say definitively that Windows to Samba functionality isn't working at all. It just isn't working from my Windows client to my Solaris Samba network shares. But the smbclient program does connect to the shares successfully. But no matter what I do, I cannot get SWAT to work. I've read the FAQ's and HOWTO's; I can't find anything on troubleshooting SWAT problems. Maybe I don't have inetd setup properly? Or maybe there is something else I've missed. I could really use some help. Can you describe your network topology a bit more? Are you trying to cross subnets, firewalls, routers, and what browsing protocol(s) are you employing for resolution? Tell me a bit about how your authenticating yourself to the samba server(security mode, user or guest, etc...) and the security measures you have in place on the solaris box (firewall, ACLs, perms, etc...). Also, do your logs indicate anything amiss, or are you receiving ICMPs back at all? Do you get an error from the windows client? This information should provide a somewhat more clear picture of what's going on. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Need help with SWAT
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Donald Woeltje wrote: > No matter what I try, I cannot get SWAT to work. No, I'm new to > solaris, so maybe I'm not doing something that should be done prior > to trying to use SWAT. Samba does seem to be working, somewhat. I can > connect to a share using the smbclient on the same solaris system > that I installed samba onbut I cannot connect to the share on the > solaris system with my Windows XP system. Since it is part of a > domain, it's possible that the sysadmins may have some sort of AD > policy in affect that is preventing me from connecting to the solaris > system's Windows-compatible resources. So, until I try at home, I > can't say definitively that Windows to Samba functionality isn't > working at all. It just isn't working from my Windows client to my > Solaris Samba network shares. But the smbclient program does connect > to the shares successfully. > > But no matter what I do, I cannot get SWAT to work. I've read the > FAQ's and HOWTO's; I can't find anything on troubleshooting SWAT > problems. Maybe I don't have inetd setup properly? Or maybe there is > something else I've missed. > > I could really use some help. Can't get SWAT to work is very non-specific. It does not tell me what to say for you to lead off with. You need to try the standard UNIX tests (telnet to the port it's supposed to be running on, etc.) and see what exactly is not happening. - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHhEcDmb+gadEcsb4RAp2IAJ9K/LqLLWedbq4KQWaMF7Lx3VVcbgCfZFeN fPtpMWLIYYvcN0inTNAngFw= =mhE8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Policy in Samba 4 Alpha 1, not available?
On Mon, 2008-01-07 at 13:06 -0500, Adam McCarthy wrote: > I got Samba 4 Alpha 1 up and running nice and smoothly. I followed the wiki > instructions for group policy but when I right click the Organizational > Unit, it doesn't not seem to have Group Policy in the properties. > > Also, the latest Samba 4 just seems to crash MMC, so I can't really try it > with the latest. I'm trying Alpha 2 though. > > Anyone know what I'm having this problem? I've not seen MMC crash, but anything is possible. As you noticed, the best place for Samba4 questions is samba-technical, while it remains under such a state of development. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking with NFS backend.
On Wed, Jan 09, 2008 at 12:12:14AM +0100, Jan Hugo Prins wrote: > What is the reason that it won't come back. > Is there noone to maintain it? Is it to difficult? Caused too much confusion, and it is by far not the only search we're doing against ldap these days. So in theory you would have to have to describe every search we're doing with a separate filter option. Not good. Volker pgpfNcUjPoz5R.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking with NFS backend.
Volker Lendecke wrote: On Wed, Jan 09, 2008 at 12:08:53AM +0100, Jan Hugo Prins wrote: No, we are talking here about a different patch. It's a ldap filter funtionality that is removed a while back, while we still need it in our environment. Ah, ok. Sorry for the confusion. No, "ldap filter" won't come back Sorry :-) Volker What is the reason that it won't come back. Is there noone to maintain it? Is it to difficult? Jan Hugo Prins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking with NFS backend.
On Wed, Jan 09, 2008 at 12:08:53AM +0100, Jan Hugo Prins wrote: > No, we are talking here about a different patch. > It's a ldap filter funtionality that is removed a while back, while we > still need it in our environment. Ah, ok. Sorry for the confusion. No, "ldap filter" won't come back Sorry :-) Volker pgpHjHx8hf0Ej.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking with NFS backend.
Volker Lendecke wrote: On Tue, Jan 08, 2008 at 10:27:51AM -0800, Jeremy Allison wrote: Is the filter patch more generally useful ? Do you think it's worth submitting to the list or as a feature request ? We have it already in the bug report -- I'm waiting for the reporter to give his ok to check this in as GPL. Right now it says "public domain" Volker No, we are talking here about a different patch. It's a ldap filter funtionality that is removed a while back, while we still need it in our environment. Jan Hugo Prins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking with NFS backend.
Jeremy Allison wrote: On Tue, Jan 08, 2008 at 01:12:58AM +0100, Jan Hugo Prins wrote: The main reason we don't use the Cifs capabilities of the Isilon cluster is that it doesn't support how we use Samba / Ldap. We have 1 LDAP tree, with all little OU's and each OU is the container for 1 domain. We use a filter to make sure that a user that connect to the samba he has access to, only sees his part of the LDAP tree. This filter functionality is something that is not available in the stock samba, it was before, and we patch it back into every samba we use in production. We can't patch it into the Cifs server on the Isilon cluster. You should be able to - it's just Samba and so you have the source code. Is the filter patch more generally useful ? Do you think it's worth submitting to the list or as a feature request ? Jeremy. The filter patch is very usefull and a while back it was in the code. But as I understood from my colleges is was removed because noone seemed to understand what you could do with it and therefor noone needed it. We need it very much and that's why we have reverse engineered the patch that removed this functionality and patch it back in every time we go to a new version of Samba. Jan Hugo Prins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking with NFS backend.
On Tue, Jan 08, 2008 at 10:54:24PM +0100, Volker Lendecke wrote: > On Tue, Jan 08, 2008 at 10:27:51AM -0800, Jeremy Allison wrote: > > Is the filter patch more generally useful ? Do you think > > it's worth submitting to the list or as a feature request ? > > We have it already in the bug report -- I'm waiting for the > reporter to give his ok to check this in as GPL. Right now > it says "public domain" Ok, thanks. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking with NFS backend.
On Tue, Jan 08, 2008 at 10:27:51AM -0800, Jeremy Allison wrote: > Is the filter patch more generally useful ? Do you think > it's worth submitting to the list or as a feature request ? We have it already in the bug report -- I'm waiting for the reporter to give his ok to check this in as GPL. Right now it says "public domain" Volker pgpDB9sJwnylF.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking with NFS backend.
On Tue, Jan 08, 2008 at 01:12:58AM +0100, Jan Hugo Prins wrote: > The main reason we don't use the Cifs capabilities of the Isilon cluster > is that it doesn't support how we use Samba / Ldap. > We have 1 LDAP tree, with all little OU's and each OU is the container > for 1 domain. > We use a filter to make sure that a user that connect to the samba he > has access to, only sees his part of the LDAP tree. > This filter functionality is something that is not available in the > stock samba, it was before, and we patch it back into every samba we use > in production. > We can't patch it into the Cifs server on the Isilon cluster. You should be able to - it's just Samba and so you have the source code. Is the filter patch more generally useful ? Do you think it's worth submitting to the list or as a feature request ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issues with samba PDC + WinXP clients
I know this is slightly off topic, but does anyone know of a good LDAP explanation manual or something? I somewhat understand LDAP, but when I look on Google for info, it's always so complicated or something. On Jan 8, 2008 1:14 AM, theands <[EMAIL PROTECTED]> wrote: > > Hello > I also have the same problem, would anyone have a solution for me? > > > > Cybionet wrote: > > > > Greeting mikko, > > > > Don't use the registry modification! It is not necessary and cause > > security vulnerability on the Windows professionnal client. > > > > Your LDAP section seen not to be configure correctly on the smb.conf. > > But it's is not the actual problem with the error message. I can't > > remember what is the problem, but it is very simple to resolve. I will > > make some test to have the same error...surely not to long to reproduce > > :-). > > > > If you use LDAP, I suggest you to not use logon options in Samba but > > use the LDAP options in the directory. > > > > By example: > > > >logon home --> sambaHomePath > >logon path --> sambaProfilePath > >logon drive --> sambaHomeDrive > >logon script --> sambaLogonScript > > > > Robert > > > >> Hello, > >> > >> I've been trying to configure samba 3.0.23d to work as PDC for a few > >> days now. I can successfully join computer to domain but logging with > >> user credentials fails with error message: > >> > >> The system can not log you on due to the following error: > >> > >> The system cannot find message text for message number 0x%1 in the > >> message file for %2 > >> > >> > >> Eventlog on windows side doesnt show anything usefull. I did all > >> registry tricks on windows side (Sign secure channel). > >> > >> Heres my smb.conf: > >> > >> [global] > >> ; General setting > >> netbios name = SMBADS > >> workgroup = TESTDOMAIN > >> os level = 64 > >> wins support = true > >> > >> ; PDC Settings > >> preferred master = yes > >> local master = yes > >> > >> domain master = yes > >> domain logons = yes > >> > >> security = user > >> encrypt passwords = true > >> > >> ; Log settings > >> log level = 2 > >> log file = /var/log/samba/log.%m > >> syslog = 0 > >> server string = SAMBA-LDAP PDC Server %v > >> > >> ; user profiles and home directory > >> logon home = \\%L\%U\ > >> logon drive = h: > >> logon path = \\%L\profiles\%U > >> logon script = netlogon.bat > >> > >> ; LDAP Configuration > >> passdb backend = ldapsam:ldap://127.0.0.1 > >> ldap suffix = dc=example,dc=com > >> ldap machine suffix = ou=machines > >> ldap user suffix = ou=users > >> ldap group suffix = ou=groups > >> ldap admin dn = cn=admin,dc=example,dc=com > >> ldap delete dn = no > >> ldap password sync = yes > >> enable privileges = yes > >> > >> > >> [homes] > >> comment = Home Directories > >> browseable = no > >> writeable = yes > >> > >> [netlogon] > >> comment = Network Logon Service > >> path = /var/lib/samba/netlogon > >> guest ok = Yes > >> browseable = No > >> > >> [profiles] > >> path = /var/lib/samba/profiles > >> read only = no > >> create mask = 0600 > >> directory mask = 0700 > >> > >> > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > -- > View this message in context: > http://www.nabble.com/Issues-with-samba-PDC-%2B-WinXP-clients-tp7755676p14683249.html > Sent from the Samba - General mailing list archive at Nabble.com. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- "Let God be with you." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Need help with SWAT
No matter what I try, I cannot get SWAT to work. No, I'm new to solaris, so maybe I'm not doing something that should be done prior to trying to use SWAT. Samba does seem to be working, somewhat. I can connect to a share using the smbclient on the same solaris system that I installed samba onbut I cannot connect to the share on the solaris system with my Windows XP system. Since it is part of a domain, it's possible that the sysadmins may have some sort of AD policy in affect that is preventing me from connecting to the solaris system's Windows-compatible resources. So, until I try at home, I can't say definitively that Windows to Samba functionality isn't working at all. It just isn't working from my Windows client to my Solaris Samba network shares. But the smbclient program does connect to the shares successfully. But no matter what I do, I cannot get SWAT to work. I've read the FAQ's and HOWTO's; I can't find anything on troubleshooting SWAT problems. Maybe I don't have inetd setup properly? Or maybe there is something else I've missed. I could really use some help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] solaris9+winbind+getent
I've searched the mailing list archives and google and seen quite a bit of this with no solutions. Was hoping to reach out here and find someone who has this working. 1. Solaris 9 (sparc) 2. Samba 3.0.28 3. ADS enabled, trying to integrate with a Win2k AD setup wbinfo works great. I can pull all the groups/users just fine. I've read where we need to kill the nscd daemon, done and no difference. Does anyone have all this working on Solaris 9? I had to download/compile latest kerberos (MIT), openldap, etc, and we have everything working great on our linux machines. 'getent group' comes up with just the local groups. pam.conf: login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 login auth optional /usr/lib/security/pam_winbind.so try_first_pass rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_auth.so.1 rlogin auth optional /usr/lib/security/pam_winbind.so try_first_pass rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_auth.so.1 ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_auth.so.1 other auth optional /usr/lib/security/pam_winbind.so try_first_pass passwd auth required pam_passwd_auth.so.1 cronaccount requiredpam_projects.so.1 cronaccount requiredpam_unix_account.so.1 other account requisite pam_roles.so.1 other account requiredpam_projects.so.1 other account requiredpam_unix_account.so.1 other account sufficient /usr/lib/security/pam_winbind.so other session requiredpam_unix_session.so.1 other session sufficient /usr/lib/security/pam_winbind.so try_first_pass other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 #rlogin auth optional pam_krb5.so.1 try_first_pass #login auth optional pam_krb5.so.1 try_first_pass #other auth optional pam_krb5.so.1 try_first_pass #cron account optionalpam_krb5.so.1 #other account optionalpam_krb5.so.1 #other session optionalpam_krb5.so.1 #other password optional pam_krb5.so.1 try_first_pass - /etc/nsswitch.conf: passwd: files winbind group: files winbind # You must also set up the /etc/resolv.conf file for DNS name # server lookup. See resolv.conf(4). hosts: files dns wins ipnodes:files wins # Uncomment the following line and comment out the above to resolve # both IPv4 and IPv6 addresses from the ipnodes databases. Note that # IPv4 addresses are searched in all of the ipnodes databases before # searching the hosts databases. Before turning this option on, consult # the Network Administration Guide for more details on using IPv6. #ipnodes: files dns networks: files winbind protocols: files winbind rpc:files winbind ethers: files netmasks: files winbind bootparams: files publickey: files # At present there isn't a 'files' backend for netgroup; the system will # figure it out pretty quickly, and won't use netgroups at all. netgroup: files winbind automount: files windbind aliases:files services: files sendmailvars: files printers: user files auth_attr: files prof_attr: files project:files -- Thanks in advance.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Terminal Server entries in SambaPDC
Hello, is it possible to modify Terminal Server entries like 'Terminal Server Profile Path' and 'Terminal Server Home Directory' with 'pdbedit'? In case of 'yes', idd like to know the syntax. In case of 'no', can it be done otherwise (except for the usermanager in Windows)? Thanks in advance, Frank van Kruijl ___ GeoDelft - National institute for geo-engineering Stieltjesweg 2 P.O. Box 69 2600 AB Delft The Netherlands tel. +31 (0)15-2693500 fax. +31 (0)15-2610821 www.GeoDelft.nl ___ The General Delivery Conditions of the GeoDelft Institute, deposited with the Clerk's Office at the Law Courts of The Hague, are applicable to all offers and signed agreements, as well as any subsequent delivery of services and products and the performance of any subsequent activities. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking with NFS backend.
Jan Hugo Prins wrote: Volker Lendecke wrote: On Mon, Jan 07, 2008 at 10:38:30PM +0100, Jan Hugo Prins wrote: Is this a known issue with a sollution, or have I fould a problem here without a current sollution? https://bugzilla.samba.org/show_bug.cgi?id=5168 See the module that is attached in comment#2. Volker Thanks a lot, we are going to test this one. In theory it is exactly what we were looking for. Have been going throught the man pages for 3 hours last night hoping to find something like this, but couldn't find it. :-) Jan Hugo Thanks a very big lot. Just finished testing and, apart from some extra test done by the customer, everything looks very good. Greetings, Jan Hugo Prins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba locking with NFS backend.
Volker Lendecke wrote: On Mon, Jan 07, 2008 at 10:38:30PM +0100, Jan Hugo Prins wrote: Is this a known issue with a sollution, or have I fould a problem here without a current sollution? https://bugzilla.samba.org/show_bug.cgi?id=5168 See the module that is attached in comment#2. Volker Thanks a lot, we are going to test this one. In theory it is exactly what we were looking for. Have been going throught the man pages for 3 hours last night hoping to find something like this, but couldn't find it. :-) Jan Hugo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Do I need Winbind?
Sounds like a bug I filed a couple of weeks ago. Do you have the line msdfs proxy = no in your config, perchance? Ref: 0002554: "msdfs proxy = no" in smb.conf causes shares to be unavailable. http://bugs.centos.org/view.php?id=2554 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
