Re: [Samba] krb5.conf file in /var/lib/samba/smb_krb5; Samba 3.0.27a

[Alex de Vaal]

Hello Eric,

Thnx for your answer, now I know I couldn't find anything about the
subject... ;-)
Before I asked the question about the krb5.conf file in
/var/lib/samba/smb_krb5 I searched all Samba documentation and googled
around, but I didn't find an answer that satisfied me.
I already noticed that this file has a link with the gencache.tdb file, I
played around with this in my test environment (remove the files and start
the daemons and look what is in it with a binary editor).

I'd like to understand what the file does, because my Samba domain members
in the live environment have no DC's in the same IP net, they are all behind
routers. So I want to know how this works, before I use Samba 3.0.27a in my
live AD environment.

BTW; you can see with "netstat -na | grep 445" to which DC the Samba server
is talking to...

Regards,
Alex.



On Wed, Feb 27, 2008 at 5:52 PM, Eric Roseme <[EMAIL PROTECTED]>
wrote:

> I asked a co-worker who attended the Samba workshop last September to
> pose the following question.  The answer follows (maybe it will help):
>
> Q1.   Will the new (3.0.25b) krb5 code (that creates a
> Samba-specific krb5.conf file) be documented somewhere?
>
>
> A1.  Samba does not have documentation about the Samba-specific
> krb5.conf that is placed in locking directory. And also, after running
> kinit to obtain Kerberos ticket, Samba stores the ticket into memory
> tdb, probbaly gencache.tdb. But Samba doesn't provide a tool to allow
> users to see which DC Samba is talking to. Currently, we can use klist
> to see which domain is being used by Samba.
>
> Obviously this does not answer your question about how it works, but it
> might get you closer.
>
> Eric Roseme
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba server joining domain and browsing group shares

[Alex de Vaal]

Hello,

Want you want is rather easy, I have it running.

My Samba server (on Red Hat) is Domain member of a W2k3 native AD, so it is
joined to the domain (net ads join -Uusername%password)

This is how my smb.conf looks like:


# Global Parameters Needed For Samba 3.0.27a
[global]
workgroup = TEST
realm = TEST.COM
server string = %h server (Samba %v)
security = ADS
password server = adm04.test.com, adm01.test.com
log file = /var/log/samba/%m.log
max log size = 200
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap cache time = 660
domain master = No
ldap timeout = 15
idmap uid = 1-3
idmap gid = 1-3
template homedir = /data/hom/%U
template shell = /bin/bash
winbind cache time = 660
printer admin = "@TEST.COM\Domain Admins", @TEST.COM\DEP_ADMIN
oplocks = No
level2 oplocks = No
default devmode = No
enable privileges = Yes
host msdfs = No
msdfs root = No
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = No
printing = cups
strict locking = Yes

[homes]
comment = Home Directories
read only = No
create mask = 0600
directory mask = 0700
browseable = No

[grp]
comment = Group Directory
path = /data/grp
valid users = @TEST.COM\DEP_TEST_MEMBER
read only = No
inherit permissions = Yes
hide unreadable = Yes


On the server you have to use the chown command and chmod command to give
the AD group DEP_TEST_MEMBER access on the Linux filesystem:
chmod g+s /data/grp
chown 0:"TEST\DEP_TEST_MEMBER" /data/grp

I have 200+ sites running like this... ;-)

Regards,
Alex.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] net user info result depends on protocol and is not syncing with ldap

[Leo von Klenze]

Hello,

I have a samba pdc running with openldap as backend. I have ou's for
user and groups and used smbldap-populate to create the ldap entries. I
can add windows clients and authenticate but i have a problem with the
net tool (lvk is an samba user too):

net -U Administrator rpc user info lvk

will return

Domain Users





When running

net -U Administrator rap user info lvk

I get

lvk
svn-users

Why does only the rap protocol return the ldap groups?
The biggest problem is, that if I change the membership of a user using
phpldapadmin the result of the net tool doesn't display the change for a
long time. Restarting the samba service does not help. I don't know when
the cache (if present) of net is updated. In the log I see that samba is
contacting the ldap server.


I'm using
samba 3.0.24
openldap 2.3.30
Debian Etch (Kernel 2.6.18-5-686)

Thank you for any help,
bye Leo

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba/LDAP Question

[Brian May]

> "Hector" == Hector Blanco <[EMAIL PROTECTED]> writes:

Hector> Thank you Steve and Frank...  ... I can see something
Hector> in your Ldifs that I don't have: The "objectClass:
Hector> sambaSamAccount"... I bet this is important in order to
Hector> have Samba working!! Hehe... I'll keep working on this
Hector> line... :)

I would think the missing "sambaNTPassword" might also be important.
-- 
Brian May <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba server joining domain and browsing group shares

[Victor Mendez]

Hello I have a small network and would like to add samba to our environment. 
This what I would like to accomplish:
- We have a ADS PDC ( windows 2000 server)
-  We have 27 workstations windows XP-PRO

We have recently bought a new server, and installed OPENSUSE 10.3 and we have 
installed and configure samba. Basically we want to use the new samba server 
as a data repository server. 

In the windows environment we have 4 groups, management which has 4 users, 
Accounting which has 5 users, sales which has 3 users and ingeneering that 
has  15 users.

we would like that the users in each group only have access to the files for 
their corresponding group in the samba server. i.e accounting sees the 
accounting share only etc. this groups are defined in the PDC ADS machine not 
in the samba server.

My question is how do I configure the samba server to inherit the groups 
defined in the windows PDC ADS machine.

I  Include a copy of the /etc/samba/samba.conf file:

 # smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2007-12-04
[global]
workgroup = NETSYS
realm = NETSYSTEMSINFO.COM
preferred master = no
server string = Linux file server
security = ADS
encrypt passwords = yes
log level = 3
printcap name = cups
printing = cups
cups options = raw
winbind enum users  = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind separator = +
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
#security = user
add machine script = /usr/sbin/useradd  -c 
Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
netbios name = cuzco
usershare allow guests = No
use kerberos keytab = true
idmap gid = 1-2
idmap uid = 1-2
template homedir = /home/%D/%U
#winbind refresh tickets = yes
password server = arequipa.netsystemsinfo.com
#winbind cache time  = 600
allow trusted domains = yes

[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes

[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/

[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775

[management]
comment = Management files
inherit acls = Yes
path = /Management
read only = No
valid users = @Documentaries
admin users = vmendez

[accounting]
comment = Accounting  files
inherit acls = Yes
path = /Accounting
read only = No
valid users = @Movies
admin users = vmendez

[sales]
comment = Sales files
inherit acls = Yes
path = /Sales
read only = No
valid users = @Series
admin users = vmendez
[ingeneering]
comment = Ingeneering files
inherit acls = Yes
path = /Ingeneering
read only = No
valid users = @Series
admin users = vmendez

## Share disabled by YaST
# [netlogon]
-
I also include a copy of my /etc/krb5.conf file
[libdefaults]
default_realm= NETSYSTEMSINFO.COM
dns_lookup_realm = false
dns_lookup_kdc   = false
ticket_lifetime  = 24h
forwardable  = yes
#clockskew = 300

[realms]
NETSYSTEMSINFO.COM = {
kdc = arequipa.netsystemsinfo.com
admin_server = arequipa.netsystemsinfo.com
default_domain = netsystemsinfo.com
}

[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON

[domain_realm]
#*.netsystemsinfo.com = NETSYSTEMSINFO.COM
.kerberos.server= NETSYSTEMSINFO.COM
.netsystemsinfo.com = NETSYSTEMSINFO.COM

[appdefaults]
pam = {
ticket_lifetime = 36000
renew_lifetime  = 36000
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 1
use_shmem = sshd
krb4_convert   = false
}
---

[Samba] Samba and wins

[Dominic Iadicicco]

Hello all,


 I have two different samba domains on the same subnet.  Both have there
own samba PDC. We'll call them "staff" and "public".  The subnet is a
172.16.12.0 subnet.  Both PDC are acting as wins servers for there own
domain. This works fine so far.  I want to be able to sync the staff
browse list with the public browse list.  I put "Remote browse sync = (IP
address of the public server) " option on the staff PDC and restarted
samba on that machine.  How do I know if it is really doing anything? 
When I ping a machine on the other domain it still doing it via
broadcasting and when I look at the nmbd.log file of the staff domain
controller I see nothing about a browse sync.   Could someone point me in
the right direction as to where I should look next.  If you want more
info please don't hesitate to ask.


Dominic Iadicicco
South County Library

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbind+ldap = core dump

[Douglas VanLeuven]

Robin wrote:
> Hi,
> I use samba 3.0.26a on fedora 8 as a fileserver for a win 2k3 domain.  This
> has worked fine for about 2 months without any problems.  However I came to
> the server 3 days ago and the harddrive was 100% full.  On checking I found
> 60gb of core dumps in the winbind folder.  I did a lot of searching and
> couldnt find anything relevent for this release.  I tried upgrading samba to
> 3.0.28 (fc8 supplied rpm) and this does the same.  The log.winbindd-idmap
> log suggests to me that it has a problem with ldap and empty results, so I
> made a quick script to check for gaps in the ldap records and found that
> several uid and gid numbers were not assigned (ie there was no entry for
> them in ldap, even though there were entries after them).
> 
> Winbind does still mostly work just fails once in about every 10 tries.  I
> believe it fails for both samba and dovecot (pop3/imap mail server).  At the
> moment we are generating about 10gb/hour of core dumps which a cron job is
> keeping cleaned up.  Has anyone got any ideas on this? also is it possible
> to tell samba/winbind not to do core dumps?

enable core files = No

Sorry, can't help with the ldap though.

Regards, Doug
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba/LDAP Question

[Hector Blanco]

Thank you Steve and Frank...

... I can see something in your Ldifs that I don't have: The
"objectClass: sambaSamAccount"... I bet this is important in order to
have Samba working!! Hehe... I'll keep working on this line... :)

Thank you again!

2008/2/27, Frank J. Pellegrino <[EMAIL PROTECTED]>:
> Below is a sample of a machine entry:
>
>  dn: uid=295mand01$,ou=computers,o=sju.edu
>  cn: 295mand01$
>  description: Computer
>  gecos: Computer
>
> gidNumber: 515
>  homeDirectory: /dev/null
>  loginShell: /bin/false
>
> objectClass: top
>  objectClass: person
>  objectClass: organizationalperson
>
> objectClass: inetOrgPerson
>  objectClass: posixAccount
>  objectClass: sambaSamAccount
>
> sambaAcctFlags: [W  ]
>  sambaNTPassword: 8E5BB69CD089184751166B254347DBD2
>  sambaPrimaryGroupSID: S-1-5-21-1948856034-3740470957-464559834-2031
>  sambaSID: S-1-5-21-1948856034-3740470957-464559834-2005314
>  sn: 295mand01$
>  uid: 295mand01$
>  uidNumber: 1002157
>
>
>
>
>  At 04:02 PM 2/27/2008, Hector Blanco wrote:
>  >Ehm... just to make sure... could anybody who has LDAP+Samba working
>  >send the ldif definition of what he has as a "machine"?
>  >
>  >I've got this as a machine:
>  >
>  >dn: uid=enano$,ou=Hosts,dc=jome
>  >objectClass: top
>  >objectClass: person
>  >objectClass: organizationalPerson
>  >objectClass: inetOrgPerson
>  >objectClass: posixAccount
>  >cn: enano$
>  >sn: enano$
>  >uid: enano$
>  >uidNumber: 1007
>  >gidNumber: 515
>  >homeDirectory: /dev/null
>  >loginShell: /bin/false
>  >description: Computer
>  >gecos: Computer
>  >structuralObjectClass: inetOrgPerson
>  >entryUUID: 0cd59f8e-79a9-102c-8d64-8b73cc15be28
>  >creatorsName: cn=admin,dc=jome
>  >createTimestamp: 20080227175622Z
>  >entryCSN: 20080227175622Z#01#00#00
>  >modifiersName: cn=admin,dc=jome
>  >modifyTimestamp: 20080227175622Z
>  >entryDN: uid=enano$,ou=Hosts,dc=jome
>  >subschemaSubentry: cn=Subschema
>  >hasSubordinates: FALSE
>  >-
>  >
>  >and I don't see any "samba" thing in here... Is that fine?
>  >
>  >Thanks!!
>  >
>  >
>  >
>  >2008/2/27, Frank J. Pellegrino <[EMAIL PROTECTED]>:
>  > > If your solaris box is setup as an LDAP client you can add a search
>  > >  descriptor with the ldapclient command.
>  > >  Below is an example of what we changed to make joining the domain work 
> on
>  > >  the first try.
>  > >
>  > >  NS_LDAP_SERVICE_SEARCH_DESC= passwd:
>  > ou=computers,o=sju.edu;ou=People,o=sju.edu
>  > >
>  > >
>  > >
>  > >
>  > >  At 03:13 PM 2/27/2008, Hector Blanco wrote:
>  > >  >Mmmm..If I understood properly, I'm afraid I can just say... "Welcome
>  > >  >to the club, mate":
>  > >  >
>  > >  >Take a look to this:
>  > >  >http://lists.samba.org/archive/samba/2008-February/138639.html
>  > >  >http://lists.samba.org/archive/samba/2008-February/138442.html
>  > >  >
>  > >  >May it be a bug??  Is the same thing that is happeing to you?
>  > >  >
>  > >  >Regards
>  > >  >
>  > >  >2008/2/4, Frank J. Pellegrino <[EMAIL PROTECTED]>:
>  > >  > > We have just setup Samba 3.0.28 with LDAP support.  We are using a
>  > Sun One
>  > >  > >  5.2 LDAP server.
>  > >  > >
>  > >  > >  We are having a problem when a new machine joins the domain.
>  > >  > >  Here is a snippet of our smb.conf file
>  > >  > >add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
>  > >  > >ldap machine suffix = ou=computers
>  > >  > >ldap user suffix = ou=People
>  > >  > >
>  > >  > >  When a new machine attempts to join the domain a new entry is
>  > created in
>  > >  > >  ou=computers as expected.  This entry has only the posixAccount
>  > >  > information
>  > >  > >  and no Samba info.  However, the machine reports that it failed to
>  > >  > join the
>  > >  > >  domain.  Log entries on both samba and LDAP tell me that after the
>  > >  > entry is
>  > >  > >  created, samba is trying to find that entry in ou=people instead of
>  > >  > >  ou=computers.
>  > >  > >
>  > >  > >  Attempting to add the machine again gives us an error that the
>  > machine
>  > >  > >  already exists.
>  > >  > >
>  > >  > >  I modified smbldap-useradd to include the sambaSamAccount
>  > information when
>  > >  > >  the entry is created.  The first attempt to join the domain still
>  > fails,
>  > >  > >  however trying again succeeds.
>  > >  > >
>  > >  > >  In another test, I removed the modifications from smbldap-useradd 
> and
>  > >  > >  modified the smbldap.conf file so that it thought the machines
>  > container
>  > >  > >  was ou=people.  With this change the new machine was able to join 
> the
>  > >  > >  domain on the first try.  The problem here is that we don't want 
> the
>  > >  > >  machines mixed in with the users.
>  > >  > >
>  > >  > >  So from this I determined that after creating the new entry for the
>  > >  > >  machine, Samba then goes and looks for that entry in ou=people
>  > instead of
>  > >  > >  ou=compu

Re: [Samba] ads_connect:operations error(problem connecting to active directory)

[David Molina Cuevas]

How do you resolve the names?
Have you seen the log files at /var/log/samba? Are all the processes of
Samba (nmbd and smbd) running?

I had the same error two times: the first was resolving the names, the
second was a wrong configuration of smb.conf file.

Luck,
David Molina


On Sat, Jan 26, 2008 at 12:12 AM, abhishek <[EMAIL PROTECTED]>
wrote:

> Hi Everyone
>
> After configuring my samba configuration files when I try connecting to
> active directory domain it gives an error like this.
>
> Utils/net_ads.c:ads_startup(289)
> Ads_connect: operations error
>
> Please help me in locating the place where I am making a mistake.
>
> Thanks
> Abhishek
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Samba and ADS authentication - can't change file permissions

[Bill Corcoran]

Ross Smith wrote:
> The basic problem is that any attempt to change permissions on a file
> from a windows workstation results in an "Access Denied" error.
> ...
> All the files are stored locally on a ZFS volume.
> ...
> [samba]
> comment = Main share
> path = /globalfs/SAMBAshare
> writeable = yes
> nt acl support = yes
> ...

This is the same symptom I had before reverting back to the Sun
distributed Samba software for the zfsacl module.  Try adding:

vfs objects = zfsacl

to share definitions containing files for which you would like to change
the permissions of.

--
Bill Corcoran <[EMAIL PROTECTED]>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba/LDAP Question

[Frank J. Pellegrino]

Below is a sample of a machine entry:

dn: uid=295mand01$,ou=computers,o=sju.edu
cn: 295mand01$
description: Computer
gecos: Computer
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
sambaAcctFlags: [W  ]
sambaNTPassword: 8E5BB69CD089184751166B254347DBD2
sambaPrimaryGroupSID: S-1-5-21-1948856034-3740470957-464559834-2031
sambaSID: S-1-5-21-1948856034-3740470957-464559834-2005314
sn: 295mand01$
uid: 295mand01$
uidNumber: 1002157



At 04:02 PM 2/27/2008, Hector Blanco wrote:

Ehm... just to make sure... could anybody who has LDAP+Samba working
send the ldif definition of what he has as a "machine"?

I've got this as a machine:

dn: uid=enano$,ou=Hosts,dc=jome
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: enano$
sn: enano$
uid: enano$
uidNumber: 1007
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 0cd59f8e-79a9-102c-8d64-8b73cc15be28
creatorsName: cn=admin,dc=jome
createTimestamp: 20080227175622Z
entryCSN: 20080227175622Z#01#00#00
modifiersName: cn=admin,dc=jome
modifyTimestamp: 20080227175622Z
entryDN: uid=enano$,ou=Hosts,dc=jome
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
-

and I don't see any "samba" thing in here... Is that fine?

Thanks!!



2008/2/27, Frank J. Pellegrino <[EMAIL PROTECTED]>:
> If your solaris box is setup as an LDAP client you can add a search
>  descriptor with the ldapclient command.
>  Below is an example of what we changed to make joining the domain work on
>  the first try.
>
>  NS_LDAP_SERVICE_SEARCH_DESC= passwd: 
ou=computers,o=sju.edu;ou=People,o=sju.edu

>
>
>
>
>  At 03:13 PM 2/27/2008, Hector Blanco wrote:
>  >Mmmm..If I understood properly, I'm afraid I can just say... "Welcome
>  >to the club, mate":
>  >
>  >Take a look to this:
>  >http://lists.samba.org/archive/samba/2008-February/138639.html
>  >http://lists.samba.org/archive/samba/2008-February/138442.html
>  >
>  >May it be a bug??  Is the same thing that is happeing to you?
>  >
>  >Regards
>  >
>  >2008/2/4, Frank J. Pellegrino <[EMAIL PROTECTED]>:
>  > > We have just setup Samba 3.0.28 with LDAP support.  We are using a 
Sun One

>  > >  5.2 LDAP server.
>  > >
>  > >  We are having a problem when a new machine joins the domain.
>  > >  Here is a snippet of our smb.conf file
>  > >add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
>  > >ldap machine suffix = ou=computers
>  > >ldap user suffix = ou=People
>  > >
>  > >  When a new machine attempts to join the domain a new entry is 
created in

>  > >  ou=computers as expected.  This entry has only the posixAccount
>  > information
>  > >  and no Samba info.  However, the machine reports that it failed to
>  > join the
>  > >  domain.  Log entries on both samba and LDAP tell me that after the
>  > entry is
>  > >  created, samba is trying to find that entry in ou=people instead of
>  > >  ou=computers.
>  > >
>  > >  Attempting to add the machine again gives us an error that the 
machine

>  > >  already exists.
>  > >
>  > >  I modified smbldap-useradd to include the sambaSamAccount 
information when
>  > >  the entry is created.  The first attempt to join the domain still 
fails,

>  > >  however trying again succeeds.
>  > >
>  > >  In another test, I removed the modifications from smbldap-useradd and
>  > >  modified the smbldap.conf file so that it thought the machines 
container

>  > >  was ou=people.  With this change the new machine was able to join the
>  > >  domain on the first try.  The problem here is that we don't want the
>  > >  machines mixed in with the users.
>  > >
>  > >  So from this I determined that after creating the new entry for the
>  > >  machine, Samba then goes and looks for that entry in ou=people 
instead of
>  > >  ou=computers.  My guess is that there is a bug in the code that 
looks at

>  > >  the wrong configuration entry.
>  > >
>  > >  I have tried looking through the C code on my own.  I'm only 
familiar with

>  > >  C so I haven't made as much progress as I'd like.
>  > >
>  > >  Is this a known bug?  Is it possible that we have a configuration 
wrong

>  > >  somewhere?
>  > >
>  > >  Can anyone point me to the correct C file so I can try and fix this?
>  > >
>  > >  I'd appreciate any help I can get.
>  > >
>  > >  Thanks.
>  > >
>  > >
>  > >
>  > >  --
>  > >  To unsubscribe from this list go to the following URL and read the
>  > >  instructions:  https://lists.samba.org/mailman/listinfo/samba
>  > >
>  >--
>  >To unsubscribe from this list go to the following URL and read the
>  >instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
>
>
--

Re: [Samba] Samba/LDAP Question

[Frank J. Pellegrino]

If your solaris box is setup as an LDAP client you can add a search 
descriptor with the ldapclient command.
Below is an example of what we changed to make joining the domain work on 
the first try.


NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=computers,o=sju.edu;ou=People,o=sju.edu



At 03:13 PM 2/27/2008, Hector Blanco wrote:

Mmmm..If I understood properly, I'm afraid I can just say... "Welcome
to the club, mate":

Take a look to this:
http://lists.samba.org/archive/samba/2008-February/138639.html
http://lists.samba.org/archive/samba/2008-February/138442.html

May it be a bug??  Is the same thing that is happeing to you?

Regards

2008/2/4, Frank J. Pellegrino <[EMAIL PROTECTED]>:
> We have just setup Samba 3.0.28 with LDAP support.  We are using a Sun One
>  5.2 LDAP server.
>
>  We are having a problem when a new machine joins the domain.
>  Here is a snippet of our smb.conf file
>add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
>ldap machine suffix = ou=computers
>ldap user suffix = ou=People
>
>  When a new machine attempts to join the domain a new entry is created in
>  ou=computers as expected.  This entry has only the posixAccount 
information
>  and no Samba info.  However, the machine reports that it failed to 
join the
>  domain.  Log entries on both samba and LDAP tell me that after the 
entry is

>  created, samba is trying to find that entry in ou=people instead of
>  ou=computers.
>
>  Attempting to add the machine again gives us an error that the machine
>  already exists.
>
>  I modified smbldap-useradd to include the sambaSamAccount information when
>  the entry is created.  The first attempt to join the domain still fails,
>  however trying again succeeds.
>
>  In another test, I removed the modifications from smbldap-useradd and
>  modified the smbldap.conf file so that it thought the machines container
>  was ou=people.  With this change the new machine was able to join the
>  domain on the first try.  The problem here is that we don't want the
>  machines mixed in with the users.
>
>  So from this I determined that after creating the new entry for the
>  machine, Samba then goes and looks for that entry in ou=people instead of
>  ou=computers.  My guess is that there is a bug in the code that looks at
>  the wrong configuration entry.
>
>  I have tried looking through the C code on my own.  I'm only familiar with
>  C so I haven't made as much progress as I'd like.
>
>  Is this a known bug?  Is it possible that we have a configuration wrong
>  somewhere?
>
>  Can anyone point me to the correct C file so I can try and fix this?
>
>  I'd appreciate any help I can get.
>
>  Thanks.
>
>
>
>  --
>  To unsubscribe from this list go to the following URL and read the
>  instructions:  https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Slow response time opening documents from Samba on Redhat compared to opening them on Sun

[White, James]

Can you give me an explanation of why I am experiencing such slow
response time on opening a document on our Linux environment compared to
our Sun or Windows environment?  

I should be seeing the exact opposite because my SUN server has UNIX - 2
x 300mhz RISC with 8gb RAM and my Linux servers are running Redhat - 2 x
3.0ghz Intel with 16gb RAM. 

SUN Samba  < 1 seconds to open a 1k document
Linux Samba 12+ seconds to open a 1k document
Window 2003 < 1 seconds to open a 1k document

I have these Samba servers within my firewall so security is not an
issue and these servers are on the same network.

James White 
__ 
This communication (including all attachments) is intended solely for the use 
of the person(s) to whom it is addressed and should be treated as a 
confidential AAA communication.  If you are not the intended recipient, any 
use, distribution, printing, or copying of this email is strictly prohibited.  
If you received this email in error, please immediately delete it from your 
system and notify the originator.  Your cooperation is appreciated. 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Do I have to create user accounts twice??

[Raymond Holguin]

Thanks for your input John.  I ended up just creating a script that 
creates both accounts for me at the same time so that solved the issue.


John Drescher wrote:

On Tue, Feb 26, 2008 at 5:50 PM, Raymond Holguin
<[EMAIL PROTECTED]> wrote:
  

Im going to be migrating a windows file server of about 200+ users to
 this samba server.  Now I have been searching for a while and can't seem
 to find an answer.  My question is do I really have to create a unix
 account for each user and THEN create the user account again on the
 samba server??  I can't find a way to create a unix account and have
 that account be also automatically created on the samba server.  is
 there a solution for this or do I need to create some kind of custom
 script to do this for me??



With ldap the answer is no (both unix and samba account get created in
the same place).
With other security mechanisms you need samba and unix accounts for each user.

John
  


--

Raymond Holguin
Programmer Analyst
College of Humanities, Arts, and Social Sciences
Tel: (951) 827-6212
Email: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba/LDAP Question

[Hector Blanco]

Ehm... just to make sure... could anybody who has LDAP+Samba working
send the ldif definition of what he has as a "machine"?

I've got this as a machine:

dn: uid=enano$,ou=Hosts,dc=jome
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: enano$
sn: enano$
uid: enano$
uidNumber: 1007
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 0cd59f8e-79a9-102c-8d64-8b73cc15be28
creatorsName: cn=admin,dc=jome
createTimestamp: 20080227175622Z
entryCSN: 20080227175622Z#01#00#00
modifiersName: cn=admin,dc=jome
modifyTimestamp: 20080227175622Z
entryDN: uid=enano$,ou=Hosts,dc=jome
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
-

and I don't see any "samba" thing in here... Is that fine?

Thanks!!



2008/2/27, Frank J. Pellegrino <[EMAIL PROTECTED]>:
> If your solaris box is setup as an LDAP client you can add a search
>  descriptor with the ldapclient command.
>  Below is an example of what we changed to make joining the domain work on
>  the first try.
>
>  NS_LDAP_SERVICE_SEARCH_DESC= passwd: 
> ou=computers,o=sju.edu;ou=People,o=sju.edu
>
>
>
>
>  At 03:13 PM 2/27/2008, Hector Blanco wrote:
>  >Mmmm..If I understood properly, I'm afraid I can just say... "Welcome
>  >to the club, mate":
>  >
>  >Take a look to this:
>  >http://lists.samba.org/archive/samba/2008-February/138639.html
>  >http://lists.samba.org/archive/samba/2008-February/138442.html
>  >
>  >May it be a bug??  Is the same thing that is happeing to you?
>  >
>  >Regards
>  >
>  >2008/2/4, Frank J. Pellegrino <[EMAIL PROTECTED]>:
>  > > We have just setup Samba 3.0.28 with LDAP support.  We are using a Sun 
> One
>  > >  5.2 LDAP server.
>  > >
>  > >  We are having a problem when a new machine joins the domain.
>  > >  Here is a snippet of our smb.conf file
>  > >add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
>  > >ldap machine suffix = ou=computers
>  > >ldap user suffix = ou=People
>  > >
>  > >  When a new machine attempts to join the domain a new entry is created in
>  > >  ou=computers as expected.  This entry has only the posixAccount
>  > information
>  > >  and no Samba info.  However, the machine reports that it failed to
>  > join the
>  > >  domain.  Log entries on both samba and LDAP tell me that after the
>  > entry is
>  > >  created, samba is trying to find that entry in ou=people instead of
>  > >  ou=computers.
>  > >
>  > >  Attempting to add the machine again gives us an error that the machine
>  > >  already exists.
>  > >
>  > >  I modified smbldap-useradd to include the sambaSamAccount information 
> when
>  > >  the entry is created.  The first attempt to join the domain still fails,
>  > >  however trying again succeeds.
>  > >
>  > >  In another test, I removed the modifications from smbldap-useradd and
>  > >  modified the smbldap.conf file so that it thought the machines container
>  > >  was ou=people.  With this change the new machine was able to join the
>  > >  domain on the first try.  The problem here is that we don't want the
>  > >  machines mixed in with the users.
>  > >
>  > >  So from this I determined that after creating the new entry for the
>  > >  machine, Samba then goes and looks for that entry in ou=people instead 
> of
>  > >  ou=computers.  My guess is that there is a bug in the code that looks at
>  > >  the wrong configuration entry.
>  > >
>  > >  I have tried looking through the C code on my own.  I'm only familiar 
> with
>  > >  C so I haven't made as much progress as I'd like.
>  > >
>  > >  Is this a known bug?  Is it possible that we have a configuration wrong
>  > >  somewhere?
>  > >
>  > >  Can anyone point me to the correct C file so I can try and fix this?
>  > >
>  > >  I'd appreciate any help I can get.
>  > >
>  > >  Thanks.
>  > >
>  > >
>  > >
>  > >  --
>  > >  To unsubscribe from this list go to the following URL and read the
>  > >  instructions:  https://lists.samba.org/mailman/listinfo/samba
>  > >
>  >--
>  >To unsubscribe from this list go to the following URL and read the
>  >instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Performance issues after samba update (utime?)

[Volker Lendecke]

On Wed, Feb 27, 2008 at 12:37:43PM -0800, Herb Lewis wrote:
> Are we planning on getting this into 3.0.28a? 30% is a big hit

I don't think that I will have the time to finish it
tomorrow. And as 3.0.28a will be released on Friday latest
according to Jerry, it won't make it.

Sorry,

Volker


pgpDZusMy4iOC.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Performance issues after samba update (utime?)

[Herb Lewis]

Are we planning on getting this into 3.0.28a? 30% is a big hit

Volker Lendecke wrote:

On Wed, Feb 27, 2008 at 07:43:42PM +0100, Alex Still wrote:


I think I found it.
Samba-3.0.28 calls set_filetime() from real_write_file(), which 3.0.8 isn't
doing.
set_filetime -> utimes -> nfs SETATTR (in my case)
After removing that bit from real_write_file, I get exactly the same
performance I had before. Now, I realise this has probably been put there
for a reason...

Stuck now, any advice on the matter appreciated



It was put there to properly support the so-called sticky
write time feature that for example Excel depends upon.
Stefan Metzmacher has written a patch that needs to be
merged that avoids those utime calls by putting the relevant
data into locking.tdb. We need to take some time to shape up
that patch a bit and merge upstream though.

Volker


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Prevent drag and drop within Samba shares

[Rashkae]

Alex de Vaal wrote:

Hello,
 
Is there a parameter in smb.conf that prevent users to use drag and drop

within Samba shares?
 
I know this is a Winedow$ function, but some users (hum, hum) use Explorer

to open their files and
accidentally they drag and drop sometimes a directory in the root of the
share to another directory in the root of the share.
 
My samba server is member of a native W2k3 server Active Directory and AD

users are able to access the Samba shares.
 
The share is configured like this in smb.conf:
 
[grp]

comment = Group Directory
path = /data/grp
valid users = @NH-HOTELES.COM\DEP_RHEL4_MEMBER
read only = No
inherit permissions = Yes
hide unreadable = Yes

The /data/grp directory looks like this:
 
drwxrws---  2 root NH-HOTELES\dep_rhel4_adm 4096 Sep 11  2006 adm

drwxrws---  4 root NH-HOTELES\dep_rhel4_fog 4096 Mar  9  2007 fog

If a user is member of dep_rhel4_adm and dep_rhel4_fog he/she is able to
drag and drop the fog directory into the adm directory.
 
If it is not possible to configure this within smb.conf, can I do something

on the Linux side?
 
Thanx for any answer.
 
Alex.




I don't think there is any way for Samba to distinguish if a file 
operation initated by users drag and drop.  What you need to do is 
change the behaviour of Windows Explorer on the problem desktops.


Open Control Panel, Open Internet Explorer Settings, Security Tab, Local 
Intranet Zone, then click on the Custom button


Scroll down until you find "Drag and drop or copy and paste files" and 
change from Enabled to prompt.


You might also want to consider purchasing "AB Commander" for your users 
who find Explorer too cumbersome as the default file management app.  AB 
allows much great customization of Drag-Drop behaviour.


As for the Samba end, you can make the root folder read-only for a group 
of users, assuming they don't need to create new files/folders on the 
root of the share.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Fwd: [Samba] Samba/LDAP Question

[John Drescher]

 On Wed, Feb 27, 2008 at 3:13 PM, Hector Blanco <[EMAIL PROTECTED]> wrote:
  > Mmmm..If I understood properly, I'm afraid I can just say... "Welcome
  >  to the club, mate":
  >
  >  Take a look to this:
  >  http://lists.samba.org/archive/samba/2008-February/138639.html
  >  http://lists.samba.org/archive/samba/2008-February/138442.html
  >

  I used to have these problems in the past and I believe at one point
  someone helped me get this working correctly but I now use LAM
  (http://lam.sourceforge.net/). I have never had an issue with creating
  machine accounts with lam.

  John



 --
 John M. Drescher



-- 
John M. Drescher
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba/LDAP Question

[Hector Blanco]

Mmmm..If I understood properly, I'm afraid I can just say... "Welcome
to the club, mate":

Take a look to this:
http://lists.samba.org/archive/samba/2008-February/138639.html
http://lists.samba.org/archive/samba/2008-February/138442.html

May it be a bug??  Is the same thing that is happeing to you?

Regards

2008/2/4, Frank J. Pellegrino <[EMAIL PROTECTED]>:
> We have just setup Samba 3.0.28 with LDAP support.  We are using a Sun One
>  5.2 LDAP server.
>
>  We are having a problem when a new machine joins the domain.
>  Here is a snippet of our smb.conf file
>add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
>ldap machine suffix = ou=computers
>ldap user suffix = ou=People
>
>  When a new machine attempts to join the domain a new entry is created in
>  ou=computers as expected.  This entry has only the posixAccount information
>  and no Samba info.  However, the machine reports that it failed to join the
>  domain.  Log entries on both samba and LDAP tell me that after the entry is
>  created, samba is trying to find that entry in ou=people instead of
>  ou=computers.
>
>  Attempting to add the machine again gives us an error that the machine
>  already exists.
>
>  I modified smbldap-useradd to include the sambaSamAccount information when
>  the entry is created.  The first attempt to join the domain still fails,
>  however trying again succeeds.
>
>  In another test, I removed the modifications from smbldap-useradd and
>  modified the smbldap.conf file so that it thought the machines container
>  was ou=people.  With this change the new machine was able to join the
>  domain on the first try.  The problem here is that we don't want the
>  machines mixed in with the users.
>
>  So from this I determined that after creating the new entry for the
>  machine, Samba then goes and looks for that entry in ou=people instead of
>  ou=computers.  My guess is that there is a bug in the code that looks at
>  the wrong configuration entry.
>
>  I have tried looking through the C code on my own.  I'm only familiar with
>  C so I haven't made as much progress as I'd like.
>
>  Is this a known bug?  Is it possible that we have a configuration wrong
>  somewhere?
>
>  Can anyone point me to the correct C file so I can try and fix this?
>
>  I'd appreciate any help I can get.
>
>  Thanks.
>
>
>
>  --
>  To unsubscribe from this list go to the following URL and read the
>  instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Performance issues after samba update (utime?)

[Volker Lendecke]

On Wed, Feb 27, 2008 at 07:43:42PM +0100, Alex Still wrote:
> I think I found it.
> Samba-3.0.28 calls set_filetime() from real_write_file(), which 3.0.8 isn't
> doing.
> set_filetime -> utimes -> nfs SETATTR (in my case)
> After removing that bit from real_write_file, I get exactly the same
> performance I had before. Now, I realise this has probably been put there
> for a reason...
> 
> Stuck now, any advice on the matter appreciated

It was put there to properly support the so-called sticky
write time feature that for example Excel depends upon.
Stefan Metzmacher has written a patch that needs to be
merged that avoids those utime calls by putting the relevant
data into locking.tdb. We need to take some time to shape up
that patch a bit and merge upstream though.

Volker


pgpIchF24LvEo.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: pam_mkhomedir.so not working.

[Linux Addict]

On Tue, Feb 26, 2008 at 8:44 PM, Brian May <[EMAIL PROTECTED]> wrote:
> > "Linux" == Linux Addict <[EMAIL PROTECTED]> writes:
>
> Linux> I would assume that the process is winbind and it running
> Linux> as root.  think of anything else.
>
>  Are you sure of that? Based on the error, it really looks like a
>  permission issue, and that shouldn't occur if the process is running
>  as root.
>  --
>
>
> Brian May <[EMAIL PROTECTED]>
>
>  --
>  To unsubscribe from this list go to the following URL and read the
>  instructions:  https://lists.samba.org/mailman/listinfo/samba
>

I am pretty sure its running as root. As I mentioned earlier, when I
push the packager to say 50 hosts, only 5 of them have this error.
Rest all goes well.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Performance issues after samba update (utime?)

[Alex Still]

On Tue, Feb 26, 2008 at 11:57 PM, Alex Still <[EMAIL PROTECTED]> wrote:

> Hi all,
>
> We're experiencing performance issues after migrating from 3.0.8 to 3.0.28
> .
> Write performance has degraded about 30%, regardless of the size of file
> being copied. (tests described below are a single 150Mb file copy from an XP
> explorer)


[..]

I think I found it.
Samba-3.0.28 calls set_filetime() from real_write_file(), which 3.0.8 isn't
doing.
set_filetime -> utimes -> nfs SETATTR (in my case)
After removing that bit from real_write_file, I get exactly the same
performance I had before. Now, I realise this has probably been put there
for a reason...

Stuck now, any advice on the matter appreciated

Cheers,

-- 
Alex
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] krb5.conf file in /var/lib/samba/smb_krb5; Samba 3.0.27a

[Eric Roseme]

I asked a co-worker who attended the Samba workshop last September to 
pose the following question.  The answer follows (maybe it will help):


Q1.   Will the new (3.0.25b) krb5 code (that creates a 
Samba-specific krb5.conf file) be documented somewhere?



A1.  Samba does not have documentation about the Samba-specific 
krb5.conf that is placed in locking directory. And also, after running 
kinit to obtain Kerberos ticket, Samba stores the ticket into memory 
tdb, probbaly gencache.tdb. But Samba doesn't provide a tool to allow 
users to see which DC Samba is talking to. Currently, we can use klist 
to see which domain is being used by Samba.


Obviously this does not answer your question about how it works, but it 
might get you closer.


Eric Roseme


Alex de Vaal wrote:

Hello list,

I've upgraded from Samba 3.0.14a to 3.0.27a (Samba is a domain member of a
W2k3 native AD) and I see that in the /var/lib/samba/smb_krb5 directory a
krb5.conf file is created.
Is this krb5.conf file extracted from my original /etc/krb5.conf? Or is this
file created from the "password server =" entry in my smb.conf file?
My original /etc/krb5.conf contains the DC's in DNS name and the
krb5.conffile in /var/lib/samba/smb_krb5 contains DC's on IP address.

I noticed also that the krb5.conf file in /var/lib/samba/smb_krb5 is only
renewed if /var/lib/samba/gencache.tdb is deleted before winbind is
restarted and it also uses the DC that is configured as primary DC in Sites
and Services in the Active Directory.

Can anyone shed a light how this work?

Thnx,
Alex.

Some info:

/etc/samba/smb.conf
===

password server = adm02.test.com, adm03.test.com


/etc/krb5.conf
==

[libdefaults]
 default_realm = TEST.COM

[realms]
 TEST.COM = {
  kdc = adm02.test.com:88
  kdc = adm03.test.com:88
  kdc = adm01.test.com:88


/etc/hosts


192.168.100.100adm01.test.com
10.0.0.100adm02.test.com
192.168.100.110 nhadm03.test.com


/var/lib/samba/smb_krb5/krb5.conf.TEST
=

[libdefaults]
default_realm = TEST.COM

[realms]
TEST.COM = {
kdc = 192.168.100.110
kdc = 10.0.0.100
}

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Still unresolved: adding printers as a non admin domain user doesn't work

[Chris Smith]

On Wednesday 27 February 2008, Francis Galiegue wrote:
> Well, this page doesn't agree:

My experience is different. Believe what you will.

-- 
Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Windows C# unable to access Samba directories.

[Robert]

>One 
other 
thing 
. 
. 
. 
typically 
a 
Windows 
"service" 
typically 
does 
not 
run
>under 
the 
user 
account 
logged 
into 
the 
local 
machine.  
More 
commonly, 
a
>service 
is 
run 
with 
either 
an 
account 
created 
for 
the 
service, 
the
>"system" 
account 
or 
the 
local 
administrator 
account.  
In 
that 
case, 
the
>samba 
server 
(or 
a 
Windows 
server 
for 
that 
matter) 
would 
deny 
access.


Just to add - in the "Properties" window of the service, on the "Log On" tab 
you can
set the real username and password for this service to run. In your case you 
need
an user with premissions to access that Samba share.

(if you click the questionmark and get the help for "This account" option, it 
actually
says this: "Assigns a logon account to a service. Although most services log
on to the system account, some services can be configured to log on to special 
user
accounts, so that the user can have access to resources such as files and 
folders
that are protected.")


Robert




  

Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Linux clients, "force * mode"

[Michael Lueck]

pbowers wrote:

To get "force create mode" and "force directory mode" to work with cifs
clients try setting "unix extensions = no" in your smb.conf.  It worked for
me.


(chuckle) Just came to report to this list the solution that was finally found.

Indeed, "unix extensions = no" seems to be the correct answer. That line goes 
in the server smb.conf, not the client.

uid/gid's now seem in sync. When a particular workstation ID creates a 
dir/file, it shows up on the server's filesystem as the owner even though the 
uid/gid numbers do not match between client / server.

All of the "force * mode" lines were not necessary and were able to be removed. Running with the unix extensions disabled the same "* mask" lines that work for Windows clients perform equally well for 
Linux clients.


The one thing I did notice, and it is related to perms, is newly created dirs/files show up on the client with 644/755 perms even though on the server file system they are actually 666/777. Seems the 
client is rather insistent about the perms. Since it seems cosmetic at best, I can put up with it.


So for now, cifs and the unix extensions being enabled goes as a "later" task.

--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Still unresolved: adding printers as a non admin domain user doesn't work

[Francis Galiegue]

Le mercredi 27 février 2008, Chris Smith a écrit :
> On Wednesday 27 February 2008, Francis Galiegue wrote:
> > When I use XP, the only option I have is to first add the printer as
> > either the local administrator of the machine, or the domain
> > administrator, and only then I can add this printer as a normal,
> > unpriviledged domain user. Uh.
> 
> This is not a Samba issue, it's normal Windows operation. You need to 
> sufficient privileges to install the driver. Once installed a normal 
> user can connect to the printer. It has always worked the same way for 
> me with both Win2k and XP.
> 

Well, this page doesn't agree:

http://www.mcse.ms/archive/index.php/t-524189.html

The reported problem is exactly what I observe. Worse, even though I have XP 
SP2 and an NT4-style domain, it still doesn't work.

I'll try and dig a little more on the Windows side...

-- 
Francis Galiegue, One2team - [EMAIL PROTECTED]
[ATTENTION : CHANGEMENT DE COORDONNÉES !]
+33178945552, +33683877875, http://www.one2team.com
40 avenue Raymond Poincaré - 75116 PARIS
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind+ldap = core dump

[Robin]

Hi,
I use samba 3.0.26a on fedora 8 as a fileserver for a win 2k3 domain.  This
has worked fine for about 2 months without any problems.  However I came to
the server 3 days ago and the harddrive was 100% full.  On checking I found
60gb of core dumps in the winbind folder.  I did a lot of searching and
couldnt find anything relevent for this release.  I tried upgrading samba to
3.0.28 (fc8 supplied rpm) and this does the same.  The log.winbindd-idmap
log suggests to me that it has a problem with ldap and empty results, so I
made a quick script to check for gaps in the ldap records and found that
several uid and gid numbers were not assigned (ie there was no entry for
them in ldap, even though there were entries after them).

Winbind does still mostly work just fails once in about every 10 tries.  I
believe it fails for both samba and dovecot (pop3/imap mail server).  At the
moment we are generating about 10gb/hour of core dumps which a cron job is
keeping cleaned up.  Has anyone got any ideas on this? also is it possible
to tell samba/winbind not to do core dumps?

smb.conf (only shown one share as we have lots!):

[global]
printer admin = @"MCS+sysadmin","MCS+root","MCS+administrator"
add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s
/bin/false -M %u
server string = Meadows
log level = 1
syslog = 0
#   vfs objects = extd_audit
log file = /var/log/samba/%U.smbd.log
max log size= 10
printing = cups
update encrypted = Yes
encrypt passwords = Yes
preferred master = no
map to guest = Bad User
name resolve order = lmhosts hosts wins bcast
kernel oplocks = no
oplocks = no
locking = no
level2 oplocks = no
workgroup = MCS
netbios name = MCS3
wins server = 192.168.0.8
wins support = no
wins proxy = no
admin users = "MCS+administrator"
unix extensions = no

security = ADS

lanman auth = yes
client lanman auth = yes
client plaintext auth = yes
idmap uid = 1-10
idmap gid = 1-10
ldap admin dn = cn=Manager,dc=meadows,dc=derbyshire,dc=sch,dc=uk
ldap idmap suffix = ou=Idmap
ldap suffix = dc=meadows,dc=derbyshire,dc=sch,dc=uk
idmap backend = ldap:ldap://192.168.0.1
winbind use default domain = yes
winbind separator = +
winbind enum groups = yes
winbind enum users = yes
winbind cache time = 60
dns proxy = no
password server = MCS1
template homedir = /home/%G/%U
template shell = /bin/false
realm = MEADOWS.DERBYSHIRE.SCH.UK

[info]
valid users = @"MCS+staff",@"MCS+teacher",@"MCS+sysadmin"
write list = @"MCS+staff",@"MCS+teacher",@"MCS+sysadmin"
path = /school/datadrive
force directory mode = 0777
force create mode = 0666
comment = DataDrive
create mode = 0666
directory mode = 777
browseable = yes

log.winbindd-idmap:

winbindd: ../../../libraries/libldap/getentry.c:48: ldap_next_entry:
Assertion `entry != ((void *)0)' failed.
[2008/02/27 14:54:20, 0] lib/fault.c:fault_report(41)
===
[2008/02/27 14:54:20, 0] lib/fault.c:fault_report(42)
INTERNAL ERROR: Signal 6 in pid 29940 (3.0.28-0.fc8)
Please read the Trouble-Shooting section of the Samba3-HOWTO
[2008/02/27 14:54:20, 0] lib/fault.c:fault_report(44)

From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2008/02/27 14:54:20, 0] lib/fault.c:fault_report(45)
===
[2008/02/27 14:54:20, 0] lib/util.c:smb_panic(1655)
PANIC (pid 29940): internal error
[2008/02/27 14:54:20, 0] lib/util.c:log_stack_trace(1759)
BACKTRACE: 19 stack frames:
#0 winbindd(log_stack_trace+0x2d) [0xb7d515ad]
#1 winbindd(smb_panic+0x5d) [0xb7d516dd]
#2 winbindd [0xb7d3c10a]
#3 [0x12d420]
#4 [0x12d402]
#5 /lib/libc.so.6(gsignal+0x50) [0x2f4690]
#6 /lib/libc.so.6(abort+0x101) [0x2f5f91]
#7 /lib/libc.so.6(__assert_fail+0xee) [0x2ed93e]
#8 /usr/lib/libldap-2.3.so.0(ldap_next_entry+0x9c) [0x29d9fc]
#9 winbindd [0xb7e8afa7]
#10 winbindd(idmap_unixids_to_sids+0x397) [0xb7e84aa7]
#11 winbindd(idmap_uid_to_sid+0x6b) [0xb7e888ab]
#12 winbindd(winbindd_dual_uid2sid+0x61) [0xb7ce9fc1]
#13 winbindd [0xb7ce7202]
#14 winbindd [0xb7ce803f]
#15 winbindd [0xb7cb9459]
#16 winbindd(main+0x94d) [0xb7cb9e4d]
#17 /lib/libc.so.6(__libc_start_main+0xe0) [0x2e1390]
#18 winbindd [0xb7cb80f1]
[2008/02/27 14:54:20, 0] lib/fault.c:dump_core(181)
dumping core in /var/log/samba/cores/winbindd


Thanks
Robin


This email has been processed by SmoothZap - www.smoothwall.net

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Still unresolved: adding printers as a non admin domain user doesn't work

[Chris Smith]

On Wednesday 27 February 2008, Francis Galiegue wrote:
> When I use XP, the only option I have is to first add the printer as
> either the local administrator of the machine, or the domain
> administrator, and only then I can add this printer as a normal,
> unpriviledged domain user. Uh.

This is not a Samba issue, it's normal Windows operation. You need to 
sufficient privileges to install the driver. Once installed a normal 
user can connect to the printer. It has always worked the same way for 
me with both Win2k and XP.

-- 
Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Windows C# unable to access Samba directories.

[Jim Shanks]

> BARKAN AVIGDOR wrote:
>> Hi,
>>
>>
>>
>> I have written a simple c# program that move file from windows to a Unix
>> path via samba.
>>
>> The user that do the work is a full privilege user.
>>
>> Using a win application this works fine but when I activated the prog.
>> as a win service,
>>
>> I got a strange activity and the prog wasn't been able to find the
>> folders.
>>
>
> Have you checked the server logs? Is the client attempting to connect?
> if so, what goes wrong?
>
One other thing . . . typically a Windows "service" typically does not run
under the user account logged into the local machine.  More commonly, a
service is run with either an account created for the service, the
"system" account or the local administrator account.  In that case, the
samba server (or a Windows server for that matter) would deny access.
>>
>>
>> So I’m very much interested in troubleshooting the problem.
>>
>> Can you please send the me the sample code.
>>
> All of the samba code is available via ftp at us3.samba.org/pub/samba/
>>
>>
>> Thank you ahead
>>
>> Avigdor
>>
>>
>>
>
>
> *Michael Heydon - IT Administrator *
> [EMAIL PROTECTED] 
>

Jim Shanks
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Still unresolved: adding printers as a non admin domain user doesn't work

[Francis Galiegue]

Hello list,

I use samba-3.0.10 from RHEL4, with an smbldap-tools backend (version 0.9.2a).

Everything works fine: domain logons work OK, I can join machines to the 
domain, "unjoin" them, add users (from the samba server only though, but 
that's not important), submit drivers for printers as a printer admin, etc.

The only thing that does NOT work is adding printers as a non admin user with 
Windows XP (Professional). It worked under Win2k!

When I use XP, the only option I have is to first add the printer as either 
the local administrator of the machine, or the domain administrator, and only 
then I can add this printer as a normal, unpriviledged domain user. Uh.

And I have NOTHING in the Samba logs. As my smb.conf is relatively long, I'll 
put only what I think is relevant below. Any hints appreciated, I've been 
stuck with this problem for six months, and not a hint of a solution yet :(

---
printcap name = cups
load printers = yes
printcap cache time = 300
printing = cups
[...]
ldap passwd sync = yes

passdb backend = ldapsam:ldap://127.0.0.1/
#
# FIXME: why commented in the HOWTO?
#
#ldap filter = (&(objectClass=sambaSAMAccount)(uid=%u))
ldap admin dn = cn=samba,ou=DSA,dc=one2team,dc=lan
ldap suffix = dc=one2team,dc=lan
[blah, blah]
[...]
[homes]
comment = User home directories (NOT the profiles)
valid users = %U
create mask = 0640
directory mask = 0750
browseable = no
veto files = /*.mp3/*.m4a/*.mpg/*.mpeg/*.avi/*.wmv/*.wma
read only = no

[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = no
guest ok = yes
profile acls = yes
veto files = /*.mp3/*.m4a/*.mpg/*.mpeg/*.avi/*.wmv/*.wma
csc policy = disable
force user = %U
valid users = %U @"Domain Admins"

[netlogon]
path = /var/lib/samba/netlogon
browseable = no
read only = yes

[printers]
comment = All Printers
path = /var/spool/samba
browseable = yes
guest ok = no
writable = no
printable = yes
create mode = 0600
printer admin = root, @o2tadm

[print$]
path = /var/lib/samba/printers
browseable = yes
write list = root
guest ok = yes
read only = yes

[...]
---
-- 
Francis Galiegue, One2team - [EMAIL PROTECTED]
[ATTENTION : CHANGEMENT DE COORDONNÉES !]
+33178945552, +33683877875, http://www.one2team.com
40 avenue Raymond Poincaré - 75116 PARIS
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] page_count x number_of_copies

[Chris Smith]

On Wednesday 02 January 2008, Fabiano Caixeta Duarte wrote:
> How can I know the real amount of pages sent to the printer?

I use CUPS + Pykota for handling page accounting. It can enforce quotas 
as well but I don't use it for that. Also works properly no matter how 
the job was submitted (samba, IPP).

-- 
Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [SAMBA] how to make smbpasswd use or import system passwords?

[Kyle Schmitt]

Seriously, eww.  First off, your system isn't too small to take
advantage of ldap.  Not by a long shot.  Just for ease of use &
administration I've setup ldap+samba on my home network, where the
only user accounts are me, my wife and a few family members.
It's really not that hard.

Now, lets assume you don't want to use ldap & set all that up.  Fine.
You can use straight samba to keep those in sync, using the unix
password sync option.  To do that, you add something like this to your
smb.conf:

unix password sync = yes
passwd program = /bin/passwd %u

The upside of this is that changing their samba password will change
their unix password.  The downside, is that to keep things in sync,
they can't use passwd to change their unix password anymore, they'll
need to use smbpasswd.
Not a big deal really.

Now, lets say you did that, and now are having issues with one user
writing to a share, and the next user not being able to read what they
wrote (I'm just going to guess you'll run into this problem based on
what you've said so far).
Lets say you defined a share named APPS, and you have a unix group
APPS, to which these users belong.
In your share definition you need to make sure the create mask & the
directory mask allow reading/writing/executing by that group, and you
need to use the "force group" parameter.  So the whole share
definition would look something like this (after you set this up, you
may have to chown -R root:APPS that directory).
[APPS]
comment = Applications
path = /var/samba/shares/APPS
valid users = @APPS @admin
public = no
writable = yes
create mask = 0770
directory mask = 2770
force group = APPS


Hope all that helps.
--Kyle

On Wed, Feb 27, 2008 at 6:52 AM, Maginot Junior
<[EMAIL PROTECTED]> wrote:
> Well  this isnt possible, because all my share are sector specific
>  with group restriction ... So ... what I came across is to use mysql
>  (ldap is to big to my network with less them 100 users) to sync all
>  passwords, Im going to make a db with mysql and inside create a simple
>  "login, passwd, full name, homedir" table and populate it with the
>  same postfix password that users uses to access email and make through
>  pam it work with my ltsp server, email and hopefully with samba too,
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [SAMBA] how to make smbpasswd use or import system passwords?

[Volker Lendecke]

On Wed, Feb 27, 2008 at 09:52:32AM -0300, Maginot Junior wrote:
> Well  this isnt possible, because all my share are sector specific
> with group restriction ... So ... what I came across is to use mysql
> (ldap is to big to my network with less them 100 users) to sync all
> passwords, Im going to make a db with mysql and inside create a simple
> "login, passwd, full name, homedir" table and populate it with the
> same postfix password that users uses to access email and make through
> pam it work with my ltsp server, email and hopefully with samba too,
> and so make all password be sync... unfortunately I will have to make
> this new implementation, I think this is a samba fault, I really don't
> matter about windows passwords, because all my network isnt going to
> have windows boxes, so why samba one of the most complete projects
> I've ever seen for linux does not have a work through for this
> situation? Like mentioned here, is an ever week question, so Its being
> a big need for everyone ... I'm self come to this list in a extreme
> try to find an ultimate solution, because after googling around I was
> getting convinced that wasn't a possible thing to do.. now after your
> directly answers I'm sure of that.
> 
> I know smb is a protocol that are already in the go for a long time...
> but maybe some linux new things to smb protocol could really help.
> Well, this is more an idea then a complain, maybe Im being to
> promiscuous and not looking to a different view with some other good
> (god) solution ;) ... of course if anyone have any idea that could
> slap my face and give me a new horizon I would be pleased to see.
> 
> Well ... thanks anyway for the good advices and fast answer.

You can always use Kerberos. Doing a ssh public key SPNEGO
authentication mechanism might be a nice google SoC project
tough :-)

Volker


pgpNjErc6DhlI.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [SAMBA] how to make smbpasswd use or import system passwords?

[Maginot Junior]

Well  this isnt possible, because all my share are sector specific
with group restriction ... So ... what I came across is to use mysql
(ldap is to big to my network with less them 100 users) to sync all
passwords, Im going to make a db with mysql and inside create a simple
"login, passwd, full name, homedir" table and populate it with the
same postfix password that users uses to access email and make through
pam it work with my ltsp server, email and hopefully with samba too,
and so make all password be sync... unfortunately I will have to make
this new implementation, I think this is a samba fault, I really don't
matter about windows passwords, because all my network isnt going to
have windows boxes, so why samba one of the most complete projects
I've ever seen for linux does not have a work through for this
situation? Like mentioned here, is an ever week question, so Its being
a big need for everyone ... I'm self come to this list in a extreme
try to find an ultimate solution, because after googling around I was
getting convinced that wasn't a possible thing to do.. now after your
directly answers I'm sure of that.

I know smb is a protocol that are already in the go for a long time...
but maybe some linux new things to smb protocol could really help.
Well, this is more an idea then a complain, maybe Im being to
promiscuous and not looking to a different view with some other good
(god) solution ;) ... of course if anyone have any idea that could
slap my face and give me a new horizon I would be pleased to see.

Well ... thanks anyway for the good advices and fast answer.

[ ]'s
PS: I don't think NFS will be of the same control then Samba, so I
discarded this option...

On Wed, Feb 27, 2008 at 12:52 AM, Adam Williams
<[EMAIL PROTECTED]> wrote:
> you could use a tdbsam password backend, roaming profiles, tell all your
>  users they will have a default password of whatever, and set their
>  password to be expired, so on their first log in, they will be required
>  to change their password.  if you read the samba docs, Windows uses a
>  different password encryption then what /etc/passwd uses, they aren't
>  compatible.
>
>  or you can map to gues = bad user, and use guest only = yes and guest ok
>  = yes on your shares, and set your shares not browsable, but i wouldn't
>  recommend that.
>
>
> Maginot Junior wrote:
>  > Hi!
>  >
>  >
>  > Im almost loosing my hairs here...
>  >
>  > I have already had troubles configuring samba to work just like I
>  > wanted but in the end everything was fine. Now I have searched a lot
>  > and many different views for this problems, so I think its better come
>  > here trying to find the entire solution...
>  >
>  > I have about 30 users on my box, all have passwords already set.
>  > So I come to the idea of making a share for each sector, like sales,
>  > financial, ti, and so on.
>  > So far no problem, the shares are created, owned by root and with the
>  > group respectively with the share name (group sales, share sales).
>  > Have already added in /etc/group the users for each group and gone
>  > configuring smb.conf.
>  >
>  > I start using security = user and setting inside the shares "valid users = 
> @ti"
>  >
>  > Now comes the problem... when I try to access this share, I can only
>  > access with the user added to smbpasswd, for what I saw until now I
>  > must have the user in smbpasswd, this is a must to rule... I dont have
>  > any user passwd in my hand, so I cant just do a smbpasswd -a user and
>  > set what password whatever I want, so I tried "cat /etc/passwd |
>  > /usr/sbin/mksmbpasswd > /etc/samba/smbpasswd" and I got a lot of
>  > -XXX on the password fields of smbpasswd file...
>  >
>  > So Im lost on this, I must add all user to smbpasswd using the same
>  > password from the system... to make all to stay sync, but this is
>  > being a pain so any help will be very apreciated.
>  >
>  > Thanks,
>  >
>  >
>
>



-- 
Maginot Júnior
"the game of life"
LPIC - CCNA - ¿Designer?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] krb5.conf file in /var/lib/samba/smb_krb5; Samba 3.0.27a

[Alex de Vaal]

Hello list,

I've upgraded from Samba 3.0.14a to 3.0.27a (Samba is a domain member of a
W2k3 native AD) and I see that in the /var/lib/samba/smb_krb5 directory a
krb5.conf file is created.
Is this krb5.conf file extracted from my original /etc/krb5.conf? Or is this
file created from the "password server =" entry in my smb.conf file?
My original /etc/krb5.conf contains the DC's in DNS name and the
krb5.conffile in /var/lib/samba/smb_krb5 contains DC's on IP address.

I noticed also that the krb5.conf file in /var/lib/samba/smb_krb5 is only
renewed if /var/lib/samba/gencache.tdb is deleted before winbind is
restarted and it also uses the DC that is configured as primary DC in Sites
and Services in the Active Directory.

Can anyone shed a light how this work?

Thnx,
Alex.

Some info:

/etc/samba/smb.conf
===

password server = adm02.test.com, adm03.test.com


/etc/krb5.conf
==

[libdefaults]
 default_realm = TEST.COM

[realms]
 TEST.COM = {
  kdc = adm02.test.com:88
  kdc = adm03.test.com:88
  kdc = adm01.test.com:88


/etc/hosts


192.168.100.100adm01.test.com
10.0.0.100adm02.test.com
192.168.100.110 nhadm03.test.com


/var/lib/samba/smb_krb5/krb5.conf.TEST
=

[libdefaults]
default_realm = TEST.COM

[realms]
TEST.COM = {
kdc = 192.168.100.110
kdc = 10.0.0.100
}
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] APW New Driver Greyed Out

[jhall]

Thank you very much!


This solved my problem.



Jay

> Hallo,
>
> Rights/printer management changed in samba 3.???
>
> Check in smb.conf
>
> enable privileges = yes
>
> and try for example
>
> net -S  -U root rpc rights grant 'wheel' SePrintOperatorPrivilege
>
> bardo
>
> [EMAIL PROTECTED] schrieb:
>> Ladies and Gentlemen,
>>
>> I have done this before, but  for the life of me cannot get it to work
>> today.
>>
>> I am trying to setup SAMBA to allow non-technical users (one per site)
>> to
>> add printer drivers as needed.
>>
>> I am running Samba 3.0.24.  Following are the relevant entries from
>> smb.conf.
>>
>> # workgroup = NT-Domain-Name or Workgroup-Name
>> pid directory = /var/run/
>> workgroup = BACKUPS
>> netbios name = Backup
>> domain master = Yes
>> time server = yes
>> server string = Jefferson City Backup Server Number 1
>> username map = /usr/local/samba/lib/user.map
>> log level = 3
>> pritner admin = hallja,@wheel,root
>> use client driver = No
>>
>> [STCLRI7500]
>> use client driver = No
>> comment = St. Charles Regional Office Copier
>> browseable = Yes
>> printable = Yes
>> guest OK = Yes
>> path = /var/spool/samba
>> printer = STCLRI7500
>> printer admin = @wheel,hallja,root
>>
>>
>> [print$]
>> comment = Printer Driver Download Area
>> use client driver = No
>> path = /var/spool/samba/drivers
>> browseable = Yes
>> guest ok = Yes
>> read only = Yes
>> admin list = root,hallja,@wheel
>> write list = hallja,@wheel,root
>>
>> When I click on the Advanced Tab, the New Driver box is greyed out.
>> From
>> what I have read, this is a permissions problem, but I have been unable
>> to
>> find the problem.
>>
>> Using myself as an example, I log into the server and my Windows user
>> name
>> is mapped to hallja.  hallja is a member of the @wheel group.  hallja is
>> listed in the smbpasswd file.  I have also tried mapping my Windows
>> username to root without any success.  Mapping myself to hallja and root
>> yield the same result.
>>
>> The directory /var/spool/samba/drivers exists, and within that
>> directory,
>> I have created W32X86.  Permissions on this folder are root:wheel
>> rwxr-xr-x.
>>
>> Looking through the logs, I did not see any obvious errors. I have
>> bumped
>> the logging up to level 5.  Is there anything specific in the logs I
>> should be looking for?
>>
>> And, what else should I be looking at?
>>
>> Thanks in ad
>>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NT_STATUS_LOGON_FAILURE with ldap backend

[Luca Ferrari]

On Tuesday 26 February 2008 Adam Williams's cat, walking on the keyboard, 
wrote:
> did you run smbldap-populate?  even with a user in ldap, that is for
> their posix (linux shell) account.  you will still need to run smbpasswd
> -a user to add their samba NT and LM hashes and samba SID info to ldap.
>

Thanks Adam,
populating and using smbpasswd -a solved the problem, but now I'm a bit 
confused: if I want to change my users' info (password, etc) I need to use 
the smbldap-xxx scripts and that will change both the samba and ldap (unix) 
information? In other ways, the needing for a smbpasswd -a is required only 
as "init" step, or each time I change a password I need to use again 
smbpasswd? Moreover, what happens if I change a password using smbpasswd and 
not the smbldap-xxx? The samba account becomes unaligned with the ldap one?

Thanks,
Luca
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba malformed ACL

[Brad C]

Hi guys,

I've got a Samba PDC configured, with authenticating off an LDAP backend.

My client is trying to set permissions through Windows, and for some reason
no matter what I try the "everyone" group is always showing up as having
access.

When an admin user tries to set permissions on the share through windows I
get the following errors in my /var/log/messages

Feb 27 11:28:16 northcity smbd[16707]: [2008/02/27 11:28:16, 0]
smbd/posix_acls.c:create_canon_ace_lists(1468)
Feb 27 11:28:16 northcity smbd[16707]:   create_canon_ace_lists: malformed
ACL in inheritable ACL ! Deny entry after Allow entry. Failing to set on
file STORE KPI/filename.txt.

I presume this is because he's try to deny the everyone group access after
it's being allowed at the top.

Below is my smb.conf

[global]
workgroup = NCW
server string = Linux server
passdb backend = ldapsam:ldap://localhost
username map = /etc/samba/smbusers
encrypt passwords = yes
log level = 1
log file = /var/log/samba/log.%m
max log size = 1000
name resolve order = wins bcast hosts
time server = Yes
socket options = IPTOS_LOWDELAY TCP_NODELAY
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
logon path =
logon drive = Z:
logon home =
logon script = logon.bat
domain logons = Yes
os level = 65
domain master = yes
preferred master = Yes
local master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=northcity,dc=net
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=northcity,dc=net
utmp = Yes
admin users = @"Domain Admins"
map acl inherit = Yes
hide files = */desktop.ini/*
nt acl support = yes
utmp = yes
level2 oplocks = yes
oplocks = yes

[EMAIL PROTECTED]
comment = Document share
path = /data
create mask = 0770
force user = root
writeable = yes
guest ok = yes

I've tried setting guest ok = no and this makes no difference.
If I do getfacl data/ I get the following.

# file: data
# owner: root
# group: root
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::---

Below is the output from ls -al on this dir.

drwxrwx---+   8 root  root4096 Feb 26 17:13 data

I've tried removing perms, changing perms, changing users/groups using
setfacl and normal chown/chmod and nothing I do seems to get rid of the
"everyone" group access.

Below is more info about my samba version and filesystem info.

smbd --version
Version 3.0.26a-SerNet-SuSE
 mount -v
/dev/sda6 on / type reiserfs (rw,acl,user_xattr)
/dev/sdb1 on /data type ext3 (rw,acl,user_xattr)

I've tried the same permissions/acl's on both filesystem types without any
luck.

I'm running SLES9 Linux 2.6.5-7.257-smp #1 x86_64

Any help will be greatly appreciated.

Thanks.

Regards.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Do I have to create user accounts twice??

[John Drescher]

On Tue, Feb 26, 2008 at 5:50 PM, Raymond Holguin
<[EMAIL PROTECTED]> wrote:
> Im going to be migrating a windows file server of about 200+ users to
>  this samba server.  Now I have been searching for a while and can't seem
>  to find an answer.  My question is do I really have to create a unix
>  account for each user and THEN create the user account again on the
>  samba server??  I can't find a way to create a unix account and have
>  that account be also automatically created on the samba server.  is
>  there a solution for this or do I need to create some kind of custom
>  script to do this for me??
>
With ldap the answer is no (both unix and samba account get created in
the same place).
With other security mechanisms you need samba and unix accounts for each user.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] max password age won't work (3.0.27a)

[Markus Kahle]

Hi,

I come into a big problem with password age after upgrading to 3.0.27a.
We are using:

samba 3.0.27a
openldap 2.2.13
smbldap-tools 0.9.2

If a user change his password via the normal windows dialog the 
ldap-attribute "sambaPwdLastSet" is altered, but the other attributes 
like "sambaPwdCanChange" and "sambaPwdMustChange" aren't altered.
But we definitely set a global password age (90days) and the value is 
verfiable entered into ldap.


So why is this not regarded by samba if the user changes his password 
via the normal windows dialog ?



--
Markus

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] security = user, multiple Sambas, shared LDAP

[Daniel Pocock]

Adam Williams wrote:
security = domain is for domain member servers, which are servers that 
are part of the domain but don't authenticate users, handle roaming 
profiles, etc.  basically you'd use them for print servers, or more 
file shares.


why don't you just have a PDC and use BDCs?  sure you can have a bunch 
of domains and PDCs, but if its all for the same company, just go with 
the PDC and then a BDC on each subnet.  PDCs and BDCs both use 
security = user


There are two issues:

a) The workstations log on to another domain, managed by AD, and I don't 
want to integrate Samba with that domain


b) I want each Samba server to be able to operate independently, but 
give the users the convenience of a single password for all servers


I'm quite happy to create a Samba PDC, but if I can just make the Samba 
servers operate as standalone servers using a common workgroup name, is 
that more convenient to setup and more fault tolerant?


Daniel Pocock wrote:




Consider the following scenario:

- a single OpenLDAP server, with a single instance of the object 
class sambaDomain and a single SID:


dn: sambaDomainName=myserver,ou=samba,dc=example,dc=com
objectClass: sambaDomain
sambaDomainName: MYGROUP
sambaSID: S-1-2-3

- multiple Samba servers, each with the following configuration:

  security = user
  workgroup = MYGROUP

Is this a valid configuration?  Or does the SMB protocol require the 
domain security to be used (security = domain) when all servers share 
a single LDAP backend?


Regards,

Daniel



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] After migrating from Samba 2 to Samba 3 - home share names are case sensitive

[Douglas VanLeuven]

Andreas Schmidl wrote:
> Hello!
> 
> We have several sun solaris servers which are now serve Samba 3 services.
> For 2 weeks we migrate all servers from Samba 2 to Samba 3.
> After the upgrade to Samba 3 all shares generated by [home]-section in
> smb.conf have case sensitive names.
> 
> For example:
> 
> Besides root user john exists on the server and has a home folder.
> 
> If user john want to access his share with a Windows client he use the path:
> 
> \\server\john
> 
> This works great.
> 
> But if he want to access his share using the path:
> 
> \\server\JOHN
> 
> he can't access the share.
> 
> Samba 2 doesn't differ between the two paths.
> 
> Other shares on the server (no [home] share) for example [smb_test] can be
> accessed by typing:
> 
> \\server\SMB_TEST or
> \\server\smb_test
> 
> My [home]-section on the server:
>  [homes]
> comment = UNIX Home Directory for %S
> valid users = %S
> writeable = yes
> browseable = no
> 
> 
> In my opinion there aren't any special configuration in this section and of
> course no change since migration from samba 2 to samba 3.
> 
> Are there any solution for this problem? Or is it a samba 3 security feature
> ;-)
> 

Try taking out the valid users = %S and see if the problem persists.

Anyway, I know that without that, case doesn't matter on my machine.
Not an inherent function.  There are other things the %S inhibits as well.

Regards, Doug

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] page_count x number_of_copies

[Michael Heydon]

Fabiano Caixeta Duarte wrote:

Hi all!

I have a samba print server which stores information about each job. To
accomplish this, I have set 'printing = sysv' so I can use print command.

Print command passes to a script some info including '%c' (page_count).
The problem is that if someone sends more than one copy of the document,
%c doesn't tell me so.

It means that %c tells exactly the number of pages sent to the printer
without doing the necessary math.

How can I know the real amount of pages sent to the printer?

Thanks in advance!

  
What do you use for your print spooler? If you are using cups there is a 
backend/filter/thing (i forget what it is called) that will do page 
counting. The advantage of it is that it will count actual pages printed 
which means it will deal not only with your multiple copies issue but 
also if the job is deleted before reaching the printer or if the printer 
is offline.


*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Windows C# unable to access Samba directories.

[Michael Heydon]

BARKAN AVIGDOR wrote:

Hi,

 


I have written a simple c# program that move file from windows to a Unix path 
via samba.

The user that do the work is a full privilege user.

Using a win application this works fine but when I activated the prog. as a win service, 


I got a strange activity and the prog wasn't been able to find the folders.
  


Have you checked the server logs? Is the client attempting to connect? 
if so, what goes wrong?


 


So I’m very much interested in troubleshooting the problem.

Can you please send the me the sample code.
  

All of the samba code is available via ftp at us3.samba.org/pub/samba/
 


Thank you ahead

Avigdor


  



*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Lower and Upper Case and MS C# FilesystemWatcher

[Michael Heydon]

Andy Expert wrote:

Hi all,

I'm trying to find a way to make the C# FilesystemWatcher class distinguish 
between Linux mixed lower and upper case files on a  Samba share. E.g., file A 
is called abc.JPG and file B is abc.jpg, and Linux knows that's two files - 
now, when I delete such a file via a Samba share, both files A and B are 
deleted.

I did not find a solution at Google or in this list, so any help or helping 
link is appreciated.

Thank you very much,
Andreas

   
-

Ihr erstes Baby? Holen Sie sich Tipps von anderen Eltern.
  

case sensitive = yes

just don't expect it to be perfect, Windows doesn't really understand 
case sensitive file names


*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Do I have to create user accounts twice??

[Raymond Holguin]

Im going to be migrating a windows file server of about 200+ users to 
this samba server.  Now I have been searching for a while and can't seem 
to find an answer.  My question is do I really have to create a unix 
account for each user and THEN create the user account again on the 
samba server??  I can't find a way to create a unix account and have 
that account be also automatically created on the samba server.  is 
there a solution for this or do I need to create some kind of custom 
script to do this for me??


Thanks
-Ray

--

Raymond Holguin
Programmer Analyst
College of Humanities, Arts, and Social Sciences
Tel: (951) 827-6212
Email: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] UserPrincipalName with samba/winbind 3.2

[Nicolas . CLEMENTZ]

Hi,

  I'm currently trying the 3.2 version of winbindd (pam + nss +
winbindd). I would like to loging with the userPrincipalName on à Win 2k3
but I can't. Winbindd retrun NT_STATUS_INVALID_PARAMETER_MIX (PAM: 4)
Any idea


winbindd --version output :
  Version 3.2.0pre2-GIT--e 85eec1d-test



My smb.conf file :

   [global]
   security = ads
   realm = IUT-COLMAR.NET
   password server = 10.252.254.10
   workgroup = IUT-COLMAR
   #   winbind separator = +
   idmap backend = idmap_rid:IUT-COLMAR=7-100
   idmap uid = 7-100
   idmap gid = 7-100
   winbind enum users = yes
   winbind enum groups = yes
   winbind expand groups = 1
   winbind offline logon = true
   winbind use default domain = yes
   winbind refresh tickets = true
   template homedir = /home/%D/%U
   template shell = /bin/bash
   client use spnego = yes
   client ntlmv2 auth = yes
   encrypt passwords = yes
   restrict anonymous = 2
   domain master = no
   local master = no
   preferred master = no
   os level = 0

   use kerberos keytab = True
   log level = 3
   log file = /var/log/samba/%m


   [public]
   path = /perso/public
   read only = no


/etc/pam.d/common.auth
   authsufficient  pam_winbind.so krb5_auth krb5_ccache_type=FILE
   debug debug_state cached_login

/var/log/auth.log

   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] ENTER: pam_sm_authenticate (flags: 0x0001)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_SERVICE) = "sshd" (0xb7fd5dd8)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_USER) = "[EMAIL PROTECTED]"
   (0xb7fce148)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_TTY) = "ssh" (0xb7fd63f8)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_RHOST) = "adm028.iut-colmar.net"
   (0xb7fd8520)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_CONV) = 0xb7fda9e8
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): user
   '[EMAIL PROTECTED]' OK
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): user
   '[EMAIL PROTECTED]' OK
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   getting password (0x1381)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): Verify
   user 'IUT-COLMAR\flavio.scollo'
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): PAM
   config: krb5_ccache_type 'FILE'
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   enabling krb5 login flag
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   enabling cached login flag
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   enabling request for a FILE krb5 ccache
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   request failed: NT_STATUS_INVALID_PARAMETER_MIX, PAM error was System
   error (4), NT error was NT_STATUS_INVALID_PARAMETER_MIX
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   internal module error (retval = 4, user = 'IUT-COLMAR\flavio.scollo')
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] LEAVE: pam_sm_authenticate returning 4
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_SERVICE) = "sshd" (0xb7fd5dd8)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_USER) = "[EMAIL PROTECTED]"
   (0xb7fce148)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_TTY) = "ssh" (0xb7fd63f8)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_RHOST) = "adm028.iut-colmar.net"
   (0xb7fd8520)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_AUTHTOK) = 0xb7fd6408
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_CONV) = 0xb7fda9e8
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: Failed password for invalid
   user [EMAIL PROTECTED] from 10.252.12.12 port 37903 ssh2

Winbindd -F -i -d 10 last lines output :

   .
   Returning valid cache entry: key =
   IDMAP/SID/S-1-5-21-1960408961-2147064713-1801674531-4452, value =
   IDMAP/UID/74452, timeout = Mon Feb 25 12:30:19 2008
   Storing response for pid 23500, len 3240
   Added timed event "async_request_timeout": b7f71d70
   timed_events_timeout: 299

[Samba] Authentication problem

[Nicolas Camacho]

Hi all,

We have a PDC with Samba 3.0.22-13.16 with an LDAP server working fine with
no problem.
We also have a BDC on a remote office and some workstation just cannot log
into the domain. The only solution is to delete machine from domain, reboot,
and join the domain again.
We have a message into samba log : _net_auth2: creds_server_check failed.
Rejecting auth request from client.
Has anyone ever experienced it ?
Think this could become from the password server or ldap backend but not
sure.
Here my smb.conf

Thanks for your answers
# Global parameters
[global]
admin users = root
netbios name = stpc07
interfaces = eth2
workgroup = DOMAIN
server string = Serveur PDC Chomarat GNU/Linux
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=admin,dc=chomarat,dc=lan
ldap suffix = dc=chomarat,dc=lan
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Machines
ldap delete dn = Yes
wins support = Yes
name resolve order = lmhosts host wins bcast
time server = Yes
add user script = /usr/sbin/useradd -s /bin/false -M %u
add group script = /usr/sbin/groupadd '%g'
add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G '%U' | 
/bin/sed 's/ /,/g'`,'%g' '%U'
add machine script = /usr/sbin/useradd -s /bin/false -M %u
logon script = %U.bat
logon path =
domain logons = Yes
os level = 34
lm announce = Yes
preferred master = Yes
domain master = Yes
local master = Yes
dns proxy = No
security=user
ldap ssl = no
panic action = "/usr/share/samba/panic-action"
create mask = 0777
directory mask = 0777
log level = 1
nt acl support = Yes
guest ok = no

 
#Repertoires

[netlogon]
comment = Fichiers Scripts de Login
path = /home/netlogon
browseable = no
read only = Yes
write list = erival, Administrateur

[log]
comment = Repertoire de log
path = /home/log
browseable = no
read only = No
guest ok = yes
[global]
# Nom du domaine
workgroup = DOMAIN
netbios name = Sctc01
server string = Serveur Samba Tunisie
nt acl support = Yes
security = user
domain master = no
domain logons = yes
idmap uid = 1-2
idmap gid = 1-2
winbind separator = /
logon path =
logon home =
logon script = %U.bat
password server = 10.1.0.41
passdb backend=ldapsam:"ldap://10.1.0.41 ldap://10.6.0.41";
ldap admin dn = cn=admin,dc=chomarat,dc=lan
ldap suffix = dc=chomarat,dc=lan
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Machines

create mask = 0777
directory mask = 0777

wins server = 10.1.0.41
load printers = yes
printing = cups

[netlogon]
comment = Fichiers Scripts de Login
path = /home/netlogon
browseable = no
read only = Yes
write list = erival, frjaune, Administrateur

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] HP printer can't access samba share

[Jason Forkey]

Hi,

I have an HP printer that can do Direct Digital Filing to a windows share. 
I've verified that this works for a real windows box, but it fails to
connect to  my samba server on linux with this error:

[2008/02/23 10:53:52, 0] smbd/service.c:make_connection(1191)
  192.168.2.6 (192.168.2.6) couldn't find service
<80><80><80><80><84><80><98><80><94><80><80><84><80><80><80><80><80><8C><80>

I have set up the share as guest writeable and have security=share in my
smb.conf.  So It should be wide open for anyone to access.  The problem
seems to be that the printer is encoding the service name somehow.  Does
anyone know what it is doing?  Is there some setting I can configure to get
samba to accept this encoded service name?

Thanks
Jason

-- 
View this message in context: 
http://www.nabble.com/HP-printer-can%27t-access-samba-share-tp15657628p15657628.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] XP clients won't login to samba domain

[beaker15]

Hi, 

I have a small network with several Windows XP clients and an Ubuntu server
(7.10) running Samba (3.0.26) as a Domain Controller but can't get the
clients to login to the domain. Here's my smb.conf:

[global]
name resolve order = wins lmhosts host bcast
idmap gid = 1-2
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
obey pam restrictions = yes
admin users = test frc @Admin
passwd program = /usr/bin/passwd %u
dns proxy = no
netbios name = SRV-01
writeable = yes
printing = cups
idmap uid = 1-2
local master = yes
workgroup = CYSOL
os level = 65
printcap name = cups
security = user
max log size = 1000
delete user script = /user/sbin/userdel -r %u
log level = 3
log file = /var/log/samba/log.%m
load printers = yes
add group script = /usr/sbin/groupadd %g
socket options = TCP_NODELAY
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
logon drive = L:
domain master = yes
interfaces = 127.0.0.0/8 eth0
encrypt passwords = yes
logon home = \\%N\%U
printer admin = test frc @Admin
passdb backend = tdbsam
template shell = /bin/bash
wins support = true
server string = %h server (Samba %v, Ubuntu)
path = /usr/network/
unix password sync = no
logon path = \\%N\%U\profile
add user script = /usr/sbin/useradd -m %u
valid users = test frc @Admin
syslog = 0
panic action = /usr/share/samba/panic-action %d
domain logons = yes
#winbind enable local accounts = no
#winbind trusted domains only = yes
#winbind enable local accounts = no

All the client machines have been added to samba as machine trust accounts
and users have been added too. In Windows, I can join the domain with the
user 'frc' which succeeds and brings up the message 'Welcome to the domain
CYSOL'. Its only after restarting and trying to login at startup that it
brings up the standard message saying the domain controller is unavailable
or machine account not found. testparm shows the server as a PDC with no
errors. Here's some lines I've picked out from a few of the logfiles:

smbd.log

[2008/02/21 15:55:37, 3] smbd/connection.c:yield_connection(76)
  yield_connection: tdb_delete for name  failed with error Record does not
exist.
[2008/02/21 15:55:37, 3] smbd/server.c:exit_server_common(768)

[2008/02/21 15:55:38, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133)
  store_gid_sid_cache: gid 10001 in cache -> S-1-5-32-545
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2617085589-4112103509-674510089-1000]
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2008/02/21 15:55:38, 3] lib/util_seaccess.c:se_access_check(250)
[2008/02/21 15:55:38, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-2617085589-4112103509-674510089-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11

SRV-01.log  [server]

[2008/02/21 15:42:14, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2008/02/21 15:42:14, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]

[2008/02/21 15:42:14, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [frc] -> [frc] -> [frc]
succeeded
[2008/02/21 15:42:14, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089)
  fetch gid from cache 1 -> S-1-5-32-544
[2008/02/21 15:42:14, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089)
  fetch gid from cache 10001 -> S-1-5-32-545
[2008/02/21 15:42:14, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2617085589-4112103509-674510089-3000]
[2008/02/21 15:42:14, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-22-2-0]
2008/02/21 15:42:14, 3] smbd/service.c:make_connection_snum(1033)
  srv-01 (127.0.0.1) connect to service IPC$ initially as user frc (uid=0,
gid=0) (pid 4197)


CYCLE-05.log [client]

[2008/02/21 15:58:04, 3] lib/util_sid.c:string_to_sid(223)
  string_to_sid: Sid frc does not start with 'S-'.
[2008/02/21 15:58:04, 3] lib/util_sid.c:string_to_sid(223)
  string_to_sid: Sid @Admin does not start with 'S-'.
[2008/02/21 15:58:04, 2] smbd/uid.c:change_to_user(193)
  change_t

Re: [Samba] Linux clients, "force * mode"

[pbowers]

To get "force create mode" and "force directory mode" to work with cifs
clients try setting "unix extensions = no" in your smb.conf.  It worked for
me.
-- 
View this message in context: 
http://www.nabble.com/Linux-clients%2C-%22force-*-mode%22-tp15573503p15612688.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] create_builtin_administrators: Failed to create Administrators

[Johan Louwers]

Strange problem,

Trying to run a samba server as a PDC, I have created samba users and shares. I 
can access the shares however I am unable to connect to the domain. If I switch 
my settings on a win xp machine to make him a member of the domain then I am 
asked for a username and password. I have created a root samba user and if I 
connect like this user I get the following error:

The following error occured attempting to join the domain"domainxx"
The username could not be found.


Also in the /var/log/samba log files I get the following messages for every 
time I do a login try like this:
[2008/02/21 09:29:45, 0] auth/auth_util.c:create_builtin_administrators(785) 
create_builtin_administrators: Failed to create Administrators
[2008/02/21 09:29:45, 0] auth/auth_util.c:create_builtin_users(751) 
create_builtin_users: Failed to create Users

Please find below a par of the smb.conf:
 log file = /var/log/samba/log.%m
load printers = No
ldap ssl = no
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
include = /etc/samba/dhcp.conf
socket options = TCP_NODELAY
obey pam restrictions = Yes
logon drive = C:
force group = all
deadtime = 15
domain master = Yes
winbind enable local accounts = no
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
wins support = true 
allow hosts = 10.64.1.0/255.255.255.0, 10.32.2.0/255.255.255.0, 
10.64.7.0/255.255.255.0
dns proxy = No
domain admin users = root
oplocks = no
netbios name = PDC01
server string = %h server
writeable = yes
logon script = %U.cmd
remote announce = 10.32.2.255/DOMAINXX
workgroup = domainxx
force user = smbguest
os level = 32
add user script = /usr/sbin/useradd -d /dev/null -g 300 -c "Machine 
Account" -s /bin/false -M %u
update encrypted = Yes
syslog = 0
panic action = /usr/share/samba/panic-action %d
max log size = 1000
domain logons = Yes
security = user


Anyone any clue on how to proceed to make this work? Thanks already.


With kind regards,
Johan Louwers


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Running 2 network cards with samba

[Robert K. Vanderhoek]

Hi,

   I am having some problems getting samba to work with 2 network cards 
on the same workgroup.  I am using Samba version 3.0.10 the version that 
comes with RHEL4.  eth0 is set to 192.168.1.2 and is hooked into a 
switch on the network and will be used to communicate with other pcs on 
the network.  eth1 is set to 192.168.2.2 and is hooked directly with a 
crossover cable to another pc not on the network just nic to nic.  The 
other pc isn't on the network because i only want it to communicate 
directly to the server off of the second nic eth1.  I set the pc running 
off eth1 to the workgroup TAC.  The server is also setup to run in the 
TAC workgroup.  The pcs on the network that will be seeing the server 
from eth0 192.168.1.2 are also set to the TAC workgroup.  I can map 
drives with both but it seems to want to default to eth0 connections 
only, and my connection through eth1 gets dropped after the pc is 
shutdown and turned back on.  I guess my question is how do i setup 
samba to run and broadcast continually to both network cards eth0 and 
eth1.  Thank you, Robert

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] auth/auth_util.c:create_builtin_users(751)

[Johan Louwers]

Hi,
I am trying to setup a Samba server as a Primary Domain Controller, I have
added some user accounts and created some shares and I can access them from
a win XP client. 

Now I would like the Samba server to be the PDC. I like to join the domain,
however when I set the domain in XP I have to enter a username and password
for domain binding. The message I recieve is:

The following error occured attempting to join the domain"domainxx".
The username could not be found.

In the samba log files I find the following error messages every time I try
to connect:
[2008/02/21 09:29:45, 0] auth/auth_util.c:create_builtin_administrators(785)
create_builtin_administrators: Failed to create Administrators
[2008/02/21 09:29:45, 0] auth/auth_util.c:create_builtin_users(751)
create_builtin_users: Failed to create Users

Please also find my smb.conf file here (part of it):
log file = /var/log/samba/log.%m
load printers = No
ldap ssl = no
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
include = /etc/samba/dhcp.conf
socket options = TCP_NODELAY
obey pam restrictions = Yes
logon drive = C:
force group = all
deadtime = 15
domain master = Yes
winbind enable local accounts = no
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
wins support = true 
allow hosts = 10.64.1.0/255.255.255.0, 10.32.2.0/255.255.255.0,
10.64.7.0/255.255.255.0
dns proxy = No
domain admin users = root
oplocks = no
netbios name = PDC01
server string = %h server
writeable = yes
logon script = %U.cmd
remote announce = 10.32.2.255/DOMAINXX
workgroup = domainxx
force user = smbguest
os level = 32
add user script = /usr/sbin/useradd -d /dev/null -g 300 -c "Machine
Account" -s /bin/false -M %u
update encrypted = Yes
syslog = 0
panic action = /usr/share/samba/panic-action %d
max log size = 1000
domain logons = Yes
security = user


Anyone any clue?



-- 
View this message in context: 
http://www.nabble.com/auth-auth_util.c%3Acreate_builtin_users%28751%29-tp15607220p15607220.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Delegation of authentication (S4U) and SAMBA

[Todd Stecher]

On Feb 20, 2008, at 2:05 PM, Andrew Bartlett wrote:


Why do we need to check that, expect if we think that unprivileged
processes on our box have access to the keytab?



That would be the concern, yes.


Todd Stecher | Windows Interop Dev
Isilon SystemsP +1-206-315-7500 F  +1-206-315-7501
www.isilon.comD +1-206-315-7638M +1-425-205-1180



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Delegation of authentication (S4U) and SAMBA

[Todd Stecher]

From my readings, only the Heimdahl Kerberos distribution has S4USelf  
support, at least in the Samba 4 code base.  MIT tries to stay away  
from being PAC-cognizent.



It sounds like you're trying to do something slightly different - e.g.  
Constrained Delegation, where the identity lives in the PAC, and not  
in the ticket.  There are additional security considerations which  
come into play when relying simply on the PAC, since anyone can put a  
PAC into a service ticket with a custom codebase - you can easily get  
into cases of identity theft if you also don't verify the second  
(KRBTGT HMAC of the server signature) signature in the PAC.


I can't say much more than that, unfortunately, but I wanted to point  
out the ease of escalation of privs unless the other security  
mechanisms are evaluated before trusting the PAC's principal.


Todd

On Feb 20, 2008, at 12:49 PM, Andrew Bartlett wrote:



On Tue, 2008-02-12 at 12:15 -0800, Ephi Dror wrote:

Hello,



Does samba support the use of S4U?



What do we need to configure in SAMBA or krb5 to support getting a
ticket obtained by S4U.  We are using 3.0.25 and krb5-1.4.1



We are getting the following error:



decode_pac_data: Name in PAC [EMAIL PROTECTED] 
]

does not match principal name in ticket



The ticket could be different than the PAC name because the ticket  
was

obtained using S4U extension.


As you have found out, the code does not currently allow this.

Now that we are using the PAC, it shouldn't be too hard for you to
change things so that instead of requiring the two strings does to
match, it takes the PAC in precedence (if available).

I suggest raising this on samba-technical

Andrew Bartlett

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Red Hat Inc.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Todd Stecher | Windows Interop Dev
Isilon SystemsP +1-206-315-7500 F  +1-206-315-7501
www.isilon.comD +1-206-315-7638M +1-425-205-1180



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: cifs verses smbfs for Linux clients

[Steve Langasek]

On Tue, Feb 19, 2008 at 08:58:54PM +0100, Volker Lendecke wrote:
> On Tue, Feb 19, 2008 at 08:22:56PM +0100, Christian Perrier wrote:
> > At least considering to distribute it (or a derived work) as part of
> > the samba distribution could help samba users to switch from smbfs to
> > cifs?

> Sorry, we can't. Looks nice, but is GPLv2 only.

Is this a problem practically, or is it a matter of the Samba Team's
licensing policy?

As this is a stand-alone shell script, I wouldn't expect there to be any
license compatibility issues; but if it's a requirement that even shell
scripts be GPLv3 to ship with Samba, I'll concede "GPLv2 or greater".

Cheers,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba suddenly not working, and all I did was change hard drives!

[Scott David Gray]

Hi,

We've had our business server functioning dandy for a long time, with
SAMBA acting as a domain controller for our Windows XP pro clients. No
issues. All was lovely.  We're running Suse 9.3, Kernel
2.6.8-24.14-smp, Samba version Version 3.0.9-2.3.

Now, it was time to upgrade hard drives in the RAID controller, to
create a 200 gb container (rather than the 100 gb container we had).
So, hard drives were changed, and all our good data dropped right back
on the new drives. All looked good.

The clients can see the domain controller (Babylon), browse the domain
(SVS), read and write files, etcetera. But they cannot join the
domain!

As an aside, browsing the domain is recorded in the SAMBA logs on the
server, but requests to join the domain are not.

   1: The Babylon SAMBA server is physically the exact same machine,
configured the exact same way as it was before, save that we put new
(larger, faster) hard drives in, and dropped all of the old data back
on the new drives (still RAID 5).
   2: The clients are still the same old clients.
   3: The samba server is running, with no errors in the log files
(log level = 9).
   4: The clients *sometimes* see the SAMBA workgroup (once they have
seen it once, they continue to see it until either SAMBA or the client
is restarted).

BUT

 When I attempt to actually have one of the clients join the SVS
domain (by going to system properties -> computer name changes,
clicking the "domain" radio button, typing the domain name SVS, and
clicking OK), it doesn't work so well. . . . I get the following
error:

A domain controller for the domain SVS could not be contacted. Ensure
that the domain name is typed correctly. If the name is correct, click
Details for troubleshooting information

 Details, gives the following: "DNS name does not exist." (error code
0x232B RCODE_NAME_ERROR)

I am almost positive that the problem is on the client end.
1: The clients take their sweet time *finding* Babylon in the
workgroup in the first place, and can't always frind the workgroup.
2: Once they have found Babylon in the workgroup, they can browse
Babylon fine. And their browsing is recorded as expected in the SAMBA
logs.
3: They do not even probe Babylon as a domain controller -- nothing
happens in the logs when I try to connect to the SVS domain from a
client.
4: The error messages indicate that the Windows machine thinks that it
should find the authentication via DNS wather than Netbios or Wins.

I have shut off every piece of equipment in the network (switches,
routers) for at least 45 minutes, to clear out possible caches that
may be messing up the clients. I have added a hosts and lmhosts file
to the clients, to make it easier to find the server. But these are
having no effect.

Any assistance would be very welcome!  Thank you!

-- 
-- Scott David Gray
http://www.sudval.org/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Joining an AD domain

[Tom Weishaupt]

I was wondering if anyone knows the solution to this little problem?
 
I have several Linux boxes that connect to a Windows 2003 AD domain.
However I currently cannot connect any new Linux computers to the domain
even though the distributions are all the same and the smb.conf,
krb5.conf are identical on all the boxes..
 
When I run kinit [EMAIL PROTECTED] I get a ticket issued. However
when I issue the net ads join [EMAIL PROTECTED] command the first
time it just appears to hang. I CNTRL+C and re-issue the command and it
says machine account already exists- modifying old account and appears
to hang. I can leave this for several days and it never respond with
Machine joined Domain. 
 
I also cannot get domainUser or domainGroup information.
 
I have recently removed an existing working system from the domain and
tried to log it back into the domain and now get the same machine
account already exists- modifying old account message and it will not
rejoin the domain.
 
 
ANY IDEASin need of HELP desperately
 
 
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.21b is not able to connect to password server

[Ian.LeCoultre]

I am using 

 

Samba Version 3.0.26a

 

On -SUSE-SLES9

 

I had to 

 

server schannel = on

client schannel = on

 

in the smb.conf

 

before I could run the net rpc join below and have it join the domain.

 

net rpc join -S domain controller -U root

Joined domain 

 

Regards,

 

 

Ian.

 

===

Ian Le Coultre

IM&T Business Support W.A.

===

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] please help me st up samba as an application server

[Jarvis Williams]

Hi, 
I have samba running as a server, but i need to make it into an application 
server, I don't even know where or how to start. please help, any advice or 
assistance would be much appreciated.




  

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] FreeBSD: Changing UNIX password - Password Chat?

[Jon Theil Nielsen]

2008/2/14, Fabiano Caixeta Duarte <[EMAIL PROTECTED]>:
> Jon Theil Nielsen escreveu:
> > 2008/2/13, Edmundo Valle Neto <[EMAIL PROTECTED]>:
> >> Jon Theil Nielsen escreveu:
> >>> I can't get my Samba PDC (FreeBSD 7,0-BETA3) changing UNIX passwords
> >>> from Windows clients (Ctrl-Alt-Del).
> >>> I now have the password chat debug active and I have loglevel 100.
> >>> I am not certain about the syntax in the password chat. But if I from
> >>> a console try to change the password of a given user (here testuser1),
> >>> I see these lines:
> >>>
> >>> mflserver3# /usr/bin/passwd testuser1
> >>> Changing local password for testuser1
> >>> New Password: (entering the password)
> >>> Retype New Password: (entering it again)
> >>>
> >>> >From that i guess the expression in the chat would be:
> >>> *Changing*local*password*for* %u\n *New*Password* %n\n
> >>> *Retype*New*Password* %n\n
> >>>
> >> No.
> >>
> >> %u is the username and %n is the newpassword.
> >>
> >> "What*to*expect"
> >> %n\n (send the password and a new line)
> >> "What*to*expect*then"
> >> %n\n (send the password again and a new line)
> >>
> >>
> >>> Selected parts of the log shows:
> >>>
> >>> [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(279)
> >>>   expect: expected [*Changing*local*password*for*] received [Changing
> >>> local password for testuser1
> >>>   New Password:] match yes
> >>>
> >> It matched the two first lines stopping at (New Password:) as you have a
> >> * at the end.
> >
> > Okay, I shoulden't have that trailing "*"?
> >
> >> And wait.
> >>
> >>> [2008/02/13 17:47:07, 10] smbd/chgpasswd.c:expect(290)
> >>>   expect: returning True
> >>> [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(242)
> >>>   expect: sending [testuser1
> >>>   ]
> >>>
> >> You sent an username to the New password: prompt???
> >
> > It wasn't my intention, but I can see that's what happened.
>
> You seem to have three macros in your passwd chat: %u %u and %n.
> Instead, you need %u %n %n.
>
> See?
>
>
> >
> >>> [2008/02/13 17:47:07, 10] lib/util_sock.c:read_socket_with_timeout(476)
> >>>   read_socket_with_timeout: timeout read. select timed out.
> >>> [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(279)
> >>>   expect: expected [*New*Password*] received [
> >>>   Retype New Password:] match yes
> >>>
> >> It matched the second line stopping at (Retype New Password:)
> >> And wait.
> >>
> >>> [2008/02/13 17:47:07, 10] smbd/chgpasswd.c:expect(290)
> >>>   expect: returning True
> >>> [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(242)
> >>>   expect: sending [VerySecret
> >>>   ]
> >>>
> >> You sent a "VerySecret" password (that obviously will not match the first)
> >
> > So, that part seemed to work. But obviously not compared to what happened 
> > above.
> >
> >>> [2008/02/13 17:47:10, 10] lib/util_sock.c:read_socket_with_timeout(476)
> >>>   read_socket_with_timeout: timeout read. select timed out.
> >>> [2008/02/13 17:47:10, 100] smbd/chgpasswd.c:expect(279)
> >>>   expect: expected [*Retype*New*Password*] received [
> >>>   Mismatch; try again, EOF to quit.
> >>>   New Password:] match no
> >
> > And again something is completely wrong, I see.
> >
> > As I said, I am far from confident with the syntax/mecanism here. So I
> > would really appreciate some more explicit help. I have tried to
> > modify the chat by removing the trailing "*" or by putting the
> > expressions into double quotes - but with no luck.
> > Again, what is going on in the console is exactely what I wrote above.
> > What would then be tbe correct chat?
> >
> > Regards,
> > Jon Theil Nielsen
>
> Look for my answer in the middle of the above post ;)

I give up. My chat was:

*Changing*local*password*for* %u\n *New*Password* %n\n
*Retype*New*Password* %n\n

As I see it, three macro substitutions %u, %n and %n

You said above:

> "What*to*expect"
> %n\n (send the password and a new line)
> "What*to*expect*then"
> %n\n (send the password again and a new line)

Do I not need to include the output from the system (e.g. "Changing
local password")?
I feel really stupid. I have just tried to adjust the example from the
man page to the FreeBSD reality. Maybe I should just sleep on it and
try again with some other combinations...

But thanks, anyway..!

Regards,
Jon Theil Nielsen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] xinetd and nmbd config file

[Phil Sanders]

Would someone please post a copy of a working xinetd.d file for daemon nmbd?

My fault isolation has led me to a non-existance of any inetd.conf listing, 
xinetd.conf, or nmbd file in directory xinetd.d for the daemon nmbd.

My attempts to compose such on my own is bogus at best.

Using Kubunto desktop and just messing around with WINS, Samba, SWAT, and 
Webnim.

Phil

  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple homedir entries in smb.conf ?

[Laurent CARON]

J. Strohschnitter wrote:

What about mounting with the bind option all the
 > >> /home/$SERVER/home/$USERNAME dirs in /home/$USERNAME


Hi

don't know about bind-option. What is meant with "bind-option" ? Is it an option
for the smbfstab ?



Ok

I have read the manpages fpr mount. So I tried out:

Existing mounts:

//server01/home on /server/server01
//server02/home on /server/server02

So I tried to mount via:

# mount --bind /server/server02 /server/server01

But now in /server/server01 I see only the content of server02.
What do I wrong ?



what about:

mount --bind /server/server02/home/$USER /home/$USER
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Listing users from a group (net rap groupmember list)

[Leonardo Rodrigues]

Hello list!

I've been trying to list the users from a group of my samba server
(running on an OpenBSD 4.2 box) by using "net rap groupmember list
GROUPNAME -S PDC -U administrator%password -w DOMAIN", but I get
nothing in return.

By running the command with a -d for debug purposes, I get the messages above:

 
/usr/ports/net/samba/w-samba-3.0.25b-cups/samba-3.0.25b/source/libsmb/clirap2.c:cli_NetGroupGetUsers(548)
  NetGroupGetUsers gave error 2220
/usr/ports/net/samba/w-samba-3.0.25b-cups/samba-3.0.25b/source/libsmb/clirap2.c:cli_NetGroupGetUsers(566)
  NetGroupGetUsers no data returned

The souce file (clirap2.c) tells me that error 2220 means "Group does
not exist". But I'm pretty sure that the group I'm looking for does
exist.

I'm lost here. Is "net rap groupmember list" broken? Or do I have a
problem in my setup?

Thanks in advance!

Leonardo Rodrigues

PS. I'm not subscribed to the list, please CC me.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] domain member WIN2003 AD - Trusted Domain

[hans paul]

Hi folks,

we have a problem with a win2003 DC and Samba. The authentification of users 
from the dc works fine, but when we added users from a forest trust in a active 
directory localgroup, samba don't find the users...

I post this problem here:
https://bugzilla.samba.org/show_bug.cgi?id=5245

Maybe you can help.

Cheers

Paul
-- 
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problems with samba and VISTA SP1 and samba Version 3.0.23d

[Todd Stecher]

I'm currently investigating an issue like this - basically, a customer  
of ours is using Vista SP1, and transferring large files.  The  
transfer is interrupted - the interruptions appear to correlate to  
these entries in samba.log:


sloisn01-1: [2008/01/14 16:33:46, 0, pid=77015, effective(0, 0),  
real(0, 0)] lib/util_sock.c:write_data(563)
  write_data: write failure in writing to client 10.0.13.40. Error  
Broken pipe
sloisn01-1: [2008/01/14 16:33:46, 0, pid=77015, effective(0, 0),  
real(0, 0)] lib/util_sock.c:send_smb(1016)

  Error writing 4 bytes to client. -1. (Broken pipe)

In my experience, this typically happens when the Windows OS is  
unsatisfied with a message returned from Samba, and drops the  
connection.  In my case, they are also using SMB signing, so it may  
also be part of the problem.  I'm trying for an internal repro, and  
will update the list with my findings.  There's also some chance this  
is fixed in 3.2.xx builds - have you tried those?


Tx,
Todd



On Jan 10, 2008, at 1:22 AM, Mössler, Michael wrote:


Yesterday i installed then new SP1 RC for Microsoft Vista Enterprise,

Since then I cant connect to our samba server any more.

Samba is configured as ad member, with winbind and idmap backend =  
rid.




Has anyone the same Problem ?





Mit freundlichen Grüßen



Michael Mössler



uhb consulting AG

Chiemseering 1

84427 St. Wolfgang



Tel.:08085/939-131

Fax.:  08085/939-222

Web:  www.uhb-consulting.de





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Todd Stecher | Windows Interop Dev
Isilon SystemsP +1-206-315-7500 F  +1-206-315-7501
www.isilon.comD +1-206-315-7638M +1-425-205-1180



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 4 on Debian etch

[Chris Robinson]

Hi

I have got Samba working, but when I log on from my windows XP machine I 
get:


roaming profile not found
local profile not found

It then logs in.  Every time I log in It defaults to setting up internet 
explorer and local settings.  Nothing is retained.


Chris

Augmented Reality Limited, Registered in England No. 5311720.  Registered 
Office: Riverside House, 1-5 Como Street, Romford, Essex RM7 7DN.

intY has scanned this email for all known viruses (www.inty.com)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Aplication slow after migration

[Sinisa Bandin]

Felipe Martinez Hermo wrote:


OK, so we're apples to apples, so to speak; the servers are tuned 
the same.  I'll assume your disks are tuned from hdparm and up to 
snuff, otherwise you wouldn't be tuning sockets ;).  Did your old 
server have samba settings for oplocks set?



--
Peace and Blessings,
-Scott.

"Of course, that's just my opinion; I could be wrong"
-Dennis Miller 
Erm, sorry, I didn't catch that you had 2 .conf files there.  I'm 
back to the drawing board.  Sorry about that.  Anyone else have any 
ideas?
Yes, that's whats shocking me. Apparently we're apples to apples. 
Except for the kernel (new&slow 2.6.18-4-686 vs old&fast 2.6.8)


I've sniffed both eth0 interfaces and I've got some more information. 
When talking to the slow server, the client needs to send 76 "TCP 
segment of a reassembled PDU" that are not sent when talking to the 
old and fast server.


How can I workaround this issue? Should I lower server's MTU? How much?

Thank you

Do you happen to have a Realtek 8169 based gigabit ethernet in new server?

If you do, I had the same problem several times last year, and solved 
all of them by changing motherboards (all were integrated, and I like 
them to stay that way because I can achieve full gigabit speed with 
several concurent clients)


Best regards,
Sinisa Bandin


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] MS-SMB Protocol v2

[Faulhaber Michael]

Hello !

Does somebody know approximately if/when samba supports the new
smb-protocol (smbv2) introduced in the windows server 2008 ?

regards, 
babbage


--
email scanned by FISCHER Virusdefense
filename: mailbody --> clean
filename: mailbody(html) --> clean
SCANMODULE: IkarusT3 vdb: 04.02.2008 13:08:01 (70257) version: 1.1.15.0
--
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] PDC: random problems, especially NETLOGON script not always loading

[L.P.H. van Belle]

make sure your pcname resolving works, 

as i can see sofar, i think thats your problem.

Setup a Dynamic DNS on the PDC. ( dhcp + dhcp )

and to test this before you go to work.

fill in \windows\system32\drivers\etc\hosts 
servername  IPADRESS

do this on all of the pc's 
and test again.

i bet this is your problem.

Louis


>-Oorspronkelijk bericht-
>Van: [EMAIL PROTECTED] 
>[mailto:[EMAIL PROTECTED] Namens 
>Koen Linders
>Verzonden: vrijdag 1 februari 2008 12:03
>Aan: samba@lists.samba.org
>Onderwerp: [Samba] PDC: random problems,especially NETLOGON 
>script not always loading
>
>Debian Latest stable.
>Linux newton 2.6.18-4-686
>Samba 3.0.24
>PDC
>
>3Com 3812 Gigabit switch (connection between WinXP client & server)
>Others connect through 3Com 3225 100 Mbit -> 3Com 3812 -> Server
>
>Windows XP SP2 fully updated.
>F-Secure client security (look down for firewall settings)
>
>In advance, thanks for reading this. Any suggestions are welcome!
>
>I'm having a hard time here. I read a whole lot, browses, 
>searched. I try  
>to provide as much info as possible but if you need more, Let me know.
>The main problem is the "randomness". Or atleast it looks 
>random for me.
>
>People with mapped shares working for +1 year don't have connection  
>problems. So most of the time it seems to work fine.
>But i really want to troubleshoot & get all errors out.
>
>I guess the problem i describe next also is the cause of 
>random Roaming  
>profile problems, but lets not focus on that part, too many 
>random factors  
>in my opinion. And they were only a part of the test. It might 
>work if i  
>get this problem solved.
>
>I got a script in the netlogon mapping drives dynamically 
>depending on  
>groups.
>I don't want them permanent. I don't want a workaround!
>
>Everything works fine, most of the time...
>Sometimes it seems the test pc doesn't see the netlogon during boot.
>But it's still accesible when browsing to the share and is executable.
>
>Through policy i tried setting:
>1)I tried setting detecting slow network (1Gbit though) on.
>or
>2) Also run script synchronously
>No changes.
>
>Firewall:
>Even when i change allow all trafic to Samba server in both directions.
>
>Firewall has all necessary port open in both directions:
>SMB (TCP)  445 SMB over TCP/IP (TCP)   
>SMB (UDP)  445 SMB over TCP/IP (UDP)
>Windows Networking (1) 137-138 Both broadcast and multicast
>Windows  
>network browsing   
>Windows Networking (2) 139 Windows file sharing and 
>network printers   
>WINS(1)42  Both broadcast and 
>multicast  WINS / Windows Internet Name  
>Service (UDP)  
>WINS(2)42  WINS / Windows Internet 
>Name Service (TCP) 
>
>Windows doesn't show an error in the log, except the 
>autoenrollment one,  
>which is normal (no AD).
>Samba log file when it goes wrong (a bit lower).
>
>The error when it goes wrong:
>
>1) Error writing 5 bytes to client. -1. (Connection reset by peer):
>=> has to do with client going over NETBIOS (139) & 445 and 
>closing one of  
>2 connections
>Nothing wrong here.
>The weird part: For test: i blocked 137-138-139 on firewall 
>and i couldn't  
>connect to samba share...
>
>Server is listening on both 139 & 445:
>
>netstat -an | egrep '(137|138|139|445)'
>tcp0  0 0.0.0.0:139 0.0.0.0:*  
> LISTEN
>tcp0  0 0.0.0.0:445 0.0.0.0:*  
> LISTEN
>tcp0  0 192.168.1.2:139 192.168.1.59:1075
>ESTABLISHED
>tcp0  0 192.168.1.2:445 192.168.1.82:4409
>ESTABLISHED
>tcp0  0 192.168.1.2:445 192.168.1.4:40578
>ESTABLISHED
>tcp0  0 192.168.1.2:445 192.168.1.44:3465
>ESTABLISHED
>tcp0  0 192.168.1.2:139 192.168.1.109:1209   
>ESTABLISHED
>udp0  0 192.168.1.2:137 0.0.0.0:*
>udp0  0 0.0.0.0:137 0.0.0.0:*
>udp0  0 192.168.1.2:138 0.0.0.0:*
>udp0  0 0.0.0.0:138 0.0.0.0:*
>
>
>2) lib/util_sock.c:write_data(562)
>   write_data: write failure in writing to client 192.168.1.98. Error  
>Connection reset by peer
>=> Could this error point somewhere?
>
>Samba log:
>
>[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
>   getpeername failed. Error was Transport endpoint is not connected
>[2008/01/29 13:13:27, 0] lib/access.c:check_access(327)
>[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
>   getpeername failed. Error was Transport endpoint is not connected
>   Denied connection from  (0.0.0.0)
>[2008/01/29 13:13:27, 1] smbd/process.c:process_smb(1103)
>[2008/01/29 13:13:27, 0] lib/util_sock.c:get_peer_addr(1229)
>   getpeername failed. Error was Transport endpoint is not connected
>   Connection denied from 0.0.0.0
>[2008/01/29 13:13:27, 0] lib/util_sock.c:write_data(562)
>   write_data: wri

[Samba] Transparent migration Samba 2.2 to Samba 3.0 (diferent servers)

[Radosław Bożek]

Hello,

 

I wan't to migrate accounts, roaming profiles and other shares from Samba
2.2 (Slackware) to Samba 3.0.23 (Debian).

It should be transparent for clients. I migrated linux user accounts,
smbpasswd file, smb.conf and domain SID. I can join new client to the new
domain and it works, but when I'm trying to substitute old server with new
one (only for test clients of course, without making any changes in WinXP
configuration), I can connect only once, Windows XP client says after login
that he can't find domain controler, and after logout I can't login anymore.
Names of domain, controlers and SIDs are the same, but some how Windows
after first login knows that this is not the domain it should be.

 

How to cheat Windows XP?

Or 

What I forgot to do?

 

There is one more issue which (I thing) come out of the same problem:

Windows Theme, Last programs (in start menu) not working in the new domain
(I have copied profiles to new domain and add computer).

 

Does anyone know how to do it?

 

 

Many Thanks,

Radek

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem authenticating against W2k3 ADS

[Tom Weishaupt]

I am trying to join authenticate a linux machine from a Windows 2003 SP2
ADS domain with Microsoft service for unix version 3.5 running
 
I have prior to SP2 been able to connect to the domain with no problem I
actually have a machine that was connected prior to the install of SP2
still running and have the same krb5.conf, smb.conf and nsswitch.conf
files on both machines. Both machines are running the exact same
Distrubution of Linux and Samba and yet machine one authenticates and
machine two does not.
 
the error message that I currently get is
 
" ads_join_realm: Operations error " 
 
has anyone got any ideas as to a resolution to this problem
 
I have included the following
 
smb.conf
 
[global]
wins server =
workgroup=domainname
server string=%h (Xandros Desktop)
dns proxy=no
name resolve order=hosts lmhosts host wins bcast
log file=/var/log/samba/log.%m
max log size=1000
syslog=0
panic action=/usr/share/samba/panic-action %d
security=ADS
encrypt passwords=true
passdb backend=tdbsam guest
obey pam restrictions=yes
invalid users=root
map to guest=Bad User
passwd program=/usr/bin/passwd %u
passwd chat=*Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client use spnego=no
load printers=no
printing=cups
printcap name=cups
dos filetimes=yes
socket options=TCP_NODELAY
display charset=iso8859-1
unix charset=iso8859-1
winbind enum users=no
idmap uid=1-2
winbind enum groups=no
winbind separator=+
allow trusted domains=yes
template homedir=/home/%D/%U
password server=ADSSERVER
preserve case=yes
template shell=/opt/Shellloader.sh
realm=DOMAINNAME
case sensitive=no
short preserve case=yes
os level=20
idmap gid=1-2
;   preexec = /bin/mount /cdrom
;   postexec = /bin/umount /cdrom

nsswitch.conf
 

passwd: compat winbind
group:  compat winbind
shadow: compat
 
hosts:  files dns wins
networks:   files
 
protocols:  db files
services:   db files
ethers: db files
rpc:db files
 
netgroup:   nis

krb5.conf
 
[realms]
DOMANNAME = {
kdc = ADSSERVER
}
DOMAINSHORTNAME = {
kdc = ADSSERVER
}

 
[login]
krb4_convert = true
krb4_get_tickets = true

 
All these files are identical on both machines and both machines are
identical in time.
 
ANY SUGGESTIONS...
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problems with GID while mounting shares

[Roberto D. Maggi @ G.A. International soc. coop.]

Can anyone say me why, even with this string, 

"smbmount  //pbt3/Condivisa /home/rob/Condivisa -o
username=rob,password=X,uid=rob,gid=ufficio"

I cannot login as UID = rob GID = ufficio ???

here's something else.

On server:

pbt:~# smbstatus 
Samba version 3.0.24
PID Username  Group Machine
---
 8037   rob   rob   192.168.3.111 (192.168.3.111)
Service  pid machine   Connected at
---
Condivisa8037   192.168.3.111  Thu Jan 31 13:55:54 2008
Tutto8037   192.168.3.111  Thu Jan 31 13:13:57 2008
No locked files
pbt:~# 

pbt:~# groups rob
rob : rob ufficio musica
pbt:~# 


On client:
[EMAIL PROTECTED]:~$ groups
rob dialout cdrom floppy audio video plugdev ufficio musica
[EMAIL PROTECTED]:~$ 


Do you need other stuff to debug this?!?
thanx for every idea!



signature.asc
Description: Questa è una parte del messaggio	firmata digitalmente
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] GID problems

[Roberto D. Maggi @ G.A. International soc. coop.]

Anyone can say why, even with this string :

smbmount  //pbt3/Condivisa /home/rob/Condivisa -o
username=rob,password=X,uid=rob,gid=ufficio

I cannot login as UID = rob GID = ufficio???

here's something else.

On server:
pbt:~# smbstatus 
Samba version 3.0.24
PID Username  Group Machine
---
 8037   rob   rob   192.168.3.111 (192.168.3.111)
Service  pid machine   Connected at
---
Condivisa8037   192.168.3.111  Thu Jan 31 13:55:54 2008
Tutto8037   192.168.3.111  Thu Jan 31 13:13:57 2008
No locked files
pbt:~# 

pbt:~# groups rob
rob : rob ufficio musica
pbt:~# 


On client:
[EMAIL PROTECTED]:~$ groups
rob dialout cdrom floppy audio video plugdev ufficio musica
[EMAIL PROTECTED]:~$ 


Do you need other stuff to debug this?!?
thanx for every idea!


signature.asc
Description: Questa è una parte del messaggio	firmata digitalmente
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Need to "net use \\someserver\someshare" to increase speed?

[Julie Burkett]

All,

We've been testing to determine why SAMBA access to UNIX clearcase VOBs
became slow when we upgraded from 2.2.8a to 3.0.14 (and now 3.0.24).  I
cannot say we've found 'anything new' but we have found the following
behavior.  Any help understanding why a WinXP and Win2K client would
need the shares to VOB storage mapped to speed processing would be
appreciated (note that it works without the mapping just uses a process
per connection).  Or, perhaps there is a setting missing from smb.conf
or the Windows clients.  Thoughts?

For those unfamiliar with clearcase, cleartext is the text generated by
clearcase (from a base version with deltas) when a user wants to view a
pariticular version of a file.  There are 'scrubbing' parameters that
remove cleartext after it is unused for a period of time.  But, as long
as someone accesses it or the scrubbing is set to 'never' the need to
build cleartext is minimal.  Also, a snapshot view is a view where a
user requests particular versions of all files specified and clearcase
sends those files to the user's computer.  The user can then go offline
and work on those files and send the updates back to the VOB server when
finished (i.e. update the view).

My test snapshot view uses about 5000 files/120MB of data.

1. If there is no cleartext for a source container, a new connection
   will be opened and closed for each cleartext as it is created from
   source. 

   I stopped the test after an hour when only 645 files had been
   transferred. At that rate, it would have taken about 8-9 more hours



2. If the Windows client maps a drive to the Samba share, then a
   connection is kept open from client to VOB server and only one
   connection is used as cleartext containers are created from source
   containers. This speeds up the snapshot view loading dramatically. 

   It took about 30 minutes to load 5000 files/120MB. I consider this
   to be reasonable performance.


3. If the cleartext for the source container exists but no drive is
   mapped from the client to the Samba share, multiple connections
   are opened to transfer the files. However, instead of one
   connection for each files, several files 50-100 are transferred
   before the connection is closed an a new one opens

   It took about 9 minutes to transfer the 5000 files/120 MB


4. If the cleartext for the source container exists and a drive is
   mapped from the client to the Samba share, only one connection is
   used to transfer all of the data. 

   However, there was no significant difference in the time to
   transfer the data than the previous item 3. It took about 9 minutes
   to load the view.

5. There was no difference between

   3.0.14a -- security = ads
   3.0.14a -- security = domain
   3.0.24  -- security = domain

Thank you for suggestions,

Julie 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with Samba share access

[Rich Bloch]

Hello all,

I'm having some trouble getting my Debian-based NAS running correctly
with Samba permissions.

For trouble-shooting purposes, I have three machines of interest:

--MACHINE A: NAS (running Debian/2.6), the machine I want to share
folders
--MACHINE B: Windows Vista: Samba read/write share access works great,
no problems
--MACHINE C: Linux (running Debian/2.6) machine: SHARE ACCESS VERY
SLOW/FAILS

So, my problem is that when I attempt to share MACHINE A with MACHINE
C, I see the following behavior:

1) "Authentication Required" dialog pops up, requesting authorization
for [EMAIL PROTECTED] on DOMAIN_NAME (where DOMAIN_NAME is my
workgroup name)
2) After providing a password, I get a second "Authentication
Required" dialog, this time indicating authorization for
[EMAIL PROTECTED] on DOMAIN_NAME (where USER_NAME is my user name)
3) After providing a password again, some time passes--on the order of
30-90 seconds--and this second dialog again is displayed.

At this point, I either see this process repeated (repeat step 3
indefinitely), and never get access granted, or--after another 30-90
seconds--I finally receive access to the Samba shares. In the event I
do get access granted, I have no problems with access for the rest of
my session (until session restart or machine restart). So it seems
something is getting cached.

So, clearly, there appears to be some sort of negotiating happening
here between MACHINE A (the Samba server) and MACHINE C (the Samba
client).

Some details:

--Both machines are running Samba 3.0.24
--smb.conf is config'd with security = SHARE; specific shares with
read only = No, and guest ok = Yes
--I have no problems with share access between MACHINE A (NAS device:
the Samba server) and MACHINE B (Windows Vista: the Samba client)

So, here are my questions:

--What might cause this kind of behavior? How can I get rid of these
long authentication delays?
--What tools are available to me for troubleshooting a Samba
negotiation?

Thanks much.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA and ACTIVE DIRECTORY

[Tom Weishaupt]

I am trying to join and authenticate a linux machine to a Windows 2003
SP2 ADS domain with Microsoft service for unix version 3.5 running
 
I have prior to SP2 been able to connect to the domain with no problem I
actually have a machine that was connected prior to the install of SP2
still running and has the same krb5.conf, smb.conf and nsswitch.conf
files as the machine I'm trying to connect save the machine name. Both
machines are running the exact same Distrubution of Linux and Samba and
yet machine one authenticates and machine two does not.
 
the error message that I currently get is
 
" ads_join_realm: Operations error " 
 
has anyone got any ideas as to a resolution to this problem
 
I have included the following
 
smb.conf
 
[global]
wins server =
workgroup=domainname
server string=%h (Xandros Desktop)
dns proxy=no
name resolve order=hosts lmhosts host wins bcast
log file=/var/log/samba/log.%m
max log size=1000
syslog=0
panic action=/usr/share/samba/panic-action %d
security=ADS
encrypt passwords=true
passdb backend=tdbsam guest
obey pam restrictions=yes
invalid users=root
map to guest=Bad User
passwd program=/usr/bin/passwd %u
passwd chat=*Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client use spnego=no
load printers=no
printing=cups
printcap name=cups
dos filetimes=yes
socket options=TCP_NODELAY
display charset=iso8859-1
unix charset=iso8859-1
winbind enum users=no
idmap uid=1-2
winbind enum groups=no
winbind separator=+
allow trusted domains=yes
template homedir=/home/%D/%U
password server=ADSSERVER
preserve case=yes
template shell=/opt/Shellloader.sh
realm=DOMAINNAME
case sensitive=no
short preserve case=yes
os level=20
idmap gid=1-2
;   preexec = /bin/mount /cdrom
;   postexec = /bin/umount /cdrom

nsswitch.conf
 

passwd: compat winbind
group:  compat winbind
shadow: compat
 
hosts:  files dns wins
networks:   files
 
protocols:  db files
services:   db files
ethers: db files
rpc:db files
 
netgroup:   nis

krb5.conf
 
[realms]
DOMANNAME = {
kdc = ADSSERVER
}
DOMAINSHORTNAME = {
kdc = ADSSERVER
}

 
[login]
krb4_convert = true
krb4_get_tickets = true

 
All these files are identical on both machines and both machines are
identical in time.
 
ANY SUGGESTIONS...
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] connect through smbclinet failed

[Venkatesh Babu K S]

hi
 i have a latest samba installed on my FC6 machine. i have windows XP 
64-bit machine in my LAN.
when i try to connect to that machine using smbclient i am getting 
"""session request to *SMBSERVER failed (Not listening on called name) 

could u please help in this matter, to rectify where i am going wrong.

--
Thanks and Regards
Venkatesh Babu K S

Health is the condition of wisdom and kind of happiness.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Login with special groups

[Nikolaus Hammler]

Helmut Hullen schrieb:

Hallo, Niki,


Hallo :-)


Du (mailinglists) meintest am 24.01.08:


Is it possible to allow login from certain machines in a samba3
domain just to users who are in certain special groups?



I could not find any options on this.


Which OS do you use?


Linux ;-) (Debian 4)

And Windows (XP, 2000) as clients in the PDC domain.

Samba has the option "preexec" which can be used for checking something.  
And "preexec" has the option "close" (p.e. "close = yes") which can be  
used as a kind of "if user has no legitimation then exit".


Thank you, I already thought about this option but this is somehow not 
fine-granulating enough for me. First, it should control the *login* on 
the samba domain controller.
Second, it would be fine to set groups for each workstation which are 
allowed to login on this workstation (or - as by default - all are allowed).


Best regards,
Niki


smime.p7s
Description: S/MIME Cryptographic Signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and ACTIVE DIRECTORY

[Tom Weishaupt]

I am trying to join authenticate a linux machine from a Windows 2003 SP2
ADS domain with Microsoft service for unix version 3.5 running
 
I have prior to SP2 been able to connect to the domain with no problem I
actually have a machine that was connected prior to the install of SP2
still running and have the same krb5.conf, smb.conf and nsswitch.conf
files on both machines. Both machines are running the exact same
Distrubution of Linux and Samba and yet machine one authenticates and
machine two does not.
 
the error message that I currently get is
 
" ads_join_realm: Operations error " 
 
has anyone got any ideas as to a resolution to this problem
 
I have included the following
 
smb.conf
 
[global]
wins server =
workgroup=domainname
server string=%h (Xandros Desktop)
dns proxy=no
name resolve order=hosts lmhosts host wins bcast
log file=/var/log/samba/log.%m
max log size=1000
syslog=0
panic action=/usr/share/samba/panic-action %d
security=ADS
encrypt passwords=true
passdb backend=tdbsam guest
obey pam restrictions=yes
invalid users=root
map to guest=Bad User
passwd program=/usr/bin/passwd %u
passwd chat=*Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client use spnego=no
load printers=no
printing=cups
printcap name=cups
dos filetimes=yes
socket options=TCP_NODELAY
display charset=iso8859-1
unix charset=iso8859-1
winbind enum users=no
idmap uid=1-2
winbind enum groups=no
winbind separator=+
allow trusted domains=yes
template homedir=/home/%D/%U
password server=ADSSERVER
preserve case=yes
template shell=/opt/Shellloader.sh
realm=DOMAINNAME
case sensitive=no
short preserve case=yes
os level=20
idmap gid=1-2
;   preexec = /bin/mount /cdrom
;   postexec = /bin/umount /cdrom

nsswitch.conf
 

passwd: compat winbind
group:  compat winbind
shadow: compat
 
hosts:  files dns wins
networks:   files
 
protocols:  db files
services:   db files
ethers: db files
rpc:db files
 
netgroup:   nis

krb5.conf
 
[realms]
DOMANNAME = {
kdc = ADSSERVER
}
DOMAINSHORTNAME = {
kdc = ADSSERVER
}

 
[login]
krb4_convert = true
krb4_get_tickets = true

 
All these files are identical on both machines and both machines are
identical in time.
 
ANY SUGGESTIONS...
 
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] can't use Swat to add new user

[[EMAIL PROTECTED]]

Using Centos 4.6 + Samba/Swat 3.0.25b, all used binary install

Swat work fine at port 901 (and even using behind stunnel), and can edit 
smb.conf.

But at 'Password' page, after typed in 'User Name', 'New Password', ' Re-type 
New Password' at 'Server Password Management' section, it shown no message and 
even can't add new user to samba/linux system. (used 'root' to login already)

Is it needed to add 'add user script'/'delete user script' value at smb.conf? 
Coz currently had not added those value at samba conf file
.

  Thank for helping.


___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] wrong uid in lock database

[Marcel Mulder]

Hi,

 

I am running Ubuntu 7.10, Samba 3.0.26a.

For authentication I use Winbind which is talking to a Windows Small
Business Server 2003

Everything look normal things like wbinfo -g, wbinfo -u, getent passwd
etc, all runs perfectly well.

 

The problem I have is that occasionally strange thing happen on the
network. Files cannot be deleted en compile jobs fail.

What I see is that when I do a smbstatus -L that some files are locked
with a wrong uid. So, user with uid 1 creates a lock with an
application an the lock is assigned to user 10019. How can this be
possible? 

I it very hard for me to look in the logs to see what happens because
the phenomena is only occurring when there is lots of traffic. Because
of this the log are generate huge amount of data and therefore wrapping
continuously.

 

A fragment of my smb.conf  is below.

 

[global]

workgroup = MICROKEY

realm = MICROKEY.LAN

interfaces = eth1

security = ADS

password server = 192.168.1.1

log level = 1

domain master = no

 

idmap uid = 1-2

idmap gid = 1-2

template shell = /bin/bash

winbind use default domain = Yes

winbind enum users = yes

winbind enum groups = yes

template homedir = /home/%D/%U

client use spnego = yes

 

wins server = 192.168.1.1

name resolve order = wins bcast hosts

 

printcap name = cups

printing = cups

 

[homes]

browseable = no

writable = yes

 

[printers]

comment = All Printers

path = /var/spool/samba

guest ok = Yes

printable = Yes

 

[print$]

 comment = Printer Drivers

 path = /etc/samba/drivers

 browseable = yes

 guest ok = no

 read only = yes

 write list = root microkey.lan\\administrator

 

[development]

comment = Product development

path = /home/microkey/shares/development

valid users = @microkey.lan\\development

write list = @microkey.lan\\development

create mask = 0770

directory mask = 0770

force group = @microkey.lan\\development

 

Help is appreciated

 

Marcel

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba AD client's settings transfer

[Jimmy Choo]

Hi,

I have successfully joined my Linux box(ubuntu feisty) to Active Directory
using Samba.
Now i have installed a new Linux distro(ubuntu gutsy) and want to join it to
AD.

The problem is that it is asking for some kind-of-password when i do "net
ads testjoin".

This implies that when joining a domain, some kind of mutual identity must
have been stored
 by samba. right?

The questions is how do i make the new distro join the domain using old
samba data/settings?
(basically is their some files which store the trust relationship which i
need to copy over to new distro?)


I hope i am clear.

Regards,
Jimmy
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] XP to samba = ok samba to XP = NT_STATUS_INSUFF_SERVER_RESOURCES

[Krzysztof Żelechowski]

In response to
:

The problem is on the server side; it has nothing to do with Samba.  
The exact cause of this message 
should be logged in the System event log on the file server.

In my case it was too many network filters installed.
In this case, the recipe from Microsoft was 
to add a DWORD parameter named IrpStackSize 
to the LAN Manager Server registry key.  
The default value for this parameter is 15 if it is absent; 
set it to 15 and increase it by steps of 5 until the problem goes away.
Keep in mind that you have to restart the Server service 
each time you update the registry.

HTH
Chris

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Weird Problem with 2000 and XP

[Hodges Steve-PT1273]

Running RHEL Workstation 3 and samba works for the most part, but
Windows 2000 boxes from the dos prompt get an error when they run dir
\\linuxserver.mydomain.corp.com but they work fine when do dir
\\linuxserver  The error they get is access denied or logon failure
On XP when you run dir \\linuxserver.mydomain.corp.com
  it works, but when they run dir
\\linuxserver   The error they get is access denied.   Both OSes can
ping both names so it is not a resolution message.  The XP error is not
a problem, because we have an app that uses that servers fully qualified
domain name.  The 2000 error is a problem.  The Windows Domain is
running in Native domain on 2003. Any ideas?
 
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbind group membership

[Nord, James]

Hi all,
 
I  have a Solaris 10 (update 4) box (x86) that is joined to an active
directory via samba/winbind (3.0.25c version included with Solaris
including latest patches).

The users are working fine however their group membership is not.

Users that should be members of certain groups do not seem to be: in
that if I run 'groups' and check the group member ship for my domain
account I am missing entry of some groups yet I can verify that I should
be a member of the missing groups by running 'getent group
"domain\\group name"' and seeing my domain username entered.

winbind has the following parameters set
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes

I am at a loss as to why it picks up some groups and not others.

The name service cache deamon is not running.

Has anyone come across something similar or know how to solve this
issue?

Regards,

James 
 
*
This e-mail is confidential, the property of NDS Ltd and intended for the 
addressee only.  Any dissemination, copying or distribution of this message or 
any attachments by anyone other than the intended recipient is strictly 
prohibited.  If you have received this message in error, please immediately 
notify the [EMAIL PROTECTED] and destroy the original message.  Messages sent 
to and from NDS may be monitored.  NDS cannot guarantee any message delivery 
method is secure or error-free.  Information could be intercepted, corrupted, 
lost, destroyed, arrive late or incomplete, or contain viruses.  We do not 
accept responsibility for any errors or omissions in this message and/or 
attachment that arise as a result of transmission.  You should carry out your 
own virus checks before opening any attachment.  Any views or opinions 
presented are solely those of the author and do not necessarily represent those 
of NDS.

To protect the environment please do not print this e-mail unless necessary.

NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road, West 
Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered in England 
and Wales  Registered no. 3080780   VAT no. GB 603 8808 40-00
**

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] AD maximum user token size

[Pierre Leduc]

Hi,

We're running Samba 3.0.26a on AIX 5.3 using security=ads.  Users get access 
denied when ADS user token size gets over an unknow limit even though the ACL 
in place should give them access.

For instance, my ADS user token size is over 9k in size since I belong to about 
400 AD groups.  Setting the ACL to any of these groups (often nested) will not 
give me access.  Setting the owner to my id does work but this is not a viable 
solution. When the AD user token size limit is reached, Samba appears to 
determine that the user belong only to its primary group, "domain users" in my 
case.  

Now, when mapping a share using an account with a much smaller user token size 
(less than 1K), ACLs work fine including nested groups.

There must be an upper limit for a AD W2K3 user token size when using "security 
= ads" on AIX 5.3.  Does anyone know what that limit would be?

Pierre Leduc
Systems Analyst, Technical Support
Revenu Quebec
(418) 652-6058
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] authenticating a linux samba client to a win2k domain

[Joost van Voorst van Beest]

Hello crew,

I'm having troubles with authenticating a linux samba client to a  
win2k domain.  Without creating local users I want to be able to log  
on using a user and pass valid only in the windows domain.


Somehow I seem to be stuck on the last part:

/var/log/samba/log.winbindd
[2008/01/14 16:22:12, 0] lib/util_sid.c:string_to_sid(242)
  string_to_sid: Sid S-0-0 is not in a valid format.
[2008/01/14 16:22:12, 0] nsswitch/winbindd_util.c:trustdom_recv(268)
  Got invalid trustdom response

Which results in a bad authentication:

/var/log/pam.log
Jan 14 16:29:03 sandbox pam_winbind[2632]: pam_winbind:  
pam_sm_authenticate (flags: 0x)

Jan 14 16:29:07 sandbox pam_winbind[2632]: Verify user `testuser'
Jan 14 16:29:17 sandbox pam_winbind[2632]: request failed:  
NT_STATUS_IO_TIMEOUT, PAM error was System error (4), NT error was  
NT_STATUS_IO_TIMEOUT
Jan 14 16:29:17 sandbox pam_winbind[2632]: internal module error  
(retval = 4, user = `testuser')


When I login using a WRONG password:

/var/log/pam.log
Jan 14 16:31:33 sandbox pam_winbind[2675]: pam_winbind:  
pam_sm_authenticate (flags: 0x)

Jan 14 16:31:35 sandbox pam_winbind[2675]: Verify user `testuser'
Jan 14 16:31:35 sandbox pam_winbind[2675]: request failed: Wrong  
Password, PAM error was Authentication failure (7), NT error was  
NT_STATUS_WRONG_PASSWORD
Jan 14 16:31:35 sandbox pam_winbind[2675]: user `testuser' denied  
access (incorrect password or invalid membership)


When I login using `wronguser`:

/var/log/pam.log
Jan 14 17:38:43 sandbox pam_winbind[2928]: pam_winbind:  
pam_sm_authenticate (flags: 0x)

Jan 14 17:38:45 sandbox pam_winbind[2928]: Verify user `wronguser'
Jan 14 17:38:45 sandbox pam_winbind[2928]: request failed: No such  
user, PAM error was User not known to the underlying authentication  
module (10), NT error was NT_STATUS_NO_SUCH_USER

Jan 14 17:38:45 sandbox pam_winbind[2928]: user `wronguser' not found


I'm very willing to supply more info but I thought posting the entire  
config upfront is a little too much. I'm using Linux sandbox  
2.6.18-5-686 #1 SMP Mon Dec 24 16:41:07 UTC 2007 i686 GNU/Linux

and Samba Version 3.0.24

Cheers

Joost


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Groups authentication?

[Simon Renshaw]

Hi,

Is it possible to use group authentication instead of user/share
authentication?

I did create a very basic share on a test server and it allows everyone.
I would like to create a samba group on the server and only give access
to the users in that group. Can I do that?

I'm using Samba 3.0.25b on a CentOS 5 server.

Thanks!

Simon
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Odd, slow Windows XP client download behavior

[Kimon Gazis]

I have the very same situation here with Samba 3.0.28 (amd64 debian etch
testing) and my two XP client machines (32 Bit and x64 Prof. Edition
both SP2). FTP speeds are at reasonable levels in both directions and
SMB uploads to the server as well whereas SMB downloads onto the client
machines are extremely slow (around 300KB/s).

I can also confirm the strange effect described by Chris with rising
downstream speeds when simultaneously uploading something. In my case I
had a speedtest using "netio" pushing datagrams onto the samba server
eg. completely smb unrelated! I checked the other direction having
simultaneous downloads and yielded that effect as well.

The problem is independent of the client's network interface as I tried
both the WLAN 54 adaptor and the Realtek GBit NIC on XP client side.
With contrast to Chris I had no differences when playing with samba
parameters like oplock (also no difference when done on the windows client).

I booted one client machine to debian etch (stable) and ran tests using
NFS and FTP yielding full GBit LAN speeds.

I tested Windows Server 2003 clients inside VMWares running on the XP
clients and on the samba server itself. No performance issues there.
Downloading files from the windows VM running on the samba server (!)
onto the XP clients works like a charm as well. (So does the other way
round!). SMB communication between the two XP machines works anyway.

I finally smbmounted shares of the XP clients on the samba server and
copied files onto them at reasonable speeds (around 40MB/s). Copying
(downloading) onto the server was around 20MB/s.

I have no other samba problems. Everything else works fine: browsing,
printing, WINS etc.

In my opinion there is no connection to a Hardwareproblem. Instead we
experience some behaviour of the XP client machines that cause this. It
seems to be SMB/CIFS related but I think we need to further investigate
to get more hard data. Maybe capture some SMB packets using wireshark
while doing the downloads and compare them ?!? However I am no
networking guy so I would need some guidance on what to do exactly.

cheers
Kimon

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.28 with VFS-Module "GPFS"

[Ralph Cunnington]

Hi Rob,
on your Info for Version 3.0.25 you pointed out the VFS-Module GPFS for 
using features of the underlaying GPFS-Filesystem.
Also the man-pages-3/vfs_gpfs.8.html points to that module, but I can't 
find it anywhere.

We are using a GPFS 3.2  3-Node Samba Cluster (3.0.24/28) on Dell HW.

We would be very glad if it is posible to get 
- Quota Recognition for our users (we use "max disc size" but thats not 
the answer),
- Filesize reporting (MS-Explorer Discspace versus Unix "du" versus GPFS 
Blocksize (1024k)) and
- ACL-Support (nfs4) working

perhaps this plugin does it all ?

Can you point it out to me ?
Ralph

---
Ralph Cunnington
IT-Support und Systementwicklung Paderborn

b.i.b. International College, Fürstenallee 3-5, 33102 Paderborn
Tel:+49(0)5251-30101 - Fax:+49(0)5251-301161
Ralph.Cunnington at bib.de - www.bib.de
-
Träger: Bildungszentrum für informationsverarbeitende Berufe e.V., 
Paderborn
Vorstand: Prof. Dr. Manfred Sommer, Franz-Josef Gehrmann, Prof. Dr. Stefan 
Nieland, Dr. Peter Fischer
Geschäftsführer: Georg Herrmann, Prof.Dr.Franz Wagner
Registergericht: Amtsgericht Paderborn, Registernummer: VR 639
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] security setup problem

[Liz B Walker]

Hi

I am working on Solaris 10 with Samba installed as part of base.

I have a client who wants to to give read/write access to a unix directory 
via Windows Explorer. The client wants only the members of a specific
unix group to have access to the directory, no-one else must be able to 
read/write to it. They also want to synchronise the unix password to the
samba encrypted password automatically. I have tried various things but 
cannot get it working. Please can you give me an idiots guide on how to 
achieve this.


Regards
Liz Walker
Tel : 27 21 509 2022
Cell: 27 82 465 5558
Fax: 27 21 509 3943
Email: [EMAIL PROTECTED]

CSC Computer Sciences (South Africa) (Proprietary) Limited 
Registered Office: 4th floor, Aloe Grove, 196 Louis Botha Avenue, Houghton 
Estate  2198, South Africa 
Registered in South Africa No: 1999/002366/07


This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. 
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to 
any order or other contract unless pursuant to explicit written agreement 
or government initiative expressly permitting the use of e-mail for such 
purpose.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] per share encrytion

[Wörz , Michael]

Hello all,

i'm consulting this list bcs i found nothing on the web.

I' looking for a software that acts as a fileserver, but encrypts all files 
transparently for the user
on share level. So secret documents can be protected against unauthorized 
access even from administrators
(exept the admin controling user access of course) but can be easily accessed 
from authorized groups.

I thing this would be easy to implement in Samba and may is planned or already 
done.

furthermore samba could act as a tranparent proxy that just en/decrypts file 
contents  depending on their source/destination share and forwards
requests to another fileserver using smb protocol. Such a dedicated machine 
could be stored behind the switch 
of the boss office and would provide quiet good security.

do you know of any implementaions or implementation plans regarding this topic.
i Know theire are a few comercial implementations

Viele Grüße
Michael Wörz 
KNV Stuttgart
-(4)2393-







Koch, Neff & Volckmar GmbH, Schockenriedstraße 37, 70565 Stuttgart, 
Internet: http://www.knv.de>http://www.knv.de, Amtsgericht und Sitz 
Stuttgart HRB 11907, Geschäftsführer: Frank Thurmann, Oliver 
Voerster, USt.-Id-Nr. DE147816562.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Cached user?

[Mike Scott]

I have a problem where when a user is connected from Win XP to a Linux
machine via Samba and then wishes to connect to a different share on the
Linux machine as a different user it doesn't work. The user for the
initial connection seems to be cached somewhere and doesn't want to let
go.

I've tried using net use to delete all connections to the Linux machine
without success.

Does anyone have any suggestions?


http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal 
views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on 
it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Propose mount.cifs/smbfs able to mount the child folder of share folder

[Jeff Layton]

On Tue, 08 Jan 2008 00:19:47 +0800
kstan <[EMAIL PROTECTED]> wrote:

> Hi Samba team,
> 
> I feel user will feel more confortable when they can mount folder (via
> mount.cifs or mount.smbfs) under particular shared folder.
> 
> Example:
> I have a share folder call department, all department's folder arrange
> inside
> 
> so I have a share folder call \\server\department
> 
> if I have a linux client under purchasing, I 2 command to get the
> correct place, and I feel it is giving more trouble
> 
> command 1
> ===
> mount -t cifs  -o (with necessary
> option) //server/department /sharefolder/.pathtoatempararyfolder
> 
> 
> command 2:
> ==
> ln -s /sharefolder/.pathtoatempararyfolder/purchasing
> 
> 
> It is much more better if we can simplied the share via this command:
> mount -t cifs  -o (with necessary
> option) //server/department/purchasing 
> /home/purchasinguser/Desktop/mydepartmentdata
> 

This is already doable today. There were some issues with earlier
versions, but with current CIFS and mount.cifs programs, this should
now work as expected.

-- 
Jeff Layton <[EMAIL PROTECTED]>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] nmbd will not run

[Rick Davis]

I had been using and running samba (ver 3.0.23b) with no problems.  I 
installed a new hard  drive on my ultra10 ( I know old).  Now nmbd will 
not run.  When I issue svcs it indicates maintenance required but I 
can't figure what is wrong.  Any suggestions/ideas will be entertained.

--
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Procedure to upgrade SAMBA 2.

[Anderson, John - John F]

I am currently running AIX 5.2.

I am currently running SAMBA 2.2.7.

 

What are the procedures to upgrade SAMBA 2.2.7 to SAMBA 3.09?

 

Any information would be greatly appreciated.

 

Thank you. 

 

 

NOTES: Below is some info of my current running samba.

 

/opt/freeware/sbin-> ls -lt

total 8400

-rwxr-xr-x   1 root system  2003591 Apr 07 2003  smbd

-rwxr-xr-x   1 root system  1166706 Apr 07 2003  swat

-rwxr-xr-x   1 root system   653661 Apr 07 2003  nmbd

-rwxr-sr-x   1 root system   137031 Feb 12 2003  lsof

-rwxr-sr-x   1 root system   144665 Feb 12 2003  lsof64

---x--x--x   1 root system   132775 Nov 25 2002  visudo

-r-xr-xr-x   1 root system48328 Oct 03 2001  prngd

/opt/freeware/sbin-> smbd -V

Version 2.2.7

/opt/freeware/sbin-> nmbd -V

Version 2.2.7

/opt/freeware/sbin->

 

"Starting Samba"

smbd -D -l /usr/local/log

nmbd -D -l /usr/local/log

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba