[Samba] Re: using samba as nfs server replacement?

[Pakorn Chutinimitkul]

Hi again,

I updated Samba on both client and server to 3.0.28a. Client is 
openSuSE 10.2. Server is Debian Lenny.  I noticed that newly created file's
ownership will be changed to username that is used when mounting CIFS volume 
(under -o username=xxx,password=xxx) and the permission will be
changed to what specified under samba configuration. Here's my config

[global]
workgroup = WORKGROUP
server string = Test Samba Server
passdb backend = tdbsam
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 
SO_SNDBUF=8192
load printers = No
dns proxy = No
ldap ssl = no

[testvolume1]
comment = CIFS Mount
path = /mnt/disk1
valid users = @users
admin users = @root
write list = @users
read only = No
hosts allow = 192.168.0.0/255.255.255.0


There's a lot of different users who will log into the workstation, all of them 
are not superuser, therefore they can't run mount command
and specify their samba username/password. I tried to create a Samba account 
for each machine, say machine1 and put the username/password in
/etc/fstab.

Now for every file created by users logged into that machine, the ownership is 
changed to machine1 automatically. Is there any way to solve
this problem? Thank you very much!

Pakorn


Michael Heydon wrote:
> Pakorn Chutinimitkul wrote:
>> Hi,
>>
>> 
>> 1. How to make Samba stores the ownership of the file? Afaik Samba
>> changes ownership of the file to the connected user. Our storage relies
>> on uid/gid a lot.
>>
>> 2. Can Samba obey umask settings? Apart from changing values in
>> create mask ?
>>   
> Recent versions of samba will automatically figure out that they are
> talking to a unix client (as long as the client is recent as well) and
> enable the CIFS unix extensions. Permissions, ownership, symlinks, etc
> should "Just Work(tm)".
> 
>> If anyone could point me to any resource, that would be greatly
>> appreciated.
>>
>> Thank you!
>> Pakorn
>>   
> 
> 
> *Michael Heydon - IT Administratorr *
> [EMAIL PROTECTED] 
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] select() timeout on winbindd_privileged pipe

[Humrick, Matt]

I have an issue where winbind will occasionally pause for 30 seconds.

# strace -T -t ls -l /share
16:52:20 read(4, "/var/lib/samba/winbindd_privileg"..., 35) = 35
<0.09>
16:52:20 lstat("/var/lib/samba/winbindd_privileged",
{st_mode=S_IFDIR|0750, st_size=72, ...}) = 0 <0.11>
16:52:20 lstat("/var/lib/samba/winbindd_privileged/pipe",
{st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 <0.11>
16:52:20 socket(PF_FILE, SOCK_STREAM, 0) = 5 <0.11>
16:52:20 fcntl(5, F_GETFL)  = 0x2 (flags O_RDWR) <0.06>
16:52:20 fcntl(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0 <0.07>
16:52:20 fcntl(5, F_GETFD)  = 0 <0.06>
16:52:20 fcntl(5, F_SETFD, FD_CLOEXEC)  = 0 <0.06>
16:52:20 connect(5, {sa_family=AF_FILE,
path="/var/lib/samba/winbindd_privileged/pipe"}, 110) = 0 <0.18>
16:52:20 close(4)   = 0 <0.11>
16:52:20 select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) <0.07>
16:52:20 write(5,
"(\10\0\0\4\0\0\0d\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2088) =
2088 <0.11>
16:52:20 select(6, [5], NULL, NULL, {5, 0}) = 0 (Timeout) <4.997279>
16:52:25 select(6, [5], NULL, NULL, {5, 0}) = 0 (Timeout) <4.999895>
16:52:30 select(6, [5], NULL, NULL, {5, 0}) = 0 (Timeout) <4.999885>
16:52:35 select(6, [5], NULL, NULL, {5, 0}) = 0 (Timeout) <4.14>
16:52:40 select(6, [5], NULL, NULL, {5, 0}) = 0 (Timeout) <4.999891>
16:52:45 select(6, [5], NULL, NULL, {5, 0}) = 0 (Timeout) <4.16>
16:52:50 select(6, [5], NULL, NULL, {5, 0}) = 1 (in [5], left {4,
968000}) <0.033682>
16:52:50 read(5, "\354\f\0\0\2\0\0\0STARTREK-phx_api_release"..., 3240)
= 3240 <0.14>

Notice the chain of select() calls between 16:52:20 and 16:52:50 that
all timeout after 5 seconds for a total of 30 seconds!

The winbind log has the following error when this occurs:
[2008/04/18 16:52:20, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)
[2008/04/18 16:52:50, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610)
  ads_krb5_mk_req: Advancing clock by 13 seconds to cope with clock skew
[2008/04/18 16:52:50, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]
expiration Fri, 18 Apr 2008 17:13:03 MST

The ads_krb5_mk_req function has a while loop that loops 3 times 'while
(!creds_ready && (i < maxtries))' (i=0, maxtries=3). This corresponds
with 3 requests to the kdc for info during the period of the pause:

16:52:20.839894 IP 192.168.1.210.32891 > 192.168.1.207.88:  v5
16:52:20.840419 IP 192.168.1.207.88 > 192.168.1.210.32891:
16:52:30.837599 IP 192.168.1.210.32891 > 192.168.1.207.88:  v5
16:52:30.838482 IP 192.168.1.207.88 > 192.168.1.210.32891:  v5
16:52:40.837652 IP 192.168.1.210.32891 > 192.168.1.207.88:
16:52:40.838606 IP 192.168.1.207.88 > 192.168.1.210.32891:

I don't understand why the select call appears to continue to block even
though the Samba machine (192.168.1.210) gets a response from the
Windows server (maybe I'm just interpreting the data wrong??).

I used 'net ads -U username keytab create to generate my keytab file (it
looks good as far as I can tell). 'net cache list' also reveals several
entries. Klist also shows a default principal entry. I'm not sure why it
can't find a credentials cache.

I've upgraded my krb5 from 1.4.3 to 1.6.2 without effect. Here's version
info:
Samba 3.0.28 (3.0.25a and 3.0.25c also had this problem)
Linux 2.6.16 (x64)

At this point I have no idea how to fix this problem. I've read more
samba how-to's than I thought possible and checked the relevant config
files. Everything is working ok except for this pause. I've upgraded the
relevant software but the problem persists.

Matt
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem joining XP SP2 Machines to the domain

[Marshall Buschman]

Hey All:

I've got a working samba/ldap domain with a PDC in a datacenter and a BDC in
my local office.

I'm not able to reliably join a windows XP Pro machine to the domain by
specifying the PDC as a wins server.

I get the following error 90% of the time or more, with no discernible
patterns or errors in any logs:
-
The following error occurred attempting to join the domain "FOO":
Logon failure: unknown user name or bad password.
-

Windows 2000 machines join the domain 100% of the time.

Adding a line to the lmhosts file like this:
---
1.2.3.4   foopdc #PRE #DOM:FOO #net group's DC
---
Causes the XP machine to be able to join the domain 100% of the time.

I have many clients, and adding this file to the lmhosts file everywhere
isn't feasible.

The real question is - why doesn't WINS work?
I can run net view and see all the machines..

I'd really appreciate any help you guys can provide.

-Marshall
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] using samba as nfs server replacement?

[Michael Heydon]

Pakorn Chutinimitkul wrote:

Hi,


1. How to make Samba stores the ownership of the file? Afaik Samba 
changes ownership of the file to the connected user. Our storage relies
on uid/gid a lot.

2. Can Samba obey umask settings? Apart from changing values in create 
mask ?
  
Recent versions of samba will automatically figure out that they are 
talking to a unix client (as long as the client is recent as well) and 
enable the CIFS unix extensions. Permissions, ownership, symlinks, etc 
should "Just Work(tm)".



If anyone could point me to any resource, that would be greatly 
appreciated.

Thank you!
Pakorn
  



*Michael Heydon - IT Administratorr *
[EMAIL PROTECTED] 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.28a winbind fails to resolve sid-to-gid for local groups

[Mike Brady]

3.0.28a winbind fails to resolve sid-to-gid for local groups.

This appears to be the root cause of the problems that I reported in
previous posts with usrmgr.

wbinfo -G for any local group works.
wbinfo -s for any local group fails.

This is occurring on Centos 5.1 x86_64 using Samba 2.0.28a RPMs built
from a Fedora 7 source RPM.

The same OS with the Centos supplied Samba 3.0.25b packages does not
have this problem when using the exact same configuration file (except
for the workgroup name) and usrmgr works.  But, 3.0.25b has other
problems which is why I was trying the latest release.

I am happy to do further tests and provide logs if someone tells me what
they need.

In the meantime I will be trying some of the releases in between these
two to see if there is one that works for me.

Thanks

Mike


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba+cups+ad

[jonr]

Quoting Ryan Suarez <[EMAIL PROTECTED]>:


what's your permissions on your spool directory: /var/spool/cups



Hello Ryan,

Here is what the permissions are

root:lp

drwx--x--- 3 root  lp133 Apr 22 16:43 cups

 and inside the cups directory for the tmp directory:

drwxrwx--T 2 root lp   6 Apr 22 10:36 tmp

Thanks for the help,

Jon


[EMAIL PROTECTED] wrote:

Hello List,

I am using samba and cups as a print server and have added it into   
my 2003 AD. What I am would like is to not install any drivers   
locally on the client but have samba automagically send the correct  
 PPD to the client. I can add my samba server by using the 'net ads  
 join -U Administrator' command and it works as do the commands   
'wbinfo' and 'getent passwd'. I can see the samba server in the   
'Active Directory Users and Computers' and the printer and when I   
right click and say connect it does. When I pull up the properties   
page for the printer and hit the 'Print Test Page' I get a dialog   
box saying "Test page failed to print. Access Denied". I am logged   
into the DC with the same user as I have on the samba box but I   
still get the access denied, I even created a smbuser with same   
name but different password and still denied.


I used the cupsaddsmb for my printer to place the files in the   
correct directory. This would constantly fail when I left the   
"security = ADS" line in my smb.conf file. So I had to change it to  
 user and it ran fine, I then changed the "security = user" back to  
 "security = ADS".


Thanks for any help,

Jon

Here is my smb.conf:

# Global parameters
[global]
workgroup = SYSTEMS
realm = SYSTEMS.ALASKA.COM
load printers = yes
preferred master = no
server string = Samba print server
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
printing = cups
printcap = cups
idmap uid = 1-2
idmap gid = 1-2

[printers]
comment = All Printers
path = /var/spool/cups
browseable = no
public = yes
printable = yes
guest ok = yes

[print$]
comment = Printer Drivers
path = /etc/samba/drivers
browseable = yes
guest ok = no
read only = no
write list = root


--To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] nested groups not working with sudo and winbind

[Glenn Bailey]

>> I'm having an issue with sudo not recognizing nested groups via AD and
>> winbind. I have an AD group called UnixAdmins and when I ad and AD
>> account *directly* into this group, I am able to use sudo just fine as
>> it is in the sudoers. *but* say I have a nested group in UnixAdmins
>> like CustomerUsers or whatnot it won't recognize. Now, I also restrict
>> access via pam.d systems-auth to UnixAdmins, so I know that part it
>> working. Also, when I run and "id" it shows the proper groups. It's
>> just seems sudo won't recognize the nested groups :-(
>>
>> Anyone run into this issue before? It's gonna be an admin nightmare
>> just to populate UnixAdmins with individual accounts ..

> This was fixed in the upcoming 3.2 release.  See the "winbind expand groups" 
> option.

is there anyway to patch 3.0.28a to allow for this? or any kind of workaround?

Glenn E. Bailey III
terremark worldwide
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba+cups+ad

[Ryan Suarez]

what's your permissions on your spool directory: /var/spool/cups

[EMAIL PROTECTED] wrote:

Hello List,

I am using samba and cups as a print server and have added it into my 
2003 AD. What I am would like is to not install any drivers locally on 
the client but have samba automagically send the correct PPD to the 
client. I can add my samba server by using the 'net ads join -U 
Administrator' command and it works as do the commands 'wbinfo' and 
'getent passwd'. I can see the samba server in the 'Active Directory 
Users and Computers' and the printer and when I right click and say 
connect it does. When I pull up the properties page for the printer 
and hit the 'Print Test Page' I get a dialog box saying "Test page 
failed to print. Access Denied". I am logged into the DC with the same 
user as I have on the samba box but I still get the access denied, I 
even created a smbuser with same name but different password and still 
denied.


I used the cupsaddsmb for my printer to place the files in the correct 
directory. This would constantly fail when I left the "security = ADS" 
line in my smb.conf file. So I had to change it to user and it ran 
fine, I then changed the "security = user" back to "security = ADS".


Thanks for any help,

Jon

Here is my smb.conf:

# Global parameters
[global]
workgroup = SYSTEMS
realm = SYSTEMS.ALASKA.COM
load printers = yes
preferred master = no
server string = Samba print server
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
printing = cups
printcap = cups
idmap uid = 1-2
idmap gid = 1-2

[printers]
comment = All Printers
path = /var/spool/cups
browseable = no
public = yes
printable = yes
guest ok = yes

[print$]
comment = Printer Drivers
path = /etc/samba/drivers
browseable = yes
guest ok = no
read only = no
write list = root


--To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba+cups+ad

[jonr]

Hello List,

I am using samba and cups as a print server and have added it into my  
2003 AD. What I am would like is to not install any drivers locally on  
the client but have samba automagically send the correct PPD to the  
client. I can add my samba server by using the 'net ads join -U  
Administrator' command and it works as do the commands 'wbinfo' and  
'getent passwd'. I can see the samba server in the 'Active Directory  
Users and Computers' and the printer and when I right click and say  
connect it does. When I pull up the properties page for the printer  
and hit the 'Print Test Page' I get a dialog box saying "Test page  
failed to print. Access Denied". I am logged into the DC with the same  
user as I have on the samba box but I still get the access denied, I  
even created a smbuser with same name but different password and still  
denied.


I used the cupsaddsmb for my printer to place the files in the correct  
directory. This would constantly fail when I left the "security = ADS"  
line in my smb.conf file. So I had to change it to user and it ran  
fine, I then changed the "security = user" back to "security = ADS".


Thanks for any help,

Jon

Here is my smb.conf:

# Global parameters
[global]
workgroup = SYSTEMS
realm = SYSTEMS.ALASKA.COM
load printers = yes
preferred master = no
server string = Samba print server
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
printing = cups
printcap = cups
idmap uid = 1-2
idmap gid = 1-2

[printers]
comment = All Printers
path = /var/spool/cups
browseable = no
public = yes
printable = yes
guest ok = yes

[print$]
comment = Printer Drivers
path = /etc/samba/drivers
browseable = yes
guest ok = no
read only = no
write list = root


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC, joining XP workstation 'network path was not found'

[John Drescher]

>  I recall, when setting up a PDC with ubuntu server I ran into this 'network 
> path was not found' error, but I can't remember what I did to resolve it.
>
>  Any ideas?
>
Fix your browsing problem. Either setup a dns server with the SRV
records for the PDC (see the active directory part in the manual). Or
use wins and add the wins server to the windows machine.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Full control access rights mapped as execute

[Jeremy Allison]

On Wed, Apr 23, 2008 at 09:15:13PM +0200, Petr Kopecky wrote:
> Hi there,
> 
> I have some problem with Windows access rights mapping on Samba 3.0.28. I am
> using XFS filesystem and ACL is working.
> 
> This is a part of my smb.conf:
> 
>   domain logons = Yes
>   preferred master = Yes
>   map acl inherit = Yes
>   map archive = Yes
>   map hidden = Yes
>   map system = Yes
>   veto files = /*.eml/*.nws/*.{*}/
>   veto oplock files = /*.doc/*.xls/*.mdb/
>   create mask = 0755
>   directory mask = 0755
> 
>   [profiles]
>   comment = Profile Share
>   path = /data/samba/profiles
>   read only = No
>   profile acls = Yes
>   browseable = No  
> 
>   [share]
>   comment = Shared Data
>   path = /data/samba/share
>   public = No
>   writable = No
>   write list = @smbusers
>   browseable = Yes
> 
> 
> This configuration works fine for profiles where I need to map hidden and
> system flags as windows uses them. But those flags are mapped in execute
> flags not acl rights, but it works.
> 
> getfacl /data/samba/profiles/some.user
> # file: data/samba/profiles/some.user
> # owner: someuser
> # group: smbusers
> user::rwx
> group::---
> other::---
> 
> The problem is on other share. If anyone changes the premissions on the file
> then access rights are mapped to execute flag not ACL and it is very
> confusing.
> If domain user rights are set to write and modify, it is stored as group 
> execute, if others are granted for write and modify, then execute flag for
> others is set. But these flags are interpreted as system and hidden.
> Additionally all created files have owner's executable bit set which means
> archive.
> 
> Could you please help me what should I set to have DOS access rights working
> together with windows ACL? I cannot find this simple information on net :-(

As you're using xfs you should have the ability to store extended
attributes (EA's). So you can map DOS flags into EA's using the
following smb.conf setting (store in the [global] section).

ea support = yes
store dos attributes = yes
map readonly = no
map archive = no
map system = no

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mis-behavior of ldap.conf regarding nss?

[Adam Tauno Williams]

> I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP 
> both for samba and for posix accounts. Everything runs fine, except for 
> one problem. I have a ou=People-inactive branch on my ldap server on 
> wich I store (guess what?) inactive people. I don't want my system to 
> recognize those entries as valid users, so I set my /etc/ldap.conf as 
> follows:
> nss_base_passwd ou=People,dc=a1,dc=ind?one
> The problem arose when I tried to add a new machine to the domain. The 
> smbldap-useradd script is able to add the machine entry on ldap, but the 
> whole process fails with "User not found" (translated from the 
> Portuguese message) on the adding workstation. After googling for about 
> 3 hours without success, I found that if I just comment out the 
> nss_base_* entries, everything works as expected and am able to join a 
> machine to the domain.

Does your script create the machine account object in ou=People?  You've
verified the object is created at all and you can successfully "id
{machine}$"?

> Is that a samba, nss or smbldap-tools bug? Or is this not a bug, but a 
> feature? ;) Or have I lost something?

My guess would be it is bug in your configuration of smbldap-tools.

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: winbind v3.0.26a w. nss info = sfu; wbinfo fine, getent not

[Jonathan Detert]

wbinfo can turn names into sids, sids into names, and sids into uids.
However, getent passwd only finds users in the local /etc/passwd file.
Same for getent group.  /etc/nsswitch.conf says this:

passwd: files winbind
group:  files winbind
shadow: compat

I strace'd the getent command.  It said it couldn't find 
/lib/libnss_winbind.so.2,
so I made that a symlink to /usr/local/samba/lib/nss_info/sfu.so.  After that,
the strace output showed it finding and reading the file.  However, the command
ended abruptly shortly after that, and I can't tell why.  The samba logs don't
seem to show anything at all on behalf of the getent command.

Any ideas?  Thanks

winbind was compiled like so:

./configure --with-ads --with-krb5 --with-pam --with-winbind 
--enable-rfc2307bis --enable-schema-mapping 
--with-shared-modules=idmap_ad,idmap_rid,rfc2307

smb.conf like so:

security = ADS
workgroup = MYDOMAIN
realm = mydomain.tld

idmap domains = MYDOMAIN
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:default = yes
idmap config MYDOMAIN:schema_mode = sfu
idmap config MYDOMAIN:range= 500-45000
idmap alloc backend = tdb
idmap alloc config:range   = 45001-6

winbind cache time = 0
winbind enum groups = yes
winbind enum users = yes
winbind nested groups = yes
winbind nss info = sfu
winbind separator = +
winbind use default domain = yes
-- 
Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
--
Science without religion is lame, religion without science is blind.
~ Albert Einstein
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problems with winbind, idmap and usrmgr.exe

[Mike Brady]

On Wed, 2008-04-23 at 13:11 +0200, L.P.H. van Belle wrote:
> did you add your server to the domain ? 
> eq.. net rpc join -S 'pdc-name' -U administrator%password -d 5 
> 
> check this page and review your config also.
> http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html 
> 
>  Louis
> 
> 
> >-Oorspronkelijk bericht-
> >Van: [EMAIL PROTECTED] 
> >[mailto:[EMAIL PROTECTED] Namens 
> >Mike Brady
> >Verzonden: woensdag 23 april 2008 9:46
> >Aan: samba@lists.samba.org
> >Onderwerp: Re: [Samba] Problems with winbind, idmap and usrmgr.exe
> >
> >First of all apologies for replying to my own query, but I have run
out
> >of things to try and really need to make some progress on this.
> >
> >I have done a clean install and am now using the configuration file
> >below for my Samba PDC.  This has made no difference to the issue
with
> >usrmgr.exe.  As before this is Samba 3.0.28a on Centos 5.1 x86_64 and
> >nsswitch is configured to use winbind.
> >
> >[global]
> >log level = 5
> >workgroup = domb
> >server string = Samba Server Version %v
> >interfaces = lo, eth0
> >passdb backend = tdbsam:/etc/samba/passdb.tdb
> >username map = /etc/samba/smbusers
> >log file = /var/log/samba/%m.log
> >max log size = 50
> >
> ># Stuff that makes this machine a PDC.
> >add user script = /usr/sbin/useradd "%u" -n -g domusers
> >delete user script = /usr/sbin/userdel "%u"
> >add group script = /usr/sbin/groupadd "%g"
> >delete group script = /usr/sbin/groupdel "%g"
> >delete user from group script = /usr/sbin/userdel "%u" "%g"
> >add machine script = /usr/sbin/useradd -n -c "Workstation (%
u)"
> >-M -d /nohome -s /bin/false -g machines "%u"
> >logon path = \\%L\Profiles\%U
> >logon home = \\%L\%U\.profiles
> >logon drive = H:
> >domain logons = Yes
> >os level = 33
> >preferred master = Yes
> >domain master = Yes
> >wins proxy = Yes
> >wins support = Yes
> >
> ># Equivalent of old behaviour.
> >idmap domains = ALLDOMAINS
> >idmap config ALLDOMAINS:default = yes
> >idmap config ALLDOMAINS:backend = tdb
> >idmap config ALLDOMAINS:range   = 1 - 5
> >
> >idmap alloc backend = tdb
> >idmap alloc config:range = 1 - 5
> >
> >winbind enum users = yes
> >winbind enum groups = Yes
> >winbind nested groups = yes
> >hosts allow = 127., 192.168.42., 192.168.43.
> >cups options = raw
> >
> >[homes]
> >comment = Home Directories
> >read only = No
> >browseable = No
> >
> >[netlogon]
> >comment = Network Logon Service
> >path = /var/lib/samba/netlogon
> >guest ok = Yes
> >browseable = No
> >share modes = No
> >read only = yes
> >
> >[profiles]
> >path = /var/lib/samba/profiles
> >read only = no
> >create mask = 0600
> >directory mask = 0700
> >
> >At this stage I believe there to be a problem with winbind as I have
> >also tried the following.
> >
> >Creating a local group with "net -U root%xxx sam createlocalgroup
> >local1", which succeeds.
> >
> >A portion of the output from "net groupmap list verbose" shows:
> >local1
> >SID   : S-1-5-21-2991776595-4262790192-2958925130-1004
> >Unix gid  : 10053
> >Unix group: local1
> >Group type: Local Group
> >Comment   :
> >
> >Testing winbind with the following:
> >[EMAIL PROTECTED] ~]# wbinfo -G 10053
> >S-1-5-21-2991776595-4262790192-2958925130-1004
> >[EMAIL PROTECTED] ~]#  
> >"S-1-5-21-2991776595-4262790192-2958925130-1004"
> >Could not lookup sid S-1-5-21-2991776595-4262790192-2958925130-1004
> >
> >Shouldn't both these commands work or am missing something?   
> >I tried it
> >both with and without the quotes around the SID.
> >
> >Also
> >
> >[EMAIL PROTECTED] ~]# wbinfo -D .
> >Name  : DOMB
> >Alt_Name  :
> >SID   : S-1-5-21-2991776595-4262790192-2958925130
> >Active Directory  : No
> >Native: No
> >Primary   : Yes
> >Sequence  : -1
> >
> >[EMAIL PROTECTED] ~]# wbinfo -u
> >Error looking up domain users
> >
> >[EMAIL PROTECTED] ~]# wbinfo -g
> >BUILTIN\server operators
> >BUILTIN\guests
> >BUILTIN\power users
> >BUILTIN\print operators
> >BUILTIN\administrators
> >BUILTIN\account operators
> >BUILTIN\backup operators
> >BUILTIN\users
> >local1
> >
> >These are only the local groups.  Shouldn't this list the domain
groups
> >as well?
> >
> >[EMAIL PROTECTED] ~]# wbinfo --getdcname domb
> >Could not get dc name for domb
> >
> >Which may well be the root of the problem?
> >
> >I am happy to supply which ever logs are required, just let me know.
> >
> >Thanks
> >
> >Mike
> >
> 

Lois

Thanks for the response.

My server is the PDC and on the current build it has not been joine

[Samba] Samba PDC, joining XP workstation 'network path was not found'

[brad davison]

I have followed the samba-wiki article on 'Replicated Failover Domain 
Controller and file server using LDAP'

http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_server_using_LDAP

I am using FreeBSD instead of RHEL.  I was able to get through the tutorial and 
get the database populated, and users created.

I created the workstation account with the smbldap-useradd -w {machinename}.

When going to the XP machine to add it to the domain, I put in the 'DDESIGN' 
domain, and it puts up the authentication dialog.  No matter what I put in that 
box, I get 'The network path was not found'.  If I put in the domain as 
something 'wrong' it of course doesn't put up an authentication dialog.  So I 
know the domain is alive and on the network.


I recall, when setting up a PDC with ubuntu server I ran into this 'network 
path was not found' error, but I can't remember what I did to resolve it.

Any ideas?


  

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Full control access rights mapped as execute

[Petr Kopecky]

Hi there,

I have some problem with Windows access rights mapping on Samba 3.0.28. I am
using XFS filesystem and ACL is working.

This is a part of my smb.conf:

  domain logons = Yes
  preferred master = Yes
  map acl inherit = Yes
  map archive = Yes
  map hidden = Yes
  map system = Yes
  veto files = /*.eml/*.nws/*.{*}/
  veto oplock files = /*.doc/*.xls/*.mdb/
  create mask = 0755
  directory mask = 0755

  [profiles]
  comment = Profile Share
  path = /data/samba/profiles
  read only = No
  profile acls = Yes
  browseable = No  

  [share]
  comment = Shared Data
  path = /data/samba/share
  public = No
  writable = No
  write list = @smbusers
  browseable = Yes


This configuration works fine for profiles where I need to map hidden and
system flags as windows uses them. But those flags are mapped in execute
flags not acl rights, but it works.

getfacl /data/samba/profiles/some.user
# file: data/samba/profiles/some.user
# owner: someuser
# group: smbusers
user::rwx
group::---
other::---

The problem is on other share. If anyone changes the premissions on the file
then access rights are mapped to execute flag not ACL and it is very
confusing.
If domain user rights are set to write and modify, it is stored as group 
execute, if others are granted for write and modify, then execute flag for
others is set. But these flags are interpreted as system and hidden.
Additionally all created files have owner's executable bit set which means
archive.

Could you please help me what should I set to have DOS access rights working
together with windows ACL? I cannot find this simple information on net :-(

Thank you!

Regards,
Petr

-- 
Ing. Petr Kopecky
E-mail: [EMAIL PROTECTED]
___

OpenDocument is now international standard ISO/IEC 26300. Use OpenOffice!
It's free for everyone :-)

http://www.openoffice.org
http://www.openoffice.cz
___

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Mis-behavior of ldap.conf regarding nss?

[Marcio Merlone]

Hello all,

I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP 
both for samba and for posix accounts. Everything runs fine, except for 
one problem. I have a ou=People-inactive branch on my ldap server on 
wich I store (guess what?) inactive people. I don't want my system to 
recognize those entries as valid users, so I set my /etc/ldap.conf as 
follows:


[EMAIL PROTECTED]:/etc# grep -v "^#\|^\s*$" ldap.conf
host 127.0.0.1 192.168.0.207
base dc=a1,dc=ind
ldap_version 3
nss_base_passwd ou=People,dc=a1,dc=ind?one
nss_base_shadow ou=People,dc=a1,dc=ind?one
nss_base_group  ou=Group,dc=a1,dc=ind?one
nss_base_hosts  ou=Hosts,dc=a1.dc=ind?one
nss_base_services   ou=Services,dc=a1,dc=ind?one
nss_base_networks   ou=Networks,dc=a1,dc=ind?one
nss_base_protocols  ou=Protocols,dc=a1,dc=ind?one
nss_base_rpcou=Rpc,dc=a1,dc=ind?one
nss_base_netmasks   ou=Networks,dc=a1,dc=ind?one
nss_base_aliasesou=Aliases,dc=a1,dc=ind?one
nss_base_netgroup   ou=Netgroup,dc=a1,dc=ind?one
[EMAIL PROTECTED]:/etc#

I use two servers on the "host" line due to this bug:

https://launchpad.net/ubuntu/+source/libnss-ldap/+bug/51315

The problem arose when I tried to add a new machine to the domain. The 
smbldap-useradd script is able to add the machine entry on ldap, but the 
whole process fails with "User not found" (translated from the 
Portuguese message) on the adding workstation. After googling for about 
3 hours without success, I found that if I just comment out the 
nss_base_* entries, everything works as expected and am able to join a 
machine to the domain.


The question:

Is that a samba, nss or smbldap-tools bug? Or is this not a bug, but a 
feature? ;) Or have I lost something?


Best regards and thanks in advance.

--
Marcio Merlone

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Group mapping question

[Marcio Merlone]

Hello all,

I run a samba 3.0.26a-1ubuntu2.3 on an Ubuntu 7.10 server with OpenLDAP 
both for samba and for posix accounts. Everything runs fine, but while 
trying to solve another issue, I stumped on this odd behavior:


[EMAIL PROTECTED]:/etc# net groupmap list | grep "Domain Admins"
Domain Admins (S-1-5-21-1234567890-1234567890-1234567890-512) -> root

But:

[EMAIL PROTECTED]:/etc# smbldap-groupshow "Domain Admins"
group Domain Admins doesn't exist


Is that something I should worry about? Or can anybody help me find what 
is going on?


Best regards and thanks in advance.

--
Marcio Merlone

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] nested groups not working with sudo and winbind

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Glenn Bailey wrote:
> Howdy folks,
> 
> I'm having an issue with sudo not recognizing nested groups
> via AD and winbind. I have an AD group called UnixAdmins and
> when I ad and AD account *directly* into this group, I am able
> to use sudo just fine as it is in the sudoers. *but* say I
> have a nested group in UnixAdmins like CustomerUsers or whatnot
> it won't recognize. Now, I also restrict access via pam.d systems-auth
> to UnixAdmins, so I know that part it working. Also, when I run
> and "id" it shows the proper groups. It's just seems sudo won't
> recognize the nested groups :-(
> 
> Anyone run into this issue before? It's gonna be an admin nightmare
> just to populate UnixAdmins with individual accounts ..

This was fixed in the upcoming 3.2 release.  See the
"winbind expand groups" option.





cheers, jerry
- --
=
Samba--- http://www.samba.org
Likewise Software  -  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFID4KqIR7qMdg1EfYRAgt2AJ93S4Ui1BCaODky99o5QOj9YHUE9gCg4fVD
w69AwDShdPp6xQGFeZmTUSA=
=Nu+h
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Broken symlink inside a folder

[Jeremy Allison]

On Fri, Apr 18, 2008 at 03:08:10PM +, Yahaya, Mohd Fazlee (GCM Delphi) 
wrote:
> Hello List,
> 
> I ran into a problem where I cannot delete a folder which looks empty to 
> Windows, but actually got a dangling symlink inside of it. Is there any 
> configuration option that I should turned on or off, so that I can delete the 
> said folder? Btw, option 'follow symlinks = yes' is must for me and I'm using 
> samba version 3.0.20.
> 
> Appreciate any thought, thanks!

There's no easy way to do this unless the symlink path (not the target) is 
contained
in the "veto files" option and "delete veto files" is set to yes.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] nested groups not working with sudo and winbind

[Glenn Bailey]

Howdy folks,

I'm having an issue with sudo not recognizing nested groups
via AD and winbind. I have an AD group called UnixAdmins and
when I ad and AD account *directly* into this group, I am able
to use sudo just fine as it is in the sudoers. *but* say I
have a nested group in UnixAdmins like CustomerUsers or whatnot
it won't recognize. Now, I also restrict access via pam.d systems-auth
to UnixAdmins, so I know that part it working. Also, when I run
and "id" it shows the proper groups. It's just seems sudo won't
recognize the nested groups :-(

Anyone run into this issue before? It's gonna be an admin nightmare
just to populate UnixAdmins with individual accounts ..

Glenn E. Bailey III
terremark worldwide
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbindd_privileged problem with 3.0.28a

[Dave Randolph]

Hi, all.

Has anyone else experienced issues with using ntlm_auth in 3.0.28a?  We have 
had squid set up to use ntlm_auth for quite some time & the latest update 
seems to break.  

I'm getting (in /var/log/messages)

Apr 23 10:13:51 cyclops (ntlm_auth):   Login for user [NSTARBANK]\[drandolph]@
[NSB_DAVELAPTOP] failed due to [winbind client not authorized to
 use winbindd_pam_auth_crap. Ensure permissions 
on /var/lib/samba/winbindd_privileged are set correctly.]
Apr 23 10:13:51 cyclops (ntlm_auth): [2008/04/23 10:13:51, 0] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(776)
Apr 23 10:13:51 cyclops (ntlm_auth): [2008/04/23 10:13:51, 0] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(776)
Apr 23 10:13:51 cyclops (ntlm_auth):   NTLMSSP BH: NT_STATUS_ACCESS_DENIED
Apr 23 10:13:51 cyclops (ntlm_auth):   NTLMSSP BH: NT_STATUS_ACCESS_DENIED

 I have checked and double-checked that the squid process is running as 
user "squid" and that "squid" is a member of the wbpriv group.  

Perms on the winbindd_privileged folder are:

drwxr-x---  2 root wbpriv4096 2008-04-23 10:00 winbindd_privileged
[EMAIL PROTECTED] samba]# pwd
/var/lib/samba



If I fiddle with the perms then winbind won't even start & I'm kind of at a 
loss to explain what is going on as I can't find any bugs filed, etc.  I 
thought I'd ask here & see if the 3.0.28a broke for anyone else.

Thanks for any input.
dave

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: profiles migrate

[David . Grudek]

There is a tool I found that will join the computer to the new domain and 
then allow you to change the sid of the user profile to the new sid of the 
the new domain.  Email me and I will email it to you.  I do not remember 
where I got it from other wise I would have sent you a link.  david.grudek 
at anixter.comI fixed the email so I will not get spam.
 
 
David Grudek
ISE Engineer
Anixter Inc.
2301Patriot Blvd
Glenview, IL 60026
Office:  224.521.8068
Cell: 847.975.7800
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] (no subject)

[Radhakrishnan, Sudheer Kumar K.]

Hello Samba,

 

We are using Samba/CIFS hp-ux server connecting to Windows ADS and try
to create keytab file using 

 

net ads create keytab -u Administrator ,but it is unable to create
keytab file in the /etc/directory.

 

Please see the attached output file for your reference.

 

Appreciate your help!!

 

Sudheer Radhakrishnan / Capgemini
North America P&C / East Business Unit
Unix Support / Hosting
Mobile: 508 769 2371  http://www.capgemini.com/
 
Fax: 508.229.2013
45 Bartlett Street /  Marlborough, Ma 01752 
Together: the Collaborative Business Experience

 







This message contains information that may be privileged or confidential and is 
the property of the Capgemini Group. It is 
intended only for the person to whom it is addressed. If you are not the 
intended recipient, you are not authorized to 
read, print, retain, copy, disseminate, distribute, or use this message or any 
part thereof. If you receive this message 
in error, please notify the sender immediately and delete all copies of this 
message.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] using samba as nfs server replacement?

[Pakorn Chutinimitkul]

Hi,

I have a set of Linux file servers running in the system. Linux 
machines are hooked up to these server through NFSv3, Windows machines
through Samba. Our Linux pool ran into problem with NFS capacity, it turned out 
to be either NFS or kernel bugs. Moving to NFSv4 is not a
choice since we have to update too many clients/servers. I was wondering if 
switching the whole system to Samba-based would solve the
problem? I have some question that I couldn't figure it out.

1. How to make Samba stores the ownership of the file? Afaik Samba 
changes ownership of the file to the connected user. Our storage relies
on uid/gid a lot.

2. Can Samba obey umask settings? Apart from changing values in create 
mask ?

If anyone could point me to any resource, that would be greatly 
appreciated.

Thank you!
Pakorn
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unable to access linux files from windows using samba configured in linux Vmware

[gforgcc]

Hi friends,
i have a weird problem, i am running a Fedora Linux OS on Vmware installed
from Windows XP
i have configured samba inside VMware linux (BRIDGED NETWORKING), but when i
tried to access the same from the windows it is telling "cannot be
accessible", i have tried almost all the ways... 
My Windows IP is say 192.168.248.29 and i have taken a free IP from system
admin for my VMware linux running on windows say its IP is 192.168.248.195
and from windows i am trying to access like this
Go to Start menu -> run and type \\192.168.248.195, now it will show the
list of the samba folders but when i double click on the folder it prompts
for username and passwd and when i enter the samba username and passwd it
will popup a message "Cannot be accessed u might now have permissions to
access this" !! :( 
but i have given all the permissions to that folder chmod 777 /home/user -R
and also while configuring samba i have given writable and browsable
permissions , i am using samba version 3.0.21b-2, and i tried stopping
iptables also but even that yielded same result
Please help me to solve this problem thanks.. :)
-- 
View this message in context: 
http://www.nabble.com/Unable-to-access-linux-files-from-windows-using-samba-configured-in-linux-Vmware-tp16831136p16831136.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba and gpfs

[Marcin Mogielnicki]

Hi all,

I've got question (problem?) regarding samba exporting gpfs filesystem. 
My setup is very simple - gpfs client machine with gpfs filesystem 
mounted and samba server running on the top of it. I compiled samba with 
gpfs support, here is my smb.conf section:


[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   fileid:mapping = fsname
   use mmap = no
   vfs objects = gpfs
   gpfs:sharemodes = yes

I can access home dir as user with no single problem, but when it comes 
to locking file (for reading it, when client does 'get file', for 
example), here is what happens:


smb: \> get opt.err
NT_STATUS_SHARING_VIOLATION opening remote file \opt.err


[2008/04/22 14:49:53, 4] smbd/open.c:open_file_ntcreate(1605)
  calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 
0x120089, open_access_mask = 0x120089

[2008/04/22 14:49:53, 10] smbd/open.c:fd_open(67)
  fd_open: name opt.err, flags = 00 mode = 0744, fd = 26.
[2008/04/22 14:49:53, 2] smbd/open.c:open_file(391)
  marcin opened file opt.err read=Yes write=No (numopen=1)
[2008/04/22 14:49:53, 10] locking/posix.c:get_windows_lock_ref_count(545)
  get_windows_lock_count for file opt.err = 0
[2008/04/22 14:49:53, 10] locking/posix.c:delete_windows_lock_ref_count(559)
  delete_windows_lock_ref_count for file opt.err
[2008/04/22 14:49:53, 5] smbd/files.c:file_free(454)
  freed files structure 7191 (0 used)
[2008/04/22 14:49:53, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/reply.c(1458) cmd=45 (SMBopenX) 
NT_STATUS_SHARING_VIOLATION


When I disable gpfs support in smb.conf, i.e. when I've got:

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

only there, it works, although, as far as I understand, I'm at risk of 
corrupting data. I can't find any extensive materials about that, so I'd 
would be very grateful for enlightening me here.


Question - how to set it up? Samba is the latest one (3.0.28a), file 
used for transferring is not locked for sure. All directories with no 
gpfs config options in smb.conf work right.


Regards,

Marcin Mogielnicki
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Bad file modification date/time stamps created from windows clients

[Greg Barry]

I did post to samba bugzilla  ...   The bug ID is:  5379


Here is the smb.conf file:


; smb.conf - configuration file for smb
;

[global]
  debug level = 10
  max log size = 1000
  dead time = 15
  log file = /usr/local/samba/var/log.%I
  printing = HPUX
  print command = /usr/bin/lp -c -d%p %s; rm %s
  lpq command = /usr/bin/lpstat -p%p
  lprm command = /usr/bin/cancel -p%p
  load printers = yes
  encrypt passwords = Yes
  local master = No
  unix password sync = Yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *password* %n\n *password* %n\n
  browseable = no
create mask = 755
null passwords = yes
security = user
server signing = auto
map to guest = bad user
dos filemode = yes
workgroup = MYGROUP

[public]
comment = public
browseable = yes
available = yes
path = /tmp/public
public = yes
username = wrapform
writable = yes
revalidate = true

[cdrom]
comment = orasys's cdrom
browseable = yes
available = yes
only user = no
path = /cdrom
public = yes
username = guest
writeable = no
create mask = 775
revalidate = true


[pcs-backup]
  comment = Home PCS-BACKUP Directories
  browseable = yes
  path = /dmp/pcs-backup
#  guest account = guest
  user = @devlpr
  read only = No
#  public = No
#  guest ok = No
  create mode = 0764
  writable = Yes
  write ok = Yes

[h]
  comment = Home Directories
   guest ok = yes
   available = yes
  browseable = no
  public = no
  writable = yes
  path = /h/%U
  create mode = 0750
  read only = no
  write ok = yes

[homes]
comment = wrapper User's home directories
guest ok = no
read only = no
browseable = no
available = yes

[dmscom]
  comment = Home DMSCOM Directories
  browseable = yes
  public = yes
  writable = yes
  path = /h/dmscom
  create mode = 0764
  read only = no
  write ok = yes

[oraload]
  comment = Home ORALOAD Directories
  browseable = yes
  public = yes
  writable = yes
  path = /h/oraload
  guest ok = Yes
  create mode = 0764
  read only = no
  write ok = yes

[ldaload]
  comment = Home LDALOAD Directories
  browseable = yes
  public = yes
  writable = yes
  path = /ldaload
  guest ok = Yes
  create mode = 0764
  read only = no
  write ok = yes

[rldaload]
  comment = Home LDALOAD Directories
  browseable = yes
  public = yes
  writable = no
  path = /ldaload
  guest ok = Yes
  create mode = 0700
  read only = yes
  write ok = no
  revalidate = yes

[printers]
  comment = All Printers
#  postscript = true
  printable = yes
  public = yes
  writable = no
  browseable = yes
  create mode = 0700

[IPC$]
  hosts deny = 0.0.0.0/0



I attached the smbd.log file




Greg Barry,Systems Analyst
Unix Systems Management
Lockheed Martin Information Technology
Email: [EMAIL PROTECTED] 

[2008/04/21 07:08:36, 0] smbd/server.c:main(944)
  smbd version 3.0.28a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008
[2008/04/21 07:08:36, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
  doing parameter max log size = 1000
  doing parameter dead time = 15
  doing parameter log file = /usr/local/samba/var/log.%I
  doing parameter printing = HPUX
  doing parameter print command = /usr/bin/lp -c -d%p %s; rm %s
  doing parameter lpq command = /usr/bin/lpstat -p%p
  doing parameter lprm command = /usr/bin/cancel -p%p
  doing parameter load printers = yes
  doing parameter encrypt passwords = Yes
  doing parameter local master = No
  doing parameter unix password sync = Yes
  doing parameter passwd program = /usr/bin/passwd %u
  doing parameter passwd chat = *password* %n\n *password* %n\n
  doing parameter browseable = no
  doing parameter create mask = 755
  doing parameter null passwords = yes
  doing parameter security = user
  doing parameter server signing = auto
  doing parameter map to guest = bad user
  doing parameter dos filemode = yes
  doing parameter workgroup = MYGROUP
[2008/04/21 07:08:36, 2] param/loadparm.c:do_section(3811)
  Processing section "[public]"
[2008/04/21 07:08:36, 8] param/loadparm.c:add_a_service(2590)
  add_a_service: Creating snum = 0 for public
[2008/04/21 07:08:36, 10] param/loadparm.c:hash_a_service(2627)
  hash_a_service: creating tdb servicehash
[2008/04/21 07:08:36, 10] param/loadparm.c:hash_a_service(2637)
  hash_a_service: hashing index 0 for service name public
  doing parameter comment = public
  doing parameter browseable = yes
  doing parameter available = yes
  doing parameter path = /tmp/public
  doing parameter public = yes
  doing parameter username = wrapform
  doing parameter writable = yes
  doing parameter revalidate = true
[2008/04/21 07:0

[Samba] Broken symlink inside a folder

[Yahaya, Mohd Fazlee (GCM Delphi)]

Hello List,

I ran into a problem where I cannot delete a folder which looks empty to 
Windows, but actually got a dangling symlink inside of it. Is there any 
configuration option that I should turned on or off, so that I can delete the 
said folder? Btw, option 'follow symlinks = yes' is must for me and I'm using 
samba version 3.0.20.

Appreciate any thought, thanks!

Fazlee
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Can't use Encrypted Passwords with ldapsam backend

[James R. Phillips]

Hello samba mailing list,

I'm using samba 3.0.24 on a home server running Debian etch.  The server 
handles authentication and provides samba file shares for a small home 
network of Linux machines.  I recently changed basic login 
authentication from NIS to kerberos/ldap for the clients. I then decided 
to switch samba over on the server to use the new ldap authentication 
backend.


The [global] section of smb.conf looks like this:

[global]
   workgroup = PHILLIPS.ORG
   dns proxy = No
   username map = /etc/samba/user.map
# The whole objective of using ldap was to set this true;
# but it seems to cause samba to choke.  Is ldap ssl
# required if this is set true?  Doesn't seem likely.
# http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#smb.conf
# shows an example with encrypted passwords and without tls
#
   encrypt passwords = false
#
   server string = %h server (Samba %v)
   wins support = Yes
   master = Yes
   browseable = Yes
   passdb backend = ldapsam
   obey pam restrictions = yes
   ldap suffix = dc=localnet
   ldap admin dn = cn=admin,dc=localnet


Note that passwords are not encrypted.
This is  because samba authentication always fails for all clients when 
I set "encrypt passwords" to "true". It works fine without encryption. 
As the comments in the file indicate, I wondered whether ldap ssl is 
required to support encrypted passwords, but that doesn't seem to be the 
case.  So I don't know why I can't successfully enable encrypted passwords.


Can anyone shed some light on this?

Thanks

James R. Phillips

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] profiles migrate

[Maximo Mosalvo]

Hy , my english is bad,bad sorry
I need change a server pdc samba , and change too the domain name, so i 
can't  export  users and sid .

Exist some tool to export and covert the old porfile to the new domain?

thanks

Maximo Monsalvo
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] my samba hangs for 60 seconds

[L.P.H. van Belle]

First try setting your network interface to a fixed setting.
with ethtool 
check your settings with ethtool eth(0/1) 
here some tips to set it fixed.
http://www.cyberciti.biz/tips/tag/ethtool 

Louis
 

>-Oorspronkelijk bericht-
>Van: [EMAIL PROTECTED] 
>[mailto:[EMAIL PROTECTED] Namens 
>Rajiv Nair
>Verzonden: woensdag 23 april 2008 13:34
>Aan: samba@lists.samba.org
>Onderwerp: [Samba] my samba hangs for 60 seconds
>
>Hi, my samba hangs for 60 seconds and then work like normal.  
>Why?  Not able
>to find any reason..please help me.
>
>[global]
>
>encrypt passwords = yes
>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>max log size = 0
>volume = Fedroa
>
>map to guest = Bad user
>security = share
>workgroup = xxx
>server string = PD
>netbios name = 
>log file = /var/log/samba/%m.log
># guest account = smbguest
># smb passwd file = /etc/samba/smbpasswd
>hosts allow = 192.168.1., 127.
>send file = no
>readwrite = no
>
>[home]
>comment = Home
>path= /data/home
>browseable = yes
>read only = no
>writable = yes
>public = yes
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] changing file permissions from Windows

[Toni Casueps]

I don't know if this is a Windows problem or if I don't have the correct Samba 
configuration... each time that I want to change permissions for a shared file, 
it asks me to log in with an account which has permissions in my domain !!, no 
matter if I logged in with the Samba admin account or with a normal account.
_
Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar 
siempre a la última
http://newsletters.msn.com/hm/maintenanceeses.asp?L=ES&C=ES&P=WCMaintenance&Brand=WL&RU=http%3a%2f%2fmail.live.com--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Running Samba 3 in a FreeBSD jail

[Nejc Škoberne]

Hello,

I've been trying to get a solution (or at least an explanation) from the 
FreeBSD guys
at freebsd-questions lists, but I guess no one knew the answer.

I am trying to run Samba 3 (latest) in a FreeBSD 7.0 jail
(http://en.wikipedia.org/wiki/FreeBSD_Jail). It seems I cannot convince Samba 
to answer
NetBIOS broadcast requests and therefore Windows machines cannot browse it 
directly
by name (\\machine).

I know I can set up DNS and/or WINS to achieve what I want, but I would like to 
understand
why I can't simply use NetBIOS broadcasts. If I put Samba (the same 
configuration) out of
FreeBSD jail, everything works nicely. If I put it back into the jail, it just 
doesn't
respond - the nmbd is running, though; sockstat output follows:

root smbd   1436  18 tcp4   192.168.15.201:445*:*
root smbd   1436  19 tcp4   192.168.15.201:139*:*
root nmbd   1430  6  udp4   192.168.15.201:137*:*
root nmbd   1430  7  udp4   192.168.15.201:138*:*
root nmbd   1430  8  udp4   192.168.15.201:137*:*
root nmbd   1430  9  udp4   192.168.15.201:138*:*
root nmbd   1430  12 dgram  -> /var/run/logpriv

So it listens at the correct IP address (of the jail).

Any ideas how to debug this? How to find out why Samba doesn't respond to 
NetBIOS broadcast
requests when running in jail?

My smb.conf is here: http://stuff.skoberne.net/smb.conf

Thanks,
Nejc
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] my samba hangs for 60 seconds

[Rajiv Nair]

Hi, my samba hangs for 60 seconds and then work like normal.  Why?  Not able
to find any reason..please help me.

[global]

encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
max log size = 0
volume = Fedroa

map to guest = Bad user
security = share
workgroup = xxx
server string = PD
netbios name = 
log file = /var/log/samba/%m.log
# guest account = smbguest
# smb passwd file = /etc/samba/smbpasswd
hosts allow = 192.168.1., 127.
send file = no
readwrite = no

[home]
comment = Home
path= /data/home
browseable = yes
read only = no
writable = yes
public = yes
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problems with winbind, idmap and usrmgr.exe

[L.P.H. van Belle]

did you add your server to the domain ? 
eq.. net rpc join -S 'pdc-name' -U administrator%password -d 5 

check this page and review your config also.
http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html 

 Louis


>-Oorspronkelijk bericht-
>Van: [EMAIL PROTECTED] 
>[mailto:[EMAIL PROTECTED] Namens 
>Mike Brady
>Verzonden: woensdag 23 april 2008 9:46
>Aan: samba@lists.samba.org
>Onderwerp: Re: [Samba] Problems with winbind, idmap and usrmgr.exe
>
>First of all apologies for replying to my own query, but I have run out
>of things to try and really need to make some progress on this.
>
>I have done a clean install and am now using the configuration file
>below for my Samba PDC.  This has made no difference to the issue with
>usrmgr.exe.  As before this is Samba 3.0.28a on Centos 5.1 x86_64 and
>nsswitch is configured to use winbind.
>
>[global]
>log level = 5
>workgroup = domb
>server string = Samba Server Version %v
>interfaces = lo, eth0
>passdb backend = tdbsam:/etc/samba/passdb.tdb
>username map = /etc/samba/smbusers
>log file = /var/log/samba/%m.log
>max log size = 50
>
># Stuff that makes this machine a PDC.
>add user script = /usr/sbin/useradd "%u" -n -g domusers
>delete user script = /usr/sbin/userdel "%u"
>add group script = /usr/sbin/groupadd "%g"
>delete group script = /usr/sbin/groupdel "%g"
>delete user from group script = /usr/sbin/userdel "%u" "%g"
>add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
>-M -d /nohome -s /bin/false -g machines "%u"
>logon path = \\%L\Profiles\%U
>logon home = \\%L\%U\.profiles
>logon drive = H:
>domain logons = Yes
>os level = 33
>preferred master = Yes
>domain master = Yes
>wins proxy = Yes
>wins support = Yes
>
># Equivalent of old behaviour.
>idmap domains = ALLDOMAINS
>idmap config ALLDOMAINS:default = yes
>idmap config ALLDOMAINS:backend = tdb
>idmap config ALLDOMAINS:range   = 1 - 5
>
>idmap alloc backend = tdb
>idmap alloc config:range = 1 - 5
>
>winbind enum users = yes
>winbind enum groups = Yes
>winbind nested groups = yes
>hosts allow = 127., 192.168.42., 192.168.43.
>cups options = raw
>
>[homes]
>comment = Home Directories
>read only = No
>browseable = No
>
>[netlogon]
>comment = Network Logon Service
>path = /var/lib/samba/netlogon
>guest ok = Yes
>browseable = No
>share modes = No
>read only = yes
>
>[profiles]
>path = /var/lib/samba/profiles
>read only = no
>create mask = 0600
>directory mask = 0700
>
>At this stage I believe there to be a problem with winbind as I have
>also tried the following.
>
>Creating a local group with "net -U root%xxx sam createlocalgroup
>local1", which succeeds.
>
>A portion of the output from "net groupmap list verbose" shows:
>local1
>SID   : S-1-5-21-2991776595-4262790192-2958925130-1004
>Unix gid  : 10053
>Unix group: local1
>Group type: Local Group
>Comment   :
>
>Testing winbind with the following:
>[EMAIL PROTECTED] ~]# wbinfo -G 10053
>S-1-5-21-2991776595-4262790192-2958925130-1004
>[EMAIL PROTECTED] ~]# wbinfo -s
>"S-1-5-21-2991776595-4262790192-2958925130-1004"
>Could not lookup sid S-1-5-21-2991776595-4262790192-2958925130-1004
>
>Shouldn't both these commands work or am missing something?   
>I tried it
>both with and without the quotes around the SID.
>
>Also
>
>[EMAIL PROTECTED] ~]# wbinfo -D .
>Name  : DOMB
>Alt_Name  :
>SID   : S-1-5-21-2991776595-4262790192-2958925130
>Active Directory  : No
>Native: No
>Primary   : Yes
>Sequence  : -1
>
>[EMAIL PROTECTED] ~]# wbinfo -u
>Error looking up domain users
>
>[EMAIL PROTECTED] ~]# wbinfo -g
>BUILTIN\server operators
>BUILTIN\guests
>BUILTIN\power users
>BUILTIN\print operators
>BUILTIN\administrators
>BUILTIN\account operators
>BUILTIN\backup operators
>BUILTIN\users
>local1
>
>These are only the local groups.  Shouldn't this list the domain groups
>as well?
>
>[EMAIL PROTECTED] ~]# wbinfo --getdcname domb
>Could not get dc name for domb
>
>Which may well be the root of the problem?
>
>I am happy to supply which ever logs are required, just let me know.
>
>Thanks
>
>Mike
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Vista problem, with ADS samba

[Martin Zielinski]

Hello,

Just an update regarding Vista vs. Samba:

It appears, that the problem is, that the driver on the Samba server 
does not contain any "dependent files".

In this case, Samba returns an empty string in a DRIVER_INFO_3 response.
This behaviour is different to XP - and different to what the msdn 
states (NULL or a list of *two* empty strings).
XP returns a NULL pointer. Vista reacts on the malformed struct with a 
0x000d error (Invalid data) and stops the printer installation.


I don't think, it's critical since the most (if not all) real-live 
drivers actually do have dependent files. The driver in this case have 
been installed via rpcclient and self-compiled.


Attached is a text representation of a wireshark trace as proof.

Bye,

Martin

Boutan, Paul R. schrieb:

I am running samba 3.0.28 on linux servers using ADS security, without
any problem.

 


However when I added a vista workstation to the mix, it simply cannot
connect to my printers.  I can connect to my data/ or disk shares

again

without any problem from both 64bit vista, and 32 bit vista.

 


When I try to access my printers though I get  "Windows cannot connect
to the printer, Operation could not be completed (error 0x000d)

 


I have looked at everything, tried numerous drivers, settings, and so
on, but this error is not documented anywhere for this condition.  Any
ideas?

 


Thanks

 


[EMAIL PROTECTED]




===
=== Windows XP 
===

No. TimeSourceDestination   Protocol Info
270 103.648897  192.168.3.189 192.168.3.186 SPOOLSS  
EnumPrinterDrivers response
[...]
Microsoft Spool Subsystem, EnumPrinterDrivers
Operation: EnumPrinterDrivers (10)
[Request in frame: 240]
Buffer
Referent ID: 0x000f4e0c
Buffer size: 8952
Buffer data: 0300EA22CC226E221822BE21...
Driver info level 3
Driver version: Windows 2000/XP (3)
Driver name: cups32
Architecture name: Windows NT x86
Driver path: \\192.168.3.189\print$\W32X86\3\cups32drvr.dll
Data file: \\192.168.3.189\print$\W32X86\3\cups32.ppd
Config file: \\192.168.3.189\print$\W32X86\3\cups32ui.dll
Help file: \\192.168.3.189\print$\W32X86\3\cups32.hlp
Dependent files: NULL
Offset: 0
Monitor name: 
Default data type: RAW
[...]
Needed: 8952
Returned: 5
Return code: Success (0x)

===
=== Samba =
===

No. TimeSourceDestination   Protocol Info
 85 2.377568192.168.3.181 192.168.3.186 SPOOLSS  
EnumPrinterDrivers response
[...]
Microsoft Spool Subsystem, EnumPrinterDrivers
Operation: EnumPrinterDrivers (10)
[Request in frame: 84]
Buffer
Referent ID: 0xf000baaa
Buffer size: 400
Buffer data: 0300820164011401CC008000...
Driver info level 3
Driver version: Windows 2000/XP (3)
Driver name: cups32
Architecture name: Windows NT x86
Driver path: nina\print$\W32X86\3\cups32drvr.dll
Data file: nina\print$\W32X86\3\cups32.ppd
Config file: nina\print$\W32X86\3\cups32ui.dll
Help file: nina\print$\W32X86\3\cups32.hlp
Dependent files: 
Offset: 54
String: 
Monitor name: 
Default data type: RAW
Needed: 398
Returned: 1
Return code: Success (0x)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problems with winbind, idmap and usrmgr.exe

[Mike Brady]

First of all apologies for replying to my own query, but I have run out
of things to try and really need to make some progress on this.

I have done a clean install and am now using the configuration file
below for my Samba PDC.  This has made no difference to the issue with
usrmgr.exe.  As before this is Samba 3.0.28a on Centos 5.1 x86_64 and
nsswitch is configured to use winbind.

[global]
log level = 5
workgroup = domb
server string = Samba Server Version %v
interfaces = lo, eth0
passdb backend = tdbsam:/etc/samba/passdb.tdb
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
max log size = 50

# Stuff that makes this machine a PDC.
add user script = /usr/sbin/useradd "%u" -n -g domusers
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
delete user from group script = /usr/sbin/userdel "%u" "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
-M -d /nohome -s /bin/false -g machines "%u"
logon path = \\%L\Profiles\%U
logon home = \\%L\%U\.profiles
logon drive = H:
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes

# Equivalent of old behaviour.
idmap domains = ALLDOMAINS
idmap config ALLDOMAINS:default = yes
idmap config ALLDOMAINS:backend = tdb
idmap config ALLDOMAINS:range   = 1 - 5

idmap alloc backend = tdb
idmap alloc config:range = 1 - 5

winbind enum users = yes
winbind enum groups = Yes
winbind nested groups = yes
hosts allow = 127., 192.168.42., 192.168.43.
cups options = raw

[homes]
comment = Home Directories
read only = No
browseable = No

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
browseable = No
share modes = No
read only = yes

[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700

At this stage I believe there to be a problem with winbind as I have
also tried the following.

Creating a local group with "net -U root%xxx sam createlocalgroup
local1", which succeeds.

A portion of the output from "net groupmap list verbose" shows:
local1
SID   : S-1-5-21-2991776595-4262790192-2958925130-1004
Unix gid  : 10053
Unix group: local1
Group type: Local Group
Comment   :

Testing winbind with the following:
[EMAIL PROTECTED] ~]# wbinfo -G 10053
S-1-5-21-2991776595-4262790192-2958925130-1004
[EMAIL PROTECTED] ~]# wbinfo -s
"S-1-5-21-2991776595-4262790192-2958925130-1004"
Could not lookup sid S-1-5-21-2991776595-4262790192-2958925130-1004

Shouldn't both these commands work or am missing something?   I tried it
both with and without the quotes around the SID.

Also

[EMAIL PROTECTED] ~]# wbinfo -D .
Name  : DOMB
Alt_Name  :
SID   : S-1-5-21-2991776595-4262790192-2958925130
Active Directory  : No
Native: No
Primary   : Yes
Sequence  : -1

[EMAIL PROTECTED] ~]# wbinfo -u
Error looking up domain users

[EMAIL PROTECTED] ~]# wbinfo -g
BUILTIN\server operators
BUILTIN\guests
BUILTIN\power users
BUILTIN\print operators
BUILTIN\administrators
BUILTIN\account operators
BUILTIN\backup operators
BUILTIN\users
local1

These are only the local groups.  Shouldn't this list the domain groups
as well?

[EMAIL PROTECTED] ~]# wbinfo --getdcname domb
Could not get dc name for domb

Which may well be the root of the problem?

I am happy to supply which ever logs are required, just let me know.

Thanks

Mike


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba