[Samba] Re: Write Once Read Many share with samba
Jack Downes wrote: You could handle this outside of Samba with ACLs on your filesystem. Assuming you use ext3 for the filesys, there are some rather good acl tools for that. I don't think POSIX ACLs will do this either. Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Write Once Read Many share with samba
Hi 2008/5/20 Brian May <[EMAIL PROTECTED]>: > I don't think it is possible with Unix or Samba permissions to: > > * allow file writes but deny file appends (and other modifications?). > * allow creating files but deny creating folders. > > which appears to be what you have done under windows. This was my thoughts. Samba is running on a FreeBSD 6.3 AMD64 server, filesystem is UFS. I don't know of any ACL tools... Oh well, at least I've tried :) Jean-Yves -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Write Once Read Many share with samba
You could handle this outside of Samba with ACLs on your filesystem. Assuming you use ext3 for the filesys, there are some rather good acl tools for that. just a thought, Jack Brian May wrote: Jean-Yves Avenard wrote: On Windows : Check "Create Files / Write Data", Uncheck: "Create Folders / Append Data" I don't think it is possible with Unix or Samba permissions to: * allow file writes but deny file appends (and other modifications?). * allow creating files but deny creating folders. which appears to be what you have done under windows. Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Write Once Read Many share with samba
Jean-Yves Avenard wrote: On Windows : Check "Create Files / Write Data", Uncheck: "Create Folders / Append Data" I don't think it is possible with Unix or Samba permissions to: * allow file writes but deny file appends (and other modifications?). * allow creating files but deny creating folders. which appears to be what you have done under windows. Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA PDC with LDAP backend syncing unix/samba accounts ...
yogi escreveu: Hi all , I'm running Debian Etch . I just finished configuring SAMBA as PDC to authenticate against LDAP server which works. The system in question uses default debian etch packages. As My Linix/unix accounts can authenticate against it. The LDAP works. I Used the default shipped smbldap-populate script to setup SAMBA. Good, this is the reason that it is there :) You will only not want to use if you have a reason, like it messing with your already populated base. Everything seems to work as Anonymous User or as user root. shark:/etc/samba# smbclient -L shark -N Anonymous login successful Domain=[LDAPBIOMAX] OS=[Unix] Server=[Samba 3.0.24] Share name Type Comment - --- netlogonDisk Network Logon Service knoppix Disk IPC$IPC IPC Service (Samba Server 3.0.24) Anonymous login successful Domain=[LDAPBIOMAX] OS=[Unix] Server=[Samba 3.0.24] Server Comment ---- SHARKSamba Server 3.0.24 Now when I try and login as normal user, which i have enabled with "smbldap-usermod -a yogesh" smbldap-usershow yogesh dn: uid=yogesh,ou=People,dc=biomax,dc=de uid: yogesh cn: yogesh objectClass: account,posixAccount,top,shadowAccount,sambaSamAccount userPassword: {MD5}.SOMELONGHASH shadowLastChange: 12900 shadowMax: 1 loginShell: /bin/bash uidNumber: 668 gidNumber: 100 homeDirectory: /sk-home/yogesh sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: System User sambaSID: S-1-5-21-4033729970-1053622217-143831336-9886 sambaAcctFlags: [UX ] - Now when I try and connect I get the following failure . shark:/etc/samba# smbclient -L shark -U yogesh session setup failed: NT_STATUS_LOGON_FAILURE For me smbldap-usermod -a dont ask for a password, so your error appears to be the right behavior of the server, when you try to access the samba server with an account that have a posix password but don't have a samba password. If your posix password is hashed and it didn't asked for the password it cannot guess it and fill the NT and LM samba hashes. If you don't know, your account need to end up with three hashes for the same password :) After Digging thru the logs I figuered that if I enter password using "smbldap-password" . It works. Ok, now you have defined your samba password, and it will be synced with the posix one, and everyone will be happy. Now my Stupid questions ? I already have unix users working of LDAP, How can I automate the addition of remaining accounts with SAMBA ? Well, as already said your script cannot guess the content of a hash to create another that samba needs (this is the purpose of hashes), normally people add the samba part (with smbldap-usermod), change the password to something else (with smbldap-passwd), mark the account to only allow the login if the password is changed (with smbldap-usermod -B 1), then inform the user of the new password and ask to he to put his password back when he tries to login and receive automatically a window asking for that. It will be a process very likely as adding a new user. Also whenever a unix user changes passwd samba password is not updated ? Well, this is a little more complicated, depends of how and were they are trying to do that, but normally posix tools don't know of the existence of samba hashes, anyway its possible to do that too, but you will need to be a little more specific. They are trying to do that using their own workstations that have Linux or trying to do that accessing the server shell? Any pointers will be of great help. Thanks in advace yogesh Appears that theres nothing wrong with your config, you just didn't understood what you need to do. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP is very slow to access Samba
I've once had a dead DNS server listed in my resolv.conf on the Samba server which was causing exactly this problem. The dead server was a local one which had had it's address changed. Try checking your listed DNS servers if you have any, make sure they are all alive and the server can access them. try: dig google.com @mylistedDNSserver.com from the Samba server. Andreas Yvon Dubinsky wrote: I have a linux sever running it is version 2.6.20-2936.fc7xen. The samba version is Version 3.0.27-0.fc7. My problem is XP and Windows 2k Machines connect very slow to the mapped drives. It does not matter if they are connected as the IP (\\192.168.100.32\*) or a mapped drive in the Windows Host file (Sambasales\*). Has anyone else had these problems, and if so what did you do to fix it. Thanks in advance, Yvon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding users to group with net rpc
On Monday 19 May 2008 05:09:45 pm Leandro Tracchia wrote: > > What version of Samba are you running? > > I don't even know how to check that ashamed to say... smbd -V - John T. > > > What do you mean by this? How did you do this? > > well, i gather this because of the following 3 reasons: > > 1) the following command shows the correct Windows groups mapped > to their corresponding posix group accounts. > > root# net rpc groupmap list > > 2) the Windows Domain Users group is mapped to the posix users > group which is shown with the above command. all my user accounts > belong to the users group. > > 3) the following commands shows the correct Windows group (Domain > Users) for each particular user (as i already stated). > > root# net rpc user info billybob > > 4) posix user accounts all correspond to their smbpasswd accounts. > > > OK. What is the output of?: > > > >pdbedit -Lw root > > i'll answer this tomorrow when i'm back at work > > thanks for you help and please bear with me, i'm new at this -- John H Terpstra Samba-Team Member Author: The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Samba Schema
Hi I am trying to use Postfix to expand the members of the LDAP Samba groups. Because of the Samba groups have only the uid of the member (memberUid), not the full dn (memberdn or uniquemember), the expansion for use in Postfix cannot be done. Mi question is if Samba (with smbldap-tools) is able to store the full dn of the members in the group attributes (i have read about rfc2307bis.schema, or samba3.schema, but no much information), so Samba, LDAP and Postfix could live together. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] domain memership and security=domain
Dear List, I have successfully deployed my first Samba 3 PDC with LDAP, and I have several XP pro workstations successfully joined to the domain. There are some other XP pro workstations that are not joined to the domain yet, but are on the same network. Now I have another Linux (Suse 9.2) PC (separate from the PDC) that is acting as a file server, with it's own shares. This PC has no local user accounts, and I set this with security = domain, passwd server = SambaPDC and successfully joined it to the domain with net rpc join etc.. On each share I specify which users can access that share (valid users = ) My question is somewhat conceptual (and i suspect, rather basic): Once the file server is joined to the domain and is authenticating everything with the Samba3 PDC, should security = domain mean that only workstations already joined to the domain can have access to the file server shares? I would imagine this to be the concept behind security = domain, but until now, I can still access the shares even from the non-domain workstations). In other words, can a Samba3 domain member limit access to its shares only to other PCs that are also domain members? Or, even better, can this be specified specifically per share? Thanks and regards Julian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba server maxing out cpu, load up to 10
This is samba 3.0.23c running on RHEL 5.0. Starting a few months ago, the server started periodically slowing to a crawl. The cpu would be maxed out and top would show the load between 5 and 10 (it's usually way under 1, like 0.3 to 0.5). Any way to figure out what is causing this? This is a 3.2 ghz P4 and a 'pgrep smbd' returns 141 processes. We only have about 300 users who could be accessing it. This server also authenticates to a Windows 2000 domain controller. I reboot the server and sometimes it seems to help for a couple days, and sometimes the load immediately comes back and we just have to wait till the next day. Thanks for any help, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding users to group with net rpc
> What version of Samba are you running? I don't even know how to check that ashamed to say... > What do you mean by this? How did you do this? well, i gather this because of the following 3 reasons: 1) the following command shows the correct Windows groups mapped to their corresponding posix group accounts. root# net rpc groupmap list 2) the Windows Domain Users group is mapped to the posix users group which is shown with the above command. all my user accounts belong to the users group. 3) the following commands shows the correct Windows group (Domain Users) for each particular user (as i already stated). root# net rpc user info billybob 4) posix user accounts all correspond to their smbpasswd accounts. > OK. What is the output of?: >pdbedit -Lw root i'll answer this tomorrow when i'm back at work thanks for you help and please bear with me, i'm new at this -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA PDC with LDAP backend syncing unix/samba accounts ...
yogi escreveu: Hi all , I'm running Debian Etch . I just finished configuring SAMBA as PDC to authenticate against LDAP server which works. The system in question uses default debian etch packages. As My Linix/unix accounts can authenticate against it. The LDAP works. I Used the default shipped smbldap-populate script to setup SAMBA. Good, this is the reason that it is there :) You will only not want to use if you have a reason, like it messing with your already populated base. Everything seems to work as Anonymous User or as user root. shark:/etc/samba# smbclient -L shark -N Anonymous login successful Domain=[LDAPBIOMAX] OS=[Unix] Server=[Samba 3.0.24] Share name Type Comment - --- netlogonDisk Network Logon Service knoppix Disk IPC$IPC IPC Service (Samba Server 3.0.24) Anonymous login successful Domain=[LDAPBIOMAX] OS=[Unix] Server=[Samba 3.0.24] Server Comment ---- SHARKSamba Server 3.0.24 Now when I try and login as normal user, which i have enabled with "smbldap-usermod -a yogesh" smbldap-usershow yogesh dn: uid=yogesh,ou=People,dc=biomax,dc=de uid: yogesh cn: yogesh objectClass: account,posixAccount,top,shadowAccount,sambaSamAccount userPassword: {MD5}.SOMELONGHASH shadowLastChange: 12900 shadowMax: 1 loginShell: /bin/bash uidNumber: 668 gidNumber: 100 homeDirectory: /sk-home/yogesh sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: System User sambaSID: S-1-5-21-4033729970-1053622217-143831336-9886 sambaAcctFlags: [UX ] - Now when I try and connect I get the following failure . shark:/etc/samba# smbclient -L shark -U yogesh session setup failed: NT_STATUS_LOGON_FAILURE For me smbldap-usermod -a dont ask for a password, so your error appears to be the right behavior of the server, when you try to access the samba server with an account that have a posix password but don't have a samba password. If your posix password is hashed and it didn't asked for the password it cannot guess it and fill the NT and LM samba hashes. If you don't know, your account need to end up with three hashes for the same password :) After Digging thru the logs I figuered that if I enter password using "smbldap-password" . It works. Ok, now you have defined your samba password, and it will be synced with the posix one, and everyone will be happy. Now my Stupid questions ? I already have unix users working of LDAP, How can I automate the addition of remaining accounts with SAMBA ? Well, as already said your script cannot guess the content of a hash to create another that samba needs (this is the purpose of hashes), normally people add the samba part (with smbldap-usermod), change the password to something else (with smbldap-passwd), mark the account to only allow the login if the password is changed (with smbldap-usermod -B 1), then inform the user of the new password and ask to he to put his password back when he tries to login and receive automatically a window asking for that. It will be a process very likely as adding a new user. Also whenever a unix user changes passwd samba password is not updated ? Well, this is a little more complicated, depends of how and were they are trying to do that, but normally posix tools don't know of the existence of samba hashes, anyway its possible to do that too, but you will need to be a little more specific. They are trying to do that using their own workstations that have Linux or trying to do that accessing the server shell? Any pointers will be of great help. Thanks in advace yogesh Appears that theres nothing wrong with your config, you just didn't understood what you need to do. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP is very slow to access Samba
I have a linux sever running it is version 2.6.20-2936.fc7xen. The samba version is Version 3.0.27-0.fc7. My problem is XP and Windows 2k Machines connect very slow to the mapped drives. It does not matter if they are connected as the IP (\\192.168.100.32\*) or a mapped drive in the Windows Host file (Sambasales\*). Has anyone else had these problems, and if so what did you do to fix it. Thanks in advance, Yvon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: adding users to group with net rpc
On Monday 19 May 2008 02:46:34 pm Leandro Tracchia wrote: > executing the following command for all users will show their correct > group: > > root# net rpc user info billybob > > but, like i said the following command shows nothing: > > root# net rpc group members "Domain Users" -Uroot > > and i still can't get this command to work: OK. What is the output of?: pdbedit -Lw root > > root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot I just validated that this command works on Samba-3.0.28. > however, i'm wondering i do i even need this last command... all my users > seem to be already mapped... What do you mean by this? How did you do this? - John T. > On Mon, May 19, 2008 at 3:30 PM, Leandro Tracchia <[EMAIL PROTECTED]> > > wrote: > > section 13.3.2 of the HOWTO shows that i can add a user to a group with > > the following command: > > > > root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot > > > > when i execute this command (replaced with my server specific values, of > > course), i get a NT_STATUS_NO_SUCH_USER error. > > > > i can verify that my user DOES exist and that he belongs to the posix > > group account. i can also verify that the posix group account is mapped > > to the windows group account. > > > > is the syntax for this command correct? (the net manpage shows no > > 'addmem' option), or am i doing something wrong?? > > > > when i run the following i get an empty list: > > > > root# net rpc group members "Domain Users" -Uroot -- John H Terpstra Samba-Team Member Phone: +1 (512) 970-0256 Author: The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with Remote Desktop Users group with Samba PDC
> > Hello, > > I have a Samba PDC chugging away, one of the clients is a Windows 2003 > Server machine with Remote Desktop enabled. Regular users can log in to > the 2003 Server just fine *if they are at the actual computer*. > > Now, I want people to be able to log on to this machine (authenticated by > the Samba PDC) over Remote Desktop. Right now, when I try to log on over > Remote Desktop, I get this error from Windows: > > "To log on to this remote computer, you must be granted 'Allow lon on > through Terminal Services' right. By defualt, members of the 'Remote > Desktop Users' group have this right. If you are not a member of the > Remote Desktop Users group or another group ... etc. etc. etc." > > > So... how do I tell my Samba PDC that my users are members of this group? > I can add users to the Domain Admins group, Domain Users group, etc., but > I *don't have* a Remote Desktop Users group, and am unsure how to add it, > what the sambaSID for this group should be, etc. > You don't. You add the domain users group to the 2003 server local remote desktop users group. Cheers, Hugo Monteiro. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Total system freeze during cifs share umount
Hi My system data: Linux alucard 2.6.24.3 #4 SMP PREEMPT Sat Apr 26 19:36:27 CEST 2008 i686 GNU/Linux I selected the experimental cifs options (but I get the same behaviour with a different kernel where they aren't selected) mount.cifs version: 1.10-3.0.28a (but I also tried an earlier version) ubuntu hardy I bought a netgear ready nas nv+ and enabled a few cifs shares. When I try to mount them it works fine for the first few mounts but suddenly I get the message: mount error 127 = Key has expired Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) _After_ this message I get a really strange behaviour: When I change into the directory where I mounted my shares I get: ls: cannot access /media/melian/backup: Input/output error ls: cannot access /media/melian/www: Input/output error ls: cannot access /media/melian/misc: Input/output error ls: cannot access /media/melian/movies: Input/output error ls: cannot access /media/melian/mp3s: Input/output error ale backup incoming misc movies mp3s www When I try to umount /media/melian/movies (eg) I get one of the following behaviours: - It works (maybe with an error message about that umount.cifs can only umount cifs volumes (which this is), but the mount is still shown with "mount" - Segmentation fault - Total system freeze (eg. the audio playback in the background which is from a local mp3 file stops playing correctly immediately ) => I'm forced to restart my system I also tried the fs type smbfs but I still get buggy behaviour. What _does_ work is nautilus. I seem to be able to browse the shares perfectly with nautilus. But I really don't want to use nautilus and also I have my backup scripts that would like to use the fs structure of the mounted cifs shares... A google search on the error messages didn't show anything useful. :-( I also tried to ask on irc and spent over 10 hours on this issue already. I would really appreciate any help I can get here. If you need further information tell me which... Best Regards and thanks for any answer! Jonas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help with Remote Desktop Users group with Samba PDC
Hello, I have a Samba PDC chugging away, one of the clients is a Windows 2003 Server machine with Remote Desktop enabled. Regular users can log in to the 2003 Server just fine *if they are at the actual computer*. Now, I want people to be able to log on to this machine (authenticated by the Samba PDC) over Remote Desktop. Right now, when I try to log on over Remote Desktop, I get this error from Windows: "To log on to this remote computer, you must be granted 'Allow lon on through Terminal Services' right. By defualt, members of the 'Remote Desktop Users' group have this right. If you are not a member of the Remote Desktop Users group or another group ... etc. etc. etc." So... how do I tell my Samba PDC that my users are members of this group? I can add users to the Domain Admins group, Domain Users group, etc., but I *don't have* a Remote Desktop Users group, and am unsure how to add it, what the sambaSID for this group should be, etc. This is Samba 3.x, OpenLDAP backend, with smbldap-tools installed on Mandriva. Thanks! -- - Keith Palmer [EMAIL PROTECTED] http://www.AcademicKeys.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: adding users to group with net rpc
executing the following command for all users will show their correct group: root# net rpc user info billybob but, like i said the following command shows nothing: root# net rpc group members "Domain Users" -Uroot and i still can't get this command to work: root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot however, i'm wondering i do i even need this last command... all my users seem to be already mapped... On Mon, May 19, 2008 at 3:30 PM, Leandro Tracchia <[EMAIL PROTECTED]> wrote: > section 13.3.2 of the HOWTO shows that i can add a user to a group with the > following command: > > root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot > > when i execute this command (replaced with my server specific values, of > course), i get a NT_STATUS_NO_SUCH_USER error. > > i can verify that my user DOES exist and that he belongs to the posix group > account. i can also verify that the posix group account is mapped to the > windows group account. > > is the syntax for this command correct? (the net manpage shows no 'addmem' > option), or am i doing something wrong?? > > when i run the following i get an empty list: > > root# net rpc group members "Domain Users" -Uroot > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding users to group with net rpc
On Monday 19 May 2008 02:30:31 pm Leandro Tracchia wrote: > section 13.3.2 of the HOWTO shows that i can add a user to a group with the > following command: > > root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot > > when i execute this command (replaced with my server specific values, of > course), i get a NT_STATUS_NO_SUCH_USER error. > > i can verify that my user DOES exist and that he belongs to the posix group > account. i can also verify that the posix group account is mapped to the > windows group account. > > is the syntax for this command correct? (the net manpage shows no 'addmem' > option), or am i doing something wrong?? > > when i run the following i get an empty list: > > root# net rpc group members "Domain Users" -Uroot What version of Samba are you running? - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] adding users to group with net rpc
section 13.3.2 of the HOWTO shows that i can add a user to a group with the following command: root# net rpc group addmem "MIDEARTH\Engineers" ajt -Uroot when i execute this command (replaced with my server specific values, of course), i get a NT_STATUS_NO_SUCH_USER error. i can verify that my user DOES exist and that he belongs to the posix group account. i can also verify that the posix group account is mapped to the windows group account. is the syntax for this command correct? (the net manpage shows no 'addmem' option), or am i doing something wrong?? when i run the following i get an empty list: root# net rpc group members "Domain Users" -Uroot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc commands not working
problem solved. i had to add 127.0.0.1 to the interfaces list of smb.conf. this is because i had set bind interfaces only = yes. the manpage makes mention of smbpasswd not working properly if bind interfaces only is set and the network address 127.0.0.1 is not added to the interfaces parameter. i guess this also applies to correct functionality of the net rpc command, although the man page makes no mention of this and i'm not very knowledgeable to explain to you how it does apply. but it worked for me. thanks for your help john. On Mon, May 19, 2008 at 12:41 PM, John Drescher <[EMAIL PROTECTED]> wrote: > > The reason for this is that eth1 and lo are seen as 2 different > > network cards and listening on eth1 does not allow you to listen on lo > > (which gives you 127.0.0.1). > > > I should have worded that listening only on eth1 does not allow > access to 127.0.0.1. You need to listen on lo as well or not bind to > interfaces which will then listen on all vaild ip addresses for the > server. > > John > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Shares permissions
Hi to All, I need to set up differents permissions in my shares as like windows directories structures. I'd like to keep this layout and apply in my shares. This is a example: I wanna create a Master Directory with just permission to read, n' inside this directory i'll create another directory (sub dir) with full permission (rwx). So, when a user access the share server, it would appear only the Master Directory, n' to access the sub dir the user has to access the master dir first. I hope that you can help me. tnx, Hélio Calaça Filho Seção de Suporte às Redes SESRE/CINF/STI -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NetBIOS name resolution from Linux
On Monday 19 May 2008, L.P.H. van Belle wrote: > dns proxy = yes > this is used to make sure samba resolves over DNS first. The default is yes for that parameter but your explanation doesn't fit with the man page. It doesn't use DNS first it only uses it for unregistered names, therefore it must check the WINS database first. -- Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc commands not working
> The reason for this is that eth1 and lo are seen as 2 different > network cards and listening on eth1 does not allow you to listen on lo > (which gives you 127.0.0.1). > I should have worded that listening only on eth1 does not allow access to 127.0.0.1. You need to listen on lo as well or not bind to interfaces which will then listen on all vaild ip addresses for the server. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc commands not working
On Mon, May 19, 2008 at 12:33 PM, Leandro Tracchia <[EMAIL PROTECTED]> wrote: > problem solved. i had to add 127.0.0.1 to the interfaces list of smb.conf. > this is because i had set bind interfaces only = yes. > > the manpage makes mention of smbpasswd not working properly if bind > interfaces only is set and the network address 127.0.0.1 is not added to the > interfaces parameter. > > i guess this also applies to correct functionality of the net rpc command, > although the man page makes no mention of this and i'm not very > knowledgeable to explain to you how it does apply. but it worked for me. > The reason for this is that eth1 and lo are seen as 2 different network cards and listening on eth1 does not allow you to listen on lo (which gives you 127.0.0.1). John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc commands not working
On Mon, May 19, 2008 at 11:54 AM, Leandro Tracchia <[EMAIL PROTECTED]> wrote: > yes, samba is running on the localhost... > > the command did not ask for a password because i used %not24get > > samba is listening on eth1 > How about lo (as this is not eth1)? netstat -tulpen Also have you checked your samba logs? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Printer shares - add printer port winxp
hello list, thanks for the great piece of software :) now to my problem: i setup samba long time ago with Version 3.0.14a-Debian. Now i want to put my samba server into a fax gateway. i create a printcap entry like the following: fax:\ :lp=/dev/null:\ :sd=/var/spool/lpd/faxlp:\ :if=/usr/local/bin/sambafax:\ :sh:sf:mx#0: and add a referring entry stanza into smb.conf [fax] comment = Fax-Server print command = lpr -P%p %f path = /var/spool/fax printable = yes force user = lp read only = no writeable = yes browseable = yes guest ok = yes Now, if i try to add the share fax as a printer port on my windows xp clients, a problem comes up: i can connect to the server and view the shared printer but i can't add \\servername\share as a new port - i always get "Der angegebene Anschluss konnte nicht hinzugefügt werden. Der Vorgang konnte nicht abgeschlossen werden" which means the specified port can't be added - the task can't be completed. please see the log file[1] http://rafb.net/p/pBKywS41.html Any help is greatly appreciated Best regards stefan [1] http://rafb.net/p/pBKywS41.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc commands not working
On Mon, May 19, 2008 at 11:37 AM, Leandro Tracchia <[EMAIL PROTECTED]> wrote: > maybe this is a simple fix but i really don't know how to fix it... > > it seems that i cannot run any net rpc commands... > > i wanted to see the members of Domain Users group so i did the following: > > root# net rpc group members "Domain Users" -Uroot%not24get > > and i got this error: > > Could not connect to server 127.0.0.1 > Connection failed: NT_STATUS_CONNECTION_REFUSED > > i can ping localhost without a problem > Is samba running on the local host? Is it listening on 127.0.0.1? Did it ask for a password? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc commands not working
maybe this is a simple fix but i really don't know how to fix it... it seems that i cannot run any net rpc commands... i wanted to see the members of Domain Users group so i did the following: root# net rpc group members "Domain Users" -Uroot%not24get and i got this error: Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_CONNECTION_REFUSED i can ping localhost without a problem i'm not sure why this is happening, does anyone have any ideas??? thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printing problem
Hi, I ran into a strange printing-problem: We're using OpenBSD 4.2 and Samba Version 3.0.28 and include our printers directly from /etc/printcap; whenever I enter a printername that contains numbers, smbd gives me the errors below. Any idea why samba messes up with digits in printernames? /var/log/log.smbd (with smbd started in debuglevel 10) [2008/05/19 17:07:59, 3] /usr/ports/net/samba/w-samba-3.0.28/samba-3.0.28/source/printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2008/05/19 17:07:59, 3] /usr/ports/net/samba/w-samba-3.0.28/samba-3.0.28/source/printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/05/19 17:07:59, 7] /usr/ports/net/samba/w-samba-3.0.28/samba-3.0.28/source/param/loadparm.c:lp_servicenumber(5200) lp_servicenumber: couldn't find mfgZO01 [2008/05/19 17:07:59, 8] /usr/ports/net/samba/w-samba-3.0.28/samba-3.0.28/source/param/loadparm.c:add_a_service(2574) add_a_service: Creating snum = 12 for mfgZO01 [2008/05/19 17:07:59, 10] /usr/ports/net/samba/w-samba-3.0.28/samba-3.0.28/source/param/loadparm.c:hash_a_service(2621) hash_a_service: hashing index 12 for service name mfgZO01 [2008/05/19 17:07:59, 3] /usr/ports/net/samba/w-samba-3.0.28/samba-3.0.28/source/param/loadparm.c:lp_add_printer(2746) adding printer service mfgZO01 [2008/05/19 17:07:59, 7] /usr/ports/net/samba/w-samba-3.0.28/samba-3.0.28/source/param/loadparm.c:lp_servicenumber(5200) lp_servicenumber: couldn't find prnZO01 [2008/05/19 17:07:59, 8] /usr/ports/net/samba/w-samba-3.0.28/samba-3.0.28/source/param/loadparm.c:add_a_service(2574) add_a_service: Creating snum = 13 for prnZO01 [2008/05/19 17:07:59, 10] /usr/ports/net/samba/w-samba-3.0.28/samba-3.0.28/source/param/loadparm.c:hash_a_service(2621) hash_a_service: hashing index 13 for service name prnZO01 [2008/05/19 17:07:59, 3] /usr/ports/net/samba/w-samba-3.0.28/samba-3.0.28/source/param/loadparm.c:lp_add_printer(2746) adding printer service prnZO01 -- -- using the following /etc/printcap file (ip removed for privacy reasons): -- # $OpenBSD: printcap,v 1.4 2003/03/28 21:32:30 jmc Exp $ #lp|local line printer:\ # :lp=/dev/lp:sd=/var/spool/output:lf=/var/log/lpd-errs: #rp|remote line printer:\ # :lp=:rm=printhost:rp=lp:sd=/var/spool/output:lf=/var/log/lpd-errs: prnZO01|prnZO01:\ :lp=:rm=(printerIp1):rp=lp:sd=/var/spool/printer/prnZO01:sh:lf=/var/log/lpd-errs: mfgZO01|mfgZO01:\ :lp=:rm=(printerIp2):rp=lp:sd=/var/spool/printer/mfgZO01:sh:lf=/var/log/lpd-errs: If i change the printcap file into the following, i dont get the problem any more: --- # $OpenBSD: printcap,v 1.4 2003/03/28 21:32:30 jmc Exp $ #lp|local line printer:\ # :lp=/dev/lp:sd=/var/spool/output:lf=/var/log/lpd-errs: #rp|remote line printer:\ # :lp=:rm=printhost:rp=lp:sd=/var/spool/output:lf=/var/log/lpd-errs: prnZO|prnZO:\ :lp=:rm=(printerIp1):rp=lp:sd=/var/spool/printer/prnZO01:sh:lf=/var/log/lpd-errs: mfgZO|mfgZO:\ :lp=:rm=(printerIp2):rp=lp:sd=/var/spool/printer/mfgZO01:sh:lf=/var/log/lpd-errs: -- Heres our smb.conf: -- [global] workgroup = ### netbios name = ### server string = Samba Server security = domain log file = /var/log/samba/smbd.%m ;log level = 5 max log size = 50 ;passdb backend = tdbsam socket options = TCP_NODELAY interfaces = # wins support = no wins server = # os level = 65 map system = yes map archive = yes map hidden = yes create mask = 0771 directory mask = 0771 csc policy = disable enable privileges = Yes printing = bsd load printers = yes show add printer wizard = yes printcap name = /etc/printcap # printer admin = @domadmins printcap cache time = 15 lpq cache time = 30 default devmode = yes [printers] comment = SMB Print Spool path = /var/spool/samba/spool browseable = No guest ok = Yes public = Yes writable = No printable = Yes [print$] default devmode = yes comment = Printer Drivers path = /usr/local/share/printer_drivers
[Samba] Samba 3.0.23b and 3.0.25c difference with NTLMv2
Hi, I have a version 3.0.23b Samba server and a version 3.0.25c Samba server. >From a Windows 2003 Server I can map drives to the 23b server but not to the 25c one. The two samba servers are setup the same (apart from server name etc). I think this is a problem to do with NTLMv2. When "LAN Manager authentication level" is set to "Send NTLMv2 response only" I can connect to the 23b server but not the 25c one. When I change this setting to "Send LM & NTLM - use NTLMv2 session security if negotiated" I can connect to both servers. What has changed between 23b and 25c to cause this and how do I get 25c to work again without leaving the setting at "Send LM & NTLM"? Thanks Stuart Jeffery CONFIDENTIALITY NOTICE The information contained in this e-mail is intended only for the confidential use of the above named recipient. If you are not the intended recipient or person responsible for delivering it to the intended recipient, you have received this communication in error and must not distribute or copy it. Please accept the sender's apologies, notify the sender immediately by return e-mail and delete this communication. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA PDC with LDAP backend syncing unix/samba accounts ...
did you adjust you pam.d settings to accept MD5 password hashes. you can find some usefull tips in the Big samba howto http://www.google.nl/search?hl=nl&q=big+samba+howto+debian&meta= this one also works for etch. Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Namens yogi >Verzonden: zaterdag 17 mei 2008 19:29 >Aan: samba@lists.samba.org >Onderwerp: [Samba] SAMBA PDC with LDAP backend syncing >unix/samba accounts ... > >Hi all , > I'm running Debian Etch . I just finished >configuring SAMBA >as PDC to authenticate against LDAP server which works. >The system in question uses default debian etch packages. >As My Linix/unix accounts can authenticate against it. The >LDAP works. >I Used the default shipped smbldap-populate script to >setup SAMBA. > Everything seems to work as Anonymous User or as >user root. > >shark:/etc/samba# smbclient -L shark -N >Anonymous login successful >Domain=[LDAPBIOMAX] OS=[Unix] Server=[Samba 3.0.24] > >Share name Type Comment >- --- >netlogonDisk Network Logon Service >knoppix Disk >IPC$IPC IPC Service (Samba Server >3.0.24) >Anonymous login successful >Domain=[LDAPBIOMAX] OS=[Unix] Server=[Samba 3.0.24] > >Server Comment >---- >SHARKSamba Server 3.0.24 > > > Now when I try and login as normal user, which i have >enabled >with "smbldap-usermod -a yogesh" > >smbldap-usershow yogesh > >dn: uid=yogesh,ou=People,dc=biomax,dc=de >uid: yogesh >cn: yogesh >objectClass: >account,posixAccount,top,shadowAccount,sambaSamAccount >userPassword: {MD5}.SOMELONGHASH >shadowLastChange: 12900 >shadowMax: 1 >loginShell: /bin/bash >uidNumber: 668 >gidNumber: 100 >homeDirectory: /sk-home/yogesh >sambaPwdLastSet: 0 >sambaLogonTime: 0 >sambaLogoffTime: 2147483647 >sambaKickoffTime: 2147483647 >sambaPwdCanChange: 0 >sambaPwdMustChange: 2147483647 >displayName: System User >sambaSID: S-1-5-21-4033729970-1053622217-143831336-9886 >sambaAcctFlags: [UX ] > >- > >Now when I try and connect I get the following failure . >shark:/etc/samba# smbclient -L shark -U yogesh >session setup failed: NT_STATUS_LOGON_FAILURE > >After Digging thru the logs I figuered that if I enter >password using >"smbldap-password" . It works. > >Now my Stupid questions ? >I already have unix users working of LDAP, How can I >automate the addition of remaining accounts with SAMBA ? > >Also whenever a unix user changes passwd samba password is >not updated ? > >Any pointers will be of great help. > >Thanks in advace >yogesh > > > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NetBIOS name resolution from Linux
Hi, i used Bind9 ( with dhcp3), with caching dns with forwarders. i have 4 local zones. these are in the resolve.conf as search domains. ( 4 different subnets ) If you want a copy of my config its possible. Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Namens >Charles Marcus >Verzonden: maandag 19 mei 2008 12:56 >Aan: samba@lists.samba.org >Onderwerp: Re: [Samba] NetBIOS name resolution from Linux > >On 5/19/2008, L.P.H. van Belle ([EMAIL PROTECTED]) wrote: >> 1c) setup DHCP3 + DDNS >> this is done so every pc which is connected to the network >> and gets dhcp ip also gets recorded in the dns server. > >What did you use for DNS? Bind? How is it configured (caching only with >forwarders?) > >-- > >Best regards, > >Charles >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NetBIOS name resolution from Linux
On 5/19/2008, L.P.H. van Belle ([EMAIL PROTECTED]) wrote: > 1c) setup DHCP3 + DDNS > this is done so every pc which is connected to the network > and gets dhcp ip also gets recorded in the dns server. What did you use for DNS? Bind? How is it configured (caching only with forwarders?) -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] more Samba Domains
Dear List, Is it possible to manage more samba domains with the same user DB ? I got a samba PDC and BDC with LDAP backend and I manage the system with the Ldap-account-manager (LAM) , and now i need a separate samba Domain in a other sub-net, but i need the same resources. what can i do ? MFG Sven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba