Re: [Samba] Samba and XP

[Curtis Maloney]

Deon Steyn wrote:
Is it possible to run Samba on Xp Pro 


I think a better question is - why?

I see from your previous posting that you've had Samba running under XP via 
Cygwin.


Why use Samba, when Windows has SMB/CIFS support built in?

--
Curtis Maloney
[EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba4, multi-domain Forest and Unix ID mapping

[Trever L. Adams]

Good day,

I wasn't sure whether this should go to the user list or the
samba-technical list. I chose here based on the descriptions of the list.

Forgive me if my understanding of the naming is inaccurate. It is my
understanding that Samba3 (and I believe 4, as well) has a very powerful
SID<->UID mapping mechanism which will auto create the UID in a range.
This is what I mean by Unix ID mapping.

I have read that this as of yet won't work in a forest, even if the
organization is only one organization. I am hoping this isn't true.

I am beginning to look at Samba4 for future implementations within
organizations I do work for. However, it appears I will need multiple
domain in one forest functionality. Is this implemented or at least planned?

If it is implemented/planned is it possible to do the automatic Unix ID
mapping per above? If it is all one domain, is it possible to do this if
all the domain controllers/active directory machines are Samba 4?
Basically, can each domain have its own UID mapping setup and they will
work in the forest IF, and ONLY IF, the UID mapping doesn't overlap? The
exact mechanism my questions may bring into mind may be bad.

Here is the situation, explained in the context of an extended family
network:

Each family has its own domain (Windows and DNS), policies, etc. Each
has its own file servers, mail domains (DNS), etc. Each may share file
and printers with other families. This needs to work in Windows and Linux.

However, here is the killer, root access to Linux machines is not shared
across domains. Nor should Windows system/net/domain admin abilities.
However, guests from other families (within the extended family) need to
be able to view the shared files as well as login (without
administrative privileges) on computers in the other domains (think
visiting family).

To do this, auto SID<->UID maps are a must. Domains within the forest
will start at 6 at least and grow from there. (This is example isn't far
from the kinds of things businesses and families ask me to do.)

Is all of this possible, planned, or just out there?

Thank you,
Trever Adams

P.S. Please, reply directly as well as to the list as I am not on the
list and only keep up from time to time.





signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] vfs_set_filelen function problem on FAT file systems.

[Rupesh Kumar]

Hi All,

I am facing problem when copying large files from Windows PC to FAT
Partition.

I observed that the vfs_set_filelen() (SMB_VFS_FTRUNCATE)  call is actually
creating the Zero file on the FAT Partition which is taking lot of time and
the connection is getting closed.

What is the merit of setting the file size before starting the copy. Anyway
this will create a sparse file on unix file system.(Which will not even
allocate data blocks on the Disk)

After commenting the   SMB_VFS_FTRUNCATE and reporting to  the
vfs_set_filelen() caller as success my problem got solved and I am able to
copy big files on to the disk.

What are your views on reporting vfs_set_filelen as success without
truncating the file to the size requested. Does this have any side effects.

Regards
Rupesh Kumar
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: vfs_set_filelen function problem on FAT file systems.

[Volker Lendecke]

On Wed, Jun 11, 2008 at 01:42:27PM +0530, Rupesh Kumar wrote:
> What are your views on reporting vfs_set_filelen as success without
> truncating the file to the size requested. Does this have any side effects.

Yes, it does. We can not report the correct file size that
Windows clients expect anyore. This will break a lot of
applications.

There is currently work underway to make calls to ftruncate
and friends async, so that at least clients will not
reconnect if that call takes more than 30 seconds. Will take
a while thought before this hits a release.

Volker


pgp3YGLpusKaY.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.0rc2

[Karolin Seeger]

Hi Miguel,

On Di, Jun 10, 2008 at 11:30:02 +0100, Miguel Medalha wrote:
> Am I missing something or the version of "Using Samba" included in the 
> samba-3.2.0rc2.tar.gz package is in fact still version 2?

That will be fixed until the final release. 
Thank you very much for the hint!

Cheers,
Karolin

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE



pgp754O7fahn0.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] WINS server looses election irregular in a heterogeneous network

[Timo Meinen]

Dear Samba-Users,

I have to administer a Samba WINS Server in a heterogenous network. It's a
student hostel with about 200 mixed (Windows, Linux, Mac OS X) computers. We
have a DHCP, which delivers the WINS-Server address to the clients. I don't
have access to the clients.

The problem is, that the WINS-Server (Samba 3.0.27) looses the
Master-Browser election irregulary. I can't configure Samba a way, that
it keeps the MSB.

Example from the log.nmbd:

===
[2008/06/09 22:15:45, 0]
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
process_local_master_announce: Server GUERO at IP 10.0.80.221 is announcing
itself as a local master browser for workgroup WODANLAN and we think we are
master. Forcing election.
[2008/06/09 22:15:45, 2]
nmbd/nmbd_become_lmb.c:unbecome_local_master_browser(280)
unbecome_local_master_browser: unbecoming local master for workgroup
WODANLAN on subnet 10.0.80.5
[2008/06/09 22:15:45, 0]
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
*

Samba name server SHODAN has stopped being a local master browser for
workgroup WODANLAN on subnet 10.0.80.5

*
===

SHODAN is the name of the server. Today it's GUERO, who is winning the
election. Yesterday, it was another computer.

When I restart the smbd/nmdb it wins the election and the network browsing
operates normally. Is there any way to be sure, that SHODAN keeps the MSB?

At the moment I have a cron, which restarts the smb-server every 30 minutes,
so that it wins the election and becomes the MSB, but that's really a nasty
thing.

This is my configuration:

smb.conf:
===
[global]
workgroup = WODANLAN
netbios name = Shodan
server string = Wodanlan Master Browser
hosts allow = 10.0.80.
log level = 2

domain master = yes
local master = yes
preferred master = yes
enhanced browsing = Yes
os level = 255

wins support = yes
dns proxy = no
===

Can you help me?

Thank you very much
Timo Meinen
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: vfs_set_filelen function problem on FAT file systems.

[Rupesh Kumar]

On Wed, Jun 11, 2008 at 1:53 PM, Volker Lendecke <[EMAIL PROTECTED]>
wrote:

> On Wed, Jun 11, 2008 at 01:42:27PM +0530, Rupesh Kumar wrote:
> > What are your views on reporting vfs_set_filelen as success without
> > truncating the file to the size requested. Does this have any side
> effects.
>
> Yes, it does. We can not report the correct file size that
> Windows clients expect anyore. This will break a lot of
> applications.


I understand that we cant report the correct size while copying.
But what kind of applications can ask for the file size while copying.


Regards
Rupesh Kumar
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] install XP Pc into network

[Jon Miller]

I've forgotten the command to add a new XP PC to a Samba network, it's not a
domain network.  I know I need to add the PC to the network and the user.
If the user is already in the password list do I just edit the passwd file,
he is getting a new PC.

 

Regards,

 

 

Jon 

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Mounting Samba Share using linux login

[David Kuntadi]

Windows users are able to mount samba share using windows. But for
linux user, we need to create credentials file, to mount samba share
e.g:

//servername/file_store /home/user/Desktop/file_storage smbfs
credentials=/root/.smbcredentials

Is it possbile to change the credentials to something like windows
users (for example credentials=unix user) so as the mounted share
would depend on who login the linux box?

This is important as I want to let user change their own password, and
keeping .smbcredentials in user's home directory would be insecure.
But to keep the .smbcredentials at root would mean to give user admin
rights in order to change password file.

Regards,
David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] second samba pdc

[Richard Foltyn]

On 6/9/08, Sven Buchstaller <[EMAIL PROTECTED]> wrote:
> Hello List,
>
> I have 2 samba domain on 2 physical Servers but the User Administration is
> over 1 LDAP Server. At the moment i become some errors on my first PDC box:

I have the same setup, using 2 PDCs and one OpenLDAP server.

However, for this to work you need either two distinct LDAP databases
or at least two different LDAP BASEDNs, e.g.

dc=domain1,dc=mycompany,dc=net
dc=domain2,dc=mycompady,dc=net

Otherwise the two domains will store user/machine/group data in the
same LDAP hierarchy which will of cource cause trouble.

HTH

- Richard
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mounting Samba Share using linux login

[Helmut Hullen]

Hallo, David,

Du (d.kuntadi) meintest am 11.06.08:

> Windows users are able to mount samba share using windows. But for
> linux user, we need to create credentials file, to mount samba share
> e.g:

> //servername/file_store /home/user/Desktop/file_storage smbfs
> credentials=/root/.smbcredentials

> Is it possible to change the credentials to something like windows
> users (for example credentials=unix user) so as the mounted share
> would depend on who login the linux box?

You can make your own credential file as a batch file:

@echo off
rem my special batch file
set specialusername=abc
set specialpassword=topsecret

call this batch file within the logon batch file
and then use %specialusername% and %specialpassword%

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] install XP Pc into network

[John Drescher]

On Wed, Jun 11, 2008 at 4:55 AM, Jon Miller <[EMAIL PROTECTED]> wrote:
> I've forgotten the command to add a new XP PC to a Samba network, it's not a
> domain network.
If it is not in a domain and in a workgroup instead there is no
command to add the machine. Just set the correct workgroup name in
windows.

> I know I need to add the PC to the network and the user.
> If the user is already in the password list do I just edit the passwd file,
> he is getting a new PC.
>
If the user is in the password list there is no change needed.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 2nd smb server

[Sascha]

Hi,

yes, thanks for the tip but thats what i have already done. The problem is that 
I can't see my domain groups

srv001:/ # net rpc info -S SRV001 -U admin
Password:
Domain Name: INTERN
Domain SID: S-1-5-21-3195058373-2734789582-569256879
Sequence number: 1213134789
Num users: 125
Num domain groups: 0
Num local groups: 0

Where could be the problem? "net groupmap list" shows me all my group mappings.

I really don't know where to start. Please help...

- Original Message 
From: Adam Williams <[EMAIL PROTECTED]>
To: Sascha <[EMAIL PROTECTED]>
Cc: samba@lists.samba.org
Sent: Tuesday, June 10, 2008 4:54:46 PM
Subject: Re: [Samba] 2nd smb server

read chapter 7 of Samba3 By Example.pdf.  it explains how to add domain 
member servers using NSS_LDAP and LDAP backend.  no you won't need winbind.

Sascha wrote:
> Hi,
>
> i have already search for three days now but i can't find any tips. I am 
> running a Samba PDC based on smb 3.0.23. No i want to integrate a second 
> samba server which should serve serveral client, just to decrease the load on 
> the pdc. This should not be a BDC, just a domain member. For user management 
> i use openLDAP. Well, what do i need for this scenario? Do I need winbind or 
> can i just configure the 2nd server to use the same ldap information as the 
> pdc?
>
> I would be thankful if somebody could give me a hint.
>
>
>
>  
>  


  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] roaming user profiles do not transfer all settings

[Charles Marcus]

On 6/10/2008, Leandro Tracchia ([EMAIL PROTECTED]) wrote:

at this point i expected to see the wallpaper and
files i had assigned and created on the first client machine. the files were
present, BUT the wallpaper was not kept.


What wallpaper?

I have ALWAYS had to right-click>properties on the desktop, then just 
click 'OK' - then the wallpaper will be applied.


It is set, but for some reason, it won't display until I do this on a 
new workstation.


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mounting Samba Share using linux login

[David Kuntadi]

On Wed, Jun 11, 2008 at 5:55 PM, Helmut Hullen <[EMAIL PROTECTED]> wrote:
>
> You can make your own credential file as a batch file:
>
>@echo off
>rem my special batch file
>set specialusername=abc
>set specialpassword=topsecret
>
> call this batch file within the logon batch file
> and then use %specialusername% and %specialpassword%

Hi Helmut,
Thank you very much for your reply. But could you elaborate further as
I could not understand how to do it:

1. What credentials should I put in fstab?
2. Do you mean the batch file is an executable plain text file
executed during login?

Regards,
David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] second samba pdc

[Sven Buchstaller]

HI Richard,

THX for replay, thats not good news for me :( 


Am Mittwoch, 11. Juni 2008 12:56:33 schrieben Sie:
> On 6/9/08, Sven Buchstaller <[EMAIL PROTECTED]> wrote:
> > Hello List,
> >
> > I have 2 samba domain on 2 physical Servers but the User Administration
> > is over 1 LDAP Server. At the moment i become some errors on my first PDC
> > box:
>
> I have the same setup, using 2 PDCs and one OpenLDAP server.
>
> However, for this to work you need either two distinct LDAP databases
> or at least two different LDAP BASEDNs, e.g.
>
> dc=domain1,dc=mycompany,dc=net
> dc=domain2,dc=mycompady,dc=net
>
> Otherwise the two domains will store user/machine/group data in the
> same LDAP hierarchy which will of cource cause trouble.
>
> HTH
>
> - Richard


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] second samba pdc

[John H Terpstra]

On Wednesday 11 June 2008 05:56:33 Richard Foltyn wrote:
> On 6/9/08, Sven Buchstaller <[EMAIL PROTECTED]> wrote:
> > Hello List,
> >
> > I have 2 samba domain on 2 physical Servers but the User Administration
> > is over 1 LDAP Server. At the moment i become some errors on my first PDC
> > box:
>
> I have the same setup, using 2 PDCs and one OpenLDAP server.
>
> However, for this to work you need either two distinct LDAP databases
> or at least two different LDAP BASEDNs, e.g.
>
> dc=domain1,dc=mycompany,dc=net
> dc=domain2,dc=mycompady,dc=net
>
> Otherwise the two domains will store user/machine/group data in the
> same LDAP hierarchy which will of cource cause trouble.
>
> HTH
>
> - Richard

Actually, there are a few sites that run multiple domains in the same DIT. It 
does work, though there are a few challenges.  Interdomain trusts need to be 
set up manually if a single DIT is shared across multiple domains (each 
having its own SID of course).  The net utility can not be used to create the 
trust accounts.  Also, the way winbind handles foreign SIDs needs to be 
handled carefulyl to avoid conflicts.

The short answer is that it is a very bad practice to use and poor design to 
use a single DIT across multiple domains.  It is much smarter to design and 
implement a separate DIT per domain as shown above.

Cheers,
- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (512) 970-0256
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mounting Samba Share using linux login

[Helmut Hullen]

Hallo, David,

Du (d.kuntadi) meintest am 11.06.08:

>>
>> You can make your own credential file as a batch file:
>>
>>@echo off
>>rem my special batch file
>>set specialusername=abc
>>set specialpassword=topsecret
>>
>> call this batch file within the logon batch file
>> and then use %specialusername% and %specialpassword%

Sorry - I've written a batch file for DOS/Windows.
Linux users should use a shell script.
There are several options to run this shell:

/etc/profile.d/
(is run when the user logs in)
Icon on the desktop
(must be clicked to run)
command in ~/.Xdefaults
(is run when an X session is started)

> 1. What credentials should I put in fstab?

None. "/etc/fstab" is not necessary for mounting.
And the special user share can't be mounted via the (global) "/etc/ 
fstab".

Which linux distribution is installed on the clients? Which GUI is  
installed: KDE or something else?

> 2. Do you mean the batch file is an executable plain text file
> executed during login?

That is one way.

pure shell script:

#! /bin/bash
Credfile=~/.sambacred
test -s $Credfile && source $Credfile || exit 1
# and now the username and the password for the shares on the
# server are known
mount.cifs ...
#


Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Squid/ntlm_auth issues with two user accounts (all other accounts on the domain work).

[Matthew Macdonald-Wallace]

Hi all,

I have just installed and configured a squid setup authenticating
against Active Directory using kerberos tickets and have achieved the
holy-grail of IT - Single Sign On!

The problem is that I have two users for whom is does not work.

The ntlm_auth logs show that for users that are properly authenticated
against squid we get the following (Usernames/Domains/Hosts have been
changed for security reasons):



ntlm-auth[4409](ntlm_auth.c:284): managing request
ntlm-auth[4409](ntlm_auth.c:290): ntlm authenticator. Got 'YR
TlRMTVNTUAABB7IIog0ADQAtBQAFACgFASgKD1BBVFRZQ0FSSUJCRUFOLUFCUw=='
from Squid 
ntlm-auth[4409](ntlm_auth.c:239): obtain_challenge: selecting DOMAIN\DC
(attempt #1) 
ntlm-auth[4409](ntlm_auth.c:251): attempting challenge retrieval
ntlm-auth[4409](libntlmssp.c:119): Connecting to server DC domain
DOMAIN 
ntlm-auth[4409](ntlm_auth.c:253): make_challenge retuned
0x80537e0 
ntlm-auth[4409](ntlm_auth.c:255): Got it
ntlm-auth[4409](ntlm_auth.c:437): sending 'TT
TlRMTVNTUAACDQANACgAAACCgkEAJqCr40UuPYsAAENBUklCQkVBTi1BQlM='
to squid 
ntlm-auth[4409](ntlm_auth.c:284): managing request
ntlm-auth[4409](ntlm_auth.c:290): ntlm authenticator. Got 'KK
TlRMTVNTUAADGAAYAGYYABgAfg0ADQBIDAAMAFUFAAUAYQCWBoIAAgUBKAoPQ0FSSUJCRUFOLUFCU0pFU1NJQ0EuS0VOVFBBVFRZM6rQG5d/Xb6Ob0rSB3mxhprnkyEaHQD02o4eEyCq9dbXApcDGuzlgfkY8LD5EHzd'
from Squid 
ntlm-auth[4409](libntlmssp.c:268): Empty LM pass detection: user:
'FIRSTNAME.SURNAME',ours:'JB4<95>}d|Qm^L^Z<99>;^Mu
:l^B^QځxN<86>rUßNdmServer returned a non-zero
SMB Error Class and Code.',
his:'3ESC<97>^?]<8E>oJ^Gy<86><9A>
<93>!^Z^]'(length: 24) 
ntlm-auth[4409](libntlmssp.c:280): Empty NT pass detection: user:
'FIRSTNAME.SURNAME',ours:'^Mu:l^B^QځxN<86>rUßNdmServer
returned a non-zero SMB Error Class and Code.', his: 'ڎ^^^S
^B<97>^C^Z<81>^X^P|'(length:
24) 
ntlm-auth[4409](libntlmssp.c:294): checking domain: 'DOMAIN', user:
'FIRSTNAME.SURNAME',pass='3ESC<97>^?]<8E>oJ^Gy<86><9A><93>!^Z
^]' ntlm-auth[4409](libntlmssp.c:297): Login attempt had result 0
ntlm-auth[4409](libntlmssp.c:305): credentials:
DOMAIN\FIRSTNAME.SURNAME 
ntlm-auth[4409](ntlm_auth.c:418): sending 'AF domain\firstname.surname'
to squid

=

The setup works for all users on our Domain apart from two.  When they
try and log in, the result is as follows (again, usernames have been
changed):



ntlm-auth[19104](ntlm_auth.c:284): managing request
ntlm-auth[19104](ntlm_auth.c:290): ntlm authenticator. Got 'YR
TlRMTVNTUAABB7IIog0ADQAvBwAHACgFASgKD1BVUi0wMDFDQVJJQkJFQU4tQUJT'
from Squid ntlm-auth[19104](ntlm_auth.c:239): obtain_challenge:
selecting DOMAIN\DC (attempt #1) ntlm-auth[19104](ntlm_auth.c:251):
attempting challenge retrieval ntlm-auth[19104](libntlmssp.c:119):
Connecting to server DC domain DOMAIN
ntlm-auth[19104](ntlm_auth.c:253): make_challenge retuned 0x80537e0
ntlm-auth[19104](ntlm_auth.c:255): Got it
ntlm-auth[19104](ntlm_auth.c:437): sending 'TT
TlRMTVNTUAACDQANACgAAACCgkEAk+cd4WiYtHsAAENBUklCQkVBTi1BQlM='
to squid ntlm-auth[19104](ntlm_auth.c:284): managing request
ntlm-auth[19104](ntlm_auth.c:290): ntlm authenticator. Got 'KK
TlRMTVNTUAADGAAYAGsYABgAgw0ADQBIDwAPAFUHAAcAZACbBoIAAgUBKAoPQ0FSSUJCRUFOLUFCU0JFQVRSSUNFLkJVVExFUlBVUi0wMDEA2pj8Lh8Z0ADamPwuHxnQANqY/C4fGdBmeJnHb+DBs4t00vR1y/hqokvuxtK8U8A='
from Squid ntlm-auth[19104](libntlmssp.c:268): Empty LM pass detection:
user: 'FIRSTNAME2.LASTNAME2', ours:'cx�r��Su׉Q���/٤�1', his: ''(length:
24) ntlm-auth[19104](libntlmssp.c:280): Empty NT pass detection: user:
'FIRSTNAME2.LASTNAME2', ours:'', his: 'fx�t�u�j�K�ҼS�(length: 24)
ntlm-auth[19104](libntlmssp.c:294): checking domain: 'DOMAIN', user:
'FIRSTNAME2.LASTNAME2', pass='' ntlm-auth[19104](libntlmssp.c:297):
Login attempt had result -1 ntlm-auth[19104](ntlm_auth.c:350): No creds.
SMBlib error 1, SMB error class 1, SMB error code 5, NB error 0
ntlm-auth[19104](ntlm_auth.c:371): DOS error
ntlm-auth[19104](ntlm_auth.c:376): sending 'NA Access denied' to squid

==

The only difference I can see between the two users is that in the
first (successful) one, there is data in the "pass" field and in the
second account there is not.

/etc/squid.conf is as follows:

auth_param ntlm program /usr/lib/squid/ntlm_auth -d domain/dc
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic 
auth_param basic children 100
auth_param basic realm CARIBBEAN-ABS 
auth_param basic credentialsttl 2 hours


Client PCs are running Windows XP Pro and IE7.  
All PCs are configured in the same way
The two accounts that do not work fail regardless of the PC used.
Other accounts are successful on the PCs "owned" by the users whose
accounts do not work.

Can anyone shed any further light on this for me?  I've been pulling my
hair out over it for the last 48 hours!

Cheers,

Matt
-- 
Matt Wallace
htt

[Samba] Multiple Samba Instances: Cannot set private dir and lock directory in smb.conf

[Christian Brandes]

Hi,

four years ago someone has tried to run two independent instances of 
samba on one machine:

http://lists.samba.org/archive/samba/2004-August/091500.html

I would like to do that, too.
Are there still hardcoded file locations, that cannot be overwritten in 
smb.conf?


My samba version: 3.0.28a

These parameters in my /var/samba/etc/smb_SMBTEST1.conf do not help:

   log file = /var/log/samba/SMBTEST1/log.%m

   pid directory = /var/run/samba/SMBTEST1
   lock directory = /var/run/samba/SMBTEST1
   private dir = /var/run/samba/SMBTEST1

It is possible to run more than one instance. I did not find out any 
interference, yet. But they still access the same files in the standard 
encoded path:


ps faxl

F   UID   PID  PPID PRI  NIVSZ   RSS WCHAN  STAT TTYTIME COMMAND
5 0 25288 1  20   0  54968  1156 -  Ss   ?  0:00 
/usr/sbin/nmbd -D -s /var/samba/etc/smb_SMBTEST1.conf
5 0 25290 1  20   0  77604  3004 -  Ss   ?  0:00 
/usr/sbin/smbd -D -s /var/samba/etc/smb_SMBTEST1.conf
1 0 25294 25290  20   0  77604  1420 pause  S?  0:00  \_ 
/usr/sbin/smbd -D -s /var/samba/etc/smb_SMBTEST1.conf


ls -la /proc/25288/fd
total 0
dr-x-- 2 root root  0 2008-06-11 13:49 .
dr-xr-xr-x 6 root root  0 2008-06-11 13:49 ..
lrwx-- 1 root root 64 2008-06-11 13:49 0 -> /dev/null
lrwx-- 1 root root 64 2008-06-11 13:49 1 -> /dev/null
l-wx-- 1 root root 64 2008-06-11 13:49 2 -> 
/var/log/samba/SMBTEST1/log.nmbd
l-wx-- 1 root root 64 2008-06-11 13:49 4 -> 
/var/run/samba/SMBTEST1/nmbd-smb_SMBTEST1.conf.pid

lrwx-- 1 root root 64 2008-06-11 13:49 5 -> /var/run/samba/messages.tdb
lrwx-- 1 root root 64 2008-06-11 13:49 6 -> socket:[49952]
lrwx-- 1 root root 64 2008-06-11 13:49 7 -> socket:[49953]
l-wx-- 1 root root 64 2008-06-11 14:48 8 -> 
/var/log/samba/SMBTEST1/log.nmbd


ls -la /proc/25290/fd
total 0
dr-x-- 2 root root  0 2008-06-11 13:49 .
dr-xr-xr-x 6 root root  0 2008-06-11 13:49 ..
lrwx-- 1 root root 64 2008-06-11 13:49 0 -> /dev/null
lrwx-- 1 root root 64 2008-06-11 13:49 1 -> /dev/null
lrwx-- 1 root root 64 2008-06-11 13:49 10 -> 
/var/run/samba/connections.tdb

lrwx-- 1 root root 64 2008-06-11 13:49 11 -> /var/run/samba/brlock.tdb
lrwx-- 1 root root 64 2008-06-11 13:49 12 -> /var/run/samba/locking.tdb
lrwx-- 1 root root 64 2008-06-11 13:49 13 -> /var/run/samba/gencache.tdb
lrwx-- 1 root root 64 2008-06-11 13:49 14 -> 
/var/lib/samba/ntdrivers.tdb
lrwx-- 1 root root 64 2008-06-11 13:49 15 -> 
/var/cache/samba/login_cache.tdb
lrwx-- 1 root root 64 2008-06-11 13:49 16 -> 
/var/lib/samba/account_policy.tdb
lrwx-- 1 root root 64 2008-06-11 13:49 17 -> 
/var/lib/samba/ntprinters.tdb

lrwx-- 1 root root 64 2008-06-11 13:49 18 -> /var/lib/samba/ntforms.tdb
lrwx-- 1 root root 64 2008-06-11 13:49 19 -> socket:[49976]
l-wx-- 1 root root 64 2008-06-11 13:49 2 -> 
/var/log/samba/SMBTEST1/log.smbd

lr-x-- 1 root root 64 2008-06-11 13:49 20 -> pipe:[49984]
l-wx-- 1 root root 64 2008-06-11 13:49 21 -> pipe:[49984]
lr-x-- 1 root root 64 2008-06-11 13:49 3 -> /dev/urandom
lrwx-- 1 root root 64 2008-06-11 13:49 4 -> /var/lib/samba/secrets.tdb
l-wx-- 1 root root 64 2008-06-11 13:49 5 -> 
/var/log/samba/SMBTEST1/log.smbd
l-wx-- 1 root root 64 2008-06-11 13:49 6 -> 
/var/run/samba/SMBTEST1/smbd-smb_SMBTEST1.conf.pid

lrwx-- 1 root root 64 2008-06-11 13:49 7 -> /var/run/samba/messages.tdb
lrwx-- 1 root root 64 2008-06-11 13:49 8 -> socket:[49961]
lrwx-- 1 root root 64 2008-06-11 13:49 9 -> /var/run/samba/sessionid.tdb

As well as samba first logs into /var/log/samba/log.nmbd and then 
continues with /var/log/samba/SMBTEST1/log.nmbd.


I would not like to compile samba new, as I do not like separate 
binaries for each instance.


Ideas wellcome.

Thanks
Christian
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Upgrading from samba-2 to samba-3

[Bengt Nilsson]

We just upgraded from samba-2.2.8  to samba-3.0.30 on Digital Unix  
4.0F (thanks for good work patching it, Volker).
The file/folder structure has changed, so I wonder what would be the  
simplest way to transfer the user passwords form old to new.

Right now all users are gone.

Bengt Nilsson

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mounting Samba Share using linux login

[John Drescher]

> Sorry - I've written a batch file for DOS/Windows.
> Linux users should use a shell script.
> There are several options to run this shell:
>
Although I have not done this yet (waiting for linux dfs client to
work 2.6.26 kernel), I believe pam_mount is also a good option for
this purpose:

http://pam-mount.sourceforge.net/


John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mounting Samba Share using linux login

[Helmut Hullen]

Hallo, John,

Du (drescherjm) meintest am 11.06.08:

>> Linux users should use a shell script.
>> There are several options to run this shell:

[...]

> Although I have not done this yet (waiting for linux dfs client to
> work 2.6.26 kernel), I believe pam_mount is also a good option for
> this purpose:

Only root can change these options.
If I put my script into the profile way or into .Xdefaults (p.e.), then  
I can mount several foreign shares on several servers without asking my  
root. Ok - "mount.cifs" must have set the "SUID" flag.

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] do i need posix users/groups in ldap

[Richard Foltyn]

Coming to think of it, I actually answered something that's not really
related to you question, so please just ignore my post.

On 6/11/08, Richard Foltyn <[EMAIL PROTECTED]> wrote:
> On 6/6/08, Collen Blijenberg <[EMAIL PROTECTED]> wrote:
>> So correct me if i'm wrong,
>>
>> in order to use the ldap backend, you need to insert the posix users in
>> ldap as well ??
>> there is no way to get it work, with the normal basic setup (passwd
>> shadow group ect. files)
>>
>> that's odd ?!
>
> Actually this will work too. I have all my POSIX/Samba users in LDAP
> except for the root user, since there is no point in duplicating root
> in LDAP. As long as you create a samba user with smbpasswd -a root,
> Samba will happily fetch the POSIX stuff from /etc/passwd. This should
> work for other users as well.
>
> However, as others have pointed out, this totally defeats the purpose
> of using LDAP in the first place. ;)
>
> - Richard
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] roaming user profiles do not transfer all settings

[Leandro Tracchia]

these are wallpapers saved on the my documents folder (which is part of the
user profile). if i change the wallpaper on the first client, that change is
not reflected on second client. both these clients are using roaming
profiles. so i'm not really sure if wallpaper setting information is saved
as part of the user profile. if it is supposed to be then it is not working
for me. frankly, i couldn't care less about how wallpaper behaves. what
really concerns me is the files that are created on one client need to be
seen when logged in from another client. this works, but sometimes the
client needs to be rebooted to see the new files, logging off sometimes just
doesn't do it.

On Tue, Jun 10, 2008 at 4:30 PM, John Drescher <[EMAIL PROTECTED]> wrote:

> > this is what i've done so far:
> >
> > i've created a temporary domain user account and logged on with that
> account
> > after joining the client machine to the domain with the  local
> administrator
> > account. i assigned a new wallpaper and placed some files on the desktop
> and
> > then logged off. i then joined another client machine with its local
> > administrator account and then logged on with the same temporary domain
> user
> > account i created above. at this point i expected to see the wallpaper
> and
> > files i had assigned and created on the first client machine. the files
> were
> > present, BUT the wallpaper was not kept.
> >
> Where is the wallpaper file located? Is it in the windows folder on
> both machines? Or some other folder?
>
>
> John
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Can't join windows 2008 AD with 3.0.30 "Failed to joindomain: Improperly formed account name"

[Clayton Hill]

Since I didn't get an answer, I am bumping this. 
(sorry! I really need an answer for this...)


Also here is more relevant info:
OS: SUSE 10.1 x86_64

Samba:
samba-3.0.30-0.1.112.x86_64
samba-client-3.0.30-0.1.112.x86_64
samba-winbind-3.0.30-0.1.112.x86_64

Kerberos: 
krb5-1.5.1-23.x86_64
krb5-client-1.5.1-23.x86_64








Hi folks,

My first post here after trolling for a while.

Here is the issue:
I can't join a Windows 2008 Server Active Directory with 3.0.30.
"Failed to join domain: Improperly formed account name"


Judging from the release notes from 3.0.29 etc this was fixed...
Am I incorrect in this assumption? Perhaps I have missed a new
configuration parameter?

Are the fixes being implemented incrementally -- and if so, what should
I be looking for in future release notes that tells me this is
completely finished and I can join my 2008 domain?

Regards,
-Clayton H.




Also, here is my debug level 10 output from a domain join:



==
A3-A107:/etc/samba # net ads join -U administrator%password -d 10
[2008/06/04 15:44:53, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
[2008/06/04 15:44:53, 3] param/loadparm.c:lp_load(5064)
  lp_load: refreshing parameters
[2008/06/04 15:44:53, 3] param/loadparm.c:init_globals(1446)
  Initialising global parameters
[2008/06/04 15:44:53, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2008/06/04 15:44:53, 3] param/loadparm.c:do_section(3803)
  Processing section "[global]"
  doing parameter workgroup = qa2008
  doing parameter server string = A3-A107 192.168.168.33
  doing parameter os level = 24
  doing parameter domain master = no
  doing parameter local master = no
  doing parameter preferred master = yes
  doing parameter encrypt passwords = yes
  doing parameter level2 oplocks = yes
  doing parameter security = ads
  doing parameter password server = *
  doing parameter wins server =
  doing parameter inherit acls = yes
  doing parameter map acl inherit = yes
  doing parameter log file = /var/log/samba/log%m
  doing parameter dos filemode = yes
  doing parameter printing = BSD
  doing parameter printcap name = /dev/null
  doing parameter admin users = webadmin
  doing parameter username map = /etc/samba/smbusers
  doing parameter winbind enum users = no
  doing parameter winbind enum groups = no
  doing parameter map to guest = bad user
  doing parameter include = /etc/samba/smb.conf.idmap_domains
[2008/06/04 15:44:53, 2] param/loadparm.c:handle_include(3215)
  Can't find include file /etc/samba/smb.conf.idmap_domains
  doing parameter include = /etc/samba/smb.conf.idmap_config
[2008/06/04 15:44:53, 2] param/loadparm.c:handle_include(3215)
  Can't find include file /etc/samba/smb.conf.idmap_config
  doing parameter include = /etc/samba/smb.conf.ads
[2008/06/04 15:44:53, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf.ads"
  doing parameter realm = QA2008.EDU
  doing parameter include = /etc/samba/smb.conf.global
[2008/06/04 15:44:53, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf.global"
  doing parameter include = /etc/samba/shares.conf
[2008/06/04 15:44:53, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file
"/etc/samba/shares.conf"
[2008/06/04 15:44:53, 4] param/loadparm.c:lp_load(5095)
  pm_process() returned Yes
[2008/06/04 15:44:53, 7] param/loadparm.c:lp_servicenumber(5233)
  lp_servicenumber: couldn't find homes
[2008/06/04 15:44:53, 10] param/loadparm.c:set_server_role(4339)
  set_server_role: role = ROLE_DOMAIN_MEMBER
[2008/06/04 15:44:53, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2LE
[2008/06/04 15:44:53, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS-2LE
[2008/06/04 15:44:53, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-16LE
[2008/06/04 15:44:53, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-16LE
[2008/06/04 15:44:53, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2BE
[2008/06/04 15:44:53, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS-2BE
[2008/06/04 15:44:53, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-16BE
[2008/06/04 15:44:5

[Samba] reply_nt1: smb signing is incompatible with share level security !

[Javier Ruiz]

Hi, There are  error message  found in the log from smb:

Nov 20 16:24:37 dell01 smbd[6199]:   reply_nt1: smb signing is incompatible
with share level security !

Below some key facts:

S.O : SUSE LINUX 10.1 (i586) - Kernel 2.6.16.21-0.13-default (10).

content of smb.conf :

# Global parameters
[global]
*workgroup = mysystem
*netbios name = mypc
*server string = Servidor Deel
*interfaces = 1xx.0.0.xxx/24
security = share
username map = /etc/samba/smbusers
hosts allow = 1xx.0.0. 127.
#   printing = cups
printcap name = cups
add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody
-s /bin/false %m$
domain master = no
restrict anonymous = no
#preferred master = no
preferred master = Yes
max protocol = NT
ldap ssl = No
server signing = Auto
#local master = no
local master = Yes

[homes]
comment = Home Directories
read only = No
create mask = 0640
directory mask = 0750
browseable = No

[printers]
comment = All Printers
path = /var/tmp
create mask = 0700
guest ok = Yes
printable = Yes
#dirk
[compartido]
*comment = comentario
*path = /path1/path1/path1
*username = user1, user2
read only = No
create mask = 0777
directory mask = 0777

*For security reasons, some details have been changed


Thanks for your help !!!

--
javierPUNTOruizARROBAindufrialPUNTOcom
PostMaster
Cartagena-Colombia

---

--
javierPUNTOruizARROBAindufrialPUNTOcom
PostMaster Indufrial S.A.
Cartagena-Colombia

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

---


--  Msg Reenviado  --

Subject: Re: [Samba] smb signing is incompatible with share level security !
Date: Tuesday 10 June 2008 18:51
From: Michael Heydon <[EMAIL PROTECTED]>
To: Javier Ruiz <[EMAIL PROTECTED]>
Cc: samba@lists.samba.org

I would guess the problem is exactly what it says, smb signing is
incompatible with share level security. So either stop using share level
security (my personal preference) or stop telling it to use smb signing.

Javier Ruiz wrote:
> 
>
> Nov 20 16:24:37 dell01 smbd[6199]:   reply_nt1: smb signing is incompatible
> with share level security !
>
> 
> security = share
> 
> server signing = Auto
> 

*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

---


--  Msg Reenviado  --

Subject: Re: [Samba] smb signing is incompatible with share level security !
Date: Tuesday 10 June 2008 18:51
From: Michael Heydon <[EMAIL PROTECTED]>
To: Javier Ruiz <[EMAIL PROTECTED]>
Cc: samba@lists.samba.org

I would guess the problem is exactly what it says, smb signing is
incompatible with share level security. So either stop using share level
security (my personal preference) or stop telling it to use smb signing.

Javier Ruiz wrote:
> 
>
> Nov 20 16:24:37 dell01 smbd[6199]:   reply_nt1: smb signing is incompatible
> with share level security !
>
> 
> security = share
> 
> server signing = Auto
> 

*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

---

-- 
javierPUNTOruizARROBAindufrialPUNTOcom
PostMaster Indufrial S.A.
Cartagena-Colombia

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 2nd smb server

[Adam Williams]

the groups are domain groups, not local groups, so try instead of -S 
SRV001 try -D INTERN


Sascha wrote:

Hi,

yes, thanks for the tip but thats what i have already done. The problem is that 
I can't see my domain groups

srv001:/ # net rpc info -S SRV001 -U admin
Password:
Domain Name: INTERN
Domain SID: S-1-5-21-3195058373-2734789582-569256879
Sequence number: 1213134789
Num users: 125
Num domain groups: 0
Num local groups: 0

Where could be the problem? "net groupmap list" shows me all my group mappings.

I really don't know where to start. Please help...

- Original Message 
From: Adam Williams <[EMAIL PROTECTED]>
To: Sascha <[EMAIL PROTECTED]>
Cc: samba@lists.samba.org
Sent: Tuesday, June 10, 2008 4:54:46 PM
Subject: Re: [Samba] 2nd smb server

read chapter 7 of Samba3 By Example.pdf.  it explains how to add domain 
member servers using NSS_LDAP and LDAP backend.  no you won't need winbind.


Sascha wrote:
  

Hi,

i have already search for three days now but i can't find any tips. I am 
running a Samba PDC based on smb 3.0.23. No i want to integrate a second samba 
server which should serve serveral client, just to decrease the load on the 
pdc. This should not be a BDC, just a domain member. For user management i use 
openLDAP. Well, what do i need for this scenario? Do I need winbind or can i 
just configure the 2nd server to use the same ldap information as the pdc?

I would be thankful if somebody could give me a hint.



 
 




  
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mounting Samba Share using linux login

[Gustavo Homem]

On Wednesday 11 June 2008 14:50, John Drescher wrote:
> > Sorry - I've written a batch file for DOS/Windows.
> > Linux users should use a shell script.
> > There are several options to run this shell:
>
> Although I have not done this yet (waiting for linux dfs client to
> work 2.6.26 kernel), I believe pam_mount is also a good option for
> this purpose:
>
> http://pam-mount.sourceforge.net/

pam_mount is the best solution as it mounts the sahre with the unix user 
credentials.

Best regards
Gustavo

-- 
Angulo Sólido - Tecnologias de Informação
http://angulosolido.pt
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Some kind of weird setup ...

[Jan Patrick Lübbert]

Hello,

I've some questions for you and hope you can help me with some issues. I'll
start with the (hopefully) easier one. I'm working with Samba 3.0.28a an Ubuntu
8.04.

1. There's a share on an ext3 fs with user quota set. If I mount that share to
another Ubuntu, how am I able to see the "free space" I have on that device? df
only reports the free space of the underlying fs not the quota. Windows reports
the quota value, so there must be a way to retrieve the value. Is there another
executable to get it?

2. Don't ask why, but imagine a setup where one server shares a share called
"home" from an ext3 with enabled userquota to another machine. This machine
than shares this (mounted) share again to other machines (linux and windows)
via Samba. Don't speak about performance and how silly this is, but at the
moment I don't see other ways to do what I need. Problem within this setup is
to let the clients know when their quota is exceeded and their write operation
failed. By enabling "stict sync" and
"sync allways" on the second Samba, I was able to get windows to notice it, but
I don't know if there are other possibilities.
Another problem is the free space which is reported to the clients incorretly.
May this can be solved with a "get quota command" and the answer to question 1.
And I haven't tested if the acls reach the clients yet.

I'm open for suggestions ...

Thanks

Jan

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Leopard mounting issues

[Mike Bann]

Guys,

Anyone else noticed issues with mounting Samba from Leopard? Leopard 
claims to have never made the connection, but the logs of the connection 
say it authenticated but looks like it never sent a directory to mount.


Ideas?

Mike
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems joining a windows domain (Failed to join domain: Operations error)

[Sebastian Songemann]

Hi,

I googled possible solutions to this problem already, but could apply none of 
them.

I can communicate with the DC without any problem, I get tickets and so on. As 
soon as I type:

net ads join -U sebastian

all I get is

Failed to join domain: Operations error

With debug enabled, the entry before that looks as follows:

[2008/06/11 17:37:57, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server [ip address here]
Failed to join domain: Operations error

So it stops directly after connecting, no more messages, no error messages, 
just this one. And I don't get the problem. Maybe you can help.

Thanks,
Sebastian

-- 
GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen!
Jetzt dabei sein: http://www.shortview.de/[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Domain trusts in samba3 with openLDAP

[Charlie]

The Samba Team does not support a unified  system backing multiple
domains controlled by samba at this time (even though that's arguably
the Holy Grail of corporate computing). You have to roll your own.
Here's how I did it (with much help from several members of the Samba
Team, gratefully appreciated):

WARNING THIS IS A HACK.  IF YOU ARE READING THIS AFTER 2008-06-15 IT
MAY BE OBSOLETE BY NOW.  DO NOT PROPAGATE THIS FOREVER AS FOLK WISDOM.
 Thanks.

First of all, you need a working WINS architecture.  This is harder
than it sounds but not too hard.

  #1  Shut down samba
  #2  Turn off port 445 in smb.conf
  #3  configure each of your PDCs to be a WINS server
  #4  edit wins.dat with a unix text editor adding records for each remote PDC

"DOMAIN_B#1b" 0 ip.ad.dr.ess 66R
"DOMAIN_B#1c" 0 ip.ad.dr.ess 66R
"DOMAIN_B#1d" 0 ip.ad.dr.ess 66R
"DOMAIN_B#1e" 0 ip.ad.dr.ess 66R
"DOMAIN_B#00" 0 ip.ad.dr.ess 66R
  (etc. etc. etc. for all non-local domains and PDC addresses)

  #5 turn samba back on
  #6 use "net cache list", "net cache add" and "net cache del" to fix
any problems

I have been unable to establish interdomain trusts without WINS
working.  Period.

OK, now you need to run winbind (smbd and nmbd used to be able to do
this stuff without winbind, but not any more) and more importantly you
need to strongly segregate your LDAP container objects.

You see, when you try to establish an interdomain trust, samba no
longer allows you to specify the name of the account that must exist
on the remote PDC.  The name of that trust *must* be the name of the
requesting domain.  This works fine until you have more than two
domains, at which point it completely breaks down, because the trust
account must have the SID of the local domain and the name of the
remote domain (draw this out on paper if you don't see why it cannot
work for more than two domains.)

So, you need to build container objects for each of your domains,
something like "ou=DOMAIN_A,dc=example,dc=com" and
"ou=DOMAIN_B,dc=example,dc=com" and put all the machine and domain
trust accounts into the appropriate container.  Everything in the
Domain_A container should have a sambaSID attribute that works for
Domain_A, etc. and so forth for Domains B through Z.

Now rig up your idmapping to look across the containers by putting
this sort of stuff in smb.conf:

# These are the domains we will talk to
# one of them will be designated the default

idmap domains = DOMAIN_A DOMAIN_B DOMAIN_C
#
# This is the domain that we can write uid/guid maps for
#
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=DOMAIN_A,dc=example,dc=com
idmap alloc config:ldap_user_dn = cn=smbd,ou=DOMAIN_A,dc=example,dc=com
idmap alloc config:ldap_url =
ldaps://master.ldap.server.example.com/
idmap alloc config:range= 405000 - 40
#
# These are all the domain maps we have read access to
#
idmap config DOMAIN_A:default  = yes
idmap config DOMAIN_A:backend  = ldap
idmap config DOMAIN_A:ldap_user_dn =
cn=smbd,ou=DOMAIN_A,dc=example,dc=com
idmap config DOMAIN_A:ldap_base_dn = ou=DOMAIN_A,dc=example,dc=com
idmap config DOMAIN_A:ldap_url = ldap://127.0.0.1/
idmap config DOMAIN_A:range= 405000 - 40
#
idmap config DOMAIN_B:readonly = yes
idmap config DOMAIN_B:backend  = ldap
idmap config DOMAIN_B:ldap_user_dn =
cn=smbd,ou=DOMAIN_B,dc=example,dc=com
idmap config DOMAIN_B:ldap_base_dn = ou=DOMAIN_B,dc=example,dc=com
idmap config DOMAIN_B:ldap_url = ldap://127.0.0.1/
idmap config DOMAIN_B:range= 415000 - 41
#
idmap config DOMAIN_C:readonly = yes
idmap config DOMAIN_C:backend  = ldap
idmap config DOMAIN_C:ldap_user_dn =
cn=smbd,ou=DOMAIN_C,dc=example,dc=com
idmap config DOMAIN_C:ldap_base_dn = ou=DOMAIN_C,dc=example,dc=com
idmap config DOMAIN_C:ldap_url = ldap://127.0.0.1/
idmap config DOMAIN_C:range= 425000 - 42
#

You're going to have to do this on all the PDCs with appropriate
modifications (mostly just changing the "readonly" and "default"
clauses, but also making your "alloc" section match your default
domain) and then you'll have to set the password for the bind DNs in
/etc/secrets.tdb using a bunch of "net idmap secret DOMAIN "
commands and one "net idmap secret alloc ".

Then you'll be OK, right?  Not so fast.  Although you have specified
in your smb.conf file the appropriate container for machine trusts
("ldap machine suffix = ou=Windows_Domain_A" for example) the code
that looks for domain trusts does not use this parameter.  Instead, it
starts from the top of your tree (as specified by ldap suffix in
smb.conf) and works down.  If it finds more than one object with the
name it's looking for it simply breaks, instead of checking to see if
one of them might be appropriate or using a filter that references t

Re: [Samba] Domain trusts in samba3 with openLDAP

[John H Terpstra]

On Wednesday 11 June 2008 17:14:43 Charlie wrote:
> The Samba Team does not support a unified  system backing multiple
> domains controlled by samba at this time (even though that's arguably
> the Holy Grail of corporate computing). You have to roll your own.
> Here's how I did it (with much help from several members of the Samba
> Team, gratefully appreciated):
>
> WARNING THIS IS A HACK.  IF YOU ARE READING THIS AFTER 2008-06-15 IT
> MAY BE OBSOLETE BY NOW.  DO NOT PROPAGATE THIS FOREVER AS FOLK WISDOM.
>  Thanks.

Charlie:   Thanks for posting this. 


Everyone:

Please note the above proviso - DO NOT PROPOGATE THIS AS FOLKLORE!!

I promised a few people I will update the Samba3-HOWTO documentation on 
Interdomain trusts.  Before doing so, I'd like to obtain feedback from others 
regarding their experiences and practices in establishing interdomain trusts 
with Samba3 releases that are more recent than 3.0.20.

If anyone is willing to provide background info I this will be most 
appreciated.  If you regard your information as too confidential for a public 
list, please contact me off-list at [EMAIL PROTECTED] - I will anonymize and 
document _AND_ report back on this mailing list.

Cheers,
John T.

> First of all, you need a working WINS architecture.  This is harder
> than it sounds but not too hard.
>
>   #1  Shut down samba
>   #2  Turn off port 445 in smb.conf
>   #3  configure each of your PDCs to be a WINS server
>   #4  edit wins.dat with a unix text editor adding records for each remote
> PDC
>
> "DOMAIN_B#1b" 0 ip.ad.dr.ess 66R
> "DOMAIN_B#1c" 0 ip.ad.dr.ess 66R
> "DOMAIN_B#1d" 0 ip.ad.dr.ess 66R
> "DOMAIN_B#1e" 0 ip.ad.dr.ess 66R
> "DOMAIN_B#00" 0 ip.ad.dr.ess 66R
>   (etc. etc. etc. for all non-local domains and PDC addresses)
>
>   #5 turn samba back on
>   #6 use "net cache list", "net cache add" and "net cache del" to fix
> any problems
>
> I have been unable to establish interdomain trusts without WINS
> working.  Period.
>
> OK, now you need to run winbind (smbd and nmbd used to be able to do
> this stuff without winbind, but not any more) and more importantly you
> need to strongly segregate your LDAP container objects.
>
> You see, when you try to establish an interdomain trust, samba no
> longer allows you to specify the name of the account that must exist
> on the remote PDC.  The name of that trust *must* be the name of the
> requesting domain.  This works fine until you have more than two
> domains, at which point it completely breaks down, because the trust
> account must have the SID of the local domain and the name of the
> remote domain (draw this out on paper if you don't see why it cannot
> work for more than two domains.)
>
> So, you need to build container objects for each of your domains,
> something like "ou=DOMAIN_A,dc=example,dc=com" and
> "ou=DOMAIN_B,dc=example,dc=com" and put all the machine and domain
> trust accounts into the appropriate container.  Everything in the
> Domain_A container should have a sambaSID attribute that works for
> Domain_A, etc. and so forth for Domains B through Z.
>
> Now rig up your idmapping to look across the containers by putting
> this sort of stuff in smb.conf:
>
> # These are the domains we will talk to
> # one of them will be designated the default
>
> idmap domains = DOMAIN_A DOMAIN_B DOMAIN_C
> #
> # This is the domain that we can write uid/guid maps for
> #
> idmap alloc backend = ldap
> idmap alloc config:ldap_base_dn = ou=DOMAIN_A,dc=example,dc=com
> idmap alloc config:ldap_user_dn =
> cn=smbd,ou=DOMAIN_A,dc=example,dc=com idmap alloc config:ldap_url =
> ldaps://master.ldap.server.example.com/
> idmap alloc config:range= 405000 - 40
> #
> # These are all the domain maps we have read access to
> #
> idmap config DOMAIN_A:default  = yes
> idmap config DOMAIN_A:backend  = ldap
> idmap config DOMAIN_A:ldap_user_dn =
> cn=smbd,ou=DOMAIN_A,dc=example,dc=com
> idmap config DOMAIN_A:ldap_base_dn = ou=DOMAIN_A,dc=example,dc=com
> idmap config DOMAIN_A:ldap_url = ldap://127.0.0.1/
> idmap config DOMAIN_A:range= 405000 - 40
> #
> idmap config DOMAIN_B:readonly = yes
> idmap config DOMAIN_B:backend  = ldap
> idmap config DOMAIN_B:ldap_user_dn =
> cn=smbd,ou=DOMAIN_B,dc=example,dc=com
> idmap config DOMAIN_B:ldap_base_dn = ou=DOMAIN_B,dc=example,dc=com
> idmap config DOMAIN_B:ldap_url = ldap://127.0.0.1/
> idmap config DOMAIN_B:range= 415000 - 41
> #
> idmap config DOMAIN_C:readonly = yes
> idmap config DOMAIN_C:backend  = ldap
> idmap config DOMAIN_C:ldap_user_dn =
> cn=smbd,ou=DOMAIN_C,dc=example,dc=com
> idmap config DOMAIN_C:ldap_base_dn = ou=DOMAIN_C,dc=example,dc=com
> idmap config DOMAIN_C:ldap_url = ldap://127.0.0.1/
> idmap config DOMAIN_C:range= 425000 - 42999

Re: [Samba] WINS server looses election irregular in a heterogeneous network

[Charlie]

Have you tried setting your "announce version" instead of just
manipulating OS level?

   announce version = 4.9  is the default, which is less than XP for example.

Perhaps an "announce version = 5.3" would solve your problem, I dunno.

--Charlie



On Wed, Jun 11, 2008 at 4:52 AM, Timo Meinen <[EMAIL PROTECTED]> wrote:
> Dear Samba-Users,
>
> I have to administer a Samba WINS Server in a heterogenous network. It's a
> student hostel with about 200 mixed (Windows, Linux, Mac OS X) computers. We
> have a DHCP, which delivers the WINS-Server address to the clients. I don't
> have access to the clients.
>
> The problem is, that the WINS-Server (Samba 3.0.27) looses the
> Master-Browser election irregulary. I can't configure Samba a way, that
> it keeps the MSB.
>
> Example from the log.nmbd:
>
> ===
> [2008/06/09 22:15:45, 0]
> nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
> process_local_master_announce: Server GUERO at IP 10.0.80.221 is announcing
> itself as a local master browser for workgroup WODANLAN and we think we are
> master. Forcing election.
> [2008/06/09 22:15:45, 2]
> nmbd/nmbd_become_lmb.c:unbecome_local_master_browser(280)
> unbecome_local_master_browser: unbecoming local master for workgroup
> WODANLAN on subnet 10.0.80.5
> [2008/06/09 22:15:45, 0]
> nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
> *
>
> Samba name server SHODAN has stopped being a local master browser for
> workgroup WODANLAN on subnet 10.0.80.5
>
> *
> ===
>
> SHODAN is the name of the server. Today it's GUERO, who is winning the
> election. Yesterday, it was another computer.
>
> When I restart the smbd/nmdb it wins the election and the network browsing
> operates normally. Is there any way to be sure, that SHODAN keeps the MSB?
>
> At the moment I have a cron, which restarts the smb-server every 30 minutes,
> so that it wins the election and becomes the MSB, but that's really a nasty
> thing.
>
> This is my configuration:
>
> smb.conf:
> ===
> [global]
> workgroup = WODANLAN
> netbios name = Shodan
> server string = Wodanlan Master Browser
> hosts allow = 10.0.80.
> log level = 2
>
> domain master = yes
> local master = yes
> preferred master = yes
> enhanced browsing = Yes
> os level = 255
>
> wins support = yes
> dns proxy = no
> ===
>
> Can you help me?
>
> Thank you very much
> Timo Meinen
> [EMAIL PROTECTED]
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Failed building 3.0.30 for tru64 4.0F

[Kai Lanz]

On Jun 10, 2008, at 8:40 AM, Volker Lendecke wrote:


It compiled with the attached patch.

I don't know why the compiler isn't able to optimize away
the safe_string stuff.

Volker
Attachment: 


Thanks, Volker, this seems to have done the trick. Starting
from a fresh 3.0.30 tarball, I applied your patches, and was
then able to get a successful build in the usual way (config
for cc, not gcc, fix TDB_BASE_OBJ in Makefile, and use
gmake, not make). This is on an Alpha Tru64 v4.0G box.

There are a whole bunch of warnings in the gmake output
that list unresolved routines during the following steps:

Linking libmsrpc shared library bin/libmsrpc.so
Linking libaddns shared library bin/libaddns.so
Building plugin bin/recycle.so
Building plugin bin/audit.so
Building plugin bin/extd_audit.so
Building plugin bin/full_audit.so
Building plugin bin/netatalk.so
Building plugin bin/fake_perms.so
Building plugin bin/default_quota.so
Building plugin bin/readonly.so
Building plugin bin/cap.so
Building plugin bin/expand_msdfs.so
Building plugin bin/shadow_copy.so
Building plugin bin/readahead.so
Building plugin bin/CP850.so
Building plugin bin/CP437.so
Building plugin bin/script.so

But these appear to be harmless -- I got the same warnings
when I built 3.0.25, and it's been running just fine on our
Alpha box for months. I expect to be able to test this build of
3.0.30 on Monday.

--
Kai Lanz

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mounting Samba Share using linux login

[David Kuntadi]

Yes, I think pam mount is what I need. I will study it and report if
it is successfull.

Anyway, thanks also for Helmut for the idea.

Regards,
David

On Thu, Jun 12, 2008 at 3:13 AM, Gustavo Homem <[EMAIL PROTECTED]> wrote:
> On Wednesday 11 June 2008 14:50, John Drescher wrote:
>> > Sorry - I've written a batch file for DOS/Windows.
>> > Linux users should use a shell script.
>> > There are several options to run this shell:
>>
>> Although I have not done this yet (waiting for linux dfs client to
>> work 2.6.26 kernel), I believe pam_mount is also a good option for
>> this purpose:
>>
>> http://pam-mount.sourceforge.net/
>
> pam_mount is the best solution as it mounts the sahre with the unix user
> credentials.
>
> Best regards
> Gustavo
>
> --
> Angulo Sólido - Tecnologias de Informação
> http://angulosolido.pt
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mounting Samba Share using linux login

[David Kuntadi]

I have followed below guidelines which is a little bit outdated:
https://wiki.ubuntu.com/MountWindowsSharesPermanently#head-4956b77e68a8e33082ab7c38e52b50541c417d95

It is mounted successfully by editing /etc/security/pam_mount.conf.xml
instead of /etc/security/pam_mount.conf, and follow the direction in
the /etc/security/pam_mount.conf.xml.

Now user could change samba password using usermin, and then followed
by changeing its own password to match, and the share would mount
autimatically.

Thanks again,
David
On Thu, Jun 12, 2008 at 7:54 AM, David Kuntadi <[EMAIL PROTECTED]> wrote:
> Yes, I think pam mount is what I need. I will study it and report if
> it is successfull.
>
> Anyway, thanks also for Helmut for the idea.
>
> Regards,
> David
>
> On Thu, Jun 12, 2008 at 3:13 AM, Gustavo Homem <[EMAIL PROTECTED]> wrote:
>> On Wednesday 11 June 2008 14:50, John Drescher wrote:
>>> > Sorry - I've written a batch file for DOS/Windows.
>>> > Linux users should use a shell script.
>>> > There are several options to run this shell:
>>>
>>> Although I have not done this yet (waiting for linux dfs client to
>>> work 2.6.26 kernel), I believe pam_mount is also a good option for
>>> this purpose:
>>>
>>> http://pam-mount.sourceforge.net/
>>
>> pam_mount is the best solution as it mounts the sahre with the unix user
>> credentials.
>>
>> Best regards
>> Gustavo
>>
>> --
>> Angulo Sólido - Tecnologias de Informação
>> http://angulosolido.pt
>>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba