Re: [Samba] loging user actions
On Sat, Sep 20, 2008 at 09:41:55PM +0200, peter grotz wrote: > from time to time some of our users delete files. But none of them do > confess that they have deleted the file. > I want to find at the samba logs which user has deleted the file. I´m > using the audit-vfs module but there are only messages about opening > and closing of files. > Can anybody give me a hint for using samba logs to find the users I´m > searching for? Look for the full_audit module. Volker pgp328CnDnAM6.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbstatus - switched off computers are sometimes showed
Volker Lendecke wrote: On Fri, Sep 19, 2008 at 10:02:02PM +0200, Vlastimil Šetka wrote: I have a Samba server configured as PDC for ~100 computers. It's version 3.0.24 running on Debian Etch (distribution package). I want to write a tool for user logon/logoff tracking. Because parsing log files is hard job (windows frequently disconnets or connects during user session or etc.) I decide to use smbstatus output which seem to be reliable. So I run smbstatus binary every 10 seconds, parse the output and all is fine. But sometimes in the smbstatus output is show computer which is several hours switched off. At the next run (after 10s) this record is not presented. Sometimes this "ghost" record is shown for ~30 seconds. Does that smbd still exist? If computers are just switched off then Samba might not notice. I plan to check it but it's complicated because the "ghost" record is presented only for several seconds. I have to log the PID and related "ps" output. Smbstatus checks if the proccess with the PID still exists. So if it's showed the smbd probably exists. The computer is really switched off for several hours when this issue is presented. I also check the log file and there is no activity at this time. Today there were two "ghost" records for two different users on one computer - this computer is switched off for > 24 hours and this two users were loged in during last 3 days. Example: 11:10:21 - MACHINE1/USER1 - is in smbstatus ... constantly is in smbstatus 12:14:11 - MACHINE1/USER1 - is NOT in smbstatus 12:15:21 - MACHINE1/USER2 - is in smbstatus ... 12:45:31 - MACHINE1/USER2 - is NOT in smbstatus Now the MACHINE1 is switched off. 18:16:21 - MACHINE1/USER1 - is in smbstatus !! (and the MACHINE1 is switched off several hours!) 18:16:31 - MACHINE1/USER1 - is NOT in smbstatus Sometimes (cca twice a day) smbstatus return error output like this: tdb(/var/run/samba/sessionid.tdb): rec_read bad magic 0xd9fee666 at offset=116988 This is normal. Smbstatus reads the tdb files in read-only mode. This implies no locking which in turn might lead to smbstatus reading an inconsistent tdb file. Yes. In sources I notice that no locking is used. Smbstatus only reads the file so it's OK. I also want to use INOTIFY on sessionid.tdb file but it's not usable because smbd has the file constantly open for write. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc info failure accessing XP: NT_STATUS_LOGON_FAILURE
I'm trying to remotely shut down a Windows XP machine on my local network using "net rpc shutdown". I'm coming across errors, so I decided to back down to the simpler "net rpc info", thinking that there will be fewer security settings related to seeing things than actually shutting down the system. Here's the info for the two boxes in question: -- Linux box (Ubuntu 7.10): [EMAIL PROTECTED]:~$ uname -a Linux ireland 2.6.22-15-386 #1 Wed Aug 20 18:11:25 UTC 2008 i686 GNU/Linux [EMAIL PROTECTED]:~$ net --version Version 3.0.26a [EMAIL PROTECTED]:~$ net rpc info -I localhost -U samba%sambapass Domain Name: BRIANS Domain SID: S-1-5-21-3781685452-1013998031-819676632 Sequence number: 1221940999 Num users: 29 Num domain groups: 0 Num local groups: 0 Windows box: Windows XP Professional, Service Pack 3 Full computer name: phoebus. Workgroup: WORKGROUP Shared folder: C:\share Windows firewall: DISABLED IP: 192.168.9.155 C:\share settings: - Advanced/"not simple" file sharing - Share name: share - User limit: 10 - Permissions: - Everyone: Read - Lep (PHOEBUS\Lep): Full Control, Change, Read - Here are the results of various commands when my XP box has 'Local Security Settings->Local Policies->Security Options->Network access: Sharing and security model for local accounts' set to 'Classic' (please note that "temppass" IS the current password for the Lep user): [EMAIL PROTECTED]:~$ net rpc info -I phoebus Password: (** NONE GIVEN, JUST HIT ENTER **) Could not connect to server 192.168.9.155 Connection failed: NT_STATUS_LOGON_TYPE_NOT_GRANTED [EMAIL PROTECTED]:~$ net rpc info -I phoebus Password: notapassword Could not connect to server 192.168.9.155 Connection failed: NT_STATUS_LOGON_TYPE_NOT_GRANTED Connection failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED]:~$ net rpc info -I phoebus -U NotAUser%notapassword Could not connect to server 192.168.9.155 Connection failed: NT_STATUS_LOGON_TYPE_NOT_GRANTED [EMAIL PROTECTED]:~$ net rpc info -I phoebus -U Lep Password: temppass Could not connect to server 192.168.9.155 The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED]:~$ net rpc info -I phoebus -U Lep%temppass Could not connect to server 192.168.9.155 The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED]:~$ net rpc info -S phoebus -U Lep%temppass Could not connect to server phoebus The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED]:~$ net rpc info -I phoebus -U //PHOEBUS/Lep%temppass Could not connect to server 192.168.9.155 Connection failed: NT_STATUS_LOGON_TYPE_NOT_GRANTED [EMAIL PROTECTED]:~$ net rpc info -I phoebus -U PHOEBUS/Lep%temppass Could not connect to server 192.168.9.155 The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED]:~$ net rpc info -I phoebus -W WORKGROUP -U Lep%temppass Could not connect to server 192.168.9.155 The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE --- Here are the results when I have 'Local Security Settings->Local Policies->Security Options->Network access: Sharing and security model for local accounts' set to 'Guest only': [EMAIL PROTECTED]:~$ net rpc info -I phoebus Password: (** NO PASSWORD, JUST HIT ENTER **) Could not connect to server 192.168.9.155 Connection failed: NT_STATUS_LOGON_TYPE_NOT_GRANTED [EMAIL PROTECTED]:~$ net rpc info -I phoebus -U Lep%temppass Could not connect to server 192.168.9.155 Connection failed: NT_STATUS_LOGON_TYPE_NOT_GRANTED The NT_STATUS_LOGON_TYPE_NOT_GRANTED repeats for any command I try that actually connects to the server. Adding "share" to 'Security Options->Network access: Shares than can be accessed anonymously' has no noticeable affect. The security setting 'Network access: Let Everyone permissions apply to anonymous users' is already enabled. Does anyone have any ideas? I'm a bit stumped as to why a perfectly valid user can't log in. Thanks much, Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] loging user actions
Hallo, from time to time some of our users delete files. But none of them do confess that they have deleted the file. I want to find at the samba logs which user has deleted the file. I´m using the audit-vfs module but there are only messages about opening and closing of files. Can anybody give me a hint for using samba logs to find the users I´m searching for? Thanks in advance Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbstatus - switched off computers are sometimes showed
On Fri, Sep 19, 2008 at 10:02:02PM +0200, Vlastimil Šetka wrote: > I have a Samba server configured as PDC for ~100 computers. It's version > 3.0.24 running on Debian Etch (distribution package). > > I want to write a tool for user logon/logoff tracking. Because parsing > log files is hard job (windows frequently disconnets or connects during > user session or etc.) I decide to use smbstatus output which seem to be > reliable. > > So I run smbstatus binary every 10 seconds, parse the output and all is > fine. But sometimes in the smbstatus output is show computer which is > several hours switched off. At the next run (after 10s) this record is > not presented. Sometimes this "ghost" record is shown for ~30 seconds. Does that smbd still exist? If computers are just switched off then Samba might not notice. > Example: > > 11:10:21 - MACHINE1/USER1 - is in smbstatus > ... constantly is in smbstatus > 12:14:11 - MACHINE1/USER1 - is NOT in smbstatus > 12:15:21 - MACHINE1/USER2 - is in smbstatus > ... > 12:45:31 - MACHINE1/USER2 - is NOT in smbstatus > Now the MACHINE1 is switched off. > 18:16:21 - MACHINE1/USER1 - is in smbstatus !! (and the MACHINE1 is > switched off several hours!) > 18:16:31 - MACHINE1/USER1 - is NOT in smbstatus > > Sometimes (cca twice a day) smbstatus return error output like this: > tdb(/var/run/samba/sessionid.tdb): rec_read bad magic 0xd9fee666 at > offset=116988 This is normal. Smbstatus reads the tdb files in read-only mode. This implies no locking which in turn might lead to smbstatus reading an inconsistent tdb file. Volker pgpI77ChA6VxT.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with 2 NICs
On Saturday 20 September 2008 11:35:42 am hamacker wrote: > # ifconfig eth0 > eth0 Link encap:Ethernet HWaddr 00:0c:76:97:04:f3 > inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 eth0 should not have an address - it should belong only to bond0. eth0 and eth1 are both slaves to the master bond0. > # The primary network interface > auto eth0 > iface eth0 inet static Should probably more like: iface bond0 inet static > my smb.conf : > [global] > unix charset = UTF8 > workgroup = VIDY2005 > server string = %h server (Samba %v) > interfaces = eth0, eth1 Should be: interfaces = bond0, lo bind interfaces only = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] inherit permission vs directory mask
dear all if i apply both "inherit permission = yes" and "directory mask = 0666" then which one really applied. [public] directory mask = 0666 inherit permission = yes writeable = yes valid user = vishesh Thanks for attention -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with 2 NICs
I bond two NICs in same IP, basicly : # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0c:76:97:04:f3 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:76ff:fe97:4f3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:22185515 errors:0 dropped:0 overruns:0 frame:0 TX packets:20365072 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:12422061457 (11.5 GB) TX bytes:7350461490 (6.8 GB) Interrupt:18 Base address:0x2000 # modprobe bonding # ifconfig bond0 192.168.1.2 netmask 255.255.255.0 # ifenslave -v bond0 eth0 eth1 # route add default gw 192.168.1.254 I did tests very well on my switch (on/off ports) and ping from network - it's run fine. I check default route before and after bond. My problem is that only WinXP can logon into domain if two nics are enabled(with bond or not), win95/98 dont logon (with bond or not). # cat /etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.254 dns-nameservers 192.168.1.14 dns-search vidylab.com.br # samba wont authenticate win9x machines if eth1enabed # then I comment bellow lines #auto eth1 #iface eth1 inet static #address 192.168.1.3 #netmask 255.255.255.0 #network 192.168.1.0 #broadcast 192.168.1.255 #gateway 192.168.1.254 ## dns-* options are implemented by the resolvconf package, if installed #dns-nameservers 192.168.1.14 ##dns-nameservers 200.204.0.10, 200.204.0.138 #dns-search vidylab.com.br my smb.conf : [global] unix charset = UTF8 workgroup = VIDY2005 server string = %h server (Samba %v) interfaces = eth0, eth1 obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Please*retype*new*password* %n\n *password*successfully*updated* unix password sync = Yes lanman auth = Yes syslog = 0 log file = /var/log/samba/log.%m.%U max log size = 1 smb ports = 139 name resolve order = hosts wins bcast time server = Yes socket options = TCP_NODELAY SO_RCVBUF=16384 IPTOS_LOWDELAY printcap name = cups add user script = /usr/sbin/useradd -m '%u' rename user script = /usr/sbin/usermod -l '%unew' '%uold' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/bin/gpasswd -a '%u' '%g' delete user from group script = /usr/bin/gpasswd -d '%u' '%g' set primary group script = /usr/sbin/usermod -g '%g' '%u' add machine script = /usr/sbin/adduser -n -r -g machines -c "Samba machine" -d /dev/null -s /bin/false %u logon script = scripts\%u.bat logon path = \\%L\profiles\%U logon home = /home/samba/netlogon domain logons = Yes os level = 100 preferred master = Yes domain master = Yes dns proxy = No panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash create mask = 0777 force create mode = 0777 force security mode = 0777 directory mask = 0777 force directory mode = 0777 force directory security mode = 0777 cups options = raw preserve case = No short preserve case = No veto oplock files = /*.odt/*.doc/*.xls/*.mdb/ 2008/9/20 Chris Smith <[EMAIL PROTECTED]>: > On Friday 19 September 2008 08:35:58 am hamacker wrote: >> I did that. >> I test, and everything is OK. >> It's not misconfiguration. >> >> When 2 NICs bonded (or 2 NICs only enabled), WinXP can logon into >> domain and win95/98 can not. If I disable one NIC then any OS can >> logon into domain. > > From your first post: > >>#interfaces = 192.168.1.2/24 192.168.1.3 127. >>interfaces = eth0 eth1 > > It looks like you have 2 nic's on the same subnet but not bonded or you would > not have 2 different IP addresses and the interface would be called bond0. > This scenario - 2 nics on the same subnet, AFAIK, will generally not work. > > Once you bond them there will only be one IP address for the bonded interface > bond0. You will need to pick a proper bonding mode for your needs and switch > configuration (see bonding.txt in your kernel source documentation). > > Also try: > > smb ports = 139 > > in the global section of your smb.conf file. > > Chris > -- > To unsubscribe from this list go to the following URL and read the > instruc
Re: [Samba] Samba with 2 NICs
On Friday 19 September 2008 08:35:58 am hamacker wrote: > I did that. > I test, and everything is OK. > It's not misconfiguration. > > When 2 NICs bonded (or 2 NICs only enabled), WinXP can logon into > domain and win95/98 can not. If I disable one NIC then any OS can > logon into domain. From your first post: >#interfaces = 192.168.1.2/24 192.168.1.3 127. >interfaces = eth0 eth1 It looks like you have 2 nic's on the same subnet but not bonded or you would not have 2 different IP addresses and the interface would be called bond0. This scenario - 2 nics on the same subnet, AFAIK, will generally not work. Once you bond them there will only be one IP address for the bonded interface bond0. You will need to pick a proper bonding mode for your needs and switch configuration (see bonding.txt in your kernel source documentation). Also try: smb ports = 139 in the global section of your smb.conf file. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot browse, 'net view' fails, but 'net use x: \\server\share' works [ANSWER]
Hello everyone, I had been struggling with the issue, and eventually found the root cause. But I noted it's not mentioned here, or on the internet. Solution below, after the details. The symptoms are that on Windows 2000 you can C:\> net use X: \\server\share (maps the drive successfully) and C:\> net view \\server (lists the various services). But doing this: C:\> net view gives an error message: System error 1326 has occurred. Logon failure: unknown user name or bad password. and clicking on "Computers Near Me" or Network Neighborhood gives a dialog box: Workgroup is not accessible. The network name cannot be found. ===SOLUTION=== Don't use the 'valid users' option in the [global] section. It should be replicated across each of the shares, individually. My particular situation is that I had named the various human usernames (nick tom dick harry) as valid users (to prevent any other user, like apache or ftp from noseying around - the chances are slim but you never know). It appears the computer is logging in as some guest/anonymous userid, obviously not included on the list, when it does its browsing. I can confirm the 'invalid users' option is OK in the [global] section; I have root listed there. ===Versions of software=== => Server Linux: Ubuntu Breezy (yes it's time for an upgrade) Samba: 3.0.14a-Ubuntu Running WINS, and as local browse master Server role: ROLE_STANDALONE security = USER => Client Windows 2000 SP4 5.00.2195, Internet Explorer 5.00.3700.1000, running in a VMware virtual machine. => Another client A similar Win2000 client with IE6.0sp1 (cursory testing only). ===Suggested additional steps=== I felt "The Official Samba-3 HOWTO and Reference Guide" was a little incomplete, so here are my additional instructions, for section 35 (The Samba Checklist). Insert after existing step 7. 7a. Run this command on the unix command line: $ smbclient -NL BIGSERVER## name or ip of samba server You get a list of shares, machines, and workgroups. If you get an error message saying: tree connect failed: NT_STATUS_LOGON_FAILURE then a possible cause is a 'valid users' line in the [globals] section. 7b. Run this command on the Windows DOS command line C:\> net view You should get a list of machines in the workgroup. If you get a System error 1326 or a Logon failure, then a possible cause is a 'valid users' line in the [globals] section. 7c. Run this command on the Windows DOS command line C:\> nbtstat -n You should see a list of workgroup names, machine names, and possibly usernames. 7d. Are you running WINS (wins support = yes in [globals] section)? If so, in Windows, try Administrative tools -> Wins Administration tool -> Active Registrations. Bear in mind not all Windows versions have this tool installed. As an alternative, on the Windows DOS command line C:\> ipconfig /all You should see mention of the WINS server; check the IP address. ===Additional common errors=== In chapter 1, under Common Errors ("The network name cannot be found”) add this advice: * You have set 'valid users' in the [Globals] section. It should be specified under each share, not in the [Globals] section. ===Conclusion=== In saying this, I hope I've saved others some grief: I've spent a few late nights on this. Nick Bishop, email replies ignored. - Disclaimer, n: Advice to the reader that they should put their lawyer away. -oOo- Make the switch to the world's best email. Get Yahoo!7 Mail! http://au.yahoo.com/y7mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba