[Samba] Can non-root users set their own "create mask"?
Hi, I'm a non-root user of a server on which I can access my home directory. But every file I upload became executable. If I have the root privilege on a machine, I usually set the "create mask" to 0600 so that everything uploaded seems to be normal file. Is there any way I can set my own "create mask"? Thanks!! Sun -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] heimdal and windows compatibility up-to-date informations
On Friday 10 October 2008 23:49:04 Natxo Asenjo wrote: > On Fri, Oct 10, 2008 at 2:03 PM, Pascal Levy <[EMAIL PROTECTED]> wrote: > > I have (since long) to write a complete documentation for all this > > things. for now, i only have a very partial one, about the trust between > > realms and user mapping. It's in french, i'm sorry for the list but i > > guess that it can be ok for you, and prehaps better than my vey bad > > english (sorry for that too). > > i would really like to take a look at those docs (my French is a bit > rusty but I think I can manage :-) ) I can post on the list on monday then. -- Pascal Levy Ingénieur réseaux & ressources informatiques Bibliothèque InterUniversitaire Sainte Geneviève tél. : (33) 1 44 41 97 53 Bibliothèque InterUniversitaire de Langues Orientales tél. : (33) 1 44 77 95 00 [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] heimdal and windows compatibility up-to-date informations
On Fri, Oct 10, 2008 at 2:03 PM, Pascal Levy <[EMAIL PROTECTED]> wrote: > I have (since long) to write a complete documentation for all this things. for > now, i only have a very partial one, about the trust between realms and user > mapping. It's in french, i'm sorry for the list but i guess that it can be ok > for you, and prehaps better than my vey bad english (sorry for that too). i would really like to take a look at those docs (my French is a bit rusty but I think I can manage :-) ) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hosts Allow/Deny
I am running CentOS 5.2 w/ Samba 3.0.28 and have a basic user level setup and am trying to use hosts allow and deny but it does not have an effect? I have specified them in the share level of the config. I have tried: hosts allow = 192.168.0.72/32 hosts deny = 0.0.0.0/0 Also: ; hosts allow = 192.168.0.72/32 hosts deny = 0.0.0.0/0 except 192.168.0.72/32 Still, any hosts can gain access? Can anyone shed some light on this? Thanks, jlc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Server crash - Is it a Kernel or Samba problem?
On Fri, Oct 10, 2008 at 02:36:25PM -0500, Trimble, Ronald D wrote: > Do you have any suggestions on how I may track this down. > Obviously, the logs are sparse. Has anyone else reported > a similar problem? The only real suggestion I have is to contact Novell. SLES9 is a supported product. Volker pgpGliGw3YGBu.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
Volker Lendecke wrote: > On Fri, Oct 10, 2008 at 08:19:24PM +0200, Frank Bonnet wrote: >> Volker Lendecke wrote: >>> On Fri, Oct 10, 2008 at 04:40:29PM +0200, Frank Bonnet wrote: > Well, then there's something wrong with your setup. The > filer is just a normal member machine. > > Volker Could you send your smb.conf file ( minus confidential infos of course ) I would like to check with mine ? >>> Which one do you want? This is just a plain normal DC setup. >>> >>> Volker >> Anyway I'm a bit new with samba and appreciate looking smb.conf file > > http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ > > contains lots of example snippets. > > Volker Thank you Volker :-) Good night ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
Volker Lendecke wrote: > On Fri, Oct 10, 2008 at 08:19:24PM +0200, Frank Bonnet wrote: >> Volker Lendecke wrote: >>> On Fri, Oct 10, 2008 at 04:40:29PM +0200, Frank Bonnet wrote: > Well, then there's something wrong with your setup. The > filer is just a normal member machine. > > Volker Could you send your smb.conf file ( minus confidential infos of course ) I would like to check with mine ? >>> Which one do you want? This is just a plain normal DC setup. >>> >>> Volker >> Anyway I'm a bit new with samba and appreciate looking smb.conf file > > http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ > > contains lots of example snippets. > > Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
On Fri, Oct 10, 2008 at 08:19:24PM +0200, Frank Bonnet wrote: > Volker Lendecke wrote: > > On Fri, Oct 10, 2008 at 04:40:29PM +0200, Frank Bonnet wrote: > >>> Well, then there's something wrong with your setup. The > >>> filer is just a normal member machine. > >>> > >>> Volker > >> Could you send your smb.conf file ( minus confidential infos of course ) > >> I would like to check with mine ? > > > > Which one do you want? This is just a plain normal DC setup. > > > > Volker > > Anyway I'm a bit new with samba and appreciate looking smb.conf file http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ contains lots of example snippets. Volker pgpV2q83bmxEi.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Server crash - Is it a Kernel or Samba problem?
Do you have any suggestions on how I may track this down. Obviously, the logs are sparse. Has anyone else reported a similar problem? -Original Message- From: Volker Lendecke [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 3:19 PM To: Trimble, Ronald D Cc: samba@lists.samba.org Subject: Re: [Samba] Server crash - Is it a Kernel or Samba problem? On Fri, Oct 10, 2008 at 11:22:58AM -0500, Trimble, Ronald D wrote: > Oct 9 20:17:26 USTR-LINUX-1 kernel: Call Trace: > Oct 9 20:17:26 USTR-LINUX-1 kernel: [] > __dequeue_signal+0x184/0x1a0 Oct 9 20:17:26 USTR-LINUX-1 kernel: > [] dequeue_signal+0x62/0xa0 Oct 9 20:17:26 USTR-LINUX-1 > kernel: [] get_signal_to_deliver+0x7a/0x3d0 Oct 9 20:17:26 > USTR-LINUX-1 kernel: [] do_signal+0x8a/0x640 Oct 9 > 20:17:26 USTR-LINUX-1 kernel: [] > ckrm_invoke_event_cb_chain+0x24/0x30 > Oct 9 20:17:26 USTR-LINUX-1 kernel: [] > sys_setresuid+0x1dc/0x240 Oct 9 20:17:26 USTR-LINUX-1 kernel: > [] do_notify_resume+0x37/0x40 Oct 9 20:17:26 USTR-LINUX-1 > kernel: [] work_notifysig+0x13/0x15 Oct 9 20:17:26 USTR-LINUX-1 > kernel: > Oct 9 20:17:26 USTR-LINUX-1 kernel: Code: 89 50 04 89 02 89 da c7 43 > 14 00 01 10 00 c7 41 04 00 02 20 Oct 10 00:24:53 USTR-LINUX-1 syslogd 1.4.1: > restart. > > > My question is is this a kernel or a samba problem? Has anyone > experience this before? I do know that the server was under > considerable SMB load (a build was being generated on another computer > and written to this server) when the oops occurred. I am running SUSE > SLES 9 SP4. > Kernel is 2.6.5-7.286-bigsmp. Kernel crashes are a kernel problem, or maybe flaky hardware. Samba might put a load on the kernel that only few other applications do, but it is a kernel problem. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Server crash - Is it a Kernel or Samba problem?
On Fri, Oct 10, 2008 at 11:22:58AM -0500, Trimble, Ronald D wrote: > Oct 9 20:17:26 USTR-LINUX-1 kernel: Call Trace: > Oct 9 20:17:26 USTR-LINUX-1 kernel: [] > __dequeue_signal+0x184/0x1a0 > Oct 9 20:17:26 USTR-LINUX-1 kernel: [] dequeue_signal+0x62/0xa0 > Oct 9 20:17:26 USTR-LINUX-1 kernel: [] > get_signal_to_deliver+0x7a/0x3d0 > Oct 9 20:17:26 USTR-LINUX-1 kernel: [] do_signal+0x8a/0x640 > Oct 9 20:17:26 USTR-LINUX-1 kernel: [] > ckrm_invoke_event_cb_chain+0x24/0x30 > Oct 9 20:17:26 USTR-LINUX-1 kernel: [] sys_setresuid+0x1dc/0x240 > Oct 9 20:17:26 USTR-LINUX-1 kernel: [] do_notify_resume+0x37/0x40 > Oct 9 20:17:26 USTR-LINUX-1 kernel: [] work_notifysig+0x13/0x15 > Oct 9 20:17:26 USTR-LINUX-1 kernel: > Oct 9 20:17:26 USTR-LINUX-1 kernel: Code: 89 50 04 89 02 89 da c7 43 14 00 > 01 10 00 c7 41 04 00 02 20 > Oct 10 00:24:53 USTR-LINUX-1 syslogd 1.4.1: restart. > > > My question is is this a kernel or a samba problem? Has > anyone experience this before? I do know that the server > was under considerable SMB load (a build was being > generated on another computer and written to this server) > when the oops occurred. I am running SUSE SLES 9 SP4. > Kernel is 2.6.5-7.286-bigsmp. Kernel crashes are a kernel problem, or maybe flaky hardware. Samba might put a load on the kernel that only few other applications do, but it is a kernel problem. Volker pgpm9kGvmvkiE.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
Volker Lendecke wrote: > On Fri, Oct 10, 2008 at 04:40:29PM +0200, Frank Bonnet wrote: >>> Well, then there's something wrong with your setup. The >>> filer is just a normal member machine. >>> >>> Volker >> Could you send your smb.conf file ( minus confidential infos of course ) >> I would like to check with mine ? > > Which one do you want? This is just a plain normal DC setup. > > Volker Anyway I'm a bit new with samba and appreciate looking smb.conf file thank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: In place upgrade
> As root: > > killall smbd nmbd winbindd > make install > /usr/local/samba/sbin/nmbd > /usr/local/samba/sbin/winbindd > /usr/local/samba/sbin/smbd > > Upgrade done ! :-). Another good suggestion. Cheers, Kristian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: In place upgrade
On Fri, Oct 10, 2008 at 12:42:10PM +0100, Kristian Davies wrote: > On Wed, Oct 8, 2008 at 3:24 PM, Kristian Davies > <[EMAIL PROTECTED]> wrote: > > Excuse the basic question but how do I do an in place upgrade from > > src? 3.2.2 to say 3.2.4. > > *bump* > > Please feel free to berate me on no already knowing this and if I > don't already know it, maybe I shouldn't be installing src. > > The docs don't mention anything, I'm assuming this is because it > expects you to already know how. As root: killall smbd nmbd winbindd make install /usr/local/samba/sbin/nmbd /usr/local/samba/sbin/winbindd /usr/local/samba/sbin/smbd Upgrade done ! :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dfree causing write access problems
On Fri, Oct 10, 2008 at 10:32:38AM +0200, Mike Gallamore wrote: > Thanks for the advice and ouch. This is a production system and the > filesystem that it is running is a proprietary enterprise level > filesystem that Sun vends that takes their engineers a few days to > install and tweak. I'll try to debug it on a virtual system I guess and > see if I can reproduce the problem in standard filesystem installs > (shouldn't matter I hope). Do you mean Lustre ? If so I know the Lustre guys at Sun. Maybe we can use the backdoor :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Server crash - Is it a Kernel or Samba problem?
Yesterday I had an unexpected server crash. Here is what appeared in the logs: Oct 9 20:16:21 USTR-LINUX-1 [powersaved][11654]: resmgr: server response code 200 Oct 9 20:16:53 USTR-LINUX-1 last message repeated 19 times Oct 9 20:17:26 USTR-LINUX-1 last message repeated 13 times Oct 9 20:17:26 USTR-LINUX-1 kernel: Unable to handle kernel paging request at virtual address 00100104 Oct 9 20:17:26 USTR-LINUX-1 kernel: printing eip: Oct 9 20:17:26 USTR-LINUX-1 kernel: c0134d50 Oct 9 20:17:26 USTR-LINUX-1 kernel: *pde = 09044001 Oct 9 20:17:26 USTR-LINUX-1 kernel: Oops: 0002 [#1] Oct 9 20:17:26 USTR-LINUX-1 kernel: SMP Oct 9 20:17:26 USTR-LINUX-1 kernel: CPU:2 Oct 9 20:17:26 USTR-LINUX-1 kernel: EIP:0060:[]Tainted: G U Oct 9 20:17:26 USTR-LINUX-1 kernel: EFLAGS: 00010002 (2.6.5-7.286-bigsmp SLES9_SP3_BRANCH-20070531101258) Oct 9 20:17:26 USTR-LINUX-1 kernel: EIP is at free_uid+0x20/0x50 Oct 9 20:17:26 USTR-LINUX-1 kernel: eax: 00100100 ebx: ecd84500 ecx: ecd84514 edx: 00200200 Oct 9 20:17:26 USTR-LINUX-1 kernel: esi: c9460af8 edi: 0009 ebp: 000a esp: cf66beb0 Oct 9 20:17:26 USTR-LINUX-1 kernel: ds: 007b es: 007b ss: 0068 Oct 9 20:17:26 USTR-LINUX-1 kernel: Process smbd (pid: 29272, threadinfo=cf66a000 task=ec3c4010) Oct 9 20:17:26 USTR-LINUX-1 kernel: Stack: c677d708 c0135f64 cf66bf28 cf66bf28 ec3c4010 ec3c4554 Oct 9 20:17:26 USTR-LINUX-1 kernel:c0137c22 cf66a000 083d7520 cf66bfc4 e000 c0137ffa 2411f3bd cf66a000 Oct 9 20:17:26 USTR-LINUX-1 kernel:ec3c4554 cf66bfc4 cf66bf28 cf66a000 083d7520 cf66bfc4 ec3c4554 c010847a Oct 9 20:17:26 USTR-LINUX-1 kernel: Call Trace: Oct 9 20:17:26 USTR-LINUX-1 kernel: [] __dequeue_signal+0x184/0x1a0 Oct 9 20:17:26 USTR-LINUX-1 kernel: [] dequeue_signal+0x62/0xa0 Oct 9 20:17:26 USTR-LINUX-1 kernel: [] get_signal_to_deliver+0x7a/0x3d0 Oct 9 20:17:26 USTR-LINUX-1 kernel: [] do_signal+0x8a/0x640 Oct 9 20:17:26 USTR-LINUX-1 kernel: [] ckrm_invoke_event_cb_chain+0x24/0x30 Oct 9 20:17:26 USTR-LINUX-1 kernel: [] sys_setresuid+0x1dc/0x240 Oct 9 20:17:26 USTR-LINUX-1 kernel: [] do_notify_resume+0x37/0x40 Oct 9 20:17:26 USTR-LINUX-1 kernel: [] work_notifysig+0x13/0x15 Oct 9 20:17:26 USTR-LINUX-1 kernel: Oct 9 20:17:26 USTR-LINUX-1 kernel: Code: 89 50 04 89 02 89 da c7 43 14 00 01 10 00 c7 41 04 00 02 20 Oct 10 00:24:53 USTR-LINUX-1 syslogd 1.4.1: restart. My question is is this a kernel or a samba problem? Has anyone experience this before? I do know that the server was under considerable SMB load (a build was being generated on another computer and written to this server) when the oops occurred. I am running SUSE SLES 9 SP4. Kernel is 2.6.5-7.286-bigsmp. Any help would be appreciated. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
On Fri, Oct 10, 2008 at 04:40:29PM +0200, Frank Bonnet wrote: > >Well, then there's something wrong with your setup. The > >filer is just a normal member machine. > > > >Volker > > Could you send your smb.conf file ( minus confidential infos of course ) > I would like to check with mine ? Which one do you want? This is just a plain normal DC setup. Volker pgpdiByFd3X80.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
On Thu, 09 Oct 2008 08:29:10 -0400, Frank Bonnet <[EMAIL PROTECTED]> wrote: Hello Anyone has succeeded to use a Samba PDC erver as a PDC from a Netapp filer to use CIFS direct connections ? ? I did not succeeded, I get this error (/var/log/samba/log.nas): [2008/10/10 12:23:14, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478) _net_auth2: creds_server_check failed. Rejecting auth request from client NAS machine account NAS$ Any help would be appreciated -- Jorge C. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC + LDAP: adding user to local admin group
On 10/9/2008, Tim Bates ([EMAIL PROTECTED]) wrote: > If you set it at a domain level like you said, it would give them > admin rights anywhere they can log into. But if you control which workstations they can log into, this isn't really a problem - save the part of them having local admin rights... ;) -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: cifs problems
yes, it is strange. exactly the same setting worked fine before with older version samba and linux kernel (on my client, server was not toucged so it's running a much older version). I'm not sure whether it's samba or the kernel that breaks my stuff. and I am not able to roll back to an older version samba because of all those dependency issues. Thanks, George On 10/10/08, Mike Gallamore <[EMAIL PROTECTED]> wrote: > > Strange, that seems to be all that my predecessor to get ours to work at > my work. I'm not sure if your set up is the same, but our fileserver is > aware of every user in the institute (we do biology research). I could see > touch maybe not knowing how to work when the local user and remote user > aren't identical (same UID, and groups settings) but that is just a guess. > Here is the global part of our configuration file, we are running 3.2.2 on a > Solaris 10 system: > > [global] >workgroup = MPI-CBG >netbios name = Fileserver >wins support = yes >security = user >log level = 0 >log file = /var/adm/samba/log.smbd >inherit permissions = yes >load printers = no >printing = bsd >printcap name = /dev/null >disable spoolss = yes >deadtime = 5 >getwd cache = yes >oplocks = yes >socket options = TCP_NODELAY IPTOS_LOWDELAY > >smb passwd file = /etc/samba/smbpasswd >max disk size=200 >guest ok = no >encrypt passwords = yes >mangling method = hash >mangled names = no > >; make file deletions more simple >delete veto files = yes >delete readonly = yes > >follow symlinks = yes >wide links = yes >unix extensions = no > > The only bit I thought had anything to do with simlinks is the last three > lines. wide links is supposed to tell Samba not to check to see if the > target of a link is in a share as well, it is recommended to be set to yes > here: > http://tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap29sec287.html > because > it saves 6 system calls so has a pretty big performance benefit. Anyways, > you might see something that I don't. > > > On Oct 9, 2008, at 7:58 PM, George He wrote: > > Hi Mike, >> Thanks for the help, but neither of these works for me. >> After I added the 2 lines in smb.conf, both touch and ln -s behave the >> same. >> Besides, I lost all permissions on another client machine (redhat EL4) >> that mounted the data share using the same way I described earlier (it >> worked fine and after I remove the 2 lines, it works fine again). >> Any other ideas? >> George >> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
Volker Lendecke wrote: On Fri, Oct 10, 2008 at 10:09:07AM +0200, Frank Bonnet wrote: Do you have a howto ? There's tons of documentation for Samba/PDC setups. Do I have to setup a *local* account (in smbpasswd) for each filer on the samba PDC ? we use Samba + OpenLDAP and adding a machine account in LDAP does not help to connect the filer to the PDC Well, then there's something wrong with your setup. The filer is just a normal member machine. Volker Could you send your smb.conf file ( minus confidential infos of course ) I would like to check with mine ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind does not list users from trusted domain
Gerald (Jerry) Carter wrote: Marco Senft wrote: I've set up a testing environment with two Windows DCs. The first, called DCA, is serving the domain DOMA and is running Windows 2003. The second is called DCB and serves DOMB on Windows 2008. What version of Samba are you running? It's the 3.2.3 debian package (package version 2:3.2.3-1). It looks like the trusted domains in this case are actually other domain trees. Are they in the same forest? Yes, DOMA and DOMB are different domain trees in the same forest. Their Kerberos realms (and DNS domains) are named DOMA.NET and DOMB.NET. Cheers, marco -- Marco Senft http://www.t2g.ch/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] vscan-clamav.so package bug opensuse 11 ?
[EMAIL PROTECTED] with latest stable samba opensuse 11 the samba-vscan pack seems to be broken with scan-clamav.s Error trying to resolve symbol 'init_samba_module' in /usr/lib64/samba/vfs/vscan-clamav.so: /usr/lib64/samba/vfs/vscan-clamav.so: undefined symbol: init_samba_module shouldn it be init_module now ( taken somewhere from google) -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: In place upgrade
On Fri, Oct 10, 2008 at 2:23 PM, Rubin Bennett <[EMAIL PROTECTED]> wrote: > On Fri, 2008-10-10 at 13:56 +0100, Kristian Davies wrote: >> > For a system installed without a package manager (i.e. make install), >> > then you make a copy of your passdb.tdb, secrets.tdb and smb.conf, >> > upgrade, and put those 3 files back in. >> >> That's the puppy. So, stop services, mv sambadir, install new version >> afresh, copy over those three files and start services. >> >> Will that affect the machines AD machine account with sid's etc... or >> is that why the secrets.tdb are copied over? >> > That's why secrets.tdb is copied over. However, if you're changing > machines or upgrading OS at the same time, you'll need to copy the user/ > machine entries in /etc/passwd, /etc/group and /etc/shadow as well or > you'll get lots of ugly messages about your password database being > corrupt. Awesome, thanks for the pointers! Cheers, Kristian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: In place upgrade
On Fri, 2008-10-10 at 13:56 +0100, Kristian Davies wrote: > > For a system installed without a package manager (i.e. make install), > > then you make a copy of your passdb.tdb, secrets.tdb and smb.conf, > > upgrade, and put those 3 files back in. > > That's the puppy. So, stop services, mv sambadir, install new version > afresh, copy over those three files and start services. > > Will that affect the machines AD machine account with sid's etc... or > is that why the secrets.tdb are copied over? > That's why secrets.tdb is copied over. However, if you're changing machines or upgrading OS at the same time, you'll need to copy the user/ machine entries in /etc/passwd, /etc/group and /etc/shadow as well or you'll get lots of ugly messages about your password database being corrupt. Rubin -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 Think for yourselves and let others enjoy the privilege to do so, too. ~Voltaire -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind does not list users from trusted domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marco Senft wrote: > Hello all. > > I've set up a testing environment with two Windows DCs. The first, > called DCA, is serving the domain DOMA and is running Windows 2003. The > second is called DCB and serves DOMB on Windows 2008. What version of Samba are you running? It looks like the trusted domains in this case are actually other domain trees. Are they in the same forest? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI71UYIR7qMdg1EfYRAs+yAKDslIL3c7Jxkm5gvSFu/ZdwkEix0wCfc/OL 7vpFjRQ8d4jxlTKWM+9FoWQ= =4WWV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authentification problems with ldap
Hello, Until now samba authentify users against a nis§ database. I just only want the same thing but that samba looks for login/password against a ldap server to identify users. I run samba-3.0.32 on fedora core 9. I enter the command below so my server can read ldap : smbpasswd -w read_pasword When I write login/password in authentification box on the client windows XP it doesn't work ! On the slapd.log I read : Oct 10 11:51:54 host1 slapd[24570]: conn=16 op=3 SRCH base="dc=ourdomain,dc=fr" scope=2 deref=0 filter="(&(uid=frontin)(objectClass=sambaSamAccount))" In /var/log/samba/myhost.log I find sam_account_ok adn logon_hour_ok Any ideas ! Thanks you in advance Regards -- Jean Frontin System team I R I T Université Paul-Sabatier 118, rte de Narbonne 31062 Toulouse cedex 9 France tel (33)(0)5 61 55 63 03 mail [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: In place upgrade
> For a system installed without a package manager (i.e. make install), > then you make a copy of your passdb.tdb, secrets.tdb and smb.conf, > upgrade, and put those 3 files back in. That's the puppy. So, stop services, mv sambadir, install new version afresh, copy over those three files and start services. Will that affect the machines AD machine account with sid's etc... or is that why the secrets.tdb are copied over? Cheers, Kristian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind does not list users from trusted domain
Hello all. I've set up a testing environment with two Windows DCs. The first, called DCA, is serving the domain DOMA and is running Windows 2003. The second is called DCB and serves DOMB on Windows 2008. The Samba machine I'm setting up (named ULYSSES) should be able to authenticate users from both domains for shell login. I've installed Samba 3.2.3 as a Debian package and closely followed the fine Howto by Michael Battista (http://www.ccs.neu.edu/home/battista/documentation/winbind/). Here are the current settings from my smb.conf, stripped down to the relevant ones: [global] realm = B.NET workgroup = B idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash template homedir = /home/%D/%U ; winbind enum groups = yes ; winbind enum users = yes winbind use default domain = no winbind nested groups = yes allow trusted domains = yes PAM and NSS are configured as well, winbind is installed and running. The Samba machine has successfully joined DOMB: wbinfo -t checking the trust secret via RPC calls succeeded Domain trusts seem to work: wbinfo -m BUILTIN ULYSSES DOMA DOMB So far, everything works as expected. But when I try to get user info, only users from DOMB (where the Samba machine is a member) are found by winbind: wbinfo -u ULYSSES\root ULYSSES\nobody [...] DOMB\administrator DOMB\brian No entries for DOMA are listed. To track this further down, I issued the following commands: wbinfo -i "DOMA\alvin" Could not get info for user DOMA\alvin wbinfo -i "DOMB\brian" DOMB\brian:*:1:1:Brian:/home/DOMB/brian:/bin/bash The logfile (log.wb-DOMA) states: [2008/10/10 12:32:23, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (KRB5 error code 68) [2008/10/10 12:32:23, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (KRB5 error code 68) [2008/10/10 12:32:23, 0] libads/sasl.c:ads_sasl_spnego_bind(819) kinit succeeded but ads_sasl_spnego_krb5_bind failed: KRB5 error code 68 [2008/10/10 12:32:23, 1] winbindd/winbindd_ads.c:ads_cached_connection(127) ads_connect for domain DOMA failed: KRB5 error code 68 [2008/10/10 12:32:23, 1] winbindd/winbindd_user.c:winbindd_dual_userinfo(150) error getting user info for sid S-1-5-21-1851683558-1272149263-2209706219-1104 So I suspect something with the Kerberos authentication to be wrong; but why is that, since I can successfully authenticate users with winbind: wbinfo -a "DOMA\alvin%alvinpass" plaintext password authentication succeeded challenge/response password authentication succeeded wbinfo -a "DOMB\brian%brianpass" plaintext password authentication succeeded challenge/response password authentication succeeded Why is winbind able to authenticate users, but cannot get user info about them? Does anyone have a hint for me? Thanks in advance, marco -- Marco Senft http://www.t2g.ch/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: In place upgrade
On Fri, 2008-10-10 at 12:42 +0100, Kristian Davies wrote: > On Wed, Oct 8, 2008 at 3:24 PM, Kristian Davies > <[EMAIL PROTECTED]> wrote: > > Excuse the basic question but how do I do an in place upgrade from > > src? 3.2.2 to say 3.2.4. > > *bump* > > Please feel free to berate me on no already knowing this and if I > don't already know it, maybe I shouldn't be installing src. > > The docs don't mention anything, I'm assuming this is because it > expects you to already know how. > > -Kristian If you're on an RPM based system, then you just upgrade your rpms (rpm -Uvh {packages}. For a system installed without a package manager (i.e. make install), then you make a copy of your passdb.tdb, secrets.tdb and smb.conf, upgrade, and put those 3 files back in. -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 Think for yourselves and let others enjoy the privilege to do so, too. ~Voltaire -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC + LDAP: adding user to local admin group
Hi all, On Thu, Oct 9, 2008 at 6:29 PM, Tim Bates <[EMAIL PROTECTED]> wrote: > Not sure if you can do it like that, but if you only want to give them > local admin on their own computer (and not everyone else's), you're going to > want to do it on each computer manually anyway... Or via a script if you're > going to have to change them often. > If you set it at a domain level like you said, it would give them admin > rights anywhere they can log into. Well actually it wouldn't be a big problem if the user has local admin rights on any machine. On Fri, Oct 10, 2008 at 4:17 AM, L.P.H. van Belle <[EMAIL PROTECTED]> wrote: > hmmm giving users local admin rights, thats not the way to do it. > and makes your network insecure.. > Better control this through de domain groups. > > this is how i do it. > > i create a domain groep, add the users in it, and through loginscript > i create a local group and add the domain group in it. > now on directories/files or in registry i give the local group the needed > rights. > That's a nice approach, but what commands I have available to do such tasks as create/add groups on the local machine? I'm don't have deep technical knowledge on windows networking. Anyway, I thought this was a trivial task and it seems it is not. So, as there aren't many users with this special need, I'm starting to consider the manual way of adding the to the local admin group on their own machine. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] heimdal and windows compatibility up-to-date informations
On Friday 10 October 2008 11:14:10 Guillaume Rousse wrote: > Pascal Levy a écrit : (...) > > That's sound really interesting, but I don't understand some points: > > - how do you have AD knows it can get a kerberos ticket from the heimdal > KDC ? Did you set the user userPrincipalName attribute to a principal > from heimdal managed realm ? > there is a special attribute in AD ldap schema "altSecurityIdentities" whose can be use for this purpose. you can access it with ldap tools or, in the windows AD mmc interface by activating "advance features" and "user mapping" in the contextual menu of a user object. > - is the AD userPassword attribute ever used in this case ? > It could be if you want user be able to chose beetwen AD direct login or unix kdc authentication, but actualy here, no, it's never use and nodoby can access to it. > - what's the exact usefulness of having OpenLDAP auth redirected to SASL > mechanism ? Just for managing a single password ? We have heimdal using > openldap as backend, and use smbkrb5 overlay to keep them synced > already, so it may be useless for us. > we wanted the heimdal KDC to be the unique central repository for our users password, either for security and for synchronisation reasons. > - how do you prevent ExOP PasswdChange to rewrite userPassword attribute > with a normal value, and keep '[EMAIL PROTECTED]' instead ? > you can do this with ldap acl but we actualy at this moment manage this issue only at the interface level. We exept our users to not use ldap command line tools... > - what exact cyphers did you use to ensure compatibility between heimdal > and your AD controller ? From Heimdal documentation, we used > des3-hmac-sha1 and des-cbc-crc, but it's quite old. From previous Andrew > answer, I understand we may use arcfour-hmac-md5 as well now. > This is a issue only for the key shared by the AD and the heimdal kdc (krbtgt/[EMAIL PROTECTED]). For this one, we kept only des-cbc-crc. It was the worse headache when I started working on this. I have (since long) to write a complete documentation for all this things. for now, i only have a very partial one, about the trust between realms and user mapping. It's in french, i'm sorry for the list but i guess that it can be ok for you, and prehaps better than my vey bad english (sorry for that too). Pascal > Thanks for your input. -- Pascal Levy Ingénieur réseaux & ressources informatiques Bibliothèque InterUniversitaire Sainte Geneviève tél. : (33) 1 44 41 97 53 Bibliothèque InterUniversitaire de Langues Orientales tél. : (33) 1 44 77 95 00 [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] logon server
Hi! Meanwhile i'have found something about the subject: There is a littel command line utility in the NT4 resource kit, called setprfdc.exe. With this utility you can set the preferred logon server for the workstation. It works with XP SP3 as well. > >Hi everyone! > >I am new to this list, so first i want to say hello! > >I would like to ask that how windows xp client decide that which server >to use as logon server? Now we are using two samba server in two >different subnets. I would like to force clients, from a third subnet, >to use the specified server as logon server. We using one of the samba >servers as globan wins server. > >thanx! -- Köszönettel: Vukovics Mihály Pécsi Tudományegyetem Klinikai Központ Informatikai és Telekommunikációs Vezetô / CIO Pécs, Honvéd utca 1. Tel: +36 72 536-400 Fax: +36 72 536-401 Mobil: +36 30 620 5304 Skype: oregszun ICQ: 139134852 Informatikai Vezetôk Tarsásága http://www.ivetar.hu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: In place upgrade
On Wed, Oct 8, 2008 at 3:24 PM, Kristian Davies <[EMAIL PROTECTED]> wrote: > Excuse the basic question but how do I do an in place upgrade from > src? 3.2.2 to say 3.2.4. *bump* Please feel free to berate me on no already knowing this and if I don't already know it, maybe I shouldn't be installing src. The docs don't mention anything, I'm assuming this is because it expects you to already know how. -Kristian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
Volker Lendecke wrote: On Fri, Oct 10, 2008 at 10:27:21AM +0200, Frank Bonnet wrote: mmh , which version of Samba are you using ? Actually my production server is runing 2.2.x if it matter. Okay I wouldn't bet that this does in fact work with NetApp filers. 2.2 was delared end of life AGES ago :-) Volker Yes I know , but sometimes you haven't choice on existing production environement ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2003 Domain and Functional Level
Hi, For various reasons we need to raise the domain and functional level of our Windows 2003 Domain to Windows 2003 from Windows 2003 interim. We are using Samba 3.0.28a on Solaris V9. Are there any issues with doing this will samba still work? TIA Regards Graeme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] heimdal and windows compatibility up-to-date informations
Pascal Levy a écrit : On Wednesday 08 October 2008 12:54:48 Guillaume Rousse wrote: I'm back on this old question, because I'm now really working on it. Andrew Bartlett a écrit : Second, I was looking at better way to sync users accounts between our new ldap-backed heimdal kdc and our windows AD. Currently, we have an automated task synchronising user entries into Windows LDAP from our Unix LDAP hourly, and a password-management CGI propagating password changes to both systems (using an ugly VB CGI on windows side to effectively change the password). I was wondering if the password handling stuff could be merged with the ldap synchronisation task, now we store kerberos keys in LDAP. Windows does not allow the password attributes to be manipulated like that. You could potentially read and set passwords with Samba4's DRSUAPI synchronisation, but you can't do it with just Heimdal or just LDAP. I don't know if this could be usefull for you but what we are doing here is to keep real users passwords only in heimdal KDC. openldap authentication is made by using sasl mechanism with [EMAIL PROTECTED] as userPassword chain AD authentication is made by using a trust relationship with heimdal KDC and a mapping beetwen AD accounts and heimdal KDC principals. ldap/heimdal/AD accounts are keep in sync with a perl script running each 15 min. AD userPassword is a (very) long random chain created by the perl script and set in AD with ldap tools. users can change there password by using normal windows change password interface. Admins can use heimdal tools to manage passwords directly on the kdc. That's sound really interesting, but I don't understand some points: - how do you have AD knows it can get a kerberos ticket from the heimdal KDC ? Did you set the user userPrincipalName attribute to a principal from heimdal managed realm ? - is the AD userPassword attribute ever used in this case ? - what's the exact usefulness of having OpenLDAP auth redirected to SASL mechanism ? Just for managing a single password ? We have heimdal using openldap as backend, and use smbkrb5 overlay to keep them synced already, so it may be useless for us. - how do you prevent ExOP PasswdChange to rewrite userPassword attribute with a normal value, and keep '[EMAIL PROTECTED]' instead ? - what exact cyphers did you use to ensure compatibility between heimdal and your AD controller ? From Heimdal documentation, we used des3-hmac-sha1 and des-cbc-crc, but it's quite old. From previous Andrew answer, I understand we may use arcfour-hmac-md5 as well now. Thanks for your input. -- Guillaume Rousse Moyens Informatiques - INRIA Futurs Tel: 01 69 35 69 62 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
On Fri, Oct 10, 2008 at 10:27:21AM +0200, Frank Bonnet wrote: > mmh , which version of Samba are you using ? Actually my production > server is runing 2.2.x if it matter. Okay I wouldn't bet that this does in fact work with NetApp filers. 2.2 was delared end of life AGES ago :-) Volker pgplqYk4KJcds.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dfree causing write access problems
On Oct 9, 2008, at 7:43 PM, Jeremy Allison wrote: On Thu, Oct 09, 2008 at 11:30:21AM +0200, Mike Gallamore wrote: Hi I'm having problems with the dfree option on a Solaris 10 fileserver. Specifically: I had 3.0.X on the fileserver and the dfree option worked fine. I upgraded to 3.2.2 and now if dfree is enabled the clients get 1MB reported as the size of the share and when a client tries to right to the system they get told that the filesystem is full. The script output has been tested throughly and reports: system: Solaris 10 base filesystem: SAM QFS 4.5 with quotas enabled clients: variety, mostly Macs (Tiger and Leopard), some Windows and Linux The idea is to use dfree to fake disk sizes so that it reports the quota size for a project and the amount that is still free rather than the base system size. This is very important to us as we have users with 50GB shares that are reporting 4TB or something whatever happens to be the free space on the array at the time. Using samba quotas isn't an option because we don't want two quotas to update and some project shares get NFS mounted as well, so we need the quotas down to the host filesystem level. You may need to add some debug statements to smbd/quotas.c to see where the size calculations are going wrong in the Solaris codepaths. Unfortunately this is one of the most system specific parts of Samba, so it'll be hard for others to reproduce. Jeremy. Thanks for the advice and ouch. This is a production system and the filesystem that it is running is a proprietary enterprise level filesystem that Sun vends that takes their engineers a few days to install and tweak. I'll try to debug it on a virtual system I guess and see if I can reproduce the problem in standard filesystem installs (shouldn't matter I hope). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
Volker Lendecke wrote: On Fri, Oct 10, 2008 at 10:09:07AM +0200, Frank Bonnet wrote: Do you have a howto ? There's tons of documentation for Samba/PDC setups. Do I have to setup a *local* account (in smbpasswd) for each filer on the samba PDC ? we use Samba + OpenLDAP and adding a machine account in LDAP does not help to connect the filer to the PDC Well, then there's something wrong with your setup. The filer is just a normal member machine. Volker mmh , which version of Samba are you using ? Actually my production server is runing 2.2.x if it matter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
On Fri, Oct 10, 2008 at 10:09:07AM +0200, Frank Bonnet wrote: > Do you have a howto ? There's tons of documentation for Samba/PDC setups. > Do I have to setup a *local* account (in smbpasswd) for each filer on the > samba PDC ? > we use Samba + OpenLDAP and adding a machine account in LDAP does > not help to connect the filer to the PDC Well, then there's something wrong with your setup. The filer is just a normal member machine. Volker pgpenlcfLaQ9O.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba PDC from Netapp filers ?
Volker Lendecke wrote: On Thu, Oct 09, 2008 at 02:29:10PM +0200, Frank Bonnet wrote: Anyone has succeeded to use a Samba PDC erver as a PDC from a Netapp filer to use CIFS direct connections ? ? Yep, did it. NetApp says it's not supported, but it works beautifully. Volker Yes cool ! Do you have a howto ? Do I have to setup a *local* account (in smbpasswd) for each filer on the samba PDC ? we use Samba + OpenLDAP and adding a machine account in LDAP does not help to connect the filer to the PDC Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba PDC + LDAP: adding user to local admin group
hmmm giving users local admin rights, thats not the way to do it. and makes your network insecure.. Better control this through de domain groups. this is how i do it. i create a domain groep, add the users in it, and through loginscript i create a local group and add the domain group in it. now on directories/files or in registry i give the local group the needed rights. Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Namens >Gustavo Michels >Verzonden: donderdag 9 oktober 2008 22:27 >Aan: samba@lists.samba.org >Onderwerp: [Samba] Samba PDC + LDAP: adding user to local admin group > >Hi all, > >I'm evaluating Zimbra [1] as the groupware server for my small >company. It >uses OpenLDAP for authentication services and I'm configuring >a Samba server >as a PDC for my company, using the same ldap backend. > >So far, so good, everything is working beautifully well, I can >add computers >to the domain, login from any workstation, access shares with the >appropriate rights and so on. However there's one last thing I >need: some >normal domain users need administrative rights on their local machines. > >I know I can go into each workstation and add the user to local >administrators group, however that's not the right way to do >it. Can I have >it set on the domain level, so that if the user login on any >workstation, he >will be granted the correct local admin rights on that workstation? > >Here's what I tried, user 'producao' (id=10003) and group >'Local Admins' >(id=10005): > ># net groupmap list >Vendas (S-1-5-21-594618841-1354246140-1601124177-21002) -> Vendas >Domain Admins (S-1-5-21-594618841-1354246140-1601124177-512) -> Admins >Produção (S-1-5-21-594618841-1354246140-1601124177-21006) -> Producao >Financeiro (S-1-5-21-594618841-1354246140-1601124177-21008) -> >Financeiro >Local Admins (S-1-5-21-594618841-1354246140-1601124177-544) -> >Local Admins > >Here you can see that 'Local Admins' has the correct RID (544). > ># getent group |grep Admin >Admins:*:10002: >Local Admins:*:10005:10003 > ># getent passwd |grep producao >producao:*:10003:10003:Produção >Colortech:/colortech/homes/producao:/bin/false > >User 'producao' is a member of 'Local Admins' group >(secondary, since I read >that BUILTIN groups cannot be a primary group for a user in a >windows NT4 >domain). > ># /opt/zimbra/openldap/bin/ldapsearch -x -h servidor.colortech >"cn=Local >Admins" ># extended LDIF ># ># LDAPv3 ># base <> with scope subtree ># filter: cn=Local Admins ># requesting: ALL ># > ># Local Admins, groups, colortechdp.com.br >dn: cn=Local Admins,ou=groups,dc=colortechdp,dc=com,dc=br >gidNumber: 10005 >displayName: Local Admins >sambaGroupType: 5 >description: Local Admins >cn: Local Admins >sambaSID: S-1-5-21-594618841-1354246140-1601124177-544 >memberUid: 10003 >objectClass: posixGroup >objectClass: sambaGroupMapping > >And the information on the LDAP server seems to be correct, >including the >sambaGroupType property set to 5, instead of 2. > >So, what is wrong in here? Or it isn't possible to do it in the domain >level? > >Thanks >Gustavo > >[1] http://www.zimbra.com > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed
I have configured samba to use ADS and we need to configure strong authentication with client ldap sasl wrapping = seal or sign . Samba version is 3.2.4 We are using openladp latest version Any idea what is wrong ? [2008/10/10 08:56:40, 0] libads/sasl.c:ads_sasl_spnego_gsskrb5_bind(593) ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED [2008/10/10 08:56:40, 0] libads/sasl.c:ads_sasl_spnego_bind(819) kinit succeeded but ads_sasl_spnego_krb5_bind failed: NT_STATUS_NOT_SUPPORTED -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba