[Samba] How does the "guest account" param work?
smb.conf states "This user must exist in the passwd file, but does not require a valid login" What exactly does this mean? As I understand it, adding a user with 'smbpasswd -a nobody' automatically gives it a valid login. My reasons for asking are; I added myself to passdb.tdb with my passwd. I added the 'nobody' user to passdb.tdb with no passwd. I then logged in to an XP host which has a user account for me, but no passwd. I couldn't browse the workgroup, but could log on to the samba host directly via UNC. E.g. \\ with user:'nobody' - pass: Only problem with that is that a home dir appeared for 'nobody' which happened to be the '/' (root) dir. NOT good! Surely, it shouldn't do that? So then I tried with 'guest account = guest' Deleted the 'nobody' user from passdb.tdb I created a /home/guest dir and added and enabled 'guest' to the passdb.tdb. This then lets me only log on to the [public] share. However, if I click the 'Up' button on the XP host's file manager (Explorer), I can get back up to the root of the host directly (i.e. \\ ) and suddenly see both the [public] share and the guest home dir. If there are 'guest ok = Yes' defined shares, then I would expect to still be able to browse the workgroup and see available shares on the samba host, albeit only those 'guest ok' defined shares. And I certainly wouldn't expect to see any home dir for a limited user. Using the following setup; [global] workgroup = HOME server string = domain master = Yes interfaces = lo, eth1 bind interfaces only = Yes os level = 95 security = user passdb backend = tdbsam guest account = guest unix password sync = Yes passwd program = /usr/bin/userpasswd %u passwd chat = *password:* %n\n *password:* %n\n *successfully.* restrict anonymous = 2 [homes] valid users = %S read only = No browseable = No [public] comment = Public Shared path = /home/shares/pub read only = No guest ok = Yes -- Kind Regards Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] After some help with Samba and LDAP
Hey Folks, I'm running into what appears to be a known configuration problem though am at a lost end with trying to resolve it. The problem is that when following the SAMBA and LDAP configuration guide on http://wiki.samba.org/index.php/3.0._Initialization_LDAP_Database I'm getting errors running the ldiff part. The error that is occuring is due to the sambaDomainName. slapadd: dn = "sambaDomainName =pumppower2,ou=Domains,dc=pumppower,dc=com,dc=au" (line=65): (64) value of naming attribute 'sambaDomainName' is not present in entry The environment is a centos 5 box that will take the place of a windows 2k server. Any help will be greatly appreciated. Thanks, Matthew Delves -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: cli_nt_create failed on pipe \spoolss. NT_STATUS_ACCESS_DENIED
Salah Coronya wrote: You might want to look into debugging the cups backend hp job (it's probably a script - try adding debug messages into it to find out what is going on there. Is it printing to a USB printer ? Jeremy. It is a USB printer. The printer works just fine locally, its only when going though Samba it doesn't work. It worked before the upgrade to Fedora 9. Well, I used an overlay ebuild on my Gentoo machine to upgrade to 3.2.4. Printing works just fine (and it still produces the cli_nt_create failed on pipe \spoolss to machine WHATEVER. Error was NT_STATUS_ACCESS_DENIED). The message is indeed a red herring. So it not Samba. Back to drawing board. Thanks anyway, though. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] chdir failed errors
I get these errors constantly in the logs: Oct 15 16:52:43 agentsmith smbd[29896]: [2008/10/15 16:52:43, 0] smbd/service.c:set_current_service(184) Oct 15 16:52:43 agentsmith smbd[29896]: chdir (/users2/seasadm/khubbard) failed But I don't have reason to believe they are not actually getting in (no one is reporting any issues). It has been like this for as long as I can remember. The users don't authenticate to samba, samba is a member of the AD, so the users authenticate to their machine and their home drives to samba are automatically mapped without them putting in a password, so I don't think this is due to any kind of authentication issue. Should I be concerned with this or is it meaningless? Sincerely, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profile loading/saving on gigabit network only runs at fast ethernet speeds! Help!
Ok that idea sounds golden, I will try it out the first chance I get. This is a big improvement over the way it is now, it's a little harder on users, but not much. I thank you very much! However, just because I am a curious kind of guy, I do not yet know *why*such a slowdown occurs when saving a profile vs. just uploading/downloading to a share. Is this a result of the old profile having to be overwritten? I know I need to read up on this a little more but has anyone had direct experience with this type of issue, or any ways to speed up that service in particular (or what could be slowing it down). Thank you all so much, you have already helped tremendously - please help me out just a little more to understand this better. :) Thanks! On Tue, Oct 14, 2008 at 2:39 PM, Adam Williams <[EMAIL PROTECTED]>wrote: > page 211 of samba 3 by example.pdf has instructions on how to redirect > folders using registry changes. you can easily redirect my documents by > right clicking on it and changing the target. i don't save files to my > desktop because that just results in a cluttered desktop and large roaming > profiles. No I don't think VMWare will run much slower than it is now. In > testing on my Poweredge servers, desktop PCs, etc, it seems in my experience > that hard drives max out at reads/writes of 25 megabytes a second, and even > 100megabit transfers about 12 megabytes a second on a switched network. I'd > probably try a test, take a user, redirect my documents to a folder on the > server, put the VM in it, and run it, and see how it affects your > performance, you may not notice anything different. I ran Windows XP and > Fedora 8 on Microsoft Virtual PC in a test environment on my 100 megabit > notebook PC with the VMs stored on a shared drive on a file server and I > didn't notice much of a difference as running an operating system locally. > > > Jonathan Bougher wrote: > >> The VM is being saved to the Desktop, within a folder (or multiple folders >> if the user puts it there) >> >> If I redirect My Docs, and the VM files are there - Then won't VMware run >> much more slowly trying to access this stuff across the network when the >> user wants to run the VM? Profile loading/saving would speed up, but overall >> performance would be impacted negatively I think >> >> Thanks for the reply, I will look into it further - do you have any >> thoughts about what I stated above? >> >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Timeout on reconnection?
I have Red Hat Linux RHEL 4 with Samba version 3.0.10-1.4E that mounts a local Windows 2003 Server disc with the following command: /sbin/mount.cifs //img1/docs /var/www/documents -o dir_mode=0777,file_mode=0444, gid=100,uid=501,username={xxx},password={pp} The mount succeeds and the mount appears on the output of 'df' and the documents are accessible and life is as grand as we deserve. But almost once a day and almost at the same time each day, something happens and the documents are not accessible and the access programs hang ... and the 'df' command also hangs at the out of the Samba mount 1) "img1" is the name of the Windows server and is identified by name in the /etc/hosts file 2) During the blackout, the Windows Server is up and all the other PC's on the network CAN STILL access the documents 3) Logs on Linux show nothing of value (that I know what to look for) 4) Event logs on Windows show nothing at that/those times 5) About 15-17 minutes after the hang/blackout occurs, the calls complete and business returns to normal [sic] until the next time Stopping & restarting Samba doesn't help, probably because the processes hanging for access don't actually shut down -- but naturally, rebooting Linux corrects the issue (until the next day) Is there some sort of timeout/retry settings in play? Any other suggestions? Darrel f -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] processes not closing
On Thu, 2008-10-09 at 09:32 -0700, Jeremy Allison wrote: > On Thu, Oct 09, 2008 at 09:21:53AM -0500, Doug Tucker wrote: > > > > > > > > It's not self-healing if you use kill -9, it could never be so. > > > > > > Jeremy. > > > > Jeremy, well, I gave up and rebooted to one kernel back, and wallah, you > > are correct, it fixed the problem. And, it cleared up some horrible > > slowness we had been seeing as well. For anyone else out there having > > this issue, I was running this CenotOS kernel: > > > > 2.6.9-78.0.1.ELsmp #1 SMP Wed Jul 23 17:30:51 EDT 2008 i686 i686 i386 > > GNU/Linux > > Great ! That restores my faith in the way the universe works :-). Glad > you solved your problem. > > Jeremy. Hate to do this, but upon further reviewnow that it's been running for a week, I'm seeing the same issue. Clients disconnecting and leaving a ton of processes in smbstatus. I can now kill -9 and restart the smb process, but restarting is hard to do with users having files open all day long. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unix groups not being recognised
I got no answers other than a "metoo" for this...so maybe it IS a tricky problem and not just a config error... Can someone give any pointers on how to debug further... I am rather stuck on what to do next. Thanks Pete Re: [Samba] samba v2 works, v3 does not - Unix groups Shifting from a v2 samba server to v3 - Read documentation and googled LOTS but can't seem to find the bits that apply to my simple(?) server with regards to groups. # rpm -qi samba Version : 3.0.28 Vendor: Red Hat, Inc. Release : 1.el5_2.1 Source RPM: samba-3.0.28-1.el5_2.1.src.rpm Samba on server (Red Hat Enterprise Linux 5.2) IS MOSTLY WORKING... home directories authenticating correctly to Active Directory, then supplying Unix disk to windows clients. Mounting correctly. read write OK testparm works fine..no errors THE PROBLEM : === Other samba shares (eg www) mount, and are browsable and read and writeable IN PART... they don't take note of the secondary Unix group permissions By this I mean user "fred" in the ldap password entry has default group "staff" and the file mode permissions for staff do work. User "fred" is also in group "webadmin" in the ldap unix group. These do NOT work. If I change "fred" in ldap to be default group "webadmin", the group permissions for "webadmin" now work. (but staff do not :-( ) The following entry for www shows (in comments) the variations I have attempted. (before the testparm does its stuff). read/write list also been commented out. to try and rely only on Unix group but no improvement. [www] comment = WWW directory path = /export/netfs/www ; valid users = +staff ; valid users = fred, john, mary public = no writable = yes read list = +staff, +webadmin write list = +staff, +webadmin create mode = 0775 # ### The file.with only other shares removed. # more /etc/samba/smb.conf [global] workgroup = UOCNT realm = CANTERBURY.AC.NZ server string = CSSE Samba security = ADS log file = /var/log/samba/%m.log max log size = 300 local master = No wins server = eth0:IP_address, eth0:Alternate_IP_Address hosts allow = 127., 132.181., 10. [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0750 [www] comment = WWW directory path = /export/netfs/www read list = +staff, +webadmin write list = +staff, +webadmin read only = No create mask = 0775 = -- --- Peter Glassenbury Computer Science department [EMAIL PROTECTED] University of Canterbury +64 3 3642987 ext 7762 New Zealand -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Account Manager 2.4.0 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LDAP Account Manager (LAM) 2.4.0 - October 15th, 2008 = LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: - - LAM now supports the management of DHCP entries (donated by Siedl networks GmbH). The dependency on MHash was replaced by Hash (now PHP > 5.1.2). There were also several improvements for lamdaemon (e.g. separate installation package). Full changelog: http://lam.sourceforge.net/changelog/index.htm Download: http://lam.sourceforge.net/download/index.htm Features: - - * management of Unix user and group accounts (posixAccount/posixGroup) * management of Samba 2.x/3 user and host accounts (sambaAccount/sambaSamAccount) * management of Kolab 2 accounts (kolabInetorgPerson) * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units (OU) * schema browser * tree view * multiple configuration files * multi-language support: Catalan, Chinese (Traditional + Simplified), Czech, Dutch, English, French, German, Hungarian, Italian, Japanese, Polish, Portuguese, Russian and Spanish * support for LDAP+SSL/TLS Availability: - - This software is available under the GNU General Public License V2.0. You can get the newest version at http://lam.sf.net. File formats: DEB, RPM, tar.gz There is also a FreeBSD port. Debian users may use the packages in unstable. Demo installation: - -- You can try our demo installation online. http://lam.sf.net/live-demo/index.htm Support: - If you find a bug please file a bug report. For questions or implementing new features please use the forum and feature request tracker at our Sourceforge homepage http://www.sf.net/projects/lam. Authors & Copyright: - Copyright (C) 2003 - 2008: Michael Duergner <[EMAIL PROTECTED]> Roland Gruber <[EMAIL PROTECTED]> Tilo Lutz <[EMAIL PROTECTED]> LAM is published under the GNU General Public License. The comlete list of licenses can be found in the copyright file. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj2S2UACgkQq/ywNCsrGZ74PACdHDMhqEjNhJJoYY/Vv6LDxCbH NLwAn1K2trI8hqUN2hkDPYvyUqps+L2Y =fduq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMBD panic with INTERNAL ERROR: Signal 6 for ARM 922T
On Wed, Oct 15, 2008 at 03:36:06PM -0400, James Ronald wrote: > I am trying to get SAMBA to run on a custom ARM 922T compatible micro > controller. It does not matter how I try to start smbd (smbd -D -d10 > or smbd i -d10) smbd keeps panicking at the same point with an > INTERNAL ERROR: Signal 6. I have spent over a day trying to figure > out what could be wrong but I am having no success. If someone could > at least give me a clue as to what smbd is trying to do at this point > it would be greatly appreciated. Can you get a gdb backtrace with symbols on this platform ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMBD panic with INTERNAL ERROR: Signal 6 for ARM 922T
I am trying to get SAMBA to run on a custom ARM 922T compatible micro controller. It does not matter how I try to start smbd (smbd -D -d10 or smbd i -d10) smbd keeps panicking at the same point with an INTERNAL ERROR: Signal 6. I have spent over a day trying to figure out what could be wrong but I am having no success. If someone could at least give me a clue as to what smbd is trying to do at this point it would be greatly appreciated. Thanks, Jim Ronald = # testparm Load smb config files from /etc/samba/smb.conf Processing section "[Share]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] netbios name = Server netbios aliases = Server0 server string = Server interfaces = 192.168.0.200/255.255.255.0 security = SHARE null passwords = Yes smb passwd file = /etc/smbpasswd guest account = root log level = 10 log file = /var/log/samba.log max log size = 100 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 0 preferred master = No fake oplocks = Yes magic script = automagic.run [Share] comment = File Share path = /tmp username = root read only = No create mask = 0776 directory mask = 0770 === # smbd -i -d10 Maximum core file size limits now 16777216(soft) -1(hard) get_current_groups: user is in 2 groups: 0, 10 smbd version 3.0.28a started. Copyright Andrew Tridgell and the Samba Team 1992-2008 uid=0 gid=0 euid=0 egid=0 Build environment: Built by:[EMAIL PROTECTED] Built on:Wed Oct 15 13:37:49 EDT 2008 Built using: /home/jronald/phoenix/trunk/buildroot-21758/build_arm/staging_dir/usr/bin/arm-linux-uclibcgnueabi-gcc Build host: Linux jronald-desktop 2.6.24-21-generic #1 SMP Mon Aug 25 17:32:09 UTC 2008 i686 GNU/Linux SRCDIR: /home/jronald/phoenix/trunk/buildroot-21758/build_arm/samba-3.0.28a/source BUILDDIR: /home/jronald/phoenix/trunk/buildroot-21758/build_arm/samba-3.0.28a/source Paths: SBINDIR: /usr/local/samba/sbin BINDIR: /usr/local/samba/bin SWATDIR: /usr/local/samba/swat CONFIGFILE: /etc/samba/smb.conf LOGFILEBASE: /var/log/samba LMHOSTSFILE: /etc/samba/lmhosts LIBDIR: /usr/local/samba/lib SHLIBEXT: so LOCKDIR: /var/cache/samba PIDDIR: /var/run SMB_PASSWD_FILE: /etc/samba/smbpasswd PRIVATE_DIR: /etc/samba System Headers: HAVE_SYS_CDEFS_H HAVE_SYS_FCNTL_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_PRCTL_H HAVE_SYS_QUOTA_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSLOG_H HAVE_SYS_SYSMACROS_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UIO_H HAVE_SYS_UNISTD_H HAVE_SYS_UN_H HAVE_SYS_VFS_H HAVE_SYS_WAIT_H HAVE_SYS_XATTR_H Headers: HAVE_ALLOCA_H HAVE_ARPA_INET_H HAVE_ASM_TYPES_H HAVE_ASM_UNISTD_H HAVE_CTYPE_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_FCNTL_H HAVE_FLOAT_H HAVE_FNMATCH_H HAVE_GLOB_H HAVE_GRP_H HAVE_LANGINFO_H HAVE_LASTLOG_H HAVE_LIMITS_H HAVE_LINUX_INOTIFY_H HAVE_LOCALE_H HAVE_MEMORY_H HAVE_MNTENT_H HAVE_NETDB_H HAVE_NETINET_IN_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_PWD_H HAVE_RPC_RPC_H HAVE_SETJMP_H HAVE_SHADOW_H HAVE_STDARG_H HAVE_STDBOOL_H HAVE_STDINT_H HAVE_STDIO_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_SYSCALL_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_TIME_H HAVE_UNISTD_H HAVE_UTIME_H UTMP Options: HAVE_UTMP_H HAVE_UT_UT_ADDR HAVE_UT_UT_EXIT HAVE_UT_UT_HOST HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TV HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ASPRINTF HAVE_ASPRINTF_DECL HAVE_ATEXIT HAVE_BOOL HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_COMPARISON_FN_T HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_CONNECT HAVE_CREAT64 HAVE_CRYPT HAVE_DECL_ASPRINTF HAVE_DECL_RL_EVENT_HOOK HAVE_DECL_SNPRINTF HAVE_DECL_VASPRINTF HAVE_DECL_VSNPRINTF HAVE_DIRENT_D_OFF HAVE_DLCLOSE HAVE_DLERROR HAVE_DLOPEN HAVE_DLSYM HAVE_DUP2 HAVE_ENDMNTENT HAVE_ERRNO_DECL HAVE_EXECL HAVE_FCHMOD HAVE_FCHOWN HAVE_FCNTL_LOCK HAVE_FGETXATTR HAVE_FLISTXATTR HAVE_FOPEN64 HAVE_FREMOVEXATTR HAVE_FSEEKO64 HAVE_FSETXATTR HAVE_FSID_INT HAVE_FSTAT HAVE_FSTAT64 HAVE_FSYNC HAVE_FTELLO64 HAVE_FTRUNCATE HAVE_FTRUNCATE64 HAVE_FUNCTION_MACRO HAVE_GET
Re: [Samba] Re: cli_nt_create failed on pipe \spoolss. NT_STATUS_ACCESS_DENIED
On Wed, Oct 15, 2008 at 01:32:38PM -0500, Salah Coronya wrote: >> You might want to look into debugging the cups >> backend hp job (it's probably a script - try >> adding debug messages into it to find out what >> is going on there. Is it printing to a USB >> printer ? >> >> Jeremy. > > It is a USB printer. The printer works just fine locally, its only when > going though Samba it doesn't work. It worked before the upgrade to > Fedora 9. You're just going to have to track this through the cups system. All Samba is doing is calling cups_job_submit() to push the job into cups via IPP. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: cli_nt_create failed on pipe \spoolss. NT_STATUS_ACCESS_DENIED
You might want to look into debugging the cups backend hp job (it's probably a script - try adding debug messages into it to find out what is going on there. Is it printing to a USB printer ? Jeremy. It is a USB printer. The printer works just fine locally, its only when going though Samba it doesn't work. It worked before the upgrade to Fedora 9. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cli_nt_create failed on pipe \spoolss. NT_STATUS_ACCESS_DENIED
On Wed, Oct 15, 2008 at 12:56:05PM -0500, Salah Coronya wrote: > I have a network at my parent's which consists of 4 machines: 1 Linux > Samba saver (Fedora 9, Samba 3.2.x) and 3 Windows Vista Home Premium > machine. I have point and print set up, and all load the drivers > successfully. However, when they try print, nothing happens. Windows > said it was successful however - it appears (then vanishes) from the > Windows print queue. However, in the samba logs, this error appears > every time a computer tries to print > > rpc_client/cli_pipe.c:cli_rpc_pipe_open(2227) > cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine > owner-PC. Error was NT_STATUS_ACCESS_DENIED Ok, this is a red herring. It's the smbd trying to set up a notify pipe back to the Windows client that submitted the print job, but the client isn't listening. No harm done, the client will just poll instead (in fact I might just up the debug log on this so it doesn't worry people). > Note, however, CUPS says is got the job and printed it successfully > (even though nothing happens on the printer): > > [Job 79] File of type application/vnd.cups-raw queued by "owner". > [Job 79] Started backend /usr/lib/cups/backend/hp (PID 11207) > [Job 79] Completed successfully. If you see the above message it means that the job got into the cups print subsystem - but is being dropped inside there somewhere. This isn't a Samba problem. You might want to look into debugging the cups backend hp job (it's probably a script - try adding debug messages into it to find out what is going on there. Is it printing to a USB printer ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cli_nt_create failed on pipe \spoolss. NT_STATUS_ACCESS_DENIED
I have a network at my parent's which consists of 4 machines: 1 Linux Samba saver (Fedora 9, Samba 3.2.x) and 3 Windows Vista Home Premium machine. I have point and print set up, and all load the drivers successfully. However, when they try print, nothing happens. Windows said it was successful however - it appears (then vanishes) from the Windows print queue. However, in the samba logs, this error appears every time a computer tries to print rpc_client/cli_pipe.c:cli_rpc_pipe_open(2227) cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine owner-PC. Error was NT_STATUS_ACCESS_DENIED Note, however, CUPS says is got the job and printed it successfully (even though nothing happens on the printer): [Job 79] File of type application/vnd.cups-raw queued by "owner". [Job 79] Started backend /usr/lib/cups/backend/hp (PID 11207) [Job 79] Completed successfully. Printing works locally. This setup worked on Fedora 8 (using Samba 3.0.x). I've tried both with an without SELinux, but no change. I have practically the same setup at home, even (almost) the same printer - server is Gentoo Linux, Samba 3.0.x; client is Windows Vista Home premium and prints fine. Gentoo does not yet have 3.2.x in the tree, unfortunately. Its been like this for months and I'm stumped. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Logon Credential Caching
Please also note that the message Gareth Cummings posted on Thu, Oct 9, 2008 regarding my password caching issue fixed my problem, and it was a samba problem, not a client problem. The DOMAIN line contained the hostname of my samba PDC and not the domain name. Once that was changed, password caching worked. I will repeat the solution below. Thanks Gareth. On Thu, Oct 9, 2008, Gareth Cummings wrote: Do a pdbedit -Lv username and make sure that the DOMAIN line contains the correct domain name, if it doesn't do the following and it should fix it for you pdbedit -i tdbsam -e smbpasswd pdbedit -i smbpasswd -e tdbsam Thanks, John -- A recent police study found that you're much more likely to get shot by a fat cop if you run. - Dennis Miller Have a great day and don't forget to laugh! http://www.gcfl.net (The Good, Clean Funnies List): Good, clean daily funnies you can safely tell your Mom! On Wed, Oct 15, 2008 at 10:45:59AM -0500, John H Terpstra wrote: > Folks, > > This posting is made so that others who search for infromation on how to > configure Samba for username and password caching will find it. > > Samba does not control client-side password caching. > > Caching of domain logon credentials is a client-side activity. There are > registry settings on the Windows 2000 Professional and Windows XP Profesional > clients that control logon credential caching. > > - Click Start >Run >type gpedit.msc > - Check Computer Configuration\Windows Settings\Security Settings\Local > Policies\Security Options > - Check "Interactive Logon: Number of Previous Logins To Cache" (if value is > set to 0 then cached credentials is disabled) > > Also check > - Computer Configuration\Administrative Templates\System\Logon > - Check "Always wait for the network at computer startup and logon" (make > sure > that this is either not configured or disabled) > > Please also refer to: > http://support.microsoft.com/kb/913485 > > > Cheers, > John T. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join, machine password non-expiring
Hi, I have a question about the machine account when one does "net ads join -U [EMAIL PROTECTED] when I join a machine to the domain, the machine account that gets created has a non-expiring password. This is only a problem for the security team that monitors our domain, they frown on any accountt that has a non-expiring password.. Is there a switch that I can throw that will create the machine with an expiring password? I've used the "machine password timeout" switch in my smb.conf. I can go back and with an vb-script throw that switch after the fact, but if there was another way, it'd be good to know. Thanks for your help! Kindest regards, Fred . smb.conf [code] [global] workgroup = US realm = MY.DOM.COM netbios name = adc070201-015 server string = Samba Server- Mandriva 2009.0 security = ADS auth methods = winbind password server = pwd1.dom.com pwd2.dom.com pwd3.dom.com log level = 1 log file = /var/log/samba/%m.log max log size = 250 name resolve order = wins bcast host lmhosts server signing = auto client ntlmv2 auth = yes os level = 5 preferred master = No local master = No domain master = No browse list = No enhanced browsing = No wins server = ip1.ip2.ipa.ipb idmap uid = 7-200 idmap gid = 7-200 winbind separator = + valid users = @"valid users" admin users = @"admin users" read list = @"read users" write list = @"write users" map acl inherit = Yes host msdfs = no machine password timeout = 604800 [burn] path = /data1/burn1 valid users = @"valid users" admin users = @"admin users" invalid users = @keepout read list = @"read users" write list = @"write users" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain Logon Credential Caching
Folks, This posting is made so that others who search for infromation on how to configure Samba for username and password caching will find it. Samba does not control client-side password caching. Caching of domain logon credentials is a client-side activity. There are registry settings on the Windows 2000 Professional and Windows XP Profesional clients that control logon credential caching. - Click Start >Run >type gpedit.msc - Check Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options - Check "Interactive Logon: Number of Previous Logins To Cache" (if value is set to 0 then cached credentials is disabled) Also check - Computer Configuration\Administrative Templates\System\Logon - Check "Always wait for the network at computer startup and logon" (make sure that this is either not configured or disabled) Please also refer to: http://support.microsoft.com/kb/913485 Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba on Linux - shows up as Domain Controller in ADS
Hi all, I'm running into a problem with my Linux servers connecting to a Windows 2003 Active Directory server. When the Linux server joins up, it's joining as a Domain Controller. While doing some research on the topic, I came across bug 1423 on your Bugzilla. https://bugzilla.samba.org/show_bug.cgi?id=1423 The issue here is how to have the Linux server join as a Workstation/Server type and not a Domain Controller. Here is my Samba configuration. [global] workgroup = domain realm = domain.CA server string = Samba Server security = ADS password server = wipdc01.domain.ca * username map = None log file = /var/log/samba/%m.log domain logons = no domain master = no max log size = 1000 smb ports = 139 server signing = auto socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = 10.13.20.4 idmap uid = 1000-2 idmap gid = 1000-2 winbind use default domain = yes short preserve case = No preferred master = no local master = no log level = 4 And my steps used to join the domain: # kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: # net ads join -U allee allee's password: Using short domain name -- domain Joined 'LXP003' to realm 'domain.CA' # /etc/init.d/winbind start Starting Winbind services: [ OK ] # /etc/init.d/smb start Starting SMB services: [ OK ] Starting NMB services: [ OK ] # wbinfo -t checking the trust secret via RPC calls succeeded # wbinfo -m domain-NT4 domain domain # wbinfo --own-domain domain # wbinfo -u | head -10 rpark kwall jwihnon Looks like it's working # cat /var/log/messages Sep 11 14:04:34 lxp003 winbindd[23659]: [2008/09/11 14:04:34, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2221) Sep 11 14:04:34 lxp003 winbindd[23659]: initialize_winbindd_cache: clearing cache and re-creating with version number 1 Sep 11 14:04:34 lxp003 winbind: winbindd startup succeeded Sep 11 14:04:40 lxp003 smb: smbd startup succeeded Sep 11 14:04:40 lxp003 smb: nmbd startup succeeded I also check my config and everything checks out ok: # testparm Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[tmp]" Processing section "[stars]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions So Samba in principle is working, I can access my shares, read files, etc. but the AD servers are still seeing my Linux servers as domain controllers. We tried blocking external incoming ports 389 and 636 (local oidldapd service), so the AD server doesn't think it's a domain controller, but when I authenticate and connect, it's still showing as a domain controller. Has anyone else encountered this and found a resolution to the domain controller issue? Thanks in advance, Albert. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Bad passwords from Vampire / NT migration
I just did a clean install of Fedora 9 onto a Pentium 4 machine. It is actually running SELinux enforcing, but I haven't found any errors related to that so far. It is running Samba 3.2.3-0.20. I am trying to migrate a Windows NT 4.0 domain with about 30 users and 30 computers onto a pure Samba setup, using Samba as the PDC and tdbsam. I have read the HOWTO guide extensively, and everything seems to work in the beginning. My smb.conf is shown below in the BDC configuration. I started with no tdbsam database, so I started by creating the root account using pdbedit. I join the domain using net rpc join -S PDC. No problem. I setup the group maps using by creating a script, as recommended. Then I run the vampire command: sudo net rpc vampire -S cls01 At this point I noticed it does not need a password, though the documentation says to use -U administrator; I assume it's relying on the machine trust account and its BDC membership. It appears to create all user, workstation, and group accounts properly. The only errors are pertaining to the inability to add groups with spaces: [2008/10/13 23:41:26, 0] groupdb/mapping.c:smb_create_group(215) smb_create_group: Running the command `/usr/sbin/groupadd "Account Operators"' gave 3 This is okay because I manually created unix groups and mapped them. Now the problem is that apparently all the passwords are coming over incorrectly. If I attempt to promote Linux to PDC and shutdown the old server, workstations can't login, and Samba logs show complaints about a machine trust account needing a password: [2008/10/13 22:57:04, 0] rpc_server/srv_netlog_nt.c:get_md4pw(357) get_md4pw: Workstation GRADE7-8$: account does not have a password [2008/10/13 22:57:04, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502) _netr_ServerAuthenticate2: failed to get machine password for account GRADE7-8$: NT_STATUS_LOGON_FAILURE I started looking at all the password hashes using pdbedit -Lw, and found the following: * There are no LanMan password hashes (all set to ...) * All machine accounts have neither LanMan nor NT password hashes: WS6$:576:::[W ]:LCT-48D8EC0E: * The NT hashes for the user accounts appear to be incorrect. Otherwise everything looks right. The account flags look to be correct, and they all appear under the CLS domain. The Logon time field looks correct, though the password last set field shows the time of the vampire run. Group membership is correct when using net rpc user info. When I test the logins by using smbclient, in PDC mode, none of the existing passwords work, except the root password I created before the vampire. The weird part is that I ran the net rpc samdump command, and its output all appears to be correct! Almost all accounts besides workstations have LanMan password hashes, and I went as far as to verify the NT hashes. I did this by creating a new user (pdbedit -a) and setting the password to what it is on the NT DC. The NT hash is the same as what appears in the samdump output. However, all NT hashes are different from what is stored in the tdbsam after vampire. My conclusion is that the samdump appears to be doings its job, but somehow the tdbsam is being written incorrectly with respect to password hashes. It seems as though the tdbsam database version is not in sync with the vampire tool, though it's odd that there aren't any visible error messages. Shouldn't the LanMan / NT hashes be the same beteween pdbedit and samdump? thanks, Cooper [global] workgroup = CLS security = user passdb backend = tdbsam domain master = no wins support = no domain logons = yes local master = yes preferred master = yes os level = 33 logon path = logon home = add user script = /usr/sbin/useradd "%u" -n -g users -s /bin/false add user to group script = /usr/sbin/usermod -aG "%g" "%u" add group script = /usr/sbin/groupadd "%g" add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" delete user script = /usr/sbin/userdel "%u" delete group script = /usr/sbin/groupdel "%g" log file = /var/log/samba/log.%m max log size = 50 [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon read only = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XFS tree quota and samba free space report
Hi check out the dfree option for the smb.conf file. Essentially it should look like: dfree command = The script will be called from the directory in question so doing something like: cur_path=`pwd` will get the path for you. You can also call it with a %U option as so: dfree command = %U then the calling username will be passed as well (should be the $2 variable but test to make sure). Your script needs to be executable by whatever user samba runs as, usually root, and needs to return only: think) Hope that helps. I'm still having difficulties my self getting everything reporting properly, but my system is a bit of an odd ball too, (Solaris 10, SAMFS filesystem), it was working fine for me then we upgraded our samba and it stopped working. Hopefully it goes as straight forward for you as it should have for me :) On Oct 15, 2008, at 2:29 PM, Stepan Kadlec wrote: greetings, does anyone know, if it is possible to propagate somehow the XFS "directory tree quota" status to SMB workstation client free space report? currently the client sees total free space of share's partition (instead of tree quota free space). when the tree quota limit is reached, the write attempts fail, but free space report shows enough space, so this is confusing. I guess it is not possible to propagate such information but still asking :-). bye steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XFS tree quota and samba free space report
Stepan Kadlec wrote: greetings, does anyone know, if it is possible to propagate somehow the XFS "directory tree quota" status to SMB workstation client free space report? currently the client sees total free space of share's partition (instead of tree quota free space). when the tree quota limit is reached, the write attempts fail, but free space report shows enough space, so this is confusing. I guess it is not possible to propagate such information but still asking :-). bye steve. You can use the "get quota command" and write your own script to get the quota information you need. Aleksander -- Aleksander Gudalo Humboldt-Universitaet zu Berlin ZE Computer- und Medienservice (CMS) Systemsoftware und Kommunikation Rudower Chaussee 26, Raum 2'329 Mail: [EMAIL PROTECTED] Phone: +49 (030) 2093-70068 Fax:+49 (030) 2093- 2959 Post: Humboldt-Universität zu Berlin Unter den Linden 6 10099 Berlin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Login Linux vs WinXP
Hello as a master thesis I try to write a small server for a university os called a2. As test clients i have a winxp and an ubuntu 8.04. i monitor the traffic with wireshark. when trying with winxp, after the session setup andx / tree connect andx windows doesn't send other requests while using ubuntu it goes on with trans2 request. on my server i use plaintext passwords and NO extended security. therefore i do NOT send a security blob. the dialect i follow is nt lm 0.12. Windows tells me i do not have the permission to login. What is wrong? maybe can i send a dump? thanks ste -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XFS tree quota and samba free space report
greetings, does anyone know, if it is possible to propagate somehow the XFS "directory tree quota" status to SMB workstation client free space report? currently the client sees total free space of share's partition (instead of tree quota free space). when the tree quota limit is reached, the write attempts fail, but free space report shows enough space, so this is confusing. I guess it is not possible to propagate such information but still asking :-). bye steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] slowdown in the network with Samba 3.0.26a
Hello, I am using the version of Samba 3.0.26a through an architecture for 64-Bit, but I have noticed a slowdown in the network and would like to know if any of you have had a similar problem and managed to resolve it. Now I am grateful for the help. Edgar Nunes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cluster: node to node switching
I have the same scenario. I use heartbeat to control the activity of samba on the nodes. So only one samba instance runs. The two nodes use the same name and SID. I set it with "netbios name" flag in the smb.conf. Stéphane PURNELLE wrote: Each computer account have a SID. The ADS server cannot accept a client which have a other SID than the SID of registred client. And also I think that you cannot have both SID (actif) on the network. I have a cluster PDC, one is actif (samba running) and the other is standby (samba is not running) and these servers have the same SID. -- Aleksander Gudalo Humboldt-Universitaet zu Berlin ZE Computer- und Medienservice (CMS) Systemsoftware und Kommunikation Rudower Chaussee 26, Raum 2'329 Mail: [EMAIL PROTECTED] Phone: +49 (030) 2093-70068 Fax:+49 (030) 2093- 2959 Post: Humboldt-Universität zu Berlin Unter den Linden 6 10099 Berlin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cluster: node to node switching
On Wed, Oct 15, 2008 at 12:22:04PM +0200, Stéphane PURNELLE wrote: > Each computer account have a SID. > > The ADS server cannot accept a client which have a other SID than the SID > of registred client. > And also I think that you cannot have both SID (actif) on the network. This is only partly true. ADS does not care about the workstations's local view of its sid. ADS just looks at the machine name and the account password. It is true that in the directory an account name always maps to a single SID, but this is never passed from ADS to the member or vice versa during normal authentication operations. Volker pgpMk2cQw3KrV.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cluster: node to node switching
Each computer account have a SID. The ADS server cannot accept a client which have a other SID than the SID of registred client. And also I think that you cannot have both SID (actif) on the network. I have a cluster PDC, one is actif (samba running) and the other is standby (samba is not running) and these servers have the same SID. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 15/10/2008 11:51:38 : > Bruno La Torre wrote: > > are you sure that the uid and gid of samba is the item on the node? > > The permission mask of the item is set to 777. > "wbinfo -u" did not work after changing the node and I get this error > output in the logfiles: > > ... > [2008/10/15 11:38:57, 1] smbd/sesssetup.c:reply_spnego_kerberos(350) >Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! > > ... > [2008/10/15 11:38:56, 1] winbindd/idmap_ldap.c:idmap_ldap_allocate_id(504) >Failed to allocate new gidNumber. smbldap_modify() failed. > > ... > [2008/10/15 11:38:51, 1] winbindd/winbindd_ads.c:ads_cached_connection(127) >ads_connect for domain TEST failed: Preauthentication failed > [2008/10/15 11:43:51, 0] libsmb/cliconnect.c:cli_session_setup_spnego(858) >Kinit failed: Preauthentication failed > > ... > [2008/10/15 11:38:51, 1] winbindd/winbindd_ads.c:ads_cached_connection(127) >ads_connect for domain TEST failed: Preauthentication failed > [2008/10/15 11:43:51, 0] libsmb/cliconnect.c:cli_session_setup_spnego(858) >Kinit failed: Preauthentication failed > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cluster: node to node switching
Bruno La Torre wrote: are you sure that the uid and gid of samba is the item on the node? The permission mask of the item is set to 777. "wbinfo -u" did not work after changing the node and I get this error output in the logfiles: ... [2008/10/15 11:38:57, 1] smbd/sesssetup.c:reply_spnego_kerberos(350) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! ... [2008/10/15 11:38:56, 1] winbindd/idmap_ldap.c:idmap_ldap_allocate_id(504) Failed to allocate new gidNumber. smbldap_modify() failed. ... [2008/10/15 11:38:51, 1] winbindd/winbindd_ads.c:ads_cached_connection(127) ads_connect for domain TEST failed: Preauthentication failed [2008/10/15 11:43:51, 0] libsmb/cliconnect.c:cli_session_setup_spnego(858) Kinit failed: Preauthentication failed ... [2008/10/15 11:38:51, 1] winbindd/winbindd_ads.c:ads_cached_connection(127) ads_connect for domain TEST failed: Preauthentication failed [2008/10/15 11:43:51, 0] libsmb/cliconnect.c:cli_session_setup_spnego(858) Kinit failed: Preauthentication failed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba