Re: [Samba] PDA-Logon: mal formed packet
Am Dienstag, 28. Oktober 2008 schrieb James Kosin: > - Original Message - > From: "Bernd Kloss" <[EMAIL PROTECTED]> > To: "James Kosin" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Sunday, October 26, 2008 2:15 PM > Subject: Re: [Samba] PDA-Logon: mal formed packet > > > Am Sonntag, 26. Oktober 2008 schrieben Sie: > >> - Original Message - > >> From: "Bernd Kloss" <[EMAIL PROTECTED]> > >> To: "James Kosin" <[EMAIL PROTECTED]> > >> Cc: <[EMAIL PROTECTED]> > >> Sent: Saturday, October 25, 2008 4:12 AM > >> Subject: Re: [Samba] PDA-Logon: mal formed packet > >> > >> > Am Samstag, 25. Oktober 2008 schrieben Sie: > >> >> - Original Message - > >> >> From: "Bernd Kloss" <[EMAIL PROTECTED]> > >> >> To: <[EMAIL PROTECTED]> > >> >> Cc: <[EMAIL PROTECTED]> > >> >> Sent: Friday, October 24, 2008 9:41 AM > >> >> Subject: Re: [Samba] PDA-Logon: mal formed packet > >> >> > >> >> > Am Freitag, 24. Oktober 2008 schrieb James Kosin: > >> >> >> - Original Message - > >> >> >> From: "Bernd Kloss" <[EMAIL PROTECTED]> > >> >> >> Newsgroups: linux.samba > >> >> >> Sent: Thursday, October 23, 2008 3:40 PM > >> >> >> Subject: Re: [Samba] PDA-Logon: mal formed packet > >> >> >> > >> >> >> Am Donnerstag, 23. Oktober 2008 schrieb Bernd Kloss: > >> >> >> > > Can you send the full trace, not just this error message? > >> >> >> > > > >> >> >> > > Thanks, > >> >> >> > > > >> >> >> > > Volker > >> >> >> > > >> >> >> > I can only attach the file exported by wireshark, but don't know > >> >> >> > whether > >> >> >> > this will pass through to the list. > >> >> >> > What else could I do? > >> >> >> > > >> >> >> > Thanks > >> >> >> > Bernd > >> >> >> > >> >> >> Okay, the attachment did not pass through. How can I publish the > >> >> >> information? > >> >> >> > >> >> >> > >> >> >> > >> >> >> Reply > >> >> >> Bernd, > >> >> >> > >> >> >> Copy and paste the relavent packets to the email. They don't need > >> >> >> to > >> >> >> be > >> >> >> large attachments. Just need to see the packets... especially the > >> >> >> malformed one. Try to highlight the one that is malformed if > >> >> >> possible. > >> >> >> > >> >> >> James > >> >> > > >> >> > Hello, > >> >> > > >> >> > unfortunately I could not C&P from wiresharks GUI, but I did set > >> >> > the loglevel > >> >> > in smb.conf to 10 and found something maybe relevant: > >> >> > > >> >> > The name of the domain is > >> >> > azimmer > >> >> > and the user is > >> >> > bk > >> >> > and the PDA is > >> >> > wm_bk > >> >> > with it's machineaccount > >> >> > wm_bk$ > >> >> > > >> >> > Whereas in the logfile the last letters are missing: azimme\b > >> >> > The login-mask of the PDA says correctly bk at azimmer. > >> >> > > >> >> > EXCERPT FROM LOGFILE: > >> >> > > >> >> > [2008/10/24 15:00:01, 5] auth/auth_util.c:make_user_info_map(206) > >> >> > make_user_info_map: Mapping user [azimme]\[b] from workstation [] > >> >> > READ LINE ABOVE > >> >> > > >> >> > > >> >> > . > >> >> > [2008/10/24 15:00:01, 5] auth/auth_util.c:is_trusted_domain(2055) > >> >> > is_trusted_domain: Checking for domain trust with [azimme] > >> >> > .. > >> >> > [2008/10/24 15:00:01, 5] auth/auth_util.c:is_trusted_domain(2055) > >> >> > is_trusted_domain: Checking for domain trust with [azimme] > >> >> > [2008/10/24 15:00:01, 5] > >> >> > passdb/secrets.c:secrets_fetch_trusted_domain_password(644) > >> >> > secrets_fetch failed! > >> >> > [2008/10/24 15:00:01, 3] smbd/sec_ctx.c:pop_sec_ctx(432) > >> >> > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > >> >> > [2008/10/24 15:00:01, 10] lib/gencache.c:gencache_get(194) > >> >> > Cache entry with key = TDOM/AZIMME couldn't be found > >> >> > [2008/10/24 15:00:01, 5] > >> >> > libsmb/trustdom_cache.c:trustdom_cache_fetch(183) > >> >> > no entry for trusted domain azimme found. > >> >> > .. > >> >> > Primary group is 0 and contains 0 supplementary groups > >> >> > [2008/10/24 15:00:01, 10] > >> >> > passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1283) > >> >> > getsampwnam (smbpasswd): search by name: b > >> >> > [2008/10/24 15:00:01, 10] > >> >> > passdb/pdb_smbpasswd.c:startsmbfilepwent(229) > >> >> > startsmbfilepwent_internal: opening file /etc/samba/smbpasswd > >> >> > [2008/10/24 15:00:01, 5] > >> >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(527) > >> >> > getsmbfilepwent: returning passwd entry for user bmx$, uid 9010 > >> >> > [2008/10/24 15:00:01, 10] > >> >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(501) > >> >> > getsmbfilepwent: LM password for user bk invalidated > >> >> > [2008/10/24 15:00:01, 5] > >> >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(527) > >> >> > getsmbfilepwent: returning passwd entry for user bk, uid 9011 > >> >> > [2008/10/24 15:00:01, 5] > >> >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(527) > >> >> > getsmbfilepwent: returning passwd entry for user mk, uid 9012 > >> >> > [2008/10/24 15:00:01, 10] > >> >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(501) > >> >> > getsmbfilepwe
[Samba] The way things used to work...
Hello all, As I was instructed on #samba IRC channel, I will start new discussion here, about samba and a way it works. I might call myself an experienced Linux user, and self thought admin, so things in Linux are not so new to me, but lacking proper (certified) education, I still tend to roam around issues with trial&error method. Regarding samba, it is translated in my attempt to make things go my way, rather than (someone might call it) right way. Since I work as sysadmin, surrounded with mostly computer illiterate users, my primary goal is to make things effortless to them... (brainless is better word...), and since it is mixed environment (windows&linux), and of course all they ever saw before is windows you can understand a nature of limitations that are in front of me. It took me some time (again trial and error) to compile set of rules for smb.conf that makes things exactly as I want. Efficient and nice. This smb.conf is working for me for more than a year now, and is still working at workplace, but I hit a brick wall trying to use it at home. At work, idea is like so: Linux user has it's home dir inside there is Documents dir inside that I will make shared dir it will be published via Samba it will available for read and write to all this includes local user via Samba and via local access for ownership issues, all files will be forced to create under local user and group mask not to forget, it is only workgroup, not domain or any other level of network organisation All these rules are matched with following smb.conf (real entries will be changed with foo/bar) [global] workgroup = FOO server string = FOO Server security = share hosts allow = 192.168.125. 127.0. log file = /var/log/samba/%m.log max log size = 50 local master = no os level = 33 dns proxy = no # Share Definitions === [Share] path = /home/foobar/Documents/Share/ public = yes force user = foobar force group = foobar create mask = 0755 force create mode = 0755 directory mask = 0755 force directory mode = 0755 writable = yes printable = no Of course directory /home/foobar/Documents/Share/ exists, and is set up with 755 for user foobar and group foobar (as well as all inside contents). Doing so, whoever puts something inside this dir via samba, creates that file/folder with foobar:foobar ownership and 755 set of permissions. Which is exactly what I wanted. Of course, no username&password dialogue is needed, so my main goal of things being effortless for users is also met. So, this works in network of mostly Windows XP-s, Mandriva 2008, and few Mandriva 2008.1 machines (including router/mail server). So samba versions in use are 3.0.25b and 3.0.28a (maybe some updated, but not important for issue). It was also working at home, where I have desktop (that plays also router) and laptop connected via wlan to desktop. Recently newest Mandriva was released, so I decided to give it a go. After struggling with bunch of other issues, time came to quickly enable samba share so I can move files from laptop to desktop (where new Mandriva 2009 is installed). Easy job... oh how wrong was I... Installed samba client and server packages made a backup of stock smb.conf and copied "old" smb.conf file. Called smb://home in Dolphin and was surprised... no workgroups found!! Well after some period of time (and several smb restarts) finally I got smb://home to show share... Now to enter it... errr NO Again few restarts and lot of time later... OK... I see contents of smb://home and can enter... good... let's see what is inside... Nothing Or to be exact, message is: The file or folder smb://hostname/Share does not exist Of course it exists, all was done and set up exactly as at work... and set up that way it was working PRIOR latest samba installed... and at this time it is: samba-server-3.2.3-3mdv2009.0 (with other dependent files) So now... I was advised to use security level set to user, and to allow guest user... and I did that... After lot of trials (this time refreshed via smbcontrol smbd reload-config) it finally got me where I want to be, with exclusion of all files written via samba are now owned by nobody:nogroup so it needs to be chowned to local user to be useful. I am not happy with this solution and I do not use it. Getting here took me ~3 days of reading (in fast forward mode) several official samba pages, numerous forums, asking around irc channels etc... I was unpleasantly surprised with official samba examples that are not working, like this one here: http://us1.samba.org/samba/docs/man/Samba-HOWTO- Collection/FastStart.html#anon-rw Followed it by the letter (except names) and in return got same error as above. Also another quite frustrating thing... TIME.. time for new set of rules from smb.conf to take effect
Re: [Samba] PDA-Logon: mal formed packet
- Original Message - From: "Bernd Kloss" <[EMAIL PROTECTED]> To: "James Kosin" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, October 26, 2008 2:15 PM Subject: Re: [Samba] PDA-Logon: mal formed packet Am Sonntag, 26. Oktober 2008 schrieben Sie: - Original Message - From: "Bernd Kloss" <[EMAIL PROTECTED]> To: "James Kosin" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, October 25, 2008 4:12 AM Subject: Re: [Samba] PDA-Logon: mal formed packet > Am Samstag, 25. Oktober 2008 schrieben Sie: >> - Original Message - >> From: "Bernd Kloss" <[EMAIL PROTECTED]> >> To: <[EMAIL PROTECTED]> >> Cc: <[EMAIL PROTECTED]> >> Sent: Friday, October 24, 2008 9:41 AM >> Subject: Re: [Samba] PDA-Logon: mal formed packet >> >> > Am Freitag, 24. Oktober 2008 schrieb James Kosin: >> >> - Original Message - >> >> From: "Bernd Kloss" <[EMAIL PROTECTED]> >> >> Newsgroups: linux.samba >> >> Sent: Thursday, October 23, 2008 3:40 PM >> >> Subject: Re: [Samba] PDA-Logon: mal formed packet >> >> >> >> Am Donnerstag, 23. Oktober 2008 schrieb Bernd Kloss: >> >> > > Can you send the full trace, not just this error message? >> >> > > >> >> > > Thanks, >> >> > > >> >> > > Volker >> >> > >> >> > I can only attach the file exported by wireshark, but don't know >> >> > whether >> >> > this will pass through to the list. >> >> > What else could I do? >> >> > >> >> > Thanks >> >> > Bernd >> >> >> >> Okay, the attachment did not pass through. How can I publish the >> >> information? >> >> >> >> >> >> >> >> Reply >> >> Bernd, >> >> >> >> Copy and paste the relavent packets to the email. They don't need >> >> to >> >> be >> >> large attachments. Just need to see the packets... especially the >> >> malformed one. Try to highlight the one that is malformed if >> >> possible. >> >> >> >> James >> > >> > Hello, >> > >> > unfortunately I could not C&P from wiresharks GUI, but I did set the >> > loglevel >> > in smb.conf to 10 and found something maybe relevant: >> > >> > The name of the domain is >> > azimmer >> > and the user is >> > bk >> > and the PDA is >> > wm_bk >> > with it's machineaccount >> > wm_bk$ >> > >> > Whereas in the logfile the last letters are missing: azimme\b >> > The login-mask of the PDA says correctly bk at azimmer. >> > >> > EXCERPT FROM LOGFILE: >> > >> > [2008/10/24 15:00:01, 5] auth/auth_util.c:make_user_info_map(206) >> > make_user_info_map: Mapping user [azimme]\[b] from workstation [] >> > READ LINE ABOVE >> > >> > >> > . >> > [2008/10/24 15:00:01, 5] auth/auth_util.c:is_trusted_domain(2055) >> > is_trusted_domain: Checking for domain trust with [azimme] >> > .. >> > [2008/10/24 15:00:01, 5] auth/auth_util.c:is_trusted_domain(2055) >> > is_trusted_domain: Checking for domain trust with [azimme] >> > [2008/10/24 15:00:01, 5] >> > passdb/secrets.c:secrets_fetch_trusted_domain_password(644) >> > secrets_fetch failed! >> > [2008/10/24 15:00:01, 3] smbd/sec_ctx.c:pop_sec_ctx(432) >> > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >> > [2008/10/24 15:00:01, 10] lib/gencache.c:gencache_get(194) >> > Cache entry with key = TDOM/AZIMME couldn't be found >> > [2008/10/24 15:00:01, 5] >> > libsmb/trustdom_cache.c:trustdom_cache_fetch(183) >> > no entry for trusted domain azimme found. >> > .. >> > Primary group is 0 and contains 0 supplementary groups >> > [2008/10/24 15:00:01, 10] >> > passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1283) >> > getsampwnam (smbpasswd): search by name: b >> > [2008/10/24 15:00:01, 10] >> > passdb/pdb_smbpasswd.c:startsmbfilepwent(229) >> > startsmbfilepwent_internal: opening file /etc/samba/smbpasswd >> > [2008/10/24 15:00:01, 5] >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(527) >> > getsmbfilepwent: returning passwd entry for user bmx$, uid 9010 >> > [2008/10/24 15:00:01, 10] >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(501) >> > getsmbfilepwent: LM password for user bk invalidated >> > [2008/10/24 15:00:01, 5] >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(527) >> > getsmbfilepwent: returning passwd entry for user bk, uid 9011 >> > [2008/10/24 15:00:01, 5] >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(527) >> > getsmbfilepwent: returning passwd entry for user mk, uid 9012 >> > [2008/10/24 15:00:01, 10] >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(501) >> > getsmbfilepwent: LM password for user iserver$ invalidated >> > [2008/10/24 15:00:01, 5] >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(527) >> > getsmbfilepwent: returning passwd entry for user iserver$, uid 9021 >> > [2008/10/24 15:00:01, 5] >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(527) >> > getsmbfilepwent: returning passwd entry for user admin, uid 1000 >> > [2008/10/24 15:00:01, 5] >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(527) >> > getsmbfilepwent: returning passwd entry for user Absinthe87$, uid >> > 9022 [2008/10/24 15:00:01, 5] >> > passdb/pdb_smbpasswd.c:getsmbfilepwent(527) getsmbfilepwent: >> > returning >> > passwd
Re: [Samba] PDC announces two netbios names?
Hi Volker! Thanks for taking the time to answer. The double entry was gone when I took a look at it a few minutes ago. I guess it was expired from browse.dat in the meantime. Thanks for the help! [EMAIL PROTECTED] * Volker Lendecke <[EMAIL PROTECTED]>: > Hi, Patrick! > > On Mon, Oct 27, 2008 at 03:26:39PM +0100, Patrick Ben Koetter wrote: > > I've configured a Samba server based on Ubuntu packages. It uses LDAP as > > backend. > > > > The server announces itself using two netbios (?) names - OFFICE and SERVER. > > Originally I had planned to use OFFICE. Then I switched to SERVER. > > It should not announce both. Try 'nmblookup -A 127.0.0.1' > and see what comes back. If it's in the browsing list that > you see both, you might either just wait until it's timed > out, or shutdown nmbd, delete the file browse.dat and > restart nmbd. Then it should be gone. > > Volker > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen > phone: +49-551-37-0, fax: +49-551-37-9 > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Documentation error
Hi. Chapter 20 of "The Official Samba 3.2.x HOWTO and Reference Guide" points to http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/msdfs.html but this URL takes me to chapter 41 in stead of 20. I believe this is an error. -Remy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC announces two netbios names?
Hi, Patrick! On Mon, Oct 27, 2008 at 03:26:39PM +0100, Patrick Ben Koetter wrote: > I've configured a Samba server based on Ubuntu packages. It uses LDAP as > backend. > > The server announces itself using two netbios (?) names - OFFICE and SERVER. > Originally I had planned to use OFFICE. Then I switched to SERVER. It should not announce both. Try 'nmblookup -A 127.0.0.1' and see what comes back. If it's in the browsing list that you see both, you might either just wait until it's timed out, or shutdown nmbd, delete the file browse.dat and restart nmbd. Then it should be gone. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen pgpmFG0VW1H3i.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PID-File smbd/nmbd
Hi again, as there was no response yet, I send another ping for this. With the reference "r19533" given by Jerry I could at least find another question by Volker Lendecke who also was wondering what this patch was about - but without topic-related answer. Again, I consider it a bug because a) the behaviour is completely undocumented b) it is unnecessary because it can be more cleanly handled by the "pid directory" c) it makes startup scripts for multiple server setups more complicated Maybe I still have the wrong search string, but I could not find any discussion about in the samba-technical archives either... Best regards, Wolfgang On 19 Sep 2008 at 8:50, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > [EMAIL PROTECTED] wrote: > > >> This was a patch specifically added by request IIRC. > >> > >> commit e8bf421c018ed829b9dba7c0872693080b77d49d > >> Author: Jeremy Allison <[EMAIL PROTECTED]> > >> Date: Thu Nov 2 09:37:52 2006 + > >> > >> r19533: Add a suffix to the program name if this is a > >> process with a non-default configuration file name. > >> Jeremy. > > > > thanks for the clarification! > > > > I did not find that reference to the change, so could not know > > about its history. > > > > Nevertheless I can not see why it is useful to have such an > > automatism here. Those who use a different config file could > > have a config file option, so a new config option "pid file name" > > would have solved the problem and cause less trouble for > > others, IMHO. > > Since Jeremy committed the patch, I'll defer to him to > explain why :-) I honestly can't remember. it should be > discussed in the samba-technical archives I believe in case he > s getting old and can't remember either. > > > > > cheers, jerry > - -- > = > Samba--- http://www.samba.org > Likewise Software - http://www.likewisesoftware.com > "What man is a man who does not make the world better?" --Balian > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFI064hIR7qMdg1EfYRAkRvAJ95oTemgnbi7sn9y73U7Gdg+MMbugCg6pZ4 > eECXZw/U7WLyUX6Ib+ph4rc= > =Cfem > -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: how to setup an open share?
Michael Heydon wrote: I want to create a universally writeable, browseable share. If you're on the network, you can use it. No passwords, any user. Easy. [global] guest ok = yes browseable = yes These two lines apply to individual shares, don't put them in the global section. Add a map to guest line, probably "map to guest = bad user". Yup. That did it. Thanks for the help. sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdc
Jason, I don't know who are you replying to. Quoting "Jason A. Nunnelley" <[EMAIL PROTECTED]>: Norberto Bensa wrote: On Friday October 24 2008 11:50:53 Steven Geerts wrote: workgroup = LOCALDOMAIN.BE Are "." valid in workgroup names? I remember having problems with mine, so I changed the dot to a "_" It depends on if .be is the TLD, and in many cases I would think this is not what you mean to do. If it's a local domain, I'd make it just localdomain. If you're using just a LAN network, the .whatever TLD is not necessary and will likely promote confusion in your network. Some folks add .local, but some systems automatically do that in their add scripts (Windows). Be mindful about this. Keep in mind that blah.some.tld makes blah a different domain than some.tld, so if you put a dot in any name (before the tld) you're establishing a unique domain. -- Jason A. Nunnelley JasonN.com is my website - all opinions expressed were mine at some point. This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC announces two netbios names?
I've configured a Samba server based on Ubuntu packages. It uses LDAP as backend. The server announces itself using two netbios (?) names - OFFICE and SERVER. Originally I had planned to use OFFICE. Then I switched to SERVER. I've looked at the config files and search for any occurences of OFFICE, but I can't find any. Any ideas where I should look or what I should do? Thanks, [EMAIL PROTECTED] Here's some debug information: $ hostname server $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=8.04 DISTRIB_CODENAME=hardy DISTRIB_DESCRIPTION="Ubuntu 8.04.1" $ sudo grep -i office /etc/samba/* [EMAIL PROTECTED]:samba$ $ cat /etc/resolv.conf search office.jojo-wassersport.de nameserver 127.0.0.1 $ dig @localhost office.office.jojo-wassersport.de [EMAIL PROTECTED]:samba$ $ testparm Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[netlogon]" Processing section "[Profiles]" Processing section "[printers]" Processing section "[print$]" Processing section "[Files]" Processing section "[Training]" Processing section "[Training-Development]" Processing section "[Fotos]" Processing section "[PDF-Ausgabe]" Loaded services file OK. WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = JOJO server string = %h server (Samba, Ubuntu) interfaces = 127.0.0.0/8, eth0 map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . log level = 3 passdb:5 auth:10 winbind:2 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 server signing = auto printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = logon.bat logon path = \\server\Profiles\%U logon drive = H: logon home = \\server\%U domain logons = Yes os level = 35 domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,o=JOJO Wassersport,c=de ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = o=JOJO Wassersport,c=de ldap ssl = no ldap user suffix = ou=Users usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d [homes] comment = Eigene Dateien valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /srv/samba/netlogon admin users = root guest ok = Yes browseable = No [Profiles] comment = Roaming Profile Share path = /srv/samba/profiles read only = No profile acls = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba valid users = root, @Staff admin users = root write list = root, @Staff, @Trainer read only = No create mask = 0600 guest ok = Yes printable = Yes use client driver = Yes browseable = No [print$] comment = Printer Drivers Share path = /var/lib/samba/printers valid users = root, @Staff admin users = root, @Staff write list = @Staff, @Trainer create mask = 0664 directory mask = 0775 [Files] comment = Nutzdaten path = /srv/fileserver/files admin users = root, rolandr write list = @staff force group = Staff create mask = 0640 directory mask = 0770 [Training] comment = Unterrichtsmaterial path = /srv/fileserver/training admin users = root, rolandr read list = @trainer write list = @staff force group = Trainer create mask = 0660 directory mask = 0770 [Training-Development] comment = Unterrichtsmaterial in Entwicklung path = /srv/fileserver/training_developement admin users = root, rolandr
[Samba] Windows Clients Can't join a Samba-OpenLDAP Domain (bad passwod after 30 seconds)
Hi, I'm testing with a samba pdc openldap and I'm a bit confused of what I'm doing wrong. I have read some samba documentation and followed samba/openldap tutorials successfully , but I'm absolutely a novice. The problem is that when I'm trying to join the domain on windows machines and I put an Administrator user/password it says me that credentials are incorrect. When I try to find samba logs I get: lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was El otro extremo de la conexión no está conectado lib/access.c:check_access(327) Connection denied from 0.0.0.0 lib/util_sock.c:write_data(562) write_data: write failure in writing to client 0.0.0.0. Error Conexion reinicializada por la máquina remota lib/util_sock.c:send_smb(761) Error writing 5 bytes to client. -1. ( Error Conexion Reinicializada por la máquina remota) I've read that I can add "smb ports = 139" to conf file but if I add this line I see no logs and the result is the same. Currently I have OpenLDAP and LAM working fine, and I used smbldap-tools without problems Can anyone help me?? Regards. Pere. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Interdomain trust between Samba and W2003 ADS in native mode
Can you share us some more information on how you configured everyting. Did you try trusting a 2003 AD domain to your samba domain? Should be great if this was possible? Best regards steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sébastien Prud'homme Sent: maandag 27 oktober 2008 13:16 To: Gerald Carter Cc: samba@lists.samba.org Subject: Re: [Samba] Re: Interdomain trust between Samba and W2003 ADS in native mode Thanks. FYI i have set up my Samba system to use the ADS DNS and i've configured /etc/krb5.conf with the ADS realm and now i can see ADS users and groups with wbinfo :-) I also changed some Samba conf as read in Red Hat Knowlegde Base (my distro is RHEL5.2): client schannel = No client use spnego = No server signing = Auto 2008/10/25 Gerald Carter <[EMAIL PROTECTED]>: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hey Ryan, > >> Samba3 cannot act as an AD domain controller and therefore cannot >> operate in a trust with a native mode AD domain. Samba4 will be able >> to do this but it is still under heavy development. >> >> If you put your AD domain in mixed mode, you should be able to create >> the trust although I'm not sure if you can convert a native to mixed >> mode or not... > > This is incorrect. Native mode AD can have trusts with NT4 domains > (and therefore with Sambas as well). > > > > > > cheers, jerry > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFJA2CAIR7qMdg1EfYRAgozAKDC8+hK93zGK0NTA6U1WGrCqV88/gCg2Z/I > PPW3rEqIWTlJiAUVTTMmtT8= > =+V6v > -END PGP SIGNATURE- > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Interdomain trust between Samba and W2003 ADS in native mode
Thanks. FYI i have set up my Samba system to use the ADS DNS and i've configured /etc/krb5.conf with the ADS realm and now i can see ADS users and groups with wbinfo :-) I also changed some Samba conf as read in Red Hat Knowlegde Base (my distro is RHEL5.2): client schannel = No client use spnego = No server signing = Auto 2008/10/25 Gerald Carter <[EMAIL PROTECTED]>: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hey Ryan, > >> Samba3 cannot act as an AD domain controller and therefore cannot >> operate in a trust with a native mode AD domain. Samba4 will be able >> to do this but it is still under heavy development. >> >> If you put your AD domain in mixed mode, you should be able to create >> the trust although I'm not sure if you can convert a native to mixed >> mode or not... > > This is incorrect. Native mode AD can have trusts with NT4 domains > (and therefore with Sambas as well). > > > > > > cheers, jerry > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFJA2CAIR7qMdg1EfYRAgozAKDC8+hK93zGK0NTA6U1WGrCqV88/gCg2Z/I > PPW3rEqIWTlJiAUVTTMmtT8= > =+V6v > -END PGP SIGNATURE- > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steven Geerts wrote: > I think your mixing with netbios name. > > How do you specify otherwise whether your domain is .com or .be, or ... In the case of Active Directory you do so by specifying the "realm" option in your smb.conf, the workgroup parameter should be filled with the netbios representation of your domain. Regards, Jelmer Jaarsma -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkFk/kACgkQ3bV1+S5veEi5lwCeIXBM701QwpmAkfyqfVpVulcr 9XAAnRdsOxTUU6AJDBDdNjTdmxQcQr/o =klAC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] pdc
I think your mixing with netbios name. How do you specify otherwise whether your domain is .com or .be, or ... Best regards steven -Original Message- From: Norberto Bensa [mailto:[EMAIL PROTECTED] Sent: maandag 27 oktober 2008 10:58 To: samba@lists.samba.org; [EMAIL PROTECTED] Subject: Re: [Samba] pdc On Friday October 24 2008 11:50:53 Steven Geerts wrote: > workgroup = LOCALDOMAIN.BE Are "." valid in workgroup names? I remember having problems with mine, so I changed the dot to a "_" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdc
On Friday October 24 2008 11:50:53 Steven Geerts wrote: > workgroup = LOCALDOMAIN.BE Are "." valid in workgroup names? I remember having problems with mine, so I changed the dot to a "_" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] pdc
Yes it was, but this didn't solve my problem :-) Thanks sg -Original Message- From: Brent Clark [mailto:[EMAIL PROTECTED] Sent: maandag 27 oktober 2008 9:19 To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] pdc Steven Geerts wrote: > Hi > > > > add machine script = /usr/sbin/useradd -s /bin/false -d > /var/llib/nobody %u > > Isnt this a typo (/var/llib). Regards Brent Clark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdc
Steven Geerts wrote: Hi add machine script = /usr/sbin/useradd -s /bin/false -d /var/llib/nobody %u Isnt this a typo (/var/llib). Regards Brent Clark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
