Re: [Samba] Problems with Samba4 implimentation

[derwyn]

Thanks Andrew will direct all queries to the samba-technical  and keep 
posted about the same.



Derwyn


David Wells wrote:

Andrew Bartlett wrote:

With Samba4, it *should* work just as AD does, however we don't
currently support the full AD schema (which some of this functionality
requires).

Pretty much all the group policy stuff is client side, so Samba's role
is surprisingly limited.

Andrew Bartlett

  
Great to know about that! Thank you very much for the tip and sorry 
about the misleading reply.


Best regards, David Wells.




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Acces denied with usrmgr.exe

[Jim McDonough]

On Tue, Feb 17, 2009 at 12:28 AM, HB  wrote:
> You're right. In 3.3.0 release notes I can read :
>* Fix usrmgr opening a user object as non-root.
>
> I guess I have to recompile and upgrade to 3.3.0 (I am in 3.2.7) .
It's also in 3.2.8.

-- 
Jim McDonough
Samba Team
jmcd at samba dot org
jmcd at themcdonoughs dot org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba PDC

[Miguel Medalha]

I have a Fedora 6 with samba 3.0.2465 working great as a PDC with 
Win98 clients. The server has domain logon working and login scripts 
running I have made a second server to replace the first but after 
upgrading beyond Fedora 8 it no longer works. I can see shares with 
Vista64 Business and XP Pro although they will not authenticate but  
the win98 boxes I get "the domain password you supplied is not correct 
or access to your server has been denied."



I am not sure if this applies to your case or to the samba version you 
quote, but recently the defaults for parameters "client lanman auth" and 
"lanman auth" have been changed from "Yes" to "No". Disabling this 
option will also disable the |client plaintext auth| option.


Please consult the smb.conf man page for these parameters.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba-3.2.8 - KRB5_KT_UNKNOWN_TYPE;

[Jeremy Allison]

On Mon, Feb 16, 2009 at 08:33:47AM -0700, Glenn Machin wrote:
>
> When "use kerberos keytab = yes" in smb.conf is set with samba-3.2.8 and  
> the environment variable KRB5_KTNAME is not set with the value using  
> prefix "FILE:" or the default_keytab in /etc/krb5.conf is set without  
> the prefix i.e.
>default_keytab_name = /etc/v5srvtab
>
> then the function smb_krb5_open_keytab() returns KRB5_KT_UNKNOWN_TYPE.
>
> If smb_krb5_open_keytab with a filename "/etc/v5srvtab" it would work  
> fine, however if the "default" keytab is used the expectation is that it  
> must have a prefix "FILE:" or "WRFILE:". 
>
> Is this the correct logic?   It appears that the loop
> while (next_token_talloc(mem_ctx, &tmp, &kt_str, ",")) {
>
> Should have the test
>
>if (tmp[0] == '/')
>   found_valid_name = True;

Looks correct to me. Here is the patch I'll add.

Thanks,

Jeremy.
diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c
index 66dd5f6..9fd4914 100644
--- a/source/libsmb/clikrb5.c
+++ b/source/libsmb/clikrb5.c
@@ -1749,6 +1749,11 @@ done:
tmp += 5;
}
 
+   if (tmp[0] == '/') {
+   /* Treat as a FILE: keytab definition. */
+   found_valid_name = true;
+   }
+
if (found_valid_name) {
if (tmp[0] != '/') {
ret = KRB5_KT_BADNAME;
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba+acl problem on OSX

[James Peach]

2009/2/17 Eero Volotinen :
> I have problem using samba+acl (ext3+acl) on OSX client.
>
> Access rights works fine on Linux and Windows series, but OSX Leopard says
> access denied to every directory that is using acl.
>
> Is OSX cifs client too stripped that it cannot use acl or is this OSX bug?
> Is there any solution on OSX that can access samba+acl directories?

The Mac OS X client looks at the posix mode bits to preflight access
checks. you can disable this on the server side by setting "unix
extensions = no"

-- 
James Peach | jor...@gmail.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba PDC

[Carl Parsons]

Hello

I have a Fedora 6 with samba 3.0.2465 working great as a PDC with Win98 
clients. The server has domain logon working and login scripts running I 
have made a second server to replace the first but after upgrading 
beyond Fedora 8 it no longer works. I can see shares with Vista64 
Business and XP Pro although they will not authenticate but  the win98 
boxes I get "the domain password you supplied is not correct or access 
to your server has been denied."


Any suggestions would be appreciated I have been working on this for 
ages and run out of idea's Perhaps I need to specify the char set which 
I might try I am not bothered about Vista or XP just win98.



Carl



# Samba config file created using SWAT
# from
# Date: 2009/02/04 17:26:57

[global]
   workgroup = DOMAIN
   server string = FEDORA %v on %h
   interfaces = 192.168.1.3/24
   log level = 10
   log file = /var/log/samba/samba.%m
   max log size = 50
   time server = Yes
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 
SO_RCVBUF=8192

   add user script = /usr/sbin/useradd -m '%u' -g users -G users
   delete user script = /usr/sbin/userdel -r %u
   add group script = /usr/sbin/groupadd %g
   delete group script = /usr/sbin/groupdel %g
   add user to group script = /usr/sbin/usernod -G %g %u
   add machine script = /usr/sbin/useradd -s /bin/false/ -d 
/var/lib/nobody %u

   logon script = %U.bat
   logon path = \\%N\profiles\%u
   domain logons = Yes
   os level = 65
   preferred master = Yes
   domain master = Yes
   dns proxy = No
   wins support = Yes
   idmap uid = 15000-2
   idmap gid = 15000-2
   template shell = /bin/bash
   winbind enum groups = No
   invalid users = bin, deamon, sys, man, postfix, mail, ftp
   admin users = @wheel
   hosts allow = 192.168.1., 127., 192.168.1.41
   printer name = Epson


[netlogon]
   path = /home/samba/netlogon
   valid users = root, @smbusers
   browseable = No

[profiles]
   path = /home/samba/profiles
   valid users = root, @smbusers
   read only = No
   create mask = 0700
   directory mask = 0700
   browseable = No

[homes]
   comment = Home Directories
   path = /home/%U
   force group = staff
   read only = No
   create mask = 0700
   directory mask = 0700
   browseable = No

[printers]
   comment = All Printers
   path = /var/spool/samba
   printable = Yes
   browseable = No

[public]
   comment = Public Stuff
   path = /home/public
   valid users = @staff
   force group = staff
   read only = No
   create mask = 0775
   directory mask = 0775
   guest ok = Yes

tail log.nmbd

[2009/02/17 21:31:54,  3] 
nmbd/nmbd_become_dmb.c:become_domain_master_query_success(223)

 become_domain_master_query_success():
 Our address (192.168.1.3) returned in query for name DOMAIN<1b> 
(domain master browser name) on subnet UNICAST_SUBNET.

 Continuing with domain master code.
[2009/02/17 21:31:54,  2] 
nmbd/nmbd_become_dmb.c:become_domain_master_stage1(178)
 become_domain_master_stage1: Becoming domain master browser for 
workgroup DBTECH on subnet UNICAST_SUBNET
[2009/02/17 21:31:54,  4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(170)
 find_workgroup_on_subnet: workgroup search for DBTECH on subnet 
UNICAST_SUBNET: found.
[2009/02/17 21:31:54,  3] 
nmbd/nmbd_become_dmb.c:become_domain_master_stage1(187)

 become_domain_master_stage1: go to first stage: register <1b> name
[2009/02/17 21:31:54,  3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(250)
 add_name_to_subnet: Added netbios name DOMAIN<1b> with first IP 
192.168.1.3 ttl=259200 nb_flags=64 to subnet UNICAST_SUBNET
[2009/02/17 21:31:54,  6] 
nmbd/nmbd_nameregister.c:multihomed_register_one(322)
 Registering name DBTECH<1b> IP 192.168.1.3 with WINS server 127.0.0.1 
using tag '*'
[2009/02/17 21:31:54,  4] 
nmbd/nmbd_packets.c:initiate_multihomed_name_register_packet(359)
 initiate_multihomed_name_register_packet: sending registration for 
name DOMAIN<1b> IP 192.168.1.3 (bcast=No) to IP 127.0.0.1

[2009/02/17 21:31:54,  5] libsmb/nmblib.c:send_udp(824)
 Sending a packet of len 68 to (127.0.0.1) on port 137
[2009/02/17 21:31:54,  4] 
nmbd/nmbd_responserecordsdb.c:add_response_record(37)
 add_response_record: adding response record id:16407 to subnet 
UNICAST_SUBNET. num_records:14
[2009/02/17 21:31:54,  4] 
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(170)
 find_workgroup_on_subnet: workgroup search for DOMAIN on subnet 
192.168.1.3: found.
[2009/02/17 21:31:54, 10] 
nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(381)
 announce_myself_to_domain_master_browser: t (1234906314) - 
last(1234906313) < 900

[2009/02/17 21:35:44,  0] nmbd/nmbd.c:main(849)
 nmbd version 3.2.8-0.26.fc10 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2009
[2009/02/17 21:35:44,  5] lib/debug.c:debug_dump_status(407)
 INFO: Current debug levels:
   all: True/10
   tdb: False/0
   printdrivers: False/0
   

[Samba] Help with Samba, RHEL 5.0, and policies

[Scott R. Ehrlich]

I have an isolated LAN with an out-of-box installation of RHEL 5.0 Server 
64-bit running samba, with some CentOS 5.0 systems and Windows XP w/SP2 
machines.   The XP machines are part of a domain via the RHEL Samba setup.


I want to be able to control such things as the XP Event Viewer loggings - 
the catagories Application, System, and Security, have options to let the 
log sizes:


- Overwrite events as neededed
- Overwrite events older than x days
- Do not overwrite events (clear log manually)

If I log in as local admin and select, for example, Do not overwrite, then 
reboot, that same machine will switch to Overwrite events as needed. 
This occurs on all the Windows XP machines on this samba domain.


Is the version of samba that comes with RHEL 5.0 out-of-box, unpatched, 
capable of managing this kind of setting?  If so, how?


Said Windows machines were new installs that were built up by me and this 
is the only domain they have been on.


So, how do I control this?

Thanks.

Scott
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Users lose connections after restarting servers.

[Robert Steinmetz]

I've had a long running problem with two servers. One is the PDC of a NT 
style domain one is a Member Server. Sometimes when I restart the 
servers after maintenance some users lose connections to the Member 
Server. Sometimes it takes several hours for the problem to show up 
(today it took about 16 hours).


I have been unable to determine the cause but I can usually solve it by 
restarting the samba daemons on both machines. Once it works the servers 
run happily until the next restart.


The only errors logged on the PDC seem to be this one in log.wb-ATLANTA

cli_pipe_validate_current_pdu: RPC fault code 
DCERPC_FAULT_OP_RNG_ERROR received from remote machine THELMA pipe 
\lsarpc fnum 0x74f0!

ATLANTA is the domain name.

and this one in log.192.168.1.25 - The IP address of the Member Server, 
its name is LOUISE
  _netr_ServerAuthenticate2: netlogon_creds_server_check failed. 
Rejecting auth re

quest from client LOUISE machine account LOUISE$

Here is the Version Information


[2009/02/17 11:26:52,  0] smbd/server.c:main(1213)
  smbd version 3.2.3 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008
Linux version 2.6.27-9-generic (bui...@yellow)
(gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu11) )
#1 SMP Thu Nov 20 22:15:32 UTC 2008 (Ubuntu 2.6.27-9.19-generic)



--
Robert Steinmetz, AIA
Principal
Steinmetz & Associates
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba+acl problem on OSX

[Eero Volotinen]

I have problem using samba+acl (ext3+acl) on OSX client.

Access rights works fine on Linux and Windows series, but OSX Leopard 
says access denied to every directory that is using acl.


Is OSX cifs client too stripped that it cannot use acl or is this OSX 
bug? Is there any solution on OSX that can access samba+acl directories?


thanks,
--
Eero
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Fwd: Winbindd crash with 3.3.0

[François Legal]

Hello, 
I thought it would be better to make a new thread on this specific
point though it is related to the other thread I opened yesterday
(Trustom not working after upgrade to 3.3.0) 
So this crash occurs at least in 3.2.6 and 3.3.0 (I raised bug 6034
on 3.2.6 but it also applies to 3.3.0) but not in 3.2.4. I did not
check with the intermediate versions, but I guess this must be present
since 3.2.6 to current. 

This crash happens when the remote DC present domain groups with non
domain users members (in my case, this was a badly configured trusted
samba PDC), and winbindd tries to enumerate the group members. 
I'd be glad to track this down to the code, but so far I've been
unable to build binaries with debug synbols useables by gdb. 
François
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Strange issue with Samba + LDAP + Domain Member

[Bryan Celentano]

Hello,

Thank you for the replies, I will try the first, but in regards to your
reply Ray, as soon as I do that, the domain member complains of
NT_STATUS_ACCESS_DENIED, but the errors are removed from the Domain
Controller.

Regards,
Bryan

-Original Message-
From: Ray Klassen [mailto:rayklas...@gmail.com] 
Sent: 16 February 2009 17:08
To: John Drescher
Cc: Bryan Celentano; Samba mailing list
Subject: Re: [Samba] Strange issue with Samba + LDAP + Domain Member

I get around this by including

nss_base_passwd ou=Computers,dc=mydomain,dc=com?one

in /etc/ldap.conf

if nss_ldap isn't looking in your computers tree for passwd entries,
it will never see them as unix accounts.


On Sun, Feb 15, 2009 at 1:27 PM, John Drescher  wrote:
> On Sun, Feb 15, 2009 at 12:27 PM, Bryan Celentano
>  wrote:
>> Hey,
>>
>>
>>
>> I keep posting but no replies yet, this is a new issue, the rest I seem
to
>> have fixed.
>>
>>
>>
>> I have an odd issue:
>>
>>
>>
>> *   When I do net rpc join the PDC creates the account, and puts it
into
>> LDAP, which looks fine.
>> *   I then can access the domain and winbind works fine from the
Domain
>> Member server.
>> *   On the PDC I see the following error: "pdb_get_group_sid: Failed
to
>> find Unix account for member$"
>> *   So I had a look into the nss_ldap and found it wasn't searching
the
>> ou=computers, so I added this in, and the error goes.
>> *   Then I have a new issue, the domain member and winbind fails with
>> NT_ACCESS_DENIED.
>> *   So I remove the nss_ldap entry for the ou=computers and it all
works
>> again.
>>
>>
>>
>> Has anyone come across this issue?  Any help would be great.
>>
>
> Yes. I have this issue (and have had it for at least 5 years) using
> the smbldap-tools. To workaround I now just precreate an account using
> LAM (http://lam.sourceforge.net/) and then all is well with the PDC
> join. The previous workaround was to create a user for the machine
> account on the pdc first in the /etc/passwd.
>
> John
>
> John
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


This message has been scanned for malware by SurfControl plc. 
www.surfcontrol.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Time capsule and "bad smb"

[James Peach]

2009/2/16 Jeremy Allison :
> On Mon, Feb 16, 2009 at 09:42:48PM -0800, James Peach wrote:
>>
>> Volker's suggestion is the best.
>>
>> Pietro should to  and log a
>> bug against the TIme Capsule. It would be best to attach a packet
>> trace to the bug. Follow the instructions here:
>>
>> 
>
> Boo, hiss, cop-out :-).
>
>> I'll try and dig up a time capsule to bring to Connectathon next week
>> if any of the Linux smbfs folks would like to test against it ...
>
> Sure, I'll be there and I'd love to take a look at it.
> Will there be any Time Capsule engineers there though
> if we do find bugs ?

No, but if you do the testing, I'll write up the bugs for you

-- 
James Peach | jor...@gmail.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Time capsule and "bad smb"

[Jeremy Allison]

On Tue, Feb 17, 2009 at 08:44:48AM -0800, James Peach wrote:
> 2009/2/16 Jeremy Allison :
> > On Mon, Feb 16, 2009 at 09:42:48PM -0800, James Peach wrote:
> >>
> >> Volker's suggestion is the best.
> >>
> >> Pietro should to  and log a
> >> bug against the TIme Capsule. It would be best to attach a packet
> >> trace to the bug. Follow the instructions here:
> >>
> >> 
> >
> > Boo, hiss, cop-out :-).
> >
> >> I'll try and dig up a time capsule to bring to Connectathon next week
> >> if any of the Linux smbfs folks would like to test against it ...
> >
> > Sure, I'll be there and I'd love to take a look at it.
> > Will there be any Time Capsule engineers there though
> > if we do find bugs ?
> 
> No, but if you do the testing, I'll write up the bugs for you

Fair enough :-). Let's do it next week.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] suse 11 and windows user profiles rescue

[Bronzetti Maurizio]

use samba for the domain at work, when windows reload the profile from the
server are downloaded files like this: 
Prf1 **. tmp: zone.Identifier: $ DATA seen from linux 
PON4AS ~ 9 seen from windows 
Files that are dirty, the desktop and the My Documents folder 
Know Somebody depends on what and how? 
regards

Bronzetti Maurizio
Iride Service srl
Via  A. Novella, 15
47811 Viserba di Rimini
Tel. 0541 736385
Cel. 3355756654
Fax 0541 449424
P.I. 02570110409
http://www.irideservice.com
E-Mail:mbronze...@irideservice.com

Le informazioni trasmesse sono da intendere solo per la persona e/o ente a
cui sono indirizzate, possono contenere documenti confidenziali e/o
materiale riservato.Qualsiasi modifica, inoltro, diffusione o altro
utilizzo, relativo alle informazioni trasmesse, da parte di persone e/o
enti, diversi dai destinatari indicati, e' proibito ai sensi della legge
196/2003. Se lei ha ricevuto questa mail per errore, per favore contatti il
mittente e cancelli queste informazioni da ogni computer.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Re: mount.cifs is not working (smbclient does work), somekind of recursive content in mount-dir

[m . verkerk]

Dear all,

This is still not solved, but we came up with a workaround:

The win2008 server generates a sort of an admin share, just like C$,
for each point we would like to mount. That way we are able to skip
the complete path and just mount to e.g.:

//server/data1$

Kind regards,
Marijn

On Jan 30, 11:00 am, "M. Verkerk"  wrote:
> modinfo cifs:
>
>  filename:       /lib/modules/2.6.24-21-generic/kernel/fs/cifs/cifs.ko
> version:        1.52
> description:    VFS to access servers complying with the SNIA CIFS
> Specification e.g. Samba and Windows
> license:        GPL
> author:         Steve French 
> srcversion:     358B7F0F1DB5F2E9360AFD9
> depends:
> vermagic:       2.6.24-21-generic SMP mod_unload 586
> parm:           CIFSMaxBufSize:Network buffer size (not including header).
> Default: 16384 Range: 8192 to 130048 (int)
> parm:           cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to
> 64 (int)
> parm:           cifs_min_small:Small network buffers in pool. Default: 30
> Range: 2 to 256 (int)
> parm:           cifs_max_pending:Simultaneous requests to server. Default:
> 50 Range: 2 to 256 (int)
>
> Thanks!
>
> > please post the outcome of 'modinfo cifs' (done as root).
>
> > Cheers, Günter
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] RE: Long printer name in CUPS not appear in Samba

[Andrea Zagli]

Il giorno lun 16 feb 2009 14:06:47 CET, HB ha scritto:

Does anyone observe this 15 chars limitation between CUPS and Samba ?


yes, with an old samba version that i don't remember

i didn't try with the current version

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Trustom not working after upgrade to 3.3.0

[François Legal]

So it seems I was wrong when stating "reverting trusted PDC to 3.2.4 fixes
the problem".
When I do that, then I fall in what seem to be a bug that I raised on 3.2.6
(Bug 6034)

I will try to do more research on that, since when I raised the bug, I
could not get a valid backtrace in gdb.

On Mon, 16 Feb 2009 23:05:30 +0100, François Legal 
wrote:
> 
> 
> Hello, 
> I was running 3.2.4 successfully with trustdom relationship (one way
> only) working perfectly. 
> 
> I'm trying now to upgrade to 3.3.0, but the relationship seems to be
> down now. Revoking and re establishing did not help. I had the same
> issue while trying to update to 3.2.6 
> By checking the logs, it seems that trusting domain PDC is not
> sending the correct password to trusted domain PDC when connectiong to
> the Samr pipe. 
> 
> Reverting trusted domain PDC to 3.2.4 fixes the problem. 
> I can provide level 10 logs of both PDCs (smbd for trusted and
> winbindd for trusting). 
> Anybody can help ? 
> Thanks 
> François
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems with Samba4 implimentation

[David Wells]

Andrew Bartlett wrote:

With Samba4, it *should* work just as AD does, however we don't
currently support the full AD schema (which some of this functionality
requires).

Pretty much all the group policy stuff is client side, so Samba's role
is surprisingly limited.

Andrew Bartlett

  
Great to know about that! Thank you very much for the tip and sorry 
about the misleading reply.


Best regards, David Wells.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Over 400 smbd pid's?

[Volker Lendecke]

On Mon, Feb 16, 2009 at 06:07:28PM -0800, Ed Kasky wrote:

> In this case, if it were acting up, I assume that I would be looking 
> for multiple instances of 0xc9292600 correct?

Yes. But this time it seems it's a different fd. You first
need to catch a stuck smbd, see with strace which fd it
wants to write to, then look with lsof for that fd in that
process and then find the other end with grepping for the
corresponding 0x... value.

Volker


pgpcvWNV2PSyq.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Howto force all users of a samba domain controller to change their password ?

[BOURIAUD]

Hi !
I'still running a samba domain controller on a rhel 5 machine, so it is 
version samba-3.0.33-3.7.el5. Users and accounts are still stored in a ldap 
database and everything works fine.
Now that my setup is complete, I'd like to 
- force every user of the domain to change their password the next time they 
open a session on their workstation
- be sure that the password is complex enough
- have it that they don't put the same password as the old one.
I've read many a thing about those topics, and tryed many things, but so far I 
haven't found anything very usefull.
Somewhere I've read that there were modifications to be done using pdbedit so 
as to set the next time the password must be changed. I've tryed on my 
account, it doesn't work as I expected it to do : the password is valid for 
the time passed as an argument, and that's not what I want.
Next, I've read about a cracklib-checker that can be called via the smb.conf 
file, but I don't have this cracklib-checker installed on my system, and I 
don't really know where to find it.
Thanks in advance for any help provided.


P.S. I've searched the docs on samba.org, but I haven't found anything 
relevant, and searching the web with "samba force user change password" gives 
many results that don't cover what I'm searching for.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: Fw: [Samba] specified network path no longer available

[Ben Chitambira]

No joy upto now. Is there anything buggy in latest version of sofs-1.5.2? i.e 
samba-3.2.7-ctdb.54

--- On Fri, 6/2/09, Ben Chitambira  wrote:
From: Ben Chitambira 
Subject: Fw: [Samba] specified network path no longer available
To: samba@lists.samba.org
Date: Friday, 6 February, 2009, 5:34 PM

Following the problem below, I wanted to add that my users are accessing the
samba shares using a single name \\Smb_Srv\share1 (which is set as
the netbios name in smb.conf of all the nodes). Smb_Srv is set up in dns round
robin load balancing to point to the ip addresses of the three nodes.

I have just realised that if you make Smb_Srv point to only one fixed ip
address, the clients don not get the error msg, although performance sucks. This
is giving me another awkward idea: that the something is causing the clients to
query the dns entry for Smb_Srv (more often and in the middle of the write) and
when this happens, and the DNS returns another different IP (due to round
robin), the client makes a new connection on this specific node, and closes the
connection to the previos node, hence the error "specified network path bla
bla.."

If this really an issue for clustered samba or I am describing a false
scenario?
Does inreasing DNS TTL for Smb_Srv or these specific nodes help?
Why do the windows clients have to query the dns within such a short space of
time

Thanks

--- On Thu, 5/2/09, Ben Chitambira  wrote:
From: Ben Chitambira 
Subject: [Samba] specified network path no longer available
To: samba@lists.samba.org
Date: Thursday, 5 February, 2009, 3:40 PM

I am having the "network path no longer available" issue and below is
the log for the XP client concerned. This happens when copying a file from XP
to
the samba share. This is Centos 5, Sofs 1.5.2. with 3 nodes serving smb,nfs and
ftp. domain controller is a separate linux samba pdc. auth is ldap. SO_RCVBUF
and SO_SNDBUF both are 8192 with TCP_NODELAY.

First technical consience tells me to set
   smb ports = 445
But the write_data failures are baffling.
I am also considering increasing SO_RCVBUF and SNDBUFF

How best can I address this? I believe I have the most recent/up to date
software. This is affecting my users in production, so severity is critical.
Thanks for help in advance.

/var/log/samba/computer1.log
[2009/02/05 12:05:29,  0] modules/vfs_tsmsm.c:tsmsm_is_offline(209)
  Stale DMAPI session, re-creating it.
[2009/02/05 12:05:30,  1] smbd/service.c:close_cnum(1405)
  ls20094 (:::10.31.6.30) closed connection to service share1
[2009/02/05 12:05:32,  1] smbd/service.c:make_connection_snum(1194)
  ls20094 (:::10.31.6.30) connect to service lmf initially as user
bchitambira (uid=9426, gid=1010) (pid 31919)
[2009/02/05 12:05:32,  1] smbd/service.c:close_cnum(1405)
  ls20094 (:::10.31.6.30) closed connection to service share1
[2009/02/05 12:23:53,  0] lib/util_sock.c:write_data(1136)
[2009/02/05 12:23:53,  0] lib/util_sock.c:get_peer_addr_internal(1676)
  getpeername failed. Error was Transport endpoint is not connected
  write_data: write failure in writing to client 0.0.0.0. Error Connection
reset by peer
[2009/02/05 12:23:53,  0] smbd/process.c:srv_send_smb(74)
  Error writing 4 bytes to client. -1. (Transport endpoint is not connected)
[2009/02/05 12:24:04,  0] lib/util_sock.c:write_data(1136)
[2009/02/05 12:24:04,  0] lib/util_sock.c:get_peer_addr_internal(1676)
  getpeername failed. Error was Transport endpoint is not connected
  write_data: write failure in writing to client 0.0.0.0. Error Connection
reset by peer
[2009/02/05 12:24:04,  0] smbd/process.c:srv_send_smb(74)
  Error writing 4 bytes to client. -1. (Transport endpoint is not connected)

Benny Chitambira
*nixAdmin




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Bits from the Samba packaging team in Debian

[Christian Perrier]

Hello dear Samba (and hopefully Debian/Ubuntu) users,

Please find here some news from the team that packages Samba for
Debian (and threfore indirectly for Ubuntu).

As some of you might know, Debian 5.0 "lenny" was released on February
14th.

Samba provided in lenny in the 3.2.5 version plus two fixes from
3.2.6:

  * Fix segfault whan accessign some NAS devices running old versions of Samba
Closes: #500129
  * Fix process crush when using gethostbyname_r in several threads
Closes: #509101, #510450

As usual with the policy in Debian wrt stable releases, we will stick
to that version and only security fixes should go in Lenny.

However, we are considering to fix a few issues that could be
considered close to "release critical", some of them being fixed in
3.2.6.


Of course, as soon as Debian stable is released, the development of
the next Debian version begins. That version, codename "squeeze", is
of course not planned yet. You can bet on something like 18-24 months
release cycle, as usual.

Samba 3.3.0, which we were parking in Debian experimental, thus
appeared on Sunday Feb. 15th in Debian unstable (and soon Debian
testing, hopefully. That version has no important packaging change wrt
3.2.5 and should therefore be as stable as the Samba Team made it..:-)

One important change we plan to do is now compiling Samba with CTDB,
thanks to the great work of Mathieu Parent, who maintains the ctdb
package. While I'm personnally ignorant about CTDB, I think we can see
this as a very promising evolution.

Another important evolution is the preparation of parallel
installations of Samba 3 and Samba 4 on the same server. This will
probably happen for Squeeze, with the great help of Jelmer Vernooij,
who maintains samba4 packages.

We will also continue to maintain packages for Etch, the former Debian
release (these are 3.0.24-based) as long as that release is officially
supported in Debian and, hopefully, we will maintain backported
packages of 3.3.* for Lenny, on http://www.backports.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba