Re: [Samba] Clarification of 'administrator' config w/ldap

2009-04-21 Thread jeff sacksteder 
> run smbpasswd -a root and put in root's password.

So on a client machine, I can now authenticate with 'root' and the
appropriate passwd, but shouldn't the smbusers mapping cause
administrator to work the same way?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Clarification of 'administrator' config w/ldap

2009-04-21 Thread jeff sacksteder 
> run smbpasswd -a root and put in root's password.

Leaving aside for the moment granting privileges to user accounts, I
did the above. I set log level =3 and recorded the following(somewhat
anonymized). Again, root is a normal unix account, I have mappings to
administrator and MYDOMAIN\administrator in smb users. All other
accounts are in LDAP.

[2009/04/21 21:31:51, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user
[mydomain]\[administrat...@[dell] with the new password interface
[2009/04/21 21:31:51, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [mydomain]\[administrat...@[dell]
[2009/04/21 21:31:51, 3] auth/auth_sam.c:check_sam_security(281)
  check_sam_security: Couldn't find user 'administrator' in passdb.
[2009/04/21 21:31:51, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain
[MYDOMAIN] was for this SAM.
[2009/04/21 21:31:51, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [administrator] ->
[administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2009/04/21 21:31:51, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE

>
> jeff sacksteder wrote:
>>
>> As you say, I see 'root = administrator' in smbuser, but I am still
>> unable to authenticate as administrator. During the authentication
>> attempt the following log entry is recorded-
>>
>> check_ntlm_password:  Authentication for user [administrator] ->
>> [administrator] FAILED with error NT_STATUS_NO_SUCH_USER
>>
>>  I believe that I need to use make an entry with pdbedit linking the
>> domain admin sid to root.
>> However, trying that produces-
>>
>> smbldap_search_domain_info: Searching
>> for:[(&(objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))]
>> smbldap_open_connection: connection opened
>> Username not found!
>>
>> So what more do I need to add?
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba and the application of MS patch KB852004 - madness may follow

2009-04-21 Thread mwfolsom 
Where I work recently (about a week ago) applied the patch KB852004 to  
their XP Pro boxes and things in the samba world are now broken.


The setup has been working for quite a while - a Linux box with a samba  
3.0.24 server on it to allow WIndows users to access shares on the system.


The only other things about it is that the server does kerberos  
authentication and "security = server" so its not really joined to the  
domain. Please bear with me here - its not a standard domain and joining to  
the domain has been problematic in the past. I am assured and believe the  
structure of the domain has not been altered in over a month so things are  
pointing to the patch but it seems not to be totally black and white.  
Essentially I have one XP Pro box that still can browse/access files on the  
server and many others, actually ALL, can't. Both XP boxes show that the  
patch is installed. The server is on a separate subnet. By-the-by, the one  
XP Pro 64bit system I have works fine against the samba server.


A co-worker used a packet sniffer to watch connections to the server and  
here is what he sent me:


From what I see, xxx.x.12.10 (the box that fails) is connecting to samba  
server but is getting rejected. The packet is interpreted as  
“NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED”. Then the  
connection closes. So it doesn't look like a network issue, but rather an  
authentication issue. For xxx.x.12.12, which works, the same error message  
displays, but then xxx.x.12.12 sends the user name. 12.10 never sends the  
user name.


Looking at this issue there is another thread elsewhere:
http://www.vistax64.com/windows-updates/222302-kb952004-breaks-samba-sharing.html

it seems that this is also a problem with vista.

So, my questions -

Is the patch KB852004 really the cause of this problem?

Is there a workaround that I can add to the systems smb.conf file that will  
save me from rebuilding dozes of otherwise productive systems?



Thanks -

Mike
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Fw: install problem

2009-04-21 Thread Richard Hatherly 

OS : Debian Etch.
samba version : 3.0.24


I have  a problem with a vendors software that won't install. The install
gets stopped with this error :-

The file s:\wyongauto\AMWIN\UNWISE.EXE' could not be opened. please check
that your disk is not full and that you have access to the destionation
directory. Access is Denied.

There are no problems reading and writing to the shares.

I am not sure where to start with debugging this problem,

here are some snips from the debug set at log level 6. , I have the entire 
log if you would like me to post it somewhere.


Any help would be appreciated.

Regards,

Richard

open_file_ntcreate: FILE_OPEN requested for file Software Filing 
System/WyongAuto/SetupV7610Full.exe.Manifest and file doesn't exist

smbd/msdfs.c:is_msdfs_link(269)
 is_msdfs_link: Software Filing System/WyongAuto/SetupV7610Full.exe.Local 
does not exist.

[2009/04/22 08:40:45, 3] smbd/trans2.c:call_trans2qfilepathinfo(2937)
 call_trans2qfilepathinfo: SMB_VFS_STAT of Software Filing 
System/WyongAuto/SetupV7610Full.exe.Local failed (No such file or directory)

[2009/04/22 08:40:45, 3] smbd/trans2.c:call_trans2qfilepathinfo(2937)
 call_trans2qfilepathinfo: SMB_VFS_STAT of Software Filing 
System/WyongAuto/WS2HELP.dll failed (No such file or directory)

[2009/04/22 08:40:45, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(162)
 linux_set_kernel_oplock: Refused oplock on file Software Filing 
System/WyongAuto/SetupV7610Full.exe, fd = 28, dev = 901, inode = 20676916. 
(Resource temporarily unavailable)

[2009/04/22 08:40:57, 3] lib/sysquotas.c:sys_get_quota(448)
 sys_get_vfs_quota() failed for mntpath[/storage] bdev[/dev/md1] qtype[2] 
id[1001]: Invalid argument

[2009/04/22 08:40:57, 3] lib/sysquotas.c:sys_get_quota(448)
 sys_get_vfs_quota() failed for mntpath[/storage] bdev[/dev/md1] qtype[4] 
id[50]: Invalid argument

[2009/04/22 08:40:57, 5] smbd/trans2.c:call_trans2qfsinfo(2344)
[2009/04/22 08:40:55, 3] smbd/process.c:switch_message(915)
 switch message SMBtrans2 (pid 4623) conn 0x83f73d0
[2009/04/22 08:40:55, 4] smbd/uid.c:change_to_user(178)
 change_to_user: Skipping user change - already user
[2009/04/22 08:40:55, 3] smbd/trans2.c:call_trans2qfilepathinfo(2912)
 call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2009/04/22 08:40:55, 5] smbd/filename.c:unix_convert(108)
 unix_convert called on file "AMWIN"
[2009/04/22 08:40:55, 3] smbd/msdfs.c:dfs_redirect(435)
 dfs_redirect: Not redirecting server/SFS/AMWIN.
[2009/04/22 08:40:55, 3] smbd/msdfs.c:dfs_redirect(439)
 dfs_redirect: Path converted to non-dfs path AMWIN
[2009/04/22 08:40:55, 5] smbd/filename.c:unix_convert(108)
 unix_convert called on file "AMWIN"
[2009/04/22 08:40:55, 3] smbd/trans2.c:call_trans2qfilepathinfo(2963)
 call_trans2qfilepathinfo AMWIN (fnum = -1) level=1004 call=5 total_data=0
[2009/04/22 08:40:55, 5] smbd/trans2.c:call_trans2qfilepathinfo(3193)
 SMB_QFBI - create: Wed Apr 22 08:09:40 2009
  access: Wed Apr 22 08:35:46 2009

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] File locking problem involving Samba, Clearcase, and Cygwin

2009-04-21 Thread Kathy 
I wanted to send a final post about this issue.  I apologise for not
responding until 2 months later.  For those interested, we ended up
just writing our logs to a Samba share that was outside of a Clearcase
share and we had no further issues with files being locked.  So
that says that Clearcase did indeed have something to do with the
issue in how it was playing with Samba, but having them write logs to
another location was a lot easier solution than trying to debug it
further.  Our engineering department has tight schedules, so we went
with the easy fix.  I am still using the version of Samba that Jeremy
suggested (3.2.8) but I suspect that it would have worked okay with
the original 3.0.28 if we were writing elsewhere than the Clearcase
view.

Thanks for all the help you gave me back in February about this
problem.  I do appreciate it.

Kathy

On Tue, Feb 10, 2009 at 7:56 PM, Jeremy Allison  wrote:
> On Tue, Feb 10, 2009 at 02:24:10PM -0800, Kathy wrote:
>> I wanted to post again with the results of using Samba 3.2.8.  Looks
>> like this did not solve our "locking" problem.  We are still getting
>> permission denied errors when we try to do a "mv" of a log file inside
>> a Clearcase view via a Samba share to a different location.  Again,
>> this is inside a Cygwin window on a WindowsXP virtual machine.  It is
>> referencing a Clearcase dynamic view via Samba on
>> //server/.   It does not matter if you try to move it to
>> another Clearcase view (i.e. //server/views/) or
>> if you try to move it to a Windows share or even to the local drive.
>> Below is a snippet of what the Samba log shows when these two files
>> can't be moved.  ProcessExplorer program on the Windows XP machine did
>> not show file handle holding on to either of these files.  Smbstatus
>> on the RHEL 5.2 Clearcase/Samba server reported NONE for oplocks,
>> WRONLY for R/W, and DENY_NONE on DenyMode.
>>
>> We are now running new tests where the scripts are writing the logs to
>> a Samba share, but not to a share that is also a Clearcase view.  And
>> if we still have issues we are going to then have the logs write to a
>> local drive, leaving Samba completely out of it for the part of
>> writing logs.  (They will still be inside the CC view via Samba when
>> firing off their scripts.)
>
> Ok, thanks for testing with the latest code. As Volker
> mentioned, what we need now if for you to test this
> against a Windows 2003 or 2008 server and see if this
> reproduces the problem. If not, a wireshark network
> trace of it working correctly against Windows 200[3|8]
> and it not working correctly against Samba 3.2.8 is
> needed.
>
> Thanks a lot,
>
> Jeremy.
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Unable to browse Samba share by hostname from certain clients...

2009-04-21 Thread Matt Anderson 
Dear Help,

I am having a very odd problem.  For some reason, I am able to browse to my
Samba share by IP address but not by host name from Windows 2008 servers in a
particular domain (the same domain the Samba server belongs to).  However, I am
able to browse by host name from XP clients as well as Windows 2008 servers in a
different domain.

Even stranger, if I add an alias (using the netbios aliases configuration
option) on that same samba server, I can browse by name using the alias.  I have
spent countless hours searching on Google, etc., but just can't seem to figure
out what's going on.

Here is the global config on the Samba server:
[global]
workgroup = DOMAIN
netbios name = HOST1
server string = HOST1
netbios aliases = HOST2
map to guest = Bad User
obey pam restrictions = Yes
password level = 5
username level = 5
log level = 2 
log file = /usr/local/samba/var/samba.log
logon path = 
logon home = 
preferred master = No
domain master = No
ldap ssl = no
idmap backend = tdb
idmap uid = 1-2
idmap gid = 1-2
template homedir = /homes/%U
print command = qprt -dp -r -#v -#j -P %p -T '%J' %f
veto files = /.?*/
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
msdfs root = Yes


I also took logs from browsing to the Samba server by hostname, and then by
alias name, and found a couple things.  When browsing by hostname, I end up
getting the error:
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
And then, during the set up before that, I noticed the following:
Got secblob of size 1469

However, when I was browsing by Alias name, the log reported the following:
Got secblob of size 40

So, I'm not entirely sure what's going on.  If anyone has any advice, tips, or
anything, I'd be glad to hear them!

Thanks!
Matt

Log from browsing by host name:
[2009/04/16 08:03:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
  Doing spnego session setup
[2009/04/16 08:03:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2009/04/16 08:03:01, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 2 840 48018 1 2 2
[2009/04/16 08:03:01, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 2 840 113554 1 2 2
[2009/04/16 08:03:01, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2009/04/16 08:03:01, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
  Got secblob of size 1469
[2009/04/16 08:03:01, 5] auth/auth.c:make_auth_context_subsystem(480)
  Making default auth method list for standalone security=user, encrypt
passwords = yes
[2009/04/16 08:03:01, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match guest
[2009/04/16 08:03:01, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method guest has a valid init
[2009/04/16 08:03:01, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match sam
[2009/04/16 08:03:01, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method sam has a valid init
[2009/04/16 08:03:01, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
  Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2009/04/16 08:03:01, 2] lib/util.c:dump_data(1995)
  [000] 60 82 05 B9 06 09 2A 86  48 86 F7 12 01 02 02 01  `.*. H...
  [010] 00 6E 82 05 A8 30 82 05  A4 A0 03 02 01 05 A1 03  .n...0.. 
  [020] 02 01 0E A2 07 03 05 00  20 00 00 00 A3 82 04 A2    ...
  [030] 61 82 04 9E 30 82 04 9A  A0 03 02 01 05 A1 0C 1B  a...0... 
  [040] 0A 50 48 53 59 45 53 2E  43 4F 4D A2 25 30 23 A0  .DOMAIN. COM.%0#.
  [050] 03 02 01 02 A1 1C 30 1A  1B 04 63 69 66 73 1B 12  ..0. ..cifs..
  [060] 70 68 73 2D 6F 6E 65 2E  70 68 73 79 65 73 2E 63  HOST1. DOMAIN.c
  [070] 6F 6D A3 82 04 5C 30 82  04 58 A0 03 02 01 17 A1  om...\0. .X..
  [080] 03 02 01 02 A2 82 04 4A  04 82 04 46 FF 4D 65 BB  ...J ...F.Me.
  [090] 4E 69 4C E5 72 CB 5C AE  62 67 75 BF B3 2E 3C 0E  NiL.r.\. bgu...<.
  [0A0] 3A 67 FE 27 01 BC 03 C7  08 AE D6 5C 71 23 57 12  :g.' ...\q#W.
  [0B0] 1D 32 4A 68 5D 3C 36 23  33 26 80 0F D7 31 44 3E  .2Jh]<6# 3&...1D>
  [0C0] 51 AA 8A 8B BA 7A CC 92  79 7A 34 F8 BD AF 6B 3B  Qz.. yz4...k;
  [0D0] FA F7 00 3C DD 76 97 74  9A 02 4A 85 E2 BF 81 E8  ...<.v.t ..J.
  [0E0] F4 75 15 9F FC 00 C6 4F  A9 E0 01 05 35 A9 0C CC  .u.O 5...
  [0F0] FD 55 C4 00 DD 6A 6E D4  77 BE C9 25 CA 6D 78 0B  .U...jn. w..%.mx.
  [100] 72 78 51 47 1E E9 A0 78  28 8A 40 5C EF EA 2A CC  rxQG...x (@\..*.
  [110] E2 FE 17 3A EE 6F 10 34  D7 86 E0 8B 9D 79 7E F9  ...:.o.4 .y~.
  [120] 87 94 E9 B5 51 CE 5A F9  89 61 75 A7 B2 5F D3 2E  Q.Z. .au.._..
  [130] 6E 66 8B 6D 9D 3F 7B A3  57 E0 BE 8B DE E7 3E 2E  nf.m.?{. W.>.
  [140] F3 08 41 90 9F D8 1F B7  5B

[Samba] Re: Simple Permission Issue

2009-04-21 Thread Richard Foltyn 
Joseph L. Casale wrote:

> I haven't really done a lot with file sharing in Samba and seem
> to be missing something here. I have a folder, /Share that has
> 
> [r...@host ~]# getfacl /Share /
> getfacl: Removing leading '/' from absolute path names
> # file: Share
> # owner: root
> # group: ad\040sec\040group
> user::rwx
> group::rwx
> other::---
> 
> It is also a mount point for a partition, so it has a lost+found that
> is set 700 root:root. The share perms are:
> 
> [Share]
> comment = ...
> path = /Share
> browseable = no
> writable = no
> guest ok = no
> printable = no
> write list = @"DOMAIN+Domain Admins",@"DOMAIN+ad sec group"
> 
> Why can users other than root manipulate the name of lost+found but
> obviously not execute it, and enter it? Same if root makes a test
> directory under /Share and sets it 700, users connected to the share
> cannot access it, but can modify its name and/or delete it?
> 
> Thanks!
> jlc

Because on Unix (unlike Windows) these operations are controlled by the
permissions of the *parent* directory.

Since users in the "ad sec group" have rwx permissions on /Share, they are
able to create / delete / rename files and directories inside /Share.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] blocking file locks

2009-04-21 Thread Larry Dickson 
Hello all,

As a Samba programming newbie, I've run onto a question that doesn't have an
obvious answer in FAQ or googled literature. I need to lock large numbers of
files on the server, and have Samba open requests block until they are
released. I found references to "blocking locks" in references such as
"Using Samba" (O'Reilly, 1999, 2003)

http://oreilly.com/catalog/samba/chapter/book/ch05_05.html

but these refer to range locks, which are overkill for my application (I
only need to check on open, not on every IO).

Deny modes would seem to fill the bill, but I can't find whether blocking
locks would work for them, and also they do not seem to be Linux-compatible
on the server, and I suspect I may need that for efficiency's sake (a lot of
files are being locked/unlocked). I downloaded samba-latest.tar.gz and
noticed that source/smbd/blocking.c seems to respond to these by setting
LOCK_MAND versions of flock states, which are available only for "sys_flock"
and rumored not to affect normal Linux programming.

Can file locks block a Samba open request? Can they be set by, or made to
affect, Linux programming on the server (I don't care about NFS file opens,
only local opens on the server)? Does this drive special Samba kernel code,
or does smbd just operate in user space?

TIA,

Larry Dickson
Cutting Edge Networked Storage
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Simple Permission Issue

2009-04-21 Thread Joseph L. Casale 
I haven't really done a lot with file sharing in Samba and seem
to be missing something here. I have a folder, /Share that has

[r...@host ~]# getfacl /Share /
getfacl: Removing leading '/' from absolute path names
# file: Share
# owner: root
# group: ad\040sec\040group
user::rwx
group::rwx
other::---

It is also a mount point for a partition, so it has a lost+found that
is set 700 root:root. The share perms are:

[Share]
comment = ...
path = /Share
browseable = no
writable = no
guest ok = no
printable = no
write list = @"DOMAIN+Domain Admins",@"DOMAIN+ad sec group"

Why can users other than root manipulate the name of lost+found but obviously
not execute it, and enter it? Same if root makes a test directory under /Share
and sets it 700, users connected to the share cannot access it, but can modify
its name and/or delete it?

Thanks!
jlc
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Getting mad with group permissions

2009-04-21 Thread Giorgio Volpe 

sa...@terpstra-world.org ha scritto:

Giorgio Volpe wrote:
  

I have a file server with two shares accessible to 2 different groups. After 
the last update ( from debian 2:3.2.5-4 to  2:3.3.2-1 ) i cannot any more 
access ONLY ONE of the two shares and I can't understand the
reason!


net groupmap add unixgroup='group_name' ntgroup='windows_group_name' type=d

  

done

Also, anywhere that 'valid groups' is specified, follow the convention of
fully specifying the context of group security object like this:

valid users = @"DOMAIN_NAME\group_name"
  
done, but nothing changes! In no way I can understand why one share il 
ok and the other not!



from smb.conf:

[documenti_movi]
   path = /home/documenti_movi
   valid users = @staffmovi
   read only = No
   create mask = 0770
   directory mask = 0770
   case sensitive = No

[documenti_csv]
   path = /home/csv/documenti
   valid users = @csv
   read only = No
   create mask = 0770
   directory mask = 0770
   case sensitive = No

From /etc/group


staffmovi:x:113:giorgio,boris,alberto,annamaria,simona.celotti,martina,franco,giovanna

   csv:x:1005:giorgio,franco,simona.celotti


Executing 'id giorgio':

   uid=1000(giorgio) gid=1000(giorgio)

gruppi=24(cdrom),25(floppy),29(audio),44(video),46(plugdev),113(staffmovi),1005(csv),1000(giorgio)



From samba log: trying access to 'documenti_movi' copared with access to


'documenti_csv' as user giorgio (from an xp client)
  

[2009/04/20 11:06:59,  3] smbd/process.c:switch_message(1378)
 switch message SMBtconX (pid 27040) conn 0x0
[2009/04/20 11:06:59,  3] smbd/sec_ctx.c:set_sec_ctx(324)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/04/20 11:06:59,  5] auth/token_util.c:debug_nt_user_token(522)
 NT user token: (NULL)
[2009/04/20 11:06:59,  5] auth/token_util.c:debug_unix_user_token(548)
 UNIX token of user 0
 Primary group is 0 and contains 0 supplementary groups
[2009/04/20 11:06:59,  5] smbd/uid.c:change_to_root_user(318)
 change_to_root_user: now uid=(0,0) gid=(0,0)
[2009/04/20 11:06:59,  4] smbd/reply.c:reply_tcon_and_X(715)
 Client requested device type [?] for share [DOCUMENTI_MOVI]
[2009/04/20 11:06:59,  5] smbd/service.c:make_connection(1298)
 making a connection to 'normal' service documenti_movi
[2009/04/20 11:06:59,  3] lib/util_sid.c:string_to_sid(228)
 string_to_sid: Sid @staffmovi does not start with 'S-'.
[2009/04/20 11:06:59,  5] smbd/password.c:user_in_netgroup(425)
 Unable to get default yp domain, let's try without specifying it
[2009/04/20 11:06:59,  5] smbd/password.c:user_in_netgroup(429)
 looking for user giorgio of domain (ANY) in netgroup staffmovi
[2009/04/20 11:06:59,  5] smbd/password.c:user_in_netgroup(445)
 looking for user giorgio of domain (ANY) in netgroup staffmovi
[2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(69)
 lookup_name: MOVI\staffmovi => MOVI (domain), staffmovi (name)
[2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(70)
 lookup_name: flags = 0x077
[2009/04/20 11:06:59,  3] smbd/sec_ctx.c:push_sec_ctx(224)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/04/20 11:06:59,  3] smbd/uid.c:push_conn_ctx(388)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/04/20 11:06:59,  3] smbd/sec_ctx.c:set_sec_ctx(324)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/04/20 11:06:59,  5] auth/token_util.c:debug_nt_user_token(522)
 NT user token: (NULL)
[2009/04/20 11:06:59,  5] auth/token_util.c:debug_unix_user_token(548)
 UNIX token of user 0
 Primary group is 0 and contains 0 supplementary groups
[2009/04/20 11:06:59,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(69)
 lookup_name: Unix Group\staffmovi => Unix Group (domain), staffmovi


(name)
  

[2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(70)
 lookup_name: flags = 0x077
[2009/04/20 11:06:59, 10] smbd/share_access.c:user_ok_token(212)
 User giorgio not in 'valid users'
[2009/04/20 11:06:59,  2]


smbd/service.c:create_connection_server_info(659)
  

 user 'giorgio' (from session setup) not permitted to access this share
(documenti_movi)

[2009/04/20 11:13:15,  3] smbd/process.c:switch_message(1378)
 switch message SMBtconX (pid 27200) conn 0x0
[2009/04/20 11:13:15,  3] smbd/sec_ctx.c:set_sec_ctx(324)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/04/20 11:13:15,  5] auth/token_util.c:debug_nt_user_token(522)
 NT user token: (NULL)
[2009/04/20 11:13:15,  5] auth/token_util.c:debug_unix_user_token(548)
 UNIX token of user 0
 Primary group is 0 and contains 0 supplementary groups
[2009/04/20 11:13:15,  5] smbd/uid.c:change_to_root_user(318)
 change_to_root_user: now uid=(0,0) gid=(0,0)
[2009/04/20 11:13:15,  4] smbd/reply.c:reply_tcon_and_X(715)
 Client requested device type [?] for share [DOCUMENTI_CSV]
[2009/04/20 11:13:15,  5] smbd/service.c:make_connection(1298)
 making a connection to 'normal' service docu

Re: [Samba] Writing operations to a Samba share fail

2009-04-21 Thread Walter Mautner 
Am Tuesday 21 April 2009 13:30:28 schrieb Elias Knuutila:
>   Hi,
>
> I have a problem with Samba occasionally starting to fail with any write
> operations to a public share. When Samba is started clean, everything
> works OK. Then at some stage some users start to experience errors
> trying to write into a share. At the same time other users may not
> perceive any problems.
>
.
> System is Suse Linux Enterprise Server 10 with Samba version
> 3.0.22-13.23-SUSE-SLES10. Filesystem Reiserfs, with about plenty of free
> space, RAID. Simultaneous connected clients up to ~15. Samba is also a
> primary domain controller. Users log on it to authenticate into the
> domain, with local (not roaming) profiles. No problems have appeared
> with this.
>
> Samba log and strace shows errors that are not very helpful to me.
> Following error messages are found in log.smbd:
>
> error packet at smbd/notify.c(55) cmd=160 (SMBnttrans) NT_STATUS_CANCELLED
> error packet at smbd/trans2.c(2629) cmd=50 (SMBtrans2)
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> error packet at smbd/nttrans.c(652) cmd=162 (SMBntcreateX)
> NT_STATUS_OBJECT_PATH_NOT_FOUND
> error packet at smbd/nttrans.c(95) cmd=160 (SMBnttrans)
> NT_STATUS_NOT_A_REPARSE_POINT

Looks like a forced reiserfschk is overdue.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] A question about BDC's

2009-04-21 Thread Adam Williams 
sure you can if you are using an LDAP directory.  just how crappy is 
your connection?  because the BDC would need to either query the PDC's 
ldap directory directly, or be a slave (or master/master) and get 
account changes propagated to it.  Then, you'd still need to get access 
to the files somehow such as using distributed filesystem (which would 
still get the files from your server and go over your low latency 
connection in real time) or mirror the files to your BDC using unison.  
Is there not money in your budget to upgrade your crappy connection?  
Are there things you can do to make your connection not as crappy such 
as installing a squid http proxy server?  is your connection crappy 
because it is at 100% utilization or crappy because it goes up and down?


Germán Bobr wrote:

Hi, i have a samba server as PDC in my office.
Now, some co-workers wants to access their files from outside.
Making a VPN does not work because my office has a crappy connection.

Is it possible to install a BDC in a datacenter for the remote people?

  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] A question about BDC's

2009-04-21 Thread Germán Bobr 
Hi, i have a samba server as PDC in my office.
Now, some co-workers wants to access their files from outside.
Making a VPN does not work because my office has a crappy connection.

Is it possible to install a BDC in a datacenter for the remote people?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Writing operations to a Samba share fail

2009-04-21 Thread Elias Knuutila 


 Hi,

I have a problem with Samba occasionally starting to fail with any write
operations to a public share. When Samba is started clean, everything
works OK. Then at some stage some users start to experience errors
trying to write into a share. At the same time other users may not
perceive any problems.

smb.conf or any other configurations of the server hasn't been changed
for a long time, but the problems just began to appear. According the
smb.conf most users have read-write access to the shares they can gain
access to.  In a faulty condition resource manager of Windows XP clients
hang from several seconds to about a minute or so, trying to do an
operation. Then various error messages from "File does not exist" to
"Permission denied" or something about lost connections follows.
Nevertheless, user can manage to create a dummy file or copy of file to
a share, but those are not created completely. Size of created copy of
document, for example, matches roughly original, but copy is somehow
incomplete and can't be opened. Or sometimes a file can be deleted.

System is Suse Linux Enterprise Server 10 with Samba version
3.0.22-13.23-SUSE-SLES10. Filesystem Reiserfs, with about plenty of free
space, RAID. Simultaneous connected clients up to ~15. Samba is also a
primary domain controller. Users log on it to authenticate into the
domain, with local (not roaming) profiles. No problems have appeared
with this.

Samba log and strace shows errors that are not very helpful to me.
Following error messages are found in log.smbd:

error packet at smbd/notify.c(55) cmd=160 (SMBnttrans) NT_STATUS_CANCELLED
error packet at smbd/trans2.c(2629) cmd=50 (SMBtrans2)
NT_STATUS_OBJECT_NAME_NOT_FOUND
error packet at smbd/nttrans.c(652) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_PATH_NOT_FOUND
error packet at smbd/nttrans.c(95) cmd=160 (SMBnttrans)
NT_STATUS_NOT_A_REPARSE_POINT
error packet at smbd/nttrans.c(652) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_PATH_NOT_FOUND
error packet at smbd/nttrans.c(764) cmd=162 (SMBntcreateX)
NT_STATUS_FILE_IS_A_DIRECTORY


 Any help is appreciated.

 -Elias-


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] error 1310 when installing to a Samba share

2009-04-21 Thread Gary Dale 

Michael Heydon wrote:


Gary Dale wrote:
I'm trying to install some income tax software to a Samba (Debian 
3.2.5 i386) share and I'm getting the above error.

Does it work correctly installing over the network to a windows host?

*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 


I don't have a Windows server to try it on. However, the package is
popular (mass market home income tax) and I doubt that I'm the only
person trying to install it to a network share. The problem is actually
with an update that it downloads from the web. It's needed for
electronic filing. The update is a month old so if there was a general
problem, it would hopefully be fixed by now.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] error 1310 when installing to a Samba share

2009-04-21 Thread Michael Heydon 


Gary Dale wrote:
I'm trying to install some income tax software to a Samba (Debian 
3.2.5 i386) share and I'm getting the above error.

Does it work correctly installing over the network to a windows host?

*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba