[Samba] Is it OK to turn off client signing in SAMBA?

[Bill Robertson]

Hi,

Background:
Our new network scanner (Avision V2500) won't play nicely with client signing.

Question:
Can you think of any major issues if we turn off client signing on our
SAMBA fileserver (ver 3.0.23c).

Notes:
* We just use SAMBA as a basic fileserver
* Probably of no relevance, but use Fedora Directory Server for the
LDAP backend

--
Regards  Bill

The squeaky wheel gets the grease, but the whining wheel gets replaced.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] User friendly URLs to shares

[David Meakins]

probably need to use at least the following

WScript.Network object to unmap existing network drives and to map new 
network drive. specifically the RemoveNetworkDrive and MapNetworkDrive 
methods.

http://msdn.microsoft.com/en-us/library/d16d7wbf(VS.85).aspx
http://msdn.microsoft.com/en-us/library/8kst88h6(VS.85).aspx

Shell.Application object to rename your new network drive to something sane.
http://msdn.microsoft.com/en-us/library/bb774094(VS.85).aspx

david

Jorgen Lundman wrote:


That'd be perfectly acceptable, since user's navi already run on php 
cluster. What magic is needed in the .vbs file?


Lund

David Meakins wrote:
alternatively create a php/asp/perl/something script on an internal 
web server that generates a vbs file based on a http get var, email a 
custom link to each user


eg email the following link to user 'john.smith'
Dear john.smith, please click on the link below and save the 
resulting file to your desktop

http://internal.example.com/generate_script?username=john.smith

and they get a file called "Connect to Share.vbs" that they can 
double click on


david

Michael Heydon wrote:

Jorgen Lundman wrote:

possibly "save this to desktop and double click".

vbscript, although a lot of mail servers will block it.


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 




--
| Judicial Commission of NSW | Ph: +61 2 9299 4421 | Fax: +61 2 9290 
3194 |


This Message is intended for the addressee named and may contain 
confidential information. If you are not the intended recipient, 
please delete it and notify the sender.


Views expressed in this message are those of the individual sender 
and not necessarily the views of the Judicial Commission of NSW.







--
| Judicial Commission of NSW | Ph: +61 2 9299 4421 | Fax: +61 2 9290 3194 |

This Message is intended for the addressee named and may contain confidential 
information. If you are not the intended recipient, please delete it and notify 
the sender.

Views expressed in this message are those of the individual sender and not 
necessarily the views of the Judicial Commission of NSW.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] User friendly URLs to shares

[Jorgen Lundman]

That'd be perfectly acceptable, since user's navi already run on php 
cluster. What magic is needed in the .vbs file?


Lund

David Meakins wrote:
alternatively create a php/asp/perl/something script on an internal web 
server that generates a vbs file based on a http get var, email a custom 
link to each user


eg email the following link to user 'john.smith'
Dear john.smith, please click on the link below and save the resulting 
file to your desktop

http://internal.example.com/generate_script?username=john.smith

and they get a file called "Connect to Share.vbs" that they can double 
click on


david

Michael Heydon wrote:

Jorgen Lundman wrote:

possibly "save this to desktop and double click".

vbscript, although a lot of mail servers will block it.


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 




--
| Judicial Commission of NSW | Ph: +61 2 9299 4421 | Fax: +61 2 9290 3194 |

This Message is intended for the addressee named and may contain 
confidential information. If you are not the intended recipient, please 
delete it and notify the sender.


Views expressed in this message are those of the individual sender and 
not necessarily the views of the Judicial Commission of NSW.




--
Jorgen Lundman   | 
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo| +81 (0)90-5578-8500  (cell)
Japan| +81 (0)3 -3375-1767  (home)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] User friendly URLs to shares

[David Meakins]

alternatively create a php/asp/perl/something script on an internal web 
server that generates a vbs file based on a http get var, email a custom 
link to each user


eg email the following link to user 'john.smith'
Dear john.smith, please click on the link below and save the resulting 
file to your desktop

http://internal.example.com/generate_script?username=john.smith

and they get a file called "Connect to Share.vbs" that they can double 
click on


david

Michael Heydon wrote:

Jorgen Lundman wrote:

possibly "save this to desktop and double click".

vbscript, although a lot of mail servers will block it.


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 




--
| Judicial Commission of NSW | Ph: +61 2 9299 4421 | Fax: +61 2 9290 3194 |

This Message is intended for the addressee named and may contain confidential 
information. If you are not the intended recipient, please delete it and notify 
the sender.

Views expressed in this message are those of the individual sender and not 
necessarily the views of the Judicial Commission of NSW.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] User friendly URLs to shares

[Michael Heydon]

Jorgen Lundman wrote:

possibly "save this to desktop and double click".

vbscript, although a lot of mail servers will block it.


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded

[Thierry Lacoste]

On 1 mai 09, at 01:45, John Du wrote:


David Markey wrote:

John Du wrote:


David Markey wrote:


I would imagine that you'll need to re-jig your ACLs in slapd.conf,

Please supply logs.



Thank you very much.

I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows
and UNIX password.  If the problem is ACL related, wouldn't I have  
the

same problem with this tool?

When samba changes passwords, does the process run as root or as the
user making the passwords change?



If you're using smbldap-passwd and unix password sync, it's done as
root. ldap passwd sync is done as the LDAP dn that you've  
configured in

smb.conf. It's much preferable to use ldap passwd sync.


I did not make myself clear. When I say I can use  smbldap-passwd to  
change password, I mean I can run the tool from the command line as  
root.  If I use smbldap-passwd  and unix passwd sync in smb.conf, I  
get a "you do not have permission to change password" message when  
attempting to change password.


So at this time I am still using ldap passwd sync in smb.conf and  
that is when it only changes the Windows password.


Does the userPassword attribute require different ACL than  
sambaNTPassword?  Also the dn I put in smb.conf is the root DN of  
the LDAP database.
That's weird. The root DN has complete access to the DB (ACLs do not  
apply to it).
However, maybe you can definitely rule out an ACL problem by puting  
'access to * by * write' as your first
backend specific ACL and test. If you have the same problem with this  
setting then it is not ACL related.


Regards,
Thierry



Thanks!




Thanks again.


John Du wrote:


John Du wrote:


Hi,

I have been running Samba with OpenLDAP for a few years.  We  
recently

upgrade the OpenLDAP server from 2.2.13 to 2.4.11.

When users change their passwords now, only the Windows  
password is
changed the UNIX password is not changed anymore.  Samba server  
does
not log any errors   The samba configuration file did not  
change when

the LDAP server was upgraded.

I do have "ldap passwd sync =Yes" in smb.conf and it used to work
fine.

Has anyone seen this?

If I use

unix password sync = Yes
passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n  
"*Retype

new password*" %n\n"

instead of "ldappasswd sync", what access control do I have to  
add to

the slapd.conf file?

Thank you very much for your help!

John




I forgot to mention that the Samba version is 3.0.28 on EHEL4  
kernel

2.6.9-42.0.2.









--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] User friendly URLs to shares

[Jorgen Lundman]

Yes, we did manage to get that working with "net use" but how would you 
package it to users, so preferably it is something they just click on, 
either from a www-page, email message or possibly "save this to desktop 
and double click". When using "net use" it wouldn't exactly popup a 
requestor and ask for your password. (Unless you mean that horrible DOS 
box).


Is there no way to make it as nice as OsX and Linux? You just click the 
smb:// link and it asks for password in a popup?


Lund



Gerald Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jorgen,


\\host\share and file://host/share don't seem to work, and has nowhere
for the username part to be included.


You can encode the username as an arg in the
"net use * \\host\share /user:DOMAIN\username"



cheers, jerry
- --
=
http://git.plainjoe.org/ CODE
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkn26yQACgkQIR7qMdg1EfYmvwCgyTf1PVeE82+6Jiwmi3dAB2Zc
nCMAoMZFBjTDo1RbbsHtGYOlFle3BIJ9
=zSC7
-END PGP SIGNATURE-



--
Jorgen Lundman   | 
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo| +81 (0)90-5578-8500  (cell)
Japan| +81 (0)3 -3375-1767  (home)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded

[John Du]

David Markey wrote:

John Du wrote:
  

David Markey wrote:


I would imagine that you'll need to re-jig your ACLs in slapd.conf,

Please supply logs.

  
  

Thank you very much.

I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows
and UNIX password.  If the problem is ACL related, wouldn't I have the
same problem with this tool?

When samba changes passwords, does the process run as root or as the
user making the passwords change?



If you're using smbldap-passwd and unix password sync, it's done as
root. ldap passwd sync is done as the LDAP dn that you've configured in
smb.conf. It's much preferable to use ldap passwd sync.

  
I did not make myself clear. When I say I can use  smbldap-passwd to 
change password, I mean I can run the tool from the command line as 
root.  If I use smbldap-passwd  and unix passwd sync in smb.conf, I get 
a "you do not have permission to change password" message when 
attempting to change password.


So at this time I am still using ldap passwd sync in smb.conf and that 
is when it only changes the Windows password.


Does the userPassword attribute require different ACL than 
sambaNTPassword?  Also the dn I put in smb.conf is the root DN of the 
LDAP database.


Thanks!

 
  

Thanks again.


John Du wrote:
 
  

John Du wrote:
   


Hi,

I have been running Samba with OpenLDAP for a few years.  We recently
upgrade the OpenLDAP server from 2.2.13 to 2.4.11.

When users change their passwords now, only the Windows password is
changed the UNIX password is not changed anymore.  Samba server does
not log any errors   The samba configuration file did not change when
the LDAP server was upgraded.

I do have "ldap passwd sync =Yes" in smb.conf and it used to work
fine.

Has anyone seen this?

If I use

unix password sync = Yes
passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
new password*" %n\n"

instead of "ldappasswd sync", what access control do I have to add to
the slapd.conf file?

Thank you very much for your help!

John



  
  

I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel
2.6.9-42.0.2.


  
  



  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded

[David Markey]

John Du wrote:
> David Markey wrote:
>> I would imagine that you'll need to re-jig your ACLs in slapd.conf,
>>
>> Please supply logs.
>>
>>   
> Thank you very much.
>
> I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows
> and UNIX password.  If the problem is ACL related, wouldn't I have the
> same problem with this tool?
>
> When samba changes passwords, does the process run as root or as the
> user making the passwords change?

If you're using smbldap-passwd and unix password sync, it's done as
root. ldap passwd sync is done as the LDAP dn that you've configured in
smb.conf. It's much preferable to use ldap passwd sync.

 
>
> Thanks again.
>>
>> John Du wrote:
>>  
>>> John Du wrote:
>>>
 Hi,

 I have been running Samba with OpenLDAP for a few years.  We recently
 upgrade the OpenLDAP server from 2.2.13 to 2.4.11.

 When users change their passwords now, only the Windows password is
 changed the UNIX password is not changed anymore.  Samba server does
 not log any errors   The samba configuration file did not change when
 the LDAP server was upgraded.

 I do have "ldap passwd sync =Yes" in smb.conf and it used to work
 fine.

 Has anyone seen this?

 If I use

 unix password sync = Yes
 passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
 passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
 new password*" %n\n"

 instead of "ldappasswd sync", what access control do I have to add to
 the slapd.conf file?

 Thank you very much for your help!

 John



   
>>> I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel
>>> 2.6.9-42.0.2.
>>> 
>>
>>
>>   
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded

[John Du]

David Markey wrote:

I would imagine that you'll need to re-jig your ACLs in slapd.conf,

Please supply logs.

  

Thank you very much.

I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows and 
UNIX password.  If the problem is ACL related, wouldn't I have the same 
problem with this tool?


When samba changes passwords, does the process run as root or as the 
user making the passwords change?


Thanks again.


John Du wrote:
  

John Du wrote:


Hi,

I have been running Samba with OpenLDAP for a few years.  We recently
upgrade the OpenLDAP server from 2.2.13 to 2.4.11.

When users change their passwords now, only the Windows password is
changed the UNIX password is not changed anymore.  Samba server does
not log any errors   The samba configuration file did not change when
the LDAP server was upgraded.

I do have "ldap passwd sync =Yes" in smb.conf and it used to work fine.

Has anyone seen this?

If I use

unix password sync = Yes
passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
new password*" %n\n"

instead of "ldappasswd sync", what access control do I have to add to
the slapd.conf file?

Thank you very much for your help!

John



  

I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel
2.6.9-42.0.2.




  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded

[David Markey]

I would imagine that you'll need to re-jig your ACLs in slapd.conf,

Please supply logs.



John Du wrote:
> John Du wrote:
>> Hi,
>>
>> I have been running Samba with OpenLDAP for a few years.  We recently
>> upgrade the OpenLDAP server from 2.2.13 to 2.4.11.
>>
>> When users change their passwords now, only the Windows password is
>> changed the UNIX password is not changed anymore.  Samba server does
>> not log any errors   The samba configuration file did not change when
>> the LDAP server was upgraded.
>>
>> I do have "ldap passwd sync =Yes" in smb.conf and it used to work fine.
>>
>> Has anyone seen this?
>>
>> If I use
>>
>> unix password sync = Yes
>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
>> passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
>> new password*" %n\n"
>>
>> instead of "ldappasswd sync", what access control do I have to add to
>> the slapd.conf file?
>>
>> Thank you very much for your help!
>>
>> John
>>
>>
>>
>
> I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel
> 2.6.9-42.0.2.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded

[John Du]

John Du wrote:

Hi,

I have been running Samba with OpenLDAP for a few years.  We recently 
upgrade the OpenLDAP server from 2.2.13 to 2.4.11.


When users change their passwords now, only the Windows password is 
changed the UNIX password is not changed anymore.  Samba server does 
not log any errors   The samba configuration file did not change when 
the LDAP server was upgraded.


I do have "ldap passwd sync =Yes" in smb.conf and it used to work fine.

Has anyone seen this?

If I use

unix password sync = Yes
passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype 
new password*" %n\n"


instead of "ldappasswd sync", what access control do I have to add to 
the slapd.conf file?


Thank you very much for your help!

John





I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel 
2.6.9-42.0.2.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba does not change UNIX password after OpenLDAP server upgraded

[John Du]

Hi,

I have been running Samba with OpenLDAP for a few years.  We recently 
upgrade the OpenLDAP server from 2.2.13 to 2.4.11.


When users change their passwords now, only the Windows password is 
changed the UNIX password is not changed anymore.  Samba server does not 
log any errors   The samba configuration file did not change when the 
LDAP server was upgraded.


I do have "ldap passwd sync =Yes" in smb.conf and it used to work fine.

Has anyone seen this?

If I use

unix password sync = Yes
passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new 
password*" %n\n"


instead of "ldappasswd sync", what access control do I have to add to 
the slapd.conf file?


Thank you very much for your help!

John


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] nmbd problem

[bucketbot]

Hi,

 I'm running Samba (3.0.32) on NetBSD (4.0.1) and everything seems to work fine 
except for nmbd. It keeps trying to contact 10.0.0.255 but I'm not sure why. It 
can't seem to resolve any names. However, the shares work and any operation 
works using an IP address.

 Can anyone point me in the right direction?

Thanks



  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] PDC: Linux Client can't join the domain.

[Adam Williams]

paris$ should not have a SID until it creates it upon joining the 
domain.  you should not have done smbpasswd -a -m paris, so if you did, 
do smbpasswd -x paris\$ and try rejoining.


Alessandro Baggi wrote:
Hi there. I've a problem with using samba as Primary Domain Controller 
with backend ldap. Version release (Samba 3.2.5, OpenLDAP 2.4.11) on 
Debian Lenny.
When I try to join the domain with a Windows XP Pro Client, all works 
fine...profiles updating, logon, ecc..but when I try to join the 
domain with a Linux Client (Slackware 12.1) I get different errors:



client:~# net rpc join -U root%password
Joined Domain DOMINIO.

and in samba log (log.___10.1.4.85):

[2009/04/30 13:45:42,  0] rpc_server/srv_netlog_nt.c:get_md4pw(306)
 get_md4pw: Workstation PARIS$: no account in domain
[2009/04/30 13:45:42,  0] 
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
 _netr_ServerAuthenticate2: failed to get machine password for account 
PARIS$: NT_STATUS_ACCESS_DENIED


and samba add an entry-Computer account for paris$:

# paris$, Computers, DOMINIO
dn: uid=paris$,ou=Computers,dc=DOMINIO
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: paris$
uid: paris$
uidNumber: 2008
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-1849485170-1217343015-651458238-1008
displayName: Computer
sambaAcctFlags: [W  ]

Then, I try to log out from the client and try login with a user in 
ldap (I've tried with a PosixAccount and SambaAccount), but it doesn't 
work.
If I try again to rejoin the domain, the client side give me: Joined 
Domain DOMINIO., but samba log (log.___10.1.4.85) give me:


[2009/04/30 13:48:07,  0] 
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520)
 _netr_ServerAuthenticate2: netlogon_creds_server_check failed. 
Rejecting auth request from client PARIS machine account PARIS$


and I can't log-in in client side. These problems only when try to 
join domain from simple Linux client.
I've also removed the entire ldap db, repopulate, but the problem 
persist.


This is a client configuration problem or Server PDC configuration 
problem? Samba? or OpenLDAP?



thanks in advance for help.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] vfs audit, ext_audit and full_audit

[Stéphane PURNELLE]

Hi samba team,

Because some people cut/paste some directory I need to activate auditing 
for delete, rename file and directory operation.
I want to know users and file or directory  which delete or rename 
opration has be made.

I activate full_audit but I don't have theses informations : 

mjb|xx.xxx.x.xxx|realpath|ok|/rsrv/vol2/data1/groupes.
What vfs objects can I use for that ?

thanks

Stéphane Purnelle


---
Stéphane PURNELLE Admin. Systèmes et Réseaux 
Service Informatique   Corman S.A.   Tel : 00 32 (0)87/342467
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba + LDAP + IIS = massive memory usage

[Martin Edwards]

Dear readers,

I'm not sure if this is a bug or a problem we are causing which is why I'm
posting to the list first in the hope that someone else might have come
across it.

We have been using Samba quite successfully for a number of years.  However,
with this new setup we have a problem.

We're using Samba as a backend for a web farm - 6 or 7 Windows servers
running IIS with all the website data under UNC paths and all the anonymous
web users and app pools running as domain users.

Samba itself uses an LDAP backend.

This setup works very nicely for our needs however we have an issue in that
each Samba process belonging to one of the web servers seems to consume RAM
indefinitely until it is killed.  When the servers are busy each thread can
use 1GB in 20 minutes.

Obviously this is extremely abnormal memory usage.

My only guess is that, when a page is requested on a website and not found,
Samba allocates the memory and does not free it?

We have tried Samba 3.0, 3.2 and 3.3 (various iterations) and have
experienced exactly the same problem.

Can anyone offer any insight.  I would be most grateful.

Martin.

[global]
csc policy = disable
deadtime = 25
dead time = 25
admin users = root
max mux = 500
max open files = 500
workgroup = PWMDERBY
netbios name = GAR
enable privileges = yes
smb ports = 139 445
server string = Samba Server %v
security = user
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = Yes
ldap timeout = 5
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 500
time server = Yes
socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8192
SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1

domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:"ldap://192.168.1.4";
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Linking bin/swat error

[nilabja haldar]

Hi,

I am installing samba 3.0.34 in AIX 5.2 machine. While running the command
"make" I am getting the below mentioned error. Can anyone please assist on
this. Error message is attached with the mail

Thanks and Regards
Nilabja Haldar
[edcdbs21:root:/home/in022663/samba-3.0.34/source:] make
Using FLAGS  =  -O -D_SAMBA_BUILD_=3 
-I/home/in022663/samba-3.0.34/source/popt 
-I/home/in022663/samba-3.0.34/source/iniparser/src -Iinclude -I./include  -I. 
-I. -I./lib/replace -I./lib/talloc -I./tdb/include -I./libaddns -I./librpc 
-DHAVE_CONFIG_H -I/home/in022663/samba-3.0.34/source/lib -D_SAMBA_BUILD_=3
  PICFLAG= -O2
  LIBS   =
  LDFLAGS=
  DYNEXP = -Wl,-brtl,-bexpfull,-bbigtoc
  LDSHFLAGS  = -Wl,-G,-bexpfull,-bbigtoc,-brtl
  SHLIBEXT   = so
  SONAMEFLAG = #
Linking bin/swat

ld: 0711-998 SEVERE ERROR: Unexpected exception 10 caught.
System call error number 804496696.

ld: 0711-993 Error occurred while writing to the output file: bin/swat

ld: 0706-010 The binder was killed by a signal: Bus error
Check for binder messages or use local problem reporting procedures.
collect2: ld returned 254 exit status
make: 1254-004 The error code from the last command is 1.


Stop.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] PDC: Linux Client can't join the domain.

[Alessandro Baggi]

Hi there. I've a problem with using samba as Primary Domain Controller 
with backend ldap. Version release (Samba 3.2.5, OpenLDAP 2.4.11) on 
Debian Lenny.
When I try to join the domain with a Windows XP Pro Client, all works 
fine...profiles updating, logon, ecc..but when I try to join the domain 
with a Linux Client (Slackware 12.1) I get different errors:



client:~# net rpc join -U root%password
Joined Domain DOMINIO.

and in samba log (log.___10.1.4.85):

[2009/04/30 13:45:42,  0] rpc_server/srv_netlog_nt.c:get_md4pw(306)
 get_md4pw: Workstation PARIS$: no account in domain
[2009/04/30 13:45:42,  0] 
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
 _netr_ServerAuthenticate2: failed to get machine password for account 
PARIS$: NT_STATUS_ACCESS_DENIED


and samba add an entry-Computer account for paris$:

# paris$, Computers, DOMINIO
dn: uid=paris$,ou=Computers,dc=DOMINIO
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: paris$
uid: paris$
uidNumber: 2008
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-1849485170-1217343015-651458238-1008
displayName: Computer
sambaAcctFlags: [W  ]

Then, I try to log out from the client and try login with a user in ldap 
(I've tried with a PosixAccount and SambaAccount), but it doesn't work.
If I try again to rejoin the domain, the client side give me: Joined 
Domain DOMINIO., but samba log (log.___10.1.4.85) give me:


[2009/04/30 13:48:07,  0] 
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520)
 _netr_ServerAuthenticate2: netlogon_creds_server_check failed. 
Rejecting auth request from client PARIS machine account PARIS$


and I can't log-in in client side. These problems only when try to join 
domain from simple Linux client.

I've also removed the entire ldap db, repopulate, but the problem persist.

This is a client configuration problem or Server PDC configuration 
problem? Samba? or OpenLDAP?



thanks in advance for help.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [Announce] Samba 3.4.0pre1 Available for Download

[Karolin Seeger]

Release Announcements
=

This is the first preview release of Samba 3.4.  This is *not*
intended for production environments and is designed for testing
purposes only.  Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.


Major enhancements in Samba 3.4.0 include:
--

General changes:
o Samba4 and Samba3 sources are included in the tarball

Authentication Changes:
o Changed the way smbd handles untrusted domain names given during user
  authentication.

Printing Changes:
o Various fixes including printer change notificiation for Samba spoolss
  print servers.

Internal changes:
o The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog
  and spoolss) were replaced by autogenerated code based on PIDL.
o Samba3 and Samba4 do now share a common tevent library.
o The code has been cleaned up and the major basic interfaces are shared with
  Samba4 now.
o An asynchronous API has been added.


General Changes
===

On the way towards a standalone Samba AD domain controller, Samba3 and Samba4
branches can be built as "merged" build. That's why Samba3 and Samba4 sources
are included in the tarball. The merged build is possible in Samba 3.4.0, but
disabled by default. To learn more about the merged build,
please see http://wiki.samba.org/index.php/Franky.

According to this one, there is no "source" directory included in the tarball at
all. Samba3 sources are located in "source3", Samba4 sources are located in
"source4". The libraries have been moved to the toplevel directory.

To build plain Samba3, please change to "source3" and start the build as usual.
To build Samba4 as well, please use the "--enable-merged-build" configure
option.


Authentication Changes
==

Previously, when Samba was a domain member and a client was connecting using an
untrusted domain name, such as BOGUS\user smbd would remap the untrusted
domain to the primary domain smbd was a member of and attempt authentication
using that DOMAIN\user name.  This differed from how a Windows member server
would behave.  Now, smbd will replace the BOGUS name with it's SAM name.  In
the case where smbd is acting as a PDC this will be DOMAIN\user.  In the case
where smbd is acting as a domain member server this will be WORKSTATION\user.
Thus, smbd will never assume that an incoming user name which is not qualified
with the same primary domain, is part of smbd's primary domain.

While this behavior matches Windows, it may break some workflows which depended
on smbd to always pass through bogus names to the DC for verification.  A new
parameter "map untrusted to domain" can be enabled to revert to the legacy
behavior.


Printing Changes


The spoolss subsystem was replaced by autogenerated code based on PIDL. That 
fixes
several printing issues including printer change notificiation on Samba print
servers and will stabilize the printing functionality generally.
The support for spoolss printing with Windows Vista has been improved.


Internal Changes


The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and
spoolss) were replaced by autogenerated code based on PIDL.
So Günther Deschner finally corrected one of the biggest mistakes in the
development of Samba: Hand-marshalled RPC stubs.

Thanks a lot! :-)

Samba3 and Samba4 do now share a common tevent library for fd and timer events.

The code has been cleaned up and Samba3 and Samba4 do share the major basic
interfaces now. That is why the libraries were moved to the toplevel directory.
That is one of the first steps to share code and minimize the gap between
these two versions.

An asynchronous API has been added.


##
Changes
###

smb.conf changes


   Parameter Name  Description Default
   --  --- ---

   access based share enum New No
   dedicated keytab file   New ""
   kerberos method New default
   map untrusted to domain New No
   max open files  Changed Default auto detected
   perfcount moduleNew ""
   use kerberos keytab Removed


New [sub]commands
-

   net eventlog Import/dump/export native win32 eventlog files.
   net rpc service create   Create a new service.
   net rpc service delete   Delete an existing service.


New configure options
-

--enable-external-libtalloc Enable external talloc
--enable-merged-build   Build Samba 4 as well
--enable-gnutls Turn on gnutls support
--with-statedir=DIR Where to put persistent state files
--with-cachedir=DIR Where to put 

[Samba] PDC With samba und OpenLDAP...strange behavior

[Daniel Spannbauer]

Hello,

I`ve installed on a Box with SuSE 10.2 a PDC with OpenLDAP as Backend for
testing.
I put a Xp-Machine in that domain, logged me in. Everything looks fine.
After the logout from Windows there is a dir .ntprofile in my home.
Everythings seems to work as expected.
Now, I put a file under Unix in "My Pictures" in my .ntprofile. In Windows,
I can see the file. If I delete it, the file seems to be in the Trash, on
Linux it is still existing. After Logout from Windows the file is still
there, also when I log in to XP. 

It seems that files, which are created under Unix, can`t be deleted und
windows. If I create a file under Windows, I can delete it under Windows and
Unix.

The rights on the file are in both cases the same (according to ls -l and
the Windows-File-manager).

Any hints about that?

Samba: 3.0.23d
OpenLDAP: 2.3.27

Regards

Daniel
 
 

__ Hinweis von ESET NOD32 Antivirus, Signaturdatenbank-Version 4044
(20090430) __

E-Mail wurde gepruft mit ESET NOD32 Antivirus.

http://www.eset.com
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] re: net join: Failed to parse NTLMSSP packet

[杭军]

 
I captured the pkts. It show STATUS_MORE_PROCESSING_REQUIRED error.
Please see the attached doc.


--- 2009-04-29 11:26:20，  ：

发件人: "杭军 " 
主题: net join: Failed to parse NTLMSSP packet
收件人: samba@lists.samba.org
日期: 2009-04-29 11:26:20







Hi,
 
I am using samba+freeRADIUS talk to AD server on win2003 server. Everything is 
OK when I use samba-3.0.8.  
 
Now I want to updated to samba-3.3.3.  But failed at join to domain controler. 
(net ads join -U user%pwd).
 
debug:
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
SPNEGO login failed: Invalid parameter
failed session setup with NT_STATUS_INVALID_PARAMETER
Failed to join domain: failed to lookup DC info for domain 'xxx.COM' over rpc: 
Invalid parameter
 
My smb.conf:
AH-02fa83:~$ cat /usr/local/lib/smb.conf 
[global]
    workgroup = xxx
    netbios name = AH-02fa83
    server string = Samba Server
    log file = /var/log/samba/%m.log
    max log size = 500
    security = ads
    password server = 10.155.20.81
    #Enable support for only NTLMv2 on the server
    encrypt passwords = yes
    lanman auth = no
    ntlm auth = no
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    dns proxy = no
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    template shell = /bin/bash
    winbind use default domain = no
    realm = xxx.COM
 
 Thanks. 
John


好玩贺卡等你发，邮箱贺卡全新上线！


  ___ 
  好玩贺卡等你发，邮箱贺卡全新上线！ 
http://card.mail.cn.yahoo.com/-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba