[Samba] Samba printer and Vista

[Olivier Nicole]

Hi,

I have set-up a couple of printers and uploaded the driver on Samba
server.

Now Windows XP clients can add the printers and the driver is
automatically installed.

I have a problem with Vista clients, when trying to automatically
install the driver it gets and error: "Windows cannot connect to the
printer. Operation could not be completed (error 0x0003e3)"

I suspect the reason could be that my samba server advertize the
driver to be for Win2000 and WinXP.

Can I associate more than one driver to one samba printer?

Right now, I do not have Vista machine that could connect as root of
Samba server and that could do this association, I can only do that
from Unix; is that possible? It seems that rpcclient setdriver can
only associate one driver to one printer.

Best regards,

Olivier
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] weird permissions issue

[JJB]

Version 3.2.4-4.3-2042-SUSE-SL11.0

Do I need to file a bug report for something that used to work but 
stopped about 1 month ago? If something stops working, that usually 
isn't a bug, its a config problem or a data corruption problem, isn't 
it? In other words, isn't this most likely the fault of either myself or 
another admin, or a hardware glitch as opposed to something wrong with 
samba itself?


I don't think we have done any updating to samba services or SUSE Linux 
in recent history, unless it happened automatically, which I don't 
believe is the way we have it configured. The only changes I've made in 
the past year or so were to add the Recycler to the users share and to 
create the DOC_IN share.


- Joel
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] weird permissions issue

[Jeremy Allison]

On Wed, Jun 17, 2009 at 04:15:26PM -0700, JJB wrote:
> Recently some folks in our engineering group started encountering a  
> problem where they can't write to or alter files or folders they did not  
> create.
>
> Anyone know what could be causing this type of problem? The users having  
> the problem are all in the eng group is /etc/groups. smb.conf for that  
> share:

What version of Samba ? Best thing is to log a bug containing a
level 20 log file of the permission denied problem.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] System Wide recycle bin

[Michael Heydon]

Is there a way to get the recycle bin to be one directory rather than
one per share?

Even better would be /recyclebin/

I've got this in my global section:

 vfs objects = recycle
   recycle:keeptree = yes
   recycle:versions = yes
   recycle:touch = yes
   recycle:repository = /.recycle/current/%u/%P

which appears to do the trick.

I haven't tried, but I imagine the share name substitutions would 
probably work


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] weird permissions issue

[JJB]

Recently some folks in our engineering group started encountering a 
problem where they can't write to or alter files or folders they did not 
create.


Anyone know what could be causing this type of problem? The users having 
the problem are all in the eng group is /etc/groups. smb.conf for that 
share:


smb.conf:

#smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2005-04-04
[global]
   workgroup = WORKGROUP
   netbios name = int-samba
   server string = int-samba Fileserver
   username map = /etc/samba/smbusers
   map to guest = Bad User
   logon path = \\%L\profiles\.msprofile
   logon home = \\%L\%U\.9xprofile
   logon drive = P:
   add machine script = /usr/sbin/useradd  -c Machine -d 
/var/lib/nobody -s /bin/false %m$

   domain logons = No
   domain master = Yes
   security = user
   idmap gid = 1-2
   idmap uid = 1-2
   wins support = yes
   remote browse sync = 10.17.100.11
   passdb backend = smbpasswd
   preferred master = yes
   local master = yes
   os level = 255
   socket options = IPTOS_LOWDELAY TCP_NODELAY
   log level = 1
   interfaces = 192.168.1.2/24
   kernel oplocks = yes




## Share disabled by YaST
[homes]
   comment = Home Directories
   valid users = %S
   browseable = No
   read only = No
   inherit acls = Yes
   vfs objects = recycle
   recycle:repository = .Recycler
   recycle:keeptree = Yes
   recycle:versions = Yes

#  File creation mask is set to 0700 for security reasons. If you want to
#create files with group = rw permissions, set next parameter to 0775.
#create mask = 0775
#
# Directory creation mask is set to 0700 for security reasons. If you 
want to

#   create dirs. with group=rw permissions, set next parameter to 0775.
#directory mask = 0700
#directory mode = 0700


## Share disabled by YaST
# [profiles]
#comment = Network Profiles Service
#path = %H
#read only = No
#store dos attributes = Yes
#create mask = 0600
#directory mask = 0700

## Share disabled by YaST
# [users]
#comment = All users
#path = /home
#read only = No
#inherit acls = Yes
#veto files = /aquota.user/groups/shares/
#comment = Users share (from Miles)
#inherit acls = Yes
#path = /data/IT/engineering/Users
#read only = No
#valid users = @it @eng
#force group = eng
#create mask = 0664
#directory mask = 0775
###  recycle bin config ##
#vfs objects = recycle
#recycle:repository = .Recycler
#recycle:keeptree = Yes
#recycle:versions = Yes

## Share disabled by YaST
# [groups]
#comment = All groups
#path = /home/groups
#read only = No
#inherit acls = Yes

## Share disabled by YaST
# [printers]
#comment = All Printers
#path = /var/tmp
#printable = Yes
#create mask = 0600
#browseable = No

## Share disabled by YaST
# [print$]
#comment = Printer Drivers
#path = /var/lib/samba/drivers
#write list = @ntadmin root
#force group = ntadmin
#create mask = 0664
#directory mask = 0775

[nobackup]
   comment = nobackup
   inherit acls = Yes
   path = /data/nobackup
   read only = No
   valid users = mainshare @it @webdev
   create mask = 0664
   directory mask = 0775

[it]
   comment = IT
   inherit acls = Yes
   path = /data/IT/IT-share
   read only = No
   valid users = @it
   force group = it
   create mask = 0664
   directory mask = 0775
   ##  recycle bin config ##
   vfs objects = recycle
   recycle:repository = .Recycler
   recycle:keeptree = Yes
   recycle:versions = Yes

[htdocs]
   comment = Intranet Web Area
   inherit acls = Yes
   path = /data/IT/htdocs
   read only = No
   valid users = @it @webdev
   force user = wwwrun
   force group = mycompany

   create mask = 0664
   directory mask = 0775

   ##  recycle bin config ##
   vfs objects = recycle
   recycle:repository = .Recycler
   recycle:keeptree = Yes
   recycle:versions = Yes

[svn]
   comment = Subversion repositories
   inherit acls = Yes
   path = /data/IT/svn/
   read only = Yes
   valid users = @it
   force group = mycompany
   create mask = 0664
   directory mask = 0775

[mysql]
   comment = Mysql databases
   inherit acls = Yes
   path = /data/IT/mysql
   read only = Yes
   valid users = @it
   force user = mysql
   force group = mysql
   create mask = 0660
   directory mask = 0775

[backups]
   comment = MySQL Database backups
   inherit acls = Yes
   path = /data/IT/backups
   read only = No
   valid users = @it
   force group = it
   create mask = 0664
   directory mask = 0775

[eng-parent]
   comment = Parent of all engineering shares
   inherit acls = Yes
   path = /data/IT/engineering/
   read only = No
   valid users = @it
   force group = eng
   create mask = 0664
   directory mask = 0775

[engweb]
   comment = Engineering share
   inherit acls = Yes
   path = /data/IT/engineerin

[Samba] getent group fails

[Kevin Blackwell]

Hi,

Well, I'll try to start at what I think the root of my problems are.

When I do a getent group, I only get a list of the BUILTIN groups.

BUILTIN+administrators
BUILTIN+users

But if I do a wbinfo -g, all the AD groups show up.

This alone is not the overall problem, but it is creating a problem
because I need getent to return the groups for logging different AD
groups to different log files in squid.

Another problem is the wbinfo_group.pl and I know this is a squid app,
but from what I understand it used wbinfo.

/usr/lib/squid/wbinfo_group.pl
tuser password
Could not get groups for user tuser

I can provice config data and anything else necessary.

Thanks in advance.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.3.5 problem with hostnames in allow hosts list

[Tom Crummey]

Hello,

My environment is Solaris 10 with samba 3.3.5 compiled with gcc 4.1
using OpenLDAP libraries 2.4.

I use netgroups in the allow hosts directive to enable access to my
samba server. This worked in our production version of samba (3.0.28c)
but does not in 3.3.5.

I've done some debugging and it seems the problem occurs in
get_peer_name in lib/util_sock.c

This routine always returns whatever is in the memcache and never seems
to actually perform the sys_getnameinfo call. I don't understand the
logic in get_peer_name:

nc is declared at the top of the function (line 1816), then if
get_peer_name is called with force_lookup==true, the next thing that
happens is a lookup_nc(&nc) (line 1840).

The bit I don't understand is that nc is not initialised between being
declared and the lookup_nc call being performed. To my mind this would
lead to undefined results which might explain why sys_getnameinfo is
never called. Should there be something like

nc.name = get_peer_addr_internal(fd, addr_buf, sizeof(addr_buf),
&nc.ss, &length);

before the lookup_nc?

Any help/explanation gratefully received.

Thanks,

-- 
Tom.

--
 Tom Crummey, Systems and Network Manager,EMAIL: t...@ee.ucl.ac.uk
 Dept. of Electronic and Electrical Engineering,
 University College London, Roberts Building,   TEL: +44 (0)20 7679 3898
 Torrington Place,  FAX: +44 (0)20 7388 9325
 London, UK, WC1E 7JE.
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Re: [samba-user] Re: 2 copies of smbd running?

[Günter Kukkukk]

Am Mittwoch, 17. Juni 2009 schrieb Herwig Bauernfeind:
> Chuck McKinnis schrieb:
> >>> Is this normal?  
> >>>   
> >> Absolutely. Basically you have one parent smbd.exe daemon and one for 
> >> each user attached to the server.
> >>
> >> In addition there are usually 2 instances of nmbd.exe.
> >> 
> > Thanks Herwig.  I can see that logic, just could not find it anywhere 
> > in the documentation.
> >
> > I only have 1 instance of nmbd.exe.  Do I have a problem?
> >   
> I don't think so, I am not entirely sure when the 2nd instance of 
> nmbd.exe is started.

When nmbd is also running as a wins server (wins support = Yes) and
"dns proxy = Yes" has also been set, nmbd spawns a 2nd copy of itself
for dns name lookup...

See 'man smb.conf' ---> "dns proxy" option for details.
Cheers, Günter 

> > PS - If you would like some help in the Rexx area, I don't think I 
> > have forgotten everything yet.  Send me an email if I can help.
> >   
> Thanks for your offer. I am in the process of cleaning the code and 
> putting it into the netlabs svn.
> 
> I have indeed a problem with redirection of output in smbmon and files 
> that are open and cannot be closed, although they should be.
> As soon as I have put everything to svn, I'd gladly drop you a note so 
> you can take a look at that.
> 
> Kind regards,
> Herwig
> 
> -
> To unsubscribe, e-mail: samba-user-unsubscr...@netlabs.org
> For additional commands, e-mail: samba-user-h...@netlabs.org
> 
> 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Re: Samba PDC autolocking domain administrator account

[Stefan Oberwahrenbrock]

Stefan Oberwahrenbrock  wrote in
news:xns9c26809018cb9oberwahrenbrocktr...@80.91.229.13: 


Hello!

It turned out, that after all there were differences in the setup of the 
test and production system - I just was not aware of them at first:

The test system was built installing a plain default NT PDC. The default 
NT PDC installation does not make use of a "lockout after bad login 
attempts" policy at all - if you want to use such policy, you have to 
enable and configure it. The production system was configurered to use 
this policy with defaults (LogoutThreshold 5). During migration of both 
systems thesettings were also correctly migrated...

Thus, with e. g. disabed account policy "bad lockout attempt" (pdbedit), 
the domain-administrator does not get locked any more.

Nevertheless, Samba locking down the administrator is unexpected and 
unwanted - in my eyes. With NT the administrator account is not affected 
by the automatic locking mechanism. I think especially for users with 
migration background (NT 4.0 -> Samba), it would be nice, to have the 
same behaviour with Samba PDC.
In our case, the problem ist not, that the admins do not remember the 
password of the domain-admin. Instead, some users have the password for 
the local administrator on their local PC. If they logon as local 
administrator and try to connect to a share on some other machine, the 
Samba PDC obviously tries to authenticate the password(hash) of the 
local-admin-session against the domain-administrator account. With "bad 
lockout attempt" set to 5, the result is a lockeddown domain-
administrator account (Password of local and domain administrator differ 
of course!). The only workaround I know, is do disable "bad lockout 
attempt" completely or to set it the a relativ high value (e. g. 15). 
With these settings, the local-admin-users users trying to connect to a 
share do get a new window where they can provide a correct login, after 
windows noticed, that the first "automatical" connect attempts did not 
work.

Does anyone know, if the special handling of the domain-administrator-
account is a topic for future releases of Samba? Is there someone else, 
who sees the problem like I do (Or am I still just to NT4.0-affected ;-))

Greetings,
Stefan

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] System Wide recycle bin

[Martin Hooper]

Is there a way to get the recycle bin to be one directory rather than
one per share?

Even better would be /recyclebin/

Thanks in advance


-- 
Martin Hooper
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Security = share changed in Samba 3+ ?

[Danilo Godec]

Hi,

I have several servers in separate networks currently running samba
2.2.5. Each server can have aliases and I'm using the %L macro in share
path, so that each appear as a separate 'virtual' server  - depending on
how the client calls it. There is at least one SMB users defined in
'smbpasswd' file.

Here is the current config:

> [global]
> workgroup = MYGROUP
> netbios name = server1
> netbios aliases = server2 server3 server4
> server string = Linux SMB Server
> interfaces = eth1
> bind interfaces only = yes
> encrypt passwords = Yes
> password level = 8
> security = share
> username level = 8
> username map = /etc/samba.d/smbusers
> max log size = 200
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = No
> log file = /var/log/samba.d/smb.%m
> log level = 2
> mangle case = yes
> preserve case = no
> short preserve case = no
> default case = lower
> oplocks = no
> level2 oplocks = no
> strict locking = yes
> stat cache = no
> load printers = no
> local master = no
>
> [myshare]
> comment = My Virtual Shares
> browseable = no
> writeable = yes
> path = /opt/myshare/vhosts/%L

With this I can use 'smbclient' to connect to '//serverX/myshare' (where
X is 1-4) using the same user (myuser) and I can just 'browse' the share.

I need to upgrade all servers to a newer distro - OpenSuSE 11.1 that
comes with Samba 3.2.7. Because there are some automated procedures
running on clients I need to make sure Samba works pretty much the same
as it does on the current production servers.

I had to change some obvious options in 'smb.conf' - paths (OpenSuSE is
using 'samba' instead 'samba.d'), 'mangle case' is no longer a valid
option and I had to add 'client lanman auth = yes' option.

However, that alone is not enough - whenever I use 'smblcient', I get an
error:

> # smbclient //server1/myshare -U myuser
> Enter myuser's password:
> Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.2.7-11.2.1-2080-SUSE-CODE11]
> Server not using user level security and no password supplied.
> tree connect failed: NT_STATUS_WRONG_PASSWORD

I checked the obvious stuff - the username is OK, it exists in both
/etc/passwd and /etc/samba/smbpasswd and the path for the share also exists.

I then tried adding some options, but these didn't help:

> passdb backend = smbpasswd
> lanman auth = yes
> ntlm auth = yes
> smb encrypt = no
>
> client lanman auth = yes
> client plaintext auth = yes
>

The log shows this:

> ==> smb.172.16.0.123 <==
> [2009/06/17 12:19:37,  2] auth/auth.c:check_ntlm_password(318)
>   check_ntlm_password:  Authentication for user [myuser] -> [myuser]
> FAILED with error NT_STATUS_WRONG_PASSWORD
> [2009/06/17 12:19:37,  2] auth/auth.c:check_ntlm_password(318)
>   check_ntlm_password:  Authentication for user [myuser] -> [myuser]
> FAILED with error NT_STATUS_WRONG_PASSWORD
> [2009/06/17 12:19:37,  2] auth/auth.c:check_ntlm_password(318)
>   check_ntlm_password:  Authentication for user [myuser] -> [myuser]
> FAILED with error NT_STATUS_WRONG_PASSWORD
> [2009/06/17 12:19:37,  2] auth/auth.c:check_ntlm_password(318)
>   check_ntlm_password:  Authentication for user [myuser] -> [myuser]
> FAILED with error NT_STATUS_WRONG_PASSWORD
> [2009/06/17 12:19:37,  2] auth/auth.c:check_ntlm_password(318)
>   Invalid username/password for [myshare]

Did 'security = share' change from Samba 2 to Samba 3?

What do I need to change to make Samba 3 behave like Samba 2 did - with
'security = share'?

 Thanks, Danilo

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba