Re: [Samba] Intermittent stalling in file transfers / server connections
On Wed, Jul 01, 2009 at 12:26:09AM +0100, Philip Pemberton wrote: > I added the 'smb ports = 139', 'max log size' and 'log level' lines to > try and track down the issue -- the log files are pretty massive, but > contain very little that makes any sense to me :( Well, we could possibly make more sense of them if we saw them. In particular the part where the timeout happens. A couple of 100 lines before that and some 100's of lines after that timeout is necessary. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems resolving most users with winbind and AD/SFU (Resolved?)
Problem solved. Sort-of. I just don't know why the solution works. Here's what I found... First, I tried updating SFU 3.5 with the following hotfixes: 913030, 886655, 887531, 932143, 883520, 894186, 931930, 892561, 896428, 888993, 932143, and 939778. No change. Second, I used ADSI Edit from the Win2k support tools to compare side-by-side a working account with a "Could not get info for user ..." account. All AD fields were identical, with the exception of fields expected to be different like name, UID, etc. ADSI Edit also showed nothing out of ordinary in the Schema, groups, etc. Third, I checked the NIS server settings on the SFU side using "ypcat -k -d MYDOM passwd" & group. All accounts were visible with nothing of serious note. Last, I checked various groups for membership. I found that the accounts that resolved belonged to various BUILTIN groups on the AD server. I added a test account to the BUILTIN\Administrators and BUILTIN\Backup Users groups, and in a few minutes the test account started working in winbind. I added another account, and within an hour it was also accessible from winbind. I removed these tests from both BUILTIN groups and they remained functional in winbind. I added all accounts to these BUILTIN groups, and in an hour every account was functional in winbind. I went back in and removed all accounts that shouldn't belong to those groups and they still remained usable by winbind. What the heck? I have no clue what hidden flag got enabled on these accounts to make them work just by temporarily passing them through the BUILTIN groups. On one of the Samba fileservers I had not even performed the createbuiltingroups step to make these groups accesible. The BUILTIN\Users group was already populated with the "Domain Users" security group, of which all accounts were already members of. I've seen a few other posts from folks having problems AD user accounts from winbind. I'm wondering if this same band-aid fix might also work in their situations. Thanks all, Steve On Sun, Jun 28, 2009 at 4:58 PM, Steve B wrote: > I think I've been approaching this from the wrong angle. I spent the > last few weeks with different samba builds and configurations, but the > result was always the same. The same 9 accounts would resolve, while > all others "Could not get unix ID". > > I think the problem might be on the SFU side. The requests for > account info is received from the fileserver, but isn't available for > most of the accounts. > > There's a pretty good site which talks about various hotfixes for SFU > 3.5: http://debian-interix.net/hotfixes/tv.html. I've downloaded > most of the applicable patches and will apply them tomorrow. > > Secondly, I'm going to use the ADSI Edit utility to inspect the AD > account attributes in details. With any luck I'll find which keys are > in place for the accounts that resolve and are missing for the > accounts that won't. With more luck I won't fry my AD. > > Will post if I find anything of value > > Steve > >> >>> Hello all, >>> >>> I'm having a problem with Winbind resolving some users from AD on a W2KSP4 >>> server running SFU 3.5 [8.0.1969.1]. All users and groups in the AD domain >>> have been assigned UIDs and GIDs via SFU. The Linux fileserver is running >>> CentOS 5.3 with Samba 3.0.33-3.7.el5. The fileserver has been joined to the >>> domain using authconfig with proper modifications made to nsswitch and pam. >>> My smb.conf is attached below. >>> >>> wbinfo -u will show all users. What I'm seeing is that out of the 90 or so >>> users, only 6 will respond to id or winbind -i requests. The rest respond >>> with "no such user" or similar. The following error appears in >>> my /var/log/samba/winbindd-idmap.log file when an attempt is made to resolve >>> one of these users: >>> >>> [2009/06/23 13:59:13, 3] >>> nsswitch/winbindd_async.c:winbindd_dual_sid2uid(374) >>> [11577]: sid to uid S-1-5-21-1060284298-861567501-682003330-1277 >>> [2009/06/23 13:59:13, 1] nsswitch/idmap_ad.c:idmap_ad_sids_to_unixids(613) >>> Could not get unix ID >>> >>> An additional symptom is as such, where wbinfo -n works for all users, but >>> only a few can be resolved with wbinfo -S: >>> >>> # wbinfo -n user1 >>> S-1-5-21-1060284298-861567501-682003330-1241 User (1) >>> # wbinfo -S S-1-5-21-1060284298-861567501-682003330-1241 >>> 2241 >>> # wbinfo -n user2 >>> S-1-5-21-1060284298-861567501-682003330-1260 User (1) >>> # wbinfo -S S-1-5-21-1060284298-861567501-682003330-1260 >>> Could not convert sid S-1-5-21-1060284298-861567501-682003330-1260 to uid >>> >>> This problem directly affects attempts to 'xcopy /o' files from Windows to >>> the >>> Linux file server, or in the following example an attempt to use subinacl to >>> set ownership of a file on the fileserver to one of the users who will not >>> resolve: >>> >>> [2009/06/24 16:38:27, 3] smbd/posix_acls.c:unpack_nt_owners(966) >>> unpack_nt_owners: unable to validate owner sid for >>> S-1-5-2
[Samba] Intermittent stalling in file transfers / server connections
Samba version 3.2.3, in PDC mode Client PC is Windows XP SP3 32-bit Server is a standard Intel Atom230 PC, four Ethernet ports, running Ubuntu Server 8.10. It provides Internet access (routing/perimeter firewall, dnsmasq DNS/DHCP server), email (Fetchmail, Postfix and Procmail), printing (CUPS) and Apache+PHP+MySQL for webapp testing. I'm trying to track down an issue with my Samba server. Basically, I can be happily transferring files to/from it for a couple of hours, then suddenly (and seemingly randomly), the transfer will stall for about 30 seconds. This is typified by Winamp's audio output stopping for 30 seconds, then restarting from where it left off (or sometimes 30 seconds further on). Usually the apps that are running on the XP box will continue running, but Explorer won't allow access to Start->Run or start any more apps until after the 30-second wait. I've done all the network tests -- swapping ports on the server (and client) sides, swapping cables, pinging back and forth... Even during the 30-second wait, I can still access the server and other machines on the LAN (ping, SSH, you name it). Just that Samba itself doesn't seem to work properly... Here's my smb.conf: === [global] netbios name= wolf workgroup = MILKYWAY server string = Fileserver # socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE # only bind to internal LAN and loopback -- security precaution (stops nosey # parkers talking to Samba even if the firewall is down) interfaces = br0 lo bind interfaces only= yes # only provide SMB service on port 139 smb ports = 139 # Make nmbd periodically announce itself to the LAN # remote announce = 10.255.255.255 # CHANGE BACK TO 50 WHEN FINISHED DEBUGGING! max log size= 1024 # CHANGE BACK TO 1 WHEN FINISHED DEBUGGING! log level = 10 log file= /var/log/samba/log.%m # Basically, this makes Samba lookup unregistered netbios names against the # DNS server (dnsmasq). In our case, this does a lookup against /etc/hosts # and whatever machines have registered a hostname with dnsmasq's DHCP # backend. dns proxy = yes # Use user-level security security= user # Act as a PDC for this workgroup domain logons = yes domain master = yes # Make sure the Samba server maintains the role of master browser. # NOTE: No other Samba server should have its OS level set higher than # this server. local master= yes preferred master= yes os level= 99 # A file that maps Windows usernames to Unix ones username map= /etc/samba/smbusers # logon path tells Samba where to put Windows NT/2000/XP roaming profiles. # Problem is, it takes bloody ages to sync roaming profiles across the LAN # (even a 100MBit LAN). Ergo, this is set to a blank string, which disables # roaming profiles. ; logon path = \\%L\profiles\%u\%m ; logon path = \\%L\profiles\%U logon path = # Run \\%L\netlogon\logon.bat on the client machine when a user logs onto # the domain logon script= logon.bat # Tell NT/2K/XP boxen where to mount the Home Directory # This basically makes NT/2K/XP run "NET USE Z: /HOME" at logon. logon drive = Z: logon home = \\%L\%U ; logon home = \\%L\%U\.win_profile # Act as a time server time server = yes # Dynamically create UNIX users and machines to match existing NT accounts # and machines that are added to the domain. add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u add machine script = /usr/sbin/useradd -d /dev/null -g machines -c Machine -s /bin/false %u # This server uses CUPS to provide printing functionality to the network. printing= cups ;; Networking / roaming profiles ;; [netlogon] path= /samba/netlogon comment = Logon scripts and policies create mask = 0644 write list = root, philpem writable= no browsable = no [homes] comment = Home directories browsable = no writable= yes valid users = %S read only = no create mask =
Re: [Samba] Samba + Winbind + AD homes does not work
Am Dienstag, 30. Juni 2009 schrieb d...@briannassaladdressing.com: > Florian, > > Try "valid users = DOM+%S". the more generalized form would be: "valid users = %D%w%S" #%D domain or workgroup name #%w winbind separator #%S current service name Some distros use this one as default: "valid users = %S, %D%w%S" Cheers, Günter > > Should that fail, also ensure that the home directories exist (as defined in > "template homedir ="), and that these directories have the correct > permissions. > > Dale > > > -Original message- > From: florian.engelm...@bt.com > Date: Tue, 30 Jun 2009 10:19:05 -0500 > To: samba@lists.samba.org > Subject: [Samba] Samba + Winbind + AD homes does not work > > > Hello, > > we use winbind to connect our Linux servers to our AD what is working > > right now and we use samba to share some Linux directories to our > > Windows clients what is also working as intended. The only thing we were > > not able to get running are the [homes]. The authentication seems to be > > wrong. Here is our configuration. > > > > /etc/samba/smb.conf > > [global] > >netbios name = demu1glc01 > >workgroup = DOM > >realm = DOM.xxx.yyy > >preferred master = no > >server string = UnixCluster > >security = ADS > >encrypt passwords = true > >;password server = * > >password server = demu1w02 > >allow trusted domains = no > >log level = 2 > >log file = /var/log/samba/%m > >max log size = 1000 > >printcap name = cups > >printing = cups > >winbind enum users = no > >winbind enum groups = no > >winbind use default domain = yes > >winbind nested groups = yes > >winbind separator = + > >winbind cache time = 5 > >idmap backend = rid:DOM=10-500 > >idmap uid = 10-1000 > >idmap gid = 10-1000 > >template homedir = /home/%D/%U > >template shell = /bin/bash > > > > [homes] > >comment = Home Direcotries > >;path = /pkg/global/home/%D/%U > >valid users = %S > >;valid users = %D+%U, engelmaf, DOM+engelmann > >:valid users = @DOM+de_it-operations_dam, @"DOM+domain users", %D+%U, > > engelmaf, DOM+engelmann, %S > >read only = no > >browseable = no > >;invalid users = root > > > > [printers] > >comment = All Printers > >path = /var/spool/cups > >browseable = no > >printable = yes > >guest ok = yes > > > > [dml] > >comment = Digital Media Library > >path= /pkg/tank/dml > >valid users = @DOM+de_it-operations_dam, @"DOM+domain users" > >writable=yes > >browseable=yes > >write list = @DOM+de_it-operations_dam > > > > We are able to connect and write to dml but not to the home directories. > > Any Idea what could be the problem? > > > > OS: Debian Lenny > > Samba: 3.2.5 > > > > Thank you for your help. > > > > Regards Florian > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + Winbind + AD homes does not work
Florian, Try "valid users = DOM+%S". Should that fail, also ensure that the home directories exist (as defined in "template homedir ="), and that these directories have the correct permissions. Dale -Original message- From: florian.engelm...@bt.com Date: Tue, 30 Jun 2009 10:19:05 -0500 To: samba@lists.samba.org Subject: [Samba] Samba + Winbind + AD homes does not work > Hello, > we use winbind to connect our Linux servers to our AD what is working > right now and we use samba to share some Linux directories to our > Windows clients what is also working as intended. The only thing we were > not able to get running are the [homes]. The authentication seems to be > wrong. Here is our configuration. > > /etc/samba/smb.conf > [global] >netbios name = demu1glc01 >workgroup = DOM >realm = DOM.xxx.yyy >preferred master = no >server string = UnixCluster >security = ADS >encrypt passwords = true >;password server = * >password server = demu1w02 >allow trusted domains = no >log level = 2 >log file = /var/log/samba/%m >max log size = 1000 >printcap name = cups >printing = cups >winbind enum users = no >winbind enum groups = no >winbind use default domain = yes >winbind nested groups = yes >winbind separator = + >winbind cache time = 5 >idmap backend = rid:DOM=10-500 >idmap uid = 10-1000 >idmap gid = 10-1000 >template homedir = /home/%D/%U >template shell = /bin/bash > > [homes] >comment = Home Direcotries >;path = /pkg/global/home/%D/%U >valid users = %S >;valid users = %D+%U, engelmaf, DOM+engelmann >:valid users = @DOM+de_it-operations_dam, @"DOM+domain users", %D+%U, > engelmaf, DOM+engelmann, %S >read only = no >browseable = no >;invalid users = root > > [printers] >comment = All Printers >path = /var/spool/cups >browseable = no >printable = yes >guest ok = yes > > [dml] >comment = Digital Media Library >path= /pkg/tank/dml >valid users = @DOM+de_it-operations_dam, @"DOM+domain users" >writable=yes >browseable=yes >write list = @DOM+de_it-operations_dam > > We are able to connect and write to dml but not to the home directories. > Any Idea what could be the problem? > > OS: Debian Lenny > Samba: 3.2.5 > > Thank you for your help. > > Regards Florian > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba from source on CentOS 5 -- nsswitch woes
Samba users, I have compiled Samba 3.3.6 from the pristine sources on samba.org on a CentOS 5 machine. When I compiled Samba, CentOS's samba-common package was installed and specifying 'winbind' in /etc/nsswitch.conf allowed winbind to supply user information. For the sake of cleanliness and removing old libraries, I removed the samba-common package. Now, specifying 'winbind' in nsswitch.conf does nothing. What I mean exactly is that using `id domain_user` or `id MYDOMAIN+domain_user` both return "no such user." I can't authenticate as any users that winbind ought to recognize. To start, here are my configure options: ./configure --prefix=/opt/samba/3.3.6 --with-ads --with-ldap --with-kerberos=/usr/kerberos --with-ldap --with-quotas --with-pam --with-configdir=/etc/samba --enable-nss-wrapper --with-pammodulesdir=/lib/security --disable-cups --enable-socket-wrapper I have verified that winbindd is running. The machine in question is joined to our domain. `wbinfo -u` returns a full list of users. My smb.conf is using the same settings as when the samba-common package was installed. You can take a look at it here: http://pastebin.com/m1f241322. I ran testparm and it did not report any problems. I have copied the libnss_winbind.so and libnss_wins.so to /lib/. I have also ensured pam_winbind.so and pam_wins.so were copied to /lib/security/. I added my /opt/samba/3.3.6/lib to /etc/ld.so.conf and ran ldconfig, which also did not help (figured maybe it had problems finding libraries). Looking at the CentOS 5 samba-common package, it includes a few libraries (namely, it builds ad.so, which is symlinked as sfu.so and rfc2307.so) which are not built with the sources I downloaded. I assumed this was because it was an older Samba. Other than that, I can't possibly see what I might be missing. Any assistance is greatly appreciated. If there is any additional information I can provide, please ask. -- John Koelndorfer CEMS IT Office -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: Fwd: Fwd: [Samba] Windows XP login
Thanks for info, what do I need to modify or configure in order for this file to remain hidden on all clients? In smb.conf: hide files = /desktop.ini/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] unstable winbind
Hello everybody I am trying samba with winbind to user trusted domain. I have seen that winbind`s work is unstable, by moments when I perform winbind -a domain\\user%passwd #the response is: plaintext password authentication succeeded challenge/response password authentication succeeded and a time after: winbind -a domain\\user%passwd #the response is: plaintext password authentication failed Could not authenticate user intertur\t68 with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers What can I configfure to make it stable? Miguel Jínez -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows XP login
To me, that means that the Windows default profile has this set in it. Once it is set on a user's profile, it will need to be reset for each user. It's not uncommon for a system administrator to configure the an account the way they want it, then copy that users' profile to the Default Profile (typically under C:\Documents and Settings\Default User, to see it Hidden files/folders need to be visible). For a domain-wide default profile, it can be located at \\domain-controller\netlogon\Default User. One way to modify it is to create a temp user with administrative privileges, login as the temp user to get the Default Profile and modify the settings. Log off as that user, then logon as an different administrative user. Then use the profile copy tool (Control Panel, System, Advanced, User Profiles Settings, copy the Temp Users'profile to C:\Documents and Settings\Default User (per workstation) or \\domain-controller\netlogon\Default User (per domain). This only fixes it for new users, or if you're doing mandatory profiles. On 6/30/09 9:35 AM, "David Christensen" wrote: > Regis, It appears every user is getting this the first time the login to the newly created domain after I enabled roaming profiles. How can I disable this without having to work on every machine? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpKPr4ACgkQ5B+8XEnAvqv/zACfXKUyb1UugL4t9KUJDHBcWK+q brkAoJZ3Qw4X48eYZIqOKGofHxsRw4lh =qxr7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows XP login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Regis Niggemann wrote: > In a Windows environment, the visibility of that file is dependent upon the > client view option "Hide protected operating system files (Recommended)", > which controls view of files with the system flag set. This is set on a per > user basis. > > Hope this helps! > > > On 6/30/09 8:22 AM, "John Drescher" wrote: > > -- Forwarded message -- > From: > Date: Tue, Jun 30, 2009 at 10:56 AM > Subject: Re: Fwd: [Samba] Windows XP login > To: John Drescher > > This desktop.ini file is a hidden file that windows places in all folders of your system to store the preferences of your explorer view. The problem here is samba is making this hidden file in the startup folder of the start menu visible instead of default hidden. John >>> Thanks for info, what do I need to modify or configure in order for this >>> file to remain hidden on all clients? > > >> I have not solved that myself. > > Nor have I. It is a problem with windows clients on W2Kx domains as well. > It also seems it might be tied to the clients view files and folder > settings, however I have not tested that variable. But it's such a > trivial issue I haven't really done much to solve outside of hiding files > etc. > > Cheers, > Regis, It appears every user is getting this the first time the login to the newly created domain after I enabled roaming profiles. How can I disable this without having to work on every machine? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpKPr4ACgkQ5B+8XEnAvqv/zACfXKUyb1UugL4t9KUJDHBcWK+q brkAoJZ3Qw4X48eYZIqOKGofHxsRw4lh =qxr7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows XP login
On Tue, Jun 30, 2009 at 12:17 PM, David Christensen wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Norberto Bensa wrote: >> On Mon, Jun 29, 2009 at 9:59 PM, John Drescher wrote: > This desktop.ini file is a hidden file that windows places in all > folders of your system to store the preferences of your explorer view. > The problem here is samba is making this hidden file in the startup > folder of the start menu visible instead of default hidden. > > John Thanks for info, what do I need to modify or configure in order for this file to remain hidden on all clients? >>> I have not solved that myself. >>> >>> look at the documentation for hidden file mapping and veto files >> >> I have. Using the user_xattr mount option and (IIRC) "store dos >> attributes". Here is an excerpt from my smb.conf >> >> profile acls = Yes >> hide unreadable = Yes >> map acl inherit = Yes >> store dos attributes = Yes >> map archive = No >> map read only = No >> >> >> HTH, >> Norberto > Norberto, > > Were these attributes added to the [profile] share or are they global? In my smb.conf they are in [global]. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows XP login
In a Windows environment, the visibility of that file is dependent upon the client view option "Hide protected operating system files (Recommended)", which controls view of files with the system flag set. This is set on a per user basis. Hope this helps! On 6/30/09 8:22 AM, "John Drescher" wrote: -- Forwarded message -- From: Date: Tue, Jun 30, 2009 at 10:56 AM Subject: Re: Fwd: [Samba] Windows XP login To: John Drescher >>> This desktop.ini file is a hidden file that windows places in all >>> folders of your system to store the preferences of your explorer view. >>> The problem here is samba is making this hidden file in the startup >>> folder of the start menu visible instead of default hidden. >>> >>> John >> >> Thanks for info, what do I need to modify or configure in order for this >> file to remain hidden on all clients? > > I have not solved that myself. Nor have I. It is a problem with windows clients on W2Kx domains as well. It also seems it might be tied to the clients view files and folder settings, however I have not tested that variable. But it's such a trivial issue I haven't really done much to solve outside of hiding files etc. Cheers, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 11:15 AM, Norberto Bensa wrote: > On Tue, Jun 30, 2009 at 10:39 AM, John Drescher wrote: >>> On Tue, Jun 30, 2009 at 7:29 AM, David Markey >>> wrote: It's possible to use nss_ldap and idmap backend = nss and no winbind, like you are describing. >>> >>> Why do I need idmap? I mean, from what I understand, idmap only >>> purpose is to help winbind ensure uid and gid are the same across >>> servers. If I use LDAP to store users accounts and groups, these id >>> are the same. >>> >> >> Without idmap ACLs do not work on member servers. I mean changing ACLs >> on files in windows does not work as expected. >> > > Ok. So, is this "idmap backend = nss" a valid option? I can't find > information about it in "man smb.conf" > > I'm using samba-3.0.28a (ubuntu hardy). > I do not remember what version that was added. 3.0.28 is pretty old though. I am using 3.0.33 or greater on all of my production servers. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Fwd: Fwd: [Samba] Windows XP login
-- Forwarded message -- From: Date: Tue, Jun 30, 2009 at 10:56 AM Subject: Re: Fwd: [Samba] Windows XP login To: John Drescher >>> This desktop.ini file is a hidden file that windows places in all >>> folders of your system to store the preferences of your explorer view. >>> The problem here is samba is making this hidden file in the startup >>> folder of the start menu visible instead of default hidden. >>> >>> John >> >> Thanks for info, what do I need to modify or configure in order for this >> file to remain hidden on all clients? > > I have not solved that myself. Nor have I. It is a problem with windows clients on W2Kx domains as well. It also seems it might be tied to the clients view files and folder settings, however I have not tested that variable. But it's such a trivial issue I haven't really done much to solve outside of hiding files etc. Cheers, > > look at the documentation for hidden file mapping and veto files > >> Is this also the reason why the >> desktop setting is not being applied on logins? >> > I do not think so. I believe this file is only for view settings of > explorer.exe. Detailed, Icon, web view ... > > John > > > > -- > John M. Drescher > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows XP login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: > On Mon, Jun 29, 2009 at 9:59 PM, John Drescher wrote: This desktop.ini file is a hidden file that windows places in all folders of your system to store the preferences of your explorer view. The problem here is samba is making this hidden file in the startup folder of the start menu visible instead of default hidden. John >>> Thanks for info, what do I need to modify or configure in order for this >>> file to remain hidden on all clients? >> I have not solved that myself. >> >> look at the documentation for hidden file mapping and veto files > > I have. Using the user_xattr mount option and (IIRC) "store dos > attributes". Here is an excerpt from my smb.conf > > profile acls = Yes > hide unreadable = Yes > map acl inherit = Yes > store dos attributes = Yes > map archive = No > map read only = No > > > HTH, > Norberto Norberto, Were these attributes added to the [profile] share or are they global? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpKLIsACgkQ5B+8XEnAvqs9fgCeOm4bz9Xj7jUyiqTYQ5iIRbNt kP4Ani2k0W2O/1iL3/ZxsGmxi320ajBA =wine -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba + Winbind + AD homes does not work
Hello, we use winbind to connect our Linux servers to our AD what is working right now and we use samba to share some Linux directories to our Windows clients what is also working as intended. The only thing we were not able to get running are the [homes]. The authentication seems to be wrong. Here is our configuration. /etc/samba/smb.conf [global] netbios name = demu1glc01 workgroup = DOM realm = DOM.xxx.yyy preferred master = no server string = UnixCluster security = ADS encrypt passwords = true ;password server = * password server = demu1w02 allow trusted domains = no log level = 2 log file = /var/log/samba/%m max log size = 1000 printcap name = cups printing = cups winbind enum users = no winbind enum groups = no winbind use default domain = yes winbind nested groups = yes winbind separator = + winbind cache time = 5 idmap backend = rid:DOM=10-500 idmap uid = 10-1000 idmap gid = 10-1000 template homedir = /home/%D/%U template shell = /bin/bash [homes] comment = Home Direcotries ;path = /pkg/global/home/%D/%U valid users = %S ;valid users = %D+%U, engelmaf, DOM+engelmann :valid users = @DOM+de_it-operations_dam, @"DOM+domain users", %D+%U, engelmaf, DOM+engelmann, %S read only = no browseable = no ;invalid users = root [printers] comment = All Printers path = /var/spool/cups browseable = no printable = yes guest ok = yes [dml] comment = Digital Media Library path= /pkg/tank/dml valid users = @DOM+de_it-operations_dam, @"DOM+domain users" writable=yes browseable=yes write list = @DOM+de_it-operations_dam We are able to connect and write to dml but not to the home directories. Any Idea what could be the problem? OS: Debian Lenny Samba: 3.2.5 Thank you for your help. Regards Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 10:39 AM, John Drescher wrote: >> On Tue, Jun 30, 2009 at 7:29 AM, David Markey >> wrote: >>> It's possible to use nss_ldap and idmap backend = nss and no winbind, like >>> you are describing. >> >> Why do I need idmap? I mean, from what I understand, idmap only >> purpose is to help winbind ensure uid and gid are the same across >> servers. If I use LDAP to store users accounts and groups, these id >> are the same. >> > > Without idmap ACLs do not work on member servers. I mean changing ACLs > on files in windows does not work as expected. > Ok. So, is this "idmap backend = nss" a valid option? I can't find information about it in "man smb.conf" I'm using samba-3.0.28a (ubuntu hardy). > John M. Drescher > Thanks! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] UTF8 with accented characters
Marc, I configured samba with unix charset = UTF-8 display charset = UTF-8 and restarted. I am not sure I understand you correctly , my windows station is using the sftp tool . Is it that tool that should be configured to use utf-8 or is it the client itself ? (windows XP) Greetings, Jan -Original Message- From: samba-bounces+jan.vancamp=health.fgov...@lists.samba.org [mailto:samba-bounces+jan.vancamp=health.fgov...@lists.samba.org] On Behalf Of Marc Muehlfeld Sent: dinsdag 30 juni 2009 15:38 To: samba@lists.samba.org Subject: Re: [Samba] UTF8 with accented characters Van Camp Jan schrieb: > Can anyone help us with this please ? The two applications (Samba and your SFTP Server) use different character sets. Configure both to use the same. Here my openSUSE 10.3 uses UTF8 for creating files on linux. And I configured samba to use UTF8 too, so all filenames on Linux and Windows look the same: unix charset = UTF-8 display charset = UTF-8 Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Disclaimer : https://portal.health.fgov.be/portal/page?_pageid=56,8674425&_dad=portal&_schema=PORTAL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
> On Tue, Jun 30, 2009 at 7:29 AM, David Markey > wrote: >> It's possible to use nss_ldap and idmap backend = nss and no winbind, like >> you are describing. > > Why do I need idmap? I mean, from what I understand, idmap only > purpose is to help winbind ensure uid and gid are the same across > servers. If I use LDAP to store users accounts and groups, these id > are the same. > Without idmap ACLs do not work on member servers. I mean changing ACLs on files in windows does not work as expected. -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UTF8 with accented characters
Van Camp Jan schrieb: Can anyone help us with this please ? The two applications (Samba and your SFTP Server) use different character sets. Configure both to use the same. Here my openSUSE 10.3 uses UTF8 for creating files on linux. And I configured samba to use UTF8 too, so all filenames on Linux and Windows look the same: unix charset = UTF-8 display charset = UTF-8 Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] UTF8 with accented characters
Hello , We use samba with success . However when we want to use accents (é, à , è) in the file names (French) we get the following behaviour : 1) files copied to the samba unix share with windows explorer are correctly listed in windows explorer 2) files copied to the samba unix share with an sftp gui are Iisted correctly in that gui 3) files copied with windows explorer are not correctly listed in the sftp gui (incorrect characters in the file names) 4) files copied with sftp gui are not correctly listed in windows explorer (incorrect characters in the file names) Can anyone help us with this please ? Greetings , Jan Disclaimer : https://portal.health.fgov.be/portal/page?_pageid=56,8674425&_dad=portal&_schema=PORTAL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 7:29 AM, David Markey wrote: > It's possible to use nss_ldap and idmap backend = nss and no winbind, like > you are describing. Why do I need idmap? I mean, from what I understand, idmap only purpose is to help winbind ensure uid and gid are the same across servers. If I use LDAP to store users accounts and groups, these id are the same. > It's also possible to use nss_winbind and no nss_ldap, however there has > been a bug on the server side that has stopped this from working. So the > option above is your only option unless you have a version of samba on the > server side that isn't affected by the bug. In the past, winbind used to give headaches. I want to avoid it if I can :-) > Regards, > > David Thanks! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] import PrinterDriverData
Hi, is there any way to import the PrinterDriverData (or parts) from the local Windows registry into the samba registry? The Brother printer driver claims that some features (e.g. color printing) have not been enabled by the admin (that's me). If I set up the driver to print directly to the printer (which is a network printer) there is no issue. I think the reason may be some features not written to the remote registry by the driver. Samba version is 3.0.28. regards Marten Gajda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
It's possible to use nss_ldap and idmap backend = nss and no winbind, like you are describing. It's also possible to use nss_winbind and no nss_ldap, however there has been a bug on the server side that has stopped this from working. So the option above is your only option unless you have a version of samba on the server side that isn't affected by the bug. Regards, David On Tue, 30 Jun 2009 00:59:16 -0300, Norberto Bensa wrote: > Hello, > > On Mon, Jun 29, 2009 at 11:11 PM, John Drescher > wrote: >>> I have a Samba PDC with an LDAP backend password database, against which >>> WinXP clients authenticate. I also have a Ubuntu workstation, which >>> authenticates directly to the same LDAP password database (no Samba). >>> >>> I now wish to have the WinXP clients be able to map shares on the Ubuntu >>> workstation, so I obviously need to get Samba working on it. I can slog >>> through the technical details, but I want to make sure I have the >>> concept >>> properly figured out - will the Ubuntu workstation be a "member server", >>> configured as such per the Samba documentation using Winbind, or is >>> there a >>> different way I should be thinking about this? >>> >>> Thanks for any general pointers. >>> >> >> That is what I have with my samba setup. I mean I have a PDC, a BDC, 3 >> to 5 LDAP servers and 5 or so member servers. On my PDC and BDC there >> are no real file shares. The member servers have that. My member >> servers have winbind. > > > At work, we're in the process of starting a migration of our Windows > XP clients to Ubuntu. > > My PDC is a Samba server running on Ubuntu Hardy with LDAP backend. > > I'm testing with my workstation (Ubuntu Jaunty). Samba uses the PDC as > a password server. Users and groups are read from LDAP via nsswitch > (i.e. nothing about LDAP in smb.conf on the client). Also, no winbind. > > It seems to work, but I want to know if I'm missing something. > > Why should I run winbind? > If I need to run winbind, does it need to run on server _and_ clients? > > > Many thanks in advance, > Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba-Cups: all works except browsing when printer is not defined in smb.conf
Cups 1.2.7
Debian Etch with Samba 3.0.24
Clients: WinXP SP3 (with Firewall completely off for testing)
When I define a printer specifically in smb.conf, they show up as shared
printers in WinXP. But when I follow the normal way (see below) to load all
from cups they don't.
I followed mainly the latest SAMBA-HOWTO (chapter 21-22)
The only error I see in log.smbd when accessing the Printers&Faxes where
they should be, is:
[2009/06/30 11:13:50, 0] smbd/service.c:make_connection()
mpi025 (192.168.1.106) couldn't find service
::{2227a280-3aea-1069-a2de-08002b30309d}
When I add them by name instead of via browsing all works, but I wish to
understand what goes wrong and where.
This works:
runas /netonly /user:root "rundll32 printui.dll,PrintUIEntry /p /t3 /n
"\\newton\2420N-240"
rundll32 printui.dll,PrintUIEntry /in /n "\\newton\2420N-240"
Any suggestions would be very welcome.
Koen Linders
Extra relevant stuff.
*Checking cups support for samba: ldd `which smbd`
-snip-
libcups.so.2 => /usr/lib/libcups.so.2 (0xb7d9b000)
-snip-
*relevant samba sections
smb.conf
printing = cups
printcap name = cups
load printers = yes
[printers]
comment = Samba Printers Spool
path = /data/spool
printable = yes
guest ok = yes
browseable = no
writable = no
[print$]
comment = Printer Drivers
path = /data/printers
browseable = yes
guest ok = yes
read only = yes
write list = root +domadmins
*permissions on maps
drwxrwsrwx 3 root domadmins 4096 2009-06-29 13:25 printers
drwxrwxrwt 2 root root 4096 2009-06-29 13:50 spool
*driver installation from cups to samba
I did put following items in /usr/share/cups/drivers
cups6.inf (from www.cups.org)
cups6.ini (from www.cups.org)
cupsps6.dll (from www.cups.org)
cupsui6.dll (from www.cups.org)
ps5ui.dll (from your Windows system)
pscript.hlp (from your Windows system)
pscript.ntf (from your Windows system)
pscript5.dll (from your Windows system)
And to confirm to add drivers to [print$]
cupsaddsmb -U root -v -a -H newton
-snipped all extra info showing only one printer-
Printer Driver 2420N-240 successfully installed.
Succesfully set 2420N-240 to driver 2420N-240.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
