[Samba] Re: can't access samba PDC after power cut

[jamrock]

"Leonardo Carneiro"  wrote in message
news:4a5268e1.2080...@veltrac.com.br...
hello guys,

after a power cut in this weekend, the filesystem of the machine running
samba+ldap currupted. i did a fsck and every other services in the
machine are running fine now, but i cannot access the samba shares and
cannot join/log in the domain.
in the windows machines it just show a message "the network path is not
found".

Can you search the ldap directory using the standard ldap tools.  e.g.
ldapsearch?

If not, the problem could be with ldap and not Samba.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [solved] Re: smbclient failing: Server requested plaintext password...

[John Riesen]

This code in param/loadpam.c pointed out the problem.

static void set_allowed_client_auth(void)
{
if (Globals.bClientNTLMv2Auth) {
Globals.bClientLanManAuth = False;
}
if (!Globals.bClientLanManAuth) {
Globals.bClientPlaintextAuth = False;
}
}


You have to set 'client lanman auth = yes'.  Otherwise,
'client plaintext auth' is forced off.

So using 'smbclient -s foo.conf' where foo.conf has ...

[globals]
client lanman auth = yes
client plaintext auth = yes

... does the trick.

It seems this changed some time between 3.0.x and 3.2.x.

This bit of doco in smb.conf(5) in the 'client lanman auth'
section was the part I missed...

   Disabling this option will also disable the client plaintext auth
   option.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba Windows resolve issue

[Doug Coats]

I am having an issue with a new samba setup.  My gateway server (H1 - the
new setup) is running Samba and acting as my networks wins server.  It also
houses my email and web server.  It is connected to a private network to
another server (H3) running Samba acting as my main file server.

The issue that I am experiencing is that H3 can view our webpage that is
hosted on H1 but my Windows machines that are connected to H3's subnet can
not.  If I try to ping H1 from H3 it resolves the name properly.  If I ping
H1 from the windows boxes it returns the external IP address and times out
on the requests.  i hope that I have presented that clearly.

H1 is fully qualified in the host files on H1 and H3.

H1's smb.conf

 [global]
workgroup = admin
server string = Web Server
netbios name = h1
netbios aliases = mailserver
interfaces = lo 192.168.4.0/24
hosts allow = 127. 192.168.1. 192.168.4. 192.168.5. 192.168.6.
log file = /var/log/samba/%m.log
max log size = 50
encrypt passwords = yes
security = user
passdb backend = smbpasswd
smbpasswd file = /etc/samba/smbpasswd
domain master = no
local master = no
os level = 32
preferred master = no
wins support = yes
name resolve order = hosts wins lmhosts bcast
wins proxy = yes
dns proxy = yes

H3's smb.conf

[global]
   netbios name = h3
   workgroup = ADMIN
   server string = Administration Samba Server
   security = user
   hosts allow = 192.168.4. 192.168.5. 192.168.6. 192.168.1. 192.168.0. 127.
   log file = /var/log/samba/%m.log
   max log size = 50
   passdb backend = smbpasswd
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   interfaces = 192.168.4.3 192.168.6.1 127.0.0.1
   remote announce = 192.168.5.255 192.168.4.255 192.168.0.255
   local master = yes
   domain master = yes
   domain logons = yes
   logon path =
   logon home =
   logon script = %U.bat
   wins server = 192.168.4.1
   wins proxy = yes
   dns proxy = yes
  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u

I left out the Samba shares but I think any main configurations are present.

This machine is a rebuild and I didn't have this issue before.  The main
difference is that this server now has two external facing nics to two
different interent connections.  I don't think routing is the issue because
H3 can resolve H1's name correctly and display the web page.
Thanks for any help anyone can give me!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Re: smbclient failing: Server requested plaintext password...

[John Riesen]

John Riesen  sneakemail.com> writes:

> 
> I was using samba 3.0.35 and started using samba 3.2.13.
> 
> Now when I try to connect to my samba server (which has
> 'encrypted passwords = no') using smbclient, I get:
> 
> Server requested plaintext password but 'client plaintext auth' is disabled
> session setup failed: SUCCESS - 0


The bit of code that is complaining is:

if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
if (!lp_client_plaintext_auth() && (*pass)) {
DEBUG(1, ("Server requested plaintext password but "
  "'client plaintext auth' is disabled\n"));
return NT_STATUS_ACCESS_DENIED;

That's in source/libsmb/cliconnect.c

I haven't figured out yet why lp_client_plaintext_auth() is failing.
Hints welcome.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbclient failing: Server requested plaintext password...

[John Riesen]

I was using samba 3.0.35 and started using samba 3.2.13.

Now when I try to connect to my samba server (which has
'encrypted passwords = no') using smbclient, I get:

Server requested plaintext password but 'client plaintext auth' is disabled
session setup failed: SUCCESS - 0


I tried 'smbclient -s foo.conf //server/dir' where foo.conf has:

[global]
  client plaintext auth = yes


But the results are the same.

What changed from 3.0.x to 3.2.x that might cause this, and how do I
configure smbclient to enable plaintext auth?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] recognizing netbios name

[Robert T McQuaid]

July 6, 2009

Samba
samba@lists.samba.org

Subject:  recognizing netbios name 

I have a Fedora 10 Linux system connected through a
router to three windows computers (XP+XP+Vista).  The
Linux computer seems unable to present a netbios name to
the rest of the network.  The Linux computer can read
files from all of the Windows computers, but the windows
computers cannot see anything on the Linux system.

The following diagnoses have already been made:

I shut off the modem connecting to the internet, then
disabled all firewalls.  No improvement.

I looked in the router for its table of attached
devices.  It lists a device name for the windows
computers, a blank for the Linux computer.  The device
name is what windows puts after \\ on a remote file
name, and what Samba calls netbios name.

The only communication from a windows computer that
responds is ping 192.168.0.4 .  A ping with a netbios
name fails with the diagnostic:

A ping request could not find host Dell.
Please check the name and try again.

File /etc/samba/smb.conf (with most comments omitted)
looks like:


[global]
#--authconfig--start-line--

# Generated by authconfig on 2009/07/04 13:50:55
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future

   workgroup = GLORP
   security = user
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   winbind use default domain = false
   winbind offline logon = false

#--authconfig--end-line--

   server string = Samba Server Version %v
   netbios name = Dell
   hosts allow = 127. 192.168.0.1 192.168.0.2 192.168.0.3
  192.168.0.4 192.168.0.5

   log file = /var/log/samba/log.%m
   max log size = 50
   log level = 3

   passdb backend = tdbsam

   load printers = yes
   cups options = raw

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes




What does it take to get windows to recognize the Linux
system?

Robert T McQuaid
Mattawa Ontario Canada



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] permissions problems

[Jonathon Doran]

I am obviously confused about something, and feel like I am chasing  
ghosts.  Any help or clarification would be appreciated.


When a user logs in we get messages about corrupt recycle bins.   
Setting the logging to level 2 for that client, we have errors like:


open_directory:  unable to create user/Desktop.  Error was  
NT_STATUS_OBJECT_NAME_COLLISION.


OK, the folder already exists in the profile.  Why try to create it?

I can use smbclient and connect to the profile share as the user, and  
I have no trouble reading or writing files.  The root account can  
access the raw folders without any problem.  I expected that the  
existing profile would be read and used.  And it sort of is, since a  
folder on the desktop is preserved across sessions.


When I up the logging to 4, I see messages like

get_privileges: No privileges assigned to SID  
[S-1-5-21-1786355187-4025355074-2784741737-501]


Hmm.  That RID doesn't look correct.  This user is in two groups,  
Domain Users (513) and a local lab group (3011).  Slapcat does not  
show that SID, nor does "net groupmap list".  I looked this up, and it  
appears to be a guest account.  OK, maybe not a problem.  As you might  
be able to tell, the slightest thing sets me off.


The login continues with accesses using user nobody (uid=99,gid=99), and the
user is authenticated.

I saw this in the log:
[2009/07/06 16:33:33,  4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1613)
  ldapsam_getsampwsid: Unable to locate SID  
[S-1-5-21-1786355187-4025355074-2784741737-513] count=0

[2009/07/06 16:33:34,  2] passdb/pdb_ldap.c:init_group_from_ldap(2348)
  init_group_from_ldap: Entry found for group: 513

RID 513 is in the group map.  "getent group Domain\ Users" returns a  
bunch of names.  So maybe _this_ isn't an error either.


Then I see:
[2009/07/06 16:33:34,  3] lib/privileges.c:get_privileges(63)
  get_privileges: No privileges assigned to SID  
[S-1-5-21-1786355187-4025355074-2784741737-3110]

[2009/07/06 16:33:34,  3] lib/privileges.c:get_privileges(63)
  get_privileges: No privileges assigned to SID  
[S-1-5-21-1786355187-4025355074-2784741737-513]


(the two groups which this user should be a member).

A bit further down:
 ldapsam_getgroup: Did not find group, filter was  
(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))


That SID does not show up in the group map, and I have no idea where  
it comes from.  All of my SIDS seem to start with S-1-5-21.  So that  
looks bad.  But...


  init_group_from_ldap: Entry found for group: 1005

Well, that is good.  Group 1005 is the group with RID 3011, in case that was
confusing.  A VUID is registered later.  And a connection is
made to the profdata service (uid=1055, gid = 513).

The user's main group is 1005, but the user is not showing up in group  
513.  By that I mean that "getent group Domain\ Users" shows a list of  
users, but does not include this user.  Nor does "groups user".   
Sounds like a big problem.  But slapcat shows the user in the group,  
and LdapAdmin shows the user in the group.  /etc/nsswitch.conf has  
"group:  compat ldap". I have rebooted the system, and this problem  
persists.  Removing the user from "Domain Users" in LdapAdmin, and  
then readding them did nothing.  Although slapcat did reflect the  
removal.


I'm guessing that this is at the root of most of my problems.  Where  
in the world is getent getting its information, if not from LDAP?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: TOSHARG-DomainMember.xml translate finish and some bug found

[John H Terpstra - Samba Team]

Jelmer Vernooij wrote:
> Hi,
> 
> OPC oota wrote:
>> Now, TOSHARG-DomainMember.xml translate to Japanese finished.
>>
>> and Some bug found.
>>
>> 
>> Server Manager Account Machine Account Management
>>   ---Domain?
>> 
>> From the menu select Computer.
>> 
>>
>> When the user elects to make the client a domain member, Windows 
>> 200x prompts for
>> an account and password that has privileges to create  machine 
>> accounts in the domain.
>> A Samba administrator account (i.e., a Samba account that has 
>> root privileges on the
>> Samba server) must be entered here; the operation will fail if an 
>> ordinary user
>> account is given.
>>
>> ---> Can user who have SeMachineAccountPrivilege rights  join machine ?
>>   
> I'm not sure how this works in Samba 3 actually, hopefully somebody else
> knows.

Jelmer,

I already fixed this and added explanation regarding setting user the
SeMachineAccountPrivilege.

- John T.

>> 
>> ADS
>> SRV records
>> DNS zon
>> ---zone?
>>   
> Fixed.
>> Kerberos
>> Create the Computer Account
>> Testing Server Setup
>> 
>>-why null?
>>   
> Thanks, fixed.
>> If all you want is Kerberos support in &smbclient;, then you can skip 
>> directly to >
>>
>> kinit
>> rights
>> You need to log in to the domain using kinit
>> ---
>> login ?
>> 
>> USERNAME@REALM.
>> USERNAME must be a user who has rights to 
>> add a machine to the domain.
>> 
>>
>>   
> Similar to the previous chapter, I think "log in" is also valid.
> 
> Cheers,
> 
> Jelmer


-- 
John H Terpstra

"If at first you don't succeed, don't go sky-diving!"
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] can't access samba PDC after power cut

[Leonardo Carneiro]

hello guys,

after a power cut in this weekend, the filesystem of the machine running 
samba+ldap currupted. i did a fsck and every other services in the 
machine are running fine now, but i cannot access the samba shares and 
cannot join/log in the domain.
in the windows machines it just show a message "the network path is not 
found". i'll add my smb.conf


tks in advance
--

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarne...@veltrac.com.br 
http://www.veltrac.com.br 
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/



[global]
workgroup = DOMINIO
netbios name = DOMINIO
server string = Veltrac Samba Server
smb ports = 139
load printers = no
printing = bsd
disable spoolss = yes
log file = /var/log/samba/%m.log
max log size = 50
security = user
encrypt passwords = true
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 65
domain master = yes 
preferred master = yes
domain logons = yes
logon script = %U.bat
logon path =
name resolve order = wins bcast lmhosts
wins support = yes
dns proxy = no 

ldap passwd sync = yes
ldap delete dn = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=root,dc=dominio,dc=com,dc=br
ldap suffix = dc=dominio,dc=com,dc=br
ldap group suffix = ou=Grupos
ldap user suffix = ou=Usuarios
ldap machine suffix = ou=Computadores
ldap idmap suffix = ou=ldapidmapsuffix
idmap backend = ldap://127.0.0.1
   idmap uid = 1-2
   idmap gid = 1-2
enable privileges = yes
nt acl support = yes
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
dos charset = CP850
Unix charset = ISO8859-1
#veto files = /*.mp3/*.wmv/*.wma/*.avi/*.mpg/*.wav/
admin users = root
time server = yes
map acl inherit = Yes

[homes]
comment = Home Directories
browseable = no
writable = yes

[diretoria]
comment = Diretoria
path = /home/grupos/diretoria
writable = yes
create mask = 0777
force create mode = 0777
directory mask = 02777
force directory mode = 02777
valid users = @diretoria
inherit permissions = yes
map acl inherit = yes

[instalacao]
comment = Instalacao
path = /home/grupos/instalacao
writable = yes
create mask = 0777
force create mode = 0777
directory mask = 02777
force directory mode = 02777
valid users = @instalacao
inherit permissions = yes
map acl inherit = yes

[admfin]
comment = Administrativo/Financeiro
path = /home/grupos/admfin
writable = yes
create mask = 0777
force create mode = 0777
directory mask = 02777
force directory mode = 02777
valid users = @admfin
inherit permissions = yes
map acl inherit = yes

[atendimento]
comment = Atendimento
path = /home/grupos/atendimento
writable = yes
create mask = 0777
force create mode = 0777
directory mask = 02777
force directory mode = 02777
valid users = @atendimento
inherit permissions = yes
map acl inherit = yes

[industrial]
writeable = yes
path = /home/grupos/industrial
force directory mode = 02777
force create mode = 0777
create mask = 0777
comment = Industrial
directory mask = 02777
valid users = @industrial
inherit permissions = yes
map acl inherit = yes

[comercial]
comment = Comercial
path = /home/grupos/comercial
writable = yes
create mask = 0777
force create mode = 0777
directory mask = 02777
force directory mode = 02777
valid users = @comercial
inherit permissions = yes
map acl inherit = yes


[importacao]
writeable = yes
map acl inherit = yes
inherit permissions = yes
path = /home/grupos/importacao
force directory mode = 02777
force create mode = 0777
create mask = 0777
directory mask = 02777
valid users = @importacao

[infra]
writeable = yes
map acl inherit = yes
inherit permissions = yes
path = /home/g

[Samba] Re: TOSHARG-DomainMember.xml translate finish and some bug found

[Jelmer Vernooij]

Hi,

OPC oota wrote:
> Now, TOSHARG-DomainMember.xml translate to Japanese finished.
>
> and Some bug found.
>
> 
> Server Manager Account Machine Account Management
>   ---Domain?
> 
> From the menu select Computer.
> 
>
> When the user elects to make the client a domain member, Windows 200x 
> prompts for
> an account and password that has privileges to create  machine 
> accounts in the domain.
> A Samba administrator account (i.e., a Samba account that has 
> root privileges on the
> Samba server) must be entered here; the operation will fail if an 
> ordinary user
> account is given.
>
> ---> Can user who have SeMachineAccountPrivilege rights  join machine ?
>   
I'm not sure how this works in Samba 3 actually, hopefully somebody else
knows.
> 
> ADS
> SRV records
> DNS zon
> ---zone?
>   
Fixed.
> Kerberos
> Create the Computer Account
> Testing Server Setup
> 
>-why null?
>   
Thanks, fixed.
> If all you want is Kerberos support in &smbclient;, then you can skip 
> directly to 
>
> kinit
> rights
> You need to log in to the domain using kinit
> ---
> login ?
> 
> USERNAME@REALM.
> USERNAME must be a user who has rights to 
> add a machine to the domain.
> 
>
>   
Similar to the previous chapter, I think "log in" is also valid.

Cheers,

Jelmer
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] winbind pam error

[Linux Addict]

Please see below my pam file which uses winbind.
The problem is when a wrong password entered, the system uses the same wrong
password next three times and exits , and does not prompt for password
again.

Any hint is appreciated.

authrequired  pam_env.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid >= 500 quiet
authsufficientpam_winbind.so cached_login use_first_pass
authrequired  pam_deny.so

account required  pam_access.so
account required  pam_unix.so broken_shadow
account sufficientpam_localuser.so
account sufficientpam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
cached_login
account required  pam_permit.so

passwordrequisite pam_cracklib.so try_first_pass retry=3
passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass
use_authtok
passwordsufficientpam_winbind.so cached_login use_authtok
passwordrequired  pam_deny.so

session optional  pam_mkhomedir.so skel=/etc/skel/
session required  pam_limits.so
session required  pam_unix.so
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba and file access latency

[John Goubeaux]

I've recently migrated a handful of shares from Samba ver 2.28  to 
ver 3.3.4 w/ LDAP backend. Both cases are stand alone samba servers.


So all is working well and I have managed to iron out some of the 
kinks, however now my users are complaining about excel files ( on 
the shares) taking too long to open as well as to save.


I did some tests to get some numbers to deal with and in fact see 
that there is a longer latency in opening as well as writing back to 
excel files eg  11sec for a large 7mb .xls file as opposed to 3 sec 
for the same file on the old samba server. I do not however, see a 
big difference with a large 6mb jpeg file opening on the two samba 
servers which leads me to believe that excel has more overhead etc. 
Mind you all things being the same as far as the clients used, 
network only the samba file server versions are on two different 
solaris servers. The new 3.3.4 server is on substantially newer 
hardware as well as faster storage.


I realize this might seem like a trivial matter but I at least wanted 
to see if this longer time is expected. I am suspecting that b/c the 
new server IS enforcing encryption ( where the older one was not) 
that the time increase could be attributed to this fact?


Thanks for any ideas that might help me get a few cranky users off my back !

-john
--
John Goubeaux
Systems Administrator
Gevirtz Graduate School of Education
UC Santa Barbara
Phelps Hall 3534
805 893-8190
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Word and Excel files are read-only when opening

[Mister Olli]

Hi,


I had the same issue with samba 3.0.28 on freebsd with exact the same MS
office applications.

after testing around, I found setting 'nt acl support = no' in the
'[global]' section to fix the problem.

Hope that helps for you too.

Regards,
---
Mr. Olli



On Mon, 2009-07-06 at 15:01 +0200, Frank Bonnet wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Hello
> 
> I am running 3.2.11
> 
> 
> Yannick Bergeron wrote:
> > Hello Frank,
> > 
> > I had similar issues with samba-3.0.25 but not anymore with 3.3.0
> > 
> > what version are you using?
> > 
> > Regards,
> > 
> > Yannick Bergeron
> > 
> > 
> > 
> > Frank Bonnet 
> > f.bonnet at esiee.fr
> >
> > 
> > Thu Jul  2 11:30:42 GMT 2009
> > < Hello
> > < 
> > < Since we started our new Samba + LDAP backend server yesterday
> > < some (not all) PC we have a problem with Word and Excel files
> > < that are marked "read-only" when users are trying to open
> > < them from their Samba network shares.
> > < 
> > < This happen ONLY for *.doc and *.xls files , if we open
> > < and save a *.html file with Word it works ...
> > < 
> > < Any info/help greatly appreciated.
> > < 
> > < Thank you
> > 
> > 
> > _
> > Windows Live helps you keep up with all your friends, in one place.
> > http://go.microsoft.com/?linkid=9660826
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.11 (FreeBSD)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkpR9bAACgkQ6f7UMO5oSsUPQQCfamsKMOt8trDZilj9spz8SdMZ
> LAkAnjkwfjdeUF+flYhRSNjN18zIQ8Xp
> =Hbkb
> -END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Word and Excel files are read-only when opening

[Robert LeBlanc]

I have not been able to resolve this problem, but I need to have default
ACLs, so, I've croned a script to "fix" the permissions. I run this every 15
minutes and usually people don't notice it. When they call me, I ask them to
wait until after the script runs again. I would really like to see Office
fixed for this issue. Another weird thing is that it seems that for us,
after the second person edits the file and saves it, the problem really
doesn't show up again, at least in our testing.

Here is my scripts:
# fixfiles.sh
#! /bin/bash

/root/filecheck.sh | awk '{ print "\42"$0"\42" }' | xargs --no-run-if-empty
chmod -v u+w


# filecheck.sh
#! /bin/bash

/usr/bin/find /ls/groups/ -perm -u+r ! -perm /u+w -printf "%p\n"

It is pretty quick on our files system and only changes the files that are
wrong.


Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University


On Mon, Jul 6, 2009 at 7:10 AM, Frank Bonnet  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello
>
> Well I have checked I there is no default ACL on the considered files
>
>
>
> d...@briannassaladdressing.com wrote:
> > Frank,
> >
> > Another thing worth checking is default acl's.  If default acl's exist,
> they can override the posix permissions.  Run getfacl on the directory/file
> in question to see if there are any listings with "default" in them.
> >
> > The setting of default acl's has caused word/excel/access read-only
> problems for me more than once.
> >
> > Dale
> >
> > -Original message-
> > From: Frank Bonnet f.bon...@esiee.fr
> > Date: Fri, 03 Jul 2009 08:04:54 -0500
> > To: John Drescher dresche...@gmail.com
> > Subject: Re: [Samba] Word and Excel files are read-only when opening
> >
> > John Drescher wrote:
> > Since we started our new Samba + LDAP backend server yesterday
> > some (not all) PC we have a problem with Word and Excel files
> > that are marked "read-only" when users are trying to open
> > them from their Samba network shares.
> >
> > This happen ONLY for *.doc and *.xls files , if we open
> > and save a *.html file with Word it works ...
> >
> > Any info/help greatly appreciated.
> >
> > Thank you
> >
>  This probably is due to the fact that when Office saves a file it
>  creates a new file it creates a temp file then deletes the old file
>  then renames the temp file to the same name as the old file and in
>  this case the os magically sets the permissions of the renamed temp
>  file to what the old file had. The problem is that Linux does not have
>  this weird filesystem behavior built in so you have to emulate this
>  with samba. I believe some versons of samba required a create mask of
>  2777 to get this to work. BTW, this is discussed many times in the
>  archives.
> 
>  John
> > Hello John
> >
> > I've tried but it did not work for me .
> >
> > Frank
> >
> - --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.11 (FreeBSD)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkpR9+EACgkQ6f7UMO5oSsUE/gCdEK3qJs2ELkwqD3EAiR/a2kfn
> H0AAnA+3YVAFjY4zQUIHaN1c1HDLsecd
> =wKVV
> -END PGP SIGNATURE-
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -)

[Glenn T. Arnold]

Well, I did read the fine documentation and the documentation for this current 
situation it was no help. The reason I am using the registry for the smb.conf 
is memory savings, instance changes of smb.conf going into effect, and maybe 
future clustering. Also, I will state if using the samba registry method is not 
the proper way of doing things then why would the Samba developers add this 
feature into Samba? ;-) The reason I set the share with the current rights, is 
to troubleshoot the problem and prove that my file rights were correct. When I 
setup the print$ share "the proper way" it is still read-only even though I had 
writelist in effect. I currently have 1200 pc connect to a samba-ldap servers 
with the proper setup with no problems. I will investigate the app armor 
settings 

Thanks 
-Glenn 

- Original Message - 
From: "Harry Jede"  
To: samba@lists.samba.org 
Sent: Friday, July 3, 2009 3:22:19 PM GMT -05:00 US/Canada Eastern 
Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even 
though I do; -) 

On Thursday, 2. Juli 2009 wrote Glenn T. Arnold: 
> I just made my print$ share settings to match my print drivers share 
> which should work same 
This is what you believe. 

> and I still cannot create folders or files on 
> the print$ share, but I can all day on the print drivers share. Would 
> someone explain why this is happening? Here is my share settings. 
> 
> [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\print$] 
> "path"="/var/lib/samba/printers" 
> "comment"="Printer Drivers" 
> "read only"="no" 
> 
> 
> [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\printer drivers] 
> "path"="/var/lib/samba/printers" 
> "read only"="no" 
Why are you doing this? 

I think you should reread the excellent Samba docu again. 

> Thanks 
> -Glenn 
> 
> - Original Message - 
> From: "Glenn T. Arnold"  
> To: "samba"  
> Sent: Thursday, July 2, 2009 3:29:29 PM GMT -05:00 US/Canada Eastern 
> Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights 
> even though I do;-) 
> 
> Harry, 
> 
> You did give me an idea though. For grins I just set rights to 0777 
> even on the extended acls and I still get access denied when trying 
> to upload print drivers. Here is the updated rights on 
> /var/lib/samba/printers. 
You make your own changes. That's really fine. 


-- 

Gruss 
Harry Jede 
-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Slow connection and browsing

[Charles Marcus]

On 7/6/2009 9:43 AM, Matthew Daubenspeck wrote:
>>> Now, if I remove the Novell client completely, things work _perfectly_.
>>> I can browse and connect, disconnect, reconnect, the works, all at
>>> normal speed.

>> A shot in the dark, but there was a bug reported on the NOD32 forums
>> dealing specificalyy with Novell Clients...
>>
>> So, maybe this is an AV issue?

> I have no AntiVirus software on the client PCs

Like I said, it was a shot in the dark... sorry, no other ideas...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Slow connection and browsing

[Matthew Daubenspeck]

On Fri, Jul 03, 2009 at 07:41:12AM -0400, Charles Marcus wrote:
> > Now, if I remove the Novell client completely, things work _perfectly_.
> > I can browse and connect, disconnect, reconnect, the works, all at
> > normal speed.
> 
> A shot in the dark, but there was a bug reported on the NOD32 forums
> dealing specificalyy with Novell Clients...
> 
> So, maybe this is an AV issue?

I have no AntiVirus software on the client PCs
-- 
  Matthew Daubenspeck
  http://oddprocess.org

Gentoo Linux i686 Intel(R) Xeon(R) CPU L5420 @ 2.50GHz
09:42:53 up 39 days, 19:36, 5 users, load average: 0.15, 0.08, 0.01
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Word and Excel files are read-only when opening

[Frank Bonnet]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello

Well I have checked I there is no default ACL on the considered files



d...@briannassaladdressing.com wrote:
> Frank,
> 
> Another thing worth checking is default acl's.  If default acl's exist, they 
> can override the posix permissions.  Run getfacl on the directory/file in 
> question to see if there are any listings with "default" in them.
> 
> The setting of default acl's has caused word/excel/access read-only problems 
> for me more than once.
> 
> Dale
> 
> -Original message-
> From: Frank Bonnet f.bon...@esiee.fr
> Date: Fri, 03 Jul 2009 08:04:54 -0500
> To: John Drescher dresche...@gmail.com
> Subject: Re: [Samba] Word and Excel files are read-only when opening
> 
> John Drescher wrote:
> Since we started our new Samba + LDAP backend server yesterday
> some (not all) PC we have a problem with Word and Excel files
> that are marked "read-only" when users are trying to open
> them from their Samba network shares.
>
> This happen ONLY for *.doc and *.xls files , if we open
> and save a *.html file with Word it works ...
>
> Any info/help greatly appreciated.
>
> Thank you
>
 This probably is due to the fact that when Office saves a file it
 creates a new file it creates a temp file then deletes the old file
 then renames the temp file to the same name as the old file and in
 this case the os magically sets the permissions of the renamed temp
 file to what the old file had. The problem is that Linux does not have
 this weird filesystem behavior built in so you have to emulate this
 with samba. I believe some versons of samba required a create mask of
 2777 to get this to work. BTW, this is discussed many times in the
 archives.

 John
> Hello John
> 
> I've tried but it did not work for me .
> 
> Frank
> 
- --
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.11 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpR9+EACgkQ6f7UMO5oSsUE/gCdEK3qJs2ELkwqD3EAiR/a2kfn
H0AAnA+3YVAFjY4zQUIHaN1c1HDLsecd
=wKVV
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Word and Excel files are read-only when opening

[Frank Bonnet]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello

I am running 3.2.11


Yannick Bergeron wrote:
> Hello Frank,
> 
> I had similar issues with samba-3.0.25 but not anymore with 3.3.0
> 
> what version are you using?
> 
> Regards,
> 
> Yannick Bergeron
> 
> 
> 
> Frank Bonnet 
> f.bonnet at esiee.fr
>
> 
> Thu Jul  2 11:30:42 GMT 2009
> < Hello
> < 
> < Since we started our new Samba + LDAP backend server yesterday
> < some (not all) PC we have a problem with Word and Excel files
> < that are marked "read-only" when users are trying to open
> < them from their Samba network shares.
> < 
> < This happen ONLY for *.doc and *.xls files , if we open
> < and save a *.html file with Word it works ...
> < 
> < Any info/help greatly appreciated.
> < 
> < Thank you
> 
> 
> _
> Windows Live helps you keep up with all your friends, in one place.
> http://go.microsoft.com/?linkid=9660826

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.11 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpR9bAACgkQ6f7UMO5oSsUPQQCfamsKMOt8trDZilj9spz8SdMZ
LAkAnjkwfjdeUF+flYhRSNjN18zIQ8Xp
=Hbkb
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] issue while cross compile samba for mips.

[Grzegorz Heldt]

Hello !

I've made several trials to get samba 3.3.5 build for mipsel.
Probably i'm doing something wrong.

When try like this:


./configure --host=i686-linux --build=mipsel-linux-uclibc
--target=mipsel-linux-uclibc
configure script stop to execute with error while try to run compiler
tests. I belive (could you confirm that?) that it tries to run test
that were build for mipsel on i686:

checking GNU ld release version... 2.19
checking GNU ld release version major... 2
checking GNU ld release version minor... 19
checking whether mipsel-linux-uclibc-gcc and cc understand -c and -o
together... yes
checking that the C compiler understands -Werror... cross
checking that the C compiler understands -w2... cross
checking that the C compiler understands -errwarn... cross
checking that the C compiler understands volatile... yes
checking that the C compiler understands negative enum values...
configure: error: in `/home/user/samba-3.3.5/source':
configure: error: cannot run test program while cross compiling
See `config.log' for more details.

I've made several trials with several combinations of arguments.
Configure script will pass to the end successfully only when use:
./configure --target=mipsel-linux-uclibc
but actually, it still doesn't work like I like :-) because it
produces i686 binaries:

$./configure --target=mipsel-linux-uclibc
.
.

$make bin/smbclient  (another trial was: CC=mipsel-linux-uclibc-gcc
make bin/smbclient)


Linking shared library bin/libwbclient.so.0
Linking bin/smbclient

$file bin/smbclient
bin/smbclient: ELF 32-bit LSB shared object, Intel 80386, version 1
(SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15,
not stripped

Result is the same even if I've tried to run make like :
CC=mipsel-linux-uclibc-gcc make bin/smbclient


So the question is, how to perform build for mipsel correctly.
Thank you for any advices !

Best Regards
Greg.

-- 
Please consider the environment before printing this email.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] max. length of a username

[Helmut Hullen]

Hallo, Volker,

Du meintest am 06.07.09 zum Thema Re: [Samba] max. length of a username:

>> Just for clarification: "smbpasswd" and other samba programs have no
>> individual length limit?

> Not that I know of. We might still have a limit at 256
> somewhere, but if someone stumbles over that we'll fix it.

Thank you!

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] max. length of a username

[Volker Lendecke]

On Mon, Jul 06, 2009 at 07:59:00AM +0200, Helmut Hullen wrote:
> > It is possible to add that user to the tdbsam password backend using
> > "smbpasswd -a".  That account is valid within Samba (at least using
> > smbclient).
> 
> Just for clarification: "smbpasswd" and other samba programs have no  
> individual length limit?

Not that I know of. We might still have a limit at 256
somewhere, but if someone stumbles over that we'll fix it.

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] TOSHARG-DomainMember.xml translate finish and some bug found

[OPC oota]

Now, TOSHARG-DomainMember.xml translate to Japanese finished.

and Some bug found.


Server Manager Account Machine Account Management
  ---Domain?

From the menu select Computer.


When the user elects to make the client a domain member, Windows 200x 
prompts for
an account and password that has privileges to create  machine accounts 
in the domain.
A Samba administrator account (i.e., a Samba account that has 
root privileges on the
Samba server) must be entered here; the operation will fail if an 
ordinary user
account is given.

---> Can user who have SeMachineAccountPrivilege rights  join machine ?



ADS
SRV records
DNS zon
---zone?

KDC
_kerberos.REALM.NAME
Microsoft ADS automatically create SRV records in the DNS zone


Kerberos
Create the Computer Account
Testing Server Setup

   -why null?

If all you want is Kerberos support in &smbclient;, then you can skip directly 
to kinit
rights
You need to log in to the domain using kinit
---
login ?

USERNAME@REALM.
USERNAME must be a user who has rights to 
add a machine to the domain.



On a Windows 2000 client, try net use * \\server\share. 
You should
be logged in with Kerberos without needing to know a password. If this fails, 
then run

login ?
klist tickets. Did you get a ticket for the server? Does 
it have
an encryption type of DES-CBC-MD5?


On your Samba server try to log in to a Windows 2000 server or your Samba
--
login?
server using &smbclient; and Kerberos. Use &smbclient; as usual, but
specify the -k option to choose Kerberos authentication.





Notes

--
--- Oota Toshiya ---  t-oota at dh.jp.nec.com
NEC Computers Software Operations Unit  Shiba,Minato,Tokyo
Open Source Software Platform Development Division  Japan,Earth,Solar system
(samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba