Re: [Samba] samba 3.4.0: point'n'print does not work

[Blindauer Emmanuel]

Le mardi 28 juillet 2009 07:03:29, Ryan Suarez a écrit :
> Greetings,
>
> I upgraded my samba v3.2.4 to v3.4.0.
>
> Now point'n'print does not work.  I get the error 'Windows cannot
> connect to the printer. Operation could not be completed (error
> 0x06f7)' when I try to connect to any printer share from a vista
> 32bit client.

For me 3.4.0 has solved a lot of problem for click'and'print
The only "new" thing was that I needed a share named "prnproc$" which has the 
same definition than "print$". At least  can I upload all these drivers from HP 
which couldn't be added correctly before

Emmanuel
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba and Active Directory

[tsg]

Hi all.

We currently have WinXP users connecting to a RHEL4 samba share
authenticating to active directory. (the WinXP clients are NOT part of the
domain, and are out of our control). It all works fine.

We are now testing a CentOS5 samba share, with the sama domain controller as
before, but the WinXP users must login to the share as DOMAIN\username.  As
long as they prefix the login wth the domain, it works all ok.  But we'd
prefer for this not to happen.

I tried to use the same smb.conf/krb/nsswitch etc, but it seems a lot has
changed.

our RHEL4 runs samba-3.0.10-1.4E.11

our new CentOS5 runs samba-3.0.25c-1.2.el5

What changes do i need to get it working again?

 I'm a bit fuzzy on winbind.. but i did try
 winbind use default domain = Yes

So just to be sure, With samba 3.0.xx could users still authenticate to AD
WITHOUT prefixing the domain like we used to do on RHEL4?

Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba 3.4.0: point'n'print does not work

[Ryan Suarez]

Greetings,

I upgraded my samba v3.2.4 to v3.4.0.

Now point'n'print does not work.  I get the error 'Windows cannot 
connect to the printer. Operation could not be completed (error 
0x06f7)' when I try to connect to any printer share from a vista 
32bit client.


So I download v3.3.6 and install this over top.  point'n'print is 
working for me again with v3.3.6.


Any ideas with what's broken w/ v3.4.0?  I've been able to replicate the 
problem with a second samba print server.


regards,
Ryan



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Firewall rules to block other's computers browse list

[David Christensen]

John H Terpstra wrote:
> Please help us to understand why an Internet firewall should be a
> dedicated machine. There might be one or two people on this list who
> would disagree with this assertion.

I smell flame bait...  ;-)


Simply put, because an Internet firewall is providing a security
function and if there is a mistake, security suffers.  The more software
you put on any machine, the more opportunities there are for Murphy's
Law to operate.  Thus, IPCop, Smoothwall, and other router/ firewall
distributions are deliberately stripped-down to the bare essentials.
All included software is carefully selected and tested for security and
stability.  Furthermore, a good web UI makes it easy for the end-user/
administrator to configure the router/ firewall as desired without
having to worry about arcane packet filtering syntax, dependencies,
restarting services, etc.; thus reducing the likelihood of
mis-configuration.


I've done the Linux combination firewall/ router/ server in the past;
IPCop and a leftover machine is *so* much easier, and I sleep better at
night.  :-)


HTH,

David


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Firewall rules to block other's computers browse list

[John H Terpstra - Samba Team]

On 07/27/2009 06:39 PM, David Christensen wrote:
> MargoAndTodd wrote:
>> My Samba server/firewall has three (two real, one virtual) network
>> cards:
>> eth0.5: connects to a terminal server
>> eth0: internal network with about 10 XP workstations
>> eth1: the Internet
> 
> An Internet firewall should be a dedicated machine.  

Please help us to understand why an Internet firewall should be a
dedicated machine. There might be one or two people on this list who
would disagree with this assertion.

Cheers,
John T.

> I use IPCop:
> 
> http://www.ipcop.org/
> 
> IPCop has a reasonably simple installer, an excellent CGI interface,
> lots of features, and is light-weight -- I ran a Pentium 166 machine
> with 32 MB RAM, 4 GB HDD, and three 10/100 Mbps NIC's until recently.
> It could have used more RAM, but it worked.
> 
> 
> HTH,
> 
> David
> 
> 


-- 
John H Terpstra

"If at first you don't succeed, don't go sky-diving!"
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] wbinfo returns no domain users

[David Markey]

What is the domain controller, Samba, AD, or an NT domain?



On Mon, 27 Jul 2009 17:51:45 -0300, "Herbert G. Fischer"
 wrote:
> Hi,
> 
> I've spent two days trying to figure out how to solve this,  
> researching on the web, etc, and found no answer... :S
> 
> I've setup a Ubuntu 9.04 with Samba and Winbind, joined the domain  
> (using RPC) and when I try to list users and groups using wbinfo I got  
> nothing.
> 
> I already tryed deleting tdb files from /var/lib/samba and restarting  
> samba and winbind, joined the domain again, etc, and nothing changed  
> this behavior. Any idea on where may be the problem and how to solve it?
> 
> # wbinfo -t
> checking the trust secret via RPC calls succeeded
> 
> # wbinfo -u
> # wbinfo -g
> 
>  smb.conf 
> [global]
>  server string = %h
>  workgroup = WEB-NET
>  realm = web-net..com.br
>  domain master = no
>  password server = xm850..com.br
>  wins server = xm850..com.br
>  security = domain
>  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>  interfaces = eth0
>  bind interfaces only = yes
>  log level = 5
>  log file = /var/log/samba/log.%m
>  max log size = 1000
>  syslog = 0
>  # disable printers
>  load printers = no
>  printing = bsd
>  printcap name = /dev/null
>  disable spoolss = yes
>  encrypt passwords = true
>  idmap backend = tdb
>  idmap uid = 5-55000
>  idmap gid = 5-55000
>  template shell = /bin/bash
>  template homedir = /home/web-net/%U
>  winbind use default domain = yes
>  winbind separator = \\
>  winbind enum users = yes
>  winbind enum groups = yes
>  winbind cache time = 15
> 
> 
> === log.winbind 
> [2009/07/27 17:43:31,  3] winbindd/ 
> winbindd_misc.c:winbindd_interface_version(754)
>[12377]: request interface version
> [2009/07/27 17:43:31,  3] winbindd/ 
> winbindd_misc.c:winbindd_priv_pipe_dir(787)
>[12377]: request location of privileged pipe
> [2009/07/27 17:43:31,  2] winbindd/winbindd.c:remove_client(744)
>final write to client failed: Broken pipe
> [2009/07/27 17:43:31,  3] winbindd/ 
> winbindd_misc.c:winbindd_list_ent(127)
>[12377]: list users
> [2009/07/27 17:43:31,  5] winbindd/winbindd_misc.c:listent_recv(203)
>listent_recv: XM2012 returned no users.
> [2009/07/27 17:43:31,  5] winbindd/winbindd_misc.c:listent_recv(203)
>listent_recv: BUILTIN returned no users.
> [2009/07/27 17:43:31,  1] winbindd/winbindd_util.c:trustdom_recv(303)
>Could not receive trustdoms
> [2009/07/27 17:43:32,  5] winbindd/winbindd_async.c:listent_recv(465)
>list_ent() failed!
> [2009/07/27 17:43:32,  5] winbindd/winbindd_misc.c:listent_recv(203)
>listent_recv: WEB-NET returned no users.
> [2009/07/27 17:43:32,  2] winbindd/winbindd.c:remove_client(744)
>final write to client failed: Broken pipe
> ===
> best regards,
> 
> 
> 
> Herbert G. Fischer
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Firewall rules to block other's computers browse list

[David Christensen]

MargoAndTodd wrote:
> My Samba server/firewall has three (two real, one virtual) network
> cards:
> eth0.5: connects to a terminal server
> eth0: internal network with about 10 XP workstations
> eth1: the Internet

An Internet firewall should be a dedicated machine.  I use IPCop:

http://www.ipcop.org/

IPCop has a reasonably simple installer, an excellent CGI interface,
lots of features, and is light-weight -- I ran a Pentium 166 machine
with 32 MB RAM, 4 GB HDD, and three 10/100 Mbps NIC's until recently.
It could have used more RAM, but it worked.


HTH,

David


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Firewall rules to block other's computers browse list

[MargoAndTodd]

Hi All,

My Samba server/firewall has three (two real, one
virtual) network cards:

eth0.5: connects to a terminal server
eth0: internal network with about 10 XP workstations
eth1: the Internet

Samba is set to talk to only 12.0.0.1, eth0.5
and eth0.

I have my firewall iptables rules set so that
users on eth0.5 can only use the samba server
on my server.  They can not share with any other
user on eth0.  Tested and it works.  So far so good.

Problem: users on eth0.5 can still see eth0 workstations
on their browse list.  Even though they can not do
anything with them, I would still be nice if eth0.5
users could not see them at all.

I do believe the offending rules:

   VlanNic="eth0.5"
   Vlan_mask="24"
   Vlan_net="192.168.254.0/$Vlan_mask"
   Vlan_Broadcast=192.168.254.255

   $tbls -A Vlan-in   -i $VlanNic  -p udp  -s $Vlan_net -d \
   $Vlan_Broadcast --dport netbios-ns-j ACCEPT

   $tbls -A Vlan-in   -i $VlanNic  -p udp  -s $Vlan_net -d \
   $Vlan_Broadcast --dport netbios-dgm   -j ACCEPT

I have found that if I do not open up these two rules,
domain users on eth0.5 can not get past their user name and
password prompts.

How do I block eth0 workstations from eth0.5's browse list?

Many thanks,
-T
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] wbinfo returns no domain users

[Herbert G. Fischer]

Hi,

I've spent two days trying to figure out how to solve this,  
researching on the web, etc, and found no answer... :S


I've setup a Ubuntu 9.04 with Samba and Winbind, joined the domain  
(using RPC) and when I try to list users and groups using wbinfo I got  
nothing.


I already tryed deleting tdb files from /var/lib/samba and restarting  
samba and winbind, joined the domain again, etc, and nothing changed  
this behavior. Any idea on where may be the problem and how to solve it?


# wbinfo -t
checking the trust secret via RPC calls succeeded

# wbinfo -u
# wbinfo -g

 smb.conf 
[global]
server string = %h
workgroup = WEB-NET
realm = web-net..com.br
domain master = no
password server = xm850..com.br
wins server = xm850..com.br
security = domain
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0
bind interfaces only = yes
log level = 5
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
# disable printers
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
encrypt passwords = true
idmap backend = tdb
idmap uid = 5-55000
idmap gid = 5-55000
template shell = /bin/bash
template homedir = /home/web-net/%U
winbind use default domain = yes
winbind separator = \\
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 15


=== log.winbind 
[2009/07/27 17:43:31,  3] winbindd/ 
winbindd_misc.c:winbindd_interface_version(754)

  [12377]: request interface version
[2009/07/27 17:43:31,  3] winbindd/ 
winbindd_misc.c:winbindd_priv_pipe_dir(787)

  [12377]: request location of privileged pipe
[2009/07/27 17:43:31,  2] winbindd/winbindd.c:remove_client(744)
  final write to client failed: Broken pipe
[2009/07/27 17:43:31,  3] winbindd/ 
winbindd_misc.c:winbindd_list_ent(127)

  [12377]: list users
[2009/07/27 17:43:31,  5] winbindd/winbindd_misc.c:listent_recv(203)
  listent_recv: XM2012 returned no users.
[2009/07/27 17:43:31,  5] winbindd/winbindd_misc.c:listent_recv(203)
  listent_recv: BUILTIN returned no users.
[2009/07/27 17:43:31,  1] winbindd/winbindd_util.c:trustdom_recv(303)
  Could not receive trustdoms
[2009/07/27 17:43:32,  5] winbindd/winbindd_async.c:listent_recv(465)
  list_ent() failed!
[2009/07/27 17:43:32,  5] winbindd/winbindd_misc.c:listent_recv(203)
  listent_recv: WEB-NET returned no users.
[2009/07/27 17:43:32,  2] winbindd/winbindd.c:remove_client(744)
  final write to client failed: Broken pipe
===
best regards,



Herbert G. Fischer
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] 3.2.11 not compiling on solaris 9 (libtalloc.so.1 error)

[Jonathon Doran]

Quoting "Hambleton, Tom" :

I am consistently getting "libtalloc.so.1: No such file or   
directory" when attempting to 'make' any version of samba.


I've tried all of the suggestions from the list archives on this subject.


Using Solaris 9 sparc.
Current versions are:
gcc 3.4.6 (sunfreeware pkg)
samba-3.2.11 (and any other version of samba I try)
Admittedly - compiling from source is not something I do very often.

My 'configure' options:
 $ ./configure --prefix=/opt/sambatest CFLAGS=-I/opt/local/include   
CPPFLAGS=-I/opt/local/inlcude LDFLAGS=-L/opt/local/lib


It completes successfully, except I get many similar messages to:

configure:3925: checking how to run the C preprocessor
configure:3965: gcc -E -I/opt/local/inlcude conftest.c
configure:3972: $? = 0
configure:4003: gcc -E -I/opt/local/inlcude conftest.c
conftest.c:9:28: ac_nonexistent.h: No such file or directory
configure:4010: $? = 1
configure: failed program was:
| /* confdefs.h.  */


You have 'include' spelled wrong.  Since configure didn't get to do its
job, the rest of the errors are probably expected.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] 3.2.11 not compiling on solaris 9 (libtalloc.so.1 error)

[Hambleton, Tom]

I am consistently getting "libtalloc.so.1: No such file or directory" when 
attempting to 'make' any version of samba.

I've tried all of the suggestions from the list archives on this subject.


Using Solaris 9 sparc.
Current versions are:
gcc 3.4.6 (sunfreeware pkg)
samba-3.2.11 (and any other version of samba I try)
Admittedly - compiling from source is not something I do very often.

My 'configure' options:
 $ ./configure --prefix=/opt/sambatest CFLAGS=-I/opt/local/include 
CPPFLAGS=-I/opt/local/inlcude LDFLAGS=-L/opt/local/lib

It completes successfully, except I get many similar messages to:

configure:3925: checking how to run the C preprocessor
configure:3965: gcc -E -I/opt/local/inlcude conftest.c
configure:3972: $? = 0
configure:4003: gcc -E -I/opt/local/inlcude conftest.c
conftest.c:9:28: ac_nonexistent.h: No such file or directory
configure:4010: $? = 1
configure: failed program was:
| /* confdefs.h.  */


'make' fails with:

creating /temp/samba-3.2.11/source/exports/libtalloc.syms
Linking shared library bin/libtalloc.so.1
/usr/local/lib/gcc/sparc-sun-solaris2.9/3.4.6/../../../../sparc-sun-solaris2.9/bin/ld:
 cannot open linker script file 
/temp/samba-.2.11/source/exports/libtalloc.so.1: No such file or directory
collect2: ld returned 1 exit status
make: *** [bin/libtalloc.so.1] Error 1



Thanks in advance for any guidance,
Tom


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] No responses, not a one?

[Wikked one]

OK Guys,thank you for all the responses.
I'm going to grab the rpms and attempt an install so it may be a while before I
follow up.
Thanks

> Date: Mon, 27 Jul 2009 22:00:55 +0200
> From: ob...@samba.org
> To: j...@samba.org
> CC: wikk...@hotmail.com; samba@lists.samba.org
> Subject: Re: [Samba] No responses, not a one?
> 
> John H Terpstra - Samba Team wrote:
> > On 07/27/2009 01:41 PM, Wikked one wrote:
> > > 
> > > 
> > > Hi Guys,
> > >  I would love to update to the latest version ,nothing would make 
> > > me happier in fact.
> > > However each time I've made an attempt to build samba without an RPM I've 
> > > been led
> > > down the rabbit hole of dependencies ,so I've "learned" to use the 
> > > version that 
> > > comes with the operating system. I did a yum update on Samba which 
> > > brought me up to
> > > the versions I've posted.
> > > As far as error go this is the message when I make an attempt
> > > to access another samba share with the machine in question.
> > 
> > Suggest you update to the RPMS provided by SerNet for your OS.  They are
> > usually current and correctly built.
> 
> John,
> 
> thanks for the hint!
> 
> Wikked: it usually enhances chances of getting replies here to use a
> real name instead of a "title" (like "wikked one"...). :-)
> 
> The packages John is referring to can be found here:
> http://ftp.sernet.de/pub/samba/
> 
> Currently we have the 3.3 ones under "recent" and the 3.4 ones
> under experimental. The experimental/recent/tested-structure still
> stems from the time where there was only 3.0.X and is likely to
> change in the near future. So all these are packages of released
> "stable" versions of Samba. You'll find binary packages for various
> versions of RPM- and deb-based distributions as well as source
> packages.
> 
> Cheers - Michael
> 
> > 
> > - John T.
> > > 
> > > [2009/07/27 14:20:01, 0] 
> > > passdb/passdb.c:pdb_increment_bad_password_count(1477)
> > >   
> > > pdb_increment_bad_password_count: pdb_get_account_policy failed.
> > >
> > >>>I’ve
> > >>> got a Samba NT4 domain with multiple samba member servers serving files 
> > >>> using
> > >>> domain security. Current member servers are all running CentOS 4.7 with 
> > >>> 3.0.28-0.el4.9
> > >>> I have no issues (except aging) with these systems.
> > >>>
> > >>> I’m upgrading a major file server with CentOS5.3 64 bit with
> > >>> Samba 3.0.33-3.7el5_3.1
> > >>>
> > >>> ,it’s all setup and configured but here’s a show stopper for
> > >>> implementation.
> > >>>
> > >>> When I attempt to access another Samba server with this
> > >>> version ,I am prompted for authentication,even though the machine has 
> > >>> full
> > >>> domain access.
> > >>>
> > >>> Additionally I have been mounting a domain member share on a
> > >>> non domain member server in order to back it up with a command in the
> > >>> /etc/fstab.
> > >>>
> > >>> This no longer works and even when I specify the
> > >>> administrator and password I have a wrong password error.
> > >>>
> > >>>
> > >>> Here’s the 3.0.28 config file
> > >>>
> > >>>  
> > >>>
> > >>> [global]
> > >>>
> > >>>  workgroup = workgroup
> > >>>
> > >>> netbios name = OldSystem
> > >>>
> > >>> passdb backend=ldapsam:ldap://System.MyGroup.com
> > >>>
> > >>> idmap backend = ldap://192.168.1.1
> > >>>
> > >>> security = domain
> > >>>
> > >>> encrypt passwords= yes
> > >>>
> > >>> ldap suffix=dc=MyGroup,dc=com
> > >>>
> > >>> ldap machine suffix = ou=Computers
> > >>>
> > >>> ldap user suffix =ou=Users
> > >>>
> > >>> ldap group suffix =ou=Groups
> > >>>
> > >>> ldap admin dn =cn=Manager,dc=MyGroup,dc=com
> > >>>
> > >>> ldap passwd sync=yes
> > >>>
> > >>> socket options = TCP_NODELAY SO_RCVBUF=8192
> > >>> SO_SNDBUF=8192
> > >>>
> > >>> os level = 20
> > >>>
> > >>> local master = no
> > >>>
> > >>> wins server =192.168.1.1
> > >>>
> > >>> log level= 5
> > >>>
> > >>> idmap uid = 16777216-33554431
> > >>>
> > >>> idmap gid = 16777216-33554431
> > >>>
> > >>> template shell = /bin/false
> > >>>
> > >>> winbind use default domain = no
> > >>>
> > >>>
> > >>>
> > >>> [SHARE]
> > >>>
> > >>> writeable = yes
> > >>>
> > >>> valid users = @"Domain Users"
> > >>>
> > >>> path = /usr/smb/share
> > >>>
> > >>> force directory mode = 777
> > >>>
> > >>> force create mode = 777
> > >>>
> > >>>  nt acl support =yes
> > >>>
> > >>>  
> > >>>
> > >>> And the 3.0.33 config file
> > >>>
> > >>>  
> > >>>
> > >>>  
> > >>> workgroup = workgroup
> > >>>
> > >>>security = domain
> > >>>
> > >>>idmap uid = 16777216-33554431
> > >>>
> > >>>idmap gid = 16777216-33554431
> > >>>
> > >>>template shell = /bin/false
> > >>>
> > >>>winbind use default domain = false
> > >>>
> > >>>winbind offline logon = false
> > >>>
> > >>> ldap user suffix = ou=Users
> > >>>
> > >>> socket options = TCP_NODELAY SO_RCVBUF=8192
> > >>> SO_

Re: [Samba] Samba using Server 2k3 DC for auth and ACL permissions

[Michael Adam]

Michael Heydon wrote:
> Blotto wrote:
> >only users listed in the smb.conf file for that share
> >have access regardless of the acl permissions set
> >  
> Maybe I'm not reading this right, but I think that is how it is supposed 
> to work.
> 
> When you define which users can access a share that is checked when they 
> attempt to connect, file system ACLs will only come in to play after the 
> user has been granted access to the share.

Precisely.

If a user can't pass the smb.conf/share level acls, then
specially file system acls have no effect for this user -
samba-wise.

Cheers - Michael

> >[Admin] 
> >path = /media/Shared/ 
> >read only = no 
> >create mode = 0700 
> >directory mode = 0700 
> >nt acl support = yes 
> >acl map full control = yes 
> >admin users = @MY+fileserveradmin 
> >valid users = @"MY+Domain Users" 
> >browseable = true 
> >  
> So are you trying to grant Fred (for example) access to the files, even 
> though he isn't a member of "MY\Domain Users" (probably a bad example 
> since all users are likely to be in that group)?
> 
> *Michael Heydon - IT Administrator *
> micha...@jaswin.com.au 



pgp8QitGzr66O.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] No responses, not a one?

[Michael Adam]

John H Terpstra - Samba Team wrote:
> On 07/27/2009 01:41 PM, Wikked one wrote:
> > 
> > 
> > Hi Guys,
> >  I would love to update to the latest version ,nothing would make 
> > me happier in fact.
> > However each time I've made an attempt to build samba without an RPM I've 
> > been led
> > down the rabbit hole of dependencies ,so I've "learned" to use the version 
> > that 
> > comes with the operating system. I did a yum update on Samba which brought 
> > me up to
> > the versions I've posted.
> > As far as error go this is the message when I make an attempt
> > to access another samba share with the machine in question.
> 
> Suggest you update to the RPMS provided by SerNet for your OS.  They are
> usually current and correctly built.

John,

thanks for the hint!

Wikked: it usually enhances chances of getting replies here to use a
real name instead of a "title" (like "wikked one"...). :-)

The packages John is referring to can be found here:
http://ftp.sernet.de/pub/samba/

Currently we have the 3.3 ones under "recent" and the 3.4 ones
under experimental. The experimental/recent/tested-structure still
stems from the time where there was only 3.0.X and is likely to
change in the near future. So all these are packages of released
"stable" versions of Samba. You'll find binary packages for various
versions of RPM- and deb-based distributions as well as source
packages.

Cheers - Michael

> 
> - John T.
> > 
> > [2009/07/27 14:20:01, 0] 
> > passdb/passdb.c:pdb_increment_bad_password_count(1477)
> >   
> > pdb_increment_bad_password_count: pdb_get_account_policy failed.
> >
> >>>I’ve
> >>> got a Samba NT4 domain with multiple samba member servers serving files 
> >>> using
> >>> domain security. Current member servers are all running CentOS 4.7 with 
> >>> 3.0.28-0.el4.9
> >>> I have no issues (except aging) with these systems.
> >>>
> >>> I’m upgrading a major file server with CentOS5.3 64 bit with
> >>> Samba 3.0.33-3.7el5_3.1
> >>>
> >>> ,it’s all setup and configured but here’s a show stopper for
> >>> implementation.
> >>>
> >>> When I attempt to access another Samba server with this
> >>> version ,I am prompted for authentication,even though the machine has full
> >>> domain access.
> >>>
> >>> Additionally I have been mounting a domain member share on a
> >>> non domain member server in order to back it up with a command in the
> >>> /etc/fstab.
> >>>
> >>> This no longer works and even when I specify the
> >>> administrator and password I have a wrong password error.
> >>>
> >>>
> >>> Here’s the 3.0.28 config file
> >>>
> >>>  
> >>>
> >>> [global]
> >>>
> >>>  workgroup = workgroup
> >>>
> >>> netbios name = OldSystem
> >>>
> >>> passdb backend=ldapsam:ldap://System.MyGroup.com
> >>>
> >>> idmap backend = ldap://192.168.1.1
> >>>
> >>> security = domain
> >>>
> >>> encrypt passwords= yes
> >>>
> >>> ldap suffix=dc=MyGroup,dc=com
> >>>
> >>> ldap machine suffix = ou=Computers
> >>>
> >>> ldap user suffix =ou=Users
> >>>
> >>> ldap group suffix =ou=Groups
> >>>
> >>> ldap admin dn =cn=Manager,dc=MyGroup,dc=com
> >>>
> >>> ldap passwd sync=yes
> >>>
> >>> socket options = TCP_NODELAY SO_RCVBUF=8192
> >>> SO_SNDBUF=8192
> >>>
> >>> os level = 20
> >>>
> >>> local master = no
> >>>
> >>> wins server =192.168.1.1
> >>>
> >>> log level= 5
> >>>
> >>> idmap uid = 16777216-33554431
> >>>
> >>> idmap gid = 16777216-33554431
> >>>
> >>> template shell = /bin/false
> >>>
> >>> winbind use default domain = no
> >>>
> >>>
> >>>
> >>> [SHARE]
> >>>
> >>> writeable = yes
> >>>
> >>> valid users = @"Domain Users"
> >>>
> >>> path = /usr/smb/share
> >>>
> >>> force directory mode = 777
> >>>
> >>> force create mode = 777
> >>>
> >>>  nt acl support =yes
> >>>
> >>>  
> >>>
> >>> And the 3.0.33 config file
> >>>
> >>>  
> >>>
> >>>  
> >>> workgroup = workgroup
> >>>
> >>>security = domain
> >>>
> >>>idmap uid = 16777216-33554431
> >>>
> >>>idmap gid = 16777216-33554431
> >>>
> >>>template shell = /bin/false
> >>>
> >>>winbind use default domain = false
> >>>
> >>>winbind offline logon = false
> >>>
> >>> ldap user suffix = ou=Users
> >>>
> >>> socket options = TCP_NODELAY SO_RCVBUF=8192
> >>> SO_SNDBUF=8192
> >>>
> >>> wins server = 192.168.1.1
> >>>
> >>> winbind trusted domains only = yes
> >>>
> >>> idmap backend = ldap://192.168.1.1
> >>>
> >>> encrypt passwords = yes
> >>>
> >>> passdb backend = ldapsam:ldap://System.MyGroup.com
> >>>
> >>> nt acl support = yes
> >>>
> >>> netbios name = NewSystem
> >>>
> >>> ldap machine suffix = ou=Computers
> >>>
> >>> ldap group suffix = ou=Groups
> >>>
> >>> ldap passwd sync = yes
> >>> ldap suffix = dc=MyGroup,dc=com
> >>>
> >>> local master = no
> >>>
> >>> winbind enum groups = no
> >>>
> >>> os level = 20
> >>>
> >>> ldap admin dn

Re: [Samba] No responses, not a one?

[John H Terpstra - Samba Team]

On 07/27/2009 01:41 PM, Wikked one wrote:
> 
> 
> Hi Guys,
>  I would love to update to the latest version ,nothing would make me 
> happier in fact.
> However each time I've made an attempt to build samba without an RPM I've 
> been led
> down the rabbit hole of dependencies ,so I've "learned" to use the version 
> that 
> comes with the operating system. I did a yum update on Samba which brought me 
> up to
> the versions I've posted.
> As far as error go this is the message when I make an attempt
> to access another samba share with the machine in question.

Suggest you update to the RPMS provided by SerNet for your OS.  They are
usually current and correctly built.

- John T.
> 
> [2009/07/27 14:20:01, 0] 
> passdb/passdb.c:pdb_increment_bad_password_count(1477)
>   
> pdb_increment_bad_password_count: pdb_get_account_policy failed.
>
>>>I’ve
>>> got a Samba NT4 domain with multiple samba member servers serving files 
>>> using
>>> domain security. Current member servers are all running CentOS 4.7 with 
>>> 3.0.28-0.el4.9
>>> I have no issues (except aging) with these systems.
>>>
>>> I’m upgrading a major file server with CentOS5.3 64 bit with
>>> Samba 3.0.33-3.7el5_3.1
>>>
>>> ,it’s all setup and configured but here’s a show stopper for
>>> implementation.
>>>
>>> When I attempt to access another Samba server with this
>>> version ,I am prompted for authentication,even though the machine has full
>>> domain access.
>>>
>>> Additionally I have been mounting a domain member share on a
>>> non domain member server in order to back it up with a command in the
>>> /etc/fstab.
>>>
>>> This no longer works and even when I specify the
>>> administrator and password I have a wrong password error.
>>>
>>>
>>> Here’s the 3.0.28 config file
>>>
>>>  
>>>
>>> [global]
>>>
>>>  workgroup = workgroup
>>>
>>> netbios name = OldSystem
>>>
>>> passdb backend=ldapsam:ldap://System.MyGroup.com
>>>
>>> idmap backend = ldap://192.168.1.1
>>>
>>> security = domain
>>>
>>> encrypt passwords= yes
>>>
>>> ldap suffix=dc=MyGroup,dc=com
>>>
>>> ldap machine suffix = ou=Computers
>>>
>>> ldap user suffix =ou=Users
>>>
>>> ldap group suffix =ou=Groups
>>>
>>> ldap admin dn =cn=Manager,dc=MyGroup,dc=com
>>>
>>> ldap passwd sync=yes
>>>
>>> socket options = TCP_NODELAY SO_RCVBUF=8192
>>> SO_SNDBUF=8192
>>>
>>> os level = 20
>>>
>>> local master = no
>>>
>>> wins server =192.168.1.1
>>>
>>> log level= 5
>>>
>>> idmap uid = 16777216-33554431
>>>
>>> idmap gid = 16777216-33554431
>>>
>>> template shell = /bin/false
>>>
>>> winbind use default domain = no
>>>
>>>
>>>
>>> [SHARE]
>>>
>>> writeable = yes
>>>
>>> valid users = @"Domain Users"
>>>
>>> path = /usr/smb/share
>>>
>>> force directory mode = 777
>>>
>>> force create mode = 777
>>>
>>>  nt acl support =yes
>>>
>>>  
>>>
>>> And the 3.0.33 config file
>>>
>>>  
>>>
>>>  
>>> workgroup = workgroup
>>>
>>>security = domain
>>>
>>>idmap uid = 16777216-33554431
>>>
>>>idmap gid = 16777216-33554431
>>>
>>>template shell = /bin/false
>>>
>>>winbind use default domain = false
>>>
>>>winbind offline logon = false
>>>
>>> ldap user suffix = ou=Users
>>>
>>> socket options = TCP_NODELAY SO_RCVBUF=8192
>>> SO_SNDBUF=8192
>>>
>>> wins server = 192.168.1.1
>>>
>>> winbind trusted domains only = yes
>>>
>>> idmap backend = ldap://192.168.1.1
>>>
>>> encrypt passwords = yes
>>>
>>> passdb backend = ldapsam:ldap://System.MyGroup.com
>>>
>>> nt acl support = yes
>>>
>>> netbios name = NewSystem
>>>
>>> ldap machine suffix = ou=Computers
>>>
>>> ldap group suffix = ou=Groups
>>>
>>> ldap passwd sync = yes
>>> ldap suffix = dc=MyGroup,dc=com
>>>
>>> local master = no
>>>
>>> winbind enum groups = no
>>>
>>> os level = 20
>>>
>>> ldap admin dn = cn=Manager,dc=MyGroup,dc=com
>>>
>>> log level = 5
>>>
>>>
>>>
>>> [NEWSHARE]
>>>
>>> nt acl support = yes
>>>
>>> guest account = administrator
>>>
>>> writeable = yes
>>>
>>> path = /raid/smb/newshare
>>>
>>> force directory mode = 777
>>>
>>> force create mode = 777
>>>
>>> valid users = @"Domain Users"
>>>
>>>  
>>>
>>> Any help?
>>>
>>>  
>>>
>>> Thanks!
>>>
>>>  
>>>
>>>  
>>>
>>>
>>> _
>>> Bing™ brings you maps, menus, and reviews organized in one place. Try it 
>>> now.
>>> http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TXT_MLOGEN_Local_Local_Restaurants_1x1
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>> _
>> Bing™ brings you maps, menus, and reviews organized in one place. Try it now.
>> http://www.bing.com/search?q=restaurants&for

Re: [Samba] No responses, not a one?

[Wikked one]

Hi Guys,
 I would love to update to the latest version ,nothing would make me 
happier in fact.
However each time I've made an attempt to build samba without an RPM I've been 
led
down the rabbit hole of dependencies ,so I've "learned" to use the version that 
comes with the operating system. I did a yum update on Samba which brought me 
up to
the versions I've posted.
As far as error go this is the message when I make an attempt
to access another samba share with the machine in question.

[2009/07/27 14:20:01, 0] 
passdb/passdb.c:pdb_increment_bad_password_count(1477)
  
pdb_increment_bad_password_count: pdb_get_account_policy failed.





> >I’ve
> > got a Samba NT4 domain with multiple samba member servers serving files 
> > using
> > domain security. Current member servers are all running CentOS 4.7 with 
> > 3.0.28-0.el4.9
> > I have no issues (except aging) with these systems.
> > 
> > I’m upgrading a major file server with CentOS5.3 64 bit with
> > Samba 3.0.33-3.7el5_3.1
> > 
> > ,it’s all setup and configured but here’s a show stopper for
> > implementation.
> > 
> > When I attempt to access another Samba server with this
> > version ,I am prompted for authentication,even though the machine has full
> > domain access.
> > 
> > Additionally I have been mounting a domain member share on a
> > non domain member server in order to back it up with a command in the
> > /etc/fstab.
> > 
> > This no longer works and even when I specify the
> > administrator and password I have a wrong password error.
> > 
> > 
> > Here’s the 3.0.28 config file
> > 
> >  
> > 
> > [global]
> > 
> >  workgroup = workgroup
> > 
> > netbios name = OldSystem
> > 
> > passdb backend=ldapsam:ldap://System.MyGroup.com
> > 
> > idmap backend = ldap://192.168.1.1
> > 
> > security = domain
> > 
> > encrypt passwords= yes
> > 
> > ldap suffix=dc=MyGroup,dc=com
> > 
> > ldap machine suffix = ou=Computers
> > 
> > ldap user suffix =ou=Users
> > 
> > ldap group suffix =ou=Groups
> > 
> > ldap admin dn =cn=Manager,dc=MyGroup,dc=com
> > 
> > ldap passwd sync=yes
> > 
> > socket options = TCP_NODELAY SO_RCVBUF=8192
> > SO_SNDBUF=8192
> > 
> > os level = 20
> > 
> > local master = no
> > 
> > wins server =192.168.1.1
> > 
> > log level= 5
> > 
> > idmap uid = 16777216-33554431
> > 
> > idmap gid = 16777216-33554431
> > 
> > template shell = /bin/false
> > 
> > winbind use default domain = no
> > 
> >
> > 
> > [SHARE]
> > 
> > writeable = yes
> > 
> > valid users = @"Domain Users"
> > 
> > path = /usr/smb/share
> > 
> > force directory mode = 777
> > 
> > force create mode = 777
> > 
> >  nt acl support =yes
> > 
> >  
> > 
> > And the 3.0.33 config file
> > 
> >  
> > 
> >  
> > workgroup = workgroup
> > 
> >security = domain
> > 
> >idmap uid = 16777216-33554431
> > 
> >idmap gid = 16777216-33554431
> > 
> >template shell = /bin/false
> > 
> >winbind use default domain = false
> > 
> >winbind offline logon = false
> > 
> > ldap user suffix = ou=Users
> > 
> > socket options = TCP_NODELAY SO_RCVBUF=8192
> > SO_SNDBUF=8192
> > 
> > wins server = 192.168.1.1
> > 
> > winbind trusted domains only = yes
> > 
> > idmap backend = ldap://192.168.1.1
> > 
> > encrypt passwords = yes
> > 
> > passdb backend = ldapsam:ldap://System.MyGroup.com
> > 
> > nt acl support = yes
> > 
> > netbios name = NewSystem
> > 
> > ldap machine suffix = ou=Computers
> > 
> > ldap group suffix = ou=Groups
> > 
> > ldap passwd sync = yes
> > ldap suffix = dc=MyGroup,dc=com
> > 
> > local master = no
> > 
> > winbind enum groups = no
> > 
> > os level = 20
> > 
> > ldap admin dn = cn=Manager,dc=MyGroup,dc=com
> > 
> > log level = 5
> > 
> > 
> > 
> > [NEWSHARE]
> > 
> > nt acl support = yes
> > 
> > guest account = administrator
> > 
> > writeable = yes
> > 
> > path = /raid/smb/newshare
> > 
> > force directory mode = 777
> > 
> > force create mode = 777
> > 
> > valid users = @"Domain Users"
> > 
> >  
> > 
> > Any help?
> > 
> >  
> > 
> > Thanks!
> > 
> >  
> > 
> >  
> > 
> > 
> > _
> > Bing™ brings you maps, menus, and reviews organized in one place. Try it 
> > now.
> > http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TXT_MLOGEN_Local_Local_Restaurants_1x1
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> _
> Bing™ brings you maps, menus, and reviews organized in one place. Try it now.
> http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TXT_MLOGEN_Local_Local_Restaurants_1x1
> -- 
> To unsubscribe from this list go to the follow

Re: [Samba] No responses, not a one?

[Jeremy Allison]

On Mon, Jul 27, 2009 at 11:09:59AM -0500, Jonathon Doran wrote:
> Quoting John Drescher :
>
>> One thing you can do to try to generate help is to try to debug the
>> problem yourself. I mean do your logs show anything suspicious when
>> the failure occurs? If so post that output. Also if you could update
>> your samba to the current version (3.0.35) and test that.
>
> Isn't 3.4 the current version?  Or is that prerelease?

No, you're correct. 3.4.0 is the current latest version.
Any 3.0.x release is not only old, it's out of maintanence.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] No responses, not a one?

[John Drescher]

On Mon, Jul 27, 2009 at 12:09 PM, Jonathon Doran wrote:
> Quoting John Drescher :
>
>> One thing you can do to try to generate help is to try to debug the
>> problem yourself. I mean do your logs show anything suspicious when
>> the failure occurs? If so post that output. Also if you could update
>> your samba to the current version (3.0.35) and test that.
>
> Isn't 3.4 the current version?  Or is that prerelease?

Yes 3.4 is the current release but if you are still on a 3.0.X release
(a lot of us are) the latest bugfix release of that series is 3.0.35.
I run 3.0.35 on all of my servers.

-- 
John M. Drescher
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] No responses, not a one?

[Jonathon Doran]

Quoting John Drescher :


One thing you can do to try to generate help is to try to debug the
problem yourself. I mean do your logs show anything suspicious when
the failure occurs? If so post that output. Also if you could update
your samba to the current version (3.0.35) and test that.


Isn't 3.4 the current version?  Or is that prerelease?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Share access problem from 3.4.0 (solved)

[William Jojo]

Arendt, Volker wrote:


Hi Bill,

please let me know when your AMP bundle is done and you have the 3.4.0 
ctdb-samba version packaged. Then we could go to work and find out how 
a "best practice" for setting up a clustered samba on AIX needs to 
look like. :-)




Ok, perhaps we could add/supplement to these docs?

http://pware.hvcc.edu/AIX-Samba.pdf

These also need to be updated to include some additional backends that 
have been released since 3.2. But everything listed there works very nicely.



Cheers,
Bill



regards

Volker


-Ursprüngliche Nachricht-
Von: William Jojo [mailto:w.j...@hvcc.edu]
Gesendet: Mo 27.07.2009 17:26
An: Arendt, Volker
Cc: volker.lende...@sernet.de; samba@lists.samba.org
Betreff: Re: AW: [Samba] Share access problem from 3.4.0 (solved)

Arendt, Volker wrote:
>
> Hi all,
>
> as it happens very often the problem sits about 30 centimeters from
> the monitor (thanks for that, Volker)!
>
> I incorrectly assumed that i can access the same directory on a GPFS
> file system from two different nodes. As such my current "problem" is
> solved. Currently we have to isolate access to a directory on GPFS to
> a single node.
>
> My next steps would be to setup CTDB and SAMBA on AIX. But the
> documentation is not suited for a AIX install as it is very linux
> based. I would be willing to cooperate to build the documentation and
> a reference installation for AIX.
>
> How about you, Bill? Shall we give it a try?! ;-)
>

Indeed I would. :-) I have passed some patches back upstream for AIX,
but I am completing a test for broken libgpfs.a before they can be
included. In the meantime, I've been successful with a
pware53{-64}.clustered-samba.rte 3.3.4.0 (32- and 64-bit).

I can work on the 3.4 version later today since my patch set is against
this level. I'm finishing up an AMP refresh I can't wait to get off my
plate. :-)

Cheers,
Bill


> Kind regards
>
> Volker
>
>
> -Ursprüngliche Nachricht-
> Von: Volker Lendecke [mailto:volker.lende...@sernet.de]
> Gesendet: Mo 27.07.2009 15:47
> An: Arendt, Volker
> Cc: samba@lists.samba.org
> Betreff: Re: [Samba] Share access problem from 3.4.0
>
> On Mon, Jul 27, 2009 at 03:19:15PM +0200, Arendt, Volker wrote:
> > Hi all,
> >
> > we have a public share for all of our users. The share definition 
is as

> > follows:
> >
> > [public]
> > comment =
> > browseable = yes
> > writeable = yes
> > path = /gpfs/fbb/apps/public
> > force group = @BUILTIN+Users
> > valid users = @BUILTIN+Users
> > write list = @BUILTIN+Users
> >
> > All of our data resides on a GPFS file system. The share is 
defined and
> > accessed on a AIX 5.3.10 node with samba 3.0.26a. Here users do 
not have

> > any problem.
> >
> > A second node with AIX 5.3.10 and samba 3.4.0 provides the same share.
> > Users cannot access the public share via this system.
> >
> > What could be the problem?
>
> No idea without logfiles.
>
> Just to make 100% sure: The "path=" you're pointing to is
> different from the 3.0.26a node, right? Otherwise you're
> forcing your users to destroy their data. You might want to
> take a look at ctdb.samba.org.
>
> Volker
>
>




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Share access problem from 3.4.0 (solved)

[Arendt, Volker]

Hi Bill,

please let me know when your AMP bundle is done and you have the 3.4.0
ctdb-samba version packaged. Then we could go to work and find out how a
"best practice" for setting up a clustered samba on AIX needs to look like.
:-)

regards

Volker


-Ursprüngliche Nachricht-
Von: William Jojo [mailto:w.j...@hvcc.edu]
Gesendet: Mo 27.07.2009 17:26
An: Arendt, Volker
Cc: volker.lende...@sernet.de; samba@lists.samba.org
Betreff: Re: AW: [Samba] Share access problem from 3.4.0 (solved)
 
Arendt, Volker wrote:
>
> Hi all,
>
> as it happens very often the problem sits about 30 centimeters from 
> the monitor (thanks for that, Volker)!
>
> I incorrectly assumed that i can access the same directory on a GPFS 
> file system from two different nodes. As such my current "problem" is 
> solved. Currently we have to isolate access to a directory on GPFS to 
> a single node.
>
> My next steps would be to setup CTDB and SAMBA on AIX. But the 
> documentation is not suited for a AIX install as it is very linux 
> based. I would be willing to cooperate to build the documentation and 
> a reference installation for AIX.
>
> How about you, Bill? Shall we give it a try?! ;-)
>

Indeed I would. :-) I have passed some patches back upstream for AIX, 
but I am completing a test for broken libgpfs.a before they can be 
included. In the meantime, I've been successful with a 
pware53{-64}.clustered-samba.rte 3.3.4.0 (32- and 64-bit).

I can work on the 3.4 version later today since my patch set is against 
this level. I'm finishing up an AMP refresh I can't wait to get off my 
plate. :-)

Cheers,
Bill


> Kind regards
>
> Volker
>
>
> -Ursprüngliche Nachricht-
> Von: Volker Lendecke [mailto:volker.lende...@sernet.de]
> Gesendet: Mo 27.07.2009 15:47
> An: Arendt, Volker
> Cc: samba@lists.samba.org
> Betreff: Re: [Samba] Share access problem from 3.4.0
>
> On Mon, Jul 27, 2009 at 03:19:15PM +0200, Arendt, Volker wrote:
> > Hi all,
> >
> > we have a public share for all of our users. The share definition is as
> > follows:
> >
> > [public]
> > comment =
> > browseable = yes
> > writeable = yes
> > path = /gpfs/fbb/apps/public
> > force group = @BUILTIN+Users
> > valid users = @BUILTIN+Users
> > write list = @BUILTIN+Users
> >
> > All of our data resides on a GPFS file system. The share is defined and
> > accessed on a AIX 5.3.10 node with samba 3.0.26a. Here users do not
have
> > any problem.
> >
> > A second node with AIX 5.3.10 and samba 3.4.0 provides the same share.
> > Users cannot access the public share via this system.
> >
> > What could be the problem?
>
> No idea without logfiles.
>
> Just to make 100% sure: The "path=" you're pointing to is
> different from the 3.0.26a node, right? Otherwise you're
> forcing your users to destroy their data. You might want to
> take a look at ctdb.samba.org.
>
> Volker
>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Share access problem from 3.4.0 (solved)

[William Jojo]

Arendt, Volker wrote:


Hi all,

as it happens very often the problem sits about 30 centimeters from 
the monitor (thanks for that, Volker)!


I incorrectly assumed that i can access the same directory on a GPFS 
file system from two different nodes. As such my current "problem" is 
solved. Currently we have to isolate access to a directory on GPFS to 
a single node.


My next steps would be to setup CTDB and SAMBA on AIX. But the 
documentation is not suited for a AIX install as it is very linux 
based. I would be willing to cooperate to build the documentation and 
a reference installation for AIX.


How about you, Bill? Shall we give it a try?! ;-)



Indeed I would. :-) I have passed some patches back upstream for AIX, 
but I am completing a test for broken libgpfs.a before they can be 
included. In the meantime, I've been successful with a 
pware53{-64}.clustered-samba.rte 3.3.4.0 (32- and 64-bit).


I can work on the 3.4 version later today since my patch set is against 
this level. I'm finishing up an AMP refresh I can't wait to get off my 
plate. :-)


Cheers,
Bill



Kind regards

Volker


-Ursprüngliche Nachricht-
Von: Volker Lendecke [mailto:volker.lende...@sernet.de]
Gesendet: Mo 27.07.2009 15:47
An: Arendt, Volker
Cc: samba@lists.samba.org
Betreff: Re: [Samba] Share access problem from 3.4.0

On Mon, Jul 27, 2009 at 03:19:15PM +0200, Arendt, Volker wrote:
> Hi all,
>
> we have a public share for all of our users. The share definition is as
> follows:
>
> [public]
> comment =
> browseable = yes
> writeable = yes
> path = /gpfs/fbb/apps/public
> force group = @BUILTIN+Users
> valid users = @BUILTIN+Users
> write list = @BUILTIN+Users
>
> All of our data resides on a GPFS file system. The share is defined and
> accessed on a AIX 5.3.10 node with samba 3.0.26a. Here users do not have
> any problem.
>
> A second node with AIX 5.3.10 and samba 3.4.0 provides the same share.
> Users cannot access the public share via this system.
>
> What could be the problem?

No idea without logfiles.

Just to make 100% sure: The "path=" you're pointing to is
different from the 3.0.26a node, right? Otherwise you're
forcing your users to destroy their data. You might want to
take a look at ctdb.samba.org.

Volker




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] No responses, not a one?

[John Drescher]

On Mon, Jul 27, 2009 at 10:14 AM, Wikked one wrote:
> Ok understood,thanks for the response!
>

One thing you can do to try to generate help is to try to debug the
problem yourself. I mean do your logs show anything suspicious when
the failure occurs? If so post that output. Also if you could update
your samba to the current version (3.0.35) and test that.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Share access problem from 3.4.0 (solved)

[Arendt, Volker]

Hi all,

as it happens very often the problem sits about 30 centimeters from the
monitor (thanks for that, Volker)!

I incorrectly assumed that i can access the same directory on a GPFS file
system from two different nodes. As such my current "problem" is solved.
Currently we have to isolate access to a directory on GPFS to a single
node.

My next steps would be to setup CTDB and SAMBA on AIX. But the
documentation is not suited for a AIX install as it is very linux based. I
would be willing to cooperate to build the documentation and a reference
installation for AIX.

How about you, Bill? Shall we give it a try?! ;-)

Kind regards 

Volker


-Ursprüngliche Nachricht-
Von: Volker Lendecke [mailto:volker.lende...@sernet.de]
Gesendet: Mo 27.07.2009 15:47
An: Arendt, Volker
Cc: samba@lists.samba.org
Betreff: Re: [Samba] Share access problem from 3.4.0
 
On Mon, Jul 27, 2009 at 03:19:15PM +0200, Arendt, Volker wrote:
> Hi all,
> 
> we have a public share for all of our users. The share definition is as
> follows:
> 
> [public]
> comment =
> browseable = yes
> writeable = yes
> path = /gpfs/fbb/apps/public
> force group = @BUILTIN+Users
> valid users = @BUILTIN+Users
> write list = @BUILTIN+Users
> 
> All of our data resides on a GPFS file system. The share is defined and
> accessed on a AIX 5.3.10 node with samba 3.0.26a. Here users do not have
> any problem.
> 
> A second node with AIX 5.3.10 and samba 3.4.0 provides the same share.
> Users cannot access the public share via this system.
> 
> What could be the problem?

No idea without logfiles.

Just to make 100% sure: The "path=" you're pointing to is
different from the 3.0.26a node, right? Otherwise you're
forcing your users to destroy their data. You might want to
take a look at ctdb.samba.org.

Volker


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] No responses, not a one?

[Wikked one]

Ok understood,thanks for the response!

> Date: Mon, 27 Jul 2009 09:46:55 -0400
> Subject: Re: [Samba] No responses, not a one?
> From: dresche...@gmail.com
> To: wikk...@hotmail.com; samba@lists.samba.org
> 
> >I've asked about a couple issues on this list and now I'm wondering if 
> > I'm sending to the right address?
> > What's a guy got to do to get a response?
> >
> 
> This is the correct address, however this list you do will not always
> get a reply. I believe it depends on if any users know the answer
> and/or how busy the developers are.
> 
> John

_
Windows Live™ Hotmail®: Celebrate the moment with your favorite sports pics. 
Check it out.
http://www.windowslive.com/Online/Hotmail/Campaign/QuickAdd?ocid=TXT_TAGLM_WL_QA_HM_sports_photos_072009&cat=sports
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Share access problem from 3.4.0

[William Jojo]

William Jojo wrote:

Arendt, Volker wrote:

Hi all,

we have a public share for all of our users. The share definition is as
follows:

[public]
comment =
browseable = yes
writeable = yes
path = /gpfs/fbb/apps/public
force group = @BUILTIN+Users
valid users = @BUILTIN+Users
write list = @BUILTIN+Users

All of our data resides on a GPFS file system. The share is defined and
accessed on a AIX 5.3.10 node with samba 3.0.26a. Here users do not have
any problem.

A second node with AIX 5.3.10 and samba 3.4.0 provides the same share.
Users cannot access the public share via this system.

What could be the problem?

  

Hi, Volker!

If this is the same share, wouldn't the SID be different and thereby 
giving a different set of permissions for BUILTIN+Users on the shared 
filesystem, or did I miss something in your description.



That was a stupid question since the SID is well known.

*S-1-5-32-545*

Cheers,
Bill


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Share access problem from 3.4.0

[William Jojo]

Arendt, Volker wrote:

Hi all,

we have a public share for all of our users. The share definition is as
follows:

[public]
comment =
browseable = yes
writeable = yes
path = /gpfs/fbb/apps/public
force group = @BUILTIN+Users
valid users = @BUILTIN+Users
write list = @BUILTIN+Users

All of our data resides on a GPFS file system. The share is defined and
accessed on a AIX 5.3.10 node with samba 3.0.26a. Here users do not have
any problem.

A second node with AIX 5.3.10 and samba 3.4.0 provides the same share.
Users cannot access the public share via this system.

What could be the problem?

  

Hi, Volker!

If this is the same share, wouldn't the SID be different and thereby 
giving a different set of permissions for BUILTIN+Users on the shared 
filesystem, or did I miss something in your description.


Cheers,
Bill



Kind regards

Volker







  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Share access problem from 3.4.0

[Volker Lendecke]

On Mon, Jul 27, 2009 at 03:19:15PM +0200, Arendt, Volker wrote:
> Hi all,
> 
> we have a public share for all of our users. The share definition is as
> follows:
> 
> [public]
> comment =
> browseable = yes
> writeable = yes
> path = /gpfs/fbb/apps/public
> force group = @BUILTIN+Users
> valid users = @BUILTIN+Users
> write list = @BUILTIN+Users
> 
> All of our data resides on a GPFS file system. The share is defined and
> accessed on a AIX 5.3.10 node with samba 3.0.26a. Here users do not have
> any problem.
> 
> A second node with AIX 5.3.10 and samba 3.4.0 provides the same share.
> Users cannot access the public share via this system.
> 
> What could be the problem?

No idea without logfiles.

Just to make 100% sure: The "path=" you're pointing to is
different from the 3.0.26a node, right? Otherwise you're
forcing your users to destroy their data. You might want to
take a look at ctdb.samba.org.

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] No responses, not a one?

[John Drescher]

>    I've asked about a couple issues on this list and now I'm wondering if I'm 
> sending to the right address?
> What's a guy got to do to get a response?
>

This is the correct address, however this list you do will not always
get a reply. I believe it depends on if any users know the answer
and/or how busy the developers are.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Share access problem from 3.4.0

[Arendt, Volker]

Hi all,

we have a public share for all of our users. The share definition is as
follows:

[public]
comment =
browseable = yes
writeable = yes
path = /gpfs/fbb/apps/public
force group = @BUILTIN+Users
valid users = @BUILTIN+Users
write list = @BUILTIN+Users

All of our data resides on a GPFS file system. The share is defined and
accessed on a AIX 5.3.10 node with samba 3.0.26a. Here users do not have
any problem.

A second node with AIX 5.3.10 and samba 3.4.0 provides the same share.
Users cannot access the public share via this system.

What could be the problem?

Kind regards

Volker







-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] No responses, not a one?

[Wikked one]

Hi,
I've asked about a couple issues on this list and now I'm wondering if I'm 
sending to the right address?
What's a guy got to do to get a response?

> Dear List,
> 
>I’ve
> got a Samba NT4 domain with multiple samba member servers serving files using
> domain security. Current member servers are all running CentOS 4.7 with 
> 3.0.28-0.el4.9
> I have no issues (except aging) with these systems.
> 
> I’m upgrading a major file server with CentOS5.3 64 bit with
> Samba 3.0.33-3.7el5_3.1
> 
> ,it’s all setup and configured but here’s a show stopper for
> implementation.
> 
> When I attempt to access another Samba server with this
> version ,I am prompted for authentication,even though the machine has full
> domain access.
> 
> Additionally I have been mounting a domain member share on a
> non domain member server in order to back it up with a command in the
> /etc/fstab.
> 
> This no longer works and even when I specify the
> administrator and password I have a wrong password error.
> 
> 
> Here’s the 3.0.28 config file
> 
>  
> 
> [global]
> 
>  workgroup = workgroup
> 
> netbios name = OldSystem
> 
> passdb backend=ldapsam:ldap://System.MyGroup.com
> 
> idmap backend = ldap://192.168.1.1
> 
> security = domain
> 
> encrypt passwords= yes
> 
> ldap suffix=dc=MyGroup,dc=com
> 
> ldap machine suffix = ou=Computers
> 
> ldap user suffix =ou=Users
> 
> ldap group suffix =ou=Groups
> 
> ldap admin dn =cn=Manager,dc=MyGroup,dc=com
> 
> ldap passwd sync=yes
> 
> socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
> 
> os level = 20
> 
> local master = no
> 
> wins server =192.168.1.1
> 
> log level= 5
> 
> idmap uid = 16777216-33554431
> 
> idmap gid = 16777216-33554431
> 
> template shell = /bin/false
> 
> winbind use default domain = no
> 
>
> 
> [SHARE]
> 
> writeable = yes
> 
> valid users = @"Domain Users"
> 
> path = /usr/smb/share
> 
> force directory mode = 777
> 
> force create mode = 777
> 
>  nt acl support =yes
> 
>  
> 
> And the 3.0.33 config file
> 
>  
> 
>  
> workgroup = workgroup
> 
>security = domain
> 
>idmap uid = 16777216-33554431
> 
>idmap gid = 16777216-33554431
> 
>template shell = /bin/false
> 
>winbind use default domain = false
> 
>winbind offline logon = false
> 
> ldap user suffix = ou=Users
> 
> socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
> 
> wins server = 192.168.1.1
> 
> winbind trusted domains only = yes
> 
> idmap backend = ldap://192.168.1.1
> 
> encrypt passwords = yes
> 
> passdb backend = ldapsam:ldap://System.MyGroup.com
> 
> nt acl support = yes
> 
> netbios name = NewSystem
> 
> ldap machine suffix = ou=Computers
> 
> ldap group suffix = ou=Groups
> 
> ldap passwd sync = yes
> ldap suffix = dc=MyGroup,dc=com
> 
> local master = no
> 
> winbind enum groups = no
> 
> os level = 20
> 
> ldap admin dn = cn=Manager,dc=MyGroup,dc=com
> 
> log level = 5
> 
> 
> 
> [NEWSHARE]
> 
> nt acl support = yes
> 
> guest account = administrator
> 
> writeable = yes
> 
> path = /raid/smb/newshare
> 
> force directory mode = 777
> 
> force create mode = 777
> 
> valid users = @"Domain Users"
> 
>  
> 
> Any help?
> 
>  
> 
> Thanks!
> 
>  
> 
>  
> 
> 
> _
> Bing™ brings you maps, menus, and reviews organized in one place. Try it now.
> http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TXT_MLOGEN_Local_Local_Restaurants_1x1
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

_
Bing™ brings you maps, menus, and reviews organized in one place. Try it now.
http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TXT_MLOGEN_Local_Local_Restaurants_1x1
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba-3.0.34 can ADS join but not non-ADS join.

[Jeremiah Martell]

I was using Samba-3.0.14a perfectly fine.
Now, I'm trying to use Samba-3.0.34.

I can do an "ADS" join fine with Samba-3.0.34, but I cannot do my old
non-ADS join anymore. Winbindd starts and stays running fine, but when
I run net to do the non-ADS join I'm running into a strange "interfaces" issue.

It now wants an "interfaces" line in the smb.conf file when I attempt
to join a domain (using all the same old smb.conf settings I was with
Samba-3.0.14a).

So I give an "interfaces = eth0" in my smb.conf file, but it does not
join. It fails with a "cannot join as standalone machine".

Running net with debug level 3 during this gives two interesting things:

It cannot load ANSI_X3.4-1968.so

And this...

[2009/07/24 14:27:57, 3] source/lib/util.c:interpret_addr(1310)
 sys_gethostbyname: Unknown host. eth0
[2009/07/24 14:27:57, 2] source/lib/interface.c:interpret_interface(130)
 can't determine netmask for eth0
[2009/07/24 14:27:57, 0] source/lib/interface.c:load_interfaces(229)
 WARNING: no network interfaces found
[2009/07/24 14:27:57, 3] source/libsmb/namequery.c:get_dc_list(1557)
 get_dc_list: preferred server list: ", abc.example.com"
[2009/07/24 14:27:57, 1] source/libads/cldap.c:recv_cldap_netlogon(247)
 Failed to parse cldap reply
[2009/07/24 14:27:57, 3] source/libads/ldap.c:ads_try_connect(194)
 ads_try_connect: CLDAP request 123.456.789.0 failed.
cannot join as standalone machine
[2009/07/24 14:27:57, 2] source/utils/net.c:main(1088)
 return code = -1

Using Wireshark shows multiple DNS lookups for "eth0.example.com", and a single
CLDAP search, (&(&(DnsDomain=06:00:00:00)(Host=ABCABC))(NtVer=06:00:00:00)),
that was successful but with no results.

I ruled out any network issues because I can still non-ADS join on
the same machine on the same network with my old Samba-3.0.14a code.

I looked at the latest Samba-3.4.0 and noticed that the interface.c
and interfaces.c are pretty different from Samba-3.0.34. Is this a known bug
that was fixed in revisions post-Samba-3.0.34? Am I not understanding the
"interfaces" line in my smb.conf file correctly?

I'm not sure what the "CLDAP request failed" and "cannot join as
standalone machine" would suggest.

Any other questions/suggestions?

Thanks,

--
- Jeremiah Martell
http://inlovewithGod.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] TYPO net.8.xml

[Michael Adam]

Michael Adam wrote:
> OPC oota wrote:
> > I found typo in net.8.xml of samba-3.4.0 source.
> > 
> > Note that you also need to use standard net paramters to connect and 
> > authenticate
> > -
> > parameters
> >  to the remote machine that you want to rename in the domain. 
> > These additional parameters include: -S computer and -U user.
> > 
> 
> Thanks for the report!
> There are are actually two more places with the same typo.
> 
> I have fixed it in our master branch and will look into getting
> this into 3.4

FYI: The fix has been pushed to the 3.3 and 3.4 release branches
and will be in the next bugfix releases.

Cheers - Michael



pgpaRmiCse8I1.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] I/O error when trying to write

[ravi channavajhala]

On Mon, Jul 27, 2009 at 05:02:28PM +0530, ravi channavajhala wrote:
> My setup is fairly straight forward; I have a Solaris 10 (SPARC) being
used
> as a samba server with AD sign on.  Users can log in fine and map their
> directories through windows clients.  All the user home dirs and critical
> project dirs are on a NetAPP filer.
> 
>  
> 
> When user tries to write a file, it is erroring out with I/O error, file
> access is permitted for read operations only.  Investigating the problem
> shows that on Solaris this message is appearing "NFS compound failed for
> server filer.example.com: error 2 (RPC: Can't decode result)".   
> 
>  
> 
> It appears there is a problem with NFS v4 support either on the Solaris or
> the NetAPP filer.  I've not had a chance to set NetAPP filer not to use
NFS
> V4; I'm attempting it this weekend along with hacking /etc/default/nfs .
> Anything that I should look out also on the Samba side, especially the
> ACLs/permissions issues related stuff?

Why don't you just enable CIFS on NetApp?

To me this really does not sound like a Samba problem.

Volker

>I agree this is not a samba problem; I just want to ensure that I don't
>need to tie up any loose ends on the samba side, that's all. Thanks.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] I/O error when trying to write

[Volker Lendecke]

On Mon, Jul 27, 2009 at 05:02:28PM +0530, ravi channavajhala wrote:
> My setup is fairly straight forward; I have a Solaris 10 (SPARC) being used
> as a samba server with AD sign on.  Users can log in fine and map their
> directories through windows clients.  All the user home dirs and critical
> project dirs are on a NetAPP filer.
> 
>  
> 
> When user tries to write a file, it is erroring out with I/O error, file
> access is permitted for read operations only.  Investigating the problem
> shows that on Solaris this message is appearing "NFS compound failed for
> server filer.example.com: error 2 (RPC: Can't decode result)".   
> 
>  
> 
> It appears there is a problem with NFS v4 support either on the Solaris or
> the NetAPP filer.  I've not had a chance to set NetAPP filer not to use NFS
> V4; I'm attempting it this weekend along with hacking /etc/default/nfs .
> Anything that I should look out also on the Samba side, especially the
> ACLs/permissions issues related stuff?

Why don't you just enable CIFS on NetApp?

To me this really does not sound like a Samba problem.

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] TYPO net.8.xml

[Michael Adam]

OPC oota wrote:
> I found typo in net.8.xml of samba-3.4.0 source.
> 
> Note that you also need to use standard net paramters to connect and 
> authenticate
> -
> parameters
>  to the remote machine that you want to rename in the domain. 
> These additional parameters include: -S computer and -U user.
> 

Thanks for the report!
There are are actually two more places with the same typo.

I have fixed it in our master branch and will look into getting
this into 3.4

Michael



pgppmYDlJpSDJ.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] I/O error when trying to write

[ravi channavajhala]

My setup is fairly straight forward; I have a Solaris 10 (SPARC) being used
as a samba server with AD sign on.  Users can log in fine and map their
directories through windows clients.  All the user home dirs and critical
project dirs are on a NetAPP filer.

 

When user tries to write a file, it is erroring out with I/O error, file
access is permitted for read operations only.  Investigating the problem
shows that on Solaris this message is appearing "NFS compound failed for
server filer.example.com: error 2 (RPC: Can't decode result)".   

 

It appears there is a problem with NFS v4 support either on the Solaris or
the NetAPP filer.  I've not had a chance to set NetAPP filer not to use NFS
V4; I'm attempting it this weekend along with hacking /etc/default/nfs .
Anything that I should look out also on the Samba side, especially the
ACLs/permissions issues related stuff?

 

Regards,

/rkc

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba-PDC with winbind on Samba-domain-member

[Dr. Bernhard Lummer]

Hi,

We have set up a Samba PDC (3.3.4) with tdb backend working fine.
Now we are going to add a Samba domain member (3.2.4) where users are 
authenticated through winbind against the PDC user-database. After having 
joined the domain this works fine but, when we issue 

wbinfo -u
or
wbinfo -g

on the domain member no entries are displayed.

wbinfo -i "user"
lists the correct user-info held in the winbind-cache.

"getent passwd" and "getent group" only show the local entries of the Samba 
domain member.

How can we achieve that the user- and group-information are replicated from the 
Samba-PDC to the Samba-domain-member permanently?

Any hints welcome, let me know if additional info's are required

Thanks
Bernhard



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba using Server 2k3 DC for auth and ACL permissions

[Michael Heydon]

Blotto wrote:

only users listed in the smb.conf file for that share
have access regardless of the acl permissions set
  
Maybe I'm not reading this right, but I think that is how it is supposed 
to work.


When you define which users can access a share that is checked when they 
attempt to connect, file system ACLs will only come in to play after the 
user has been granted access to the share.


[Admin] 
path = /media/Shared/ 
read only = no 
create mode = 0700 
directory mode = 0700 
nt acl support = yes 
acl map full control = yes 
admin users = @MY+fileserveradmin 
valid users = @"MY+Domain Users" 
browseable = true 
  
So are you trying to grant Fred (for example) access to the files, even 
though he isn't a member of "MY\Domain Users" (probably a bad example 
since all users are likely to be in that group)?


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba using Server 2k3 DC for auth and ACL permissions

[Christian Rost]

>These values were set using the permissions editor in windows 
>
>the problem i have is that the permissions do nothing 
>
>if i set a users from the domain to have full control of a folder, they
>still cant access it, only users listed in the smb.conf file for that
>share have access regardless of the acl permissions set, so im thinking im
>missing something config wise

Hi,

it's the same as with Windows - you need two different sets of ACLs. One to 
access the share and one for the filesystem the share refers to.

If you're watching the filesystem ACLs cloesely, the "web/" directory is owned 
by user "root" and group"root". In addition User "600" and group "605" have 
full and user "602" only read access. 

Does any of these IDs match your "@MY+fileserveradmin" and @"MY+Domain Users". 
But perhaps it's only because you missed the samba-share-option "write list", 
which grants read/ write access to users/ group per share. 

If it doesn't help, increase the "debug level" to 2 or 3 and check the logfiles.

Cheers, 

Christian

===
Christian Rost
roCon - Informationstechnologie
Glatzer Weg 4

44534 Lünen

fon: +49 (0) 2306 910 658
fax: +49 (0) 2306 910 664
url: http://www.rocon-it.de


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba using Server 2k3 DC for auth and ACL permissions

[Blotto]

Hi, 

i have a samba server setup on debian to use a server 2k3 AD for auth. 

This works perfectly fine 

what doesnt work, is ACL permissions. 

I have the drives mounted as acl, acl is settable and readable on both
windows and debian; 

# getfacl web/ 
# file: web/ 
# owner: root 
# group: root 
user::rwx 
user:600:rwx 
user:602:r-x 
group::r-x 
group:605:rwx 
mask::rwx 
other::--- 
default:user::rwx 
default:user:600:rwx 
default:user:602:r-x 
default:group::r-x 
default:group:605:rwx 
default:mask::rwx 
default:other::--- 

These values were set using the permissions editor in windows 

the problem i have is that the permissions do nothing 

if i set a users from the domain to have full control of a folder, they
still cant access it, only users listed in the smb.conf file for that share
have access regardless of the acl permissions set, so im thinking im missing
something config wise 

smb.conf 

[global] 
security = ADS 
encrypt passwords = yes 
wins support = yes 
workgroup = MY 
realm = MY.DOMAIN 
winbind enum users = Yes 
winbind enum groups = Yes 
winbind separator = + 
idmap uid = 1-3 
idmap gid = 1-3 
template shell = /bin/bash 
log level = 3 
log file = /var/log/samba.log 
password server = wencodc 
map acl inherit = yes 
acl group inherit = yes 
acls group control = yes 

[Admin] 
path = /media/Shared/ 
read only = no 
create mode = 0700 
directory mode = 0700 
nt acl support = yes 
acl map full control = yes 
admin users = @MY+fileserveradmin 
valid users = @"MY+Domain Users" 
browseable = true 

Any help greatly appreciated, ive exhausted google on this to no avail. 

-Pete
-- 
View this message in context: 
http://www.nabble.com/Samba-using-Server-2k3-DC-for-auth-and-ACL-permissions-tp24675249p24675249.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba