Re: [Samba] default profile
2009/9/1 Adam Williams > > > Tamás Pisch wrote: > > 2009/8/31 Adam Williams > > >my computer properties, advanced tab, user profiles. is user set to local > and not roaming? does it only happen to certain > > > local profile > > > > > change local profile to roaming in the my computer properties, advanced, > user profiles section. > I cannot, because it is inactive (grayed). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Disk Shares ID'ed as Printers
I'm configuring Samba 3.0.33-3.7 on a RHEL 5.2 LINUX server and all is well except my disk shares are all ID'd as Type Printer vice Disk, and I don't have an ADMIN$ share. I have the O'Reilly SAMBA book, and three working Samba 2.X servers as running examples, but I can't find anything to account for the problem. Both SMBD and NMBD are running, testparm yields no errors, and the SAMBA server itself and the assigned disk shares appear on the network, it's just they can't be opened because SAMBA thinks they are printers not disk shares. Any hints will be appreciated. John V. Kjellman Henniker NH -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaPwdMustChange not synced on PDC from BDC
nogenetics nogenetics wrote: > On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics < > nnogenet...@gmail.com> wrote: >> I have a PDC/BDC samba/ldap environment. >> PDC: >> samba 3.0.24 >> slapd 2.3.30 >> >> BDC: >> samba 3.2.5 >> slapd 2.4.11 >> >> Ldap replication is working fine, but I have noticed two issues >> >> 1- when a windows user change password on BDC, sambaPwdMustChange and >> sambaPwdCanChange is not synced on PDC >> (using ldap passwd sync = yes and unix password sync = no) >> >> 2- when using 'net sam set pwdmustchange' on PDC, sambaPwdMustChange is >> not synced on BDC >> >> Anyone can point me what's wrong? >> >> About issue 1- , I can use unix password sync = yes and ldap passwd sync = >> no (using smbldap-passwd) as workaround, but windows user get that annoying >> warning message (decode_pw_buffer-incorrect-password-length topic). Is >> there a way to avoid this warning message? >> This is a issue many users are experiencing. >> >> Thanks in advance for your time >> >> > Bump! > No hints? How are you sure you don't run into OpenLDAP replication problems? The OpenLDAP versions you're running are quite old. slapd 2.3.x is not actively supported anymore. There also were interop issues fixed regarding replication between 2.3.x and 2.4.x and numerous syncrepl fixes for 2.4.x. You should definitely upgrade your OpenLDAP installations. Ciao, Michael. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] default profile
Tamás Pisch wrote: 2009/8/31 Adam Williams my computer properties, advanced tab, user profiles. is user set to local and not roaming? does it only happen to certain local profile change local profile to roaming in the my computer properties, advanced, user profiles section. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaPwdMustChange not synced on PDC from BDC
On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics < nnogenet...@gmail.com> wrote: > Hi > I have a PDC/BDC samba/ldap environment. > > > PDC: > samba 3.0.24 > slapd 2.3.30 > > BDC: > samba 3.2.5 > slapd 2.4.11 > > Ldap replication is working fine, but I have noticed two issues > > 1- when a windows user change password on BDC, sambaPwdMustChange and > sambaPwdCanChange is not synced on PDC > (using ldap passwd sync = yes and unix password sync = no) > > 2- when using 'net sam set pwdmustchange' on PDC, sambaPwdMustChange is > not synced on BDC > > Anyone can point me what's wrong? > > About issue 1- , I can use unix password sync = yes and ldap passwd sync = > no (using smbldap-passwd) as workaround, but windows user get that annoying > warning message (decode_pw_buffer-incorrect-password-length topic). Is > there a way to avoid this warning message? > This is a issue many users are experiencing. > > Thanks in advance for your time > > Bump! No hints? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] default profile
2009/8/31 Adam Williams > my computer properties, advanced tab, user profiles. is user set to local > and not roaming? does it only happen to certain local profile > users? or users that authenticate against the BDC? > > I stopped samba on bdc, but it didn't help. Login script runs, sytem policies applied, but it don't want to use the default profile from the netlogon share. > Tamás Pisch wrote: > >> Hi, >> >> I installed a SaMBa PDC and a BDC. When I log in to an XP client with a >> new >> user, sometimes I get the initial profile settings from the netlogon >> share, >> but often from local. When I get the local default settings, it is not >> syncronized to the server at logout. Even if I get the new profile from >> the >> server, on the same client, next time, with a new user, I get the new >> profile from local. I don't understand why, and I didn't get error >> message/log. >> PDC's smb.conf: >> [global] >>dos charset = CP852 >>unix charset = UTF8 >>workgroup = PERCZELMOR >>server string = %h - PERCZELMOR PDC >>interfaces = 127.0.0.0/8, eth0 >>bind interfaces only = Yes >>passdb backend = ldapsam:"ldap://127.0.0.1:389"; >>log level = 1 auth:2 >>log file = /var/log/samba/log.%m >>max log size = 1000 >>smb ports = 139 >>name resolve order = wins host bcast >>time server = Yes >>printcap name = /etc/printcap >>rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' >>add group script = /usr/sbin/smbldap-groupadd -p "%g" >>delete group script = /usr/sbin/smbldap-groupdel "%g" >>add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" >>delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" >>set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" >>add machine script = /usr/sbin/smbldap-useradd -w "%u" >>logon script = scripts\logon.cmd >>logon path = \\SRV3\profiles\%U >>logon drive = H: >>logon home = \\SRV3\%U >>domain logons = Yes >>preferred master = Yes >>wins support = Yes >>ldap admin dn = cn=su,dc=perczelmor,dc=site >>ldap group suffix = ou=Groups >>ldap idmap suffix = ou=Idmap >>ldap machine suffix = ou=People >>ldap passwd sync = Yes >>ldap suffix = dc=perczelmor,dc=site >>ldap ssl = no >>ldap user suffix = ou=People >>eventlog list = Security, Application, Syslog >>usershare max shares = 0 >>usershare path = /home/samba/usershares >>panic action = /usr/share/samba/panic-action %d >>idmap uid = 1-2 >>idmap gid = 1-2 >>create mask = 0777 >>map acl inherit = Yes >>veto oplock files = /*.pdf/*.pst/ >>browseable = No >>csc policy = disable >> >> [netlogon] >>comment = Network Logon Service >>path = /home/samba/netlogon >>guest ok = Yes >>fake oplocks = Yes >> >> [profiles] >>comment = Users profiles >>path = /home/samba/profiles >>read only = No >>create mask = 0600 >>directory mask = 0700 >>profile acls = Yes >> >> >> >> BDC's smb.conf: >> [global] >>dos charset = CP852 >>unix charset = UTF8 >>workgroup = PERCZELMOR >>server string = %h - PERCZELMOR BDC >>interfaces = 127.0.0.0/8, eth0 >>bind interfaces only = Yes >>passdb backend = ldapsam:"ldap://127.0.0.1:389"; >>syslog = 2 >>log file = /var/log/samba/log.%m >>max log size = 1000 >>smb ports = 139 >>name resolve order = wins host bcast >>time server = Yes >>printcap name = /etc/printcap >>logon script = scripts\logon.cmd >>logon path = \\SRV3\profiles\%U >>logon drive = H: >>logon home = \\SRV3\%U >>domain logons = Yes >>domain master = No >>dns proxy = No >>wins server = 192.168.0.3 >>ldap admin dn = cn=su,dc=perczelmor,dc=site >>ldap group suffix = ou=Groups >>ldap idmap suffix = ou=Idmap >>ldap machine suffix = ou=People >>ldap passwd sync = Yes >>ldap suffix = dc=perczelmor,dc=site >>ldap ssl = no >>ldap user suffix = ou=People >>eventlog list = Security, Application, Syslog >>usershare max shares = 0 >>panic action = /usr/share/samba/panic-action %d >>idmap uid = 1-2 >>idmap gid = 1-2 >>map acl inherit = Yes >>veto oplock files = /*.pdf/*.pst/ >>browseable = No >> >> [netlogon] >>comment = Network Logon Service >>path = /home/samba/netlogon >>guest ok = Yes >>fake oplocks = Yes >> >> Any idea? What can I check/change? >> Thanks, in advance. >> >> Tamas. >> >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba process issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am using Samba 3.2.11 with an LDAP backend (FreeIPA {which uses FDS}). Looks like my instance of samba is spawning an extra ordinary amount of processes throughout the course of a day and the number of open file descriptors grows rather large. I wouldn't normally be concerned by the resources as I increased the fds to 8192, but it appears that at a certain point samba stops responding to authentication requests and I have to restart smb in order for users to log in. Are there any issues with 3.2.11 that anyone is aware about that would be causing these symptoms? David -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkqdaDEACgkQ5B+8XEnAvqsTYgCdGictKGElQJ3y84fz6sw6srTC daEAn3V1HXctFkBVexyTNaTTn0/reUNc =9GD5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba authentication against Linux-based Kerberos
Use the popular heimdal, openldap + smbk5pwd, samba3 combo This will keep samba/ldap/kerberos passwords in sync no matter how or where the password is changed. Otherwise you could do some pam hackery, perhaps stacking pam_winbind and pam_krb5 for password changing. You would have to do this on all the nodes on your network. and for the windows side of things you could write a password change script, which would be called by samba on a password change. On Tue, 01 Sep 2009 16:48:01 +0200, Robert Markula wrote: > Hi, > please consider the following situation in a heterogenous, Windows > Server-less network, where users use both Windows and Linux: > > - On Windows users authenticate against a Samba 3.3.2 PDC with tdbsam > backend. > - On Linux users authenticate against a combination of OpenLDAP and > Kerberos. > > This, of course, brings up the old problem that users have to > synchronise their passwords manually for both Windows and Linux. > > The ideal solution would be that Samba would just support authentication > against Linux-based Kerberos, but (correct me if I'm wrong) that doesn't > seem possible with Samba3. > > Is there anything else that can be done? So if users on Windows can't > use Linux-based Kerberos for SSO, maybe there is at least a way for > users to change their passwords on one OS and get it automatically > synced for the other (i.e. if a user changes his password on a Windows > machine it gets automatically changed for his Linux account as well and > vice versa)? > > Cheers, > Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] avoiding local users
Hi, Please repost your question without the comments, this makes it a lot harder to read through the config. Regards, Serge Fonville On Tue, Sep 1, 2009 at 5:20 PM, Konrad Azzopardi wrote: > Dear all, > > I am new to samba. have configured a samba share, pls see config file > below and my problem is that the share works successfully however to > work I need to create an equivalent user locally , in the case ' boule > ' . Is there a way to authenticate to the domain , force user and > group as apache and having the valid users not created locally on the > machine ? > > tnx > konrad > > > # This is the main Samba configuration file. You should read the > # smb.conf(5) manual page in order to understand the options listed > # here. Samba has a huge number of configurable options (perhaps too > # many!) most of which are not shown in this example > # > # For a step to step guide on installing, configuring and using samba, > # read the Samba-HOWTO-Collection. This may be obtained from: > # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf > # > # Many working examples of smb.conf files can be found in the > # Samba-Guide which is generated daily and can be downloaded from: > # http://www.samba.org/samba/docs/Samba-Guide.pdf > # > # Any line which starts with a ; (semi-colon) or a # (hash) > # is a comment and is ignored. In this example we will use a # > # for commentry and a ; for parts of the config file that you > # may wish to enable > # > # NOTE: Whenever you modify this file you should run the command "testparm" > # to check that you have not made any basic syntactic errors. > # > #--- > # SELINUX NOTES: > # > # If you want to use the useradd/groupadd family of binaries please run: > # setsebool -P samba_domain_controller on > # > # If you want to share home directories via samba please run: > # setsebool -P samba_enable_home_dirs on > # > # If you create a new directory you want to share you should mark it as > # "samba-share_t" so that selinux will let you write into it. > # Make sure not to do that on system directories as they may already have > # been marked with othe SELinux labels. > # > # Use ls -ldZ /path to see which context a directory has > # > # Set labels only on directories you created! > # To set a label use the following: chcon -t samba_share_t /path > # > # If you need to share a system created directory you can use one of the > # following (read-only/read-write): > # setsebool -P samba_export_all_ro on > # or > # setsebool -P samba_export_all_rw on > # > # If you want to run scripts (preexec/root prexec/print command/...) please > # put them into the /var/lib/samba/scripts directory so that smbd will be > # allowed to run them. > # Make sure you COPY them and not MOVE them so that the right SELinux context > # is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts > # > #-- > # > #=== Global Settings = > > [global] > > # --- Network Related Options - > # > # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH > # > # server string is the equivalent of the NT Description field > # > # netbios name can be used to specify a server name not tied to the hostname > # > # Interfaces lets you configure Samba to use multiple interfaces > # If you have multiple network interfaces then you can list the ones > # you want to listen on (never omit localhost) > # > # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can > # specifiy it as a per share option as well > # > workgroup = BEILUX > server string = Samba Server Version %v > > netbios name = security-portal > > ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 > ; hosts allow = 127. 192.168.12. 192.168.13. > > # --- Logging Options - > # > # Log File let you specify where to put logs and how to split them up. > # > # Max Log Size let you specify the max size log files should reach > > # logs split per machine > ; log file = /var/log/samba/%m.log > # max 50KB per log file, then rotate > ; max log size = 50 > > # --- Standalone Server Options > # > # Security can be set to user, share(deprecated) or server(deprecated) > # > # Backend to store user information in. New installations should > # use either tdbsam or ldapsam. smbpasswd is available for backwards > # compatibility. tdbsam requires no further configuration. > > security = user > passdb backend = tdbsam > > > # --- Domain Members Options > # > # Security must be set to domain or ads > # > # Use the realm option only with security = ads > # Specifies the Active Directory realm the host is part of > # > # Backend to store user information in. New installations should > # use either tdbsam or ldapsam
[Samba] avoiding local users
Dear all, I am new to samba. have configured a samba share, pls see config file below and my problem is that the share works successfully however to work I need to create an equivalent user locally , in the case ' boule ' . Is there a way to authenticate to the domain , force user and group as apache and having the valid users not created locally on the machine ? tnx konrad # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # For a step to step guide on installing, configuring and using samba, # read the Samba-HOWTO-Collection. This may be obtained from: # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # Many working examples of smb.conf files can be found in the # Samba-Guide which is generated daily and can be downloaded from: # http://www.samba.org/samba/docs/Samba-Guide.pdf # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #--- # SELINUX NOTES: # # If you want to use the useradd/groupadd family of binaries please run: # setsebool -P samba_domain_controller on # # If you want to share home directories via samba please run: # setsebool -P samba_enable_home_dirs on # # If you create a new directory you want to share you should mark it as # "samba-share_t" so that selinux will let you write into it. # Make sure not to do that on system directories as they may already have # been marked with othe SELinux labels. # # Use ls -ldZ /path to see which context a directory has # # Set labels only on directories you created! # To set a label use the following: chcon -t samba_share_t /path # # If you need to share a system created directory you can use one of the # following (read-only/read-write): # setsebool -P samba_export_all_ro on # or # setsebool -P samba_export_all_rw on # # If you want to run scripts (preexec/root prexec/print command/...) please # put them into the /var/lib/samba/scripts directory so that smbd will be # allowed to run them. # Make sure you COPY them and not MOVE them so that the right SELinux context # is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts # #-- # #=== Global Settings = [global] # --- Network Related Options - # # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH # # server string is the equivalent of the NT Description field # # netbios name can be used to specify a server name not tied to the hostname # # Interfaces lets you configure Samba to use multiple interfaces # If you have multiple network interfaces then you can list the ones # you want to listen on (never omit localhost) # # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can # specifiy it as a per share option as well # workgroup = BEILUX server string = Samba Server Version %v netbios name = security-portal ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; hosts allow = 127. 192.168.12. 192.168.13. # --- Logging Options - # # Log File let you specify where to put logs and how to split them up. # # Max Log Size let you specify the max size log files should reach # logs split per machine ; log file = /var/log/samba/%m.log # max 50KB per log file, then rotate ; max log size = 50 # --- Standalone Server Options # # Security can be set to user, share(deprecated) or server(deprecated) # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. security = user passdb backend = tdbsam # --- Domain Members Options # # Security must be set to domain or ads # # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # # Use password server option only with security = server or if you can't # use the DNS to locate Domain Controllers # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * security = domain ; passd
[Samba] Samba authentication against Linux-based Kerberos
Hi, please consider the following situation in a heterogenous, Windows Server-less network, where users use both Windows and Linux: - On Windows users authenticate against a Samba 3.3.2 PDC with tdbsam backend. - On Linux users authenticate against a combination of OpenLDAP and Kerberos. This, of course, brings up the old problem that users have to synchronise their passwords manually for both Windows and Linux. The ideal solution would be that Samba would just support authentication against Linux-based Kerberos, but (correct me if I'm wrong) that doesn't seem possible with Samba3. Is there anything else that can be done? So if users on Windows can't use Linux-based Kerberos for SSO, maybe there is at least a way for users to change their passwords on one OS and get it automatically synced for the other (i.e. if a user changes his password on a Windows machine it gets automatically changed for his Linux account as well and vice versa)? Cheers, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Password policy under Samba 4?
How does one set a password policy using Samba 4? I've set up Samba 4 as a domain controller with one Windows 2003 server joined to the domain. I've seen mention of the "check password script" option, but I think that's not available in Samba 4, right? I've also seen mention of Group Policies, but I am not sure if this is correct or not because I haven't been able to find anything in the Group Policy management tool on Windows that seems applicable. Basically I just want to know where to set the "user must change password after 30 days" and "password must be at least X characters long" settings and have these apply to users logging into the Windows machine. I'd appreciate it if someone could point me at the relevant documentation. -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot connect from Windows 2000 to Samba 3.4.0 on Li nux ....
Some default setting have changed. Use: testparm -v from your various versions of samba to detect which parameters may be causing you issues. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 "Don't Blend in..." -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Jochen Roderburg Sent: Tuesday, September 01, 2009 6:47 AM To: samba@lists.samba.org Subject: [Samba] Cannot connect from Windows 2000 to Samba 3.4.0 on Linux Second try via gmane, because direct mail to the mailing list was rejected :-( ... when using not-encrypted passwords. Yes, I know, that is not the recommended secure way, but I want also AFS authentication via samba and that does not work with encrypted windows passwords. I have been doing this successfully for numerous years with all samba generations from 1.x up to 3.3.x. I do not see any changes in the 3.4 ChangeLog that could be related to this. On the samba side there are no error messages in the log files (with standard log levels). On the Windows side it either says no permission or repeatedly asks for username/password. Strange thing found during repeated test series with different samba versions: when I start with an older version and get my connections, then kill all samba daemons and start new with 3.4 (with same configuration/data directories) everything suddenly works again. The old connection are still usable and new connections can also be made. Of course this is very confusing and makes it hard to recognize what actually is going on. Update to my first try to report this problöm: I see that there is now a relatively new bugzilla entry # which looks similar to my case. Could this be the same cause ??? Best regards, Jochen Roderburg RRZK University of Cologne Robert-Koch-Str. 10Tel.: +49-221/478-7024 D-50931 Koeln E-Mail: roderb...@uni-koeln.de Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ignoring unknown parameter "idmap domains"
Le mardi 01 septembre 2009 à 14:46 +0200, Karolin Seeger a écrit : > Hi David, > > On Tue, Sep 01, 2009 at 02:22:29PM +0200, David Touzeau wrote: > > according this wiki > > http://wiki.samba.org/index.php/Ldapsam_Editposix > > > > i have enable EditPosix extension but i receive this error > > > > Ignoring unknown parameter "idmap domains" > > > > How can i fix it ? > > "idmap domains" has been removed in Samba 3.3.0. > More information are available in the release notes > http://www.samba.org/samba/history/samba-3.3.0.html. > > As the idmap configuration depends on your version, please see the > smb.conf and idmap manpages (e.g. man idmap_tdb) for more information. > If there are any questions left, please post again and provide the Samba > version. > > You are right, the Wiki should be updated soon. > > Thanks for the hint! > > Cheers, > Karolin > Good ! Many thanks Karolin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Ignoring unknown parameter "idmap domains"
Dear according this wiki http://wiki.samba.org/index.php/Ldapsam_Editposix i have enable EditPosix extension but i receive this error Ignoring unknown parameter "idmap domains" How can i fix it ? Here it is my smb.conf : [global] workgroup = MSHOME netbios name = PC-DTOUZEAU server string = %h server disable netbios =no syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes # Controler ?? --- security = user enable privileges = yes domain master = no local master = yes preferred master = no domain logons = no os level = 40 printer admin = root,administrator,@Administrators,@lpadmin ldap passwd sync = no # LDAP settings --- ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap suffix = dc=my-domain,dc=com ldap group suffix = ou=groups,dc=samba,dc=organizations ldap user suffix = ou=users,dc=samba,dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations #Samba and the Editposix/Trusted Ldapsam extension ldap idmap suffix = ou=idmap,dc=samba,dc=organizations ldap delete dn = yes encrypt passwords = true passdb backend = ldapsam ldapsam:trusted=yes ldapsam:editposix=yes idmap domains = MSHOME idmap config MSHOME:backend = ldap idmap config MSHOME:readonly = no idmap config MSHOME:default = yes idmap config MSHOME:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com idmap config MSHOME:ldap_user_dn = cn=Manager,dc=my-domain,dc=com idmap config MSHOME:ldap_url = ldap://localhost idmap config MSHOME:range = 2-50 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com idmap alloc config:ldap_user_dn = cn=Manager,dc=my-domain,dc=com idmap alloc config:ldap_url = ldap://localhost idmap alloc config:range = 2-50 ldap ssl = no logon path = \\%L\profile\%U logon drive = P: logon home = \\%L\%U logon script = script.bat socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = No default case = lower preserve case = yes short preserve case = yes #character set = iso8859-1 #domain admin group = @admin dns proxy = No wins support = Yes #hosts allow = 192.168.0. 127. winbind use default domain = yes winbind enum users = yes winbind enum groups = yes nt acl support = Yes msdfs root = Yes time server = yes host msdfs = yes # Shared Folders lists --- [printers] comment = Printers browseable = yes path = /tmp printable = yes public = yes guest ok = yes writable = no create mode = 0700 [print$] comment = Printers drivers path = /etc/samba/printer_drivers browseable = yes guest ok = no read only = yes write list = root,administrator,@Administrators,@lpadmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot connect from Windows 2000 to Samba 3.4.0 on Linux ....
Second try via gmane, because direct mail to the mailing list was rejected :-( ... when using not-encrypted passwords. Yes, I know, that is not the recommended secure way, but I want also AFS authentication via samba and that does not work with encrypted windows passwords. I have been doing this successfully for numerous years with all samba generations from 1.x up to 3.3.x. I do not see any changes in the 3.4 ChangeLog that could be related to this. On the samba side there are no error messages in the log files (with standard log levels). On the Windows side it either says no permission or repeatedly asks for username/password. Strange thing found during repeated test series with different samba versions: when I start with an older version and get my connections, then kill all samba daemons and start new with 3.4 (with same configuration/data directories) everything suddenly works again. The old connection are still usable and new connections can also be made. Of course this is very confusing and makes it hard to recognize what actually is going on. Update to my first try to report this problöm: I see that there is now a relatively new bugzilla entry # which looks similar to my case. Could this be the same cause ??? Best regards, Jochen Roderburg RRZK University of Cologne Robert-Koch-Str. 10Tel.: +49-221/478-7024 D-50931 Koeln E-Mail: roderb...@uni-koeln.de Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.3.7 -> smbd panic in printing.
Hi everyone, Recently upgraded to 3.3.7 on a test server (can do everything on it if you need to test something like patch, configuration options, etc…), and got big problems with printing very similar to http://www.mail-archive.com/samba@lists.samba.org/msg97841.html signaled for version 3.2.6 I'm on CentOS 5.3 recently updated (with sernet packages) and I checked that I have the correct patch (included in the 3.3.0 release if I'm right…) with the close_all_print_db(); (in file source/printing/print_cups.c). But it still doesn't work. On the official CentOS version 3.0.33, I installed my printers without any troubles, upgrade to 3.3.7 and then can't print anymore (losing configurations, etc…). Tried on a fresh install with 3.3.7 -> same result… Here is the panic part : $ cat po-7678.log [2009/09/01 12:12:38, 0] smbd/service.c:make_connection(1288) po-7678 (10.92.20.115) couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d} [2009/09/01 12:12:48, 1] smbd/service.c:make_connection_snum(1115) po-7678 (10.92.20.115) connect to service print$ initially as user nobody (uid=99, gid=99) (pid 1030) [2009/09/01 12:12:57, 0] smbd/nttrans.c:call_nt_transact_ioctl(1989) call_nt_transact_ioctl(0x90100): Currently not implemented. [2009/09/01 12:12:59, 1] smbd/service.c:make_connection_snum(1115) po-7678 (10.92.20.115) connect to service print$ initially as user nobody (uid=99, gid=99) (pid 1030) [2009/09/01 12:12:59, 1] smbd/service.c:close_cnum(1327) po-7678 (10.92.20.115) closed connection to service print$ [2009/09/01 12:12:59, 1] smbd/service.c:make_connection_snum(1115) po-7678 (10.92.20.115) connect to service print$ initially as user nobody (uid=99, gid=99) (pid 1030) [2009/09/01 12:12:59, 1] smbd/service.c:close_cnum(1327) po-7678 (10.92.20.115) closed connection to service print$ [2009/09/01 12:12:59, 0] lib/debug.c:reopen_logs(663) Unable to open new log file /var/log/samba/po-7678.log: Permission denied [2009/09/01 12:12:59, 0] lib/util_tdb.c:tdb_wrap_log(886) tdb(/var/lib/samba/notify.tdb): tdb_reopen: open failed (Permission denied) [2009/09/01 12:12:59, 0] lib/util.c:reinit_after_fork(1054) tdb_reopen_all failed. [2009/09/01 12:12:59, 0] printing/print_cups.c:cups_pcap_load_async(432) cups_pcap_load_async: reinit_after_fork() failed [2009/09/01 12:12:59, 0] lib/util.c:smb_panic(1673) PANIC (pid 1117): cups_pcap_load_async: reinit_after_fork() failed [2009/09/01 12:12:59, 0] lib/util.c:log_stack_trace(1777) [2009/09/01 12:12:59, 0] lib/debug.c:reopen_logs(663) BACKTRACE: 22 stack frames: Unable to open new log file /var/log/samba/po-7678.log: Permission denied #0 smbd(log_stack_trace+0x1a) [0x2b8c7813d620] [2009/09/01 12:12:59, 0] lib/debug.c:reopen_logs(663) #1 smbd(smb_panic+0x5b) [0x2b8c7813d730] Unable to open new log file /var/log/samba/po-7678.log: Permission denied [2009/09/01 12:12:59, 0] lib/debug.c:reopen_logs(663) #2 smbd(cups_cache_reload+0x27c) [0x2b8c78103e14] Unable to open new log file /var/log/samba/po-7678.log: Permission denied #3 smbd(pcap_cache_reload+0x109) [0x2b8c781007b5] [2009/09/01 12:12:59, 0] lib/debug.c:reopen_logs(663) #4 smbd(reload_printers+0x25) [0x2b8c78353dfc] Unable to open new log file /var/log/samba/po-7678.log: Permission denied #5 smbd(reload_services+0x154) [0x2b8c78354043] [2009/09/01 12:12:59, 0] lib/debug.c:reopen_logs(663) #6 smbd(add_printer_hook+0x24d) [0x2b8c7807ed34] Unable to open new log file /var/log/samba/po-7678.log: Permission denied #7 smbd(_spoolss_addprinterex+0x205) [0x2b8c78088e2c] #8 smbd [0x2b8c78073c95] #9 smbd(api_pipe_request+0x42a) [0x2b8c780af529] #10 smbd [0x2b8c780aa9ac] #11 smbd(write_to_internal_pipe+0x7cc) [0x2b8c780ab7b6] #12 smbd(write_to_pipe+0x135) [0x2b8c780ab9fe] #13 smbd [0x2b8c77f13005] #14 smbd [0x2b8c77f13695] #15 smbd(reply_trans+0x72e) [0x2b8c77f14327] #16 smbd [0x2b8c77f6bff2] #17 smbd [0x2b8c77f6cfab] #18 smbd(smbd_process+0xc23) [0x2b8c77f6dc89] #19 smbd(main+0x2135) [0x2b8c78356679] #20 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2b8c7b1c7974] #21 smbd [0x2b8c77ef8b59] [2009/09/01 12:13:00, 0] lib/fault.c:dump_core(231) dumping core in /var/log/samba/cores/smbd Any ideas on what's wrong ? Regards. -- Clément Véret -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba wants "chdir"
2009/8/31 Helmut Hullen : [...] > Aug 31 10:09:28 Server smbd[20793]: chdir (/home/adm) failed [...] > b) which machine or program asks "chdir /home/adm"? That's a DOS > command, no Linux command. There is a Unix system call called chdir(). I suspect that this is what smbd is referring to. > "/home/adm" exists, it's a Samba share. What user is smbd running as? (ps aux | grep smbd) Who owns /home/adm and what are the permissions? -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba