Re: [Samba] Cannot see server in win Neighborhood (again)

[Kevin Keane]

Are you listening on port 139, or only on port 445?

Microsoft had a great idea when they implemented SMB over TCP on port 445 and 
eliminated the ancient and inefficient NETBIOS over TCP, or NetBT (on port 
139). Unfortunately, they didn't think it all the way through - you still need 
NETBIOS to populate the network neighborhood, so if your Samba server only 
listens on port 445, you won't get happy in your network neighborhood.

In Vista and Windows 7, this problem is fixed: they now use UPnP (renamed to 
Network Discovery) to populate the network neighborhood (and do a lot of other 
neat stuff). Samba does not yet support UPnP, though.

Bottom line: even though Samba supports turning off NetBT, DON'T.

This problem is exacerbated if you are using an IPv6 network, because Microsoft 
no longer even supports NETBIOS at all.

> -Original Message-
> From: samba-boun...@lists.samba.org [mailto:samba-
> boun...@lists.samba.org] On Behalf Of Matias Morawicki
> Sent: Friday, December 18, 2009 7:16 AM
> To: samba@lists.samba.org
> Subject: [Samba] Cannot see server in win Neighborhood (again)
> 
> Hello u all, sorry to bring this issue back again, but I´ve been
> searching and trying all the advices suggested in previous posts and I
> still can´t see the samba server in the win network neighborhood.
> 
> I can see the samba shares from win via net view \\servername
> 
> but if I issue a plain "net view" samba won´t show up. only the win
> machines, the same i can see on the Neighborhood...
> 
> I´ve tried stopping iptables, different smb.conf from the simple
> examples of t first chapters of samba by example,  to plenty of
> options... that´s why I´m not including my smb.conf, because I´ve
> tried many variations, always with the same results. I even tried a
> working smb.conf from another linux box which was showing in win
> Neighborhood...
> 
> and when I select local master = no  Samba would stay without master!
> I issue smbclient -L servername -U% and the master section remains
> empty.
> 
> It´s like samba is not being able to "talk" to the rest of the
> workgroup. (of course they are all in the same workgroup)
> 
> Btw, the server is a Centos 5.3, with samba 3.2.15 (it also happened
> with the default samba, so I´ve upgraded just in case...)
> 
> I hope someone can point me some directions...
> 
> thanks in advance!!
> 
> Matias
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] srvtools -- are these really useful?

[Raymond Lillard]

I have installed 3.4.3 on a CentOS 5.4 box as a PDC with tdbsam
for a backend.  All seems to be working as expected in the
Samba world.

With the intention of getting ordinary maintenance off of
my back, I downloaded and installed usrmgr and srvmgr in
/root/bin.

When I launch either of them from a WinXP workstation member
while logged into the domain as root, the domain is not found.
I can find the domain from the menu and look at various settings,
but cannot do much of anything that can be made permanent.

Question:  Have I omitted some critical setting to make these
   tools useful?  Should I not be able to add users to
   groups, for example?


What follows is some output that shows thing to be configured
correctly.  I think.


r...@foobar {~} net rpc group MEMBERS "Domain Admins"
Enter root's password:
PS2\root
PS2\b0fh


r...@foobar {~} net groupmap list
... cut several local groups from this list ...
Domain Users (S-1-5-21-2487701501-27877076-1099799052-513) -> staff
Domain Guests (S-1-5-21-2487701501-27877076-1099799052-514) -> nobody
Domain Admins (S-1-5-21-2487701501-27877076-1099799052-512) -> wheel
Administrators (S-1-5-32-544) -> 1
Users (S-1-5-32-545) -> 10001

Note: I'm not sure what the groups Administrators and Users are about.



r...@foobar {~} net rpc rights list
Enter root's password:
 SeMachineAccountPrivilege  Add machines to domain
  SeTakeOwnershipPrivilege  Take ownership of files or other objects
 SeBackupPrivilege  Back up files and directories
SeRestorePrivilege  Restore files and directories
 SeRemoteShutdownPrivilege  Force shutdown from a remote system
  SePrintOperatorPrivilege  Manage printers
   SeAddUsersPrivilege  Add users and groups to the domain
   SeDiskOperatorPrivilege  Manage disk shares

Note: I see no priv to add users to an existing group?




Thank you for your time,
Ray

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SerNet package spool directory

[Karolin Seeger]

Hi Moray,

On Di, Dez 15, 2009 at 06:20:31 +, Moray Henderson wrote:
> It would be useful if your 3.3.9 build (currently in recent) included
> the /var/spool/samba directory - it just took me a while to figure out
> why Samba printing wasn't working on a new EL5 server ;-)

thanks for the hint!

We packaged the /var/spool/samba directory in the past, but decided to
drop it, because it's a 1777 directory which gives each user the chance to
fill-up the /var partition. You could either use /tmp instead or create
/var/spool/samba manually.

Cheers,
Karolin

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE



pgptpc68wTQ8D.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

[George K Colley]

On Dec 16, 2009, at 11:31 PM, Anton Starikov wrote:

> 
> On Dec 17, 2009, at 8:22 AM, George K Colley wrote:
> 
>> 
>> On Dec 16, 2009, at 1:39 PM, Anton Starikov wrote:
>> 
>>> 
>>> On Dec 16, 2009, at 10:28 PM, Ryan Suarez wrote:
>>> 
 Anton Starikov wrote:
> Then with "unix extension = yes" there os no way for propagation of ACL's?
> 
> BTW, I tried it with "unix extension = no" on server side. According to 
> google it used to work on 10.5.x in this way.   
 
 Nope, I'm testing with OSX v10.5.7 client and we have 'unix extensions=no' 
 explicitly set on the server.  This problem still occurs.
 
>>> 
>>> Then I don't understand. I found few cases on the internet, where disabling 
>>> of unix extensions helped to enable ACL for 10.5.x.
>>> Probably it was with older versions of Leopard with older of smbfs.
>> unix extension on or off has no affect on ACL support. We turn on NT Style 
>> ACL support only if we think the Server, Client and Network Log in user all 
>> belong to the same Domain.
> 
> How to check it or enforce it?
> 
> Setup is next:
> 1) On OSX 10.5 server OpenDirectory + samba PDC.
ON 10.5 we require that the mount point be owned by an AD user and the log user 
is an AD user.
> 
> 2) Linux server with samba (member of domain hosted on OSX)
Can't be some with 10.5 clients
> 
> 3) OSX 10.6 client.
> 
> OSX client login as OpenDirectory user. In opendirectory apple-user-homeurl 
> set to point to samba share on linux server.
Need to return the correct info in the WhoAMI call. I will need to look at the 
code. So let me get back to you on this one.

George
> 
> 
> Anton.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

[George K Colley]

On Dec 16, 2009, at 11:24 PM, Volker Lendecke wrote:

> On Wed, Dec 16, 2009 at 11:16:24PM -0800, George K Colley wrote:
>> The lack of support of the BSD MODES flags in Samba is a
>> known issue that we hope to solve in a future release. We
>> will never be able to support Samba correctly without
>> these bits, but plan on doing a better job in the
>> future.It would be nice if Samba would support the
>> following flags the same as the DOS Attributes. That would
>> solve so many issues:)
>> 
>> BSD hidden Flag  - DOS Attribute Hidden
>> BSD immutable - Windows Read-Only bit
>> BSD archived - the reverse of the BSD archive bit 
>> 
>> But the UNIX extensions does not require this support, but
>> this causes the Mac OS Client to have several issue. 
> 
> Where in the protocol do these show up? In a unixinfo call?
> 
> If they directly map to the Windows attributes, it should be
> possible to splice them into our Winattr logic (x permission
> bits or the EA xattr).
> 
> Volker
So the UNIX INFO2 call both FindFirst and Query have support for these fields. 
In the Samba Docs at 
http://wiki.samba.org/index.php/UNIX_Extensions#SET_CIFS_UNIX_INFO.

4   108 ULONG   FileFlags   File flags enumeration
4   112 ULONG   FileFlagsMask   Mask of valid flags
If the client is doing a set with the UNIX_INFO2 level and it does not want to 
alter the FileFlags, it should provide a FileFlagsMask of 0.
The defined set of file flags is
File Flag   Value   Interpretation
EXT_SECURE_DELETE   0x0001  File should be erased such that the 
data is not recoverable
EXT_ENABLE_UNDELETE 0x0002  File should opt-in to a server-specific 
deletion recovery scheme
EXT_SYNCHRONOUS 0x0004  I/O to this file should be performed 
synchronously
EXT_IMMUTABLE   0x0008  NO changes can be made to this file
EXT_OPEN_APPEND_ONLY0x0010  Only appends can be made to this file
EXT_DO_NOT_BACKUP   0x0020  Backup programs should ignore this file
EXT_NO_UPDATE_ATIME 0x0040  The server is not required to update 
the last access time on this file
EXT_HIDDEN  0x0080  User interface programs may ignore this file



We only care about the EXT_IMMUTABLE, EXT_HIDDEN and EXT_DO_NOT_BACKUP(reverse  
of the DOS Archive Bit)

Set Query UNIX Info2 allow us to set these values.

George
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

[George K Colley]

On Dec 16, 2009, at 1:39 PM, Anton Starikov wrote:

> 
> On Dec 16, 2009, at 10:28 PM, Ryan Suarez wrote:
> 
>> Anton Starikov wrote:
>>> Then with "unix extension = yes" there os no way for propagation of ACL's?
>>> 
>>> BTW, I tried it with "unix extension = no" on server side. According to 
>>> google it used to work on 10.5.x in this way.   
>> 
>> Nope, I'm testing with OSX v10.5.7 client and we have 'unix extensions=no' 
>> explicitly set on the server.  This problem still occurs.
>> 
> 
> Then I don't understand. I found few cases on the internet, where disabling 
> of unix extensions helped to enable ACL for 10.5.x.
> Probably it was with older versions of Leopard with older of smbfs.
unix extension on or off has no affect on ACL support. We turn on NT Style ACL 
support only if we think the Server, Client and Network Log in user all belong 
to the same Domain.

George
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

[George K Colley]

On Dec 16, 2009, at 10:59 AM, Anton Starikov wrote:

> But what is strange, is the fact that I don't see chflags commands, during 
> audit of server side.
> 
> And, obviously, client accepts chmod_acl errors silently. (Although I don't 
> have ACL's on files on server side, as result).
> 
> So, it looks like client knows that server doesn't support chflags, and 
> complains locally.
> Can it be an issue, that vfs_audit doesn't audit chflags if they unsupported 
> on server side?
So with Mac OS the chflags can also be set with getattrlist:( There are several 
known issue here, we try to work around these issues, but sadly I didn't do a 
very good enough job handling the lack of support.

George
> 
> On Dec 16, 2009, at 7:51 PM, Anton Starikov wrote:
> 
>> Yep, and there is some other problem with OSX client and linux samba server:
>> 
>> smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
>> available)|Desktop/ddldldl|755
>> 
>> smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
>> available)|Library/Application 
>> Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|644
>> 
>> cmsdata smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
>> available)|Library/Application 
>> Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|744
>> 
>> It is with "unix extensions = yes".
>> 
>> 
>> On Dec 16, 2009, at 7:08 PM, Jeremy Allison wrote:
>> 
>>> On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote:
 And although it creates directory, it doesn't copy contents, because it 
 stops process of copying directory after this error. If I repeat filesync, 
 the contents of directory will be copid (cause directory is already here).
 
 So, it looks exactly the same.
 If so, then problem in chflags(). 
 I expect that samba on linux is compiled without support for chflags, 
 obviously.
 
 I presume that settings "unix extensions = no" would probably fix this, 
 but it has a drawback, because then you loose native unix things like 
 symlinks etc.
 
 Which is, at least in our case is not possible, cause shares accessed by 
 both, mac and linux clients over NFS (the same clients on different hosts) 
 and symlinks are heavily used.
 
 I think, OSX client, when it sees that server supports "unix extensions", 
 expects that on other side is OSX server with samba which supports chflags.
 
 So, if we don't discuss rewrite of OSX cifs FS, then only solution is to 
 "emulate" chflags support on samba side (or convert flags to XFS/ETX3 
 attrs somehow)
>>> 
>>> Hmmm. Looks like a client bug then, in that they don't cope with an
>>> error on chflags set. What error is the Samba server returning here ?
>>> 
>>> George, what errors can the MacOSX client cope with and continue ?
>>> 
>>> Jeremy.
>> 
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

[George K Colley]

On Dec 16, 2009, at 10:51 AM, Anton Starikov wrote:

> Yep, and there is some other problem with OSX client and linux samba server:
> 
> smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
> available)|Desktop/ddldldl|755
> 
> smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
> available)|Library/Application 
> Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|644
> 
> cmsdata smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
> available)|Library/Application 
> Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|744
> 
> It is with "unix extensions = yes".
Please get me more details

George
> 
> 
> On Dec 16, 2009, at 7:08 PM, Jeremy Allison wrote:
> 
>> On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote:
>>> And although it creates directory, it doesn't copy contents, because it 
>>> stops process of copying directory after this error. If I repeat filesync, 
>>> the contents of directory will be copid (cause directory is already here).
>>> 
>>> So, it looks exactly the same.
>>> If so, then problem in chflags(). 
>>> I expect that samba on linux is compiled without support for chflags, 
>>> obviously.
>>> 
>>> I presume that settings "unix extensions = no" would probably fix this, but 
>>> it has a drawback, because then you loose native unix things like symlinks 
>>> etc.
>>> 
>>> Which is, at least in our case is not possible, cause shares accessed by 
>>> both, mac and linux clients over NFS (the same clients on different hosts) 
>>> and symlinks are heavily used.
>>> 
>>> I think, OSX client, when it sees that server supports "unix extensions", 
>>> expects that on other side is OSX server with samba which supports chflags.
>>> 
>>> So, if we don't discuss rewrite of OSX cifs FS, then only solution is to 
>>> "emulate" chflags support on samba side (or convert flags to XFS/ETX3 attrs 
>>> somehow)
>> 
>> Hmmm. Looks like a client bug then, in that they don't cope with an
>> error on chflags set. What error is the Samba server returning here ?
>> 
>> George, what errors can the MacOSX client cope with and continue ?
>> 
>> Jeremy.
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

[George K Colley]

On Dec 16, 2009, at 10:08 AM, Jeremy Allison wrote:

> On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote:
>> And although it creates directory, it doesn't copy contents, because it 
>> stops process of copying directory after this error. If I repeat filesync, 
>> the contents of directory will be copid (cause directory is already here).
>> 
>> So, it looks exactly the same.
>> If so, then problem in chflags(). 
>> I expect that samba on linux is compiled without support for chflags, 
>> obviously.
>> 
>> I presume that settings "unix extensions = no" would probably fix this, but 
>> it has a drawback, because then you loose native unix things like symlinks 
>> etc.
>> 
>> Which is, at least in our case is not possible, cause shares accessed by 
>> both, mac and linux clients over NFS (the same clients on different hosts) 
>> and symlinks are heavily used.
>> 
>> I think, OSX client, when it sees that server supports "unix extensions", 
>> expects that on other side is OSX server with samba which supports chflags.
>> 
>> So, if we don't discuss rewrite of OSX cifs FS, then only solution is to 
>> "emulate" chflags support on samba side (or convert flags to XFS/ETX3 attrs 
>> somehow)
> 
> Hmmm. Looks like a client bug then, in that they don't cope with an
> error on chflags set. What error is the Samba server returning here ?
> 
> George, what errors can the MacOSX client cope with and continue ?
> 
> Jeremy.
The lack of support of the BSD MODES flags in Samba is a known issue that we 
hope to solve in a future release. We will never be able to support Samba 
correctly without these bits, but plan on doing a better job in the future.It 
would be nice if Samba would support the following flags the same as the DOS 
Attributes. That would solve so many issues:)

BSD hidden Flag  - DOS Attribute Hidden
BSD immutable - Windows Read-Only bit
BSD archived - the reverse of the BSD archive bit 

But the UNIX extensions does not require this support, but this causes the Mac 
OS Client to have several issue. 

George

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

[George K Colley]

Different issue that the winbind one, hopefully will be fixed in a future 
update, along with the winbind issue.

George

On Dec 16, 2009, at 9:48 AM, Anton Starikov wrote:

> Probably it can be related.
> 
> 
> In my case filesync of portable directories with samba server always fail for 
> newly created directories with error
> 
> 0:: 09/12/16 06:49:55.282 EXCEPTION: Invalid argument <-SStoreFileOperator_FS 
> applyPermissionsFromObject: (StoreFileOperator-FS.m:508): 
> chflags('/Network/Servers/samba.server.host/cifstest/', flags=0)--> Error 
> Domain=NSPOSIXErrorDomain Code=22 UserInfo=0x10058c170 "Invalid argument">
> 
> It tries to chflags after creation of directory and get this error. 
> 
> Anton.
> 
> 
> 
> On Dec 16, 2009, at 6:37 PM, Ryan Suarez wrote:
> 
>> Volker Lendecke wrote:
>>> On Wed, Dec 16, 2009 at 09:30:18AM -0800, Jeremy Allison wrote:
>>> 
> Yes, I have seen this at a customer site. I've stared at the
> logs and sniffs for MANY hours, but I could not find
> anything. If you solve this, please let me know :-)
> 
 Try pinging George and James (CC:ed on this :-).
 
 Hopefully they can help.
 
>>> 
>>> Already done. Jht mentioned that turning off winbind fixed
>>> it for him ... :-)
>>> 
>> hmm, this server isn't even running winbind...
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] new user can't log

[Leonardo Carneiro]

The database from ldap was a copy from another domain, that existed in 
another network. i've done a slapcat in the old domain and did a slapadd 
in this new one (both domain have the same name). But this happened 
about 2 years ago. After a samba and ldap upgrade via apt-get, the 
duplicated domains message start to pop (abouth 3 months ago). Just now 
i've solved, but now, this =S.


I'll try some of the stuff you guys sugested me.

tks and sorry for my poor english.

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarne...@veltrac.com.br 
http://www.veltrac.com.br 
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/



David Whitney escreveu:

Unless I've blown my memory on Windows internals, each user's SID is
comprised of the domain's SID, then a "self-refential" RID portion. That
means a user from the domain DOMINIOS should NOT have what amounts to a
"prefix" that looks as though it came from a different domain. But unless
I'm mistaken, your logs are telling you exactly that - the domain portion of
the group and user SID's indicate different domains, and that indicates a
problem.

One theory is that perhaps your domain was created, groups and users were
created, but then for some reason your domain SID changed, and perhaps that
led to your described duplicate domain entry (?) problem.

Anyway, I'd take a look at the SIDS of other users and groups and see if
this problem exists for other users or groups on your domain.

-David
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] new user can't log

[David Whitney]

Unless I've blown my memory on Windows internals, each user's SID is
comprised of the domain's SID, then a "self-refential" RID portion. That
means a user from the domain DOMINIOS should NOT have what amounts to a
"prefix" that looks as though it came from a different domain. But unless
I'm mistaken, your logs are telling you exactly that - the domain portion of
the group and user SID's indicate different domains, and that indicates a
problem.

One theory is that perhaps your domain was created, groups and users were
created, but then for some reason your domain SID changed, and perhaps that
led to your described duplicate domain entry (?) problem.

Anyway, I'd take a look at the SIDS of other users and groups and see if
this problem exists for other users or groups on your domain.

-David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] new user can't log

[Zoolook]

2009/12/18 Leonardo Carneiro :
>
>   [2009/12/18 16:47:29,  2] auth/auth.c:check_ntlm_password(308)
>     check_ntlm_password:  authentication for user [dsribeiro] ->
>   [dsribeiro] -> [dsribeiro] succeeded
>   [2009/12/18 16:47:29,  1]
>   rpc_server/srv_netlog_nt.c:_netr_LogonSamLogon(1060)
>     _netr_LogonSamLogon: user DOMINIO\dsribeiro has user sid
>   S-1-5-21-4161212321-1980848047-2820993626-3468
>      but group sid S-1-5-21-874179082-3571801642-3889913597-513.
>     The conflicting domain portions are not supported for NETLOGON calls
>
> Can anyone point me to how to solve this? I'm not what you guys could call
> an expert in samba :D


The SIDs do not match.

Is this the only domain there? If so, I would simply use ldapmodify to
modify users' SID to match the domain SID. You'll need to replace
S-1-5-21-4161212321-1980848047-2820993626 with
S-1-5-21-874179082-3571801642-3889913597
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cannot see server in win Neighborhood (again)

[Matias Morawicki]

2009/12/18 Gaiseric Vandal 

> On 12/18/09 10:15, Matias Morawicki wrote:
>
>> Hello u all, sorry to bring this issue back again, but I´ve been
>> searching and trying all the advices suggested in previous posts and I
>> still can´t see the samba server in the win network neighborhood.
>>
>> I can see the samba shares from win via net view \\servername
>>
>> but if I issue a plain "net view" samba won´t show up. only the win
>> machines, the same i can see on the Neighborhood...
>>
>> I´ve tried stopping iptables, different smb.conf from the simple
>> examples of t first chapters of samba by example,  to plenty of
>> options... that´s why I´m not including my smb.conf, because I´ve
>> tried many variations, always with the same results. I even tried a
>> working smb.conf from another linux box which was showing in win
>> Neighborhood...
>>
>> and when I select local master = no  Samba would stay without master!
>> I issue smbclient -L servername -U% and the master section remains empty.
>>
>> It´s like samba is not being able to "talk" to the rest of the
>> workgroup. (of course they are all in the same workgroup)
>>
>> Btw, the server is a Centos 5.3, with samba 3.2.15 (it also happened
>> with the default samba, so I´ve upgraded just in case...)
>>
>> I hope someone can point me some directions...
>>
>> thanks in advance!!
>>
>> Matias
>>
>>
> Are you using a WINS server-  I find that makes a lot of these issues go
> away.My guess is that your samba machines and windows machines are
> talking to different net bios browser masters (I use WINS servers to avoid
> having to figure out this stuff.)
>
>
> I have, at home, run in to this same issue with Windows machines (workgroup
> not domain, and no samba servers involved) not seeing each other in network
> neighborhood. Does turning off the XP firewall (assuming that you are
> using XP Pro) make a difference?
>
> Thanx for the reply Gaiseric!

yes, I´m using "wins support = yes" and I´ve set the DHCP to set the clients
to use the samba server as wins server.I´ve checked the win clients and they
get the correct conf.

I haven´t tried turning off the XP firewall, but when I tried a basic samba
configuration in a ubuntu server in another box just to test, they were able
to see it in the neigbohood... so I guess the issue is on the Centos side. I
tried the same smb.conf from that working ubuntu-samba and didn´t make it on
the Centos...

thanks again!

Matias
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] new user can't log

[Leonardo Carneiro]

Hello everyone.

I was having a problem with my Samba PDC with LDAP backend. The command 
'net getlocalsid' gaves me the message "Got too many (2) domain info 
entries for domain [domain]". I logged im my ldap server, and saw that i 
have the following entries:


   dn: sambaDomainName=DOMINIO,dc=dominio,dc=com,dc=br
   sambaDomainName: DOMINIO
   sambaSID: S-1-5-21-874179082-3571801642-3889913597
   sambaAlgorithmicRidBase: 1000
   objectClass: sambaDomain
   sambaNextUserRid: 67109862
   sambaNextGroupRid: 67109863
   structuralObjectClass: sambaDomain
   entryUUID: 9ca720c8-00a6-102c-9973-d48efacd902d
   creatorsName: cn=root,dc=dominio,dc=com,dc=br
   createTimestamp: 20070926180404Z
   entryCSN: 20070926180404Z#01#00#00
   modifiersName: cn=root,dc=dominio,dc=com,dc=br
   modifyTimestamp: 20070926180404Z


and:

   dn: ou=Dominios,dc=dominio,dc=com,dc=br
   ou: Dominios
   objectClass: top
   objectClass: organizationalUnit
   structuralObjectClass: organizationalUnit

   dn: sambaDomainName=DOMINIO,ou=Dominios,dc=dominio,dc=com,dc=br
   objectClass: sambaDomain
   sambaAlgorithmicRidBase: 1000
   sambaSID: S-1-5-21-874179082-3571801642-3889913597
   sambaDomainName: DOMINIO
   sambaMinPwdLength: 4
   sambaLogonToChgPwd: 2
   sambaForceLogoff: 0
   sambaRefuseMachinePwdChange: 1
   structuralObjectClass: sambaDomain

Deleting the former (the one that was not inside the 'ou=Dominios') 
solved the problem. Now, the 'net getlocalsid' gives me the SID for my 
domain correctly. I don't know if this have any relation with my new 
problem, but i created a new user and he can't login.


The error is in portuguese, but i'll translate here: "The system could 
not logon by the following error: A device conected to the system is not 
working".


In the log of the machine the user is trying to log, i have the 
following info:


   [2009/12/18 16:47:29,  2] auth/auth.c:check_ntlm_password(308)
 check_ntlm_password:  authentication for user [dsribeiro] ->
   [dsribeiro] -> [dsribeiro] succeeded
   [2009/12/18 16:47:29,  1]
   rpc_server/srv_netlog_nt.c:_netr_LogonSamLogon(1060)
 _netr_LogonSamLogon: user DOMINIO\dsribeiro has user sid
   S-1-5-21-4161212321-1980848047-2820993626-3468
  but group sid S-1-5-21-874179082-3571801642-3889913597-513.
 The conflicting domain portions are not supported for NETLOGON calls

Can anyone point me to how to solve this? I'm not what you guys could 
call an expert in samba :D




--

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarne...@veltrac.com.br 
http://www.veltrac.com.br 
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cannot see server in win Neighborhood (again)

[Gaiseric Vandal]

On 12/18/09 10:15, Matias Morawicki wrote:

Hello u all, sorry to bring this issue back again, but I´ve been
searching and trying all the advices suggested in previous posts and I
still can´t see the samba server in the win network neighborhood.

I can see the samba shares from win via net view \\servername

but if I issue a plain "net view" samba won´t show up. only the win
machines, the same i can see on the Neighborhood...

I´ve tried stopping iptables, different smb.conf from the simple
examples of t first chapters of samba by example,  to plenty of
options... that´s why I´m not including my smb.conf, because I´ve
tried many variations, always with the same results. I even tried a
working smb.conf from another linux box which was showing in win
Neighborhood...

and when I select local master = no  Samba would stay without master!
I issue smbclient -L servername -U% and the master section remains empty.

It´s like samba is not being able to "talk" to the rest of the
workgroup. (of course they are all in the same workgroup)

Btw, the server is a Centos 5.3, with samba 3.2.15 (it also happened
with the default samba, so I´ve upgraded just in case...)

I hope someone can point me some directions...

thanks in advance!!

Matias
   
Are you using a WINS server-  I find that makes a lot of these issues go 
away.My guess is that your samba machines and windows machines are 
talking to different net bios browser masters (I use WINS servers to 
avoid having to figure out this stuff.)



I have, at home, run in to this same issue with Windows machines 
(workgroup not domain, and no samba servers involved) not seeing each 
other in network neighborhood. Does turning off the XP firewall 
(assuming that you are using XP Pro) make a difference?



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Sharing violations on XP host

[john]

Greetings,

I've got a samba server that has been serving a 100+ user network for over
a year with no issues, except recently, one XP workstation throws a
sharing violation when saving Excel files, but only intermittently.

It's an older Samba version (3.0.29) - and yes, I know I have to upgrade.

OS is Fedora 9 x64.

The log shows the following when this occurs:

[2009/12/18 09:42:25, 0] lib/util_sec.c:assert_uid(101)
  Failed to set uid privileges to (1075,1075) now set to (0,0)
[2009/12/18 09:42:25, 0] lib/util.c:smb_panic(1633)
  PANIC (pid 20846): failed to set uid

[2009/12/18 09:42:25, 0] lib/util.c:log_stack_trace(1737)
  BACKTRACE: 16 stack frames:
   #0 /usr/local/samba/sbin/smbd(log_stack_trace+0x1c) [0x7fa0a799e2a5]
   #1 /usr/local/samba/sbin/smbd(smb_panic+0x55) [0x7fa0a799e3a7]
   #2 /usr/local/samba/sbin/smbd [0x7fa0a79a2f65]
   #3 /usr/local/samba/sbin/smbd(restore_re_uid_fromroot+0x2b)
[0x7fa0a79a2fce]
   #4 /usr/local/samba/sbin/smbd [0x7fa0a79a5950]
   #5 /usr/local/samba/sbin/smbd [0x7fa0a79a5d57]
   #6 /usr/local/samba/sbin/smbd(messaging_send+0x23) [0x7fa0a79a6093]
   #7 /usr/local/samba/sbin/smbd(notify_trigger+0x307) [0x7fa0a79d2d75]
   #8 /usr/local/samba/sbin/smbd(notify_fname+0x96) [0x7fa0a79d10c8]
   #9 /usr/local/samba/sbin/smbd(rename_internals+0x94a) [0x7fa0a782a926]
   #10 /usr/local/samba/sbin/smbd(reply_mv+0x2b8) [0x7fa0a7832058]
   #11 /usr/local/samba/sbin/smbd [0x7fa0a78639f1]
   #12 /usr/local/samba/sbin/smbd(smbd_process+0x392) [0x7fa0a78644df]
   #13 /usr/local/samba/sbin/smbd(main+0xa6b) [0x7fa0a7a4ec3d]
   #14 /lib64/libc.so.6(__libc_start_main+0xfa) [0x20ea32a]
   #15 /usr/local/samba/sbin/smbd [0x7fa0a77f7669]
[2009/12/18 09:42:25, 0] lib/fault.c:dump_core(181)
  dumping core in /usr/local/samba/var/cores/smbd
[2009/12/18 09:42:25, 1] smbd/service.c:make_connection_snum(1033)
  wks (123.456.789.10) connect to service DATA initially as user
myuser (uid=1075, gid=1000) (pid 21329)

Note above, the error starts when trying to chown the file to uid.gid
1075.1075 - that UID is valid and is the user's UID, but that GID does not
exist.  In the last few lines, it reconnects as UID 1075 (again, valid)
and GID 1000 (That *is* the correct GID).  Although it says it's dumping
core, it doesn't.

On that share, the GID is forced (config excerpt):

[DATA]
   path = /DATA
   public = yes
   writable = yes
   printable = no
   write list = @samba
   create mask = 0660
   force create mode = 0660
   security mask = 0660
   force security mode = 0660
   directory mask = 0770
   force directory mode = 0770
   directory security mask = 0770
   force directory security mode = 0770
   force group = samba
   nt acl support = no

The samba group is GID 1000, as above.

Any ideas?

TIA

-John


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Cannot see server in win Neighborhood (again)

[Matias Morawicki]

Hello u all, sorry to bring this issue back again, but I´ve been
searching and trying all the advices suggested in previous posts and I
still can´t see the samba server in the win network neighborhood.

I can see the samba shares from win via net view \\servername

but if I issue a plain "net view" samba won´t show up. only the win
machines, the same i can see on the Neighborhood...

I´ve tried stopping iptables, different smb.conf from the simple
examples of t first chapters of samba by example,  to plenty of
options... that´s why I´m not including my smb.conf, because I´ve
tried many variations, always with the same results. I even tried a
working smb.conf from another linux box which was showing in win
Neighborhood...

and when I select local master = no  Samba would stay without master!
I issue smbclient -L servername -U% and the master section remains empty.

It´s like samba is not being able to "talk" to the rest of the
workgroup. (of course they are all in the same workgroup)

Btw, the server is a Centos 5.3, with samba 3.2.15 (it also happened
with the default samba, so I´ve upgraded just in case...)

I hope someone can point me some directions...

thanks in advance!!

Matias
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Migrating an NT4 domain to a Samba PDC - How to limit users access to only certain machines?

[Jason Somers]

Solved!

In case any of you are interested, John Terpstra gave me a call and 
explained how to set this up, and I figured I would pass along the 
information.


First, having set up the PDC, I logged into one of the Windows XP 
workstations as a Domain Admin and downloaded the Windows NT Server 
Tools package:


http://support.microsoft.com/kb/173673

I extracted the archive and ran USRMGR.EXE
From this old school interface, I was able to see my domain users and 
using the "Log Onto" button, was able to set which machines each user 
has the permission to log on to. I tested it out afterwords, and it 
worked great. After uing an LDAP manager, I was able to see that the 
object class added to the user profile was sambaUserWorkstations, so 
Michael was indeed correct!
There was also an option in that app to set logon times and password 
expiry options, but I have not yet gotten a chance to try them out.


A big thanks to everyone for your help

-Jason

=
Jason Somers
Network Administrator
Red Barn Technology Group, Inc.
1235 Front Street - Suite 3
Binghamton, NY 13905
(607) 772-1888 x222



Michael Heydon wrote:


we need to limit certain users to have permission only to log in to 
their specific workstation.
I'm not familiar with ClearOS, but if it uses an LDAP backend (and 
maybe even if it doesn't) the sambaUserWorkstations property should do 
what you want.


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba4 Provisioning Segfault

[Ash Hughes]

Hi,

Hope this is the right place to ask about this... I did a clean install of S4 
alpha10 the other day and attempted to provision it with the python script 
provided. This failed with a segmentation fault, however doing this with alpha8 
does not fail. I've compiled this under arm5 little endian on Ubuntu 9.04 and 
included a backtrace below. Any ideas where I'm going wrong or is this a 
(platform specific?) bug?

I also had trouble connecting Win7 clients to an alpha8 domain, trust 
relationship failed. Is this something which would be changed in the new 
release or have I missed a Windows registry change somewhere along the line?

Many Thanks

Ash

gdb:

r...@ubuntu:~/src/samba-4.0.0alpha10/source4# gdb python
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabi"...
(gdb) run ./setup/provision
Starting program: /usr/bin/python ./setup/provision
[Thread debugging using libthread_db enabled]
[New Thread 0x402694d0 (LWP 4004)]
Realm: ashnet.lan
 Domain [ashnet]:
 Server Role (dc, member, standalone) [dc]:
Administrator password:
 Setting up share.ldb

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x402694d0 (LWP 4004)]
0x40b1782c in talloc_chunk_from_ptr () from bin/python/ldb.so
Current language:  auto; currently asm
(gdb) bt
#0  0x40b1782c in talloc_chunk_from_ptr () from bin/python/ldb.so
#1  0x40b19284 in talloc_get_name () from bin/python/ldb.so
#2  0x40b19358 in talloc_check_name () from bin/python/ldb.so
#3  0x4048ce88 in ltdb_index_idxptr () from bin/python/ldb.so
#4  0x4048d878 in ltdb_index_traverse_store () from bin/python/ldb.so
#5  0x40b1184c in tdb_traverse_internal () from bin/python/ldb.so
#6  0x40b11ae4 in tdb_traverse () from bin/python/ldb.so
#7  0x4048da6c in ltdb_index_transaction_commit () from bin/python/ldb.so
#8  0x4048942c in ltdb_prepare_commit () from bin/python/ldb.so
#9  0x403f0d08 in ldb_transaction_prepare_commit () from bin/python/ldb.so
#10 0x403f0ee8 in ldb_transaction_commit () from bin/python/ldb.so
#11 0x403e97f0 in py_ldb_add () from bin/python/ldb.so
#12 0x0012b84c in PyCFunction_Call (func=0x45756378, arg=0x4394f238,
kw=0x15fd88) at ../Objects/methodobject.c:116
#13 0x0009ed50 in PyEval_EvalFrameEx (f=0xab8ed8,
throwflag=) at ../Python/ceval.c:3706
#14 0x000a0970 in PyEval_EvalCodeEx (co=0x4030f848,
globals=, locals=,
args=0x4032a780, argcount=2, kws=0xac7cd8, kwcount=1165320760,
defs=0x4032a77c, defcount=1, closure=0x0) at ../Python/ceval.c:2968
#15 0x0009f184 in PyEval_EvalFrameEx (f=0xab8900,
throwflag=) at ../Python/ceval.c:3802
#16 0x0009f7b0 in PyEval_EvalFrameEx (f=0x35ae80,
throwflag=) at ../Python/ceval.c:3792
#17 0x000a0970 in PyEval_EvalCodeEx (co=0x4033c848,
globals=, locals=,
args=0x4032264c, argcount=4, kws=0x2a2e48, kwcount=8196, defs=0x402967bc,
defcount=41, closure=0x0) at ../Python/ceval.c:2968
#18 0x0009f184 in PyEval_EvalFrameEx (f=0x2a2d10,
throwflag=) at ../Python/ceval.c:3802
#19 0x000a0970 in PyEval_EvalCodeEx (co=0x402d2800,
globals=, locals=, args=0x0,
argcount=1076326696, kws=0xbeee1668, kwcount=1076701184, defs=0x0,
defcount=0, closure=0x0) at ../Python/ceval.c:2968
#20 0x000a0a88 in PyEval_EvalCode (co=0x244eaa18, globals=0x1617f0,
locals=0x15fd88) at ../Python/ceval.c:522
#21 0x000bfdb4 in PyRun_FileExFlags (fp=0x253cd8,
filename=0xbeee19ff "./setup/provision", start=,
globals=0x40290270, locals=0x40290270, closeit=1076710432,
flags=0xbeee176c) at ../Python/pythonrun.c:1335
#22 0x000c007c in PyRun_SimpleFileExFlags (fp=0x253cd8,
filename=0xbeee19ff "./setup/provision", closeit=1, flags=0xbeee176c)
at ../Python/pythonrun.c:931
#23 0x00019bd4 in Py_Main (argc=2, argv=0xbeee18e4) at ../Modules/main.c:599
#24 0x4013a03c in __libc_start_main () from /lib/libc.so.6
#25 0x00018d10 in _start ()
(gdb)

  
_
Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy
http://clk.atdmt.com/UKM/go/186394592/direct/01/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba