Re: [Samba] joining 2008 DC

2010-07-01 Thread Tom Reijnders 
Note, that you try to do the oposite. Adding Windows to a Smaba PDC and 
not Samba to a 2008 AD.


Nevertheless, I successfully added a Windows 2008 server to my Samba 
P.D.C. by doing the same steps as for Windows 7.


See http://wiki.samba.org/index.php/Windows7


Op 1-7-2010 20:30, Indexer schreef:

On 02/07/2010, at 3:34 AM, Nick Couchman wrote:

   

We have several Samba systems of varying versions joined to our Windows
Server 2008 Active Directory domain.  I don't recall having to do
anything special to get it working.

 

That is interesting, as i have just been tearing out my hair for a few hours 
attempting to get a server 2008 system to join the samba PDC. What version of 
samba are you using?

William

   


--
--

Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can SAMBA work with 2008 R2 Read Only Domain controller

2010-07-01 Thread Jason Haar 
 This is a "me too". We just installed a new CentOS server (running
self-compiled samba-3.5.4 from samba.org) into a remote site that only
has a RODC and although the domain join appeared to work fine, every few
hours it "drops off" the domain.

i.e.

"net ads join" worked
"net ads testjoin" worked

but then hours later "net ads testjoin" returns "Failed to join domain:
failed to connect to AD: Decrypt integrity check failed Ok"

Strangely enough, if I then do

net ads testjoin -S real.remote.dc

that works just fine. Even stranger, immediately doing "net ads
testjoin" starts working again - for a few hours

It looks like the RODC (I know this error occurs with the RODC - "-d9"
shows it) is returning some kind of unexpected errocode when objects
aren't in its cache - and Samba freaks?

Note to Serge: I think hagai is - like me - referring to Samba as a
domain member - not as a domain controller.

Jason


On 06/07/2010 03:19 AM, Serge Fonville wrote:
> Hi,
>
> Have you read http://wiki.samba.org/index.php/Samba4_joining_a_domain ?
> # Samba4 joining a domain as a RODC
>
> HTH
>
> Regards,
>
> Serge Fonville
>
> On Sun, Jun 6, 2010 at 5:12 PM, hagai yaffe  wrote:
>> Hello,
>>
>> We are planing to utilize Microsoft 2008 R2 Read Only Domain controller, and 
>> deploy RODC's in branches.
>>
>> If I would like to have SAMBA servers in those branches, will I be able to 
>> add them to the domain (using "net ads join") and work with them, when using 
>> the RODC's as domain controllers configured in my smb.conf & krb5.conf?
>>
>> I have looked around and did not find any documentation for SAMBA supporting 
>> / not supporting this.
>>
>> I have done some testing and failed (I got "Failed to join domain: failed to 
>> connect to AD: Decrypt integrity check failed Ok" from the "net ads join" 
>> command), before investing more time in troubleshooting I hoped that someone 
>> could assist and tell me if such a configuration is possible.
>>
>> If this is not possible, it would be great to know why.
>>
>> Best Regards,
>> Hagai
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] wbinfo recognises my username, smbclient does not

2010-07-01 Thread Rob Moser 

Ok, solved my own problem, but I have no idea how, so if anyone has any
insights I'd still love to hear them.

>From the behaviour I was seeing (described below) I had decided that
perhaps there was something wrong with the smb.conf file, which I had
mostly copied over from another machine.  So, in desperation, I
commented out every single line in the file, and added back the most
basic configuration options until I could connect to the samba share
with smbclient.  Then, to discover what was causing my problem, I added
back the other commented lines one at a time to see which one broke it.
 Well, in the end I added them all back, and it still works!  So, in
short, the solution to my problem was to comment and then uncomment the
smb.conf file?!?  I just ran testparm again and the output is exactly
the same as the one from yesterday quoted below.  Nothing else on the
machine (should have) changed.

I think my machine is haunted... *sigh*

 - rob.

On 06/30/2010 03:26 PM, Rob Moser wrote:
> Hello folks.
> 
> Brand new 3.5.4 install of samba, on a brand new redhat 5.5 install,
> trying to connect to a windows domain and allow AD users access.  I used
> a series of how-tos to set things up, and modified the smb.conf and
> krb5.conf files from an existing (working, 3.2.8) system.  I apparently
> join the domain ok, and I can authenticate an AD user using wbinfo, but
> when I try to use the same user with smbclient I get a
> NT_STATUS_NO_SUCH_USER response.  I thought perhaps that smbclient was
> somehow not associating the username with the correct domain, but
> explicitly stating the domain didn't help.  Googling about on the
> problem found me (among a lot of dross) someone with similar symptoms
> who claimed to fix his problem by adding "client NTLMv2 auth = Yes" to
> his smb.conf, so I tried that, but got no joy there either.  Much
> diagnostic text follows; apologies for the bulk, but figured its better
> to put too much in than leave too much out.
> 
> Any suggestions would be most appreciated; thanks.
> 
>  - rob.
> 
> [r...@dev-acadprtsrv3 log]# kinit -V rmoser
> Password for rmo...@students.froot.nau.edu:
> Authenticated to Kerberos v5
> 
> [r...@dev-acadprtsrv3 log]# klist -5
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: rmo...@students.froot.nau.edu
> Valid starting ExpiresService principal
> 06/30/10 14:19:56  07/01/10 00:20:00
> krbtgt/students.froot.nau@students.froot.nau.edu
> renew until 07/01/10 14:19:56
> 
> [r...@dev-acadprtsrv3 log]# net ads testjoin -U rmoser
> Join is OK
> 
> [r...@dev-acadprtsrv3 log]# wbinfo -t
> checking the trust secret for domain NAU-STUDENTS via RPC calls succeeded
> 
> [r...@dev-acadprtsrv3 log]# wbinfo -a NAU-STUDENTS\\rmoser
> Enter NAU-STUDENTS\rmoser's password:
> plaintext password authentication succeeded
> Enter NAU-STUDENTS\rmoser's password:
> challenge/response password authentication succeeded
> 
> [r...@dev-acadprtsrv3 log]# smbclient -d3 -U NAU-STUDENTS\\rmoser -L
> dev-acadprtsrv3.ucc.nau.edu
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
> Processing section "[global]"
> added interface eth0 ip=fe80::9015:73ff:fe64:54cf%eth0
> bcast=fe80:::::%eth0 netmask=:::::
> added interface eth0 ip=134.114.138.189 bcast=134.114.138.255
> netmask=255.255.255.0
> Client started (version 3.5.4).
> Enter NAU-STUDENTS\rmoser's password:
> resolve_lmhosts: Attempting lmhosts lookup for name
> dev-acadprtsrv3.ucc.nau.edu<0x20>
> resolve_wins: Attempting wins lookup for name
> dev-acadprtsrv3.ucc.nau.edu<0x20>
> resolve_wins: using WINS server 134.114.138.35 and tag '*'
> Got a positive name query response from 134.114.138.35 ( 134.114.138.189 )
> Connecting to 134.114.138.189 at port 445
> Doing spnego session setup (blob length=131)
> got OID=1.2.840.113554.1.2.2
> got OID=1.2.840.48018.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=cifs/dev-acadprtsrv3.ucc.nau@students.froot.nau.edu
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> SPNEGO login failed: Logon failure
> session setup failed: NT_STATUS_LOGON_FAILURE
> 
> [r...@dev-acadprtsrv3 log]# tail /var/log/samba/log.smbd
> [2010/06/30 14:12:22.530813,  2] auth/auth.c:314(check_ntlm_password)
>   check_ntlm_password:  Authentication for user [rmoser] -> [rmoser]
> FAILED with error NT_STATUS_NO_SUCH_USER
> [2010/06/30 14:22:52.071828,  0] lib/util_sock.c:1505(matchname)
>   matchname: host name/address mismatch: :::134.114.138.189 !=
> dev-acadprtsrv3.ucc.nau.edu
> [2010/06/30 14:22:52.072189,  0] lib/util_sock.c:1626(get_peer_name)
>   Matchname failed on dev-acadprtsrv3.ucc.nau.edu :::134.114.138.189

Re: [Samba] joining 2008 DC

2010-07-01 Thread Indexer 

On 02/07/2010, at 3:34 AM, Nick Couchman wrote:

> We have several Samba systems of varying versions joined to our Windows
> Server 2008 Active Directory domain.  I don't recall having to do
> anything special to get it working.
> 

That is interesting, as i have just been tearing out my hair for a few hours 
attempting to get a server 2008 system to join the samba PDC. What version of 
samba are you using?

William

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.23d

2010-07-01 Thread Gaiseric Vandal 

What area?

The initial packages should be on the solaris DVD

bash-3.00# pkginfo | grep -i samba
system  SUNWsmbacsamba - A Windows SMB/CIFS 
fileserver for UNIX (client)
system  SUNWsmbarsamba - A Windows SMB/CIFS 
fileserver for UNIX (Root)
system  SUNWsmbausamba - A Windows SMB/CIFS 
fileserver for UNIX (Usr)

bash-3.00#



If you go to sunsolve.sun.com and search for "Samba 5.10" you should be 
able to find the patches to bring it up to 3.0.37.





On 06/30/2010 08:44 AM, Fair, Barbara wrote:

Good Morning

I am looking to download the Samba 3.0.23d binary for Solaris.  When I go to 
the area that is set up for binaries, there is nothing under the Sparc folder.  
Is there another place I can get the binary?

Thanks in advance for your help.
Barb Fair
Lockheed Martin
Valley Forge, PA
610-531-5442
   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] joining 2008 DC

2010-07-01 Thread Nick Couchman 
Various versions - 3.3.x, for the most part, I believe.  Are you running Server 
2008 or Server 2008 R2?

>>> On 2010/07/01 at 12:30, Indexer  wrote: 

> On 02/07/2010, at 3:34 AM, Nick Couchman wrote:
> 
>> We have several Samba systems of varying versions joined to our Windows
>> Server 2008 Active Directory domain.  I don't recall having to do
>> anything special to get it working.
>> 
> 
> That is interesting, as i have just been tearing out my hair for a few hours 
> attempting to get a server 2008 system to join the samba PDC. What version of 
> samba are you using?
> 
> William





This e-mail may contain confidential and privileged material for the sole use 
of the intended recipient.  If this email is not intended for you, or you are 
not responsible for the delivery of this message to the intended recipient, 
please note that this message may contain SEAKR Engineering (SEAKR) 
Privileged/Proprietary Information.  In such a case, you are strictly 
prohibited from downloading, photocopying, distributing or otherwise using this 
message, its contents or attachments in any way.  If you have received this 
message in error, please notify us immediately by replying to this e-mail and 
delete the message from your mailbox.  Information contained in this message 
that does not relate to the business of SEAKR is neither endorsed by nor 
attributable to SEAKR.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Default Hidden Disk Shares

2010-07-01 Thread Jeremy Allison 
On Thu, Jul 01, 2010 at 02:01:22PM +0100, Atkinson, Robert wrote:
> Windows automatically creates an Admin level disk share as \\server\volume$
>  .
> 
>  
> 
> Can anyone tell me if Samba automatically does the same without having to
> define these in SMB.CONF?

No, sorry. That would be rather dangerous IMHO. You can
easily define these yourself if you need them and export
the root of the filesystem.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] joining 2008 DC

2010-07-01 Thread Nick Couchman 
We have several Samba systems of varying versions joined to our Windows
Server 2008 Active Directory domain.  I don't recall having to do
anything special to get it working.

-Nick

>>> On 2010/06/30 at 09:23,  wrote: 
> Hi,
> 
> We have installed  Samba version 3.3.7 on AIX server.
> So we use AIX version 6.1
> samba sw pware.samba.rte 3.3.7.0
> 
> actually connected to WIN 2003 DC
> 
> We would like to upgrade our DC to WIN 2008, so the question is:
> 
> can we stay with installed Samba and go towards to upgrade DC to
WIN2008 ?
> or do we have to also upgrade Samba itself ? I mean before joining
the new 
> domain on WIN 2008 DC.
> 
> thanx alot for your answer,
> 
> best regards,
> 
> 
> Ji*í Koutník
> RaiffeisenBank, a.s.
> tel:   +420 222 115 105
> mobil: +420 603 808 302
> Czech Republic




This e-mail may contain confidential and privileged material for the sole use 
of the intended recipient.  If this email is not intended for you, or you are 
not responsible for the delivery of this message to the intended recipient, 
please note that this message may contain SEAKR Engineering (SEAKR) 
Privileged/Proprietary Information.  In such a case, you are strictly 
prohibited from downloading, photocopying, distributing or otherwise using this 
message, its contents or attachments in any way.  If you have received this 
message in error, please notify us immediately by replying to this e-mail and 
delete the message from your mailbox.  Information contained in this message 
that does not relate to the business of SEAKR is neither endorsed by nor 
attributable to SEAKR.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] net ads testjoin without asking for password

2010-07-01 Thread Atkinson, Robert 
You seem to be correct :-

$ NET RPC TESTJOIN
Join to 'UK' is OK
$

Note this is an OpenVMS server, not Linux/Unix.

Rob.

-Original Message-
From: Khaled Blah [mailto:khaled.b...@googlemail.com] 
Sent: 01 July 2010 15:41
To: Atkinson, Robert
Cc: samba@lists.samba.org
Subject: Re: [Samba] net ads testjoin without asking for password

Hi Robert,

I've already tried that and it wouldn't work :( If I understand it
correctly, then net writes the account password for the joining
account to the "secrets.tdb" file and if that file still is there say
after a reboot then net ads testjoin should not ask for a password
right?

Regards,
Khaled

2010/7/1 Atkinson, Robert :
> Try :-
>
> -U username%"password" on the command.
>
> Rob.
>
> -Original Message-
> From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On
> Behalf Of Khaled Blah
> Sent: 01 July 2010 15:05
> To: samba@lists.samba.org
> Subject: [Samba] net ads testjoin without asking for password
>
> Hello all,
>
> is it possible to execute "net ads testjoin" without net asking for a
> password (in any circumstance)? The reason for my question is that I
> want to use it in a script and thus won't be able to supply a password
> to net (net does not ask for a password on stdin).
>
> Thanks in advance to anyone who can shed some light on this for me!
>
> Regards,
> Khaled
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
*
**
> Any opinions expressed in email are those of the individual and not
necessarily those of the company. This email and any files transmitted with
it are confidential and solely for the use of the intended recipient or
entity to whom they are addressed. It may contain material protected by
attorney-client privilege. If you are not the intended recipient, or a person
responsible for delivering to the intended recipient, be advised that you
have received this email in error and that any use is strictly prohibited.
>
> Random House Group + 44 (0) 20 7840 8400
> http://www.randomhouse.co.uk
> http://www.booksattransworld.co.uk
> http://www.kidsatrandomhouse.co.uk
> Generic email address - enquir...@randomhouse.co.uk
>
> Name & Registered Office:
> THE RANDOM HOUSE GROUP LIMITED
> 20 VAUXHALL BRIDGE ROAD
> LONDON
> SW1V 2SA
> Random House Group Ltd is registered in the United Kingdom with company No.
00954009, VAT number 102838980
>
*
**
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Enabling logs in pam_smbpass in samba source code

2010-07-01 Thread John H Terpstra 
On 07/01/2010 09:04 AM, kandukuru_sur...@emc.com wrote:
>  
> 
> I am facing some problem with samba 3.4.8 PAM pam_smbpass module, both
> vsftpd,proftpd are not working ..I have opened thread at
> 
> http://forums.proftpd.org/smf/index.php/topic,4739.0.html
> 
>  
> 
> it is working fine with samba 3.0.32
> 
>  
> 
> I want  to see the _log_err messages from pam_smbpass , for that I have
> added log level=4 and log file= /tmp/samba/sambalog.log.
> 
> I did not see any  of  the messages in that samba log file.
> 
>  
> 
> Please tell me how  to enable log  for pam_smbpass module in samba,
> 

Suresh,

>From the documentation in the source code:

25 Mar 2001

pam_smbpass is a PAM module which can be used on conforming systems to
keep the smbpasswd (Samba password) database in sync with the unix
password file. PAM (Pluggable Authentication Modules) is an API supported
under some Unices, such as Solaris, HPUX and Linux, that provides a
generic interface to authentication mechanisms.

For more information on PAM, see http://ftp.kernel.org/pub/linux/libs/pam/

This module authenticates a local smbpasswd user database.  If you require
support for authenticating against a remote SMB server, or if you're
concerned about the presence of suid root binaries on your system, it is
recommended that you use pam_winbind instead.

Options recognized by this module are as follows:

debug   -   log more debugging info
audit   -   like debug, but also logs unknown usernames
use_first_pass  -   don't prompt the user for passwords;
take them from PAM_ items instead
try_first_pass  -   try to get the password from a previous
PAM module, fall back to prompting the user
use_authtok -   like try_first_pass, but *fail* if the new
PAM_AUTHTOK has not been previously set.
(intended for stacking password modules
only)
not_set_pass-   don't make passwords used by this module
available to other modules.
nodelay -   don't insert ~1 second delays on
authentication
failure.
nullok  -   null passwords are allowed.
nonull  -   null passwords are not allowed. Used to
override the Samba configuration.
migrate -   only meaningful in an "auth" context;
used to update smbpasswd file with a
password used for successful authentication.
smbconf=  -   specify an alternate path to the smb.conf
file.

Here is a sample PAM config line in the appropriate file/s in /etc/pam.d:

password required pam_smbpass.so use_authtok use_first_pass debug


I hope that helps.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] net ads testjoin without asking for password

2010-07-01 Thread Khaled Blah 
Hi Robert,

I've already tried that and it wouldn't work :( If I understand it
correctly, then net writes the account password for the joining
account to the "secrets.tdb" file and if that file still is there say
after a reboot then net ads testjoin should not ask for a password
right?

Regards,
Khaled

2010/7/1 Atkinson, Robert :
> Try :-
>
> -U username%"password" on the command.
>
> Rob.
>
> -Original Message-
> From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On
> Behalf Of Khaled Blah
> Sent: 01 July 2010 15:05
> To: samba@lists.samba.org
> Subject: [Samba] net ads testjoin without asking for password
>
> Hello all,
>
> is it possible to execute "net ads testjoin" without net asking for a
> password (in any circumstance)? The reason for my question is that I
> want to use it in a script and thus won't be able to supply a password
> to net (net does not ask for a password on stdin).
>
> Thanks in advance to anyone who can shed some light on this for me!
>
> Regards,
> Khaled
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> ***
> Any opinions expressed in email are those of the individual and not 
> necessarily those of the company. This email and any files transmitted with 
> it are confidential and solely for the use of the intended recipient or 
> entity to whom they are addressed. It may contain material protected by 
> attorney-client privilege. If you are not the intended recipient, or a person 
> responsible for delivering to the intended recipient, be advised that you 
> have received this email in error and that any use is strictly prohibited.
>
> Random House Group + 44 (0) 20 7840 8400
> http://www.randomhouse.co.uk
> http://www.booksattransworld.co.uk
> http://www.kidsatrandomhouse.co.uk
> Generic email address - enquir...@randomhouse.co.uk
>
> Name & Registered Office:
> THE RANDOM HOUSE GROUP LIMITED
> 20 VAUXHALL BRIDGE ROAD
> LONDON
> SW1V 2SA
> Random House Group Ltd is registered in the United Kingdom with company No. 
> 00954009, VAT number 102838980
> ***
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Enabling logs in pam_smbpass in samba source code

2010-07-01 Thread Kandukuru_Suresh 
 

I am facing some problem with samba 3.4.8 PAM pam_smbpass module, both
vsftpd,proftpd are not working ..I have opened thread at

http://forums.proftpd.org/smf/index.php/topic,4739.0.html

 

it is working fine with samba 3.0.32

 

I want  to see the _log_err messages from pam_smbpass , for that I have
added log level=4 and log file= /tmp/samba/sambalog.log.

I did not see any  of  the messages in that samba log file.

 

Please tell me how  to enable log  for pam_smbpass module in samba,

 

 

Thanks

Suresh

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] net ads testjoin without asking for password

2010-07-01 Thread Khaled Blah 
Hello all,

is it possible to execute "net ads testjoin" without net asking for a
password (in any circumstance)? The reason for my question is that I
want to use it in a script and thus won't be able to supply a password
to net (net does not ask for a password on stdin).

Thanks in advance to anyone who can shed some light on this for me!

Regards,
Khaled
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] plreoblem how to reset the password of samba ldap user

2010-07-01 Thread Niyati Dave 
HI all

I am facing a problem to reset the password of a user in ldap + samba 3.  Samba 
is working fine with ldap backend and users are able to login to domain.

In ldap I have a user - Adminisrator
I want to reset its password, tried the commands
'Smbldap-passwd Administrator'
Also 'smbpasswd Administrator' ,but that password is nt working when I try to 
login or access shares using smbclient or to the pc.

What is the exact way to reset a password of a user in samba + openldap 
environment so it is able to login to domain.
Please note that I also have ldap password sync = yes enabled in my smb.conf

Thanks in advance, will appreciate an early response

Niyati Dave


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] joining 2008 DC

2010-07-01 Thread Jiri . KOUTNIK 
Hi,

We have installed  Samba version 3.3.7 on AIX server.
So we use AIX version 6.1
samba sw pware.samba.rte 3.3.7.0

actually connected to WIN 2003 DC

We would like to upgrade our DC to WIN 2008, so the question is:

can we stay with installed Samba and go towards to upgrade DC to WIN2008 ?
or do we have to also upgrade Samba itself ? I mean before joining the new 
domain on WIN 2008 DC.

thanx alot for your answer,

best regards,


Jiří Koutník
RaiffeisenBank, a.s.
tel:   +420 222 115 105
mobil: +420 603 808 302
Czech Republic
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.0.23d

2010-07-01 Thread Fair, Barbara 
Good Morning

I am looking to download the Samba 3.0.23d binary for Solaris.  When I go to 
the area that is set up for binaries, there is nothing under the Sparc folder.  
Is there another place I can get the binary?

Thanks in advance for your help.
Barb Fair
Lockheed Martin
Valley Forge, PA
610-531-5442
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Intermittent authentication error

2010-07-01 Thread Andrew Melchert 
Hello,
 
I have an intermittent authentication error between a Windows 2003 Server and 
AIX 6.1 TL4 Samba 2.2.7. I have the Samba server passing auth details to an 
active directory server. The account exists on AIX but is locked and there is 
no smbpasswd entry (this is how I setup all my samba shares). On the Windows 
server a mapping has been created to mount this path on restart. In most cases 
this works fine but from time to time it fails with authentication issue. 
Rebooting the Windows server fixes the problem but I would like to find the 
root cause and fix it. I have setup debug level 2 and got the following. Any 
help would be greatly appreciated.
 
  Couldn't find user 'aonunitp' in passdb.
  Rejecting user 'aonunitp': authentication failed
  Couldn't find user 'aonunitp' in passdb.
  NT Password did not match for user 'aonunitp'!
  Defaulting to Lanman password for aonunitp
  Couldn't find user 'aonunitp' in passdb.
  Rejecting user 'aonunitp': authentication failed
  reboot
  aonprod (10.1.66.235) connect to service aonunitp as user aonunitp (uid=512, 
gid=1) (pid 4530328)
  aonprod (10.1.66.235) closed connection to service aonunitp
  aonprod (10.1.66.235) connect to service aonunitp as user aonunitp (uid=512, 
gid=1) (pid 4411538)

 
smb.conf
security = server
password server = dc1
 
AIX account
aonunitp id=512 pgrp=staff groups=staff home=/home/aonunitp 
shell=/usr/local/bin/no_shell gecos=Functional Account - XPLAN login=false 
su=false rlogin=false daemon=true admin=false sugroups=ALL admgroups= 
tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files 
SYSTEM=compat logintimes= loginretries=3 pwdwarntime=4 account_locked=true 
minage=1 maxage=6 maxexpired=7 minalpha=2 minother=1 mindiff=2 maxrepeats=4 
minlen=8 histexpire=0 histsize=4 pwdchecks= dictionlist=/usr/share/dict/words 
core_compress=on core_path=on core_pathname=/tmp/cores core_naming=on fsize=-1 
cpu=-1 data=262144 stack=65536 core=2097151 rss=65536 nofiles=2000 
unsuccessful_login_count=0 roles=

 
 

 
Regards,

Andrew Melchert | Technical Services| Pillar Administration
( (02) 4298 6985 | Ë  0434 604 139 | * andrew_melch...@pillar.com.au 
mailto:andrew_melch...@pillar.com.au> 

 


This email (including all attachments) is confidential, may contain personal or 
legally privileged information and is intended solely for the named addressee. 
Confidentiality or privilege is not waived or lost because this email has been 
sent to you by mistake. If you have received it in error, please let us know by 
reply email, delete it from your system and destroy any copies. 
This email is also subject to copyright. No part of it should be reproduced, 
adapted or communicated without the written consent of the copyright owner. Any 
personal information in this email must be handled in accordance with the 
Privacy Act 1988 (Cth). 
Emails may be interfered with, may contain computer viruses or other defects 
and may not be successfully replicated on other systems. Pillar Administration 
makes no representations and gives no warranties in relation to these matters 
and does not accept liability for any loss or damage which may result from this 
email. 
If you have any doubts about the authenticity of an email purportedly sent by 
Pillar Administration, please contact us immediately.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Default Hidden Disk Shares

2010-07-01 Thread Atkinson, Robert 
Windows automatically creates an Admin level disk share as \\server\volume$
 .

 

Can anyone tell me if Samba automatically does the same without having to
define these in SMB.CONF?

 

Thanks, Robert.


***
Any opinions expressed in email are those of the individual and not necessarily 
those of the company. This email and any files transmitted with it are 
confidential and solely for the use of the intended recipient or entity to whom 
they are addressed. It may contain material protected by attorney-client 
privilege. If you are not the intended recipient, or a person responsible for 
delivering to the intended recipient, be advised that you have received this 
email in error and that any use is strictly prohibited.

Random House Group + 44 (0) 20 7840 8400
http://www.randomhouse.co.uk
http://www.booksattransworld.co.uk 
http://www.kidsatrandomhouse.co.uk
Generic email address - enquir...@randomhouse.co.uk

Name & Registered Office:
THE RANDOM HOUSE GROUP LIMITED
20 VAUXHALL BRIDGE ROAD
LONDON
SW1V 2SA
Random House Group Ltd is registered in the United Kingdom with company No. 
00954009, VAT number 102838980
***

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password policies in the LDAP server

2010-07-01 Thread Juan Asensio Sánchez 
Hi

We are using 389 Directory Server (formerly Fedora Directory Server).

http://directory.fedoraproject.org/

There, regarding to password policies, you can specifiy minimum password
length, minimum digits, minimum letters, minimum uppercase, minimum
lowercase, minimum simbols, minimum ascii characters, minimum group types of
characters, password history, etc.

http://www.redhat.com/docs/manuals/dir-server/8.1/admin/User_Account_Management.html

Regards.


El 1 de julio de 2010 14:27, Willy Offermans
escribió:

> Hello Samba Friend,
>
> I'm sorry that I cannot help you in finding an answer to your question,
> but I'm rather interested in how you can add password policies to the
> LDAP sever. Is this openldap? and how did you implement the policies?
>


> --
> Met vriendelijke groeten,
> With kind regards,
> Mit freundlichen Gruessen,
> De jrus wah,
>
> Willy
>
> *
> Dr. W.K. Offermans
> CAT Postdoctoral Fellow
> CAT Catalytic Center
> Institut für Technische und Makromolekulare Chemie
> RWTH Aachen
> Worringerweg 1, Raum 38C-150
> D-52074 Aachen, Germany
> Phone:  +49 241 80 28592
> Fax:+49 241 80 22593
> Home:   +31 45 544 49 44
> Mobile: +31 681 15 87 68
> e-mail: wi...@offermans.rompen.nl
> e-mail: willy.offerm...@catalyticcenter.rwth-aachen.de
>
>   Powered by 
>
>(__)
> \\\'',)
>   \/  \ ^
>   .\._/_)
>
>   www.FreeBSD.org
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password policies in the LDAP server

2010-07-01 Thread Willy Offermans 
Hello Samba Friend,

I'm sorry that I cannot help you in finding an answer to your question,
but I'm rather interested in how you can add password policies to the
LDAP sever. Is this openldap? and how did you implement the policies?

On Mon, Jun 28, 2010 at 12:40:09PM +0200, Juan Asensio Sánchez wrote:
> Hi
> 
> We have some Samba servers using LDAP (389 DS) as backend. In the LDAP
> server, we have defined some policies to make the passwords stronger. When a
> user tries to change his password (Control-Alt-Del), this message appears in
> the LOGs:
> 
> ==> /var/log/samba/xptest <==
> [2010/06/28 12:26:26, 2] auth/auth.c:check_ntlm_password(309)
>   check_ntlm_password:  authentication for user [1001S] -> [1001S]
> -> [1001S] succeeded
> [2010/06/28 12:26:26, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
>   init_sam_from_ldap: Entry found for user: 1001S
> [2010/06/28 12:26:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2167)
>   init_group_from_ldap: Entry found for group: 10001
> [2010/06/28 12:26:37, 2] passdb/pdb_ldap.c:init_group_from_ldap(2167)
>   init_group_from_ldap: Entry found for group: 10001
> [2010/06/28 12:26:38, 2] passdb/pdb_ldap.c:init_ldap_from_sam(972)
>   init_ldap_from_sam: Setting entry for user: 1001S
> [2010/06/28 12:26:38, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1651)
>   ldapsam_modify_entry: LDAP Password could not be changed for user
> 1001S: Constraint violation
>   Failed to update password
> 
> 
> ==> /var/log/dirsrv/slapd-pruebas/audit <==
> time: 20100628122637
> dn: uid=1001s,X
> changetype: modify
> delete: sambaLMPassword
> sambaLMPassword: 0182BD0BDBF836077A718CCDF409
> -
> add: sambaLMPassword
> sambaLMPassword: 39EAD569B79C7EA2C2265B23734E0DAC
> -
> delete: sambaNTPassword
> sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52
> -
> add: sambaNTPassword
> sambaNTPassword: 8EC60ADEA316D957D1CF532C5841758D
> -
> delete: sambaPwdLastSet
> sambaPwdLastSet: 1277720109
> -
> add: sambaPwdLastSet
> sambaPwdLastSet: 1277720798
> -
> replace: modifiersname
> modifiersname: uid=adminsamba,XXX
> -
> replace: modifytimestamp
> modifytimestamp: 20100628102637Z
> -
> 
> So, the Samba passwords are changed, but the unix password is not changed
> because the LDAP rejects it because it is not as string as required. Is
> there any way to avoid this? Shouldn't the unix password be changed before
> the samba passwords to check if the LDAP server accepts it?
> 
> Regards.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,

Willy

*
Dr. W.K. Offermans
CAT Postdoctoral Fellow
CAT Catalytic Center
Institut f�r Technische und Makromolekulare Chemie
RWTH Aachen
Worringerweg 1, Raum 38C-150
D-52074 Aachen, Germany
Phone:  +49 241 80 28592
Fax:+49 241 80 22593
Home:   +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: wi...@offermans.rompen.nl
e-mail: willy.offerm...@catalyticcenter.rwth-aachen.de

   Powered by 

(__)
 \\\'',)
   \/  \ ^
   .\._/_)

   www.FreeBSD.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with Windows XP: Cannot join Samba PDC

2010-07-01 Thread Willy Offermans 
Hello Samba friends,

Did you check or disable possible firewalls in between the network
traffic? This is usually causing this error in my case.

On Fri, Jun 18, 2010 at 01:56:46PM +0700, Hung Nguyen Van wrote:
> I double checked and it's exactly what I do, it seems server netbios
> name is not available in world of Windows client.
> It's so weird with me.
>  On Thu, 17 Jun 2010
> 13:45:48 -0400 Gaiseric Vandal  wrote:
> 
> > For an "NT4/Samba" domain, DNS is not relevant.   The XP client will 
> > locate the PDC via netbios.  WINS is not essential but definately
> > helps. On the XP machine, type "ipconfig /all" and make sure that
> > your XP machine is configured for the WINS server.
> > 
> > Also, make sure  on your XP TCP/IP settings that you have NOT
> > disabled netbios-over-tcp/ip (NBT.)
> > 
> > 
> > 
> > On 06/17/2010 10:22 AM, Hung Nguyen wrote:
> > > I have tried several times to get Windows XP client join SAMBA PDC 
> > > domain, but no luck.
> > > I follow some nice guide from Ubuntu Forum and samba Document, my 
> > > Samba PDC working with OpenLDAP.
> > > When I type join XP to domain I get : 
> > > http://osvn.pastebin.com/QUpVVq5q
> > > 
> > >
> > > DOMAIN is name of workgroup = DOMAIN in my samba group, it seems
> > > like XP client cannot find where is DOMAIN.
> > > I'm pretty sure that my DNS is working properly, XP can resolve 
> > > dc.DOMAIN.local to its IP address and use my dns server to connect
> > > to internet without problem.
> > > Linux Clients can join domain without problem.
> > >
> > > Does someone face this problem before, please help.
> > > I also enable WinS server on Samba configuration.
> > > Actually, I dont understand why I need a local DNS here, because
> > > when we join Samba Domain, we just type in Domain form NetBios name
> > > of server, not full domain name. If you can explain, please give me
> > > an answer too.
> > > Thank you very much for your help, 2 days working on it did not
> > > help me too much.
> > >
> > >
> > > Regards,
> > 
> 
> 
> 
> -- 
> --
> Nguyen Van Hung
> System Administrator
> 
> 
> SYNAPSYS Co., Ltd
> 1st Floor, 49 Bui Dinh Tuy St, Binh Thanh Dist, HCMC, Vietnam
> Tel: ( +84-8 ) 66 599 379
> Cell : ( +84 ) 0976 30 22 32
> Email: vhngu...@synapsys-vn.com
> Website: http://www.synapsys-vn.com
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,

Willy

*
Dr. W.K. Offermans
CAT Postdoctoral Fellow
CAT Catalytic Center
Institut f�r Technische und Makromolekulare Chemie
RWTH Aachen
Worringerweg 1, Raum 38C-150
D-52074 Aachen, Germany
Phone:  +49 241 80 28592
Fax:+49 241 80 22593
Home:   +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: wi...@offermans.rompen.nl
e-mail: willy.offerm...@catalyticcenter.rwth-aachen.de

   Powered by 

(__)
 \\\'',)
   \/  \ ^
   .\._/_)

   www.FreeBSD.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.0.23d - Solaris 10

2010-07-01 Thread Gaiseric Vandal 
Solaris 10 comes with Samba 3.0.x (I think 3.0.35 is the most recent) so no
need to compile it yourself.It includes backported support for zfs
acl's.I  have compiled Samab 3.4.x on solaris because I needed better
support for domain trusts with Windows 2003 mode domains.


-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Fair, Barbara
Sent: Wednesday, June 30, 2010 9:22 AM
To: sa...@samba.org
Cc: Fair, Barbara; Bonasera, John
Subject: [Samba] Samba 3.0.23d - Solaris 10

Good Morning

I have not been able to find the binary file(s) for Solaris.  I have
downloaded the tarball for 3.0.23d, but when I go to run the "make all"
command I get the following error:

  make: Fatal error: Command failed for target 'dynconfig.o'

I have not been able to find a workaround for it.  Do you have any
suggestions?
I am running this on a Solaris 10 (release 11/06) box.

Thanks
Barb Fair
Lockheed Martin
Valley Forge, PA
610-531-5442


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)

2010-07-01 Thread Johannes Weberhofer, Weberhofer GmbH 

I have seen this behaviour with overcrowded profiles, too.In my cases I have 
identified huge iTunes backups and (old) installations of Google Chrome as the 
source for very huge profiles.

Johannes

Am 30.06.2010 23:11, schrieb Tom H. Lautenbacher:

Hello John,

To me this sounds like a "normal case" of overcrowded user profiles.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)

2010-07-01 Thread Mark Sheard 
here is my 5 pence, of a POSSIBLE cause...

if you have a large network Winbind enumuration can take a loong time,
that is if it is used in this instance...

R.

Mark



--- On Wed, 30/6/10, John Drescher  wrote:

> From: John Drescher 
> Subject: Re: [Samba] Long delays when launching programs for the first time 
> in my Windows 7 Profile (Samba 3.4.3 as PDC)
> To: "Tom H. Lautenbacher" 
> Cc: samba@lists.samba.org
> Date: Wednesday, 30 June, 2010, 23:32
> > But I think that the group of
> users using the following combination:
> > "Samba 3.4.3 & Windows 7-64bit & Samba as a
> PDC & roaming profiles & using
> > this mailing list & being able to report the
> problem"
> > is very limited until today..
> >
> 
> I am using roaming profiles with windows 7 64 and samba PDC
> / BDCs. I
> am not using 3.4.3 however. Currently we are running 3.5.4.
> I did have
> 3.4.6 for a few weeks just after the upgrade from 3.0.37 to
> support
> windows 7. I do not have the 40 minute initial logins.
> However it does
> take me 5 minutes to login and logout on a 100% gigabit
> network every
> single time not just the first time. At some point I will
> look into
> folder redirection on top of the trimming of the profiles
> that I have
> begun..
> 
> John
> -- 
> To unsubscribe from this list go to the following URL and
> read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 


  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba