Re: [Samba] Your home directory is listed as :'home/xxxx' but it does not appear to exist

2010-12-16 Thread Muqtadir Kamal 
Hi Gaiseric Vandal,

Thanks for your quick response.
I have clicked "create Home directory" in Authentication tab.
Now  I am able to login to Linux client.
But whenever I browse a windows system in LDAP, it is again asking for
credentials (user name and password).
In fact, it should take the credentials from LDAP.

Please suggest.

Thanks in advance for your valuable inputs in this regard.

Regards
S.M.Kamal.

On Fri, Dec 17, 2010 at 12:44 AM, Gaiseric Vandal  wrote:

> What is your client machine?   This sounds like a Linux client error.
> LDAP autofs tables point to a "home" directory that is not valid.
>
>
> If your home dir is not mounted in linux of course you will get errors
> about files in home missing.
>
> possible causes
> - typo in ldap autofs table
>-  home directory does not exist OR is not shared (nfs server issue)
>-   ldap/autofs configuration on linux client is in correct.
>
>
> Log in to your linux workstation as root.  (maybe from a console rather
> than gui session.)  Type "su yourname" (not "su - yourname") then see if "cd
> /net/server//path_to_home_directories//yourname" is valid-  if it is then
> autofs is working.
>
> Autofs on linux may require that an ldap proxy account account exists on
> the ldap server  (account info stored on client in /etc/ldap.conf and
> /etc/ldap.secret.)
>
>
> On 12/16/2010 09:17 AM, Muqtadir Kamal wrote:
>
>> Hi all,
>>
>> I had been trying to log in from my client machine in to the ldap+samba3.3
>> server machine, but i could not log on to the ldap+samba3.3 server machine
>> successfully. Everytime i tried to log on, it popped-up with three dialog
>> boxes one after another showing the messages as shown below inlcuded in
>> double quotes:
>>
>> The first pop-up dialog box displayed the following messages in it:-
>>
>> "Your home directory is listed as :'home/' but it does not appear to
>> exist. Do you  want to log in with the / (root) directory.. " with YES
>> and NO buttons.
>> After clicking on the YES button, the second pop-up window displayed  the
>> following messages:-"User's $HOME/.dmrc file is being ignored. This
>> prevents
>> the default session and language from being saved. File should be owned by
>> user and have 644 permissions"
>>
>> After clicking on the OK button, the third box has shown the following
>> lines
>> :- \
>>
>> "Your session only lasted less than  10 seconds. If you have not logged
>>  out
>> yourself, this could mean some installtion problem or that you may be out
>> of
>> disk space. Try logging in with one of the failsafe sessions to see if you
>> can fix this problem." It had also a check box associated with a combo box
>> with a many messages as listed below:
>> The chk box was ticked and had a label displaying "View Details
>> (~/.session-errors file).
>>
>> Can any body let me know, how tom resolve these issues of permission
>> denied
>> ?
>>
>>
>> Pleasss help me in this
>> Regards
>>
>>
>>
>> [global]
>> workgroup = xxx
>> server string = A PDC (xxx.net) Samba %v
>> netbios name = 
>> enable privileges = yes
>> interfaces = xxx.xxx.xxx
>> username map = /etc/samba/smbusers
>> passdb backend = tdbsam:/etc/samba/passdb.tdb
>> passdb backend = ldapsam:ldap://127.0.0.1
>> printcap name = cups
>> ;   printing = cups
>> security = user
>> log level = 3
>> admin users = administra...@smbadmins
>> time server = Yes
>> wins support = Yes
>> client lanman auth = yes
>> wins support = Yes
>> wins proxy = No
>> lanman auth = yes
>> ntlm auth = Yes
>>
>> log file = /var/log/samba/log.%m
>> max log size = 10
>> time server = Yes
>> ldap passwd sync = Yes
>> ldap ssl = off
>> ldap admin dn = cn=samba,ou=Users,dc=xxx,dc=net
>> ldap admin dn = cn=Manager,dc=xxx,dc=net
>> ldap suffix = dc=xxx,dc=net
>> ldap user suffix = ou=Users
>> ldap user suffix = uid=User
>> ldap user suffix = ou=People
>> ldap group suffix = ou=Groups
>> ldap idmap suffix = ou=Idmap
>> ldap machine suffix = ou=Hosts
>> ldap delete dn = Yes
>> add user script = /usr/sbin/smbldap-useradd -m "%u"
>> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
>> "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>> delete user script = /usr/sbin/smbldap-userdel "%u"
>> delete group script = /usr/sbin/smbldap-groupdel "%g"
>>
>>
>>
>>  logon path = \\%L\Profiles\%U
>> #logon path = "
>> #logon drive = H:
>>

Re: [Samba] Samba printer management commands

2010-12-16 Thread TAKAHASHI Motonobu 
2010/12/16 Juan Asensio Sánchez :
> I am trying to setup remote printer management commands, so the users
> could add and delete printers from "Printers" share of Samba in
> Windows. I have this script, that is launched using an administrator
> account, when I add a printer from there, using a new TCP/IP port:

2010/12/16 Juan Asensio Sánchez :
> Well, I realized that the script is not executed, neither the printer
> created... I am stuck. This is the complete configuration:

Try "log level = 10", and search " add_printer_hook" in the log.
You will find "what" is executed and "what" is returned.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Running a sleepy server (was: smbd on a battery-powereddevice)

2010-12-16 Thread Liam 
On Thu, Dec 16, 2010 at 2:43 PM,  wrote:

>
> On Thursday 16/12/2010 at 2:33 pm, Liam wrote:
>
> On Thu, Dec 16, 2010 at 1:52 PM,  wrote:
>
>> On Thursday 16/12/2010 at 1:36 pm, Liam wrote:
>>
>> ...
>>
>> And when an smb connection is active but the client is idle, does the
>> client
>> expect anything from the server?
>>
>> ...
>>
>> That said, depending on the file type and what's oplocked etc...often
>> restarting smbd does little harm...often...but it depends on the type of
>> files shared.  So perhaps you could pull information from smbstatus, and
>> restart smbd then sleep the server and wait for the client to decided to do
>> something...again though could be quite messy, just depends on what your use
>> is.
>>
>
> I don't actually need to *restart* samba, just sleep the device it's
> running on. All its state would persist until the next incoming message
> wakes it. But a sleepy server obviously won't send anything to the client,
> so I want to make sure that's not an issue.
>
> I guess that's my point.  See, those things like oplocks are open, then
> smbd is going to want to maintain the connection.  So you either kill the
> child process that's got the connection/oplock or restart smbd.  Now, the
> tdb files holding the oplocks will be there, and if samba plays nice with
> the server sleeping, the oplock or other file handle would be there...but
> now you got a snag if the client shutsdown...now you need to clean up broken
> uplocksIMVERYHO it seems you'd need someway to make sure the sessions
> are clean before sleeping on both sides...Just some thinking out loud...like
> I said, you need to look at what your user/client environment is going to be
> like.
>

But what does "maintain the connection" mean? If it means sending messages
to the client that aren't responses to client requests, that's an issue. But
client shutdown during server sleep should generate a message that wakes the
server.

On the other hand, there's the issue of the server "wandering off" in this
case. But samba should get ECONNRESET or EPIPE on wake-up if the client is
really gone. And won't it clean up locks in that case?

PS: Please send to the mailing list, not me directly.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Running a sleepy server (was: smbd on a battery-powered device)

2010-12-16 Thread Liam 
On Thu, Dec 16, 2010 at 1:53 PM, Andrew Bartlett  wrote:

> On Thu, 2010-12-16 at 13:36 -0800, Liam wrote:
> > On Wed, Dec 15, 2010 at 1:31 AM, Andrew Bartlett 
> wrote:
> >
> > > On Mon, 2010-12-13 at 12:37 -0800, Liam wrote:
> > > > I'm setting up samba service on a battery-powered WiFi device. The
> > > > plan is to have it wake-on-lan, handle request, sleep. Anyone have
> > > > experience with this?
> > > >
> > > > Are there smb protocol aspects that preclude server sleep between
> > > > client-initiated exchanges?
> > > >
> > > > My server won't be awake to respond to netbios broadcasts, e.g. for
> > > > name resolution. Can I shut off that service, and have clients access
> > > > \\192.168.0.10\share? Can I shut off everything but the smb session
> > > > service?
> > > >
> > > > Alternatively I could start/stop the server on demand, since I know
> > > > when a client wants a file via smb. Is samba startup efficient, or
> > > > cpu/disk-intensive?
> > >
> > > The inetd mode would seem to be the best way to handle this.  Then your
> > > inetd or replacement can handle starting smbd.  Just watch out that
> > > clients may keep a connection open for quite some time while not
> > > actually using it.
> >
> >
> > Thanks for the input, Andrew.
> >
> > Can I disable nmbd if clients use \\192.168.0.1\share style addresses?
>
> Yes, or they use DNS names.
>
> > And when an smb connection is active but the client is idle, does the
> client
> > expect anything from the server? If not, the next client msg will trigger
> > wake-on-lan and the connection will be fine...
>
> If the client is truly idle, then it's down to what the TCP layer may or
> may not do (keep-alive etc).  Also (but others who deal with the Samba3
> code would be more qualified to comment) I think Samba when running will
> do a number of periodic tasks, which is just as likely to keep your box
> awake as the client itself.
>

So TCP keep-alives... Can I configure the keep-alive period samba sets on
the socket?

Periodic tasks such as? Are the periods configurable?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Running a sleepy server (was: smbd on a battery-powered device)

2010-12-16 Thread Liam 
On Thu, Dec 16, 2010 at 1:52 PM,  wrote:

> On Thursday 16/12/2010 at 1:36 pm, Liam wrote:
>
> On Wed, Dec 15, 2010 at 1:31 AM, Andrew Bartlett 
> wrote:
>
> On Mon, 2010-12-13 at 12:37 -0800, Liam wrote:
>
> I'm setting up samba service on a battery-powered WiFi device. The
> plan is to have it wake-on-lan, handle request, sleep. Anyone have
> experience with this?
>
> Are there smb protocol aspects that preclude server sleep between
> client-initiated exchanges?
>
> My server won't be awake to respond to netbios broadcasts, e.g. for
> name resolution. Can I shut off that service, and have clients access
> \\192.168.0.10\share? Can I shut off everything but the smb session
> service?
>
> Alternatively I could start/stop the server on demand, since I know
> when a client wants a file via smb. Is samba startup efficient, or
> cpu/disk-intensive?
>
>
> The inetd mode would seem to be the best way to handle this. Then your
> inetd or replacement can handle starting smbd. Just watch out that
> clients may keep a connection open for quite some time while not
> actually using it.
>
> ...
>
> And when an smb connection is active but the client is idle, does the
> client
> expect anything from the server?
>
> Well, it kinda depends on a lot of things.  But a realistic instance:  Say
> a user opens a word doc, get an oplock, then goes home for the evening.
> Well, Word expects that oplock is there, Windows expects it, and in my
> experience a Samba server maintains it...sthat connection would be
> open and running the next morning.
>
> That said, depending on the file type and what's oplocked etc...often
> restarting smbd does little harm...often...but it depends on the type of
> files shared.  So perhaps you could pull information from smbstatus, and
> restart smbd then sleep the server and wait for the client to decided to do
> something...again though could be quite messy, just depends on what your use
> is.
>

I don't actually need to *restart* samba, just sleep the device it's running
on. All its state would persist until the next incoming message wakes it.
But a sleepy server obviously won't send anything to the client, so I want
to make sure that's not an issue.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Running a sleepy server (was: smbd on a battery-powered device)

2010-12-16 Thread Andrew Bartlett 
On Thu, 2010-12-16 at 13:36 -0800, Liam wrote:
> On Wed, Dec 15, 2010 at 1:31 AM, Andrew Bartlett  wrote:
> 
> > On Mon, 2010-12-13 at 12:37 -0800, Liam wrote:
> > > I'm setting up samba service on a battery-powered WiFi device. The
> > > plan is to have it wake-on-lan, handle request, sleep. Anyone have
> > > experience with this?
> > >
> > > Are there smb protocol aspects that preclude server sleep between
> > > client-initiated exchanges?
> > >
> > > My server won't be awake to respond to netbios broadcasts, e.g. for
> > > name resolution. Can I shut off that service, and have clients access
> > > \\192.168.0.10\share? Can I shut off everything but the smb session
> > > service?
> > >
> > > Alternatively I could start/stop the server on demand, since I know
> > > when a client wants a file via smb. Is samba startup efficient, or
> > > cpu/disk-intensive?
> >
> > The inetd mode would seem to be the best way to handle this.  Then your
> > inetd or replacement can handle starting smbd.  Just watch out that
> > clients may keep a connection open for quite some time while not
> > actually using it.
> 
> 
> Thanks for the input, Andrew.
> 
> Can I disable nmbd if clients use \\192.168.0.1\share style addresses?

Yes, or they use DNS names. 

> And when an smb connection is active but the client is idle, does the client
> expect anything from the server? If not, the next client msg will trigger
> wake-on-lan and the connection will be fine...

If the client is truly idle, then it's down to what the TCP layer may or
may not do (keep-alive etc).  Also (but others who deal with the Samba3
code would be more qualified to comment) I think Samba when running will
do a number of periodic tasks, which is just as likely to keep your box
awake as the client itself. 

Andrew Bartlett

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Running a sleepy server (was: smbd on a battery-powered device)

2010-12-16 Thread Liam 
On Wed, Dec 15, 2010 at 1:31 AM, Andrew Bartlett  wrote:

> On Mon, 2010-12-13 at 12:37 -0800, Liam wrote:
> > I'm setting up samba service on a battery-powered WiFi device. The
> > plan is to have it wake-on-lan, handle request, sleep. Anyone have
> > experience with this?
> >
> > Are there smb protocol aspects that preclude server sleep between
> > client-initiated exchanges?
> >
> > My server won't be awake to respond to netbios broadcasts, e.g. for
> > name resolution. Can I shut off that service, and have clients access
> > \\192.168.0.10\share? Can I shut off everything but the smb session
> > service?
> >
> > Alternatively I could start/stop the server on demand, since I know
> > when a client wants a file via smb. Is samba startup efficient, or
> > cpu/disk-intensive?
>
> The inetd mode would seem to be the best way to handle this.  Then your
> inetd or replacement can handle starting smbd.  Just watch out that
> clients may keep a connection open for quite some time while not
> actually using it.


Thanks for the input, Andrew.

Can I disable nmbd if clients use \\192.168.0.1\share style addresses?

And when an smb connection is active but the client is idle, does the client
expect anything from the server? If not, the next client msg will trigger
wake-on-lan and the connection will be fine...
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Centos-DS as backend

2010-12-16 Thread Andrew Bartlett 
On Wed, 2010-12-15 at 14:18 +0100, Serge Fonville wrote:
> Do you mean http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS
> 
> Kind regards/met vriendelijke groet,

Just be aware that the warnings listed on that page, and the additional
warnings in:
http://wiki.samba.org/index.php/Samba4/LDAP_Backend also apply here.
That is, this is an interesting technology that will be leveraged by
some to build special Samba4 based solutions, but it is not what we
recommend to users of Samba, particularly in the first instance.

That is:

> (De)motivation
> This page is a guide to setting up Samba4 to use a general purpose
> LDAP server as the backend. However, this mode of operation is not
> recommended and is only available to support some esoteric
> configurations. Even if you provision Samba4 with the LDAP backend,
> the clients will still communicate with the LDAP service provided by
> Samba4 on port 389 (this is necessary for correct operation as an
> Active Directory Domain Controller) and you'll still be forced to use
> the Active Directory schema. What's more, using the LDAP backend is
> incompatible with DRS replication. You have been warned.

Andrew Bartlett
-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Cisco Inc.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind filling up log with "Possible deadlock: Trying to lookup SID xxx with passdb backend"

2010-12-16 Thread Michael Wood 
On 15 December 2010 18:11, Andre Fonseca de Oliveira
 wrote:
>
> On 12/13/2010 11:48 AM, Michael Wood wrote:
>>
>> On 13 December 2010 12:38, Andre Fonseca de Oliveira
>>   wrote:
>>>
>>> Appreciate your reply.
>>>
 On 6 December 2010 14:54, Andre Fonseca de Oliveira
     wrote:
>
> Hello,
>
> I have samba 3.3.8 installed on CentOS 5.5 on a production server.
>
> Winbind is filling up the logs with these messages:
>
> [2010/12/06 10:43:28,  0] winbindd/winbindd_passdb.c:sid_to_name(159)
>  Possible deadlock: Trying to lookup SID
> S-1-5-21-2106371596-187675891-3351287853 with passdb backend

 If you enable debug level 10, do you get this just before each of
 those messages?

 Converting SID S-1-5-21-2106371596-187675891-3351287853
>>>
>>> Yes. Here is a snippet:
>>>
>>> [2010/12/13 08:28:59, 10]
>>> winbindd/winbindd_dual.c:child_process_request(452)
>>>  child_process_request: request fn LOOKUPSID
>>> [2010/12/13 08:28:59,  3]
>>> winbindd/winbindd_async.c:winbindd_dual_lookupsid(239)
>>>  [13229]: lookupsid S-1-5-21-2106371596-187675891-3351287853
>>> [2010/12/13 08:28:59, 10] winbindd/winbindd_passdb.c:sid_to_name(147)
>>> *Converting SID S-1-5-21-2106371596-187675891-3351287853*
>>> [2010/12/13 08:28:59,  0] winbindd/winbindd_passdb.c:sid_to_name(159)
>>>  Possible deadlock: Trying to lookup SID
>>> S-1-5-21-2106371596-187675891-3351287853 with passdb backend
>>
>> OK, so it looks like it's coming from the sid_to_name() function
>> (which I should have realised from the line number (159) in the first
>> place).
>>
> We have been having problems when activating winbind daemon.
>
> Could this error message be causing trouble?

 I don't think so.  I'm not sure what would cause this, but the code
 logs that message if the SID is not in the BUILTIN domain and is not
 in your domain and is not a local user/group and is not a well known
 SID (like "Everybody").

 It looks like just a sanity check.  I have no idea what it has to do
 with deadlocks, but perhaps someone familiar with the code could
 comment.

>>> The SID that appears in the logs is the domain SID:
>>>
>>> [r...@phoenix samba]# net getdomainsid
>>> SID for local machine PHOENIX is:
>>> S-1-5-21-2106371596-187675891-3351287853
>>> SID for domain DF-CGU is: S-1-5-21-2106371596-187675891-3351287853
>>
>> Strange.  So instead of the SID being e.g. a user or group, it is the
>> domain itself.  That explains why you're getting the message, but not
>> why someone is calling sid_to_name() on the domain SID.
>>
>> I'm out of my depth here.  I don't know if it's normal to call
>> sid_to_name() on a domain SID.
>>
> Well, I guess i will have to live with this message.
>
> Is there a way to supress this error message, besides changing the source
> code?

You might want to ask on the #samba-technical IRC channel if this
could be cause by some sort of configuration problem or something like
that.

If you still get no proper answers, then you will need to change the
source code.  I suggest just increasing the debug level needed to log
it.

-- 
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Centos-DS as backend

2010-12-16 Thread Michael Wood 
Hi

On 15 December 2010 15:18, Serge Fonville  wrote:
> Do you mean http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS
>
> Kind regards/met vriendelijke groet,

Try the link mentioned by Serge.  If you run into problems you should
probably ask on the samba-technical mailing list.

-- 
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Centos-DS as backend

2010-12-16 Thread Michael Wood 
On 15 December 2010 15:27,   wrote:
>
>> Do you
>> mean http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS[1]
>
> That is for Samba 4, which is still at alpha stage.

Yes, but in his follow up e-mail he did specify Samba 4.

-- 
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind sometimes does not resolve sid to a name

2010-12-16 Thread Shirish Pargaonkar 
On Thu, Dec 2, 2010 at 3:13 PM, Shirish Pargaonkar
 wrote:
> On Tue, Nov 16, 2010 at 10:19 AM, Shirish Pargaonkar
>  wrote:
>> On Sat, Nov 13, 2010 at 5:34 PM, Michael Wood  wrote:
>>> On 14 November 2010 01:16, Shirish Pargaonkar
>>>  wrote:
 On Sat, Nov 13, 2010 at 4:52 PM, Michael Adam  wrote:
> Hi Shirish,
>
> Shirish Pargaonkar wrote:
>> On Mon, Nov 8, 2010 at 1:47 PM, Jeremy Allison  wrote:
>> > On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote:
>> >> Sometimes a group sid does not get resolved to its name.
>> >>
>> >> Is this a settings problem?  Looks like winbind deamon
>> >> went dormant for a while and then woke up?
>> >> I am using interface wbcLookupSid provided by the
>> >> library libwbclient.so for resolving sids to names.
>> >>
>> >> These are the winbind related parameters in
>> >> /etc/samba/smb.conf
>> >
>> > Not enough information for useful debugging. What
>> > do the winbindd logs say ?
>> >
>>
>> ps -eaf | grep winbind
>> root     20085     1  0 14:03 ?        00:00:00 /usr/sbin/winbindd -D
>> root     20086 20085  0 14:03 ?        00:00:00 /usr/sbin/winbindd -D
>> root     20089 20085  0 14:03 ?        00:00:00 /usr/sbin/winbindd -D
>>
>> Cleared /var/log/samba/winbindd.log just before issueing
>> command getcifsacl which could not resolve the group SID
>>
>> winbindd.log attached.
>
> not really. :-)
>
> Cheers - Michael

 Michael, not sure what is implied.  The log is not sufficient?
>>>
>>> No, the mailing list (sometimes) strips attachments.  There was no log
>>> file attached to your e-mail when I received it.
>>>
 I see two error messages in the log.

 [2010/11/08 14:32:56,  5] winbindd/winbindd_async.c:lookupsid_recv2(138)
  lookupsid (forest root) returned an error
 [2010/11/08 14:32:56,  5] winbindd/winbindd_sid.c:lookupsid_recv(61)
  lookupsid returned an error
>>>
>>> --
>>> Michael Wood 
>>>
>>
>> Hope this attachment sticks.
>>
>> Regards,
>>
>> Shirish
>>
>
> I see one more type error while using winbind,
> wbcSidToUid returns error 7 but  wbcSidToGid succeeds.
>
> /tmp/getcifsacl /mnt/smb_d/Makefile
> REVISION:0x1
> CONTROL:0x9404
> OWNER:BUILTIN\Administrators
> GROUP:CIFSTESTDOM\Domain Users
> ACL:CIFSTESTDOM\Domain Users:DENIED/0x0/0x1
> ACL:CIFSTESTDOM\Administrator:ALLOWED/0x0/0x1700a1
> ACL:BUILTIN\Performance Log Users:ALLOWED/0x0/CHANGE
> ACL:CIFSTESTDOM\stevef:ALLOWED/0x0/FULL
>
> # cat /var/log/messages
>
> cifs.upcall: Owner wbcStringToSid: S-1-5-32-544, rc: 0
> cifs.upcall: Owner wbcSidToUid: S-1-5-32-544, uid: 0, rc: 7
> cifs.upcall: Group wbcStringToSid:
> S-1-5-21-2849063682-2007077719-983662776-513, rc: 0
> cifs.upcall: Group wbcSidToGid:
> S-1-5-21-2849063682-2007077719-983662776-513, gid: 10010, rc: 0
>
> Error winbindd.log file is as follows:
> sid2uid_lookupsid_recv: Sid S-1-5-32-544 is not a user or a computer.
>
>
> I changed Owner of the file on the server to
>  OWNER:CIFSTESTDOM\Domain Users
> but the same error during wbcSidToUid
>
> [2010/12/02 14:36:20,  5] winbindd/winbindd_sid.c:sid2uid_lookupsid_recv(192)
>  sid2uid_lookupsid_recv: Sid
> S-1-5-21-2849063682-2007077719-983662776-513 is not a user or a
> computer.
>
> [[2010/12/02 14:36:20,  7] 
> winbindd/winbindd_idmap.c:winbindd_sid2gid_async(363)
>  winbindd_sid2gid_async: Resolving
> S-1-5-21-2849063682-2007077719-983662776-513 to a gid
>
> If I change Owner to OWNER:CIFSTESTDOM\Administrator,  then it works
>
> /tmp/getcifsacl /mnt/smb_d/Makefile
> REVISION:0x1
> CONTROL:0x9404
> OWNER:CIFSTESTDOM\Administrator
> GROUP:CIFSTESTDOM\Domain Users
> ACL:CIFSTESTDOM\Domain Users:DENIED/0x0/0x1
> ACL:CIFSTESTDOM\Administrator:ALLOWED/0x0/0x1700a1
> ACL:BUILTIN\Performance Log Users:ALLOWED/0x0/CHANGE
> ACL:CIFSTESTDOM\stevef:ALLOWED/0x0/FULL
> cifstest6:/usr/src/linux.ssp.cifs.09092010.l/cifs-2.6 # cat /var/log/messages
>
> cifs.upcall: Owner wbcStringToSid:
> S-1-5-21-2849063682-2007077719-983662776-500, rc: 0
> cifs.upcall: Owner wbcSidToUid:
> S-1-5-21-2849063682-2007077719-983662776-500, uid: 1, rc: 0
> cifs.upcall: Group wbcStringToSid:
> S-1-5-21-2849063682-2007077719-983662776-513, rc: 0
> cifs.upcall: Group wbcSidToGid:
> S-1-5-21-2849063682-2007077719-983662776-513, gid: 10010, rc: 0
>
> Is this the expected behaviour, some sids can_not/will_not be mapped
> such as this
> Owner BUILTIN\Administrators.
>
> Regads,
>
> Shirish
>

One more observation.
winbind, for some IDs, can't/doesn't look up names, for some it does.


# wbinfo -s S-1-5-21-2849063682-2007077719-983662776-513
Could not lookup sid S-1-5-21-2849063682-2007077719-983662776-513

# wbinfo -s S-1-5-21-2849063682-2007077719-983662776-513
CIFSTESTDOM#Domain Users 2


# /tmp/getcifsacl /mnt/smb_f/Makefile2
REVISION:0x1
CONTROL:0x9004
OWNER:BUILTIN\Administrators
GROUP:CIFSTESTDOM\Domain Users
ACL:CIFSTESTDOM\Domain Users:DENIED/0x0/D

Re: [Samba] samba 3 and active directory computers

2010-12-16 Thread Ben Cone 
Ok, I am going to tackle compiling samba from source and go from there.  I
have compiled a lot of other things including samba4 before from source on
Ubuntu so no big deal.  I was hoping for a different fix, but I'll go that
route and go from there.

On Thu, Dec 16, 2010 at 1:18 PM, Volker Lendecke
wrote:

> On Thu, Dec 16, 2010 at 10:32:15AM -0600, Ben Cone wrote:
> >
> > I will note that Samba installed from Ubuntu's repositories does not
> include
> > the file ntlmssp.c on my system.  I did grab a copy of the file, put it
> in
> > the proper place, restarted samba, and I see the same things in my logs.
> > The samba version from the repository is 3.4.7.
>
> Did you recompile Samba? I'm not sure, but from what you
> write sounds like you did not.
>
> If you want official Ubuntu repos with that patch, you need
> to contact Canonical support about this. You might also
> contact one of the companies listed under
> http://samba.org/samba/support to assist you to compile
> Samba for you.
>
> > I am still locked into how to make this work.  It reads that this seems
> not
> > to be a problem at all in Samba 6 and I am debating installing the latest
> > stable version of samba from source instead of aptitude.  Of course, that
> > means I don't get patches from Ubuntu for it but once I get this going I
> am
> > hoping to not have to do any real work on it again for a couple of years.
>
> That's a valid request. But apparently you found a but in
> what Ubuntu ships. One thing to look at might be to remove
> the "force group". If you can live without that, it might
> help you work around that bug.
>
> Volker
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3 and active directory computers

2010-12-16 Thread Volker Lendecke 
On Thu, Dec 16, 2010 at 10:32:15AM -0600, Ben Cone wrote:
> 
> I will note that Samba installed from Ubuntu's repositories does not include
> the file ntlmssp.c on my system.  I did grab a copy of the file, put it in
> the proper place, restarted samba, and I see the same things in my logs.
> The samba version from the repository is 3.4.7.

Did you recompile Samba? I'm not sure, but from what you
write sounds like you did not.

If you want official Ubuntu repos with that patch, you need
to contact Canonical support about this. You might also
contact one of the companies listed under
http://samba.org/samba/support to assist you to compile
Samba for you.

> I am still locked into how to make this work.  It reads that this seems not
> to be a problem at all in Samba 6 and I am debating installing the latest
> stable version of samba from source instead of aptitude.  Of course, that
> means I don't get patches from Ubuntu for it but once I get this going I am
> hoping to not have to do any real work on it again for a couple of years.

That's a valid request. But apparently you found a but in
what Ubuntu ships. One thing to look at might be to remove
the "force group". If you can live without that, it might
help you work around that bug.

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Your home directory is listed as :'home/xxxx' but it does not appear to exist

2010-12-16 Thread Gaiseric Vandal 
What is your client machine?   This sounds like a Linux client 
error. LDAP autofs tables point to a "home" directory that is not valid.



If your home dir is not mounted in linux of course you will get errors 
about files in home missing.


possible causes
 - typo in ldap autofs table
-  home directory does not exist OR is not shared (nfs server issue)
-   ldap/autofs configuration on linux client is in correct.


Log in to your linux workstation as root.  (maybe from a console rather 
than gui session.)  Type "su yourname" (not "su - yourname") then see if 
"cd /net/server//path_to_home_directories//yourname" is valid-  if it is 
then autofs is working.


Autofs on linux may require that an ldap proxy account account exists on 
the ldap server  (account info stored on client in /etc/ldap.conf and 
/etc/ldap.secret.)


On 12/16/2010 09:17 AM, Muqtadir Kamal wrote:

Hi all,

I had been trying to log in from my client machine in to the ldap+samba3.3
server machine, but i could not log on to the ldap+samba3.3 server machine
successfully. Everytime i tried to log on, it popped-up with three dialog
boxes one after another showing the messages as shown below inlcuded in
double quotes:

The first pop-up dialog box displayed the following messages in it:-

"Your home directory is listed as :'home/' but it does not appear to
exist. Do you  want to log in with the / (root) directory.. " with YES
and NO buttons.
After clicking on the YES button, the second pop-up window displayed  the
following messages:-"User's $HOME/.dmrc file is being ignored. This prevents
the default session and language from being saved. File should be owned by
user and have 644 permissions"

After clicking on the OK button, the third box has shown the following lines
:- \

"Your session only lasted less than  10 seconds. If you have not logged  out
yourself, this could mean some installtion problem or that you may be out of
disk space. Try logging in with one of the failsafe sessions to see if you
can fix this problem." It had also a check box associated with a combo box
with a many messages as listed below:
The chk box was ticked and had a label displaying "View Details
(~/.session-errors file).

Can any body let me know, how tom resolve these issues of permission denied
?


Pleasss help me in this
Regards



[global]
 workgroup = xxx
 server string = A PDC (xxx.net) Samba %v
 netbios name = 
 enable privileges = yes
 interfaces = xxx.xxx.xxx
 username map = /etc/samba/smbusers
 passdb backend = tdbsam:/etc/samba/passdb.tdb
 passdb backend = ldapsam:ldap://127.0.0.1
 printcap name = cups
;   printing = cups
 security = user
 log level = 3
 admin users = administra...@smbadmins
 time server = Yes
 wins support = Yes
 client lanman auth = yes
 wins support = Yes
 wins proxy = No
 lanman auth = yes
 ntlm auth = Yes

 log file = /var/log/samba/log.%m
 max log size = 10
 time server = Yes
 ldap passwd sync = Yes
 ldap ssl = off
 ldap admin dn = cn=samba,ou=Users,dc=xxx,dc=net
 ldap admin dn = cn=Manager,dc=xxx,dc=net
 ldap suffix = dc=xxx,dc=net
 ldap user suffix = ou=Users
 ldap user suffix = uid=User
 ldap user suffix = ou=People
 ldap group suffix = ou=Groups
 ldap idmap suffix = ou=Idmap
 ldap machine suffix = ou=Hosts
 ldap delete dn = Yes
 add user script = /usr/sbin/smbldap-useradd -m "%u"
 add machine script = /usr/sbin/smbldap-useradd -w "%u"
 add group script = /usr/sbin/smbldap-groupadd -p "%g"
 add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
 delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
 set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
 delete user script = /usr/sbin/smbldap-userdel "%u"
 delete group script = /usr/sbin/smbldap-groupdel "%g"



  logon path = \\%L\Profiles\%U
 #logon path = "
 #logon drive = H:
 logon drive =
 logon home =
 logon script = %U.bat
 logon script = logon.bat
 logon path =

 #name resolve order = host
 domain logons = Yes
 os level = 35
 preferred master = Yes
 domain master = Yes
 #local master = yes
 load printers = yes
 cups options = raw

 idmap uid = 15000-2
 idmap gid = 15000-2
 passwd program = /usr/bin/passwd '%u'
 unix password sync = no
 passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX
password*" %n\n "*Changing password for*\nNew password*" %n\n "*Retype new
password*" %n\n" "*updated successfully*"
 pam password change =

Re: [Samba] samba - xp -ad issue

2010-12-16 Thread Volker Lendecke 
On Wed, Dec 15, 2010 at 09:38:32AM -0500, Jim Flanigan wrote:
> I have a samba 3 server connected to an windows domain.
> All connections appear correct most of the users can
> connect via windows xp with no issue.  However there are a
> unlucky few whose work stations cannot connect.  All xp
> work stations are the same (at least as well as a large
> company can get). The user in question have ad accounts on
> the Linux server.  We use ad as the userid source and
> Kerberos authentication on the *nix machines.  So user I'd
> and passwords are not the issue.
> 
> The error received is that the network path is not
> available,  xp takes about 5 minutes to determine that the
> path is not available.  The issue does not appear to be
> location dependent.  Two users seated 10 feet from each
> other one will have the issue the other will not.  It
> appears as though the issue is workstation level.  I have
> turned on level of debugging info but nothing obvious
> stands out.
> 
> Are there an suggestions?

Probably doing network traces on the workstations is the
only way to sanely diagnose what's going on.
www.wireshark.org has the required software.

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3 and active directory computers

2010-12-16 Thread Ben Cone 
HmmmSame problem still.

I will note that Samba installed from Ubuntu's repositories does not include
the file ntlmssp.c on my system.  I did grab a copy of the file, put it in
the proper place, restarted samba, and I see the same things in my logs.
The samba version from the repository is 3.4.7.

I am still locked into how to make this work.  It reads that this seems not
to be a problem at all in Samba 6 and I am debating installing the latest
stable version of samba from source instead of aptitude.  Of course, that
means I don't get patches from Ubuntu for it but once I get this going I am
hoping to not have to do any real work on it again for a couple of years.

Ben

On Thu, Dec 16, 2010 at 4:01 AM, Volker Lendecke
wrote:

> On Wed, Dec 15, 2010 at 05:00:52PM -0600, Ben Cone wrote:
> > Installed Samba 3 with Winbind on Ubuntu server 10.04 x64.
> >
> > User accounts authenticate beautifully using the domain.  wbinfo -u and
> > wbinfo -g show me all of my domain user accounts and groups respectively.
> >
> > I want to use Active Directory to deploy software to the computers,
> however,
> > I cannot get the computers in active directory to be able to authenticate
> to
> > the Samba server.
> >
> > Here is what I have in my error logs.
> >
> > [2010/12/15 16:48:06,  3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
> >   Got user=[] domain=[] workstation=[IT-OFFICE2] len1=1 len2=0
>
> There's https://bugzilla.samba.org/show_bug.cgi?id=7817. You
> might want to try the attached patch which fixed it.
>
> With best regards,
>
> Volker Lendecke
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba upgrade HowTo requested

2010-12-16 Thread Peter Trifonov 
Hi Willy,

> Last weekend I decided to upgrade the samba server. We were running 
> Samba
> 3.3 something and FreeBSD portupgrade was complaining that this 
> version should be removed and assumingly replaced by the newest 
> version. I removed the package via portupgrade and installed the 3.5.6 
> version. The
Are you running  winbindd on this server? If yes, does it work properly?
In my case it failed to communicate group IDs to the system, so I had to
rollback to v. 3.4.9.

> And specifically for FreeBSD users: How should we deal with an upgrade of
samba via portupgrade?
I have upgraded it many times before, and in most cases it was just make
deinstall & make reinstall.  


With best regards,
P. Trifonov
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba upgrade HowTo requested

2010-12-16 Thread Willy Offermans 
Hello Peter,

On Thu, Dec 16, 2010 at 05:42:10PM +0300, Peter Trifonov wrote:
> Hi Willy,
> 
> > Last weekend I decided to upgrade the samba server. We were running
> > Samba
> > 3.3 something and FreeBSD portupgrade was complaining that this version
> > should be removed and assumingly replaced by the newest version. I
> > removed the package via portupgrade and installed the 3.5.6 version. The
> Are you running  winbindd on this server? If yes, does it work properly?
> In my case it failed to communicate group IDs to the system, so I had to
> rollback to v. 3.4.9.
> 
> > And specifically for FreeBSD users: How should we deal with an upgrade of
> samba via portupgrade?
> I have upgraded it many times before, and in most cases it was just make
> deinstall & make reinstall.  
> 
> 
> With best regards,
> P. Trifonov

Concerning your first question:

No, we are not running winbindd, so I cannot tell you if it might work.

To your second remark:

Well, it might be that it has worked in your case, but certainly not in
mine. I do not know what happened to the drivers or database of the drivers, but
something was really messed up. I like to clarify this and to put it on a
higher level. I like to figure out what the procedure is to follow and how
we can inform the users about this procedure.


-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,

Willy

*
W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: wi...@offermans.rompen.nl
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Your home directory is listed as :'home/xxxx' but it does not appear to exist

2010-12-16 Thread Muqtadir Kamal 
Hi all,

I had been trying to log in from my client machine in to the ldap+samba3.3
server machine, but i could not log on to the ldap+samba3.3 server machine
successfully. Everytime i tried to log on, it popped-up with three dialog
boxes one after another showing the messages as shown below inlcuded in
double quotes:

The first pop-up dialog box displayed the following messages in it:-

"Your home directory is listed as :'home/' but it does not appear to
exist. Do you  want to log in with the / (root) directory.. " with YES
and NO buttons.
After clicking on the YES button, the second pop-up window displayed  the
following messages:-"User's $HOME/.dmrc file is being ignored. This prevents
the default session and language from being saved. File should be owned by
user and have 644 permissions"

After clicking on the OK button, the third box has shown the following lines
:- \

"Your session only lasted less than  10 seconds. If you have not logged  out
yourself, this could mean some installtion problem or that you may be out of
disk space. Try logging in with one of the failsafe sessions to see if you
can fix this problem." It had also a check box associated with a combo box
with a many messages as listed below:
The chk box was ticked and had a label displaying "View Details
(~/.session-errors file).

Can any body let me know, how tom resolve these issues of permission denied
?


Pleasss help me in this
Regards



[global]
workgroup = xxx
server string = A PDC (xxx.net) Samba %v
netbios name = 
enable privileges = yes
interfaces = xxx.xxx.xxx
username map = /etc/samba/smbusers
passdb backend = tdbsam:/etc/samba/passdb.tdb
passdb backend = ldapsam:ldap://127.0.0.1
printcap name = cups
;   printing = cups
security = user
log level = 3
admin users = administra...@smbadmins
time server = Yes
wins support = Yes
client lanman auth = yes
wins support = Yes
wins proxy = No
lanman auth = yes
ntlm auth = Yes

log file = /var/log/samba/log.%m
max log size = 10
time server = Yes
ldap passwd sync = Yes
ldap ssl = off
ldap admin dn = cn=samba,ou=Users,dc=xxx,dc=net
ldap admin dn = cn=Manager,dc=xxx,dc=net
ldap suffix = dc=xxx,dc=net
ldap user suffix = ou=Users
ldap user suffix = uid=User
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Hosts
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"



 logon path = \\%L\Profiles\%U
#logon path = "
#logon drive = H:
logon drive =
logon home =
logon script = %U.bat
logon script = logon.bat
logon path =

#name resolve order = host
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
#local master = yes
load printers = yes
cups options = raw

idmap uid = 15000-2
idmap gid = 15000-2
passwd program = /usr/bin/passwd '%u'
unix password sync = no
passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX
password*" %n\n "*Changing password for*\nNew password*" %n\n "*Retype new
password*" %n\n" "*updated successfully*"
pam password change = yes
;   encrypt passwords = yes
;   guest ok = no
;   guest account = nobody
enable privileges = yes
wins support = Yes
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
valid users = %S
valid users = MYDOMAIN\%S

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes


[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
create mask = 0600
directory mask = 0700
# - smb.conf end -


-- 
Regards,
S.Muqtadir Kamal
System Administrator
mail.smka...@gmail.com
MOB No - 91 9948694665



-- 
Regards,
S.Muqtadir Kamal
System Administrator
mail.smka...@gmail.com
MOB No - 91 9948694665



-- 
Regards,
S.Muqtadir Kamal
System Administrator
mail.smka.

[Samba] Samba upgrade HowTo requested

2010-12-16 Thread Willy Offermans 
Dear Samba friends,

Last weekend I decided to upgrade the samba server. We were running Samba
3.3 something and FreeBSD portupgrade was complaining that this version
should be removed and assumingly replaced by the newest version. I removed
the package via portupgrade and installed the 3.5.6 version. The upgrade
went quite smoothly in general, but I encountered some difficulties with
the printer drivers.

Before the upgrade we were able to print on 4 printers. After the upgrade
only 1.5 printer was working. 1 Printer worked as expected, 1 printer
printed only garbage and 2 printers were not working at all. I only managed
to solve the problems by de-installing and re-installing the printer
drivers on the samba server. So somehow the databases in
/var/db/samba/*.tdb have been messed up. I do not know what went wrong in
detail and neither do I know how to prevent these kind of issues in the
next upgrade.

What is the procedure to upgrade samba to the newest version? How should
one proceed and what are the pitfalls? How should we deal with the printer
definitions and printer drivers? What should we in general do with the
database files, next to backup?

And specifically for FreeBSD users: How should we deal with an upgrade of
samba via portupgrade?

-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,

Willy

*
W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: wi...@offermans.rompen.nl
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem by using Samba 3 with Default User.v2 Profiles / Windows 7

2010-12-16 Thread Benjamin Dombrowsky 
Hello,

 

I?ve have the problem found.

 

In the smb.conf edit the follow entries:

 

[netlogon] 
guest ok = no 
browsable = no

 

To


[NETLOGON] 
guest ok = yes 
browsable = yes

 

And it work perfectly.

 

With Windows XP it works too, but it works also with the first entries!

 

 

Von: Cain, Marc [mailto:mc...@sccd.ctc.edu] 
Gesendet: Mittwoch, 15. Dezember 2010 21:53
An: Benjamin Dombrowsky
Cc: Cain, Marc
Betreff: Re: AW: [Samba] Problem by using Samba 3 with Default User.v2 Profiles 
/ Windows 7



 

Hi Benjamin,


 


Here's what I had to do to make the default user profile work: 

 


- Sysprep /generalize the source Windows 7 computer with the Copy To parameter 
enabled in the answer file.  This creates a valid Default profile on the client 
machine.


 


- Log on to the Windows 7 client machine and map a drive to Netlogon share as 
domain administrator


 


- Copy the default user profile from the client to the netlogn directory using 
the old WinXP method Default profile method (My Computer properties, Advanced 
tab, User profiles ... I can send you some screen shots if you're not familiar 
with this method).


 


- Rename the resulting folder in Netlogon share to Default User.V2


 


Hope that helps.


 


Marc


 


 

 


 


 


On Dec 15, 2010, at 12:43 PM, Benjamin Dombrowsky wrote:






 Hi,


 

thank's for your help, but I use the same path!


 

When i look into the smb log, I see that the client ist looking in the path 
"\\servername\netlogon\default user.v2"!


 

I see also that the client make anything with the NTUSER.dat, but nothing more, 
don't data copy or anything.


 

I have record the connection from client to server with wireshark, but no 
positive result.


 

Can it relate to with the registry entrys to join the domain?


 

I set:


 

HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0


 

Is it possible that the client can't connect on the right way to the Default 
User.v2 folder?


 

Thanks!


 

Regards,


Benjamin
 


-Ursprüngliche Nachricht-
An: samba@lists.samba.org; 
Von: Cain, Marc 
Gesendet: Mi 15.12.2010 20:43
Betreff: Re: [Samba] Problem by using Samba 3 with Default User.v2 Profiles / 
Windows 7

On Dec 15, 2010, at 10:18 AM, Benjamin Dombrowsky wrote:

> Hello Samba-Team,
> 
>  
> 
> I've a big problem by using Windows 7 and default user profiles.
> 
> I make a default user profile, named: "Default User.v"

The correct path is NETLOGON\Default User.v2

see:


http://support.microsoft.com/kb/973289
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


-
Diese Information ist ausschließlich für den Adressaten bestimmt und kann 
vertraulich oder gesetzlich geschützte Informationen enthalten. Wenn Sie nicht 
der bestimmungsgemässe Adressat sind, unterrichten Sie bitte den Absender und 
vernichten Sie diese Mail.
Anderen als dem bestimmungsgemässen Adressaten ist es untersagt, diese E-Mail 
weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Wir 
verwenden aktuelle Virenschutzprogramme und Content-Filter.
Für Schäden, die dem Empfänger gleichwohl durch von uns zugesandte mit Viren 
befallene E-Mails entstehen, schließen wir jede Haftung aus.
-
This e-mail and any attachments is confidential and solely intended for the 
indicated addressee. If you are not the intended recipient or an authorized 
person, please note, that any form of notice, disclosure, reproduction or 
circulation of the contents of this mail is prohibited. In this case, please 
immediately inform the sender of the e-mail an destroy this e-mail. We use 
updated antivirus protection software. We do not accept any responsibility for 
damages caused anyhow by viruses.
-
catWorkX GmbH: Sitz der Gesellschaft in Hamburg, HRB: 71494, USt-IdNr.: 
DE201625856, Geschäftsführung: Dipl. Kfm. Andreas Girnuweit, Dipl.-Ing. Oliver 
Groht, Dr. Wolfgang Tank 

 


 


 



-
Diese Information ist ausschliesslich fuer den Adressaten bestimmt und kann 
vertraulich oder gesetzlich geschuetzte Informationen enthalten. Wenn Sie nicht 
der bestimmungsgemaesse Adressat sind, unterrichten Sie bitte den Absender und 
vernichten Sie diese Mail.
Anderen als dem bestimmungsgemaessen Adressaten ist es untersagt, diese E-Mail 
weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Wir 
verwenden aktuelle Virenschutzprogramme und Content-Filter.
Fuer Schaeden, die dem Empfaenger gleichwohl durch von uns zugesandte mit Viren 
befallene E-Mails entstehen, schliessen wir jede Haftung aus.
- 
This e-mail and any attachments is confidential and solely intended for the 
indicated addressee. If you are not the intended recipient or an authorized 
person, please note, that any form of notice, disclosure, reproduction or 
circulation of the contents of this mail is prohibited. In this case, please 
immediately i

Re: [Samba] Samba slowness serving SAN-based GFS2 filesystems

2010-12-16 Thread Volker Lendecke 
On Tue, Dec 14, 2010 at 05:55:51PM -0500, Brett Klingensmith wrote:
> ***IS THERE SOME SORT OF SAMBA *LIMITATION *REGARDING *MANY LVM's w/ GFS2
> FILESYSTEMS ON 1 BIG LUN SPANNING MANY DISKS*?

No. Performance analysis sometimes is difficult, but as it
seems that the file system and lvm layout is the only thing
you changed, I would recommend contacting RedHat for
performance hints.

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3 and active directory computers

2010-12-16 Thread Volker Lendecke 
On Wed, Dec 15, 2010 at 05:00:52PM -0600, Ben Cone wrote:
> Installed Samba 3 with Winbind on Ubuntu server 10.04 x64.
> 
> User accounts authenticate beautifully using the domain.  wbinfo -u and
> wbinfo -g show me all of my domain user accounts and groups respectively.
> 
> I want to use Active Directory to deploy software to the computers, however,
> I cannot get the computers in active directory to be able to authenticate to
> the Samba server.
> 
> Here is what I have in my error logs.
> 
> [2010/12/15 16:48:06,  3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
>   Got user=[] domain=[] workstation=[IT-OFFICE2] len1=1 len2=0

There's https://bugzilla.samba.org/show_bug.cgi?id=7817. You
might want to try the attached patch which fixed it.

With best regards,

Volker Lendecke
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba printer management commands

2010-12-16 Thread Juan Asensio Sánchez 
Well, I realized that the script is not executed, neither the printer
created... I am stuck. This is the complete configuration:

[global]
unix charset = LOCALE
workgroup = 
netbios name = 
server string = Controlador de dominio %h de %D
passdb backend = ldapsam:ldaps://XXX
log level = 2
syslog = 0
log file = /var/log/samba/%m.trace
max log size = 1000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Opciones de gestión de recursos compartidos
add share command= /bin/bash /opt/ldap/samba/smb_share_add.sh
change share command = /bin/bash /opt/ldap/samba/smb_share_add.sh
delete share command = /bin/bash /opt/ldap/samba/smb_share_del.sh

# Opciones de gestión de impresión
add printer command= /bin/bash /opt/ldap/samba/smb_printer_add.sh
delete printer command = /bin/bash /opt/ldap/samba/smb_printer_del.sh
printcap cache time   = 60

logon script = logon.cmd
logon path =
logon home =
domain logons = Yes

os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
name resolve order = wins lmhosts hosts bcast

ldap admin dn = XXX
ldap group suffix = 
ldap machine suffix = XXX
ldap passwd sync = Yes
ldap suffix = X
ldap ssl = Off
template shell = /bin/bash
invalid users = root
map acl inherit = yes
ntlm auth = yes
enable privileges = yes

[homes]
comment = Directorio personal del usuario %u
root preexec = /bin/bash /opt/ldap/samba/mkhomedir.sh %u
read only = no


[printers]
comment = Impresoras
path = /var/spool/samba
printing = cups
printable = yes


[print$]
comment = Controladores de impresión
path = /var/lib/samba/printing
read only = no

Regards and thanks in advance.

El día 16 de diciembre de 2010 10:15, Juan Asensio Sánchez
 escribió:
> Hi
>
> I am trying to setup remote printer management commands, so the users
> could add and delete printers from "Printers" share of Samba in
> Windows. I have this script, that is launched using an administrator
> account, when I add a printer from there, using a new TCP/IP port:
>
> 
>
> #!/bin/bash
>
> {
>
>        
> ##
>        # Parámetros
>        
> ##
>
>        # Nombre de la impresora
>        LPNAME=$(echo "$1" | iconv -t ascii//translit | sed --regexp-extended
> 's/\s+/_/g')
>
>        # Nombre del recurso compartido
>        SHARENAME=$2
>
>        # Nombre del puerto
>        PORTNAME=$3
>
>        # Nombre del controlador
>        DRIVERNAME=$4
>
>        # Localización
>        LOCATION_OLD=$5
>
>        # Localización en Windows 95
>        LOCATIONWIN9X=$6
>
>        # Comprobar la sintaxis de la localización, y añadir el protocolo por
> defecto si no lo tiene
>        if [[ ! ${LOCATION_OLD} =~ ":/" ]]
>        then
>                LOCATION_NEW="lpd://${LOCATION_OLD}"
>        else
>                LOCATION_NEW="${LOCATION_OLD}"
>        fi
>
>        # Mostrar mensaje
>        echo "Añadiendo impresora. Nombre: $1 (${LPNAME}); recurso:
> ${SHARENAME}; puerto: ${PORTNAME}; driver: ${DRIVERNAME};
> localización: ${LOCATION_OLD} (${LOCATION_NEW}); localización Win9X:
> ${LOCATIONWIN9X}..."
>
>        # Añadir la impresora
>        /usr/sbin/lpadmin -p "${SHARENAME}" -D "${DRIVERNAME}" -E -v 
> "${LOCATION_NEW}"
>
>
>        # Recargar la configuración de Samba
>        /etc/init.d/smb reload
>
> } 2>&1 | logger -t SMB_PRINTER_ADD
>
> 
>
> The printer is recognized correctly in the wizard, but when I press
> the Finish button, i get ever "Access denied", although the printer
> has been created correctly in /etc/printcap. What am I doing wrong?
>
> Regards.
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba printer management commands

2010-12-16 Thread Juan Asensio Sánchez 
Hi

I am trying to setup remote printer management commands, so the users
could add and delete printers from "Printers" share of Samba in
Windows. I have this script, that is launched using an administrator
account, when I add a printer from there, using a new TCP/IP port:



#!/bin/bash

{


##
# Parámetros

##

# Nombre de la impresora
LPNAME=$(echo "$1" | iconv -t ascii//translit | sed --regexp-extended
's/\s+/_/g')

# Nombre del recurso compartido
SHARENAME=$2

# Nombre del puerto
PORTNAME=$3

# Nombre del controlador
DRIVERNAME=$4

# Localización
LOCATION_OLD=$5

# Localización en Windows 95
LOCATIONWIN9X=$6

# Comprobar la sintaxis de la localización, y añadir el protocolo por
defecto si no lo tiene
if [[ ! ${LOCATION_OLD} =~ ":/" ]]
then
LOCATION_NEW="lpd://${LOCATION_OLD}"
else
LOCATION_NEW="${LOCATION_OLD}"
fi

# Mostrar mensaje
echo "Añadiendo impresora. Nombre: $1 (${LPNAME}); recurso:
${SHARENAME}; puerto: ${PORTNAME}; driver: ${DRIVERNAME};
localización: ${LOCATION_OLD} (${LOCATION_NEW}); localización Win9X:
${LOCATIONWIN9X}..."

# Añadir la impresora
/usr/sbin/lpadmin -p "${SHARENAME}" -D "${DRIVERNAME}" -E -v 
"${LOCATION_NEW}"


# Recargar la configuración de Samba
/etc/init.d/smb reload

} 2>&1 | logger -t SMB_PRINTER_ADD



The printer is recognized correctly in the wizard, but when I press
the Finish button, i get ever "Access denied", although the printer
has been created correctly in /etc/printcap. What am I doing wrong?

Regards.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba