[Samba] remove machines from login list
Hi When adding a windows machine to a Samba domain: add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ The machine name (e.g. computer_1$) now appears in the kdm login list for Linux clients using kde4. This looks a mess and doesn't make sense. Can I add the machine without using 'useradd'? Or some other way to avoid this? Thanks Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] User longer than 20 characters can't join domain (windows 7 pro)
We are using samba 3.4.8. We have some pc's using OS Windows XP Pro dan others Windows 7 Pro. All of them can join and logon domain to samba PDC + LDAP. FYI, the windows 7 clients are already hacked at registry settings: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] DNSNameResolutionRequired=dword: DomainCompatibilityMode=dword:0001 When I am creating user account longer than 20 characters, eg. projcontrol.sect.head, something happens. On Windows XP Pro, that user can logon domain smoothly but on Windows 7 Pro the user can't logon domain. It takes some time waiting to logon then windows 7 says: The Local Session Manager service failed the logon. The data area passed to a system call is too small. Log samba for that pc: check_ntlm_password: Checking password for unmapped user [DOMAIN1]\[projcontrol.sect.head]@[NB110] with the new password interface [2011/11/10 14:05:36, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [DOMAIN1]\[projcontrol.sect.head]@[NB110] [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: projcontrol.sect.head [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/11/10 14:05:36, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/11/10 14:05:36, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/11/10 14:05:36, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2011/11/10 14:05:36, 3] auth/auth.c:271(check_ntlm_password) check_ntlm_password: sam authentication for user [projcontrol.sect.head] succeeded [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/11/10 14:05:36, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2011/11/10 14:05:36, 2] auth/auth.c:310(check_ntlm_password) check_ntlm_password: authentication for user [projcontrol.sect.head] - [projcontrol.sect.head] - [projcontrol.sect.head] succeeded [2011/11/10 14:05:36, 3] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 495 [2011/11/10 14:05:36, 3] smbd/pipes.c:325(pipe_write_andx_done) writeX-IPC nwritten=424 [2011/11/10 14:05:36, 3] smbd/process.c:1459(process_smb) Transaction 9 of length 63 (0 toread) [2011/11/10 14:05:36, 3] smbd/process.c:1273(switch_message) switch message SMBreadX (pid 31441) conn 0x2b356dc248a0 [2011/11/10 14:05:36, 3] smbd/pipes.c:435(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=664 [2011/11/10 14:05:52, 3] smbd/process.c:1459(process_smb) Transaction 10 of length 45 (0 toread) [2011/11/10 14:05:52, 3] smbd/process.c:1273(switch_message) switch message SMBclose (pid 31441) conn 0x2b356dc248a0 [2011/11/10 14:05:52, 3] smbd/reply.c:4488(reply_close) close fd=-1 fnum=7441 (numopen=1) [2011/11/10 14:06:06, 3] smbd/process.c:1459(process_smb) Transaction 11 of
Re: [Samba] User longer than 20 characters can't join domain (windows 7 pro)
On Fri, Nov 11, 2011 at 08:08:38AM +, Arief Yudhawarman wrote: We are using samba 3.4.8. We have some pc's using OS Windows XP Pro dan others Windows 7 Pro. All of them can join and logon domain to samba PDC + LDAP. FYI, the windows 7 clients are already hacked at registry settings: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] DNSNameResolutionRequired=dword: DomainCompatibilityMode=dword:0001 When I am creating user account longer than 20 characters, eg. projcontrol.sect.head, something happens. On Windows XP Pro, that user can logon domain smoothly but on Windows 7 Pro the user can't logon domain. https://bugzilla.samba.org/show_bug.cgi?id=7343 Known problem, very likely a Windows bug. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Copying paused under ctdb when the slave node is reboot
Hi, Experts I do the copying test with 2-nodes cluster under ctdb mode. A win2k3 client copies a big file to the share through the public ip of the master. During the copying, I reboot the slave node forcely. Then, the copying through the public ip of the master pause for about 10 sec. I wonder the ctdbd disturb the smbd. How the ctdbd communicate withe the smbd. Is the copying disturbed during the ctdbd recover? And how long is the smbd downtime? What is the factor of the downtime? e.g. node number, the stress on the master? -- Best Regards. Yu Liao -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba with ldap+TLS
Dear Bruno, Steve and Samba Friends, If I recall correctly, it is the username used to start smbd, which needs a ldaprc file with apropriate settings. In my case this is root and the file looks like: # # User specific LDAP settings # # Override global directive (if set) TLS_REQCERT demand # client authentication TLS_CERT /root/root.mydomain.com.pem TLS_KEY /root/keys/root.mydomain.com.key But you have to adapt it to your own needs. I hope this helps. On Mon, Nov 07, 2011 at 06:24:42PM +0100, Bruno MACADRE wrote: Hi, No, you don't need CA certificate on win clients 'cause they don't connect directly to the LDAP. Only your Samba server need CA certificate to connect to the LDAP using TLS. Regards, Bruno Le 07/11/2011 18:18, steve a écrit : Hi I know Linux clients need a CA certificate to authenticate via LDAP using TLS. What about win 7 and XP clients using a Samba server? Thanks Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, Willy * W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: wi...@offermans.rompen.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with a samba/kerberos configuration
Hi; I would like to use a configuration Samba/Kerberos with the parameters into the samba conf file : kerberos method = system keytab dedicated keytab file = /etc/keytab When running testparm receiving error Unknown parameter encountered: use kerberos keytab Ignoring unknown parameter use kerberos keytab error Unknown parameter encountered: kerberos method Ignoring unknown parameter kerberos method I use OpenSUse Linux 10 and the 3.0.6 version for Samba. Q : how resolve this problem ? I must change the Samba version in 3.54 or it exists another solution ? Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] remove machines from login list
On Fri, Nov 11, 2011 at 3:06 AM, steve st...@steve-ss.com wrote: add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ The machine name (e.g. computer_1$) now appears in the kdm login list for Linux clients using kde4. This looks a mess and doesn't make sense. Can I add the machine without using 'useradd'? Or some other way to avoid this? Not sure if this will help. I use the following script that's very similar: = add machine script = /usr/sbin/useradd -d /dev/null -g 'nofiles' -c 'Machine Account' -s /bin/false '%u' = I have a group named nofiles and the addition of -g 'nofiles' puts all machines in their own group so their gid is different than that that the users are in. If KDE gets possible user login accounts from a particular gid this may help. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba StartTLS
On 11/11/2011 08:31 AM, steve wrote: Hi Scenario: Lan with opensuse 11.4 Samba and LDAP server. Linux, win-xp and win7 clients. Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: Connect error Solved? Adding: TLS_REQCERT never to /etc/openldap/ldap.conf allows windows to connect to the samba domain with TLS. Can anyone comment on the security of this workaround? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba StartTLS
2011/11/11 steve st...@steve-ss.com: On 11/11/2011 08:31 AM, steve wrote: Hi Scenario: Lan with opensuse 11.4 Samba and LDAP server. Linux, win-xp and win7 clients. Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: Connect error Solved? Adding: TLS_REQCERT never to /etc/openldap/ldap.conf allows windows to connect to the samba domain with TLS. Can anyone comment on the security of this workaround? Thanks Or you can copy your servers' CA to your clients, in this case your samba server and use TLS_REQCERT hard Your solution works, but some other machine can impersonate your ldap server and your smb server will never know the difference. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba StartTLS
On 11/11/2011 08:23 PM, zoolook wrote: 2011/11/11 stevest...@steve-ss.com: On 11/11/2011 08:31 AM, steve wrote: Hi Scenario: Lan with opensuse 11.4 Samba and LDAP server. Linux, win-xp and win7 clients. Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: Connect error Solved? Adding: TLS_REQCERT never to /etc/openldap/ldap.conf allows windows to connect to the samba domain with TLS. Can anyone comment on the security of this workaround? Thanks Or you can copy your servers' CA to your clients, in this case your samba server and use TLS_REQCERT hard Your solution works, but some other machine can impersonate your ldap server and your smb server will never know the difference. Regards, Norberto Hi Thanks for the reply. But then I'm back to the samba not being able to use tls errors as above no? I made the workaround to get rid of the error. But I'll have a go. So, On a win 7 client, where do I put the CA cert? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] remove machines from login list
On 11/11/2011 07:23 PM, Chris Smith wrote: On Fri, Nov 11, 2011 at 3:06 AM, stevest...@steve-ss.com wrote: add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ The machine name (e.g. computer_1$) now appears in the kdm login list for Linux clients using kde4. This looks a mess and doesn't make sense. Can I add the machine without using 'useradd'? Or some other way to avoid this? Not sure if this will help. I use the following script that's very similar: = add machine script = /usr/sbin/useradd -d /dev/null -g 'nofiles' -c 'Machine Account' -s /bin/false '%u' = I have a group named nofiles and the addition of -g 'nofiles' puts all machines in their own group so their gid is different than that that the users are in. If KDE gets possible user login accounts from a particular gid this may help. Chris Hi Chris That makes sense. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mangle a character or forbid/prohibit it's use when creating files/folders
On Thu, Nov 10, 2011 at 11:41:00AM +, lejeczek wrote: hi everybody is it possible at all? Needs a code change to add your character to the list of illegal characters. Check out the FLAG_ILLEGAL set code in smbd/mangle_hash2.c. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users full name
Hi. On Thu, 2011-11-10 at 21:14 +0100, Gémes Géza wrote: 2011.11.10. 20:39 keltezéssel, Philippe LeCavalier írta: Hi everyone. What's the trick to get the users full name in the start menu? I used to think it was as simple as assigning it in the system account on the samba server but that doesn't seem to work. Just curious... Thanks, Phil Hi, It can be set with pdbedit -r -u username -f Full Name This seems to work. So to be clear; smbpasswd can't pull the account full name field? Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Adding Samba3/4 fileserver to samba4 domain
Hi! We've been trying to add a fileserver to our current samba4 test domain. The scenario is that we have several branch offices connected by low bandwith lines. So we want to have a fileserver locally handling home directories/profiles and stuff like that but a central DC handling logins, GPO and such. The DC (samba4) is up and running the way we would like it to but we're now stuck at phase 2: adding a fileserver to the mix. We've found bits and pieces on how to get this working like Franky (http://wiki.samba.org/index.php/Franky) and information about Winbind (http://www.justlinux.com/forum/archive/index.php/t-118512.html). We have not been succesful in putting all the pieces together though. Could you give any pointers on how this is supposed to be stitched together? Our solution now has been to install samba4 (alpha17) as a member server and then experimenting with the franky approach of using samba3 for the file server parts. We've managed to add the server to the domain as a member but can't seem to get authentication to flow through. Regards, /Dieter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba-3.6.1 release IPV6 issue
Dear Sir, I am trying to use the shared files from Windows 7 using IPV6 address. But I couldn't able to map or access it through V6 address, though I can access it through IPV4 address. I tried almost every thing whatever I did find on the internet community. I would be grateful to you if you could help me to make this working. If possible please provide all the steps including smb.conf and windows 7 settings if any thing require to be change for especially IPV6. Please note that I am trying with latest samba release Samba-3.6.1. Warm Regards, Prashant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] R: Re: Dos/Unix newline translating
on Debian it is possible that you are using the orginal VI. On RedHat you must be using ViM (VI Improved). Do you have vim on Debian ? --- Robert GRASSO System engineer CEDRAT S.A. 15 Chemin de Malacher - Inovallée - 38246 MEYLAN cedex - FRANCE Phone: +33 (0)4 76 90 50 45 - Fax: +33 (0)4 56 38 08 30 mailto:robert.gra...@cedrat.com - http://www.cedrat.com -Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] De la part de Riccardo Castellani Envoyé : 9 novembre 2011 11:56 À : jd...@yahoo.com; samba@lists.samba.org Objet : [Samba] R: Re: Dos/Unix newline translating But I have another server with RedHat and Samba 3.0.10 configured in the same way, but I can view correctly text files which I move to RedHat server. Messaggio originale Da: jd...@yahoo.com Data: 9-nov-2011 11.42 A: samba@lists.samba.orgsamba@lists.samba.org Ogg: Re: [Samba] Dos/Unix newline translating From: Riccardo Castellani ric.castell...@alice.it if I create a text file in my Windows XP client and I copy it to /temporary folder, then I open it by VI editor into my Debian server and I see '^M' at the end of every row. How can I solve problem ? Problem references to Dos/Unix newline translating ? Windows uses '\r\n' and Unix uses '\n'... Either configure your Windows text editor to use \n, or use dos2unix or use sed, etc... A simple google search would have pointed to you to something like: http://www.cyberciti.biz/faq/howto-unix-linux-convert-dos-newl ines-cr-lf-unix-text-format/ JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with kerberos method attribut
Hi; I would like to use a samba configuration with : dedicated keytab file = /etc/krb5.keytab kerberos method = system keytab security = ADS But when I test the configuration (testparm) I have the following error msg : Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: dedicated keytab file Ignoring unknown parameter dedicated keytab file Unknown parameter encountered: kerberos method Ignoring unknown parameter kerberos method I works on OpenSuse Linux version 10 and a samba version 3.0.36-0.5.5. Q : how resolve this problem ? Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba errors
Hi, We are trying to start and use Samba with a very simple configuration. We are just trying to connect to an existing Windows AD Domain and trying to mount filesystems from the AIX 5.3TL12 server to a Windows server. Can someone tell me what the error really means for nmbd and where should I start to look to resolve it? log.samba: smbd version 3.5.8 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2011/11/06 18:41:53.813636, 0] smbd/server.c:1165(main) standard input is not a socket, assuming -D option log.nmdb: Failed to open nmb bcast socket on interface 10.66.239.239 for port 137. Error was Can't assign requested address [2011/11/06 18:42:07.034770, 0] nmbd/nmbd.c:963(main) ERROR: Failed when creating subnet lists. Exiting. smb.conf: [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = FMSAD # server string is the equivalent of the NT Description field server string = IR/CMD KROC Samba Server # Security mode. Defines in which mode Samba will operate. Possible # values are share, user, server, domain and ads. Most people will want # user level security. See the Samba-HOWTO-Collection for details. security = domain # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this ; load printers = yes # you may wish to override the location of the printcap file ; printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, cups, sysv, plp, lprng, aix, hpux, qnx ; printing = cups smb.conf 276 lines, 9810 characters ;[printers] ; comment = All Printers ; path = /usr/spool/samba ; browseable = no # Set public = yes to allow user 'guest account' to print ; guest ok = no ; writable = no ; printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the staff group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = no ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %U option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 [clearcase] path = /usr/clearcase/ccstg public = yes writable = yes Thanks, Keith Stevens - This E-mail and its attachments (if any) are intended solely for the use of the addressee(s) and may contain sensitive but unclassified information. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including
[Samba] move to Idmap with ldap
I have a functioning samba ldap setup. I'm using smbldap-tools and I want to move to using Idmap as a backend. Currently Ldap looks like: dc=domain,dc=org +--ou=Computers,dc=domain,dc=org -- --uid=name$,ou=Computers,dc=domain,dc=org +--ou=Groups,dc=domain,dc=org -- --cn=group,ou=Groups,dc=domain,dc=org +--ou=Idmap,dc=domain,dc=org +--ou=Users,dc=domain,dc=org -- --uid=name,ou=Users,dc=domain,dc=org Currently Idmap is empty, and all the other entries hold computer accounts, user accounts and group listings as expected. I have all the built in accounts in Users and Groups. Looking at the configs on the samba wiki for Idmap, it doesn't look like I have to do much to move over. What goes in the Idmap container? do I have to move the users, computer and groups under that entry? Do new users get created within that container? I couldn't find a howto for specifically what I'm looking for. Any advice would be great, thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] move to Idmap with ldap
From: Caleb O'Connell ca...@privacyassociation.org Date: Thu, 10 Nov 2011 12:59:47 -0500 I have a functioning samba ldap setup. I'm using smbldap-tools and I want to move to using Idmap as a backend. (snip) Currently Idmap is empty, and all the other entries hold computer accounts, user accounts and group listings as expected. If you are building Samba as PDC, Idmap is never used unless you use ldapsam:editposix (with Winbind) instead of smbldap-tools. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with kerberos method attribut
From: djamel boussebha dbousse...@yahoo.fr Date: Thu, 10 Nov 2011 15:25:38 + (GMT) I would like to use a samba configuration with : dedicated keytab file = /etc/krb5.keytab kerberos method = system keytab security = ADS But when I test the configuration (testparm) I have the following error msg : Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: dedicated keytab file Ignoring unknown parameter dedicated keytab file Unknown parameter encountered: kerberos method Ignoring unknown parameter kerberos method I works on OpenSuse Linux version 10 and a samba version 3.0.36-0.5.5. Q : how resolve this problem ? Both kerberos method and dedicated keytab file are introduced at Samba 3.4.0. You use too old version. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba-3.6.1 release IPV6 issue
From: Prashant Kashyap pkash...@ikanos.com Date: Tue, 8 Nov 2011 17:56:33 +0530 I am trying to use the shared files from Windows 7 using IPV6 address. But I couldn't able to map or access it through V6 address, though I can access it through IPV4 address. (snip) If possible please provide all the steps including smb.conf and windows 7 settings if any thing require to be change for especially IPV6. 1st: map an IPv6 address to a hostname using hosts file or DNS. 2nd: connect to the server with \\hostname syntax. AFAIK, you cannot specify IPv6 address directly. That's Windows' design. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2011-11-11-2027/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2011-11-11-2027/samba3.stderr http://git.samba.org/autobuild.flakey/2011-11-11-2027/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2011-11-11-2027/samba4.stderr http://git.samba.org/autobuild.flakey/2011-11-11-2027/samba4.stdout The top commit at the time of the failure was: commit 29b5a95b1f85f1e7493fb6be4ea5eaf7931d9c23 Author: Amitay Isaacs ami...@gmail.com Date: Fri Nov 11 15:29:35 2011 +1100 py_passdb: Cannot steal an item pointer from an array Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Fri Nov 11 12:04:33 CET 2011 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 691fb36 s4: Simple test script to create lots of contacts to stress the LDB via 7c9b3cd s4-librpc: do not limit to the first IP when trying to do a rpc connection via 5d18e57 s4-socket: allow connect_multi_next_socket to try all the IP for a given host from 29b5a95 py_passdb: Cannot steal an item pointer from an array http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 691fb365f8405d92a269abcef1028aa648d12580 Author: Matthieu Patou m...@matws.net Date: Fri Nov 11 19:01:54 2011 +0100 s4: Simple test script to create lots of contacts to stress the LDB Autobuild-User: Matthieu Patou m...@samba.org Autobuild-Date: Fri Nov 11 22:02:53 CET 2011 on sn-devel-104 commit 7c9b3cdcf79088ff284d2383676d3f26ae42f8fb Author: Matthieu Patou m...@matws.net Date: Thu Nov 10 20:59:09 2011 +0100 s4-librpc: do not limit to the first IP when trying to do a rpc connection The function continue_ip_resolve_name was calling resolve_name_recv which returns only the first IP for a given hostname. Instead we use resolve_name_multiple_recv which returns all the IP for a given hostname. This kind of problem can occur if a host has more than 1 IP but is listenning only on 1. commit 5d18e57bec9db9444ae738c24ef63b21e3197a77 Author: Matthieu Patou m...@matws.net Date: Thu Nov 10 15:36:22 2011 +0100 s4-socket: allow connect_multi_next_socket to try all the IP for a given host This fix an incorrect behavior which was that if a host has 2 IP but was listening on only 1 (and the second one) connect_multi_next_socket was not able to connect because it used only the first result. --- Summary of changes: source4/lib/socket/connect_multi.c | 33 ++- source4/librpc/rpc/dcerpc_sock.c | 32 +++--- .../devel/{chgtdcpass = addlotscontacts} | 43 +-- 3 files changed, 84 insertions(+), 24 deletions(-) copy source4/scripting/devel/{chgtdcpass = addlotscontacts} (59%) mode change 100755 = 100644 Changeset truncated at 500 lines: diff --git a/source4/lib/socket/connect_multi.c b/source4/lib/socket/connect_multi.c index 5358606..2b926c8 100644 --- a/source4/lib/socket/connect_multi.c +++ b/source4/lib/socket/connect_multi.c @@ -33,7 +33,8 @@ overall state */ struct connect_multi_state { - struct socket_address *server_address; + struct socket_address **server_address; + unsigned num_address, current_address, current_port; int num_ports; uint16_t *ports; @@ -125,14 +126,18 @@ static void connect_multi_next_socket(struct composite_context *result) struct composite_context *creq; int next = multi-num_connects_sent; - if (next == multi-num_ports) { + if (next == multi-num_address * multi-num_ports) { /* don't do anything, just wait for the existing ones to finish */ return; } + if (multi-current_address == multi-num_address) { + multi-current_address = 0; + multi-current_port += 1; + } multi-num_connects_sent += 1; - if (multi-server_address == NULL) { + if (multi-server_address == NULL || multi-server_address[multi-current_address] == NULL) { composite_error(result, NT_STATUS_OBJECT_NAME_NOT_FOUND); return; } @@ -141,13 +146,14 @@ static void connect_multi_next_socket(struct composite_context *result) if (composite_nomem(state, result)) return; state-result = result; - result-status = socket_create(multi-server_address-family, SOCKET_TYPE_STREAM, state-sock, 0); + result-status = socket_create(multi-server_address[multi-current_address]-family, + SOCKET_TYPE_STREAM, state-sock, 0); if (!composite_is_ok(result)) return; - state-addr = socket_address_copy(state, multi-server_address); + state-addr = socket_address_copy(state, multi-server_address[multi-current_address]); if (composite_nomem(state-addr, result)) return; - socket_address_set_port(state-addr, multi-ports[next]); + socket_address_set_port(state-addr, multi-ports[multi-current_port]); talloc_steal(state, state-sock); @@ -157,12 +163,13 @@ static void connect_multi_next_socket(struct composite_context *result) if (composite_nomem(creq, result)) return; talloc_steal(state, creq); + multi-current_address++; composite_continue(result, creq, continue_one, state); - /* if there are more ports to go then setup a timer to fire when we have waited + /* if there are more ports / addresses to go then setup a timer to fire when