[Samba] Windows Clients Can't join a Samba-OpenLDAP Domain (bad passwod after 30 seconds)
Hi, I'm testing with a samba pdc openldap and I'm a bit confused of what I'm doing wrong. I have read some samba documentation and followed samba/openldap tutorials successfully , but I'm absolutely a novice. The problem is that when I'm trying to join the domain on windows machines and I put an Administrator user/password it says me that credentials are incorrect. When I try to find samba logs I get: lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was El otro extremo de la conexión no está conectado lib/access.c:check_access(327) Connection denied from 0.0.0.0 lib/util_sock.c:write_data(562) write_data: write failure in writing to client 0.0.0.0. Error Conexion reinicializada por la máquina remota lib/util_sock.c:send_smb(761) Error writing 5 bytes to client. -1. ( Error Conexion Reinicializada por la máquina remota) I've read that I can add "smb ports = 139" to conf file but if I add this line I see no logs and the result is the same. Currently I have OpenLDAP and LAM working fine, and I used smbldap-tools without problems Can anyone help me?? Regards. Pere. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Using local Windows and AD accounts with SAMBA
Question about shares and ADS vs. local Windows accounts. I have a NAS (linux/samba based) set in ADS mode. If I'm logged into the domain with user1/pass1, I can access shares. If I log into the Windows machine locally with the same credentials, I can't access the shares. I have another older NAS (linux based) where I can, so I'm thinking it must be some setting in the samba.conf file, or else something has been changed in SAMBA's AD implementation. e.g./clarification A share that is accessible to "user1" when he logs in to the domain is not accessible to "user1" when he logs into the same computer locally (using the same username and password). Is there any way to change this? Thanks for any help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smb_filetype_to_mode : filetype out of range
Hello, I have a problem with a NAS. I have mounted the NAS with : smbmount //ip_nas//folder_name /mnt/disque When i list the content of this folder (ls -l /mnt/disque), i have this message : smb_filetype_to_mode : filetype out of range : 12336 It lists the folder with strange names, for instance : 5?? cationd r The biggest file in this folder is an image disc file of 2Gbytes. Thanks for your futures answers En quelques secondes, créez-vous une autre adresse mail ! http://mail.voila.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdb_open_ex is floding my log.nmbd
Hi I have this entries so many time in my log.nmbd tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2307,197455) is already open in this process [2008/06/23 23:45:00, 1] lib/util_tdb.c:tdb_log(664) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2307,197455) is already open in this process [2008/06/23 23:45:00, 1] lib/util_tdb.c:tdb_log(664) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2307,197455) is already open in this process [2008/06/23 23:45:00, 1] lib/util_tdb.c:tdb_log(664) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2307,197455) is already open in this process [2008/06/23 23:45:01, 1] lib/util_tdb.c:tdb_log(664) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2307,197455) is already open in this process [2008/06/23 23:45:01, 1] lib/util_tdb.c:tdb_log(664) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2307,197455) is already open in this process [2008/06/23 23:45:01, 1] lib/util_tdb.c:tdb_log(664) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2307,197455) is already open in this process [2008/06/23 23:45:01, 1] lib/util_tdb.c:tdb_log(664) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2307,197455) is already open in this process [2008/06/23 23:50:08, 1] lib/util_tdb.c:tdb_log(664) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2307,197455) is already open in this process [2008/06/23 23:50:08, 1] lib/util_tdb.c:tdb_log(664) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2307,197455) is already open in this process [ I have seen this on my few samba servers. I.Piasecki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming profile & f-secure problem
Hi, are there any know problems with f-secure scanner and roaming profiles? We have a lot of users with problems syncing their roaming profile from the domain server. It seems to be a problem with f-secure's on-access scanning (may be timeout problem?). Some users have to login three or four times, before getting their roaming profile and not the default profile. System: 3.0.24-6etch9 Ciao, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [3.0.28,1/smb.conf] Can't hide dot files
veto files = /.??*/ Gilles wrote: Hello I set up Samba 3.0.28,1 on a FreeBSD 6.3 host. I'd like users _not_ to see the hidden dot files in directories, but "hide dot files" doesn't work, no matter whether I put it in [global] or [homes]: == [global] workgroup = WORKGROUP netbios name = Samba hosts allow = 192.168.0. 127. log file = /var/log/samba/log.%m max log size = 50 socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 hide dot files = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No hide dot files = yes == Any idea why? Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to convert local profile to server profile
Hello List, i have set up a Samba PDC and it is running smoothly. Now i would like to convert my Windows Vista Profile (which i have been using locale for months now) to a server profile. How i tried to solve this or convert the profile: 1) In the system properties of Vista you can "change" the type of the user profile. Unfortinatelly the server based profile is greyed out at my user. Even if i log into vista with the administrator user. 2) I added my username to the pdc, logged in and off again (to make sure the permissions of the profile folder is okay). Now a server based naked profile exists. Then i have deleted its content and copied ALL files from my local VIsta profile into my pdc users profile folder. When i now log in my Vits box still does not use the server profile. How can i convert a local profile to a server baed one? How does this work for XP and Vista? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can't use Swat to add new user
Using Centos 4.6 + Samba/Swat 3.0.25b, all used binary install Swat work fine at port 901 (and even using behind stunnel), and can edit smb.conf. But at 'Password' page, after typed in 'User Name', 'New Password', ' Re-type New Password' at 'Server Password Management' section, it shown no message and even can't add new user to samba/linux system. (used 'root' to login already) Is it needed to add 'add user script'/'delete user script' value at smb.conf? Coz currently had not added those value at samba conf file . Thank for helping. ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] IDMAP: migrating from a single PDC to a PDC and some Member Servers
Hi, I am migrating a Samba 3.0.28 ( Slackware 12.0 ) that is a single PDC, to a PDC with domain members and/or BDC. This single PDC is plugged in a central switch and I have a lot of computer's rooms, in different ethernet segments, all them using switches and routers to reach this PDC. ( Something like this: PDC -> central switch -> router -> switch -> workstations ) Motivations: (1 phase) distribute the load of authentications (2 phase) distribute the load of roaming profiles (3 phase) distribute the load of home directories. I am using (now) OpenLDAP, smbldap-tools, padl nss_ldap and nscd. ( There are some issues with WXP workstations, but they are for other email ) Everybody is authenticating from Windows (WXP) and all my users are in LDAP. Every user has its own roaming profile and its own home dir. Everything is in the PDC, that runs smbd and nmbd and nfs for some Linux workstations. Well, rereading the manuals ( official docs ) I have some doubts about idmap( for awhile) In my situation now ( single one PDC ), I don't need idmap translation, because Samba will get UID/GID from LDAP and because there is just one server. Is it right? ( this PDC is using values: idmap uid = 10 000-20 000 and idmap gid 10 000-20 000. I have (now) more than 16000 uids in the LDAP database ( some were excluded ). So, if I need IDMAP, 10 000-20 000 range would be not enough, right? What consequences will result if I change (now) idmap-uid from default value to, lets say, 10 000 000 - 20 000 000 ? Will existing users have problems with their file permissions? I have to change it (now) ? I am stuck. :-| To migrate to a PDC/BDC/Domain members or to PDC/Domain members, will be enough just to set all PDC/BDC/Domain Members to use the same LDAP database, and all using nss_ldap/nscd, __without__ winbind? I mean, all servers will use the same LDAP ( I know I can have slave LDAP servers). I know I will have to change smb.conf to give to each server the correct role in the structure. I have already seen references in the docs about this issue. In this context, will I need idmap to translate SID/UID/GID or using the same LDAP with nss_ldap will be enough? I am stuck in it. Could somebody give me some directions to help me to give the next step? Thank you. Best regards, Freitas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] recycle module creates empty files (0 KB)
Am Freitag, den 22.02.2008, 01:05 +0100 schrieb Marcus Sobchak : > Am Donnerstag, den 21.02.2008, 17:40 +0100 schrieb Marcus Sobchak : > > Hi, > > > > I have a strange behaviour when creating new files. When opening word, > > excel, ppt or txt to create a new document (e.g. I use the word icon on > > the desktop to start word) and save the file to the home share H: an > > empty (0 KB) file with the same name as the saved document is created in > > the trash folder. Why this second empty file in the trash folder? > > > > Going directly to the home share H: and create a new document using > > right mouse click "new / word document" and save to H: no empty file is > > found in the trash folder. Strange? > > I found this message in the list with a patch to fix this problem using > the recycle:minsize parameter > > http://lists.samba.org/archive/samba-technical/2006-July/048054.html > > After looking to the source of the Debian package 3.0.24-6etch9 is seems > that the minsize feature doesn't come with the 3.0.24 version. Is there > a patch for version 3.0.24? I've tested the path against debian's samba version and it seems to be stable :-) To avoid empty (0 KB) files I set minsize to the minimum of 1 byte: recycle: minsize = 1 Thanks SATOH Fumiyasu for the patch and helping, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] recycle module creates empty files (0 KB)
Am Donnerstag, den 21.02.2008, 17:40 +0100 schrieb Marcus Sobchak : > Hi, > > I have a strange behaviour when creating new files. When opening word, > excel, ppt or txt to create a new document (e.g. I use the word icon on > the desktop to start word) and save the file to the home share H: an > empty (0 KB) file with the same name as the saved document is created in > the trash folder. Why this second empty file in the trash folder? > > Going directly to the home share H: and create a new document using > right mouse click "new / word document" and save to H: no empty file is > found in the trash folder. Strange? I found this message in the list with a patch to fix this problem using the recycle:minsize parameter http://lists.samba.org/archive/samba-technical/2006-July/048054.html After looking to the source of the Debian package 3.0.24-6etch9 is seems that the minsize feature doesn't come with the 3.0.24 version. Is there a patch for version 3.0.24? Ciao! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] recycle module creates empty files (0 KB)
Am Donnerstag, den 21.02.2008, 17:57 -0500 schrieb Charles Marcus: > Marcus Sobchak <[EMAIL PROTECTED]>, on 2/21/2008 11:40 AM, said the > following: > > I have a strange behaviour when creating new files. When opening word, > > excel, ppt or txt to create a new document (e.g. I use the word icon on > > the desktop to start word) and save the file to the home share H: an > > empty (0 KB) file with the same name as the saved document is created in > > the trash folder. Why this second empty file in the trash folder? > > It may something to do with the way Windows/Office works. > > When you create a new file or open an existing one, it creates a weird > hidden file with ~ at the beginning of the name, then deletes this when > the file is saved/closed. It just happens when creating a new file using "save as" to share H: I've already excluded ~$* and *.tmp files. The empty file in the trash folder seems not to be a temporary file. Ciao! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] recycle module creates empty files (0 KB)
Hi, I have a strange behaviour when creating new files. When opening word, excel, ppt or txt to create a new document (e.g. I use the word icon on the desktop to start word) and save the file to the home share H: an empty (0 KB) file with the same name as the saved document is created in the trash folder. Why this second empty file in the trash folder? Going directly to the home share H: and create a new document using right mouse click "new / word document" and save to H: no empty file is found in the trash folder. Strange? Here is my config running on 3.0.24-6etch9 Samba: [...] recycle: repository=Trash recycle: keeptree=True recycle: versions=True recycle: touch=True recycle:exclude = *.tmp *.temp *.o *.obj ~$* *.~?? [...] Any help is welcome! Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba doesn't accept groups?
Hi you all! this is my strange problem of the day! I use Debian stable, linux 2.6.18-5-686, samba Version 3.0.24. Here's my smb.conf [global] workgroup = NO1KNOWS realm = NO1KNOWS bios name = PBT server string = Rob's Samba dns proxy = no os level = 64 log file = /var/log/samba/log.%m max log size = 50 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX spassword:* %n\n . password server = 127.0.0.1 ; pam password change = no socket options = TCP_NODELAY SO_SNDBUF=8192 local master = yes domain master =yes preferred master = yes domain logons = yes hosts allow = 127.0.0.1 192.168.3.2/32 192.168.3.3/32 192.168.3.4/32 192.168.3.9/32 192.168.3.22/32 192.168.3.93/32 192.168.2.93/3\ 2 logon path = \\%L\profiles\%u\%m logon script = logon.bat logon drive = H: logon home = \\%L\%u\.win_profile\%m time server = yes logon home = \\%L\%U\.profile add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false %u [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon read only = yes write list = @admin guest ok = no writable = no share modes = no browsable = no [homes] comment = Home Directories read only = no browseable = no writable = yes create mask = 0600 directory mask = 0700 guest ok = no map archive = yes [Tutto] path = /tutto writable = yes create mask = 0750 directory mask = 0750 browseable = yes read only = no guest ok = no [Condivisa] path = /condivisa writable = yes create mask = 0777 directory mask = 0777 browseable = yes read only = no guest ok = no [EMAIL PROTECTED]:~$ smbmount //pbt3/Condivisa /home/rob/Condivisa -o username=rob,password=ZZ,uid=rob,gid=ufficio [EMAIL PROTECTED]:~$ but this is what i get: pbt:~# smbstatus WARNING: The "printer admin" option is deprecated Samba version 3.0.24 PID Username Group Machine --- 20761 rob rob 192.168.3.93 (192.168.3.93) Service pid machine Connected at --- Tutto20761 192.168.3.93 Wed Feb 20 12:18:10 2008 Condivisa20761 192.168.3.93 Wed Feb 20 12:17:58 2008 No locked files pbt:~# It seems it doesn't accept GID. any help? tnx in adv. signature.asc Description: Questa è una parte del messaggio firmata digitalmente -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] understanding the ldap backend
Hello List, i am trying to understand the LDAP-backend i just set up. Maybe someone can help me a little understanding the whole magic. In smb.conf i have my smbldap-tools scripts: # use the smbldap-tools scripts add user script = /usr/sbin//smbldap-useradd -m "%u" delete user script = /usr/sbin//smbldap-userdel "%u" add machine script = /usr/sbin//smbldap-useradd -w "%u" add group script = /usr/sbin//smbldap-groupadd -p "%g" delete group script = /usr/sbin//smbldap-groupdel "%g" add user to group script = /usr/sbin//smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin//smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin//smbldap-usermod -g "%g" "%u" and some ldap specific stuff: passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=example,dc=net ldap suffix = dc=example,dc=net ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users idmap backend = ldap://127.0.0.1 #ldap ssl = start tls ldap delete dn = Yes 1.) Now how does the authentification excatly work? Does samba talk directly to the ldap database and verifies user/password? 2.) I guess changing/deleting passwords/users is beeing made by the smblda-tools. 3.) How does samba get the user ids? By contacting the ldap database directl again? 4.) How does samba get he user/group of files and folders? By nss? 5.) Has samba got anything to do with nss/libnss-ldap? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Convert Profile from Local to Roaming
Hi Rubin, Rubin Bennett schrieb: - Original Message - From: [EMAIL PROTECTED] Sent: Mon, 2/18/2008 12:30pm To: samba@lists.samba.org Subject: [Samba] Convert Profile from Local to Roaming Hello List, i have set up my samba domain controller now and it works like a charm. Now i would like to use my (Local) Vista profile as a domain profile. How can i convert my local profile to a roaming one so that it gets saved on my domain server? I would like to acomplish this with Vista and XP Clients. Thanks, Mario Right click My Compter -> Properties -> Advanced -> User Profiles (Settings?) Click on the profile you want to convert, select "Change Type", select "Roaming", OK, log off and back on. "Roaming" is greyed out, so i can´t change it. (this is vista) I am logged in as administrator and try to change a users profile from local to roaming. Any further ideas? Thanks, Mario Note that large profiles can add a significant amount of time to logon and logoff operations... Rubin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Convert Profile from Local to Roaming
Hello List, i have set up my samba domain controller now and it works like a charm. Now i would like to use my (Local) Vista profile as a domain profile. How can i convert my local profile to a roaming one so that it gets saved on my domain server? I would like to acomplish this with Vista and XP Clients. Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] vscan module: looking for a quick virus scanner?
Hi, which virus scanner is a good choice to use with VFS vcan module on a samba 3.0.24 with 350 users? I played with clamd. It's working, but the scanning seems to be quite slow. :-( I searched the web, but couldn't find any good performance tests for linux antivirus scanners. The scanner should run as daemon, not just as command line scanner. Any ideas? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles
Hello Adam, thank you for your information. I got it working and it works like a charm! Can i exclude or include some folders for the roaming syncronisation? E.g. i do not want the "My Music" folder to be stored on the server. By Default EVERYTHING from "c:\documents and settings" directory will be transfered from and to the server, right? Thanks, Mario Adam Williams schrieb: windows xp/samba looks at the timestamp on NTUSER.DAT in your c:\documents and settings directory and the \\server\profiles\username share on the server, whichever is newer is what gets loaded. XP caches log in credentials, so you are on the road using your notebook with your cached profile. the timestamp on NTUSER.DAT is newer then when you are back on your local network, so your profile on your notebook is loaded, and when you log out, this newer profile is written to the file server. its not that confusing, have your server domain logins = yes, os level = 33, and setup the logon path, logon drive, and logon home settings, and creat /var/lib/samba/profiles and /var/lib/samba/netlogon directories. look at examples 2.3.7 and 2.3.8 in the official samba 3.2.x howto and reference guide pdf. [EMAIL PROTECTED] wrote: Hello List, i would like to use a Laptop in my Samba Network (PDC). Where can i read up on roaming profiles and how to get it working? My aim is that u can just unplug my laptop from my network, travel around the world and plug it back in. It should then NOT load the saved profile from the server and overwrite my changes i did offline. Can someone recommend a easy and good to read howto? The Samba Manual was rather confising :) Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] roaming profiles
Hello List, i would like to use a Laptop in my Samba Network (PDC). Where can i read up on roaming profiles and how to get it working? My aim is that u can just unplug my laptop from my network, travel around the world and plug it back in. It should then NOT load the saved profile from the server and overwrite my changes i did offline. Can someone recommend a easy and good to read howto? The Samba Manual was rather confising :) Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Weird reproduceable delta after power failure - PDC
Hello List, i am using Ubuntu Server 6.06 with the smbldap installer script from majen.net/smbldap/ I am using VMWare to run my test systems (Ubuntu server and Windows Domain Clients) After producing a power supply failure (stopping my Ubuntu and windows client by the stop button in vmware) and starting them up again i can see a delta in my ldap database: Before Power failure: -- uidNumber: 1 sambaSID: S-1-5-21-2308582080-1758763575-3976210704-21000 sambaPwdCanChange: 1201212116 sambaNTPassword: C880093E1682DA079892FF7FF2AEA911 sambaPwdLastSet: 1201212116 After Power failure: -- uidNumber: 10005 sambaSID: S-1-5-21-2308582080-1758763575-3976210704-21010 sambaPwdCanChange: 1201260229 sambaNTPassword: 2446CE7E7D8B196756E40E80B5EC3A13 sambaPwdLastSet: 1201260229 I did not manually change those properties and i wonder who or why they changed. The result is that my windows client can not log into the domain anymore. I have to remove it fro the domain and add it again. Has anyone an idea why this is _automatically_ happening? Do you need more infos? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] Bug? "inherit acls" not working as expected
Well, I'll try using default acls. But from what I remember what ls -l is showing is not what you call "unix rights" for the owner group but the mask value given by getfacl, so that you can see what are the maximum rights on that file without having to do a getfacl. If I give rx rights for the group smb-Users on test1 it inherits rx rights on test2 as expected, but if I give no rights for the group smb-Users on test1 it gets rwx on test2 somehow. [EMAIL PROTECTED] a écrit : not sure that you are right. Samba use both unix right and posix acl right. the directory test1 have unix right that autorise smb-Users to access-it. And you cancel it with acl entry => the smb-users group have no right. But you not have default acl entry, if you spec default acl entry with the same right that the acl entry, all directory created under test will take the value described by default acl entry. Else take the unix value. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 04/01/2008 15:40:47 : Hello I'm running Debian Etch with distro kernel & Samba package (2.6.18-5-686 & 3.0.24-6etch9). In my smb.conf I have : inherit owner = yes inherit permissions = yes inherit acls = yes I start with a dir test1 with no rights for group smb-Users, rx for group smb-Inf, and rwx for group smb-Bme-Fr : [EMAIL PROTECTED]:/mnt/temp # ll total 28 drwxr-xr-x 4 root root 4096 2008-01-04 15:08 . drwxr-xr-x 4 root root 29 2008-01-04 14:38 .. drwx-- 2 root root 16384 2008-01-04 14:37 lost+found drwxrwx---+ 2 root smb-Users 4096 2008-01-04 15:25 test1 [EMAIL PROTECTED]:/mnt/temp # getfacl test1/ # file: test1 # owner: root # group: smb-Users user::rwx group::--- group:smb-Inf:r-x group:smb-Bme-Fr:rwx mask::rwx other::--- >From a Windows XP client with a user member of the group smb-Bme-Fr I create a dir test2 in dir test1, then I have : [EMAIL PROTECTED]:/mnt/temp # ll test1/ total 20 drwxrwx---+ 3 root smb-Users 4096 2008-01-04 15:26 . drwxr-xr-x 4 root root 4096 2008-01-04 15:08 .. drwxrwx---+ 2 root smb-Users 4096 2008-01-04 15:26 test2 [EMAIL PROTECTED]:/mnt/temp # getfacl test1/test2/ # file: test1/test2 # owner: root # group: smb-Users user::rwx group::rwx group:smb-Inf:r-x group:smb-Bme-Fr:rwx mask::rwx other::--- The group smb-Users should have no rights on test2, inherited from the test1 dir, but it has rwx. A user belonging to smb-Users and smb-Inf has rwx access and he should have just rx. I'm using XFS on my Samba server, I tried with ext3 with same results. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and CUPS accouting with HP 1320
Hi, I've problems to get accounting information for print jobs. I'm using samba and CUPs on debian etch. For the HP 1320 printer I use this PPD: http://openprinting.org/foomatic-db/db/source/PPD/HP/HP_LaserJet_1320_Series.ppd Which PS print driver do I have to use at windows client side? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: XFS and inherit permissions bug?
Hello
I've seen nothing new on the Samba mailing list about this one, is there
a plan to make this an official patch?
This could also probably be considered a security issue and be
integrated in the Debian package?
David Disseldorp a écrit :
> Hi
>
> On Fri, 09 Nov 2007 15:05:22 +0100
> "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>
>
> Finally got to the bottom of this one. To sum it up, the setgid bit is lost
> by XFS under certain circumstances when performing acl_set_file() as non
> root during inherit_access_acl().
>
> This is different to how EXT3 behaves in this case - setgid remains.
>
> Samba 3.0.24 source/smbd/vfs.c:
> 370 int vfs_MkDir(connection_struct *conn, const char *name, mode_t mode)
> 371 {
> 372 int ret;
> 373 SMB_STRUCT_STAT sbuf;
> 374
> 375 if(!(ret=SMB_VFS_MKDIR(conn, name, mode))) {
> 376
> 377 inherit_access_acl(conn, name, mode);
>
> After this there is a check whether any high mode bits are lost (setgid):
>
> 384 if(mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) &&
> 385 !SMB_VFS_STAT(conn,name,&sbuf) && (mode &
> ~sbuf.st_mode))
> 386 SMB_VFS_CHMOD(conn,name,sbuf.st_mode | (mode &
> ~sbuf.st_mode));
>
> Only problem is the SMB_VFS_CHMOD does a chmod_acl() which eventually ends up
> calling acl_set_file(), and where back to where we started ;)
>
> Anyhow this patch for 3.0.24 should fix the setgid inheritance problem:
>
> - start patch -
> Index: samba-3.0.24.vanilla/source/smbd/posix_acls.c
> ===
> --- samba-3.0.24.vanilla.orig/source/smbd/posix_acls.c 2007-11-02
> 11:12:05.338179162 +1100
> +++ samba-3.0.24.vanilla/source/smbd/posix_acls.c 2007-11-22
> 17:09:31.351873317 +1100
> @@ -3450,7 +3450,12 @@
> if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
> goto done;
>
> + /*
> +* high mode bits (SGID) may be lost if acl_set_file is not run as
> root
> +*/
> + become_root();
> ret = SMB_VFS_SYS_ACL_SET_FILE(conn, to, SMB_ACL_TYPE_ACCESS,
> posix_acl);
> + unbecome_root();
>
> done:
> - end patch -
>
> The XFS team are looking into the issue. Thanks again for your bug report.
>
> Cheers, Dave
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Bug? "inherit acls" not working as expected
Hello I'm running Debian Etch with distro kernel & Samba package (2.6.18-5-686 & 3.0.24-6etch9). In my smb.conf I have : inherit owner = yes inherit permissions = yes inherit acls = yes I start with a dir test1 with no rights for group smb-Users, rx for group smb-Inf, and rwx for group smb-Bme-Fr : [EMAIL PROTECTED]:/mnt/temp # ll total 28 drwxr-xr-x 4 root root 4096 2008-01-04 15:08 . drwxr-xr-x 4 root root 29 2008-01-04 14:38 .. drwx-- 2 root root 16384 2008-01-04 14:37 lost+found drwxrwx---+ 2 root smb-Users 4096 2008-01-04 15:25 test1 [EMAIL PROTECTED]:/mnt/temp # getfacl test1/ # file: test1 # owner: root # group: smb-Users user::rwx group::--- group:smb-Inf:r-x group:smb-Bme-Fr:rwx mask::rwx other::--- >From a Windows XP client with a user member of the group smb-Bme-Fr I create a dir test2 in dir test1, then I have : [EMAIL PROTECTED]:/mnt/temp # ll test1/ total 20 drwxrwx---+ 3 root smb-Users 4096 2008-01-04 15:26 . drwxr-xr-x 4 root root 4096 2008-01-04 15:08 .. drwxrwx---+ 2 root smb-Users 4096 2008-01-04 15:26 test2 [EMAIL PROTECTED]:/mnt/temp # getfacl test1/test2/ # file: test1/test2 # owner: root # group: smb-Users user::rwx group::rwx group:smb-Inf:r-x group:smb-Bme-Fr:rwx mask::rwx other::--- The group smb-Users should have no rights on test2, inherited from the test1 dir, but it has rwx. A user belonging to smb-Users and smb-Inf has rwx access and he should have just rx. I'm using XFS on my Samba server, I tried with ext3 with same results. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Big problems with 3.0.24-6etch6 Debian packages
Hi, Am Dienstag, den 27.11.2007, 09:58 +0100 schrieb Marco De Vitis: > Hi, > I'm using Samba as a PDC with roaming profiles on a Debian Etch machine, > the clients are Windows XP/2000 machines. > > I just installed security upgrades with aptitude, and this upgraded all > samba 3.0.24-6etch4 packages to 3.0.24-6etch6 (except for samba-doc > which was upgraded to 3.0.24-6etch7). > Immediately after the upgrade, my users could not load their profiles at > login anymore. Errors popped out regarding problems loading > insignificant files from their profiles, such as cookies, links to > recently opened files, Java cache files, etc. > This caused Windows to open up a new temporary profile, making everyone > lose their settings. PANIC!! > > I now downgraded back to all 3.0.24-6etch4 packages, and things seem to > be working fine again. > > What's happening with Samba packages for Debian Etch? > I saw a security announce yesterday by Steve Kemp, but it's a bit > confusing, for Etch it lists some 6etch6 packages and some 6etch7 others. > Are the current packages broken? > > And... is there anyone officially working on more up-to-date Samba > packages for Debian Etch? Or will we have to live with 3.0.24 until the > next Debian stable upgrade? >From time to time we still have broken profiles although I've downgraded our machine back to a working debian package on 27th Nov. to avoid more damage. At the moment a samba 3.0.24-6etch9 is installed. But it seems that the broken samba package has crashed the profiles of those users, which were logged in when the broken package was installed. Those users have problems to load their profiles. At the first login the default profile is loaded, because the client has problems to sync files from the server. The user has to log out and start a second login, which works fine then. In some hard cases we have to remove the local and the server profile to get it working again. Any idea how to fix this? It's a kind of horror the get up to ten calls a day to fix roaming profiles. Ciao! Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ExcludeProfileDirs and broken roaming profiles
Hi, since rolling out roaming profiles, some user profiles are growing very fast. I like to keep the profiles small and think about changing ExcludeProfileDirs default settings in Software\Microsoft\Windows NT \CurrentVersion\Winlogon by System Policies to remove caches, cookies, recent and other "useless" stuff. Which paths could be excluded without "killing" the benefits of roaming profiles? Could your send me your settings and/or a working .adm? A second problem which comes up one or two times a day - and doesn't depend on the size of the profiles - are broken profiles at the _first_ login. In most cases Thunderbird and Firefox paths couldn't be loaded and the user is droped to the "Default User" profile. At a second login everything works fine and the profile could be loaded without problems. Thanks, Marcus system information: samba3.0.24-6etch9 samba-common 3.0.24-6etch9 [profile$] comment = Network Profiles Service path = /vol/profiles read only = no create mask=0600 directory mask=0770 hide files = /desktop.ini/Desktop.ini/ntuser.ini/NTUSER.*/ Debian etch: Linux 2.6.18-5-686 #1 SMP Wed Oct 3 00:12:50 UTC 2007 i686 GNU/Linux client side: 100% WinXP SP2, F-Secure 7.10 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] uploading printer driver using APW changes printer share name
Hi, I've set up a printer called "UREW-EDV" using the cups webinterface. After that an enumprinters give the following output: rpcclient $> enumprintershp LaserJet 1320 PCL 6 flags:[0x80] name:[\\server\UREW-EDV] description:[\\server\UREW-EDV,,Netzwerkdrucker-EDV] comment:[Netzwerkdrucker-EDV] Next step is uploading a driver using APW: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html#id388469 This works fine, but afterwards the name of the printer is changed to the name _of the driver_ (in this case from "UREW-EDV" to "hp LaserJet 1320 PCL 6"): rpcclient $> enumprinters flags:[0x80] name:[\\server\hp LaserJet 1320 PCL 6] <- ??? description:[\\server\hp LaserJet 1320 PCL 6,hp LaserJet 1320 PCL 6,Netzwerkdrucker-EDV] comment:[Netzwerkdrucker-EDV] Now the printer is shown as "hp LaserJet 1320 PCL 6" under \\server -> "Printer and Faxes". Why that? To correct this I have to open the printer properties and set the name back to "UREW-EDV" manually. Without this correction the PrintandPoint feature for this printer doesn't work. It took me a hole night to figure this out. Is this a normal behaviour or is this my mistake? System info: samba3.0.24-6etch8 samba-common 3.0.24-6etch8 cupsys 1.2.7-4etch1 cupsys-bsd 1.2.7-4etch1 cupsys-client1.2.7-4etch1 cupsys-common1.2.7-4etch1 libcupsimage21.2.7-4etch1 libcupsys2 1.2.7-4etch1 [global] . load printers = yes printing = cups printcap name = cups [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes public = no writable = no create mode = 0700 [print$] comment = Drucker Treiber path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no write list = root Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] blocked ports 445 and 139 make printer-shares very slow
Am Samstag, den 01.12.2007, 08:06 +0100 schrieb Helmut Hullen: > Hallo, Marcus, > > Du (lists) meintest am 30.11.07: > > > here is a part of the samba log for the connecting WinXP client to > > the local samba domain, trying to open the spool for a print share. > > Port 445 is blocked by the WinXP client, so samba can't connect, > > which seems to be the reason for aboved slow behavior at client side. > > > > > [2007/11/30 23:07:49, 2] lib/access.c:check_access(323) > > Allowed connection from (192.168.239) > > [2007/11/30 23:07:49, 2] lib/access.c:check_access(323) > > Allowed connection from (192.168.239) > > [2007/11/30 23:07:57, 1] lib/util_sock.c:open_socket_out(896) > > timeout connecting to 192.168.239:445 > ^a ^b ^c ^port > > Where ist the 4th byte of the ip address? Ups, sorry, just I typo. Didn't want to post my public IPs. All IPs are correct. Ciao! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] I have got a problem.Pls help me:D
hi every body. i try to connect samba (pdc) from win xp machine.But i did not do it. i have got a error message in log file: [2007/11/30 21:08:28, 0] lib/util_sock.c:get_peer_addr(1232) getpeername failed. Error was Transport endpoint is not connected [2007/11/30 21:08:28, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 192.168.1.7. Error Connection reset by peer [2007/11/30 21:08:28, 0] lib/util_sock.c:send_smb(769) Error writing 4 bytes to client. -1. (Connection reset by peer) how i fix it? i use; fedora core 8 openldap myhosting.com - Premium Microsoft® Windows® and Linux web and application hosting - http://link.myhosting.com/myhosting -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] blocked ports 445 and 139 make printer-shares very slow
Am Freitag, den 30.11.2007, 17:58 +0100 schrieb Marcus Sobchak : > Hi, > > do ports 445 and 139 (incoming) have to be open for the samba server's > IP on WinXP client side (all WinXP clients are using netbios over > TCP/IP)? F-Secure 7.10 blocks all incoming microsoft-ds (445) and > netbios-ssn (139) by default, which ends up in very slow printer-shares > behaviour (for example opening the properties or the spool window of a > samba-printer takes up to 30 seconds). > > For testing I opened ports 445 and 139 in the F-Secure firewall for the > IP of the samba server. This pushes the samba-print shares to a very > good speed at WinXP client side. Could someone explain that to me > please? here is a part of the samba log for the connecting WinXP client to the local samba domain, trying to open the spool for a print share. Port 445 is blocked by the WinXP client, so samba can't connect, which seems to be the reason for aboved slow behavior at client side. [2007/11/30 23:07:49, 2] lib/access.c:check_access(323) Allowed connection from (192.168.239) [2007/11/30 23:07:49, 2] lib/access.c:check_access(323) Allowed connection from (192.168.239) [2007/11/30 23:07:57, 1] lib/util_sock.c:open_socket_out(896) timeout connecting to 192.168.239:445 [2007/11/30 23:08:06, 1] lib/util_sock.c:open_socket_out(896) timeout connecting to 192.168.239:139 [2007/11/30 23:08:06, 1] libsmb/cliconnect.c:cli_connect(1369) Error connecting to 192.168.239 (Die Operation wird bereits ausgef [2007/11/30 23:08:06, 1] libsmb/cliconnect.c:cli_start_connection(1430) cli_start_connection: failed to connect to VM-RC01<20> (192.168.239) [2007/11/30 23:08:06, 2] rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2551) spoolss_connect_to_client: connection to [VM-RC01] failed! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] blocked ports 445 and 139 make printer-shares very slow
Hi James, thanks for your answer. Am Freitag, den 30.11.2007, 13:54 -0500 schrieb James Kosin: > Marcus Sobchak <[EMAIL PROTECTED]> wrote: > > > > do ports 445 and 139 (incoming) have to be open for the samba server's > > IP on WinXP client side (all WinXP clients are using netbios over > > TCP/IP)? F-Secure 7.10 blocks all incoming microsoft-ds (445) and > > netbios-ssn (139) by default, which ends up in very slow printer-shares > > behaviour (for example opening the properties or the spool window of a > > samba-printer takes up to 30 seconds). > > > > For testing I opened ports 445 and 139 in the F-Secure firewall for the > > IP of the samba server. This pushes the samba-print shares to a very > > good speed at WinXP client side. Could someone explain that to me > > please? > > > (1) You don't want to open file sharing from the internet, you should > really restrict either to the local IP range on your private-network or > rethink your plan. Either get a hardware firewall or a good hardware > router to help restrict your network from the outside. I don't have the plan to open F-Secure's firewall on each XP client on ports 139 and 445 to the whole network (0.0.0.0), just to the single IP of the local samba server. This should not be a big security risk. Please correct me if I'm wrong! > (2) You need to have at least one of those ports open 139 or 445 on > your network. You can have both as well. 139 and 445 are the back ends > for the NETBIOS protocol. I'm sure someone will correct me here, but > basically without it things will get very sluggish. Yes, right, but this doesn't explain to me in detail, why especially the printing shares do work very slowly if ports 139 and 445 are blocked for incoming traffic. Every thing else like domain login, roaming profiles and share mapping works very well?! Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] blocked ports 445 and 139 make printer-shares very slow
Hi, do ports 445 and 139 (incoming) have to be open for the samba server's IP on WinXP client side (all WinXP clients are using netbios over TCP/IP)? F-Secure 7.10 blocks all incoming microsoft-ds (445) and netbios-ssn (139) by default, which ends up in very slow printer-shares behaviour (for example opening the properties or the spool window of a samba-printer takes up to 30 seconds). For testing I opened ports 445 and 139 in the F-Secure firewall for the IP of the samba server. This pushes the samba-print shares to a very good speed at WinXP client side. Could someone explain that to me please? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Point-and-Print driver problems with unprivileged users on XP
Hi, Am Montag, den 26.11.2007, 23:50 +0100 schrieb Marcus Sobchak : > I've problems to install printer drivers as a normal user with > unprivileged rights on WinXP in a samba 3.0.24 domain (debian etch) > using the "Point-and-Print" mechanism. I've read Volker Lendecke's Samba > book on page 131 footnote 1, which mention to enable "point and print". > Which reg keys do I have to set to install drivers by "Point and Print"? > I've set keys like described in > > http://support.microsoft.com/kb/319939/en > > but this does not work? Installing the drives from the print$ share > working as domain admin works works fine. Therefore I think, I've > forgotten to set some rights on the local XP machine. I disabled point and print restriction. Don't want to send an exported reg key to the list. See attached screeenshot. Ciao! Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] access to samba shares through the web
Hi, I'm looking for a good and stable webclient to access to my samba share through a webinterface. I found SSLBridge Samba Web Client [1]. Any experiences with this software or other ideas? Ciao! Marcus [1] http://sourceforge.net/projects/sbrdg/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Big problems with 3.0.24-6etch6 Debian packages
Am Dienstag, den 27.11.2007, 09:58 +0100 schrieb Marco De Vitis: > Hi, > I'm using Samba as a PDC with roaming profiles on a Debian Etch machine, > the clients are Windows XP/2000 machines. > > I just installed security upgrades with aptitude, and this upgraded all > samba 3.0.24-6etch4 packages to 3.0.24-6etch6 (except for samba-doc > which was upgraded to 3.0.24-6etch7). > Immediately after the upgrade, my users could not load their profiles at > login anymore. Errors popped out regarding problems loading > insignificant files from their profiles, such as cookies, links to > recently opened files, Java cache files, etc. > This caused Windows to open up a new temporary profile, making everyone > lose their settings. PANIC!! > > I now downgraded back to all 3.0.24-6etch4 packages, and things seem to > be working fine again. > > What's happening with Samba packages for Debian Etch? > I saw a security announce yesterday by Steve Kemp, but it's a bit > confusing, for Etch it lists some 6etch6 packages and some 6etch7 others. > Are the current packages broken? > > And... is there anyone officially working on more up-to-date Samba > packages for Debian Etch? Or will we have to live with 3.0.24 until the > next Debian stable upgrade? We have exactly the same problem here. Greets from hell, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Point-and-Print driver problems with unprivileged users on XP
Hi, I've problems to install printer drivers as a normal user with unprivileged rights on WinXP in a samba 3.0.24 domain (debian etch) using the "Point-and-Print" mechanism. I've read Volker Lendecke's Samba book on page 131 footnote 1, which mention to enable "point and print". Which reg keys do I have to set to install drivers by "Point and Print"? I've set keys like described in http://support.microsoft.com/kb/319939/en but this does not work? Installing the drives from the print$ share working as domain admin works works fine. Therefore I think, I've forgotten to set some rights on the local XP machine. smb.conf: [global] load printers = yes printing = cups printcap name = cups [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes public = no writable = no create mode = 0700 [print$] comment = Drucker Treiber path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no write list = root, ntadmin Cheers, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SETGID not being inherited
Hello If you're using XFS it's "normal" - there is a bug. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: XFS and inherit permissions bug?
Hello
Here are some more informations.
General infos on my Samba configuration
###
The server is a Debian Etch with distro kernel & Samba package
(2.6.18-5-686 & 3.0.24-6etch4).
Users shell is set to /bin/false, they are only accessing this server
through Samba.
All files are owned by user root (Administrator) and group
smb-Administrators (Domain Admins). The basic rights are rwx for root
and smb-Administrators and nothing for other.
The inherit permissions parameter is set in smb.conf for Administrator
user and Domain Admins group to have access to all the files, the
inherit owner is set to have all files owned by user root, and all
folders are setgid to have all files owned by group smb-Administrators.
The users get their access rights using acls and the inherit acls
parameter is set in smb.conf.
The windows attributes (archive, hidden and system) are stored in
extended attributes.
Reproducing the problem
###
In the base dir of one of my shares I have:
[EMAIL PROTECTED]:~ # ll /srv/samba/data_inf/
total 436
drwxrws---+ 7 root smb-Administrators .
drwxr-xr-x 16 root root ..
drwxrws---+ 11 root smb-Administrators ARCHIVES_INF
drwxrws---+ 5 root smb-Administrators BROUILLON_INF
-rw-rwx---+ 1 root smb-Administrators DCI-INF-L-001-F.xls
drwxrws---+ 10 root smb-Administrators ESPACE_INF
drwxrws---+ 6 root smb-Administrators ESPACE_INF_PUBLIC
drwxrws---+ 2 root smb-Administrators MODELES_INF
[EMAIL PROTECTED]:~ # getfacl /srv/samba/data_inf/
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/data_inf
# owner: root
# group: smb-Administrators
user::rwx
group::rwx
group:smb-Inf:rwx
group:smb-Bme-Fr:r-x
mask::rwx
other::---
>From a Windows client I create a new dir test1:
[EMAIL PROTECTED]:~ # ll /srv/samba/data_inf/
total 440
drwxrws---+ 8 root smb-Administrators .
drwxr-xr-x 16 root root ..
drwxrws---+ 11 root smb-Administrators ARCHIVES_INF
drwxrws---+ 5 root smb-Administrators BROUILLON_INF
-rw-rwx---+ 1 root smb-Administrators DCI-INF-L-001-F.xls
drwxrws---+ 10 root smb-Administrators ESPACE_INF
drwxrws---+ 6 root smb-Administrators ESPACE_INF_PUBLIC
drwxrws---+ 2 root smb-Administrators MODELES_INF
drwxrwx---+ 2 root smb-Administrators test1
[EMAIL PROTECTED]:~ # getfacl /srv/samba/data_inf/test1/
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/data_inf/test1
# owner: root
# group: smb-Administrators
user::rwx
group::rwx
group:smb-Inf:rwx
group:smb-Bme-Fr:r-x
mask::rwx
other::---
The test1 dir is owned by the group smb-Administrators because the . dir
is setgid, but it is not setgid.
>From a Windows client I create a new dir test2 in dir test1:
[EMAIL PROTECTED]:~ # ll /srv/samba/data_inf/test1/
total 16
drwxrwx---+ 3 root smb-Administrators 18 2007-11-09 14:37 .
drwxrws---+ 8 root smb-Administrators 4096 2007-11-09 14:33 ..
drwxrwx---+ 2 root smb-DomainUsers 6 2007-11-09 14:37 test2
[EMAIL PROTECTED]:~ # getfacl /srv/samba/data_inf/test1/test2/
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/data_inf/test1/test2
# owner: root
# group: smb-DomainUsers
user::rwx
group::rwx
group:smb-Inf:rwx
group:smb-Bme-Fr:r-x
mask::rwx
other::---
The test2 dir is owned by group smb-DomainUsers (Domain Users) that is
the primary group of all users.
my smb.conf
###
#=== Global Settings ===
[global]
netbios name = data
workgroup = bme-fr
server string = Samba %v
smb ports = 139 445
domain master = yes
preferred master = yes
wins support = yes
name resolve order = wins bcast hosts
time server = yes
interfaces = eth1, lo
bind interfaces only = yes
Debugging/Accounting
# One logfile per client
log file = /var/log/samba/log.%m
# Minimum logs in syslog, logs go to /var/log/samba/log.{smbd,nmbd}
syslog = 0
log level = 1
max log size = 1000
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
### Authentication ###
security = user
encrypt passwords = true
domain logons = yes
passdb backend = tdbsam
username map = /etc/samba/smbusers
guest account = nobody
map to guest = bad password
## Printing ##
disable spoolss = yes
### File sharing
browseable = no
read only = yes
guest ok = no
inherit owner = yes
inherit permissions = yes
inherit acls = yes
map archive = no
map hidden = no
map system = no
store dos attributes = yes
unix charset = utf8
dos charset = 850
Misc
# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_R
[Samba] remove machine account automatically
Hi, is there a way to remove a machine account (passwd and tdbsam) automatically like adding a machine using add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %u Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication Question; WAS: installing Samba as non-root user
See comments below. On 9/26/07, Adam Tauno Williams <[EMAIL PROTECTED]> wrote: > > > > Considering I am running this daemon as a non-root user, I am not sure > how > > this works, or if it's even possible. I had another user map her home > > directory by tunneling to my server, and it worked, however she did not > have > > write access to her home directory. I have added her as a Samba user, > using > > smbpasswd. > > Again, it's not clear to me how the authentication is actually > happening, > > Samba authentication and behavior are VERY well documented - RTFM. It's amazing how indignant people get when they think someone hasn't done his homework. I've read the man pages in depth, and the official HOWTO. Unless I overlooked something, no where does it explain the authentication in the kind of detail that is necessary to understand if there's a way to have multiple users have proper access to their home directories when the daemon is not being run as root. > even if I were to be running the daemon as root. Since you can add a > Samba > > user with smbpasswd with a password other than their Linux or Unix > password, > > how is it truly authenticating the user? > > Not "can add a Samba user with smbpasswd", *must* "add a Samba user with > smbpasswd". That password is used for authenticating users, and unless > you are using some kind of mapping there must be a correspondingly named > user available from NSS. All this is explained in the manual. Of course I know this. But I was simpling stating that the Samba password need not be the same as the Unix pasword (hence the use of the word "can"..."with a password other than"). This is VERY simple English - LTFL (learn the language). And even your statement is not true, as you can use unencrypted password authentication which will authenticate via traditional Unix /etc/passwd, bypassing the need of smbpasswd. All this is explained in the manual. > In the case of running the daemon > > as root, are all actions done by root on behalf of the actual user? But > it > > appears, per the smb.conf man page, that upon every Samba connection, a > new > > daemon is spawned for the user of the client that established that > > connection. It would then seem that all share accesses are being made > by > > the actual user, as it should be, rather than through root. > > A non-root Samba probably can't change it's own privileges or effective > user id. This is one of the many reasons your configuration will not > work. Samba must run as root or your going to have to jump through > endless machinations. Yeah, unfortunately I was hoping that by going to the unencrypted password authentication that other users would have full access to their respective home directories. Afterall, the authentication did in fact work for other users, despite the smbd daemon running as non-root. I was hoping that the subsequent daemon processes that are spawned as a result of another user's connection, would be run as that user. But they were run as me, which makes it obvious how they would not have write access to their files. This makes it clear that the assumption is that smbd is run as root, and that allowed access is done by root on behalf of the user (or that by running smbd as root, this allows subsequent daemons to be run as the user who established the connection). Regards, Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] setting Profile Path with pdbedit
Hi, I'v problems to set the profile path using pdbedit. The profile should be saved into the %a directory (e.g. WinXP), like set in smb.conf global section: logon path = \\server\profile$\%U\%a If I set the path like pdbedit myusername -p "\\\server\profile$\myusername" the profile is not saved in e.g. WinXP subdir if working on a XP Client. New created users have the correct path, which looks like: Profile Path: \\server\profile$\anotherusername\UNKNOWN "UNKNOWN" seems to be the placeholder for %a. How to I set this by hand? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authentication Question; WAS: installing Samba as non-root user
I've played around with this some more. Ideally I'd like to have other users in my group map their home directories using the samba server that I have daemonized on my Linux machine, as some don't have their own Linux boxes. Considering I am running this daemon as a non-root user, I am not sure how this works, or if it's even possible. I had another user map her home directory by tunneling to my server, and it worked, however she did not have write access to her home directory. I have added her as a Samba user, using smbpasswd. Again, it's not clear to me how the authentication is actually happening, even if I were to be running the daemon as root. Since you can add a Samba user with smbpasswd with a password other than their Linux or Unix password, how is it truly authenticating the user? In the case of running the daemon as root, are all actions done by root on behalf of the actual user? But it appears, per the smb.conf man page, that upon every Samba connection, a new daemon is spawned for the user of the client that established that connection. It would then seem that all share accesses are being made by the actual user, as it should be, rather than through root. If this is true, how then is the user really being authenticated, since never is the Linux password being provided (just the smb password)? Because it would seem that I could set up a user map file to map my Windows username to someone else's Linux username. I could then add that Linux username to Samba using smbpasswd and pick some password for me to know. This would then allow me to access his files. Of course this doesn't work (because I've tried it), so either some true Linux authentication is happening in the background (but how could it without providing it the user's Linux password), or are all share accesses being done by root on behalf of the user, and the assumption is that root would setup the Samba configuration to never allow the kind of unwarranted access that I've described. If the latter is true, then is there anyway to have Samba authenticate a user by checking against the regular Linux password and not the Samba smbpasswd? Essentially, since I am not running the daemon as root, I would need an authentication mechanism that is somehow detached from from local non-root daemon, such as an external authentication server. If all else fails, I suppose I can have each user install Samba in a public directory on my Linux box (again, since not everyone has his own Linux machine) and launch an individual daemon with their Linux user account to be run on my machine, each with a different port number. This is quite convoluted, which is why I'm hoping someone can offer a solution. Thanks, Ben On 9/25/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi, > > I was able to actually get this to work! I successfully mapped my Linux > home directory within Windows on a non-root smb install. > > I was able to get smbd to run OK with the non-standard ports. > > I then needed to do ssh tunneling to forward port 139 on a Windows > Loopback Network device to the non-standard port of 1139 on my Linux box. I > used a method similar to this. > > http://smithii.com/map_a_network_drive_over_ssh_in_windows > > I'm now in business. > > My next question is, can I have other users in my group map their own home > directories by using my smbd server that's running on my Linux box? > > I'm assuming I'd need to add the users to the smbpasswd file. > > But how does that all work? If I were to add another user and choose my > own password for that user, I'm assuming I can't just map his home drive and > have full privileges to it (which is not what I want). Does the smbpasswd > have to match the Linux password for the user? If not, wow else would it > grant proper access to files, if it would seem I can masquerade as this user > and use an smb password that is different from his own Linux password. > > Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: installing Samba as non-root user at work - please help.
Hi, I was able to actually get this to work! I successfully mapped my Linux home directory within Windows on a non-root smb install. I was able to get smbd to run OK with the non-standard ports. I then needed to do ssh tunneling to forward port 139 on a Windows Loopback Network device to the non-standard port of 1139 on my Linux box. I used a method similar to this. http://smithii.com/map_a_network_drive_over_ssh_in_windows I'm now in business. My next question is, can I have other users in my group map their own home directories by using my smbd server that's running on my Linux box? I'm assuming I'd need to add the users to the smbpasswd file. But how does that all work? If I were to add another user and choose my own password for that user, I'm assuming I can't just map his home drive and have full privileges to it (which is not what I want). Does the smbpasswd have to match the Linux password for the user? If not, wow else would it grant proper access to files, if it would seem I can masquerade as this user and use an smb password that is different from his own Linux password. Thanks On 9/21/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi, > > I've recently started at a new company that doesn't have a system in place > to map my Linux home directory within Windows. I have my own Linux box (a > recent Redhat install), and my own Windows XP PC. I will get no help from a > system admin here, so my only option is to try installing Samba myself on my > Linux box. To my surprise, I've found little or no information on > installing Samba as a non-root user. > > All I wish to achieve is being able to map my Linux home directory on my > Windows PC. > > We are on a Windows domain called "ENGINEERING". It's on > "engineering.company.com > " (where company is my real company's name). I have a username, lets say > "userpc", and a password, "passpc", on my PC. My linux machine is also part > of the " engineering.company.com" network, but I use a different username, > "userlinux", and password, "passlinux". > > I had no problems doing a local Samba install by changing the 'prefix' > during configure and install. It's at that point that I am lost what to do. > > > I have started by editing the smb.conf file, and allow host access only by > the ip address of my windows box. I also attempt to use a username map > file, since I'm using different usernames on my Windows PC and my Linux > box. It's not entirely clear to me what to do with regards to the > workgroup/domain. In some ways it'd be nice if I can just implement SMB > over TCP/IP and not worry about NT-Domains or Workgroups. > > Afterall, all I am trying to accomplish is to map my Linux home directory > to only one other computer, my Windows PC, on the same network. It'd be > nice if I could just kick off an smb server on my Linux box, and have my > windows box map the home directory by specifying the ip address of the linux > box and correct port. But perhaps such a setup, even for my simple > scenario, is not possible with Samba. > > Speaking of ports, I specify ports of 1445 and 1139 for smdb, since I > cannot use a port below 1024 without having root access. Similarly, I > attempt to use higher port when I start nmdb. > > I try to start both the smdb and nmdb daemons, but even that doesn't > appear to work correctly, as it appears that a non-root, local install is > not truly supported. At least not with more tinkering. > > From my log.smbd: > > [2007/09/19 17:00:16, 0] smbd/server.c:main(944) > smbd version 3.0.26a started. > Copyright Andrew Tridgell and the Samba Team 1992-2007 > [2007/09/19 17:00:16, 0] lib/debug.c:reopen_logs(625) > Unable to open new log file /usr/local/samba/var/log.smbd: No such file > or directory > [2007/09/19 17:00:16, 0] lib/debug.c:reopen_logs(625) > Unable to open new log file /usr/local/samba/var/log.smbd: No such file > or directory > [2007/09/19 17:00:16, 1] smbd/files.c:file_init(193) > file_init: Information only: requested 1 open files, 1004 are > available. > [2007/09/19 17:00:16, 0] > auth/auth_util.c:create_builtin_administrators(792) > create_builtin_administrators: Failed to create Administrators > [2007/09/19 17:00:16, 0] auth/auth_util.c:create_builtin_users(758) > create_builtin_users: Failed to create Users > > From my log.nmbd: > > [2007/09/19 16:44:02, 0] nmbd/nmbd.c:main(697) > Netbios nameserver version 3.0.26a started. > Copyright Andrew Tridgell and the Samba Team 1992-2007 > [2007/09/19 16:44:02, 0] lib/util_sock.c:set_socket_options(261) > Failed to set socket
Re: [Samba] Re: installing Samba as non-root user at work - please help.
On 9/21/07, Matt Seitz <[EMAIL PROTECTED]> wrote: > > <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > All I wish to achieve is being able to map my Linux home directory on my > > Windows PC. > > > > > > Speaking of ports, I specify ports of 1445 and 1139 for smdb, since I > cannot > > use a port below 1024 without having root access. > > Unless you want to do something fancy like SSH port tunneling, that won't > work. > The Windows CIFS/SMB client will only connect to port 139 and port 445. I'm willing to do what it takes :-) I'll wrestle with the client later. I'd first like to see that I can actually get the SMB server going on my Linux box. I can't see a way to map a drive letter from your Windows box to your Linux > box > without cooperation from someone with root access on the Linux box. If > your > Linux box supports SSH access, you could use a tool like WinSCP on your > Windows > box to copy files to and from your Linux box. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] moving from local profiles to roaming profiles
Hi, I'm runnung samba 3.0.24-6etch4 as PDC with local profiles in a 100% Windows XP environment (about 250 clients). Now I'd like to use samba's roaming profiles feature. I'v deployed "User Profile Hive Cleanup Service" on each client and plan to add the following entries to my smb.conf: [global] logon path = \\server\profile$\%U\%a [profile$] comment = Network Profiles Service path = /vol/profiles read only = no create mask = 0600 directory mask = 0700 Did I forget something or is there anything special to pay attention to (read something about cache files)? And is it possibility to start with a small number of users? If I understud the documentation correctly, the above configuration would affect to all users when log in/off the next time. Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] installing Samba as non-root user at work - please help.
Hi, On 9/22/07, Wolfgang Ratzka <[EMAIL PROTECTED]> wrote: > > Hi, > > > Speaking of ports, I specify ports of 1445 and 1139 for smdb, since I > cannot > > use a port below 1024 without having root access. Similarly, I attempt > to > > use higher port when I start nmdb. > > Even if this would work, you would be stuck with the problem of > convincing your windows system to talk to these ports. Lets assume I can get the windows system to specify the non-standard port number (perhaps using the common colon ":" notation). The facility is there in samba to use non-standard ports, so I have to imagine that someone has installed and run samba successfully as non-root and with non-standard ports. I guess I'm not willing to give up so easily. I suppose the first step is to correct those errors I was getting when running smdb and nmdb. Does anyone have any suggestions to resolve those? If I can at least get those to run with the non-standard ports, then I think I'd have a good chance of mapping the drive in Windows. > Given the information I've provided, and knowing that I do not have root > > access, can anyone provide any information to at least steer me in the > right > > direction? I greatly appreciate your help. > > Without root access you can pretty much give up on installing samba. If > your linux box allows ssh access, you might want to try something like > winscp to transfer your files from and to windows. I've used such tools, but it's no substitute for directly mapping my home directory as a windows drive. Thank you, Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] installing Samba as non-root user at work - please help.
Hi, I've recently started at a new company that doesn't have a system in place to map my Linux home directory within Windows. I have my own Linux box (a recent Redhat install), and my own Windows XP PC. I will get no help from a system admin here, so my only option is to try installing Samba myself on my Linux box. To my surprise, I've found little or no information on installing Samba as a non-root user. All I wish to achieve is being able to map my Linux home directory on my Windows PC. We are on a Windows domain called "ENGINEERING". It's on " engineering.company.com" (where company is my real company's name). I have a username, lets say "userpc", and a password, "passpc", on my PC. My linux machine is also part of the "engineering.company.com" network, but I use a different username, "userlinux", and password, "passlinux". I had no problems doing a local Samba install by changing the 'prefix' during configure and install. It's at that point that I am lost what to do. I have started by editing the smb.conf file, and allow host access only by the ip address of my windows box. I also attempt to use a username map file, since I'm using different usernames on my Windows PC and my Linux box. It's not entirely clear to me what to do with regards to the workgroup/domain. In some ways it'd be nice if I can just implement SMB over TCP/IP and not worry about NT-Domains or Workgroups. Afterall, all I am trying to accomplish is to map my Linux home directory to only one other computer, my Windows PC, on the same network. It'd be nice if I could just kick off an smb server on my Linux box, and have my windows box map the home directory by specifying the ip address of the linux box and correct port. But perhaps such a setup, even for my simple scenario, is not possible with Samba. Speaking of ports, I specify ports of 1445 and 1139 for smdb, since I cannot use a port below 1024 without having root access. Similarly, I attempt to use higher port when I start nmdb. I try to start both the smdb and nmdb daemons, but even that doesn't appear to work correctly, as it appears that a non-root, local install is not truly supported. At least not with more tinkering. >From my log.smbd: [2007/09/19 17:00:16, 0] smbd/server.c:main(944) smbd version 3.0.26a started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2007/09/19 17:00:16, 0] lib/debug.c:reopen_logs(625) Unable to open new log file /usr/local/samba/var/log.smbd: No such file or directory [2007/09/19 17:00:16, 0] lib/debug.c:reopen_logs(625) Unable to open new log file /usr/local/samba/var/log.smbd: No such file or directory [2007/09/19 17:00:16, 1] smbd/files.c:file_init(193) file_init: Information only: requested 1 open files, 1004 are available. [2007/09/19 17:00:16, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/09/19 17:00:16, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users >From my log.nmbd: [2007/09/19 16:44:02, 0] nmbd/nmbd.c:main(697) Netbios nameserver version 3.0.26a started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2007/09/19 16:44:02, 0] lib/util_sock.c:set_socket_options(261) Failed to set socket option SO_BROADCAST (Error Bad file descriptor) [2007/09/19 16:44:02, 0] nmbd/nmbd_subnetdb.c:make_subnet(107) nmbd_subnetdb:make_subnet() Failed to open dgram socket on interface 10.30.102.110 for port 138. Error was Permission denied [2007/09/19 16:44:02, 0] nmbd/nmbd.c:main(771) ERROR: Failed when creating subnet lists. Exiting. And even once I get these daemons up and running on my Linux box, it's not clear to me what I need to do on the Windows side to establish a connection. What port would I use, since I am not using the standard ports? Given the information I've provided, and knowing that I do not have root access, can anyone provide any information to at least steer me in the right direction? I greatly appreciate your help. Thank you, Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with two subnets
Hello A really annoying question. I'm managing a high school network with two WinXP subnets (192.168.1.X and 192.168.3.X). These subnets are linked by a SUSE 9.3 server with two network cards and a Samba server (version 3.0.12-5 SUSE) acting as PDC. The /etc/smb/smb.conf has next lines: wins support = yes hosts allow = 192.168.3. 192.168.1. 127.0.0.1 interfaces = 192.168.3.2/24 192.168.1.2/24 Now, for the problem: In the morning first hour, the first user must log on at a 192.168.3.X host. If I try first with a 192.168.1.X host, next message appears: --System cannot log you on because Domain x is not available--- Next, I log on at a 192.168.3.X host without any problem, and everything works OK in the two subnets for the rest of the day. Problem repeats netx day, and so on. I can't understand what's the matter. It seems that 192.168.3. subnet acts as a "starter" for the Samba server, but I don't know why. Please can anyone help me?? Thanks in advance. F. Latras Ahora también puedes acceder a tu correo Terra desde el móvil. Infórmate pinchando aquí. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: XFS and inherit permissions bug?
Hello I have the same setgid inheritance problem, Debian Etch with distro kernel & Samba package (2.6.18-5-686 & 3.0.24-6etch4). When a share is on a XFS partition the setgid bit is not inherited, when the share is on a EXT3 partition it works. Is someone using XFS and setgid? Any ideas? Blaž Primc a écrit : > > With XFS the setgid bit is not inherited by newly created directories > through Samba - eg. you connect to this share with Windows client and > create new directory. If I create a new directory in shell, directory > mode is inherited properly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: PDC: Windows xp sp2 reboots when login onto domain
On Saturday 04 August 2007 22:25:33 Rune Tønnesen wrote: > > your problem is not related to samba. > look at > http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/msgina.mspx > > -- > Rune Tønnesen > Best Regards > > This is a very important hint from Rune. I can tell you that I had exactly this problem with MSGINA.DLL as far back as Windows 95 & NT WS's logging in to NT Servers. Some Virus scanning software also used to replace the MSGINA.DLL with its own login ??GINA.DLL. At that time the solution was exactly that described by the M$ Technet link. Have you perhaps installed some software that replaced the original MSGINA.DLL? To check, take a new installation and copy the original MSGINA.DLL to MSGINA-ORIG.DLL, and proceed as you did with the present 2 systems you have. When they start rebooting again, check if the two **GINA.DLL's are still the same. I would have thought M$ could have sorted this problem out by now, a decade later. :-) Al -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dfs problems addressed in 3.0.25b?
Doesn't sound like a Samba bug to be honest. Have you looked into MS DFS bugs ? What filesystem are you running this on ? Jeremy. . This is running on FreeBSD 6.2 - UFS. I never had the problem before upgrading to 3.0.25a and aside from the obligatory 'msdfs root = yes' change, my samba config is the same as before. I know it could just be coincidence - but the fact that someone else (Volker Kindermann) also appears to relate this issue to the 3.0.25a version does suggest to me that a Samba bug is at least likely. I'm trawling the MS kb now regarding DFS anyway.. nothing looks relevant so far.. but I'll keep looking for some clues. Cheers, Julian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dfs problems addressed in 3.0.25b?
Jeremy Allison wrote: On Wed, Jul 04, 2007 at 05:31:20AM +, [EMAIL PROTECTED] wrote: Is the issue below addressed in 3.0.25b? (no freebsd port available yet so I'm still at 3.0.25a) I can't see anything specifically about this in the release notes. I just want to add that I've also seen this behaviour on a windows xp x64 client. It's a pretty serious problem.. so I'm also thinking I may have to revert to an earlier version if it doesn't look like a fix is in the works.. This has not been reproducible as far as I know. Can you create a reproducible test case ? Jeremy. Reproducing it is likely to be tricky - because it's intermittent. It happens maybe every few days for me. This configuration exhibits the behaviour: smb.conf [global] workgroup = SOMEDOMAIN netbios name = dfsserver host msdfs = yes server string = "FreeBSD - Samba %v - DFS" guest account = nobody guest ok = yes inherit permissions = yes create mask = 0777 directory mask = 0777 unix extensions = no follow symlinks = yes wide symlinks = yes [net] read only = no path = /dfs/net msdfs root = yes inherit permissions = yes browseable = yes [ops] read only = no path = /dfs/ops msdfs root = yes inherit permissions = yes browseable = yes in the folder: /dfs/net/machinename > ln -s msdfs:machinename.somedomain.com\sharename sharename now: \\dfsserver\net\machinename\sharename\problemfolder may after some unknown period.. display the same listing as: \\dfsserver\net\machinename\sharename\ \\dfsserver.somedomain.com\net\machinename\sharename\problemfolder might however show the correct listing. The duplication is not infinitely recursive.. ie \\dfsserver\net\machinename\sharename\problemfolder\problemfolder shows the normal listing that should be at \\dfsserver\net\machinename\sharename\problemfolder I just did more opening and closing of explorers and browsing back and forth... and for the first time I've seen two folders (under the same parent) simultaneously showing the wrong listing. To further complicate.. It may be related to the fact that under a separate share on the dfsserver there is also a link (this time to a point beyond the destination share): /dfs/ops >ln -s msdfs:machinename.somedomain.com\sharename\siblingofproblemfolder siblingofproblemfolder ie an alternative way to get to a sibling of the problem subfolder(s) so the following are equivalent: \\dfsserver.somedomain.com\ops\siblingofproblemfolder \\dfsserver.somedomain.com\net\machinename\sharename\siblingofproblemfolder JN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] dfs problems addressed in 3.0.25b?
Is the issue below addressed in 3.0.25b? (no freebsd port available yet so I'm still at 3.0.25a) I can't see anything specifically about this in the release notes. I just want to add that I've also seen this behaviour on a windows xp x64 client. It's a pretty serious problem.. so I'm also thinking I may have to revert to an earlier version if it doesn't look like a fix is in the works.. Cheers, Julian - Original Message - From: "Volker Kindermann" <[EMAIL PROTECTED]> To: Sent: Monday, June 11, 2007 8:21 AM Subject: [Samba] dfs problems in 3.0.25a after client reboot and remapping We restored to 3.0.23d after update to 3.0.25a because of strange dfs behavior. the detailed situation: on msdfs root server 'samba' ls -lR dfsroot/: drwxr-xr-x appl1 dfsroot/appl1 lrwxrwxrwx share1 -> msdfs:server1\share1 [dfs] comment = "SaMBa DFS root" path = /path.../dfsroot # next line does not work prior 3.0.25 !!! # hide unreadable = Yes msdfs root = Yes on 'server1' ls -lR share1: drwxrws--- folder1 drwxrws--- folder2 [share1] path = /path.../share1 valid users = +opr force group = opr printable = no writeable = yes inherit permissions = Yes The failing clients are Windows Server 2003 SP1 with Citrix MetaFrame Presentation Server 4.0 rebooted after update to 3.0.25a. The first view (windows explorer) after the update is ok \\samba\dfs\appl1\share1\folder1 But after a while (maybe other citrix users mapping \\samba\dfs in the meantime ...) the view from the same connection looked like \\samba\dfs\appl1\share1\folder1\folder1 causing applications to fail Standard WinXP clients had the same strange folder duplication, but seemed to behave ok after remapping and reboot. The Problem looks simular like the one reported by Josh Kelley (Jun 4) 'msdfs root problems even after a reboot?' Any help appreciated Volker Kindermann I can't help - but I can confirm I seem to be seeing the same problem with a FreeBSD 6.2 dfs server and win2k client. It's not just a duplication of folder1 it's a more confusing rearrangement that breaks access to paths under the original folder1 It's as if share1 is duplicated under itself using the name folder1. taking the example above: \\samba\dfs\appl1\share1\folder1\folder1 the first folder1 actually has the same listing as share1.. the files that were originally at \\samba\dfs\appl1\share1\folder1 are now down at \\samba\dfs\appl1\share1\folder1\folder1 the folder1 in my situation has siblings that don't exhibit this problem.. but perhaps the difference is that folder1 happens to be the one I use most. Julian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: problem after update 3.0.22 -> 3.0.24 [SOLVED]
The unix groups are no longer automgically mapped to windows domain groups. So I had simply top add all the necessary unix group to the list of windows domain groups by: $>groupmap add ntgroup=$group unixgroup=$group type=d Witch groups have you added? The mapped group should be still exists in the new samba installation On our server all the previously groups seems correctly mapped again with the new samba. There are only some difference: in 3.0.14 some unused groups are mapped to a single number System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 but with the new samba 3.0.24 this groups disappears from the "net groupmap list" output. These group are not necessary and nobody use them. The main groups are mapped correctly Domain Guests (S-1-5-21-64X-514) -> msguests Domain Users (S-1-5-21-64X-513) -> msusers Domain Admins (S-1-5-21-64X-512) -> msadmins Alessandro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem after update 3.0.22 -> 3.0.24
Have you got a backup of the tdb files? I had a lot of problems to upgrade to the etch (samba 3.0.24) from samba sarge (3.0.14): http://groups.google.com/group/linux.samba/browse_thread/thread/c896d5ea25a72341/5183303468c3a0be?lnk=gst&q=etch+alessandro&rnum=1#5183303468c3a0be the tdb backup files was the only way to get samba works again I'm continuing to try the upgrade, last week end I tried the 2.0.25a compiling it from source, but I had the same problems. Every time I downgrade samba and replace the tdb files Alessandro Original Message From: Carsten John <[EMAIL PROTECTED]> To: samba@lists.samba.org Subject: [Samba] problem after update 3.0.22 -> 3.0.24 Date: Mon Jun 25 2007 10:34:04 GMT+0200 (CEST) Hello everybody, we were running into trouble after upgrading our samba PDC to a new hardware (and a new debian release). Before the upgrade we used 3.0.22 on a debian sarge machine without problems. Moving the installation to a new machine with debian etch (amd64, samba 3.0.24-6etch4) worked good at the first look. A closer look shows the following problems: - a domain member server (samba 3.0.22) can't be accessed any more. The samba on the PDC are showing a succeeding auth request for the user, but the windows box claims access rights problems. This is a minor problem, as we could temporarily go around that by mounting the necessary filesystem via NFS to the PDC and exporting them from there. - our logon script (which uses ifmember.exe to check the group membership of the user for printer mapping) does not work any more. Testing "ifmember.exe /list" directly at the windows command line shows that group memberships are not reported any more. - additionally some users are reporting problems accessing shares with special access groups (couldn't really verify that so far) Last night I tested the following steps go fix the problem - without success :-( - upgraded to 3.0.25 packages from sernet (same problems) - compiled and installed 3.0.22 on the machine to downgrade. smbd now claims unknown version of passdb.tdb. Obviously the 3.0.24 smbd upgraded the file format, that is now unreadable for the old samba daemon. So far we don't have any netgroup mappings on the server, as they didn't have been necessary in the past. Any help would be really appreciated, as I could not play around with the server so much b'cause it's a highly used production system. Thanks Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re:[Samba] problem after update 3.0.22 -> 3.0.24
Have you got a backup of the tdb files? I had a lot of problems to upgrade to the etch (samba 3.0.24) from samba sarge (3.0.14): http://groups.google.com/group/linux.samba/browse_thread/thread/c896d5ea25a72341/5183303468c3a0be?lnk=gst&q=etch+alessandro&rnum=1#5183303468c3a0be the tdb backup files was the only way to get samba works again I'm continuing to try the upgrade, last week end I tried the 2.0.25a compiling it from source, but I had the same problems. Every time I downgrade samba and replace the tdb files Alessandro -- Leggi GRATIS le tue mail con il telefonino i-mode di Wind http://i-mode.wind.it/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] whats the diffrence between sambaNTPassword and userPassword
Hello List, whats the diffrence of sambaNTPassword and userPassword? I guess they have a diffrent hash, but why? And do they both get updated if the user changes his password? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA in CentOS 5
devel pisze: Hello, After patient, I see that can only use samba if the directory is in the same partition of /. Anyone know if Samba have problems sharing directories in other partitions different of / or problems using home directory in different partition? Maybe try off selinux for samba deamon or create new policy ... My 1 cent Irens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] more than smbldap
Hello, Luis Daniel Lucio Quiroz schrieb: Hi Mario, I have a proyect at www.linuxchange.com that is what you want. Take a look. It does look very intresting! Although i am quite confused. Is the project opensource? Is there some sort of installer? Do you have to subscribe and log in in order to download the documentation? Thanks, Mario Regards, LD Le Thursday 24 May 2007 03:40:51 [EMAIL PROTECTED], vous avez écrit : Hello List, I set up a samba pdc with ldap, smbldap-tools about one year ago. Now i would like to extend it with OX, squid, etc... After checking out the LDAP Directory tree i was wondering what the Organisation Units "DSA" and "ldmap" are good for? My current tree looks like this: dc=example,dc=com + ou=Computers + ou=DSA + ou=Groups + ou=Idmap + ou=Users + sambaDomainName=MyDomain I also had a look at Collax?s PDC and they even have an additional PosixGroup. Their tree looks like this: dc=example,dc=com + ou=ABook + ou=groups + ou=Infrastructure + ou=people + ou=posixgroups + sambaDomainName=MyDomain Any idea why they have "groups" and "posixgroups"? If i would like to add other services than samba, would a directory tree like Collax has make more sense than my current "samba-only" tree? Or should i stick to the smbldap-Tree to be able to use the smbldap tools, or can they be easily adjusted? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] more than smbldap
Hello List, I set up a samba pdc with ldap, smbldap-tools about one year ago. Now i would like to extend it with OX, squid, etc... After checking out the LDAP Directory tree i was wondering what the Organisation Units "DSA" and "ldmap" are good for? My current tree looks like this: dc=example,dc=com + ou=Computers + ou=DSA + ou=Groups + ou=Idmap + ou=Users + sambaDomainName=MyDomain I also had a look at Collax?s PDC and they even have an additional PosixGroup. Their tree looks like this: dc=example,dc=com + ou=ABook + ou=groups + ou=Infrastructure + ou=people + ou=posixgroups + sambaDomainName=MyDomain Any idea why they have "groups" and "posixgroups"? If i would like to add other services than samba, would a directory tree like Collax has make more sense than my current "samba-only" tree? Or should i stick to the smbldap-Tree to be able to use the smbldap tools, or can they be easily adjusted? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Anyone? :o) Re: [Samba] Samba LDAP Directory Tree details
[EMAIL PROTECTED] schrieb: Hello List, i have set up a samba pdc with ldap, smbldap-tools about one year ago. Now i would like to extend it with OX, squid, etc... After checking out the LDAP Directory tree i was wondering what the Organisation Units "DSA" and "ldmap" are good for? My current tree looks like this: dc=example,dc=com + ou=Computers + ou=DSA + ou=Groups + ou=Idmap + ou=Users + sambaDomainName=MyDomain I also had a look at Collax´s PDC and they even have an additional PosixGroup. Their tree looks like this: dc=example,dc=com + ou=ABook + ou=groups + ou=Infrastructure + ou=people + ou=posixgroups + sambaDomainName=MyDomain Any idea why they have "groups" and "posixgroups"? If i would like to add other services than samba, would a directory tree like Collax has make more sense than my current "samba-only" tree? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba LDAP Directory Tree details
Hello List, i have set up a samba pdc with ldap, smbldap-tools about one year ago. Now i would like to extend it with OX, squid, etc... After checking out the LDAP Directory tree i was wondering what the Organisation Units "DSA" and "ldmap" are good for? My current tree looks like this: dc=example,dc=com + ou=Computers + ou=DSA + ou=Groups + ou=Idmap + ou=Users + sambaDomainName=MyDomain I also had a look at Collax´s PDC and they even have an additional PosixGroup. Their tree looks like this: dc=example,dc=com + ou=ABook + ou=groups + ou=Infrastructure + ou=people + ou=posixgroups + sambaDomainName=MyDomain Any idea why they have "groups" and "posixgroups"? If i would like to add other services than samba, would a directory tree like Collax has make more sense than my current "samba-only" tree? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Centos4 x86_64 upgrade from samba sernet 3.0.24 to sernet 3.0.25
[EMAIL PROTECTED] pisze: Hi. I have problems, when upgraded from samba sernet 3.0.24 to 3.0.25 (too early ?): 1) always must change password, when log in to windows XP professonall - samba 3.0.25 PDC - password expired 2) I can't browse widnows network on client machine - network broswer in WinXP don't respond - just hangs 3) I cann't priny any more to printers attached to another widnows machines connected to samba 3.0.25 PDC What is going on ? it's production system, probably i will switch to 3.0.24 again. Bye Irens I'm back with 3.0.24. The newest 3.0.25 seems to be broken ... Irens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Centos4 x86_64 upgrade from samba sernet 3.0.24 to sernet 3.0.25
Hi. I have problems, when upgraded from samba sernet 3.0.24 to 3.0.25 (too early ?): 1) always must change password, when log in to windows XP professonall - samba 3.0.25 PDC - password expired 2) I can't browse widnows network on client machine - network broswer in WinXP don't respond - just hangs 3) I cann't priny any more to printers attached to another widnows machines connected to samba 3.0.25 PDC What is going on ? it's production system, probably i will switch to 3.0.24 again. Bye Irens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ldapi socket
Hello List, i was wondering where ubuntu gets its /var/run/ldapi socket from? I am trying to run samba with "passdb backend = ldapsam:ldapi://%2fvar%2frun%2fldapi/" Any hint or idea is welcome :) Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] slightly OT: LDAP Server
Hello List, we are currently looking for a Ubuntu server setup (ideally v. 6.06) with authentication and authorisation based on OpenLDAP for all services. The needed services are Samba (PDC), Apache (htaccess), Squid, OpenXchange, NIS. Does someone have such a setup and is willing to share? We don´t want to reinvent the wheel since time is money :) I am looking forward for your reply. :o) Regards, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Out of control smbd process
On Tue Aug 21 9:32 , Aaron Browne sent: >Although I have seen this on Solaris 9 running Samba 3.0.10, we >have recently upgraded to Solaris 10 running Samba 3.0.23a. > >prstat/top shows a single smbd process out of control and this >message is flooding the log. > >[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019) > select returned -1, errno = Invalid argument (22) >[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019) > select returned -1, errno = Invalid argument (22) >[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019) > select returned -1, errno = Invalid argument (22) >[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019) > select returned -1, errno = Invalid argument (22) >[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019) > select returned -1, errno = Invalid argument (22) >[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019) > select returned -1, errno = Invalid argument (22) > >Samba is supporting users coming from a Terminal Server 2000 environment >and therefore causes a DOS for users sharing that Terminal Server >connection to Samba. This issue was occurring approx 2-3 times a week for us. Symptoms are as described above. My fellow Unix admin ran a Solaris pfiles against the out of control Samba process and found that it had the same file open quite a number of times. Sometimes it was 50 times and other times it was more. The file that was being opened is shared heavily amongst a group of users on the same server. On a hunch we put this entry into the share that was causing the problem. veto oplock files = /Menu.xls/ The issue has not come back since. Cheers, Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc issue
w_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/04/21 17:39:16, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) Doing spnego session setup [2007/04/21 17:39:16, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/04/21 17:39:16, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) Got user=[] domain=[] workstation=[GUESTPC22] len1=1 len2=0 [2007/04/21 17:39:16, 6] param/loadparm.c:lp_file_list_changed(3006) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 21 17:10:26 2007 [2007/04/21 17:39:16, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user []\[] from workstation [GUESTPC22] [2007/04/21 17:39:16, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/04/21 17:39:16, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/04/21 17:39:16, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/04/21 17:39:16, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/04/21 17:39:16, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/04/21 17:39:16, 5] auth/auth_util.c:is_trusted_domain(2020) is_trusted_domain: Checking for domain trust with [FRIGEL] [2007/04/21 17:39:16, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(339) secrets_fetch failed! [2007/04/21 17:39:16, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/21 17:39:16, 10] lib/gencache.c:gencache_get(329) Cache entry with key = TDOM/FRIGEL couldn't be found [2007/04/21 17:39:16, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain FRIGEL found. [2007/04/21 17:39:16, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for () [2007/04/21 17:39:16, 5] auth/auth_util.c:make_user_info(85) making strings for 's user_info struct [2007/04/21 17:39:16, 5] auth/auth_util.c:make_user_info(117) making blobs for 's user_info struct [2007/04/21 17:39:16, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for () [2007/04/21 17:39:16, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/04/21 17:39:16, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2007/04/21 17:39:16, 10] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by random [2007/04/21 17:39:16, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2007/04/21 17:39:16, 5] lib/util.c:dump_data() [000] 12 38 D4 74 E2 90 AD 76 .8Ôtâ.v [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 33) -> 33 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 23) -> 23 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 16) -> 16 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 22) -> 22 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 34) -> 34 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 38) -> 38 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 49) -> 49 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 41) -> 41 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 15) -> 15 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 40) -> 40 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 32) -> 32 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 36) -> 36 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 38) -> 38 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 38) -> 38 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 16) -> 16 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 23) -> 23 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_unpack(635) tdb_unpack(ddff, 48) -> 48 [2007/04/21 17:39:16, 11] passdb/pdb_get_set.c:pdb_get_init_flags(227) element 3: DEFAULT [2007/04/21 17:39:16, 11] passdb/pdb_get_set.c:pdb_get_init_flags(227) element 1: DEFAULT [2007/04/21 17:39:16, 11] passdb/pdb_get_set.c:pdb_get_init_flags(227) element 4: DEFAULT [2007/04/21 17:39:16, 11] passdb/pdb_get_set.c:pdb_get_init_flags(227) element 2: DEFAULT [2007/04/21 17:39:16, 10] lib/account_pol.c:account_policy_get(340) account_policy_get: name: password history, val: 10 [2007/04/21 17:39:16, 18] tdb/tdbutil.c:tdb_pack_va(480)
Re: [Samba] Samba -> WinXP: slow transfers, partial solution
I have slow transfer from my samba serwer, casue my HDD wasn't running in UDMA mode, only in PIO, beside this a installed CentOS 4 and all 2 disks are running in UDMA mode and there isn't a issue with network speed between WINXP SP2 and samba serwer. Maybe check yours HDD too ? Cheers, I.Piasecki Charles Marcus pisze: I'm running Samba 3.0.24 as PDC and file server on Gentoo Linux, AMD64, 2.6.19 kernel, 100MBit/s network, and experience quite slow file transfers from Samba to WinXP SP2 clients: the speed is varying, but is about 1-2Mb/s at best. I'm assuming for the rest of this that you mean MB/sec not Mb/sec when referencing transfer speeds... b) Transfering to/from Samba server from Gentoo Linux on the same PC where WinXP is installed (so, completely the same hardware and connection) is also at normal speed. So, you are running something in a VM? c) Transferring to/from WinXP to the server where Samba is installed using any other protocol (such as HTTPS or SCP) is also at normal speed. Define 'normal'... 2) CPU is at almost idle level both at client and server, so it's not the issue. 3) If there is any other network activity, transfer speed is increased up to normal level: f.e. doing two simulteneous transfers from Samba server to WinXP client gives 5Mb/s at each transfer, as expected. Again, define 'normal'? 100Mb network connections should give @ 12MB/sec transfer speeds, no? So 5MB/sec speeds are certainly not 'normal'. 4) Running tcpdump on server while the transfer is performed improves transfer speed in about 1.5 - 3 times, but still not to the normal speed. TCP dumps are fine, but you neglected to provide the most important thing for initial troubleshooting assistance: where is your config? 5) Playing with "socket options" does not give any results. Modern linux kernels (2.6+) do *not* need to have these values tuned, so it is recommended to not set them *at* *all*. Just delete these entries. Specifically, using advices from the article http://www.dd.iij4u.or.jp/~okuyamak/Documents/tuning.english.html about SO_SNDBUF does not improve situation (but read below). Well, since this article is dated from 2000, I don't think I'd trust it much. 6) tcpdump + tcptrace show that there are a lot of retransmissions, see dumps below. 7) I've tested several WinXP clients with different hardware, all with the same results. What about the NIC on the Samba server? If all clients are affected the same, then that is the NIC you should focus on (if it is indeed a hardware issue). 8) Samba logs looks normal to me, nothing special. Points (3) and (5), and also the article about SO_SNDBUF tuning gave me an idea that there might be smth wrong with ACKs sent from WinXP. I think you need to go back to square one, and start over, but with up to date references - like the excellent 'Samba-3 By Example' and/or 'The Official Samba-3 HOWTO and Reference Guide'. It seems that I'm not the only one who have similar problems: see BUGs 2117 and 3706 in Bugzilla, and discussion at Gentoo mailing list: http://forums.gentoo.org/viewtopic-p-2820556.html This too is an old(er) thread - and it specifically mentions switching from smbfs to cifs as the best solution... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Use of cache_peer login=username:password
Oops, sorry, wrong mailing list! Ian On Thu Apr 5 9:08 , "[EMAIL PROTECTED]" sent: >I'm running squid 2.6.11 on FreeBSD with a parent cache that requires >authentication in order to access any web sites. >It's been suggested to us by the department that runs the upstream cache that >we >can make some sites accessible without the client having to authenticate by >getting our local squid to supply the username & password to the upstream cache >for those sites. >It users the cache_peer login= syntax. >Unfortunately, the configuration they sent me doesn't work - I get the >following >error:"FATAL: ERROR: cache_peer xxx.xxx.xxx.xxx specified twice". > >Here is the relavent section of squid.conf (IP address, username & password >have >been removed!) > >#Define acl for all source addresses >acl rest src 0.0.0.0/0.0.0.0 ># >#Define acl for proxy bypass addresses (squid does authentication for these) >acl safe dstdomain "/usr/local/etc/squid/safe.conf" >#Supply username & password for sites defined in safe.conf >cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query >login=username:password >cache_peer_access xxx.xxx.xxx.xxx allow safe >cache_peer_access xxx.xxx.xxx.xxx deny rest >#Require authentication for all other sites >cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=PASS >cache_peer_access xxx.xxx.xxx.xxx deny safe >cache_peer_access xxx.xxx.xxx.xxx allow rest > >Can anyone suggest a way to implement this that gets around the duplicate >cache_peer problem? > >Cheers, >Ian > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Use of cache_peer login=username:password
I'm running squid 2.6.11 on FreeBSD with a parent cache that requires authentication in order to access any web sites. It's been suggested to us by the department that runs the upstream cache that we can make some sites accessible without the client having to authenticate by getting our local squid to supply the username & password to the upstream cache for those sites. It users the cache_peer login= syntax. Unfortunately, the configuration they sent me doesn't work - I get the following error:"FATAL: ERROR: cache_peer xxx.xxx.xxx.xxx specified twice". Here is the relavent section of squid.conf (IP address, username & password have been removed!) #Define acl for all source addresses acl rest src 0.0.0.0/0.0.0.0 # #Define acl for proxy bypass addresses (squid does authentication for these) acl safe dstdomain "/usr/local/etc/squid/safe.conf" #Supply username & password for sites defined in safe.conf cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=username:password cache_peer_access xxx.xxx.xxx.xxx allow safe cache_peer_access xxx.xxx.xxx.xxx deny rest #Require authentication for all other sites cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=PASS cache_peer_access xxx.xxx.xxx.xxx deny safe cache_peer_access xxx.xxx.xxx.xxx allow rest Can anyone suggest a way to implement this that gets around the duplicate cache_peer problem? Cheers, Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hello Helmut, Am Mittwoch, den 04.04.2007, 08:55 +0200 schrieb Helmut Hullen: > Hallo, Marcus, > > Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins: > > >>> test "$RESULT" -eq 1 || exit 1 > >>> --- > > >> That's no good idea. > >> Try > >> > >> test "$RESULT" -eq 0 > >> > >> Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 > >> or higher. > > > Hmmm, if the value of RESULUT is not 1 or higher, > > That's the DOS way ... > > > the scipt has to "exit 1" (not ok), which is correct, because in this > > case the same userid tries to connect from different IPs. > > Your script returns with 1 also if $RESULT is 0. > My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the > last line in the script). Okay, let's finish this 1 or 0 result question, because this is not the main problem. The preexec parameter thing does not solve the problem of denying multiple logins. The user is still able to login, but no shares are mounted. And as I wrote in of my last emails, windows reconnects its shares every few minutes. In this case, the script doesn't know anymore which client PC was the user's first and therefore the script is blocking all client PCs, the first client and all following clients (of the user). To avoid this one has to set lock files with username and IP. These lock files could be removed with the postexec parameter. But what happens if a client PCs crashes and doesn't disconnect its shares? The postexec command will not run and if the user tries to connect from a different machine (or his machine is getting a new IP by dhcp after restart), the existing lock file is blocking the complete user. Any other ideas? Did nobody solve this problem? Ciao, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Am Dienstag, den 03.04.2007, 21:47 +0200 schrieb Helmut Hullen:
> Hallo, Marcus,
>
> Du meintest am 03.04.07 zum Thema Re: [Samba] deny second or multiple logins:
>
> > RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1 | awk '{print
> > $5}' | uniq | wc -l)
>
> > test "$RESULT" -eq 1 || exit 1
> > ---
>
> That's no good idea.
> Try
>
> test "$RESULT" -eq 0
>
> Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or
> higher.
Hmmm, if the value of RESULUT is not 1 or higher, the scipt has to "exit
1" (not ok), which is correct, because in this case the same userid
tries to connect from different IPs.
Ciao!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hi,
Am Montag, den 02.04.2007, 14:33 +0200 schrieb Helmut Hullen:
> Hallo, Marcus,
>
> Du (lists) meintest am 02.04.07:
>
> >>> http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/Advanced
> >>> NetworkManagement.html#id386516
>
> > my script:
>
> > preexec script = /path/PermitSingleLogon.sh '%U'
> > preexec close = Yes
[...]
The block mechnism itself ist working fine. I use this scipt to check if
there are connects to a share with the same userid form differnet IPs:
---
RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1 | awk '{print
$5}' | uniq | wc -l)
test "$RESULT" -eq 1 || exit 1
---
But it seems, that windows reconnects the shares every few minutes. In
this case, the script doesn't know anymore which client PC was first and
is blocking both client PCs, the client first and all other clients :-(
Ciao,
Marcus
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hei,
Am Sonntag, den 01.04.2007, 20:28 +0200 schrieb Thomas Bork:
> Freitas wrote:
>
> > You can try here.
> > http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id386516
> >
>
> Sorry for being so stupid but how should this working?
I think the scipt is just an idea how to handle this problem. Here is my
script:
preexec script = /path/PermitSingleLogon.sh '%U'
preexec close = Yes
--
#!/bin/bash
RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1)
if [ "X${RESULT}" == X ]; then
exit 0
else
exit 1
fi
--
But I still don't know how to combine this script with my existing logon
script.
Ciao,
Marcus
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Am Sonntag, den 01.04.2007, 16:10 +0200 schrieb Helmut Hullen: > Hallo, Marcus, > > Du (lists) meintest am 01.04.07: > > > I'd like to deny multiple logins to a samba domain. I already > > searched the archive and found some threads about it. This one seems > > to be a good idea: > > > http://lists.samba.org/archive/samba/2006-April/119867.html > > > Does anyone know where to find such scipt examples? > > What about "max connections" for the desired shares? But then the user is already logged in :-) The user should be stoped one step before. Ciao! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hi, Am Sonntag, den 01.04.2007, 10:49 -0300 schrieb Freitas: > > I'd like to deny multiple logins to a samba domain. I already searched > > the archive and found some threads about it. This one seems to be a good > > idea: > > > > http://lists.samba.org/archive/samba/2006-April/119867.html > > > > Does anyone know where to find such scipt examples? > > You can try here. > http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id386516 Ah, great link. I was playing with smbstatus in these minutes :-) I'd like to put the preexec script paramteter to global or to netlogon section, not to a user's share section. What's best location?. At my netlogon section there is already the following line to create dynamic login scripts: root preexec = /usr/local/bin/make_logon_script '%m' '%U' '%a' '%g' '% L' How do I combine these two lines? The script PermitSingleLogon.sh should be executed before my old make_logon_script and if the return is 1 the login process should be aborted completely. Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] deny second or multiple logins
Hi, I'd like to deny multiple logins to a samba domain. I already searched the archive and found some threads about it. This one seems to be a good idea: http://lists.samba.org/archive/samba/2006-April/119867.html Does anyone know where to find such scipt examples? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba groupware integration
Hi, I'd like to install a groupware server in our institute and looking for a software, which connects samba and the groupware server, for example for authentication (may be LDAP) and (more importent) to see the samba shares (user and groups) in the groupware web-front-end. I've talked this week to the open-xchange people at CeBit, and if I understud them right, the samba integration is not opensource. Any other ideas or experiences? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Server Does Not Appear In My Network Places
We have two RHEL 4 servers with Samba configured and running. The Samba configurations are basically identical (obvious revisions made). The first server appears in My Network Places under Entire Network/Microsoft Windows Network/Workgroup, the second does not. The reason for this may help explain another issue we're facing. Can someone tell me why the one server would not appear in My Network Places the same as the other? Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Authentication Using Novell eDirectory via LDAP
Hello, We have a RHEL 4 Update 4 server that was configured to store its Samba passwords in eDirectory via LDAP. This was accomplished by adding the following three lines to the [Global] section of smb.conf: ldap admin dn = cn=admin,o=budget ldap suffix = o=budget passdb backend = ldapsam:ldaps://SERVER_NAME:636 After adding the lines and saving the file the admin password is stored using smbpasswd -w, the /etc/samba/smbpasswd was renamed to old_smbpasswd, and the smb service is started. This worked as desired, allowing Samba user passwords to be stored in the corresponding user's eDirectory user object. An additional effect, although I'm not sure if it was expected or not, is that the password can be changed by the Novell Change Password facility available by doing a Ctrl+Alt+Del from a user's Windows workstation. The server appears as a available resource, and the password can be changed along with changing the Novell password, keeping them in sync. As we were not ready to permanently effect this change we undid everything, removing the three lines and renaming the smbpasswd back to its original name. What is unexpected is that we can now change the Samba passwords being stored in /etc/samba/smbpasswd using the same Novell Change Password facility. While that's not necessarily a bad thing, I appreciate anyone who can explain why it is working. What we're stumped by is we've now set up a second RHEL 4 server that we believe we've set up identically to the original, and it does store the Samba password in eDirectory, but we don't see the server in the Novell Change Password facility so that our users can change their own Samba passwords. It's been four months between implementations, and while we documented the process, perhaps we forgot something. Does anyone know why this is not working for our second server, or what we may have forgotten to do? Our full smb.conf file follows. The only thing I would point out is we copied the file from the other server, changing only the SERVER_NAME, and the name of the first share definition [NEWSAS]. We did not change the idmap uid or gid--is that a problem? [global] dns proxy = no encrypt passwords = yes workgroup = workgroup security = user idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no ldap admin dn = cn=admin,o=budget ldap suffix = o=budget passdb backend = ldapsam:ldaps://SERVER_NAME:636 [NEWSAS] comment = new sas server path = / read only = no valid users = sukmcgl browseable = yes hosts allow = 127.0.0.1 10.57. guest ok = no [homes] comment = Home Directories valid users = %S browseable = no guest ok = no read only = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 8.3 short names question
Dave Abouav pisze: I have a Samba server installed on FreeBSD (latest releases of both), and an old Windows application that uses the 8.3 short names in directory listings. I have the problem that the 8.3 file names returned are quite strange, and hardly resemble the originals. Some examples: "Hy Energy" -> "HIl81N~K" "5700_files" -> "5s2IOA~P" "KWJ ENG" -> "KA7YD3_N" "CPS-100" -> "" (blank) I used an Ethereal trace to verify that these are indeed the short file names coming from the server (in the Trans2 FindFirst2 response). This seems to affect both directory names and files. I have no problems with long file names. The files were originally created on a Windows PC, and were then copied to my FreeBSD machine by putting them onto an external USB hard drive, and then mounting this hard drive on the FreeBSD box. Any idea why the 8.3 names are so weird? Is this typical for Samba now? I can open the files no problem, but it will be a pain for my engineer to figure out which file is which. Thanks, Dave HI. I have exactly the same problem, but i use samba with linux Any infos are welcome ! Irens. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ntlogon.conf
Hey Everyone... I'm hoping this is an easy one. I am using the ntlogon scripts that come with the samba examples (ntlogon.py and ntlogon.conf). It's working fine, except for one thing. I'm trying to set entries up for the groups "Domain Admins" or other groups with spaces in the name. The example that comes with it shows ... [Group-admins] I tried the following... [Group-Domain Admins] [Group-"Domain Admins"] but neither seemed to work. Anyone know to get this working correctly for groups which have spaces in the name? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Gentoo+OpenLDAP+Gentoo
Hey All, I'm trying to get a gentoo server setup running as a PDC for my office that I work for. I have followed the following HOWTO exactly... http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC and on step 4-4.2 (http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC_Basic_Evaluation#Join_It.21) it fails. I have followed everything from that HOWTO exactly, although I did have to add one single change... When I got to the step where I'm supposed to start samba, it was failing. By doing some research online, I found that I needed to add the following line into the /etc/samba/smb.conf file. winbind nested groups = no When I tried to start samba the first time, it kept failing. When I did some research, I found a forum which said that fixed he problem... and it indeed did. The problem I am having right now, so that the windows system following step 4-4.2 does not work. I get an error back... --- Start Error Your computer could not be joined to the domain because of the following error has occured: The user name could not be found. --- End Error If I log in and just try to access the fileshares, it works fine. I can see my home directory fine, but when trying to join the domain, it fails. ode On the PDC I am running wireshark and I can see the "SAM LOGIN" requests, but something weird I found with them was that the User Name: field in the packet was either the machine name "TESTINGBOX$" or it was blank. If never passed the user name I entered "cjamieson". The domain/workgroup I am using is set to "borran" The test user I added is "cjamieson" The samba NETBIOS name is "PDC" I am running this in VMWare to evaluate how well of solution samba+ldap is for our office. So far I have been getting no help from #samba on freenode, so I was suggest by #samba-technical to contact the mailing lists. Does anyone have experiance with this, or have some information which could help me get this figured out? Please and Thank you VERY much to anyone who can help. Colton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] directory mask and vfs object recycle
Hi, I'm using vfs object recycle with samba 3.0.14a on Debian sarge and can't figure out, why the trash folder is created with the rights drwx-- 3 admin2 admin 4096 2007-02-06 17:49 Trash and not with the directory mask 0775. [vol] comment = share vol path = /vol/ create mask = 0664 force create mode = 0664 force group = admin directory mask = 0775 writable = Yes browseable = No valid users = @admin write list = admin1, admin2, admin3 veto files = /.forward/ vfs objects = vscan-clamav recycle recycle: repository=Trash recycle: keeptree=True recycle: versions=True vscan-clamav: config-file = /etc/samba/vscan-clamav.conf Any ideas? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] read only share problem
HI, I have setup a samba share called DATOS it look like this: [DATOS] path = /data/datos comment = QAQC y SHA locking = no admin users = zulloa2 write list = @qaqc, zulloa2 browseable = yes public = yes guest ok = yes force create mode = 775 force directory mode = 775 read only = yes force group = qaqc in linux debian samba Version 3.0.14a-Debian it work good, opening the documents read only for every one, and can write with the user zulloa2 or the users in sha group. The problem is, some time some files in this share appear in read only mode for the user zulloa2... all the files in the share are in 775 this is the smbstatus when the file appear in readonly tipecasrv:~# smbstatus -u zulloa2 Samba version 3.0.14a-Debian PID Username Group Machine --- 14974 zulloa2 zulloa2 sha (192.168.0.3) Service pid machine Connected at --- DATOS14974 sha Thu Jan 11 07:01:38 2007 PUBLICO 14974 sha Thu Jan 11 07:01:38 2007 IPC$ 14974 sha Thu Jan 11 12:12:01 2007 GESTION 14974 sha Thu Jan 11 07:01:38 2007 CALIDADySHA 14974 sha Thu Jan 11 07:01:38 2007 Locked files: PidDenyMode Access R/WOplock Name -- 14974 DENY_WRITE 0x20089 RDONLY NONE /data/datos/QAQC/CONTINUACION.ppt Thu Jan 11 11:41:02 2007 14974 DENY_NONE 0x2019f RDWR EXCLUSIVE+BATCH /data/datos/QAQC/ITOPMT.doc Thu Jan 11 12:13:06 2007 14974 DENY_WRITE 0x20089 RDONLY NONE /data/datos/QAQC/PGT.doc Thu Jan 11 12:00:32 2007 14974 DENY_WRITE 0x20089 RDONLY NONE /data/datos/QAQC/Copia de SISTEMA QAQC.pps Thu Jan 11 11:40:57 2007 look that not all the files appears read only but is the same share an folder... what happend? how can i do ? when i do a /etc/init.d/samba restart so i can write them with zulloa2 user, but hours later the read only show again... Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] access denied to shares on samba 3
Hi, I have samba-3.0.23d-1tr on a trustix 3.0 system. This samba was joined to a win 2k3 domain and it works perfect for lot of months. Now I can access only to tmp share, and samba server is sometimes slow to expose all shares. If I launch wbinfo u or wbinfo g, I still see the users/group from win2k3 server, but in the log of my winxp client (whose name is Euro15), I see: [2006/12/27 11:52:31, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/12/27 11:52:31, 0] auth/auth_util.c:create_builtin_administrators(785) create_builtin_administrators: Failed to create Administrators [2006/12/27 11:52:31, 2] auth/auth_util.c:create_local_nt_token(899) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/12/27 11:52:31, 0] auth/auth_util.c:create_builtin_users(751) create_builtin_users: Failed to create Users [2006/12/27 11:52:31, 2] auth/auth_util.c:create_local_nt_token(926) create_local_nt_token: Failed to create BUILTIN\Users group! [2006/12/27 11:52:31, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2006/12/27 11:52:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) Username EURO/euro15$ is invalid on this system [2006/12/27 11:52:37, 0] smbd/service.c:make_connection_snum(920) '/var/amavis/virusmails' does not exist or permission denied when connecting t o [spam] Error was Permission denied [2006/12/27 11:52:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) Username EURO/euro15$ is invalid on this system [2006/12/27 11:52:37, 0] smbd/service.c:make_connection_snum(920) '/var/amavis/virusmails' does not exist or permission denied when connecting t o [spam] Error was Permission denied Now, /var/amavis/virusmails exists, euro15$ is my XP client name, and I don't understand why samba uses this to get credentials. I mean I expect to see EURO/massimo (my username) in this line, not my machine name. This particular folder is owned by amavis, but massimo is in amavis group so it is ok and I underline that this worked in the past. What else could I do? Thanks -- Passa a Infostrada. ADSL e Telefono senza limiti e senza canone Telecom http://click.libero.it/infostrada28dic06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] connecting Xp to samba
I have a server samba 3,... with opensuse 10.1 and a cliente XP. If i configure samba with security= share, i connect form Xp without any problem. If i configure samba with security=user , XP when i try to connect ask me for name and passwor; But Xp before the name puts the name of compuer (for example //PCXXX/name) ; I am sure to have the same name and password also in samba server and in Xp client, but i don't know how to resolve the problem. Thanks -- Passa a Infostrada. ADSL e Telefono senza limiti e senza canone Telecom http://click.libero.it/infostrada09dic06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and automount?
Could you elaborate your setup a little? I assume that clients are linux? http://lists.samba.org/archive/samba/2006-September/125059.html I think that scenario is very similar to yours ? -- Mikko Koppanen Jiří Červenka wrote: Hello, I´d like to ask someone if there is a way how to use samba and winbind to automaticaly mount users homedirs that is on w2k3 server share? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Issues with samba PDC + WinXP clients
Hello, I've been trying to configure samba 3.0.23d to work as PDC for a few days now. I can successfully join computer to domain but logging with user credentials fails with error message: The system can not log you on due to the following error: The system cannot find message text for message number 0x%1 in the message file for %2 Eventlog on windows side doesnt show anything usefull. I did all registry tricks on windows side (Sign secure channel). Heres my smb.conf: [global] ; General setting netbios name = SMBADS workgroup = TESTDOMAIN os level = 64 wins support = true ; PDC Settings preferred master = yes local master = yes domain master = yes domain logons = yes security = user encrypt passwords = true ; Log settings log level = 2 log file = /var/log/samba/log.%m syslog = 0 server string = SAMBA-LDAP PDC Server %v ; user profiles and home directory logon home = \\%L\%U\ logon drive = h: logon path = \\%L\profiles\%U logon script = netlogon.bat ; LDAP Configuration passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=example,dc=com ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=example,dc=com ldap delete dn = no ldap password sync = yes enable privileges = yes [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes browseable = No [profiles] path = /var/lib/samba/profiles read only = no create mask = 0600 directory mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cd rom cannot share in my workgroup
Hai, i have share my cd rom in samba , but i cannot access my workgroup what is problem.pls tell right answer. krk.prabhukumar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] After some time win98 clients hangs - samba 3.0.23c
Hi. I have upgraded samba from 3.0.10 on centos to samba 3.0.23c. In network working win98, winXP. We use dos applications, and sometime win98 immidetly hangs in this app. The machine must be restarted. I never see this behaviour with samba 3.0.10. This happen for different network installation - another localisation. After switch to 3.0.23c a must revert back to 3.0.10 wich came with centos, because dos applications hangs on win98 clients and some time on winXP. With 3.0.10 i have stability and no problem at all. So what can be the cause, samba 3.0.23c hangs my dos network application and 3.0.10 not. Oplocks ? Any idea ? Regards, Irens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba in centos 4.4: samba-3.0.10-1.4E.9 versus the latest from sernet samba3-3.0.23c-30
Hi people. I use centos on many my servers and they are running samba which comes with centos: samba-3.0.10-1.4E.9 From samba-3.0.10 to 3.0.23c many thnigs in code had change. Many bug fixes etc., code rewrote (for example oplock in later version of samba than 3.0.10). RedHat people don't have made a full of backports to their samba, only security things. So I have question, what do you think samba people, should i switch to the latest samba from sernet (for example) or still use samba, wchich comes with my centos. What are + and - ? Best regards, Irens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Timestamp issues
Hi folks, I got a fileserver with debian sarge which is being held up to date as good as I can. I got a machine with two harddrives. One holds kubuntu dapper and one holds winxp. And then there's more machines but they don't matter at the moment. On the filserver there's a share _images_ that has a force user/group _images_ constraint. Therefore when I save an image to that share owner of that file becomes images.images. And that's fine. When I copy images from my camera to that share from within winxp and the help of IrfanView everything is fine. Files get saved with the correct user.group and the original timestamp of the file on the camera. If I attempt to save the same images from within kubuntu where I have my own user and group settings the k-desktop enironment complains about not being able to change permissions and the image gets saved with the correct user and group (images.images) but with the current timestamp of the copying process and not the original timestamp from the picture shot. Now, what do I have to do so that I don't have to switch to winxp to save my images to the _images share_. I just don't understand the problem. thank you manfred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Timestamp issues
Hi folks, I got a fileserver with debian sarge which is being held up to date as good as I can. I got a machine with two harddrives. One holds kubuntu dapper and one holds winxp. And then there's more machines but they don't matter at the moment. On the filserver there's a share _images_ that has a force user/group _images_ constraint. Therefore when I save an image to that share owner of that file becomes images.images. And that's fine. When I copy images from my camera to that share from within winxp and the help of IrfanView everything is fine. Files get saved with the correct user.group and the original timestamp of the file on the camera. If I attempt to save the same images from within kubuntu where I have my own user and group settings the k-desktop enironment complains about not being able to change permissions and the image gets saved with the correct user and group (images.images) but with the current timestamp of the copying process and not the original timestamp from the picture shot. Now, what do I have to do so that I don't have to switch to winxp to save my images to the _images share_. I just don't understand the problem. thank you manfred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FW: RE Help config. VPN to Samba server - UK Charity
Thanks for all your help but I have been fighting a lossing battle. That is our present firewall config. will not support multiable users and now I am going down the Cisco, remote dial-in route. Sorry if I wasted your time too? Kind regards, Nick Original Message: - From: Felipe Augusto van de Wiel [EMAIL PROTECTED] Date: Tue, 12 Sep 2006 09:19:58 -0300 To: [EMAIL PROTECTED], samba@lists.samba.org, [EMAIL PROTECTED] Subject: Re: [Samba] FW: RE Help config. VPN to Samba server - UK Charity -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [ Try to not top-post, it makes a little bit hard to read ] [ the question/answers because it brokens the text flow. ] On 09/06/2006 06:53 AM, Nick Gorman escreveu: > Please can you help with this? I work at a charity and need > help to find a solution urgently or Samba / Linux, might be > superseded my 'MS' - Oh my GOD > > Thanks in advance, > > Nick : ) [...] >You need the appropriate ports open, which you probably > have done if Red Hat can mount the drives, and you now need > to get the Windows versions of mount and "browsing" working. > Go to the Troubleshooting chapter of the copy of Using > Samba that came with your distribution (or to > http://us2.samba.org/samba/docs/using_samba/ch12.html) > and go to the Fault Tree. This will step you through all > the prerequisites in the appropriate order, in about > five minutes, until you find your problem. > > --dave Dave sent you an answer. Could outline where exactly do you need help? Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFBqXuCj65ZxU4gPQRAoYpAJ9ZI3igC/DPnbvDyQx0FdvCcoup7wCdFjFW 14dzuuaZ3Tz1bgAPiKYdVgs= =Ov+0 -END PGP SIGNATURE- mail2web - Check your email from the web at http://mail2web.com/ . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over IPX - various sites say it works?
Nigel Gay wrote: FYI, the reason I can't use TCP/IP is I connect from my PC into my company's LAN via a VPN. When connected to the VPN, *all* TCP/IP traffic goes to the VPN, effectively cutting me off from the rest of my own LAN. Yes, I know that's really an issue with how their VPN is set up, but they won't change it. Accessing shares on Windows servers works fine, because once it realises it can't connect over TCP/IP, it switches to IPX and works fine. Nigel, just set up your local routes. It's quite easy :) // Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
werner maes wrote: the passdb backend no longer accepts multiple backends in a chaining configuration since samba 3.0.23a . question: will the following confi still work? passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 ? the idea is to use 2 ldap servers There are several ways to specify multiple ldap servers. passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 should work as failover solution - when ldap1 is down, ldap2 should be tried. But i found than failed ldap1 do not make smbd to use ldap2 in my installation. I have reported this problem here, but got no answer. // Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble installing applications from samba share using Windows Vista
[EMAIL PROTECTED] schrieb: I am having trouble installing applications onto a Vista machine from a Samba 3.0.23a share. I keep getting a Windows error telling me that the network path could not be found after I double click setup.exe. I can copy the files from the share to my local hard drive and install no problem. I can also copy them to a W2K share and install from there no problem. So, it seems the be Samba related. Everthing else that I have tried with Samba and Vista seems to be working. I can execute other programs from the share, for example. Has anyone else noticed this problem? And have a solution? Hi, yes i have seen this behavior from time to time on win-XP/win2k/win98, especialy for older installers. i guess it is a problem of the installer using a mix of systemcalls to access the files intermixing long filenames and short ones, and confusing samba at this point. AFAIR i have seen this behaviour on w2k-Server-shares too. Christoph -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
