RE: [Samba] [OT] Fyodor terminates SCO nmap rights -- how about Samba?

2004-02-27 Thread Aaron Collins
I'd have to rally behind Michael on this topic, I think this is where
the opensource community needs to show is stance and protest in a
non-vandalistic way.  I personally was confused how some script kiddies
felt that writing e-mail viruses that attacked SCOs website would do
anything more than give the OpenSource community a bad name.  This is
where we as GNU citizens need to show our support for Linux, even if
that isn't our OS of choice.  I'm personally a FreeBSD geek.  If SCO
throws an enough money at this case and wins, that makes OpenSource lose
value and vulnerable to many other lawsuits for someone that feels
OpenSource prevents them from making money.  Cough Cough M$.

My 2 cents

-Aaron Collins
hellfire at fastq dot com



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Michael Brown
Sent: Friday, February 27, 2004 3:28 PM
To: [EMAIL PROTECTED]
Subject: [Samba] [OT] Fyodor terminates SCO nmap rights -- how about
Samba?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

As you all may know Fyodor of nmap fame has terminated SCO's
rights to distribute namp with its products.  See:

http://www.smh.com.au/articles/2004/02/27/1077676955381.html

I know this is off-topic, but I am interested in opinions
on the subject of SCO using Samba in it's products while they declare
the GPL is unconstitutional and invalid.  In Darl McBride's recent
speech at
Harvard Law School, he was asked in the QA period about SCO's use of
Samba and the GPL - to which he replied something to the effect (I am 
paraphrasing here) of Samba doesn't infringe on our IP to our
knowledge, so we
still contribute (??) to the Samba project and distribute Samba with our
products  Is this hypocrisy?  I welcome opinions of the members of the
list.

Sorry if this is not the right forum for this, but I am interested in
the
opinions of the Samba community on this issue.

Michael Brown 

 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAP8R5yEfMczxaHdsRApcLAJ94yu7LuXGL9saMm8Gv6J2ne5HWIgCfUuCs
LPi5uElkzBbjLUC6TBjIZrE=
=rhK9
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] samba 3 and ADS

2004-02-19 Thread Aaron Collins
Of courese, thats the whole point of having a samba box part of a win2k
domain.  Heck if you wanted you could also replace your pdc with with a
samba pdc.  Check out the samba 3 howto, they have good instructions on
doing this.
You just have to make sure that what ever OS you use has support for NSS, or
you'll also have to create the accounts localy before they can use it. I
know that AIX supports this for sure. as well as Solaris,  I'm not positive
about HP-UX though.

-Aaron C.

- Original Message -
From: E Hunter [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 19, 2004 9:59 AM
Subject: [Samba] samba 3 and ADS


 Hi list.

 I'm trying to set up samba 3 on Solaris 8, AIX 4.3 and 5, HP-UX11.0 and
 11i to authenticate mount requests from Win2k clients against their
 Active Directory credentials.

 In other words, users sitting at a win2k workstation want to be able to
 log on once, to the domain using their AD credentials and be able to
 mount the unix servers without having to re-authenticate.

 Is this poossible?


 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] wbinfo error

2004-02-19 Thread Aaron Collins
Make Sure you have winbindd running, and that if your using ads, that the
clock on your Unix box is not less than 5 minutes off from your Windows PDC.
Also if you look at the wbinfo man, it talks about setting up a user and
password for wbinfo to check info against your PDC with, sometimes this is
helpful is you disallow anonymous user queries.

-Aaron C.

- Original Message -
From: Delagarza, Gilbert [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 19, 2004 9:54 AM
Subject: [Samba] wbinfo error


 We have setup Samba3 and joined the server to the AD domain. problem is
when
 I run wbinfo -u I get the error msg Error looking up users. If I use the
 syntax wbinfo -a domain+user%password -g, it rec msgs back that the
passwd
 succeeded but still does not let me list groups.




 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] FreeBSD and Samba HowTO

2004-02-17 Thread Aaron Collins
For anyone that has been having trouble getting FreeBSD and Samba to play nice 
together, I've written up a Howto 
http://hellfire.homeunix.net:81/Docs/Configuring%20FreeBSD%205.htm

It goes over some of the complicated subjects like installing Kerberos, and making 
sure it works right.  It also shows you how to make FreeBSD do ads in a win2k domain 
so that it treats domain users as local users.

It is a work in progress, and I still have extra material to cover, but the base doc 
is enough for anyone struggiling to get the overal system to work.  I still need to 
include things like troubleshooting errors, and configuring PAM.  If anyone finds this 
helpful, or has any reconmendations, please let me know.

-Signed,
Aaron Collins
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] net ads join

2004-02-09 Thread Aaron Collins
Hey, I'm trying to use the net ads join to connect to a win2k AD, but when I auth, it 
just returns a new line.  It never says anything about being succesful.  I've checked 
and I'm not part of the domain.  I'm using FreeBSD 5.1, with samba 3.0.1.  Can anyone 
recommend some suggestions.  I've upgraded my kerberos to newer versions,  and I know 
the password auth info is ok.  ANy suggestions are appreciated.

-Aaron Collins
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] samba 2 samba

2004-01-08 Thread Aaron Collins
ya, use smbclient to go from one samba machine to another
-Aaron

- Original Message - 
From: Louie Miranda [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 11:16 PM
Subject: [Samba] samba 2 samba


 will it work?
 
 Samba 2 Samba will it work?
 
 
 -- -
 Louie Miranda
 http://www.axishift.com
 
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Windows 2000 Suse 9.0

2003-12-02 Thread Aaron Collins
I had a similar problem in Suse 8.2, by defualt the paper size is set to
the German standard of A4, you need to go into Yast and set the default
paper size to US letter.  Then try and print again.

On Tue, 2003-12-02 at 05:18, denis wrote:
 Hi,
 
 PROBLEM : I'm not able to use the printer connected to a windows 2000
 machine.
 
 INSTALLATION: I have 3 PCs. 
 
  - One is a windows 2000 PC with the printer connected to it
  - One is a redhat machine
  - One is a Suse 9.0 machine.
 
 The redhat machine is able to print to the samba printer, not the Suse
 one.
 
 smbclient -L //secretariat shows identical data on both Linux machines
 
 Domain=[TUX-NET] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
  
 Sharename  Type  Comment
 -    ---
 IPC$   IPC   Remote IPC
 D$ Disk  Default share
 print$ Disk  Printer Drivers
 HPLaserJ   Printer   HP LaserJet 4
 ADMIN$ Disk  Remote Admin
 C$ Disk  Default share
  
 Server   Comment
 ----
 SECRETARIAT
  
 WorkgroupMaster
 ----
 TUX-NET  SECRETARIAT
 
 on the Suse machine this command line prints ouf to the printer
 correctly.
 
 echo -en \rouf\r\f | smbclient //secretariat/HPLaserJ tugudu -c
 'print -' -N -U denis
 
 In other words everything works but I'm not able to create a printer
 connection with Yast2. When I lookup hosts it gives the IP of the
 windows machine and never accept the queue name (HPLaserJ)
 
 Ideas ?
 
 thanks
 Denis
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] v3.0.X kerberos_verify sol8 compile problem

2003-11-24 Thread Aaron Collins
I Had similar problems in BSD when I had more than one version of
kerberos installed.  I'd make sure there is only one version and that
the libs and headers are for the same version.

-Aaron

On Mon, 2003-11-24 at 08:13, Patrick Hopp wrote:
 Having a problem getting v3.0.0(or pre3) to compile on a Solaris 8 box,
 tried Sun compilers and Solaris compilers..   Recompiled/Re-installed
 Kerberos all roads lead to the same error compiling Samba, it gets about 2/3
 of the way done and spews...
 
 
 Compiling libads/kerberos_verify.c
 libads/kerberos_verify.c: In function `create_keytab':
 libads/kerberos_verify.c:77: structure has no member named `keyblock'
 *** Error code 1
 make: Fatal error: Command failed for target `libads/kerberos_verify.o'
 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] samba 3.0.0 freebsd

2003-11-21 Thread Aaron Collins
Matt Pusateri wrote:

Aaron,

I see that no one has posted a response to this.  I have a similar problem.  I think that the NSSwitch code is not complete, so it only works redirecting to LDAP and not winbind. Are you using LDAP?  What about /usr/ports/net/nss_ldap port?  
 

Matt, you are correct, the nsswitch code was not complete,  I took the 
old ports patch an applied it to the new 3.0 and it seems to work now, 
please refer to samba bug 797 https://bugzilla.samba.org/show_bug.cgi?id=797
Their is also a symlink the needs to be created

root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1*
root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1*
root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2*

Although I am not sure of this because their is a document at www.bzerk.org that details FreeBSD 5.1 with Samba 2.2.8a in MS AD environment that sounds like it works.  
Have you asked this on FreeBSD-Questions?  
 

I had a look at Bzerk, which is what inspired me to look at the old 
ports patches

I have been playing with several FreeBSD/Samba combinations but haven't found the one I want yet.

FYI - I didn't respond to the list, because I didn't want to express opinions that might not be accurate.

Let me know if I can help at all, although it seems that we are both stuck at similar levels of configuration.
 

I've got it working great now, please try the patch in the above samba 
bug report.  Im sure if enough people use it and find it useful it will 
get added.  I didn't specify in the bug report, but that diff was from 
samba 3.0.1pre4 (CVS Curret)

Thanks,



Matt Pusateri
Systems Administrator
Interactive Medical Systems, Inc.
 

Aaron Collins [EMAIL PROTECTED] 11/20/03 12:41AM 
   

Has anyone at all gotten the Samab 3.0 to integrate into the FreeBSD 5.1 
Name Service switcher?  Are there patches avaliable?  Does anyone know 
where to get the FreeBSD nss api so I can try to fix the code my self?  
I keep getting the following errors in my logs
NSSWITCH(nss_method_lookup): winbind, passwd, getpwnam_r, not found

 



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] samba 3.0.0 freebsd

2003-11-19 Thread Aaron Collins
Has anyone at all gotten the Samab 3.0 to integrate into the FreeBSD 5.1 
Name Service switcher?  Are there patches avaliable?  Does anyone know 
where to get the FreeBSD nss api so I can try to fix the code my self?  
I keep getting the following errors in my logs
NSSWITCH(nss_method_lookup): winbind, passwd, getpwnam_r, not found

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] freebsd and winbind

2003-11-14 Thread Aaron Collins
I've been working for a couple days to get NSSwitch to work under
FREEBSD, and what I'm noticing from the winbind debug info is that when
it trys to create the user map, it passes the username but not the
group.  I believe this is why it is failing.  Can someone tell me is
this is a bug, or config issue?

[32589]: request interface version
[32589]: request location of privileged pipe
[32589]: ping
[32589]: pam auth crap domain: TECH user: acollins
Connected to LDAP server 140.198.45.130
got ldap server name [EMAIL PROTECTED], using bind path:
dc=TECH,dc=GC,dc=MARICOPA,dc=EDU
IPC$ connections done by user TECH\testuser
Connecting to host=GARGOYLE
Connecting to 140.198.45.130 at port 445
Doing spnego session setup (blob length=118)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got [EMAIL PROTECTED]
Doing kerberos session setup
[32589]: create_user: user=(acollins), group=()

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] samba 3.0 and freebsd 5.1

2003-11-13 Thread Aaron Collins
I've been working on getting freebsd 5.1 to be a member of and active
directory domain.  I have everything up and running fine, but I'm
running in to a brick wall when trying to get nsswitch to use the 
libnss_winbind.so  I understand that nss is new in BSD, but I am told it
is supposed to work.  Has anyone here got it to work right yet? 
I have samba, winbind and kerberos working fine. I get all of my users
when I do a wbinfo -u  I copied the correct nss libs to /usr/lib  If
anyone has any Info I'd greatly appreciate it.

I know it has something to do nsswitch because I get these errors in
/var/log/debug.log
smbd: NSSWITCH(nss_method_lookup): winbind, group, setgrent, not found
smbd: NSSWITCH(nss_method_lookup): winbind, group, getgrent_r, not found
smbd: NSSWITCH(nss_method_lookup): winbind, group, endgrent, not found
ls: NSSWITCH(nss_method_lookup): winbind, passwd, setpwent, not found
ls: NSSWITCH(nss_method_lookup): winbind, group, setgrent, not found
ls: NSSWITCH(nss_method_lookup): winbind, passwd, getpwuid_r, not found
ls: NSSWITCH(nss_method_lookup): winbind, group, getgrgid_r, not found
ls: NSSWITCH(nss_method_lookup): winbind, passwd, getpwuid_r, not found
ls: NSSWITCH(nss_method_lookup): winbind, group, getgrgid_r, not found
ls: NSSWITCH(nss_method_lookup): winbind, passwd, getpwuid_r, not found
ls: NSSWITCH(nss_method_lookup): winbind, group, getgrgid_r, not found


Following are my confs

smb.conf
[global]
 
   workgroup = PERSONAL
   netbios name = BSD
   netbios aliases = BSD
   realm = PERSONAL.REALM.COM
   security = ads
   encrypt passwords = yes
   password server = *
   wins server = wins.realm.com
   name resolve order = lmhosts host wins bcast
   log file = /var/log/samba/%m.log
   server string = FreeBSD Samba Server
   log level = 1
   winbind separator = .
   winbind cache time = 10
   winbind enum users = yes
   winbind enum groups = yes
   winbind use default domain = yes
   template shell = /bin/bash
   template homedir = /home/%D/%U
   idmap uid = 1-2
   idmap gid = 1-2

/etc/nsswitch.conf
passwd: files winbind
group:  files winbind



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Authentication against AD

2003-11-13 Thread Aaron Collins
When you say bleeding edge, does that include FreeBSD 5.1?  Are there
any patches to get it to work with 5.1?

On Thu, 2003-11-13 at 14:45, Andrew Bartlett wrote:
 On Fri, 2003-11-14 at 05:49, Morten-Christian Bernson wrote:
  We have a FreeBSD webserver with Samba 2.2.8.  It has been set up as a
  member-server of our active directory domain, and all seems good so
  far.
  
  What I want is to let a set of users access a share (www) as the
  www-user, and they should authenticate against AD, and they should not
  need an account on the BSD machine at all.  I don't want any add user
  script and so on, I only want them to access the share if they are one
  of the defined users, and the password is aproved by the windows
  servers.
 
 You still need user accounts, sorry.  Use winbind (which needs nsswitch,
 which needs some bleeding edge version of FreeBSD) or add the users
 manually.
 
 Andrew Bartlett

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] file permissions on home directories and admin user copying files to it

2003-11-13 Thread Aaron Collins
I don't think you really can change that, because the default nature of
Unix is who ever creates a file owns it, no matter what directory it's
in(As long as they have write access to that dir).  Samba just does a
remote-local mapping that grant the remote user whatever access they
are mapped to, but when they create the file, they still own it.  If you
use a rpc or ads setup, and configure nss and pam together with it, you
can make so that from windows you could manage file ownership(To a
limited extent, ufs is not ntfs). But as far as making any file that's
in a directory owned by who ever owns that dir, the only way I could
think of to do it is to write a cron script that checks the dir
ownership and sets all files and sub dirs to those permissions every x
amount of time.

-Aaron


On Thu, 2003-11-13 at 17:11, Christian Nabski wrote:
 Hi Aaron,
 
 Thanks for your answer. 
 I already set the create mask for files and directories :
 for files 0600 -- user can only write and read
 for directories 0700 -- directories can be read and entered (executed) by 
 the user
 
 This however only sets the rights and not the ownership.
 
 The problem arises when an admin (in the adminlist) copies files from 
 another drive/share/... to the home share of a user via samba.
 These copied files have then as owner root. The effect of this (0600 and 
 root ) is that the user can not read or write to this file.
 
 This is in fact a test server for a customer. 
 What they actually want is the behavior of windows :
 the copied files inherit the rights of the directory where they are 
 created.
 eg : homedir : 0700 owner : the user group domain users
 The admin copies or created a file example.txt in homedir.
 -- rights of example.txt : 0600 owner the user group domain users
 
 The group ownership is possible with chmod g+s homedir or chmod 2700 
 homedir.
 
 If I would set a create mask for files as 0660 and for directories 0770 
 the problem would be solved but I wanted the restrict the rights to the 
 ones set.
 And I don't want to maintain private groups (ala redhat) for these users.
 
 I am just wondering how other people do this with admins which don't know 
 anything about unix file permissions ?
 
 
 Regards,
 
 Christian
 
 
 
 Aaron Collins [EMAIL PROTECTED] wrote on 13/11/2003 21:19:13:
 
  
  You should have a look at the create mask option, it says what the
  default permissions should be on files that get created.  This will
  override the default unix behavior. 
  See also inherit permissions , directory mask, force create mode and
  force directory mode   I think these are the options your looking for in
  your smb.conf
  
  -Aaron c
  
  On Thu, 2003-11-13 at 11:40, Christian Nabski wrote:
   We want to copy files with the group in the admin list of the [homes] 
   share. The problem is that the copied files then are owned by root.
   I know this is normal unix behavior. However we want the copied files 
 to 
   be owned by the user of the homeshare. 
   
   I read the samba howto section Users Cannot Write to a Public Share.
   Although I want to set the owner on the home shares and not on a 
 public 
   share.
   The mentioned section however does not seem to work on Redhat 7.3 nor 
 RH 
   AS 3 ?
   The group gets set correctly (gets changed to the group who owned the 
   directory) but the user stays the same. 
   I am wondering if this is a particular issue with the Redhat 
 distribution 
   or something else ? 
   
   For now I tried this solution :
   
   in [homes] : 
   root preexec = chown -R %S %P
   
   This works but I wonder if this is good solution ?
   
   
   Christian
  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba