RE: [Samba] [OT] Fyodor terminates SCO nmap rights -- how about Samba?
I'd have to rally behind Michael on this topic, I think this is where the opensource community needs to show is stance and protest in a non-vandalistic way. I personally was confused how some script kiddies felt that writing e-mail viruses that attacked SCOs website would do anything more than give the OpenSource community a bad name. This is where we as GNU citizens need to show our support for Linux, even if that isn't our OS of choice. I'm personally a FreeBSD geek. If SCO throws an enough money at this case and wins, that makes OpenSource lose value and vulnerable to many other lawsuits for someone that feels OpenSource prevents them from making money. Cough Cough M$. My 2 cents -Aaron Collins hellfire at fastq dot com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Brown Sent: Friday, February 27, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: [Samba] [OT] Fyodor terminates SCO nmap rights -- how about Samba? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As you all may know Fyodor of nmap fame has terminated SCO's rights to distribute namp with its products. See: http://www.smh.com.au/articles/2004/02/27/1077676955381.html I know this is off-topic, but I am interested in opinions on the subject of SCO using Samba in it's products while they declare the GPL is unconstitutional and invalid. In Darl McBride's recent speech at Harvard Law School, he was asked in the QA period about SCO's use of Samba and the GPL - to which he replied something to the effect (I am paraphrasing here) of Samba doesn't infringe on our IP to our knowledge, so we still contribute (??) to the Samba project and distribute Samba with our products Is this hypocrisy? I welcome opinions of the members of the list. Sorry if this is not the right forum for this, but I am interested in the opinions of the Samba community on this issue. Michael Brown -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAP8R5yEfMczxaHdsRApcLAJ94yu7LuXGL9saMm8Gv6J2ne5HWIgCfUuCs LPi5uElkzBbjLUC6TBjIZrE= =rhK9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3 and ADS
Of courese, thats the whole point of having a samba box part of a win2k domain. Heck if you wanted you could also replace your pdc with with a samba pdc. Check out the samba 3 howto, they have good instructions on doing this. You just have to make sure that what ever OS you use has support for NSS, or you'll also have to create the accounts localy before they can use it. I know that AIX supports this for sure. as well as Solaris, I'm not positive about HP-UX though. -Aaron C. - Original Message - From: E Hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 19, 2004 9:59 AM Subject: [Samba] samba 3 and ADS Hi list. I'm trying to set up samba 3 on Solaris 8, AIX 4.3 and 5, HP-UX11.0 and 11i to authenticate mount requests from Win2k clients against their Active Directory credentials. In other words, users sitting at a win2k workstation want to be able to log on once, to the domain using their AD credentials and be able to mount the unix servers without having to re-authenticate. Is this poossible? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo error
Make Sure you have winbindd running, and that if your using ads, that the clock on your Unix box is not less than 5 minutes off from your Windows PDC. Also if you look at the wbinfo man, it talks about setting up a user and password for wbinfo to check info against your PDC with, sometimes this is helpful is you disallow anonymous user queries. -Aaron C. - Original Message - From: Delagarza, Gilbert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 19, 2004 9:54 AM Subject: [Samba] wbinfo error We have setup Samba3 and joined the server to the AD domain. problem is when I run wbinfo -u I get the error msg Error looking up users. If I use the syntax wbinfo -a domain+user%password -g, it rec msgs back that the passwd succeeded but still does not let me list groups. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] FreeBSD and Samba HowTO
For anyone that has been having trouble getting FreeBSD and Samba to play nice together, I've written up a Howto http://hellfire.homeunix.net:81/Docs/Configuring%20FreeBSD%205.htm It goes over some of the complicated subjects like installing Kerberos, and making sure it works right. It also shows you how to make FreeBSD do ads in a win2k domain so that it treats domain users as local users. It is a work in progress, and I still have extra material to cover, but the base doc is enough for anyone struggiling to get the overal system to work. I still need to include things like troubleshooting errors, and configuring PAM. If anyone finds this helpful, or has any reconmendations, please let me know. -Signed, Aaron Collins -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join
Hey, I'm trying to use the net ads join to connect to a win2k AD, but when I auth, it just returns a new line. It never says anything about being succesful. I've checked and I'm not part of the domain. I'm using FreeBSD 5.1, with samba 3.0.1. Can anyone recommend some suggestions. I've upgraded my kerberos to newer versions, and I know the password auth info is ok. ANy suggestions are appreciated. -Aaron Collins -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2 samba
ya, use smbclient to go from one samba machine to another -Aaron - Original Message - From: Louie Miranda [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 08, 2004 11:16 PM Subject: [Samba] samba 2 samba will it work? Samba 2 Samba will it work? -- - Louie Miranda http://www.axishift.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 Suse 9.0
I had a similar problem in Suse 8.2, by defualt the paper size is set to the German standard of A4, you need to go into Yast and set the default paper size to US letter. Then try and print again. On Tue, 2003-12-02 at 05:18, denis wrote: Hi, PROBLEM : I'm not able to use the printer connected to a windows 2000 machine. INSTALLATION: I have 3 PCs. - One is a windows 2000 PC with the printer connected to it - One is a redhat machine - One is a Suse 9.0 machine. The redhat machine is able to print to the samba printer, not the Suse one. smbclient -L //secretariat shows identical data on both Linux machines Domain=[TUX-NET] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$ IPC Remote IPC D$ Disk Default share print$ Disk Printer Drivers HPLaserJ Printer HP LaserJet 4 ADMIN$ Disk Remote Admin C$ Disk Default share Server Comment ---- SECRETARIAT WorkgroupMaster ---- TUX-NET SECRETARIAT on the Suse machine this command line prints ouf to the printer correctly. echo -en \rouf\r\f | smbclient //secretariat/HPLaserJ tugudu -c 'print -' -N -U denis In other words everything works but I'm not able to create a printer connection with Yast2. When I lookup hosts it gives the IP of the windows machine and never accept the queue name (HPLaserJ) Ideas ? thanks Denis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] v3.0.X kerberos_verify sol8 compile problem
I Had similar problems in BSD when I had more than one version of kerberos installed. I'd make sure there is only one version and that the libs and headers are for the same version. -Aaron On Mon, 2003-11-24 at 08:13, Patrick Hopp wrote: Having a problem getting v3.0.0(or pre3) to compile on a Solaris 8 box, tried Sun compilers and Solaris compilers.. Recompiled/Re-installed Kerberos all roads lead to the same error compiling Samba, it gets about 2/3 of the way done and spews... Compiling libads/kerberos_verify.c libads/kerberos_verify.c: In function `create_keytab': libads/kerberos_verify.c:77: structure has no member named `keyblock' *** Error code 1 make: Fatal error: Command failed for target `libads/kerberos_verify.o' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.0 freebsd
Matt Pusateri wrote: Aaron, I see that no one has posted a response to this. I have a similar problem. I think that the NSSwitch code is not complete, so it only works redirecting to LDAP and not winbind. Are you using LDAP? What about /usr/ports/net/nss_ldap port? Matt, you are correct, the nsswitch code was not complete, I took the old ports patch an applied it to the new 3.0 and it seems to work now, please refer to samba bug 797 https://bugzilla.samba.org/show_bug.cgi?id=797 Their is also a symlink the needs to be created root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1* root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1* root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2* Although I am not sure of this because their is a document at www.bzerk.org that details FreeBSD 5.1 with Samba 2.2.8a in MS AD environment that sounds like it works. Have you asked this on FreeBSD-Questions? I had a look at Bzerk, which is what inspired me to look at the old ports patches I have been playing with several FreeBSD/Samba combinations but haven't found the one I want yet. FYI - I didn't respond to the list, because I didn't want to express opinions that might not be accurate. Let me know if I can help at all, although it seems that we are both stuck at similar levels of configuration. I've got it working great now, please try the patch in the above samba bug report. Im sure if enough people use it and find it useful it will get added. I didn't specify in the bug report, but that diff was from samba 3.0.1pre4 (CVS Curret) Thanks, Matt Pusateri Systems Administrator Interactive Medical Systems, Inc. Aaron Collins [EMAIL PROTECTED] 11/20/03 12:41AM Has anyone at all gotten the Samab 3.0 to integrate into the FreeBSD 5.1 Name Service switcher? Are there patches avaliable? Does anyone know where to get the FreeBSD nss api so I can try to fix the code my self? I keep getting the following errors in my logs NSSWITCH(nss_method_lookup): winbind, passwd, getpwnam_r, not found -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.0 freebsd
Has anyone at all gotten the Samab 3.0 to integrate into the FreeBSD 5.1 Name Service switcher? Are there patches avaliable? Does anyone know where to get the FreeBSD nss api so I can try to fix the code my self? I keep getting the following errors in my logs NSSWITCH(nss_method_lookup): winbind, passwd, getpwnam_r, not found -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] freebsd and winbind
I've been working for a couple days to get NSSwitch to work under FREEBSD, and what I'm noticing from the winbind debug info is that when it trys to create the user map, it passes the username but not the group. I believe this is why it is failing. Can someone tell me is this is a bug, or config issue? [32589]: request interface version [32589]: request location of privileged pipe [32589]: ping [32589]: pam auth crap domain: TECH user: acollins Connected to LDAP server 140.198.45.130 got ldap server name [EMAIL PROTECTED], using bind path: dc=TECH,dc=GC,dc=MARICOPA,dc=EDU IPC$ connections done by user TECH\testuser Connecting to host=GARGOYLE Connecting to 140.198.45.130 at port 445 Doing spnego session setup (blob length=118) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got [EMAIL PROTECTED] Doing kerberos session setup [32589]: create_user: user=(acollins), group=() -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0 and freebsd 5.1
I've been working on getting freebsd 5.1 to be a member of and active directory domain. I have everything up and running fine, but I'm running in to a brick wall when trying to get nsswitch to use the libnss_winbind.so I understand that nss is new in BSD, but I am told it is supposed to work. Has anyone here got it to work right yet? I have samba, winbind and kerberos working fine. I get all of my users when I do a wbinfo -u I copied the correct nss libs to /usr/lib If anyone has any Info I'd greatly appreciate it. I know it has something to do nsswitch because I get these errors in /var/log/debug.log smbd: NSSWITCH(nss_method_lookup): winbind, group, setgrent, not found smbd: NSSWITCH(nss_method_lookup): winbind, group, getgrent_r, not found smbd: NSSWITCH(nss_method_lookup): winbind, group, endgrent, not found ls: NSSWITCH(nss_method_lookup): winbind, passwd, setpwent, not found ls: NSSWITCH(nss_method_lookup): winbind, group, setgrent, not found ls: NSSWITCH(nss_method_lookup): winbind, passwd, getpwuid_r, not found ls: NSSWITCH(nss_method_lookup): winbind, group, getgrgid_r, not found ls: NSSWITCH(nss_method_lookup): winbind, passwd, getpwuid_r, not found ls: NSSWITCH(nss_method_lookup): winbind, group, getgrgid_r, not found ls: NSSWITCH(nss_method_lookup): winbind, passwd, getpwuid_r, not found ls: NSSWITCH(nss_method_lookup): winbind, group, getgrgid_r, not found Following are my confs smb.conf [global] workgroup = PERSONAL netbios name = BSD netbios aliases = BSD realm = PERSONAL.REALM.COM security = ads encrypt passwords = yes password server = * wins server = wins.realm.com name resolve order = lmhosts host wins bcast log file = /var/log/samba/%m.log server string = FreeBSD Samba Server log level = 1 winbind separator = . winbind cache time = 10 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template shell = /bin/bash template homedir = /home/%D/%U idmap uid = 1-2 idmap gid = 1-2 /etc/nsswitch.conf passwd: files winbind group: files winbind -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authentication against AD
When you say bleeding edge, does that include FreeBSD 5.1? Are there any patches to get it to work with 5.1? On Thu, 2003-11-13 at 14:45, Andrew Bartlett wrote: On Fri, 2003-11-14 at 05:49, Morten-Christian Bernson wrote: We have a FreeBSD webserver with Samba 2.2.8. It has been set up as a member-server of our active directory domain, and all seems good so far. What I want is to let a set of users access a share (www) as the www-user, and they should authenticate against AD, and they should not need an account on the BSD machine at all. I don't want any add user script and so on, I only want them to access the share if they are one of the defined users, and the password is aproved by the windows servers. You still need user accounts, sorry. Use winbind (which needs nsswitch, which needs some bleeding edge version of FreeBSD) or add the users manually. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
I don't think you really can change that, because the default nature of Unix is who ever creates a file owns it, no matter what directory it's in(As long as they have write access to that dir). Samba just does a remote-local mapping that grant the remote user whatever access they are mapped to, but when they create the file, they still own it. If you use a rpc or ads setup, and configure nss and pam together with it, you can make so that from windows you could manage file ownership(To a limited extent, ufs is not ntfs). But as far as making any file that's in a directory owned by who ever owns that dir, the only way I could think of to do it is to write a cron script that checks the dir ownership and sets all files and sub dirs to those permissions every x amount of time. -Aaron On Thu, 2003-11-13 at 17:11, Christian Nabski wrote: Hi Aaron, Thanks for your answer. I already set the create mask for files and directories : for files 0600 -- user can only write and read for directories 0700 -- directories can be read and entered (executed) by the user This however only sets the rights and not the ownership. The problem arises when an admin (in the adminlist) copies files from another drive/share/... to the home share of a user via samba. These copied files have then as owner root. The effect of this (0600 and root ) is that the user can not read or write to this file. This is in fact a test server for a customer. What they actually want is the behavior of windows : the copied files inherit the rights of the directory where they are created. eg : homedir : 0700 owner : the user group domain users The admin copies or created a file example.txt in homedir. -- rights of example.txt : 0600 owner the user group domain users The group ownership is possible with chmod g+s homedir or chmod 2700 homedir. If I would set a create mask for files as 0660 and for directories 0770 the problem would be solved but I wanted the restrict the rights to the ones set. And I don't want to maintain private groups (ala redhat) for these users. I am just wondering how other people do this with admins which don't know anything about unix file permissions ? Regards, Christian Aaron Collins [EMAIL PROTECTED] wrote on 13/11/2003 21:19:13: You should have a look at the create mask option, it says what the default permissions should be on files that get created. This will override the default unix behavior. See also inherit permissions , directory mask, force create mode and force directory mode I think these are the options your looking for in your smb.conf -Aaron c On Thu, 2003-11-13 at 11:40, Christian Nabski wrote: We want to copy files with the group in the admin list of the [homes] share. The problem is that the copied files then are owned by root. I know this is normal unix behavior. However we want the copied files to be owned by the user of the homeshare. I read the samba howto section Users Cannot Write to a Public Share. Although I want to set the owner on the home shares and not on a public share. The mentioned section however does not seem to work on Redhat 7.3 nor RH AS 3 ? The group gets set correctly (gets changed to the group who owned the directory) but the user stays the same. I am wondering if this is a particular issue with the Redhat distribution or something else ? For now I tried this solution : in [homes] : root preexec = chown -R %S %P This works but I wonder if this is good solution ? Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba