[Samba] Does Samba 3 work in a Windows 2008 R2 with NO WINS and NO NETBIOS
Hopefully a quick question. My Windows AD administrator is moving to Windows 2008R and is about to switch off the last Windows 2003 domain controller. He also wants to switch off the compatible WINS and NETBIOS off as well. Does samba 3 work in this environment or do I need to tell him to keep then working? Cheers, Andrew -- Andrew Watkins * Birkbeck, University of London * Computer Science * * UKOUG Solaris SIG Co-Chair * http://notallmicrosoft.blogspot.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does Samba 3 work in a Windows 2008 R2 with NO WINS and NO NETBIOS
I guess the only way to find out if it works is to switch off the Windows 2003 AD DC and see if samba works. Th problem is that I can't seem to prove it. # smbclient -L localhost -U andrew Enter andrew's password: Domain=[DCSNT] OS=[Unix] Server=[Samba 3.5.15] Server Comment ---- W2003AD WWW2 Samba Server WorkgroupMaster ---- DCSNTW2003AD # smbclient -L W2008R2ADDC -U andrew Enter andrew's password: Domain=[DCSNT] OS=[Windows Server 2008 R2 Standard 7601 Service Pack 1] Server=[Windows Server 2008 R2 Standard 6.1] Sharename Type Comment - --- ADMIN$ Disk Remote Admin C$ Disk Default share D$ Disk Default share E$ Disk Default share IPC$IPC Remote IPC NETLOGONDisk Logon server share SYSVOL Disk Logon server share Connection to W2008R2ADDC failed (Error NT_STATUS_UNSUCCESSFUL) NetBIOS over TCP disabled -- no workgroup available # smbclient -L W2003AD -U andrew Enter andrew's password: Domain=[DCSNT] OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windows Server 2003 5.2] WorkgroupMaster ---- DCSNTW2003AD Thanks, Andrew On 02/06/13 14:51, Daniel Müller wrote: As member server, domain=ads You have to configure winbind Good Luck --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Watkins Gesendet: Mittwoch, 6. Februar 2013 15:30 An: samba@lists.samba.org Betreff: [Samba] Does Samba 3 work in a Windows 2008 R2 with NO WINS and NO NETBIOS Hopefully a quick question. My Windows AD administrator is moving to Windows 2008R and is about to switch off the last Windows 2003 domain controller. He also wants to switch off the compatible WINS and NETBIOS off as well. Does samba 3 work in this environment or do I need to tell him to keep then working? Cheers, Andrew -- Andrew Watkins * Birkbeck, University of London * Computer Science * * UKOUG Solaris SIG Co-Chair * http://notallmicrosoft.blogspot.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Andrew Watkins * Birkbeck, University of London * Computer Science * * UKOUG Solaris SIG Co-Chair * http://notallmicrosoft.blogspot.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can new ACL entries be inherited to existing subdirectories.
As also, you got it dead right. set map acl inherit = yes Solaris does seem to support extended attributes. Thanks Andrew Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Watkins wrote: Hello, My samba drive works well on my XP machines and ACLs work fine as well. XP users can add new user permissions to files and folders and they are inherited for all NEW files and folders created in the future. But, adding a new permission on the security tab to a folder does not alter the EXISTING files/sub-folders like it does on a real windows network drive. I am running Samba 3.0.24/25 on Solaris 10/9 machines and here are my current settings: You need EA support on the file systems and to set map acl inherit = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can new ACL entries be inherited to existing subdirectories.
Hello, My samba drive works well on my XP machines and ACLs work fine as well. XP users can add new user permissions to files and folders and they are inherited for all NEW files and folders created in the future. But, adding a new permission on the security tab to a folder does not alter the EXISTING files/sub-folders like it does on a real windows network drive. I am running Samba 3.0.24/25 on Solaris 10/9 machines and here are my current settings: acl compatibility = auto acl check permissions = Yes acl group control = No acl map full control = Yes force unknown acl user = No inherit permissions = No inherit acls = No inherit owner = No nt acl support = Yes profile acls = No map acl inherit = No Thanks Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba problems after latest Solaris 10 Patches
I am unable to setup printers on my samba system any long after I updated to the latest Solaris 10 Patch cluster. What I get in my log files all the time is: [2007/03/07 11:58:19, 2, effective(60001, 60001), real(0, 0)] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(263) find_printer_index_by_hnd: Printer handle not found: _spoolss_writeprinter: Invalid handle (OTHER:11687:16175) [2007/03/07 11:58:19, 2, effective(60001, 60001), real(0, 0)] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(263) find_printer_index_by_hnd: Printer handle not found: _spoolss_writeprinter: Invalid handle (OTHER:11068:16175) Plus when I do this on windows I get: \\lpserver\print$ The specified network name is no longer available. and the log files gives: [2007/03/07 11:59:38, 0, effective(0, 0), real(0, 0)] lib/fault.c:fault_report(41) === [2007/03/07 11:59:38, 0, effective(0, 0), real(0, 0)] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 10 in pid 16260 (3.0.24) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/03/07 11:59:38, 0, effective(0, 0), real(0, 0)] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/03/07 11:59:38, 0, effective(0, 0), real(0, 0)] lib/fault.c:fault_report(45) === [2007/03/07 11:59:38, 0, effective(0, 0), real(0, 0)] lib/util.c:smb_panic(1599) PANIC (pid 16260): internal error [2007/03/07 11:59:38, 0, effective(0, 0), real(0, 0)] lib/util.c:log_stack_trace(1756) unable to produce a stack trace on this platform [2007/03/07 11:59:38, 0, effective(0, 0), real(0, 0)] lib/fault.c:dump_core(173) dumping core in /usr/local/samba3024/var/cores/smbd [2007/03/07 11:59:39, 2, effective(106, 10), real(0, 0)] lib/access.c:check_access(323) I will try to load samba on another Solaris 10 machine and see what happens plus see what patch did IT!. Any pointers Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba problems after latest Solaris 10 Patches
Can I check how to get this information, since I do not seem to get the right info. 1) ./configure --enable-debug 2) add 'panic action = /bin/sleep 9' to smb.conf 3) run samba in normal may and then locate my PID i.e. smbstatus |grep andrew 4) gdb /usr/local/samba/sbin/smbd PID 5) gdb backtrace #0 0xfefc19dc in _waitid () from /lib/libc.so.1 #1 0xfef68414 in _waitpid () from /lib/libc.so.1 #2 0xfefb48ec in waitpid () from /lib/libc.so.1 #3 0xfefa7f34 in system () from /lib/libc.so.1 #4 0x003339bc in ?? () #5 0x003339bc in ?? () (gdb) The program is running. Quit anyway (and detach it)? (y or n) y This does not seem correct? Andrew Ouch - that's a panic. Please add the line : panic action = /bin/sleep 9 to the [global] section of your smb.conf, reproduce the problem and then gdb attach to the parent process of the sleep and post a backtrace. It'd also help if smbd was recompiled with -g. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 join domain
Daniel, Try adding ldap idmap suffix = ou=People Since I noticed that ldap user suffix and ldap group suffix do not seem to be used. Also, check you LDAP log files to see if you can spot the samba search string! Andrew This is really getting frustrating. The exact message when joining the domain is user name could not be found, however I have the Administrator account set up with the proper data. And i have tried administrator with and without the A in caps. I can take this username, log into the server, and the files I create show up as owned by root. # Administrator, People, igb.uiuc.edu dn: uid=Administrator,ou=People,dc=igb,dc=uiuc,dc=edu uid: Administrator objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: Administrator sn: Administrator mail: [EMAIL PROTECTED] loginShell: /bin/bash homeDirectory: /home/a-m/Administrator gecos: Administrator sambaSID: S-1-5-21-3679620730-2824407525-958489067-500 sambaPrimaryGroupSID: S-1-5-21-3679620730-2824407525-958489067-512 sambaAcctFlags: UX gidNumber: 0 uidNumber: 0 sambaLMPassword: somethingremoved sambaNTPassword: somethingremoved My Sid matches up: [EMAIL PROTECTED] samba]# net getlocalsid SID for domain IGB-FILE-SERVER is: S-1-5-21-3679620730-2824407525-958489067 The server should be the master browser: * [2007/02/28 10:20:43, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup IGB on subnet 128.174.124.12 [2007/02/28 10:20:43, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295) become_domain_master_browser_bcast: querying subnet 128.174.124.12 for domain master browser on workgroup IGB [2007/02/28 10:20:47, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124) become_logon_server_success: Samba is now a logon server for workgroup IGB on subnet 128.174.124.12 [2007/02/28 10:20:51, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113) * Samba server IGB-FILE-SERVER is now a domain master browser for workgroup IGB on subnet 128.174.124.12 * If I look at the log for doing the add, it appears as if this might be where the error is if I look at the tail end of the smb log for the client trying to add with a loglevel of 5: [2007/02/28 10:31:12, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/02/28 10:31:12, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/02/28 10:31:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc807 [2007/02/28 10:31:12, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/02/28 10:31:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2007/02/28 10:31:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/02/28 10:31:12, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[administrator] domain=[igb] workstation=[SAMMY] len1=24 len2=24 [2007/02/28 10:31:12, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) auth_context challenge set by NTLMSSP callback (NTLM2) [2007/02/28 10:31:12, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) challenge is: [2007/02/28 10:31:12, 5] lib/util.c:dump_data(1999) [000] 81 8F 46 13 26 F9 07 3E ..F... For info, my globals from smb.conf are [global] workgroup = igb netbios name = IGB-FILE-SERVER server string = Samba Server passdb backend = ldapsam:ldap://auth.igb.uiuc.edu log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = Yes dns proxy = No wins support = Yes ldap admin dn = cn=someonespecial,dc=igb,dc=uiuc,dc=edu ldap group suffix = ou=group ldap suffix = dc=igb,dc=uiuc,dc=edu ldap ssl = on ldap user suffix = ou=People ldap machine suffix = ou=computer cups options = raw log level = 10 add machine script = /usr/share/doc/samba-3.0.10/LDAP/smbldap-tools/smbldap-useradd.pl -w preferred master = Yes domain master = Yes os level = 65 password server = None idmap uid = 1000-33554431 idmap gid = 1000-33554431 template shell = /bin/false username map = /etc/samba/smbusers winbind use default domain = no Any help still very much appreciated, Dan On Tue, 2007-02-27 at 12:57 -0600, Daniel Davidson wrote: I have found a fixed my previous problems (two typos that were hard to find) and now the smbldap-tools all work as expected if I run them as root. However
Re: [Samba] Solaris 9 Samba 3.0.24
I have recently done it with no problems: my config.log $ ./configure --prefix=/usr/local/samba3024 --without-ads --with-libiconv=/usr /local --with-acl-support --with-ldap ## - ## ## Platform. ## ## - ## hostname = myhost uname -m = sun4u uname -r = 5.9 uname -s = SunOS uname -v = Generic_118558-35 /opt/sfw/bin/gcc/gcc (GCC) 3.3.2 What are your setting for ./configure since I am happy to try the same. Andrew Travis Knabe wrote: Anyone Travis Knabe wrote: I'm currently running samba 3.0.20a I can configure and make 3.0.20a with no problem I run the same configure command on the 3.0.24 source, configure works fine, but make returns the following. ( and just to test if a patch screwed me up I tested configuring and making the 3.0.20a version again, and it worked as it should ) Any bugs with 3.0.24??? Using FLAGS = -O -D_SAMBA_BUILD_ -I/a1/samba/builds/samba-3.0.24/source/iniparser/src -Iinclude -I/a1/samba/builds/samba-3.0.24/source/include -I/a1/samba/builds/samba-3.0.24/source/tdb -I. -DHAVE_CONFIG_H -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED -DSUNOS5 -I/a1/samba/builds/samba-3.0.24/source -D_SAMBA_BUILD_ LIBS = -lsendfile -lresolv -lnsl -lsocket -ldl LDSHFLAGS = -G -lthread LDFLAGS = -lthread PIE_CFLAGS = PIE_LDFLAGS = Compiling dynconfig.c In file included from include/includes.h:1067, from /a1/samba/builds/samba-3.0.24/source/dynconfig.c:21: include/proto.h:1:1: unterminated #ifndef *** Error code 1 make: Fatal error: Command failed for target `dynconfig.o' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Should samba be split between client server
The more I use samba and the more I read the e-mail coming into this list, I believe that a new look should be taken into how samba his configured, since more and more people are having problems with setup up of samba. Samba is basically used in 2 different ways: client) In a Windows ADS environment where you want to access facilities on UNIX servers: printers: - print to Unix printers. File-system: - access to Unix files plus ACL. server) In a Windows environment where you don't have (or don't want) a windows ADS Samba Domain Server - Samba replaces the Microsoft ADS I know you will say that it does all these things, but people are having many problems setting it up (i.e. in a client mode you need an ldap server if you want ACL to work) OR is it simply down to documentation OR user error! Andrew PS. I have been using samba for years and I would not be able to live with out! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Usernames with mixed case problems
Hi, Just noticed this problem, which I have not been able to find a solution at the normal locations: We use samba to mount Solaris file systems on PC with Microsoft Active Directory as the domain control. We have a few users who have been given usernames with mixed case WStudent in windows (God knows why the PC guys did this, but it is to late to change it) and now these users can not mount any filesystem, since they get a permission problem. Of course I have all users and home directories in lower case on unix. What appears in the log.smbd '/home/WStudent' does not exist or permission denied when connecting to [WStudent] Error was No such file or directory my smb.conf file has this section: [homes] path = /home/%S browseable = no guest ok = no read only = no [home] path = %H browseable = no guest ok = no read only = no What work and does not: \\server\home OK \\server\wstudent FAILS \\server\WStudent FAILS \\server\anotheruserFAILS to see someone else's directory and of course a normal lowercase user can do all the above with no problems. I can solve this by renaming the mount mount on the server as /home/WStudent, but I would rather not. I have also tried using some of the case option in samba with out any luck. Any ideas. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can not cancel print job
Thanks for the reply and yes it would be great if printing was updated, but it is the old story of priority to the code which needs doing. Anyway, I have fixed my problem by editing the code in the function unpack_pjob in printing.c, so that it strips out any @hostname from the printer queue (pjob-user). It is not how it should be done, but it will keep me and my users happy. diff printing/printing.c printing/printing.orig 311,314d310 /* Remove any @hostname from print jobs */ /* e.g. [EMAIL PROTECTED] = andrew */ sscanf(pjob-user, %[a-z0-9]*s@, pjob-user); Thanks Andrew Watkins Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Samba assumes that root can remove the job. The print queue management design is based on that assumption. However, if you are spooling to printers on other servers, this doesn't necessarily hold true. Honestly I think the printing layer in smbd should be rewritten to support some of the newer features of systems like cups and lprng. But for now, the current design generally works. Andrew Watkins wrote: I think I may have found one problem and it could be a BUG in samba or a problem with the Solaris printing system. If you setup printers on samba host which is not the real print server then you get it problems with the solaris printing system adding on @hostname. For example: Step1)\\medusa\lp131 is allowing printing, but the real printer server is on another machine. Step 2)If you send a few jobs to this printer you see this on the unix front: medusa# lpstat lp131-530 [EMAIL PROTECTED] 48651 Mar 09 19:45 lp131-526 [EMAIL PROTECTED] 48651 Mar 09 19:45 Step 3) But when you try to cancel the jobs samba thinks you are not the owner looking at printing.c is_owner will return false, since pjob-user = [EMAIL PROTECTED] so it ends up comparing [EMAIL PROTECTED] with user. Any thoughts? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEFK3LIR7qMdg1EfYRAq3tAJkB3j2lafijB2xfl4W2pQrp+Rhn1QCePzeY N0ixUt2Ti/19aPZXdaxiqGM= =tSW0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can not cancel print job
Hi, Using version samba 3.0.21 only printer admin users can cancel a print job and all other users get Access Denied. Error: smbd[21198]: Permission denied-- user not allowed to delete, pause, or resume print job. User name: wstudent. Printer name: lp131. log.smbd: [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(570) user_in_list: checking user wstudent in list [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(575) user_in_list: checking user |wstudent| against |andrew| [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(575) user_in_list: checking user |wstudent| against |root| [global] debuglevel = 10 comment = %h Samba %v server string = %h Samba %v workgroup = DCSNT hosts allow = 193.61.29. 193.61.28. hosts deny = 0.0.0.0/0 locking = yes password level = 10 domain master = no local master = no os level = 80 wins support = no wins server = 193.61.29.179 password server = loki hades security = domain encrypt passwords = yes preserve case = yes short preserve case = yes nt acl support = Yes printer admin = andrew,root load printers = no lprm command = /usr/bin/cancel %p-%j printcap name= lpstat [print$] comment = Printer Driver Download Area path = /usr/local/samba/var/drivers browseable = no guest ok = no read only = yes write list = andrew,root [lp131] comment = Tally T2070 Line Printer Room 131 path = /var/spool/samba writable = no printable = yes public = yes guest ok = no Setup: Solaris 9 and 10 Samba 3.0.20(a) / 3.0.21c Windows XP sp2 As always, Thanks Andrew Watkins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can not cancel print job
I think I may have found one problem and it could be a BUG in samba or a problem with the Solaris printing system. If you setup printers on samba host which is not the real print server then you get it problems with the solaris printing system adding on @hostname. For example: Step1)\\medusa\lp131 is allowing printing, but the real printer server is on another machine. Step 2)If you send a few jobs to this printer you see this on the unix front: medusa# lpstat lp131-530 [EMAIL PROTECTED] 48651 Mar 09 19:45 lp131-526 [EMAIL PROTECTED] 48651 Mar 09 19:45 Step 3) But when you try to cancel the jobs samba thinks you are not the owner looking at printing.c is_owner will return false, since pjob-user = [EMAIL PROTECTED] so it ends up comparing [EMAIL PROTECTED] with user. Any thoughts? I don't think you can switch off the @host part, so can samba and print_job_find strip out @host part. Andrew Hi, Using version samba 3.0.21 only printer admin users can cancel a print job and all other users get Access Denied. Error: smbd[21198]: Permission denied-- user not allowed to delete, pause, or resume print job. User name: wstudent. Printer name: lp131. log.smbd: [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(570) user_in_list: checking user wstudent in list [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(575) user_in_list: checking user |wstudent| against |andrew| [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(575) user_in_list: checking user |wstudent| against |root| [global] debuglevel = 10 comment = %h Samba %v server string = %h Samba %v workgroup = DCSNT hosts allow = 193.61.29. 193.61.28. hosts deny = 0.0.0.0/0 locking = yes password level = 10 domain master = no local master = no os level = 80 wins support = no wins server = 193.61.29.179 password server = loki hades security = domain encrypt passwords = yes preserve case = yes short preserve case = yes nt acl support = Yes printer admin = andrew,root load printers = no lprm command = /usr/bin/cancel %p-%j printcap name= lpstat [print$] comment = Printer Driver Download Area path = /usr/local/samba/var/drivers browseable = no guest ok = no read only = yes write list = andrew,root [lp131] comment = Tally T2070 Line Printer Room 131 path = /var/spool/samba writable = no printable = yes public = yes guest ok = no Setup: Solaris 9 and 10 Samba 3.0.20(a) / 3.0.21c Windows XP sp2 As always, Thanks Andrew Watkins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can not cancel print job
Hello, There has been a lot of e-mails about this topic and I am very surprised it is such a problem, since Samba is supposed to be a print / File server first and a lot more second. Yes, I am having problems try to get NON-admin users to cancel there print jobs. I have been using samba for years, but non printer admin user can not cancel print jobs all they get is Accessed denied. I have also tried setting permissions on the printer device so that Manage Documents is set, but it does not make a difference. The error has nothing to do with the Solaris printing system, since /usr/bin/cancel is never called. Error: smbd[21198]: Permission denied-- user not allowed to delete, pause, or resume print job. User name: wstudent. Printer name: lp131. log.smbd: [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(570) user_in_list: checking user wstudent in list [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(575) user_in_list: checking user |wstudent| against |andrew| [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(575) user_in_list: checking user |wstudent| against |root| [global] debuglevel = 10 comment = %h Samba %v server string = %h Samba %v workgroup = DCSNT hosts allow = 193.61.29. 193.61.28. hosts deny = 0.0.0.0/0 locking = yes password level = 10 domain master = no local master = no os level = 80 wins support = no wins server = 193.61.29.179 password server = loki hades security = domain encrypt passwords = yes preserve case = yes short preserve case = yes nt acl support = Yes printer admin = andrew,root load printers = no lprm command = /usr/bin/cancel %p-%j printcap name= lpstat [print$] comment = Printer Driver Download Area path = /usr/local/samba/var/drivers browseable = no guest ok = no read only = yes write list = andrew,root [lp131] comment = Tally T2070 Line Printer Room 131 path = /var/spool/samba writable = no printable = yes public = yes guest ok = no Setup: Solaris 9 and 10 Samba 3.0.20(a) / 3.0.21c Windows XP sp2 Question: - Has anyone got this working, so that non printer admin users can cancel print jobs? I guess it is a knock on effect of moving to the new print system where samba/Windows XP can load printer drivers automatically \\host\printer. As always, Thanks ** Andrew Watkinstel: 020-7631 6720 Unix Administratorfax: 020-7631 6727 System Group Computer Science Department e-mail: [EMAIL PROTECTED] Birkbeck College (University of London) http://www.dcs.bbk.ac.uk/~andrew Malet Street London WC1E 7HX ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (part 2) Can samba map between existing Windows (SID) users and existing unix (UID) users
I have had a few replies and it looks that I am on a no win solution. I either set up LDAP and delete local UID on our UNIX boxes and let samba convert SID to UID, or just leave thinks as they are. I still don't under stand why it is so difficult to do what I want when all the information seems to be at hand. 1) User changes security of a file on a samba share to allow DCSNT\andrew access. 2) samba returns an error: smbd/posix_acls.c:create_canon_ace_lists(1405) create_canon_ace_lists: unable to map SID S-1-5-21-1984182827-583073959-8547516-2056 to uid or gid. 3) run wbinfo and I can get this user name: # /usr/local/samba/bin/wbinfo -s S-1-5-21-1984182827-583073959-8547516-2056 DCSNT\andrew 1 4) Just see if it works in reverse: # /usr/local/samba/bin/wbinfo -n andrew S-1-5-21-1984182827-583073959-8547516-2056 User (1) 5) I have winbind trusted domains only = yes set in smb.conf, so I would it expect it to know that andrew(SID) = andrew(uid) 6) Samba to set the acl on the unix file, but that is not going to happen. Before I give up and leave things as they are with users having 2 file systems (samba share and a Windows Share) and of course more Windows File Servers ;-( Can some one inform me how to populate I guess an LDAP server so that I place all the UID/SID into and only let samba query it. I don't want samba to build it since my UID already exist. Thanks again, Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind gives differnt results depending on winbind trusted domains only
Just notice a problem/bug with winbind trusted domains only and getent passwd. I get diffent results depending on the value of winbind trusted domains only. I.e. Option 1 (NOT CORRECT!) === winbind trusted domains only = yes # /usr/local/samba/bin/wbinfo -u | head -2 aabal01 aabed01 # /usr/local/samba/bin/wbinfo -u | wc 54115411 42854 # getent passwd | wc 4105 22082 356529-- which is ypcat passwd + /etc/passwd Option 2 (CORRECT!) === winbind trusted domains only = no # /usr/local/samba/bin/wbinfo -u | head -2 DCSNT\aabal01 DCSNT\aabed01 # /usr/local/samba/bin/wbinfo -u | wc 54115411 42854 # getent passwd | wc 9516 39948 807415 -- which is ypcat passwd + /etc/passwd + wbinfo My smb.conf: chaos# cat /usr/local/samba3020b/lib/smb.conf [global] debuglevel = 1 comment = %h Samba %v server string = %h Samba %v workgroup = DCSNT #realm = dcs.bbk.ac.uk hosts allow = 193.61.29. 193.61.28. 193.61.44. hosts deny = 0.0.0.0/0 locking = yes password level = 10 domain master = no local master = no os level = 80 wins support = no wins server = 193.61.29.179 password server = eros hades #security = ADS security = domain encrypt passwords = yes preserve case = yes short preserve case = yes nt acl support = Yes #invalid users = root #printer admin = andrew,root load printers = no #use client driver = Yes printcap name= lpstat # Kill sess ion after 60min idle deadtime = 60 #idmap backend = idmap_ad #winbind nss info = sfu winbind trusted domains only = yes # idmap idmap uid = 6-8 idmap gid = 6-8 #winbind enum users = yes #winbind enum groups = yes template homedir = /home/winnt/%D/%U template shell = /bin/bash [homes] path = %S browseable = no guest ok = no read only = no [home] path = %H browseable = no guest ok = no read only = no [tmp] path = /var/tmp browseable = yes guest ok = no read only = no Any ideas Andrew Watkins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can samba map between existing Windows (SID) users and existing unix (UID) users
Hi again, This is a follow up to a previous e-mail, but no luck so I have done some more digging. I don't understand why it is so difficult to map between a existing user on a Windows Server (SID) and an existing user on a Unix/Solaris (UID) user, since all information is available? unix# /usr/local/samba/bin/wbinfo -n andrew S-1-5-21-1984182827-583073959-8547516-2056 User (1) unix# tail log.smbd smbd/service.c:make_connection_snum(662) labpc50 (193.61.28.22) connect to service tmp initially as user andrew (uid=102, gid=10) (pid 25375) smbd/posix_acls.c:create_canon_ace_lists(1405) create_canon_ace_lists: unable to map SID S-1-5-21-1984182827-583073959-8547516-2056 to uid or gid. As the above shows that when I mount a share from Windows XP it knows my username and UID, but when I try to add some security to a file on that share it complains that is can not match SID S-1-5-21-2056 with any UID, but wbinfo can get this information. Can I ask again how can I tell samba to map this information? SID S-1-5-21-1984182827-583073959-8547516-2056 == uid=102 # cat smb.conf [global] debuglevel = 1 comment = %h Samba %v server string = %h Samba %v workgroup = DCSNT hosts allow = 193.61.29. 193.61.28. 193.61.44. hosts deny = 0.0.0.0/0 locking = yes password level = 10 domain master = no local master = no os level = 80 wins support = no wins server = 193.61.29.179 password server = pcserver1 pcserver2 security = domain encrypt passwords = yes preserve case = yes short preserve case = yes nt acl support = Yes winbind trusted domains only = yes [homes] path = %S browseable = no guest ok = no read only = no Thanks Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Map between existing UNIX UID's and Windows SID for file sharing.
Hello, I have search this list and the HOW TO's, but can't find the answer! We have all our users on both Windows (ADS) and Solaris (NIS), but I can not configure samba shares so Windows Users can modify the security settings on there files, so that other people can look/edit there files If I don't fix this problem soon we will end up with a Windows file-server as well as a UNIX one. The web pages talk about mapping UID to SID, but it seems to used when you don't have one lot of users on one of the systems, but we have all users on both systems. We have no problems with users accesses there files (samba shares) from Windows PC. Can some one tell me (a How TO will be perfect) how I can set up samba so that Windows users can edit the security setting of the samba files. The easies option would be best at this time, unless it is not possible! # cat smb.conf [global] workgroup = DCSNT# Windows ADS domain name locking = yes password level = 10 domain master = no local master = no os level = 80 wins support = no wins server = XXX.XXX.XXX.XXX ##Windows ADS password server = hades eros ##Windows Hosts security = domain encrypt passwords = yes preserve case = yes short preserve case = yes nt acl support = Yes Thanks in advance, Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Access denied when using samba as a profile server
Thanks. The following solved the problem and I wonder if and when will solaris fully support acl/winbind. Cheers Andrew adding nt acl support = no to smb.conf solved the problem you described for me grtx mark On 20-Apr-2002 Kimmo Akkanen wrote: I have been using samba for a long time, but since our windows 2000 machine are becoming unreliable (fileserver problems). I want to move users profiles onto our UNIX/SAMBA server. The problem I am getting is that when a user logs onto a client it is unable to copy the users profile from the SAMBA drive to the local C drive. I.e. unable to copy \\UNIXhost\user\winntpro\Application Data\Microsoft\Internet Explorer\brndlog.txt to C:\Document and Settings\user\winntpro\Application Data\Microsoft\Internet Explorer\brndlog.txt. ACCESS DENIED. Thanks Andrew Watkins We've had equal problems occasionally, they seem to come up without any specific reason. I've traced the reason to the local copy of the profile, located at sth. like C:\Documents and Settings\username - directory. Check the permissions of the files and subdirectories, Win2K seems to take away the user's access rights to his/hers own local profile copy! What I did was logon as Administrator, take ownership of the directories under the profile, and delete them all (they will be copied from Samba-server at next logon, with correct permissions). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Getting winbindd working on Solaris
Hi, If someone has already got winbindd running on a solaris 8 system could they let myself and others the setting they have changed since the samba doc is really talking about linux. Files of interest: /etc/pam.conf smb.conf Thanks in advance Andrew Watkins -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
