RE: HP CIFS vs JYC SAMBA 2.2.8
are there any benefits to migrating from JYC's Samba 2.2.8 to HP CIFS? yes there are lots of benefits ... It is been qualified on the latest hardware of Itanium and Alpha, with the latest OSes On the other hand, I believe HP's CIFS-for-VMS product isn't available for VAXen, or on VMS versions earlier than 7.3-2 so if you've got one of those platforms (more common than you might think) then you have to stick with JYC Samba. Someone please let me know if I'm wrong :) Nick Boyce EDS ASFO EMEA, Bristol, UK -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aravinda Guzzar Sent: 09 May 2008 05:58 To: Michael Ober Cc: samba-vms@lists.samba.org Subject: Re: HP CIFS vs JYC SAMBA 2.2.8 Hi Mike, yes there are lots of benefits migrating from 2.2.8 to the latest version of CIFS on VMS. It is been qualified on the latest hardware of Itanium and Alpha, with the latest OSes. There is support for VMS specific file formats viz. Varaible Length formats, StreamLF and supports ODS2 disks also. It is been qualified on the clusters also. So you will get the benefit of the clusters. Please note that you need to have the latest CRTL patches. before you migrate and as a suggestion please test the software on your test hardwares, and convince yourself before migrating to the production. Regards Aravind On 5/9/08, Michael Ober [EMAIL PROTECTED] wrote: Now that HP's CIFS has been out for a few months, are there any benefits to migrating from JYC's Samba 2.2.8 to HP CIFS? Thanks, Mike Ober. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html -- Aravinda (Views expressed here are my personal opinion ONLY) PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: Version 2.0.3 for OpenVMS
[correcting myself] On 10th.Oct.2006 at 19:25, I wrote : FWIW: my VMS colleagues here have Samba 2.2.4 running on our various VMS servers, with authentication handed off to the normal VMS UAF subsystem (I don't believe they've ever managed to integrate with our Windows ADS domain) Sorry - I was wrong - our VMS Samba 2.2.4 servers *are* integrated with our corporate Windows ADS, so when we map a drive to our VMS home directory, from a corporate WinXP PC, the folder window opens immediately with no need to enter any username or password. Nick Boyce EDS, Bristol, UK PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: Version 2.0.3 for OpenVMS
On 9th.October.2006 at 22:22, Mark Wesling wrote : Keep getting the same error when trying to map a drive. Error is all over the internet: The account is not authorized to log in from this station. [I don't have the answer - just trying to help a bit] Perhaps it would help if you told us what the relevant parameter values are in your smb.conf ... what is the global security parameter set to, and what are the permitted users (valid users, guest ok, etc.) of the share you're trying to map to ? Is there a domain (if so, what kind of PDC ?), or is this simple workgroup stuff ? I see the fix on linux/unix to be adding encrypting passwords = yes and having a password file. I don't see where to do this in OpenVMS. So ... er ... what authentication _have_ you set up ? FWIW: my VMS colleagues here have Samba 2.2.4 running on our various VMS servers, with authentication handed off to the normal VMS UAF subsystem (I don't believe they've ever managed to integrate with our Windows ADS domain). We (the users) can all map drives from our WinXP workstations to our VMS home directories without any problem. [disclaimer: I'm not a VMS admin, just a lurking Unix guy] PS: Samba 2.0.3 is very old now . Nick Boyce EDS, Bristol, UK PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: Problem with Samba 3.0.10
[disclaimer: I'm not a VMS sysadmin - just a lurking Unix one] On 25th.September.2006, Günter Gratzer wrote : If I open a VMS-textfile on a WinXP computer via a texteditor the file looks corrupted ... It seems there are troubles with CR/FL. Anybody knows a solution for this problem? I recall this topic coming up before on this list : text files getting corrupted, depending on whether you open them directly on the VMS share, or copy them from VMS to Windoze first, and on which Windows utility you use to view/edit the text file with - *AND* on whether your VMS file is defined with Stream Sequential or Sequential Variable file-type. The problem has to do with the original Unix Samba code only being prepared for one kind of text file, the kind that has CR/LF line endings, rather than the kind that has a record prefix giving the record length. IIRC, Notepad and Word can cause trouble if used directly on a VMS-resident file, by deleting/renaming the original file, and then saving a completely new file with the same name as the original -- or is it that they save completely new content OF A DIFFERENT CONTENT TYPE over the top of a file that started with the other content type ? Other editors may operate in a different way that side-steps the problem. Something like that, anyway [somebody correct me]. There was no perfect solution at the time, but various work-arounds involving using different editors, or copying files from VMS to Windows first (using Explorer), or setting some kind of heuristic system parameter on VMS to analyse file content to decide how to handle it. Have a look at these threads (and others nearby) on the Samba-VMS list from 2002/2003 : http://lists.samba.org/archive/samba-vms/2002-September/000379.html http://lists.samba.org/archive/samba-vms/2003-March/000648.html http://lists.samba.org/archive/samba-vms/2003-March/000715.html http://lists.samba.org/archive/samba-vms/2003-March/000718.html http://lists.samba.org/archive/samba-vms/2003-March/000720.html which may or may not describe the issue you're seeing. Play about with file types, and with different editors. NB: this was all back at Samba 2.2.4/2.2.8 time - I'd be surprised if HP didn't have a proper fix planned for their official Samba V3-for-VMS. Good luck. Nick Boyce EDS Central Ireland ADU (UKIA), Bristol, UK PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: smbd purpose?
[Disclaimer: I'm not really a VMS person - just a lurking Samba-on-Unix list member] Robert Young asked : [I disabled the smbd service but] samba is working just fine ... What is the purpose of the smbd service exactly ? smbd is a fundamental and vital part of Samba, responsible for performing the actual data transfers involved in file access. That being the case, it's hard to understand how your Samba can possibly be working fine. * smbd handles file data transfer (on TCP port 139). * nmbd handles machine name-to-address lookups (simplisticly put) and Network Neighbourhood browsing (on UDP ports 137 and 138). (The above is for Samba V2.x.x - it's more complicated at Samba V3+) Your VMS should create (spawn in VMS-ese ?) a copy of the smbd process for each concurrently connected user. (Somebody tell us if it's different on VMS ...) Nick Boyce EDS Central Ireland ADU (UKIA), Bristol, UK PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: Smaba 2.2.8. Cant get file properties
On 23rd.May.2004 Michael Lemke wrote : I've just installed Samba 2.2.8 from the http://www.pi-net.dyndns.org/anonymous/jyc/ [...] I connect my W98 SE box over an ssh tunnel for port 139 and I can see the VMS directories. I can even delete and copy files. Cool. [...] Do I have to forward other ports? I think you'd need to also forward UDP port 138 (NBT datagram service) over your tunnel - though you can probably do without UDP port 137 (NBT name lookup service) if you hard-code IP addresses in your setup ... But whenever I try to get file properties via the right mouse click or ALT/Enter the box freezes for about 2 minutes ... erm, I don't actually know whether UDP port 138 has anything to do with that ... Actually I'm not at all sure what SMB UDP-port-138 really does - but on the assumption it has something to do with carrying important asynchronous event information (expedited data) about your SMB TCP-port-139 session, I'd try to enable it if possible. PS: I'd be very interested to know which SSH implementation for VMS you're using, and where you found it ... Cheers Nick Boyce EDS, Bristol, UK PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: Smaba 2.2.8. Cant get file properties
On 24th.May.2004 Michael Lemke wrote : I've just installed Samba 2.2.8 from the http://www.pi-net.dyndns.org/anonymous/jyc/ [...] I connect my W98 SE box over an ssh tunnel for port 139 and I can see the VMS directories. I can even delete and copy files. Cool. [...] Do I have to forward other ports? I think you'd need to also forward UDP port 138 (NBT datagram service) over your tunnel - though you can probably do without UDP port 137 (NBT name lookup service) if you hard-code IP addresses in your setup ... Hm, in the meantime I am also forwarding port 137 and 138 but it doesn't make any difference. Do I have to do anything special for UDP? I've just been googling for info on this, as I was interested - I use PuTTY, not Terraterm, and the PuTTY SSH tunnels config dialog doesn't provide any way of specifying whether it's TCP or UDP that you want forwarded ... as if it's a silly question. As indeed it seems to be - if you Google for forward udp ssh tunnel you'll find loads of comments to the effect that it's not possible to SSH-tunnel UDP packets ... something to do with performance problems, though I don't understand that ... For a discussion of setting up PuTTY tunnels, see : http://www.cyberknights.com.au/doc/PuTTY-tunnelling-HOWTO.html which has the following comment : What won't work through a PuTTY tunnel Anything that uses UDP like the SMB/CIFS (MS-Windows) or NFS network file systems and many video-conferencing protocols, likewise ICMP (PuTTY tunnels only TCP) Apparently you *can* use an IPSEC tunnel to do this, if you want ... Hey - a successful Monday ... I've learned something :) Good luck Nick Boyce EDS, Bristol, UK PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
[Samba] RE: How to join a win2k-domain using Samba 2.*
On 21.Sept.2003, Ville Jutnik wrote : The documentation that I found regarding this issue wasn't that good - it didn't help me that much. Later on I managed to join the win2k-domain after a lot of work I've joined many Samba 2.2.x servers to our NT4 domain, and for us it all works just as documented in the DOMAIN_MEMBER.html document supplied in the Samba source distro : root# smbpasswd -j DOM -r DOMPDC -UAdministrator%password or, to avoid entering the password on the command line, omit the password part of the -U argument : root# smbpasswd -j DOM -r DOMPDC -UAdministrator which will cause a password: prompt. Samba 2.* doesn't support AD (3.* does though) you have to make sure that your PDC allows you to join the domain without using AD (using NT-style trust relationship). Therefore I think that the server has to be in something called mixed mode Erm - Active Directory mixed mode is required if you need to have a mixture of fully native ADS domain controllers and pre-Win2K domain controllers, but *not* AFAIK to allow ordinary member servers to participate in the domain (tree, forest, whatever). I'm just quoting what I've read - we have no W2K ADS here. However, I can well imagine that, as you describe, it's necessary to pre-create the member server accounts in the ADS, and mark them as Allow pre-Windows 2000 computers to use this account. Interesting ... thanks for the pointer. I was using samba-2.2.3a (debian package) If you need the cutting-edge Samba domain-management features then I strongly advise you don't do that - instead, use the Samba 2.2.8a Debian package available using this apt source line : deb http://people.debian.org/~peloy/samba/ woody main This is the latest Samba release, packaged for Debian Woody, rather than the functionally old Samba with security fixes applied (backported), that is officially part of Woody - and should work better for people with complex needs. It may be unofficial, but it's packaged by one of the Debian Samba package maintainers ... I found 2.2.8a gave us a better effect with winbind functionality. I anyone has any clue about this I would be greatfull if he/she could drop me a line Sorry, I have no idea why you have to run the second -m smbpasswd call in your scenario - maybe it's an ADS thing, or maybe it's a buggette in Samba 2.2.3a secure channels protocol handling ;-) Nick Boyce EDS, Bristol, UK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: Samba 2.2.8 on VMS 7.3-1
On 11.Sep.2003, Jan Anderson wrote : Still having difficulty making Samba useable. As above. To an XP box. No domains involved. It now asks for username/password but never authenticates for some reason. We too are unable to get WinXP to map drives to Samba 2.2.x-VMS servers, but from what I've read on the main samba-technical mailing list (developer chat list, on which I lurk) this doesn't seem too surprising. It sounds as if the developers are still reverse engineering some aspects of the WinXP-specific extensions to the SMB protocol that Microsoft have made - and this work is going on with the Samba 3.0 release effort - *not* the 2.2.x effort. Here, we've tried encrypted passwords, unencrypted passwords, packet-signing-and-sealing, etc., etc., but all to no avail - we just get a variety of bizarre errors reported by XP (e.g. The device cannot be found, or the password prompt just repeatedly displayed) after the password has been supplied to a drive-mapping password prompt. I know this isn't the answer you want to hear, but my advice is to use Win9x or Win2K workstations instead of WinXP ones, for the time being. Nick Boyce EDS Southwest Solution Centre, Bristol, UK PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
2.2.8pre2 Compiler Warnings On Digital Unix 4.0D
Following up my post on 4.March.2003 reporting ./configure failure on DU
4.0D for Samba 2.2.8pre2 --with-pam, I have now configured compiled
2.2.8pre2 --with-winbind (but no PAM), and want to report the selection of
scary warnings that the Compaq C compiler throws up by default.
The following is just a representative sample (I could post the lot if
anyone really wants them) - and I have found they can *all* be eliminated by
editing source/Makefile to specify the compiler flag -w which reduces the
warning level from the default (thanks to Ludolf Holzheid).
I have previously reported very similar compiler warnings when building
2.2.2 on this box (October 2001), at which time I received varied advice
including (a) use GCC instead of Compaq C (Andrew Esh), (b) keep using
Compaq C because it generates better code on DU (John Malmberg), (c) reduce
the compiler's sensitivity level (Ludolf Holzheid). I've currently followed
(b) and (c).
It occurs to me that maybe ./configure should automatically include
CFLAGS=-O -w in the Makefile for Digital Unix platforms (maybe Tru64 as
well - I don't have one to try) ... especially if you guys still think all
these warnings are spurious or wrong.
Here's the selection of warnings :
cut
cc: Warning: libsmb/clifile.c, line 57: In this statement, before array
data is ignored.
(char *)data, data_len, cli-max_xmit /* data, length, max
*/
cc: Warning: libsmb/smbencrypt.c, line 243: In this statement, before
array (unicode_passwd) is ignored.
ZERO_STRUCT(unicode_passwd);
cc: Warning: rpc_server/srv_samr_nt.c, line 132: In this statement, before
array pass[i].lm_pwd is ignored.
memset(pass[i].lm_pwd, '\0', sizeof(pass[i].lm_pwd));
[there are *lots* of the above kind of warning ... Ludolf Holzheid gave
a very helpful explanation of them - see refs below]
cc: Warning: rpc_server/srv_spoolss_nt.c, line 4290: In this statement, the
referenced type of the pointer value nullstr is signed char, which is
not compatible with array [256] of signed char.
init_unistr_array(info-previousdrivernames, nullstr, servername);
cc: Warning: rpc_parse/parse_spoolss.c, line 1209: In this statement, the
referenced type of the pointer value prs_alloc_mem(...) is signed char,
which is not compatible with unsigned char.
r_u-data = prs_alloc_mem(ps, r_u-size);
cc: Warning: passdb/secrets.c, line 291: In this statement, the referenced
type of the pointer value name is const, but the referenced type of the
target of this assignment is not.
ret = tdb_lock_bystring(tdb, name, timeout);
cc: Warning: tdb/tdb.c, line 119: In this statement, (-1) of type long,
is being converted to pointer to void.
if (tdb-map_ptr == MAP_FAILED) {
cc: Warning: client/clitar.c, line 688: In this statement, the referenced
type of the pointer value finfo.size is unsigned long long, which is
not compatible with unsigned long.
if (!cli_getattrE(cli, fnum, finfo.mode, finfo.size, NULL,
finfo.atime, finfo.mtime)) {
cc: Warning: nsswitch/winbind_nss.c, line 600: In this statement, the
referenced type of the pointer value buflen is unsigned long, which is
not compatible with int.
get_static(buffer, buflen, strlen(pw-pw_name) + 1)) == NULL) {
cut
I assume the compiler makes a correct decision in each case, and that my
resulting Samba binaries will work properly - and that the above just
represent slight programmer caffeine emergency moments, that someone will
tidy in due course. Please let me know if any of the above looks like
show-stopping stuff - I can send the whole lot over if anyone wants it.
refs:
My post earlier this month on ./configure failing on DU4.0D for 2.2.8pre2
--with-pam :
http://lists.samba.org/pipermail/samba-technical/2003-March/042874.html
My post in Oct 2001 reporting compiler warnings on DU4.0D for 2.2.2 :
http://lists.samba.org/pipermail/samba-technical/2001-October/031968.html
Post from Ludolf Holzheid explaining some of the DU4.0D warnings for 2.2.2 :
http://lists.samba.org/pipermail/samba-technical/2001-October/032071.html
Post from John Malmberg stating that the Compaq C compiler is right for DU :
http://lists.samba.org/pipermail/samba-technical/2001-October/032058.html
Cheers,
Nick Boyce
EDS, Bristol, UK
2.2.8pre2 Won't Configure On Digital Unix 4.0D
I decided to have a look at 2.2.8pre2 on a Digital Unix box we run here - and configure runs fine like this : ./configure --with-winbind ... checking whether or not getgroups returns EGID too many times... no checking whether struct passwd has pw_comment... yes checking whether struct passwd has pw_age... no checking for poptGetContext in -lpopt... no checking whether to use included popt... ./popt checking configure summary... yes updating cache ./config.cache creating ./config.status creating include/stamp-h creating Makefile creating script/findsmb creating include/config.h include/config.h is unchanged But because I'm also interested in making use of winbind to fully integrate some of our Unixen into an NT domain, I decided I should configure Samba to use PAM as well, like this : ./configure --with-winbind --with-pam and this configure run fails : ... checking whether or not getgroups returns EGID too many times... yes checking whether struct passwd has pw_comment... yes checking whether struct passwd has pw_age... no checking for poptGetContext in -lpopt... no checking whether to use included popt... ./popt checking configure summary... configure: error: summary failure. Aborting config I'm just reporting this as a test result, though of course I'd be interested in any solution there may be (or explanation of error: summary failure). I'm happy to try any further tests you folks may want. Cheers Nick Boyce EDS Southwest Solution Centre, Bristol, UK
RE: Annoying Minor Bug In Winbind 2.2.x
On 19 Feb 2003, Andrew Esh wrote: It's probably a line count thing. The head of the patch contains a certain range of lines that the patch should apply to. If you truncated the patch at the bottom, the header could be telling patch it needs to add, for example, 30 lines, while the patch text only contains 28 ... That line of stars is part of the patch, and maybe a few blank lines below it. Thanks - that was it - the two blank lines below the line of stars were part of the patch (a fact I was able to confirm by comparing with the CVS web ref Martin posted) but I'd missed them out. Patch applied - now recompiling Samba ... done. And now it works fine - I can restart winbindd to my heart's content and /tmp/.winbindd gets created with the right permissions and everybody's happy :) Thanks for bearing with me. Nick Boyce EDS Southwest Solution Centre, Bristol, UK
RE: Annoying Minor Bug In Winbind 2.2.x
On 7 Feb 2003, Martin Pool wrote: On 6 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: I find what seems to be an obvious, simple and annoying buggette - if I stop and restart winbind (the sort of thing you do a lot at this stage) then it fails to restart, with this message in /var/log/samba/log.winbindd : invalid permissions on socket directory /tmp/.winbindd Here's the permissions : /etc# ls -ld /tmp/.w* drwxr-x---2 root root 4096 Feb 6 21:33 /tmp/.winbindd The error is emitted from create_pipe_sock, which checks that the permissions on the directory are exactly what winbind expects them to be (0755). Obviously those permissions are not correct, which would seem to be a problem because it might prevent non-root processes from accessing winbindd. This looks very much like a umask problem. Thanks - that was it. I now have a script /usr/local/bin/winbind, which does umask 000 /etc/init.d/winbind $1 umask 027 and everything is working ok now - I can stop restart winbind to my heart's content without any problem (well no socket directory permissions problems anyway ;-) [ I'm afraid I always run with umask=027 ... it's a hangover from my mainframe days ... I can't get away from the idea that you should grant only the access that is needed ... all files world-readable by default ? ... Just Say No ] Thanks a lot. Nick Boyce EDS Southwest Solution Centre, Bristol, UK
RE: unsubsribe
Russell, You can unsubscribe by sending an email to [EMAIL PROTECTED], containing an unsubscribe command (either in the message body, or the subject); here's the help info for that command : unsubscribe [password] [address=address] Unsubscribe from the mailing list. If given, your password must match your current password. If omitted, a confirmation email will be sent to the unsubscribing address. If you wish to unsubscribe an address other than the address you sent this request from, you may specify `address=address' (no brackets around the email address, and no quotes!) If you want to know all the commands available in this manner, send the command help to the above address. PS: please *never* send HTML-format email to this list. Nick Boyce EDS Southwest Solution Centre, Bristol, UK -Original Message- From: Russell. Tadhg (IT Solutions) [mailto:[EMAIL PROTECTED]] Sent: 07 February 2003 14:25 To: [EMAIL PROTECTED] Subject: unsubsribe Kind Regards, Tadhg Russell, Network Support Services, ESB. +353-1-7027682 Views expressed herein do not necessarily reflect the views of ESB. * ** *** ** * ** *** ** * ** *** ** * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any views or opinions presented are solely those of the author, and do not necessarily represent those of ESB. If you have received this email in error please notify the sender. Although ESB scans e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses. * ** *** ** * ** *** ** * ** *** ** *
RE: Trusted domains' users and Samba
On 6th.Feb.2003 Szilva wrote : 2. What version of samba are you running? The version is 2.2.3a-6 for Debian that was shipped with distribution (Woody). On behalf of yourself, your users, and Net users everywhere in general :), can I plead with you to install the later security-fixed version of Samba-for-Debian ? The current stable security-fixed Debian Samba is 2.2.3a-12. See http://www.debian.org/security/2002/dsa-200 dated 22.Nov.2002, concerning a potential remote root hole. It won't make any difference to the --sequence option - it's still not there - but things might work better for you. PS: I'm just attempting to configure Debian Samba 2.2.3a-12 winbind to allow login authentications against a real NT domain (with a trusted domain) myself, so I'll let you know if it works for me. I can certainly see the domain my Samba server's domain trusts, in the output from wbinfo -m. Nick Boyce EDS Southwest Solution Centre, Bristol, UK -Original Message- From: Szilvsy Zoltn [mailto:[EMAIL PROTECTED]] Sent: 06 February 2003 11:16 To: [EMAIL PROTECTED] Subject: RE: Trusted domains' users and Samba Idzet Marc Kaplan [EMAIL PROTECTED] levelbl It should be connecting to the trusted domain by default. 1. What does wbinfo --sequence show you? Wbinfo tells it does not support --sequence option. However wbinfo -m shows DOM2 in the list. 2. What version of samba are you running? The version is 2.2.3a-6 for Debian that was shipped with distribution (Woody). szilva
Annoying Minor Bug In Winbind 2.2.x
As per my message an hour or so ago, I'm trying to get the winbind that comes with Debian 3.0 Samba 2.2.3a-12 configured to allow me to telnet into the box with authentication handed off to a real NT domain. Anyway, even before I really get started, I find what seems to be an obvious, simple and annoying buggette - if I stop and restart winbind (the sort of thing you do a lot at this stage) then it fails to restart, with this message in /var/log/samba/log.winbindd : invalid permissions on socket directory /tmp/.winbindd Here's the permissions : /etc# ls -ld /tmp/.w* drwxr-x---2 root root 4096 Feb 6 21:33 /tmp/.winbindd A quick Google Groups search (Samba.org's own archives being unsearchable) comes up with just one hit : http://groups.google.com/groups?q=%22invalid+permissions+on+socket+directory +/tmp/.winbindd%22hl=enlr=ie=UTF-8oe=UTF-8selm=b29cf7d1.0301240738.6e61 2f4a%40posting.google.comrnum=1 This guy's solution certainly works for me (simply rename the faulty socket directory out of harm's way), but ... surely you folks saw this buggette a few lightyears ago down the way. Is it a known bug ? Does a later Samba 2.2.x version fix it ? Cheers, Nick Boyce EDS Southwest Solution Centre, Bristol, UK
RE: tracking user logins
On Wednesday, November 27, 2002, at 19:55 PM, Jim Morris wrote: I must say that I know of no NT/2000 option to allow only login from one client PC, although I recall Netware having such an option. Agreed again. (I think you meant something different from the facility John Terpestra referred to - on NT/2K you can specify which machines, perhaps only one, that a user account can use, but you can't specify Maximum number of concurrent sessions; on Netware you can do both.) Giving the growing presence of Samba in the large enterprise, with more and more companies becoming security conscious as time goes forward, we are going to hit these type issues more and more. Mmm. I've only *just* managed to demonstrate to the Powers-That-Be around here the full horror of an unswitched LAN with unencrypted passwords and a sniffer ... so _now_ changes are underway. Password encryption *with* failed login tallying *will* be part of security policy .. ... What is needed is an examination of the various security policies that can be setup in an NT/2000 Server environment, so that a list of such items that are appropriate to a Samba environment can be built. I'd just like to add a vote for another item for this list - something which can be done on Netware, VMS, and on some Unixen, but not NT/2K (AFAIK) - allow a password expiry grace period to be configured if desired - a period of time after a password has expired, during which a user account can still login but is forced straight into a password-change dialog. This allows for those occasions when (e.g.) someone is away for a whole month, during which their password expires. ... I would be glad to help in this effort in any way I can, including documentation and code. Likewise, but only for documentation .. Nick Boyce EDS Southwest Solution Centre, Bristol, UK
Correction To DOMAIN_MEMBER.html
[this is almost too trivial to bother with, but in the interests of accuracy ..] I just converted a Samba 2.2.3a-for-Debian server from being a stand-alone workgroup member using plain-text passwords into a full NT-administered domain member using encrypted passwords and security=domain. This being the first server we've done this with, I paid attention to the apparent authoritative document on the subject, DOMAIN_MEMBER.html in docs/htmldocs. It runs pretty much like this : cut In order to join the domain, first stop all Samba daemons and run the command: root# smbpasswd -j DOM -r DOMPDC -UAdministrator%password [...] Now, before restarting the Samba daemons you must edit your smb.conf(5) file to tell Samba it should now use domain security. Change (or add) your security = line in the [global] section of your smb.conf to read: security = domain Next change the workgroup = line in the [global] section to read: workgroup = DOM as this is the name of the domain we are joining. You must also have the parameter encrypt passwords set to yes in order for your users to authenticate to the NT PDC. cut So, in plodder fashion, that's the order I tried to do things in. Unfortunately, unless you edit smb.conf to set encrypt passwords = yes *first*, you can't run the smbpasswd domain-joining call - it fails with : SAMBABOX:/etc/samba# smbpasswd -j MYDOMAIN -r MYPDC -Uadminuser%adminpassword Error connecting to MYPDC Unable to join domain MYDOMAIN. I just thought it might help other folks, to document this explicitly. I spent a couple of hours trying to figure out what I was doing wrong, jacking up the Samba debug level, getting Ethereal traces of the join operation, etc. ... I checked, and it's still the same in the version posted on the Samba.org website, although there's also Samba-HOWTO-Collection.html which has a section Make Samba a member of an MS Windows NT security domain which documents the same thing in a somewhat different and perhaps less confusing manner. I'd have gladly produced an edited version of DOMAIN_MEMBER.html for consideration, but I know the project uses Docbook for this stuff, and I don't know the first thing about that :( Cheers Nick Boyce EDS, Bristol, UK
[Samba] RE: Running smb without nmb? (Linux Suse 8.1 feature)
[sorry - bit of a belated reply - I have a bit of a backlog to read] On 23rd.Oct.2002, Linda Walsh asked : I recently upgraded my Linux distro to SuSE 8.1 which came w/samba 2.2.5. A feature of the upgrade was that it 'split' the startup script for samba from 1 script for _smb_ _nmb_ to 2 scripts. So how/why would splitting these scripts be a good thing? I can think of one good reason why a sysadmin might want to *re*start nmb without restarting smb - loss of WINS registration. For us, that happens periodically to the registration of our Samba boxen with our corporate Windows WINS servers, and I _think_ the underlying cause is that the WINS servers get rebooted. The first we notice is that calls start coming in from people who can no longer map network drives to the Sambas, or can no longer contact development webservers on the same boxes by NetBIOS name alone. A simple restart of nmb solves the problem, and restarting smb at the same time would be both unnecessary and undesirable. Nick Boyce EDS Southwest Solution Centre, Bristol, UK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: Running smb without nmb? (Linux Suse 8.1 feature)
[sorry - bit of a belated reply - I have a bit of a backlog to read] On 23rd.Oct.2002, Linda Walsh asked : I recently upgraded my Linux distro to SuSE 8.1 which came w/samba 2.2.5. A feature of the upgrade was that it 'split' the startup script for samba from 1 script for _smb_ _nmb_ to 2 scripts. So how/why would splitting these scripts be a good thing? I can think of one good reason why a sysadmin might want to *re*start nmb without restarting smb - loss of WINS registration. For us, that happens periodically to the registration of our Samba boxen with our corporate Windows WINS servers, and I _think_ the underlying cause is that the WINS servers get rebooted. The first we notice is that calls start coming in from people who can no longer map network drives to the Sambas, or can no longer contact development webservers on the same boxes by NetBIOS name alone. A simple restart of nmb solves the problem, and restarting smb at the same time would be both unnecessary and undesirable. Nick Boyce EDS Southwest Solution Centre, Bristol, UK
RE: [Samba] Re: How Samba let us down
Reading through Jeremy's eagerly awaited discourse on oplocks/share modes/locking, I read this bit : ... if you need simultaneous file access from a Windows and UNIX client you *must* have an application that is written to lock records correctly on both sides. Few applications are written like this, and even fewer are cross platform (UNIX and Windows) so in practice this isn't much of a problem. but my brain kept stumbling over isn't much of a problem (;-) surely that should say isn't much of a solution ? I only mention it in the interests of honing the discourse as it heads towards the docs. Cheers Nick Boyce EDS Southwest Solution Centre, Bristol, UK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: How Samba let us down
Reading through Jeremy's eagerly awaited discourse on oplocks/share modes/locking, I read this bit : ... if you need simultaneous file access from a Windows and UNIX client you *must* have an application that is written to lock records correctly on both sides. Few applications are written like this, and even fewer are cross platform (UNIX and Windows) so in practice this isn't much of a problem. but my brain kept stumbling over isn't much of a problem (;-) surely that should say isn't much of a solution ? I only mention it in the interests of honing the discourse as it heads towards the docs. Cheers Nick Boyce EDS Southwest Solution Centre, Bristol, UK
FW: assignment discards qualifiers from pointer target-samba-3.0-alpha18
San asked the original question. *I* can't answer it, but I thought I'd help out by pointing out to him that he didn't specify what kind of system compiler he's using. He replied, but personally to me, which won't get him very far :-( So here's his system data (he still hasn't said what hardware architecture he's working on though). Nick Boyce EDS, Bristol, UK -Original Message- From: san [mailto:[EMAIL PROTECTED]] Sent: 24 July 2002 17:27 To: Boyce, Nick Subject: Re: assignment discards qualifiers from pointer target-samba-3.0-alpha18 Hi Nick Boyce, I am using RedHat 7.1, gcc-2.96-81 krb5-devel-1.2.2-4, krb5-workstation-1.2.2-4 ,krb5-libs-1.2.2-4 kernel: kernel-2.4.3-12 Regards, San System Administrator www.unisoftindia.net - Original Message - From: Boyce, Nick [EMAIL PROTECTED] To: 'san' [EMAIL PROTECTED] Sent: Wednesday, July 24, 2002 9:36 PM Subject: RE: assignment discards qualifiers from pointer target-samba-3.0-alpha18 Good grief San ! Don't you think it might help the Samba gurus if you specified what system type and compiler you're using ? Nick Boyce EDS, Bristol, UK -Original Message- From: san [mailto:[EMAIL PROTECTED]] Sent: 24 July 2002 14:04 To: [EMAIL PROTECTED] Subject: assignment discards qualifiers from pointer target-samba-3.0-alpha18 Hi all! While compiling i am getting the following error messages passdb/secrets.c: In function `secrets_fetch': passdb/secrets.c:61: warning: assignment discards qualifiers from pointer target type passdb/secrets.c: In function `secrets_store': passdb/secrets.c:77: warning: assignment discards qualifiers from pointer target type passdb/secrets.c: In function `secrets_delete': passdb/secrets.c:93: warning: assignment discards qualifiers from pointer target type passdb/pdb_ldap.c: In function `ldapsam_search_one_user': passdb/pdb_ldap.c:340: warning: passing arg 5 of `ldap_search_s' from incompatib le pointer type passdb/pdb_ldap.c: In function `search_top_nua_rid': passdb/pdb_ldap.c:1011: warning: passing arg 5 of `ldap_search_s' from incompati ble pointer type passdb/pdb_ldap.c: In function `ldapsam_setsampwent': passdb/pdb_ldap.c:1109: warning: passing arg 5 of `ldap_search_s' from incompati ble pointer type lib/util_str.c: In function `all_string_sub_w': lib/util_str.c:839: warning: initialization discards qualifiers from pointer tar get type libads/kerberos.c: In function `kerberos_kinit_password': libads/kerberos.c:76: warning: passing arg 6 of `krb5_get_init_creds_password' discards qualifiers from pointer target type How do i solve Regards, San
[Samba] RE: Error in joining samba server to Windows Domain
Jesse Chan asked : I've installed samba 2.2.3a on HPUX11.0 and are currently trying to join the samba server to our Windows Domain... I've installed the samba package from from the binary package with winbind option However, I encountered this error : load_unicode_map: filename /usr/local/samba/lib/codepages/unicode_map.850 does not exist. load_unicode_map: filename /usr/local/samba/lib/codepages/unicode_map.ISO8859-1 does not exist. Password: Error connecting to *SMBSERVER Unable to join domain The messages about failure to load Unicode character maps seem to be normal in current releases of Samba - we get them too, without apparent ill effect. I don't think they have anything to do with your domain-joining problem. You'll need to provide more info - probably your config file first, and a description of how you set things up, then a *trimmed* level 10 log of a domain-joining attempt - before anyone will be able to help you. Nick Boyce EDS, Bristol, UK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
