[Samba] LDAP Authentication (Linux Documentation Wiki)
A few months ago, I posted about a "Linux Documentation Wiki" I created at my company. Well, it's moved. It's now here: http://linuxwiki.riverworth.com/ There isn't much on it yet except for my wonderful, excellent, fantastic, "LDAP Authentication" document: http://linuxwiki.riverworth.com/index.php/LDAP_Authentication Okay, perhaps I'm exaggerating the quality a touch! I'm hoping the linux community will help it grow in to something that really is wonderful, excellent, fantastic, and maybe even _complete_! Brian ( [EMAIL PROTECTED] ) --- Watch your thoughts, for they become words. Choose your words, for they become actions. Understand you actions, for they become habits. Study your habits, for they become your character. Develop your character, for it becomes your destiny -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Why Are Some Users' Print Jobs Always Held Pending?
CUPS Version: 1.1.23-10sarge1 I believe this to be a CUPS problem, but since it only seems to affect users printing via Samba, perhaps it has been encountered by others here. I have cups installed and can print to it via Linux just fine. I also have installed via Samba (via "cupsaddsmb") and most WinXP users can print just fine, too. However, a few (3 of about 20) users have the odd problem that every one of their print jobs gets put in the queue and held. I have to manually go in to the web interface and click "release job" for every one of them. The other 17 or so users have their jobs go straight through. All WinXP machines are on the same subnet on the same domain with identical (automated, unattended) installations. The cups logs show that the jobs are being held but do not state any reason why. What would cause the jobs of a few users to be held while others print immediately? Can I increase the log verbosity to tell why jobs are held? Brian ( [EMAIL PROTECTED] ) --- A computer's attention span is only as long as its power cord. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba print problem (everything looks right)
I read your posts on samba mailing list.
I have the same problem:
I can print, but I can't open the printer properties page ("no driver"
message...).
For me also, the drivers are read from samba server e written on
C:\WinNT\System32\spool\drivers\... (I have removed him in advance to
test this).
There was a bug in the cupssmbadd program that stripped all end-of-line
characters during the conversion. (Many thanks to Vincent Nicolas for
catching this!) See http://www.cups.org/str.php?L1750
Brian
( [EMAIL PROTECTED] )
---
BREAKFAST.COM Halted... Cereal Port Not Responding
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Autenticationg Many SAMBA Servers against one LDAP
I was posed the question stated on the subject: Can I use one LDAP server as authentication backend for many SAMBA Servers? Easily. I would expect one LDAP server should be able to support hundreds, perhaps thousands of clients, including samba servers. Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Upgrades (both Unix and Samba)
The latest version of this document can be found at
http://pobox.com/~bcwhite/ldap-upgrade.txt
Last Updated: 2006-05-23
I just upgraded our company's network from a system created 6 years ago
(NIS and SMBPASSWD) to an up-to-date one (for 2006, at least) including
a central LDAP server. It was a far from painless experience, so I
thought I'd write up the experience in the hope that it may help others.
If I've left anything out, please let me know.
mailto:[EMAIL PROTECTED] (or if I've left there,
mailto:[EMAIL PROTECTED]).
I used my own "cfile" utility (http://sf.net/projects/cfile) to manage
all the configuration files across multiple machines. I hope to package
it up for Debian soon.
Here's what I did... Note that I'm using Debian 3.1 as my installed system.
Create an LDAP Server (apt-get install slapd)
~~
Ref:http://www.metaconsultancy.com/whitepapers/ldap.htm
http://www.tldp.org/HOWTO/LDAP-HOWTO/
http://www.grennan.com/ldap-HOWTO.html
SLAPD has to be one of the most difficult things to wrap your head
around I've ever come across. Perhaps if you spoke LDAP in your sleep,
it would all be obvious, but I've smoothed out the brick wall next to me
banging my head against it these past few days.
Getting SLAPD (v2.2.23) started wasn't much trouble. I set my suffix
(aka "base") to "dc=precidia". This would typically be
"dc=precidia,dc=com", but I'm lazy. I also set my default password
style to SSHA (salted-SHA) and set an administrator access point. Since
I planned on disabling this access point later, I just used a basic
"crypt" to store the password.
# "secret" is password, "XX" is salt (use any two letters or
numbers)
perl -e 'print crypt("secret","XX"),"\n"'
XXIABNgk3eFuw
password-hash SSHA
rootdn cn=root,dc=precidia
rootpw {crypt}XXIABNgk3eFuw
Also, create all the appropriate indices for speed:
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSIDeq
#index sambaPrimaryGroups eq
index sambaDomainName eq
index default sub
Push these changes with: /etc/init.d/slapd force-reload
In brief, LDAP is an object storage system where objects are grouped
(typcially) by an "organizationalUnit", or "ou" for short. Of course,
you can't simply store an object specifying a new "ou=something"; you
first have to create an object that describes it. Thus, before you can
store objects in "ou=Domains" you first have to store the object:
dn: ou=Domains,dc=precidia
ou: Domains
objectClass: top
objectClass: organizationalUnit
The first line is the "distinuguished name" and is the unique identifier
for this object. Every object has one and it details the hierarchy
under which the object is stored. In this case, my "base" (the root of
my tree) is "dc=precidia" and the sub-tree is "Domains". Despite the
fact that I said you cannot store an object in a "ou=Domains" without
first creating it, it is possible to create it and store it there at the
same time.
Enabing Ssecure LDAP ("ldaps") is left as an exercise to the reader!
(That means I haven't yet done it at the time this was written.)
Luckily, the LDAP Account Manager will do much of that for you...
Migrate Existing UNIX Information
~
Ref:http://www.linuxjournal.com/article/6266
http://www.gurulabs.com/goodies/downloads.php
http://www.gurulabs.com/downloads/ldapmigrate
For this, I used the "ldapmigrate" perl script desribed above. For this
to run, you'll have to install "libnet-ldap-perl" and maybe a few
others. Then, on your ldap server, do:
cd /var/data/ldap
/etc/init.d/slapd stop
rm -f *
/etc/init.d/slapd start
This will give you a clean database to start from. I restarted from
this point many, many times.
Create an "admin" account for LDAP administration. It will need a valid
password but should have an invalid shell to prevent unix login (because
it will eventually have root access -- see Samba section). A vaild home
directory may be useful, though.
Before doing the migration, I edited the "ldapmigrate" script and
changed all occurances of "Group" to "Groups" for naming consistancy and
to match the defaults of the LDAP Account Manager.
Then do the migration...
LDAPBIND="cn=root,dc=precidia"
LDAPPASS="secret"
LDAP
Re: [Samba] URGENT: Samba Won't Substitute %u In "Logon *" When LDAP Is Used
I don't have any values for these coming from LDAP. It's the smb.conf settings that aren't getting the %u (lower-case "u") expanded. Lower '%u' can only be used in a share (as a general rule). Ah. Okay. That would explain why it's wrong. I used it previously (don't know the exact samba version) and it worked then so it must have broken when I upgraded samba. Unfortunately, all the ldap changes went in at the same time so I assumed the problem had something to do with that. Thanks for clarifying! Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] URGENT: Samba Won't Substitute %u In "Logon *" When LDAP Is Used
I just upgraded to 3.0.22 (debian "testing") and have the same problem. I could really use some help on this one!!! Use %U. Be watch out as this will actually become deprecated functionality in future releases. Just figured that out. Thanks! Why is this being depricated? The variable syntax is ambiguous with client side environment variables.Hint: %L ? Or %LOGONSERVER% ? You can leave out the values from the passdb backend and the default values from smb.conf will still be expanded though. I don't have any values for these coming from LDAP. It's the smb.conf settings that aren't getting the %u (lower-case "u") expanded. Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Print Problem (Everything Looks Right)
Hmmm... I think that's the key point right there. It works, but I can't _configure_ it! That could mean that the DLL that provides the configuration tabs isn't initialising properly. When you deleted the printer and tried to re-add it, did you also uninstall the driver from the Windows box? I tried fully removing the driver (Settings, Printers & Faxes, File Menu, Server Properties, Drivers Tab, Remove) and then reconnecting to the printer. Same problem. That could explain why you weren't seeing any requests for the print$ share when you re-added the printer. Yup. I think you're right. It's looking more and more like a pure CUPS problem. I'm trying to get on their mailing list to see what I can find out. Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Print Problem (Everything Looks Right)
Can you try it on an XP box? It sounds like it should work there - I've yet to find a solution for Win2k. All my WinXP boxes are behaving the same as the Win2K unit. I just don't have a "fresh" install of a WinXP box handy at the moment. That shouldn't make a difference - it works fine for me on XP machines that have gone years without a reinstall. You're able to run \\server\print$ from the client machines? I suppose so, otherwise the files you've seen wouldn't have been copied across. All I can suggest is removing/renaming the .tdb files related to printing, restarting Samba and then rerunning cupsaddsmb. I've had a few issues with cupsaddsmb, it has to be run *just* right to work. If it asks you for a password more than once, it probably hasn't worked. Try adding one printer at a time (if you have more than one) as opposed to using the -a option to add all printers at once. Yes, I can access the share just fine. As I get in to it, it looks like it's not a samba problem but something to do with the CUPS driver install. It's been copied to the WinXP machine (I can see all the files in the appropriate directories on the Windows machine) and I can print test pages. It just won't let me configure it. Hmmm... I think that's the key point right there. It works, but I can't _configure_ it! Now, if I only knew of what that is indicitive. Sorry I couldn't be more helpful! It's all helpful! Successive approximation! Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] URGENT: Samba Won't Substitute %u In "Logon *" When LDAP Is Used
I just upgraded to 3.0.22 (debian "testing") and have the same problem. I could really use some help on this one!!! Use %U. Be watch out as this will actually become deprecated functionality in future releases. Just figured that out. Thanks! Why is this being depricated? Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] URGENT: Samba Won't Substitute %u In "Logon *" When LDAP Is Used
However, it semes that Samba is NOT substituting the "%u" in this case even though it was when LDAP was not in use. At least "logon path" and "logon home" are affected; maybe more. Okay, guess what! Both %L and %U (capital) get substituted correctly. I guess I'll just use %U instead of %u -- the two seem to be the case (I'm a little unclear on the differences, to be truthful). Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] URGENT: Samba Won't Substitute %u In "Logon *" When LDAP Is Used
Version: 3.0.14a (debian stable: 3sarge1)
I just upgraded to 3.0.22 (debian "testing") and have the same problem.
I could really use some help on this one!!!
I'm just about finished converting our company's network from NIS to
LDAP. Part of that involved updating Samba to use that same directory
so all the information is maintained in one place.
Most everything is good, except that my roaming profiles won't work. My
smb.conf file is attached.
Upping the log level eventually showed messages like this:
[2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(108)
unix_convert called on file "%u"
[2006/05/22 15:16:29, 10] smbd/statcache.c:stat_cache_lookup(210)
stat_cache_lookup: lookup failed for name [%U]
[2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(175)
unix_convert begin: name = %u, dirpath = , start = %u
I traced this to the "logon path" configuration item. Samba is choosing
the value from the smb.conf file because I don't have these values set
within the LDAP directory; I just want to use the default generated one.
However, it semes that Samba is NOT substituting the "%u" in this case
even though it was when LDAP was not in use. At least "logon path" and
"logon home" are affected; maybe more.
To verify, I manually changed every "%u" in the smb.conf file to
"bcwhite" and then I can log on with my profile and home directory just
fine. An okay solution for me, but the rest of my users might complain.
Since my users are expecting to return tomorrow (after a long weekend)
and use their WinXP machines, I'd appreciate it if someone can shed some
light on this problem asap.
Thanks much!!!
;
; $Id: smb.conf,v 1.7 2006/05/22 19:09:28 bcwhite Exp $
;
[global]
printing = cups
printcap = cups
load printers = yes
guest account = guest
invalid users = root
dont descend = /proc,/dev
unix extensions = no
bind interfaces only = no
interfaces = eth1 eth2
netbios aliases = titan share shell profiles
; don't risk problems with buggy dos programs (Visual C++) getting wrong
timestamp
dos filetime resolution = yes
; "security = user" is always a good idea. This will require a Unix account
; in this server for every user accessing the server.
security = user
; Change this for the workgroup your Samba server will part of
workgroup = precidia
server string = %h Server (Samba %v)
; If you want Samba to log though syslog only then set the following
; parameter to 'yes'. Please note that logging through syslog in
; Samba is still experimental.
syslog only = no
; We want Samba to log a minimum amount of information to syslog. Everything
; should go to /var/log/{smb,nmb} instead. If you want to log through
; syslog you should set the following parameter to something higher.
syslog = 0;
; This socket options really speed up Samba under Linux, according to my
; own tests.
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096
SO_RCVBUF=4096
; Passwords are encrypted by default. This way the latest Windows 95 and NT
; clients can connect to the Samba server with no problems.
encrypt passwords = yes
passdb backend = ldapsam:ldap://localhost
; It's always a good idea to use a WINS server. If you want this server
; to be the WINS server for your network change the following parameter
; to "yes". Otherwise leave it as "no" and specify your WINS server
; below (note: only one Samba server can be the WINS server).
; Read BROWSING.txt for more details.
wins support = yes
; If this server is not the WINS server then specify who is it and uncomment
; next line.
; wins server = 172.16.0.10
; Please read BROWSING.txt and set the next four parameters according
; to your network setup.
os level = 99
local master = yes
preferred master = yes
; Domain stuff
domain master = yes
domain logons = yes
;; domain group map = /etc/samba/domain-group.map
;; domain user map = /etc/samba/domain-user.map
;; local group map = /etc/samba/local-group.map
logon path = \\profiles\profiles\%u
logon home = \\shell\%u
logon drive = u:
logon script = logon.bat
;; add user script = /etc/samba/addhost %u
; What naming service and in what order should we use to resolve host names
; to IP addresses
name resolve order = host bcast
; This will enable nmbd to search for NetBIOS names through DNS.
dns proxy = yes
; Name mangling options
preserve case = yes
short preserve case = yes
mangled names = yes
mangle prefix = 5
mangling method = hash
; LDAP settings
ldap admin dn = uid=samba,ou=Services,dc=precidia
ldap suffix = dc=precidia
ldap user suffix = ou=People
ldap group suffix = ou=Groups
Re: [Samba] Samba Print Problem (Everything Looks Right)
I've done that dozens of times now. I've even gone to a fresh Win2K install. They all say the same thing: Ah, so this is on Win2K? (Your original post said XP as well.) I'm actually having a very similar problem with Win2K, and most annoying of all it used to work fine. And it still does, but now with XP only. For me if I click 'yes' to install the printer driver it comes up asking me for an .INF file, which I obviously don't have. Can you try it on an XP box? It sounds like it should work there - I've yet to find a solution for Win2k. All my WinXP boxes are behaving the same as the Win2K unit. I just don't have a "fresh" install of a WinXP box handy at the moment. Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Print Problem (Everything Looks Right)
Try 'guest ok = yes' - otherwise any slight change in credentials will block access to the print$ share - and anyway, it shouldn't matter if an unauthorised user can copy your driver files ;-) Tried that, but it didn't make any difference. In fact, when I double-click to open the printer, it does connect and give me a print-queue window. It's only when I trying to bring up the properties for that printer that it tells me no driver is installed and asks if I want to search for one. This is the classic scenario of 'the driver was never originally installed' - I don't know if you can successfully install it from here, I've always deleted the locally installed printer and then gone back to the server and double-clicked on the printer again. I've done that dozens of times now. I've even gone to a fresh Win2K install. They all say the same thing: "The 'Doyle' printer driver is not installed on this computer. Some printer properties will not be accessible unless you install the printer driver. Do you want to install the driver now?" Reading this more carefully... I originally assumed it meant that it couldn't find the printer driver for "Doyle" the printer. But this says it can't find the "Doyle" printer driver, which is (somewhat) different. The "cupsaddsmb" program creates the driver with the same name as the printer. Thus, the printer "Doyle" uses the "Doyle" printer driver. Anyway... I did a search on C:\ and found "Doyle.BPD" and "Doyle.ppd" in C:\WINDOWS\system32\spool\drivers\w32x86\3, so it has found and copied all 8 files to that directory (cupsui6.dll, cupsps6.dll, cups6.ini, pscript.ntf, pscript.hlp, ps5ui.dll, Doyle.ppd, and pscript6.dll). However, even if I say "no", the properties dialog does come up (just the print queue settings -- no printer driver options) and I can successfully print a test page. Yes, Windows will display the standard pages that aren't driver specific. That's odd that you can print a test page though. > So... What am I missing? Did you install the PostScript driver or the CUPS driver? From your last post it looks like both are installed at the same time - but as I've never used the CUPS driver, that might be normal. Although it could explain why you were able to print (via one driver) but not display the properties (problem with the other driver.) The cups driver seems to be an extension of the Microsoft one. You have to copy _both_ sets to the /usr/share/cups/drivers directory (something far from clear in the man page) before the "cupsaddsmb" script will work. When you double-click on the printer on the server (assuming it's not installed locally) that's when it tries to copy the driver across. What happens when you do this? It seems to work. It opens the queue window. I haven't seen any jobs on it, but then I'm just re-building the network here, so there isn't anyone else around to print. If I try to open the "properties" for the printer I'll get the error mentioned above. This whole thing summarizes what I hate most about Windows... When it doesn't work, it's darn near impossible to find out why! No "strace", no source code, no logs, nothing. Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Print Problem (Everything Looks Right)
(a truely great work, IMO). However, I cannot get a WinXP or Win2K machine to automatically install the driver when I double-click on the printer after browsing the share. Actually, now that I think about it... Perhaps I'm not completely accurate with that statement. In fact, when I double-click to open the printer, it does connect and give me a print-queue window. It's only when I trying to bring up the properties for that printer that it tells me no driver is installed and asks if I want to search for one. However, even if I say "no", the properties dialog does come up (just the print queue settings -- no printer driver options) and I can successfully print a test page. So... What am I missing? Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Print Problem (Everything Looks Right)
I'm trying to get Samba to print with CUPS and the universal postscript driver. I've followed the HOWTO at http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html (a truely great work, IMO). However, I cannot get a WinXP or Win2K machine to automatically install the driver when I double-click on the printer after browsing the share. I've done everything up to and including step #10. I can use "rpcclient" and see the driver installed. The only difference I see is that "cupsaddsmb" (v1.2) put the driver (cups-windows v6.0) under the "3" subdirectory instead of the "2" directory. titan:/var/log/samba$ rpcclient -Ubcwhite%secret -c 'getdriver Doyle' share [Windows NT x86] Printer Driver Info 3: Version: [3] Driver Name: [Doyle] Architecture: [Windows NT x86] Driver Path: [\\SHARE\print$\W32X86\3\pscript5.dll] Datafile: [\\SHARE\print$\W32X86\3\Doyle.ppd] Configfile: [\\SHARE\print$\W32X86\3\ps5ui.dll] Helpfile: [\\SHARE\print$\W32X86\3\pscript.hlp] Dependentfiles: [\\SHARE\print$\W32X86\3\cupsui6.dll] Dependentfiles: [\\SHARE\print$\W32X86\3\cupsps6.dll] Dependentfiles: [\\SHARE\print$\W32X86\3\cups6.ini] Dependentfiles: [\\SHARE\print$\W32X86\3\pscript.ntf] Dependentfiles: [\\SHARE\print$\W32X86\3\pscript.hlp] Dependentfiles: [\\SHARE\print$\W32X86\3\ps5ui.dll] Dependentfiles: [\\SHARE\print$\W32X86\3\Doyle.ppd] Dependentfiles: [\\SHARE\print$\W32X86\3\pscript5.dll] Monitorname: [] Defaultdatatype: [RAW] Not only that, I've connected with smbclient and retrieve one of those files back to my hard drive (always as "bcwhite"), so I know they exist and are readable. I've tried setting the sambal "log level" to 65535 and examing the logs. I can't even see it making any reference to the "print$" share. [print$] comment = Printer Drivers path = /etc/samba/drivers browseable = yes guest ok = no read only = yes write list = admin Any ideas? Thanks! Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba/DLAP Howto
Newbie here...wanting to implement and test Samba (current version, 3.0.22) as a PDC on LDAP backend. I'm just finishing doing the same thing. I've tried to write it all down and I'll post it here when I'm done (perhaps even later today). As you've noticed, there are quite a few on the net. I'm afraid mine will be just one more. I'd prefer a pretty step-by-step how-to, that doesn't assume I know much at all. It's not a trivial process, I assure you. I spent a full week preparing on a test server and another two days to make the conversion on the real network. Brian ( [EMAIL PROTECTED] ) --- Until we are first independent, we cannot be interdependent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] URGENT: Samba Won't Substitute %u In "Logon *" When LDAP Is Used
Version: 3.0.14a (debian stable: 3sarge1)
I'm just about finished converting our company's network from NIS to
LDAP. Part of that involved updating Samba to use that same directory
so all the information is maintained in one place.
Most everything is good, except that my roaming profiles won't work. My
smb.conf file is attached.
Upping the log level eventually showed messages like this:
[2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(108)
unix_convert called on file "%u"
[2006/05/22 15:16:29, 10] smbd/statcache.c:stat_cache_lookup(210)
stat_cache_lookup: lookup failed for name [%U]
[2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(175)
unix_convert begin: name = %u, dirpath = , start = %u
I traced this to the "logon path" configuration item. Samba is choosing
the value from the smb.conf file because I don't have these values set
within the LDAP directory; I just want to use the default generated one.
However, it semes that Samba is NOT substituting the "%u" in this case
even though it was when LDAP was not in use. At least "logon path" and
"logon home" are affected; maybe more.
To verify, I manually changed every "%u" in the smb.conf file to
"bcwhite" and then I can log on with my profile and home directory just
fine. An okay solution for me, but the rest of my users might complain.
Since my users are expecting to return tomorrow (after a long weekend)
and use their WinXP machines, I'd appreciate it if someone can shed some
light on this problem asap.
Thanks much!!!
Brian
( [EMAIL PROTECTED] )
---
Until we are first independent, we cannot be interdependent.
;
; $Id: smb.conf,v 1.7 2006/05/22 19:09:28 bcwhite Exp $
;
[global]
printing = cups
printcap = cups
load printers = yes
guest account = guest
invalid users = root
dont descend = /proc,/dev
unix extensions = no
bind interfaces only = no
interfaces = eth1 eth2
netbios aliases = titan share shell profiles
; don't risk problems with buggy dos programs (Visual C++) getting wrong
timestamp
dos filetime resolution = yes
; "security = user" is always a good idea. This will require a Unix account
; in this server for every user accessing the server.
security = user
; Change this for the workgroup your Samba server will part of
workgroup = precidia
server string = %h Server (Samba %v)
; If you want Samba to log though syslog only then set the following
; parameter to 'yes'. Please note that logging through syslog in
; Samba is still experimental.
syslog only = no
; We want Samba to log a minimum amount of information to syslog. Everything
; should go to /var/log/{smb,nmb} instead. If you want to log through
; syslog you should set the following parameter to something higher.
syslog = 0;
; This socket options really speed up Samba under Linux, according to my
; own tests.
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096
SO_RCVBUF=4096
; Passwords are encrypted by default. This way the latest Windows 95 and NT
; clients can connect to the Samba server with no problems.
encrypt passwords = yes
passdb backend = ldapsam:ldap://localhost
; It's always a good idea to use a WINS server. If you want this server
; to be the WINS server for your network change the following parameter
; to "yes". Otherwise leave it as "no" and specify your WINS server
; below (note: only one Samba server can be the WINS server).
; Read BROWSING.txt for more details.
wins support = yes
; If this server is not the WINS server then specify who is it and uncomment
; next line.
; wins server = 172.16.0.10
; Please read BROWSING.txt and set the next four parameters according
; to your network setup.
os level = 99
local master = yes
preferred master = yes
; Domain stuff
domain master = yes
domain logons = yes
;; domain group map = /etc/samba/domain-group.map
;; domain user map = /etc/samba/domain-user.map
;; local group map = /etc/samba/local-group.map
logon path = \\profiles\profiles\%u
logon home = \\shell\%u
logon drive = u:
logon script = logon.bat
;; add user script = /etc/samba/addhost %u
; What naming service and in what order should we use to resolve host names
; to IP addresses
name resolve order = host bcast
; This will enable nmbd to search for NetBIOS names through DNS.
dns proxy = yes
; Name mangling options
preserve case = yes
short preserve case = yes
mangled names = yes
mangle prefix = 5
mangling method = hash
; LDAP settings
ldap admin dn = uid=samba,ou=Services,dc=precidia
ldap suffix = dc=precidia
ldap user suf
Re: [Samba] Wierd 8.3 Name Mangling
> > I've installed Samba 3.0.7 (stock Debian package), but I'm having some > > wierd problems with name mangling. The relevant lines in smb.conf are: > > > >preserve case = yes > >short preserve case = yes > >mangled names = yes > >mangle prefix = 5 > >mangling method = hash2 > > > > In a share, I did "touch test-file.GHO" to create a long filename. When > > I do a "dir" under DOS, however, it shows: > > > >TVTSSK~S GHO 0 11-02-04 3:07p test-file.GHO > > > > I can't see how samba came up with this mangled name. I tried changing > > the mangle prefix and/or mangle method but it made no difference. I made > > sure I killed the "smbd" process after any changes I made and can see it > > being restarted and a new TCP connection established to it. > > The mangle prefix is only used in the hash mangling method. The name > shown (TVTSSK~S GHO) is a has2 mangled name, as to be expected. Okay, but, as I said, I tried changing the mangle method (to just "hash") and still got the same results. Perhaps my Windoze box has cached the result somehow or the correct process did not restart... Yup, sure enough... Reboot Windoze and the now it shows "TEST-~AM.GHO". Thanks! Brian ( [EMAIL PROTECTED] ) --- Don't go around saying the world owes you a living. The world owes you nothing. It was here first. -- Mark Twain --- ( Couldn't verify my signature? Use http://www.precidia.com/precidia.crt ) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Wierd 8.3 Name Mangling
I've installed Samba 3.0.7 (stock Debian package), but I'm having some wierd problems with name mangling. The relevant lines in smb.conf are: preserve case = yes short preserve case = yes mangled names = yes mangle prefix = 5 mangling method = hash2 In a share, I did "touch test-file.GHO" to create a long filename. When I do a "dir" under DOS, however, it shows: TVTSSK~S GHO 0 11-02-04 3:07p test-file.GHO I can't see how samba came up with this mangled name. I tried changing the mangle prefix and/or mangle method but it made no difference. I made sure I killed the "smbd" process after any changes I made and can see it being restarted and a new TCP connection established to it. Any ideas? Thanks! Brian ( [EMAIL PROTECTED] ) --- Diplomacy: the art of letting someone have your own way. --- ( Couldn't verify my signature? Use http://www.precidia.com/precidia.crt ) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] DOS Properties Not Networkable?
> I think you need to make a short cut to the bat file. I do not think that > DOS executables ever store this info by default. I have done this before. > I think it's either just a short cut or a pif file. You then specify the > screen, memory and other setting via the shortcut which then references the > oroginal exe file. Thanks! That did it. I went looking all over for a Win98 "pif" editor without ever realizing that creating a shortcut actually created one of those files. Thanks! I'm still curious where my machine stores the information when I adjust the properties on the batch file directly. It is persistant and I don't see any other files created. I haven't tried rebooting... perhaps it's memory-resident only. Brian ( [EMAIL PROTECTED] ) --- Do, or do not. There is no "try". -- Yoda -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] DOS Properties Not Networkable?
If I right-click on an executable program (like a DOS batch file) that resides on a samba share and set properties like "full screen", that property is remembered on the machine with which I made the change. However, if I go to another machine and run that file, it uses the default properties. Doing a right-click from the other machine and viewing the properties also shows all the defaults. - Is there a way to set network-wide properties for a file? - Where does Win98 store my properties locally if not on the network? - Is there any way to force a batch file to run full-screen? (I tried "start" from within another batch file but that can only do a "maximized" window, not full-screen.) Thanks! Brian ( [EMAIL PROTECTED] ) --- Do, or do not. There is no "try". -- Yoda -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: XP "logon failure" but still logs on -- no roamingprofile
> > Okay. I guess the next thing to do is try with a fresh installation and
> > then see if it occurs again as elements get added.
>
> our setup... xp-pro (pre sp1) and office2k, local profiles only,
> sign-or-seal; no problems so far.
I didn't have any troubles with local profiles either. My hope was to set
up all the Windoze boxes like the unix ones which would allow everyone to
log in to any machine and get their standard account (though with a speed
penalty since the home directory would be mounted over the network instead
of on the local drive).
We don't have that now on the Win98 boxes and doesn't seem to be much of
a problem, but I'd like to try...
> > Thanks. I've noticed that XP has provisions for requiring passwords to
> > be changed, but didn't look in to it at all. Perhaps a small script which
> > sets the necessary registry entries?
>
> I'm trying to generate more interest in using already builtin Xp policy
> options/features. Why re-invent the wheel? Have you been following this
> thread? comments?...
> Re: [Samba] gpedit.msc as centralized policy for 2k/xp clients
I'm afraid it's all pretty much Greek to me. I have very little understanding
of how group policies work.
Brian
( [EMAIL PROTECTED] )
---
Two roads diverged in a wood, and I -- I took the one less traveled by,
And that has made all the difference. ("The Road Not Taken" -- Robert Frost)
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: XP "logon failure" but still logs on -- no roamingprofile
> I remember another post where applying the "critical updates" was
> actually the cause of the problem!? can't remember all the details..but
> something about auto-application making incorrect assumptions.
> hope this is of some help, regards
Okay. I guess the next thing to do is try with a fresh installation and
then see if it occurs again as elements get added. Since this was my
first attempt at using XP (or any networking of an NT kernel, for that
matter) it didn't really follow any strategy.
It has had a few software packages installed on it and CygWin to boot (I'm
trying to get Amanda to work). It's possible that one of these is causing
a local file access conflict.
> ps: I like your ideas in logon.bat. Do you have any suggestions/ideas on
> the best way to implement password-age, password-history in Xp/samba
> domain?
Thanks. I've noticed that XP has provisions for requiring passwords to
be changed, but didn't look in to it at all. Perhaps a small script which
sets the necessary registry entries?
Our password-expiration policy here involves me going around once
a year and beating on people's heads to give me new passwords which I then
enter in to a program that goes and changes them in the half-dozen or so
places where it's stored: nis, samba, mysql, windoze, etc.
Brian
( [EMAIL PROTECTED] )
---
Two roads diverged in a wood, and I -- I took the one less traveled by,
And that has made all the difference. ("The Road Not Taken" -- Robert Frost)
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: XP "logon failure" but still logs on -- no roamingprofile
> hmmm..did you try running ...tcpdump -i eth0 ..on your samba box?
> (assuming eth0 is samba lan interface?) then you can "see" what is
> happening at the time..
> regards
Okay... Done. Below is the tcpdump from the time that I got the
error dialog while logging in until I initiated the logoff. It's
about 240kB uncompressed (40kB compressed).
http://bcwhite.dhs.org/~bcwhite/tcp.smbd-logoff_delay.gz
However, in summary...
There is pretty much constant traffic between "watertown" (the client) and
"griffon" (the server) up until:
[...]
18:36:00.011222 griffon.ott.precidia.com.netbios-ssn >
watertown.ott.precidia.com.4451: S 3794220794:3794220794(0) ack 3
18:36:00.011512 griffon.ott.precidia.com.netbios-ssn >
watertown.ott.precidia.com.4451: S 3794220794:3794220794(0) ack 3
18:36:00.011772 watertown.ott.precidia.com.4451 >
griffon.ott.precidia.com.netbios-ssn: R 3385513384:3385513384(0) win 0
18:36:00.424875 watertown.ott.precidia.com.netbios-dgm > 10.0.3.63.netbios-dgm:
18:36:07.211433 griffon.ott.precidia.com.www > watertown.ott.precidia.com.4454: F
837:837(0) ack 305 win 5840 (DF)
18:36:07.211750 griffon.ott.precidia.com.www > watertown.ott.precidia.com.4454: F
837:837(0) ack 305 win 5840 (DF)
18:36:07.212011 watertown.ott.precidia.com.4454 > griffon.ott.precidia.com.www: . ack
838 win 16684 (DF)
There are a few spurts of activity after that:
18:36:10.642363 watertown.ott.precidia.com.4450 > griffon.ott.precidia.com.445: P
18696:18741(45) ack 18030 win 16129 (D
18:36:10.646248 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18030:18069(39) ack 18741 win 2224 (DF
18:36:10.646558 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18030:18069(39) ack 18741 win 2224 (DF
18:36:10.766491 watertown.ott.precidia.com.4450 > griffon.ott.precidia.com.445: . ack
18069 win 16090 (DF)
18:36:11.463568 watertown.ott.precidia.com.4450 > griffon.ott.precidia.com.445: P
18741:18841(100) ack 18069 win 16090 (
18:36:11.497609 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18069:18108(39) ack 18841 win 2224 (DF
18:36:11.497914 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18069:18108(39) ack 18841 win 2224 (DF
18:36:11.669477 watertown.ott.precidia.com.4450 > griffon.ott.precidia.com.445: . ack
18108 win 17520 (DF)
18:36:11.731450 griffon1.ott.precidia.com.route > 10.0.3.63.route: RIPv1-resp [items
8]: {10.0.2.64}(2) {10.0.2.128}(2)
18:36:11.731741 griffon1.ott.precidia.com.route > 10.0.3.63.route: RIPv1-resp [items
8]: {10.0.2.64}(2) {10.0.2.128}(2)
Then there is a delay until I start the logoff procedure:
18:36:20.664208 watertown.ott.precidia.com.4450 > griffon.ott.precidia.com.445: P
18841:18884(43) ack 18108 win 17520 (D
18:36:20.666867 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18108:18151(43) ack 18884 win 2224 (DF
18:36:20.667168 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18108:18151(43) ack 18884 win 2224 (DF
18:36:20.667428 watertown.ott.precidia.com.4450 > griffon.ott.precidia.com.445: P
18884:18923(39) ack 18151 win 17477 (D
18:36:20.670643 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18151:18190(39) ack 18923 win 2224 (DF
18:36:20.670941 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18151:18190(39) ack 18923 win 2224 (DF
18:36:20.799476 watertown.ott.precidia.com.4450 > griffon.ott.precidia.com.445: . ack
18190 win 17438 (DF)
18:36:22.141603 watertown.ott.precidia.com.4450 > griffon.ott.precidia.com.445: P
18923:19023(100) ack 18190 win 17438 (
18:36:22.149477 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18190:18297(107) ack 19023 win 2224 (D
18:36:22.149785 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18190:18297(107) ack 19023 win 2224 (D
18:36:22.150432 watertown.ott.precidia.com.4450 > griffon.ott.precidia.com.445: P
19023:19163(140) ack 18297 win 17331 (
18:36:22.162845 griffon.ott.precidia.com.445 > watertown.ott.precidia.com.4450: P
18297:18348(51) ack 19163 win 2224 (DF
[...]
In this case, I counted 25 seconds before logging off since things seemed
to be running a bit slower (probably due to having the log level set to 20)
and didn't work the first time when I only waited 20 seconds. It might
be related to idle time on the network before beginning logout.
I correlated these times to the log.smbd file (4060kB uncompressed,
215kB compressed), which I've placed here:
http://bcwhite.dhs.org/~bcwhite/tcp.smbd-logoff_delay.gz
The end of the login sequence is:
[2003/03/14 18:35:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(539)
got smb length of 41
[2003/03/14 18:35:59, 6] smbd/process.c:process_smb(859)
got message type 0x0 of len 0x29
[2003/03/14 18:35:59, 3] smbd/process.c:process_smb(860)
Transaction 2235 of length 45
[...]
The next blips of traffic are: (nothing shows for 18:36:07)
[2003/03/14 18:36:10, 10] lib/util_sock.c:rea
[Samba] Re: XP "logon failure" but still logs on -- no roamingprofile
> so if you reboot you get a successful logon? xp -pre sp1 ? Usually, yes. I did get one case where it did not but the computer had been on for a while before I tried to log on. SP1 was installed. I just did another update of all critical updates but it made no difference. After I reboot, I could logon, logoff, logon, logoff, but the third time I tried to logon, I got the error. On a hunch, I tried removing everything from the logon.bat script. It didn't help, though. After a reboot, I could logon/off three times and then I started getting the error. Continuing logon/logoff sequences shows no discernable pattern, though it only fails about 1/2 to 1/3 of the tries. After restoring the content of the logon.bat file, the logon process fails much more often but not every time. I began to wonder if it had something to do with network activity/idle periods since when I was typing results in to this message, it seemed that the next logon attempt would work. Taking a more patient approach to this, I've discovered that the problem is at least somewhat related to how long I stay logged in. With the full login.bat content (because it makes the problem more obvious) I've discovered that: - Logout immediately after logon (waiting for logon.bat to complete first) causes a logon failure every time. - Waiting 20 seconds after a logon failure before logout will ensure that the next logon attempt is successful. Waiting only 10 seconds is not enough. The next logon attempt(after one that was successful) will fail even if I again wait over 30 _minutes_ before logout. - Waiting at the "press CTRL-ALT-DELETE to logon" prompt, even up to 60 seconds, does not help; it fails every time. Attached is the "logon.bat" file renamed to "logon.txt" so it doesn't get stripped by any virus scanners. In addition to mapping a number of network drives, it also tries to map H: to /home/userid (if it exists) or to the users home computer on the network if they're logging in to a different machine (sort of like a unix automounter would do for home directories on different machines). Brian ( [EMAIL PROTECTED] ) --- Tired of spam? See what you can do to fight it at: http://www.cauce.org/:-net accounts /forcelogoff:no /minpwlen:4 /minpwage:0 /maxpwage:unlimited /uniquepw:5 :- :- Mount the home directory :- net use h: /d subst h: /d if exist C:\Home\%USERNAME%\nul.x goto localhome :nethome call "%USERPROFILE%\Network\homedir.bat" goto donehome :localhome subst h: C:\Home\%USERNAME% mkdir "%USERPROFILE%\Network" echo net use h: \\%COMPUTERNAME%\home\%USERNAME% /persistent:no /yes >"%USERPROFILE%\Network\homedir.bat" goto donehome :donehome :- :- Mount network drives :- net use o: \\share\office2000p /persistent:no /yes net use p: \\share\precidia /persistent:no /yes net use s: \\share\win32 /persistent:no /yes net use t: \\ftp\ftp /persistent:no /yes net use x: \\share\tmp /persistent:no /yes :- :- Set some environment variables :- mkdir C:\tmp\%USERNAME% s:\bin\setx TEMP C:\tmp\%USERNAME% s:\bin\setx TMP C:\tmp\%USERNAME% :- s:\bin\setx HOMEDRIVE H: :- :- Update the computers clock :- net time \\share /set /yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: XP "logon failure" but still logs on -- no roamingprofile
> sorry I've deleted your original message... ahh maybe we need to start > again. Could I suggest you follow the diagnostic procedure in the docs. > From memory its diagnosis.txt ..its very logical and explains things as > you go. Then we'll have something to go on. Attached is the original message I posted (including the links to the log file captures I made). >From the Diagnosis File (everything looks good to me) ~~ Test1: no errors (one warning about some share names being longer than 8 characters) Test2: Both machines can ping the other (time=0.5ms). Test3: Anonymous login successful (no password). All shares are shown. The client can map and access all drives. Test4: Primary IP address of server is returned. The client sits on a second ethernet card and thus different subnet that the primary address, but this doesn't seem to make any difference. The server has no firewall rules and forwards all packets between interfaces. Test5: The client IP address is returned correctly. Test6: This did a broadcast test on the primary ethernet interface and thus received responses from the two servers (the local machine and one other) instead of a response from the client on the second ethernet subnet. I added a "-B 10.0.3.63" (6 bit subnet) and then received a response from the client XP machine. Test7: Connection to "tmp" works with both anonymous (guest) login and for a real userid. Test8: The "net view" works when logged in to the XP client as me, but not when logged in as Administrator. It also worked when telnetting in to cygwin as root. Test9: Connection to \\BIGSERVER\TMP worked fine though I was not prompted for a password. I was able to create and delete a file from the mapped directory. Test10: The server was found as the master browser. Again, I had to add "-B 10.0.3.63" to get it to look on the secondary ethernet. Test11: The XP client can browse the server and see shares. It sees it under "My Network Places/Entire Network/Microsoft Windows Network/precidia" but I assmue this is correct. Also at the same level as the "precidia" domain is "workgroup" which is the workgroup (not domain) managed by the other server. Clicking on that shows no machines under that workgroup even though the other server knows about many. Brian ( [EMAIL PROTECTED] ) --- Tired of spam? See what you can do to fight it at: http://www.cauce.org/-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP "logon failure" but still logs on -- noroamingprofile
> maybe running tcpdump will reveal something? Not a sausage. There wasn't a single packet from the XP machine or the samba server that went to the other server during either a successful login or a problematic one. Any other ideas? I'm fresh out. Did you look at the log files I provided in the original message? I'm afraid I don't know them well enough to notice if something is missing. -- Brian > On Sat, 2003-03-08 at 01:12, Brian White wrote: > > > Are you auth-ing to your Pdc via a routed link? and do you have > > > effectively a Bdc on your local lan with a "profile" share enabled? > > > This had me stuffed for ages, disable profile share on Bdc "fixed" my > > > intermittant xp-pro domain logon problem. hope this helps. > > > regards > > > > The two machines are directly connected on an Ethernet subnet. In fact, > > there is nothing on that ethernet segment other than those two machines. > > The server has another ethernet that talks with the internet firewall and > > another server managing a different workgroup (not domain) of Win98 hosts. > > I'll take a look to see if the XP host is trying to contact that other > > server at all. It certainly doesn't have a "profile" share, though. > > > > There is no BDC yet. My plan is to make each subnet server similar enough > > that if one fails I can just move its subnets to other server which would > > allow people to work uninterrupted until a replacement can be brought on-line. > > > > -- Brian Brian ( [EMAIL PROTECTED] ) --- Lottery: a tax on people who are bad at math -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP "logon failure" but still logs on -- no roamingprofile
> Are you auth-ing to your Pdc via a routed link? and do you have > effectively a Bdc on your local lan with a "profile" share enabled? > This had me stuffed for ages, disable profile share on Bdc "fixed" my > intermittant xp-pro domain logon problem. hope this helps. > regards The two machines are directly connected on an Ethernet subnet. In fact, there is nothing on that ethernet segment other than those two machines. The server has another ethernet that talks with the internet firewall and another server managing a different workgroup (not domain) of Win98 hosts. I'll take a look to see if the XP host is trying to contact that other server at all. It certainly doesn't have a "profile" share, though. There is no BDC yet. My plan is to make each subnet server similar enough that if one fails I can just move its subnets to other server which would allow people to work uninterrupted until a replacement can be brought on-line. -- Brian > On Wed, 2003-03-05 at 09:07, Brian White wrote: > > I'm having a problem with roaming domains on Samba v3.0-alpha21. I've > > connected the machine (watertown) to the domain (precidia) via the > > server (griffon). I've logged on with my userid (bcwhite) and seen > > my roaming profile get created on the server upon logoff. Future logons > > grab the roaming profile and everything is fine. > > > > However, _sometimes_ I get a window with the message: > > > > Windows cannot locate the server copy of your roaming profile and is > > attempting to log you on with your local profile. > > > > Changes to the profile will not be copied to the server when you logoff. > > Possible causeses of this error include network probelms or insufficient > > security rights. If this problem persists, contact your network > > administrator. > > > > DETAIL - logon failure: unknown user name or bad password > > > > However, the system continues to log me on (presumably with the local copy > > of my profile). Upon logoff, the copy of my profile on the samba server > > is not updated. > > > > > > I know I'm using the correct password. If I try the wrong password, I get > > a different window and no logon: > > > > The system could not log you on. Make sure your User name and domain are > > correct, then type your password again. Letters in passwords must be typed > > using he correct case. > > > > > > What I don't understand is why this only happens sometimes. I rebooted > > and then was able to log in fine. Log out, log in fine. Log out, log > > in fails. Reboot. Log in fine, log out, log in fails every time until I > > reboot again. I don't understand. > > > > I had logging set to level 200 and captured the following logs. > > > > start samba > > login (fail)http://bcwhite.dhs.org/~bcwhite/log.smbd-err.gz > > reboot > > login (okay)http://bcwhite.dhs.org/~bcwhite/log.smbd-ok.gz > > logout > > login (okay) > > logout > > login (fail) > > logout > > login (fail) > > [...] > > reboot > > login (okay) > > logout > > login (fail) > > stop samba http://bcwhite.dhs.org/~bcwhite/log.smbd-full.gz > > > > Note, the log files are 72kB, 121kB, and 4.3MB (compressed), respectively. > > > > All help very much appreciated! > > Brian ( [EMAIL PROTECTED] ) --- All is fair in love and war. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] XP "logon failure" but still logs on -- no roaming profile
I'm having a problem with roaming domains on Samba v3.0-alpha21. I've connected the machine (watertown) to the domain (precidia) via the server (griffon). I've logged on with my userid (bcwhite) and seen my roaming profile get created on the server upon logoff. Future logons grab the roaming profile and everything is fine. However, _sometimes_ I get a window with the message: Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causeses of this error include network probelms or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - logon failure: unknown user name or bad password However, the system continues to log me on (presumably with the local copy of my profile). Upon logoff, the copy of my profile on the samba server is not updated. I know I'm using the correct password. If I try the wrong password, I get a different window and no logon: The system could not log you on. Make sure your User name and domain are correct, then type your password again. Letters in passwords must be typed using he correct case. What I don't understand is why this only happens sometimes. I rebooted and then was able to log in fine. Log out, log in fine. Log out, log in fails. Reboot. Log in fine, log out, log in fails every time until I reboot again. I don't understand. I had logging set to level 200 and captured the following logs. start samba login (fail)http://bcwhite.dhs.org/~bcwhite/log.smbd-err.gz reboot login (okay)http://bcwhite.dhs.org/~bcwhite/log.smbd-ok.gz logout login (okay) logout login (fail) logout login (fail) [...] reboot login (okay) logout login (fail) stop samba http://bcwhite.dhs.org/~bcwhite/log.smbd-full.gz Note, the log files are 72kB, 121kB, and 4.3MB (compressed), respectively. All help very much appreciated! Brian ( [EMAIL PROTECTED] ) --- DEFN: Computer - A device designed to speed and automate errors. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Q: Avoiding Symlink Dereferences
I've got a problem... I have a CD-ROM jukebox in which is stored some 100+ CDs. They're mounted automatically via the automounter with an executeable map. That part works well. To show people what is available, I have symlinks from another directory to all the possible CD volumes. However, if I look at that directory via Samba, the windoze box hangs for an extended period of time as it does a STAT on all the symlinks, each of which forces the mounting of the disc it references and taking about 10 seconds of time. Any ideas on how I can avoid this or at least cache the result? Brian ( [EMAIL PROTECTED] ) --- DEFN: Computer - A device designed to speed and automate errors. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Domain Support Problems
I'm out of ideas here. I'm trying to set up a computer network using samba on Linux as the primary server and a WinXP machine as the client. I'm just beginning with XP, but I've been using Linux and Samba (for Win95/98) for many years now. So, I've set up samba machine "griffon" to support domains... ; Domain Stuff domain master = yes domain logons = yes logon path = \\%L\profiles\%u logon home = \\%L\%u logon script = logon.cmd add user script = /etc/samba/adduser %u This should allow automatic "on-the-fly" creation of new machine accounts. I've created a "samba administrative account" called "machines" in /etc/passwd machines:x:0:5000:Machine Account (creator):/tmp:/bin/false and a corresponding one in /etc/samba/smbpasswd machines:0:3E3E844D9FA7D83317306D272A9441BB:57BCEA1EC8B53A61D032E6B338A0C23B:[UX ]:LCT-3E56855C: Under XP machine "watertown", I've gone to Control Panel, System, Computer Name Changes, "member of domain 'precidia'", OK. Samba runs and logs [2003/02/21 15:30:58, 2] smbd/reply.c:reply_special(92) netbios connect: name1=GRIFFON name2=WATERTOWN [2003/02/21 15:30:58, 2] smbd/reply.c:reply_special(111) netbios connect: local=griffon remote=watertown [2003/02/21 15:30:59, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) get_md4pw: Workstation watertown$: no account in domain [2003/02/21 15:30:59, 2] smbd/server.c:exit_server(458) Closing connections calls /etc/samba/adduser and presto-chango, there is now an /etc/passwd entry watertown$:x:5001:5000:Machine Account,,,:/tmp$:/bin/false and a corresponding entry in /etc/samba/smbpasswd so that file is now bcwhite:10001:C75CC291E06B5A54F7E62F36F8DB5AE6:1ADA7AD6BE20188D6F929F801B25443C:[U ]:LCT-392D6EF2: machines:0:3E3E844D9FA7D83317306D272A9441BB:57BCEA1EC8B53A61D032E6B338A0C23B:[UX ]:LCT-3E56855C: watertown$:5001:NO PASSWORDX:NO PASSWORDX:[NDW ]:LCT-3E56858D: Now things go wrong. The rest of the log.smbd file shows [2003/02/21 15:31:00, 2] smbd/reply.c:reply_special(92) netbios connect: name1=GRIFFON name2=WATERTOWN [2003/02/21 15:31:00, 2] smbd/reply.c:reply_special(111) netbios connect: local=griffon remote=watertown [2003/02/21 15:31:03, 0] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2458) _samr_set_userinfo: Unable to get smbpasswd entry for uid 0 [2003/02/21 15:31:03, 0] rpc_server/srv_samr_nt.c:_samr_delete_dom_user(2664) _samr_delete_dom_user: Not yet implemented. [2003/02/21 15:31:03, 2] smbd/server.c:exit_server(458) Closing connections I traced this around (using strace, log file, and source code) and determined that samba is taking UID 0, looking it up in /etc/passwd to get the name "root" and then trying to find "root" in /etc/samba/smbpasswd, but it doesn't exist. Next, I added a line to /etc/samba/smbpasswd of "root" for samba to find root:0:CC596B7CE5FA59805ACDCD7C247FA83A:C119AEDBECEB895E7D9D0417A607:[UX ]:LCT-3E5683CF: This password happens to match the real unix password for that machine. Next time I try, the log file looks like [2003/02/21 15:32:30, 2] smbd/reply.c:reply_special(92) netbios connect: name1=GRIFFON name2=WATERTOWN [2003/02/21 15:32:30, 2] smbd/reply.c:reply_special(111) netbios connect: local=griffon remote=watertown [2003/02/21 15:32:31, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) get_md4pw: Workstation watertown$: no account in domain [2003/02/21 15:32:31, 2] smbd/server.c:exit_server(458) Closing connections [2003/02/21 15:32:32, 2] smbd/reply.c:reply_special(92) netbios connect: name1=GRIFFON name2=WATERTOWN [2003/02/21 15:32:32, 2] smbd/reply.c:reply_special(111) netbios connect: local=griffon remote=watertown [2003/02/21 15:32:35, 0] libsmb/smbencrypt.c:decode_pw_buffer(259) decode_pw_buffer: incorrect password length (-193558569). [2003/02/21 15:32:35, 0] rpc_server/srv_samr_nt.c:_samr_delete_dom_user(2664) _samr_delete_dom_user: Not yet implemented. [2003/02/21 15:32:36, 2] smbd/server.c:exit_server(458) Closing connections The "watertown$" account was recreated (I deleted it before running this attempt) but I was not able to figure out why the password length is so wrong. I am using shadow passwords here if that makes any difference. Giving up on that line of thought, I decided to try just using the "root" acount as the "samba administrative account". That didn't work either: Now when I try to connect to the domain, I get [2003/02/21 15:36:12, 2] smbd/reply.c:reply_special(92) netbios connect: name1=GRIFFON name2=WATERTOWN [2003/02/21 15:36:12, 2] smbd/reply.c:reply_special(111) netbios connect: local=griffon remote=watertown [2003/02/21 15:36:13, 0] smbd/service.c:make_connection(564) Can't become connected user! [2003/02/21 15:36:13, 2] smbd/server.c:exit_server(458) Closing connections [2003/02/21 15:36:14, 2] smbd/reply.c:reply_special(92) netbios connect:
