Re: [Samba] windows 7 machine account fails to authenticate against samba PDC
On 06/22/2011 12:31 AM, mrArcabuz wrote: Hi, it's been a while since the original message appeared, but here's my experience in case someone finds it useful: [...] I changed the machine account name to uppercase in the passwd & shadow files and the message does not appear anymore in the logs. This would explain why it's not an issue on an LDAP backend, as the uid there is case insensitive. I have experienced the same issue with the same configuration (PDB backend, no LDAP) and I can confirm that /etc/passwd entries created by adding machines to domain (via the "add machine script") show an UPPERCASE name in Samba (that is, when I issue a "pdbedit -L" command) but a lowercase name in /etc/passwd, resulting in errors being logged when the machine connects to Samba because its username (uppercase) cannot be found in /etc/passwd (where it is written in lowercase). The workaround is in fact to edit /etc/passwd to se the machines usernames to uppercase. I don't understand why and when this behaviour changed. I have a very old Samba installation that shows the older machine entries in PDB file being lowercase, as in this example: #pdbedit -L ... nb-gmg$:1051:NB-GMG$ ... and other entries in the same PDB file being all uppercase, like this: NOTEBOOK-FLAVIA$:4294967295:NOTEBOOK-FLAVIA$ Since all of the /etc/passwd file entries are lowercase, the second example (NOTEBOOK-FLAVIA$) does not authenticate correctly. You can also see that the output of the "pdbedit -L" command reports a wrong unix UID (4294967295) for the uppercase entry, because it cannot find it in /etc/passwd (being lowercase in passwd). If I edit /etc/passwd and set the username in uppercase there, then everything works, and also the unix UID shown by "pdbedit -L" is correct. -- Fabio "Kurgan" Muzzi - IZ4UFQ - Ginn! L'ottimismo e' il profumo di quella gnocca di tua sorella!Corri anche tu alla UniEuro!Ci sono radio che traspirano, cani di un'altra galassia!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unix Extensions and "force create mode"?
It seems that when the clients (and the server) use Unix extensions, the "force create mode" (and maybe "force directory mode"?) setting is completely ignored. I have a Samba 3.2.5 server that is accessed from Windows and Linux. One share is configured as follows: [foto] comment = Galleria fotografica path = /ud0/foto create mask = 0775 read only = No directory mask = 0775 force directory mode = 0775 force create mode = 0664 map system = Yes map hidden = Yes dos filemode = Yes When a Windows client writes a file to this share, the file gets the correct permissions (664). When a Linux client writes to this share, the permissions are set from the client (in my case the default is 660). This is wrong because I need 664 on this share. If I disable Unix Extensions on the server, the "force" settings are enforced correctly. Is this a bug or is it the intended behaviuor? Is there a way to force permissions even when files are accessed from a Linux client that uses Unix extensions? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error: Rejecting auth request from client MAILBKP1 machine account MAILBKP1$
I have a Samba 3.3.2 member server, named mailbkp1, which I joined to a Samba 3.3.2 domain controller. At joining time, I got two errors on the domain controller, which I report here: [2009/03/31 14:08:47, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client MAILBKP1 machine account MAILBKP1$ After joining, users can logon properly, and everything seems to work, but every time the member server gets a new connection, and contacts the DC to authenticate the user, I get that error again. I have searched through the bug tracking system, and found that older versions of Samba showed this behaviour, but I supposed that this was corrected on later versions. I have also tried joining a 3.3.2 Samba server to a NT4 PDC, and while the Samba member server works properly, I get similar messages (the machine failed to authenticate itself) in the Event Viewer of the NT4 PDC. Is there an open bug abut this? I have found none. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Proper use of tdbbackup
I have googled a lot, but I have found no examples of the correct use of the tdbbackup program. I am looking for some advice on how to use tdbbackup. I mean, I know I can simply run "tdbbackup *.tdb", but I was looking for in-depth information on when and how to use it, about best practices on using it, or what NOT to do. The Samba documentations says I should run it in my start/stop scripts, but it seems that no distribution actually does this. Why? Is there some drawback that I don't understand? I was thinking of running it every day as a chron job (not restarting Samba) and saving some backlog (some days worth of old backups). Is it useful? Since domain member machines change their domain password (am I correct?) automatically, if I restore an old backup can this lead to machines being unable to talk to the (samba) domain controller? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Vampire ends with a NT_STATUS_SYNCHRONIZATION_REQUIRED error
I am quite desperate. I have been trying to migrate a NT4 PDC to Samba. At the first try, I have used samba 3.2.5, which seemed to complete the vampire process but then I have found that there is a bug that prevents password from being migrated properly (and in fact passwords were not migrated properly). Then, I have removed the Linux server from the NT domain, deleted all TDB files, installed and compiled Samba 3.3.2 (the latest), rejoined the domain, and now the vampire command only migrates some accounts (127 of them) and then dies with an error: Fetching (to passdb) DOMAIN database [2009/03/16 23:45:28, 0] passdb/pdb_tdb.c:tdb_update_samacct_only(527) Failed to fetch DOMAIN database: NT_STATUS_SYNCHRONIZATION_REQUIRED I have seen that when I delete the linux server from the NT domain (using the server manager in NT) it still shows up in server manager, even if it says that it is in fact deleted, and will disappear at the next refresh (the next refresh of what?), it never disappears. Now, is it because of this that I get this error? Maybe the PDC thinks that he has to synchronize something to a BDC that has been removed from the domain? I have googled but I have found no answers... -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Grant or deny internet access based on Samba domain logon?
I am looking for some way to grant or deny internet access (that is, changing iptables rules) based on Samba domain logon. When a user logs on, I would like to run a script that modifies firewall rules based on the group that the user belongs to (this determines if he has internet access or not) and based on the workstation's IP address (so I know which IP address to grant internet access to). When the user logs off, I need to know the same information (username and IP) so I can remove the firewall rule. I have seen some scripts based on preexec and postexec, and some based on a loop that checks "smbstatus" every minute to see if new users are addedd or presnet users have gone away, but I think that both methods are not very efficient and not really stable. Checking every minute means that a user needs to wait after logon to be granted internet access, and using preexec and postexec seems to fail sometimes, as it seems that clients tend to connect the same share multiple times, and sometimes disconnect it while they are still online. I'd like to know if there is something else that I could use, if there is some "hook" in Samba that I can use to run scripts at logon and logoff, that can pass me username, groups (not really necessary) and IP address of the workstation. Thanks. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Impossible to change Primary group
Hello Gerald, Monday, January 29, 2007, 2:50:54 PM, you wrote: >> d> pdbedit -r gad -G 514 -d0 >> d> I cann't change primary group. [...] >> Running Samba 3.0.23d with tdbsam GJC> The primary group is based on the real Unix primary group. Ah, ok... so now it's impossible by design to change the primary group using pdbedit, right? Which leads to the next question: is it a good idea (from the windows clients point of view) to have the "administrator" user belong to "domain users" as the primary group and "domain admins" as a secondary group, or is it better to change the unix group of the adiministrator user to make it have "domain admins" as the primary group? -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Impossible to change Primary group
Hello drweb, Saturday, November 25, 2006, 4:32:17 PM, you wrote: d> By command: d> pdbedit -r gad -G 514 -d0 d> I cann't change primary group. I was looking through the list archives and found your post. I have the same issue. Any solutions yet? Running Samba 3.0.23d with tdbsam -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] Default Posix ACLs are ignored when copying files between two directories using Windows (XP)
Hello Jeffrey, Saturday, April 8, 2006, 1:50:53 AM, you wrote: JML> I'm seeing this exact same behavior on my Samba server. For what it's JML> worth, I also see this same behavior with shares/folders on a Windows JML> NT system. It seems Samba/Linux and Windows NT behave the same in JML> this regard. JML> One thing you can do is tell your users to "copy" files from JML> directory A to directory B, then delete the original files from JML> directory A. It's annoyingly inconvenient, (and inefficient) but it JML> works. I did some tests and came to the same conclusions (that is, I need to copy and not move files). I did not know that WinNT does the same, I supposed it should have worked correctly. I really don't have an elegant way of avoding this issue, because I also have all directories with different ACLs on a single big file system. Maybe this issue should be discussed on the ACL list instead of the Samba one. A possible (horrible) workarond from a Samba perspective could be to remap "move" operations to "copy and delete" ones. Another (better) workaround involves smbd applying default ACLS to files when they are moved to the destination directory. But again I suppose this is an issue with file system ACL support, and not with Samba. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Default Posix ACLs are ignored when copying files between two directories using Windows (XP)
I have tried to read the documentation, but I was not able to find a clear solution to my problem. I run Samba 3.0.14a on a Debian system with Posix ACLs. I have a share on a file system that uses Posix ACLs, and I have two directories in that share. Both directories have default ACLs set, so that every new file (or directory) created under each directory (by Windows XP/2000 clients) gets default permissions correctly. Now, when a user that has "rwx" permissions on both directories tries (from a WinXP box) to move a subtree from from directory A to directory B, the moved tree (files and directories) keeps all of the the ACLs (Posix and also standard user/group/other) and file ownership (user and group) it had when it was under directory A, ignoring completely the defaults set in directory B. This makes the moved subtree unreadable to users of directory B, which are not allowed to open files from directory A. Is there some solution to this issue? Maybe I need to set "inherit acls = yes"? I basically want ACLs to be ALWAYS the default ones, as set on the topmost directory, nothing more and nothing less. Thanks for your help. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Shares get disconnected and cannot reconnect over VPN
I reply to myself to add some information: I have think that I have traced it down to a name resolving issue. I don't know why but sometimes the client asks the wrong WINS server (I have two: one on the locally connected LAN an another one on the other side of the VPN) to resolve the server's name, and the request fails, then the client cannot connect to the server until it retries the request to the right wins server. I have tried setting an entry in the client's LMHOSTS file, but still sometimes it asks the wrong wins server. Maybe I have found a workaround: if I use the IP address of the server instead of the netbios name, the client never disconnects from the server, even if idle. Now the question is: why if I use the netbios name, the client disconnects from the server after about 8 minutes idle, and if I use the IP address it never disconnects? Maybe this is a win2000 issue (as a client) more than a Samba issue... -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Shares get disconnected and cannot reconnect over VPN
Hello samba, I have an issue with OpenVPN 2.0 and Samba 3.0.14a. My setup consists in a routed VPN (thus server and clients are on different subnets) between a linux OpenVPN 2.0 server and some Windows 2000 VPN clients. Samba is the PDC and is a WINS server. The VPN clients work, broswing works, and I see the clients registering on the server's WINS in /var/lib/samba/wins.dat. When I connect to a share, I get connected and can use it, but after about 8 minutes of inactivity (no open files), the share gets disconnected, and when I try to use it again, Windows says it cannot access the drive. After some retries, I can connect again and the whole thing repeats from the beginning. I have tried also using PPTP (which puts me on the same subnet as the server, not on a different one) and basically it seems I am getting the same behaviour. Obviosuly the same clients, when connected directly to the server's lan, show no issues at all and work flawlessly. I don't know if PPTP lets broacasts go through or not. OpenVPN does not, since it's routed and not bridged. I assume that apart from speed (512K on WAN connections) broadcasts are the only differences between LAN and WAN set-ups. Is there something I missed with broadcasts? I assume that since I use WINS, I don't need broadcasts to make Samba work. Am I wrong? -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] "guest account = XXX" not working in Samba 3.0.14a?
This is my first try at setting up a "guest ok" share. I have created an user named "guest" in Linux (since I don't want to use the default "nobody") that has group "users". Now, it seems that the "map to guest" directive is completely ignored. I have created the same user in samba (don't know if I need it) I have set up Samba 3.0.14a as follows (lots of stuff removed): [general] guest account = guest map to guest = bad user passdb backend = tdbsam guest [guest_share] guest ok = yes read list = guest read only = no Now, when I connect to Samba with a nonexistent username, I see in the logs that the nonexistent username gets mapped to the user "nobody", when it should get mapped to user "guest" as I stated in the general section. Where am I doing wrong? I don't want to use "nobody" because my "guest" user belongs to "users" group, not to "nogroup". I have tried testparm -v and it seems that there are no errors and that the "map to guest" directive gets read correctly. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] A workaround for printer drivers that crash with an exception error after uploading to Samba
I have just run into two printer drivers (Brother 1870N and HP Deskjet 890cxi) that seem to crash windows explorer as soon as they are uploaded to the samba server. I have tried using "default devmode=yes" with no success for both drivers. I have found an horrible workaround that maybe should be useful to others, so I'll describe it here. First, uninstall the offending printer and remove the driver using rpcclient, like this: # rpcclient localhost (give password) rpcclient $> setdriver rpcclient $> deldriverex then exit rpcclient. After this, install the printer's driver LOCALLY on a windows PC, configure it, and share the printer using the same name that is used on Linux. Then, again on Linux, use the command "net rpc printer migrate" to migrate drivers and its configuration from the Windows box to the Linux one, like this: # net rpc printer migrate drivers "" -U Administrator -S and then: # net rpc printer migrate settings "" -U Administrator -S This last command returns an error that says: "enumprinterkey failed: DOS code 0x001f, got no key-data" but it still seems to work. This has worked for me, and after doing it I was able to use the printers normally and also modify their settings using a Windows client. Hope this helps, but I suppose we need a better solution... -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] Serious Slowness Issues with Printing
Hello Jeremy, Friday, June 17, 2005, 6:39:50 PM, you wrote: >> The biggest problem is the time it takes Office to open up with a Samba >> printer set as default on the PC. If a fake local printer is installed >> and set as default, Office opens up quickly, but when the end user has >> to print, going in to select the printer can take some time to select >> on and then print to it. JA> The main thing to look at is the network traffic between client and JA> Samba server - ie. does the wait occur on the client when preparing JA> the job or in the network traffic between client and server or at JA> the server end once the job has been received at the server ? The quoted part of the original message suggests that the problems are not necessarily limited to the spooling part of the process. I have experienced similar problems with one of my customers. They have samba 3.0.14a and a mix of win2000 and winXPsp2 clients. Printers are shared through SPOOLSS protocol, with drivers downloaded to the clients from the server. Win2000 works perfectly, while winXP shows slowliness when dealing with the printes. It's slow when opening the "printers" folder on the server, slow when connecting a printer from the server to the current workstation, slow when displaying the connected printer's properties, and slow when Office applications that use that printer as default try to do something that's printer-related. For example, creating a report in Access is slow even if I don't even try to actually print it, because Access tries to access the printer's driver even when previewing the report on screen. So it seems to be something related to loading the driver more than to actually print something, and in fact after having waited for the driver to load, spooling is fast even for large jobs. In other places, with the same setup, it works with only a little delay instead of the long (10 seconds) delays I get in that particular setup. I have all of the winXP firewalls disabled, but I have only one printer (a Canon Pixma ip4000 connected to the parallel port) so I don't know if it's that particular driver that has problems. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.14a vs. 2.0.7, is "include =" recursive?
Hello Steve, Tuesday, June 14, 2005, 12:44:21 PM, you wrote: SW> I upgraded a mid-sized samba install (+-150 pc's) from Samba 2.0.7 to SW> 3.0.14a last night. It is acting as a PDC and the upgrade went smooth SW> except for one thing. I don't have an answer, but a question: what were the critical parts of the upgrade? Did you use smbpasswd or LDAP? Did you migrate the auth data from one backend to another? I have to do such a migration in a couple of days, and I am trying to double-check that I have planned everything right. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] recycle with debian-package of sambe 3.0.10
Hello Jeremy, Monday, June 13, 2005, 6:52:34 PM, you wrote: JA> Not true (that "the recycle VSF module is of quite no interest"), it's just that JA> the squeeky wheel tends to get the grease. You've squeeked, and I'm not applying JA> grease :-). Really thanks for the prompt answer and the fix. I know that I have no right to scream asking for a fix if I can't fix it myself, because I don't pay for your work, so I was not expecting such a prompt answer and fix, too. Recycle is quite a good advantage over Windows servers, in my opinion, and having it working properly is great. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File owner / group
Hello ljerem, Monday, June 13, 2005, 6:34:03 PM, you wrote: lfua> The problem is that, for example, when I create a file (or modify it with lfua> Word or Exel) in the Finances subdirectory, the file has my primary group lfua> as GID (Technology, in this case). lfua> What I need to do is to force Samba to create files with a specific GID lfua> for each of those subdirectories. You should set the SGID bit on the directory, and make the directory owned by the right group (Finances). This should make Linux (and not Samba) create the files under the Finances directory owned by the group Finances and not your primary group as it does now. This works without ACLs, I don't know if it works with ACLs. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Codepage conversion between 2.2.8 and 3.0.14 - what's 2.2.8 default charset on disk?
I have to upgrade a 2.2.8a (Debian) installation to 3.0.14a (Debian too). I have quite everything clear but I am afraid I will get into trouble with the filename encoding on disk. The current samba installation has no explicit codepage declared for the file system, and running "testparm" gives only these settings (which are default) for codepages and charsets: coding system = client code page = 850 code page directory = /usr/share/samba/codepages character set = The system's current locale is "POSIX". I have never worried about charset before because the files in the samba shares need to be accessed only by samba (not locally from Linux) so even if I had inconsistent file names between samba and local shell access, I was not worried, but now that I need to upgrade Smaba, I need to mantain consistent names between samba 2.x and samba 3.x. I suppose I will need to run convmv on the directories that are shared by samba to translate the file names to UTF-8, but the question is: what charset is in use now? From the testparm output I could not guess it, so i don't know how to convert my files. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] recycle with debian-package of sambe 3.0.10
Hello Stephan, Monday, June 13, 2005, 12:58:54 PM, you wrote: SH> I am struggeling around with the permissions of the recycle-vfs-module. SH> While working mostly good( placing deleted files inside the .recycle- SH> folder), the touch-option does not work. I am experiencing the same problem. The recycle vfs module is quite buggy, IMHO. The touch option does not seem to work, and also recycle needs some adjustments to the way it manages permissions, becuse by default it creates files and the .recycle directory itself with a permission of 0600 (or 0700) which is absolutely wrong when working on a share that's used by a group of users and not a single one. Still it seems that the recycle VSF module is of quite no interest, since these long standing bug have never been taken into account. Since I am not so good at C programming, I can't fix them myself, so I'm just waiting for someone to fix it. You should also check on bugzilla.samba.org by searching the term "recycle". There are some patches that where never (AFAIK) integrated into mainstream sources. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] A suggestion for the documentation
I have read (I suppose) all of the documentation about Samba, but I have not found a detailed description of the contents of the various tdb files. It should be useful to know what information goes in each file, and eventually which file can be safely deleted and rebuilt. For example, I have discovered by myself that group mapping could be reset and re-done by simply deleting the appropriate tdb file, but still I was not sure if this could lead to hidden issues before I have read John Terpstra's mail on this list suggesting to delete the tdb file and then to re-run the group mapping script. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] What's service 2227a280-3aea-1069-a2de-08002b30309d?
Hello samba, I have a samba 3.0.9 server that shares printers using SPOOLSS and hosting the drivers. Everything works, but accessing the printers from Win XP is very slow and I get an error in the log that says: couldn't find service::{2227a280-3aea-1069-a2de-08002b30309d} every time I try to access the printers list for the server from WinXP. Is this a known problem? What's this service that winXP does not find? -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] UID of the windows Domain Administrator user?
Hello Stéphane, Saturday, June 4, 2005, 2:02:28 PM, you wrote: SP> For joining a machine to domain, you must have a user with uid = 0. SP> But, begin with samba 3.0.11, the privileges can be used for use a other SP> user than root (uid = 0) SP> You can read more information in this pages : SP> http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html Yes, i have read this even if i have not yet tried it. What I have not understood is why do I *need* an user with a SID ending in 500 (as the howto says), because I have never had one, and I had no problems at all. The howto says I need one, but id does not say why, and what happens id I don't have one. SP> The "root" user is only used for that, but after joining a domain, SP> changing the SID cause no problem. You say that I can change the SID of a domain user and the clients will not get confused by this change? SP> Actually, on my network I not enabled privileges (in my test network : SP> yes and that work). But, I use root user only for adding machine to SP> domain, for the rest of administration, I have a administrator user SP> with SID = S-1-5-21-xx---500 and groupSID = SP> S-1-5-21-xx-x-x-512 Well, this seems to be a good idea anyway. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] UID of the windows Domain Administrator user?
I have installed lots of samba 3 servers as PDCs for little networks serving 10 users or so. I have always set up the user "root" as the domain administrator, by setting its group SID to -512 with pdbedit. My "root" user has usually a user SID of -1000 since it is the first user I add to Samba. I have never set up a username map to map "administrator" to "root", I use "root" directly also on Windows boxes when I need to connect as the domain admin (to add workstations to the domain, for example) and I have never had issues. I have no user named "administrator" on the domain. Now I have read in the HOWTO collection that I should set the user SID to -500 for the "administrator" user since this is a predefined default SID. I have found that a NT server uses 500 indeed for its "Administrator" user. First, I'd like to understand why do I need an user with the "500" SID, since I have never had one and still it seems that my "root" user is working. Second, I'd like to know what will happen if I changhe the SID of root from "1000" to "500", now that my workstations already know the user "root" by its old SID. I suppose that generally is definitely NOT a good idea to change a user's SID, because this would make his files on his workstations owned by someone else. Am I right? -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance problem when writing large files!
Hello Josef, Tuesday, May 24, 2005, 8:39:27 AM, you wrote: JFlc> We encounter following problem. If somebody on the network writes JFlc> big files from windows clients to a samba shared directory, the JFlc> performance of the server will be as much degraded, that, using top, JFlc> on all CPUs 'idle 0.0%' will be shown and the complete system JFlc> freezes, up to minutes after stopping the copying process. After a JFlc> while the system returns to its normal state, where mostly ideltimes JFlc> from 50.0% up to 99.9% are shown. This behavior can be reproduced JFlc> and will always happen. Maybe it's a HDD controller / driver issue. You should try and set up a minimal FTP server on the Samba server, and try to upload a big file by FTP. If it hangs, it's not samba. If it works, then maybe it's samba. In top, what's the process that uses up the most CPU time, when the system hangs? -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Domain Administrator
Hello Jorge, Monday, May 23, 2005, 6:51:59 PM, you wrote: JF> Someone told me to insert "domain admin group = group I want" or JF> "domain admin user = users I want" in my smb.conf file, but it didn't JF> worked (looks like that was for older versions of samba). JF> Can someone help? Try this command: (from root shell) net groupmap modify ntgroup="Domain Admins" unixgroup=root This should enable the users in the "root" group to be considered as domain admins by workstations, thus enabling the user "root" to be an administrator of all windows workstations. If you like, you can create a group like "ntadmins" and set that group to be Domain Admins instead of "root", then you can add users to this group (I suggest to add also root to this group) so that "normal" users (that do not have the root password on your Linux server) can still manage the windows workstations. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netbios Alias
Hello Ricky, Monday, May 23, 2005, 2:41:50 PM, you wrote: FR> include = /usr/local/samba/lib/smb.conf.tpub02 FR> I would appreciate any help with fixing this problem. Maybe if the netbios alias is uppercase, also the file should be smb.conf.TPUB02 instead of tpub02. have you tried uppercase? -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disabling [printers] share
Hello Marek, Monday, May 23, 2005, 2:04:21 PM, you wrote: MC> I've been trying to tackle this for some time and so far did not MC> find a way to do this. The problem is simple - as I don't enable MC> printing through Samba I'd like to disable it in such fashion that MC> user would not even see the empty Printers share when he lists the MC> available shares. How can I achieve that? Have you tried these ones? disable spoolss = yes show add printer wizard = no -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange intermittent join with XP SP2 and Samba 3.0.14a
Hello Megat0N, Sunday, May 22, 2005, 2:01:23 PM, you wrote: M> With xp sp2 (and 2003) i have to repeat various times the join phase M> before get success from the PDC, and, during each failed join, i get the M> error: M> "user unknown or incorrect password" This does not seem to be a firewall issue, but an XP-samba interaction issue of some type. I do not have the answer, but it should be interesting if you try to join a XP SP2 client (which has intermittent issues) to the domain after connecting it to the server's network, thus avoiding completely the firewall. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help in performing a Half-Migration from NT to samba3.
I am currently planning "half a migration" (and half a new configuration) from NT to Samba PDC, and I would like to have some help. I have read the howto and I have understood something useful, but I also understood that I don't know enough of Samba domain internals to be sure not to make terrible mistakes. I currently have a NT4 PDC that also shares files and printers. Since groups and shares are a complete mess (not made by myself), I would like to migrate to samba (with tdbsam) and, in the process, recreate groups and shares (and access control to files) in a completely different way. I have about 60 workstations and 60 users, with an awful lot of printers (30 or so). I have started thinking about a migration plan, and have come up with some very generic ideas, on which I ask for some advice. - I should migrate printers to linux before everything else, while the users still use the nt4 server, because I need to go to every workstation and change the printers settings individually, and I would like to do this while the network is still in use (planning to use one entire day or more for this task). Ideally users should print through samba and cups while still using the NT server for everyting else. Question: is it better to use samba printing or to use LPD printing or IPP printing, provided that the workstations (XP sp2 and win2000) can do it? - I should then take the network down, use net rpc vampire to get the users, groups and machine accounts from NT to Samba, then discard the groups information and create my own group structure. Move the shared files from NT to Samba, modify login scripts, and test access from some workstations, then restart the network (during a week long holiday when the office is closed). Question: can I vampire only users and machine accounts and no groups (since I want to change them completely)? Question: I have read in the samba howto (or was it "by example"?) that I can (and should in some cases) run vampire, then export tdbsam to smbpasswd to strip domain information, then go back to tdbsam. This seems a good idea to strip out things like the home directory that must be changed for every user to the new server, but there is one aspect I don't understand: if I strip all domain information, doesn't the user's SID get lost and then recreated differently? What happens if I change the users SID numbers? Doesn't this make an horrible mess on the workstations that already know the domain users by the old SIDs? Any help (even in suggesting to read more of TFM, and possily a link to the part of the manual that I have to read) is really appreciated. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] 100% CPU eaten -- tdb_fetch failed
Hello John, Thursday, February 26, 2004, 3:30:21 AM, you wrote: JHT> You should run the tdbbackup tool every time Samba (smbd) is shut down. JHT> Please refer to the man page for further information. The use of tdbbackup JHT> is a very important step to prevention of catastrophic problems with tdbs. It should be a good idea to include a tdbbackup run in the init script that runs samba (I mean /etc/init.d/samba). Why don't you include it in the standard init script that is included in the samba distribution? (I refer to the debian packages, I don't know about the other binary distributions). -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] Recycle module permissions - a workaround
Hello rruegner, Monday, February 23, 2004, 12:11:18 AM, you wrote: r> i just tested this and it doesnt work r> is a special vfs version needed? No, I'm running samba 3.0.2a, installed from the debian binary packages found on samnba.org. The complete share configuration is: [discone] comment = Disco generico path = /ud0/discone/ read only = No hide dot files = yes vfs objects = recycle recycle:versions = Yes recycle:touch = Yes recycle:maxsize = 1 recycle:repository = .recycle.%u I have tested it again, and it works. My username is "kurgan", and I get a ".recycle.kurgan" folder with my deleted files in it. I have not tried it (yet) with more than one user concurrently. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Recycle module permissions - a workaround
I have just found a simple (yet not so elegant) workaround for the recycle VFS module permissions issue. Recycled directory is always created with a 0700 permission, not allowing the use of the recycle bin in a share that should be group-writeable. The simple workaround is to set "individual" recycle bins, by setting recycle:repository=.recycle.%u this makes samba create a repository named ".recycle." for every user. Every repository has 0700 permissions, so other users cannot access it, but the user who deleted the file can always recover it, and this has the side effect of letting the administrator (and the users too) be aware of who deleted a file. Also, a user can simply browse "the files I have deleted" in its personal bin, as opposed to a common bin with hundreds of deleted files all together. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Recycle module malfunctioning in 3.0.2a?
Hello samba, I have just installed Samba 3.0.2a (debian packages from samba.org) and I have found that the recycle vfs module does not work. This is my setup for a share with recycle enabled: [dis_imp] comment = Disegni Impianti path = /ud0/dis_imp read only = No vfs objects = recycle recycle:versions = Yes recycle:touch = Yes recycle:maxsize = 1 Recycle works, but it ignores the "touch" option. The other options are working correctly. Apart from this issue with the touch option, recycle does create its .recycle directory with 0700 permissions, disregarding any "directory mask" and "force directory mode" directive. Must I use the "inherit permissions" setting to get a 0770 permission on ".recycle"? The touch issue makes it impossible for me to delete the contents of the recycle bin based on delete time, and the fixed permission (0700) makes impossible for a group (as opposed to a single user) to work easily with recycle bin. Any solution for these issues? Thanks. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba acls
Hello Adrian, Monday, June 30, 2003, 3:15:54 AM, you wrote: AC> the gid and uid of the file) Mine worked as if it is always created as a AC> root user.I thought the file should have the uid and gid or the person AC> who created the file (respect to the /etc/passwd and /etc/group in the AC> Samba server). Itshould have the user's gid and uid. Do you have an "admin users" directive in smb.conf? If you do, and the username you are connecting as in the admin users list, then you will act as root on the file system. -- Best regards, Fabiomailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] W2K PDC Domain
Hello Andrew, Friday, June 27, 2003, 8:31:12 AM, you wrote: AB> Make sure you have no mapped drives to the server before you join the AB> domain. In particular, don't have any drives open as a different user AB> to the one you use to join the domain (usually root). Also, do NOT try to go from a workgroup to a domain of the same name. It will quite surely fail. If you need to go from WG "a" to domain "a", first change WG from "a" to "b", reboot, then try to join domain "a". If it fails, try executing a "net use * /d" on the Win2k box before joining the domain to disconnect all drives, printers, and IPC$ too. -- Best regards, Fabiomailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] 2.2.8a, printer driver download: need to use setdrive r
Hello Andreas, >> This is the EXACT problem I had. Haven't fixed it either if I have 10 >> printers upload all the drivers.. for all the OS's... how do I tell >> which drivers go with which printer? A> You use the setdriver command, it seems. What I wanted to know is if this A> is expected or if I'm missing something. It should work and should be needed. Or, if you add drivers from a Win2000 client, then you don't need setdriver (I think). -- Best regards, Fabiomailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printer drivers on a samba 2.2.8a server: how?
I'd like to set up my samba 2.2.8a server to serve printer drivers to clients when needed. I have set up the print$ share, in which I still have no drivers. Tried adding drivers from a win2000 workstation by using "server properties" command, I can't add anything since all buttons are greyed out. The user I am using is in the printer admin group in smb.conf. I can provide snippets of the config files if needed. Is there some docs I can read about my specific issue, or generally about printing with samba 2.2.8 and cups? Thanks a lot. -- Best regards, Fabio mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba