[Samba] test email message
Hello list please ignore this message... just testing if I can send email to this list -- Gianluca Culot DMS Multimedia Via delle Arti e dei Mestieri, 6 20050 Sulbiate (Mi) - Italy Tel: +39 039 5968925 Fax: +39 039 3309813 <mailto:[EMAIL PROTECTED]> www.dmsware.com <http://www.dmsware.com/> Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il mittente comunica che il presente messaggio ed ogni suo allegato, al momento dellinvio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri tipo di codice software dannoso. Questo messaggio e i suoi allegati potrebbero essere stati infettati durante la trasmissione. Leggendo il messaggio e/o aprendo gli allegati, il Destinatario si prende la piena responsabilità nei confronti di ogni azione protettiva o di rimedio per la rimozione di virus ed altri difetti. DMS Multimedia non potrà essere considerata responsabile per qualsivoglia danno o perdita derivata qualunque modo da questo messaggio o dai suoi allegati. The information in this electronic mail message, including any attachments, is confidential and may be legally privileged. It is intended solely for the addressee(s). Access to this Internet electronic mail message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening the attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects.DMS Multimedia is not liable for any loss or damage arising in any way from this message or its attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] Invalid request size nsswitch/winbindd
Thanks for the info. So how can I restart all the services wothout actually rebooting the machine ? I've already restarted apache squid samba ftp ftproxy etc But I don't know can I restart all other services (for example VTI and all basic services) Actually ALL services (from VTI to apache) on this server use PAM to athenticate users through samba (i.e. are using NSS subsystem someway) Thanks > -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > g] Per conto di Volker Lendecke > Inviato: mercoledì 19 dicembre 2007 18.06 > A: Charles Marcus > Cc: '[EMAIL PROTECTED] Samba. Org' > Oggetto: Re: [Samba] Invalid request size nsswitch/winbindd > > On Wed, Dec 19, 2007 at 11:37:36AM -0500, Charles Marcus wrote: > > On 12/19/2007, Volker Lendecke ([EMAIL PROTECTED]) wrote: > > >Reboot your box. It's not only smbd, all processes in the system > > >potentially can trigger this error. > > > > Just to be clear - you're saying that anytime Samba is upgraded, I > > should REBOOT?? > > Well, I think almost everything uses nss. So it's not a Samba > thing, it's a problem that the nss subsystem does not reload > the shared libraries when they change. For example if you > install a new libnss_ldap.so, you have exactly the same problem. > > Volker > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] Invalid request size nsswitch/winbindd
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > g] Per conto di Volker Lendecke > Inviato: mercoledì 19 dicembre 2007 18.06 > A: Charles Marcus > Cc: '[EMAIL PROTECTED] Samba. Org' > Oggetto: Re: [Samba] Invalid request size nsswitch/winbindd > > On Wed, Dec 19, 2007 at 11:37:36AM -0500, Charles Marcus wrote: > > On 12/19/2007, Volker Lendecke ([EMAIL PROTECTED]) wrote: > > >Reboot your box. It's not only smbd, all processes in the system > > >potentially can trigger this error. > > > > Just to be clear - you're saying that anytime Samba is upgraded, I > > should REBOOT?? > > Well, I think almost everything uses nss. So it's not a Samba > thing, it's a problem that the nss subsystem does not reload > the shared libraries when they change. For example if you > install a new libnss_ldap.so, you have exactly the same problem. > > Volker > Hello List Thanks for all replies And sorry for my late reply... I got busy with development problems... But now I'm back to network As I understand... Nss is a shared subsystem in *NIX As it is shared it can be used be EVERY service / subsystem As NSS doesn't reload shwared library I should restart every service using NSS So far so good. BUT I'm using NSS tu authenticate login, even to console. And I'd preferr NOT TO reboot, but to restart service. How can I restart the login subsystem (i.e. VTI) without rebooting ? Every other services was already restarted (i.d. postfix dovecot samba apache ftp proxy squid) Thanks for every Hint! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Invalid request size nsswitch/winbindd
Hello list I've seen there is a discussion about this error Dec 19 10:30:00 antares winbindd[90393]: [2007/12/19 10:30:00, 0] nsswitch/winbindd.c:request_len_recv(544) Dec 19 10:30:00 antares winbindd[90393]: request_len_recv: Invalid request size received: 2084 (expected 2088) but the suggested remedy of sttoping and starting samba granting all winbindd processes died doesn't work for me I'm running e freebsd 6 box with samba-3.0.28,1 I ALWAYS portupgraded, never built custom packages or from sources. a completely similar box (portupgraded in the same way and running the SAME samba version) doesn't report this error both samba are attached and referring to the same domain. actually this error doesn't seem to bring any problem to the user and server operations... but it is reported VERY frequently ! any suggestion ? ------ Gianluca Culot DMS Multimedia Via delle Arti e dei Mestieri, 6 20050 Sulbiate (Mi) - Italy Tel: +39 039 5968925 Fax: +39 039 3309813 <mailto:[EMAIL PROTECTED]> www.dmsware.com <http://www.dmsware.com/> Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il mittente comunica che il presente messaggio ed ogni suo allegato, al momento dellinvio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri tipo di codice software dannoso. Questo messaggio e i suoi allegati potrebbero essere stati infettati durante la trasmissione. Leggendo il messaggio e/o aprendo gli allegati, il Destinatario si prende la piena responsabilità nei confronti di ogni azione protettiva o di rimedio per la rimozione di virus ed altri difetti. DMS Multimedia non potrà essere considerata responsabile per qualsivoglia danno o perdita derivata qualunque modo da questo messaggio o dai suoi allegati. The information in this electronic mail message, including any attachments, is confidential and may be legally privileged. It is intended solely for the addressee(s). Access to this Internet electronic mail message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening the attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects.DMS Multimedia is not liable for any loss or damage arising in any way from this message or its attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] unauthorized acess attempt
I'M SORRY The log file is MESSAGES /var/log/messages AND NOT /var/log/maillog... As I reported in my last email ! Actually there is no error message in /var/log/maillog > -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > g] Per conto di Gianluca Culot > Inviato: mercoledì 19 dicembre 2007 10.16 > A: [EMAIL PROTECTED]; '[EMAIL PROTECTED] Samba. Org' > Oggetto: R: [Samba] unauthorized acess attempt > > The dovecot logs to syslog to the /var/log/maillog > > # Syslog facility to use if you're logging to syslog. Usually > if you don't # want to use "mail", you'll use local0..local7. > Also other standard # facilities are supported. > syslog_facility = mail > > And in SYSLOG.CONF > mail.* /var/log/maillog > > The message I reported in taken from /var/log/maillog > > So... Actualy I do not receive any Error message from dovecot... > Looks like dovecot rely on the error message of winbind and > doesn't log any more message... > Possible? > Strange ? > > > -Messaggio originale- > > Da: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > g] Per conto di [EMAIL PROTECTED] > > Inviato: sabato 15 dicembre 2007 15.16 > > A: '[EMAIL PROTECTED] Samba. Org' > > Oggetto: Re: [Samba] unauthorized acess attempt > > > > Gianluca Culot wrote: > > > Hello list > > > > > > I'm facing a little security problem > > > > > > I get A LOT (3 a minute) a such a message > > > > > > mail dovecot-auth: pam_winbind(dovecot): request failed: No such > > > user, PAM error was unknown user (13), NT error was > > > NT_STATUS_NO_SUCH_USER > > > > > > I'd like to know which is the user name used in such > > attempts How can > > > I get such info without raising log level to an > inacceptable level > > > (which would cause my log file to explode !?! ) > > > > Have you looked at your dovecot logs to see who's trying to > login at > > that time? > > > > Don Piven > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] unauthorized acess attempt
The dovecot logs to syslog to the /var/log/maillog # Syslog facility to use if you're logging to syslog. Usually if you don't # want to use "mail", you'll use local0..local7. Also other standard # facilities are supported. syslog_facility = mail And in SYSLOG.CONF mail.* /var/log/maillog The message I reported in taken from /var/log/maillog So... Actualy I do not receive any Error message from dovecot... Looks like dovecot rely on the error message of winbind and doesn't log any more message... Possible? Strange ? > -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > g] Per conto di [EMAIL PROTECTED] > Inviato: sabato 15 dicembre 2007 15.16 > A: '[EMAIL PROTECTED] Samba. Org' > Oggetto: Re: [Samba] unauthorized acess attempt > > Gianluca Culot wrote: > > Hello list > > > > I'm facing a little security problem > > > > I get A LOT (3 a minute) a such a message > > > > mail dovecot-auth: pam_winbind(dovecot): request failed: No such > > user, PAM error was unknown user (13), NT error was > > NT_STATUS_NO_SUCH_USER > > > > I'd like to know which is the user name used in such > attempts How can > > I get such info without raising log level to an inacceptable level > > (which would cause my log file to explode !?! ) > > Have you looked at your dovecot logs to see who's trying to > login at that time? > > Don Piven > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] unauthorized acess attempt
Hello Jeremy Sorry for my late answer. Your message went unseen and I got really busy with some urgent projects. About my box (freebsd6 + samba + dovecot + postfix) samba-3.0.26a_2,1 dovecot-1.0.7 postfix-2.3.13,1 I'm building from ports, and as it is a production machine I'd like to let it be managed by ports, as I usually run portupgrade to update the packages. Anyway Are you sure it is a bug ? This message is not generated at regular times, and not always near user activity. I get A LOT of such a message even at full night, with no user activity at all. I suspect it is not a bug but a foreign user trying to gain access to my mail server trying random passwords for a user. BUT I CANNOT READ the account being tampered... Maybe I could adjust the log level... But please consider this box manages something like 5000 emails/day... I cannot rise the log level too much ! And I cannot put it in a "idle" state any way ! Thanks > -Messaggio originale- > Da: Jeremy Allison [mailto:[EMAIL PROTECTED] > Inviato: venerdì 14 dicembre 2007 19.08 > A: Gianluca Culot > Cc: '[EMAIL PROTECTED] Samba. Org' > Oggetto: Re: [Samba] unauthorized acess attempt > > On Fri, Dec 14, 2007 at 04:26:13PM +0100, Gianluca Culot wrote: > > Hello list > > > > I'm facing a little security problem > > > > I get A LOT (3 a minute) a such a message > > > > mail dovecot-auth: pam_winbind(dovecot): request failed: No such > > user, PAM error was unknown user (13), NT error was > > NT_STATUS_NO_SUCH_USER > > > > I'd like to know which is the user name used in such > attempts How can > > I get such info without raising log level to an inacceptable level > > (which would cause my log file to explode !?! ) > > This needs a patch I think. I'll look into this. Can you log > a bug at bugzilla.samba.org please ? > > If you can build from source, I can send you something you > can use quicker than waiting for an official release :-). > > Jeremy. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unauthorized acess attempt
Hello list I'm facing a little security problem I get A LOT (3 a minute) a such a message mail dovecot-auth: pam_winbind(dovecot): request failed: No such user, PAM error was unknown user (13), NT error was NT_STATUS_NO_SUCH_USER I'd like to know which is the user name used in such attempts How can I get such info without raising log level to an inacceptable level (which would cause my log file to explode !?! ) Thanks eveybody Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot find Domain Master Broswer
After upgrading my freebsd 6 box to samba-3.0.26a_2,1 I get this error Dec 12 10:16:58 mail nmbd[10450]: find_domain_master_name_query_fail: Dec 12 10:16:58 mail nmbd[10450]: Unable to find the Domain Master Browser name DMSWARE<1b> for the workgroup DMSWARE. Dec 12 10:16:58 mail nmbd[10450]: Unable to sync browse lists in this workgroup. the DMSWARE domain is the local domain, and no other server is blaiming. any clue about the problem origin ? the samba is behind a firewall, so no broadcast is possible, and I do not have a wins server. net ads testjoin reports : Join is OK net rpc testjoin reports : Unable to find a suitable server Join to domain 'DMSWARE' is not valid Any hint ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] thread removal
Hello list I've a peculiar request (not really related to a samba system problem) In the beginning of the year I asked for help to this list, and exchanged emails with many users, to solve an issue (samba vs AD2k3) . I exchanged many emails trying different commands and sending many results of these commands. Unfortunately I did not changed all assigned usernames with anonymous ones. No a user in my net discoverd her name in the archive of this list, and is asking to remove the thread with her name. I don't know if this is possible and how. Could someone please help with the correct procedure ? THANKS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] howwinbind cache time works
> -Messaggio originale- > Da: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] > Inviato: venerdì 14 settembre 2007 14.59 > A: Gianluca Culot > Cc: [EMAIL PROTECTED] Samba. Org > Oggetto: Re: [Samba] howwinbind cache time works > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Gianluca Culot wrote: > > Hello list > > > > I' ve a question regarding Samba Documentation > > > > I could not figure out how Winbind chace time works > > > > I know thsi parameter is user to configure a period of time > in which > > the samba server "retain" user credential to speed up access... > > What I need to know is WHEN this time starts and is renewed > > > > the countdown is restarted every time the user authenticates ? > > or is a cicle starting since the first user login (let's say of the > > day ) and is restarted at the first user login after the > countdown expired ? > > The "winbind cache time" refers to a period check made by winbindd. > It is not related to the time a user logs one. It is more > reasonably related to the start time of winbindd. > > > > > > cheers, jerry > = > Samba--- http://www.samba.org > Centeris --- http://www.centeris.com > "What man is a man who does not make the world better?" --Balian > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2.2 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFG6oWIIR7qMdg1EfYRAsYQAJsEhkRxglreamlO5qkV251BlP+uWACgu6Z1 > sP4qpywNyLYzOusKjfU87Fc= > =C+Q+ > -END PGP SIGNATURE- > Hello Gerald and thanks for the info But, So cache time will start some kind of job and lowering it too much would bose some stressing on servers and network ? what would a reasonable value for that param ? Actually I've set it at 3600, but as users are blaming for new password to be accepted too slowly... I was planning to lower it at 60... Would it be advisable ? Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] howwinbind cache time works
Hello list I' ve a question regarding Samba Documentation I could not figure out how Winbind chace time works I know thsi parameter is user to configure a period of time in which the samba server "retain" user credential to speed up access... What I need to know is WHEN this time starts and is renewed the countdown is restarted every time the user authenticates ? or is a cicle starting since the first user login (let's say of the day ) and is restarted at the first user login after the countdown expired ? Thanks ------ Gianluca Culot DMS Multimedia Via delle Arti e dei Mestieri, 6 20050 Sulbiate (Mi) - Italy Tel: +39 039 5968925 Fax: +39 039 3309813 <mailto:[EMAIL PROTECTED]> www.dmsware.com <http://www.dmsware.com/> Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il mittente comunica che il presente messaggio ed ogni suo allegato, al momento dellinvio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri tipo di codice software dannoso. Questo messaggio e i suoi allegati potrebbero essere stati infettati durante la trasmissione. Leggendo il messaggio e/o aprendo gli allegati, il Destinatario si prende la piena responsabilità nei confronti di ogni azione protettiva o di rimedio per la rimozione di virus ed altri difetti. DMS Multimedia non potrà essere considerata responsabile per qualsivoglia danno o perdita derivata qualunque modo da questo messaggio o dai suoi allegati. The information in this electronic mail message, including any attachments, is confidential and may be legally privileged. It is intended solely for the addressee(s). Access to this Internet electronic mail message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening the attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects.DMS Multimedia is not liable for any loss or damage arising in any way from this message or its attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] cannot autenticate user in AD
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > g] Per conto di Roberto Lizana > Inviato: mercoledì 11 luglio 2007 13.26 > A: samba@lists.samba.org > Oggetto: [Samba] cannot autenticate user in AD > > I have configured samba like member of AD, if i type in > console 'wbinfo -u' y get all user of my AD, if type in > console 'wbinfo -g' y get all groups too. It's correct but if > i type 'getent passwd' or 'getent group' > don't get any user or group of my AD... why??? > > * in nsswitch.conf appears: > passws: files winbind > group: files winbind > shadow: files winbind > > i execute ldconfig for apply all changes of nsswitch.conf > > i have libnss_winbind.so and libnss_winbind.so.2 in /lib > > * smbd version is 3.0.25b and i compile this with arguments: > --with-winbind --with-krb5=/usr/lib --with-ads > > * smb.conf: > workgroup = DOMAIN > realm = DOMAIN.INT > netbios name = samba1 > preferred master = no > client schannel = no > security = ADS > password server = * > idmap uid = 1-25 > idmap gid = 1-25 > winbind uid = 1-25 > winbind gid = 1-25 > winbind separator = + > winbind enum users = yes > winbind enum groups = yes > > > * klist > Default principal: [EMAIL PROTECTED] > > Valid starting ExpiresService principal > 07/11/07 12:26:17 07/11/07 22:26:18 krbtgt/[EMAIL PROTECTED] >renew until 07/12/07 12:26:17 > > > Kerberos 4 ticket cache: /tmp/tkt0 > klist: You have no tickets cached > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Hello Roberto I'm not a Samba Expert, so ... Make backups before trying what I suggest :D I don't like two settings in your smb.conf password server = * >>> I'd specify an address or a name which CAN be sonved by DNS winbind separator = + >>> YOU REALLY SURE ? I'd suppress this with a comment # Hope this helps Be well Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] AD domain membership problem
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > g] Per conto di Stephen Roylance > Inviato: domenica 8 luglio 2007 0.09 > A: samba@lists.samba.org > Oggetto: [Samba] AD domain membership problem > > Hello, and thanks in advance for any assistance. > I have a linux machine that I'm trying to join to a windows > 2003 sp1 active directory. The specifics are: > RHEL5, samba version samba-3.0.23c-2.el5.2.0.2 a firewall > between this server and the rest of the world (which includes > the DCs), ports are open for kerberos and CIFS inbound and > kerberos, CIFS, NTP and UDP oubtound. > this machine (server.sub.domain.org) is in a subdomain of the > AD domain > (domain.org) > > I am able to run net ads join -U me createcomputer="/myOU/" > and it seems to succeed. net ads testjoin, net ads info, etc > all seem to work correctly. When I try to connect remotely > or use smbclient locally with -U me -W domain.org it fails > with "session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE" > and I see errors like: > [2007/07/07 17:50:54, 0] > rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2673) > cli_rpc_pipe_open_schannel: failed to get schannel session > key from server DC1.DOMAIN.ORG for domain DOMAIN. > [2007/07/07 17:50:54, 0] > auth/auth_domain.c:connect_to_domain_password_server(112) > connect_to_domain_password_server: unable to open the > domain client session to machine DC1.DOMAIN.ORG. Error was : > NT_STATUS_ACCESS_DENIED. > [2007/07/07 17:50:54, 0] > auth/auth_domain.c:domain_client_validate(206) > domain_client_validate: Domain password server not available. > > running net ads changetrustpw hangs and never returns. > I've tried dropping and re-joining the machine to the domain > many times, every now and then it fails, but usually > succeeds, but still does not allow connections using domain > credentials. > > Any suggestions appreciated > -Steve > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Hello Steve I've reported similar problems to the list but never got an hint. I've solved a much similar issue making Samb Server a Wins Server and forcing it to solve hostnames against DNS Of course the server is equiped with a dns server too ;) Here is an excerpt of my configuration file #smb.conf [global] workgroup = DMSWARE Wins support = yes dns proxy = yes #name resolve order = host wins bcast name resolve order = wins lmhosts hosts bcast local master = yes #domain master = yes domain master = no preferred master = auto enhanced browsing = yes #encrypt password = yes # YES = Default Be aware this doesn't solve all the issues with a firewall Net rpc testjoin only works if you specify -S attribute. Looks like Samba falls on BCAST with some commands, ignoring every over name solving mechanism Hope this helps Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] problem with directory permission and access from windows
> -Messaggio originale- > Da: Dale Schroeder [mailto:[EMAIL PROTECTED] > Inviato: venerdì 6 luglio 2007 18.56 > A: Gianluca Culot; samba@lists.samba.org > Oggetto: Re: [Samba] problem with directory permission and > access from windows > > Gianluca, > > What happens if you use > valid users = DMSWARE\%S > > In my setup I have set posix directory permissions to 740, > owned by DOMAIN\:DOMAIN\"Domain Users", and set > valid users as shown above. > > Dale > > Gianluca Culot wrote: > > Hello list > > > > I've a problem giving exclusive access to home directory to > the user > > owning it via Samba 3.0.24 > > > > I've setup access and user authentication and setup the share as > > follow > > > > [Home] > > path = /home > > #valid users = %S > > valid users = "@DMSWARE\domain users" > > > > Each home directory is owned by the AD user > > > > Drwx-- 4 gianlucaculot domain users 512 Jul 5 15:47 > > gianlucaculot > > > > If I set "valid users= "@DMSWARE\domain users" > > I can get read only access to Home Directory, BUT NOT to the user > > directory, Not even my own directory > > > > If I set " valid users = %S " I cannot get access to the Home Share. > > > > The ONLY way to read (and write) the home directory is to set > > Drwxr-xr-x 4 gianlucaculot domain users 512 Jul 5 15:47 > > gianlucaculot > > valid users = "@DMSWARE\domain users" > > > > But this is quite odd. > > > > Please can any bodyu give me a hint > > I'd like to give Exclusive access to eah owner to the Home Directory > > > > > > -- > > Gianluca Culot > > DMS Multimedia > > Via delle Arti e dei Mestieri, 6 > > 20050 Sulbiate (Mi) - Italy > > Tel: +39 039 5968925 > > Fax: +39 039 3309813 > > <mailto:[EMAIL PROTECTED]> > > www.dmsware.com <http://www.dmsware.com/> > > > If I set valid users = DMSWARE\%S I cannot get access at all to the share According to the samba manual %S is the System Machine Account I tried with %U, User Account (as the users are authenticated on the AD domain... But nothing changed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with directory permission and access from windows
Hello list I've a problem giving exclusive access to home directory to the user owning it via Samba 3.0.24 I've setup access and user authentication and setup the share as follow [Home] path = /home #valid users = %S valid users = "@DMSWARE\domain users" Each home directory is owned by the AD user Drwx-- 4 gianlucaculot domain users 512 Jul 5 15:47 gianlucaculot If I set "valid users= "@DMSWARE\domain users" I can get read only access to Home Directory, BUT NOT to the user directory, Not even my own directory If I set " valid users = %S " I cannot get access to the Home Share. The ONLY way to read (and write) the home directory is to set Drwxr-xr-x 4 gianlucaculot domain users 512 Jul 5 15:47 gianlucaculot valid users = "@DMSWARE\domain users" But this is quite odd. Please can any bodyu give me a hint I'd like to give Exclusive access to eah owner to the Home Directory -- Gianluca Culot DMS Multimedia Via delle Arti e dei Mestieri, 6 20050 Sulbiate (Mi) - Italy Tel: +39 039 5968925 Fax: +39 039 3309813 <mailto:[EMAIL PROTECTED]> www.dmsware.com <http://www.dmsware.com/> Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il mittente comunica che il presente messaggio ed ogni suo allegato, al momento dellinvio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri tipo di codice software dannoso. Questo messaggio e i suoi allegati potrebbero essere stati infettati durante la trasmissione. Leggendo il messaggio e/o aprendo gli allegati, il Destinatario si prende la piena responsabilità nei confronti di ogni azione protettiva o di rimedio per la rimozione di virus ed altri difetti. DMS Multimedia non potrà essere considerata responsabile per qualsivoglia danno o perdita derivata qualunque modo da questo messaggio o dai suoi allegati. The information in this electronic mail message, including any attachments, is confidential and may be legally privileged. It is intended solely for the addressee(s). Access to this Internet electronic mail message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening the attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects.DMS Multimedia is not liable for any loss or damage arising in any way from this message or its attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Samba Net RPC Behind a firewall
Hello list How can I manually register a server in a Samba Wins Server ? I'm facing this scenario firewalled net in the DMZSamba Box 3.0.25FreeBsd 6 In the NETWindows 2003 SP1 The samba box is authenticating user against the Windows 2003 server. Of course the firewall is open for TCP 445 88 137-139 UDP 137-139 problems pop up for all NET RPC comands the samba box cannot find a Domain Server. Obviously it is because the firewall is stopping broadcasts from DMZ to Intranet. So I made Samba working as WINS server the problem is this The Domain server WILL NEVER try to register on the Samba Wins Server and I'm not willing to open Intranet to DMZ WINS comunications over the firewall I'd rather preferr to register MANUALLY and ONCE the Windows2003 server on the Samba WINS server. How can I do this ? I searched over and over in google, but found no clue at all. [global] workgroup = DMSWARE Wins support = yes dns proxy = yes #name resolve order = host wins bcast name resolve order = wins lmhosts hosts bcast local master = yes #domain master = yes domain master = no preferred master = auto enhanced browsing = yes #encrypt password = yes # YES = Default realm = DMSWARE.it server string = mail security = ADS password server = orion passdb backend = tdbsam passwd program = /usr/bin/passwd %u client use spnego = yes server signing = auto client signing = auto #passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . #passwd chat debug = yes log file = /var/log/samba/log.%m add user script = /usr/sbin/pw useradd %u delete user script = /usr/sbin/pw userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/pw groupdel %g template homedir = /home/%U template shell = /bin/csh winbind cache time = 3600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap domains = DMSWARE idmap config DMSWARE:range = 1-4 idmap config DMSWARE:base_rid = 0 idmap config DMSWARE:backend = rid idmap uid = 1-4 idmap gid = 1-4 # Networking configuration options hosts allow = 192.168.0. 192.168.1. localhost #guest ok = yes #guest only = yes browseable = yes #read only = yes #force directory mode = 744 public = yes available = yes browse list = yes -- Gianluca Culot DMS Multimedia Via delle Arti e dei Mestieri, 6 20050 Sulbiate (Mi) - Italy Tel: +39 039 5968925 Fax: +39 039 3309813 <mailto:[EMAIL PROTECTED]> www.dmsware.com <http://www.dmsware.com/> Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il mittente comunica che il presente messaggio ed ogni suo allegato, al momento dellinvio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri tipo di codice software dannoso. Questo messaggio e i suoi allegati potrebbero essere stati infettati durante la trasmissione. Leggendo il messaggio e/o aprendo gli allegati, il Destinatario si prende la piena responsabilità nei confronti di ogni azione protettiva o di rimedio per la rimozione di virus ed altri difetti. DMS Multimedia non potrà essere considerata responsabile per qualsivoglia danno o perdita derivata qualunque modo da questo messaggio o dai suoi allegati. The information in this electronic mail message, including any attachments, is confidential and may be legally privileged. It is intended solely for the addressee(s). Access to this Internet electronic mail message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening the attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects.DMS Multimedia is not liable for any loss or damage arising in any way from this message or its attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with Samba Wins Server
Hello List I'm experienceing problems with Samba 3.0.25,1 running in a FreeBSD box. I've succesfully joined a domain, and I've configured mail with auth on W2k3 server thorugh PAM. But I have problems with wins name resolution . If I issue mail# /usr/local/www > net rpc testjoin Unable to find a suitable server Join to domain 'DMSWARE' is not valid BUT mail# /etc > net rpc testjoin -S orion Join to 'DMSWARE' is OK AND mail# /usr/local/www > net ads testjoin Join is OK I know that RPC and ADS use two different methods to find the server... But RPC shouldn't net rpc first try with files, then DNS, then broadcast ? I've listed Orion in the machine host file, and the name can be successfully resolved by name server, with or without domain And giving "-S orion" is nothing more than what is already listed in smb.conf So Why RPC fails ? Here are my conf files ** mail# /etc > less nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind #hosts: db files nisplus nis dns #hosts: files dns wins hosts: files dns bcast # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: db files netmasks: files networks: files dns protocols: db files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus nsswitch.conf (END) ** mail# /etc > less smb.conf [global] workgroup = DMSWARE Wins support = yes dns proxy = yes name resolve order = host wins bcast local master = yes domain master = no preferred master = auto enhanced browsing = yes #encrypt password = yes # YES = Default realm = DMSWARE.it server string = mail security = ADS password server = orion passdb backend = tdbsam passwd program = /usr/bin/passwd %u client use spnego = yes server signing = auto client signing = auto #passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . #passwd chat debug = yes log file = /var/log/samba/log.%m add user script = /usr/sbin/pw useradd %u delete user script = /usr/sbin/pw userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/pw groupdel %g preferred master = No template homedir = /home/%U template shell = /bin/csh winbind cache time = 3600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap domains = DMSWARE idmap config DMSWARE:range = 1-4 idmap config DMSWARE:base_rid = 0 idmap config DMSWARE:backend = rid ** mail# /etc > less hosts 127.0.0.1 localhost.DMSWARE.it localhost 192.168.1.38 MAIL.DMSWARE.it MAIL 192.168.1.38 MAIL.DMSWARE.it. 192.168.0.12 orion.dmsware.it 192.168.0.12 orion hosts (END) Thanks everybody for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems accessing Shares
th = /usr/local/share valid users = DMSWARE\gianlucaculot [Home] path = /home read only = No [test] path = /usr/local/www/test valid users = @DMSWARE\multimediaspv, @DMSWARE\softwarespv, DMSWARE\andrealaus read only = No create mask = 0777 directory mask = 0777 What then hell I'm doing wrong ? ------ Gianluca Culot DMS Multimedia Via delle Arti e dei Mestieri, 6 20050 Sulbiate (Mi) - Italy Tel: +39 039 5968925 Fax: +39 039 3309813 <mailto:[EMAIL PROTECTED]> www.dmsware.com <http://www.dmsware.com/> Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il mittente comunica che il presente messaggio ed ogni suo allegato, al momento dellinvio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri tipo di codice software dannoso. Questo messaggio e i suoi allegati potrebbero essere stati infettati durante la trasmissione. Leggendo il messaggio e/o aprendo gli allegati, il Destinatario si prende la piena responsabilità nei confronti di ogni azione protettiva o di rimedio per la rimozione di virus ed altri difetti. DMS Multimedia non potrà essere considerata responsabile per qualsivoglia danno o perdita derivata qualunque modo da questo messaggio o dai suoi allegati. The information in this electronic mail message, including any attachments, is confidential and may be legally privileged. It is intended solely for the addressee(s). Access to this Internet electronic mail message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening the attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects.DMS Multimedia is not liable for any loss or damage arising in any way from this message or its attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to find a suitable server
Hello List I'm experienceing problems with Samba 3.0.25,1 running in a FreeBSD box. I've succesfully joined a domain, and I've configured mail with auth on W2k3 server thorugh PAM. YET If I issue mail# /usr/local/www > net rpc testjoin Unable to find a suitable server Join to domain 'DMSWARE' is not valid BUT mail# /etc > net rpc testjoin -S orion Join to 'DMSWARE' is OK AND mail# /usr/local/www > net ads testjoin Join is OK I know that RPC and ADS use two different methods to find the server... But RPC shouldn't net rpc first try with files, then DNS, then broadcast ? And giving "-S orion" is nothing more than what is already listed in smb.conf So Why RPC fails ? Here are my conf files ** mail# /etc > less nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind #hosts: db files nisplus nis dns #hosts: files dns wins hosts: files dns bcast # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: db files netmasks: files networks: files dns protocols: db files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus nsswitch.conf (END) ** mail# /etc > less smb.conf [global] workgroup = DMSWARE Wins support = yes dns proxy = yes name resolve order = host wins bcast local master = yes domain master = no preferred master = auto enhanced browsing = yes #encrypt password = yes # YES = Default realm = DMSWARE.it server string = mail security = ADS password server = orion passdb backend = tdbsam passwd program = /usr/bin/passwd %u client use spnego = yes server signing = auto client signing = auto #passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . #passwd chat debug = yes log file = /var/log/samba/log.%m add user script = /usr/sbin/pw useradd %u delete user script = /usr/sbin/pw userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/pw groupdel %g preferred master = No template homedir = /home/%U template shell = /bin/csh winbind cache time = 3600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap domains = DMSWARE idmap config DMSWARE:range = 1-4 idmap config DMSWARE:base_rid = 0 idmap config DMSWARE:backend = rid ** mail# /etc > less hosts 127.0.0.1 localhost.DMSWARE.it localhost 192.168.1.38 MAIL.DMSWARE.it MAIL 192.168.1.38 MAIL.DMSWARE.it. 192.168.0.12 orion.dmsware.it 192.168.0.12 orion hosts (END) Thanks everybody for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to find a suitable server
Hello List I'm experienceing problems with Samba 3.0.25,1 running in a FreeBSD box. I've succesfully joined a domain, and I've configured mail with auth on W2k3 server thorugh PAM. YET If I issue mail# /usr/local/www > net rpc testjoin Unable to find a suitable server Join to domain 'DMSWARE' is not valid BUT mail# /etc > net rpc testjoin -S orion Join to 'DMSWARE' is OK AND mail# /usr/local/www > net ads testjoin Join is OK I know that RPC and ADS use two different methods to find the server... But RPC shouldn't net rpc first try with files, then DNS, then broadcast ? And giving "-S orion" is nothing more than what is already listed in smb.conf So Why RPC fails ? Here are my conf files ** mail# /etc > less nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind #hosts: db files nisplus nis dns #hosts: files dns wins hosts: files dns bcast # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: db files netmasks: files networks: files dns protocols: db files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus nsswitch.conf (END) ** mail# /etc > less smb.conf [global] workgroup = DMSWARE Wins support = yes dns proxy = yes name resolve order = host wins bcast local master = yes domain master = no preferred master = auto enhanced browsing = yes #encrypt password = yes # YES = Default realm = DMSWARE.it server string = mail security = ADS password server = orion passdb backend = tdbsam passwd program = /usr/bin/passwd %u client use spnego = yes server signing = auto client signing = auto #passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . #passwd chat debug = yes log file = /var/log/samba/log.%m add user script = /usr/sbin/pw useradd %u delete user script = /usr/sbin/pw userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/pw groupdel %g preferred master = No template homedir = /home/%U template shell = /bin/csh winbind cache time = 3600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap domains = DMSWARE idmap config DMSWARE:range = 1-4 idmap config DMSWARE:base_rid = 0 idmap config DMSWARE:backend = rid ** mail# /etc > less hosts 127.0.0.1 localhost.DMSWARE.it localhost 192.168.1.38MAIL.DMSWARE.it MAIL 192.168.1.38MAIL.DMSWARE.it. 192.168.0.12orion.dmsware.it 192.168.0.12orion hosts (END) Thanks everybody for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
New: [Samba] difficulties in rid mappings in 3.0.25
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > r conto di Stefanos Karasavvidis > Inviato: mercoledi 30 maggio 2007 9.37 > A: [EMAIL PROTECTED] > Oggetto: [Samba] difficulties in rid mappings in 3.0.25 > > > I use the sernet samba packages on debian sarge and have problems after > upgrading to 3.0.25 with rid mappings. > > My rid configuration for 3.0.24 looks like this > > idmap backend = rid:ISC=500-1 > idmap uid = 500-1 > idmap gid = 500-1 > > after updating to 3.0.25 I get a core dump of winbind (log at the end of > the post) with these settings. > > I tried to use the new configuration options, and indeed winbind doesn't > have any problems, but I have difficulties in specifying the options to > get the same mappings as before. I tried the following > idmap domains = ISC > idmap config ISC:default = yes > idmap config ISC:backend = rid > idmap config ISC:base_rid = 1000 > idmap config ISC:range = 500 - 1 > > But these result in different mappings > > For example in 3.0.24 (and the old configuration) maps SID > S-1-5-21-2054584426-1363897300-1555891258-9296 to uid 9796 (I used > wbinfo -S) > > In 3.0.25 and the new style configuration, maps the same SID to 8796 > > So the question: > what are the correct parameters to get the same mappings as before? > > Thanks in advance for any help > > Stefanos Karasavvidis > > winbind.log > > [2007/05/29 14:18:19, 0] lib/fault.c:fault_report(41) >=== > [2007/05/29 14:18:19, 0] lib/fault.c:fault_report(42) >INTERNAL ERROR: Signal 6 in pid 4092 (3.0.25-SerNet-Debian) >Please read the Trouble-Shooting section of the Samba3-HOWTO > [2007/05/29 14:18:19, 0] lib/fault.c:fault_report(44) > >From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf > [2007/05/29 14:18:19, 0] lib/fault.c:fault_report(45) >=== > [2007/05/29 14:18:19, 0] lib/util.c:smb_panic(1632) >PANIC (pid 4092): internal error > [2007/05/29 14:18:19, 0] lib/util.c:log_stack_trace(1736) >BACKTRACE: 14 stack frames: > #0 /usr/sbin/winbindd(log_stack_trace+0x2e) [0x81147de] > #1 /usr/sbin/winbindd(smb_panic+0x5b) [0x811464b] > #2 /usr/sbin/winbindd [0x80ff08f] > #3 [0xe420] > #4 /lib/tls/i686/cmov/libc.so.6(abort+0xe9) [0xb7ca82b9] > #5 /usr/sbin/winbindd [0x80f9ad3] > #6 /usr/sbin/winbindd(talloc_check_name+0x2e) [0x80f9b0e] > #7 /usr/sbin/winbindd(talloc_check_name_abort+0x2c) [0x811717c] > #8 /usr/sbin/winbindd [0x80ad598] > #9 /usr/sbin/winbindd [0x80818a9] > #10 /usr/sbin/winbindd [0x8082bea] > #11 /usr/sbin/winbindd(main+0x4d5) [0x8083135] > #12 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xd2) [0xb7c92ea2] > #13 /usr/sbin/winbindd [0x8080ed1] > [2007/05/29 14:18:19, 0] lib/util.c:smb_panic(1637) >smb_panic(): calling panic action [/usr/share/samba/panic-action 4092] > [2007/05/29 14:18:19, 0] lib/util.c:smb_panic(1645) >smb_panic(): action returned status 0 > [2007/05/29 14:18:19, 0] lib/fault.c:dump_core(181) >dumping core in /var/log/samba/cores/winbindd > -- > == > Stefanos Karasavvidis > Electronic & Computer Engineer, M.Sc. > e-mail : [EMAIL PROTECTED] > > Technical University of Crete, Campus > Information Systems Center > Address: Akrotiri, Chania, 73100 > Tel.: Main Buildings - next to Library (G1) >(+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376 >Environmental Engineering Buildings (K2) >(+30) 28210 37766 > Fax: (+30) 28210 37571 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Hello list I have a similar problem with 3.0.24 after upgrading configuration all rids in database looks like mismatched with the new mapping and I wasn't able to clear the DB nor to reset rids mapping Yet I have no error and no panic from samba or winbind. security = ADS passdb backend = tdbsam passwd program = /usr/bin/passwd %u preferred master = No winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap backend = idmap_rid:DMSWARE=500-1 idmap uid = 1-5 idmap gid = 1-5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] user are able to access "/" partition.
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di Dhillon, Gurjit > Inviato: lunedi 14 maggio 2007 11.37 > A: samba@lists.samba.org > Oggetto: [Samba] user are able to access "/" partition. > > > Hi All. > > > > We have a samba server at our location. We are facing out with some > issue. User who have the account on the server are able to access "/" > root access. > > I have tried to add an extra line In Home sharing, which is "path = %H", > this lined solved my issue, but gave other issue. After implementing > this line under Home share, I am not able to open any other user's home > directory which is shared to me or have access to open. If I try to > access other user home, it simply open my own home directory, even the > directory which I am not author... , I endup opening my own home > directory instead of getting error. > > > > Can any one out some light in this issue, how can I configure My samba, > where I can access other's shared home directory and stop other user to > access "/" partition. > > > > > > Below is the output of configuration file. There are 2 conf file , > /etc/samba/smb.conf and /usr/samba/lib/smb.conf.NU-DEV0 > > > > Cat /etc/samba/smb.conf > > > > # Global parameters > > [global] > > workgroup = TEST > > server string = Test Samba Server > > security = share > > encrypt passwords = Yes > > passwd program = /usr/bin/passwd %u > > passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n > > max log size = 5000 > > log level = 2 > > name resolve order = host > > socket options = TCP_NODELAY > > # vfs objects = sgistats > > use sendfile = No > > max xmit = 65535 > > strict locking = no > > printcap name = lpstat -t > > os level = 0 > > oplocks = No > > kernel oplocks = No > > level2 oplocks = No > > preferred master = No > > local master = No > > domain master = No > > dns proxy = No > > comment = Samba %v > > guest account = guest > > #WARNING: The "printer admin" option is deprecated > > # printer admin = lp > > printing = bsd > > print command = /usr/samba/bin/sambalp %p %s %U %m > > # dmapi support = yes > > > > smb passwd file = > /usr/samba/dmf/journals/.samba/CAENFS/private/smbpasswd > > private dir = /usr/samba//dmf/journals/.samba/CAENFS/private > > log file = /usr/samba/dmf/journals/.samba/CAENFS/log/log.%m > > #lock dir = /usr/samba/dmf/journals/.samba/CAENFS/locks > > #pid directory = /dmf/journals/.samba/CAENFS/locks > > #bind interfaces only = yes > > netbios name = nu-dev0 > > #interfaces = 143.5.145.55/255.255.255.192 > > include=/usr/samba/lib/smb.conf.%L > > > > include=/usr/samba/lib/smb.conf.%L is opening a file called > /usr/samba/lib/smb.conf.NU-DEV0 > > > > cat /usr/samba/lib/smb.conf.NU-DEV0 > > > > [homes] > > comment = Home Directories > > read only = No > > max connections = 5 > > browseable = YES > > > > > > [temp] > > comment = test temp dirctory > > path = /temp > > admin users = bf6364, be9532 > > #write list = be9532 > > # browseable = Yes > > read only = No > > > > > > > > > > Thanks > > Gurjit Dhillon > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > I would try to add path = /usr/home into [home] section or some reason it's likely your implementation of samba is defaulting path to path = / this could be considered a security breach but... just add path to the section and try again -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] Fwd: SAMBA on AIX --> nsswitch.conf?
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di Urs Golla > Inviato: domenica 13 maggio 2007 10.35 > A: samba@lists.samba.org > Oggetto: [Samba] Fwd: SAMBA on AIX --> nsswitch.conf? > > > it works if i create the user xy on AIX. > any ideas? > > -- Forwarded message -- > From: Urs Golla <[EMAIL PROTECTED]> > Date: May 13, 2007 9:26 AM > Subject: SAMBA on AIX --> nsswitch.conf? > To: samba@lists.samba.org > > > Hi > > I am still trying to run SAMBA on AIX with "security = ads" and I have > a few questions: > > - on AIX is no such file as /etc/nsswitch.conf --> Do I have to add > the configuration somewhere else? > > - I allways get this "User xy is invalid on this system" if try to map > a share from Windows. What does this mean? Is the user invalid on the > Domain? on AIX? on SAMBA? Is the User known by SAMBA but has no access > rights on this share? > > - Has "security = ads" on AIX ever been tested? > > Any help would be appreciated!!! > > cheers > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Don't think it depends on system... I think you are missing parts in Samab configuration if nsswitch doesn't exist... create it here is mine. passwd: files winbind shadow: files winbind group: files winbind #hosts: db files nisplus nis dns #hosts: files dns wins hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: db files netmasks: files networks: files dns protocols: db files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] User rights
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di Ivan Arteaga > Inviato: venerdi 11 maggio 2007 15.19 > A: samba@lists.samba.org > Oggetto: [Samba] User rights > > > Hello List, > > > > I have a samba PDC (3.0.10) in a network with some users still running > win98; I would like to restrict the admin rights over their > workstations in > order to avoid them installing unauthorized programs or changing configs > like ip addressing or so. > > It is possible via the samba PDC or should I to look for a third party > program? > > > > I will appreciate any comment. > > > > Regards, > > > > --Ivan. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Win98 is not AD/Domain integrated (like 2000, xp or vista) so users are local and are simple profiles with custom settings (colors, desktop, icons, etc). i.e. if you do not login pressing escape at the login window you can still use your '98 station, with a default profile. you have no "legacy" method to stop users from accessing the whole HD... i.e. managing windows, programs, system dirs there could be third party tools... but In my AD domain (2000 and xp stations, no '98/home versions) no user can login with administrative rights. If a user needs to install a programm I use psexec to start installation with administrative rights PSEXEC \\computer setup.exe so Just ONE single program is running with administrative rights, the user is just a user Since I applied this policies... viruses are an Event ! good luck with m$. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: R: R: R: [Samba] LS not showing AD owner username and groupname
> -Messaggio originale-
> Da: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
> Inviato: giovedì 10 maggio 2007 17.23
> A: Gianluca Culot
> Cc: [EMAIL PROTECTED] Samba. Org
> Oggetto: Re: R: R: R: [Samba] LS not showing AD owner username and
> groupname
>
>
> -BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gianluca Culot wrote:
>
> > well this
> > mail# ~ > perl -e '@user = getpwuid(10); print "@user\n";'
> > give
> >
> > as result
> > Same getgrgid
> > could be my UID database for samba is corrupted ?
> > I've upgraded from 14b... and something in configuration changed.
> > but I supposed samba would adjust automatically UIDs and
> > that eventually I'd change the ownership of home directories
> > for my email users
> >
> > well
> > thanks A LOT for your great helping. I banged my head
> > on this problem for whole day long and learned a lot about
> > samba... I'll resume tomorrow (Central Europe Time)
>
> Look for things like nscd reset the cache. Also turn
> up logging in smb.conf and look at the log.{wb,winbind}*
> log files for clues.
>
>
>
>
>
> cheers, jerry
> =
> Samba--- http://www.samba.org
> Centeris --- http://www.centeris.com
> "What man is a man who does not make the world better?" --Balian
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGQzjbIR7qMdg1EfYRAg8uAKCXLn7WK6lv/yAaMCXrD/tlYdsgmQCgqmhM
> okPYuAQlCj5rswvhar5uR3g=
> =FEiW
> -END PGP SIGNATURE-
>
That's getting HARD
Yesterday I raised the log... and... Now I have a lot
YET almost NO ERROR, excluded failed password entries by users.
the only anomalous line is "Failed to enumerate local groups!"
[2007/05/11 09:56:35, 3]
nsswitch/winbindd_group.c:get_sam_group_entries(610)
get_sam_group_entries: Failed to enumerate domain local groups!
[2007/05/11 09:56:35, 3] nsswitch/winbindd_group.c:winbindd_getgrent(659)
[0]: getgrent
[2007/05/11 09:56:35, 3]
nsswitch/winbindd_group.c:winbindd_setgrent_internal(465)
[0]: setgrent
[2007/05/11 09:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(483)
[0]: request interface version
[2007/05/11 09:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
[0]: request location of privileged pipe
[2007/05/11 09:56:43, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(430)
[0]: getgrgid 1513
but I cannot understand to which request it is related
Yet think I'm homing on the problem
every option in net ads (for example testjoin) gives positive answer. No
problem on join (the problem shall be in samba, not in samba/ad dialogue)
Every option in wbinfo gives positive results EXCEPT
wbinfo -U
which answers back
Could not convert uid 1513 to sid
and in log.winbindd I get
[2007/05/11 09:47:23, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(483)
[0]: request interface version
[2007/05/11 09:47:23, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
[0]: request location of privileged pipe
[2007/05/11 09:47:23, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(280)
[0]: uid to sid 1513
and If i try to list a directory with files and subdirs beloging to a domain
group...
mail# /usr/home/gianlucaculot > ls -al /usr/home
total 44
drwxr-xr-x 21 root wheel 512 May 7 12:30 .
drwxr-xr-x 20 root wheel 512 May 2 15:50 ..
drwx-- 3 1500 1513 512 May 6 19:02 administrator
in log.winbindd I see
[2007/05/11 09:45:22, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(483)
[0]: request interface version
[2007/05/11 09:45:22, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
[0]: request location of privileged pipe
[2007/05/11 09:45:22, 3] nsswitch/winbindd_user.c:winbindd_endpwent(526)
[0]: endpwent
[2007/05/11 09:45:22, 3] nsswitch/winbindd_group.c:winbindd_endgrent(527)
[0]: endgrent
[2007/05/11 09:45:22, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(430)
[0]: getgrgid 1513
Even if I read NO ERROR.. the two logs are too much similar, so I suppose
getgrgid is failing in mapping id 1513 to the group sid, which makes me
think I got a mess in tdb samba databases.
AND
mail# /usr/home/gianlucaculot > perl -e '@group = getgrnam("DMSWARE\\domain
users"); print "@group\n";'
domain users x 1513 risrobot administrator
mail# /usr/home/gianlucaculot > perl -e '@group = getgrgid(1513); print
"@group\n";'
so 1513 CANNOT BE resolved as Domain Users
1)
R: R: R: R: [Samba] security = ads --> invalide user
here is [Home] path = /home read only = No [websites] path = /usr/local/www/ valid users = DMSWARE\gianlucaculot write list = DMSWARE\gianlucaculot, @DMSWARE\software, @DMSWARE\softwarespv read only = No create mask = 0775 directory mask = 0775 and I'l bald enough to add an explanation (HEY ! I'm NOT a pro ! I started with samba two weeks ago!) [Home] path = /home read only = No the home share is peculiar it is open... as every subdirectory in it (user1 , user2 , user3) is owned by each user and has 700 permission (only owner user can get in), and the owner is DOMAIN\userxxx Please NOTE the \ Open means that every user could create a subdir in Home ??? well... at this right moment YES ! in the future I'll change it, when testing will be over. [websites] path = /usr/local/www/ valid users = DMSWARE\gianlucaculot write list = DMSWARE\gianlucaculot, @DMSWARE\software, @DMSWARE\softwarespv read only = No create mask = 0775 directory mask = 0775 that's more complicated ;) no... I use it to manage websites (currently only webmail) from my intranet. please note again the \ in the usernames for groups use "@", which means "all users inside the file/group IF the groupname (or username) has a space (or other special chars inside) use @"DOMAIN\spaced group name" here is the listing of the /usr/local/www drwxr-xr-x 11 root wheel 512 May 10 11:30 . drwxr-xr-x 19 root wheel 512 May 7 15:16 .. drwxr-xr-x 2 root wheel 512 May 7 14:29 DMScmf drwxr-xr-x 6 root wheel 512 May 7 15:17 apache22 drwxr-xr-x 8 root wheel 512 May 4 12:40 awstats drwxr-xr-x 2 root wheel 512 May 9 18:00 cgi-bin drwxr-xr-x 11 root wheel 512 May 10 14:35 downloads drwxr-xr-x 14 root wheel 512 May 3 15:32 squirrelmail as you can see everything belongs to root:wheel no user permission granted at OS level. HEY... but these infos should be reserved... ;) well I trust a LOT my firewalls :-D and I trust a lot OpenSource community ;-P Regards And if some skilled guy notes something wrong... PLEASE LET ME KNOW ! > -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di Urs Golla > Inviato: giovedì 10 maggio 2007 13.14 > A: samba@lists.samba.org > Oggetto: Re: R: R: R: [Samba] security = ads --> invalide user > > > Hi Gianluca * > > *How did you define your shares in the smb.conf? Can you send me > an example? > > thanks > Urs > * > * > On 5/10/07, Urs Golla <[EMAIL PROTECTED]> wrote: > > > > If I set client use spnego = no in the smb.conf it says: > > > > Requested protocol [LANMAN2.1] > > [2007/05/10 13:00:57, 3] smbd/negprot.c:reply_negprot(487) > > Requested protocol [NT LM 0.12] > > [2007/05/10 13:00:57, 3] smbd/negprot.c:reply_nt1(357) > > using SPNEGO > > [2007/05/10 13:00:57, 3] smbd/negprot.c:reply_negprot(580) > > Selected protocol NT LM 0.12 > > [2007/05/10 13:00:57, 3] smbd/process.c:process_smb(1110) > > Transaction 1 of length 250 > > > > ...but testparm tells me, it is set to "no". What does that mean? > > > > On 5/10/07, Gianluca Culot < [EMAIL PROTECTED]> wrote: > > > > > > YES :D > > > Remove spnego... > > > I tried to use spnego... never worked > > > > > > without... runs smoothly and perfectly > > > > > > > > > > > > -- > > > *Gianluca Culot** > > > **DMS Multimedia* > > > Via delle Arti e dei Mestieri, 6 > > > 20050 Sulbiate (Mi) - Italy > > > Tel: +39 039 5968925 > > > Fax: +39 039 3309813 > > > <mailto:[EMAIL PROTECTED] <[EMAIL PROTECTED]>> > > > www.dmsware.com <http://www.dmsware.com/> > > > > > > Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni > contenute in > > > questo messaggio sono riservate ed a uso esclusivo del > destinatario. Qualora > > > il messaggio Le fosse pervenuto per errore, La invitiamo ad > eliminarlo senza > > > copiarlo e a non inoltrarlo a terzi, dandocene gentilmente > comunicazione. Il > > > mittente comunica che il presente messaggio ed ogni suo > allegato, al momento > > > dell'invio, era esente da ogni tipo di virus, worm, trojan > e/o ogni altri > > > tipo di codice software dannoso. Questo messaggio e i suoi allegati > > > potrebbero essere stati infettati durante la trasmissione. Leggendo il > > > messaggio e/o aprendo gli allegati, il Destinatario si prende la piena > > > responsabilità nei confronti d
R: R: [Samba] security = ads --> invalide user
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di Urs Golla > Inviato: giovedì 10 maggio 2007 10.04 > A: samba@lists.samba.org > Oggetto: Re: R: [Samba] security = ads --> invalide user > > > Hi > > Still the same problem... > > I think the connection to the domain is ok. because if i use a > non existent > user, the log says: "FAILED with error NT_STATUS_NO_SUCH_USER" > > If I use a wrong password is gives me also a different error message. > > cheers > > On 5/10/07, Gianluca Culot <[EMAIL PROTECTED]> wrote: > > > > > > > -Messaggio originale- > > > Da: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > > conto di Urs Golla > > > Inviato: giovedì 10 maggio 2007 9.44 > > > A: samba@lists.samba.org > > > Oggetto: [Samba] security = ads --> invalide user > > > > > > > > > Hello > > > > > > I try to run SAMBA with security = ads on AIX 5.3 with SAMBA 3.0.23d. > > > "net ads join" was successful and the machine is now visible in the > > Domain > > > with the netbios name. > > > > > > When I try to access the shares on the machine the log.smbd > files says: > > > > > > (...) > > > [2007/05/10 08:58:16, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) > > > Username MYDOMAIN/MYUSERNAME is invalid on this system > > > [2007/05/10 08:58:16, 3] smbd/error.c:error_packet(146) > > > error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX) > > > NT_STATUS_LOGON_FAILURE > > > (...) > > > > > > > > > ** > > > smb.conf: > > > > > > [global] > > > winbind separator = / > > > netbios name = MYNETBIOSNAME > > > winbind enum users = yes > > > workgroup = MYDOMAIN > > > winbind enum groups = yes > > > #password server = * > > > password server = MYPASSWORDSERVER > > > encrypt passwords = yes > > > dns proxy = no > > > realm = MYREALM > > > security = ADS > > > wins proxy = no > > > winbind use default domain = Yes > > > client use spnego = yes > > > #idmap uid = 1-2 > > > #winbind gid = 1-2 > > > preferred master = no > > > log level = 3 > > > wins server = x.x.x.x > > > #auth methods = guest sam winbind > > > #idmap uid = 1-2 > > > idmap gid = 1-2 > > > > > > > > > [testsamba] > > > comment = Samba testfolder > > > path = /testsamba > > > read only = no > > > valid users = MYDOMAIN/USERNAME > > > > > > ** > > > > > > I also maped the domain groups with "net groupmap" > > > > > > # ./net groupmap list > > > Domain Users (S-1-5-21-3687956107-1621720357-3427760348-513) -> > > > domainusers > > > Domain Guests (S-1-5-21-3687956107-1621720357-3427760348-997) > -> nobody > > > Administrators (S-1-5-32-544) -> 5000 > > > mygroup (S-1-5-21-3687956107-1621720357-3427760348-14001) -> mygroup > > > Users (S-1-5-32-545) -> 5001 > > > > > > --> MYDOMAIN/USERNAME is a member of MYDOMAIN/mygroup > > > > > > > > > Why does it say "invalide user"? I think I should also be able to > > > browse the > > > shares without a valid user... > > > > > > any help is much appreciated!!! > > > > > > Regards > > > Urs > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > > I would check > > winbind separator = / > > > > to my knowlegde it should be > > winbind separator = \ > > > > or could be commented as its default is \ > > > > I've setup a samba 3.0.24,1 on freebsd with ads against a Windows2003 > > Server > > and I did not specified Winbind Separator > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Why did you mapped only GROUPS idmap gid = 1-2 and NOT users ? #idmap uid = 1-2 why have you set client use spn
R: [Samba] security = ads --> invalide user
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di Urs Golla > Inviato: giovedì 10 maggio 2007 9.44 > A: samba@lists.samba.org > Oggetto: [Samba] security = ads --> invalide user > > > Hello > > I try to run SAMBA with security = ads on AIX 5.3 with SAMBA 3.0.23d. > "net ads join" was successful and the machine is now visible in the Domain > with the netbios name. > > When I try to access the shares on the machine the log.smbd files says: > > (...) > [2007/05/10 08:58:16, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) > Username MYDOMAIN/MYUSERNAME is invalid on this system > [2007/05/10 08:58:16, 3] smbd/error.c:error_packet(146) > error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > (...) > > > ** > smb.conf: > > [global] > winbind separator = / > netbios name = MYNETBIOSNAME > winbind enum users = yes > workgroup = MYDOMAIN > winbind enum groups = yes > #password server = * > password server = MYPASSWORDSERVER > encrypt passwords = yes > dns proxy = no > realm = MYREALM > security = ADS > wins proxy = no > winbind use default domain = Yes > client use spnego = yes > #idmap uid = 1-2 > #winbind gid = 1-2 > preferred master = no > log level = 3 > wins server = x.x.x.x > #auth methods = guest sam winbind > #idmap uid = 1-2 > idmap gid = 1-2 > > > [testsamba] > comment = Samba testfolder > path = /testsamba > read only = no > valid users = MYDOMAIN/USERNAME > > ** > > I also maped the domain groups with "net groupmap" > > # ./net groupmap list > Domain Users (S-1-5-21-3687956107-1621720357-3427760348-513) -> > domainusers > Domain Guests (S-1-5-21-3687956107-1621720357-3427760348-997) -> nobody > Administrators (S-1-5-32-544) -> 5000 > mygroup (S-1-5-21-3687956107-1621720357-3427760348-14001) -> mygroup > Users (S-1-5-32-545) -> 5001 > > --> MYDOMAIN/USERNAME is a member of MYDOMAIN/mygroup > > > Why does it say "invalide user"? I think I should also be able to > browse the > shares without a valid user... > > any help is much appreciated!!! > > Regards > Urs > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > I would check winbind separator = / to my knowlegde it should be winbind separator = \ or could be commented as its default is \ I've setup a samba 3.0.24,1 on freebsd with ads against a Windows2003 Server and I did not specified Winbind Separator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: R: R: [Samba] LS not showing AD owner username and groupname
> -Messaggio originale-
> Da: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
> Inviato: mercoledì 9 maggio 2007 18.17
> A: Gianluca Culot
> Cc: [EMAIL PROTECTED] Samba. Org
> Oggetto: Re: R: R: [Samba] LS not showing AD owner username and
> groupname
>
>
> -BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gianluca Culot wrote:
>
> > Thanks for the Hint...
> > as maybe you have understood...I'm not a pro !
>
> > so... again... I see no error at all !
> > mail# ~ > perl -e '@user = getpwnam("DMSWARE\\robertasimula"); print
> > "@user\n";'
> > robertasimula * 2114 1513 0 Roberta Simula /home/robertasimula
> /bin/csh 0
> > mail# ~ >
>
> > and I've extended you suggestion with a call to getgrnam
> > mail# ~ > perl -e '@user = getpwnam("MYDOMAIN\\user1"); print "@user\n";
> > @group = getgrnam("MYDOMAIN\\domain users"); print "@group\n";'
> > user1 * 2114 1513 0 User One /home/user1 /bin/csh 0
> > domain users x 1513 risrobot administrator
> > mail# ~ >
>
> What about perl -e '@user = getpwuid(10); print "@user\n";
> Same pricipal as getgrgid().
>
>
>
>
>
> cheers, jerry
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGQfQJIR7qMdg1EfYRAoD1AJ91JpSIkTUNal9TBqtDUYKPS8piDQCg0lcl
> HL0ESmRPxRMWbEEgPOeBe74=
> =2DHg
> -END PGP SIGNATURE-
>
well this
mail# ~ > perl -e '@user = getpwuid(10); print "@user\n";'
give
as result
Same getgrgid
could be my UID database for samba is corrupted ?
I've upgraded from 14b... and something in configuration changed.
but I supposed samba would adjust automatically UIDs and that eventually I'd
change the ownership of hoem directories for my email users
well
thanks A LOT for your great helping.
I banged my head on this problem for whole day long and learned a lot about
samba...
I'll resume tomorrow (Central Europe Time)
Thanks
Gianluca
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
R: R: [Samba] LS not showing AD owner username and groupname
> -Messaggio originale-
> Da: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
> Inviato: mercoledì 9 maggio 2007 0.21
> A: Gianluca Culot
> Cc: [EMAIL PROTECTED] Samba. Org
> Oggetto: Re: R: [Samba] LS not showing AD owner username and groupname
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Gianluca Culot wrote
> :
> > wbinfo -i returns correct infos about AD users, and none for local users
> > mail# /usr/local/etc/apache22 > wbinfo -i user1
> > user1:*:2144:1513:User One:/home/user1:/bin/csh
> >
> > But I have NO GETENT executable
>
> perl -e '@user = getpwnam("DOMAIN\\user"); print "@user\n";'
>
>
>
>
>
> cheers, jerry
> =
> Samba--- http://www.samba.org
> Centeris --- http://www.centeris.com
> "What man is a man who does not make the world better?" --Balian
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGQPfGIR7qMdg1EfYRArBXAKCwdzHmigpI8JNbBOExtje80q4yJwCfQU31
> NoMpUfHFprKCE5hAoOur2HQ=
> =z093
> -END PGP SIGNATURE-
>
Thanks for the Hint...
as maybe you have understood...I'm not a pro !
so... again... I see no error at all !
mail# ~ > perl -e '@user = getpwnam("DMSWARE\\robertasimula"); print
"@user\n";'
robertasimula * 2114 1513 0 Roberta Simula /home/robertasimula /bin/csh 0
mail# ~ >
and I've extended you suggestion with a call to getgrnam
mail# ~ > perl -e '@user = getpwnam("MYDOMAIN\\user1"); print "@user\n";
@group = getgrnam("MYDOMAIN\\domain users"); print "@group\n";'
user1 * 2114 1513 0 User One /home/user1 /bin/csh 0
domain users x 1513 risrobot administrator
mail# ~ >
as far as I can see it is Perfect
I've checked every log file
/var/log/messages
/var/log/samba/*
no error, except if I try to get info about a non existing user or domain !
[2007/05/09 09:45:03, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259)
group domain administrator in domain MYDOMAIN does not exist
[2007/05/09 09:45:06, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259)
group domain administrators in domain MYDOMAIN does not exist
yet LS is NOT showing user name and user group in file listing... this is
not actually a problem for me (as i know groups by ID) but for other
people... who can make a mess when managing shares or others...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] LS not showing AD owner username and groupname
> -Messaggio originale- > Da: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] > Inviato: martedì 8 maggio 2007 14.55 > A: Gianluca Culot > Cc: [EMAIL PROTECTED] Samba. Org > Oggetto: Re: [Samba] LS not showing AD owner username and groupname > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Gianluca Culot wrote: > > I recently upgraded from samba 3.0.14b to 3.0.24.1 on a freebsd 6 mail > > server > > > > everything went well > > > > authentication services accept local and AD users., > > > > YET > > > > if I list a directory with file owned by Domain Users I see IDs > AND DO NOT > > SEE names of group and user owner > > > > drwxrwxrwx 3 1500 1513 512 Apr 20 18:14 administrator > > drwxrwxrwx 3 2149 1513 512 Apr 4 18:06 user1 > > drwxrwxrwx 3 2119 1513 512 Apr 4 18:07 user2 > > with Samab 3.0.14d > > drwxrwxrwx 3 root wheel 512 Apr 20 18:14 administrator > > drwxrwxrwx 3 user1 Domain Users 512 Apr 4 18:06 user1 > > drwxrwxrwx 3 user2 Domain Users 512 Apr 4 18:07 user2 > > > > Samba is started corerctly and I have NO error in any log > > Any Hint ? > > Start by debugging the nss_winbind.so installation. > wbinfo -i returns the same information as "getent passwd user" > but bypasses NSS. This can help narrow down the problem. > > > > > > cheers, jerry > = > Samba--- http://www.samba.org > Centeris --- http://www.centeris.com > "What man is a man who does not make the world better?" --Balian > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGQHM0IR7qMdg1EfYRAko3AKDvi1P6qyYPgPFibUZU3KdlabhyTQCdEnZx > 8PMJ4c3mhJElmDvTHk5MT+U= > =lLgz > -END PGP SIGNATURE- > Hi there wbinfo -i returns correct infos about AD users, and none for local users mail# /usr/local/etc/apache22 > wbinfo -i user1 user1:*:2144:1513:User One:/home/user1:/bin/csh But I have NO GETENT executable mail# /usr/local/etc/apache22 > locate getent /usr/compat/linux/usr/bin/getent /usr/ports/emulators/linux_base-8/work/linux_base-8-8.0/usr/bin/getent /usr/ports/net/samba3/work/samba-3.0.14a/source/include/util_getent.h /usr/ports/net/samba3/work/samba-3.0.14a/source/lib/util_getent.c BUT Linux_base-8 has been removed by the portupgrade which update Samba 3.0.14b to Samba 3.0.24,1 Somebody knows about this possible anomaly in ports ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] problem listing directories with AD permissions
> -Messaggio originale- > Da: Aaron Kincer [mailto:[EMAIL PROTECTED] > Inviato: lunedì 7 maggio 2007 14.34 > A: Gianluca Culot > Cc: [EMAIL PROTECTED] Samba. Org > Oggetto: Re: [Samba] problem listing directories with AD permissions > > > I've seen this problem when the Samba server clock is out of sync with > the AD servers. Come to think of it, lots of problems happen because of > that. > > Gianluca Culot wrote: > > Hello List > > > > I'm running Samba 3.0.24,1 on a freebsd 6 server > > > > I've joined the unix server to an active directory domain and set up PAM > > > > I've shared directories and users can access them (provided > they belong to > > the correct group) > > > > the problem is : > > if I list the shared directory > > > > mail# /usr/local/lib > ls -al /usr/local/www/www.dmsware.it/ > > total 6 > > drwxr-xr-x 3 root wheel 512 Apr 27 16:04 . > > drwxr-xr-x 10 root wheel 512 May 6 18:44 .. > > drwxrwxr-x 3 1002 1513 512 May 6 17:27 downloads > > > > I would like to see 1513 as "domain users" group. WIth samba > 3.0.14 I get > > drwxr-xr-x 3 root wheel 512 Apr 27 16:04 . > > drwxr-xr-x 10 root wheel 512 May 6 18:44 .. > > drwxrwxr-x 3 user1 Domain Users 512 May 6 17:27 downloads > > > > I've traced the problem back to a possibile misconfiguration of NSSWitch > > with nss_winbind.so wich should be copied orlinked > somewhere but faq and > > tutorials are somewhat... vague ! > > > > I've a freebsd server and i've found four files > > mail# /usr/local/lib > ls -al nss* > > -r-xr-xr-x 2 root wheel 18232 May 4 17:34 nss_winbind.so > > -r-xr-xr-x 2 root wheel 18232 May 4 17:34 nss_winbind.so.1 > > -r-xr-xr-x 2 root wheel 744628 May 4 17:34 nss_wins.so > > -r-xr-xr-x 2 root wheel 744628 May 4 17:34 nss_wins.so.1 > > > > but NO libnss_winbind... which I found cited in many tutorials... > > > > Does anybody knows about this problem/configuration ? > > > > Thanks > > Gianluca > > > > not my case actually both the mail server and the AD server are running a nettime client against another Unix Server, wich is local to my net. the time difference between servers is less than 5 milliseconds... I think I-m missing some DLL, or I-ve not configured something, even if I cannot figure out what I'm doing wrong (the same configuration with 3.0.14 did worked very well) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem listing directories with AD permissions
Hello List I'm running Samba 3.0.24,1 on a freebsd 6 server I've joined the unix server to an active directory domain and set up PAM I've shared directories and users can access them (provided they belong to the correct group) the problem is : if I list the shared directory mail# /usr/local/lib > ls -al /usr/local/www/www.dmsware.it/ total 6 drwxr-xr-x 3 root wheel 512 Apr 27 16:04 . drwxr-xr-x 10 root wheel 512 May 6 18:44 .. drwxrwxr-x 3 1002 1513 512 May 6 17:27 downloads I would like to see 1513 as "domain users" group. WIth samba 3.0.14 I get drwxr-xr-x 3 root wheel 512 Apr 27 16:04 . drwxr-xr-x 10 root wheel 512 May 6 18:44 .. drwxrwxr-x 3 user1 Domain Users 512 May 6 17:27 downloads I've traced the problem back to a possibile misconfiguration of NSSWitch with nss_winbind.so wich should be copied orlinked somewhere but faq and tutorials are somewhat... vague ! I've a freebsd server and i've found four files mail# /usr/local/lib > ls -al nss* -r-xr-xr-x 2 root wheel 18232 May 4 17:34 nss_winbind.so -r-xr-xr-x 2 root wheel 18232 May 4 17:34 nss_winbind.so.1 -r-xr-xr-x 2 root wheel 744628 May 4 17:34 nss_wins.so -r-xr-xr-x 2 root wheel 744628 May 4 17:34 nss_wins.so.1 but NO libnss_winbind... which I found cited in many tutorials... Does anybody knows about this problem/configuration ? Thanks Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] winbind AD and Kerberos !
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di Andreas Ladanyi > Inviato: lunedì 7 maggio 2007 9.31 > A: samba@lists.samba.org > Oggetto: [Samba] winbind AD and Kerberos ! > > > Hi, > > Did i understand it correctly that the difference between > "security=ADS" and "security=domain" is ADS will use Kerberos > and domain will not ? > > I configured my winbind with security=ADS. Could i change this to > "domain" ? How do you think about the security question ? > > Andy > ___ > SMS schreiben mit WEB.DE FreeMail - einfach, schnell und > kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > As far as I understand Samba security=ADS implements ActiveDirectory protocol and is used to auth user against an AD domain (windows2000, windows2003) security=domain implements NT style protocol and is used to auth user against an NT domain (NT4, windows2000 in mixed mode, NOT native) Both security should work under w2k and w2k3... but why should you use an old NT style auth protocol ? Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LS not showing AD owner username and groupname
I recently upgraded from samba 3.0.14b to 3.0.24.1 on a freebsd 6 mail server everything went well authentication services accept local and AD users., YET if I list a directory with file owned by Domain Users I see IDs AND DO NOT SEE names of group and user owner drwxrwxrwx 3 1500 1513 512 Apr 20 18:14 administrator drwxrwxrwx 3 2149 1513 512 Apr 4 18:06 user1 drwxrwxrwx 3 2119 1513 512 Apr 4 18:07 user2 with Samab 3.0.14d drwxrwxrwx 3 root wheel 512 Apr 20 18:14 administrator drwxrwxrwx 3 user1 Domain Users 512 Apr 4 18:06 user1 drwxrwxrwx 3 user2 Domain Users 512 Apr 4 18:07 user2 Samba is started corerctly and I have NO error in any log Any Hint ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ls not showing AD owner username and groupname
I recently upgraded from samba 3.0.14b to 3.0.24.1 everything went well authentication services accept local and AD users., YET if I list a directory with file owned by Domain Users I see IDs AND DO NOT SEE names of group and user owner drwxrwxrwx 3 1500 1513 512 Apr 20 18:14 administrator drwxrwxrwx 3 2149 1513 512 Apr 4 18:06 user1 drwxrwxrwx 3 2119 1513 512 Apr 4 18:07 user2 with Samab 3.0.14d drwxrwxrwx 3 root wheel 512 Apr 20 18:14 administrator drwxrwxrwx 3 user1 Domain Users 512 Apr 4 18:06 user1 drwxrwxrwx 3 user2 Domain Users 512 Apr 4 18:07 user2 Samba is started corerctly and I have NO error in any log Any Hint ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: R: R: [Samba] duplicate group in NET GROUPMAP LIST
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di John H Terpstra > Inviato: giovedì 3 maggio 2007 2.28 > A: samba@lists.samba.org > Oggetto: Re: R: R: [Samba] duplicate group in NET GROUPMAP LIST > > > On Wednesday 02 May 2007 10:21, Gianluca Culot wrote: > > > -Messaggio originale- > > > Da: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > > conto di Gianluca Culot > > > Inviato: mercoledì 2 maggio 2007 15.09 > > > A: samba@lists.samba.org > > > Oggetto: R: R: [Samba] duplicate group in NET GROUPMAP LIST > > > > > > > -Messaggio originale- > > > > Da: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] > > > > conto di John H Terpstra > > > > Inviato: mercoledì 2 maggio 2007 14.56 > > > > A: samba@lists.samba.org > > > > Oggetto: Re: R: [Samba] duplicate group in NET GROUPMAP LIST > > > > > > > > On Wednesday 02 May 2007 07:40, Gianluca Culot wrote: > > > > > ... > > > > > > > > > > > > the strange fact is the Domain Users appear to have a TWO sids > > > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) > > > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) > > > > > > > > > > > > > > The first appear to be correctly mapped to the local > users group > > > > > > > the latter has no mapping (-1) > > > > > > > > > > > > > > that's to me appeares really odd > > > > > > > > > > > > > > Can somebody explain me this old fact ? > > > > > > > > > > > > > > My actual Samba server (with smtp, pop3, wibind, sshd, > > > > > > > > apache21) works > > > > > > > > > > > perefctly and every user can authenticate correctly on every > > > > > > > > > > > > service with > > > > > > > > > > > > > his/her own AD domain user and password > > > > > > > > > > > > > > Any Hint? > > > > > > > PLEASE !?! > > > > > > > > > > > > Execute > > > > > > net groupmap cleanup > > > > > > > > > > > > then reset your mappings. > > > > > > > > > > > > - John T. > > > > > > -- > > > > > > To unsubscribe from this list go to the following URL > and read the > > > > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > Looks loke > > > > > net groupmap cleanup > > > > > has no effect on my system > > > > > > > > > > here is the copy of action from my terminal > > > > > > > > > > mail# /home > net groupmap delete ntgroup="domain users" > > > > > Sucessfully removed domain users from the mapping db > > > > > > > > > > mail# /home > net groupmap list > > > > > System Operators (S-1-5-32-549) -> -1 > > > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > > > > Replicators (S-1-5-32-552) -> -1 > > > > > Guests (S-1-5-32-546) -> -1 > > > > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > > > > > > > > -> nobody > > > > > > > > > Power Users (S-1-5-32-547) -> -1 > > > > > Print Operators (S-1-5-32-550) -> -1 > > > > > Administrators (S-1-5-32-544) -> -1 > > > > > Account Operators (S-1-5-32-548) -> -1 > > > > > Domain Users > (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > > > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> > > > > > wheel Backup Operators (S-1-5-32-551) -> -1 > > > > > Users (S-1-5-32-545) -> -1 > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > > > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > > > > > > > > > mail# /home > net groupmap cleanup > > > > > Group Domain Guests is not
R: R: R: [Samba] duplicate group in NET GROUPMAP LIST (almost solved)
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di John H Terpstra > Inviato: giovedì 3 maggio 2007 2.28 > A: samba@lists.samba.org > Oggetto: Re: R: R: [Samba] duplicate group in NET GROUPMAP LIST > > > On Wednesday 02 May 2007 10:21, Gianluca Culot wrote: > > > -Messaggio originale- > > > Da: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > > conto di Gianluca Culot > > > Inviato: mercoledì 2 maggio 2007 15.09 > > > A: samba@lists.samba.org > > > Oggetto: R: R: [Samba] duplicate group in NET GROUPMAP LIST > > > > > > > -Messaggio originale- > > > > Da: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] > > > > conto di John H Terpstra > > > > Inviato: mercoledì 2 maggio 2007 14.56 > > > > A: samba@lists.samba.org > > > > Oggetto: Re: R: [Samba] duplicate group in NET GROUPMAP LIST > > > > > > > > On Wednesday 02 May 2007 07:40, Gianluca Culot wrote: > > > > > ... > > > > > > > > > > > > the strange fact is the Domain Users appear to have a TWO sids > > > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) > > > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) > > > > > > > > > > > > > > The first appear to be correctly mapped to the local > users group > > > > > > > the latter has no mapping (-1) > > > > > > > > > > > > > > that's to me appeares really odd > > > > > > > > > > > > > > Can somebody explain me this old fact ? > > > > > > > > > > > > > > My actual Samba server (with smtp, pop3, wibind, sshd, > > > > > > > > apache21) works > > > > > > > > > > > perefctly and every user can authenticate correctly on every > > > > > > > > > > > > service with > > > > > > > > > > > > > his/her own AD domain user and password > > > > > > > > > > > > > > Any Hint? > > > > > > > PLEASE !?! > > > > > > > > > > > > Execute > > > > > > net groupmap cleanup > > > > > > > > > > > > then reset your mappings. > > > > > > > > > > > > - John T. > > > > > > -- > > > > > > To unsubscribe from this list go to the following URL > and read the > > > > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > Looks loke > > > > > net groupmap cleanup > > > > > has no effect on my system > > > > > > > > > > here is the copy of action from my terminal > > > > > > > > > > mail# /home > net groupmap delete ntgroup="domain users" > > > > > Sucessfully removed domain users from the mapping db > > > > > > > > > > mail# /home > net groupmap list > > > > > System Operators (S-1-5-32-549) -> -1 > > > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > > > > Replicators (S-1-5-32-552) -> -1 > > > > > Guests (S-1-5-32-546) -> -1 > > > > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > > > > > > > > -> nobody > > > > > > > > > Power Users (S-1-5-32-547) -> -1 > > > > > Print Operators (S-1-5-32-550) -> -1 > > > > > Administrators (S-1-5-32-544) -> -1 > > > > > Account Operators (S-1-5-32-548) -> -1 > > > > > Domain Users > (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > > > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> > > > > > wheel Backup Operators (S-1-5-32-551) -> -1 > > > > > Users (S-1-5-32-545) -> -1 > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > > > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > > > > > > > > > mail# /home > net groupmap cleanup > > > > > Group Domain Guests is not
R: [Samba] Samba3 : no suitable range available for sid
I'm setting up a freebsd server which will authenticate against an Active Directory I mean: the server will NOT have any local users (except mandatory and minimum required for management and configuration) and will authenticate requests for login and access FOR EVERY SERVICE against an Active Directory Server I have configured the samba service and currently I can login to local terminal, ssh, smtp and pop3 services using local or AD users and password. Each service authenticates correctly the user, first trying on AD domain then, if failing, validating against local passwd db The problem is that I get this error every 30 seconds rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-549 I get this message for every builtin group in Active Directory Domain This error doesn't cause any problem or mulfunction to running services (ssh, smtp, pop3, etc). But it's really annoying and causes log file to grow up in size very very quickly as far as I can understand Samba is trying to associate BUILTIN groups with its local copy, but it doesn't have allowance for the operation (and in fact I do not want this) What can i do to stop this error from coming out every 30 seconds ? What have I missed in the configuration so that Samba try to copy the BUILTIN groups ? Here is my smbd configuration [global] workgroup = mydomain realm = mydomain.it security = ADS allow trusted domains = No idmap backend = idmap_rid:DMSWARE= 1000-10 idmap uid = 1000-10 idmap gid = 1000-10 template homedir = /home/%U template shell = /bin/sh winbind cache time = 3600 winbind nested groups = Yes winbind use default domain = Yes syslog only = Yes # These scripts are used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts add user script = /usr/sbin/pw useradd %u add group script = /usr/sbin/groupadd %g ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u delete user script = /usr/sbin/pw userdel %u ; delete user from group script = /usr/sbin/deluser %u %g delete group script = /usr/sbin/pw groupdel %g and here is my PAM stack for /etc/pam.d/system # System-wide defaults # # auth authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient pam_winbind.so try_first_pass #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass authrequiredpam_unix.so no_warn try_first_pass nullok # account account requiredpam_winbind.so #accountrequiredpam_krb5.so account requiredpam_login_access.so account requiredpam_unix.so # session #sessionoptionalpam_ssh.so session requiredpam_lastlog.so no_fail # password passwordsufficient pam_winbind.so try_first_pass #password sufficient pam_krb5.so no_warn try_first_pass passwordrequiredpam_unix.so no_warn try_first_pass thanks for every help or hint you can give me. - Any Help for this -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: R: [Samba] duplicate group in NET GROUPMAP LIST
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di Gianluca Culot > Inviato: mercoledì 2 maggio 2007 15.09 > A: samba@lists.samba.org > Oggetto: R: R: [Samba] duplicate group in NET GROUPMAP LIST > > > > > > -Messaggio originale- > > Da: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > conto di John H Terpstra > > Inviato: mercoledì 2 maggio 2007 14.56 > > A: samba@lists.samba.org > > Oggetto: Re: R: [Samba] duplicate group in NET GROUPMAP LIST > > > > > > On Wednesday 02 May 2007 07:40, Gianluca Culot wrote: > > > ... > > > > > the strange fact is the Domain Users appear to have a TWO sids > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) > > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) > > > > > > > > > > The first appear to be correctly mapped to the local users group > > > > > the latter has no mapping (-1) > > > > > > > > > > that's to me appeares really odd > > > > > > > > > > Can somebody explain me this old fact ? > > > > > > > > > > My actual Samba server (with smtp, pop3, wibind, sshd, > > apache21) works > > > > > perefctly and every user can authenticate correctly on every > > > > > > > > service with > > > > > > > > > his/her own AD domain user and password > > > > > > > > > > Any Hint? > > > > > PLEASE !?! > > > > > > > > Execute > > > > net groupmap cleanup > > > > > > > > then reset your mappings. > > > > > > > > - John T. > > > > -- > > > > To unsubscribe from this list go to the following URL and read the > > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > Looks loke > > > net groupmap cleanup > > > has no effect on my system > > > > > > here is the copy of action from my terminal > > > > > > mail# /home > net groupmap delete ntgroup="domain users" > > > Sucessfully removed domain users from the mapping db > > > > > > mail# /home > net groupmap list > > > System Operators (S-1-5-32-549) -> -1 > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > > Replicators (S-1-5-32-552) -> -1 > > > Guests (S-1-5-32-546) -> -1 > > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > > -> nobody > > > Power Users (S-1-5-32-547) -> -1 > > > Print Operators (S-1-5-32-550) -> -1 > > > Administrators (S-1-5-32-544) -> -1 > > > Account Operators (S-1-5-32-548) -> -1 > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel > > > Backup Operators (S-1-5-32-551) -> -1 > > > Users (S-1-5-32-545) -> -1 > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > > > > > mail# /home > net groupmap cleanup > > > Group Domain Guests is not mapped > > > Group Domain Users is not mapped > > > Group Domain Admins is not mapped > > > > > > mail# /home > net groupmap add ntgroup="Domain Users" > unixgroup="users" > > > type=b > > > No rid or sid specified, choosing algorithmic mapping > > > Successfully added group Domain Users to the mapping db > > > > > > mail# /home > net groupmap list > > > System Operators (S-1-5-32-549) -> -1 > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > > Replicators (S-1-5-32-552) -> -1 > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users > > > Guests (S-1-5-32-546) -> -1 > > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > > -> nobody > > > Power Users (S-1-5-32-547) -> -1 > > > Print Operators (S-1-5-32-550) -> -1 > > > Administrators (S-1-5-32-544) -> -1 > > > Account Operators (S-1-5-32-548) -> -1 > > > Domain Users (S-1-5-2
R: [Samba] Accessing files on a domain-controled network
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di Steven Woody > Inviato: mercoledì 2 maggio 2007 15.36 > A: [EMAIL PROTECTED] > Cc: samba@lists.samba.org > Oggetto: Re: [Samba] Accessing files on a domain-controled network > > > On 4/27/07, Gary Dale <[EMAIL PROTECTED]> wrote: > > Steven Woody wrote: > > > On 4/27/07, Gary Dale <[EMAIL PROTECTED]> wrote: > > >> Steven Woody wrote: > > >> > hi, > > >> > > > >> > i am new to samba and it seemed that samba documents > mainly focus on > > >> > how to setup a linux box as a samba server. but i am now > sitting in a > > >> > linux box and looking for a easy way to access a shared > file folder on > > >> > a domain-controled network. sorry for my no patience to read every > > >> > part of the document since i have to let this job done in today. > > >> > > > >> > the shared folder is something like: \\serverA\share, and > if i need > > >> > to access it from XP i need to login to our domain ( D ), using my > > >> > user name( U ), and password ( P ). my task is to, do the same > > >> > accessing from my linux box using same information above. > what do i > > >> > do? > > >> > > > >> > thanks in advance. > > >> > > > >> Here's what I use to access a share. I don't have it mounted > > >> automatically. Instead I type in mount /home/mnt/aux and I > get prompted > > >> for the password. You can remove the noauto and include a password in > > >> the /etc/fstab file line for the share but that isn't exactly secure. > > >> > > >> Note that the filesystem type is cifs. This is similar to > smbfs but cifs > > >> is maintained. :) > > >> > > >> //hyperzip/aux$ /home/mnt/aux cifs > > >> noauto,user,rw,user=garydale 0 0 > > >> > > >> You can also look at authenticating against a domain controller for a > > >> single sign-on. Check the samba.org howtos and by example > documents for > > >> details on how to do this. It's not supposed to be too > tricky. I've just > > >> never gotten to it. :) > > >> -- > > >> To unsubscribe from this list go to the following URL and read the > > >> instructions: https://lists.samba.org/mailman/listinfo/samba > > >> > > > > > > so, i use the similar setting as yours, > > > > > > put a line in fstab, > > > > > > //foohost/backup /mnt/aux cifs noauto,user,rw,user=me 0 0 > > > > > > > > > then i do 'mount /mnt/aux', but got following error, > > > > > > mount error: could not find target server. TCP name foohost/backup not > > > found > > > No ip address specified and hostname not found > > > > > > and, smbcliet -L //foohost will report 'Connection to foohost failed. > > > > > > what's the clue? > > > > > > > > Look at the error message it's returning. It's telling you it can't find > > foohost. You can try putting in the IP address instead of the host name. > > If that works, it's a name resolution issue. > > > > yes, thank you. i've ensured that it is a name resolution problem. > but i've already set the wins server. what's else do i need to do? > thanks. > > -- > woody > > then sun rose thinly from the sea and the old man could see the other > boats, low on the water and well in toward the shore, spread out > across the current. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > a DNS server would be MUCH better as if you use a wins server you must enable also a winbind client (winbind is a microsoft technology) DNS client is builtin in Unix, so you do not have to install/activate anything just fill in /etc/named.conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: R: [Samba] duplicate group in NET GROUPMAP LIST
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di John H Terpstra > Inviato: mercoledì 2 maggio 2007 14.56 > A: samba@lists.samba.org > Oggetto: Re: R: [Samba] duplicate group in NET GROUPMAP LIST > > > On Wednesday 02 May 2007 07:40, Gianluca Culot wrote: > > ... > > > > the strange fact is the Domain Users appear to have a TWO sids > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) > > > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) > > > > > > > > The first appear to be correctly mapped to the local users group > > > > the latter has no mapping (-1) > > > > > > > > that's to me appeares really odd > > > > > > > > Can somebody explain me this old fact ? > > > > > > > > My actual Samba server (with smtp, pop3, wibind, sshd, > apache21) works > > > > perefctly and every user can authenticate correctly on every > > > > > > service with > > > > > > > his/her own AD domain user and password > > > > > > > > Any Hint? > > > > PLEASE !?! > > > > > > Execute > > >net groupmap cleanup > > > > > > then reset your mappings. > > > > > > - John T. > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > Looks loke > > net groupmap cleanup > > has no effect on my system > > > > here is the copy of action from my terminal > > > > mail# /home > net groupmap delete ntgroup="domain users" > > Sucessfully removed domain users from the mapping db > > > > mail# /home > net groupmap list > > System Operators (S-1-5-32-549) -> -1 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > Replicators (S-1-5-32-552) -> -1 > > Guests (S-1-5-32-546) -> -1 > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > -> nobody > > Power Users (S-1-5-32-547) -> -1 > > Print Operators (S-1-5-32-550) -> -1 > > Administrators (S-1-5-32-544) -> -1 > > Account Operators (S-1-5-32-548) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel > > Backup Operators (S-1-5-32-551) -> -1 > > Users (S-1-5-32-545) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > > > mail# /home > net groupmap cleanup > > Group Domain Guests is not mapped > > Group Domain Users is not mapped > > Group Domain Admins is not mapped > > > > mail# /home > net groupmap add ntgroup="Domain Users" unixgroup="users" > > type=b > > No rid or sid specified, choosing algorithmic mapping > > Successfully added group Domain Users to the mapping db > > > > mail# /home > net groupmap list > > System Operators (S-1-5-32-549) -> -1 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > Replicators (S-1-5-32-552) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users > > Guests (S-1-5-32-546) -> -1 > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > -> nobody > > Power Users (S-1-5-32-547) -> -1 > > Print Operators (S-1-5-32-550) -> -1 > > Administrators (S-1-5-32-544) -> -1 > > Account Operators (S-1-5-32-548) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel > > Backup Operators (S-1-5-32-551) -> -1 > > Users (S-1-5-32-545) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > mail# /home > > > > > Maybe Domain Users is NOT to be mapped ? > > is of any use mapping Domain Users and Users ? I would say YES > as I want to > > set permissions based on AD groups > > What version of Samba do you have? > > For now, stop Samba, remove the group_mapping,tdb file, then remap your > groups. In the long run sugg
R: R: [Samba] duplicate group in NET GROUPMAP LIST
-Messaggio originale- Da: Rune Tønnesen [mailto:[EMAIL PROTECTED] Inviato: mercoledì 2 maggio 2007 14.51 A: Gianluca Culot Cc: samba@lists.samba.org Oggetto: Re: R: [Samba] duplicate group in NET GROUPMAP LIST Hi Gianluca Do you have more than one password backend e.g. both smbpasswd and tdbsam or ldapsam ? -- Rune Tønnesen Venlig Hilsen/Best Regards >> -Messaggio originale- >> Da: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] >> conto di John H Terpstra >> Inviato: mercoledì 2 maggio 2007 14.07 >> A: samba@lists.samba.org >> Oggetto: Re: [Samba] duplicate group in NET GROUPMAP LIST >> >> >> On Wednesday 02 May 2007 04:58, Gianluca Culot wrote: >> > Hi List >> > >> > I'm experiencing a strange behaviour on my samba server >> > >> > the group "Domain Users" (and other builtin groups from my AD servers) >> > appear to have a duplicated SID >> > >> > here is the output of >> > >> > mail# > net groupmap list >> > System Operators (S-1-5-32-549) -> -1 >> > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 >> > Replicators (S-1-5-32-552) -> -1 >> > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users >> > Guests (S-1-5-32-546) -> -1 >> > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 >> > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) >> -> nobody >> > Power Users (S-1-5-32-547) -> -1 >> > Print Operators (S-1-5-32-550) -> -1 >> > Administrators (S-1-5-32-544) -> -1 >> > Account Operators (S-1-5-32-548) -> -1 >> > Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 >> > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel >> > Backup Operators (S-1-5-32-551) -> -1 >> > Users (S-1-5-32-545) -> -1 >> > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 >> > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 >> > >> > >> > and in /var/log/messages >> > May 2 11:00:05 mail winbindd[23804]: [2007/05/02 11:00:05, 0] >> > sam/idmap_rid.c:rid_idmap_get_id_from_sid(476) >> > May 2 11:00:05 mail winbindd[23804]: rid_idmap_get_id_from_sid: no >> > suitable range available for sid: S-1-5-32-549 >> > >> > which appear to be a group in BUILTIN group from AD server >> > >> > the strange fact is the Domain Users appear to have a TWO sids >> > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) >> > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) >> > >> > The first appear to be correctly mapped to the local users group >> > the latter has no mapping (-1) >> > >> > that's to me appeares really odd >> > >> > Can somebody explain me this old fact ? >> > >> > My actual Samba server (with smtp, pop3, wibind, sshd, apache21) works >> > perefctly and every user can authenticate correctly on every >> service with >> > his/her own AD domain user and password >> > >> > Any Hint? >> > PLEASE !?! >> >> Execute >> net groupmap cleanup >> >> then reset your mappings. >> >> - John T. >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> > > Looks loke > net groupmap cleanup > has no effect on my system > > here is the copy of action from my terminal > > mail# /home > net groupmap delete ntgroup="domain users" > Sucessfully removed domain users from the mapping db > > mail# /home > net groupmap list > System Operators (S-1-5-32-549) -> -1 > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody > Power Users (S-1-5-32-547) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Account Operators (S-1-5-32-548) -> -1 > Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > Domain Admins (
R: [Samba] duplicate group in NET GROUPMAP LIST
> -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di John H Terpstra > Inviato: mercoledì 2 maggio 2007 14.07 > A: samba@lists.samba.org > Oggetto: Re: [Samba] duplicate group in NET GROUPMAP LIST > > > On Wednesday 02 May 2007 04:58, Gianluca Culot wrote: > > Hi List > > > > I'm experiencing a strange behaviour on my samba server > > > > the group "Domain Users" (and other builtin groups from my AD servers) > > appear to have a duplicated SID > > > > here is the output of > > > > mail# > net groupmap list > > System Operators (S-1-5-32-549) -> -1 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > Replicators (S-1-5-32-552) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users > > Guests (S-1-5-32-546) -> -1 > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > -> nobody > > Power Users (S-1-5-32-547) -> -1 > > Print Operators (S-1-5-32-550) -> -1 > > Administrators (S-1-5-32-544) -> -1 > > Account Operators (S-1-5-32-548) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel > > Backup Operators (S-1-5-32-551) -> -1 > > Users (S-1-5-32-545) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > > > > > and in /var/log/messages > > May 2 11:00:05 mail winbindd[23804]: [2007/05/02 11:00:05, 0] > > sam/idmap_rid.c:rid_idmap_get_id_from_sid(476) > > May 2 11:00:05 mail winbindd[23804]: rid_idmap_get_id_from_sid: no > > suitable range available for sid: S-1-5-32-549 > > > > which appear to be a group in BUILTIN group from AD server > > > > the strange fact is the Domain Users appear to have a TWO sids > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) > > > > The first appear to be correctly mapped to the local users group > > the latter has no mapping (-1) > > > > that's to me appeares really odd > > > > Can somebody explain me this old fact ? > > > > My actual Samba server (with smtp, pop3, wibind, sshd, apache21) works > > perefctly and every user can authenticate correctly on every > service with > > his/her own AD domain user and password > > > > Any Hint? > > PLEASE !?! > > Execute >net groupmap cleanup > > then reset your mappings. > > - John T. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Looks loke net groupmap cleanup has no effect on my system here is the copy of action from my terminal mail# /home > net groupmap delete ntgroup="domain users" Sucessfully removed domain users from the mapping db mail# /home > net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 mail# /home > net groupmap cleanup Group Domain Guests is not mapped Group Domain Users is not mapped Group Domain Admins is not mapped mail# /home > net groupmap add ntgroup="Domain Users" unixgroup="users" type=b No rid or sid specified, choosing algorithmic mapping Successfully added group Domain Users to the mapping db mail# /home > net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 Replicators (S-1-5-32-552) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users Guests (S-1-5-32-546) -> -1 BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 Domain Guests (S-1-5-21-53163574
[Samba] duplicate group in NET GROUPMAP LIST
Hi List I'm experiencing a strange behaviour on my samba server the group "Domain Users" (and other builtin groups from my AD servers) appear to have a duplicated SID here is the output of mail# > net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 Replicators (S-1-5-32-552) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users Guests (S-1-5-32-546) -> -1 BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 and in /var/log/messages May 2 11:00:05 mail winbindd[23804]: [2007/05/02 11:00:05, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(476) May 2 11:00:05 mail winbindd[23804]: rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-549 which appear to be a group in BUILTIN group from AD server the strange fact is the Domain Users appear to have a TWO sids Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) The first appear to be correctly mapped to the local users group the latter has no mapping (-1) that's to me appeares really odd Can somebody explain me this old fact ? My actual Samba server (with smtp, pop3, wibind, sshd, apache21) works perefctly and every user can authenticate correctly on every service with his/her own AD domain user and password Any Hint? PLEASE !?! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 : windbindd log missing failing user name
Question : how can I get the name of the user in the winbindd log if user fails authentication ? I'm running a FreeBsd 6 server with Postfix Dovecot Cyrus-Sasl Samba3 The primary task of the server is running a mail server wich autheticates users against a AD (W2003 server). Everything works fine. Users can access authenticated mail services (sending and receiving) with local or remote (AD) user and password. Yet I get authentication error in daily log. mail.dmsware.it login failures: Apr 22 16:49:49 mail pam_winbind[84300]: request failed: Wrong Password, PAM error was 9, NT error was NT_STATUS_WRONG_PASSWORD The error changes in Apr 22 16:53:11 mail pam_winbind[84315]: request failed: Account locked out, PAM error was 8, NT error was NT_STATUS_ACCOUNT_LOCKED_OUT after 5 trials (as AD locks out account according to policy) Yet no user is asking me for help... so I'm afraid it is not an internal User, but somebody trying to get an unauthorized access from outside ( yes this is not an internal mail server only) so the Question : how can I get the name of the user in the winbindd log if user fails authentication ? I checked EVERY log from Messages to maillog... no hint about the user failing authentication ! How could get the same of the user failing authentication on the server ? Some hint please ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] Printer and faxes icon in browsing list
This shall not be a Samba problem m$ clients automatically searches the network for shares and printers upon connecting to the network. This is probably useful in a SOHO or home network but not the enterprise. To disable automatic discovery: In Explorer, click Tools Click Folder Options Click the View tab, Uncheck Automatically Search for Network Folders and Printers in Advanced settings list. but this will not really solve your problem. More, if you have administrator priviledges on the m$ workstation you will anyway see Printer and Fax folder when browsing the network In fact that icon corresponds to a RPC call m$ does against remote server (samba or not), so no way to hide it from samba, nor to instruct m$ not to show the icon -- Gianluca Culot -Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] conto di mokhtar Inviato: venerdi 13 aprile 2007 15.38 A: [EMAIL PROTECTED] Oggetto: [Samba] Printer and faxes icon in browsing list Hi I have a server with samba 2.2.12 used for file sharing ( not for printer sharing) How to hide the "printer and faxes" icon displayed when browsing the server ? I set load printers=no in smb.conf -- View this message in context: http://www.nabble.com/Printer-and-faxes-icon-in-browsing-list-tf3571681.html #a9979125 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 : no suitable range available for sid
I'm setting up a freebsd server which will authenticate against an Active Directory I mean: the server will NOT have any local users (except mandatory and minimum required for management and configuration) and will authenticate requests for login and access FOR EVERY SERVICE against an Active Directory Server I have configured the samba service and currently I can login to local terminal, ssh, smtp and pop3 services using local or AD users and password. Each service authenticates correctly the user, first trying on AD domain then, if failing, validating against local passwd db The problem is that I get this error every 30 seconds rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-549 I get this message for every builtin group in Active Directory Domain This error doesn't cause any problem or mulfunction to running services (ssh, smtp, pop3, etc). But it's really annoying and causes log file to grow up in size very very quickly as far as I can understand Samba is trying to associate BUILTIN groups with its local copy, but it doesn't have allowance for the operation (and in fact I do not want this) What can i do to stop this error from coming out every 30 seconds ? What have I missed in the configuration so that Samba try to copy the BUILTIN groups ? Here is my smbd configuration [global] workgroup = mydomain realm = mydomain.it security = ADS allow trusted domains = No idmap backend = idmap_rid:DMSWARE= 1000-10 idmap uid = 1000-10 idmap gid = 1000-10 template homedir = /home/%U template shell = /bin/sh winbind cache time = 3600 winbind nested groups = Yes winbind use default domain = Yes syslog only = Yes # These scripts are used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts add user script = /usr/sbin/pw useradd %u add group script = /usr/sbin/groupadd %g ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u delete user script = /usr/sbin/pw userdel %u ; delete user from group script = /usr/sbin/deluser %u %g delete group script = /usr/sbin/pw groupdel %g and here is my PAM stack for /etc/pam.d/system # System-wide defaults # # auth authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient pam_winbind.so try_first_pass #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass authrequiredpam_unix.so no_warn try_first_pass nullok # account account requiredpam_winbind.so #accountrequiredpam_krb5.so account requiredpam_login_access.so account requiredpam_unix.so # session #sessionoptionalpam_ssh.so session requiredpam_lastlog.so no_fail # password passwordsufficient pam_winbind.so try_first_pass #password sufficient pam_krb5.so no_warn try_first_pass passwordrequiredpam_unix.so no_warn try_first_pass thanks for every help or hint you can give me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
