re: [Samba] smbd: nss_ldap: could not hard reconnect to LDAP server - Can't contact LDAP server
Stephane, have you issued a "smbpasswd -w " ?? Cheers, GrantB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20pre1 - Test in NT4 Domain using "winbind nested groups"
Guys, I've been testing functionality of this new release in my playpen setup. So far things appear to be working ok, however in an NT4 Domain with "winbind nested groups = yes" defined I see none of the NT4 DC's local groups in Samba, either via wbinfo -g, getent group, or via Windows Explorer security dialogs. Presumably the reasonably recent nested groups support will work in an NT4 domain, as it appears to in ADS (although I've not yet tested in ADS envr myself, yet)? Envr: SLES8 2.4.21-278 Kernel, glibc-2.2.5-231 Arch: (s390) excerpt from smb.conf: [global] workgroup = DBR05A netbios name = SLES81 netbios aliases = THOME VHOME QHOME server string = SLES8 Samba Test Server os level = 65 domain master = no domain logons = no preferred master = no local master = no wins server = 10.250.0.110 security = DOMAIN encrypt passwords = yes password server = gollum max mux = 500 winbind uid = 1-2 winbind gid = 1-2 winbind separator = + winbind nested groups = yes deadtime = 60 smb ports = 139 445 ### ##Start of the default options for defined shares## ### browseable = yes read only = no nt acl support = yes guest ok = no inherit acls = yes inherit owner = yes ; inherit group = yes dos filetimes = yes map acl inherit = yes store dos attributes = yes vfs objects = audit I plan to test this on x86 arch also, but expect the same unless this is an endian bug. Cheers, Grant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
re: [Samba] Obtaining log level 10 for just specified user(s) (MS Word & Excel File Locking issue - still
Nathan, get pid of the smbd process and enter the following command: "smbcontrol debug 10" You can also check the current loglevel by doing a: "smbcontrol debuglevel" or a "smbcontrol smbd debuglevel" # to list debuglevel for all smbd's Cheers, Grant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Folder Redirection broken if access is from ACL only
I have an issue with W2K/XP using Folder Redirection to a Samba homes share (or any share for that matter). This is only a problem when access for a user is via an ACE (ACL) and not the traditional file system permissions. The problem is on Linux (various distribs (SLES8 and FC2) 2.4 and 2.6 Kernels), and Samba-3.0.11 on ext3 file systems mounted with user_xattr,acl options. This is not an ACL problem as such. Access to shares and the data within is fine using ACLs, it only becomes a problem when Windows tried to access redirected folders on Samba, where that access is granted via ACLs only. So for example (user is cath in this example): [EMAIL PROTECTED] users]# ls -ld cath drwxrwx---+ 5 root root 4096 Apr 15 20:40 cath [EMAIL PROTECTED] users]# getfacl cath # file: cath # owner: root # group: root user::rwx user:cath:rwx group::--- mask::rwx other::--- default:user::rwx default:user:cath:rwx default:group::--- default:mask::rwx default:other::--- I've tested this using the "profile acls = yes" option also, as I suspected windows may have being attempting similar access checks that made this necessary for roaming profiles on Samba shares, but the problem was still present. It seems that Windows may be trying to set ACLs on index.dat which fails when access is via ACLs only. Here's an indication of this from the smbd log: [2005/04/12 21:44:55, 2] smbd/posix_acls.c:set_canon_ace_list(2436) set_canon_ace_list: sys_acl_set_file failed for file k-drive/History/History.IE5/MSHist012005041220050413/index.dat (Operation not permitted). [2005/04/12 21:44:55, 2] smbd/close.c:close_normal_file(270) DBR05A+cath closed file k-drive/History/History.IE5/MSHist012005041220050413/index.dat (numopen=3) It's easy to re-create. 1. Setup a test share 2. Setup permissions on share directory: chown -R test_user test_dir; 3. Setup your Windows image to redirect folders to your test share (I wont go into details on how to do this on the assumption you prolly already know anyway) 4. Logon to your windows domain and check that folder redirection is working. Logoff once you have achieved this. 5. Change the permissions so access is via ACLs only: chown -R root.root test_dir; setfacl -R -m test_user:rwx test_dir; setfacl -R -m default:test_user:rwx test_dir 6. Logon to your windows domain once again and windows is no longer able to redirect folders to this share (IE's History folder is a good one to experiment with). Cheers, Grant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
I have an issue with W2K/XP using Folder Redirection to a Samba homes share (or any share for that matter). This is only a problem when access for a user is via an ACE (ACL) and not the traditional file system permissions. So for example (user is test in this example): # ls -ld History/ drwxrwx---+ 3 root root 4096 Apr 12 21:15 History/ # getfacl History # file: History # owner: root # group: root user::rwx user:test:rwx group::r-x group:c-l-management:rwx group:q-l-management:rwx group:c-l-management (read):r-x mask::rwx other::--- default:user::rwx default:user:test:rwx default:group::r-x default:group:c-l-management:rwx default:group:q-l-management:rwx default:group:c-l-management (read):r-x default:mask::rwx default:other::--- I have also tried this using the "profile acls = yes" option, but with no success (works fine if similar permissions are used for raoming profiles tho, as it was designed to do). It seems that Windows may be trying to set acls on index.dat which seems to fail if default (parent) permissions come from ACLs only. Here's an indication of this from the samba log: [2005/04/12 21:44:55, 2] smbd/posix_acls.c:set_canon_ace_list(2436)� set_canon_ace_list: sys_acl_set_file failed for file k-drive/History/History.IE5/MSHist012005041220050413/index.dat (Operation not permitted). [2005/04/12 21:44:55, 2] smbd/close.c:close_normal_file(270)� DBR05A+cath closed file k-drive/History/History.IE5/MSHist012005041220050413/i ndex.dat (numopen=3) Any help would be appreciated. I expect that this may be an Samba issue that might need to be looked at by the samba-technical gods. Cheers, Grant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] W2K Explorer security propagation prob in 2.2.8 and Samba-3's and HEAD
I've have an NT4 PDC with Samba-2.2.8 joined as a domain member. When using Explorer in W2K to change security settings on Samba shares, the security settings are not propagted down the the directory tree - yes I have ticked the "Reset perms on all child.". I also see "CREATOR OWNER" and "CREATOR GROUP" as accounts defined to all directories. 2.2.7a exhibits none of these issues, but 3 (Alpha 21) and HEAD both do. BTW, I've tested on different Linux distribs (RedHat, SuSE and Debian) on s390 and I686 arcs. One important point is that Samba is running with-acl-support enabled on POSIX ACL enabled Kernels at 2.4.19 and 2.4.20. Any help would be greatly appreciated. Cheers, Grant -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-2.2.7a and Admin Users with NT PDC
Anybody know why Admin Users doesn't appear to work on my Samba shares using winbindd (security = domain)? Is it expected to work in much the same way as with a Samba PDC or running security = user, or are there specific actions that need to be taken? Linux SuSE SLES7 on S390, Kernel 2.4.19, Samba 2.2.7a, gcc-2.95.3-62 Cheers, Grant OS/390 Technical Consultant IBM Global Services Australia [EMAIL PROTECTED] / Tel: +61-7-3213-2109 / Fax +61-7-3213-2013 / Mobile +61-407-214-737 Lvl 5, IBM Centre, 348 Edward Street, Brisbane Qld 4000 (GPO Box 435, Brisbane Qld 4001) BR06 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-2.2.7a Compile error --with-pam
Guys, I'm having some problems trying to compile Samba-2.2.7a --with-pam. The ./configure works fine but the compile fails. I have no problems --without-pam. Any help would be greately appreciated. Linux SuSE SLES7 on S390, Kernel 2.4.19, Samba 2.2.7a, gcc-2.95.3-62, pam-0.74-34, pam-devel-0.74-34 ./configure \ --prefix=/usr \ --sysconfdir=/etc/samba \ --localstatedir=/var/log/samba \ --libdir=/etc/samba \ --with-privatedir=/etc/samba \ --with-libdir=/etc/samba \ --with-lockdir=/var/lock/samba \ --with-piddir=/var/lock/samba \ --with-swatdir=/usr/share/swat \ --with-acl-support \ ; req'd for posix ACL support --with-winbind \ --with-pam make 2>errors errors: nsswitch/pam_winbind.c:97: dereferencing pointer to incomplete type nsswitch/pam_winbind.c: In function `winbind_request': nsswitch/pam_winbind.c:111: `PAM_SERVICE_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:122: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c: In function `winbind_auth_request': nsswitch/pam_winbind.c:154: `PAM_AUTH_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:158: `PAM_USER_UNKNOWN' undeclared (first use in this function) nsswitch/pam_winbind.c:164: `PAM_IGNORE' undeclared (first use in this function) nsswitch/pam_winbind.c:167: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c:156: warning: unreachable code at beginning of switch statement nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:236: parse error before `*' nsswitch/pam_winbind.c: In function `_winbind_read_password': nsswitch/pam_winbind.c:252: `pass' undeclared (first use in this function) nsswitch/pam_winbind.c:258: `ctrl' undeclared (first use in this function) nsswitch/pam_winbind.c:258: `PAM_OLDAUTHTOK' undeclared (first use in this function) nsswitch/pam_winbind.c:258: `PAM_AUTHTOK' undeclared (first use in this function) nsswitch/pam_winbind.c:265: `pamh' undeclared (first use in this function) nsswitch/pam_winbind.c:266: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c:277: `PAM_AUTHTOK_RECOVER_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:289: storage size of `msg' isn't known nsswitch/pam_winbind.c:295: `comment' undeclared (first use in this function) nsswitch/pam_winbind.c:297: `PAM_TEXT_INFO' undeclared (first use in this function) nsswitch/pam_winbind.c:305: `PAM_PROMPT_ECHO_OFF' undeclared (first use in this function) nsswitch/pam_winbind.c:306: `prompt1' undeclared (first use in this function) nsswitch/pam_winbind.c:309: `prompt2' undeclared (first use in this function) nsswitch/pam_winbind.c:325: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:325: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:325: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:325: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:325: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:325: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:325: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:325: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:325: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:325: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:325: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:325: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:325: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:325: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:325: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:325: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:330: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:330: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:330: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: de
