[Samba] Roaming Profile and Openswan
I've got a test network that I'm debugging Samba-3.04/OpenLDAP and Openswan 2.05. The test network has 6 machines total: (lp1)Windows 2000 Machine(192.168.0.10) | | (pdc)Samba 3.04 PDC, slackware 10(192.168.0.5) | | Openswan 2.05 VPN, slackware 10(192.168.0.1) | | Internet | | Openswan 2.05 VPN, slackware 10(192.168.1.1) | | (bdc)Samba 3.04 BDC, slackware 10(192.168.1.5) | | (test-1)Windows 2000 Machine(192.168.1.10) I've got ldap/slurp working great. My problem is this. If I have a user jdoe, that normally logs on at the 192.168.0.0 side of the network I want his profile to be stored on \\pdc\profile. Which it does! But when I logon as jdoe from the 192.168.1.0 side of the network, I logon with no errors, but it doesn't pull down my profile. I got it to work once when I messed with the mtu of the ipsec0 devices on the vpn's. Is this a openswan or samba issue? I can't seem to track it down. Has anyone every done this before? Thanks for your help Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000/xp logon says cannot create profile
I would try pdbedit -v username, see where the profile is pointint and make sure the user can access that share as well as write to it. If you need to change it just do this, pdbedit --profile=\\gentooserver\profiledirectory username, and that will update it. Hope this helps. Jason I'm running samba-3 on gentoo using samba as a pdc to manage users to designated shares and home directories. I have managed to create users/passwords which create the shared drives using a batch file. However, when I do login with the user, it says it can't create a profile and forces the the creation of a temporary profile which is deleted when the user logs out. Is there a way to fix this using pdbedit so that the profile is stored in the profiles folder in samba-3? thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd+ldapsam infinite loop, cpu=100%
Whats your log level set at? I've had it set at 10 before and its
pegged out the processor. Maybe thats all it is.
The Ranger wrote:
Hello,
We have been running samba v2 for quite some time without any problems.
But after the upgrade to samba-3.0.5 some anomalies have come out. I've
compiled it with LDAP authentication support; the LDAP server is
installed on the same machine and the communication is done via sockets.
After working fine for some time, and as usual creating multiple threads
from the smbd proccess, it suddenly goes into an infinite loop;
Running strace on that thread shows:
open(/etc/passwd, O_RDONLY) = 28
fcntl64(28, F_GETFD)= 0
fcntl64(28, F_SETFD, FD_CLOEXEC)= 0
fstat64(28, {st_mode=S_IFREG|0644, st_size=852, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x4033d000
read(28, root:x:0:0:root:/root:/bin/bash\n..., 4096) = 852
read(28, , 4096) = 0
close(28) = 0
munmap(0x4033d000, 4096)= 0
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PIPE], NULL, 8) = 0
getpid()= 19340
geteuid32() = 65534
getpid()= 19340
geteuid32() = 65534
time(NULL) = 1093339331
write(26, 0\201\305\2\3%\302\233c\201\275\4\25ou=users,dc=21k,dc...,
200) = 200
select(1024, [26], [], NULL, NULL) = 1 (in [26])
read(26, 0\16\2\3%\302\233e, 8) = 8
read(26, \7\n\1\0\4\0\4\0, 8) = 8
time(NULL) = 1093339331
time([1093339331]) = 1093339331
rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PIPE], NULL, 8) = 0
open(/etc/passwd, O_RDONLY) = 28
fcntl64(28, F_GETFD)= 0
fcntl64(28, F_SETFD, FD_CLOEXEC)= 0
fstat64(28, {st_mode=S_IFREG|0644, st_size=852, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x4033d000
read(28, root:x:0:0:root:/root:/bin/bash\n..., 4096) = 852
read(28, , 4096) = 0
close(28) = 0
munmap(0x4033d000, 4096)= 0
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
.
While normally working smbd threads are owen by the user who is logged
into the domain, the looping ones are always run by the nobody-user:
nobody 19339 4.3 1.2 7012 3976 ?S02:26 29:07
/usr/local/samba/sbin/smbd -D
nobody 19341 4.2 1.2 7012 3976 ?S02:26 28:30
/usr/local/samba/sbin/smbd -D
nobody 19342 4.0 1.2 7012 3980 ?S02:26 26:56
/usr/local/samba/sbin/smbd -D
nobody 19343 3.9 1.2 7012 3976 ?S02:26 26:15
/usr/local/samba/sbin/smbd -D
I've tested the exactly the same configuration on the other machine and
it works fine, no looping.
Any ideas, how to solve this problem or what to look for?
--
Best wishes,
The Ranger
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] could not copy a file bigger than 1GB
What filesystem are you using? Hi, I have installed Samba 2.2.8 on AIX 5.2 server. I tried to copy a file (around 106 GB) from win2k server to this AIX box. The copy process was stop when the file was copied up to 1GB. Do you know what was wrong? Is there anything I need to set on AIX server site in order to transfer large file? -Shujane -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to use /etc/passwd and /etc/shadow for samba passwords?
I don't think you can. I think the only way you can get rid of smbpasswd would be using ldap, pam_ldap and nss_ldap. I think... How can i configure samba to use /etc/passwd and /etc/shadow for the samba passwords? I dont want to use smbpasswd for samba and would like it to just get its passwords from unix OS. Im running solaris8 and samba 3. thanks! This e-mail message is for the sole use of the intended recipient(s) and may contain proprietary, confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient (or an employee or agent responsible to deliver it to the intended recipient), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Master/Slave
Is anyone using this? My smb.conf file has this line in server1(master) passwd backend = ldapsam:ldaps://ldap.server1 ldaps://ldap.server2 and this is what server2(slave ldap, BDC) looks like: passwd backend = ldapsam:ldaps://ldap.server1 ldap.server2 This is what happens. When I take down server 1's ldap server, server2 just starts using its local ldap server. But if I take down the VPN between the two, I try the same test, pdbedit -L, it works but it take about 6 seconds for it to timeout on server1. Is this normal or do I need to change some DNS setting? Thanks for your help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Master/Slave
I don't think this is a solution. If I understand what you were saying, on the BDC I should have this as the passwd backend: passwd backend = ldapsam:ldaps://ldap.server2 ldaps://ldap.server1 server2 - the BDC and ldap slave which is read only server1 - is the PDB and has the ldap master which users can read/write, so they could update their passwords. If I have it setup this way, the users that on the other side will never be able to update their passwords, at least on that leg of the VPN. Or maybe I just thinking about this the wrong way. Jason rruegner wrote: Hi, if you want to stay bdc stay alive, in cases when vpn broke so on your bdc smb.conf your slave ldap should be the first entry in the passwd backend, so if vpn brake , the slave ldap operates with its last entries from the master and will give the win clients any chance to operate just like if the pdc is alive. If vpn is up again it the ldap should refresh the slave automatic. But note, a bdc is read only so changes can olny be made to the master ldap on the pdc.So no changes can be made to the domain during the blackout period. If you want a full functional bdc you also should setup user clients homes and profiles in your outside ( vpn ) office hosted on the bdc. ( a seperate dhcp server and an bind slave with longtime zone caching is very usefull, too ) Regards Jason C. Waters schrieb: Is anyone using this? My smb.conf file has this line in server1(master) passwd backend = ldapsam:ldaps://ldap.server1 ldaps://ldap.server2 and this is what server2(slave ldap, BDC) looks like: passwd backend = ldapsam:ldaps://ldap.server1 ldap.server2 This is what happens. When I take down server 1's ldap server, server2 just starts using its local ldap server. But if I take down the VPN between the two, I try the same test, pdbedit -L, it works but it take about 6 seconds for it to timeout on server1. Is this normal or do I need to change some DNS setting? Thanks for your help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP failover
Hey guys, I'm having a problem getting LDAP/Samba to failover, or at least how I think it should. I have two servers with passwd backend = ldapsam://ldaps://ldap.server1 ldaps://ldap.server2. Works great as long as I can ping both servers. Say I take down ldap on server1, and also take down the ethernet device so it cannot communicate with the other server, so it should then samba should look at server2. It does but it takes 6 seconds for it to switch. To me that seems dumb. All communication is then delayed by six seconds which isn't much of an option. I'm tempted to write a perl script that will modify the passwd backend line in samba and just replace it with the server that is can find. Has anyone else had this problem? If so how did you resolve it? Thanks for your help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cross subnet browsing - Working.....kindof....
I finally got cross subnet browsing working. I had to set the wins server on every client to 192.168.0.1 The 192.168.2.0 side can open My network Places and see all the computers. The only problem is that the 192.168.0.0 side can't see the other computers in 192.168.2.0, they only see the computers on 192.168.0.0. Whats really weird is that I can type in \\computername and it goes right to it. I'm thinking that one side not being able to see the other side is because a windows 2000 PDC on the 192.168.0.0 side. Is their some service that I need to turn off in order to resolve this issue? Thanks for your help. Below is how my network looks: 192.168.0.0(clients, XP, with the wins server set as 192.168.0.1, in DOMAIN TEST) | 192.168.0.4(Win2K PDC with its wins server set to 192.168.0.1) | 192.168.0.1(Linux gateway, with samba 3.0.4 wins support = yes) | | Internet | | 192.168.2.1(Linux gateway, with samba 3.0.4 wins server = 192.168.0.1) | 192.168.0.0(clients, XP, with the wins server set as 192.168.0.1, in workgroup: TEST) Thanks for your help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cross subnet browsing - Working.....kindof....
I finally got cross subnet browsing working. I had to set the wins server on every client to 192.168.0.1 The 192.168.2.0 side can open My network Places and see all the computers. The only problem is that the 192.168.0.0 side can't see the other computers in 192.168.2.0, they only see the computers on 192.168.0.0. Whats really weird is that I can type in \\computername and it goes right to it. I'm thinking that one side not being able to see the other side is because a windows 2000 PDC on the 192.168.0.0 side. Is their some service that I need to turn off in order to resolve this issue? Thanks for your help. Below is how my network looks: 192.168.0.0(clients, XP, with the wins server set as 192.168.0.1, in DOMAIN TEST) | 192.168.0.4(Win2K PDC with its wins server set to 192.168.0.1) | 192.168.0.1(Linux gateway, with samba 3.0.4 wins support = yes) | | Internet | | 192.168.2.1(Linux gateway, with samba 3.0.4 wins server = 192.168.0.1) | 192.168.0.0(clients, XP, with the wins server set as 192.168.0.1, in workgroup: TEST) Thanks for your help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cross subnet browsing
I'm having a hard time figuring this one out. I've done this before when I had a PDC on one end of the VPN, and a BDC on the other. This is what my setup looks like now. Clients(XP) | PDC(192.168.0.4), windows 2000 | | WINS Server Samba(192.168.0.1), also the gateway for this network | | Internet | | WINS Server Samba(192.168.2.1), also the gateway for this network | | Clients(XP) With this setup I'm not sure how I'm suppose to setup each wins server. Do I need to have one on each subnet, and then have them both remote announce and remote browse sync to each other? Or maybe some like that? When I'm using remote announce, should it be 192.168.0.1 or 192.168.0.0 or 192.168.0.255? Same with remote browse sync, does it need to be the actual address of the other wins server? or do I just send it to that subnet? Does anyone have a working configuration with this setup(Domain on one side of the tunnel and just a workgroup on the other, both are the same workgroup). All the machines can ping each others ip, so I know its not a tunnel issue. Thanks for your guys help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross subnet browsing
Charles, The clients behind each gateway, do they point to the local wins server then? So for the clients on the 192.168.0.0 network, they would point to 192.168.0.1, where samba is running a wins server and announces to 192.168.2.255? You have wins server = 192.168.1.50, would I just have wins support = yes if its on the same machine? Let me clear up what I'm trying to say. Should my network look like this: Option A Clients on network A(192.168.0.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) 192.168.0.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.2.255) 192.168.2.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.0.255) Clients on network B(192.168.2.0) have a wins server of 192.168.2.1(the vpn gateway for them as well as a samba wins server) Or this: Option B Clients on network A(192.168.0.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) 192.168.0.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.2.255) 192.168.2.1(Samba wins server with these settings, wins server = 192.168.0.1, remote announce = 192.168.0.255) Clients on network B(192.168.2.0) have a wins server of 192.168.2.1(the vpn gateway for them as well as a samba wins server) Or this: Option C Clients on network A(192.168.0.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) 192.168.0.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.2.255) 192.168.2.1(Samba wins server with these settings, wins server = 192.168.0.1, remote announce = 192.168.0.255) Clients on network B(192.168.2.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) Thanks for your help Charles Hamel wrote: Hi Jason, I have a similar setup and all I need to do was to enable ip directed broadcast on the router and enter the following settings in smb.conf: wins server = 192.168.1.50 remote announce = 192.168.1.255 HTH Charles On Wed, 30 Jun 2004 09:23:18 -0400, Jason C. Waters wrote I'm having a hard time figuring this one out. I've done this before when I had a PDC on one end of the VPN, and a BDC on the other. This is what my setup looks like now. Clients(XP) | PDC(192.168.0.4), windows 2000 | | WINS Server Samba(192.168.0.1), also the gateway for this network | | Internet | | WINS Server Samba(192.168.2.1), also the gateway for this network | | Clients(XP) With this setup I'm not sure how I'm suppose to setup each wins server. Do I need to have one on each subnet, and then have them both remote announce and remote browse sync to each other? Or maybe some like that? When I'm using remote announce, should it be 192.168.0.1 or 192.168.0.0 or 192.168.0.255? Same with remote browse sync, does it need to be the actual address of the other wins server? or do I just send it to that subnet? Does anyone have a working configuration with this setup(Domain on one side of the tunnel and just a workgroup on the other, both are the same workgroup). All the machines can ping each others ip, so I know its not a tunnel issue. Thanks for your guys help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Open WebMail Project (http://openwebmail.org) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross subnet browsing
I have it setup that way, with the clients behind each gateway to use the gateway as their wins server. But I can't see them through my network places. Any ideas? How long does it take to sync? Can I force it to sync? Thanks for your help. Jason Charles Hamel wrote: Jason, Option A is the good way. You could use remote browse sync according the the manpage since you only have Samba servers. We have a mixed network here so it is not a solution. So your configuration could be, anybody correct me if this is wrong : For the 192.168.0.1 server : remote browse sync = 192.168.2.1 wins support = yes For the 192.168.2.1 server : remote browse sync = 192.168.0.1 wins support = yes The manpage doesn't mention that WINS is required for remote browse sync, since it is based on the workgroup master browser. So maybe you don't need WINS server at all. Charles On Wed, 30 Jun 2004 10:53:02 -0400, Jason C. Waters wrote Charles, The clients behind each gateway, do they point to the local wins server then? So for the clients on the 192.168.0.0 network, they would point to 192.168.0.1, where samba is running a wins server and announces to 192.168.2.255? You have wins server = 192.168.1.50, would I just have wins support = yes if its on the same machine? Let me clear up what I'm trying to say. Should my network look like this: Option A Clients on network A(192.168.0.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) 192.168.0.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.2.255) 192.168.2.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.0.255) Clients on network B(192.168.2.0) have a wins server of 192.168.2.1(the vpn gateway for them as well as a samba wins server) Or this: Option B Clients on network A(192.168.0.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) 192.168.0.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.2.255) 192.168.2.1(Samba wins server with these settings, wins server = 192.168.0.1, remote announce = 192.168.0.255) Clients on network B(192.168.2.0) have a wins server of 192.168.2.1(the vpn gateway for them as well as a samba wins server) Or this: Option C Clients on network A(192.168.0.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) 192.168.0.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.2.255) 192.168.2.1(Samba wins server with these settings, wins server = 192.168.0.1, remote announce = 192.168.0.255) Clients on network B(192.168.2.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) Thanks for your help Charles Hamel wrote: Hi Jason, I have a similar setup and all I need to do was to enable ip directed broadcast on the router and enter the following settings in smb.conf: wins server = 192.168.1.50 remote announce = 192.168.1.255 HTH Charles On Wed, 30 Jun 2004 09:23:18 -0400, Jason C. Waters wrote I'm having a hard time figuring this one out. I've done this before when I had a PDC on one end of the VPN, and a BDC on the other. This is what my setup looks like now. Clients(XP) | PDC(192.168.0.4), windows 2000 | | WINS Server Samba(192.168.0.1), also the gateway for this network | | Internet | | WINS Server Samba(192.168.2.1), also the gateway for this network | | Clients(XP) With this setup I'm not sure how I'm suppose to setup each wins server. Do I need to have one on each subnet, and then have them both remote announce and remote browse sync to each other? Or maybe some like that? When I'm using remote announce, should it be 192.168.0.1 or 192.168.0.0 or 192.168.0.255? Same with remote browse sync, does it need to be the actual address of the other wins server? or do I just send it to that subnet? Does anyone have a working configuration with this setup(Domain on one side of the tunnel and just a workgroup on the other, both are the same workgroup). All the machines can ping each others ip, so I know its not a tunnel issue. Thanks for your guys help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Open WebMail Project (http://openwebmail.org) -- Open WebMail Project (http://openwebmail.org) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NMBD will not start...
I bet you need to comment out something in your inetd.conf file. Its using it already. I havn't messed with AIX much but in linux its /etc/inetd.conf, edit that and comment out the line that says, netbios-ssn, and netbios-ns, then kill inet and restart it by doing this. killall inetd, inetd. Hope this helps! Jason [EMAIL PROTECTED] wrote: SAMBA newbie hereNew 2.2.8 install on 5.1 AIX, nmbd will not start. Here is my error: [2004/06/29 14:05:29, 0] lib/util_sock.c:open_socket_in(804) bind failed on port 137 socket_addr = 0.0.0.0. Error = Address already in use Any ideas? Thanks !!! Larry S. Singleton [EMAIL PROTECTED] Systems Analyst E-Mail Administrator/Webmaster/Guru in Training Thornwood Furniture Mfg., Inc. Remember.The best team does NOT always win and Michael Moore is a Stupid Fat Ignorant White Man. PLEASE WEAR YOUR SEATBELT AND BUCKLE YOUR KIDS IN EVERYTIME -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross subnet browsing
Ok so I got it working on one side of the vpn. The 192.168.2.0 can see all the machines on both sides, but the 192.168.0.0 side can't see the machines in my network places. They are XP Pro machines incase that makes a difference. The wierd thing is I can ping the machines by name but can't see them in my network places. The 192.168.0.0 network has a windows 2000 PDC. Any ideas? Thanks for your help. Jason Charles Hamel wrote: Jason, I have seen sync delays of a couple of hours. I don't know any way to force it. I would suggest to increase the logging level of nmbd to 2 or 3 and tail -f the nmbd.log file and see what you get. Charles On Wed, 30 Jun 2004 11:28:16 -0400, Jason C. Waters wrote I have it setup that way, with the clients behind each gateway to use the gateway as their wins server. But I can't see them through my network places. Any ideas? How long does it take to sync? Can I force it to sync? Thanks for your help. Jason Charles Hamel wrote: Jason, Option A is the good way. You could use remote browse sync according the the manpage since you only have Samba servers. We have a mixed network here so it is not a solution. So your configuration could be, anybody correct me if this is wrong : For the 192.168.0.1 server : remote browse sync = 192.168.2.1 wins support = yes For the 192.168.2.1 server : remote browse sync = 192.168.0.1 wins support = yes The manpage doesn't mention that WINS is required for remote browse sync, since it is based on the workgroup master browser. So maybe you don't need WINS server at all. Charles On Wed, 30 Jun 2004 10:53:02 -0400, Jason C. Waters wrote Charles, The clients behind each gateway, do they point to the local wins server then? So for the clients on the 192.168.0.0 network, they would point to 192.168.0.1, where samba is running a wins server and announces to 192.168.2.255? You have wins server = 192.168.1.50, would I just have wins support = yes if its on the same machine? Let me clear up what I'm trying to say. Should my network look like this: Option A Clients on network A(192.168.0.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) 192.168.0.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.2.255) 192.168.2.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.0.255) Clients on network B(192.168.2.0) have a wins server of 192.168.2.1(the vpn gateway for them as well as a samba wins server) Or this: Option B Clients on network A(192.168.0.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) 192.168.0.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.2.255) 192.168.2.1(Samba wins server with these settings, wins server = 192.168.0.1, remote announce = 192.168.0.255) Clients on network B(192.168.2.0) have a wins server of 192.168.2.1(the vpn gateway for them as well as a samba wins server) Or this: Option C Clients on network A(192.168.0.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) 192.168.0.1(Samba wins server with these settings, wins support = yes, remote announce = 192.168.2.255) 192.168.2.1(Samba wins server with these settings, wins server = 192.168.0.1, remote announce = 192.168.0.255) Clients on network B(192.168.2.0) have a wins server of 192.168.0.1(the vpn gateway for them as well as a samba wins server) Thanks for your help Charles Hamel wrote: Hi Jason, I have a similar setup and all I need to do was to enable ip directed broadcast on the router and enter the following settings in smb.conf: wins server = 192.168.1.50 remote announce = 192.168.1.255 HTH Charles On Wed, 30 Jun 2004 09:23:18 -0400, Jason C. Waters wrote I'm having a hard time figuring this one out. I've done this before when I had a PDC on one end of the VPN, and a BDC on the other. This is what my setup looks like now. Clients(XP) | PDC(192.168.0.4), windows 2000 | | WINS Server Samba(192.168.0.1), also the gateway for this network | | Internet | | WINS Server Samba(192.168.2.1), also the gateway for this network | | Clients(XP) With this setup I'm not sure how I'm suppose to setup each wins server. Do I need to have one on each subnet, and then have them both remote announce and remote browse sync to each other? Or maybe some like that? When I'm using remote announce, should it be 192.168.0.1 or 192.168.0.0 or 192.168.0.255? Same with remote browse sync, does it need to be the actual address of the other wins server? or do I just send it to that subnet? Does anyone have a working configuration with this setup(Domain on one side of the tunnel and just a workgroup on the other, both are the same workgroup). All the machines can
Re: [Samba] rpcclient setdriver WERR_ACCESS_DENIED
Who do you have as your printer admin in your smb.conf? Should be something like printer admin = root, then when you issue the command use root%password. Are you trying to setup point and print? If so its much easier to do this from a windows machine. If you need help let me know. Jason Ryan Suarez wrote: Hello Admins, We serve printing to XP clients with Samba 3.0.4 and CUPS 1.1.20 I get the following error when trying to issue this command: xprint-admin:/home/suarezry# rpcclient localhost -N -U'username%password' -c 'setdriver oa-e108-e2 oa-e108-e2' result was WERR_ACCESS_DENIED snip 18 spoolss_io_r_open_printer_ex 18 smb_io_pol_hnd printer handle 0018 data1: 001c data2: 0002 0020 data3: 0022 data4: 0024 data5: 55 df d6 40 fa 01 00 00 002c status code: WERR_ACCESS_DENIED /snip Does anyone have any idea on what the problem is? regards, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.2a and MS Access 2002
Thats really weird. I pull up a 2002 database and try to print out a table and it works fine. What were you trying to print? Report? Macro? Form? How big is your database file? I would be interested in seeing if its database specific, or maybe just something on your machines. Jason Tim Russell wrote: I guess I'm not sure what you mean? The problem is WITH the newer, updated Access 2002 (and I've seen similiar posts about Access 2003). I guess I should have been more specific and said that I'm not having trouble with any other Microsoft Office application (Word, Excel, Powerpoint, etc). Also, ANY version of Word, Excel, and Powerpoint (office 97, office 2000, office 2002) work perfectly. Only when Access gets to version 2002 or up are there problems. I can tell you specifically that 3 weeks ago before we switched to Samba we were on NT print servers and did NOT have this problem. I can also say that locally installed printers and printers installed on workstations as IP printers (meaning not on a print server, just setup to print to directly an IP address) DO NOT have this problem. ONLY printers with a Samba Printer port have this issue. So, having said that, I think I can squarely point to samba as the root of the problem. It would appear to me that access doesn't behave like the rest of the office suite when it comes to finding the default printer on a workstation and consequently is causing the issue with samba. */Jason C. Waters [EMAIL PROTECTED]/* wrote: Have you tried this with other MS products? This really sounds more like you need to update office on those machines than a samba problem. I would say that if word comes up and finds the default printer, you need to try to update your office install. Jason Tim Russell wrote: I think I've seen a few others with similiar issues, but so far no answers that have applied to me. Basically, I have a solaris 8 box with Samba 3.0.2a that serves up all my windows printers. All printers for windows are configured in cups 1.1.20 as raw queues and I have point and print setup to push drivers to all the users. I'm not having issues with any other office apps, but Access 2002 is having trouble. When users open a database and try to print, Access 2002 fails to detect the default printer. They have to select a printer from the file menu and then this printer becomes the default printer for all users (which is a problem as users are on different floors and have to constantly change the printer). I know this seems like a small issue, but it's one of the last unexpected hurdles we have and we'd like to make our users happy. How can we make access 2002 detect a users default printer like ALL the other apps do. -Tim How many people here have telekenetic powers? Raise my hand. -Emo Philips - Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba How many people here have telekenetic powers? Raise my hand. -Emo Philips Do you Yahoo!? Yahoo! Mail Address AutoComplete http://us.rd.yahoo.com/mail_us/taglines/aac/*http://promotions.yahoo.com/new_mail/static/ease.html - You start. We finish. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] please help: smbd 100% cpu usage
That look like your nmbd. What about the log.norbert file and the log.smbd. Try tail -n 500 filename, for each that will output the last 500 lines of the file. You don't keep your log level at 10 do you? If you have a busy server this will peg your CPU. Jason [EMAIL PROTECTED] wrote: next try - as i was not able to post the level 10 log as a mail (180kb) i've put it here: http://www.mhcsoftware.de/smbprob.txt the machine names are: samba server: linux windows ME: norbert perhaps some can suggest a solution ... TIA matthias --On Freitag, Juni 18, 2004 08:01:45 -0400 Jason C. Waters [EMAIL PROTECTED] wrote: | Set your log level to 10 and then send us the log for smbd and the | machine name. Maybe that will tell us something. | | Jason | | [EMAIL PROTECTED] wrote: | | hi, | | i've a problem with samba 3.0.2. there is one windows ME client which | used to work with out any problems. now, as soon as the user connects | (sharelevel: user, or share - i've tried both) on smbd is forked which | causes 90 to 100% cpu load. when i stop samba (smbd/nmbd) this proces | does not die i can only get rid of it whit a kill -9. with this no | data can be transfered from or to the win ME client. | | this is what a level 2 log stats: | | [2004/06/16 16:28:44, 2] smbd/reply.c:reply_special(105) | netbios connect: name1=LINUX name2=NORBERT | [2004/06/16 16:28:44, 2] smbd/reply.c:reply_special(112) | netbios connect: local=linux remote=norbert, name type = 0 | [2004/06/16 16:28:44, 2] smbd/sesssetup.c:setup_new_vc_session(591) | setup_new_vc_session: New VC == 0, if NT4.x compatible we would close | all old resources. | [2004/06/16 16:28:44, 2] auth/auth.c:check_ntlm_password(305) | check_ntlm_password: authentication for user [NORBERT] - [NORBERT] | - [norbert] succeeded | [2004/06/16 16:28:44, 1] smbd/service.c:make_connection_snum(705) | norbert (192.168.0.4) connect to service windows initially as user | norbert (uid=1000, gid=1000) (pid 10759) | | and top shows: | | PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND | 10759 norbert 25 0 10856 3652 8924 R 99.2 0.7 0:18.22 smbd | | | any suggestions ? | | TIA -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.2a and MS Access 2002
Have you tried this with other MS products? This really sounds more like you need to update office on those machines than a samba problem. I would say that if word comes up and finds the default printer, you need to try to update your office install. Jason Tim Russell wrote: I think I've seen a few others with similiar issues, but so far no answers that have applied to me. Basically, I have a solaris 8 box with Samba 3.0.2a that serves up all my windows printers. All printers for windows are configured in cups 1.1.20 as raw queues and I have point and print setup to push drivers to all the users. I'm not having issues with any other office apps, but Access 2002 is having trouble. When users open a database and try to print, Access 2002 fails to detect the default printer. They have to select a printer from the file menu and then this printer becomes the default printer for all users (which is a problem as users are on different floors and have to constantly change the printer). I know this seems like a small issue, but it's one of the last unexpected hurdles we have and we'd like to make our users happy. How can we make access 2002 detect a users default printer like ALL the other apps do. -Tim How many people here have telekenetic powers? Raise my hand. -Emo Philips - Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] please help: smbd 100% cpu usage
Set your log level to 10 and then send us the log for smbd and the machine name. Maybe that will tell us something. Jason [EMAIL PROTECTED] wrote: hi, i've a problem with samba 3.0.2. there is one windows ME client which used to work with out any problems. now, as soon as the user connects (sharelevel: user, or share - i've tried both) on smbd is forked which causes 90 to 100% cpu load. when i stop samba (smbd/nmbd) this proces does not die i can only get rid of it whit a kill -9. with this no data can be transfered from or to the win ME client. this is what a level 2 log stats: [2004/06/16 16:28:44, 2] smbd/reply.c:reply_special(105) netbios connect: name1=LINUX name2=NORBERT [2004/06/16 16:28:44, 2] smbd/reply.c:reply_special(112) netbios connect: local=linux remote=norbert, name type = 0 [2004/06/16 16:28:44, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/06/16 16:28:44, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [NORBERT] - [NORBERT] - [norbert] succeeded [2004/06/16 16:28:44, 1] smbd/service.c:make_connection_snum(705) norbert (192.168.0.4) connect to service windows initially as user norbert (uid=1000, gid=1000) (pid 10759) and top shows: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 10759 norbert 25 0 10856 3652 8924 R 99.2 0.7 0:18.22 smbd any suggestions ? TIA -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [EXPERIENCES] with OpenLDAP and Samba and Redundancy ???
I'm using Samba 3.0.4, and I can't seem to get passdb backend =
ldapsam:ldaps://master.ldap ldaps://slave.ldap to work. What version
of samba are you running? If I use either or, it works fine. So
instead of having two servers I would just have
ldapsam:ldaps://slave.ldap Any ideas?
Jason
Michael Gasch wrote:
Isn't the slave ldap directory suppose to be only read only?
if it's readonly, slurpd can't update the slave (i've tested it,
possibly i missed something ?)
the problem is: machines regularly change their passwords and if these
changes are not done on the master, they're lost, if master comes back
- clients can't logon anymore and so on
I'm having some troubles
getting the failover to work
what problems are you talking about?
these are my config files (/etc/ldap.conf for all machines not included
but also very important in case of fail-over)
# Samba PDC #
# smb.conf
[global]
workgroup = NEVAN
netbios name = nevanpdc
server string = NevanPDC on Samba Version: %v
username map = /etc/samba/username.map
log level = 5
log file = /var/lib/samba/log.%m
max log size = 1
passdb backend = ldapsam:ldap://localhost:389
ldap://nevanbdc.eva.mpg.de:389;
ldap passwd sync = yes
ldap suffix = dc=eva,dc=mpg,dc=de
ldap admin dn = cn=manager,dc=eva,dc=mpg,dc=de
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap replication sleep = 2000
ldap idmap suffix = ou=users
guest ok = no
guest account = Guest
security = user
local master = yes
os level = 65
domain master = yes
domain logons = yes
logon path =
logon home =
encrypt passwords = yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
wins support = yes
dns proxy = no
display charset = UTF8
unix charset = UTF8
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no
# slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args
loglevel7
databaseldbm
suffix dc=eva,dc=mpg,dc=de
rootdn cn=manager,dc=eva,dc=mpg,dc=de
password-hash {MD5}
rootpw {MD5}
replogfile /var/lib/ldap/replog
replica host=nevanbdc.eva.mpg.de:389
binddn=cn=manager,dc=eva,dc=mpg,dc=de
bindmethod=simple credentials=+
directory /var/lib/ldap
index objectClass eq
index sambaSIDeq
index uid eq
index sambaPrimaryGroupSIDeq
lastmod on
access to attrs=userPassword
by self write
by * auth
access to *
by * read
# Samba BDC #
# smb.conf
[global]
workgroup = NEVAN
netbios name = nevanbdc
server string = NevanBDC on Samba Version: %v
username map = /etc/samba/username.map
log level = 5
log file = /var/lib/samba/log.%m
max log size = 1
passdb backend = ldapsam:ldap://nevanpdc.eva.mpg.de:389
ldap://localhost:389;
ldap passwd sync = yes
ldap suffix = dc=eva,dc=mpg,dc=de
ldap admin dn = cn=manager,dc=eva,dc=mpg,dc=de
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap replication sleep = 2000
ldap idmap suffix = ou=users
guest ok = no
guest account = Guest
security = user
local master = yes
os level = 65
domain master = no
domain logons = yes
logon path =
logon home =
encrypt passwords = yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
wins support = yes
dns proxy = no
display charset = UTF8
unix charset = UTF8
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no
# slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args
loglevel2
databaseldbm
suffix dc=eva,dc=mpg,dc=de
rootdn cn=manager,dc=eva,dc=mpg,dc=de
password-hash {MD5}
rootpw {MD5}
updatedn cn=manager,dc=eva,dc=mpg,dc=de
updateref nevanpdc.eva.mpg.de
directory /var/lib/ldap
index objectClass eq
index sambaSIDeq
index uid eq
index sambaPrimaryGroupSIDeq
lastmod on
access to attrs=userPassword
by self write
by * auth
access to *
by * read
Jason C. Waters
Re: AW: AW: [Samba] Password change problem, Samba 3.0.4
I havn't read the entire thread but what about using LDAP as a backend? Kopmann, Goetz wrote: On Thu, 17 Jun 2004 12:02 , Kopmann, Goetz [EMAIL PROTECTED] sent: Arrrg. This is what the spammer loves Hi Sean, smbpasswd Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the password change: Error was : RAP86: The specified password is invalid. Failed to change password for testuser We have exactly the same problem with Samba v2.2.8a. We found out that the password change process works if you set unix password sync = no. But that's not a good solution fo us. Users should be able to log in to Linux with the same password. no one seems to like our solution, but we turned off _all_ windows-linux linux-windows password changes from the windows/linux session and just made a web page that sets both - it takes a lot of crap out of the equation and also lets us sync our email and web passwords at the same time - just a thought This sounds good. Can we get more infos ? Götz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 BDC LDAP Slave Problem
This is my setup, is something still wrong. Samba PDC machine with LDAP IP: ldap.master nss mapped to local ldap server(ldap.master) samba ldapsam:ldaps://ldap.server Samba BDC machine with LDAP, has openldap running locally for a backup ldap server IP: ldap.slave nss mapped to local ldap server(ldap.slave) samba ldapsam:ldaps://ldap.master ldaps://ldap.slave This setup doesn't work for me. But if I only use the local LDAP servers on each machine it does, but that does seem like its a backup server. Am I just thinking about this in the wrong way? Thanks for your help. Jason Beast wrote: Jason C. Waters wrote: passdb backend = ldapsam:ldaps://ldap.masterserver.com ldaps://ldap.slaveserver.com - this does not work This is the correct one. Make sure no other service depends on master ldap when you're bring down the master (ie nss_ldap). Also plse check the log. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 BDC LDAP Slave Problem
Its not an acl problem, because I can ldapsearch to both the master and the slave(local ldap server) from the BDC. The logs I'm looking at is /var/log/debug and the log.smbd. Thanks for your help! Jason Beast wrote: Jason C. Waters wrote: This is my setup, is something still wrong. Samba PDC machine with LDAP IP: ldap.master nss mapped to local ldap server(ldap.master) samba ldapsam:ldaps://ldap.server Samba BDC machine with LDAP, has openldap running locally for a backup ldap server IP: ldap.slave nss mapped to local ldap server(ldap.slave) samba ldapsam:ldaps://ldap.master ldaps://ldap.slave This setup doesn't work for me. But if I only use the local LDAP servers on each machine it does, but that does seem like its a backup server. Am I just thinking about this in the wrong way? Thanks for your help. Maybe ACL prevent samba to bind? try using ldapsearch -h ip_of_slave/master from samba server. Also check the LOG file, they must give you some clue. good luck. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.4 with XFS and ACL's SLOW!!!!
Would this setup make samba really slow? P4 2.8, 512mb, dual 120gb HD's with software raid(mirrored). Thanks for your help -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP Client problem
Have you set the profile for that user? Does the directory exist? what does pdbedit -v username give you? JM wrote: Hi, Can someome help me on this.. I got this on one of my windows XP... Windows cannot load your profile because it maybe corrupted. Windows cannot find the local profile and is logging you on with a temporart profile. How can I fix this.. Addtional info Im using samba-3.0.0-2... on Redhat 9 TIA, jm -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Internet access control through samba ?
What you can do is use squid proxy server with authentication. Using wbinfo you can authenticate squid users. It works pretty good, plus you can see what the users are doing on the internet. Hope this helps. Jason Jeremias Müller wrote: Hi, is there a possibility to use a samba pdc for internet access control ? I want only machines, which are logged in to the domain, to have internet access. Currently everybody can use the Internet through the masquerading functionality on the server(also pdc). Thanks Jeremias M. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 BDC LDAP Slave Problem
I've got nss_ldap setup to look at the local ldap directory, but when I have two servers on the passwd backend line, it can't bind. It get to where it trys to bind, and then it just freezes. Any other ideas? I'm sure I had this working before. Thanks for your help Beast wrote: Jason C. Waters wrote: passdb backend = ldapsam:ldaps://ldap.masterserver.com ldaps://ldap.slaveserver.com - this does not work This is the correct one. Make sure no other service depends on master ldap when you're bring down the master (ie nss_ldap). Also plse check the log. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win XP can't join Domain with 3.0.4 and OpenLDAP
Does administrator have a uid of 0? If not try joining the domain with root instead of administrator. Did you create a machine account? (smbpasswd -a -m machinename$)? Nicole M. Elkevizth wrote: I have a samba server setup as a PDC and a LDAP back-end. When I try to join the domain I receive a Permission Denied error. From the best of my knowledge it appears that the problem is the authentication for the administrator being able to join a Workstation to the Domain. The administrator is set up in the Domain Admins group (512) and the group is mapped to the root group in Linux. Any ideas on possible setup problems? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.4 BDC LDAP Slave Problem
I've configured samba 3.0.4 with LDAP as the backend. I've configured samba to use the ldap directory, which works fine, my problem is when I add two two servers into the smb.conf file it sees the first(master) ldap server, but if I bring that server down it takes forever for it to switch to the slave ldap server. If I place just a single ldap server, master or slave, into the smb.conf it works fine. I read somewhere about a patch? Is this the case? These are the values that I've entered into the smb.conf passdb backend = ldapsam:ldaps://ldap.masterserver.com - this works passdb backend = ldapsam:ldaps://ldap.slaveserver.com - this works passdb backend = ldapsam:ldaps://ldap.masterserver.com ldaps://ldap.slaveserver.com - this does not work passdb backend = ldapsam:ldaps://ldap.masterserver.com ldaps://ldap.slaveserver.com - this does not work passdb backend = ldapsam:ldaps://ldap.masterserver.com ldapsam:ldaps://ldap.slaveserver.com - this does not work If anyone has gotten this to work with 3.0.4, I would love a peek at your smb.conf. Thanks for any help! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SID-UID mapping issue on Samba 3.0.4 in an AD Domain
Does getent group and getent passwd return the users and groups? If it doesn't I'm guessing that you didn't copy the libnss_winbind.so to your /lib directory and then create a symbolic link, ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.x, where x is the version of nss you use...I think. I put 2 and it works but you can try 0,1, or 2 I think. Hope this helps [EMAIL PROTECTED] wrote: I have problems with SID to UID mapping using winbind on a FreeBSD 5.2/Samba 3.0.4 as a member server of a Win2k domain controller. I use heimdal-0.6.1 for kerberos. I would like my XP machines in the domain to use the share with the user accounts defined in Active Directory. At a first glance it seems to work: the connection to the share succeeds without a prompt for a password. Users may create, read, modify and delete files or folders. But the ACLs do not show domain accounts but local accounts: those accounts have the SAME NAME as the domain account BUT they bear the name of the SAMBA machine instead of the name of the domain. Here are my conf files: - smb.conf - [global] security = ADS realm = windom netbios name = SAMBA workgroup = WINDOM encrypt passwords=yes password server = * obey pam restrictions = yes winbind cache time = 120 template shell = /sbin/nologin template homedir = /none idmap uid = 1-1 idmap gid = 1-1 winbind nested groups = yes winbind separator = + [theshare] path=/smbroot/theshare read only=no --- -- nsswitch.conf --- passwd: files winbind group: files winbind -- pam.d/samba auth required pam_winbind.sodebug account required pam_winbind.so --- pam_winbind.so is only present in pam.d/samba wbinfo -u wbinfo -g work fine pw user show -a # this lists all the user account in a passwd format shows all local and domain accounts (WINDOM+domuser:*:10021:10010:...) Then I log into an XP machine as [EMAIL PROTECTED] I open the network location: \\samba\theshare I create some file, and I edit its properties I find in the ACL and as the owner of the file: domuser(SAMBA\domuser) Then I log on the console of the Samba server as root, and $ ls -ln /smbroot/theshare/dummyfile.txt gives a UID of 10034 as the owner pw user show -u 10034 returns: domuser:*:10034:65534::0:0:domuser:/none/:/sbin/nologin again I type: pw user show -a all the domain users are present but domuser:*:10034 does not appear in the list When I turn on: winbind trusted domains only = yes I get a login screen when I want to connect to the share and log.smbd tells: smbd/sesssetup.c:reply_spnego_kerberos(248) Username WINDOM+domuser is invalid on this system while log.winbind says: nsswitch/winbindd_acct.c:winbindd_create_user(884) winbindd_create_user: Refusing to create user that already exists (domuser) It is not clear to me if it is a kerberos or a winbind problem. Has someone a clue? Thanks FX -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.02 with dos filenames - still not working!
Ok, I have my home share mapped as m:\, within that drive there is a folder called workspace, so m:\workspace should be the same as m:\worksp~1, when I have this share on a windows machine, it works fine. Move it to my samba machine and it doesn't. This is what my smb.conf looks like: [global] unix charset = CP850 display charset = CP850 workgroup = H2OS server string = Samba Server v3.0 map to guest = Bad Password password server = intranet passdb backend = ldapsam:ldap://localhost log level = 10 log file = /usr/local/samba/var/%m.log max log size = 5 printcap name = cups mangling method = hash mangle prefix = 6 domain logons = Yes preferred master = Yes domain master = Yes wins support = Yes ldap suffix = o=domain,o=h2os.com ldap machine suffix = ou=Machines ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=Manager,o=h2os.com ldap delete dn = Yes idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = Yes printer admin = root guest ok = Yes printing = cups mangle case = Yes [HPLJ4000] comment = HP LaserJet 4000dn path = /etc/samba/spool printable = Yes printer name = HPLJ4000 [print$] comment = Printer drivers path = /etc/samba/drivers write list = root guest ok = No browseable = No [tmp] comment = Temp directory path = /tmp read only = No guest ok = No [home] comment = Home Directory path = /home/%U read only = No guest ok = No [Common] comment = General Use directory path = /mnt/samba read only = No guest ok = No [Admins] comment = Test admin directory path = /tmp valid users = @ntadmins [HPLJ4600] comment = HP Color LaserJet 4600dn path = /etc/samba/spool printable = Yes printer name = HPCLJ4600 Does anyone have any other ideas? Or is something setup wrong? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.02 with dos filenames - still not working!
So how do I take care of the files that have already been mangled with hash? deleting something in the locks folder? Thanks for your help [EMAIL PROTECTED] wrote: m:\worksp~1, when I have this share on a windows machine, it works fine. Move it to my samba machine and it doesn't. This is what my This is probably your problem. You override the default mangling method in samba3 from hash2 to hash. hash2 behaves more like Windows mangling. mangling method = hash Either take this line out or change it to hash2. You may need to take care that existing filenames whose names have already been mangled with the hash method get remangled with hash2 method. ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.02 with dos filenames
I have a directory that holds information in a shared directory. Its f:\applications. The program thinks its under f:\applic~1 (which is the same directory, it works on a windows share). I've tried everything to get this to work. I've set the mangled names = yes and mangled case = yes, on that share, but nothing seems to work. What am I missing? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC and Win2k Client
Set your log level to 10 and then try to rejoin the domain from the failing machine. Then post your log file L.R.Rodriguez wrote: I'll ask again, since its been a few days. Quick Summary: I am trying to join some Win2k (Service Pack 4) machines to a NT4 style domain with a Samba PDC. One machine successfully joins the Samba domain. One fails. Current configuration: SambaPDC: - FreeBSD 4.9-RELEASE - Samba 2.2.8a (from binary package) Host1 (Silv): - Windows 2000 SP4 (5.00.2195) Host2 (Plaid): - Windows 2000 SP4 (5.00.2195) All machines are on the same network switch. There are no other machines on the switch. All connections are 100/Full Duplex.. All machines are in the 192.168.x.y subnet SambaPDC is is running bind9 with a fake zone (.error) for all machines and forwards all other DNS queries. All machines use SambaPDC for DNS resolution. Digital Sign'n'Seal is disabled on both client machines. smb.conf: [global] workgroup = SAMBAPDC hosts allow = 192.168. log file = /var/log/log.%m log level = 2 max log size = 5 security = user encrypt passwords = yes smb passwd file = /usr/local/private/smbpasswd domain master = yes preferred master = yes domain logons = yes Each machine has a user account (silv$, plaid$) in the passwd/master.passwd files. Each machine has an account in the smbpasswd file, created with 'smbpasswd -a -m [machine name]'. When I add 'silv' to the domain and reboot, I can log in to the domain. When I add 'plaid' to the domain and reboot, I cannot log in to the domain. I get the following error: The system cannot log you on to the domain because the system's computer accout in the domain is missing or the password is incorrect. I should stress that at no point during the process of adding 'plaid' to the domain did the I get an error on 'plaid'. On SambaPDC, in the logfile for plaid, 'log.plaid', I see these two errors: [2004/02/14 17:39:11, 2] rpc_parse/parse_samr.c:samr_io_userinfo_ctr(6285) samr_io_userinfo_ctr: unknown switch level 0x1a [2004/02/14 17:39:11, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(670) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. I am at a loss. 'Silv' and 'plaid' should not be acting differently here. Can anyone suggest any courses of further investigation? Also, sometimes when I try to log in to 'Silv', it seems to have developed the same error as 'Plaid'. When I remove and add it back to the domain, however, it functions properly for while, before screwing up again. Thanks, L.R.Rodriguez -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.02 with dos filenames
Nothing, still doesn't work. Any other ideas? What does your smb.conf look like? Maybe something else in my global section is conflicting with this. Collen wrote: Hmm had the same over here.. i got it kinda working for me with these smb.conf things.. mangle case = yes ( dunno why i use this one, but it's there) mangling method = hash (gues hash2 should do the trick as well..) mangle prefix = 6 (or 5 ??) the 6/5 stands for the number of original filename letters 12345~1.zip btw don't forget to shutdown en restart your samba server, otherwise it woun't work.. l8r Collen Tuesday, February 17, 2004, 3:29:05 PM, you wrote: T Hi Jason, T Tuesday, February 17, 2004, 3:02:59 PM, you wrote: JCW I have a directory that holds information in a shared directory. Its JCW f:\applications. The program thinks its under f:\applic~1 (which is the JCW same directory, it works on a windows share). I've tried everything to JCW get this to work. I've set the mangled names = yes and mangled case = JCW yes, on that share, but nothing seems to work. What am I missing? T Old DOS-alike programs should see the long filenames as f:\applic~1, T but if they are working than do not make any problem with it. From command line (I believe that a program that uses that T ininformation was made by a program) there are two ways to reach a T long-named directory, eg: c:\progra~1\program\run.exe or c:\program T files\program\run.exe (note the double quotation marks: they're T required if You use long-named dir/file names). They are equals! T Search the problem only if You have something wrong in function. T BYE: TeeCee :o) T Sorry for my English ,-) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Power Users - Is it possible?
to unmap it just do groupmap delete sid=sidofPowerUsers George Farris wrote: Yes thanks, sorry to upset you:-) I think we understand that now. Must be frustrating to what a newbie eh:-) Kind of funny. So how do I unmap it from a unix group? Do I have to delete the Power Users group and re-create it? On Thu, 2003-07-24 at 15:32, Felipe Alfaro Solana wrote: On Thu, 2003-07-24 at 23:06, Jason C. Waters wrote: net groupmap modify ntgroup=Power Users unixgroup=pwrusers something like that! Oh, my god! Please, stop this now! Power Users is a local group, not a global group! You should never, ever create Power Users as a global group, nor map it to a Unix group. I recommend you reading this: http://www.microsoft.com/windows2000/en/server/help/lsm_local_groups.htm to clarify on the difference between built-in local groups and built-in domain (or global) groups. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Power Users - Is it possible?
Is it possible to have 2000 windows machines reconize Domain Users under the local Power Users group? Right now I'm using samba 3beta3. Do I need kerberos support compiled in? Thanks for your help Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't open outlook
If the users don't have administrative rights, they cannot open Micosoft outlook. Any ideas? Domain users are in the power users group. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] active connection gets lost in samba version 3.0 beta3
Try adding these to your global configuration locking = no level2 oplocks = no david de leeuw wrote: Hi team, A Samba panic occurs after repeatedly saving word files on the server. Following the panic the active connection disappears, but the active shares and open files stay. Windows reports different errors such as delayed write failed, Cannot complete the save due to a file permission error etc. Many of the Word files appear corrupted when reopening. Our environment: - - Linux 9 Redhat - Samba 3.0 beta 3 (same problem on beta 2) - Server with 1 GB ram, lots of disk, 100 MB/s network - network switched I have been searching Google, and been switching locks, time outs and whatever for a day or so, but this didn't help. The problem started suddenly, yesterday morning, and I can not think of any network change causing the problem. The beta 2 version worked fine for a number of weeks ! We are using Unicode filenames (including Hebrew, Arabic etc. characters), but the problem occurs also with English filenames, and from different computers (usually XP SP1) The problem occurs also when the network is about empty. Here is part of the log: (names changed) -- [2003/07/24 19:21:24, 1] smbd/service.c:make_connection_snum(692) YYYws-2 (132.72.73.97) connect to service XXX initially as user XXX (uid=516, gid=521) (pid 1260) [2003/07/24 19:21:32, 1] smbd/service.c:make_connection_snum(692) ggg (132.72.74.35) connect to service zzz initially as user zzz (uid=916, gid=919) (pid 1261) [2003/07/24 19:21:49, 1] smbd/service.c:close_cnum(873) YYYws-2 (132.72.73.97) closed connection to service XXX [2003/07/24 19:21:51, 1] smbd/service.c:make_connection_snum(692) YYYws-2 (132.72.73.97) connect to service XXX initially as user XXX (uid=516, gid=521) (pid 1260) [2003/07/24 19:22:33, 0] lib/fault.c:fault_report(36) === [2003/07/24 19:22:33, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 1261 (3.0.0beta3) Please read the appendix Bugs of the Samba HOWTO collection [2003/07/24 19:22:33, 0] lib/fault.c:fault_report(39) === [2003/07/24 19:22:33, 0] lib/util.c:smb_panic(1462) PANIC: internal error [2003/07/24 19:22:33, 0] lib/util.c:smb_panic(1469) BACKTRACE: 11 stack frames: #0 smbd(smb_panic+0x11c) [0x81b991c] #1 smbd [0x81a8202] #2 /lib/tls/libc.so.6 [0x420275c8] #3 smbd(make_nmb_name+0x52) [0x80f8f32] #4 smbd(cli_full_connection+0x7e) [0x80d5efe] #5 smbd(change_trust_account_password+0x1ad) [0x80cc25d] #6 smbd [0x80c6b62] #7 smbd(smbd_process+0x183) [0x80c6e93] #8 smbd(main+0x4ae) [0x821f56e] #9 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x42015574] #10 smbd(ldap_msgfree+0x8d) [0x8075e41] [2003/07/24 19:23:30, 0] lib/fault.c:fault_report(36) === And here is the latest smb.conf - # Samba config file created using SWAT # from 132.72.72.20 (132.72.72.20) # Date: 2003/07/23 18:10:34 # Global parameters [global] workgroup = CCC realm = AAA server string = Samba Server security = DOMAIN log file = /var/log/samba/log.%m max log size = 50 large readwrite = No local master = No domain master = No browse list = No dns proxy = No wins server = 1 ldap ssl = no map archive = No oplocks = No [homes] comment = Home Directories read only = No nt acl support = No mangling char = ^ browseable = No fake oplocks = Yes strict locking = No delete readonly = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No As I am at a complete loss what to look for next, any help would be most appreciated. Thanks David de Leeuw Head, Medical Computing Unit Ben Gurion University of the Negev Beer Sheva Israel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Power Users - Is it possible?
net groupmap modify ntgroup=Power Users unixgroup=pwrusers something like that! George Farris wrote: $%#@^% I forgot to delete the profile. It works. Now I should be able to make a new Domain Power Users group with net groupmap add. How does one find a new sid or can I just increment the last number used like so: [EMAIL PROTECTED] profiles]# net groupmap list System Operators (S-1-5-32-549) - -1 Domain Guests (S-1-5-21-1135672234-1853056381-2991119365-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Domain Users (S-1-5-21-1135672234-1853056381-2991119365-513) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - users Domain Admins (S-1-5-21-1135672234-1853056381-2991119365-512) - dadmin Since S-1-5-21-1135672234-1853056381-2991119365-514 is the last number displayed I could use: S-1-5-21-1135672234-1853056381-2991119365-515 Also how does one remove a mapping from a local unixgroup? It seems once mapped, I can only ever assign it to a new group or delete the ntgroup and start again. On Thu, 2003-07-24 at 13:18, Jason C. Waters wrote: Did you try it after deleting the profile? George Farris wrote: Well interestingly enough it only works if I make pwruser (which is mapped to Domain Users) be the primary group of the user. This is confusing because with the user I have set up for a Domain Admin (unixgroup dadmin) dadmin is not it's primary group. Any thoughts? On Thu, 2003-07-24 at 12:22, Felipe Alfaro Solana wrote: On Thu, 2003-07-24 at 18:31, George Farris wrote: I have also struggled with this problem. It seems one can map a domain group such as Domain Admins and have it take effect on the workstation but Power Users is, I think, a local group and it doesn't work even though one can map a unix group to it. So how can one add users to a Power User group and have it take effect like Domain Admins? On Windows, the Power Users is a local group, that is, it's members are not stored on a domain controller, but on the local SAM of the machine. Thus, if for an specific machine you want to make all Domain Users to be Power Users, you'll need to use Windows administration tools and *manually* add the Domain Users global group to the Power Users local group of the machine. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 as a PDC
I need help. I must be doing something wrong. I'm trying to give all domain users power user rights on the workstation machines. I though by adding Domain Users to the Power Users group on the local machines that it would work, but it doesn't. I've tried adding the users instead of the Domain Users group, and everything else I could think of. This is my configuration file: [global] netbios name = meserver passdb backend = smbpasswd workgroup = MVERT server string = Marysville PDC load printers = no log file = /usr/local/samba/var/log.%m max log size = 500 security = user #password server = 192.168.1.5 encrypt passwords = yes socket options = TCP_NODELAY local master = yes os level = 64 domain master = yes preferred master = yes domain logons = yes #wins support = yes wins server = 192.168.0.3 locking = no level2 oplocks = no oplocks = no logon script = logon.bat logon path = \\mvserver\Profiles\%U logon home = \\mvserver\Secure\%U # [netlogon] comment = Network Logon Service path = /mnt/pub/netlogon read only = no write list = ntadmin [Profiles] comment = BRT Domain User Profiles browseable = no writeable = yes path = /mnt/pub/profiles create mask = 600 directory mask = 700 [Secure] comment = User Home Directory path = /mnt/pub/Staff Directories read only = No browseable = No [E] path = /mnt/pub/E writable= yes read only = No force create mode = 666 locking = false level2 oplocks = false oplocks = false [F] path = /mnt/pub/F read only = No I don't care if I need to use samba 2.2, I just don't want to have to use NT4, or 2000. The workstations can join the domain without a problem and browse the shares. But it doesn't have power user permission on the local workstations. I even tried adding a local user, then adding that user to the power user group, and loging in locally to make sure the Power User group or the default security permissions are correct. It did work. So now I'm asking for help, because I'm out of ideas. Thanks Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
