Re: [Samba] 2.2.7 RH 8.0 Binary RPM's
I couldn't get swat working with the binary 2.2.6 or 2.2.7 RPMs for RH 8. Never tried the source ones. As soon as I went back to RH's split out RPMs for (2.2.7) it worked first try. Not sure what the difference was. Peter LaComb wrote: After installing these rpm's, no swat executable can be found... I've built it from the sources and gotten it working, but is this something that needs to be corrected in the rpm? Has anyone else noticed this, or did I do something silly that I haven't realized yet? -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] swat from 2.2.6 and RH 8.0
I know there have been previous threads about this, but I don't think they match my problem. I have the xinetd script provided by the Samba.org 2.2.6 binary RPM, and when I enable it and reload xinetd, I see xinetd listening in a `netstat --ip -lnp` command. When I point my browser at http://localhost:901/ I'm given an Alert dialog window stating Document contained no data. If I disable the xinetd script and start swat manually, swat -s /etc/samba/smb.conf, I don't see port 901 open in the netstat, and my browser gets a connection refused error dialog. It's not a firewall issue, as I get the same behavior after issuing `service iptables stop`. I'm using the 2.2.6-2 RPM for RH 8.0 from samba.org. It's not that big of a deal to configure manually, but it would be nice to know why it doesn't work. -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows - 2.2.6
Username and password are the same. I tried the right-clich thing, and logging in as a different user wasn't an option. I can elect to use a different username and password from the map network drive dialog, but that yields the same results, no matter what account info I supply. smbclient from the linux box shows all the shares listed in smb.conf. I created a dummy share to see if the maybe only having printers and home was the problem. No change. testparm says everything is fine. I'm really flustered. One other thing I have noticed is that swat doesn't work. I have the xinetd file provided by the RPM, and I see port 901 open in netstat. But pointing a browser at it fails to connect. Pointing telnet at it fails to connect. Marian Mlcoch, Ing wrote: Ok friend but in W2K you must be logged in with identical name and password as you add to smbpass. Or you must in network places right click on samba comp and login as diferent user... - Original Message - From: Justin Georgeson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, November 07, 2002 11:03 PM Subject: [Samba] windows - 2.2.6 I have the official 2.2.6 RPM for RH 8 installed, and can mount windows shares on my linux box. I can't browse the samba shares from my windows machine though. When I go to Start-Run, \\hostname I'm given this error message. The account is unauthorized to login from this station. I created and smbpasswd entry with smbpasswd -a. There are no error messages in log.nmbd or log.smbd, and the log files for particular machines (log.jgeorgeson in the case of the windows box) are empty. The only changes I have made from the default smb.conf file are to specify the workgroup and server string. Just to make sure it's not my firewall, I disabled iptables and get the same results. I can ping each direction by name, and my linux box shows up in computers near me under my network places in W2K. -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows - 2.2.6
I've attached the full config listing from testparm. Domain logons are already set to No. Username and password is consistent in all three places (Windows box, smpasswd database, Linux system database). I'm not using RH's samba packages. I downloaded the 2.2.6-2 RPM from samba.org. Marian Mlcoch, Ing wrote: I dont whith default config on rh8 samba. Try to your smb.conf add or change line domain logons=no and your smbpasswd user must exist with sam name on linux user database and must have home directory. - Original Message - From: Justin Georgeson To: Sent: Friday, November 08, 2002 8:56 AM Subject: Re: [Samba] windows - 2.2.6 Username and password are the same. I tried the right-clich thing, and logging in as a different user wasn't an option. I can elect to use a different username and password from the map network drive dialog, but that yields the same results, no matter what account info I supply. smbclient from the linux box shows all the shares listed in smb.conf. I created a dummy share to see if the maybe only having printers and home was the problem. No change. testparm says everything is fine. I'm really flustered. One other thing I have noticed is that swat doesn't work. I have the xinetd file provided by the RPM, and I see port 901 open in netstat. But pointing a browser at it fails to connect. Pointing telnet at it fails to connect. Marian Mlcoch, Ing wrote: Ok friend but in W2K you must be logged in with identical name and password as you add to smbpass. Or you must in network places right click on samba comp and login as diferent user... - Original Message - From: Justin Georgeson To: Sent: Thursday, November 07, 2002 11:03 PM Subject: [Samba] windows - 2.2.6 I have the official 2.2.6 RPM for RH 8 installed, and can mount windows shares on my linux box. I can't browse the samba shares from my windows machine though. When I go to Start-Run, \\ I'm given this error message. The account is unauthorized to login from this station. I created and smbpasswd entry with smbpasswd -a. There are no error messages in log.nmbd or log.smbd, and the log files for particular machines (log.jgeorgeson in the case of the windows box) are empty. The only changes I have made from the default smb.conf file are to specify the workgroup and server string. Just to make sure it's not my firewall, I disabled iptables and get the same results. I can ping each direction by name, and my linux box shows up in computers near me under my network places in W2K. -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters [global] coding system = client code page = 850 code page directory = /etc/codepages workgroup = LOPHT.NET netbios name = netbios aliases = netbios scope = server string = Dragon interfaces = bind interfaces only = No security = USER encrypt passwords = No update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid
Re: [Samba] RE: RE: firewall
Thought I has sent this to the list. Here's my final setup, which works for me. It uses iptables, so not all of it may carry over back to ipchains. Ok, here's what I have, and it works. I get the impression that the RELATED,ESTABLISHED stuff doesn't apply to UDP, so I just said to ACCEPT anything UDP from 137:139 to 1024+ with a source IP on my same subnet. -A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A INPUT -s 192.168.1.0/255.255.255.0 -p tcp -m tcp --dport 137:139 \ --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A INPUT -s 192.168.1.0/255.255.255.0 -p udp -m udp --sport 67:68 \ --dport 67:68 -j ACCEPT -A INPUT -s 66.150.129.229 -p udp -m udp --sport 53 -j ACCEPT -A INPUT -s 24.219.4.35 -p udp -m udp --sport 53 -j ACCEPT -A INPUT -s 192.168.1.0/255.255.255.0 -p udp -m udp --dport 137:139 -j \ ACCEPT -A INPUT -s 192.168.1.0/255.255.255.0 -p udp -m udp --sport 137:139 \ --dport 1024:65535 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 192.168.1.0/255.255.255.0 -m state --state \ RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT \ --reject-with icmp-port-unreachable -A INPUT -p udp -m udp -j REJECT --reject-with icmp-port-unreachable -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] firewall
Hrm, no change. :( Would that need the ip_conntrakc module loaded? It didn't have any change whether the module was loaded or not. Ultimately this isn't too big a deal, I'll never be doing SMB over the internet, and I don't have any multiple-subnet LANS anywhere, so I can just disable the firewall when I need SMB. Hesham S. Ahmed wrote: Try adding the following rule before deny /sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT replace eth0 with your interface. This would let ur firewall accept any pre-established connections, required for most cases where replies are sent to random ports. --- Justin Georgeson wrote: No change, interestingly enough, iptables says --cport is unknown without -m, and I don't see mention of what -m does in the man page. I have version 1.2.6a-2 of iptables, packaged by RedHat. Looking at tcpdump, the netbios-ns reply packets from the server are being dropped by my firewall. Having discovered that, I've found that I can mount a file share by IP with my current rules. I just can't do netbios-ns or netbios-dgm. Here is the full results of iptables-save *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 137:139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -j ACCEPT -A INPUT -p udp -m udp -s 66.150.129.229 --sport 53 -d 0/0 -j ACCEPT -A INPUT -p udp -m udp -s 24.219.4.35 --sport 53 -d 0/0 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --syn -j REJECT -A INPUT -p udp -m udp -j REJECT COMMIT How can I allow the reply packets, since they're addressed to a randomly selected port? James Hubbard wrote: This depends on how restrictive your firewall rules are but why don't you just use this: -A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT -A INPUT -p tcp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT I'm not sure what the -m stands for. You'll need to change eth0 to match your internal ethernet card. Make sure you insert this before the reject rules. James Hubbard Justin Georgeson wrote: Ok, so I know from `netstat --ip -lnp` that the only ports smbd and nmbd are using are TCP 139, and UDP 137 and 138. I find it a little odd though that nmbd is bound to both 0.0.0.0 AND my primary interface. My problem is that I can't access shares on a windows machine unless I turn off my firewall. I'm using RH 8 and the 2.2.6-2 RPMs from the web page (working fine so far, barring this firewall thing). I have these rules added in iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT tcpdump shows ports TCP 139 and UDP 137 being accessed when I run findsmb. But nothing is listed when I do. If I turn off my firewall, the other machine on the LAN, my windows box, is listed. What am I missing? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: firewall
Well, still no go. I've attached the script I used to create the firewall. Tcpdump still shows an icmp packet going back to the queried machine to say the UDP port is unreachable. Also, I don't see anything in any files in /var/log (I grepped for Packets). Can anyone comment on what the -m flag is for? Ulrich Kohlhase wrote: Justin, -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT Did you specify OUTPUT rules also ? You may want to try the following lines taken from a working server config. keep_state is a special chain for stateful inspection and logging purposes: -A INPUT -p tcp -s 192.168.1.0/24 --sport 1024: --dport 137:139 -j ACCEPT -A OUTPUT -p tcp -d 192.168.1.0/24 --sport 137:139 --dport 1024: -j keep_state -A OUTPUT -p tcp -d 192.168.1.0/24 --sport 1024: --dport 137:139 -j ACCEPT -A INPUT -p tcp -s 192.168.1.0/24 --sport 137:139 --dport 1024: -j keep_state -A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT -A OUTPUT -p udp -d 192.168.1.0/24 --dport 137:139 -j ACCEPT -N keep_state -A keep_state -m state --state INVALID -j DROP -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT # debug, info, notice, warning, err, crit, alert und emerg -A keep_state -m limit --limit 10/minute --limit-burst 10 -j LOG --log-level notice --log-prefix Packets dropped: -A keep_state -j DROP -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) fw.sh Description: Bourne shell script
[Samba] firewall
Ok, so I know from `netstat --ip -lnp` that the only ports smbd and nmbd are using are TCP 139, and UDP 137 and 138. I find it a little odd though that nmbd is bound to both 0.0.0.0 AND my primary interface. My problem is that I can't access shares on a windows machine unless I turn off my firewall. I'm using RH 8 and the 2.2.6-2 RPMs from the web page (working fine so far, barring this firewall thing). I have these rules added in iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT tcpdump shows ports TCP 139 and UDP 137 being accessed when I run findsmb. But nothing is listed when I do. If I turn off my firewall, the other machine on the LAN, my windows box, is listed. What am I missing? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] firewall
No change, interestingly enough, iptables says --cport is unknown without -m, and I don't see mention of what -m does in the man page. I have version 1.2.6a-2 of iptables, packaged by RedHat. Looking at tcpdump, the netbios-ns reply packets from the server are being dropped by my firewall. Having discovered that, I've found that I can mount a file share by IP with my current rules. I just can't do netbios-ns or netbios-dgm. Here is the full results of iptables-save *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 137:139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -j ACCEPT -A INPUT -p udp -m udp -s 66.150.129.229 --sport 53 -d 0/0 -j ACCEPT -A INPUT -p udp -m udp -s 24.219.4.35 --sport 53 -d 0/0 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --syn -j REJECT -A INPUT -p udp -m udp -j REJECT COMMIT How can I allow the reply packets, since they're addressed to a randomly selected port? James Hubbard wrote: This depends on how restrictive your firewall rules are but why don't you just use this: -A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT -A INPUT -p tcp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT I'm not sure what the -m stands for. You'll need to change eth0 to match your internal ethernet card. Make sure you insert this before the reject rules. James Hubbard Justin Georgeson wrote: Ok, so I know from `netstat --ip -lnp` that the only ports smbd and nmbd are using are TCP 139, and UDP 137 and 138. I find it a little odd though that nmbd is bound to both 0.0.0.0 AND my primary interface. My problem is that I can't access shares on a windows machine unless I turn off my firewall. I'm using RH 8 and the 2.2.6-2 RPMs from the web page (working fine so far, barring this firewall thing). I have these rules added in iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT tcpdump shows ports TCP 139 and UDP 137 being accessed when I run findsmb. But nothing is listed when I do. If I turn off my firewall, the other machine on the LAN, my windows box, is listed. What am I missing? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2.6-1 src rpm
I'm trying to get the 2.2.6-1 src rpm for RH 7.x from samba.org compiled on RH 8.0. I built it as root with this command rpmbuild --rebuild --target i686 samba-2.2.6-1.src.rpm. Trying to install the built RPM (no errors in the build process) results in these unmet dependencies: # rpm -Uvh samba-2.2.6-1.i686.rpm error: Failed dependencies: perl(fix_print_html.lib) is needed by samba-2.2.6-1 perl(Net::LDAP) is needed by samba-2.2.6-1 These weren't listed in the spec file as dependencies, and I'm not sure how to meet them. Is there any ETA for RH 8 RPMs, source or binary? Any idea how to get past this? -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbadduser
The Samba 2.2.1a RPMS provided by RH had a smbadduser command, I seem to have lost it after upgrading to the Samba.org 2.2.5 RPM. Was this a handy RH tool, or was it taken out? I really liked it. Anyone know how I perform the same operations manually? Using smbpasswd -a is almost the same, but instead of [U ]:LCT-, I get [UX ]:LCT-, and I'm not sure what that means. -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ssh tunnels
Is there a way to use ssh tunnels to access samba shares on a remote system from a Win 2K box? I have some linux boxen behind a NAT in a data center, and someone wants samba access to to one of them. No way in hell am I opening it through the NAT. Thanks. -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
but don't ever bring down eth0 unless you can do without eth0:*. I learned that one the hard way. Sometimes remote data centers can suck ... Rasmus Reinholdt Nielsen wrote: yes a network alias is an extra ip address to an existing nic, which then responds to both ip adresses. You set an alias with the following syntax ifconfig eth0:0 ip broadcast broadcast netmask netmask up /Rasmus At 15:12 10-10-2002 +0200, Dariush Forouher wrote: Would this be also possible with only one NIC? regards Dariush Am Don, 2002-10-10 um 02.44 schrieb Yura Pismerov: To accomplish that task you will have to run multiple Samba instances (one per Domain/group). Network aliases are your friends. You can create aliases on each NIC and bind Samba instances to separate aliases on the same network. Hope this helps. Steve Morley wrote: Hi All, I just joined this list, and I'm looking for some help. I've been running a Samba server for a few years now, and it's been doing everything I've asked it too, but I'm hitting a wall trying to implement something new. Google searches aren't turning up too much, except to indicate that other people have done what I want, but I haven't gotten much responses when I tried to contact them :( The few vague instructions I turned up in my searches seem to fail... I need to make my current Samba server (one FreebSD box) serve up multiple domains. I added a second NIC for the second network, and all the TCP/IP stuff is configured and working properly. Whenever I try to add stuff for a second domain though, the whole thing (Samba) fails so I've undone everything to keep the current status. Here's the scoop on the Network: Two completely seperate LANs, one on 192.168.1 and the other on 192.168.2 The students are all on .1, and the staff is on .2 The students currently log into the STUDENTS workgroup with no problem. As the staff has increased, we now need the staff to log into a workgroup themselves. I have two choices: 1) re-configure the current server (preferred) 2) build a duplicate LAN out of spare parts and start from scratch I'm more than happy to do either, I just want to know if someone has indeed gotten a single Samba box to server up multiple domains at the same time. TIA Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Auto machine account creation
I think it should be u$. Is the useradd failing or is the process of having it added to smbpasswd failing? Sam Silvester wrote: Hi everyone! I've got Samba 2.2.5 installed in a network of 3 client machines all running xp pro. Everything works ok except on-the-fly machine account creation...from what I've read I need something like add user script = /usr/sbin/useradd -d /dev/null -s /bin/false -M $u but this doesn't work for some reason. Can anyone tell me what I'm doing wrong or haven't considered? Thanks very much, Sam. -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] users can't change permissions on samba share
I have 2.2.5 (installed using binary RPM) on Red Hat 7.2 (should be fully up2date). This server is acting as a PDC, and is working fine for the most part. The problem I'm having is that nobody can change permissions for files and folders on a service. I've attached my smb.conf. I believe everyone change edit permissions for files/folders in their profile. But nothing in the Public share can be changed. New files/folders can be created/deleted. But they are created with the wrong permissions and the permissions can't be changed. Please help. -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) # Samba config file created using SWAT # from localhost.localdomain (127.0.0.1) # Date: 2002/10/01 10:04:25 # Global parameters [global] workgroup = UNBOUNDTECH netbios name = MOLEHILL server string = Domain controller interfaces = eth1 192.168.1.0/24 localhost bind interfaces only = Yes encrypt passwords = Yes passwd program = /usr/bin/passwd unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = root sysadm domainadmin add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon path = \\%N\profiles\%U logon drive = Z: domain logons = Yes os level = 33 preferred master = True domain master = True wins support = Yes [profiles] comment = Windows Home Directories path = /home/profiles read only = No create mask = 0775 [export0] path = /export0 write list = unboundtech read only = No create mask = 0775 directory mask = 0775 [netlogon] path = /usr/share/samba/netlogon write list = administrator browseable = No
Re: [Samba] users can't change permissions on samba share
I just realised that findsmb only lists the samba server. Before upgrading from 2.2.1a, all machines were listed by name when logged in as root, and with name unknown when not as root. Justin Georgeson wrote: I have 2.2.5 (installed using binary RPM) on Red Hat 7.2 (should be fully up2date). This server is acting as a PDC, and is working fine for the most part. The problem I'm having is that nobody can change permissions for files and folders on a service. I've attached my smb.conf. I believe everyone change edit permissions for files/folders in their profile. But nothing in the Public share can be changed. New files/folders can be created/deleted. But they are created with the wrong permissions and the permissions can't be changed. Please help. # Samba config file created using SWAT # from localhost.localdomain (127.0.0.1) # Date: 2002/10/01 10:04:25 # Global parameters [global] workgroup = UNBOUNDTECH netbios name = MOLEHILL server string = Domain controller interfaces = eth1 192.168.1.0/24 localhost bind interfaces only = Yes encrypt passwords = Yes passwd program = /usr/bin/passwd unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = root sysadm domainadmin add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon path = \\%N\profiles\%U logon drive = Z: domain logons = Yes os level = 33 preferred master = True domain master = True wins support = Yes [profiles] comment = Windows Home Directories path = /home/profiles read only = No create mask = 0775 [export0] path = /export0 write list = unboundtech read only = No create mask = 0775 directory mask = 0775 [netlogon] path = /usr/share/samba/netlogon write list = administrator browseable = No -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: file permission problem
Does anyone have any suggestions here? I've read plenty of documentation and can't figure this out (HOWTOs and man pages). I'm apparently also having a problem with profiles synching back up the server. Users are apparently looisng work. This is bad. I *know* this product can work for me, but I'm not having much luck. Please help. Justin Georgeson wrote: I have Samba 2.2.1a installed on RedHat 7.2, using RedHat's rev 4 RPMs (samba-common, samba-client, samba, and samba-swat 2.2.1a-4). I have the PDC part working. But there is one file share giving me problems. I have a folder, /export0, which I want all the domain users to be able to use. I have a group, unboundtech, which all the domain users are a member of. The /export0 is owned by root:unboundtech, with mode 775. The folders under this one which they can write to are the same (group is unboundtech, mode is 775). Users can create files/folders, but they can't change the permissions on them (for example, to let other people modify them). In some cases, I also want to have folders in /export0 which are owned by another group which is a subset of the domain users. I'm having the same problems here. I create a folder owned by the group in question, and group writeable. Members of the group can write folders to it (I haven't checked if non-group members can), but they can't change the permissions. Can services be subpaths of existing services? like [/some/folder] . [/some/folder/beneath] . That way I could maybe force a particular group ownership for different sub trees. # Samba config file created using SWAT # from localhost.localdomain (127.0.0.1) # Date: 2002/10/01 10:04:25 # Global parameters [global] workgroup = UNBOUNDTECH netbios name = MOLEHILL server string = Domain controller interfaces = eth1 192.168.1.0/24 localhost bind interfaces only = Yes encrypt passwords = Yes passwd program = /usr/bin/passwd unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = root sysadm domainadmin add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon path = \\%N\profiles\%U logon drive = Z: domain logons = Yes os level = 33 preferred master = True domain master = True wins support = Yes [profiles] comment = Windows Home Directories path = /home/profiles read only = No create mask = 0775 [export0] path = /export0 write list = unboundtech read only = No create mask = 0775 directory mask = 0775 [netlogon] path = /usr/share/samba/netlogon write list = administrator browseable = No -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: file permission problem
Will try the 2.2.5 RPM tonight. I hadn't realised that samba provided RPMs, has anyone tried to take the time to use the samba source and the RH spec files to get separated RPMS (common, server, client, and swat)? I might look into that when I have some time. Bradley W. Langhorst wrote: 2.2.1 is very old and has lots of bugs... upgrade to 2.2.6 when that comes out this week (or if you cant wait use 2.2.5) On Wed, 2002-10-02 at 11:37, Justin Georgeson wrote: Does anyone have any suggestions here? I've read plenty of documentation and can't figure this out (HOWTOs and man pages). I'm apparently also having a problem with profiles synching back up the server. Users are apparently looisng work. This is bad. I *know* this product can work for me, but I'm not having much luck. Please help. [export0] path = /export0 write list = unboundtech read only = No this should be yes - otherwise everybody can write. create mask = 0775 directory mask = 0775 have you enable acls on the server's filesystem? It sounds like that is what you want... brad -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: file permission problem
Okay, I installed the 2.2.5 RPM. I used testparm to get a complete listing of my smb.conf, and have attached it. All client machines are Win 2k, I believe they are all at service pack 3, but I know for certain the one I was just testing on is. I can log in as my domain account, my profile is downloaded. I go to My Network Places, I see the Add icon, and the Entire Network icon. I expect to see a list of machines in the domain, is there some configuration I'm missing, on either client or server? I go to the Public share, I can create files/folders. I right-click, go to Properties, select the Security tab, and am unable to change the settings. For example, if I change the permissions allowed to the owning group and hit apply, the changes just undo themselves. If I try to add a user/group, when I hit apply, I get an error dialog that says Unable to save permission changes on folder/file name. Access is denied. It would appear, from the NT Properties/Security dialog, that the owner has full control, and the group/everyone have no access. I would have thought I, through the create [directory] mask setting, given rwx permission to the group. That is how I have set the unix permissions on the samba server (by hand, after the files/folders were created). I read somewhere to setgid on folders so that subfolders and files will have the same group. I log off, my profile is synched back up with the samba server. So I can't change file/folder permissions and I can't browse the domain without going to Entire Network-Microsoft Windows Network-Unboundtech. Is it necessary for the netlogon share to be browseable? Bradley W. Langhorst wrote: 2.2.1 is very old and has lots of bugs... upgrade to 2.2.6 when that comes out this week (or if you cant wait use 2.2.5) On Wed, 2002-10-02 at 11:37, Justin Georgeson wrote: Does anyone have any suggestions here? I've read plenty of documentation and can't figure this out (HOWTOs and man pages). I'm apparently also having a problem with profiles synching back up the server. Users are apparently looisng work. This is bad. I *know* this product can work for me, but I'm not having much luck. Please help. [export0] path = /export0 write list = unboundtech read only = No this should be yes - otherwise everybody can write. create mask = 0775 directory mask = 0775 have you enable acls on the server's filesystem? It sounds like that is what you want... brad -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) Load smb config files from /etc/samba/smb.conf Processing section [netlogon] Processing section [profiles] Processing section [Public] Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters [global] coding system = client code page = 850 code page directory = /etc/codepages workgroup = UNBOUNDTECH netbios name = MOLEHILL netbios aliases = netbios scope = server string = Domain Controller interfaces = lo 192.168.1.0/24 bind interfaces only = Yes security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300
[Samba] file permission problem
I have Samba 2.2.1a installed on RedHat 7.2, using RedHat's rev 4 RPMs (samba-common, samba-client, samba, and samba-swat 2.2.1a-4). I have the PDC part working. But there is one file share giving me problems. I have a folder, /export0, which I want all the domain users to be able to use. I have a group, unboundtech, which all the domain users are a member of. The /export0 is owned by root:unboundtech, with mode 775. The folders under this one which they can write to are the same (group is unboundtech, mode is 775). Users can create files/folders, but they can't change the permissions on them (for example, to let other people modify them). In some cases, I also want to have folders in /export0 which are owned by another group which is a subset of the domain users. I'm having the same problems here. I create a folder owned by the group in question, and group writeable. Members of the group can write folders to it (I haven't checked if non-group members can), but they can't change the permissions. Can services be subpaths of existing services? like [/some/folder] . [/some/folder/beneath] . That way I could maybe force a particular group ownership for different sub trees. -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) # Samba config file created using SWAT # from localhost.localdomain (127.0.0.1) # Date: 2002/10/01 10:04:25 # Global parameters [global] workgroup = UNBOUNDTECH netbios name = MOLEHILL server string = Domain controller interfaces = eth1 192.168.1.0/24 localhost bind interfaces only = Yes encrypt passwords = Yes passwd program = /usr/bin/passwd unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = root sysadm domainadmin add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon path = \\%N\profiles\%U logon drive = Z: domain logons = Yes os level = 33 preferred master = True domain master = True wins support = Yes [profiles] comment = Windows Home Directories path = /home/profiles read only = No create mask = 0775 [export0] path = /export0 write list = unboundtech read only = No create mask = 0775 directory mask = 0775 [netlogon] path = /usr/share/samba/netlogon write list = administrator browseable = No