RE: [Samba] UTMP duplicated entries

2005-09-21 Thread Kaplan, Marc 
Windows does allow duplicate sessions actually. If you net use *
\\hostname\share and then net use \\ipaddress\share for the same server
you will get two connections to the same server on your client (you can
even use different users). Is it possible that this is what some users
are doing? Also machines configured as terminal servers allow multiple
concurrent logins from the same client.

-Marc
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Fabiano
> Caixeta Duarte
> Sent: Wednesday, September 21, 2005 10:40 AM
> To: SAMBA Maillist
> Subject: [Samba] UTMP duplicated entries
> 
> Hi everybody!
> 
> I've been noticing some strange entries in samba/utmp. I have a lot of
> 00:00 timed sessions.
> 
> But the worst problem is that i found some conflicting information.
Since
> windows doesn't allow concurrent login sessions, I think utmp should
not
> have generated the following entries.
> 
> liana   smb/2192.168.0.207  Fri Sep  2 18:43 - 00:52
(06:08)
> rodrigobaso smb/25   192.168.0.207  Fri Sep  2 17:11 - 18:11
(00:59)
> josianealomino  smb/28   192.168.0.207  Fri Sep  2 15:54 - 16:58
(01:03)
> liana   smb/73   192.168.0.207  Fri Sep  2 14:56 - 15:54
(00:58)
> rodrigobaso smb/57   192.168.0.207  Fri Sep  2 14:09 - 01:00
(10:50)
> rodrigobaso smb/57   192.168.0.207  Fri Sep  2 14:09 - 14:09
(00:00)
> mcicognasmb/29   192.168.0.207  Fri Sep  2 13:05 - 13:56
(00:51)
> andersongalismb/29   192.168.0.207  Fri Sep  2 09:12 - 13:04
(03:51)
> cunha   smb/2192.168.0.207  Fri Sep  2 08:53 - 08:55
(00:02)
> marcelomb   smb/15   192.168.0.207  Fri Sep  2 08:14 - 08:21
(00:07)
> tesia   smb/8192.168.0.207  Fri Sep  2 07:48 - 01:00
(17:11)
> tesia   smb/8192.168.0.207  Fri Sep  2 07:48 - 07:48
(00:00)
> 
> The server is a FreeBSD 5.3 with Samba 3.0.14a with 'utmp=yes'.
> 
> Thanks in advance!
> 
> Fabiano
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] RE: Active DNS registration on join realm?

2005-09-21 Thread Kaplan, Marc 
If you're interested, Tridge put this code up with instructions at:
http://us4.samba.org/samba/ftp/tsig-gss/

While I can't vouch for whether the code works, I can vouch that the
author writes good code :). At the very least it could be a starting
point for you.

-Marc

> -Original Message-
> From:
[EMAIL PROTECTED]
>
[mailto:[EMAIL PROTECTED]
g]
> On Behalf Of Arup Biswas
> Sent: Tuesday, September 20, 2005 5:06 PM
> To: Andrew Bartlett
> Cc: samba@lists.samba.org; samba-technical@lists.samba.org
> Subject: RE: Active DNS registration on join realm?
> 
> 
> Thanks, Andrew, I appreciate it.
> 
> -Arup
> 
> -Original Message-
> From: Andrew Bartlett [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 20, 2005 4:55 PM
> To: Arup Biswas
> Cc: samba-technical@lists.samba.org; samba@lists.samba.org
> Subject: Re: Active DNS registration on join realm?
> 
> On Tue, 2005-09-20 at 11:49 -0700, Arup Biswas wrote:
> > Dear Samba members,
> >
> >
> > I am wondering if on joining a realm (with security=ADS),  samba 3.x
> > server gets automatically registered with MS Dynamic DNS server. My
> > test with Samba 3.0.14a on linux did not reveal any such capability.
> > But may be because I did not use the correct option? I would
> appreciate any help.
> 
> Tridge had an example perl script that handled this, but it's not part
> of Samba directly.  I know he was trying to get a maintainer for it,
but
> I don't know what happened in the end.
> 
> It belongs partly with the ip-up scripts of the OS, because the idea
is
> to modify the DNS entry based on IP address changes, not always when
> samba is or is not started.
> 
> Andrew Bartlett
> 
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Samba Developer, SuSE Labs, Novell Inc.http://suse.de
> Authentication Developer, Samba Team   http://samba.org
> Student Network Administrator, Hawker College  http://hawkerc.net
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] RE: Proposal to allow owning group to edit ACLs.

2005-07-18 Thread Kaplan, Marc 
> Indeed - as this is a security sensitive area it would definately
> default to the current (safe) behaviour. Especially in case I screw
> up the implementation :-).
> 
> Jeremy.
On that note :), let me know when it's implemented, I'll give it some
initial testing.

-Marc
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] RE: Proposal to allow owning group to edit ACLs.

2005-07-18 Thread Kaplan, Marc 
Jeremy,

I think this is really a great idea, and potentially a very valuable
feature as long as group acl control = false by default.

-Marc
> -Original Message-
> From:
[EMAIL PROTECTED]
>
[mailto:[EMAIL PROTECTED]
g]
> On Behalf Of Jeremy Allison
> Sent: Monday, July 18, 2005 3:48 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Proposal to allow owning group to edit ACLs.
> 
> Hi all,
> 
>   I've been spending some time with customers lately and I've
> discovered an interesting thing. Many IT departments completely
delegate
> the settings on directory and file ACLs to the users who are
interested
> in the data.
> 
> For example, on a given share for "Finance", the finance group is
given
> full control on the containing directory (ie. they're allowed to set
ACLs
> on everything within it) and are left alone to sort out their access
> control as they wish.
> 
> This is difficult on Samba with POSIX ACLs due to the fact that POSIX
> ACLs can only be changed by the owner of the file/directory or root.
> 
> Windows semantics allow the owner of a file/directory to always change
> the ACL (as does POSIX), but the difference is that under Windows a
group
> can be the owner of a file/directory - with no user owner at all.
> 
> Now I know the correct way to fix this is full NT ACL semantics and
> we're moving towards that in the future but an easy stop-gap solution
> for us is a new parameter, so I'm proposing a new parameter called
> "acl group control". If set to True on a share then it would allow
> both the owning user and the *primary group owner* of a file or
directory
> to change the ACL on it.
> 
> This would allow a "finance" group to be the primary POSIX group owner
> of a shared directory and then any member of that group could set
> ACLs on it, whether they were the actual user owner or not.
> 
> In conjunction with the ability to have group ownership of
> files/directories
> in a directory inherited from the parent by setting the SETGID bit on
the
> directory this should allow delegation of ACL control under Samba.
> 
> Please let me know what you think - it's easy to add to the current
> code but I'd like to get some user feedback before I do so.
> 
> Cheers,
> 
>   Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problems with unicode filenames

2005-04-26 Thread Kaplan, Marc 
It seems that if your goal is to migrate the data off the NT server to the 
Samba server, you could alternatively just use an NT client (rather than cp 
after an smbmount) to move the data to the Samba server (that has unix charset 
= utf8).

-Marc

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Kaplan, Marc
> Sent: Tuesday, April 26, 2005 11:05 AM
> To: Cristian Thiago Moecke; samba@lists.samba.org
> Subject: RE: [Samba] Problems with unicode filenames
> 
> Oh, you're using smbmount -- you didn't say so previously. As far as I
> know, smbmount doesn't support Unicode (can somebody confirm?), so you'll
> have to use the smbmount replacement, mount.cifs. See:
> http://www.samba.org/samba/docs/man/mount.cifs.8.html
> 
>   -Marc
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> [mailto:samba-
> > [EMAIL PROTECTED] On Behalf Of Cristian
> > Thiago Moecke
> > Sent: Tuesday, April 26, 2005 11:00 AM
> > To: samba@lists.samba.org
> > Subject: Re: [Samba] Problems with unicode filenames
> >
> > Ok, sorry..,.. i have set unix charset now
> > I still have problems with smbmounted Windows NT shares...
> >
> > []'s
> > Cristian
> >
> > >Cristian, acho que ele estava falando de :
> > >
> > >unix charsert = UTF8
> > >
> > >abraco,
> > >
> > >BM
> > >
> > >On 4/26/05, Cristian Thiago Moecke <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > >>charset = UTF8 gives me that error:
> > >>Unknown parameter encountered: "charset"
> > >>Ignoring unknown parameter "charset"
> > >>
> > >>Cristian
> > >>
> > >>
> > >>
> > >>>Do you have unix charset = UTF8 in smb.conf?
> > >>>
> > >>>  -Marc
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>>-Original Message-
> > >>>>From: [EMAIL PROTECTED]
> > [mailto:samba-
> > >>>>[EMAIL PROTECTED] On Behalf Of
> Cristian
> > >>>>Thiago Moecke
> > >>>>Sent: Tuesday, April 26, 2005 10:01 AM
> > >>>>To: samba@lists.samba.org
> > >>>>Subject: [Samba] Problems with unicode filenames
> > >>>>
> > >>>>I have a file server with windows and I am creating a new Fedora
> Core
> > 3
> > >>>>+ Samba 3.0.10-1.fc3 file server...
> > >>>>But i have many, many files that have chars like ç, ã, é in their
> > >>>>name... When I move the files to the Samba server, all that unicode
> > >>>>chars are changed to ?
> > >>>>I need a solution for that to move on, because my boss will not like
> > to
> > >>>>stop using that chars...
> > >>>>
> > >>>>Thanks for any help
> > >>>>Cristian
> > >>>>--
> > >>>>To unsubscribe from this list go to the following URL and read the
> > >>>>instructions:  https://lists.samba.org/mailman/listinfo/samb
> > >>>>
> > >>>>
> > >>>>
> > >>>a
> > >>>
> > >>>
> > >>>
> > >>>
> > >>--
> > >>To unsubscribe from this list go to the following URL and read the
> > >>instructions:  https://lists.samba.org/mailman/listinfo/samba
> > >>
> > >>
> > >>
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problems with unicode filenames

2005-04-26 Thread Kaplan, Marc 
Oh, you're using smbmount -- you didn't say so previously. As far as I know, 
smbmount doesn't support Unicode (can somebody confirm?), so you'll have to use 
the smbmount replacement, mount.cifs. See: 
http://www.samba.org/samba/docs/man/mount.cifs.8.html

-Marc

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Cristian
> Thiago Moecke
> Sent: Tuesday, April 26, 2005 11:00 AM
> To: samba@lists.samba.org
> Subject: Re: [Samba] Problems with unicode filenames
> 
> Ok, sorry..,.. i have set unix charset now
> I still have problems with smbmounted Windows NT shares...
> 
> []'s
> Cristian
> 
> >Cristian, acho que ele estava falando de :
> >
> >unix charsert = UTF8
> >
> >abraco,
> >
> >BM
> >
> >On 4/26/05, Cristian Thiago Moecke <[EMAIL PROTECTED]> wrote:
> >
> >
> >>charset = UTF8 gives me that error:
> >>Unknown parameter encountered: "charset"
> >>Ignoring unknown parameter "charset"
> >>
> >>Cristian
> >>
> >>
> >>
> >>>Do you have unix charset = UTF8 in smb.conf?
> >>>
> >>>  -Marc
> >>>
> >>>
> >>>
> >>>
> >>>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Cristian
> Thiago Moecke
> Sent: Tuesday, April 26, 2005 10:01 AM
> To: samba@lists.samba.org
> Subject: [Samba] Problems with unicode filenames
> 
> I have a file server with windows and I am creating a new Fedora Core
> 3
> + Samba 3.0.10-1.fc3 file server...
> But i have many, many files that have chars like ç, ã, é in their
> name... When I move the files to the Samba server, all that unicode
> chars are changed to ?
> I need a solution for that to move on, because my boss will not like
> to
> stop using that chars...
> 
> Thanks for any help
> Cristian
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samb
> 
> 
> 
> >>>a
> >>>
> >>>
> >>>
> >>>
> >>--
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions:  https://lists.samba.org/mailman/listinfo/samba
> >>
> >>
> >>
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problems with unicode filenames

2005-04-26 Thread Kaplan, Marc 
No, the parameter is named "unix charset", not "charset"! In smb.conf, you'll 
need a parameter that says:

unix charset = UTF8

-Marc


From: Cristian Thiago Moecke [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 26, 2005 10:42 AM
To: Kaplan, Marc
Cc: samba@lists.samba.org
Subject: Re: [Samba] Problems with unicode filenames

charset = UTF8 gives me that error:
Unknown parameter encountered: "charset"
Ignoring unknown parameter "charset"

Cristian

Do you have unix charset = UTF8 in smb.conf?

-Marc

  
-Original Message-
From: [EMAIL PROTECTED] [mailto:samba-
[EMAIL PROTECTED] On Behalf Of Cristian
Thiago Moecke
Sent: Tuesday, April 26, 2005 10:01 AM
To: samba@lists.samba.org
Subject: [Samba] Problems with unicode filenames

I have a file server with windows and I am creating a new Fedora Core 3
+ Samba 3.0.10-1.fc3 file server...
But i have many, many files that have chars like ç, ã, é in their
name... When I move the files to the Samba server, all that unicode
chars are changed to ?
I need a solution for that to move on, because my boss will not like to
stop using that chars...

Thanks for any help
Cristian
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samb
a
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problems with unicode filenames

2005-04-26 Thread Kaplan, Marc 
Do you have unix charset = UTF8 in smb.conf?

-Marc

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Cristian
> Thiago Moecke
> Sent: Tuesday, April 26, 2005 10:01 AM
> To: samba@lists.samba.org
> Subject: [Samba] Problems with unicode filenames
> 
> I have a file server with windows and I am creating a new Fedora Core 3
> + Samba 3.0.10-1.fc3 file server...
> But i have many, many files that have chars like ç, ã, é in their
> name... When I move the files to the Samba server, all that unicode
> chars are changed to ?
> I need a solution for that to move on, because my boss will not like to
> stop using that chars...
> 
> Thanks for any help
> Cristian
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Re: How to turn on SMB signing

2005-03-22 Thread Kaplan, Marc 
No, it has nothing to do with dfs; cifsfs is replacement for smbfs. See
http://www.samba.org/samba/docs/man/mount.cifs.8.html for more
information.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Victor
> Warner
> Sent: Tuesday, March 22, 2005 3:32 PM
> To: samba@lists.samba.org
> Subject: [Samba] Re: How to turn on SMB signing
> 
> Does using CIFS VFS meaning setting  "host msdfs" in smb.conf to
"yes"?
> 
> If so, can/will I still be suing the smbmount command?
> 
> Victor Warner
> 
> 
> 
> Andrew Bartlett wrote:
> > On Tue, 2005-03-22 at 20:10 +, Victor Warner wrote:
> >
> >>Using Samba 3.0.9-Debian on Linspire 5.0.59. Server running is a
Windows
> >>2003 Server.
> >>
> >>I am trying to mount a share on the server but getting error
message:
> 
> >>
> >>cli_negprot: SMB signing is mandatory and we have disabled it.
> 
> >>8919: protocol negotiation failed
> >>SMB connection failed
> >
> >
> > smbfs does not support SMB signing.  I suggest you use the CIFS VFS
> > instead.
> >
> > Andrew Bartlett
> >
> >
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Domain Control

2005-03-10 Thread Kaplan, Marc 
Nope, they just show up with that roll in a search, the don't perform
any DC functionality.

-Marc

> -Original Message-
> From: IslandBwoy [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 10, 2005 11:56 AM
> To: Kaplan, Marc; Thomas Boutell; [EMAIL PROTECTED]; Gerald
(Jerry)
> Carter
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Domain Control
> 
> PS.  Kaplan, when you join your samba servers to the domain and they
show
> up
> as domain controllers, do they actually perform the roles of such?  My
> question here is simply what is the ramifications of leaving my
machine on
> the domain considering what is happening?
> 
> 
> - Original Message -
> From: "Kaplan, Marc" <[EMAIL PROTECTED]>
> To: "IslandBwoy" <[EMAIL PROTECTED]>; "Thomas Boutell"
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "Gerald (Jerry)
Carter"
> <[EMAIL PROTECTED]>
> Cc: 
> Sent: Wednesday, March 09, 2005 6:55 PM
> Subject: RE: [Samba] Domain Control
> 
> 
> I have this same problem. I wrote it up here:
> https://bugzilla.samba.org/show_bug.cgi?id=1423, but Jerry couldn't
> reproduce it so he (rightly) marked it invalid.
> 
> This is 100% reproducible for me (and apparently you also), every
samba
> server I join to the domain, shows up with the role "Domain
Controller".
> Just to be clear, this is not in OU display in the Active Directory
> Users and Computers screen, but in the results of a find.
> 
> If anybody else is experiencing this problem, could you please place
> your notes, and smb.conf file in bugzilla at
> https://bugzilla.samba.org/show_bug.cgi?id=1423
> 
> -Marc
> > -Original Message-
> > From: [EMAIL PROTECTED]
> [mailto:samba-
> > [EMAIL PROTECTED] On Behalf Of
> IslandBwoy
> > Sent: Wednesday, March 09, 2005 3:06 PM
> > To: Thomas Boutell; [EMAIL PROTECTED]
> > Cc: samba@lists.samba.org
> > Subject: Re: [Samba] Domain Control
> >
> > Yeah.  Thats what i've been doing.  The problem is that if i leave
it
> like
> > this i'm affraid that as time goes more and more machines will try
to
> > authenticate through this server and eventually cause problems on
our
> > network.  Either way, just to be sure, I'm going to my realm in my
> active
> > directory tree and searching for the machine name. Then deleting it
> from
> > there.  Is there something i can do to assure there is no stail
> > information
> > being used?
> >
> >
> > - Original Message -
> > From: "Thomas Boutell" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: ; "IslandBwoy" <[EMAIL PROTECTED]>
> > Sent: Wednesday, March 09, 2005 5:53 PM
> > Subject: Re: [Samba] Domain Control
> >
> >
> > > You definitely don't have to stop using security = ads to make
this
> > work.
> > >
> > > I suggest that you delete the machine account for this server on
the
> > > Active Directory domain controller via Active Directory Users and
> > Groups.
> > > I think there's some stale information there about the role of the
> > sever.
> > >
> > > Then join the domain again.
> > >
> > > Good luck!
> > >
> > > --
> > > Thomas Boutell
> > > Boutell.Com, Inc.
> > > http://www.boutell.com/
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Domain Control

2005-03-09 Thread Kaplan, Marc 
I have this same problem. I wrote it up here:
https://bugzilla.samba.org/show_bug.cgi?id=1423, but Jerry couldn't
reproduce it so he (rightly) marked it invalid. 

This is 100% reproducible for me (and apparently you also), every samba
server I join to the domain, shows up with the role "Domain Controller".
Just to be clear, this is not in OU display in the Active Directory
Users and Computers screen, but in the results of a find.

If anybody else is experiencing this problem, could you please place
your notes, and smb.conf file in bugzilla at
https://bugzilla.samba.org/show_bug.cgi?id=1423

-Marc
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of
IslandBwoy
> Sent: Wednesday, March 09, 2005 3:06 PM
> To: Thomas Boutell; [EMAIL PROTECTED]
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Domain Control
> 
> Yeah.  Thats what i've been doing.  The problem is that if i leave it
like
> this i'm affraid that as time goes more and more machines will try to
> authenticate through this server and eventually cause problems on our
> network.  Either way, just to be sure, I'm going to my realm in my
active
> directory tree and searching for the machine name. Then deleting it
from
> there.  Is there something i can do to assure there is no stail
> information
> being used?
> 
> 
> - Original Message -
> From: "Thomas Boutell" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: ; "IslandBwoy" <[EMAIL PROTECTED]>
> Sent: Wednesday, March 09, 2005 5:53 PM
> Subject: Re: [Samba] Domain Control
> 
> 
> > You definitely don't have to stop using security = ads to make this
> work.
> >
> > I suggest that you delete the machine account for this server on the
> > Active Directory domain controller via Active Directory Users and
> Groups.
> > I think there's some stale information there about the role of the
> sever.
> >
> > Then join the domain again.
> >
> > Good luck!
> >
> > --
> > Thomas Boutell
> > Boutell.Com, Inc.
> > http://www.boutell.com/
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] windows /bat script question

2005-03-09 Thread Kaplan, Marc 
This is definitely a kludgy way of doing it, but if I had that problem
and wanted to solve it quickly, I would put a file named THISISSERVER1
on \\server1\projects\. This way you can do an "if exist
p:\THISISSERVER1" test. This is ugly, but it will work.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of
Alexander
> Lazarevich
> Sent: Wednesday, March 09, 2005 8:51 AM
> To: samba@lists.samba.org
> Subject: [Samba] windows /bat script question
> 
> Subject isn't exactly samba, but samba people usually know a lot about
> windows bat scripting. Here's my problem:
> 
> Currently our domain login script is doing this (among other things):
> 
> ifmember.exe "WINDOWS-DOMAIN\Projects"
> if errorlevel 1 ( net use p: \\server1\projects )
> 
> This works fine. The problem is I'm moving the projects storage to a
> different server called server 2 (which is linux running samba 3, so
it
> is samba related somewhat). The logic I need is:
> 
> If p: is on server 1, remove the persistant share \\server1\projects,
then
> if p: does not exist, create a persistant share p: \\server2\projects.
> 
> Sounds easy enough, but I have no idea how to test if a share is on a
> particular remote server. I'm trying "if exist \\server1\projects",
but
> that doesn't work the way I want it as scripts seem to only understand
the
> local drive letter names, not the remote names. I could try to spit
out
> the contents of "net use p:" to a file, then parse out the remote name
> string, and compare that, but that seems like a hard way to accomplish
it
> and I don't want the script parsing out stuff during a login. There's
got
> to be an easier way.
> 
> I could also just always remove the p:, then mount it from server2.
But
> that adds an extra /delete every single time someone logs on, I'd
prefer
> not to do that. I only want to /delete p: if p: is remote server1, not
if
> it's remote server 2.
> 
> Anyone have an idea?
> 
> Thanks in advance,
> 
> Alex
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Difference Copy and Move at inheriting

2005-03-08 Thread Kaplan, Marc 
This is just the way filesystems work. Doing a move of a file/directory
does no kind of re-evaluation of permissions/ACLs, because it's
essentially just doing a rename. 

You can see the same thing with Windows, create a file named c:\a.txt,
then create a directory named c:\a.dir. Set some inheritance permissions
on c:\a.dir, create a new file named c:\a.dir\file1.txt. Notice that
file1.txt has inherited the permissions from a.dir. Now, do a move of
c:\a.txt to c:\a.dir. Look at the permissions of c:\a.dir\a.txt and
notice that a.txt did *not* inherit the permissions that are set on the
directory c:\a.dir.

Again, this is just the way that filesystems work.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Matthias
> Spork
> Sent: Tuesday, March 08, 2005 3:36 AM
> To: samba@lists.samba.org
> Subject: [Samba] Difference Copy and Move at inheriting
> 
> Hello,
> 
> if I copy or create a file or directory, it inherits the permissions
of
> it's parent. If I move a file from one directory
> to another, it will not inherit the permissions of the
target-directory.
> Why?
> 
> [daten]
> comment = Daten
> path = /samba/daten
> inherit permissions = yes
> inherit ACLS = yes
> nt acl support = no
> writeable = yes
> hide unreadable = yes
> veto files = /.*/
> root preexec = /etc/samba/scripts/mk_sambadir
> "/samba/daten/.recycle/%U" "%U" "%g"
> vfs object = recycle
> recycle:repository=.recycle/%U
> recycle:versions=True
> recycle:keeptree=True
> 
> Thanks for your responses.
> matze
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] winbind_idmap.tdb not being updated

2005-03-07 Thread Kaplan, Marc 
As far as I know it will only be updated when you add a new user/group
to your domain. If you're concerned about this, add a new test user or
group to your domain, and see if winbindd_idmap.tdb gets updated.

-Marc
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Monday, March 07, 2005 3:03 AM
> To: [EMAIL PROTECTED]
> Subject: [Samba] winbind_idmap.tdb not being updated
> 
> 
> 
> 
> 
> A few days ago I upgraded from 3.0.2 to 3.0.9, and since the upgrade,
the
> winbindd_idmap.tdb has not ever been modified, even after several
restarts
> of samba, and reboots of the system in question.  It appears that the
UID
> mapping is still correct on the samba server, but I am just concerned
that
> new user additions etc are not being stored to the tdb files.
> 
> winbind_cache.tdb is being updated with every restart of winbind.
> 
> Should the winbind_idmap.tdb file be updated regularly?  Is it normal
for
> it to go a week without being modified?  I didn't pay much attention
to it
> before, but it seems odd that it would go so long without an update.
> 
> Thanks
> 
> ~alex
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Can't fetch domain SID

2005-03-04 Thread Kaplan, Marc 
What if you run net groupmap list? Can you see the domain SIDs as part
of the group SIDs there? If so, I would think you could use net
setlocalsid to restore it.

-Marc
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Steve
Zeng
> Sent: Friday, March 04, 2005 5:38 PM
> To: samba@lists.samba.org
> Subject: [Samba] Can't fetch domain SID
> 
> Hi,
> 
> I happened to delete /etc/samba/secrets.tdb. Now I can not get DOMAIN
> SID by run:
> 
> net getlocalsid
> 
> Any idea how to recover it? Do I need to reinstall the whole Samba
suite?
> 
> 
> --
> Regards,
> 
> Steve Zeng
> Systems Administrator
> Mainframe Entertainment Inc
> T: (604) 628-1000 ext 5293
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] AD group membership limits?

2005-03-02 Thread Kaplan, Marc 
Simon,

Yes, I have recompiled the kernel with support for a static NGROUPS with
a patch from tridge and Rusty Russell. This does not seem to cause any
problems at all on Samba servers, or with the Linux box in general and
it does properly allow more supplementary groups.

Here is what I used IIRC:
http://ccache.samba.org/ftp/tridge/misc/more_groups_simple.patch
http://ccache.samba.org/ftp/tridge/misc/maxgroups.patch

Though I just checked on this, and maybe support for dynamic NGROUPS is
now in the 2.6 kernel? See:
http://www.linuxhq.com/kernel/changelog/v2.6/4/

-Marc
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Gibbs,
Simon
> Sent: Wednesday, March 02, 2005 2:58 AM
> To: samba@lists.samba.org
> Subject: [Samba] AD group membership limits?
> 
> Hi,
> 
> I'm running Samba 3.0.11 on RedHat ES 3 kernel version
2.4.21-15.0.4.ELsmp
> and have a quick question about AD group membership limits
> 
> Am I right in assuming that Samba is limited by the group membership
> parameters (ie NGROUP = 32) imposed by the Linux kernel? Is there any
> workaround in Samba for this?
> 
> At the moment if a user is a member of more then 32 domain groups they
> cannot access any shares. If I remove some of the groups to below the
32
> group limit everything is fine.
> 
> If there isn't a workaround in Samba has anyone reliably recompiled
the
> kernel and run Samba after changing the group parameters?
> I guess this must be a fairly common problem in a lot of sites?
> 
> Any help with this much appreciated.
> 
> Cheers,
> 
> Simon
> 
> 
> 
> 
>

**
> **
> The information contained in this email message may be confidential.
If
> you are not the intended recipient, any use, interference with,
disclosure
> or copying of this material is unauthorised and prohibited. Although
this
> message and any attachments are believed to be free of viruses, no
> responsibility is accepted by T&F Informa for any loss or damage
arising
> in any way from receipt or use thereof.  Messages to and from the
company
> are monitored for operational reasons and in accordance with lawful
> business practices.
> If you have received this message in error, please notify us by return
and
> delete the message and any attachments.  Further enquiries/returns can
be
> sent to [EMAIL PROTECTED]
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Netbench controller crashs

2005-03-02 Thread Kaplan, Marc 
The controller for NetBench is the computer that is responsible for
coordinating the NetBench test, and collecting results.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Denis
> Vlasenko
> Sent: Wednesday, March 02, 2005 2:00 AM
> To: Ephi Dror; samba@lists.samba.org
> Subject: Re: [Samba] Netbench controller crashs
> 
> On Wednesday 02 March 2005 02:28, Ephi Dror wrote:
> > Hi All,
> >
> > I'm running netbench against our samba based filer and having I
believe
> > a controller problem.
> >
> > When I configure the test to run multiple engines per client (about
5 in
> > my case) and about 20 clients so all together I  have 100 engines,
the
> > controller  crashes.
> 
> What is a 'controller'?
> --
> vda
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Netbench controller crashs

2005-03-01 Thread Kaplan, Marc 
Do you have another fileserver, perhaps a Windows box that you could
test this against? It really doesn't sound like a Samba problem, and if
you can rule that out, you should submit a bug to Veritest (who wrote
the NetBench software).

I have run multiple engines per client before without a problem, though
I have not done so recently.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Ephi
Dror
> Sent: Tuesday, March 01, 2005 4:28 PM
> To: samba@lists.samba.org
> Subject: [Samba] Netbench controller crashs
> 
> Hi All,
> 
> I'm running netbench against our samba based filer and having I
believe
> a controller problem.
> 
> When I configure the test to run multiple engines per client (about 5
in
> my case) and about 20 clients so all together I  have 100 engines, the
> controller  crashes.
> 
> My clients are a mix of NT4, winxp and win2000 systems.
> 
> If I run the controller on windows 2003, the controller simply quit
and
> all my netbench clients are terminating.
> 
> If I run the controller on winxp system, I am getting the familiar
> dialog box telling me:
> 
> "Controller MFC Application has encountered a problem and needs to
> close. We are sorry for the incovenenience." and of course if I want
to
> send error report to Microsoft...
> 
> It is pretty random   when it crashes. Sometimes at the beginning of
the
> test, sometimes later.
> 
> Has anyone else see similar problems with running netbench?
> 
> Is there anything special I need to do in smb.conf or so?
> 
> Is there any work around?
> 
> Your help is really appreciated.
> 
> Please advise,
> 
> Cheers,
> Ephi
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd process using99% cpu

2005-03-01 Thread Kaplan, Marc 
I have this same problem on 3.0.10, and I also "fixed" it by deleting
the tdbs. My problem, had nothing to do with printing, it was happening
once I started winbindd with security = ADS. 

Jerry, what would we need to do to track this bug down in the tdb code?
I have logs at level 10, ltrace output, and a backtrace.

Do you think that there were changes made to the tdb code in 3.0.12 that
might fix this?

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of John C.
> Hennessy
> Sent: Tuesday, March 01, 2005 12:07 PM
> To: samba@lists.samba.org
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd
process
> using99% cpu
> 
> Just to let everyone know I was able to fix the problem. I cleaned out
> the tdb files which appearntly had been corrupted.
> 
> -John
> 
> John C. Hennessy wrote:
> 
> > I've been having problems since updating to samba 3.0.10 on Debian
3.1
> > Below is the output of ltrace and gdb on the offending smbd process.
> > I tried upgrading to 3.0.11 and the problem still exists. Anyone
have
> > any suggestions?
> >
> >
> > [ltrace output]
> > After about 20 seconds on the processes ltrace loops this
> >
> > iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) =
-1
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0, 0, 0, 0) = 0
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) =
-1
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0, 0, 0, 0) = 0
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) =
-1
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0, 0, 0, 0) = 0
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) =
-1
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0, 0, 0, 0) = 0
> > __errno_location()   = 0x403ac560
> >
> > [gdb backtrace]
> > Attaching to program: /usr/sbin/smbd, process 10657
> > 
> > 0x40202cf9 in memcpy () from /lib/tls/libc.so.6
> > (gdb) bt
> > #0  0x40202cf9 in memcpy () from /lib/tls/libc.so.6
> > #1  0x081ac059 in tdb_set_lock_alarm ()
> > #2  0x081ac20d in tdb_set_lock_alarm ()
> > #3  0x081ad49b in tdb_exists ()
> > #4  0x081ad6e3 in tdb_traverse ()
> > #5  0x081b4a79 in pjob_delete ()
> > #6  0x081b4f61 in pjob_delete ()
> > #7  0x081a450b in message_dispatch ()
> > #8  0x081b5186 in start_background_queue ()
> > #9  0x081ffd62 in main ()
> > (gdb)
> >
> > John C. Hennessy
> > President/CTO
> > HNK Technology Solutions, Inc.
> >
> >
> >
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Authentication via both domain controller and local Sambapassword file

2005-03-01 Thread Kaplan, Marc 
Try setting auth methods = sam winbind. IIRC when in domain
authentication auth methods does not include users in the local sam, but
my knowledge could be based upon an older version of samba, so you'll
have to try it out.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Juer Lee
> Sent: Tuesday, March 01, 2005 12:46 AM
> To: samba@lists.samba.org
> Subject: [Samba] Authentication via both domain controller and local
> Sambapassword file
> 
> Hi Guys,
> 
> 
> 
> Does anybody know that if Samba is able to authenticate the user via
both
> domain controller and local Samba password file when the Samba is
running
> under 'Domain' mode??
> 
> 
> 
> The test steps:
> 
> 1. Add some Samba users when the Samba is configured running under
'User'
> mode, then the share is accessible by those added users.
> 
> 2. Try to join the Samba a Windows 2000 domain, then the user logs
into
> the
> domain can access the share.
> 
> 
> 
> My question is:
> 
>  Can the user created in step 1 can still access the share?
> 
> 
> 
> I have done the test on Samba 3.0.7 and Samba 3.0.11, the answer is
'No'.
> But I do remember that the share can be accessed by both domain user
or
> local Samba user in this case in earlier Samba 3.0.x than 3.0.
> 
> 
> 
> Thanks in advance,
> 
> Juer
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] samba 3 performance

2005-02-25 Thread Kaplan, Marc 
Yes, I get more than 30MB/s performance. The benchmark I use (NetBench)
is essentially CPU bound, such that a faster processor = faster
performance. With a very fast hardware config (dual 3.2GHz processors),
I've been able to hit around 100MB/s. Changing the RAM or other
attributes does not buy me much, it seems that processor power is the
bottleneck (at least in my case). 

When doing your speed test, monitor the CPU utilization for smbd, and
see if it's at 100% of your linux server.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of
Alexander
> Lazarevich
> Sent: Thursday, February 24, 2005 11:36 AM
> To: samba@lists.samba.org
> Subject: [Samba] samba 3 performance
> 
> Does anyone succesfully get more than 60MB/sec sequential throughput,
> WITHOUT jumbo frames, with the following configuration:
> 
> samba 3 on RedHat linux server
> windows XP Pro workstations
> GigE NIC's and GigE switches
> 
> Assuming all the disks/buses on the server and client ends are capable
of
> those speeds. We have that exact setup, and we only get 30MB/sec
maximum
> sequential throughput. In fact our servers and clients disk benchmark
at
> more than 100MB/sec seq. throughput, and our netperf is >100MB/sec as
> well, but we still only get 30MB/sec when going through samba.
> 
> Also, we actually do not manage our network switches, and we are told
the
> switches do not support jumbo frames, so changing the MTU on the
client
> NIC's and samba get's us nowhere because the switches won't do it
anyway.
> 
> Mostly I'm just trying to find out if anyone get's decent GigE network
> throughput through samba 3. I want to rule out that samba is the
> bottleneck.
> 
> Thanks,
> 
> Alex
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Getting ads_connect: Strong authentication required whendoing ne t ads join

2005-02-24 Thread Kaplan, Marc 
Yes, this is in fact caused by LDAP server signing requirements set to
"Require Siging". I put a bug in previously here:
https://bugzilla.samba.org/show_bug.cgi?id=765

And Jeremy Naylor created a patch to add TLS support in libads. The TLS
method is potentially more secure, but it requires a certificate be
installed on the KDC. 

You could try applying the patch and setting up the certificates to see
if it works for you. The patch is attached to the bugzilla bug.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Thursday, February 24, 2005 8:41 AM
> To: [EMAIL PROTECTED]
> Subject: [Samba] Getting ads_connect: Strong authentication required
> whendoing ne t ads join
> 
> In my lab I successfully got everything working running our secured
Active
> Directory and Fedora Core 3. In our AD we have secured settings like
> refusing NTLMv2, require LDAP signing, SMB signing and more. In the
lab we
> have the following rpm's:
> krb5-workstation-1.3.4.7
> samba-3.0.8.0.pre1.3
> openldap-2.2.13-2
> 
> But now we're implementing this in production and there we're running
Red
> Hat ES3 and have the following rpm's (newest so far):
> krb5-workstation-1.2.7-38
> samba-3.0.9-1.3E.2
> openldap-2.0.27-11
> 
> Kinit and smbclient works fine but when I run net ads join it fails
with
> "ads_connect: Strong authentication required". I've read somewhere
that
> the
> security policy setting: "Domain Controller: LDAP server signing
> requirements" set to "Require signing" is the reason for this but our
> security team will not let me disable this setting. Is there any other
way
> to get around this?
> 
> I've made sure all configuration files (krb5.conf, smb.conf and
ldap.conf)
> have the same options.
> 
> Also found an earlier posts, but they don't really give me a solution:
>
http://lists.samba.org/archive/samba-technical/2003-October/032422.html
>

> and here http://lists.samba.org/archive/samba/2003-October/000806.html
> 
> 
> [EMAIL PROTECTED] /]# kinit domainuser
> Password for [EMAIL PROTECTED]:
> [EMAIL PROTECTED] /]# klist
> Ticket cache: FILE:/tmp/krb5cc_0 
> Default principal: [EMAIL PROTECTED]
> 
> Valid starting ExpiresService principal
> 02/24/05 17:00:27  02/25/05 03:00:27  krbtgt/[EMAIL PROTECTED]
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> [EMAIL PROTECTED] /]# net ads join "ServrarSamba" -U domainuser
> domainuser's password:
> [2005/02/24 17:00:45, 0] utils/net_ads.c:ads_startup(186)
>   ads_connect: Strong authentication required
> [EMAIL PROTECTED] /]#
> 
> 
> 
> Here's the complete debug for net ads join:
> 
> [EMAIL PROTECTED] samba]# net ads join "ServrarSamba" -U domainuser -d 10
> [2005/02/24 16:15:22, 5] lib/debug.c:debug_dump_status(366)
>   INFO: Current debug levels:
> all: True/10
> tdb: False/0
> printdrivers: False/0
> lanman: False/0
> smb: False/0
> rpc_parse: False/0
> rpc_srv: False/0
> rpc_cli: False/0
> passdb: False/0
> sam: False/0
> auth: False/0
> winbind: False/0
> vfs: False/0
> idmap: False/0
> quota: False/0
> acls: False/0
> [2005/02/24 16:15:22, 3] param/loadparm.c:lp_load(3911)
>   lp_load: refreshing parameters
> [2005/02/24 16:15:22, 3] param/loadparm.c:init_globals(1312)
>   Initialising global parameters
> [2005/02/24 16:15:22, 3] param/params.c:pm_process(566)
>   params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2005/02/24 16:15:22, 3] param/loadparm.c:do_section(3404)
>   Processing section "[global]"
>   doing parameter workgroup = EXAMPLE
>   doing parameter realm = EXAMPLE.NU
>   doing parameter use spnego = yes
>   doing parameter client signing = yes
>   doing parameter client use spnego = yes
>   doing parameter server string = Samba Server
>   doing parameter printcap name = /etc/printcap
>   doing parameter load printers = yes
>   doing parameter cups options = raw
>   doing parameter log file = /var/log/samba/%m.log
>   doing parameter max log size = 50
>   doing parameter security = ads
>   doing parameter encrypt passwords = yes
>   doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
>   doing parameter dns proxy = no
> [2005/02/24 16:15:22, 4] param/loadparm.c:lp_load(3942)
>   pm_process() returned Yes
> [2005/02/24 16:15:22, 7] param/loadparm.c:lp_servicenumber(4052)
>   lp_servicenumber: couldn't find homes
> [2005/02/24 16:15:22, 10] param/loadparm.c:set_server_role(3851)
>   set_server_role: role = ROLE_DOMAIN_MEMBER
> [2005/02/24 16:15:22, 5] lib/iconv.c:smb_register_charset(103)
>   Attempting to register new charset UCS-2LE
> [2005/02/24 16:15:22, 5] lib/iconv.c:smb_register_charset(111)
>   Registered charset UCS-2LE
> [2005/02/24 16:15:22, 5] l

RE: [Samba] A smbd process pegging CPU at near 100% with v3.0.10-1FC2 RPM

2005-02-04 Thread Kaplan, Marc 
Maybe it's stuck in a library call loop. Try ltrace -p 2170 -f -o
smbd.2170.ltrace.out

-Marc

> -Original Message-
> From: Kel Way [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 04, 2005 9:06 AM
> To: Denis Vlasenko; samba@lists.samba.org
> Subject: Re: [Samba] A smbd process pegging CPU at near 100% with
v3.0.10-
> 1FC2 RPM
> 
> > strace -p  ?
> 
> 2170 root  25   0 11656 3228  10m R 95.9  0.5   2805:07 smbd
> 
> [EMAIL PROTECTED] root]# strace -p 2170
> Process 2170 attached - interrupt to quit
> 
> 
> No output...  just sits there until I quit.  Thanks -
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] smbd/sesssetup.c:reply_spnego_kerberos(173) Failedtoverify incoming ticket!

2005-02-01 Thread Kaplan, Marc 
One thing to rule out is that there is a clock difference of greater
than 5 minutes between Samba Domain Member and the DCs. Make sure that
you Samba Domain Member clock has approximately the same time as the DC.
You can do net time set -S dcname/dcip.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 01, 2005 2:19 PM
> To: Ryan Frantz
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] smbd/sesssetup.c:reply_spnego_kerberos(173)
> Failedtoverify incoming ticket!
> 
> Hi Ryan!
> 
> i didn't build samba, i used the binaries shipped with my debian sarge
> distro... do you think it's an issue with the kerberos version this
> samba is using?
> 
> Joysn
> 
> On Tue, Feb 01, 2005 at 05:11:30PM -0500, Ryan Frantz wrote:
> >
> > This sounds similar to a problem I was having (RH AS 2.1, though).
What
> > was the configure command you used to build Samba?
> >
> > I kept getting that very same error when using the Kerberos
> > libraries/executables from the system.
> 
> --
> "The greatest proof that intelligent life other that humans exists in
>  the universe is that none of it has tried to contact us!"
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problems with Access Control for Shares on Samba 2

2005-01-26 Thread Kaplan, Marc 
Whops, switch read only = yes, cut and paste error.

> -Original Message-
> From: Kaplan, Marc
> Sent: Wednesday, January 26, 2005 9:39 AM
> To: remote; samba@lists.samba.org
> Subject: RE: [Samba] Problems with Access Control for Shares on Samba 2
> 
> Jörg,
> 
> I think if you want only one user to be able to write, but any user to be
> able to access you should change things as follows:
> 
>  [hobbit5]
>  comment = hobbit5
>  path = /ALPHA-DATA/hobbit5
>  browseable = yes
>  read only = no
>  guest = ok
>  write list = hobbit5
> 
> The valid users parameter before said that ONLY hobbit5 could access the
> share. If you don't specify anything for valid users, the default behavior
> is that any user can access the share.
> 
>   -Marc
> > -Original Message-
> > From: remote [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, January 26, 2005 3:53 AM
> > To: samba@lists.samba.org
> > Subject: [Samba] Problems with Access Control for Shares on Samba 2
> >
> > Hi all !
> >
> > I have a question regarding the access control in Samba 2. I want to
> make
> > shares available to the Windows Network for which only the owner of the
> > share has write access. Other users however should be able to read and
> > browse these shares.
> > My smb.conf :
> >
> > global]
> >workgroup = leat
> >guest account = nobody
> >keep alive = 30
> >os level = 2
> >kernel oplocks = false
> >security = user
> >
> > [hobbit5]
> > comment = hobbit5
> > path = /ALPHA-DATA/hobbit5
> > browseable = yes
> > read only = no
> > guest = ok
> > valid user = hobbit5
> > ;force user = hobbit5
> >
> > As far as I understand Samba, with this configuration any Samba user
> > should be able to browse and read the hobbit5 - share, while only
> hobbit5
> > himself can write and delete within this share.
> > However, what happens is that any Samba user can see the share in the
> > Network Neighborhood, but except for hobbit5, none can enter it. Windows
> > tells me that either the path is not correct or I don´t have the network
> > privileges to do this.
> >
> > What do I do wrong ?
> >
> > Thanks,
> >
> > Jörg
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problems with Access Control for Shares on Samba 2

2005-01-26 Thread Kaplan, Marc 
Jörg,

I think if you want only one user to be able to write, but any user to be able 
to access you should change things as follows:

 [hobbit5]
 comment = hobbit5
 path = /ALPHA-DATA/hobbit5
 browseable = yes
 read only = no
 guest = ok
 write list = hobbit5

The valid users parameter before said that ONLY hobbit5 could access the share. 
If you don't specify anything for valid users, the default behavior is that any 
user can access the share.

-Marc
> -Original Message-
> From: remote [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 26, 2005 3:53 AM
> To: samba@lists.samba.org
> Subject: [Samba] Problems with Access Control for Shares on Samba 2
> 
> Hi all !
> 
> I have a question regarding the access control in Samba 2. I want to make
> shares available to the Windows Network for which only the owner of the
> share has write access. Other users however should be able to read and
> browse these shares.
> My smb.conf :
> 
> global]
>workgroup = leat
>guest account = nobody
>keep alive = 30
>os level = 2
>kernel oplocks = false
>security = user
> 
> [hobbit5]
> comment = hobbit5
> path = /ALPHA-DATA/hobbit5
> browseable = yes
> read only = no
> guest = ok
> valid user = hobbit5
> ;force user = hobbit5
> 
> As far as I understand Samba, with this configuration any Samba user
> should be able to browse and read the hobbit5 - share, while only hobbit5
> himself can write and delete within this share.
> However, what happens is that any Samba user can see the share in the
> Network Neighborhood, but except for hobbit5, none can enter it. Windows
> tells me that either the path is not correct or I don´t have the network
> privileges to do this.
> 
> What do I do wrong ?
> 
> Thanks,
> 
> Jörg
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] 'security = ads' & 'valid users ='

2005-01-25 Thread Kaplan, Marc 
If you're fine with users being prompted to enter their login
credentials, then yes the passwords can be different. If you want it to
be seamless, keep the passwords synced.

-Marc

> -Original Message-
> From: Ryan Frantz [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 25, 2005 11:28 AM
> To: samba@lists.samba.org
> Subject: RE: [Samba] 'security = ads' & 'valid users ='
> 
> Would it be feasible to use the options 'guest account' and 'guest ok'
> for shares along with ADS security?
> 
> Or is additional configuration even necessary?  When domain
> authentication fails, Samba will prompt the user for a
username/password
> combination
> (http://www.samba.org/samba/docs/man/smb.conf.5.html#VALIDATIONSECT),
> correct?  The user can then enter credentials I have given them that
> will match UNIX accounts I will create for them.
> 
> ry
> 
> -Original Message-
> From: Kaplan, Marc [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 25, 2005 2:19 PM
> To: Ryan Frantz; samba@lists.samba.org
> Subject: RE: [Samba] 'security = ads' & 'valid users ='
> 
> I think as long as the passwords are the same, your approach of
creating
> the domain users you need as local users will work.
> 
>   -Marc
> 
> > -Original Message-
> > From: Ryan Frantz [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, January 25, 2005 11:04 AM
> > To: samba@lists.samba.org
> > Subject: [Samba] 'security = ads' & 'valid users ='
> >
> > I will be upgrading my Samba server from 2.2.8a to 3.0.10.  I
> currently
> > have security set to 'share' and plan on migrating to 'ads' for
> improved
> > authentication.  I have one snag, though...
> >
> > I have remote users who reside in and are managed by a Windows
domain
> > that is not in my control.  There is no trust relationship at all.
If
> I
> > use 'ads' security, can I add a 'valid users' line for shares they
> need
> > to access?  So that when they fail domain authentication, Samba
would
> > check against UNIX accounts I set up specifically for those (2)
> users...
> >
> > Example smb.conf:
> >
> > [global]
> >   security = ads
> >
> > [share1]
> >   comment = share for local users
> >   path = /some/path/share1
> >   ...
> >
> > [share2]
> >   comment = share for remote users
> >   path = /some/path/share2
> >   valid users = fred,barney
> >   ...
> >
> > ry
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] 'security = ads' & 'valid users ='

2005-01-25 Thread Kaplan, Marc 
I think as long as the passwords are the same, your approach of creating
the domain users you need as local users will work.

-Marc

> -Original Message-
> From: Ryan Frantz [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 25, 2005 11:04 AM
> To: samba@lists.samba.org
> Subject: [Samba] 'security = ads' & 'valid users ='
> 
> I will be upgrading my Samba server from 2.2.8a to 3.0.10.  I
currently
> have security set to 'share' and plan on migrating to 'ads' for
improved
> authentication.  I have one snag, though...
> 
> I have remote users who reside in and are managed by a Windows domain
> that is not in my control.  There is no trust relationship at all.  If
I
> use 'ads' security, can I add a 'valid users' line for shares they
need
> to access?  So that when they fail domain authentication, Samba would
> check against UNIX accounts I set up specifically for those (2)
users...
> 
> Example smb.conf:
> 
> [global]
>   security = ads
> 
> [share1]
>   comment = share for local users
>   path = /some/path/share1
>   ...
> 
> [share2]
>   comment = share for remote users
>   path = /some/path/share2
>   valid users = fred,barney
>   ...
> 
> ry
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba