[Samba] Re: exclude_dir option for VFS recycle module
Kevin Kobb wrote: > Hello all, > > I am testing the VFS recycle module, and have a question. > > The module is working the way I hoped with the exception of the > exclude_dir option. I have an entry like: > exclude_dir = dir1 -- files I place in dir1 are not sent to the recycle > location. However, if I have a folder beneath dir1 like dir1/dir2, files > in dir2 get sent to the recycle location. I've tried using wildcards in > my smb.conf like exclude_dir = dir1/*, exclude_dir = dir1*, and other > combinations, but still can't get it to work. > > Can somebody advise me if this is an intended mode of operation, a bug, > or a configuration error on my part? > > I am using Samba 3.12 on 5.3-RELEASE-p6. > > Thanks. > OK, may have found my answer. Found the following in vfs_recycle.c: /* FIXME: this check will fail if we have more than one level of directories, * we shoud check for every level 1, 1/2, 1/2/3, 1/2/3/4 * ---simo */ if (checkparam(recycle_exclude_dir(handle), path_name)) { DEBUG(3, ("recycle: directory %s is excluded \n", path_name)); rc = SMB_VFS_NEXT_UNLINK(handle, conn, file_name); goto done; } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] exclude_dir option for VFS recycle module
Hello all, I am testing the VFS recycle module, and have a question. The module is working the way I hoped with the exception of the exclude_dir option. I have an entry like: exclude_dir = dir1 -- files I place in dir1 are not sent to the recycle location. However, if I have a folder beneath dir1 like dir1/dir2, files in dir2 get sent to the recycle location. I've tried using wildcards in my smb.conf like exclude_dir = dir1/*, exclude_dir = dir1*, and other combinations, but still can't get it to work. Can somebody advise me if this is an intended mode of operation, a bug, or a configuration error on my part? I am using Samba 3.12 on 5.3-RELEASE-p6. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: auth samba+squid+ntlm
Andrew Bartlett wrote: On Tue, 2005-01-18 at 15:20 -0500, Kevin Kobb wrote: On my box to get the "--require-membership-of=domain.group" to work, I had to tack on "--username=%LOGIN" as well. After that, it works like a champ. I'm really not sure what you are doing there, but I can't see how -- username=%LOGON does anything... Andrew Bartlett Well silly me. I swear at one time without this I couldn't get squid to work by AD group membership. However, I took it out and can indeed still get out with squid. I have updated my OS and Samba since I set this config up many months ago, so maybe it was a problem, or perhaps I was just being foolish, which is probably much more likely ;-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: auth samba+squid+ntlm
Xavier Callejas wrote: Hi. I need to use the ntlm_auth module to auth. users so a group can use Internet and other not, using squid. The users that belong to "Internet" group may use Internet. I've being looking for info. about this but there is no much info. in google. Until now this is the only info. that I had found: for squid.conf: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="dominio+Internet" the "dominio+internet": I made proof of "dominio\internet" , "dominio\\internet" and always there is an error like this: [2005/01/18 11:58:23, 0] utils/ntlm_auth.c:get_require_membership_sid(237) Winbindd lookupname failed to resolve dominio+Internet into a SID! so I tried the SID: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=S-1-5-21-2357639956-1676252757-504000632-2005 and: [2005/01/18 11:59:20, 10] utils/ntlm_auth.c:manage_squid_request(1610) Got 'ibcinc+xavier acacadac' from squid (length: 22). [2005/01/18 11:59:21, 3] utils/ntlm_auth.c:check_plaintext_auth(292) NT_STATUS_OK: Success (0x0) OK But, even doing this (putting the SID) the users can't be authenticated by the server. Squid and the smb PDC are the same box, is this possible??? this the error from log when a user run its web browser and ask for a user/password: Is your "winbind separator = +" in the smb.conf file? By the first example you gave, I believe it should be. On my box to get the "--require-membership-of=domain.group" to work, I had to tack on "--username=%LOGIN" as well. After that, it works like a champ. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: authentication against win2k3 server
Carissa Srugis wrote: I've been trying to setup Samba to authenticate users against accounts existing on a Windows 2003 Server without any backwards capability. Ideally, this needs to be done without any changes to the Windows 2003 Server. Users will not be logging into the Samba shares at all. This is merely for authentication. I'm running FreeBSD 4.10-Relase #4 with Samba 3.0.8. This is my smb.conf file: [global] realm = WIN2K3.DOMAIN.LOCAL security = ads auth methods = winbind winbind separator = + encrypt passwords = yes workgroup = DOMAIN.LOCAL netbios name = FREEBSD_Machine winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes idmap uid = 1-2 idmap gid = 1-2 password server = WIN2K3.DOMAIN.LOCAL So once winbindd is running, I type the following and get these results: freebsd_machine# net ads join member -I 192.168.0.1 -U administrator administrator's password: *password* [2004/11/16 14:27:06, 0] libsmb/nmblib.c:send_udp(793) Packet send failed to 127.255.255.255(137) ERRNO=Permission denied [2004/11/16 14:27:07, 0] libsmb/nmblib.c:send_udp(793) Packet send failed to 127.255.255.255(137) ERRNO=Permission denied [2004/11/16 14:27:07, 0] utils/net_ads.c:ads_startup(186) ads_connect: Permission denied In the winbindd log I've also gotten the following error messages at one point or another: Could not fetch sid for our domain WIN2K3.DOMAIN.LOCAL Packet send failed to 127.255.255.255(137) ERRNO=Permission denied ads_connect for domain WIN2K3.DOMAIN.LOCAL failed: Permission denied get_trust_pw: could not fetch trust account password for my domain DOMAIN.LOCAL The odd part is when I try to use wbinfo to verify connections. If I type "wbinfo -g" it will display the correct group listing from the win2k3 server. But nothing else seems to work: freebsd_machine# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_INTERNAL_ERROR (0xc0e5) Could not check secret freebsd_machine# wbinfo -u Error looking up domain users freebsd_machine# wbinfo --domain-info=DOMAIN.LOCAL Name : WIN2K3.DOMAIN.LOCAL Alt_Name : DOMAIN.LOCAL SID : S-0-0 Active Directory : No Native: No Primary : Yes Sequence : -1 I'm obviously missing something, but I am at a loss. Any help is greatly appreciated! Carissa Srugis You might try looking at FreeBSD 5.3. I don't believe 4.10 has a working nsswitch which I think you will need if you want to login into FreeBSD without a local account, but just a AD account. I have done this on our Windows domain and FreeBSD 5.3 and it works OK. Join the machine to the domain, modify pam files, and nsswitch.conf, and it worked. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd lookup failure
Hello all, I am Samba to authenticate users in Windows 2000 AD to a Squid proxy server. I have Red Hat 9, Samba 3.04, and Squid 2.5 Stable3. I have followed the FAQs and docs as closely as possible, and everything went pretty much without a problem. The only hangup I am having is trying to restrict access to the proxy to members of a single AD group. In my squid.conf I have, auth_param ntlm program /usr/bin/ntlm_auth \ --helper-protocol=squid-2.5-ntlmssp that works fine. In the Samba docs they indicate you can do this, auth_param ntlm program /usr/bin/ntlm_auth \ --helper-protocol=squid-2.5-ntlmssp \ --require-membership-of='DOMAIN/Group' When I try that though, I get these errors in cache.log utils/ntlm_auth.c:get_require_membership_sid(237) Winbindd lookupname failed to resolve 'DOMAIN/Group' into a SID! If I do wbinfo -n Group, I get a sid and wbinfo -s "sid" gives me the group. I have gone through mailing list and seen some people that indicate you can use an external helper like wbinfo_group.pl, but I just wondered if second squid.conf setting I got from the Samba docs is known to work, or if there is something else I need to look at? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba