Re: [Samba] Cases where Samba modifies a file without changing the timestamp?
On Tue, 19 Sep 2006, Marc SCHAEFER wrote: apart from the mmap(2)ed DBM files that Samba uses, are they any cases where Samba will *modify* data files without setting the mtime ? I have issues with rsync not seeing changes to Samba exported files (md5sum don't match). The mtime is however in the very distant past (say 2004), but the content seems to have changed. Let me guess: these files' names end in the string .XLS, right? From what I've heard, apparently MS, in their infinite wisdom, decided it would be neat if Excel wrote things into files and then set their modification time back to what it was before modifying the files. To me, the intent behind modification time seems fairly obvious, but apparently some bright person at MS has a different interpretation[1]. I'm not sure if MS has any documentation about this phenomenon, but the Unison folks do mention it in a changelog[2]: + Excel files are now handled specially, so that the fastcheck optimization is skipped even if the fastcheck flag is set. (Excel does some naughty things with modtimes, making this optimization unreliable and leading to failures during change propagation.) - Logan [1] My guess is that Excel writes lock information into the document's file, and the MS person decided that modification time should be interpreted to apply to the conceptual document rather than the file, but that's just a guess. Or maybe they were somehow forced into it because of http://support.microsoft.com/kb/324491/ . [2] at https://svn.cis.upenn.edu/svnroot/unison/trunk/src/NEWS . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Home dirs problem
On Tue, 12 Sep 2006, Marian Neagul wrote: I have a question about mapping users home directory's to samba. The homedir layout is based on an old one used on NIS+ system. The structure is something like: /users /group1 /user1 /user2 ... /group2 /user3 ... /group3 /group3_1 /user4 ... /group3_2 ... /group4 /user5 How can I configure samba to use this home directory's? The user data is stored in LDAP (including the home directory and other information not related to samba: qmail-ldap, courier, etc) ? The only option I've found is something similar to: path = /home/%U Can samba retrieve the home directory from LDAP? Do you mean that if you do finger user or getent passwd user that the directory you want shows up in that output? If so, just delete the path statement from the [homes] section. Samba will use the user's home directory by default. Note, however, that you didn't really make a distinction between the Unix system using the data stored in LDAP as its password database (through some mechanism like nsswitch) and the home directory data just being in LDAP. I believe that if the Unix system isn't using the LDAP data and passing it through to calls like getpwent(), then Samba won't use the LDAP data either. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] passwd program example for parsing new password typed?
On Wed, 6 Sep 2006, Gianluca Cecchi wrote: This could allow me to synchronize the passwords of the two domains' users during the normal windows password change operation. That's a little odd to have two sets of accounts that are kept identical between two different domains. But, maybe there is a reason for it. I have only to set up the passwd program of smb.conf accordingly. By default it is passwd %u and I read that it makes use of expect to get the passwd typed by the user (not clear how... where to find docs?) No, it uses an Expect-like (not actual Expect, I think) script to talk to the passwd program. The user's password comes in plaintext from the Windows client machine to Samba, if I understand correctly. So the interaction between Samba and the passwd command doesn't involve getting the password typed by the user. I would like instead to substitute it with a script that 1) runs the passwd program locally as by default 2) runs a remote shell to the other samba host to run the script specified above for AD change. Any hint on how to give to the script the password typed by the user? Thaks in advance for your help. Look at the passwd chat Samba parameter. This defines how Samba communicates with the passwd program. You can substitute your own chat script to specify how it interacts with your own script instead of the passwd command. For example, your script might look like this: #! /bin/sh username=$1 echo send password now read password # do whatever you want with $username and $password Then I believe you'd want this in your smb.conf: unix password sync = yes passwd program = /path/to/my/script %u passwd chat = send password now %n\n That should take care of the glue between Samba and your script, but then you have the small matter of glue between your script and /usr/bin/passwd. Previously, Samba could take care of that for you, but if you wrap the passwd command with your script, you're going to have to use Expect or something to do it. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux as PDC
On Fri, 1 Sep 2006, Rob Watkin wrote: I will post the latest version smb.conf file below. I have followed the instructions in http://us4.samba.org/samba/docs/man/Samba-HOWTO- Collection/FastStart.html section Domain Controller for the most part. I have one server (TAU) and one Windows XP client (vm-201). I can get vm-201 to join my BC workgroup but not the domain. I am rebooting the XP machine and restarting samba on TAU between experiments. I have just noticed the following error in the log file which I think is at the bottom of all this! When I try to get the XP box to join the BC domain it asks for a username and password, I give tom ** and then I have to admit that I myself don't understand the exact requirements on what type of account is required here, but it must be some sort of administrator account, not a regular user account, that you use to join to the domain. So you need to use root, or possibly some other privileged account, but I know root works. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 100% CPU usage
On Wed, 30 Aug 2006, Felipe Augusto van de Wiel wrote: On 08/30/2006 02:22 AM, Mary Steiner escreveu: I am running Samba 2.2.7-5.8.0 on Fedora Core #1 and am having a problem with smb daemons using up all of the CPU. The other thing is that *maybe* you are really under heavy load, so you need to upgrade the hardware or downgrade the number of users. ;) I would hope that, in most cases, if the load is really high, this would max out the machine's I/O capacity way before it maxes out its CPU capacity. Of course, that depends on the hardware, but these days, CPUs are really fast, and I don't think Samba is that inefficient... Of course, the other suggestion is to updated to a non-ancient version of Samba. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rev #2 of the 3.02.3c patch
On Wed, 30 Aug 2006, Gerald (Jerry) Carter wrote: I've uploaded the *final* 3.0.23c roll up patch to http://samba.org/~jerry/patches/patch-3.0.23b-3.0.23c-gwc-2.diffs.gz. I've already cut the 3.0.23c tarballs so unless there is a major problem, this will be the final change set. Please report *any* bugs that you find. Well, I'm not positive it's a bug, but with 3.0.23b, I can go to the (Windows Explorer context menu) Properties-Security dialog and look at the list of Group or user names, and every file I've tried shows the group's SID before the user's SID. This isn't the order I expect, and in fact, it's different from what I see on 3.0.10 system which runs against the same ldapsam data. With 3.0.10, I get what I expect: Group or user names: +---+ | (H) Logan Shaw (MYDOMAIN\lshaw) | | (HH) engineer (MYDOMAIN\engineer) | | (HH) Everyone | +---+ (The (H) represents the single-human-head icon, meaning user, and the (HH) represents the two-human-heads icon, meaning group, I guess.) With the 3.0.23b, I get something like this instead: Group or user names: +---+ | (HH) engineer (MYDOMAIN\engineer) | | (HH) Everyone | | (H) Logan Shaw (MYDOMAIN\lshaw) | +---+ Note that the user appears at the bottom of the list. I think this is probably related to something else I'm seeing: when an Excel or Word file is open and locked by a user and someone else tries to open it, they get a message that it's locked by engineer (the group) rather than lshaw (the username). So, what relevance does this have to 3.0.23c? Well, it's happening with 3.0.23b, and I spent about 15 minutes looking through the 3.0.23b-3.0.23c patch you just posted today (patch-3.0.23b-3.0.23c-gwc-2.diffs.gz), and I couldn't see any code changes that looked related. Unfortunately, I can't really take the server down to test the patched version for real. Also, I'm fairly sure it didn't happen with 3.0.22 and that I haven't changed smb.conf in any meaningful way since moving from 3.0.22 to 3.0.23b, making me believe it's a function of the samba version rather than the config. So, I realize that's not the ideal bug report, but is it possible someone running 3.0.23c could check and see if they are seeing a similar issue? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configure Options while build Samba and OpenLDAP?
On 08/28/2006 05:30 AM, updatemyself . escreveu: can anyone help me to know what all are the compailing option to use.. while build my samba and open-ldap rpm from sourse. On Tue, 29 Aug 2006, updatemyself . wrote: what about.. ldap options..? any one can help? I rebuilt Samba for Slackware and added LDAP in the build since Slackware doesn't have LDAP by default (at all). All I had to do was set these environment variables: CFLAGS=-I/usr/local/pkg/openldap/include LDAP_LDFLAGS=-L/usr/local/pkg/openldap/lib -Wl,-rpath,/usr/local/pkg/openldap/lib and add this ./configure option: --with-ldap=yes The two environmen variables were only needed because I have my OpenLDAP libraries installed in a non-standard place. (There isn't a Slackware package for OpenLDAP that I know of, and I didn't feel like making one, so I just put all the OpenLDAP stuff in its own directory to keep it separate.) If you have your OpenLDAP includes in /usr/include and your OpenLDAP libraries in /usr/lib, you wouldn't need those two environment variables. All that applies to Slackware, but it should be fairly similar for Debian, I would think. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Storing privilege info in ldap
On Tue, 29 Aug 2006, David Williams wrote: I have a Samba server 3.0.22 pdc on Gentoo Linux with a ldap backend all working fine. I am now going to add a bdc to the setup. It seems that the privilege info is stored locally rather than in ldap. I suspect that it's in account_policy.tdb but I'm not sure. I can see the accounts on the bdc and logon fine but the rights are missing when i run net rpc rights list. I can add the info in manually but that creates a future admin job. Is there any way to store the rights in LDAP? Isn't this the exact same question that was answered under the subject Question regarding Samba rights about 3 hours ago? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Wrong Username reported to MS Office if file is opened already
On Wed, 16 Aug 2006, [EMAIL PROTECTED] wrote: I run a Suse 9.3 with Samba 3.013. If a User opens a file which another User has already opened M$ Office reports that the User who saved the file the last time has locked the file, not the actual User, who holds it open. My Sambaserver is a Domain Member of a W2k Domain. I don't know the solution, but I suspect the answer you're going to get is to try upgrading to something more recent, like 3.0.23b, since your 3.0.13 is fairly old. Also, I have a similar issue, but instead of the previous user, what I see is the Unix group name instead of the username. So maybe related, but maybe not. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to get Samba's share directories
On Thu, 24 Aug 2006, Nguyen Anh Phu wrote: Is there any tool that can get Samba service (share directory) and its full path? Maybe its output likes this: [share] /home/share [setup] /home/setup In my own setup, I addressed this problem by creating a top-level /share. All Samba shares reside there. If I want to use disk space from a different filesystem and see it under /share, I can use something like an automounter (most automounters can mount local filesystems using a local database), a bind mount in Linux, an lofs mount in Solaris, etc. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file locked by wrong user
I'm having a weird problem which I think may be a bug, but I'm not sure, so I think I'll describe it and see if it rings a bell with anyone. Basically, the story is this: there's a file owned by a Unix user lshaw (i.e. me) and whose group ownership is engineer. Now, I open this file on one Windows XP computer, then go try and open it again on another XP machine. On the second computer, I get the usual This file is locked by ___, do you want to open a read-only copy? message. But the problem is the ___ is engineer rather than lshaw. In other words, it is showing the group instead of the username. I've noticed this with Word, Excel, and Powerpoint files. (Those were the 3 file types that I could think of off the top of my head whose apps like to lock files.) As far as I can tell, this happens for all users, i.e. no matter who opens a file, and no matter who looks at it, it appears to locked by the group instead of the user. I'm running Samba 3.0.23b. I think I may have seen this on 3.0.20, but I can't recall for sure. Also, for what it's worth, if I, in Windows XP, navigate to a file that experiences this problem and hit Properties and then do the Security tab, I see the group listed as the first item under Group or user names:. It looks like this: engineer (DOMAIN\engineer) Everyone Logan Shaw (DOMAIN\lshaw) This isn't a show-stopper bug, but it is a little inconvenient when something is locked to not have a way to know who has locked it. If it matters, the correct numeric uid (that corresponds to lshaw) shows up in the second column of the smbstatus -L output. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to unlock the locked file.
On Wed, 16 Aug 2006, Jacky Chan wrote: I just upgrade from SUSE9.3 to SUSE10.0 and running samba-3.0.22-11. I have a workstation which store outlook.pst on Samba share. Yesterday, this workstation get hang and after a cold boot. It can't access the outlook.pst anymore, the system reported the pst file is using by someone and outlook can't open it?. Sometimes this works: 1. Login to the samba server. 2. Run a smbstatus. 3. Find the pid of the process that has the lock on the file in the third section of the output. 4. Verify that it matches the expected user and hostname in the first and second sections of the smbstatus output. 5. Run ps -ef and see how long the smbd with that pid has been running. 6. If it has been running since before the computer was last rebooted, it's a left over smbd. Kill JUST THAT ONE smbd. (And make sure you get the right one -- it should be one that has a parent pid not equal to 1.) - Logan-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-tools and disabling a user
Hey everyone, When someone leaves the company, I prefer to disable their account rather than remove it (so that you can see who owns any files they might leave on a filesystem somewhere). I'm using an LDAP backend for Samba, and I'm using smbldap-tools to manage accounts. So, today I was going to disable an account for the first time since switching over from plain /etc/passwd and /etc/samba/smbpasswd, and it doesn't seem like there is any tool that can handle both Unix and Samba accounts. Specifically, smbldap-usermod has a -I option, which is described as disable user. It sets the D flag on the Samba account info, but it doesn't have any effect on the RFC 2307 userPassword. I noticed smbldap_tools.pm has a disable_user() sub in it, which is even exported from the module, but nothing calls it, and when I tried calling it myself from a little Perl code, it didn't seem to work. Oh, and I can't really use the straightforward passwd -l command, because I'm using Slackware, which doesn't grok LDAP. I ended up writing a little bash script which uses ldapmodify, which does the job, but I'm wondering if there's a better way that I'm missing. It seems odd that smbldap-useradd supports adding both Unix and Samba accounts, and smbldap-userdel supports deleting both, but smbldap-usermod only supports disabling the Samba half of things... - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+Samba only posixaccount possible?
On Fri, 11 Aug 2006, Juha-Matti Ung wrote: Hi!Is it possible to get the samba authenticate a user and map to his homedirectory only using posixaccount or are there some attributes that windows absolutely require like in the samba-objectclasses? I'm 99% certain this isn't possible. Windows uses a different password hashing scheme from what Unix/Linux systems use, so the user's password must be stored in both forms. The only exception might be if you want to make your Windows machines send plaintext passwords, but I'm not even sure if that's supported on newer versions of Windows. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain migration from 2.2.x to 3.0.x
On Fri, 11 Aug 2006, Rory Vieira wrote: One of my customers is running a pretty old Redhat 8 (Psyche) server with Samba 2.2.something (I think 7). Next week I'm planned to upgrade his Redhat platform to SuSE 9.3 and also update his samba to 3.0.23b. I did almost the exact same thing going from RedHat 7.2 with Samba 2.2 to Slackware 10.2 with Samba 3.0.22, and managed to pull it off with no real problems. My biggest worry is that this customer has about 14 workstations already in the 2.2.x domain. I would like to know WHAT to do so I won't have to re-add all those machines again, as this will take up a lot of my time. From memory, I believe you need to do the following: 1) Copy the machine accounts over, preserving the flags, the LM and NT hashed passwords, etc. They are just smbpasswd entries with special usernames (with $ in them), so this isn't all that complicated. With only 14 machines, I might just do it by hand. 2) Make sure the new server has the same NetBIOS name as the old. (This might not be necessary. On the other hand, you probably want to do it anyway.) 3) Make sure the new server has the same domain as the old. 4) Make sure the new server has the same SID as the old. There are lots of ways of doing this, but I believe the one I used was to run rpcclient's lookupsids command against the domain itself to get the old SID on 2.2.x, then I used net setlocalsid to set it on the new 3.0.22 system. Or something along those lines. :-) 5) This might or might not be necessary, but make sure the machine accounts have the same SID as before as well. That list might not be complete. For me, things were easier since I was moving from one machine to another in the process, so I could compare settings on both and make changes incrementally until I was satisfied everything was good. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Regarding samba compilation
On Wed, 9 Aug 2006, samid wrote: Am trying to add some Debug statement to smbd, for example in service.c. But problem is when I recomplile and make install, smbd doesnt get updated with that code. problem here is this smbd executable(usr/sbin/smbd) doesnt get updated with the latest install. please help.. I would try to isolate the problem. Is smbd getting built correctly and incorporating your changes? Run strings smbd and see if your debug message is in the version that's built after you do make. Also, check and see where smbd is being installed by make install. I would do this by doing make install make.install.log 21. Then run grep smbd make.install.log or look through it with less or your favorite text editor and see what path it really installs to. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc and notebook in domain
On Wed, 9 Aug 2006, bob_bipbip wrote: hello, when my computer's client is not connected to network (and so cannot connect to pdc), they are not able to log in, they have a message telling us that the system can't log in because the domain is unavailable, how to permit people to log in even if they are not connected to network? By default, Windows supports up to 10 (I think) cached logons. That means if you user abc logs on while the domain controller IS available, then they can log on later when the domain controller is NOT available, assuming there haven't been 10 people who have logged on since then. So, with a little planning (always be sure to logon before you disconnect, so that your identity is in the cache), you can use only the network user accounts without having to create separate local accounts. That makes things a lot cleaner and simpler, I think. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] make -j
So, I'm building 3.0.23b for Slackware (since they don't have it out yet[1]), and I've noticed these two lines in the script that Slackware uses to build Samba 3.0.23 from source (which I'm modifying to build 3.0.23b): # -j options don't seem to work... make Anyone know why that comment might be there? Is it true that Samba can't be built with -j2 or similar arguments to make? Maybe just on Slackware? The reason I'm asking is that I happen to have this server with Dual 1.0 GHz PIII Xeons, and it takes forever to build on this machine. It sure would be nice if it could 0.5*forever instead. [whine] Especially since I discovered a minor error in the build I was going to put on the server 15 minutes ago, and now have to build again twice: once to find the error in the build script, and another time to build it cleanly from scratch, thus delaying me from going home by at least 30 minutes. ;-) [/whine] - Logan [1] And no, you don't want my version once I'm done building it, since I'm building it against the OpenLDAP that I have installed, and by default Slackware has no LDAP. But I would be willing to share the 3.0.23 SlackBuild script that I modified for 3.0.23b if anyone wants it... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Applying security updates
On Tue, 8 Aug 2006, Steve1 Boothright wrote:
A security update for samba 3.0.1 - 3.0.22 was posted on samba.org on the
10th July. Does anyone know how to apply to update?
Everytime I click on the download link I just get the following text
Index: source/smbd/service.c
===
--- source/smbd/service.c(revision 16676)
+++ source/smbd/service.c(working copy)
@@ -763,6 +763,11 @@
smb_panic(make_connection: PANIC ERROR.
Called as nonroot\n);
}
+if (conn_num_open() 2047) {
+*status =
NT_STATUS_INSUFF_SERVER_RESOURCES;
+return NULL;
+}
+
if(lp_security() != SEC_SHARE) {
vuser = get_valid_user_struct(vuid);
if (!vuser) {
That's a patch against the source. Save it into a file, say
samba-patch-2006-07-10, then cd to the directory that
contains source, then type patch samba-patch-2006-07-10
and the patch program should apply the changes to the file
source/smbd/service.c. Then rebuild the binaries.
- Logan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] disabling roaming profiles for some networks only
On Tue, 8 Aug 2006, John Mason wrote: What about also enabling roaming profiles, but doing folder redirection? I use it and so it take much less time since each machine is configured to mount their my documents, desktop, etc. which makes their profile large rather than include them in the profile. I don't think that would work so well for our environment. The issue isn't the space used in the profile. It's the speed at which it can be copied over and back. Turning folders like the desktop into mounts from the server would prevent slow logons, but in exchange what we'd get is files on the desktop taking minutes to open after someone had logged in. The pipe between the offices is about 1.5 megabit/s bandwidth with a latency of about 70 ms, and this makes access to files over SMB (or CIFS) really slow. I'd *love* to improve responsiveness of the server, but my guess is that the protocol just doesn't deal with latency very well (most file sharing protocols don't), so no amount of tuning is going to make a huge difference. Plus, of course, if you open a 10 megabyte file over a 1.5 megabit/s link, the theoretical best time you're ever going to see is about 53 seconds. And people do put 10 megabyte files on their desktops. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disabling roaming profiles for some networks only
On Mon, 7 Aug 2006, simo wrote: On Mon, 2006-08-07 at 17:23 -0500, Logan Shaw wrote: I'm looking for a way to turn off roaming profiles only for those users which are at the remote site. Set the logon home and logon path explicitly in the passdb backend for the users who need it and leave the general ones blank. You must use either the tdbsam or ldapsam backlends to do that. That's an idea, but I'd really rather have it keyed off what network they're logging in from. It's not uncommon for users from one office to travel to the other. Then, they get there and have only (say) 2 days to get whatever done while they're traveling, and they spend the first 2 hours of their limited time waiting for their machine to finish logging them. It's a bit of a nuisance. :-) In particular, there could even be cases where someone uses the same user account and same machine at the local office and at the one 1000 miles away. This can happen when a user takes their laptop with them. And yeah, I can educate my users about this, but that doesn't completely stop it from happening, because it's not the type of thing people understand well or realize they need to remember when they're traveling. All in all, I guess this is more of a weakness of the design of Windows networking than anything else. Still, if there is a Samba solution to the problem, I'd welcome it... - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] converting Linux users paswords to Samba
On Mon, 7 Aug 2006, FTuzi wrote: I have a Fedora 5 system with about 300 users and 2 printers. Samba is running on the sole server. There are also about 2 dozen Windows XP computers in use, but there is no domain and no Active Directory. All the computers are standalone. Users desire to use the Samba printers and access their home directories in the Linux system. I have setup and have Samba running fine. Using Webmin, I converted all Linux users to Samba users. BUT the passwords don't convert. I don't believe there is any way of converting the passwords. Both Unix and Windows use a one-way hash system. It's possible to get the hashed password from the cleartext password, but not vice versa. (That's enough for authentication purposes because it allows you to verify a password, which is all you need.) Since Unix/Linux and Windows/Samba use different one-way hash schemes from each other, you will have to create the Windows hashes[1], and that requires access to the cleartext passwords, which you don't have available on a Unix/Linux system. So, you're going to have to have users re-enter their passwords. One possible solution to this problem is to assign every user a new password for Samba only and let them know what it is, then give them a mechanism to change both. By the way, I would probably go ahead and set up the Linux machine as a domain controller. That won't help your passwords issue, but at some point you may want to have people logon to Windows machines and they might as well be able to use a unified set of accounts to do it. Also, if the users need to use Samba shares regularly, it's just as easy for them to logon at the beginning of the session. That way they only have to type their password when they logon to the Windows machine and not every time they access a new share. - Logan [1] There are actually two types: Lan Manager (LM) and Windows NT (NT). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'ldap machine suffix' is ignored?
On Mon, 7 Aug 2006, Mike A. Kuznetsov wrote: I'm using samba-3.0.23 (Revision: 16921, from ports collection, under FreeBSD 6.1 with OpenLDAP 2.3.24 smbldap-tools-0.9.2a) as PDC with following config: [ snip snip snip... ] [global] ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=ru And I can't join domain from WinXP workstation (WINHOST, for ex.) with the error No such user I believe in newer versions of Samba, ldap suffix is no longer added to ldap machine suffix or to any of the others. So, you need to put this instead: ldap group suffix = ou=groups,dc=mydomain,dc=ru ldap idmap suffix = ou=idmap,dc=mydomain,dc=ru ldap machine suffix = ou=computers,dc=mydomain,dc=ru This seems to have changed sometime between 3.0.10 and 3.0.22, although when specifically it changed I don't know. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] disabling roaming profiles for some networks only
Hey everyone. We have two offices accessing the same Samba server, which is a PDC and file server. The server is located in one of the offices, but the other office is only connected by a relatively slow link (1.5 megabit/s). I'm looking for a way to turn off roaming profiles only for those users which are at the remote site. (It's a tad inconvenient when it takes an hour or two to login due to a 1 GB roaming profile!) I could turn roaming profiles off for everyone, but we do have some users here at the same site as the server who don't have their own computers and could take advantage of roaming profiles. Obviously, I can do this by running the Group Policy editor on every machine at the remote site, but I'd really like something where this can be controlled by the server. I know I can leave logon path and logon home undefined and that will turn off roaming profiles for everyone, but I only want to turn it off for users on a certain network. So, is there any way to do that? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] strangely lingering lock, samba 3.0.22
Hello everyone, Today a user (call them 'abc') came to me and described the following sequence of events: 1. They opened an Excel file, made some changes, saved it, and closed it. 2. They tried to open it again and got an error dialog within Excel that says this: File in Use FooBar.xls is locked for editing by 'abc'. Open 'Read-Only' or, click 'Notify' to open read-only and receive notication when the document is no longer in use. 3. They rebooted their desktop machine and tried again, and got the same dialog again. No matter what they do, the file remains locked. The same file is locked for other Windows users and on other Windows computers as well, so obviously there is some sort of state on the Samba server that is telling the clients that the file is locked. So, I logged into the Samba server (3.0.22 running on Slackware 10.2, with kernel 2.4.31), and tried to see if I could see any evidence of a lock. The file did not show up in the output of smbstatus --locks. Running fuser on the file didn't show that any process had it open. So apparently no process has it open on the Linux machine. Also, I noticed that if I make a copy of the file on the Linux machine (cp FooBar.xls FooBar-new.xls), the copy does not retain the lock. So, it would appear that this is not related to the actual contents of the file. I also tracked down the individual smbd that user abc's machine is connected to and killed it. Another one restarted, but the lock was still not released. For what it's worth, I have oplocks = no and level2 oplocks = no in my smb.conf, so presumably this isn't an oplock issue. Anyone have any ideas what's going on? As far as I can tell, this must be a server-related issue since all clients see the file as locked, and it's apparently not an issue with the contents of the file (like Excel writing some flag into the actual file contents itself), but I can't find any indication on the server that the file is locked. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strangely lingering lock, samba 3.0.22
On Tue, 1 Aug 2006, Jeremy Allison wrote: On Tue, Aug 01, 2006 at 03:35:09PM -0500, Logan Shaw wrote: Today a user (call them 'abc') came to me and described the following sequence of events: 1. They opened an Excel file, made some changes, saved it, and closed it. 2. They tried to open it again and got an error dialog within Excel that says this: File in Use FooBar.xls is locked for editing by 'abc'. Open 'Read-Only' or, click 'Notify' to open read-only and receive notication when the document is no longer in use. I added cleanup code for 3.0.23 that should fix this issue. You might want to try 3.0.23a to see if it fixes it. Wow, Jeremy, thanks for the quick response. It's a fairly important server, for us at least, so it's hard to justify installing a release as a test unless the issue is serious, which this isn't really. So I'll probably wait until 3.0.23b (which seems like it could be more solid than 3.0.23 and 3.0.23a), but I will keep an eye out for this problem and whether 3.0.23b fixes it when I install that. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba connections issues (3.0.23 on Solaris 8 with NIS+)
On Mon, 24 Jul 2006, Gerald (Jerry) Carter wrote: Gilles Vautour wrote: I'm curious if anyone has suggestions about a problem we have encountered. We have recently upgraded a 2.2.8a server to 3.0.23. The server in question is running Solaris 8 with NIS+. Storage is from our SAN. Since the migration, we have found that we no longer have access to several shares. They are connected, but we are unable to get to them. You win the award for the biggest change in an upgrade :-) Not funny to you I know I think I might be a challenger for that title. I went from 2.2.7 to 3.0.22 and switched from /etc/passwd to OpenLDAP (with PADL) and moved from RedHat 7.2 to Slackware 10.2 and renumbered the Unix uids while preserving the SIDs, all in one fell swoop, and all of this on the domain controller. And the amazing thing is, it actually worked... - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mount a window 2003 nfs share on a sun running solaris10
On Tue, 18 Jul 2006, Don Rauenhorst wrote: Is there a way to mount a shared 2.5 tb volume from 1 2003 windows onto a sun running solaris 10. is there a simple way to do this with samba? Samba is an SMB (a/k/a CIFS) server, so if you are mounting an NFS share as the subject says, Samba won't help. Also, Samba does the file server end of things, not the client. In Unix terms, that means it helps you export filesystems but not mount them. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap smbpasswd automation (anyway around smbpasswd)
On Fri, 21 Jul 2006, oly wrote:
okay managed to get accounts working by running smbpasswd username then
entering there password,
is there anyway i can make it use ldap or fill in the list from ldap, i
have about 80 users in there and need to add about 800 more i do not
want to sit and enter the password for around 900 users must be an
easier way?
it was very easy to get the accounts into ldap beacause i generated the
ldifs from a userlist using calc.
Do you have smb.conf pointing at an LDAP server for the user
database, with a passdb backend directive? If so, then
you've probably got the configuration right and all you need
is a tool to populate the LDAP database.
There is a set of Perl scripts called smbldap-tools that
is bundled with Samba; this works pretty well for creating
accounts and so on. smbldap-useradd -a someuser will add
someuser to the Samba user list (and to the Unix user list
as well; I believe the tool can handle it if the Unix user
already exists in LDAP).
As for the passwords, if you have the plaintext passwords in
a database, you can pipe them into smbldap-passwd and it will
change them. For example:
#! /bin/sh
while read user pass
do
{
echo $pass
echo $pass
} | /path/to/smbldap-passwd $user
done END_OF_DATA
joebob joepass
jimbob jimpass
END_OF_DATA
If you don't have the plaintext passwords, unfortunately
there is no way to recover them from the crypt()ed versions
in /etc/shadow or similar and convert them to Windows format.
- Logan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Running Samba daemons
On Fri, 21 Jul 2006, [EMAIL PROTECTED] wrote: How can I make a system user other than root (i.e., adm, sys) start the Samba daemons (smbd and nmbd) on an AIX5L platform? I'd be surprised if it's even possible. Samba needs to create files as the user that connects to the share. If you run it as non-root, how could it create and access files as other users? I suppose it might theoretically be possible if you run a configuration with only guest users, but I doubt Samba allows for that. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't save 0 size file in samba 2.0.7
On Wed, 19 Jul 2006, liu jack wrote: I think that samba 2.0.7 is also useful for embeded system. Because smbd ,nmbd files in samba 3 are too big for embeded system. Is the size of samba 2.0.7 really that much smaller than 2.2.12? Even if it is, my guess is that the size difference between 2.0.7 and 2.0.9 is really quite small. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to add computer to domain
On Tue, 18 Jul 2006, User 1 wrote: Pls help, I am in the progress implementing Samba as LDAP as PDC on FC5, I followed the instruction of samba3-ldap-howto, now I am unable to add computer to domain.. Tried to check /var/log/samba and found the following: [2006/07/18 14:55:44, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 Hmm... $ grep -c 'exit.*9' smbldap-useradd 1 Seems like since there is only one way for smbldap-useradd to exit with code 9, maybe that's something you should look into. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd
On Tue, 11 Jul 2006, Gerald (Jerry) Carter wrote: Guillermo Gutierrez wrote: (Blond-moment question) I take it then, that this bug doesn't apply to version 3.0.23? Actually, you are the second person to ask me this. :-) I thought that since both the security and release announcement can from me, it would be obvious. The security bug announcement did say that versions up through 3.0.22 were affected, but there are two possible explanations for the appearance of that statement: 1. At the time the security announcement was written, 3.0.23 had been released and was known not to be affected by the security problem, and therefore wasn't included in the list of versions affected. 2. At the time the security announcement was written, 3.0.23 had not been released and wasn't included in the list of versions affected because 3.0.23 did not exist. In order to figure out which, the reader has to determine whether whoever wrote the security announcement knew that 3.0.23 existed. You posted both announcements to the list, but (a) that doesn't mean you wrote both of them (release announcements are usually written by the developer, but security advisories are often written up by some security team and then reposted all over the place), and (b) that doesn't mean, even if you wrote the security advisory, that it was written after 3.0.23 was released; maybe they were both written within 10 minutes of each other because that was when you had time to send out some e-mail messages. In practice, maybe an easy way to deal with this is to include in any security advisory two lists of versions: those known to be affected and those known not to be affected. (ISC does something like this with their security matrix for BIND.) - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] very very weird problem, Samba completely broken
On Fri, 7 Jul 2006, Craig White wrote: On Fri, 2006-07-07 at 17:45 -0400, Eric Evans wrote: This is very strange and frustrating. Our users complained that they weren't able to get ANY Samba access, not even being able to map a network drive (forgetting for now about that domain logon thing for a while). So I went into the /etc/samba/smb.conf and took out all of the statements that had anything to do with domain controlling and net logons, basically restoring the smb.conf to the state it was in before I started messing around with all that domain controller stuff. probably would be much easier if you understood Windows Networking principles. For what it's worth, I had a hard time with this when I first began working with Samba. I had no difficulty with the Unix end or with networking in general, but when you're coming from a Unix background and setting up Samba on your server, it takes some time to wade through and get oriented with Windows networking concepts. I found that the best thing for me was to read the book Implementing CIFS. Even though it's targeted at developers, it seemed to cover things from a Unix point of view. I found that a much more helpful source of conceptual information than the Samba docs, which are really targeted at the Samba implementation of the set of protocols rather than the protocols themselves. [2006/07/07 17:24:18, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(183) process_name_refresh_request: unicast name registration request received for name WORKGROUP00 from IP 128.253.175.150 on subnet UNICAST_SUBNET. [2006/07/07 17:24:18, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(184) Error - should be sent to WINS server Nothing below suggests that you are using a WINS server...not in the Windows clients, not in smb.conf. Make life easy for yourself, add 'wins support = yes' to smb.conf and change your dhcp server to use 128.253.175.150 as WINS server and node type = '8' Based on the log message, it seems that 128.253.175.150 was the IP of the host that sent the request, not the destination of the request. At least that's how I interpret should be sent to WINS server. To me, that phrase means I got a request as if somebody thought I was the WINS server but I'm not, so I thought I'd let you know somebody thinks I am. In other words, 128.253.175.150 is the address of a misconfigured client. (Or the server that generated that log message needs wins support = yes turned on.) - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] query about PC setups
On Thu, 6 Jul 2006, Eric Evans wrote: Thanks for the info. I've been trying to get this to work but I'm having difficulty with it. I put the statement logon script = startup.bat in my [global] section. I also inserted [netlogon] path=/usr/local/samba/lib browseable = no share modes = no into the smb.conf. And I made a startup.bat which I placed in /usr/local/samba/lib, and which contains only the command net use h: /homes. But when I log in to the PC, unfortunately it doesn't connect me to the homes share automatically like I thought it should. I checked the samba logs and I don't see any error messages there. Anybody have ideas about what I might be doing wrong? startup.bat is a batch file that is going to be executed by the Windows machine when you logon to Windows. The Windows machine doesn't understand a command like net use h: /homes because /homes is a path that has meaning only on the Unix machine and doesn't mean anything to Windows. You're going to want something like net use h: \\sambaserver\homes instead. Also, it should be automatically connecting you to your home directory by virtue of having logon path and logon drive specified in smb.conf, so you don't need to add a net use command for your home directory. It's only needed for other shares. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] linux windows synchronisation account : linux client configuration
On Fri, 30 Jun 2006, Edmundo Valle Neto wrote: Stephane Durieux escreveu: I m trying to make unix and linux password synchronisation with samba using ldap backend, the only question that remains : How can I make passwd command use the samba server ? You can use the ldap passwd sync = yes option. With that option the LDAP, NT and LM hashes are synchronized, when changed THROUGH SAMBA. I believe the question was how they can make /usr/bin/passwd cause Samba passwords to be updated. If a Unix (Linux) user runs /usr/bin/passwd, it should not change just their Unix password but should also change their LM and NT passwords. At least that is the request as I am reading it. In other words, the request is how to preserve the /usr/bin/passwd interface that Unix users may be familiar with, while at the same time not causing that interface to cause passwords to go out of sync. Unfortunately, I don't know an answer to that question... - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap password sync and RFC2307 hash schemes
On Fri, 30 Jun 2006, Logan Shaw wrote:
I'm running Samba on Slackware 10.2. As near as I can tell
based on looking at the glibc source, my options for Unix
passwords (in /etc/passwd, or LDAP -- same options) are these:
1. crypt() with plain old, busted traditional hashing.
2. crypt() with MD5 hashing, via $1$saltsalt$hashhashhashhash
format; the crypt() function the special format and
automatically uses the MD5 algorithm.
Now, here's the question: how do I do the equivalent thing
for Samba? How do I make Samba know it should use the crypt
scheme for userPassword? If I put
ldap password sync = Yes
into smb.conf, then it is going to update userPassword
attributes, but how is it going to know that I need it to
use the crypt hash scheme? Or does it send a plaintext
password and let the LDAP server take care of that? Is this
a function of Samba or is it a function of the LDAP server?
To answer my own question, the answer seems to be that Samba
will do an exop (extended operation) when talking to the LDAP
server and will ask it to change the password. That means
I can have the OpenLDAP server select the correct password
hashing scheme by putting this into slapd.conf:
password-hash {CRYPT}
password-crypt-salt-format $1$%.8s
In other words, slapd.conf has very similar options to what
I had put into smbldap.conf.
(Now, if I could only figure out why sometimes ldappasswd,
which triggers a password exop, causes my password to get
reset to *. But that's another battle, I think...)
- Logan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Trouble with windows mounts after reboot of windows server
Evert wrote: The problem is that I have a couple of shares of a W2K server mounted with Samba on my (Gentoo) Linux. This works fine, until the W2K server gets rebooted. After that the shares are just timing out, and they are impossible to unmount/remount... :-/ On Tue, 27 Jun 2006, Evert wrote: Anyone...? I know I'm not the only one with this problem... :-/ You're probably not, but if you're exporting shares from W2K and mounting them on Linux, that's not a Samba problem as far as I know. Samba is only used when Linux is the server, not when it's mounting a CIFS filesystem from a remote server. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba WINS Questions
On Tue, 27 Jun 2006, Vincent Fonteneau wrote: Finaly WINS problem solved, I'm not so sure. The WINS server is supposed to maintain a dynamic database that is updated every time some NetBIOS names are registered or deregistered on the network. Just stuffing data into the databases like that isn't likely to really work properly. WINS replication is used (but I don't know if I can use the expression replication) by entering new parameters in /var/lib/samba/wins.dat before starting smb daemon on BDC1 the wins.dat should goes with : MYDOMAIN#00 1151663528 255.255.255.255 e4R MYDOMAIN#1b 1151589720 192.168.2.71 64R MYDOMAIN#1c 1151663528 192.168.2.71 193.168.2.71 e4R MYDOMAIN#1e 1151663528 255.255.255.255 e4R MYPDC#00 1151589720 192.168.2.71 66R MYPDC#03 1151589720 192.168.2.71 66R MYPDC#20 1151589720 192.168.2.71 66R MYBDC1#00 1151663528 193.168.2.71 66R MYBDC1#03 1151663528 193.168.2.71 66R MYBDC1#20 1151663528 193.168.2.71 66R MYBDC2#00 1151663528 194.168.2.71 66R MYBDC2#03 1151663528 194.168.2.71 66R MYBDC2#20 1151663528 194.168.2.71 66R on BDCs the wins.dat should goes with : MYDOMAIN#00 1151663528 255.255.255.255 e4R MYDOMAIN#1b 1151589720 192.168.2.71 64R MYDOMAIN#1c 1151663528 192.168.2.71 193.168.2.71 194.168.2.71 e4R MYDOMAIN#1e 1151663528 255.255.255.255 e4R MYPDC#00 1151589720 192.168.2.71 66R MYPDC#03 1151589720 192.168.2.71 66R MYPDC#20 1151589720 192.168.2.71 66R MYBDC1#00 1151663528 193.168.2.71 66R MYBDC1#03 1151663528 193.168.2.71 66R MYBDC1#20 1151663528 193.168.2.71 66R MYBDC2#00 1151663528 194.168.2.71 66R MYBDC2#03 1151663528 194.168.2.71 66R MYBDC2#20 1151663528 194.168.2.71 66R That should be pretty good until Thu Jun 29 14:02:00 2006 (UTC) when the entries with the timestamp 1151589720 will expire. If you're going to hardcode data into WINS, at least read the documentation on how to do that: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2554221 Of course, I still recommend that you don't try to force software to do replication when it wasn't designed to do that. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba WINS Questions
On Tue, 27 Jun 2006, Vincent Fonteneau wrote: MYPDC#00 1151589720 192.168.2.71 66R MYBDC1#00 1151663528 193.168.2.71 66R MYBDC2#00 1151663528 194.168.2.71 66R Also, I forgot to mention: 193.168.2.71 and 194.168.2.71 (note the 193 and 194) are not RFC 1918 private IP addresses. That particular range of private IP addresses only goes from 192.168.0.0 up to 192.168.255.255. If you want to use private addresses, there are 17,891,328 private IP addresses available, so why cause yourself (and possibly, others) problems by using public ones? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.22 with Heimdal Kerberos - compilation problem
On Sat, 24 Jun 2006, Doug VanLeuven wrote: Nir Barkan wrote: I'm trying to compile samba-3.0.22 with Heimdal Kerberos on Solaris 8 When I configure compile from non -standard libs, I explicitly set the paths required. Some people like to put it on the command line, but I created a shell script to invoke configure with my required options and compiler flags. These are commented on at the end of output from ./configure --help #!/bin/sh export LIBS=-L/usr/local/ldap/lib -L/usr/local/lib export CFLAGS=-O2 -L/usr/local/ldap/include -I/usr/local/include export CPPFLAGS=-I/usr/local/ldap/include ./configure \ (flag1=opt) \ (flag2=opt) On Solaris, you may want to do a -R for every -L you do (if using shared libraries); this will embed the path into the executable so that you don't have to LD_LIBRARY_PATH nonsense. To the original person with the problem: if you could post your compiler command line (the gcc or cc that actually generates that error message), that might help, since it would be nice to see what -I arguments and so on that the Makefile is passing it. Also, by the way, export FOO=bar isn't legal Bourne shell syntax. It works in ksh and bash, but in sh you need FOO=bar ; export FOO or similar. Of course, on a Linux system /bin/sh often is something other than straight Bourne shell, but if you're relying on non-Bourne shell features, you should put #!/bin/bash or something. Not that it matters a whole heck of a lot in a script that is designed to wrap configure, though... - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba WINS Questions
On Mon, 26 Jun 2006, Vincent Fonteneau wrote: I'm using Samba 3.0.21c with PDC and severals BDC in different subnets. I'm triing to use Wins servers on all the BDC servers and on the PDC. The problems occurs in the network browsing. Hopefully someone will correct me if I'm wrong (please...), but as far as I know, the only valid WINS configuration is to have exactly one WINS server for a given domain. WINS servers can't sync, so if you have more than one, you would have two different, inconsistent view of the NetBIOS names available within the domain. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-passwd and uppercased schemes
Hey everyone,
I'm looking at the IDEALX smbldap-passwd script (the version which
comes with samba 3.0.22, in the examples directory), and it seems
to want to set the password scheme to an uppercase string, i.e.:
{CRYPT}foobarfoobar
{MD5}barfoobarfoo
However, looking at RFC 2307 ( http://www.ietf.org/rfc/rfc2307.txt ),
in section 5.3, it would appear that these are supposed to be lowercase,
like this:
{crypt}foobarfoobar
{md5}barfoobarfoo
So, my question is, is the scheme case-sensitive? The RFC doesn't
give any indication that case is irrelevant, but smbldap-passwd
uses uppercase and (presumably) gets away with it.
Obviously I easily hack the script to fix this, but I only want to
do that if it's really necessary -- I like to stick with vanilla
versions of things unless there's a good reason not to.
- Logan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: SOLVED! Re: [Samba] Files are being saved as read-only
On Mon, 26 Jun 2006, Rob Tanner wrote: It turns out that the problem is a Microsoftism since it only happens with Office documents. It also tiurns out that only if profile acls is set to 'yes' in smb.conf do you see the problem. Set it to 'no' and no problem. Wierd eh?? I believe I remember hearing somewhere that, instead of (the Win32 equivalent of) open(); write(); write(); write(); close();, lots of MS products first create a new file, then write the save data to the new file, then remove the old file, then rename the new to have the same name as the old[1]. The point being, when these apps are saving a file, they're not updating an existing file; instead, they're CREATING a new file. So, I would check if new files are created read-only by default; maybe that is the real problem. - Logan [1] There is some benefit to this approach: you've always got a complete copy of the file on disk at any given time, for one thing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Off topic NSS_LDAP
On Fri, 23 Jun 2006, IT wrote: Anybody can copile NSS_LDAP under Solaris 10 ?, i have a trouble compiling this tool. Doesn't Solaris have built-in support for ldap in nsswitch.conf? Why would you need to compile your own? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Upgrading to latest version on Solaris 2.6...
On Thu, 22 Jun 2006, Mathew W. Hurd wrote: i'm currently running version 2.0.7 on my Solaris 2.6 box. i'd like to upgrade to the latest (samba-3.0.22-1-noads-sunos5.9-sparc.pkg.gz) but i am not certain if it is compatible with my version of Solaris. That wouldn't be compatible, because based on the sunos5.9 in the filename, it would be a package for SunOS 5.9, i.e. Solaris 9. That will mean it's linked against all Solaris 9 versions of the shared libraries and may rely on other binary interfaces as well. Sun does a very good job of ensuring that binary compatibility is retained when you take software built on an older system and bring it forward to a newer system, but the reverse isn't true, so I wouldn't expect that package to work. If I were you, I'd do one of three things: 1) Build from source. Not really that hard, hopefully. 2) Upgrade and get off Solaris 2.6 and onto something which isn't positively ancient. :-) 3) Go digging for a binary package from somewhere else. For instance, http://www.sunfreeware.com/ seems to have a Samba 3.0.10 built for SPARC Solaris 2.6. Maybe you can find a newer one somewhere else. Hope that helps... - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change ldap passwd
On Wed, 21 Jun 2006, Craig Jackson wrote: I have what I believe to be a working samba installation using ldap as the back end. The set up is workgroup only -- no domain. Can someone tell me how root might change a user's samba password at the command prompt? I read pdbedit man page and saw nothing about changing passwords. Thanks. # smbpasswd joebob - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP GID-SID without winbind?
Hello everyone, In my new Samba environment, I have a few servers that use LDAP for Unix accounts (via PADL's NSS stuff). This is working fine for Unix accounts, and everything is in LDAP. These servers are also going to run Samba, with the ldapsam backend. I've noticed that ldapsam allows me to maintain a UID-SID mapping by simply putting the SID in the sambaSID attribute for a (domain) user. That is, I can manually assign the SID when I create the account. Is there any simple equivalent thing for GID-SID mappings for groups? I'd really like to just choose a SID when I choose a GID at the same time I'm adding the group. And I'd like it to be a SID that matches the domain SID; that would help keep things uniform across servers. I've looked at the documentation quite a lot, and the only thing I've seen allusions to so far that allows GID-SID mapping to be stored in LDAP is using idmap with winbind. It seems very strange to me that there's an easy way to do this (without winbind) for users but there isn't for groups. For what it's worth, I'm trying to avoid winbind (at least, using NSS going through winbind) because the new PDC is also to be a Samba file server, smtp/pop3/imap mail server, etc. Basically, I just want all Unix UIDs and GIDs and all SIDs to be specified manually in LDAP. I notice in the figures in Chapter 11 of the official HOWTO that it shows winbind querying ldapsam to do GID-SID mapping. Is it possible that winbind (one d) refers to winbindd (two ds -- the daemon) and this implies that I can have LDAP-based GID-SID mapping by running the winbindd daemon but not setting up winbind anywhere in /etc/nsswitch.conf? Thanks for any insight -- I've spent hours today looking through the documentation and I've learned a lot, but I haven't learned the one thing I need to know... :-) - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: password change on WinXP
On Sat, 17 Jun 2006, Petteri Larjos wrote: Thank you Conrad for answering. If I remember correctly the laptop users need two accounts (local and remote) even though samba is PDC or one could not logon when not connected to LAN. How this is handled? As I understand it, Windows clients will cache logon information. So you can logon once while connected to the LAN and thus having the PDC accessible, then in the future when you are disconnected from the LAN, you can still logon and the Windows client will authenticate you using the locally cached authentication info. Here's a MS knowledge base article about it: http://support.microsoft.com/kb/q172931/ Now, what I don't know is whether taking advantage of this is considered a best practice in the Windows world. For all I know, the cached information might expire after a week or something, which could leave someone in a bind if they are away from the LAN for too long (say, on a business trip). Anyone have comments about that? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wins vs. browsing, and documentation
I've been reading Chapter 9 (Network Browsing) of the Official Samba-3 HOWTO and Reference Guide, and the documentation is causing me some confusion. Up at the very top of the chapter, it says: WINS is the best tool for resolution of NetBIOS names to IP addresses; however, WINS is not involved in browse list handling except by way of name-to-address resolution. But then there is a whole section in this chapter called WINS: The Windows Internetworking Name Server. If the two aren't related[1], then why is WINS covered in the browsing chapter? Is this just a quirk of the way the documentation is laid out, or does it imply there is a closer connection between browsing and WINS? I think it is the former, but it gets a little confusing, particularly when the same chapter is discussing two different types of synchronization: synchronization between LMBs and DMBs (which Samba *does* support -- I think) and also discussing synchronization of data between WINS servers (which Samba does *not* support). - Logan [1] except that browse servers use WINS name services to find each other, but then lots of other things use WINS to find each other, so that's hardly a special situation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mommy, where do RIDs come from?
Hey everyone, I'm preparing for a transition in which I'll be moving everything (PDC, WINS server, big file shares) off an old Linux server running Samba 2.2.7 onto a much newer Linux system running Samba 3.0.22. In the process, I'll be switching from smbpasswd (only thing supported under Samba 2.x, if I understand correctly) to ldapsam on Samba 3.x. I want to keep the same domain name and preserve SIDs for users and machine accounts (and the domain) so that clients can just start using the new PDC without disruption (except possible reboot, which is OK), so my plan is to populate the password database on the new server with the exact same usernames and SIDs and hashes that are in use on the old server. (I may clean up the UIDs, though.) However, I've noticed something odd: /etc/samba/smbpasswd on 2.2.7 doesn't contain any RIDs or SIDs. And yet, if I run rpcclient and do lookupnames lshaw against the 2.x server, I can see that my (lshaw's) SID is formed of the domain SID plus some RID that comes from somewhere. But, *where* is that RID coming from? I presume it is some sort of persistent mapping, but what stores it? It's not in smbpasswd, because it doesn't contain RIDs (only UIDs). It doesn't seem to be in any of the files /var/cache/samba/*.tdb either, but I could be missing something. I suppose since I can use rpcclient to get the correct SID, this is partly just a matter of curiousity, but I think I'd feel better if I knew what was really going on... Also, as long as I'm asking questions, can anyone spot holes in my idea of swapping out the PDC with a new one that has identical data? It seems like as long as the data is identical, the clients should be able to transition over with no problems. It'd be just like a client switching from a PDC to a BDC, right? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP and Samba 3.0.22 -- don't mix?
On Tue, 13 Jun 2006, Jeremy Allison wrote: are using it successfully (and I'm not saying that lightly). If the process seems stuck try attaching to it with gdb or strace and find out what it's doing. Don't use kill -9, that can damage internal Samba databases. It seems to me that, in most cases (there are exceptions), doing a kill -9 isn't any more harmful than the machine crashing or power being lost. How resistant is smbd to the machine losing power? Would the same risk exist? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.22 and hebrew file names
On Tue, 13 Jun 2006, Shlomi . wrote: We had an old Sun server running Solaris 2.6 with samba 2.2.2, Now we upgrade it to Solaris 9 with Samba 3.0.22, but we have one problem. The file names that are in Hebrew looks on the Windows clients as lines or squares. On the old samba server there were no char settings, on the new samba server I set the char to 862 and the display and unix chars to ISO8859-8 and UTF-8 - it didn't help. I guess that the samba doesn't know were to get the CP862 file. I researched internationalization with Samba a while back, and this is the conclusion I came to: 1. Any given installation of Samba 3 uses three different character sets: (1) the character set of filenames on disk, (2) unicode for speaking to (Windows) clients that support unicode in CIFS, and (3) a legacy codepage for clients that use an older version of CIFS and don't support Unicode. 2. Samba 3 converts freely between these different character sets at runtime as needed. 3. Samba 2 doesn't support Unicode at all (or at least not for filenames), so its on-disk character set is always the same as the character set it uses when communicating to clients, and it does no conversion. Based on these three facts (if I'm remembering them right), I would guess what has happened is this: when using Samba 2, you set your Samba server to use the Hebrew codepage (862, I guess). This means that all the filenames got created on disk using that character set. But then you upgraded to Samba 3 and are using the same set of files. Now Samba 3 is expecting to see Unicode filenames but the files are still codepage 862. The best solution is probably to set Samba to use Unicode on the disk, then rename all your files to Unicode names. Somewhere out there is a script that can do this. Samba should automatically speak Unicode to newer Windows clients, so as long as you work out the on-disk character set and have that set up properly, everything should be good. Once you have Samba set up to do Unicode on disk, you should be able to connect from a Windows client and create some files using Hebrew characters and they should show up properly. That would be a good test and would help prove that all you need to do is get the existing filenames into the right format. One more thing: since (as I understand it) Samba can also speak with a fixed 8-bit codepage to legacy clients that do not support Unicode, you might want to set that codepage to 862 in the configuration file. I forget what the directive is, but there is one that controls what Samba speaks on the wire to clients that don't support Unicode. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
