Re: [Samba] Samba 4.1.0 Available for Download

[Charles Marcus]

On 2013-10-11 9:49 AM, samba-requ...@lists.samba.org 
 wrote:

REMOVED COMPONENTS
==

The Samba Web Administration Tool (SWAT) has been removed.
Details why SWAT has been removed can be found on the samba-technical mailing
list:

https://lists.samba.org/archive/samba-technical/2013-February/090572.html


Just curious what was decided about this comment (he has a very 
excellent point):


"I have yet to make the jump to Samba4, so I have not seen the version of
SWAT designed for it.

For me, the primary benefit of SWAT in Samba3 was the ability to use the
help link for any parameter to see what that parameter did, what the
default was, and what its proper syntax was.  For reference, I ran "man
smb.conf".  Viewing full screen, I pressed the "Page Down" key 34 times
and was still in the 1st third of the alphabetical listing of
parameters.  It's no small wonder that I never used "man smb.conf" to
configure Samba.  SWAT was my friend.

So, if Samba4 has anywhere near the number of parameters as Samba3, I
would be greatly disappointed to see SWAT go away entirely.  An html
version of the samba-doc package that contained all parameters with
links to their definitions/descriptions would be a welcome and suitable
replacement.

Thanks,
Dale"


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Folder disappears on rename

[Charles Marcus]

Marc Muehlfeld wrote:

Am 06.10.2013 23:27, schrieb Charles Marcus:

Fyi... this is a known problem (with both renames and newly created
files/folders, and even deleted foles/folders) on Windows 7, even with a
real Windows Server... never seen it on XP, but it happens all the time
on Windows 7 here.


It's a SMB2 caching issue (that's why you don't have it on XP). Jones 
already posted a workaround/solution:


Reading the referenced technet article, those delays are only 10 
seconds, 5 seconds and 10 seconds.


The delays I've seen are many minutes (anywhere from 3 to 5, sometimes 
it seems longer)...


I'll try it, but why would the actual delays being expereinced be so 
much longer than these cache lifetime settings?


Thanks,

Charles


Am 06.10.2013 09:02, schrieb Jones:
> Sometimes this symptom happened in my environment,
> and found this link:
> SMB2 Client Redirector Caches Explained
> http://technet.microsoft.com/zh-tw/library/ff686200(v=ws.10).aspx
>
> Here is one test case,
> during Windows 7 and Samba are negotiated with >= protocol SMB 2.0,
> Windows 7 might cache the directory entries,
> i.e. the directory entries are locally satisfied by Windows 7,
> and there are no SMB2 packets across network while refreshing the
> list thru powershell dir command,
> hence Windows 7 with Wireshark captures no packets.
>
> After following 3 DWORDs are applied to Windows 7 and reboot is
> required, this symptom seems no longer exist in my environment.
> Not sure is this a acceptable change but hope this help.
> FileInfoCacheLifetime = 0
> FileNotFoundCacheLifetime = 0
> DirectoryCacheLifetime = 0







--

Best regards,

*/Charles Marcus/*
I.T. Director
Media Brokers International, Inc.
*678.514.6224 | 678.514.6299 fax*
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Folder disappears on rename

[Charles Marcus]

Fyi... this is a known problem (with both renames and newly created 
files/folders, and even deleted foles/folders) on Windows 7, even with a 
real Windows Server... never seen it on XP, but it happens all the time 
on Windows 7 here.


Just fyi...


samba-requ...@lists.samba.org wrote:

Subject:
Re: [Samba] Folder disappears on rename
From:
Bernd Glueckert 
Date:
2013-10-05 12:12 AM

To:
samba@lists.samba.org



this sounds a bit like something mysterious I had had today at work 
on my Samba 3.6.18 server:


- On the Linux server I downloaded a file to my home directory (was a 
simple *.txt file)
- On my Windows PC I could not see the file, but it was there on 
Linux side
- I renamed the file on linux and then it was visible with the new 
name on windows, too.



A different user had the following today:
- She created a file on the Samba share (same 3.6.18 server)
- But it wasn't visible from a different PC
- After about 3h it was suddenly visible without any changes.


The problem wasn't reproducable on both machines a second time.


We have this problem too.

Samba 3.6.18 on Gentoo, W7-64-Workstations.

A scanner puts his output on the samba server, but it's not visible 
for the W7-Clients. A couple of minutes later it's visible. Refreshing 
Explorer by pressing F5 doesnt help.


Same effect happens, if user A renames a file. User B sees the old 
filename, and few minutes later it's okay.


I think, this is reproducible. I will check this next week and give 
you the information about it.



--

Best regards,

*/Charles Marcus/*
I.T. Director
Media Brokers International, Inc.
*678.514.6224 | 678.514.6299 fax*
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Messed up SIDs: How to change machine SID?

[Marcus Mundt]

Ok, today I was finally able to join my domain. The problem was a 
misconfiguration of idmap. Solution as follows:

<   idmap config DEFAULT:backend = ldap
<   idmap config DEFAULT:readonly = no
<   idmap config DEFAULT:default = yes
<   idmap config DEFAULT:ldap_base_dn = ou=people,dc=domain,dc=org
<   idmap config DEFAULT:ldap_user_dn = cn=rootuser,dc=domain,dc=org
<   idmap config DEFAULT:ldap_url = ldap://myldapserver

Thanks for everything!

-Ursprüngliche Nachricht-----
Von:Marcus Mundt 
Gesendet:   Mo 15.07.2013 15:25
Betreff:Re: [Samba] Messed up SIDs: How to change machine SID?
An: samba@lists.samba.org; 
> I could fix the SID issues. However the other errors and warinings remain. 
> Struggeling hard to find the cause for not being able to join a domain, 
> getting 
> "Access Denied"
> 
> SMB log:
> [2013/07/12 15:48:03.439574,  2] auth/auth.c:309(check_ntlm_password)
>   check_ntlm_password:  authentication for user [admin] -> [admin] -> [admin] 
> succeeded
> [2013/07/12 15:48:03.442335,  3] 
> groupdb/mapping.c:772(pdb_create_builtin_alias)
>   pdb_create_builtin_alias: Could not get a gid out of winbind
> [2013/07/12 15:48:03.442450,  2] 
> auth/token_util.c:455(finalize_local_nt_token)
>   WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind 
> allocate 
> gids?
> [2013/07/12 15:48:03.54,  3] 
> groupdb/mapping.c:772(pdb_create_builtin_alias)
>   pdb_create_builtin_alias: Could not get a gid out of winbind
> [2013/07/12 15:48:03.444555,  2] 
> auth/token_util.c:479(finalize_local_nt_token)
>   WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
> ...
> [2013/07/12 15:48:03.191990,  0] 
> rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3)
>   _netr_ServerAuthenticate: no challenge sent to client N666
> ...
> [2013/07/12 15:48:03.587205,  3] smbd/connection.c:35(yield_connection)
>   Yielding connection to IPC$
> [2013/07/12 15:48:03.589351,  3] smbd/server_exit.c:181(exit_server_common)
>   Server exit (failed to receive smb request)
> 
> Questions:
> Is it mandatory that 
> Domain Admins
> Domain Users
> Domain Guests
> Domain Computers
> are spelled exactly like that. In GOsa I'm only allowed to use lower case 
> letters and no spaces. Hence I got
> domainadmins... and so forth. I don't know how to change the windows group 
> name 
> only.
> 
> Is a root user mandatory or may I use "admin"? Since I got no root in LDAP, 
> but 
> tried it last week, didn't help.
> 
> Which of the domain and builtin groups are mandatory? As far as I know only
> Domain Admins 512
> Domain Users  513
> Domain Guests   514
> 
> and
> 
> From the builtin domain (didn't know that there is a built in domain until 
> now)
> Administrators    544
> Users 545
> Guests  546
> 
> Thanks for any help in advance! Setting up a PDC seems not too hard, but I 
> have 
> to use our existing LDAP directory and operate on a production system :(
> 
> Cheers,
> Marcus
> 
> 
> 
> > I have an LDAP backend.
> > 
> > In LDAP, the machine accounts for my  windows and linux clients so show 
> > the same base SID as the domain SID (ie.. all but the last digits.)
> > 
> > However I also have the mismatch with "net getdomainsid" -  which 
> > definately explains why they don't behave as I would expect.   You may 
> > want to try fixing this with "net setlocalsid."   I guess when you joing 
> > unix  or linux member server to the domain the localsid is not updated.
> > 
> > Re the BUILTIN groups you may want to explicitly map these to unix 
> > groups rather than relying on winbind to do it
> > 
> > 
> > e.g.   I created  unix groups
> > 
> > #getent group 
> > Builtin Admins::544:
> > Builtin Users::545:
> > Builtin Guests::546:
> > 
> > Then mapped the well know built-in Windows groups to the unix groups
> > 
> > 
> > #net groupmap add ntgroup="Administrators" unixgroup=544 
> > sid=S-1-5-32-544   type=builtin
> > #net groupmap add ntgroup="Users" unixgroup=545   sid=S-1-5-32-545 
> > type=builtin
> > #net groupmap add ntgroup="Guests" unixgroup=546 sid=S-1-5-32-546 
> > type=builtin
> > 
> > # net groupmap list | grep -i builtin
> > 
> > Administrators (S-1-5-32-544) -> Builtin Admins
> > Users (S-1-5-32-545) -> Builtin Users
> > Guests (S-1-5-32-546) -> Builtin Guests
> > 
> > 
> > 
> > The linux samba member servers I

Re: [Samba] Messed up SIDs: How to change machine SID?

[Marcus Mundt]

I could fix the SID issues. However the other errors and warinings remain. 
Struggeling hard to find the cause for not being able to join a domain, getting 
"Access Denied"

SMB log:
[2013/07/12 15:48:03.439574,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [admin] -> [admin] -> [admin] 
succeeded
[2013/07/12 15:48:03.442335,  3] groupdb/mapping.c:772(pdb_create_builtin_alias)
  pdb_create_builtin_alias: Could not get a gid out of winbind
[2013/07/12 15:48:03.442450,  2] auth/token_util.c:455(finalize_local_nt_token)
  WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind allocate 
gids?
[2013/07/12 15:48:03.54,  3] groupdb/mapping.c:772(pdb_create_builtin_alias)
  pdb_create_builtin_alias: Could not get a gid out of winbind
[2013/07/12 15:48:03.444555,  2] auth/token_util.c:479(finalize_local_nt_token)
  WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
...
[2013/07/12 15:48:03.191990,  0] 
rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate: no challenge sent to client N666
...
[2013/07/12 15:48:03.587205,  3] smbd/connection.c:35(yield_connection)
  Yielding connection to IPC$
[2013/07/12 15:48:03.589351,  3] smbd/server_exit.c:181(exit_server_common)
  Server exit (failed to receive smb request)

Questions:
Is it mandatory that 
Domain Admins
Domain Users
Domain Guests
Domain Computers
are spelled exactly like that. In GOsa I'm only allowed to use lower case 
letters and no spaces. Hence I got
domainadmins... and so forth. I don't know how to change the windows group name 
only.

Is a root user mandatory or may I use "admin"? Since I got no root in LDAP, but 
tried it last week, didn't help.

Which of the domain and builtin groups are mandatory? As far as I know only
Domain Admins   512
Domain Users513
Domain Guests   514

and

>From the builtin domain (didn't know that there is a built in domain until now)
Administrators  544
Users   545
Guests  546

Thanks for any help in advance! Setting up a PDC seems not too hard, but I have 
to use our existing LDAP directory and operate on a production system :(

Cheers,
Marcus



> I have an LDAP backend.
> 
> In LDAP, the machine accounts for my  windows and linux clients so show 
> the same base SID as the domain SID (ie.. all but the last digits.)
> 
> However I also have the mismatch with "net getdomainsid" -  which 
> definately explains why they don't behave as I would expect.   You may 
> want to try fixing this with "net setlocalsid."   I guess when you joing 
> unix  or linux member server to the domain the localsid is not updated.
> 
> Re the BUILTIN groups you may want to explicitly map these to unix 
> groups rather than relying on winbind to do it
> 
> 
> e.g.   I created  unix groups
> 
> #getent group 
> Builtin Admins::544:
> Builtin Users::545:
> Builtin Guests::546:
> 
> Then mapped the well know built-in Windows groups to the unix groups
> 
> 
> #net groupmap add ntgroup="Administrators" unixgroup=544 
> sid=S-1-5-32-544   type=builtin
> #net groupmap add ntgroup="Users" unixgroup=545   sid=S-1-5-32-545 
> type=builtin
> #net groupmap add ntgroup="Guests" unixgroup=546 sid=S-1-5-32-546 
> type=builtin
> 
> # net groupmap list | grep -i builtin
> 
> Administrators (S-1-5-32-544) -> Builtin Admins
> Users (S-1-5-32-545) -> Builtin Users
> Guests (S-1-5-32-546) -> Builtin Guests
> 
> 
> 
> The linux samba member servers I use mostly for IT use anyway so I never 
> shook out all the bugs.
> 
> 
> 
> 
> On 07/03/13 11:49, Marcus Mundt wrote:
> > Dear Samba Gurus,
> >
> > I got the following errors:
> > tail -f /var/log/samba/log.wb-DOM1
> > [2013/07/02 15:49:19.990168,  2] 
> > winbindd/winbindd_rpc.c:320(rpc_name_to_sid)
> >name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED
> >
> > log.smbd
> > [2013/07/02 15:40:51.809516,  2] 
> auth/token_util.c:455(finalize_local_nt_token)
> >WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind 
> allocate gids?
> > [2013/07/02 15:40:51.811330,  2] 
> auth/token_util.c:479(finalize_local_nt_token)
> >WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
> >
> >
> > I guess the reason might be this:
> > net getdomainsid
> > SID for local machine M1 is:
> > S-1-5-21-3981825222-1828954701-2606613544
> > SID for domain DOM1 is: S-1-5-21-2762780445-1763757571-3541238449
> >
> > net getdomainsid
> > SID for local machine M2 is:
> > S-1-5-21-2913448378-2543514743-1508345481
> > SID for dom

[Samba] Messed up SIDs: How to change machine SID?

[Marcus Mundt]

Dear Samba Gurus,

I got the following errors:
tail -f /var/log/samba/log.wb-DOM1
[2013/07/02 15:49:19.990168,  2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid)
  name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED

log.smbd
[2013/07/02 15:40:51.809516,  2] auth/token_util.c:455(finalize_local_nt_token)
  WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind allocate 
gids?
[2013/07/02 15:40:51.811330,  2] auth/token_util.c:479(finalize_local_nt_token)
  WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?


I guess the reason might be this:
net getdomainsid
SID for local machine M1 is:S-1-5-21-3981825222-1828954701-2606613544
SID for domain DOM1 is: S-1-5-21-2762780445-1763757571-3541238449

net getdomainsid
SID for local machine M2 is:S-1-5-21-2913448378-2543514743-1508345481
SID for domain DOM1 is: S-1-5-21-2762780445-1763757571-3541238449


Shouldn't the SIDs be the same except the last digits???

Cheers,
Marcus
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 and (pseudo) LDAP backend for users, groups and rights

[Marcus Mundt]

Hello Marc,

first of all thanks for the quick reply. My Samba ADC was setup quite quick 
following the how to, good work!

Since we are running low on time and want to stick with our LDAP server, I hope 
I can setup a file server for WinXP and Win7 with Samba 4 using smbd and nmbd 
and keep using the LDAP backend. I guess we don't really need the AD stuff for 
what we want to achieve, right?
I really need to know if it is possible to setup some kind of auto mount for 
Windows clients. They should mount all of the users drives while logging in, 
now this happens with some script, which is run after successfully loggin in. 
The whole users, groups and rights stuff shouldn't be a problem.

> I did this in production last september (170 users, 230 workstations, 
> and around 25 services getting information from LDAP or authenticating 
> against). After some weeks of building a testing environment with 
> everything, I did the final switch on a weekend (1.5 days for changing 
> and adapting everything). And it's running absolutely great.

How did you transfer the information from the (old) LDAP server to the Samba 4 
ADS? Or did you separate things, like servers relying on the slapd and other 
systems communicating with the ADS?


>> My quick guesses of possible solutions:
>> - Samba 4 + Slapd on the same machine. Slapd synced to LDAP-Master
>>  - https://wiki.samba.org/index.php/Samba4/beyond#openLDAP_proxy_to_AD
>>  - I don't know if I get this one...

> The "beyond samba" page is from me. Just let me know, what's unclear. 
> Then I will extend the HowTo and improve the descriptions.

Ok, I thought so. I guess I wished for something like an AD to openLDAP proxy :)


>> - Samba 4 importing an ldif-export of our LDAP-Master, problem: how to sync?

> I wouldn't do that. Much workaround stuff, directory ACLs won't be 
> synced, etc.

Tried it and got an error. Won't do it again...


>> Questions:
>> - What about using "smbd + nmbd" instead of "samba"? What
>>   are the drawbacks and what functionalities would we sacrifice?

> You need the samba binary, because it provides the AD stuff. If you plan 
> to keep your NT4-style domain, then you can just upgrade. Samba 4 
> doesn't mean "AD only" and "build-in LDAP only". AD is just "an 
> additionally feature" of version 4. But AD requires the internal LDAP.

As mention above, I will now try using samba 4 but not the samba binary. Now 
switching back to smbd, nmbd and LDAP backend. Wish me luck :)


Thanks for your time and explanations!
Cheers,
Marcus
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4 and (pseudo) LDAP backend for users, groups and rights

[Marcus Mundt]

Dear List,

I am used to Samba 3 and LDAP. But since Samba 4 I'm struggeling hard to 
understand what has to be done and how a possible solution might look like for 
our scenario. I already found out that Samba 4 comes with its own LDAP Server 
and if I want to use a slapd on the same system, it should listen on another 
port. I know that using a LDAP backend isn't supported in the current version 
of samba, but I'm looking for a similar solution anyway.

Environtment:
- LDAP-Master-Server with all the information needed
- mostly Windows XP and Windows 7 Clients
They should auto mount network drives after login (user, pass and rights from 
LDAP-Master)

Here is what I want to achieve:
A LDAP-Master-Server should be the basis for all users, passwords, groups, 
rights, rights to execute Programs, mails and mounting network drives. We are 
looking for a "single sign on" solution based on the LDAP-Master-Server. Our 
Mail-Server and some other services rely on the LDAP-Master. Now Samba should 
work as ADS using the Information stored on the LDAP-Master. Meaning getting 
users, passwords, groups, rights, drives etc. from LDAP. Is that even possible? 
Any ideas? 

My quick guesses of possible solutions:
- Samba 4 + Slapd on the same machine. Slapd synced to LDAP-Master
- https://wiki.samba.org/index.php/Samba4/beyond#openLDAP_proxy_to_AD
- I don't know if I get this one...
- Samba 4 importing an ldif-export of our LDAP-Master, problem: how to sync?

Questions:
- What about using "smbd + nmbd" instead of "samba"? What are the drawbacks and 
what functionalities would we sacrifice?
- Is using samba 3 + LDAP backend a possible solution? We really waited for 
Samba 4 and are now a bit overwhelmed by the numerous innovations. But we would 
like to use the most current software.

Any hints or some short step by step list with the required services and their 
dependencies would be highly appreciated.

Thanks for reading. Have a wonderful weekend!

Cheers, 
Marcus
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Win7: File Type Association get lost

[Charles Marcus]

On 2012-04-20 2:17 AM, Alexander Busam wrote:

Alexander Busam schrieb:

A new created file type association (e. g. .sql --> notepad++) get
lost when I relogon to windows.

I use Windows 7 32-bit with roaming profiles. Installed version of
Samba is 3.5.9.

Any ideas and help welcome :-)



... is this a win7 or samba problem ?


Sounds to me like a UAC problem most likely...

Try changing the File Association from an Admin account.

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] windows 7 roaming profiles

[Charles Marcus]

On 2012-03-30 12:35 PM, Charles Marcus  wrote:

I was simply pointing out that the *default* behavior was to always
cache all data in redirected folders on the local client using the tried
and true 'offline files' technology, but in a different way with respect
to Redirected Folders (with Windows 7, which, in case you hadn't
noticed, is the subject being discussed) - it synchronizes *as changes
are made*, *in the background*, not at logon/logoff.


And of course, all of my replies also 'assume' that Samba behaves the 
same way as Windows Server with Win 7 Clients - meaning, the default 
behavior is to *always* *cache* (and sync in the background) all 
redirected folder data on the local client.


Can anyone with *definitive* knowledge please comment on whether or not 
this is true (it will affect my decision on replacing our Windows 
Servers with Samba sometime in the next year or so)?


Also, I am curious if it is even possible to disable the local caching 
on the client (although as I have said, I personally cannot think of 
*any* reason/scenario where that would be a good idea - if you truly 
never want *any* data residing on the local client, use THIN clients, 
that is what they are for).


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] windows 7 roaming profiles

[Charles Marcus]

On 2012-03-30 3:18 AM, steve  wrote:

El 29/03/12 22:36, Miguel Medalha escribió:

>> Charles wrote:

The stuff in t he roaming profiles (very little) is copied back/forth
at login/out, the stuff in t he redirected folders is *synchronized*
at all times using the Offline Files technology that has long existed
in Microsofts products.



I create a file and store it on my desktop.

roaming profile
It is stored locally until I log off whereupon it is synced to the server.


Correct...


desktop folder redirected
The file is only ever stored at the destination.


Incorrect (again, unless you have changed the default, and again, I am 
not even sure this is possible, and definitely it is most likely not 
recommended).



Edits are instantaneously synced, not only when I log off.


Correct... they are *synced*... which means they exist in *both* 
locations, *not* '*only* on the destination/redirected folder'...


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] windows 7 roaming profiles

[Charles Marcus]

Miguel - please stop sending to me directly, I am on the list.

On 2012-03-29 4:36 PM, Miguel Medalha  wrote:

NO, IT DOESN'T!



Microsoft disagrees - see below.



You are introducing a new theme altogether: Offline Files.


No, I am not. Redirected Folders *uses* the Offline Files technology (by 
default at least), so it is 100% on point for discussing Redirected Folders.


I was simply pointing out that the *default* behavior was to always 
cache all data in redirected folders on the local client using the tried 
and true 'offline files' technology, but in a different way with respect 
to Redirected Folders (with Windows 7, which, in case you hadn't 
noticed, is the subject being discussed) - it synchronizes *as changes 
are made*, *in the background*, not at logon/logoff.


All comments below will assume a Windows 7 client, and Redirected 
Folders configured per the defaults.



On a local and *reliable* network, you can use folder redirection
*without* Offline Files. I did it and it works.


No network is 100% reliable. Things break. This is I imagine why the 
default behavior is to cache Redirected Folders on the local clients.

I prefer less headaches if/when they do, so this default makes sense to me.


What you describe is the behavior of normal *roaming profiles*.



No... you can use a combination of roaming profiles and redirected
folders for the best result, which is what I do.



That's precisely what I was advocating. Please read my posts.


Oh, I did, but you were claiming that Redirected Folders were not stored 
locally, which is plain *wrong* unless you have intentionally *changed* 
the *default* behavior of Redirected Folders, which is to cache 
everything on the local client and keep things synchronized in the 
background.



The stuff in the roaming profiles (very little) is copied back/forth
at login/out, the stuff in t he redirected folders is *synchronized*
at all times using the Offline Files technology that has long existed
in Microsofts products.



Maybe you were not very clear in your first post. You said the following:

"Folder Redirection will always (...) store local cached copy of those
folders on the local computer... what it accomplishes is it saves all of
the copying back and forth when logging in/out."

which is not true. Even with Offline Files, only the files you are
working with will be synchronized back and forth. The redirected folders
themselves and the files previously stored therein will not be
transferred to the client machine.


Wrong, again.

The *first* time a user logs in to a different computer, the contents 
will be copied down to the local computers cache - *in the background* 
(so it doesn't slow down the logon like it does with XP).


Apparently you didn't bother to read the rest of that article at the 
link I referenced, so here is all of the pertinent info - you'll see 
that Redirected Folders indeed *does* store *everything* in a local 
cache, only copies everything down at logon the *first* time the user 
logs in on a particular computer (but does so in the background), and 
that it synchronizes changes as they are made *in the background*, not 
at logoff:


"Folder Redirection improvements in Windows 7

The Folder Redirection feature in the Windows operating system allows 
administrators to redirect user folders such as Documents, Pictures, or 
Music to shared folders that are hosted on servers. Folder Redirection 
is used in conjunction with the Offline Files technology to ensure that 
the user’s data is available when the network connection to the server 
that is hosting a redirected folder becomes latent or unavailable.


When the network connection is slow or unavailable, Offline Files routes 
requests for the user folders that are stored on the server to the local 
computer cache. Users read and write from their local cache. Offline 
Files synchronizes new and changed files and folders from the local 
computer cache to the server when the network becomes available or in 
the background when the connection is slow.


The first time a user logs on, Offline Files moves all files and folders 
from their current location to the local cache. Then, Offline Files 
synchronizes the data from the local cache with the redirected user 
folder on the server. The user is blocked from logging on to the 
computer during this task.


In earlier versions of the Windows operating system, redirected user 
folders that contained large amounts of data or a large number of files 
and folders could cause delays with the user logon process, increasing 
the time before the user could reach the desktop. This delay could 
become significant when the network connection between the user’s 
computer and the server was slow, because the Windows operating system 
did not present the user’s desktop until the file synchronization 
between the client and server completed.


Windows 7 optimizes the first-time logon process with Folder 
Redirection. Windows 7 presents the user’

Re: [Samba] windows 7 roaming profiles

[Charles Marcus]

On 2012-03-29 3:36 PM, Miguel Medalha  wrote:

Folder Redirection will always (I think - or maybe Samba has a way to
disable this, but I don't think it would be a good idea at all) store
local cached copy of those folders on the local computer... what it
accomplishes is it saves all of the copying back and forth when
logging in/out.



NO, IT DOESN'T!


Microsoft disagrees - see below.


What you describe is the behavior of normal *roaming profiles*.


No... you can use a combination of roaming profiles and redirected 
folders for the best result, which is what I do. The stuff in t he 
roaming profiles (very little) is copied back/forth at login/out, the 
stuff in t he redirected folders is *synchronized* at all times using 
the Offline Files technology that has long existed in Microsofts products.



Folder redirection *does not* move files back and forth.


Yes, it does, but it does so on an ongoing basis (except for the first 
logon). When  the user creates a new file in a redirectd folder, it is 
saved *simultaneously* to both the local cache and the server side folder.



The files in redirected folders will always reside on the server. I
know this not only from theory but *from experience*.


Yes, but they will *also* reside on the *local computer*.

From the below link:

"Folder Redirection improvements in Windows 7

The Folder Redirection feature in the Windows operating system allows 
administrators to redirect user folders such as Documents, Pictures, or 
Music to shared folders that are hosted on servers. Folder Redirection 
is used in conjunction with the Offline Files technology to ensure that 
the user’s data is available when the network connection to the server 
that is hosting a redirected folder becomes latent or unavailable."


http://technet.microsoft.com/en-us/library/ff458273%28v=ws.10%29.aspx

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] windows 7 roaming profiles

[Charles Marcus]

On 2012-03-29 2:00 PM, steve  wrote:

El 27/03/12 17:32, Miguel Medalha escribió:

If you want the files only on the server, you should look into
"Folder redirection". The Samba docs contain good info on that.

You can use roaming profiles only, folder redirection only, or a
combination of both, which I usually consider the more appropriate
option.

Samba-3 by Example -- Configuration of Default Profile with Folder
Redirection
http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#redirfold



My main concern was the filling up of the local disk with user profiles.
A user may for example only log onto one particular box once and then
never again.

Of the three you mention above, which one corresponds to 'always read
the profle from the server and store nothing on the local disk'?


None...

Folder Redirection will always (I think - or maybe Samba has a way to 
disable this, but I don't think it would be a good idea at all) store 
local cached copy of those folders on the local computer... what it 
accomplishes is it saves all of the copying back and forth when logging 
in/out.


If you want to use thin clients, use thin clients, don't cripple 
Redirected Folders.


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Offline Caching

[Charles Marcus]

On 2012-02-04 10:33 AM, Volker Lendecke wrote:

On Sat, Feb 04, 2012 at 02:54:13PM, Mike Howard wrote:

I'm sure this has been asked before but I can't find anything
recent. Using Samba4 and windows clients, the client logs include
lots off 'windows has detected that offline caching is enabled on
the roaming profile share...' messages. Is this an issue and if
so, how do I sort it? I've found references to 'csc policy =
disable' but this is not recognised in samba4 smb.conf.



Probably someone needs to take the time to port this feature from the
Samba3 based fileserver to the Samba4 based one. Patches welcome:-)


Confused on both the question and answer...

Is the question 'How do I enable offline caching for shares in Samba4', 
or 'how do I *disable* offline caching for a specific share in samba4'?


Then, Volker, which one of these questions does your answer pertain to? 
Meaning, does Samba4 *not* have an option to 'disable offline caching' 
for specific shares?


That said, Microsoft requires that offline caching be disabled on the 
roaming profiles share for Windows XP/2000 clients. Thankfully they have 
solved this problem with Vista/7 clients, and using Roaming Profiles + 
Redirected Folders (which is now recommended best practice) works much 
better, in fact pretty much seamlessly, even in cases where lots of 
'disconnected' users (ie, laptops that come and go) exist...


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] lib/access.c:check_access message fills my log

[Marcus Schopen]

Hi,

Am Freitag, den 20.01.2012, 17:45 +0100 schrieb Marcus Schopen:
> Hi,
> 
> in the logfile of one of my WinXP SP3 clients I see this message once a
> second and thousands over the day
> 
> [2012/01/20 17:27:22, 2] lib/access.c:check_access(323)
>   Allowed connection from  (xxx.xxx.xxx.xxx)
> 
> The client is in the same internal subnet with the PDC. I checked the
> client and access to the shares, roaming profile and printing works
> fine. After restarting the client the logging begins again.
> 
> Is something wrong with the client or with samba? I don't see any other
> clients of my 300 WinXP clients with this behavior, therefore I think it
> could be a problem with the Windows client. Any ideas?

Seems to be a strange problem with the client PC. I changed the PC today
and the problem is gone.

Ciao
Marcus



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] lib/access.c:check_access message fills my log

[Marcus Schopen]

Hi,

in the logfile of one of my WinXP SP3 clients I see this message once a
second and thousands over the day

[2012/01/20 17:27:22, 2] lib/access.c:check_access(323)
  Allowed connection from  (xxx.xxx.xxx.xxx)

The client is in the same internal subnet with the PDC. I checked the
client and access to the shares, roaming profile and printing works
fine. After restarting the client the logging begins again.

Is something wrong with the client or with samba? I don't see any other
clients of my 300 WinXP clients with this behavior, therefore I think it
could be a problem with the Windows client. Any ideas?

Ciao
Marcus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Braindead Autoreply filters...

[Charles Marcus]

On 2011-06-11 2:00 PM, "David Magda"  wrote:
> On Thu, June 9, 2011 09:46, Charles Marcus wrote:
>> It would be nice if one of the list moms would immediately unsubscribe
>> AND PERMANENTLY BAN idiots who use braindead autoreply filters.
>>
>> This should be official list policy for ALL email lists...

> Except some people don't have a choice in what mail server they can use.
> They're punished because someone in their IT department made a decision
> which they had no input in?

Absolutely - that's better than punishing the thousands of subscribers
to all of the mail lists they are on by having to see their brain dead
auto-replies to every message to the list.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Braindead Autoreply filters...

[Charles Marcus]

On 2011-06-10 2:00 PM, Doug Lytle  wrote:
> Ryan Novosielski wrote:
>> It's not clear to me... are ALL autoresponders "braindead" or are there
>> some that don't notice it's a mailing list contacting them?

> Some auto-responders look at the to: field and if it's not directly sent
> to the recipient's address (i.e. samba@lists.samba.org) then it won't
> respond.

That is just one of many criteria a non-brain-dead auto-responder uses
to decide when it will or will not reply to an email...

The presence of any one of a dozen or so headers (list-*,
precedence-bulk, etc) should not trigger a reply. Also, it should only
reply once to the same sender within a given time period (RFC suggests 7
days, but our boss insists on 24 hours.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Braindead Autoreply filters... WAS Re: samba Digest, Vol 102, Issue 8

[Charles Marcus]

On 2011-06-09 2:00 PM, Robert Schetterer  wrote:
> Am 09.06.2011 15:46, schrieb Charles Marcus:
>> It would be nice if one of the list moms would immediately unsubscribe
>> AND PERMANENTLY BAN idiots who use braindead autoreply filters.
>>
>> This should be official list policy for ALL email lists...

> just like "do not top post" *g ?

Don't be stupid Robert... there are times when top-posting is perfectly
acceptable, and that was one of them (ie, when the content of the quote
is irrelevant).

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Braindead Autoreply filters... WAS Re: samba Digest, Vol 102, Issue 8

[Charles Marcus]

It would be nice if one of the list moms would immediately unsubscribe
AND PERMANENTLY BAN idiots who use braindead autoreply filters.

This should be official list policy for ALL email lists...

On 2011-06-08 2:00 PM, samba-requ...@lists.samba.org wrote:
> Subject: Re: [Samba] samba Digest, Vol 102, Issue 7
> From:> "Andrew McNaughton" 
> 
> I am currently on annual leave. I will be back in the office on Friday
> 10th June 2011.
> 
> If you have an urgent matter needing attention, it may be prudent to
> contact the ITSC main number 01236 757600.
> 
> 
> Thanks.
> --
> Andrew McNaughton
> ICT Network Support Officer
> Learning & Leisure Services
> North Lanarkshire Council


-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] name resolution: dns name different to windows machinename

[Marcus]

Am Dienstag, den 21.12.2010, 19:19 +0900 schrieb TAKAHASHI Motonobu:
> 2010/12/20 Marcus :
> > we are running a samba domain controller as master with activated WINS.
> (snip)
> >  Now the administrator of the DNS server is planning to change the DNS
> > and reverse DNS concept in the way that the DNS and reverse DNS entry
> > will be not identically to the windows machine name any more. The WinXP
> > clients will get a generic, randomly set DNS/reverse DNS entry.
> >  Does this have any effects for functionality of my samba domain
> > controller and/or the WinXP clients?
> 
> Samba 3 domain is compatible with NT domain. NT domain uses only NetBIOS
> name which can be resolved by WINS (or LMHOSTS or broadcast...), not DNS.
> 
> So the change of DNS settings will not affect your samba domain.

Thanks a lot, good news.

Ciao,
Marcus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] name resolution: dns name different to windows machine name

[Marcus]

Hi,

we are running a samba domain controller as master with activated WINS.
The machine name of each WinXP client is set manually during the
installation initial process. Each client is using the WINS server of
our domain controller. The WinXP clients are getting their IP by a
global DNS Server, which sets the DNS and reverse DNS entry identically
to the windos machine name.
 Now the administrator of the DNS server is planning to change the DNS
and reverse DNS concept in the way that the DNS and reverse DNS entry
will be not identically to the windows machine name any more. The WinXP
clients will get a generic, randomly set DNS/reverse DNS entry. 
 Does this have any effects for functionality of my samba domain
controller and/or the WinXP clients?

Thanks,
Marcus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] cifs and Netapp DFS-shares problems

[Marcus]

Hi Jeff,

Am Freitag, den 10.12.2010, 06:34 -0500 schrieb Jeff Layton:
> On Fri, 10 Dec 2010 11:25:46 +0100
> Marcus  wrote:
> 
> > Hi,
> > 
> > Am Donnerstag, den 09.12.2010, 01:37 +0100 schrieb Marcus:
> > > 
> > > are there any known issues with cifs and DFS-shares on Netapp file
> > > servers? We have a Netapp file sever with DFS on the user's home shares.
> > > The home shares can successfully mounted with
> > > 
> > >   mount -t cifs //sever/home/username /mnt/ -o user=username,domain=AD
> > > 
> > > but the connection hangs in the moment a directory listing is started.
> > > The strange thing is that only shares with activated DFS show this
> > > problem. I'm not maintaining the Netapp file server therefore a can't
> > > post more information about that system. On client side I'm using Ubuntu
> > > LTS 10.04.1.
> > 
> > This error only comes up, if DFS is activated on a share on the NetApp
> > Server. Here is a kernel log:
> > 
> > Dec 10 11:10:37 lebowski kernel: [ 3586.471662] Bad SMB: : dump of 48
> > bytes of data at 0xe44e5c00
> > Dec 10 11:10:37 lebowski kernel: [ 3586.471675]  009a 424d53ff
> > 0032 80018800 . . . . ÿ S M B 2 . . . . . . .
> > Dec 10 11:10:37 lebowski kernel: [ 3586.471688]   
> >  26420040 . . . . . . . . . . . . @ . B &
> > Dec 10 11:10:37 lebowski kernel: [ 3586.471701]  001a0800 720a
> > 0200 3800 . . . . . . . p . . . . . 8 . .
> > Dec 10 11:11:03 lebowski kernel: [ 3612.832108]  CIFS VFS: server not
> > responding
> > Dec 10 11:11:03 lebowski kernel: [ 3612.832125]  CIFS VFS: No response
> > for cmd 50 mid 26
> > Dec 10 11:11:05 lebowski kernel: [ 3614.656937]  CIFS VFS: RFC1001 size
> > 154 bigger than SMB for Mid=30
> > Dec 10 11:11:05 lebowski kernel: [ 3614.656953] Bad SMB: : dump of 48
> > bytes of data at 0xe44e5c00
> > Dec 10 11:11:05 lebowski kernel: [ 3614.656967]  009a 424d53ff
> > 0032 80018800 . . . . ÿ S M B 2 . . . . . . .
> > Dec 10 11:11:05 lebowski kernel: [ 3614.656979]   
> >  26420040 . . . . . . . . . . . . @ . B &
> > Dec 10 11:11:05 lebowski kernel: [ 3614.656994]  001e0800 720a
> > 0200 3800 . . . . . . . p . . . . . 8 . .
> > Dec 10 11:11:33 lebowski kernel: [ 3642.832284]  CIFS VFS: server not
> > responding
> > Dec 10 11:11:33 lebowski kernel: [ 3642.832299]  CIFS VFS: No response
> > for cmd 50 mid 30
> > Dec 10 11:11:40 lebowski kernel: [ 3649.895000]  CIFS VFS: RFC1001 size
> > 154 bigger than SMB for Mid=34
> > Dec 10 11:11:40 lebowski kernel: [ 3649.895017] Bad SMB: : dump of 48
> > bytes of data at 0xe44e5c00
> > Dec 10 11:11:40 lebowski kernel: [ 3649.895030]  009a 424d53ff
> > 0032 80018800 . . . . ÿ S M B 2 . . . . . . .
> > Dec 10 11:11:40 lebowski kernel: [ 3649.895043]   
> >  26420040 . . . . . . . . . . . . @ . B &
> > Dec 10 11:11:40 lebowski kernel: [ 3649.895056]  00220800 720a
> > 0200 3800 . . " . . . . p . . . . . 8 . .
> > --
> > 
> > umounting is impossible and gives the following error:
> > 
> > --
> > unmount error 16 = Device or resource busy
> > Refer to the umount.cifs(8) manual page (man 8 umount.cifs)
> > unmount error 16 = Device or resource busy
> > Refer to the umount.cifs(8) manual page (man 8 umount.cifs)
> > --
> > 
> > Any ideas? Seems to be an error of the NetApp Fileserver acting not RFC
> > conform.
> > 
> > Is this the right list to discuss or should I post on linux-cifs-client
> > list?
> > 
> (cc'ing linux-cifs mailing list)
> 
> Probably because the ls is hung and is holding references to the mount...
> 
> I've successfully tested against netapp's CIFS implementation in the
> past, but there are significant bugs in it. The errors you're seeing
> look like an alignment problem of some sort -- i.e. the server is
> sending packets that have incorrect length fields in them. This isn't
> the first such problem I've seen with OnTap.
> 
> You're welcome to open a bug at bugzilla.samba.org, cc me, and I'll
> take a look when I have time. Gathering wire captures during one of
> these events and attaching them to the bug would help to track down the
> problem. It's likely to be Netapp's bug however...

Thanks for helping. I've posted a bug [1] with a tcpdump.

Have a nice weekend,
Marcus

[1] https://bugzilla.samba.org/show_bug.cgi?id=7860


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] cifs and Netapp DFS-shares problems

[Marcus]

Hi,

Am Donnerstag, den 09.12.2010, 01:37 +0100 schrieb Marcus:
> 
> are there any known issues with cifs and DFS-shares on Netapp file
> servers? We have a Netapp file sever with DFS on the user's home shares.
> The home shares can successfully mounted with
> 
>   mount -t cifs //sever/home/username /mnt/ -o user=username,domain=AD
> 
> but the connection hangs in the moment a directory listing is started.
> The strange thing is that only shares with activated DFS show this
> problem. I'm not maintaining the Netapp file server therefore a can't
> post more information about that system. On client side I'm using Ubuntu
> LTS 10.04.1.

This error only comes up, if DFS is activated on a share on the NetApp
Server. Here is a kernel log:

Dec 10 11:10:37 lebowski kernel: [ 3586.471662] Bad SMB: : dump of 48
bytes of data at 0xe44e5c00
Dec 10 11:10:37 lebowski kernel: [ 3586.471675]  009a 424d53ff
0032 80018800 . . . . ÿ S M B 2 . . . . . . .
Dec 10 11:10:37 lebowski kernel: [ 3586.471688]   
 26420040 . . . . . . . . . . . . @ . B &
Dec 10 11:10:37 lebowski kernel: [ 3586.471701]  001a0800 720a
0200 3800 . . . . . . . p . . . . . 8 . .
Dec 10 11:11:03 lebowski kernel: [ 3612.832108]  CIFS VFS: server not
responding
Dec 10 11:11:03 lebowski kernel: [ 3612.832125]  CIFS VFS: No response
for cmd 50 mid 26
Dec 10 11:11:05 lebowski kernel: [ 3614.656937]  CIFS VFS: RFC1001 size
154 bigger than SMB for Mid=30
Dec 10 11:11:05 lebowski kernel: [ 3614.656953] Bad SMB: : dump of 48
bytes of data at 0xe44e5c00
Dec 10 11:11:05 lebowski kernel: [ 3614.656967]  009a 424d53ff
0032 80018800 . . . . ÿ S M B 2 . . . . . . .
Dec 10 11:11:05 lebowski kernel: [ 3614.656979]   
 26420040 . . . . . . . . . . . . @ . B &
Dec 10 11:11:05 lebowski kernel: [ 3614.656994]  001e0800 720a
0200 3800 . . . . . . . p . . . . . 8 . .
Dec 10 11:11:33 lebowski kernel: [ 3642.832284]  CIFS VFS: server not
responding
Dec 10 11:11:33 lebowski kernel: [ 3642.832299]  CIFS VFS: No response
for cmd 50 mid 30
Dec 10 11:11:40 lebowski kernel: [ 3649.895000]  CIFS VFS: RFC1001 size
154 bigger than SMB for Mid=34
Dec 10 11:11:40 lebowski kernel: [ 3649.895017] Bad SMB: : dump of 48
bytes of data at 0xe44e5c00
Dec 10 11:11:40 lebowski kernel: [ 3649.895030]  009a 424d53ff
0032 80018800 . . . . ÿ S M B 2 . . . . . . .
Dec 10 11:11:40 lebowski kernel: [ 3649.895043]   
 26420040 . . . . . . . . . . . . @ . B &
Dec 10 11:11:40 lebowski kernel: [ 3649.895056]  00220800 720a
0200 3800 . . " . . . . p . . . . . 8 . .
--

umounting is impossible and gives the following error:

--
unmount error 16 = Device or resource busy
Refer to the umount.cifs(8) manual page (man 8 umount.cifs)
unmount error 16 = Device or resource busy
Refer to the umount.cifs(8) manual page (man 8 umount.cifs)
--

Any ideas? Seems to be an error of the NetApp Fileserver acting not RFC
conform.

Is this the right list to discuss or should I post on linux-cifs-client
list?

Ciao,
Marcus

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] cifs and Netapp DFS-shares problems

[Marcus]

Hi,

are there any known issues with cifs and DFS-shares on Netapp file
servers? We have a Netapp file sever with DFS on the user's home shares.
The home shares can successfully mounted with

  mount -t cifs //sever/home/username /mnt/ -o user=username,domain=AD

but the connection hangs in the moment a directory listing is started.
The strange thing is that only shares with activated DFS show this
problem. I'm not maintaining the Netapp file server therefore a can't
post more information about that system. On client side I'm using Ubuntu
LTS 10.04.1.

Ciao,
Marcus

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] OT: permission denied when opening PDF docs with Acrobat Reader X potected mode

[Marcus]

Hi,

Am Mittwoch, den 08.12.2010, 08:46 +0900 schrieb TAKAHASHI Motonobu:
> > Should I disable "host msdfs" and "msdfs root" to "No"?
> 
> I recommend to disable those, unless  you want to explicitly set to "yes".

I've set "msdfs root" to "Yes" on a test samba (3.4.7 ubuntu LTS
10.04.1) today and got a "permission denied" error when opening PDF
files with Acrobat Reader X on a WinXP SP3 Client; setting "msdfs root"
back to "No" results in no problems. I got the same error on a NetApp
file server with activated DFS on user's home dirs too.

>From the Adobe Website: "Cannot open PDF files whose source is DFS or
NFS: PDF files in shared locations on a distributed  or networked file
system (DFS/NFS) cannot be opened. Attempting to open such a file
results in an error opening this document. Access denied." [1]

The error doesn't come up on a Vista or Win7 clients.

I'll set "msdfs root" to "No" on my live system tonight.

Ciao,
Marcus

[1]
http://kb2.adobe.com/cps/860/cpsid_86063.html#main_Unsupported_configurations


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] OT: permission denied when opening PDF docs with Acrobat Reader X potected mode

[Marcus]

Hi,

Am Mittwoch, den 08.12.2010, 08:46 +0900 schrieb TAKAHASHI Motonobu:
> > Should I disable "host msdfs" and "msdfs root" to "No"?
> 
> I recommend to disable those, unless  you want to explicitly set to "yes".

I don't think I use any dfs features. Therefore I could set "host msdfs"
and "msdfs root" to "No". But I'm just reading through the list and
found a posting from Josh Kelley "msdfs root problems even after a
reboot?" posted on 04th June 2007), where he describes some problems on
client side after changing "host msdfs" and "msdfs root" to "No" even if
the clients were rebooted:

"... We fixed the problem by updating our logon scripts to unmap and
remap drives and by instructing users to remap drives if they
encountered problems."

Just to be sure. My dynamically generated logon script for a user looks
like this:


NET USE h: /DELETE /yes > null
NET USE h: \\server\homes /yes
NET USE i: /DELETE /yes > null
NET USE i: \\server\vol01 /yes
...

I think this is what he meant by "unmap and remap drives", right?  I'm a
little bit scared because it's a live systems with hundreds of users and
I don't to run into any trouble.

Ciao!


> 2010/12/8 Marcus :
> > Hi,
> >
> > Am Mittwoch, den 08.12.2010, 07:58 +0900 schrieb TAKAHASHI Motonobu:
> >> Hello,
> >>
> >> Do you explicitly set "msdfs root = no" at [global] section?
> >>
> >> The default parameter of "msdfs root" had been once changed to "yes"
> >> at Samba 3.0.23,
> >> but it caused problems and was again changed to "no" at Samba 3.0.25.
> >
> > I've checked the smb.conf and "msdfs root" is not explicitly set to
> > "no", but a "testparm -v /etc/samba/smb.conf | grep msdfs" shows the
> > following:
> >
> >host msdfs = Yes
> >msdfs root = Yes
> >msdfs proxy =
> >
> > Should I disable "host msdfs" and "msdfs root" to "No"?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] OT: permission denied when opening PDF docs with Acrobat Reader X potected mode

[Marcus]

Hi,

Am Mittwoch, den 08.12.2010, 07:58 +0900 schrieb TAKAHASHI Motonobu:
> Hello,
> 
> Do you explicitly set "msdfs root = no" at [global] section?
> 
> The default parameter of "msdfs root" had been once changed to "yes"
> at Samba 3.0.23,
> but it caused problems and was again changed to "no" at Samba 3.0.25.

I've checked the smb.conf and "msdfs root" is not explicitly set to
"no", but a "testparm -v /etc/samba/smb.conf | grep msdfs" shows the
following:

host msdfs = Yes
msdfs root = Yes
msdfs proxy = 

Should I disable "host msdfs" and "msdfs root" to "No"?

Ciao!


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] OT: permission denied when opening PDF docs with Acrobat Reader X potected mode

[Marcus]

Hi,

this might be off topic because it's not a samba problem, but might be
interesting for others too. We are running an older samba 3.0.24 working
as domain controller (no DFS features). When opening a .pdf file with
the Acrobat Reader X from a WinXP SP3 client (maschine is member of the
domain) the Acrobat Reader X shows a "permission denied". We see the
following in the samba log:

[2010/12/07 18:29:50, 2] lib/access.c:check_access(323)
   Allowed connection from  (x.x.x.x)
[2010/12/07 18:29:50, 2] smbd/reply.c:reply_tcon_and_X(711)
   Serving IPC$ as a Dfs root
[2010/12/07 18:29:51, 2] smbd/open.c:open_file(352)
   user opened file batch.pdf read=No write=No (numopen=1)
[2010/12/07 18:29:51, 2] smbd/close.c:close_normal_file(344)
   user closed file batch.pdf (numopen=0)
[2010/12/07 18:29:51, 2] smbd/open.c:open_file(352)
   user opened file batch.pdf read=Yes write=No (numopen=1)

The user has full read/write permission to the share. The WinXP Sp3
client is member of the domain.

The only workaround in my case is to deactivated the "Protected
Mode" [1] in Acrobat Reader X. All security (enhanced) settings e.g.
privileged locations (L: or \\server\file.pdf etc.) don't have any
effects. This sounds strange to me.

Before rolling out a new reader version to my whole network, any input
on this confusing problem is welcome.

Ciao,
Marcus

[1]
http://kb2.adobe.com/cps/860/cpsid_86063.html#main_Unsupported_configurations


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] useradd and groupadd very slow

[Marcus Wanielik]

Nobody who has an idea or had an similar issue in the past? 

Cheers,
Marcus

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im 
Auftrag von Marcus Wanielik
Gesendet: Donnerstag, 6. Mai 2010 10:58
An: samba@lists.samba.org
Betreff: [Samba] useradd and groupadd very slow

Hi everybody,

After joining a Windows 2003 Active Directory Domain the commands to add
local Users and Groups to the Linux machine are very slow. It took up to
10 minutes to add a User or a Group. OS is CentOS 5.4 (Samba Version
3.0.33-3.15). Everything else works without problems.

I assume the reason is that our Active Directory Domain is very huge
(about 30.000 Users) but I haven't found anything about this with
Google. The Log shows nothing out of the ordinary.

Anybody who has / had a similar issue?

Best regards,
Marcus

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] useradd and groupadd very slow

[Marcus Wanielik]

Hi everybody,

After joining a Windows 2003 Active Directory Domain the commands to add
local Users and Groups to the Linux machine are very slow. It took up to
10 minutes to add a User or a Group. OS is CentOS 5.4 (Samba Version
3.0.33-3.15). Everything else works without problems.

I assume the reason is that our Active Directory Domain is very huge
(about 30.000 Users) but I haven't found anything about this with
Google. The Log shows nothing out of the ordinary.

Anybody who has / had a similar issue?

Best regards,
Marcus

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] drive mapping for one user

[Charles Marcus]

On 12/4/2009, Hubert Choma (hubert...@wp.pl) wrote:
> I would like to map a drive letter  for one user via netlogon script. 
> How can I do it ?
> The user is in geo group and I would like to map only for one user not 
> group.

I would just add either of the lines to your existing script:

:: call username specific .bat file
if %username% == user call \\SERVER\netlogon\user.bat

The above obviously requires the user.bat file to reside in the NETLOGON
share and contain whetever user specific stuff you need.

or if all you need to do is map just one drive:

:: map username drive
if %username% == user NET USE X: \\SERVER\SHARE

You can also map drives for people in a group using the ISMEMBER check.
This requires the ISMEMBER.EXE (freely available online) executable to
be in the NETLOGON share:

:: map drive for GroupName users
\\SERVER\netlogon\ismember "Domain\GroupName"
if errorlevel 1 net use x: \\SERVER\PATH\TO\DIR /persistent:no

> echo off
> C:
> CD \
> NET TIME \\SERWER /SET /YES
> NET USE * /D /YES
> REM NET USE H: /HOME
> NET USE R: \\SERWER\RASTRY$
> NET USE S: \\SERWER\EVID$
> NET USE T: \\SERWER\OSRODEK$
> NET USE U: \\SERWER\TMP$
> NET USE X: \\SERWER\OSNOWA$
> NET USE Y: \\SERWER\GEO1$
> NET USE Z: \\SERWER\GEO$
> NET USE W: \\SERWER\SKANY
> regedit /s \\serwer\netlogon\placesbargeo.reg




-- 

Best regards,

Charles Marcus
I.T. Director
Media Brokers International, Inc.
678.514.6200 x224
678.514.6299 fax
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Moving a PDC

[Charles Marcus]

> We're running a Debian Etch Server with Samba 3.0.24 as primary domain
> controller for a XP dominated network. For various reasons, we're
> migrating our server to a new machine running on Centos 5.4 (and Samba
> 3.0.33). Additionally, I decided to get rid of our messy LDAP setup,
> as it is quite a pain to use and IMHO overkill for our small software
> shop (~15 machines / users), so I've set up the new system to work
> with tdbsam instead.

Wouldn't it be easier to simply convert your existing server from ldap
to tdbsam, then you can just set up the new server with the SAME domain
name, copy everything over to the new server, and flip a switch over the
weekend and noone would no the difference?

I wouldn't be able to tell you how to do the above, but if memory
serves, I've seen mention of it and I don't think its difficult to do...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] delay on directory browse

[Charles Marcus]

On 11/17/2009, Brian (bbayorg...@charter.net) wrote:
> Good question, I'm not sure where it originates, but I recall seeing
> the recommendation someplace (some faq, howto, etc) to set SO_RCVBUF
> and SO_SNDBUF to just those values to IMPROVE performance.

Blindly following 'some [vague] faq, howto, etc'. is unwise. Following
the official documentation is the preferred method.

> Based on your comments Volker I'm guessing that recommendation is
> either invalid or outdated.

Outdated for many years (since the 2.6 kernel, if not earlier)...
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] talpy-deny error when combining samba and sophos

[Marcus]

Am Montag, den 09.11.2009, 23:39 +0100 schrieb Marcus:
> Hi,
> 
> I'm getting the following error when trying to save a file in a share
> with activated on-access-scanning using sophos:
> 
> Nov  9 17:10:41 server kernel: talpa-deny: Error occured while
> opening /vol/group/test.ppt on behalf of
> process smbd[23713/23713] owned by 6688(6688)/0(7003) <512>
> 
> I know that this is not a samba problem, but may be someone had this
> problem too and solved it. Basically this error comes up when saving MS
> word oder powerpoint files which try to create temporary ~$ files.
> 
> my system: debian Etch with samba 3.0.24-6etch10
> Sophos version: 6.7.0

This is a known sophus Bug. A workaround is to disable the
"interruptible sleep" option. See

 http://downloads.sophos.com/readmes/readsavl_6_eng.txt

* Option to make on-access scanner less POSIX compliant

(DEF 41422) Some applications behave in a non-POSIX compliant manner
with
respect to open() calls being interrupted by signals. This causes
"System
Call Interrupt" errors to be reported when on-access scanning is
enabled. An
option has been added to make the on-access scanner behave in a less
POSIX
compliant manner, so that these errors are not reported. To enable this
option, type:

/opt/sophos-av/bin/savconfig set TalpaSleepInterruptible false

Ciao,
Marcus

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] talpy-deny error when combining samba and sophos

[Marcus]

Hi,

I'm getting the following error when trying to save a file in a share
with activated on-access-scanning using sophos:

Nov  9 17:10:41 server kernel: talpa-deny: Error occured while
opening /vol/group/test.ppt on behalf of
process smbd[23713/23713] owned by 6688(6688)/0(7003) <512>

I know that this is not a samba problem, but may be someone had this
problem too and solved it. Basically this error comes up when saving MS
word oder powerpoint files which try to create temporary ~$ files.

my system: debian Etch with samba 3.0.24-6etch10
Sophos version: 6.7.0

Thanks,
Marcus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)

[Charles Marcus]

On 10/19/2009, Clayton Hill (ad...@ateamonsite.com) wrote:
>  idmap negative cache time (G)
>
>This parameter specifies the number of seconds that Winbind's idmap



> 120 what? hmmm seconds? minutes? LOL

and

>  winbind cache time (G)
> 
> 
>This parameter specifies the number of seconds



> 300 what? -- years? fortnights? furlongs? farthings? bushels? bottles of beer 
> on the wall? 

Ummm...in both of these cases, it says quite plainly that it is SECONDS.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Change Allowed Workstations with pdbedit

[Charles Marcus]

On 10/9/2009 8:45 AM, Philipp Boksberger wrote:
>> My understanding is you cannot manage this attribute from the pdbedit
>> CLI, you must use the NT4 Domain User Manager.

> I tried the NT4 Domain User Manager, but there I can only enter up to eight
> workstations while I need 30 to 50 entries there.

Hi Philipp,

Please keep replies on list...

I've never had to add more than 2 or 3, so never run into this limit...

Sorry...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Change Allowed Workstations with pdbedit

[Charles Marcus]

On 10/8/2009 2:23 AM, Philipp Boksberger wrote:
> I have a Samba 3.2.5 Server running on Debian. I use tdbsam as a password
> database and wonder how I can change the "Workstations" value in order to
> control the allowed workstations for a particular user. Last year I had a
> configuration with ldap using the smbldap tools where it was possible to set
> this value. But how can I set it without  LDAP just using pdbedit?
> 
> In the official Samba 3.2.x HOWTO and Reference Guide in Chapter 11 Section
> "The pdbedit Tool"
> (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbe
> ditthing) there is an example where "Workstations" is set to "melbelle" -
> but no explanation of how this could be done. There is also no parameter
> listed in the pdbedit man page.

My understanding is you cannot manage this attribute from the pdbedit
CLI, you must use the NT4 Domain User Manager.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Rename Computer In Samba Domain: Access Is Denied

[Charles Marcus]

On 9/29/2009, m (mag...@gmail.com) wrote:
> I am pulling my hair out trying to figure out why trying to rename my
> computer joined to a Samba domain (version 3.2.3) keeps failing with
> "Access is Denied".

Never tried this on a Samba domain, but when joined to a windows domain,
you must make sure that there are no open connections to the DC...

I always log onto the PC with a local admin account to do renames...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Port 7

[Charles Marcus]

On 9/7/2009, Anthony Accurso (ihtar...@gmail.com) wrote:
>> Samba on its own never listens on port 7.

> Yeah, and I've never seen a pig fly before either.

No need to be an ass about it.

> But that's the last time I take something like that for granted.

You still haven't proven that it is samba *on* *it's* *own* that is
doing this (and without your inadvertantly telling it to).

Volker is one of the samba devs, and it is not that difficult to give
temporary but secure access to a specific individual in order to assist
in troubleshooting a system that is exhibiting unusual behavior. You're
the one who came here asking for help

I would take a samba dev at his word when he says something like the
above, so it would seem that there is something going on on your system
that should not be.

Personally, I would be grateful for help from one of the devs if my
system were doing something similar.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SWAT - deprecated? - WAS: Re: Desiring to set up Windows Vista and Linux Fedora Core 4 Samba

[Charles Marcus]

On 9/5/2009 7:02 PM, Jeremy Allison wrote:
>> I thought SWAT was deprecated/unmaintained as of a LONG time ago?

> Nope, not true. We still ship and support it. It's not exactly
> recommended but it still works and is maintained.

Hmm, ok, weird... it must have been a comment from someone more solidly
in the 'not recommended' camp that made me think it was actually no
longer maintained.

Thanks for the correction...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] SWAT - deprecated? - WAS: Re: Desiring to set up Windows Vista and Linux Fedora Core 4 Samba

[Charles Marcus]

On 9/5/2009 1:06 AM, Barry L. Bond wrote:
> Gary,
> 
>  SWAT is neato!  This is a wonderful summarizing and helping tool!  I
> didn't know about it at all!

I thought SWAT was deprecated/unmaintained as of a LONG time ago?

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Auditing/logging with latest Samba release

[Charles Marcus]

On 8/21/2009 3:35 AM, Adam Nielsen wrote:
> Perhaps, if the author is not interested in updating it, I could just
> add a MySQL option to the full_audit module if it's recording the same
> data.  Might be worth doing that just to get it into the main Samba
> distribution, because I'm sure there are other people who would find
> logging to MySQL useful.

Or just use a syslogger that supports logging to mysql, like syslog-ng... ;)

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] 'inherit owner' doesn't play nice with 'force directory mode'

[Charles Marcus]

On 8/18/2009, jw (jwde...@gmail.com) wrote:
>> directory mask = 0775
>>
>> The reason you're not getting 775 perms on the new directory
>> is that the default directory mask is 0755, which masks out
>> the write permission for the group.
>>
>> Just setting inherit owner, and directory mask = 0775
>> should be enough.

> I gave this a shot, but it's still not quite doing what I would expect.
> I have:
> 
>inherit owner = yes
>directory mask = 7775

? He said 0775, not 7775

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Reverse Veto Files - let's try again!

[Charles Marcus]

On 8/7/2009, Jeremy Allison (j...@samba.org) wrote:
> I know, but I've had a lot of experience on this, and
> I really don't want to change that code unless there
> is a known bug.

Well, thats the last word then, as I certainly won't question or second
guess you on something like that... :)

Adding Allow Files will accomplish the same thing anyway...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Reverse Veto Files - let's try again!

[Charles Marcus]

On 8/6/2009, Jeremy Allison (j...@samba.org) wrote:
> Don't change the veto files semantics please.

It wouldn't be 'changing' the semantics, it would be adding to them.

I don't see any way adding this new 'semantic' could break any existing
installations.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Reverse Veto Files - let's try again!

[Charles Marcus]

On 8/6/2009, Illtud Daniel (illtud.dan...@llgc.org.uk) wrote:
> But now we've gone full circle, and you may as well just
> extend the Veto Files syntax to allow:
> 
> Veto Files = foo.jpg, !*.jpg, * 

This is what I meant.

Keep both options, just give them the ability to take the ! as an
exception character.

Actually, I think *all* options like this - where you can express a list
of valid/invalid items should allow the use of the ! not character. It
just adds a lot more flexibility...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Reverse Veto Files - let's try again!

[Charles Marcus]

On 8/3/2009, Jeremy Allison (j...@samba.org) wrote:
>> If you wanted to veto everything except jpeg files I imagine you
>> would not use the veto files directive at all and simply specify:
>>
>> Allowed Files = /*.jpg/
>> 
>> If you wanted to allow only jpeg files but not foo.jpg you would use Allowed 
>> Files and Veto Files:
>> 
>> Veto Files = /foo.jpg/
>> Allowed Files = /*.jpg/

> Yes, this is pretty much how I envisaged this working...

It would be much more flexible if the use of the ! as an exception
designator was allowed for both the Allow and Veto Files options, so for
the above, you could:

Allowed Files = !foo.jpg, *.jpg

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Reverse Veto Files - let's try again!

[Charles Marcus]

On 7/29/2009, Jeremy Allison (j...@samba.org) wrote:
>> Any preference for precedence of 'allowed files' vs 'veto files'?
>> Or would you want an apache-style 'Order allowed veto' option?
>> (please say no).

> veto files should take precedence.

The way postfix does this when blocking ip ranges but excepting certain
hosts, you specify the 'allowed' hosts first, then the ip range to be
blocked.

They also use the ! character to mean 'NOT', so, in that context, if you
wanted to only allow .jpg files, it would be:

veto files = !*.jpg !*.jpeg *.*

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tdbsam.

[Charles Marcus]

On 7/25/2009 12:10 PM, Volker Lendecke wrote:
 As an FYI, I am using Samba-3.2.4, idmap_rid with tdbsam as backend for
 about 3 years with 2000 users on member server configuration authenticating
 AD 2003. Occasionally I had db corrupt issues, but restarting winbind
 resolved most of the times.

>>> No argument with that statement - agreed.

>> Is it common to have occasional db corruption? And is simply restarting
>> winbind the proper way to fix it? What if it doesn't?

> What kind of db corruption do you have? This is certainly
> not common, and restarting winbind is a very unusual way to
> fix that.

I'm not... I was responding to Johns response to the OP about having
occasional corrupt db issues - Johns said 'No argument - agreed'...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tdbsam.

[Charles Marcus]

On 7/24/2009, John H Terpstra - Samba Team (j...@samba.org) wrote:
>> As an FYI, I am using Samba-3.2.4, idmap_rid with tdbsam as backend for
>> about 3 years with 2000 users on member server configuration authenticating
>> AD 2003. Occasionally I had db corrupt issues, but restarting winbind
>> resolved most of the times.

> No argument with that statement - agreed.

Is it common to have occasional db corruption? And is simply restarting
winbind the proper way to fix it? What if it doesn't?

The reason I'm asking is I am planning on replacing an older Win2K DC
with a Samba server for a small network... but I want the simplest and
most reliable setup, so would prefer to avoid LDAP...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Request for feedback

[Charles Marcus]

On 7/24/2009 7:50 AM, Michael Ströder wrote:
>> I don't know about 20k, but I definitely don't see the need to allow
>> large attachments on a large mailing list like this...

> The caveat is that things are not archived completely then. URLs get
> invalid over time.

Doesn't matter. The main purpose of any large attachments would be very
limited - large backtraces/logs for troubleshooting purposes, and their
utility is short lived.

>> What I would love to find is an easy to install/configure/use mail
>> server add-on that would strip off all attachments over a configured
>> size (in our business we deal with a lot of large attachments - I have
>> to allow a max of 50MB), and drop them on a filesystem, and add a link
>> to the email then pass the email on to its destination.

> This does not work correctly with signed e-mails I guess.

Perfectly acceptable cost/benefit (for me), since it would only apply to
messages with large attachments.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Request for feedback

[Charles Marcus]

On 7/22/2009 7:21 PM, Felix Miata wrote:
>> What size limit should we observe for messages to this list?
>> 
>> 1) 64 KBytes
>> 2) 128 KBytes
>> 3) 256 KBytes
>> 4) 512 KBytes
>> 5) 1 MByte
>> 6) 2 MBytes
>> 7) Any size

> None of the above. 20k should be more than enough. Those who wish to share
> more should upload it somewhere and provide a URL to the upload in their list
> mail so that those who actually care about that particular large item can
> load it when they choose, and likely in a browser instead of an email agent.
> Offers to email large attachments privately could be encouraged as well.

I don't know about 20k, but I definitely don't see the need to allow
large attachments on a large mailing list like this...

64K should be more than enough for basic traffic - anything bigger, as
Felix said, should be uploaded somewhere with a URL link to it, so only
the ones who need it will download it.

Please don't change this limit...

What I would love to find is an easy to install/configure/use mail
server add-on that would strip off all attachments over a configured
size (in our business we deal with a lot of large attachments - I have
to allow a max of 50MB), and drop them on a filesystem, and add a link
to the email then pass the email on to its destination.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Simple group question...‏

[Charles Marcus]

On 7/10/2009, Regis Niggemann (reg...@techheads.com) wrote:
> Of course the problem with this method is you are granting that group admin
> rights to all those computers.  If a single account in that group with those
> rights becomes infected with some malware, it is possible for that malware
> to infect ALL the computers.
> 
> Just saying...

Not a problem if you ALSO restrict each user to only be able to log onto
their computer... this way, even though they are in that group, they can
only log onto theirs...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Best way to setup Samba + OpenLDAP + Linux to use a different partition for /home?

[Charles Marcus]

On 7/7/2009, Matt Burkhardt (m...@imparisystems.com) wrote:
> However, it creates home directories on the small OS drive and he would
> like to have them all moved to the large RAID array.

Can't you just set the default Home directory for new Users to wherever
you want it (ie, the large RAID array)?

I don't use Webmin, but I'd be surprised if you can't set some defaults,
and it seems like the home dir would be one of them...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: can't access samba PDC after power cut

[Charles Marcus]

On 7/7/2009, Leonardo Carneiro (lscarne...@veltrac.com.br) wrote:
> Guys, you won't believe, but after ANOTHER unexpected power cut,

1st rule for critical systems is, make sure you don't have 'unexpected
power cuts'...

Do you not have a decent UPS on this system? Is it not set to safely
shut down the system in the event of a prolonged power outage?

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Slow connection and browsing

[Charles Marcus]

On 7/6/2009 9:43 AM, Matthew Daubenspeck wrote:
>>> Now, if I remove the Novell client completely, things work _perfectly_.
>>> I can browse and connect, disconnect, reconnect, the works, all at
>>> normal speed.

>> A shot in the dark, but there was a bug reported on the NOD32 forums
>> dealing specificalyy with Novell Clients...
>>
>> So, maybe this is an AV issue?

> I have no AntiVirus software on the client PCs

Like I said, it was a shot in the dark... sorry, no other ideas...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Slow connection and browsing

[Charles Marcus]

On 7/2/2009, Matthew Daubenspeck (m...@oddprocess.org) wrote:
> When I have the current Novell Netware client installed on XP machines,
> any initial browsing or opening of connected Samba drives is painfully
> slow. Slow as in 20-30 seconds. The hourglass appears and things just
> seem to lock for that time. Then, magically, things start working
> normally. Once I browse or connect to the server, it works perfectly for
> a $foo amount of time. If I step away, come back and try to read a
> drive, browsing it then comes to a halt and freezes again.
> 
> Now, if I remove the Novell client completely, things work _perfectly_.
> I can browse and connect, disconnect, reconnect, the works, all at
> normal speed.

A shot in the dark, but there was a bug reported on the NOD32 forums
dealing specificalyy with Novell Clients...

So, maybe this is an AV issue?

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] net ads join -> strong(er) authentication required

[Charles Marcus]

On 7/1/2009, christoph.be...@desy.de (christoph.be...@desy.de) wrote:
> my windows folks migrated to AD 2008 R2

Interesting... seeing as its not even released yet...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] password authentification

[Charles Marcus]

On 6/6/2009, Edward Ned Harvey (sa...@nedharvey.com) wrote:
> I don't mess with the smb.conf file.  I admin the whole thing via SWAT, as 
> follows:

Hasn't SWAT been deprecated and unsupported for a very long time?

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] vampire support for windows 2000+ domains?

[Charles Marcus]

On 4/1/2009 10:18 AM, Charles Marcus wrote:
>>> Is this ever going to happen? Or am I waiting in vain?

>> Can you please file a bug report on this and assign to me?
>>
>> I have a git branch for vampire a w2k+ domain into passdb (almost
>> finished). Having a bugid would be good reminder to finally finish it
>> for the next samba version.

> Hi Guenther,
> 
> One question... when you say 'next version', which do you mean? the next
> 3.3.x release? 3.4? 4.0?
> 
> Thanks again...

Hi Guenther,

You must have missed the above question, but I'm dying to know...

Thanks,

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: Fw: [Samba] HP Laserjet Printer Installation

[Charles Marcus]

On 5/8/2009, amit.anjarle...@tcs.com (amit.anjarle...@tcs.com) wrote:
> I think u have taken wrong meaning of word 'new-to-linux'. I have cleared
> RHCE & having good knowledge of all the applications used in linux
> including samba.

Well... again, not to be rude, but when you say you are "new to linux"
(your words, not mine), how else is one to take it other than you are
new to linux?

I understand English is not your native language, but ... ??

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: Fw: [Samba] HP Laserjet Printer Installation

[Charles Marcus]

On 5/8/2009, amit.anjarle...@tcs.com (amit.anjarle...@tcs.com) wrote:
> Pls guide as i m new to linux.

Sorry, I feel your pain, but this is not a 'new-to-linux' group, this is
for discussing problems with samba.

You need to learn how to for help in the appropriate place - in this
case, a place for basic linux help/questions...

A good place to start is the user forums/lists for your linux distribution.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: Error when subscribing to list

[Charles Marcus]

On 5/6/2009, Charles Marcus (cmar...@media-brokers.com) wrote:
> I haven't checked, but hopefully they mellowed this warning out a LOT
> and provided a single-click way to add the cert...

I clicked send too soon... of course, that should have ended with 'in
the upcoming 3.5 version'...
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] password change not working after OS update

[Charles Marcus]

On 5/6/2009, Elias Knuutila (el...@elekno.fi) wrote:
> I have problem with client password chat with Samba (3.0.24) PDC on
> Suse after updating OS to service pack 1.

Problems like this are usually better answered on the SuSE (or whatever
distro) list, as it is more often than not a distro/packaging problem as
opposed to a general samba bug...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Re: Error when subscribing to list

[Charles Marcus]

On 5/6/2009 4:57 AM, Richard Foltyn wrote:
>> Is this normal?

> It's a self-signed certificate as the samba project likely does not want
> to pay several hundred USD per year for an "official" certificate.
> 
> So yes, this is normal.

Yeah... this was a really dumb decision by the firefox developers to
provide such a scary warning for self-signed certs, and there was a lot
of complaints about it... to exacerbate the problem, they made it way
too complicated (think 'Grandma') to add an exception...

I haven't checked, but hopefully they mellowed this warning out a LOT
and provided a single-click way to add the cert...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] vampire support for windows 2000+ domains?

[Charles Marcus]

On 3/24/2009 8:22 PM, Guenther Deschner wrote:
>> Is this ever going to happen? Or am I waiting in vain?

> Can you please file a bug report on this and assign to me?
> 
> I have a git branch for vampire a w2k+ domain into passdb (almost
> finished). Having a bugid would be good reminder to finally finish it
> for the next samba version.

Hi Guenther,

One question... when you say 'next version', which do you mean? the next
3.3.x release? 3.4? 4.0?

Thanks again...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] problem with the transition from winter to summer time usrmgr.exe and logon hours

[Charles Marcus]

On 3/30/2009, Hubert Choma (hubert...@wp.pl) wrote:
> I chenged hardware time clock -w (write system clock to hardware clock 
> synchro).
> But users cant' login at 8:00 morning  I must back logon hours one 
> hour back in usrmgr from 8:00 to 7:00 and then users can login without 
> the problem.

You shouldn't change the hardware clock for daylight savings changes.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] vampire support for windows 2000+ domains?

[Charles Marcus]

On 3/24/2009 8:22 PM, Guenther Deschner wrote:
> I have a git branch for vampire a w2k+ domain into passdb (almost
> finished). Having a bugid would be good reminder to finally finish it
> for the next samba version.

Oh... and this is HUGE!!! Many, many thanks for your incredible work!

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] vampire support for windows 2000+ domains?

[Charles Marcus]

On 3/24/2009, Guenther Deschner (g...@samba.org) wrote:
>> Is this ever going to happen? Or am I waiting in vain?

> Can you please file a bug report on this and assign to me?

Hmmm... I tried, but get the following error when I try to submit it:

"Bugzilla has suffered an internal error. Please save this page and send
it to bugzilla-maintena...@samba.org with details of what you were doing
at the time this message appeared.

URL: https://bugzilla.samba.org/post_bug.cgi
undef error - Insecure dependency in exec while running with -T switch
at /usr/share/perl5/Mail/Mailer/sendmail.pm line 22."

Also, I was unable to 'assign' it to anyone (wouldn't let me in that
field), so I added your samba email addy to the CC field. I tried
submitting it without your addy in the field to in case that was causing
the above error...

I had to create a new account to do this (happy to do so), maybe it is
related?

:(
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] vampire support for windows 2000+ domains?

[Charles Marcus]

Is this ever going to happen? Or am I waiting in vain?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Hide the "not allowed to open" shared directories in the client

[Charles Marcus]

On 2/19/2009, Emmanuel (e...@free.fr) wrote:
> Nevertheless apart from solution 1. , is it possible to only show the share 
> directory for the authaurized account?
> Something like browseable = no except owner 

Would the hide unreadable parameter work for you?

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] The way things used to work...

[Charles Marcus]

On 2/16/2009 7:31 AM, Dragan Lukic wrote:
> Can anyone help me?
> 
> I cannot imagine why is my question so hard 
> 
> Looks like I will have to make at least one post to this thread each day 
> until 
> I finally get a reply/solution.

Doing that will likely get you totally ignored by most everyone here...
being 'in your face' is not generally a good idea when it comes to free
support for free software.

> 123 days with no solution, well my patience is getting thin... 

I've seen at least 2 or 3 responses with suggestions to your LAST rant,
but no response from YOU.

> Please help me get this working in new samba

There is paid support available, and it sounds like this is what you
really want:

http://us1.samba.org/samba/support/

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] net use /home ?

[Charles Marcus]

On 2/13/2009, John Drescher (dresche...@gmail.com) wrote:
> Go figure.. Also, nothing really changed on the system apart from upgrading
> the samba package from 2 to 3.2.8, that's the strange thing..

Considering that is a HUGE jump in versions, should you really be
surprised that there are some issues?

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SWAT with an LDAP Backend

[Charles Marcus]

On 2/4/2009, David Markey (dmar...@dodds.dmarkey.com) wrote:
> I have a PDC with an LDAP backend that i want to use SWAT to give
> users the option to change their password via the web interface.

Hasn't SWAT has been deprecated/unmaintained for a long time?

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with offline drive

[Charles Marcus]

On 2/3/2009, BOURIAUD (david.bouri...@ac-rouen.fr) wrote:
> The fact is that we can't use imap here. Well, we could if whe would 
> like, but who on earth would like to work with a 25Mb imap box ? No
> one.

? Many of our users have 1+GB imap maildirs... works great...

> We don't have much space on the mail server, and whe use many 
> attachements with mails, so that in half a day the imap storage place
> would be full.

Ahh... two words: upgrade drives. Storage is cheap these days.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] time sync issue

[Charles Marcus]

On 1/16/2009, L.P.H. van Belle (ob...@bazuin.nl) wrote:
> Or better add the domain users group to the policy that allows users
> to change the time.

The problem is, lots of programs just won't work right without a user
having power user perms...

For me, its easier to give them the perms, then just restrict the
ability to run unapproved executables...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] time sync issue

[Charles Marcus]

On 1/15/2009, Michael Heydon (micha...@jaswin.com.au) wrote:
> you could use psexec to run "net time" as an administrator

I always add the 'Domain Users' Group to the local 'Power Users' group
on each workstation when I add one, then control who can log onto what
from the server.

Power Users do have the ability to set the time via a script...

Yes, I know, Power Users are only a small step down from (local) Admin
privs, but I also use a free little utility called TrustNoExe to prevent
users from running any executables that are not authorized...

Its a really cool piece of software, and has the ability to install and
manage the config for all domain computers from a single workstation
(ie, mine)...

I highly recommend it:

www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba using ADS

[Charles Marcus]

On 12/29/2008, James Chavez (james.cha...@sanmina-sci.com) wrote:
> I am using Samba with ADS authentication. I am able to map drives and
> open and close files with no issues with the exception of Microsoft
> Outlook email files. So from within Outlook, I open one of these email
> files and I get an access denied error. Even if i put 777 permission on
> the files in question I get the same error.



> [2008/12/29 13:10:46,  2] smbd/close.c:close_normal_file(586)
> elmer_fudd closed file efudd/vxvm.pst (numopen=0) NT_STATUS_OK

Do you mean standalone .eml files? Or .pst files?

Even Microsoft strongly discourages hosting .pst files on network
shares... don't do it.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] username aliases?

[Charles Marcus]

On 12/18/2008, wes (sa...@the-wes.com) wrote:
> Thanks for the tip. I have entered username map=/etc/samba/users.map into
> smb.conf, and this is the contents of users.map:
> 
> wesley=wes
> 
> but, I am unable to log in with "wes" - it gives me the authentication
> failed message. I have checked the logs, and it gives the same error as if I
> had entered an incorrect username.

Did you try the other way?

wes=wesley

?

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to share [homes] in a more flexible way?

[Charles Marcus]

On 11/16/2008, Dariem Pérez Herrera ([EMAIL PROTECTED]) wrote:
> It doesn't solve my problem, that option is for hiding files within a
> shared folder if they are not readable, but what I want is to hide
> the inaccessible folder.

It also hides unreadable folders...

So, if you add this to the [homes] share, every user will see only the
folders (home directories) that they actually have access to - which if
you are doing this right will only be their own home directory.

-- 

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to share [homes] in a more flexible way?

[Charles Marcus]

On 11/16/2008, Dariem Pérez Herrera ([EMAIL PROTECTED]) wrote:
> I just want the people from my department to see their homes (they
> are the only users who can access that machine by connecting to
> Samba, because I've specified valid users in [homes], but keeping
> visible homes for the rest of the users in the organization can bring
> me some trouble with personnel asking why their usernames appear
> naming a shared folder on an unknown machine in a remote department).

It sounds like you might be wanting:

hide unreadable = Yes

in the [homes] share section?

-- 

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Vista - Profile - Local

[Charles Marcus]

On 11/13/2008 5:36 AM, lmhelp wrote:
> Hi Alex, hi Charles, hi others,
> 
> Thank you for your answers.

It would be much easier to continue this discussion if you would follow
the standard/accepted quoting methods...

> For example, the key "State" in every profile: it can have various
> values meaning specific things (I guess) but I didn't manage to find
> the documentation for it The only little bit of information I found
> is on that web page:
> 
> And it is totally insufficient. I can do nothing with it.

So don't try... you are trying to micro manage something that doesn't
need and was never intended to be micro managed by end users...

> Just to try to agree on what I mean when I talk about
> "(Windows) profiles"

 unnecessarily complicated description...

I can simplify it even more...

It is just a collection of User specific settings, generally tied to a
certain user account and OS version.

> As I said, I alternately log on my computer running XP
> as:
> - HOSTNAME\lmhelp
> - or as DOMAINNAME_1\lmhelp
> - or even as DOMAINNAME_2\lmhelp
> (not at the same time).

1. You can always logon to the LOCAL (HOSTNAME\) user account (unless
the local admin had specifically prevented it).

2. Your computer can only be joined to one domain at a time.

So, you wouldn't be able to do #3 unless you unjoined Domain1 and joined
Domain2.

Now, you *could* simply have a LOCAL account, and make sure there are
identical user accounts (the name should be the same) in both domains,
and make sure the passwords for all of them are identical... then you
should be able to access domain resources without any trouble, all using
the same local profile...

Maybe this is what you meant?

> (XP Local User Profiles in a domain environment)
> 
> It is not about Vista.

No, but the principle is the same... here is a link that tells you all
you should need to know about Vista Profiles in a domain environment:

http://technet.microsoft.com/en-us/library/cc766489.aspx

> "Domain profile is like this 'username.domainname'
> whereas local profile is known only by the user name".
> 
> That is not generally true.

That was just a comment by one of the early posters in that thread...
try reading the entire thing... the way it really works is spelled out
in detail in one of the follow-up posts in that thread/link...

Anyway, I'm not a fan of (nor do I use) Vista, and have zero experience
with it in a domain environment, so the above link is about all I can
offer...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Vista - Profile - Local

[Charles Marcus]

On 11/12/2008, lmhelp ([EMAIL PROTECTED]) wrote:
>> As soon as you unjoin/rejoin a new domain, XP will 
>> create a username.NEWDOMAIN profile on your laptop.

> Apparently it is what Vista is doing...
> A c:\Users\lmhelp. is being created.

Which is precisely the way it is designed to work...

Again - as far as I know, there is NO way to allow a machine to use the
same profile for two different domains - unless, as Alex pointed out,
the other domain is trusted, but you'll still only be joined to one domain.

One possibility would be to make sure that the other domain has a user
account created that is identical to the other one, but you will have to
manually keep the passwords in sync - meaning, if you change your
password on your main machin, you'll have to chage the password for that
account on the other domain account to be the same.

> I have found a little thing:
>   I have added:
>   - a DWORD value 
>   - in "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System"
>   - with name "LocalProfile"
>   - and value 1 (to say "Only allow local user profiles").
>   I actually it works: I find again my previous profile.
> 
> 
> But now, I want my "ProfileImagePath" key to be set to the unique
> local profile I want to use: "c:\Users\lmhelp"
> 
>   Simply changing the value:
>   "HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows NT 
>   -> CurrentVersion -> ProfileList -> ProfileImagaPath"
>   from "c:\Users\lmhelp."
>   to "c:\Users\lmhelp"
>   doesn't work.
>   I cannot log in as "\lmhelp" again after 
>   that change.

I would strongly urge you not to muck around with these registry
settings unless you really know what you are doing...

Here is a thread that discusses how user profiles are created that may
be of some help,

http://tiny.pl/s86h

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Vista - Profile - Local

[Charles Marcus]

On 11/12/2008, lmhelp ([EMAIL PROTECTED]) wrote:
> I can tell you it is possible with XP.

No, it isn't... what you describe below is NOT logging onto two
different DOMAINS, it is using a domain profile, but NOT a ROAMING profile.

> I can log on my computer: 
> as "\lmhelp"
> as well as "\lmelp"
> using exactly the same profile located at 
> "C:\Documents and Settings\lmhelp".
> It is very convenient.
> But to do so, one has to edit the registry.

All you have to do is have XP (or Vista) set up to allow the use of
cached domain credentials... this will allow someone to log onto, for
example, a laptop that is joined to a domain, when it is not physically
connected to the domain, using the domain profile, whether it is a
roaming or local profile. See:

http://support.microsoft.com/kb/q172931/

I know of no way to use the same profile for different DOMAINS, but
would be most happy to learn of a way to do so (that isn't some kind of
ugly hack)...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Fwd: NT_STATUS_NO_LOGON_SERVERS

[Charles Marcus]

On 11/11/2008 4:16 AM, Urs Golla wrote:
> Ok. it seems i am not the only one with this problem:
> http://www.mail-archive.com/samba@lists.samba.org/msg88996.html
> 
> I did a "net ads lookup" and "net ads info" before and after the Problem
> occurred. The output (DC etc..) was exactly the same. I dont know much about
> our Microsoft ADS environment, but i know that the windows servers in that
> domain do not have this problem. I also have the impression that it happend
> much more often on our 64bit RHEL servers (with 64bit samba installed).
> 
> **any help would be greatly appreciated!

Is it asking too much for some basic evironemnet details? Like, maybe,
Samba version?

It really surprises me sometimes how many people seem to think list
members are mind readers.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] share folder for each user

[Charles Marcus]

On 11/9/2008 2:59 AM, Mohammad Reza Hosseini wrote:
> Hello again,
> Solved! using this

??

That thread does NOT provide a solution...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos

[Charles Marcus]

On 10/20/2008, Matthew Delves ([EMAIL PROTECTED]) wrote:
> My questions are:
> 1) What is required for the smb.conf to get it talking to the windows
>2k server?
> 2) What other environment configuration is required to get vampire to
>work correctly?

My understanding is that vampire will NOT work with a Windows 2k server,
only an NT4 server...

:(

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Profile loading/saving on gigabit network only runs atfast ethernet speeds! Help!

[Charles Marcus]

On 10/16/2008 11:25 AM, Jonathan Bougher wrote:
> I Do think the local hard disk speed is cause *some* limitation, but since I
> can upload & download the same and other files and directories to the server
> at 4x the speed, I do not think that is the main limitation.
> 
> I am still perplexed by this issue, why is it that any sort of normal
> upload/download data transfer from server to client or vice-versa via
> network shares works at speeds of roughly 400,000 kb/s when a profile being
> copied back and forth at login/logout runs at a much slower 50,000 kb/s?

Maybe because it is not a simple copy... it has to compare all of the
files in the local copy of the profile to what is contained in the
remote stored profile... so it would be the comparison process that
causes it to be slower.

Now, if it is only copying one huge file, then maybe it could be
considered a bug, because I would think that the actual copy process
should be the same...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Profile loading/saving on gigabit network only runs at fast ethernet speeds! Help!

[Charles Marcus]

On 10/14/2008, Jonathan Bougher ([EMAIL PROTECTED]) wrote:
> Profile Logoff: 50,000 kb/s (a ~3GB profile takes roughly 10 min to load)

Using roaming profiles for profiles so large is - well - insane.

You won't get much better performance...

I'd look for another way (than using huge roaming profiles) to
accomplish your goal.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC + LDAP: adding user to local admin group

[Charles Marcus]

On 10/9/2008, Tim Bates ([EMAIL PROTECTED]) wrote:
> If you set it at a domain level like you said, it would give them
> admin rights anywhere they can log into.

But if you control which workstations they can log into, this isn't
really a problem - save the part of them having local admin rights... ;)

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.4.2 Installation Issue

[Charles Marcus]

On 10/9/2008, Greg WOLD ([EMAIL PROTECTED]) wrote:
> I'm having difficulty installing samba v3.2.4 on my CentOS 5 box. I've
> downloaded the samba-3.2.4.tar.gz file to /usr/tmp (svn gave a timeout
> so I decided to download the gz file instead). I ran tar xvzf
> samba-3.2.4 to unpack it. Then I followed the directions here:
>  ing.html>, beginning in the Verifying Samba's PGP Signature section.
> Everything compiles and runs w/out issue. But when I run smbclient -V,
> I get Version 3.0.28.el5_2.1 instead of something w/3.2.4. What could
> I be doing wrong?

Sounds to me like you already had the Centos version installed.

If you want to install from source and are up to it, thats fine, but
you'll need to be very careful for this very reason...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cannot get shares to show up

[Charles Marcus]

On 10/6/2008, Jesse Stone ([EMAIL PROTECTED]) wrote:
> My "Home" directory comes up as a share in Network Neighborhood but it also
> has browsable=no which is confusing:

You might like the 'hide unreadable' option - it can really make
navigating shares with lots of subfolders much easier, if you only have
access to a few of them...

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Broken links in online docs

[Charles Marcus]

All of the links on this page appear to be broken. Of course, I didn't
click on every one, but after discovering thet the link to 'hide
unreadable' was broken, I clicked on a few more, and they all resulted
in Not Found errors...

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html

Scroll down abou halfway to where 'hide unreadable' is found, and start
clicking on links...

Not Found
The requested URL /samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html
was not found on this server.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Could not join the domain - Samba and Openldap

[Charles Marcus]

On 9/30/2008, [EMAIL PROTECTED] wrote:
> Our PDC accidentally crashed and to eliminate down time,

I hate it when that happens... I much prefer a server that crashes
intentionally.

...

sorry, couldn't resist... ;)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] XP cannot read files after upgrade to Debian Samba 3.2.3

[Charles Marcus]

On 9/9/2008, Veselin Kantsev ([EMAIL PROTECTED]) wrote:
> On the 3.2.3 samba server:
> >From XP I can browse the folder containing that file, but if I try to copy
> the file itself I get "Cannot read from source disk" windows error.
> I can however copy the folder that contains the file.

Windows doesn't allow filenames with ':' in them - maybe that is why?

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] universal netlogon script

[Charles Marcus]

On 9/3/2008 9:04 AM, Brad C wrote:
> Hi Guys,
> 
> Advise, I have 200 users, they all have access to 20 shares in different
> combinations. They all have their own netlogon scripts... its a management
> nightmare,
> is there a way to create a universal netlogon script that I can include all
> the shares to mount and it will silently fail on the ones it cant? Perhaps
> there is a smarter way to implement this idea,

Here's mine (anonymized) - no error-checking is done, but its simple,
and been working fine for many years:

:begin
echo off
cls
net time \\mypdc /set /y

:: first unmap all possible mapped drives, then map all drives
:: common to all users
call \\mypdc\netlogon\unmap-all.bat
call \\mypdc\netlogon\map-all.bat

if %username% == user1 net use f: \\servername\share1 /persistent:no

:: map drive for Group1
\\mypdc\netlogon\ismember "MyDomain\Group1"
if errorlevel 1 net use j: \\mypdc\share2 /persistent:no

:: map drives for Group2
\\mypdc\netlogon\ismember "MyDomain\Group2"
if errorlevel 1 call \\mypdc\netlogon\group2.bat

:: map drive for Group3
\\mypdc\netlogon\ismember "MyDomain\Group3"
if errorlevel 1 net use q: \\servername\share3 /persistent:no

:: map drive for Group4
\\mypdc\netlogon\ismember "MyDomain\Group4"
if errorlevel 1 net use s: \\mypdc\share4 /persistent:no

:end

This script only requires that the ismember.exe executable be placed in
the NETLOGON share.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Very Slow!

[Charles Marcus]

On 8/29/2008 1:54 PM, Gregory Carter wrote:
> Oh, and BY THE WAY.
> 
> I do not want to be a total cynic, but you are expecting samba to
> replace a software product that the SuSE corporation directly receives
> MILLIONS in contributions from, said vendor of product it is replacing. 
> (Microsoft.)

Please stop engaging in FUD.

1. If SuSE was dumb enough to let Microsoft try something like this, how
long do you think it would be before it was discovered?

2. When (not if) it was discovered, how bad would the backlash be?

I don't doubt they might try something like this if there was a
reasonable expectation that they could do it without being discovered,
but they are smart enough to realize there's no way they could pull it off.

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba