VS: Identifying WinXP
just a simple ver gives you the info. on logonscript it's simple as: ver|find Microsoft Windows 2000 [Versio 5.00.2195] if %errorlevel%=0 echo win2k cheers, Jooel -Alkuperäinen viesti- Lähettäjä: Eddie Lania [mailto:[EMAIL PROTECTED]] Lähetetty: 8. lokakuuta 2002 10:29 Vastaanottaja: [EMAIL PROTECTED]; [EMAIL PROTECTED] Aihe: Re: Identifying WinXP Kris van Hees wrote: Has anyone found a way to identify WinXP as the remote architecture of a client rather than just identifying it as Win2000? From everything I can find it is acting pretty much identical to a Win2000 client, which is a bit of an issue since I really would need to try to make a distinction. Any ideas? Kris Kris, If you are using a client login script, perhaps the cmdinfo.exe tool can be of some assistance. You can find this tool on the internet, doc's too. Eddie.
VS: Default ACL dosn't work
I've had the exact same problem. there has been no way to set samba use the rights. only way around was to set inheritance on acl's and permissions. anyway, this does not prevent samba from setting itself the file permissions. it forces them to be owner, domain users, and everyone! silly I say. seems that the acl-code in samba is not really considered as a solution but more as addin, sadly. so can't have real NT connectivity on file-level yet with samba. cheers, Jooel -Alkuperäinen viesti- Lähettäjä: alex [mailto:[EMAIL PROTECTED]] Lähetetty: 30. kesäkuuta 2002 0541 Vastaanottaja: [EMAIL PROTECTED] Aihe: Fw: Default ACL dosn't work Hi, I've a problem with the default ACL, I'm using samba 2.2.3a and the lastest XFS ACL patch. I setted a default acl at console, it worked at local site, I created a new file, and it inherited the default acl. But when I created a file from windows 2000, the file didn't use default acl. What's the problem? Thanks! Alex
VS: Default ACL dosn't work
I'm using bestbits ACL-patch too. got exchausted with the xfs. about samba picking the acl, yes it did pick it up. there is no other problem than making the default work. even if I manually locally make some domain group to be the default instead of domain users samba sets it to be domain users next time I create or copy a file there. if I then try to remove the domain users after added domain admins and some other groups, I get access denied. so, should it work or is this in-desing flaw? Jooel -Alkuperäinen viesti- Lähettäjä: Noel Kelly [mailto:[EMAIL PROTECTED]] Lähetetty: 1. heinäkuuta 2002 1056 Vastaanottaja: 'Nieminen, Jooel'; [EMAIL PROTECTED] Aihe: RE: Default ACL dosn't work I had the default ACLs working fine with Samba - but I was using the ACL patches from bestbits not XFS. I tried XFS also but had a lot of problems creating a default ACL at all! Eventual solution was to upgrade the ACL utilities to the latest version but after I also had some disk corruption with XFS my enthusiasm for it waned and I am back with EXT2/3. Did you check that Samba had picked up the ACLs in the filesystem during the configure? I seem to remember that Samba does not pick XFS ACLs up if you compile --with-pam? Can you add multiple ACLs to a directory/file but find it is only the default ACLs which don't work? Noel -Original Message- From: Nieminen, Jooel [mailto:[EMAIL PROTECTED]] Sent: 01 July 2002 07:11 To: [EMAIL PROTECTED] Subject: VS: Default ACL dosn't work I've had the exact same problem. there has been no way to set samba use the rights. only way around was to set inheritance on acl's and permissions. anyway, this does not prevent samba from setting itself the file permissions. it forces them to be owner, domain users, and everyone! silly I say. seems that the acl-code in samba is not really considered as a solution but more as addin, sadly. so can't have real NT connectivity on file-level yet with samba. cheers, Jooel -Alkuperäinen viesti- Lähettäjä: alex [mailto:[EMAIL PROTECTED]] Lähetetty: 30. kesäkuuta 2002 0541 Vastaanottaja: [EMAIL PROTECTED] Aihe: Fw: Default ACL dosn't work Hi, I've a problem with the default ACL, I'm using samba 2.2.3a and the lastest XFS ACL patch. I setted a default acl at console, it worked at local site, I created a new file, and it inherited the default acl. But when I created a file from windows 2000, the file didn't use default acl. What's the problem? Thanks! Alex --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
working with hidden shares 2.2.4
the is no documentation on hidden share ability but adding $-sign to end of share it hides it. only problem is that it's not accessible anymore. for user who is not allowed to access the share it asks for username and password, but user which is valid is presented with: "network usage denied" (my own translation :) so how to make admin share which won't be stupidly seen in everybody's browser? Jooel
VS: Multiple SWAT admins
Surely would want that. actually, swat documentation on web does not say anything about this. I would allow domain admins or separately created swat admins group to use it. jooel -Alkuperäinen viesti- Lähettäjä: Geoff Holden [mailto:[EMAIL PROTECTED]] Lähetetty: 7. kesäkuuta 2002 0201 Vastaanottaja: [EMAIL PROTECTED] Aihe: Multiple SWAT admins I'm wondering if anyone else out there would like users other than root to be able to configure samba through swat... I have some boxes with several admins, none of who get the root password (sudo is configured on the systems). Things like CUPS can take a a group to be given full access, I'd like to do the same for SWAT. Are there any reasons against doing this? (I've already patched my own to take a swat admin group or something in the smb.conf file, so I can post my patch here if requested.) Thanks -- Geoff Holden Systems Programmer Department of Computer Science Memorial University of Newfoundland (709) 737-2661
ACL support a la Samba 2.2.4
sorry, forgot o modify some fields in last message... I've got finally my samba to work with acl's... somehow. but is supposed to work in such way that samba is unable to change the default user and group info on files? adding group domain admins to folder permissions and removing domain users seems to work, but when I open again the permissions tag, there it is again... so only permissions samba works on, are the extended attributes. is this as supposed or is still in my config something failing?
VL: --with-acl-support (2.2.4)
I don't know about you guys, but samba did configure with acl-support when I added the "unneeded" devel packages of acl. -Alkuperäinen viesti-Lähettäjä: Nieminen, Jooel Lähetetty: 5. kesäkuuta 2002 0855Vastaanottaja: '[EMAIL PROTECTED]'Aihe: --with-acl-support (2.2.4 mm... am I understanding something really wrong or is there something that I've missed. samba-2.2.4 configure --with-acl-support outputs these lines along others: checking whether to support ACLs...checking for acl_get_file in -lacl... nochecking for ACL support... no normal?
[Samba] VS: WinXP allows login to expired/forbidden accounts
win2k has cache too. So how it's different?
Jooel
Hi,
I've stumbled upon this problem while trying to limit access to
specific machine to specific domain users. I did it by setting Samba to
obey PAM restrictions, and then using the pam_access PAM module
('account' clause) to do user validation (described below).
On Win2000, this works fine - if an unauthorized user tries to
login, Win2000 says 'Account not permitted to login at this time' (or
something along those lines), and disallows the login.
But WinXP _allows_ the login to proceed, but refuses to map any
drives (home directory) and disallows access to PDC shares. In this way,
the user has access to local disks and resources.
Can someone try to replicate and find the source of this bug? I'm seeing
it on two different WinXP machines, and on no Win2k machines. Is it too
late to fix this for 2.2.5?
I'm using stock Samba 2.2.4 on RedHat 7.2 as a PDC to Win2k and WinXP
domains.
This may be because WinXP has the ability to cache domain logons. It
remembers that the name/password pair worked in the past, and is willing to
let you in based only on that.
I think the default is to cache 10 domain logons, but you can disable
this 'feature' (or bug, depending on your point of view) by setting the
number to 0 in the local security policy of the computer.
--
Geoff Holden
Systems Programmer
Department of Computer Science
Memorial University of Newfoundland
(709) 737-2661
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
