[Samba] SMB printing via port 445 through an SSH tunnel
Hello, Sorry if this is the wrong list. Please do let me know which list this should go to. I am also copying [EMAIL PROTECTED] I am trying to print to a Network printer configured in a Win XP (SP 2) box (shared out) through a SSH tunnel from a Linux system. I have disabled Netbios over TCP/IP, so port 139 is already closed in the Win XP box. SSH tunnel is created with -R 4000:localhost:445 using PuTTY in the Win XP system. When I try smbspool smb://username:[EMAIL PROTECTED]/cmcclient1/HPBW job 1 batch.bat I momentarily see a Remote Downlevel Document but the document gets printed correctly. But, when I try [EMAIL PROTECTED]:~ smbspool smb://username:[EMAIL PROTECTED]:4000/HPBW job 1 batch.bat session request to 127.0.0.1 failed (Call timed out: server did not respond after 1 milliseconds) session request to *SMBSERVER failed (Call timed out: server did not respond after 1 milliseconds) session request to 127.0.0.1 failed (Call timed out: server did not respond after 1 milliseconds) session request to *SMBSERVER failed (Call timed out: server did not respond after 1 milliseconds) Should this work or am I missing something? I am having issues with smbclient too in this case. samba-3.0.23d-6 samba-client-3.0.23d-6 Any ideas? Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbmount fails when trying inside a SSH tunnel
Hello All, Here is the problem definition: * I have a Windows XP SP2 system (part of a Samba NT domain). The system has a share created in its local disk which has read access for everyone. * I have a Linux (SuSE 9.3) system. * Using PuTTY, I create a SSH tunnel from the Windows XP to Linux (-R 4000:localhost:139) to mount the smb shared folder on the Linux system. * When I do smbclient -L CMCCLIENT6 -p 4000 -U adminuser, it lists the shares fine in the Linux server. * But, I am not successful in mounting the share using smbmount. Here are some of my tries: ribosome:~ # mount -t smbfs -o username=CMC-NT \adminuser,ip=127.0.0.1,port=4000 //127.0.0.1/foldertoshare /shares Password: 2079: session request to 127.0.0.1 failed (Call returned zero bytes (EOF)) 2079: session request to 127 failed (Call returned zero bytes (EOF)) ribosome:~ # mount -t smbfs -o username=adminuserribosome:~ # smbmount \\\CMCCLIENT6\foldertoshare /shares -o username=adminuser,ip=127.0.0.1,port=4000 27896: session request to CMCCLIENT6 failed (Call returned zero bytes (EOF)) 27896: session request to *SMBSERVER failed (Call returned zero bytes (EOF)) SMB connection failed ribosome:~ # smbmount \\\CMCCLIENT6\foldertoshare /shares -o username=adminuser,ip=127.0.0.1,port=4000 27896: session request to CMCCLIENT6 failed (Call returned zero bytes (EOF)) 27896: session request to *SMBSERVER failed (Call returned zero bytes (EOF)) SMB connection failed Anything I am missing? Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Creating a group share
Hello, I have a Samba PDC (3.x) running in a OpenSUSE 10.2 system. The authentication backend is Open LDAP. I want to create a group share (WTCCC) which should be accessible to a group of users (belonging to a group called WTCCC). The users' possess this group as their secondary group (NOT primary). And the share folder would have its gid bit set, so all the writes to the folder would be accessible further by only people belonging to WTCCC. Also I want a default umask of 770 for the shared folder too. Could someone suggest a share configuration that can do these? Currently, I have [JIAGEN1] comment = JIAGEN project share path = /export/newWTCCC valid write list = +WTCCC # acl check permissions = true # acl group control = yes browseable = Yes # read only = No inherit acls = Yes force group = +WTCCC writable = yes create mask = 0660 directory mask = 0770 But as soon as I change the ownership of /export/newWTCCC to root:WTCCC, the users are not able to access the share. But if I have the force group enabled, everyone is able to access the share (as it forces everyone to belong to the group, which should not be the case). Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: ham,[Samba] Creating a group share
Hi Dale, Thanks for the response. I changed my share configuration as below. But now I cannot authenticate. [JIAGEN1] comment = JIAGEN project share path = /export/newWTCCC valid users = +WTCCC write list = +WTCCC read only = No inherit acls = Yes force group = +WTCCC writable = yes create mask = 0660 directory mask = 0770 Any ideas why? I checked that the user is a part of the group (though not primary). bmifsrd2:~ # groups prakash prakash : users torque-users calendar-users irc-users WTCCC plone- managers plone-members fmadmin fmuser Thanks, Prakash On Nov 14, 2007, at 8:57 AM, Dale Schroeder wrote: Prakash, You have inadvertently combined two parameters. There is no valid write list parameter. You should use write list = +WTCCC valid users = +WTCCC It should work after correcting the parameter. Good luck, Dale Prakash Velayutham wrote: Hello, I have a Samba PDC (3.x) running in a OpenSUSE 10.2 system. The authentication backend is Open LDAP. I want to create a group share (WTCCC) which should be accessible to a group of users (belonging to a group called WTCCC). The users' possess this group as their secondary group (NOT primary). And the share folder would have its gid bit set, so all the writes to the folder would be accessible further by only people belonging to WTCCC. Also I want a default umask of 770 for the shared folder too. Could someone suggest a share configuration that can do these? Currently, I have [JIAGEN1] comment = JIAGEN project share path = /export/newWTCCC valid write list = +WTCCC #acl check permissions = true #acl group control = yes browseable = Yes #read only = No inherit acls = Yes force group = +WTCCC writable = yes create mask = 0660 directory mask = 0770 But as soon as I change the ownership of /export/newWTCCC to root:WTCCC, the users are not able to access the share. But if I have the force group enabled, everyone is able to access the share (as it forces everyone to belong to the group, which should not be the case). Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: ham,[Samba] Creating a group share
To add more info, I am seeing the following in the logs. So I am guessing authentication is working fine. It is something with regards to the group membership that is not. [2007/11/14 09:41:06, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [prakash] succeeded [2007/11/14 09:41:06, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [prakash] - [prakash] - [prakash] succeeded Thanks, Prakash On Nov 14, 2007, at 8:57 AM, Dale Schroeder wrote: Prakash, You have inadvertently combined two parameters. There is no valid write list parameter. You should use write list = +WTCCC valid users = +WTCCC It should work after correcting the parameter. Good luck, Dale Prakash Velayutham wrote: Hello, I have a Samba PDC (3.x) running in a OpenSUSE 10.2 system. The authentication backend is Open LDAP. I want to create a group share (WTCCC) which should be accessible to a group of users (belonging to a group called WTCCC). The users' possess this group as their secondary group (NOT primary). And the share folder would have its gid bit set, so all the writes to the folder would be accessible further by only people belonging to WTCCC. Also I want a default umask of 770 for the shared folder too. Could someone suggest a share configuration that can do these? Currently, I have [JIAGEN1] comment = JIAGEN project share path = /export/newWTCCC valid write list = +WTCCC #acl check permissions = true #acl group control = yes browseable = Yes #read only = No inherit acls = Yes force group = +WTCCC writable = yes create mask = 0660 directory mask = 0770 But as soon as I change the ownership of /export/newWTCCC to root:WTCCC, the users are not able to access the share. But if I have the force group enabled, everyone is able to access the share (as it forces everyone to belong to the group, which should not be the case). Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating a group share
problem, maybe one of the ldap experts (which I am not) could spot it. Dale Prakash Velayutham wrote: To add more info, I am seeing the following in the logs. So I am guessing authentication is working fine. It is something with regards to the group membership that is not. [2007/11/14 09:41:06, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [prakash] succeeded [2007/11/14 09:41:06, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [prakash] - [prakash] - [prakash] succeeded Thanks, Prakash Prakash Velayutham wrote: Hi Dale, Thanks for the response. I changed my share configuration as below. But now I cannot authenticate. [JIAGEN1] comment = JIAGEN project share path = /export/newWTCCC valid users = +WTCCC write list = +WTCCC read only = No inherit acls = Yes force group = +WTCCC writable = yes create mask = 0660 directory mask = 0770 Any ideas why? I checked that the user is a part of the group (though not primary). bmifsrd2:~ # groups prakash prakash : users torque-users calendar-users irc-users WTCCC plone- managers plone-members fmadmin fmuser Thanks, Prakash On Nov 14, 2007, at 8:57 AM, Dale Schroeder wrote: Prakash, You have inadvertently combined two parameters. There is no valid write list parameter. You should use write list = +WTCCC valid users = +WTCCC It should work after correcting the parameter. Good luck, Dale Prakash Velayutham wrote: Hello, I have a Samba PDC (3.x) running in a OpenSUSE 10.2 system. The authentication backend is Open LDAP. I want to create a group share (WTCCC) which should be accessible to a group of users (belonging to a group called WTCCC). The users' possess this group as their secondary group (NOT primary). And the share folder would have its gid bit set, so all the writes to the folder would be accessible further by only people belonging to WTCCC. Also I want a default umask of 770 for the shared folder too. Could someone suggest a share configuration that can do these? Currently, I have [JIAGEN1] comment = JIAGEN project share path = /export/newWTCCC valid write list = +WTCCC #acl check permissions = true #acl group control = yes browseable = Yes #read only = No inherit acls = Yes force group = +WTCCC writable = yes create mask = 0660 directory mask = 0770 But as soon as I change the ownership of /export/newWTCCC to root:WTCCC, the users are not able to access the share. But if I have the force group enabled, everyone is able to access the share (as it forces everyone to belong to the group, which should not be the case). Thanks, Prakash No virus found in this incoming message. Checked by AVG. Version: 7.5.503 / Virus Database: 269.15.31/1130 - Release Date: 11/14/2007 9:27 AM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating a group share
Hello All, Wanted to update you all that this issue is resolved. This is my working configuration. [global] workgroup = WORKGROUPNAME netbios name = servername encrypt passwords = yes password server = * passdb backend = ldapsam:ldaps://x.y.z log level = 9 syslog = 0 name resolve order = wins bcast hosts ldap suffix = o=x,c=y ldap machine suffix = ou=xx ldap group suffix = ou=yy ldap user suffix = ou=xx ldap idmap suffix = ou=nn ldap admin dn = cn=Manager,o=x,c=y idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = yes winbind cache time = 5 printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User security = user [JIAGEN] comment = JIAGEN project share path = /export/WTCCC valid users = @WTCCC write list = +WTCCC read only = No inherit acls = Yes force group = +WTCCC writable = yes create mask = 0660 directory mask = 0770 I had some issue with server-side caching, which got resolved once I stopped nscd on the server. Now everything is peachy!!! Thanks, Prakash On Nov 14, 2007, at 10:13 AM, Dale Schroeder wrote: Are there any errors in the logs? If not, try increasing your log level to 10. What does the global section of your smb.conf look like, and which version of Samba are you running? If it is an openldap problem, maybe one of the ldap experts (which I am not) could spot it. Dale Prakash Velayutham wrote: To add more info, I am seeing the following in the logs. So I am guessing authentication is working fine. It is something with regards to the group membership that is not. [2007/11/14 09:41:06, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [prakash] succeeded [2007/11/14 09:41:06, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [prakash] - [prakash] - [prakash] succeeded Thanks, Prakash Prakash Velayutham wrote: Hi Dale, Thanks for the response. I changed my share configuration as below. But now I cannot authenticate. [JIAGEN1] comment = JIAGEN project share path = /export/newWTCCC valid users = +WTCCC write list = +WTCCC read only = No inherit acls = Yes force group = +WTCCC writable = yes create mask = 0660 directory mask = 0770 Any ideas why? I checked that the user is a part of the group (though not primary). bmifsrd2:~ # groups prakash prakash : users torque-users calendar-users irc-users WTCCC plone- managers plone-members fmadmin fmuser Thanks, Prakash On Nov 14, 2007, at 8:57 AM, Dale Schroeder wrote: Prakash, You have inadvertently combined two parameters. There is no valid write list parameter. You should use write list = +WTCCC valid users = +WTCCC It should work after correcting the parameter. Good luck, Dale Prakash Velayutham wrote: Hello, I have a Samba PDC (3.x) running in a OpenSUSE 10.2 system. The authentication backend is Open LDAP. I want to create a group share (WTCCC) which should be accessible to a group of users (belonging to a group called WTCCC). The users' possess this group as their secondary group (NOT primary). And the share folder would have its gid bit set, so all the writes to the folder would be accessible further by only people belonging to WTCCC. Also I want a default umask of 770 for the shared folder too. Could someone suggest a share configuration that can do these? Currently, I have [JIAGEN1] comment = JIAGEN project share path = /export/newWTCCC valid write list = +WTCCC #acl check permissions = true #acl group control = yes browseable = Yes #read only = No inherit acls = Yes force group = +WTCCC writable = yes create mask = 0660 directory mask = 0770 But as soon as I change the ownership of /export/newWTCCC to root:WTCCC, the users are not able to access the share. But if I have the force group enabled, everyone is able to access the share (as it forces everyone to belong to the group, which should not be the case). Thanks, Prakash No virus found in this incoming message. Checked by AVG. Version: 7.5.503 / Virus Database: 269.15.31/1130 - Release Date: 11/14/2007 9:27 AM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Counting the number of simultaneous logins
Hi, How can we count the number of simultaneous logins for each user in Samba RELIABLY? In my setup, I have several Windows domain clients each with a Citrix client installed in it. Windows clients are in a different subnet than the Citrix server. There is a Samba3 BDC in the subnet of the windows clients which they use to login to the domain. But when the user connects to Citrix for applications using the same domain authentication, login occurs at the Samba3 PDC. The situation is that the windows client has logged into the BDC, but the Citrix connection inside of the windows client has logged into the PDC. If I know how to count the number of simultaneous logins for each user, then using the patch given in http://www.utsc.utoronto.ca/~harper/samba/domain.html (Thanks Harper), I could run a shell script on the domain logon server during user's last logout to sync the different shares for that user. Any suggestions please. Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap_open_connection(623)
Hi, Did this issue get resolved? Can someone tell me how it was resolved and what needs to be done? I am running into the same issue. Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap_open_connection(623)
My sincere apologies. Here is the original message on that thread. I was getting the exact same error and not able to solve it for almost 3 days. I know that the error looks more like openldap ssl/tls related. But as someone else in this list did go through that pain, I thought he could help me. But now I sorted the issue myself. Sorry again. When I do a ldapsearch -ZZ -x -H ldap://red.ab.com/ -b '' -s base '(objectclass=*)'+ I get the error: Ldap_start_tls: Connect error (-11) Additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure I am pretty new to Linux and samba. What am I missing here? Regards, Pari Paul Gienger [EMAIL PROTECTED] 05/11/05 2:39 PM Did this issue get resolved? Can someone tell me how it was resolved and what needs to be done? I am running into the same issue. Maybe if someone communicated the problem a worthwhile response could be crafted. This message has no references or even the vaugest hint at what is going on, aside from some random open connections. Not trying to pick, but there have been several messages like this lately that are 'referencing some problem' without any clear notion of what is being referred to. We need more info, bugzilla number, problem description, even being a reply to a previous message would help those with a thread sorting mail reader. -- Paul Gienger -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba BDC in the same subnet not gettingconnection requests
Ian Clancy [EMAIL PROTECTED] 05/10/05 11:45 AM Prakash Velayutham wrote: Ian Clancy [EMAIL PROTECTED] 05/10/05 9:33 AM Prakash Velayutham wrote: Hi, Sorry for posting again. I would really appreciate any help with this. I have a Samba 3 PDC running with around 20 Windows XP/2K clients. The PDC and clients are in different subnets. Rrecently I decided to add a Samba 3 BDC in the same subnet as the clients, to give some failover and also to reduce across-switch traffic. After creating the BDC, I restarted one of the clients but don't see it establishing connection with the BDC, instead it connects as before with the PDC. How can I make a BDC effective in this case? Thanks, Prakash Hi Prakash, Some questions before we can help. When you start the BDC what kind of output do you get in /var/log/messages ? Is your BDC registering itself as a logon server ?. In your smb.conf what is your log level setting ?. Is your WINS Server configured correctly and are your clients configured to use it ?. What does 'nmblookup -S YOURBDC' return ? Hi Ian, What log level do you want me to set in smb.conf before getting the output of /var/log/samba/* (I think you meant this when you said /var/log/messages, as I do not get anything in /var/log/messages when I restart smb and nmb daemons). With log level at 3, here is the output * [2005/05/10 10:03:13, 3] smbd/server.c:exit_server(614) Server exit (Caught TERM signal) [2005/05/10 10:03:16, 0] nmbd/nmbd.c:terminate(54) Got SIGTERM: going down... [2005/05/10 10:03:16, 3] nmbd/nmbd_sendannounce.c:send_local_master_announcement(166) send_local_master_announcement: type 0 for name FRONTIER on subnet 10.10.80.111 for workgroup CMC-NT ... entry CMCCLIENT1 of type 40011003 () on workgroup CMC-NT. [2005/05/10 10:03:52, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(454) *** Yes, my BDC has domain logons = yes and domain master = no set. Currently I have set the log level to 10. I have no control over the WINS server, but my clients are looking at the WINS server correctly. What exactly do I need to look at in the WINS server configuration? nmblookup -S frontier from a different Linux box in the same subnet as the BDC returns (frontier is the BDC) (I temporarily set log level to 3 here) querying frontier on 10.10.80.255 10.10.80.111 frontier00 Looking up status of 10.10.80.111 FRONTIER00 - H ACTIVE FRONTIER03 - H ACTIVE FRONTIER20 - H ACTIVE ..__MSBROWSE__. 01 - GROUP H ACTIVE CMC-NT 00 - GROUP H ACTIVE CMC-NT 1c - GROUP H ACTIVE CMC-NT 1d - H ACTIVE CMC-NT 1e - GROUP H ACTIVE MAC Address = 00-00-00-00-00-00 Thanks for the help, Prakash Hi Prakash, This looks ok. the line below means that your BDC is registering itself as a Domain controller CMC-NT 1c - GROUP H ACTIVE You can query the wins server directly using the 'U' flag in nmblookup. See the nmblookup man page for more details. For your domain try something like this : nmblookup -U your wins server -R CMC-NT#1c This will query the wins server for a list of Domain Controllers. You could also try hardcoding which logon server to use into lmhosts on the clients but i'm not quite sure how you would go about this. regards -- Ian Clancy Hi Ian, Thanks. I realized that all along my clients were using the BDC for domain logons but there was something wrong with the way they log messages as the log messages did not arrive in the specified files. Fortunately or unfortunately I was playing around with the Slave LDAP server that the BDC connects to and I noticed that one of the Samba clients did not let a user login saying the DC was down or something like that. That made me realize that the client was connecting to the BDC but due to LDAP connection failure, it was not proceeding further. Your pointers in the direction of nmblookup proved it further as the WINS server returns the following result: * nmblookup -U 10.1.3.200 -R CMC-NT#1C querying CMC-NT on 10.1.3.200 10.10.80.111 CMC-NT1c 10.1.3.166 CMC-NT1c 10.1.3.166 CMC-NT1c 10.1.20.34 CMC-NT1c * Here 10.10.80.111 is my BDC. I am happy now. Now even the logging is working fine. Hope this thread helps someone in distress over the same issue. I have one last quick question. I know this has been answered in the Samba-3 HOWTO, just reconfirming. I will need to replicate the folders for the different services (like netlogon, profiles etc.) onto the BDC manually correct? And what should be the way I indicate the logon server from inside smb.conf. Is it %L? Thanks, Prakash -- To unsubscribe from this list go to the following URL
Re: [Samba] enforce password settings by policies
I am sure this is possible. I am also in the process of doing this. I think ntuser.pol or some such file needs to be edited. Can someone else pitch in some more on this please? Thanks, Prakash Michael Gasch [EMAIL PROTECTED] 03/18/05 2:22 AM hi, i hope you can help me: is there a way to enforce password security (strength, history, ... ) by policies on windows 2k/xp ? gpedit.msc shows me some password settings which i would like to change remotely from our samba PDC after logon thx in advance cheerz -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS error with 3.0.11
Hi, Here is what the chapter on Printing (Chapter 19. Classical Printing Support) from Samba How-To says: Only when the parameter is explicitly set to would Samba conform with my intentions. So, my strong advice is: * Never rely on commented out parameters. * Always set parameters explicitly as you intend them to behave. * Use testparm to uncover hidden settings that might not reflect your intentions. So you not having CUPS in your smb.conf does not mean system does not have it by default. Prakash [EMAIL PROTECTED] wrote: I recently upgraded from Samba 3.0.2a to Samba 3.0.11. I didn't change anything in my smb.conf file. But Now, when a user logs on to my Linux server and access a Samba share, in the log file for that machine there is always a message repeated twice: [2005/03/16 05:40:23, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused As far as I can tell, I do NOT have any CUPS lines in my smb.conf file. I have CUPS running as a service on my machine (which I should probably stop), but I don't want to make any printers available to network users. Any clues as to why this error message is appearing now, and it never appeared with Samba 3.0.2a? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Samba 3+LDAP
Hi, Are you sure about this? Here is my pdbedit -Lv output. Looks like Windows does accept '-' in the domain name. My windows clients join the domain just fine, and the users do login to the PDC without any hitches. Unix username: NT username: Account Flags:[U ] User SID: S-1-5-21-709429014-924526411-3950163471-15102 Primary Group SID:S-1-5-21-709429014-924526411-3950163471-513 Full Name:X X - Network User Home Directory: \\MCPILDAP1\homes\winprofile HomeDir Drive:Z: Logon Script: scripts\logon.bat Profile Path: \\MCPILDAP1\homes\winprofile Domain: CMC-NT Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 22:14:07 GMT Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT Password last set:Tue, 08 Mar 2005 17:05:12 GMT Password can change: Tue, 08 Mar 2005 17:05:12 GMT Password must change: Mon, 18 Jan 2038 22:14:07 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Prakash Mccrory, Kevin B wrote: Domain: ARZUR-NT ^ | There's your problem. Get rid of the - in the domain name. Windows machines can't handle anything other than alpha-numerics in the Domain name. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, March 18, 2005 11:14 AM To: samba@lists.samba.org Subject: [Samba] PDC Samba 3+LDAP Hello all, I've some problem with my new Samba / Ldap PDC : I cannot join the Domain from Windows (XP) computers Okay, all configuration seem to be okay on the serveur, I can create Users,Computers for samba (and unix) I put here some config file, if someone can help me, I'm on since 5 days, it's my first PDC so I use the tutorial from Idealx (smbldap-howto) getent passwd give me local and ldap account (here are the LDAP account) ... Administrateur:x:0:512:Netbios Domain Administrator:/root:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin bdupuis:x:1005:512:Benjamin Dupuis:/home/data1/samba/bdupuis:/sbin/nologin POIL-BAREBONE$:x:1008:515:Computer:/dev/null:/sbin/nologin POIL-BAREBONE is a computer is it normal smbldap-tools add me a $ to computer's name? pdbedit -Lv give me samba accout (here is just the Administrator): Unix username:Administrateur NT username: Administrateur Account Flags:[U ] User SID: S-1-5-21-3150904180-1303617548-1471141863-1000 Primary Group SID:S-1-5-21-1911238739-97561441-2706018148-512 Full Name:Administrateur Home Directory: \\PDC-SMB3\homes\Administrator HomeDir Drive:X: Logon Script: logon.bat Profile Path: \\PDC-SMB3\profiles\Administrator\ Domain: ARZUR-NT Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 04:14:07 GMT Kickoff time: Tue, 19 Jan 2038 04:14:07 GMT Password last set:Fri, 18 Mar 2005 16:15:41 GMT Password can change: 0 Password must change: Sat, 25 Jun 2005 17:15:41 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF init_sam_from_ldap: Entry found for user: nobody Now when I try to join the domain From windows XP, I enter username : bdupuis password: toto domain name : ARZUR-NT computer name : POIL-BAREBONE (I try POIL-BAREBONE$ also) User name: Administrateur password: toto domain name : ARZUR-NT and I have an error Log on Samba : [2005/03/18 17:08:34, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/18 17:08:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: Administrateur [2005/03/18 17:08:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 512 [2005/03/18 17:08:34, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrateur] - [Administrateur] - [Administrateur] succeeded [2005/03/18 17:08:34, 2] smbd/server.c:exit_server(575) Closing connections Log on LDAP : Mar 18 17:08:50 mastok slapd[5569]: conn=131 fd=8 ACCEPT from IP=127.0.0.1:33002 (IP=0.0.0.0:389) Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND dn=cn=samba,ou=DSA,dc=arzur,dc=local method=128 Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND dn=cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL mech=SIMPLE ssf=0 Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 RESULT tag=97 err=0 text= Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH base=dc=arzur,dc=local scope=2 deref=0
Re: [Samba] Can XP Home really Samba ?
On Mar 15, 2005, at 9:41 AM, Venkata Avasarala wrote: Hi, I know that XP Home edition is supposed to work with Samba. However, my experiences over the past 2 weeks have left me with a real doubt. All I want is a simple share from my Linux box to the XP Home machine with no password. I have set guest ok = yes, enabled cleartext password in both Samba and XP. I have a common account in both XP and Linux and nothing seems to work. Initially XP client would start using port 80 for communicating with the server after some kind folks suggsted in this list, I disabled the XP webclient service and now atleast XP client tries to use the netbios port when I do a net use from the XP command shell. I have the following problems 1)XP Home will not show the Linux server in Network Neighbourhood (if it is Local Master browser) and shows nothing if it losses election. 2)Since I know the IP address of the Samba server doing a net use with the IP address like net use b: \\192.168.0.4\Apache results in a System error 1 on the XP box. 3)I see lot of UDP inquiry messages and responses and I see an incoming reuest handled by NMB and it response in the log. However, I do not see any activity in the SMB log. If XP Home cannot really interoperate with Samba then I will just drop this and use SFTP :( . Thanks, -Venkata. What are your wins server entries in the XP machine when you do ipconfig /all? Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Citrix, Samba PDC experiences.
Mark Nehemiah wrote: Hi thanks for the quick reply. I really just needed the fact that it works, and people are using it ok, before I go through the openLDAP, pdc setup. I've looked over the samba docs, and the docs at http://www.unav.es/cti/ldap-smb-howto.html and they seem pretty good. I have not set up openLDAP before, except for email addresses. Any advice, or howto information would be appreciated. Is there any other sources of info that you would refer to besides SAMBA docs, and the link above for openLDAP, SAMBA pdc information? Thanks, Mark. On Mon, March 14, 2005 8:38 am, Prakash Velayutham said: Mark Nehemiah wrote: Hi all, I've dug through the lists and google, but haven't found very much info on using Citrix with a samba PDC. The small number of messages and information I've found, lead me to believe it will work. Does anyone have any first hand knowledge they'd be willing to share? I'm currently involved in rolling out Citrix for proprietary windows apps for remote offices. We've always used samba internally, though I'm still authenticating to a real old NT domain. The Citrix rollout includes needing more windows CAL's, so rather then A/D, I really want to use a SAMBA PDC if possible. thanks, Mark Hi, I have a Samba-3 PDC which supports 10 Windows PCs and 2 Citrix servers. The PCs and Citrix servers authenticate against a central LDAP directory through the samba server. Citrix servers are a part of a different NT domain (which my Samba PDC has trust relationship with). But as far as I can say, this setup is working fine for me. If you have any specifics, please ask. Thanks, Prakash Please try not to top post. That aside, did you take a look at idealx documents? I used most of them directly, but there are somethings in that document you will need to change as it does not work. Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-populate probleman
Did you edit and change the masterPw and slavePw entries in the smbldap_bind.conf file that come with smbldap-tools utility? Hope it helps. Prakash Márcio Luciano Donada wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] mdonada]# smbldap-populate Using builtin directory structure adding new entry: dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 2. adding new entry: ou=Users,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 3. adding new entry: ou=Groups,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 4. adding new entry: ou=Computers,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 5. adding new entry: ou=Idmap,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 6. adding new entry: cn=NextFreeUnixId,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 7. adding new entry: uid=Administrator,ou=Users,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 8. adding new entry: uid=nobody,ou=Users,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 9. adding new entry: cn=Domain Admins,ou=Groups,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 10. adding new entry: cn=Domain Users,ou=Groups,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 11. adding new entry: cn=Domain Guests,ou=Groups,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 12. adding new entry: cn=Domain Computers,ou=Groups,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 19. adding new entry: cn=Print Operators,ou=Groups,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 20. adding new entry: cn=Backup Operators,ou=Groups,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 21. adding new entry: cn=Replicators,ou=Groups,dc=auroraalimentos,dc=com,dc=br failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 389, GEN1 line 21. [EMAIL PROTECTED] mdonada]# Some ideia? []'s - -- Márcio Luciano Donada mdonada at auroraalimentos dot com dot br FreeBSD - The uptime is mesuared in years! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCMdgmyJq2hZEymxcRAjU+AKDFsiclbHgpUEsYgvqW9GFqklXm3gCfRcyj 8dhKJamqhf2eFt/8+G/4REY= =pOda -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-populate probleman
Márcio Luciano Donada wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Prakash Velayutham wrote: | Did you edit and change the masterPw and slavePw entries in the | smbldap_bind.conf file that come with smbldap-tools utility? | | Hope it helps. | Prakash Ok, in my smbldap_bind.conf file: this is entry: slaveDN=cn=suporte,dc=auroraalimentos,dc=com,dc=br slavePw=mldlinux masterDN=[EMAIL PROTECTED],dc=com,dc=br masterPw=mldlinux Why are the DN's different between master and slave? Please correct this and see if that fixes it. Some ideia? []'s - -- Márcio Luciano Donada mdonada at auroraalimentos dot com dot br FreeBSD - The uptime is mesuared in years! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCMdyMyJq2hZEymxcRAtWlAKCcaI3MeMywwC5D/SjJ5cWQLm7KUwCgtAvD nTLEu4RuKBTqzVghxSxd5l0= =a9/b -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error while opening Excel VBA macros in Samba PDC windows clients
Jeremy Allison wrote: On Sun, Feb 27, 2005 at 04:58:28PM -0500, Prakash Velayutham wrote: Hi, I can do a ethereal capture if that is good enough. It is 100% reproducible. I will send this info tomorrow as this is in my office. That's great. I'll be at connectathon all next week so my response time will be slow, but that's exactly what we need. Cheers, Jeremy. Hi All, This issue has been sorted out. It was a problem with the profiles of the users I was trying to test as. Sorry for bothering you all. Thanks Jeremy. Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error while opening Excel VBA macros in Samba PDC windows clients
Hi All, Server OS - SuSE Pro 9.0 Samba server version - samba3-3.0.9-1 (SuSE rpm) Client - Windows XP Pro SP 2 Office XP SP 2 I have everything working well such as machines joining domain, users logging in, roaming profiles etc. But when a user of the Samba domain tries to open a Excel VBA document, the following error occurs. Error accessing the system registry Please note that the macro security settings are at LOW. If I say OK to the previous error, then the system opens a window titled Identity Login with 2 buttons Log Off Identity and Manage Identities and 2 other buttons OK and Cancel. No actual identities are shown in this window. And because of this reason OK button is greyed out. If I hit Cancel, then the system opens up the Excel sheet, but with an error window saying essentially, # Microsoft Excel File Repair Log Errors were detected in file 'C:\Documents and Settings\prakash\Desktop\autox4.xls' The following is a list of repairs: Lost Visual Basic project. Lost ActiveX controls. # I googled around, and tried this article from Microsoft KB, http://support.microsoft.com/kb/q269383/;, but to no avail. I turned on debugging on the server to 10, but does not help. I can see that the server complains about some DLL files being unavailable, but these errors don't show up when I try to open the excel sheet. I am attaching the smb.conf file along. Any help greatly appreciated. Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error while opening Excel VBA macros in Samba PDC windows clients
Sorry all. The configuration file did not get attached. Here is the complete message with the smb.conf file. Sorry again for double posting. Any help greatly appreciated. Server OS - SuSE Pro 9.0 Samba server version - samba3-3.0.9-1 (SuSE rpm) Client - Windows XP Pro SP 2 Office XP SP 2 I have everything working well such as machines joining domain, users logging in, roaming profiles etc. But when a user of the Samba domain tries to open a Excel VBA document, the following error occurs. Error accessing the system registry Please note that the macro security settings are at LOW. If I say OK to the previous error, then the system opens a window titled Identity Login with 2 buttons Log Off Identity and Manage Identities and 2 other buttons OK and Cancel. No actual identities are shown in this window. And because of this reason OK button is greyed out. If I hit Cancel, then the system opens up the Excel sheet, but with an error window saying essentially, # Microsoft Excel File Repair Log Errors were detected in file 'C:\Documents and Settings\prakash\Desktop\autox4.xls' The following is a list of repairs: Lost Visual Basic project. Lost ActiveX controls. # I googled around, and tried this article from Microsoft KB, http://support.microsoft.com/kb/q269383/;;, but to no avail. I turned on debugging on the server to 10, but does not help. I can see that the server complains about some DLL files being unavailable, but these errors don't show up when I try to open the excel sheet. I am attaching the smb.conf file along. Thanks, Prakash # smb.conf is the main Samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE # Date: 2004-07-21 [global] unix charset = LOCALE workgroup = CMC-NT netbios name = MCPILDAP1 server string = SAMBA-LDAP PDC Server ldap passwd sync = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ; username map = /etc/samba/smbusers log level = 10 syslog = 0 ; log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts time server = yes printcap name = cups show add printer wizard = no printing = cups printer admin = @ntadmin, root, administrator ; printcap cache time = 750 ; cups options = raw add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/local/sbin/smbldap-tools/smbldap-useradd.pl -w %u remote announce = 10.10.80.255 10.1.64.255 logon script = scripts\logon.bat ; logon path = \\MCPILDAP1\%U\%U logon drive = X: ; homedir map = auto.users ; NIS homedir = yes domain logons = yes preferred master = yes domain master = yes local master = yes wins support = no idmap backend = ldap:ldap://127.0.0.1/ ldap admin dn = cn=Manager,o=tchrf,c=us ldap suffix = o=tchrf,c=us ldap group suffix = ou=PI-groups ldap user suffix = ou=PI-users ldap machine suffix = ou=PI-hosts ldap idmap suffix = ou=Idmap ; idmap uid = 1-2 ; idmap gid = 1-2 map acl inherit = yes ; ldap ssl = start_tls ldap delete dn = yes encrypt passwords = yes ; logon home = \\MCPILDAP1\homes os level = 33 Dos charset = 850 Unix charset = ISO8859-1 ; map to guest = Bad User guest account = nobody security = user wins server = 10.1.3.200 10.1.1.200 winbind separator = + winbind uid = 1-2 winbind gid = 1-2 [homes] comment = Home Directories valid users = %U read only = No create mask = 0664 directory mask = 0775 browseable = No [profiles] comment = Roaming Profiles Share path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = yes profile acls = yes csc policy = disable force user = %U valid users = %U @Domain Admins ; store dos attributes = Yes [users] comment = All users path = /home read only = No inherit permissions = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups
Re: [Samba] Error while opening Excel VBA macros in Samba PDC windows clients
Hi, I can do a ethereal capture if that is good enough. It is 100% reproducible. I will send this info tomorrow as this is in my office. Thanks, Prakash On Feb 27, 2005, at 3:06 PM, Jeremy Allison wrote: On Sun, Feb 27, 2005 at 12:42:13PM -0500, Prakash Velayutham wrote: Hi All, Server OS - SuSE Pro 9.0 Samba server version - samba3-3.0.9-1 (SuSE rpm) Client - Windows XP Pro SP 2 Office XP SP 2 I have everything working well such as machines joining domain, users logging in, roaming profiles etc. But when a user of the Samba domain tries to open a Excel VBA document, the following error occurs. Error accessing the system registry To debug this we'll need a capture trace between the offending client and smbd, and also a debug level 10 from the smbd in question. Is it 100% reproducible ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error while opening a Excel VBA file in a Samba PDC client
Hi All, Server OS - SuSE Pro 9.0 Samba server version - samba3-3.0.9-1 (SuSE rpm) Client - Windows XP Pro SP 2 Office XP SP 2 I have everything working well like machines joining domain, users logging in, roaming profiles etc. But when a user of the Samba domain tries to open a Excel VBA document, the following error occurs. Error accessing the system registry Please note that the macro security settings are at LOW. If I say OK to the previous error, then the system opens a window titled Identity Login with 2 buttons Log Off Identity and Manage Identities and 2 other buttons OK and Cancel. No actual identities are shown in this window. And because of this reason OK button is greyed out. If I hit Cancel, then the system opens up the Excel sheet, but with an error window saying essentially, # Microsoft Excel File Repair Log Errors were detected in file 'C:\Documents and Settings\prakash\Desktop\autox4.xls' The following is a list of repairs: Lost Visual Basic project. Lost ActiveX controls. # I googled around, and tried this article from Microsoft KB, http://support.microsoft.com/kb/q269383/;, but to no avail. I turned on debugging on the server to 10, but does not help. I can see that the server complains about some DLL files being unavailable, but these errors don't show up when I try to open the excel sheet. I am attaching the smb.conf file along; Please help. Thanks, Prakash # smb.conf is the main Samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE # Date: 2004-07-21 [global] unix charset = LOCALE workgroup = CMC-NT netbios name = MCPILDAP1 server string = SAMBA-LDAP PDC Server ldap passwd sync = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ; username map = /etc/samba/smbusers log level = 10 syslog = 0 ; log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts time server = yes printcap name = cups show add printer wizard = no printing = cups printer admin = @ntadmin, root, administrator ; printcap cache time = 750 ; cups options = raw add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/local/sbin/smbldap-tools/smbldap-useradd.pl -w %u remote announce = 10.10.80.255 10.1.64.255 logon script = scripts\logon.bat ; logon path = \\MCPILDAP1\%U\%U logon drive = X: ; homedir map = auto.users ; NIS homedir = yes domain logons = yes preferred master = yes domain master = yes local master = yes wins support = no idmap backend = ldap:ldap://127.0.0.1/ ldap admin dn = cn=Manager,o=tchrf,c=us ldap suffix = o=tchrf,c=us ldap group suffix = ou=PI-groups ldap user suffix = ou=PI-users ldap machine suffix = ou=PI-hosts ldap idmap suffix = ou=Idmap ; idmap uid = 1-2 ; idmap gid = 1-2 map acl inherit = yes ; ldap ssl = start_tls ldap delete dn = yes encrypt passwords = yes ; logon home = \\MCPILDAP1\homes os level = 33 Dos charset = 850 Unix charset = ISO8859-1 ; map to guest = Bad User guest account = nobody security = user wins server = 10.1.3.200 10.1.1.200 winbind separator = + winbind uid = 1-2 winbind gid = 1-2 [homes] comment = Home Directories valid users = %U read only = No create mask = 0664 directory mask = 0775 browseable = No [profiles] comment = Roaming Profiles Share path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = yes profile acls = yes csc policy = disable force user = %U valid users = %U @Domain Admins ; store dos attributes = Yes [users] comment = All users path = /home read only = No inherit permissions = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit permissions = Yes [pdf] comment = PDF creator path = /var/tmp
Re: [Samba] SUSE 9.2
Hi Jody, I had the exact same problem when I started running a Samba PDC. My passdb backend was an OpenLDAP server however (which is the same physical server). In this case, the Samba account users should be able to login to the Samba server also and that I achieved by configuring pam_ldap on the Samba/LDAP server. This resolved the issue of xsession for me. I don't know how this can help, but something is better than nothing I guess. Prakash On Jan 15, 2005, at 4:36 AM, Jody wrote: My name is Jody and I am in Cape Town South Africa. I have been working on Windoze for about 6 months and have experienced many problems. I have been introduced to Linux (Suse 9.2) when I visited the Science center in the Vacation Period. I have installed Suse on my Dads Laptop and the Laptop is inturn connected to a network by means of a 100meg Switch. On the Network we have a PDC whichruns a Domain called WORK and on the PDC we have various shares and Users including mine. (The PDC IS RUNNING NT) I have managed to set up SUSE in such a way that it notices the WORK Domain when configuring the Network with Samba (Quite cool). Once the configuration had completed I was faced with whe KDE login on the Laptop which looks like this WORK/Jody WORK/Administrator WORK/guest etc. If I choose any of the above logon names and insert the password it gives me an error.. XSESSION: Access denied for user WORK/Jody.and leaves me to click on OK and reverts to the main logon screen. The only person that can logon is root as root is a local profile on the Latop I guess. I contacted the Local Linux team here in SA and they refered me to Samba . Please help me as my Dad is not impressed with me. Luckily I never deleted the windows partition as yet as my dad uses the Laptop for work purposes. NB all the above users can log in from any Windoze workstation without any problems Thanking you in advance Jody -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New to Samba world
On Monday 03 January 2005 05:29, Mandar Kulkarni/PUN/IN/STTL wrote: Hi Team, I am new to Samba. As company has decided to install Linux based file and print server, we are planning to use Samba and LDAP But prior to proceed further, I wanted to know how samba works, what all things needs to be considered at the time of installation. So can any one let me know the same? Thanks Regards Mandar Kulkarni Hi, If you want Samba only as a print and file server, there is not much you need to know, other than some configuration settings and such. In pre-packaged Linux distros, you may only need to edit some settings and you will be ready to go. However, if you panic on security issues (which I do a lot), you will need to know how Samba works and Samba3-howto comes in handy. Rather, if you want Samba for bigger purposes than this, knowing a lot more really helps. There are numerous tools that can help you with any of these. Ask for more if you need. Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error Messages
Hi, On Dec 30, 2004, at 9:28 AM, Arno Seidel wrote: Hi list, after searching google and getting lost in to much results, maybe someone can explain me the meaning of some error-messages: 1. [2004/12/30 14:10:03, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. According to what I know, this is not an error. It is just information. 2. [2004/12/30 14:10:08, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2023) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) This means that the group you are intending to login as does not exist in your LDAP tree. When does this happen. Can you give some background? regards Arno Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error Messages
Hi, 1. Are you able to login to the domain successfully? 2. Can you show some more of the log information from log.smbd or %m logs (%m is the name of the machine connecting). Do you see any error message similar to User Administrator in passdb, but getpwnam() fails! or check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' Prakash On Thursday 30 December 2004 09:56, Arno Seidel wrote: Hi, thanks for that quick response, for the 1. what causes this message to appear??? 2. this comes up every time a user logs in to the domain / server i played arround with the log levels but i don´t found any information which group / object is missing net groupmap list returns following: Domain Guests (S-1-5-21-4226538298-1610114045-865933353-514) - domain_guests domain computers (S-1-5-21-4226538298-1610114045-865933353-515) - computers Enterprise Admins (S-1-5-21-4226538298-1610114045-865933353-519) - root Administrators (S-1-5-21-4226538298-1610114045-865933353-544) - root Guests (S-1-5-21-4226538298-1610114045-865933353-546) - domain_guests Account Operators (S-1-5-21-4226538298-1610114045-865933353-548) - account_operators Server Operators (S-1-5-21-4226538298-1610114045-865933353-549) - server_operators Print Operators (S-1-5-21-4226538298-1610114045-865933353-550) - print_operators Backup Operators (S-1-5-21-4226538298-1610114045-865933353-551) - backup_operators Replicator (S-1-5-21-4226538298-1610114045-865933353-552) - replicator Domain Admins (S-1-5-21-4226538298-1610114045-865933353-512) - root Users (S-1-5-21-4226538298-1610114045-865933353-1201) - users Domain Users (S-1-5-21-4226538298-1610114045-865933353-513) - users which looks to me ok regards arno Prakash Velayutham wrote: Hi, On Dec 30, 2004, at 9:28 AM, Arno Seidel wrote: Hi list, after searching google and getting lost in to much results, maybe someone can explain me the meaning of some error-messages: 1. [2004/12/30 14:10:03, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. According to what I know, this is not an error. It is just information. 2. [2004/12/30 14:10:08, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2023) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) This means that the group you are intending to login as does not exist in your LDAP tree. When does this happen. Can you give some background? regards Arno Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Question
What value do you have for security in smb.conf? share or user? Prakash On Dec 23, 2004, at 2:27 PM, Bill Sommerville wrote: My name is Bill Sommerville and I need a little help. I am fairly new to Samba and I would like to connect to two shared accounts on one system. So in other words I have a maindata and a graphics account on a Linux system. When I map to the maindata account, everything is fine. When I try to Map to the graphics account, I get this message from Windows saying I must disconnect from the maindata account to establish a connection to the graphics account. Is there any way I can avoid this? I am sure it is in the config file, but I am not sure where. Or is it in Windows? I use to be able to do this, but after a few upgrades something changed. Thanks Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba + citrix + drive mapping
Hi, I am not sure if this question belongs here or on the Citrix forum. But for whatever it is worth ... I have a Samba3 server acting as PDC and several linux and windows clients. Also there is a Citrix server in another NT4 domain that our clients use to get common services. The issue I am seeing is that when users login to the windows clients (that have joined the Samba domain), their home dirs get mounted properly according to the sambaHomeDrive, but after being logged in, if they try to use Citrix client to connect to the citrix server (using their Samba domain login and password), their home dir does not get mounted. Due to Citrix's ability even the windows client's drives get mounted on the citrix server, but the already mounted drives on the windows clients do not get mounted again on the citrix server. I am thinking if I remove the sambaHomeDrive attribute from the user's LDAP entry, but instead have the drive mapping done through logon scripts, would it work both at the windows client and citrix server end? Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Converting existing POSIX accounts to sambaSAM accounts
Hi, I have around 50 users whose POSIX accounts currently exist in a LDAP server. I have started running a Samba3 PDC recently and would like to convert these accounts into sambaSAM accounts. I know smbldap-usermod script does this. But I don't think it reads the defaults for sambaProfilePath, sambaHomePath etc. from /etc/smbldap-tools/smbldap.conf file (which, by the way, is used cleanly by smbldap-useradd script). Anybody who has done this yet? I would be setting out to modify the usermod script to handle this case (if nobody else has already done this and could lend me a copy of the modifications). Regards, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + citrix + drive mapping
This registry key seems to be for network access of the same file by multiple users. Do you think this will solve my problem with drive mapping??? Thanks, Prakash On Dec 23, 2004, at 11:02 PM, Wisu wrote: Try patching the Citrix server's Registry with WindowsTerminalServer.reg I think this file is included with the Samba source code under docs/registry... Wisu On Fri, 2004-12-24 at 03:44, Prakash Velayutham wrote: Hi, I am not sure if this question belongs here or on the Citrix forum. But for whatever it is worth ... I have a Samba3 server acting as PDC and several linux and windows clients. Also there is a Citrix server in another NT4 domain that our clients use to get common services. The issue I am seeing is that when users login to the windows clients (that have joined the Samba domain), their home dirs get mounted properly according to the sambaHomeDrive, but after being logged in, if they try to use Citrix client to connect to the citrix server (using their Samba domain login and password), their home dir does not get mounted. Due to Citrix's ability even the windows client's drives get mounted on the citrix server, but the already mounted drives on the windows clients do not get mounted again on the citrix server. I am thinking if I remove the sambaHomeDrive attribute from the user's LDAP entry, but instead have the drive mapping done through logon scripts, would it work both at the windows client and citrix server end? Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + OpenLDAP + Automount question
Thanks Peter. That is an option. I was wondering if there is a way to make Samba interact with the autofs code to start autofs during a user login process. Any suggestions from Samba developers on this one? Thanks, Prakash On Dec 21, 2004, at 4:15 AM, Peter Olivia wrote: Here is what I did on my setup: 1) Mounted a base share for all samba data (i.e. home dirs and profiles) in /home/samba so that I ended up with /home/samba/home/$USER and /home/samba/profiles/$USER (where $USER is the login name of the user) 2) Pointed all LDAP users home dirs to /home/samba/home/$USER and their profiles to /home/samba/profiles/$USER 3) All I needed to do then is setup shares (and the logon path and logon home entries) a. [homes] path=/home/samba/home/%u b. [Profiles] path=/home/samba/profiles The home dirs get automounted at user logon as the logon home drive. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + OpenLDAP + Automount question
Thanks Peter. That is an option. I was wondering if there is a way to make Samba interact with the autofs code to start autofs during a user login process. Any suggestions from Samba developers on this one? Thanks, Prakash On Dec 21, 2004, at 4:15 AM, Peter Olivia wrote: Here is what I did on my setup: 1) Mounted a base share for all samba data (i.e. home dirs and profiles) in /home/samba so that I ended up with /home/samba/home/$USER and /home/samba/profiles/$USER (where $USER is the login name of the user) 2) Pointed all LDAP users home dirs to /home/samba/home/$USER and their profiles to /home/samba/profiles/$USER 3) All I needed to do then is setup shares (and the logon path and logon home entries) a. [homes] path=/home/samba/home/%u b. [Profiles] path=/home/samba/profiles The home dirs get automounted at user logon as the logon home drive. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + OpenLDAP + Automount question
Hi Samba Gurus, I am not sure why my questions to the forum are not getting posted (and I don't get any reply at all) Anyway, instead of my Mac mail client, I am using webmail just to see if that works. Sorry for the repetition. We have an OpenLDAP server (openldap2-2.1.22-65) and a separate NFS server for home dirs. Currently LDAP NIS maps are being used by the Linux users in the department for home dir mounting on Linux clients. As everybody does, I started to look at Samba to accommodate the Windows users and have a single user database (in LDAP) to work with. Now I have a Samba PDC running samba3-3.0.9-1 version in my LDAP server with passdb backend being ldapsam:ldap://127.0.0.1. PDC itself works just fine right now with roaming profiles etc. The NFS server is the only system with big disks and hence we would like to have the home dirs in that system. I am not sure how automount plays into the whole setting of Samba and OpenLDAP. When a user logs into a windows machine, his home directory should get mounted from the NFS server automatically. The (Windows) profile would also live inside the (UNIX) home directory of the user and hence would also has to get mounted. Hopefully I am clear enough. Please send any configuration settings if you can. I tried some googling, but just saw one link where somebody discussed something similar with Sun's LDAP server and Samba. I tried that but did not work with OpenLDAP. The constraint is that the home dir NFS server is also a server for a Linux cluster we maintain and I do not want to touch that server currently for anything. Any help greatly appreciated. Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP + Automount maps
Hi Samba Gurus, We have an OpenLDAP server (openldap2-2.1.22-65) and a separate NFS server for home dirs. Currently LDAP NIS maps are being used by the Linux users in the department for home dir mounting on Linux clients. As everybody does, I started to look at Samba to accommodate the Windows users and have a single user database (in LDAP) to work with. Now I have a Samba PDC running samba3-3.0.9-1 version in my LDAP server with passdb backend being ldapsam:ldap://127.0.0.1. PDC itself works just fine right now with roaming profiles etc. The NFS server is the only system with big disks and hence we would like to have the home dirs in that system. I am not sure how automount plays into the whole setting of Samba and OpenLDAP. When a user logs into a windows machine, his home directory should get mounted from the NFS server automatically. The (Windows) profile would also live inside the (UNIX) home directory of the user and hence would also has to get mounted. Hopefully I am clear enough. Please send any configuration settings if you can. I tried some googling, but just saw one link where somebody discussed something similar with Sun's LDAP server and Samba. I tried that but did not work with OpenLDAP. The constraint is that the home dir NFS server is also a server for a Linux cluster we maintain and I do not want to touch that server currently for anything. Any help greatly appreciated. Thanks, Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
