Re: [Samba] how to hide a directory
In the [share] deffinition, try: hide unreadable = Yes -Ric At 08:33 AM 10/12/2005, Information (Erin Hughes) wrote: Not that I am aware of. E./ Louis van Belle wrote: Yes, but i did that already, but is there an other option? Louis -Oorspronkelijk bericht- Van: Information (Erin Hughes) [mailto:[EMAIL PROTECTED] Verzonden: woensdag 12 oktober 2005 16:21 Aan: Louis van Belle Onderwerp: Re: [Samba] how to hide a directory Log into your samba server with ssh and rename the directory you want to hide with a . IE Movies mv Movies .Movies Then it will appear when you choose show hidden folders. I am not sure how to do it through explorer. E./ Louis van Belle wrote: Hi all, question, how do i hide a directory with for example with just the Hidden attrib from the windows explorer. Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't see Samba Server from Win2k
What worked for me was: To your [global] stanza, add: remote announce = address of PDC, or ADS remote browse sync = address of PDC, or ADS With those, I was able to see the samba server from my XP boxes. Hope that helps. -Ric At 05:36 PM 10/11/2005, allmoto allmoto wrote: --- [EMAIL PROTECTED] escribió: I've read other posts on this, but can't figure out what I'm doing wrong. I have Suse 8.0, Samba 2.2.3a, and Win2k. Win2k Setup: workgroup = HOME_NET Host Name = Copernicus IP : 192.168.0.7 Subnet : 255.255.255.0 Def Gateway: 192.168.0.1 smb.conf (comments removed): === [global] workgroup = HOME_NET netbios name = gallileo encrypt passwords = yes security = share wins support = yes guest only = yes username map = /etc/samba/smbusers interfaces = 192.168.0.7/255.255.255.0 character set = ISO8859-15 client code page = 850 veto files = /*.eml/*.nws/riched20.dll/*.{*}/ [homes] comment = Home Directories read only = No browseable = No [share1] path = /home/jimmy read only = Yes browseable = yes guest ok = Yes public = yes == I set up lmhosts as follows: 1.- Have you setted up a trust account for your win2k pc? 2.- Why use lmhosts? accoring to your smb.conf you re using samba as a wins server? 3.- you need to specify wich password backend you are using eg: passdb backend = tdbsam:/etc/samba/passdb.tdb James. ___ 1GB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo http://correo.yahoo.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Shares exist, but pc´s cant see them!
Try: remote announce = 192.168.1.255 192.168.2.255 (etc) replacing the address(es) with your local subnet(s) So your server will announce itself to the other subnets. This worked on mine. NOTE: It may take a few minutes for it to show up after making the change. -Ric At 10:59 AM 10/4/2005, Robert Schetterer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 allmoto allmoto schrieb: | Hi, i´ve configured samba 3 on a linux box, the | strange part is that i know samba is working, if i use | connect to ... on windowze terminals and manually use | the share address i can see them , write files, etc, | but i cant see any share, or the samba box, or any | other pc on the network neighbourhood. Why is this.?? | | | Thanx. | | | | | | | | | ___ | 1GB gratis, Antivirus y Antispam | Correo Yahoo!, el mejor correo web del mundo | http://correo.yahoo.com.ar | Hi, configure samba as a wins server ( be sure theres no other one in your net ) and configure your win clients to use it. posting your smb conf will help Regards - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer.org Munich / Bavaria / Germany https://www.schetterer.org \** \* gnupgp \* public key: \* https://www.schetterer.org/public.key \** -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDQrT+b0iqzJq+0MgRAtTOAJ9X+i8gaXCt+CD6upSVbRTE+BWplQCfbv/W 7m5mEHTdI1vwB08o04Ni4jw= =DQjx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20a on AIX 5.2
Good morning Bill! The results are: # oslevel -r 5200-03 # lslpp -l obs.adt.include Fileset Level State Description Path: /usr/lib/objrepos bos.adt.include 5.2.0.30 COMMITTED Base Application Development Include Files NOTE: These servers will soon be upgraded to AIX 5.3 Adding to the fun, I have little, to no say over what versions of filesets go on them. It makes my life so much fun. Thanks -Ric At 05:29 AM 10/2/2005, William Jojo wrote: On Fri, 30 Sep 2005, Ric Tibbetts wrote: While I was between other things, I thought I'd try to build this. The build failed with: What options are you compiling with on AIX? I can't recreate this. also what is the output of oslevel -r and lslpp -l bos.adt.include ? I think that fileset is very downlevel. Cheers, Bill Compiling dynconfig.c In file included from include/includes.h:507, from dynconfig.c:21: /usr/include/aio.h:76: field `aio_sigevent' has incomplete type /usr/include/aio.h:127: field `aio_sigevent' has incomplete type In file included from dynconfig.c:21: include/includes.h:811: redefinition of `struct timespec' make: 1254-004 The error code from the last command is 1. Same problem as 3.0.20 -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Differences with net join
All; I'm getting closer to tracking down my problem (I hope). Since I want samba to verify the windows users from the Windows domain, I did the usual net join. But it still doesn't get the users from there, I still need an smbpasswd file. So... now the question (for the real samba gurus): Is there a substantial difference between: net ads join -w domain/workgroup and net rpc join -w domain/workgroup ? I did the net rpc because I don't have ads compiled in (owing to the problems with IBMs implementation of Kerberos not being compatable with Samba..). BTW: The join was successful, but Samba isn't pulling user IDs from there. To do what I need to, do I HAVE to have ads compiled in? Thanks again! -ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
Firstly your DC *is* W2K3 SP1. Reading logs can be very interesting :-) [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. ^M [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2^M [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0^M [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e^M [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 . .P.a.c .k. .1..^M [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. ^M [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2^M [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2..^M [080] 00 57 00 49 00 4E 00 00 .W.I.N.. ^M I was digging through the logs after sending that to you, and spotted the above. ;) Secondly, the user logging in has the name Windows name 212442. The logon to the DC succeeds, this user is then mapped to user u212442 via a username map file. The problem is this user cannot be found on the local unix box - look at the log where it says : User u212442 does not exist, trying to add it So, your underlying problem is that the users who are logging in and being successfully authenticated against the W2K3 SP 1 DC don't exist locally. You'll either need to add them to /etc/passwd, or user winbindd. Now this one is interesting. The user does exist. If I do id u212442 on the server, it produces the appropriate user id/group... # id u212442 uid=1040(u212442) gid=1001(sysadmin) So the user does exist. But for some strange reason (which I still don't understand), it doesn't report that to Samba at login time. I'm CC:ing to the list so people can see the resolution of this issue. Sorry to say, that it's not resolved yet. I think we've found the symptom, but not the cause. If the user exists, why doesn't samba see it? All of the assistance on this is greatly appreciated! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20a on AIX 5.2
While I was between other things, I thought I'd try to build this. The build failed with: Compiling dynconfig.c In file included from include/includes.h:507, from dynconfig.c:21: /usr/include/aio.h:76: field `aio_sigevent' has incomplete type /usr/include/aio.h:127: field `aio_sigevent' has incomplete type In file included from dynconfig.c:21: include/includes.h:811: redefinition of `struct timespec' make: 1254-004 The error code from the last command is 1. Same problem as 3.0.20 -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
At 02:36 PM 9/30/2005, Jeremy Allison wrote: On Fri, Sep 30, 2005 at 01:24:30PM -0600, Ric Tibbetts wrote: At 01:13 PM 9/30/2005, you wrote: On Fri, Sep 30, 2005 at 12:38:28PM -0600, Ric Tibbetts wrote: So the user does exist. But for some strange reason (which I still don't understand), it doesn't report that to Samba at login time. I'm CC:ing to the list so people can see the resolution of this issue. Sorry to say, that it's not resolved yet. I think we've found the symptom, but not the cause. If the user exists, why doesn't samba see it? All of the assistance on this is greatly appreciated! Oops, sorry - I deleted the email with the logs. You'll have to send me another copy and I'll look further... Jeremy. No problem. Fresh logs attached. Again, the assist is greatly appreciated! Ok - it looks like you're trying to use winbindd on this box. If you already have a unix uid that you've mapped the numeric windows user to you don't need to use winbindd. Can you confirm if you are running winbindd or now ? If you are, kill it and retry. This is related to Jerry's code here in auth/auth_util.c so I might ask him to look at the log: /* try to fill the SAM account.. If getpwnam() fails, then try the add user script (2.2.x behavior). We use the _unmapped_ username here in an attempt to provide consistent username mapping behavior between kerberos and NTLM[SSP] authentication in domain mode security. I.E. Username mapping should be applied to the fully qualified username (e.g. DOMAIN\user) and no just the login name. Yes this mean swe called map_username() unnecessarily in make_user_info_map() but that is how the current code is designed. Making the change here is the least disruptive place.-- jerry */ nt_status = fill_sam_account(mem_ctx, nt_domain, sent_nt_username, found_username, uid, gid, sam_account); if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { DEBUG(3,(User %s does not exist, trying to add it\n, internal_username)); smb_create_user( nt_domain, sent_nt_username, NULL); nt_status = fill_sam_account( mem_ctx, nt_domain, sent_nt_username, found_username, uid, gid, sam_account ); } Jeremy. -- Nope, no winbind. I saw those references in the log too, but thought they were just standard checks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
EUREKA ! ! ! ! ! That was it! I needed to map the DOMAIN\username, and that solved it! Thank you very, very much!!! My whole week-end just got better! -Ric At 03:03 PM 9/30/2005, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: On Fri, Sep 30, 2005 at 02:45:27PM -0600, Ric Tibbetts wrote: Nope, no winbind. I saw those references in the log too, but thought they were just standard checks. The problem is definately related to the mapping between the numeric Windows user and the unix user. What does your username map file look like ? I can tell from the logs that he is not using the fully qualified name. Scanning username map /usr/local/samba/private/smbusers user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |administrator| user_in_list: checking user |WIN\212442| against |admin| user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |guest| user_in_list: checking user |WIN\212442| against |pcguest| user_in_list: checking user |WIN\212442| against |smbguest| user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |214023| user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |203691| Just to test, can you ensure you have both the unumber=number unumber=DOMAIN\number entries in the username map for the user you're testing with. BTW: The reason you're having such trouble with this set up is that having a Windows domain consisting of numeric user id's is an unusual setup. Most people don't set things up this way. No. I think that I need to update the man page - From the 3.0.8 release notes: == Change in Username Map == Previous Samba releases would only support reading the fully qualified username (e.g. DOMAIN\user) from the username map when performing a kerberos login from a client. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent behavior sometimes even on the same server. Samba 3.0.8 obeys the following rules when applying the username map functionality: * When performing local authentication, the username map is applied to the login name before attempting to authenticate the connection. * When relying upon a external domain controller for validating authentication requests, smbd will apply the username map to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPag3IR7qMdg1EfYRAnH5AJ9r3ZH8DxT4SILRCJpzOh8wQspOjwCg0vYa xrHb23jb0vTXiKT5o/FpOxA= =ABfE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
BTW: The reason you're having such trouble with this set up is that having a Windows domain consisting of numeric user id's is an unusual setup. Most people don't set things up this way. Just a side note, now that this works. I fully agree that using fully numeric usernames is a bad thing, believe me, I didn't do it, it's been this way here for many years. But the windows stuff is handled by a different department, and we (on the unix side) have no say, we just have to work with the fallout. We should still work in this environment (once there is a correct mapping in place) but this is why you're having a lot of problems. Yep, as demonstrated, the format of the username map needs to be: unix user = DOMAIN\Windows User and a small note for others: Watch the \ it NEEDS to be a back slash. don't ask how I know. ;) -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Old smbpasswd file to new SMB 3.0 smbpasswd
Jerry; Just for my own information, wouldn't: pdbedit -i smbpasswd old smbpasswd file do an import, and update? -Ric At 03:58 PM 9/30/2005, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Todd Johnson wrote: Hello - Is there a script available to convert an old 2.2.18 smbpasswd file to the newer Smb 3.0 smbpasswd file? The reason I ask is that ive figured out why my users are getting bad errors when changing passwords locally. I have over 1000 users and dont wish to manually add them into a fresher smbpasswd file. a simple `cat smbpasswd=2.2.x | awk -F: '{print }'` is probably the easist thing to do. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPbT4IR7qMdg1EfYRAt5YAJ0f6EavGFE0/erXxW1yttQ/7+v5AACfRdTm CLgvWFVnGCJY52qR+xQbiDQ= =rF+L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] More Random Behaviour
Okay, I'm starting to face professional ridicule at work over this. A Samba install should take a couple of days, I've been at it... far to long now. When this started I chased the problem in all the wrong directions. I thought it was this environment. Now I don't think so. I have Samba 3.0.14a installed on an AIX 5.2 server. I had it running (not the way I wanted, but running). Then, for no reason, and with NO changes made, it started to deny me access to my home directory. FOR NO REASON. I had not changed anything. I've been fighting just that kind of random failures for the past couple of weeks. The logs are pretty much usless. Even at log level 10, it only shows that it denied access, and gives idiot reasons like user not found or some such. I'm now down-reving to 3.0.12 . I've installed that version in other places with good result, I'm hoping it will correct the issues here. I can't go up-rev to 3.0.20 because the build fails (unless someone has a solution for THAT problem...). Maybe it will also magically correct the other authentication issues that I shouldn't be having too.. -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More Random Behaviour
At 10:16 AM 9/29/2005, Jeremy Allison wrote: On Thu, Sep 29, 2005 at 08:47:34AM -0600, Ric Tibbetts wrote: Okay, I'm starting to face professional ridicule at work over this. A Samba install should take a couple of days, I've been at it... far to long now. When this started I chased the problem in all the wrong directions. I thought it was this environment. Now I don't think so. I have Samba 3.0.14a installed on an AIX 5.2 server. I had it running (not the way I wanted, but running). Then, for no reason, and with NO changes made, it started to deny me access to my home directory. FOR NO REASON. I had not changed anything. There is *nover* NO REASON. Something changed. You just don't know what. Okay, I'll phrase that another way: I would agree with you, however: I changed nothing in the Samba setup, or configuration. No one else was logged into the server. Hence: There were no changes to the Samba server. It simply, sporadically, stopped allowing me access to my home directory. You can draw your own conclusions from that. I've been fighting just that kind of random failures for the past couple of weeks. The logs are pretty much usless. Even at log level 10, it only shows that it denied access, and gives idiot reasons like user not found or some such. If you're ignoring messages like this, then you will fail. You need to take a long hard look at your system administration practices in order to be successful in this. Once again. It was allowing me access, and then, suddenly, it stopped, and would report a variety of causes, ranging from: No NT servers available User not found bad passwords etc. These events have been random, and there seems to be no direct cause. If the user exists in both the Unix passwd scheme, AND as an smbpasswd entry, there's no reason Samba should suddenly not be able to find it. I've just down-reved form 3.0.14a to 3.0.12, and so far, it's running fine (except for a problem with smbpasswd, but I'll address that seperately). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unnecessary smbpasswd
Okay, here's my final issue with this installation. I'm hoping someone can shed some light on it. The setup: Server: IBM AIX 5.2 Samba: 3.0.12 The problem: Samba is insisting on having an smbpasswd entry for all users, and it shouldn't (based on my past experiences). I'm setting up a VERY basic samba install. All it needs to do is enable unix shares to the windows folks. It's NOT a login server, nor a domain master, etc. It simply needs to answer requests for shares, and send them out. From my limited knowledge of this, the process is: Request comes in from Windows client (XP-Pro in this case). In this case, the Windows clients authenticate via an ADS. Samba receives the request, and checks the username, checking it against the unix passwds to find a match. If there is a matching unix ID, then samba will allow the access. This process has never required an smbpasswd file on any other system I've set it up on. Except this one. So my question is, where do I start looking for WHY it can't get the user id from Unix? I've cranked up the log levels, but I'm not seeing anything that helps. I'd be glad to send the logs along to anyone who wants to look that may be able to unravel this mystery. Thank you in advance! -ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unnecessary smbpasswd
This process has never required an smbpasswd file on any other system I've set it up on. Except this one. I seriously doubt this. I *strongly* recommend you stop working on your computer and go away and read this : http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/ This should help with some of the underlying concepts. Hmm.. I guess I better call the last two places I set up Samba servers for, and tell them to stop using them because (according to you) they don't work. You did however point out something I was overlooking, and need to reinvestigate. (a bit of a forehead slap on this one). Beyond that: You are a poster child for the anti-open source software group. It's sad that a request for help is met with attitudes such as yours, and become confrontational. Thanks for the help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More Random Behaviour
At 10:32 AM 9/29/2005, Jeremy Allison wrote: On Thu, Sep 29, 2005 at 10:29:26AM -0600, Ric Tibbetts wrote: These events have been random, and there seems to be no direct cause. If the user exists in both the Unix passwd scheme, AND as an smbpasswd entry, there's no reason Samba should suddenly not be able to find it. Indeed, and that's why you need to look for other sources of instability on the system. The code doesn't just randomly fail. You need to understand what is going on. Blindly down-revving is a receipe for disaster. The format of many internal tdb databases are changed when up-reving. Unless you saved them off and restored them you're likely to run into more trouble. You need to understand your system a *lot* better than you currently do. Yes, I moved the tdb databases first. I didn't blindly down-rev anything, I actually am trying to it right, and make it work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unnecessary smbpasswd
With my apologies for letting my frustration get the better of me, let me try this again: I have a much more limited understanding of Samba than I thought I did. I'm still trying to learn, and get it right. I have been reading the Samba HOW-TO, and the User Guide. In installations I have done in the past, I must have gotten lucky, and things worked differently than they seem to be working on the installation I'm working on now. I'm hoping that someone from this list can help me to figure out what those differences are, and how I can resolve them. Once again, I am not using this Samba server as a Domain Controller, nor a log in server. It simply needs to serve out shares to windows users. If I understand the process correctly: User on Windows XP box makes a request to the Samba server. The windows box passes the username/password pair to the Samba server. The Samba server checks that the user exists on the unix box, and (following the password server = xxx.xxx.xxx.xxx parameter in smb.conf) verifies the username/password from the Windows Domain Controller (specified in the password server = parameter). If the username/password do not exist on the specified password server, samba checks the smbpasswd file. Once the username/password is validated, the samba server will pass the share. Is the above a fair breakdown, in a very simple implementation? -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More Random Behaviour
At 12:29 PM 9/29/2005, Elizabeth Schwartz wrote: A few random possible causes for no reason failures: - a config file was changed some time ago but someone failed to test it by restarting the daemon or rebooting the server, until now -some server is having network connectivity or load issues, and the backup or secondary doesn't have the same information -some third party changed permissions somewhere that wasn't immediately apparent -your server is having connectivity or load or file system space issues (don't forget to check the space where the error log goes) -your config file has cruft in it from many versions ago that no longer applies to this particular version (that bit me yesterday on my AV scanner!) Seriously, turn your log level down to something sane and make sure that you understand any error that you see. Thank you for the pointers. A couple of them have serious validity in this environment. For the moment, I've down-reved to 3.0.12, and the stability issue seems to have subsided. There could be many reasons for that, but for the moment I'm taking advantage of the calm, and using the time to work the authentication issue. Once that is resolved, or at least better understood by me, I'll look at moving the version back up if necessary. -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unnecessary smbpasswd
At 12:43 PM 9/29/2005, Jeremy Allison wrote: On Thu, Sep 29, 2005 at 12:30:35PM -0600, Ric Tibbetts wrote: If I understand the process correctly: User on Windows XP box makes a request to the Samba server. The windows box passes the username/password pair to the Samba server. The Samba server checks that the user exists on the unix box, and (following the password server = xxx.xxx.xxx.xxx parameter in smb.conf) verifies the username/password from the Windows Domain Controller (specified in the password server = parameter). If the username/password do not exist on the specified password server, samba checks the smbpasswd file. Once the username/password is validated, the samba server will pass the share. Is the above a fair breakdown, in a very simple implementation? Close. The Samba server sends a challenge to the client on initial connect, the client replies on sessionsetup (user logon) with a username and a cryptographic reply to the challenge based on the users hashed password. Now Samba has to authenticate that reply somehow. It can't use unix passwords as the hashes aren't the same. To do it locally it can use smbpassword (or a local tdb or an ldap based SAM). To do this remotely against a Windows DC the Samba server have to be set up as a member of the domain served by the Windows PDC. That's where the net XXX (ads or rpc) join comes in. Once the authentication passes the the Samba server needs to look up a UNIX user that will represent the logging in client on this box - that's where you have either local unix users in /etc/passwd or use winbindd to have remote domain users appear as local unix users. Hope this helps, Jeremy. Yes, that confirmation helps greatly. I know where the breakdown is now. Resolving it is another issue, but at least I know where to look. The problem seems to be that the Windows ADS isn't answering, thus I'm getting the unknown user errors when I take out the smbpasswd. I did the net rpc join, and it did join the domain. So now i need to figure out why it isn't resolving the users/passwords. I may be back with more questions, but they'll be getting more specific now. Thank you! (seriously). -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication issues - One problem found, another discovered
All; Okay, I'm narrowing the problem down. With all other things configured, I'm down to and ADS problem. The reason Samba can't verify my username/passwords (as specified in password server = xxx.xxx.xxx.xxx) is because that address points to an ADS, and I didn't compile ADS into Samba (best answer I can find...If I'm way off base on that one, just let me know). So, the next effort would be to compile in ADS. THAT fails with errors relating to Kerberos. I'm running AIX 5.2, with the IBM Kerberos. I have no authority to change the Kerberos distribution. Has ANYONE come across this, and have a solution? I can post the exact compile error if anyone needs that. Thanks! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba --with-ads on AIX compile error
I need to compile ads into Samba on AIX 5.2. The compile fails in the krb5 segment with: Compiling libsmb/clikrb5.c libsmb/clikrb5.c:123: #error UNKNOWN_CREATE_KEY_FUNCTIONS libsmb/clikrb5.c:160: #error UNKNOWN_GET_ENCTYPES_FUNCTIONS make: 1254-004 The error code from the last command is 1. Does anyone have a remedy for this? Thank you -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication confusion - may be LDAP related
At 03:34 PM 9/27/2005, paul kölle wrote: Ric Tibbetts wrote: This is from the error log: attempting to make a user_info for u212442 (212442) making strings for u212442's user_info struct making blobs for u212442's user_info struct made an encrypted user_info for u212442 (212442) check_ntlm_password: mapped user is: [EMAIL PROTECTED] getsampwnam (smbpasswd): search by name: u212442 check_sam_security: Couldn't find user 'u212442' in passdb. check_ntlm_password: Authentication for user [212442] - [u212442] FAILED with error NT_STATUS_NO_SUCH_USER If you can increase the log level for the LDAP server you can see what filter is used above and find out why the object is not found. Have you added the sambaSamAccount objectClass and attributes to the user? You can use smbldap-tools for that. The above was done with log level = 100 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20 aio compile failure on AIX 5.2
I just tried to compile Samba 3.0.20 on AIX 5.2 (someone suggested that it may resolve the other issue I'm having, I doubt it, but it's worth a try). I received the following error when I tried to do the compile: /usr/include/aio.h:76: field `aio_sigevent' has incomplete type /usr/include/aio.h:127: field `aio_sigevent' has incomplete type In file included from dynconfig.c:21: include/includes.h:799: redefinition of `struct timespec' make: 1254-004 The error code from the last command is 1. I'm guessing that I'm not the first to encounter this. Does anyone have a fix? Thanks! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication confusion - may be LDAP related
All; I think I may have a clue about what's going wrong in my little environment here, but I could really use a more experienced eye on it. I've been having some strange authentication problems on a new install. With some digging, I may have a clue about what's going wrong. Some background: I'm only looking to use samba to share Unix directories to the Windows community. I'm not looking to build a full up login server. This is usually a VERY basic, and simple thing to to. You simply have to be sure that the windows users also have a matching account on the *nix side (doesn't need to be an smbpasswd account, just a very generic *nix account). I've done this several times, so when it blew up on me this time, it has caused me some sleepless nights trying to figure out. Here goes: In the last install I did ( at another company ), I did a very simple install, and it worked for what it was needed to do (simply provide the windows users with access to Unix directories, via shares). I didn't need a login controller, and I don't now. In that case, there was an LDAP server that validated Unix logins, but I pretty much just ignored it, and all was well. The *nix OS handled the authentication just fine (a very basic setup. For this kind of setup, the user only has to exist. The OS could check that very easily). So, I was trying to do the same here. When nothing would work right without making samba specific users (via smbpasswd), I started digging into the LDAP server. This environment is tortured. Here's what I found. On the Windows ADS, user IDs are pure numeric. So, for example, my Windows login is: 123456 Unix doesn't like that.So the unix logins are: u123456 Handling the translation for samba is just a usermap entry u123456 = 123456 Should be simple enough. But I'm getting No Such User errors. So I dug into the LDAP server. The user identification is strange. the dn: here looks like: dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata uid: 1040 username: u123456 snip with u123456 being my *nix login. To me, this looks very wrong (not to mention that there's no dc=). My last LDAP server it looked like: dn: uid=tibbetts,ou=People,dc=ldap-test,dc=com uidNumber: 123456 uid: tibbetts snip with tibbetts being my login. If I'm seeing this right, shouldn't the login be the uid not username? Is that what Samba is looking for? With the login being set to username, and uid being (what should be) the uidNumber, I believe that it's confusing Samba, and that's why I'm getting the user not found errors. Is a way to work around this? Or am I just SOL? Or am I all wet, and looking in the wrong place? I'd really appreciate a fresh set of eyes on this. Thanks in advance for any advice on this one!!! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication confusion - may be LDAP related
At 02:20 PM 9/27/2005, paul kölle wrote: Ric Tibbetts wrote: dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata uid: 1040 username: u123456 snip with u123456 being my *nix login. To me, this looks very wrong (not to mention that there's no dc=). It looks wrong and the author surely has had no clue what cn means etc. nevertheless it should work. If I'm seeing this right, shouldn't the login be the uid not username? Is that what Samba is looking for? You can set ldap filter = (username=%u) in smb.conf along with a suitable value for ldap suffix. Check the users with getent passwd to test if they are visible to the system. Okay, I tried this. Here's my smb.conf: # Global parameters [global] workgroup = WIN server string = RX01 %a-%v security = user password server = a server username map = /usr/local/samba/private/smbusers log level = 100 log file = /var/log/samba/%m.log max log size = 500 wins server = a server socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ldap filter = (username=%u) ldap admin dn = cn=root ldap suffix = cn=aixsecdb,cn=aixdata ldap group suffix = ou=aixgroup ldap user suffix = ou=aixuser ldap machine suffix = cn=aixid,ou=system [Homes] comment = User Home Directories valid users = %S read only = No guest ok = Yes Still no good. I have no getent installed. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication confusion - may be LDAP related
At 02:20 PM 9/27/2005, paul kölle wrote: Ric Tibbetts wrote: dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata uid: 1040 username: u123456 snip with u123456 being my *nix login. To me, this looks very wrong (not to mention that there's no dc=). It looks wrong and the author surely has had no clue what cn means etc. nevertheless it should work. If I'm seeing this right, shouldn't the login be the uid not username? Is that what Samba is looking for? You can set ldap filter = (username=%u) in smb.conf along with a suitable value for ldap suffix. Check the users with getent passwd to test if they are visible to the system. This is from the error log: attempting to make a user_info for u212442 (212442) making strings for u212442's user_info struct making blobs for u212442's user_info struct made an encrypted user_info for u212442 (212442) check_ntlm_password: mapped user is: [EMAIL PROTECTED] getsampwnam (smbpasswd): search by name: u212442 check_sam_security: Couldn't find user 'u212442' in passdb. check_ntlm_password: Authentication for user [212442] - [u212442] FAILED with error NT_STATUS_NO_SUCH_USER Yet, from that same AIX box if I check my id: # id u212442 uid=1040(u212442) gid=1001(sysadmin) So the OS knows the id exists, it's just not passing that info to Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication confusion - may be LDAP related
At 02:20 PM 9/27/2005, paul kölle wrote: Ric Tibbetts wrote: dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata uid: 1040 username: u123456 snip with u123456 being my *nix login. To me, this looks very wrong (not to mention that there's no dc=). It looks wrong and the author surely has had no clue what cn means etc. nevertheless it should work. Suprisingly enough (maybe not...) this is the default configuration from IBM for thier LDAP server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Where Can I get Samba for AIX 4.3.3
Try the Bull Software site. At 12:09 PM 9/26/2005, Joseph Madrinkian wrote: Whare can I go to download a bianry for Samba AIX V4.3.3? Notice: This transmission is for the sole use of the intended recipient(s) and may contain information that is confidential and/or privileged. If you are not the intended recipient, please delete this transmission and any attachments and notify the sender by return email immediately. Any unauthorized review, use, disclosure or distribution is prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth problem
At 08:54 AM 9/23/2005, Greg Folkert wrote: On Thu, 2005-09-22 at 14:48 -0600, Ric Tibbetts wrote: There is a terribly good howto: http://www.idealx.org/prj/samba/smbldap-howto.en.html Thank you! That helped, I'm closer. I left out one line from my smb.conf I found it from digging through that how-to. password server = LDAP server With that in, it now picks up the users from LDAP, which is exactly what I was after! Now I just need to work out a performance issue. getting the IDs from LDAP is SLOW It works, just as I wanted it to. It's just slow. Well, it depends. How *slow* is slow? And also, have you cranked up the logging on the auth part? log level = passdb:10 auth:10 Also have you set: passdb backend = ldapsam ldap://auth.yourhost.com I am also assuming you have all the LDAP stuff setup properly, of course as needed/if needed. ldap admin dn ldap delete dn ldap filter ldap group suffix ldap idmap suffix ldap machine suffix ldap passwd sync ldap replication sleep ldap suffix ldap timeout ldap user suffix Hopefully, if you have good throughput, its all in these settings. If you don't have good throughput... well time to check the networking tweaks for samba. Also, if the delay turns out to be a lookup delay, try hard coding the name and ipaddr in the /etc/hosts file on the AIX box. This sometimes is a good work around for DNS queries gone bad. Greg; Well, what was working yesterday, has stopped today. This is getting frustrating. In short: I'm trying to use Samba in it's most basic form. I don't need a windows login server, nor a domain controller, none of that. I just, very simply, need it serve out shares to already logged in windows users. I've done this many times, in other places. I can't possibly imagine why it's not working now. I don't need a passwd database. I don't even need passwords. The process is: 1) users are at a PC (which is already logged in via the Windows ADS. 2) Users need a share from Unix server X 3) uinx server X should only need to validate that the request is coming from a valid subnet, from a valid user. They don't need anything else. Just the share. That's it. This is Samba at it's simplest. The only wrinkle in this whole thing is that the user names between the windows side, and the Unix side, don't match. So I have a smbusers file to translate that. Other than that, it's all pretty basic. I'm getting crazy errors in the logs. Everything from unknown user, to no domain controller, to no password server, etc... It's almost random. What was working yesterday, is dead today, and I didn't change anything while I was at home last night. I'll strip it all down again today, and piece it back together, and hope I can make it work again. This is just nuts. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] auth problem
Okay, I'll keep asking questions, until I word one in a way that someone will answer. :) i'm trying to get Samba setup. I've done this before, and it has never given me this much trouble. In short, it seems to be insisting that the user be in smbpasswd (I've not experienced this before). If the user is in smbpasswd, all seems well. If not, even though they exist on the server (via ldap + kerberos), I get a user not found error. On the last set of servers I did this on, even ones who authenticate via ldap, I never did anything special to samba to get it to work. But I've not been so lucky this time. The setup: Server: IBM AIX 5.2 Samba 3.0.14a Authentication: LDAP Security: Kerberos The user entry in /etc/security/user: user name SYSTEM = KRB5files smb.conf (in a simple form) [global] workgroup = WIN log level = 5 auth log file = /var/log/samba/%m.log username map = /usr/local/samba/lib/smbusers [Homes] comment = User home directories guest ok = no read only = No I need the username map because the user names do not match between the windows clients the samba server. So I need to map the translation. When I try to access the system, I get an unknown user error. The ONLY thing I need samba to do is provide shares (not shown above) to windows users. Nothing else. If, I add a user to samba with smbpasswd . then the users can access the shares. If not, they can't. I also, in the past have not had a server prompt me for passwords to access shares. I'm missing something really obvious. I'd really appreciate some assistance on this one. thanks in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth problem
There is a terribly good howto: http://www.idealx.org/prj/samba/smbldap-howto.en.html Thank you! That helped, I'm closer. I left out one line from my smb.conf I found it from digging through that how-to. password server = LDAP server With that in, it now picks up the users from LDAP, which is exactly what I was after! Now I just need to work out a performance issue. getting the IDs from LDAP is SLOW It works, just as I wanted it to. It's just slow. -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd
All; I have, what should be a simple install, that is stuck. I need to set this up, very simply to authenticate the windows user coming in, and present the shares, NOT requiring a password. I've tried everything I can think of, but it always prompts for a password. If I put the user in smbpasswd, they can log on, but it requires an initial passwrd (only the first time, then never again). But... I've built servers in the past that did not require the users to be in smbpasswd, a valid, matching, unix password was sufficient. If I put security = DOMAIN in smb.conf, it will ALWAYS prompt for a passwrd. If I put: security = USER it prompts once, but the user has to exist as a unix account, AND in smbpaswd. How do I get around this? I've done it on other servers, in other places, with no problem. But this one is hanging me up. I could use a pointer. Thanks! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba w/Kerberos
Okay, I'll ask this another way (since I NEED to do this). When a user connects to a share, can Samba prompt for a kerberos password (ala Crytpocard technology)? If so, how do I set it up? The set up: OS: AIX 5.2 Samba v. 3.0.14a Thanks in advance! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + Kerberos
All; I have a situation that I'm not sure can be done (I honestly don't know enough about Samba for this one). Here's what I have. The customer has a Windows ADS (note: It's the newer windows ADS, so there is no NT Domain as in the old NT format). There are also a number of *nix servers (AIX) that have data on them. They want to use Samba as basically, an NFS server to serve out shares to the users on their PCs. BUT... They use a CryptoCard (Kerberos) password encryption on the AIX boxes. They want Samba to prompt for Kerberos passwords before allowing the connection. Is this even possible? If so, I need some serious help getting it all set up. Also: Their current Samba servers are running Samba 2.2.8a (sans kerberos). They want to be able to migrate the user base over to the Samba 3.0.x installation. I tried net .. vampire ... but got nothing. I could use some advice with that too. Any, and all advice will be greatly appreciated! Thanks in advance! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd_lookup_name_by_sid(429)
I've probably overlooked something basic, but I'm stuck. When I started up winbindd, the following error showed up in the log: . . . [2004/03/24 08:58:42, 1] nsswitch/winbindd_util.c:winbindd_lookup_name_by_sid(429) Can't find domain from sid [2004/03/24 08:58:42, 1] nsswitch/winbindd_util.c:winbindd_lookup_name_by_sid(429) Can't find domain from sid Can anyone shed some light on what's causing this? Thanks!! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.2 uid filtering
All; I'm running Samba 3.0.2 w/winbind on an LDAP server (for various reasons). However, our NT PDC managers input the user IDs oddly. They come out looking like: -rwxr--r-- 1 NORTHGRUM+tibberi 10 45766615 Feb 17 10:05 Fonts.zip Is there an (easy) way to filter those, to get rid of the NORTHGRUM+? Our NT admins add that as a way of identifying the network the user is on. Thanks! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind hang
All; I'm having an odd problem with winbind. I just installed Samba 3.0.2 pre1 on a Solaris 9 server. smbd/nmbd/winbindd all start ok. But when it first starts, if I try wbinfo -u, it hangs. As does getent passwd. This will continue for the first couple hours after a restart. Then, things will suddenly start to work, and be fine for the rest of the time. Until I have to restart it again. Any thoughts? This also occured with Samba 3.0.1 I would greatly appreciate any ideas on what's causing this. -Ric -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba