Re: [Freeipa-devel] Re: [Samba] Samba4 and freeipa
On Tue, 2009-01-06 at 17:29 +1100, Andrew Bartlett wrote: > On Mon, 2008-12-22 at 15:43 +0300, Konstantin Kozlov wrote: > > Hello, > > > > I want to try Samba4 using a working FreeIPA setup as LDAP/Kerberos > > backend. Did anybody try it already? Or are there some known issues > > about such combination? > > While there are some ideas about how Samba4 might bring windows client > support to FreeIPA, this isn't something even remotely possible at this > time. > > The particular sticking points are that Windows clients expect an > AD-like LDAP and Kerberos server, not MIT kerberos and Fedora DS (with > FreeIPA schema). Samba4 can happily provide these services, but then > the FreeIPA clients will see an AD LDAP server. MIT Kerberos is getting the missing bits samba4 needs, but the DIT is going to be one of the major issues to solve. > I suspect the long-term solution will be to have Samba4 provide the KDC > and the LDAP server, and have FreeIPA clients know to use the LDAP > server on another IP address or port. (But I also know this proposed > solution will infuriate others). I am not sure I can agree with this view. The point is that FreeIPA is not just a generic LDAP + Kerberos server, we are working in providing a number of features targeted specifically at unix-like hosts. Using an AD-like tree would kill a lot of these features or require other compromises that do not really make sense in a pure linux/unix environment. I think Kerberos trusts (+ other glue for account enumeration) or synchronization are better solutions to get the best for each platform set (AD like for Windows, IPA like for *nix). > The only part of this solution currently available is the LDAP backend, > which allows Samba4 to use an OpenLDAP or (less-well-supported) Fedora > DS server as a data store, using the AD schema. Another solution could be to have the LDAP backend provide different *views* depending on what is the client, I'd like to explore this possibility down the road, but it is too premature right now imo. Simo. -- Simo Sorce * Red Hat, Inc * New York -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] about the new built-in groups
On Tue, 2006-09-19 at 12:44 -0400, Eric A. Hall wrote: > I recently upgraded my Samba install and happily noticed that it > automagically created groups for BUILT-IN/Administrators and > BUILT-IN/Users in my LDAP user store. > > Can I use these groups like I would normally use them on other systems? > Can I use them as primary groups for my various users and whatnot? Can I > map the Administrators group to my "root" Posix group? etc? No, you cannot use them as primary groups, Windows requires that the primary groups is a domain group, builtin groups are not domain groups. The Administrators group can be used if you want to give administrative privileges locally (builtin groups do not have any effect on other machines) without giving admin privs on other machines as it would happen by adding a user to the Domain Admins. Simo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CryptoCard - PAM or RADIUS?
On Tue, 2006-09-19 at 09:59 -0400, Russell Handorf wrote: > Greetings all, > > I'm working on attempting to get SAMBA to work with a product line > called CryptoCard. I *should* be able to get it to work one of two ways, > either through the use of CryptoCard's provided PAM module, or through > RADIUS authentication. > > Currently, I cannot seem to get PAM authentication to work at all. This > is what is in the 'samba' file for PAM: > auth required /lib/security/pam_cap_auth.so > server=:624 noeus debug echo > auth requires /lib/security/pam_nologin.so > accountrequired /lib/security/pam_stack.so service=system-auth > accountrequired /lib/security/pam_permit.so > sessionrequired /lib/security/pam_stack.so service=system-auth > sessionoptional /lib/security/pam_console.so > password required /lib/security/pam_stack.so service=system-auth > > And for the smb.conf file I have the all important setting of 'encrypt > passwords = No' to enable PAM authentication > > When attempting to authenticate locally, from the server to the server, > I get: > smbclient -U rhandorf -L localhost > Password: > session setup failed: NT_STATUS_UNSUCCESSFUL > > and in the error logs I get: > [2006/09/18 13:42:36, 0] auth/pampass.c:smb_pam_auth(535) > smb_pam_auth: PAM: UNKNOWN ERROR while authenticating user rhandorf > [2006/09/18 13:42:36, 0] auth/pampass.c:smb_pam_passcheck(810) > smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User rhandorf ! You need a lot more logs. What I can't understand is how you are supposed to pass credential authentication via smbclient, are you sending the Smartcard PIN in the clear over the wire? > I've looked around to see whether or not SAMBA supports RADIUS > Authentication, and I havent seen any documentation that totally says > 'yes.' No. Makes no sense to support any clear text based authentication except for the historical support for PAM with clear text passwords. > Asking the vendor yielded the response of "SAMBA then isnt PAM aware; > We'd like to support it, but until it is PAM aware we wont." As you can see we call the PAM stack, tell your vendor to try harder :-) > Any help would be great. I don't think PAM is the way to support SmartCard authentication via Samba. Simo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 PDC - trouble renaming domain member computer
On Mon, 2006-09-18 at 10:42 -0300, Felipe Augusto van de Wiel wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 09/15/2006 11:04 AM, ryan punt escreveu: > > All, > > > > I've got a Samba 3 PDC serving numerous XP clients, and I'm > > getting an error I wouldn't have expected. When trying to > > rename an XP machine joined to the domain (via "netdom > > renamecomputer"), the command fails unless the specified > > domain user has UID 0. > > > > The command in question: > > > > netdom renamecomputer %COMPUTERNAME% /newname:%NEWNAME% /userD:DOMAIN\USER > > /passwordd:PASSWORD /force > > > > fails with "error 5: Access is denied" for UID >0 accounts, and succeeds > > for an account with UID 0. > > > > Some background: > > > > I have the following group mappings: > > net groupmap list > > Domain Administrators (S-1-5-21-1079125125-2089603153-60846589-512) -> > > Domain Admins > > Domain Users (S-1-5-21-1079125125-2089603153-60846589-513) -> Domain Users > > Domain Guests (S-1-5-21-1079125125-2089603153-60846589-514) -> Domain Guests > > > > Domain Admins has a few members; among them, account testadmin has UID 0, > > and account printsetup has UID 12632. > > > > Domain Admins has the following rights: > > net rpc rights list "Domain Admins" > > SeMachineAccountPrivilege > > SePrintOperatorPrivilege > > SeAddUsersPrivilege > > SeRemoteShutdownPrivilege > > SeDiskOperatorPrivilege > > > > "Domain Admins" members have no individual rights assigned; > > rights are assigned to the group only. > > > > So, it comes down to this: printsetup and testadmin have > > the same rights, the same group memberships, the same > > everything except UID. I've looked through the available > > rights list in the Samba docs and didn't see a specific > > "rename computer" right, and I would have expected > > membership in "Domain Admins" to be sufficient. However, > > I've found that UID >0 accounts can't rename domain computers; > > UID 0 accounts can. > > > > Is this a known issue? I haven't seen anything in the docs, > > but I'll be digging in again shortly. High-level debugs > > available upon request. > > Those users (with UID>0) can join a machine in the > domain? If yes I would say it is a bug, if not I would say > you need to set the privileges per user. Maybe it is a bug > anyway and you should report it to If the group these users are part of has the SeMachineAccountPrivilege it is perfectly fine that thay can join machines to a domain, it is what this privilege has been built for. Renaming a computer should be probably be allowed by SeMachineAccountPrivilege, please file a bug if you have troubles only with it. Simo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.21 packages for sarge
I've uploaded 3.0.21 packages for sarge. I'm not going to produce woody packages past the present 3.0.20b unless there is high demand. Have fun. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba 3.0.21 Available for Download
I think the sarge packages should work fine on ubuntu, or do you think 5.10 is so different they will not ? Simo. On Thu, 2005-12-22 at 13:46 +0700, Wisu wrote: > On Wed, 2005-12-21 at 15:18 +0100, Louis van Belle wrote: > > and the debian packages ;-) > > > > Louis > > > > Anyone building Ubuntu 5.10 packages? > > IT Would be nice :) > > TIA > > -- > Wisu > on amd64 kubuntu! > -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba 3.0.21 Available for Download
On Wed, 2005-12-21 at 15:18 +0100, Louis van Belle wrote: > and the debian packages ;-) building them Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User Must Change Password On Next Logon
On Fri, 2005-12-16 at 17:20 +0100, Emanuele wrote: > Hello, > you can write this: > > pdbedit --pwd-must-change-time=1134732000 'username' > > > P.S.: 1134732000 is the time (sec) starting at 01/01/1970, in this > case, the user 'username' must change his password after the > 16/12/2005 12:20. Do you know you can use a readable time format too ? pdbedit --time-format="%Y/%m/%d" --pwd-must-change-time="2005/12/18" "username" Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind problem (Trusting domains)
On Fri, 2005-12-16 at 12:33 +0100, Michael Gasch wrote: > it has always been mentioned, that idmap_rid is the better backend in > large organizations Sorry ? I do not think idmap_rid is good for v. large organization. Probably the best bet is idmap_ldap. Nscd is ok as long as you know it's downsides. For example on the PDC it is necessary to shut it down while adding or modifying users, and it may be a problem on member servers as it caches both positive _and_ negative lookups. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Settings for winbind on BDC
On Wed, 2005-12-07 at 16:45 +0100, Michael Gasch wrote: > hi, > > we have a PDC/BDC Samba v3 setup (DOMA) which trusts a foreign Samba v3 > domain (DOMB). > > we also installed winbindd on both DCs with idmaping in our network > (DOMA) to authenticate users from DOMB. otherwise samba claims "User not > found" or "Finding user xxx: No such User". > > it works great on PDC but not on the BDC. winbind won´t idmap users from > DOMB on our BDC as PDC does. > > winbind.log from BDC: > Added domain DOMA S-1-5-21-1042031166-381324594-2118846581 > Added domain BUILTIN S-1-5-32 > > > winbind.log from PDC: > Added domain DOMA S-1-5-21-1042031166-381324594-2118846581 > Added domain BUILTIN S-1-5-32 > > *Added domain DOMB S-1-5-21-1046543266-381324594-9876846581* > > net rpc trustdom lists the trusted domain (DOMB) on PDC *and* BDC after > establishing the trust on PDC to PDC from DOMB. > > should that work is is this setup not possible with samba? > in case PDC goes down BDC would only find POSIX information for its own > domain and not for the trusted domain, which is bad. Actually trust info is not replicated between DCs (eg, the trust password is not replicated), so you should launch the trustdom command on each samba DC to let it be set in the secrets.tdb file of each DC. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hanging SMBD processes - Samba CRASHING
On Wed, 2005-12-07 at 09:50 -0500, Matt Lung wrote: > To get to the point of the problem, this server will run fine for a > period of time and then begin to build up SMBD processes until > eventually our users can no longer access shares. The Samba server just > stops responding. It does not even respond to STOP, START, or RESTART > commands. Doing a RESTART on samba will look like it is restarting the > service, but Samba will still be in the same locked state with shares > still not available. Doing a status on the service then reveals that > the STOP, START, or RESTART did nothing to clear out the old processes > or the locked files it thought it previously had opened. We end up just > rebooting the server to clear everything out. Right now we are just > reading through all the documentation, posts, and waiting for this to > happen again to hopefully capture some error in the log. When that > happens I'll send more detail. Instead of immediately restarting it you may attach a strace to the spinning process and tell us where it dies. Meanwhile I suggest you to check the integrity of your tdb files (killing with -9 may lead to corrupted tdbs and in some rare occasion I've seen our code spinning on corrupted files). To check if a tdb is ok, you can tdbbackup it (no need to stop samba for that) and see if the backup is ok. In case of error you have a corrupted tdb and it is better to remove and restart it in case it is a temporary db or plan adequate measures in case it is a persistent one. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC/BDC Load-Balanced?
On Fri, 2005-12-02 at 17:16 +0100, Matthias Spork wrote: > Hallo, > > I've setup a BDC in the same subnet like my PDC. I observed that some > User take the BDC to logon. > The Domain-Join of some PCs will also done at the BDC. > > Is this behavior normal and wanted? If done so, I have to rsync the > profiles or only netlogon? Only the Netlogon, just specify the same server name for the profile path in both servers confs. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and netbeui
On Thu, 2005-12-01 at 09:38 +1100, Andrew Bartlett wrote: > On Wed, 2005-11-30 at 09:08 -0500, Mike Weske wrote: > > Hello all, > > > > There is still a use for netbeui (non-routed protocol) in the > > network. If you are using a VPN client that does not allow split > > tunneling, you can still access printers on another local system with > > netbeui. I would like to remove the windows system and have my print > > shares on my Linux system with Samba. > > Is all consideration of netbeui within the Linux/Samba environment > > gone? Can someone suggest another way to get printers and file shares > > between a windows system and Linux system without TCP/IP? > > The closest Samba ever got to netbeui was an experimental patch that > (from memory) accompanied the Linux kernel patch. It was never > accepted, because it never added a real transport independence, just > hacks to get around Samba's attachment to TCP. I have tested that patches last year or so, and they were too unstable (at the kernel level) to be usable in a production environment imho. But we may have hope to support netbeui in samba4 if we happen to have kernel support as samba4 code should be layer independent enough to allow we to support it easily. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Modify and backup winbindd_idmap.tdb
On Wed, 2005-11-30 at 15:16 +0100, [EMAIL PROTECTED] wrote: > Hello list, > > Is there a possibility to add entries to the winbindd_idmap.tdb manually? use net idmap dump and net idmap restore to dump the db, modify it and restore, but be extremely careful in what you do. > I know I can use tdbdump to see the entries, but is there a chance to modify? not with tdbdump, see above > My problem is I have to map some uid to some Windows SID without using LDAP. > On the other hand new user not having any uid in linux should map to the > range of uid I defind by using > > idmap uid = 1-2 > > 2nd Question: > > Is it possible to backup winbindd_idmap.tdb by just copy the file and use > this file to replace in case of corruption of the original file? no, you may have a corrup file as outcome, use tdbbackup that guarantees a complete database traversal record by record. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Lots of "write_data: write failure in writing to client" and "Error writing 4 bytes to client. -1"
On Sun, 2005-11-20 at 22:02 +0100, Leroy van Logchem wrote: > Last week we installed Samba 3.0.20b on one of our servers, worked fine and > does it's job well. But today the load was rising due two smbd processes > taking up all cputime. While looking for hints on what was going on the > logfiles show two types of errors (I don't know at this time if it has > anything to do with the load spike): > > lib/util_sock.c:write_data(554) > write_data: write failure in writing to client 0.0.0.0 <http://0.0.0.0>. > Error Connection reset by peer > > followed by: > > lib/util_sock.c:send_smb(762) > Error writing 4 bytes to client. -1. (Connection reset by peer) this is a "normal" client disconnection, ma have been a reboot, a network glitch, or any other client problem. > After a few hours I killed the two offending smbd's but I like to know more > before it reoccurs. would you have run strace or gdb on the process to see where they where stuck ... next time please do it. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Debian Binary Packages from samba.org
I'm reshaping Binary_Packages/Debian directory to allow us to release binary packages for both Woody and Sarge. You may expect some problems downloading our debs, while I try out the new trees. The good news are that there you will find samba 3.0.20b packages for Woody and Sarge as soon as our mirrors get in sync. I must thank Debian Samba maintainers, Eloy and Steve, for their work on Debian packaging from which I derive the samba.org packages. I will shortly update the debian packaging directories in the main SVN tree too (up to unstable). Any suggestion is very welcome, feel free to write me, or keep me in Cc as I often miss [EMAIL PROTECTED] threads. cheers, Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Simo still doing deb's at samba.org?
On Thu, 2005-10-13 at 08:58 -0500, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michael Lueck wrote: > > | I happened to check if there are current Debian .deb > | packages for 3.0.20a at samba.org, only 3.0.14a in the > | directory. Will this be updated, or has there been a > | change in operations behind the scenes? > > Dunno. Simo? Yes I plan to release debs for sarge (it is up to 3.0.14 so I didn't felt much urgency) soon, not sure if I should release debs for woody (the old stable). I have been a bit busy in the last period but I plan to come back and push debs asap. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Strange update problem 3.0.5->3.0.6 with XP-Clients
Jerry Carter: > > |>> Upgrade from 3.0.6-1 to 3.0.6-2 did not solve anything. > |>> > |> What are these versions? > |> > | > | The versions from the unstable debian distribution - I also > | mailed to the package maintainer. > > Ahh...ok. I new they were mine. You got them from samba.org > right ? Simo Sorce maintains those. Nope Jerry, they are from Debian *Unstable*, I produce packages only for debian *stable* (as Debian folks do not upgrade packages in stable). So don't try dodge this problem by dropping it on me ... drop it on debian folks :-) Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2.10 debs for stable
I've finally updated our debian repository adding 2.2.10 debs for woody. They will be available in a few hours from your favorite mirror. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.5 debian packages
Debian packages of the 3.0.5 security release are available on main samba site. In a few hours they should also be available on your preferred mirror. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Cloning a NT4 fileserver to Samba
Look at samba 3.0 documentation, there is an entire chapter on domains/servers migrations. Simo. On Fri, 2003-10-03 at 14:00, Raphaël Berghmans wrote: > Hi, > > I've to migrate a whole NT4 fileserver to a Samba server. At least I > would like that owner and group of each file being preserved ! > > Is this a way to do that ? > > Thank you, > > Raphaël -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. - http://www.xsec.it via Durando 10 Ed. G - 20158 - Milano mobile: +39 329 328 7702 tel. +39 02 2399 7130 - fax: +39 02 700 442 399 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Team Debian repository
After users request I've just added the Release file to our Debian packages rep on samba.org mirrors. Hope this helps. Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. - http://www.xsec.it via Durando 10 Ed. G - 20158 - Milano mobile: +39 329 328 7702 tel. +39 02 2399 7130 - fax: +39 02 700 442 399 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sasmba e xp home
> From: giuseppe sportelli <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [Samba] sasmba e xp home > Date: 19 Feb 2003 19:01:36 +0100 > > aglia aglia (in italian meat ahi ahi !) in which dialect?? :) in quale dialetto?? :) > Hello i have a serius questions . > I have installe din my school samba as PDC for 8 subnet with client win98 Me > 95 and i use it like profile server . > Last month the school without call me buyed 10 cp with xp home ! > It never possible that xp home do not support domain logons, and other nice > features . > I have samba 2.2.7a with mandrake 9.0 > Thank for help me No Win XP Home doesn't even support domains like the previous win9x clients. No way to make an XP Home to authenticate against a Domain Controller, I'm sorry, you will either live with that, or spend more money to "upgrade" to XP Pro. No, Win XP Home non supporta i domini neanche come i precedenti win9x. Non c'è alcun modo di far autenticare un XP Home su un domain controller mi spiace ma devi trovare un modo di convivere con questa cosa, o spendere un sacco di soldi per l'"upgrade" a XP Pro. Simo. P.S: Se interessa c'è un sito e anche una lista italiana dedicata a samba: http://samba.xsec.it samba-it http://lists.xsec.it per iscriversi alla lista -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: domain
what samba version? you can upgrade to the last samba version, it is recommended anyway. please let continue this thread over [EMAIL PROTECTED] user's support mailing list. Simo. On Fri, 2003-02-21 at 19:49, Igor Debacker wrote: > I use suse 8.0 > > and in suse > this command > winbind use default domain = yes > > is not supported > > .. is there anything i can do ? > > "Simo Sorce" <[EMAIL PROTECTED]> escreveu na mensagem > news:[EMAIL PROTECTED] -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New Debian Packages?
From: Markus Schabel <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [Samba] New Debian Packages? Date: 23 Jan 2003 16:14:24 +0100 Nicki Messerschmidt, Linksystem Muenchen GmbH wrote: > Hi there, > does anyone know where I can get new samba packages for debian, because > woody is at 2.2.3a-12 and this version has definitev a problem with > Access 97 databases... *arg* And I'm not able to produce new debian > packages myself. > > Any help is appreciated... There are team packages for 2.2.7a on samba mirrors, just go to the download section and search for them. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] secretly replacing a windows domain client with samba
On Sat, 2003-01-18 at 01:09, Benjamin Adler wrote: > Hello! > > I have a problem: I work in a company which is strictly windows-only, and > I really need to replace a windows-xp machine - which is a member of the > company's domain - with a linux machine (using samba). > > This new linux machine will have to upload backups of its data to a share > within the domain. Thus, it needs to be a member of the domain (correct?). wrong to upload data, you only need a username and a password (normally) Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] SAMBA - ASCII - BRASIL
through ftp On Wed, 2003-01-15 at 16:17, Isdralit - CPD wrote: > > > How can I send ASCII's files from an AIX(UNIX) server to NT server, > not in binary mode by samba? -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
RE: [Samba] Password protect shares with
On Tue, 2003-01-14 at 23:22, Robert Adkins wrote: > Simo, > > If you still need a user per share, isn't that the same as having an > account? I believe that RacerX was looking for a way to have anonymous > (With no username) access with a password. that's one of the options, you may simply have a system wide guest account with no password and be fine with that. or have the same user for all shares, having just 1 (or a few) user instead of one for each person that connects to the server is a big gain with large user bases. Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
RE: [Samba] Password protect shares with
Bad answer Robert, Racer X, with security = share you can do something like that. you still need a user per share, but that will make things similar to what you need. see also the "username" parameter in smb.conf Simo. On Tue, 2003-01-14 at 22:57, Robert Adkins wrote: > Racer X, > > The simple answer I have; No > > Regards, > Robert Adkins II > IT Manager/Buyer > Impel Industries, Inc. > Ph. 586-254-5800 > Fx. 586-254-5804 > > > -Original Message- > From: Racer X [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 14, 2003 1:27 PM > To: [EMAIL PROTECTED]; Robert Adkins > Subject: [Samba] Password protect shares without creating user accounts > > > > > > > Hi, Could you tell me if there is a way to make it so that a password is > required for a share, without creating a Unix account. I would like to > share folders without making an account for everyone who wants access to > those shares. I am already restricting access to those shares based on > IP address. I would like to also restrict access with password > protection. Basically, I want to restrict access to a share based on IP > address and a password, but without creating user accounts. > > > > ----- > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] wbinfo
On Fri, 2003-01-03 at 00:18, Peter Milburn wrote: > Hi > > when I do a wbinfo -t I get this > Secret is bad > 0x8005 from include/nterr.h #define STATUS_BUFFER_OVERFLOWNT_STATUS(0x8005) > how bad is that, and what problems would that cause me ? may be, do you have more info on your environment? Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] Sometimes WBINFO reports "Bad Secre"t for ComputerAccount of ser ver
On Thu, 2003-01-02 at 12:02, Petry Roman, ITS-IT wrote: > Hello, > > we use Samba 2.2.7 in our company to serve files for nearly 800 people.. > Sometimes they get errors within the netlogon script which asks them for > their passwords.. > 1 Minute later after a reboot everything works o.k.. no asking again.. > > i created a trace file for wbinfo and sometime i get secret is bad.. > > Tue Dec 31 09:15:00 CET 2002 > Secret is good > Tue Dec 31 09:16:00 CET 2002 > Secret is bad > 0xc022 > Tue Dec 31 09:17:00 CET 2002 > Secret is good > > We have 3 Domain Controllers with NT4.0 SP6a.. FDDI Backbone.. WINS ready > and o.k.. > > What´s the meaning of this hex code ?? #define NT_STATUS_ACCESS_DENIED NT_STATUS(0xC000 | 0x0022) > Any hints .. Strange, it may have some problems with one of the DC? Can you tell if the log say somwthing more useful? you may set debug level to 10 and look what happens? ... uhmm seem we do not have a -d option in wbinfo ... but winbindd have it Try running winbindd with -d 10 and look at logs. Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] how to verify the connection between a Sambaserver and a Windows Xp client?
On Tue, 2002-12-31 at 11:34, Kurt Weiss wrote: > Simo Sorce schrieb: > > On Tue, 2002-12-31 at 10:37, John H Terpstra wrote: > > > >>You can not have a machine name and a user name that are the same. > >> > >>- John T. > > > > > > Sorry john but seem you are wrong. > > I've seen tons of setup made that way and also tested recentely this > > thing while thinking of the gums api for head. > > > "our" win xp disallowes this, already widthin a single user > installation. ;-) that's good :) > so i think that a view libraries has problems width this case... > > in w2k/me/98/95 it was possible, but microsoft self disapproved this > (since win 3.11 !!!) if u was phoneing with their support. :-( but they have been really careful not to warn the admin with their beautiful popups and wizards :-) Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] how to verify the connection between a Samba serverand a Windows Xp client?
On Tue, 2002-12-31 at 10:37, John H Terpstra wrote: > You can not have a machine name and a user name that are the same. > > - John T. Sorry john but seem you are wrong. I've seen tons of setup made that way and also tested recentely this thing while thinking of the gums api for head. Windows is cleanely happy to have users and machines with the same name, infact I think the whole machine$ thing has been done exactly for this purpose, so that the user can have the same name of a machine as machine has $ postpended. Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] NTLMv1 v. NTLMv2 ; more than one "identity" on a TCPconnection
On Tue, 2002-12-31 at 05:21, Joey Collins wrote: > Hello, > Two questions for you this evening. > > How do you tell the difference between NTLMv1-style authentication and > NTLMv2 style? The CIFS dialect NT LM 0.12 does both(?), so does not > appear in the NegProtRequest message (nor in the flags, near as I could > tell). Do you ascertain this by examining the SessionSetupAndX > message? If so, what parts? I let andrew answer NTLM related questions :) > Is it possible to have more than one CIFS "identity" on a TCP > connection? For example, say I open a TCP connection, authenticate > myself using NegProt/SessionSetupAndX/etc exchanges as user "foo" > password "bar", can I also establish another identity (i.e., do another > SessionSetupAndX exchange?) say, "hello" password "world" on the _same_ > TCP connection? Yes it is possible, and it is what terminal servers do by default. > This seems to be enforced on the client-side because if > you try to connect to a share on a computer using a different identity, > it complains saying already connected. But, nothing comes over the > wire, so it is purely a client-internal decision. This is a really stupid client issue. In my opinion a password caching issue in that it seem a win client associate a password with a machine name. I tried successfully to connect to the same machine with 2 identities using netbios name in first connection and ip number on the second (not sure it works on all MS OSs). Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Oplock break request failures
On Tue, 2002-12-24 at 11:37, Ray Simard wrote: > I hope someone can enlighten me on this. > > Situation: NT network, Samba PDC, about 20 NT 4.0 workstations. log(s).smbd > are created per machine for easier analysis (as log.smbd.). > > Not often, but often enough to be of concern, are errors in > request_oplock_break that seem to indicate that another smbd process that > should be listening for break requests on a UDP socket isn't, or isn't > responding. Some time ago, for some very strange reason, the system was > configured with share modes off, which caused these errors to occur > constantly. That was corrected and now they are infrequent, but not > infrequent enough, I suspect, to ignore. > > One possibly significant fact: there are two subnets. The cross-subnet > browsing recommendations have been followed and we have no trouble browsing > across the subnets; but all of the failures I'm writing about occur on the > subnet which is remote from the one on which the Samba PDC resides. None of > the samba logs associated with any of the several NT workstations on the > local subnet with the Samba machine show this error. I can't see how that > would matter, given that the inter-process oplock break requests are simply > UDP communications and don't use subnet broadcasts - unless I'm mistaken, a > very real possibility. :-) > > Does anyone have a hint on what might cause this, how to troubleshoot it more > fully, or if it's really nothing to worry about? Oplock breaks are notified to client machines, and then clients must answer in a given time (oplocks regards client caching). If clients fail to answer in time, the server must consider them broken/dead/whatever and break the oplock itself. This of course means that it could have unconsistent data on disk, but nothing can be done. You have slow links, you may want to rise oplock breack times, but then you may experience slower startup fo rapplications or slow file opening. You may try with: oplock break wait time But be sure you understand what this means, read carefullt the man pages and use at your own risk :-) Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] weird stat()
On Sun, 2002-12-22 at 20:34, Erick Calder wrote: > > so what matter is the kernel you have not samba version > > sorry if I didn't provide all relevant info. > > client host: RH 7.2 (2.4.18-18.7 kernel), samba 2.2.1a-4 > server host: RH 7.0 (2.4.9 kernel), samba 2.0.10-0.7 > > > However, this seem a kernel bug in smbfs > > if this is a bug in the kernel... the question on which side: the client > (which is rather recent) or the server (which is a little older)... and in > either case then I should be posting to which mailing list? well try to upgrade the server to 2.2.7a and see if thins change. I think we fixed some bugs with dos times in 2.2.x series. Btw why do you use smb to share beetwen 2 unix machines? Currently nfs is still better as it respect unix semantics ... Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] weird stat()
You are probably using smbfs not samba, so what matter is the kernel you have not samba version (no we do not develop smbfs as part of samba. You do not tell which is the OS you mount from. You should know dos system had 2 seconds time resolution, we also emulate this behavior in samba code. However, this seem a kernel bug in smbfs. Simo. On Sun, 2002-12-22 at 07:52, Erick Calder wrote: > hei everyone, > > I have a weird problem: if I do a > > # cd /somedir; stat somesubdir |grep Modify > > where /somedir is some directory on an SMB-mounted filesystem I get one > datetime... but I I do: > > # cd /somedir; stat * |grep Modify > > for the same directory I get a Modify time which consistently differs by 1 > second. As I'm writing a perl module to detect differences in a filesystem > and rely on the mtime, I'm crawling up walls... > > I'm running RH 7.2 with a 2.4.18-18.7 kernel and samba 2.2.1a-4. and I've > had this weird behaviour confirmed by someone on OPN #redhat running a RH > 8.0 system with samba 2.2.7. > > wtf? > > thx - ekkis -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] oplocks and samba 2.2.7
On Wed, 2002-12-18 at 17:34, Keith G. Murphy wrote: > Simo Sorce wrote: > > On Wed, 2002-12-18 at 17:02, Keith G. Murphy wrote: > > > >>To get it, you need to put this line into your /etc/sources.list: > >> > >>deb http://www.perrier.eu.org/samba-debian stable main > > > > > > Of course you need, but if you do not have access to the directory it is > > really difficult apt-get will have either (and it does not have infact) > > !! > > > Well, I do not have access to it through the browser, but apt-get works > with that line just fine. I think you should try it again. Use the > *exact* line I showed above. > > I just tested it and it works. Oh, yes sorry, I was fooled by an unrelated error I got with my apt-get :-/ However I'm going to upload 2.2.7a team package on samba.org Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] oplocks and samba 2.2.7
On Wed, 2002-12-18 at 17:02, Keith G. Murphy wrote: > To get it, you need to put this line into your /etc/sources.list: > > deb http://www.perrier.eu.org/samba-debian stable main Of course you need, but if you do not have access to the directory it is really difficult apt-get will have either (and it does not have infact) !! > Then run apt-get update. > > apt-get install samba --simulate will show you what the installation > *would* do then. Been there, done that. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] oplocks and samba 2.2.7
On Tue, 2002-12-17 at 23:49, Keith G. Murphy wrote: > Simo Sorce wrote: > > Samba 2.2.3a has been realeased on february the 6th, they are 10 (ten) > > months !!! And 2.2.7a contains *lot* of bugfixes that will make also > > woody users a lot more happy. > > > > Simo. > > > Well, there is this: > > http://www.perrier.eu.org/debian/index.html.en > > I just noticed it, linked to by this: > > http://www.apt-get.org/ > > Cannot vouch for these unofficial packages, of course. :-) Unfortunately there is no access there: http://www.perrier.eu.org/samba-debian/ Forbidden You don't have permission to access /samba-debian/ on this server. However I'm going to build team packages for debian. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OS X slow with Samba server
Any chance you can try 2.2.7a, we fixed a number of transfer problems (mostly with w9x and DOS tough), and then report if it happens again. Ah remember also to check the network (try an ftp transfer from both w2k and debian, it has happened many times that a bad cambling, network setup or failing interfaces has caused slowliness. Simo. On Sat, 2002-12-14 at 22:46, Jeff McClure wrote: > I have an Apple iBook running OS X 10.2 connected to my network via an > 802.11b wireless network. When I transfer files via SMB with my Windows > 2000 computer, the speed seems reasonable. However, when I connect to a > share on my Debian (x86) box (kernel 2.4.19) running Samba 2.2.3a-12 for > Debian, the speed is only about a sixth as fast (transferring files to > or from the Win2k box is about 6 times faster). -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] oplocks and samba 2.2.7
On Sat, 2002-12-14 at 00:06, Keith G. Murphy wrote: > Simo Sorce wrote: > > That's fine with development versions, but samba stable is ... well ... > > stable :-) > > > There's (at least) three other things involved here, though: > > * Because upstream (samba developers) say something is stable may not be > good enough for Debian team, since they have to stand behind it > * Some of the testing is on the Debian package itself: how well does it > integrate into Debian, etc. > * Debian is not one entity, but a group of developers; if the Samba > maintainer were allowed to shove a new package into stable, that might > be OK; but other developers would want to do the same thing, and, sooner > or later, stable would get a showstopping problem. > > I would say that third reason is really important. Stated another way, > because Debian is very loosely organized, no one person can decide what > can/cannot go into stable; therefore it is governed by policy, which had > to govern everyone, and therefore errs on the cautious side. > > Does that make sense? If you don't like this sort of loosely organized > team, which has political problems, you might like another distribution > better. With a whole other set of problems. :-) You got me wrong, I'm perfectly fine with debian, and use it with much joy. I do know debian only vaguely, just I see that sometimes it is really very slow, 10 months is really a lot of time without an upgrade. I'm ok with good scrutiny, but it seem that samba has been forgotten this time :-) Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] oplocks and samba 2.2.7
On Fri, 2002-12-13 at 23:24, Keith G. Murphy wrote: > Simo Sorce wrote: > > I can't not understand with debian cannot update packeges that are in > > the stable version ... but that's a debian problem not samba related ... > > > Well, I think I understand and approve of the reasons: it's so packages > can get tested properly before you run them on your 'stable' server. That's fine with development versions, but samba stable is ... well ... stable :-) > And they backport security fixes, so you get the best of both worlds, > generally. Yes generally it is a really good idea > If you want latest features, run 'testing' or 'unstable'. No on my servers I use stable too, it was not a general question, but a specific one toward samba. Samba 2.2.3a has been realeased on february the 6th, they are 10 (ten) months !!! And 2.2.7a contains *lot* of bugfixes that will make also woody users a lot more happy. Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] Symbolic links and SAMBA
In samba 3.0 we have unix extensions, they will be available to GNU/Linux client through steve's new CIFS fs (in linux kernel 2.5) most probably. While I still puch for NFS currently, I have to say that CIFS security model is much better as it does not trust machines but requires each user to authenticate. Simo. On Fri, 2002-12-13 at 21:38, Michael Heironimus wrote: > On Fri, Dec 13, 2002 at 12:11:05PM -0600, Long, Jesse wrote: > > ln: creating symbolic link 'asm' to 'asm-i386': Operation not permitted. > > If you're trying to create a symlink on a remote filesystem mounted via > Samba/smbfs, it's not at all surprising that it would not work. Samba > makes your UNIX machine look like a Windows server, and Windows has no > concept of what a symbolic link is. The follow symlinks option allows > people to browse through symlinks that you created on the server. > > If you're sharing from one UNIX machine to another, just use NFS. It's > native to UNIX, so things like symlinks will work. > > -- > Michael Heironimus -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] UNIX with samba .vs. native Windows Server , how tocompare thei r performance for Windows-biased management
Go with a GNU/Linux system and get the best of the two worlds: Unix power and cheap hardware btw, I cannot believe they say managing a windows box is more comfortable, have you ever showed your boss how much time his NT admins need to spend to "easily" click trough endless number of windows? I always found Unix machine much faster to administer, and it can be done easily also remotely (and _securely_) through SSH. Let's not talk of automation through scripts, Windows simply does not exist in that field. Simo. On Fri, 2002-12-13 at 21:23, Wieprecht, Karen M. wrote: > I had samba working on an old Sun Enterprise server using a JBOD that was > managed with veritas volume manager (legacy stuff that had long outlived > it's usefulness). Management arbitrarily decided to replace the aging > Solaris server with a native Windows server without talking to me. I instead > tried to persuade them to use an SGI cluster I had been putting together and > use newer features of samba (winbind, domain authentication) for hosting > this data, but they weren't interested. > > When that old Solaris system started having problems, and the new windows > server wasn't online yet, I had to temporarily host the data on my SGI > cluster, a duo of servers that was running samba with winbind and domain > authentication. It was a very nice setup, either server in the pair could > serve the files, and we made user login scripts mount the shares from > whichever server reponded first. When we had to take the primary server > down for maintenance, we switched the login script to point them to the > secondary server's shares, had them log out and back in. While they worked > happily off of the secondary server, we did a half day's worth of > maintenance on the primary server without affecting the users. When we were > done, we put the login script back the way it was before, and the next > time they logged out and back in, they were again pointed to the primary > server with the secondary as a backup. > > Even after demonstrating how nice my configuration was and how seemlessly we > were able to do maintenance without affecting users, management and the > two NT guys I work with were still sold on using the Windows native server. > They claimed that it was cheaper to buy the hardware and easier to manage > permissions and file access rights with the native equipment (of course, > they are PC guys). My argument was that we could probably achieve the same > file access flexibility with UNIX ACLs (which previous staff had not enabled > on the UNIX side), and that the UNIX machines use RISC-based processors, a > completely different animal than the GHZ pentium processors, so they would > really have to come up with some benchmarks to compare the two systems. > They also weren't originally going to accommodate any easy file > interoperability with the UNIX users, they were going to make them use FTP > to move files between the UNIX machine and the windows server, and I argued > that this was removing capability that users were accustomed to having, not > a real crowd pleasing decision. > > Now they are experimenting with Microsoft SFU to make the Windows box allow > the UNIX machine to NFS mount its shares, and I have to say it does seem to > work pretty well. It tied right into NIS nicely, automatically mapped > matching usernames on either side, allows me to define mappings with > usernames that do not match, etc. But it still digs in my crawl though that > I never even got a chance to show what my cluster could do for them until > after management had already decided to buy the windows server, and even > after a nice demonstration of the UNIX cluster's capabilities, they are > still sold (arbitrarily) on using the native Windows box. > > How can I compare the performance of the two servers? Many of you started > out with Windows servers and migrated to samba to get better performance, > but my collegues have done the opposite. Am I blindly biased that UNIX is > better or is there a way I can get some real numbers to prove that te > windows server is a slower file server? > > The guys are always weighing the cost and ease of management against the > difference in performance (if there isn't much difference in performance, > go with what is cheaper and simpler to manage), and for them that is the > PC-native stuff. I feel like my UNIX skills are slowly getting pushed aside > and I'm not sure how to get real performance metrics. > > Help, feedback, condolences are all welcome. > > karen -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] oplocks and samba 2.2.7
On Fri, 2002-12-13 at 19:38, Keith G. Murphy wrote: > Oddly enough, I got oplock problems when I upgraded from 2.2.3a-6 to > 2.2.3a-12, whereupon I filed a bug and downgraded. > > The Debian maintainer assured me nothing had been done but security > backports; so I upgraded again and crossed my fingers. I just noticed I > got some oplock errors day before yesterday, so time to downgrade again > and watch. I can't not understand with debian cannot update packeges that are in the stable version ... but that's a debian problem not samba related ... -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] oplocks and samba 2.2.7
On Fri, 2002-12-13 at 09:48, Jean-Paul ARGUDO wrote: > Hi all, > > I really know you'll tell me it is not an issue from Samba nor a matter > of topic in this list. > > But. I have problems with oplocks, surely because of my version: > Version 2.2.3a-12 for Debian I noticed it all in bug 26128 and posted > here precisions, few days ago. > > Version 2.2.3a-12!!!??? YES, this is the *stable* version from Debian. And it may contain lot of fixes that are in newer samba releases. I'm not saying they do, but I've seen a number of vendors that fixes packages but maintain older version to keep dependencies toward other packeags or such. > What would I do? Install newer version (2.2.7,afaik), then corrupt my > system? Or wait for Samba team to put 2.2.7 in the stable? with 2.2.7a you will not corrupt your system, however it seem strange debian does not upgrade to 2.2.7a as from 2.2.2-2.2.6 there a possible security problem, have you the security team url in your apt source list? > For example, in current proposed-updates, samba version proposed is > 2.2.3a-12!! I think I'll have to wait a year before 2.2.7 becomes > stable, then you'll be supporting only version 2.4 ? :-) > > I really know again it is *not* the problem of Samba team. Not it is not. > But, I think when I read docs "always install newest version before > asking to support", you put to rubbish all users who havent yet > connexion to internet, or ones who just buy brand new RH, Mandrake, > Suse, whatever, box, with surely not the latest Samba version in :-( Well if we know a problem is probably fixed in a later version, what can we do? We cannot do anything else that asking to upgrade to check it is not something else. > What are my solutions then? Build my own deb package from your cvs? > Thats what I'm gonna do finally, corrupting a bit my stable production > debian server :-/ you do not need to build them out of cvs, we release packages in tar format, and you should really use them, cvs *may* contain new errors as we may be committing in steps a fix or something else while you cvs update and you do not notice. > I'd really like you give your point of view on this. I generally use what the distribution provides. But if necessary I also install my custom packages (and I always build packages, as that way I have a trace in my system of what I've done exactly. To my customers I installed things like: samba-2.2.7pre2-xsec1.rpm/deb (Xsec is my company and pre2 never existed, I made it as I needed a special fix that was only in cvs). > Thanks a lot for your efforts! Thank you, Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [samba] File Systems - Which one to use?
On Thu, 2002-12-12 at 16:33, Jim McDonough wrote: > Simo Sorce wrote: > > > ext3 and XFS have ACLs while, afaik, JFS and reiserFS do not. > > JFS does have acls, and it even uses the same libs as XFS and ext3. See > http://acl.bestbits.at wow, very nice. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [samba] File Systems - Which one to use?
Have you ever tried ACLs with reiserfs? Any opinion on ACL support in reiserfs? Simo. On Thu, 2002-12-12 at 16:07, Chris Smith wrote: > On Wed, 2002-12-11 at 16:58, Corey Hart wrote: > > We are looking at implementing a Linux box running samba in the near > > future with about 1TB of disk online. The purpose of this box will be > > for basic file and printer sharing needs. I am doing research on the > > different journaling file systems avaible in RH 7.3 and up (ext3, > > reiserFS, and JFS) and was wondering if anyone has had any real world > > experience with them (mostly reiserFS and JFS) and what you would have > > to say about them. > > I have 5 production servers all running reiserfs with no problems. Three > runs SuSE 7.3, one runs SuSE 8.0 and one runs SuSE 8.1. All systems are > single servers in small businesses handling all of the normal chores. I > also run reiserfs on my main desktop system, Redhat 8.0, also with no > problems. The SuSE 7.3 systems have been running non-stop since the > release of that version of the OS. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] File Systems - Which one to use?
On Thu, 2002-12-12 at 10:47, Dragan Krnic wrote: > > ext3 and XFS have ACLs while, > > afaik, JFS and reiserFS do not. > > A dangerous misconception. The best file system around, > ReiserFS, can handle ACLs and EAs just beautifully after > you enable the features in the kernel, Very nice to know, I was aware about EAs not of ACLs, are tehy in official kernels? I do not use proprietarized distributions so SuSe and such are not an option I consider. Besides that, if it is in an official kernel have you tested them with samba? Are they Posix compliant? Can you give me some more info on them? API? > What a difference in directory manipulation commands! > Reiserfs is screaming fast compared to all other fs's > out there. > > Windoze client SMB/CIFS subsystems are very abusive of > these commands, so it may mean a lot of difference in > performance. I have yet to take it into production (at > the moment ext3 rules because of the same initial error > of judgement) but tests so far were very encouraging - > oh boy, reiser really kicks butts, especially with log > on a separate spindle. Maybe, but I would like to see some test before :-) Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] Large-scale ACL copying?
Have you enabled acl in samba? it is a compile time option + you need kernel support for acl on your file system (ext2/3 or xfs only currently) Simo. On Thu, 2002-12-12 at 09:18, Andrew Furey wrote: > Hi all, > > Well, I'm getting somewhere I think, I now have both ACL support and > domain login basically working. However I'm at a bit of a loss as to how > to proceed. > > Basically I want to copy over a large number of files and directories > (~300k files, ~60Gb total) from an existing W2k server to a Samba > server. These files have existing ACLs set, so I need to preserve them > somehow. > > I can of course copy over the files themselves using any number of > methods "from" either machine, but the majority of them don't have any > knowledge of ACLs at all. I've been trying to use xcopy /o, but it gives > "Access Denied" and a file size of 0. (The "force unknown acl user" > option is supposed to fix this, but it seems to be ignored according to > testparm -x - or am I doing something wrong?) > > I could try copying them over and then seting the ACLs either through > the Security dialog or with setfacl, but given that they're not all > predictable (any random subfile could have rather different ACLs to its > parent dir), and also given the sheer number involved, it would take, > um, a while :( > > This is Samba 2.2.7a on Debian unstable (can be reverted to stable if > need be), and a fairly standard W2k server on domain-level security. > > Any ideas for an [easier] way to do this? > > TIA > Andrew > > -- > ANDREW FUREY <[EMAIL PROTECTED]> - Sysadmin/developer for Terminus. > Providing online networks of Australian lawyers (http://www.ilaw.com.au) > and Linux experts (http://www.linuxconsultants.com.au) for instant help! > Disclaimer: http://www.terminus.net.au/disclaimer.html. GCS L+++ P++ t++ -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] Protect virus file onSAMBA ?.
look for veto file option On Thu, 2002-12-12 at 04:48, IT kkh wrote: > How can I protect some file write to samba server, > such as file.eml (nimda virus file) ? > > > > __ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
RE: [Samba] What project should I use ?
es will be left as I don't know exactly > > > how to do some things with SAMBA yet, or at least I don't > > > know the best route.) > > > > > > *ALL Clients will be moved to MS Win2000 (wanted to go with > > > OpenSource Software all around but that is not a viable > > > solution for a law office at this time) > > > > > > Main File/Authentication Server (Microsoft would call it a PDC) > > > *Linux or *BSD for OS (probably RedHat Linux as they offer > > > the most corporate support). > > > *Nice powerful system with RAID5 storage, redundant parts, > > > blah blah. Still won't need to be as expensive as a new > > > Win2000 Server. > > > *Will handle authentication either through UN*X password > > > system w/ SAMBA duplicating that(passwords could be pushed to > > > the other servers) or thru' a pam or ldap design. > > > > > > Backup File/Authentication Server > > > *Automated (through scripting) backup of main file server. > > > *Backup Tape System (probably an Ultrium drive). > > > *Backup as many services as possible for Main Server. > > > > > > Test Server > > > *Name says it all. Used to test experimental projects/code. > > > > > > Mail Server > > > *Here is where things get more complicated. I am not > > > asking the SAMBA team for total help here as mail services > > > are not in SAMBA's view. I will be keeping the Exchange 5.5 > > > Server or replacing it with Bynari InsightServer (unless > > > someone knows a better product). I MUST have a single login. > > > *After connecting to the Main Server they should not have > > > to put in another password (for email or backup files). > > > *Exchange uses a directory system (not very compliant but > > > it exist) and most alternatives use LDAP. Therefore I will > > > have to use OpenLDAP at some point in the authentication scheme. > > > > > > That long (hope I don't get made into a troll) email leads up > > > to a few questions. Samba or Samba-TNG or stay with > > > Micro*leech*soft? What is the best route for a single > > > authentication across multiple UN*X servers? Any other > > > experiences with moving an office with my structure to all > > > OSS (Open-Source Software) in the server room. > > > > > > Major Concerns: > > > Single Authentication > > > Seamless Change from users point of view. > > > > > > Thank You > > > - -- > > > Intrepid > > > - -- > > > __ > > > http://www.linuxmail.org/ > > > Now with POP3/IMAP access for only US$19.95/yr > > > > > > Powered by Outblaze > > > - -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > > > > -BEGIN PGP SIGNATURE- > > > Version: PGP 8.0 > > > > > > iQA/AwUBPfe4g2d7RWIwEvp1EQIfrACglXFFc0h+tRudVGpXSPu4imRHNQoAnArl > > > RyhR2H4NA4vi5mZkIFCTW65M > > > =jbeX > > > -END PGP SIGNATURE- > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [samba] File Systems - Which one to use?
May I suggest you XFS ? ext3 and XFS have ACLs while, afaik, JFS and reiserFS do not. but ext3 is not really suited for very large file systems. as for testing I use XFS in production and others too and it seem fast and stable. Simo. On Wed, 2002-12-11 at 22:58, Corey Hart wrote: > We are looking at implementing a Linux box running samba in the near > future with about 1TB of disk online. The purpose of this box will be > for basic file and printer sharing needs. I am doing research on the > different journaling file systems avaible in RH 7.3 and up (ext3, > reiserFS, and JFS) and was wondering if anyone has had any real world > experience with them (mostly reiserFS and JFS) and what you would have > to say about them. I am mostly looking for cavets or gotchas > pertaining to them. > > -- > > Corey Hart > Systems/Security Analyst > St. Edward's University -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] samba authenticate to 2K AD?
Look for winbindd and pam_winbind, nss_winbind libraries. Simo. On Wed, 2002-12-11 at 20:47, Alexander Lazarevich wrote: > Has anyone on this list been able to configure samba in such a way so that > it will authenticate to windows 2K acitve directory. > > What I want to do is this: install samba 2.2.7 onto a Redhat linux 7.3 > system, then configure samba (I think using something called smb_pam) so > that it will join the windows active directory domain. > > Is such a thing possible? Has anyone here done it? I can't find this > anywhere in the samba documentation. All it talks about is making samba > the PDC, which I don't want to do. I can't get rid of my AD, aghhh... > > I know this can be done with ldap_pam, but I'd prefer to do it with samba. > > If you could point me to some documentation, that would be excellent! > > Thanks! > > Alex > ------ >Alex Lazarevich | Systems | Imaging Technology Group >[EMAIL PROTECTED] | (217)244-1565 | www.itg.uiuc.edu > ------ -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] SAMBA 2.2.7 configuration for a ULTRA1 Solaris 2.5.1system
Install a compiler please, either sun cc or gnu gcc Simo. On Tue, 2002-12-10 at 12:12, Corné Eloff wrote: > Dear Samba Team, > > The following error appears when the ./configure script is executed: > > loading cache ./config.cache > checking for gcc... no > checking for cc... no > Configure: error: no acceptable cc found in $PATH > > > Could you please assist to fix this problem. > > Will SAMBA 2.2.7 work on Solaris 2.5.1 ?? > > > Thank you in advance!!! -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] OVERWRITTEN PROFILE!
On Tue, 2002-12-10 at 02:51, Elliot Williams wrote: > Hi guys.i need your help. I am using samba 2.2.6 and a w2k prof client. > > During the weekend my system got rebooted. My profile therefore was not > updated into the samba pdc. When I reboot it gave some error and showed > me my last saved profile. I checked my documents and setting and there > was a username.domain_name.bak and username.domain_name > > Looks like there was a bakup. So what I did was, I logged on as a local > admin then I deleted my orginal username.domain_name and renamed the > username.domain_name.bak to username.domain_name > > I logon again and STILL I was given the old profile. I HAVE LOTS OF > important and source code files in that directory,which I put in the > desktop > > I tried to search and locate on bother the linux and my w2k prof box but > I CANNOT find the updated file and source code anymore. STUPId linux > overrite the profile on my machine. Somehow It took over that profile > thinking that linux is a bigger uphold Please do not blame at linux, samba or anything else except perhaps the way windows does handle profiles. It is known that the way profiles are handled is dangerous for data in every kind of environment, be it a windows server or a samba server. If you have deleted your old profile there's nothing you can do besides blaming yourself for a) saving important data on the desktop (eg in the profile), b) not keeping backups. Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] deleting files problem
On Sun, 2002-12-08 at 21:42, David Morel wrote: > have you tried setting : mangling method = hash2 in smb.conf ? > in directories with lots of similar filenames, it might help. Be aware that changing the mangling method on production machines may break some server installations, cause the mangled name will be different and a file name saved in the registry will not match anymore. So be careful. Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: [Samba] "checking whether to support ACLs... no"
If you are using debian packages be warned that they forcibly disabled the ACL support even if you rebuild the package (I had a report about that from a friend don't ask me why I really do not know). So as I understanded it you have to modify the .deb package so that ACLs are usable. Simo. On Sun, 2002-12-08 at 03:54, Jacob Malmberg wrote: > Hi, > This problem is really getting frustrating. I have set up my debian 3 box w/ > kernel 2.4.2 patched for ext2/3 ACL support. I have also installed all > utilies, both attr and ACL. I have joined the box to my domain using winbind > and smbpasswd. I can set permissions all right using setfacl with > domain+user but when I try to change permissions via LAN using w2k/xp I get > access denied/or it just erases my changes. Also, the permissions do not > seem to be the same on samba and the rest of the system, since my changes > using setfacl doesnt show up if I try to change permission with w2k/xp. Im > using samba 2.2.7 and the latest acl patch. Any thoughts anybody? Help is > very appreciated. > > regards, > Jacob > > > > > > _ > The new MSN 8: smart spam protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
[Samba] New Italian samba support mailing list
Hello, I'm proud to announce the creation of a new samba support mailing list for italian users. This follows the creation of an italian samba web site at http://samba.xsec.it I invite all italian samba users that follow this list to also subscribe to the italian mailing list at http://lists.xsec.it/mailman/listinfo/samba-it Regards, Simo Sorce In italian: Salve, sono lieto di annunciare la creazione una nuova mailing list dedicata al supporto samba per gli utenti italiani. Essa segue la creazione del sito web italiano su samba http://samba.xsec.it Invito tutti gli utenti italiani di samba che seguono questa lista a iscriversi anche alla lista italiana al link http://lists.xsec.it/mailman/listinfo/samba-it Saluti, Simo Sorce -- Simo Sorce - [EMAIL PROTECTED] Samba Team - http://www.samba.org -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (success, sort of)
There's another poor man way. Use the classic smbpasswd file and use rsync to sync the file periodically with a cron (of course you'll miss the ability to have things promptly synced but generally this is a good enough solution for many environments). Simo. On Tue, 2002-10-29 at 17:23, Steve Langasek wrote: > On Tue, Oct 29, 2002 at 11:10:22AM -0500, Collins, Kevin wrote: > > Steven Langasek wrote: > > > Having one PDC and two BDCs also gives you greater > > > fault-tolerance than > > > having three domains with a single PDC each. > > > > Samba+LDAP can give you this fault tolerance; it can't give you trust > > > relationships today, without a lot of finagling. > > > > Steve Langasek > > > postmodern programmer > > > I understand the role of/need for the BDC, I'm just concerned about > > flooding the WAN connections with replication traffic and not being able > > to send things like e-mail or project files. I can control the > > replication in NT, but I need to know if I can do the same in SAMBA. > > With all the "tweaks" god knows there should be. :-) > > The only "pre-packaged" BDC implementation for Samba that I know of is > based on LDAP. With LDAP, only changes are replicated across the link, > so you have no excess traffic associated with keeping the DCs in sync. > Samba sorta skipped over the NT4 technology and went straight to an > ActiveDirectory approach to management... :) > > > I've thought about the LDAP course too but haven't given it enough > > serious thought yet. You know of a good HOWTO? > > There is a Samba-PDC-LDAP HOWTO included with the Samba documentation. > You can also find Ignacio Coupeau's step-by-step guide at > <http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html>. > > Steve Langasek > postmodern programmer -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
[Samba] Re: Coming round to SURS...
On Tue, 2002-10-22 at 20:02, Luke Kenneth Casson Leighton wrote: > i have a question for the people who sponsor the samba team. > > "when are you going to realise that your money is being > wasted by not sponsoring me as a design architect on > NT compatibility software suites for unix?" > Probably you should understand that people may be interested in other features and not sponsoring this particular part of the code. > here - yet again, another demonstration of how much money you have > been wasting. Well let's look at the TNG printing code status ... > hopefully this time this "really new" proposal - i.e. yet > ANOTHER idea and proposal introduced by me almost three years > ago - will actually get done, and done properly. This is NOTHING new Luke, we know the SID-[g,u]id mapping problems since a lot of time, the fact that you formalized the problem does not change the problem. I just double checked your draft, and it is just nice useless wording that show the problem but does never even propose an implementation, you always write that implementation is not in the scope of the document. We have not implemented what you call SURS part because of lack of time being busy implementing other more important parts of samba, and part because we wanted to get it right (and we tought your implementation was not). The api proposed by metze is just an api proposal to finally start coding it having found a way to implement it the right way as we finally have found what seem the right way to do it, taking in account all limits and trying to find out the best compromise. This is the part the ask for more hard work. Plus we have not limited ourselves to solve the problem locally, but to solve the problem in a distributed environment. You may claim you have told there was a problem 3 years ago. Well that's true nobody say it different. Problem is that solving it 3 years ago was not possible to do properly, too many pieces of code were missing or were not stable and usable at a point that implementing it 3 years ago would have simply be a waste of time. with sincere esteem, Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
[Samba] was Samba PDC and BDC
Of course you need to have the same SID as it is the sid of the domain. I think that just copying over MACHINE.SID and making the second server regenerate the secrets.tdb from it (or simply compying also the secrtes tdb) will make the two machines show the same SID and thus being controllers of the same domain. Simo. -- Simo Sorce -- Una scelta di liberta': Software Libero. A choice of freedom: Free Software. http://www.softwarelibero.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Profile creation - thanks for the (lack) of help
On Fri, 2002-05-31 at 15:15, Nathaniel N.Petersen wrote: > Note that from the client's point of view security = domain is the same > as security = user . It only affects how the server deals with the > authentication, it does not in any way affect what the client sees. > > Since the systems are able to authenticate, this is not an issue. I have yet not understood if your server is a PDC or not. If it is, these 4 parameters MUST be set this way: domain logons = yes domain master = yes security = user encrypt password = yes > > try a path with no leading '.' > > logon path = \\student\homes\%u\ntprofile > > Even if you were correct, it worked before (and still is working > elsewhere), it should work now. I think this is not a problem. > I thought about dealing with this diplomaticly - but enough is enough. > There is nothing wrong with using the homes directories like I do. The > lines refered to in the man pages simply don't recommend it. Well, if > you have ever worked for a University, you would understand the amount > of overhead involved. Creating essentially two account locations for > evey user is ridiculous. I have an my setup involved a simple [profile] share with 1777 permissions on it, and that's not a lot of work to do (I had more than 1000 users). Recommendations exist for a purpose ... it's up to you to decide if they match your case. thinking a bit more in this case I think you may have 2 combined problems: 1. the use of the home directory to store profiles 2. the use of letter Z to map the home directory unfortunately I do not have handing any url, but I remember clearly that with later clients (w2k, XP) there are problems with the Z drive. In fact it is not available to be mapped until the user logged in and at that point the profile thing is yet over! It is not a samba problem, Microsoft changed it this way (can't remember why). So I would advice you do 2 things: change the home drive letter or setup a profile share and change the logon path directive. > Furthermore, this PDC is set to "local master = no" for a reason. > Election. I have 14 other colleges at this university that are NOT > running Linux (yes, there are still people out there that use Windows). > Windows PDC's have fits when this is set to yes. They lose out on > elections. If set to false then nmbd will not attempt to become a > local master browser on a subnet and will also lose in all browsing > elections. With a class B subnet, this is a GOOD THING. a class B NOT subnetted to C classes? That's should be a broadcast nightmare ... (if your server is not a PDc you should NOT made it be a domain master!, local master should be ok, and would be better to use a wins server) > And finally, as far as that whole '.a = patch' thing goes - NO SH!T. > REALLY? Well, I'll be... I thought only M$ released patches. > Seriously, I was trying (appearantly not hard enough) to make light of > my supervisor's lack of knowledge about Samba (AND all the extra work > it forced me to do). Lord knows I would much rather be seen > a fool by the Samba community. This should never have been > an issue. ?? you are stressed, take a breath > I want to appologize to those of you who work tirelessly on the Samba > project. I also want to thank the attempts at trying to help me. But, > they were of ZERO aid. Nit-picking at these minor issues does not help > me with the big picture. Just answer me this - If the windows systems > are able to verify the domain and authenticate, why does the w2k system > right corrupt profile data? If the NT system is able to create a > profile, why can't it us it? That's it. ok, let's try to stay tune and find the roots of your problems! I do not know what you have made before and how much you get frustrated, but 90% of users that ask for help generally have simple (!?) configuration problems so the way I personally answered is my standard first stage answer, no insulting were intended, and if so I apologize. Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
[Samba] RE: hash2 mangling alghorithm
No, sorry it is not as simple. When you use mangled names you must assure they will always be mangled the same way during the same connection. So if a file gets deleted and then recreated it must be mangled back the same way! This will make things overly complex and oblige us to keep 2 separate caches at a time and switch between 2 algorithms adding too much complexity and needing a complete retest of the mangling code. That would made it too much work and would be available in time for 2.2.5 The back port have been made only for special cases (people that have programs generating lot of similarly named files in a single directory). The new algorithm will be the default on samba 3 and thats the best balance IMO. /simo who hates html mail ;) On Fri, 2002-05-31 at 14:47, Esh, Andrew wrote: > Why not just use a different hash character for the new code, and keep the > old unhashing code? Old hashed names can still be read, and new hashed names > can still be stored and read. No confusion would take place. > -- Simo Sorce -- Una scelta di liberta': Software Libero. A choice of freedom: Free Software. http://www.softwarelibero.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] hash2 mangling alghorithm
I just want to warn people that want to use the new hashing algorithm for mangled names. And that note should also be put in the man page IMO. You must understand that changing the hashing algorithm on a production server may have unwanted side effects (this is why we maintain by default hash and not hash2 and why it was not back ported to 2.2 initially). Windows clients may save all around (registry, config files, ecc..) mangled paths to files need for programs to work correctly. If you change the hash algorithm these paths will become unusable as the new mangled name will be different. I would advice to use the new hashing algorithm in new installations and switch to the new one for old ones only if really necessary to make things work (lot of conflicts), and in this case be prepared to reinstall some app or manually change some registry/config file to reflect the new mangled names. So do not just "try" this option, plan to use it carefully. Simo. -- Simo Sorce -- Una scelta di liberta': Software Libero. A choice of freedom: Free Software. http://www.softwarelibero.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: INFORMAZIONE
>From samba-technical. On Fri, 2002-05-31 at 09:58, Manuel Clericuzio wrote: > Buongiorno, > mi hanno chiesto di montare un filesystem NT (macchina win2000) su una > macchina con Unix HP (release 11.11). > Ho provato a fare dei tentativi con il comando cifsmount ma non riesco. > Spero che voi mi potiate aiutare. > > Grazie e buona giornata > > Manuel > Better you write in english Manuel and on the users support list not the technical one! I will translate this time only to benefit of the list and the user: Good morning, I've been requested to mount a filesystem shared by a win2k server on a HP-UX (11.11) machine. I tried to mount it with the cifsmount command but failed. Is there anyone that can help me. Thank you. -- Simo Sorce -- Una scelta di liberta': Software Libero. A choice of freedom: Free Software. http://www.softwarelibero.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can I kill... 'add user script' behaviour in adding usersduring logon?
I agree, they must be separate and delete user script, must NOT be called by the auth subsystem, it is too dangerous. Simo. On Fri, 2002-05-17 at 15:22, Andrew Bartlett wrote: > The behavior of the 'add user script' smb.conf option is rather weird: > > It is documented as an option to the login parts of the protocol, and > used to add users dynamically during the logon process, if they don't > exist locally. > > However, it is also used in the SAMR code when an admin explicitly > creates a user. This is > actually the more natural use for the parameter, but it is unnaturally > shared between the > two areas. > > This 'dual use' causes problems - unexpected users being created etc. > > However, this is nothing compared to its evil twin: > > 'delete user script' runs when a user attempts to log in, but the PDC > says that they don't exist. Firstly: does this really happen? If a > user has to attempt to log in to trigger it, what exactly is the > point... This also has rather nasty consequences, when the user does not > exist on the PDC (normal local user etc), the script can fire. If the > admin is not careful this can be quite nasty. While this is documented, > it is still nasty. > > Whats more, all the PDC documentation refers to these options for their > SAMR use, so as to > create machine accounts on demand... > > Now both of these options are *too* easy to misconfigure, and they > really don't fit well into the HEAD authenticiaon setup anyway. > > Could these be killed in the auth context? This would leave them as > SAMR commands, for when > users are really added to the system. > > If we still need the capability to add users to the system on a dynamic > basis (this is really the job of winbind, but I digress) could we at > least use a different option?Like 'dynamic login user add script'? > Or keep these but rename the SAMR meanings? > > What do you think? > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net > -- Simo Sorce -- Una scelta di liberta': Software Libero. A choice of freedom: Free Software. http://www.softwarelibero.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: (no subject)
Samba uses 2 / 2.5 MB per user so if you have 40 connection you should expect 80 / 100MB of RAM used and 128MB total memory may not be enough to avoid swapping and do not provide any way to cache data files in memory so that they can be served faster. On Mon, 2002-05-13 at 13:12, Raymundo, Joseph wrote: > Is 128MB enough for our file server or is there something wrong with the > configuration of our Linux? Is RAID really adding that much load to the > CPU usage, I/O operation and memory considering that the disks are controlled > by the motherboard and/or processor? Do you have any hardware > recommendations or softwares needed to be install on our samba files > server? > > Regards, > > Joseph S. Raymundo > SPS SYSTEMS ENGINEER > SPI TECHNOLOGIES INC. > (632) 855-8756 > (632) 853-2773/4 (fax) > URL : http:www.spitech.com/ > Email : mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part