[Samba] winbind with server 2003
I have a RedHat 5.2 and I have some problem with a Windows 2003 Domain. I have configured winbind (the configuration is the same and works in other installation) if I use as a password server a Windows 2000 Domain Server always works, if I use as password server a Windows 2003 Domain Server it is impossible validate on domain via ssh and I have to to turn off the Windows 2000 server. What could be different on server 2003, is the first server 2003 that does not works ... With Windows 2003 server i see users and groups with wbinfo command but if i try to connect via ssh with a domain user this is the output of /var/log/secure Dec 2 12:47:56 localhost sshd[7092]: pam_winbind(sshd:auth): [pamh: 0x09f59410] ENTER: pam_sm_authenticate (flags: 0x0001) Dec 2 12:47:56 localhost sshd[7092]: pam_winbind(sshd:auth): getting password (0x0091) Dec 2 12:47:56 localhost sshd[7092]: pam_winbind(sshd:auth): Could not retrieve user's password Dec 2 12:47:56 localhost sshd[7092]: pam_winbind(sshd:auth): [pamh: 0x09f59410] LEAVE: pam_sm_authenticate returning 20 Dec 2 12:47:58 localhost sshd[7092]: Failed password for proj from 10.120.12.51 port 4352 ssh2 what does it mean : pam_sm_authenticate returning 20 Thanks Simone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] shares are mounted but not always shown in My Computer
Hi, in a new installation of a pdc (ubuntu 10.04+samba 3.4.7) I configured a netlogon script to automount shares on clients[1] but something of strange happens: shares are mounted but not always shown in My Computer :-/ ... My script simple execute net use : net use X: \\my-pdc\my_smb_share /persistent:no The command always returns no error and if I execute net use in a new dos-prompt I can see all my shares correctly mounted BUT if I open My Computer, it doesn't show me any sambashare :/. The shares are mounted but not shown in My Computer. I tried then to login a second time with the same user, the logon script started and magically I found my shares correctly shown in My Computer. Any idea on what could cause the problem or suggestion about how to investigate? Thanks in advance!, Simone [1] Windows Xp 2002 Sp3 (previously joined in a win2k3 server domain) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winxp + sp3 = samba-shared printer hangs the system
Hi Ryan, 2010/4/16 Ryan Suarez ryan.sua...@sheridanc.on.ca: Should I disable some strange sort of security feature? And ideas or useful pointer ? I'm not sure if it's a samba issue or really an XP client issue. If you google xp sp3 slow printing you see a few people having this problem, not just with samba... I discovered that the cause of the problem was the xp firewall re-enabled by the sp3 !. thank you for help, Simone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winxp + sp3 = samba-shared printer hangs the system
hi, since I upgraded some winxp-pro sp2 client to sp3, my samba-shared printers are no-longer usable :-/ With sp3, if I run notepad and choose the menù File-Print, the print window hangs and does not show any printer for about 1 minute! The same thing happens when I click on the menù Start-settings-Printer and faxes. With sp2, everything works correctly and I can browse all my configured samba-printers. This is the way I added printers ... In my PDC I configued 2 samba-printers( \\mypdc\printer1 and \\mypdc\printer2), then I logged in as administrator and globally added printers using, as suggested in the samba doc, the RunDLL32 PrintUI.DLL,PrintUIEntry command: :: to delete previously added printers... RunDLL32 PrintUI.DLL,PrintUIEntry /gd /n \\mypdc\printer1 /q RunDLL32 PrintUI.DLL,PrintUIEntry /gd /n \\mypdc\printer2 /q :: to add samba-shared printers GLOBALLY... Rundll32 printui.dll,PrintUIEntry /ga /n \\mypdc\printer1 /q Rundll32 printui.dll,PrintUIEntry /ga /n \\mypdc\printer2 /q Then I rebooted the client once. Should I disable some strange sort of security feature? And ideas or useful pointer ? Thank you in advance, Simone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.2.3: win2k join fails, xp join works
Hi, I recently upgraded my pdc server(samba3.0.x+ldap) to debian lenny( samba 3.2.3). After the upgrade, the win2k join is no longer working and returns Logon failure: the User Name unknown or bad password. The Xp join works properly. The same thing seems to be happen to other users; same problem and same logs: http://www.nabble.com/Problem-on-Update-Samba-3.0.31-to-Samba-3.2.3-to19797123.html#a19797123 I also tried upgrading to samba 3.2.4 ( i read that it fixes some bug..) but the problem still remains :( I would not to downgrade to 3.0.x but at the moment it seems to be the only solution :-/ any idea ? TIA, Simone ps. below my packages version / configuration. Packages version: samba 2:3.2.3-3 samba-common 2:3.2.3-3 smbclient 2:3.2.3-3 smbldap-tools 0.9.4-1 libcrypt-smbhash-perl 0.12-2 /etc/samba/smb.conf:: ---cut--- [global] workgroup = DOMINIO netbios name = srv-dominio server string = %h dns proxy = No bind interfaces only = Yes interfaces = lo, eth1 smb ports = 139 ### registra i logon via samba utmp = Yes utmp directory = /var/log/samba/utmp wtmp directory = /var/log/samba/wtmp ### evita l'apertura di notepad con un file desktop.ini hide files = /desktop.ini/ntuser.ini/NTUSER.*/ ### conserva i permessi e i privilegi dei file dell'utente inherit acls = yes inherit owner = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 4 security = user encrypt passwords = true passdb backend = ldapsam:ldap://127.0.0.1/ obey pam restrictions = no deadtime = 15 browseable = no wins support = Yes name resolve order = lmhosts host wins bcast local master = yes domain master = Yes preferred master = Yes os level = 254 domain logons = Yes unix password sync = no enable privileges = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n socket options = TCP_NODELAY, SO_KEEPALIVE ldap ssl = no ldap passwd sync = yes ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmaps ldap group suffix = ou=Groups ldap user suffix = ou=People ldap suffix = dc=isi,dc=lan ldap delete dn = Yes ldap admin dn = cn=admin,dc=isi,dc=lan logon home = \\%N\%U\.\\.profili\%a logon drive = H: logon path = \\%N\%U\.profili\%a logon script = logon.bat add machine script = /usr/sbin/smbldap-useradd -w %m set primary group script = /usr/sbin/smbldap-usermod -g %g %u delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete group script = /usr/sbin/smbldap-groupdel %g add group script = /usr/sbin/smbldap-groupadd -p %g delete user script = /usr/sbin/smbldap-userdel %u add user script = /usr/sbin/smbldap-useradd -m %u check password script = /usr/bin/crackcheck -s panic action = /usr/share/samba/panic-action %d [homes] comment = ISI-homes (NON MODIFICARE QUESTA RIGA) browseable = no writable = yes guest ok = no veto files = /public_html/ [perl] path = /usr/share/WinActivePerl comment = Per Windows Binaries public = yes writable = no guest ok = yes browseable = no [netlogon] comment = ISI-NetLogon (NON MODIFICARE QUESTA RIGA) path = /home/samba/netlogon guest ok = yes browseable = no create mask = 0644 directory mask = 0755 writable = yes root preexec=/usr/sbin/setlogonvar '%U' '%G' '%m' root postexec=/usr/sbin/rmlogonvar '%m' ---cut--- /etc/smbldap-tools/smbldap.conf: ---cut--- SID=S-1-5-21-1479175027-3375466229-471917732 slaveLDAP=127.0.0.1 slavePort=389 masterLDAP=127.0.0.1 masterPort=389 ldapTLS=0 suffix=dc=isi,dc=lan usersdn=ou=People,dc=isi,dc=lan computersdn=ou=Computers,dc=isi,dc=lan groupsdn=ou=Groups,dc=isi,dc=lan idmapdn=ou=Idmap,dc=isi,dc=lan sambaUnixIdPooldn=sambaDomainName=DOMINIO,dc=isi,dc=lan scope=sub hash_encrypt=SSHA crypt_salt_format=%s userLoginShell=/bin/bash userHome=/home/%U userGecos=System User defaultUserGid=513 defaultComputerGid=515 skeletonDir=/etc/skel defaultMaxPasswordAge=99 userSmbHome= userProfile= userHomeDrive= mailDomain=isi.lan with_smbpasswd=0 smbpasswd=/usr/bin/smbpasswd defaultComputerGid0=515 ---cut--- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] HW suggestion for a new office
Hi list, I am setting up a samba server (CentOS4) in new office of 30 employees, just file sharing not heavy traffic. We have an old Compaq 1850r PIII 600 512Mb Ram that I could use and I was wondering if the hardware would be enough (guess so). Thanks, any suggestion is really appreciated Simone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind samba-3.0.2a-1 ADS
Hi With samba-3.0.2a-1 security = ADS when i run getent passwd che command after 3000 users hangs :-( This is winbindd.log 2004/11/23 00:15:48, 1] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain DOM1 dom1.it S-1-5-21-1626095602-1864631766-1846952604 [2004/11/23 00:15:48, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2004/11/23 00:15:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain DOM2 S-1-5-21-1077550351-1415582459-91453608 [2004/11/23 00:15:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain DOM3 S-1-5-21-703334514-673151589-12547700 [2004/11/23 00:22:16, 1] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain DOM3 dom3.it S-1-5-21-1801674531-412668190-839522115 Any idea ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] openldap PDC : can't add machine account ; too many domain info entries
I've ereditated this quite messy openldap server from the previous administrator, samba (3) relies on it for acting as a PDC. The main problem (while I build a new directory from scratch) is you can't add a machine account to the domain : On the client it says the credentials are invalid, anyway the real problem (from samba logs) seems to be : Got too many (2) domain info entries for domain DOMAIN (I've replaced my domain name to 'DOMAIN' and sambahost name to 'host' for no particular reason ...) host:/etc/samba # strings secrets.tdb | grep SID SECRETS/SID/HOST SECRETS/SID/DOMAIN -- I think this is the problem, since a clean installation on a test machine gives only the first line from the same command, but I can't figure how to remove the entry. other useful infos can be : 1) host:/ # smbclient -L localhost -U% Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.4-SUSE] ServerComment - --- HOSTSamba Server Version 3.0.4-SUSE Workgroup Master - --- DOMAIN HOST 2) host:/ # net getlocalsid [2004/09/22 11:39:38, 0] lib/smbldap.c:smbldap_search_domain_info(1368) Got too many (2) domain info entries for domain DOMAIN SID for domain HOST is: S-1-5-21-3942806058-2931819711-1847247862 3) host:/ # pdbedit -Lv user Got too many (2) domain info entries for domain DOMAIN Got too many (2) domain info entries for domain DOMAIN Unix username:user NT username: user Account Flags:[U ] User SID: S-1-5-21-3942806058-2931819711-1847247862-2010 Primary Group SID:S-1-5-21-3942806058-2931819711-1847247862-513 Full Name:Some User Home Directory: \\host\user HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\host\profiles\user Domain: DOMAIN [etc...] 4) host:/ # net groupmap list [2004/09/22 11:50:47, 0] lib/smbldap.c:smbldap_search_domain_info(1368) Got too many (2) domain info entries for domain DOMAIN Domain (S-1-5-21-3942806058-2931819711-1847247862-1203) - domain Domain Guests (S-1-5-21-3942806058-2931819711-1847247862-514) - nobody Domain Users (S-1-5-21-3942806058-2931819711-1847247862-513) - users Domain Admins (S-1-5-21-3942806058-2931819711-1847247862-512) - Domain Admins Guests (S-1-5-21-3942806058-2931819711-1847247862-546) - Guests Power Users (S-1-5-21-3942806058-2931819711-1847247862-547) - Power Users Account Operators (S-1-5-21-3942806058-2931819711-1847247862-548) - Account Operators Server Operators (S-1-5-21-3942806058-2931819711-1847247862-549) - Server Operators Print Operators (S-1-5-21-3942806058-2931819711-1847247862-550) - Print Operators Backup Operators (S-1-5-21-3942806058-2931819711-1847247862-551) - Backup Operators Replicator (S-1-5-21-3942806058-2931819711-1847247862-552) - Replicator Domain Computers (S-1-5-21-3942806058-2931819711-1847247862-553) - Domain Computers 5) [the exported LDIF of ldap domain entry] dn: sambaDomainName=DOMAIN, dc=domain, dc=com sambaNextUserRid: 4000 sambaSID: S-1-5-21-3942806058-2931819711-1847247862 sambaNextGroupRid: 4001 objectClass: sambaDomain sambaAlgorithmicRidBase: 1000 sambaDomainName: DOMAIN 6 ) [relevant lines from smb.conf] netbios name = HOST workgroup = DOMAIN passdb backend = ldapsam:ldap://localhost/ ldap suffix = dc=domain,dc=com ldap admin dn = cn=Manager,dc=domain,dc=com ldap ssl = on ldap user suffix = ou=people ldap group suffix = ou=Group ldap machine suffix = ou=people #ldap filter = ($(uid=%u)(objectclass=sambaSAMAccount)) ldap idmap suffix = ou=Idmap idmap backend = ldap:ldaps://host.domain.com add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' thanks -- Simone Cittadini == COMVERT S.R.L. via F.lli Bressan, 21 20126 Milano - ITALY Tel +39.02.27006796(aspetta un beep)103 [EMAIL PROTECTED] http://www.comvert.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows XP
Hi, it could be a stupid thing to try, but I was thinking you could try to connect using net use. This way you provide credential even if you're not prompted. net use Z: \\ipsambaserver\sharename /USER:jason password:yourpassword Have a nice day Simone Jason Johnson wrote: Samba appears to be up [EMAIL PROTECTED] samba]# /etc/init.d/smb status smbd (pid 1988) is running... nmbd (pid 1992) is running... Local file permissions on the directory appear to be fine [EMAIL PROTECTED] home]# ls -al /home/jason total 24 drwxr-xr-x 2 jason jason 4096 Aug 31 15:05 . drwxr-xr-x 4 root root 4096 Aug 31 13:20 .. -rw--- 1 jason jason 34 Sep 15 21:07 .bash_history -rw-r--r-- 1 jason jason 24 Aug 31 13:20 .bash_logout -rw-r--r-- 1 jason jason 191 Aug 31 13:20 .bash_profile -rw-r--r-- 1 jason jason 124 Aug 31 13:20 .bashrc [EMAIL PROTECTED] home]# My Windows XP account name is Jason with the same password that I use for samba. I do not see anywhere in windows where I can configure anything. When I go into My Network Places on Windows XP and choose View Workgroup Computers. I see the samba server icon. When I double click it it does not give me any prompt for a username and password. It just pops up that error message that I pasted in my initial email. If there is an area in Windows XP that I need to configure. Please let me know Jason - Original Message - From: Slavisa Popravak [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 12:32 AM Subject: Re: [Samba] Samba and Windows XP Jason Johnson wrote: I just created the samba user 'jason' now. However, it never prompts me to enter in a username or password. Is there some security setting that I need to enable on the samba side to make it prompt me when I double click on the icon in Windows XP? Jason - Original Message - From: Slavisa Popravak [EMAIL PROTECTED] To: Jason [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 11:48 PM Subject: Re: [Samba] Samba and Windows XP Jason wrote: I am trying to setup a samba server on Redhat Fedora 2 and trying to connect to it through Windows XP Professional. This samba server is a standalone server. I can see it in the Network Places. Every time I try to connect to it I get the following error in Windows. \\Samba is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The network path was not found. Here is my smb.conf file that I created using SWAT. Can anyone help me? Thank You Jason # Samba config file created using SWAT # from 192.168.1.2 (192.168.1.2) # Date: 2004/09/15 23:22:05 # Global parameters [global] log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No ldap ssl = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 hosts allow = 192.168.1., 192.168.2., 127. [homes] comment = Home Directories path = /home read only = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [myshare] comment = Jason Test Share path = /home/jason valid users = jason read only = No create mask = 0765 Did you create username jason on server as a samba user?? smbpasswd -a jason Then enter password, and when later try to connect to server suply that username and password. -- Slavia Popravak inenjer informatike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba I think that samba will allways ask you for username and password, when try to connect. Maybe you should do some configuration with your windows machine. Try to log on your win box with the same username and pass, as you created them on samba server. , and if it works it could be problem with win configuration,... or Check samba status/etc/init.d/smb status /etc/init.d/nmb status or Check local file permission on share that you want to access. Samba is configured to allow access to share to Jason, but local file permission should be configured to allow him access to. When you try to access some share, it's chesked local and share permission. -- Slavia Popravak inenjer informatike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Telefona con Email.it Phone Card, tanti minuti di conversazione con il massimo del risparmio, clicca qui Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2687d=16-9 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows XP
Just another easy try, did you install SP2 on XP? Is the firewall on? Cheers Simone Jason Johnson wrote: That gave me an invalid password error. Even though my password is correct. This is the strangest thing I have ever seen - Original Message - From: Simone [EMAIL PROTECTED] To: Jason Johnson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 1:23 AM Subject: Re: [Samba] Samba and Windows XP Hi, it could be a stupid thing to try, but I was thinking you could try to connect using net use. This way you provide credential even if you're not prompted. net use Z: \\ipsambaserver\sharename /USER:jason password:yourpassword Have a nice day Simone Jason Johnson wrote: Samba appears to be up [EMAIL PROTECTED] samba]# /etc/init.d/smb status smbd (pid 1988) is running... nmbd (pid 1992) is running... Local file permissions on the directory appear to be fine [EMAIL PROTECTED] home]# ls -al /home/jason total 24 drwxr-xr-x 2 jason jason 4096 Aug 31 15:05 . drwxr-xr-x 4 root root 4096 Aug 31 13:20 .. -rw--- 1 jason jason 34 Sep 15 21:07 .bash_history -rw-r--r-- 1 jason jason 24 Aug 31 13:20 .bash_logout -rw-r--r-- 1 jason jason 191 Aug 31 13:20 .bash_profile -rw-r--r-- 1 jason jason 124 Aug 31 13:20 .bashrc [EMAIL PROTECTED] home]# My Windows XP account name is Jason with the same password that I use for samba. I do not see anywhere in windows where I can configure anything. When I go into My Network Places on Windows XP and choose View Workgroup Computers. I see the samba server icon. When I double click it it does not give me any prompt for a username and password. It just pops up that error message that I pasted in my initial email. If there is an area in Windows XP that I need to configure. Please let me know Jason - Original Message - From: Slavisa Popravak [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 12:32 AM Subject: Re: [Samba] Samba and Windows XP Jason Johnson wrote: I just created the samba user 'jason' now. However, it never prompts me to enter in a username or password. Is there some security setting that I need to enable on the samba side to make it prompt me when I double click on the icon in Windows XP? Jason - Original Message - From: Slavisa Popravak [EMAIL PROTECTED] To: Jason [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 11:48 PM Subject: Re: [Samba] Samba and Windows XP Jason wrote: I am trying to setup a samba server on Redhat Fedora 2 and trying to connect to it through Windows XP Professional. This samba server is a standalone server. I can see it in the Network Places. Every time I try to connect to it I get the following error in Windows. \\Samba is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The network path was not found. Here is my smb.conf file that I created using SWAT. Can anyone help me? Thank You Jason # Samba config file created using SWAT # from 192.168.1.2 (192.168.1.2) # Date: 2004/09/15 23:22:05 # Global parameters [global] log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No ldap ssl = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 hosts allow = 192.168.1., 192.168.2., 127. [homes] comment = Home Directories path = /home read only = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [myshare] comment = Jason Test Share path = /home/jason valid users = jason read only = No create mask = 0765 Did you create username jason on server as a samba user?? smbpasswd -a jason Then enter password, and when later try to connect to server suply that username and password. -- Slavia Popravak inenjer informatike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba I think that samba will allways ask you for username and password, when try to connect. Maybe you should do some configuration with your windows machine. Try to log on your win box with the same username and pass, as you created them on samba server. , and if it works it could be problem with win configuration,... or Check samba status/etc/init.d/smb status /etc/init.d/nmb status or Check local file permission on share that you want to access. Samba is configured to allow access to share to Jason, but local file permission should be configured to allow him access to. When you try to access some share, it's chesked local and share permission. -- Slavia Popravak inenjer informatike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Unico, innovativo
Re: [Samba] Samba cannot authenticate users from child domain
I'll try to post it again..
Have a nice day
Simone wrote:
Hi,
I've been searching a solution for this with no luck for the last 5
days, so I thought I'd finally need help.
We have a ADS primary domain, samba 3.0..4-6.3E on RHEL as a domain
member. The parent domain say MEDIA.COM has a child domain
CHILD.MEDIA.COM. People from the parent domain can access tha shares
with no problem , but I can't find a way to make users from the child
domain access any share. We use winbind for auth, and security=ads.
I've been trying to add valid users to the share via:
valid users = CHILD\user CHILD.MEDIA.COM\user
Here's a short cut of my smb.conf :
realm : MEDIA.COM
auth methods = winbind
security = ads
password server = ip_parentdomain_dc ip_childdomain_dc
and here's krb5.conf:
[realms]
MEDIA.COM = {
kdc = ip_parentdomain_dc:88
admin_server = ip_parentdomain_dc:749
default_domain = media.com
}
[domain_realm]
media.com = MEDIA.COM
.media.com = MEDIA.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf (this file doesn't exist.)
If I try to access share \\mediasrvsamba\data from a winxp pc where
I'm logged as CHILD\user I get an error in the logs saying couldn't
find user MEDIA\user.
I guess it cannot find it because it is searching in the parent domain
rather than the child domain.
Thanks very much for any help, hope I've been able to explain myself.
Simone
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
La vera mozzarella di Bufala Campana la trovi fresca su
Terrasolis.com, provala!
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2499d=15-9
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba cannot authenticate users from child domain
Hi,
I've been searching a solution for this with no luck for the last 5
days, so I thought I'd finally need help.
We have a ADS primary domain, samba 3.0..4-6.3E on RHEL as a domain
member. The parent domain say MEDIA.COM has a child domain
CHILD.MEDIA.COM. People from the parent domain can access tha shares
with no problem , but I can't find a way to make users from the child
domain access any share. We use winbind for auth, and security=ads. I've
been trying to add valid users to the share via:
valid users = CHILD\user CHILD.MEDIA.COM\user
Here's a short cut of my smb.conf :
realm : MEDIA.COM
auth methods = winbind
security = ads
password server = ip_parentdomain_dc ip_childdomain_dc
and here's krb5.conf:
[realms]
MEDIA.COM = {
kdc = ip_parentdomain_dc:88
admin_server = ip_parentdomain_dc:749
default_domain = media.com
}
[domain_realm]
media.com = MEDIA.COM
.media.com = MEDIA.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf (this file doesn't exist.)
If I try to access share \\mediasrvsamba\data from a winxp pc where I'm
logged as CHILD\user I get an error in the logs saying couldn't find
user MEDIA\user.
I guess it cannot find it because it is searching in the parent domain
rather than the child domain.
Thanks very much for any help, hope I've been able to explain myself.
Simone
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
La vera mozzarella di Bufala Campana la trovi fresca su Terrasolis.com, provala!
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2499d=15-9
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login restrictions through winbind
In smb.conf you can allow users via valid users = DOMAIN\user or deny to specific users via invalid users = DOMAIN\user It works for me. Regards Simone Wong, G. MR EECS wrote: I have successfully setup a Red Hat Enterprise Linux AS 3.0 server that allows Windows AD Users to login to it(through winbind). The problem is that ALL such users can now do so. Is there a way to control which users are allowed to login while others are denied access? -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Biscotti perfetti? Metti la pasta dentro allo Sparabiscotti e...click click... biscotti pronti per essere infornati! Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2745d=13-9 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Samba 3.0.4 and Windows 2003 Server.
Hej, guess you need to provide a bit more info :-) Ha en bra dag Simone Mikael Olofsson wrote: Hi! We are running both Samba 2.2.7 and on some machines 3.0.4 but I have troubles with our windows 2003 server and samba 3.0.4. Samba 2.2.7 shares works fine. Can anybody help me with this? -- Mikael Olofsson Stendahls.net Vasagatan 7 SE-411 24 Göteborg, Sweden Tel. +46 (0)31-77 444 92 Fax. +46 (0)31-77 444 80 -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Vuoi acquistare con sconti esclusivi? Con EmailConto Risparmio puoi scontare fino al 20% i tuoi acquisti! * Prova subito la convenienza cliccando qui. Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=837d=20-8 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA from start
Hi, not giving much info on your goal, but definitely this is a good start: http://samba.mirror.ac.uk/samba/docs/ http://samba.mirror.ac.uk/samba/docs/man/howto/ http://samba.mirror.ac.uk/samba/docs/man/guide/ Cheers S At 23:11 25/05/2004, Leigh Daubermann wrote: I am a newbie, where the heck do I start? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=d=25-5 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA from start
Well, to find out what version you are running, from a shell type smbd -V and it will give you the version. You are on the right bus, but the right settings for samba are related to the environment you are in, and what you want to achieve. So probably you should post some more info on it. Simone At 23:31 25/05/2004, you wrote: Ta Have been through a couple of readme's and howto's but g How would I find out what version of SAMBA I am running. I just bought and installed suse 7.3, managed to install the whole toot on my notebook. It is just enabling it to work with LAN. As I understand SAMBA is the way to go when you want to set up a windows called network neighborhood and file sharing etc. Unless I'm on the wrong bus - Original Message - From: Simone [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 5:19 AM Subject: Re: [Samba] SAMBA from start Hi, not giving much info on your goal, but definitely this is a good start: http://samba.mirror.ac.uk/samba/docs/ http://samba.mirror.ac.uk/samba/docs/man/howto/ http://samba.mirror.ac.uk/samba/docs/man/guide/ Cheers S At 23:11 25/05/2004, Leigh Daubermann wrote: I am a newbie, where the heck do I start? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=d=25-5 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=d=25-5 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SID of samba domain?
Hi, if I'm not wrong it should be: net getlocalsid Cheers Simone At 19:47 20/05/2004, Jose Martinez wrote: How do I find out the SID of my samba domain? And how do I migrate this SID to another machine when I migrate my domain over. PLEASE HELP! Thanks Jose -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=d=21-5 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Valid users question
Hi, this worked for me: valid users = '@DOMAINNAME\GROUP' in my smb.conf I have valid users = '@DOMAINNAME\Domain Users' and I mapped 'Domain Users' to unixgroup domusers. Hope this helps Ciao At 01:05 21/05/2004, Michael Andrewjeski wrote: Hi, I've a question about the syntax of the valid users option. Any help is greatly appreciated! Here is the Background: samba 3.0.4 Linux as Domain Member Active Directory, not in Native Mode Compiler opions: --with-winbind --with-pam --with-smbmount The goal is to authenticate via the Windows Domain and allow access via Windows groups. The syntax in my smb.conf looks like this: valid users = DOMAIN\SOMEGROUP However, it doesn't work no matter what. I can authenticate individual users thusly: valid users = DOMAIN\SOMEUSER I've read about the @ + and syntax, but they only seem to represent Unix Nis groups. Is there another way to represent Windows groups? Or is my config the culprit? Here's the conf file: smb.conf: [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = DOMAIN # WINS service winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes wins server = XXX.XXX.XXX.XXX password server = * server string = SAMBA log file = /var/log/samba/%m.log max log size = 0 log level = 10 security = domain auth methods = guest sam ntdomain encrypt passwords = yes local master = no dns proxy = no [SOMESHARE] comment = Some Share path = /d1/articles public = no writable = yes printable = no valid users = DOMAIN\SOMEGROUP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=d=21-5 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd growing
Hi list, I have a samba 3.0.2a running on a Red Hat EL 3.0 in a ADS win2k domain. The server is a domain member and all is working just fine. People connect to the shares using kerberos, no problems. I'm a bit worried cause winbindd is growing every day, if I look at the running processes through webmin I get 9972 root166452 kBwinbindd-B This morning the process was 139000 Kb. Last week I've had samba crashing for the first time, or better, winbindd crashing, cause restarting it solved the problem. What I could check before restarting winbindd was it's size around 14Kb. Is it normal that winbindd grows that much? We have only 40 clients and the traffic is not heavy at all. As usual any suggestion really appreciated. Have a nice day Simone -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd/network freeze samba
.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) Is it ok that SID for domain is FBCMEDIA.COM S-0-0 ?? If I do net getlocalsid fbcmedia I get S-1-5-21-735.and so on. All net commands and groupmappings are working, wbinfo ok. messages.log May 5 14:52:44 fbcsrvsmb01 smbd[8786]: write_socket_data: write failure. Error = Broken pipe May 5 14:52:44 fbcsrvsmb01 smbd[8786]: [2004/05/05 14:52:44, 0] lib/util_sock.c:write_socket(413) May 5 14:52:44 fbcsrvsmb01 smbd[8786]: write_socket: Error writing 61503 bytes to socket 5: ERRNO = Broken pipe May 5 14:52:44 fbcsrvsmb01 smbd[8786]: [2004/05/05 14:52:44, 0] lib/util_sock.c:send_smb(605) May 5 14:52:44 fbcsrvsmb01 smbd[8786]: Error writing 61503 bytes to client. -1. (Broken pipe) May 5 14:52:50 fbcsrvsmb01 smbd[8915]: [2004/05/05 14:52:50, 0] lib/util_sock.c:read_socket_data(342) May 5 14:52:50 fbcsrvsmb01 smbd[8915]: read_socket_data: recv failure for 4. Error = Connection reset by peer May 5 14:53:29 fbcsrvsmb01 smbd[3587]: [2004/05/05 14:53:28, 0] lib/util_sock.c:read_socket_data(342) May 5 14:53:29 fbcsrvsmb01 smbd[3587]: read_socket_data: recv failure for 4. Error = Connection reset by peer May 5 14:54:25 fbcsrvsmb01 smbd[8953]: [2004/05/05 14:54:25, 0] lib/util_sock.c:read_socket_data(342) May 5 14:54:25 fbcsrvsmb01 smbd[8953]: read_socket_data: recv failure for 4. Error = Connection reset by peer May 5 14:54:34 fbcsrvsmb01 smbd[8959]: [2004/05/05 14:54:34, 0] lib/util_sock.c:read_socket_data(342) May 5 14:54:34 fbcsrvsmb01 smbd[8959]: read_socket_data: recv failure for 4. Error = Connection reset by peer May 5 14:54:54 fbcsrvsmb01 smbd[8969]: [2004/05/05 14:54:54, 0] lib/util_sock.c:get_peer_addr(952) May 5 14:54:54 fbcsrvsmb01 smbd[8969]: getpeername failed. Error was Transport endpoint is not connected May 5 14:54:54 fbcsrvsmb01 smbd[8969]: [2004/05/05 14:54:54, 0] lib/util_sock.c:get_peer_addr(952) May 5 14:54:54 fbcsrvsmb01 smbd[8969]: getpeername failed. Error was Transport endpoint is not connected May 5 14:54:54 fbcsrvsmb01 smbd[8969]: [2004/05/05 14:54:54, 0] lib/access.c:check_access(328) May 5 14:54:54 fbcsrvsmb01 smbd[8969]: [2004/05/05 14:54:54, 0] lib/util_sock.c:get_peer_addr(952) May 5 14:54:54 fbcsrvsmb01 smbd[8969]: getpeername failed. Error was Transport endpoint is not connected May 5 14:54:54 fbcsrvsmb01 smbd[8969]: Denied connection from (0.0.0.0) May 5 14:54:54 fbcsrvsmb01 smbd[8969]: [2004/05/05 14:54:54, 0] lib/util_sock.c:get_peer_addr(952) May 5 14:54:54 fbcsrvsmb01 smbd[8969]: getpeername failed. Error was Transport endpoint is not connected May 5 14:54:54 fbcsrvsmb01 smbd[8969]: Connection denied from 0.0.0.0 What does it mean connection denied from 0.0.0.0? I have logs 0.0.0.0.log in the log dir, what does it mean? I have been looking in the mailing list and googling in the last two days, but I couldn't find a final answer. It looks like it can be related to network problems (but restarting service network wouldn't fix it I think) or iptables, but it looks and manifest like a random issue. It has been working fine for many days, and nothing has been changed lately. If you're still there, thanks for reading. Any idea is really welcome, and much more welcome if possible, would be a hint on how to monitor the linux box (for ex how can I understand what froze the network?) , which tools to use (I can figure out myself how to use them, not asking for a tutorial), so that I can be much more useful to the list than just ask for help ;-) Thanks for you time Simone --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.677 / Virus Database: 439 - Release Date: 04/05/2004 Errore Apertura DB -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Redhat AS 3
I'm using Whiteboxlinux which is compiled from the red hat EL 3 source. I used the samba-3.0.2-6.3E.i386.rpm and if I run a smbd -b, it doesn't show any entry for ldapsam_compat. Don't know if this is correct or a good test, I'm definitely not an expert. Hope it helps. Have a good day Simone - Original Message - From: jamie [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 01, 2004 3:07 AM Subject: [Samba] Redhat AS 3 Does anyone know if on Redhat AS 3, The Samba 3 Rpms have ldapsam_compat compiled in? I am trying to get it working and so far not having any luck. - Jamie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.647 / Virus Database: 414 - Release Date: 30/03/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Avoiding users change permissions
Hi, I finally set up samba 3 with ads, and acl support and everything works just great. The server is an AMD Duron 1200Mhz, 256Mb 266Mhz Ram, 2 ATA100 disks 10 Gb RAID1, 2 ATA133 200Gb RAID1 disks each one master on a separate ide port. Forgive my english, it's my 17th consecutive hour at work and I'm pretty tired. This server, that it's going to replace a win2k box, it's a fileserver, member of the active directory and has many shares that all users of the domain can access and modify. I would like to avoid people to accidentally change permissions, while Domain Admins should be able to do it. Here my smb.conf: [data] path = /samba/shares/data comment = data folder read only = no browseable = yes valid users = '@DOMAIN\Domain Users' create mask = 0770 directory mask = 0770 directory security mask = security mask = inherit acls = yes admin users = '@Domain Admins' In this case no one can change permissions, not even the Admins Group. If users try to do it they can only add new users to the share and finally end up being unable to get into the share again. Before bothering you with this, I red the smb.conf man but couldn't completely figure out all the parameters that decide permissions (directory mask and security mask are clear but I've seen the parameter security mode and I couldn't undestrand how to use it since the example given is to allow everyone to change permissions and I have not been able to find any other example googlingmy fault probably). I know I've been a bit confusing, but in the end I think you understood what is my goal. I'm going on experimenting and googling, but if there's anyone that already fixed this, I would really appreciate to be pointed in the right direction. (docs or whatever can help). Another couple question, I'm moving all users share 12Gb from the win2k server to samba and I'm seeing an heavy memory load while cpu is never more than 40% with an average of 10%, is it normal? here's result of free: [EMAIL PROTECTED] root]# free total used free shared buffers cached Mem: 255872 253464 2408 0 7548 90280 -/+ buffers/cache: 155636 100236 Swap: 522040 36556 485484 Last question, I can choose Fedora or Slackware 9.1 (both already set up) and choose between kernel 2.4 and 2.6 (already compiled in both distro's). Would I have any appreciable benefit from using 2.6.4 kernel (apart from ACL native support) or is better to go for a more stable 2.4 kernel? Are you still there??? Well, thanks for going this far. If anyone has any suggestion that would be very appreciated, it's my first server... Have a nice day --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.642 / Virus Database: 410 - Release Date: 25/03/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Active Directory Permissions RESOLUTION
Hi everyone. I'm running into the same problem. I've set up slackware 9.1 with kernel 2.6.4 to have acl support for ext3 (tried also to work with kernel 2.4.25 + patch acl), samba 3.0.2a. Joined the domain as a member and followed instructions in the acl howto. Samba is working and I can set up shares using winbind authentication, just fine. The problem is with acl if I try to set from a win2k box. I can change permissions only on files and not on folders, and only on the already present users (can't add or remove anyone). I've been testing many options (security mask, directory security mask, create mask/directory) and I have set admin users '@DOMAIN\Domain Admins' but still no success. Here's my share conf: [acl] path = /samba/acl the folder is owned by user simone that is part of the Domain Admin group valid users = DOMAIN\simone read only = no browseable = yes admin users = DOMAIN\simone create mask = 0770 directory mask = 0770 directory security mask = 0700 What am I missing? I can get into the share and create new folders, but when I try to change permissions I get error unable to save permissions. I've been searching through the last 6158 messages on the list and followed hints but unsuccessful. Any help would be greatly appreciated since I am lost at the moment. PS I have not created any local samba user, not even root, users are only from domain Thanks Simone - Original Message - From: John Petro [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 19, 2004 8:58 PM Subject: RE: [Samba] Samba and Active Directory Permissions RESOLUTION All, Thanks for the responses. There were two things I had to do to get this to work. The first thing was I had to change the readonly attribute in the smb.conf to NO. I also noticed that there was an error in my /etc/fstab so that the options were not read in for some reason. Once I fixed this and re-mounted the filesystem with the ACL option, I was able to do what I needed to do. Thanks again for all your responses. --John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Petro Sent: Thursday, March 18, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba and Active Directory Permissions All, I am currently running Samba 3.0.2a on a RHEL3 server. I would like to use the extended file systems permissions through windows, but I haven't had much luck. Here is how I am set up My linux box is joined to my AD domain and appears to be functioning correctly. I also have winbind set up, and functioning, although I still have some tweaking to do, it is assigning user and group ids as I would expect it to. I can create a share ok via Samba or active directory users and computers with out a problem. However, once I create this share, and I mount it on a windows client, I can't do anything as far as setting or deligating permissions. When I look at the folder properties, it says the folder it owned by root on my linux server. It will not let me change the ownership to any other user. I get a error that says something to the effect that I don't have the rights to change the permissions. Has anyone had this issue, and do you know what I can do to get around this. I really don't want to go to a windows platform for my fileservices. --John -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.631 / Virus Database: 404 - Release Date: 18/03/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Active Directory Permissions
Thank you very much for your reply. I'm trying to change permissions on a folder underneath. Basically I create a folder in /acl and then I try to change permissions. I will try to have a local unix user to be admin and I'll post back if it's the answer. Once again thanks for your help Simone - Original Message - From: John Petro [EMAIL PROTECTED] To: Simone [EMAIL PROTECTED] Sent: Saturday, March 20, 2004 5:13 PM Subject: RE: [Samba] Samba and Active Directory Permissions RESOLUTION Are you setting the permissions on the /acl directory? Or a folder underneath. It sounds like a permission problem. I ended up having a local unix user be the admin user and so I haven't seen the same issue you are having. --John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simone Sent: Saturday, March 20, 2004 7:07 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Samba and Active Directory Permissions RESOLUTION Hi everyone. I'm running into the same problem. I've set up slackware 9.1 with kernel 2.6.4 to have acl support for ext3 (tried also to work with kernel 2.4.25 + patch acl), samba 3.0.2a. Joined the domain as a member and followed instructions in the acl howto. Samba is working and I can set up shares using winbind authentication, just fine. The problem is with acl if I try to set from a win2k box. I can change permissions only on files and not on folders, and only on the already present users (can't add or remove anyone). I've been testing many options (security mask, directory security mask, create mask/directory) and I have set admin users '@DOMAIN\Domain Admins' but still no success. Here's my share conf: [acl] path = /samba/acl the folder is owned by user simone that is part of the Domain Admin group valid users = DOMAIN\simone read only = no browseable = yes admin users = DOMAIN\simone create mask = 0770 directory mask = 0770 directory security mask = 0700 What am I missing? I can get into the share and create new folders, but when I try to change permissions I get error unable to save permissions. I've been searching through the last 6158 messages on the list and followed hints but unsuccessful. Any help would be greatly appreciated since I am lost at the moment. PS I have not created any local samba user, not even root, users are only from domain Thanks Simone - Original Message - From: John Petro [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 19, 2004 8:58 PM Subject: RE: [Samba] Samba and Active Directory Permissions RESOLUTION All, Thanks for the responses. There were two things I had to do to get this to work. The first thing was I had to change the readonly attribute in the smb.conf to NO. I also noticed that there was an error in my /etc/fstab so that the options were not read in for some reason. Once I fixed this and re-mounted the filesystem with the ACL option, I was able to do what I needed to do. Thanks again for all your responses. --John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Petro Sent: Thursday, March 18, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba and Active Directory Permissions All, I am currently running Samba 3.0.2a on a RHEL3 server. I would like to use the extended file systems permissions through windows, but I haven't had much luck. Here is how I am set up My linux box is joined to my AD domain and appears to be functioning correctly. I also have winbind set up, and functioning, although I still have some tweaking to do, it is assigning user and group ids as I would expect it to. I can create a share ok via Samba or active directory users and computers with out a problem. However, once I create this share, and I mount it on a windows client, I can't do anything as far as setting or deligating permissions. When I look at the folder properties, it says the folder it owned by root on my linux server. It will not let me change the ownership to any other user. I get a error that says something to the effect that I don't have the rights to change the permissions. Has anyone had this issue, and do you know what I can do to get around this. I really don't want to go to a windows platform for my fileservices. --John -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.631 / Virus Database: 404 - Release Date: 18/03/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman
Re: [Samba] INTERNAL ERROR: Signal 11 in smbd (samba 3.0.2a)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: | Can you compile with debug symbols included (-g) so we can | get some info as to chat line this is failing on ? | | Thanks, | | Jeremy. Mmm... I'm not very used to gdb... anyway, I've compiled smbd with the - --enable-debug switch on (via ./configure). Firing gdb --pid to attach to a running process, and waiting for it to crash, I've obtained the following data: (gdb) info program ~Using the running image of attached process 6930. Program stopped at 0x81a78ea. It stopped with signal SIGSEGV, Segmentation fault. (gdb) backtrace #0 0x081a78ea in get_stored_queue_info () #1 0x081a7c49 in print_queue_status () #2 0x0810cf00 in _spoolss_enumjobs () #3 0x080fee9a in api_spoolss_enumjobs () #4 0x0812a19c in api_rpcTNP () #5 0x08129f1e in api_pipe_request () #6 0x08124484 in process_request_pdu () #7 0x08124671 in process_complete_pdu () #8 0x081248f6 in process_incoming_data () #9 0x08124ab3 in write_to_internal_pipe () #10 0x08124a33 in write_to_pipe () #11 0x08087feb in api_fd_reply () #12 0x080881d7 in named_pipe () #13 0x08088beb in reply_trans () #14 0x080bd4f5 in switch_message () #15 0x080bd581 in construct_reply () #16 0x080bd891 in process_smb () #17 0x080be2fd in smbd_process () #18 0x081ea34b in main (argc=2, argv=0xbad4) at smbd/server.c:887 #19 0x4026c306 in __libc_start_main (main=0x81e9ac8 main, argc=2, ~ubp_av=0xbad4, init=0x8075420 _init, fini=0x81ea5f0 _fini, ~rtld_fini=0x4000d2fc _dl_fini, stack_end=0xbacc) ~at ../sysdeps/generic/libc-start.c:129 (gdb) info frame Stack level 0, frame at 0xb018: ~ eip = 0x81a78ea in get_stored_queue_info; saved eip 0x81a7c49 ~ called by frame at 0xb168 ~ Arglist at 0xb018, args: ~ Locals at 0xb018, Previous frame's sp is 0x0 ~ Saved registers: ~ ebx at 0xb00c, ebp at 0xb018, esi at 0xb010, edi at 0xb014, ~ eip at 0xb01c (note: info locals seems to have some problem (no symbol table) but as I've said, I'm not used to gdb). Do you need any more data ? There's some more testing I can do ? (And, by the way, thanks in advance). - -- Simone Lazzaris Task84 S.p.A. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAPw4b/38nB9eqrJYRArxGAKCt730+rfKcjI9JJLvMnAX7Syd4tQCguLZk 4jfuLejqZiacFqYN7Qx1+nM= =CuBq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] INTERNAL ERROR: Signal 11 in smbd (samba 3.0.2a)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As I've said, I'm not vary proficient with gdb... here are another
inspection (maybe more useful this time).
Program received signal SIGSEGV, Segmentation fault.
0x082071ab in get_stored_queue_info (pdb=0x8397e68, snum=6,
pcount=0xb064,
~ppqueue=0xb1ac) at printing/printing.c:2186
2186jobid = IVAL(cgdata.dptr, i*4);
(gdb) print i
$2 = 1012
(gdb) print extra_count
$3 = 1130
(gdb) print cgdata.dsize
$4 = 4520
(gdb) print cgdata.dsize/4
$5 = 1130
(gdb) print cgdata
$6 = {dptr = 0x83bff20 ~\006, dsize = 4520}
(gdb) l
2181/* Add in the changed jobids. */
2182for( i = 0; i extra_count; i++) {
2183uint32 jobid;
2184struct printjob *pjob;
2185
2186jobid = IVAL(cgdata.dptr, i*4);
2187DEBUG(5,(get_stored_queue_info: changed job =
%u\n,
(unsigned int)jobid));
2188pjob = print_job_find(snum, jobid);
2189if (!pjob) {
2190DEBUG(5,(get_stored_queue_info: failed to
find changed job = %u\n, (unsigned int)jobid));
(gdb)
(gdb) backtrace
#0 0x082071ab in get_stored_queue_info (pdb=0x8397e68, snum=6,
~pcount=0xb064, ppqueue=0xb1ac) at printing/printing.c:2186
#1 0x0820763a in print_queue_status (snum=6, ppqueue=0xb1ac,
~status=0xb1b0) at printing/printing.c:2283
#2 0x0813c149 in _spoolss_enumjobs (p=0x839c530, q_u=0xb320,
~r_u=0xb310) at rpc_server/srv_spoolss_nt.c:6517
#3 0x0812a99c in api_spoolss_enumjobs (p=0x839c530)
~at rpc_server/srv_spoolss.c:693
#4 0x08160654 in api_rpcTNP (p=0x839c530, rpc_name=0x839c53e spoolss,
~api_rpc_cmds=0x82dab84, n_cmds=51) at rpc_server/srv_pipe.c:1530
#5 0x081602d3 in api_pipe_request (p=0x839c530) at
rpc_server/srv_pipe.c:1476
#6 0x08159081 in process_request_pdu (p=0x839c530, rpc_in_p=0xb530)
~at rpc_server/srv_pipe_hnd.c:669
#7 0x0815931f in process_complete_pdu (p=0x839c530)
~at rpc_server/srv_pipe_hnd.c:741
#8 0x08159687 in process_incoming_data (p=0x839c530, data=0x83969b8 (,
n=48)
~at rpc_server/srv_pipe_hnd.c:839
#9 0x081598b3 in write_to_internal_pipe (np_conn=0x839c530,
~data=0x83969b8 (, n=64) at rpc_server/srv_pipe_hnd.c:878
#10 0x0815981a in write_to_pipe (p=0x839c3f0, data=0x83969a8 \005, n=64)
~at rpc_server/srv_pipe_hnd.c:861
#11 0x0808e605 in api_fd_reply (conn=0x8397810, vuid=100,
~outbuf=0x40547008 , setup=0x82f5830, data=0x83969a8 \005,
params=0x0,
~suwcnt=2, tdscnt=64, tpscnt=0, mdrcnt=1024, mprcnt=0) at smbd/ipc.c:306
#12 0x0808e889 in named_pipe (conn=0x8397810, vuid=100,
outbuf=0x40547008 ,
~name=0xb716 , setup=0x82f5830, data=0x83969a8 \005, params=0x0,
~suwcnt=2, tdscnt=64, tpscnt=0, msrcnt=0, mdrcnt=1024, mprcnt=0)
~at smbd/ipc.c:350
#13 0x0808f674 in reply_trans (conn=0x8397810, inbuf=0x40526008 ,
~outbuf=0x40547008 , size=152, bufsize=16644) at smbd/ipc.c:558
#14 0x080d5a4c in switch_message (type=37, inbuf=0x40526008 ,
~outbuf=0x40547008 , size=152, bufsize=16644) at smbd/process.c:767
#15 0x080d5b08 in construct_reply (inbuf=0x40526008 ,
outbuf=0x40547008 ,
~size=152, bufsize=16644) at smbd/process.c:797
#16 0x080d5eb0 in process_smb (inbuf=0x40526008 , outbuf=0x40547008 )
~at smbd/process.c:897
#17 0x080d6c88 in smbd_process () at smbd/process.c:1328
#18 0x08258e07 in main (argc=2, argv=0xbac4) at smbd/server.c:887
#19 0x4026c306 in __libc_start_main (main=0x8258584 main, argc=2,
~ubp_av=0xbac4, init=0x80754a0 _init, fini=0x8259160 _fini,
~rtld_fini=0x4000d2fc _dl_fini, stack_end=0xbabc)
~at ../sysdeps/generic/libc-start.c:129
(gdb) print cgdata
$7 = {dptr = 0x83bff20 ~\006, dsize = 4520}
- --
Simone Lazzaris
Task84 S.p.A.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAPzgv/38nB9eqrJYRAq8YAKCl8owvKLC+eVx62OfpsMM6BXGaOwCfZwyL
YT2ux6RgMktgLpJbIMNkkEU=
=2QsD
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] INTERNAL ERROR: Signal 11 in smbd (samba 3.0.2a)
name = utprint [UTHPGL_5] ~ comment = HP laserjet 5000 HPGL 5e ufficio tecnico ~ directory = /var/spool/samba ~ browseable = yes ~ public = yes ~ printable = yes ~ create mode = 0700 ~ valid users = @uftec ~ guest ok = no ~ read only = yes ~ printer name = utprint [UTHPGL_6] ~ comment = HP laserjet 5000 HPGL 6e ufficio tecnico ~ directory = /var/spool/samba ~ browseable = yes ~ public = yes ~ printable = yes ~ create mode = 0700 ~ valid users = @uftec ~ guest ok = no ~ read only = yes ~ printer name = utprint [UTEPLAFR] ~ comment = HP laserjet 5000 HPGL 5e x Eplan Fronte/Retro ufficio tecnico ~ directory = /var/spool/samba ~ browseable = yes ~ public = yes ~ printable = yes ~ create mode = 0700 ~ valid users = @uftec ~ guest ok = no ~ read only = yes ~ printer name = utprint [UTEPLA_S] ~ comment = HP laserjet 5000 HPGL 5e x Eplan Singolo ufficio tecnico ~ directory = /var/spool/samba ~ browseable = yes ~ public = yes ~ printable = yes ~ create mode = 0700 ~ valid users = @uftec ~ guest ok = no ~ read only = yes ~ printer name = utprint [UTHP_GEN] ~ comment = HP laserjet 5000 generica ufficio tecnico ~ directory = /var/spool/samba ~ browseable = yes ~ public = yes ~ printable = yes ~ create mode = 0700 ~ valid users = @uftec ~ guest ok = no ~ read only = yes ~ printer name = utprint [UTHPFAST] ~ comment = HP laserjet 5000 prioritaria ufficio tecnico ~ directory = /var/spool/samba ~ browseable = yes ~ public = yes ~ printable = yes ~ create mode = 0700 ~ valid users = @uftec ~ guest ok = no ~ read only = yes ~ printer name = utprint [lav] ~ comment = Lavori progrettazione ~ path = /home/prg/lavori ~ public = no ~ writable = yes ~ printable = no ~ valid users = @amminrete @analogico @lamiera @col_ana @col_lam ~ force create mode = 660 ~ force directory mode = 770 [apps] ~ comment = Applicazioni comuni ~ path = /home/prg/applicazioni ~ public = no ~ writable = yes ~ printable = no ~ valid users = @amminrete @analogico @lamiera @col_ana @col_lam @direzione @uftec @amministrazione ~ force create mode = 660 ~ force directory mode = 770 [uftec] ~ comment = Ufficio Tecnico ~ path = /home/gest/ut ~ public = no ~ writable = yes ~ printable = no ~ valid users = @uftec ~ force create mode = 660 ~ force directory mode = 770 [direz] ~ comment = Direzione ~ path = /home/gest/direzione ~ public = no ~ writable = yes ~ printable = no ~ valid users = @direzione ~ force create mode = 660 ~ force directory mode = 770 [ammin] ~ comment = Amministrazione ~ path = /home/gest/amministrazione ~ public = no ~ writable = yes ~ printable = no ~ valid users = @amministrazione ~ force create mode = 660 ~ force directory mode = 770 [com] ~ comment = cartella con file in comune ~ path = /home/gest/comuni ~ public = no ~ writable = yes ~ printable = no ~ force create mode = 666 ~ force directory mode = 770 Note: we need to address the very same printer with different names (due to some limitation in some legacy application). utprint002 is actualy the same printer duplicated in CUPS, and seems to works. Duplicating printers via samba seems to have some trouble (but this is NOT a scientific analisys). Any help ? - -- Simone Lazzaris Task84 S.p.A. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAPgps/38nB9eqrJYRArBPAKCq+dqvJzfnJBHOYGp1NYPionO4egCfdEyt cG9cLGvkm12XsGEHqxvb+MU= =o9Hg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to use Samba 3.0.1 as PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I'm trying to use Samba 3.0.1 on a RedHat 7.0 system as a PDC, with tdbsam as a backend, migrating from a NT4.0 PDC (the machine on which NT4 is running is going to be dismessed). I've manually created the user accounts as local users, I've manually populated passdb.tdb, setting SIDs and RIDs identical to the existing ones (manually obtained with 'getsid' on the NT4 machine). I've manually created the local groups, and mapped the existing nt4 groups onto them. I've create a machine account as a local user and added with 'smbpasswd - -a -m' to the database. All seems fine, but it's not working. Disconnecting the existing NT4 server and restarting samba as a PDC, I cannot log on from the other servers/workstations. Note that accessing the shares without accessing the domain works as usual. The error message I've got from a Win2000 server (and also from another NT4 workstation) was something like incorrect user namo or password. I've tryed to figure out what's not working, upping the debug level to 3, and the only thing that I've found suspicous is [2004/01/28 16:43:09, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) ~ _samr_open_domain: ACCESS DENIED (requested: 0x0211) I'm including also my smb.conf file: ~ BEGIN of SMB.CONF [global] ~ netbios name = FS5 ~ idmap uid = 1-2 ~ idmap gid = 1-2 ~ winbind enum users = yes ~ winbind enum groups = yes ~ workgroup = Task_84 ~ server string = Server FS5 ~ printcap name = /etc/printcap ~ load printers = yes ~printing = cups ~ guest account = nobody ~ map to guest = never ~ log file = /var/log/samba/samba3.log ~ log level = 3 ~ max log size = 0 ~ security = user ~ encrypt passwords = yes ~ passdb backend = tdbsam:/usr/local/samba3/lib/passdb.tdb ~ unix password sync = Yes ~ passwd program = /usr/bin/passwd %u ~ passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* ~ socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 10.0.1.32/24 ~ local master = yes ~ os level = 65 ~ domain master = yes ~ preferred master = yes ~ domain logons = yes ~logon script = script\%U.bat ~ wins server = 10.0.1.34 ~ dns proxy = no disable spoolss = no use client driver = yes [netlogon] path = /var/lib/samba3/netlogon comment = Servizio di Logon guest ok = yes browseable = No [homes] ~ comment = Home Directories ~ browseable = no ~ writable = yes ~ hide dot files = yes [laserjet] ~ comment = Stampante in progettazione ~ directory = /var/spool/samba ~ browseable = yes ~ public = yes ~ printable = yes ~ create mode = 0700 ~ guest ok = no ~ read only = yes ~ printer name = laserjet [lav] ~ comment = Lavori progrettazione ~ path = /home/prg/lavori ~ public = no ~ writable = yes ~ printable = no ~ valid users = @amminrete @analogico @lamiera @col_ana @col_lam ~ force create mode = 660 ~ force directory mode = 770 [apps] ~ comment = Applicazioni comuni ~ path = /home/prg/applicazioni ~ public = no ~ writable = yes ~ printable = no ~ valid users = @amminrete @analogico @lamiera @col_ana @col_lam @direzione @uftec @amministrazione ~ force create mode = 660 ~ force directory mode = 770 ~ END of SMB.CONF Any Ideas ? By the way... samba was installed from sources, compiled with kgcc (aka egcs-2.91.66) 'cos gcc-2.96-85 barfed at some point of the compilation. Can this cause some troubles ? - -- Simone Lazzaris Task84 S.p.A. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAGMmu/38nB9eqrJYRAvDsAJoCRfmuMt1baloA7B2pdcumCJrbbACfTMp9 JScfe4gLsSkscXh0gAdD16Q= =bogE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to use Samba 3.0.1 as PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I'm trying to use Samba 3.0.1 on a RedHat 7.0 system as a PDC, with tdbsam as a backend, migrating from a NT4.0 PDC (the machine on which NT4 is running is going to be dismessed). I've manually created the user accounts as local users, I've manually populated passdb.tdb, setting SIDs and RIDs identical to the existing ones (manually obtained with 'getsid' on the NT4 machine). I've manually created the local groups, and mapped the existing nt4 groups onto them. I've create a machine account as a local user and added with 'smbpasswd - -a -m' to the database. All seems fine, but it's not working. Disconnecting the existing NT4 server and restarting samba as a PDC, I cannot log on from the other servers/workstations. Note that accessing the shares without accessing the domain works as usual. The error message I've got from a Win2000 server (and also from another NT4 workstation) was something like incorrect user namo or password. I've tryed to figure out what's not working, upping the debug level to 3, and the only thing that I've found suspicous is [2004/01/28 16:43:09, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) ~ _samr_open_domain: ACCESS DENIED (requested: 0x0211) I'm including also my smb.conf file: ~ BEGIN of SMB.CONF [global] ~ netbios name = FS5 ~ idmap uid = 1-2 ~ idmap gid = 1-2 ~ winbind enum users = yes ~ winbind enum groups = yes ~ workgroup = Task_84 ~ server string = Server FS5 ~ printcap name = /etc/printcap ~ load printers = yes ~printing = cups ~ guest account = nobody ~ map to guest = never ~ log file = /var/log/samba/samba3.log ~ log level = 3 ~ max log size = 0 ~ security = user ~ encrypt passwords = yes ~ passdb backend = tdbsam:/usr/local/samba3/lib/passdb.tdb ~ unix password sync = Yes ~ passwd program = /usr/bin/passwd %u ~ passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* ~ socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 10.0.1.32/24 ~ local master = yes ~ os level = 65 ~ domain master = yes ~ preferred master = yes ~ domain logons = yes ~logon script = script\%U.bat ~ wins server = 10.0.1.34 ~ dns proxy = no disable spoolss = no use client driver = yes [netlogon] path = /var/lib/samba3/netlogon comment = Servizio di Logon guest ok = yes browseable = No [homes] ~ comment = Home Directories ~ browseable = no ~ writable = yes ~ hide dot files = yes [laserjet] ~ comment = Stampante in progettazione ~ directory = /var/spool/samba ~ browseable = yes ~ public = yes ~ printable = yes ~ create mode = 0700 ~ guest ok = no ~ read only = yes ~ printer name = laserjet [lav] ~ comment = Lavori progrettazione ~ path = /home/prg/lavori ~ public = no ~ writable = yes ~ printable = no ~ valid users = @amminrete @analogico @lamiera @col_ana @col_lam ~ force create mode = 660 ~ force directory mode = 770 [apps] ~ comment = Applicazioni comuni ~ path = /home/prg/applicazioni ~ public = no ~ writable = yes ~ printable = no ~ valid users = @amminrete @analogico @lamiera @col_ana @col_lam @direzione @uftec @amministrazione ~ force create mode = 660 ~ force directory mode = 770 ~ END of SMB.CONF Any Ideas ? By the way... samba was installed from sources, compiled with kgcc (aka egcs-2.91.66) 'cos gcc-2.96-85 barfed at some point of the compilation. Can this cause some troubles ? - -- Simone Lazzaris Task84 S.p.A. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAGON7/38nB9eqrJYRAjMFAJ4wFQL7GulMTVUcHAv4IOmv47X4JgCfcJ0/ VglWSKoVGKKOgdCHa2eGcaw= =Ybzq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT domain user and local unix group
Hi, i need to add NT domain user to a local unix user; the samba server 3.0 isn't a PDC or a BDC but only a domain machine member with on share directory. Now i use ACL on filesystem to setting permissions. What i need is to setting this permissions based on local unix group and add NT domain members on this local group. Winbind works fine, so I can see domain users and domain groups, even with wbinfo and getent commands (I setup the nsswitch.conf file). I try to add a domain user to local unix group with gpasswd but winbind ignore it so i can't access to a directory with ACL for this local unix group. Thanks in advance, Simone -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
