Re: [Samba] PDC migration: printing trouble. Summary.
On Fri, 2008-04-11 at 08:42 -0500, Gerald (Jerry) Carter wrote: > Björn Jacke wrote: > | On 2008-04-11 at 13:52 +0200 Helmut Hullen sent off: > |> No patch attached. > | > | yes, it's useless as long as Mailman is removing the attached patch > | each time. > | > | Look at the mail header: > | > | X-Content-Filtered-By: Mailman/MimeDel 2.1.5 > | > | If Mailman thinks a mail has bogous attachments it should remove and > | bounce back the complete mailbut the mail should not be silently > | altered. Jerry (are you the list maintainer?), can you have look at > | the problem please? > > Tim normally deals with the postfix/mailman interaction. > If he doesn't have time I'll look into it next week. The current behaviour of the samba list is to strip attachments that aren't multipart/{mixed,alternative,signed}, various digital signature types and text/plain. There doesn't seem to be an official MIME type for patches, after a quick browse through the list at: http://www.iana.org/assignments/media-types/ What MIME type is your mailer sending? Tim. > > > > > cheers, jerry > - -- > = > Samba--- http://www.samba.org > Likewise Software - http://www.likewisesoftware.com > "What man is a man who does not make the world better?" --Balian > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2.2 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFH/2rRIR7qMdg1EfYRAnBUAJ9y1gVYQBVtpOjzk0ddzqSKOAN68gCgyPiA > I0V9rmX2ahGEvDJUJNv9eiQ= > =Z8hO > -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as non-root?
On Wed, 2006-03-15 at 11:08 -0500, [EMAIL PROTECTED] wrote: > I have a two-part question. Is it possible to run Samba as a non-root > user? What we want to do, ideally, is to create a user account such as > "samba", and let our applications people log in as the samba user, and do > all the setup and ongoing maintenance. I looked through the stuff on > samba.org but the answer isn't readily apparent to me. This is so they can > allow a few users the ability to view some files on a Solaris 8 server. It's not possible to run Samba as non-root, mainly because some file system operations that are done by a unprivileged Windows user require root access under Unix. You can use some of Samba's share level configuration parameters such as 'valid users' or 'invalid users' and 'hosts allow' or 'hosts deny' to implement access policies based on users or network addresses. > All the users who need read access via Samba are already in the passwd > file. We would prefer not to use any external servers for authentication > if we can avoid it. Can we do that? We're trying to keep this as simple > as possible. The tdbsam backend (default) runs without contacting any external servers, or a ldap server listening on localhost can be used for authentication. If you're going for simple, stick with the tdbsam backend. Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Client connection limit!?
On Thu, 2006-03-02 at 16:04 +0100, Thomas Riedrich wrote: > I didn't find any information on the net: Is there any client connection > limit in Samba? We have about 70 clients accessing one Samba PDC, and > sometimes we get errors from client machines that can't connect and they > say that the "maximum connections" on the server has been reached. I > din't find any such thing in the smb.conf - except one paramater where > you can manually set a limit, but we didn't set this limit. The default for the 'max connections' parameter is zero, meaning there is no limit on the number of simultaneous connections. Perhaps you are running out of some resource (memory, file handles?) on your Samba server machine? Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba quota's
On Thu, 2006-02-09 at 11:59 +0100, Peter Fortuin wrote: > Hello, > > I'm working on a server and I enabled quota's on the filesystem. This works > fine. But Samba doesn't see that quota. I have read that you need to compile > samba with quota support. My problem is that I have a running Samba (from > SuSe 10) and I don't know if there is quota support build in. Is there some > way to see if quota support has been compiled in? You can check which options Samba has been built with by using the -b option to smbd and look for the WITH_XXX options. For example from the Debian packaging of Samba 3.0.20b: $ /usr/sbin/smbd -b [some stuff deleted] --with Options: WITH_ADS WITH_AUTOMOUNT WITH_PAM WITH_QUOTAS WITH_SENDFILE WITH_SMBMOUNT WITH_SYSLOG WITH_UTMP WITH_WINBIND So this smbd has been built with ADS support, automount, pam, quotas, etc. Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind setup problem
On Sat, 2006-02-04 at 17:42 +1100, Emrys Hughes wrote: > I have a samba (version 3.0.14a-Debian) running an NT style domain > and want to add a member file server implementing winbind. > > When I use "wbinfo -u" it returns a list of all my domain users. When > I use "wbinfo -g" it returns 3 results: DOMAIN#power users, >DOMAIN#administrators, DOMAIN##backup operators, but nothing else > (There is a group "mob" on the PDC that is the primary group for all > the domain users). > > When I run "getent passwd" I only get users from /etc/passwd, > nothing from my domain. > > Can anyone offer me advice on how to troubleshoot this? Have you set up an appropriate entry in the /etc/nsswitch.conf file? You are probably missing a 'winbind' entry in the passwd and group section. Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bwinfo -u works getent passwd doesn't
On Sat, 2006-02-04 at 13:57 -0500, Vahid Moghaddasi wrote: > Hi, > I have Samba 3.0.21b running on Solaris 10 with ADS authentication. > I get the following in log.winbindd when I do "getent passwd" but wbinfo -u > lists all the users. > Does anyone know why and how to fix it? > [2006/02/04 13:37:56, 0] nsswitch/winbindd.c:request_len_recv(554) > request_len_recv: Invalid request size received: 1828 At a guess, it looks like you have an out of date version of libnss_winbind.so installed that doesn't match the vesion of winbindd running. Did you recently upgrade your system? Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Attempted intrusions
On Thu, 2006-01-19 at 20:21 +1100, Oygle wrote: > I have noticed since commencing posts on this newsgroup, that there > has been a significant increase in attempted intrusions, especially > port 80. It's a pity that IP addresses are in the NG headers. :) Yeah, this has been reported before. It's really quite disturbing. You might like to try posting through some service that doesn't put the IP address in the header (maybe everyone does this to help track down abuse) but it's probably too late now. (-: Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bind to eth1 only problem
On Fri, Nov 04, 2005 at 02:19:44PM +0100, Louis van Belle wrote: > you can also define it as this. > > interfaces = eth0 lo > bind interfaces only = yes I've written up a little article about multiple interfaces, and the testing thereof. I'm also trying to learn about docbook. (-: http://samba.org/~tpot/articles/multiple-interfaces.html Tim. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Posting
On Sun, 2005-11-13 at 14:58 -0700, John H Terpstra wrote: > On Friday 11 November 2005 06:13, Mike wrote: > > Sorry to trouble you, but how long does it take for a posted message to > > show up on the groups please? > > Anywhere from 5 minutes to 1 hour or so - it depends on the load on the mail > server. But if you are not a member of the list, your posting will be held for moderation. That may take anything from 5 minutes to maybe a day if it is the weekend. A prime example is Mike's original post which looks like it has been sitting in the moderator queue since Friday. Sorry about that. Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] enabling netbios over tcp/ip...?
On Wed, 2005-11-09 at 13:25 +0100, markus wrote: > Isn't it that netbios over tcp/ip is not needed since samba 3 anymore? I > thought it isn't, but I had to enable it. Otherwise my windows machines > are refusing (as posted) the samba shares after a while. Any explanation? NetBIOS over TCP/IP has never been needed with Samba. I have no idea about the actual problem though - sorry. Tim. > markus schrieb: > > System: w2003 SP1, samba 3.0.14a-r2 (even tried 3.0.20b) > > Kernel: 2.6.12-gentoo-r4 SMP > > Mode: ADS > > Auth: nss_ldap, kerberos > > > > The Problem: After a while the clients loosing their connection to the > > samba server and it's shares. After the connection is lost there is a > > clean cut: no further information is written to a machine log if trying > > to access a share on the samba server. So the problem has to be on > > windows side. Until the connection is gone forever the machine log has > > many entries like this: > > > > [2005/11/07 12:53:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) > > Username DOMAIN+MACHINE$ is invalid on this system > > > > I know this error since I am using the combination of kerb, nss_ldap and > > samba as an ad member but never had problems accessing shares on sambas. > > Because of using nss_ldap, there is no entry for winbind in my > > nsswitch.conf and nss_winbind doesn't extend the machines and usernames > > as DOMAIN+{USER,MACHINE$}. > > > > Are there any known issues related to hotfixes on windows? On w2003 it's > > definitely impossible browsing my samba shares, just refusing the > > connection without logging it anywhere. Neither under linux nor under > > windows, like if never happened. > > > > If windows sends DOMAIN\USER (or interpreted by winbind like > > DOMAIN+USER), how can I tell samba to extend the users and machines the > > same using nss_ldap? > > > > Thanks in advance for any help > > - markus > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bind to eth1 only problem
On Thu, 2005-11-03 at 11:59 -0800, Joseph T. Duncan wrote: > from the man page: > bind interfaces only (G) > --snip-- > nmbd also binds to the "all addresses" interface (0.0.0.0) on ports 137 > and 138 for the purposes of reading broadcast messages. > --snip-- > > so i guess its not a bug but expected behavour... > kinda dumb, would expect to be able to bind it to a specific interface > only. :/ as I don't care about broadcast messages on any other interfaces > that may be present. I can see how it would be useful in some envirnments, > but its not right for all environments, and should have a method for > stopping it from doing that with out having to resort to some other method > like iptables to stop the undesired behavior. You shouldn't need to do anything with iptables. nmbd should filter out any broadcast messages coming from interfaces not mentioned in the interfaces parameter. Again, from the man page: "If bind interfaces only is set then nmbd will check the source address of any packets coming in on the broadcast sockets and discard any that don’t match the broadcast addresses of the interfaces in the interfaces parameter list." You can probably verify this by hand using nmblookup if you are interested. Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Roots of Samba
On Fri, 2005-09-02 at 02:45 +0200, Michal Kurowski wrote: > > Anyway, I can give them my perspective, but I want them to know what an Open > > Source project is like. Andrew Tridgell is one of or the original > > developer. Can > > anyone give me brief history to tell the class? > > In the source distribution there is a file: > > docs/history > > It should give exactly the info you need. There's also the 10 years of Samba document at: http://us1.samba.org/samba/docs/10years.html Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] testing
On Fri, 2005-08-12 at 13:02 +0200, Louis van Belle wrote: > strange.. > > im getting.. > > In: MAIL FROM:<[EMAIL PROTECTED]> SIZE=3367 > Out: 250 Ok > In: RCPT TO:<[EMAIL PROTECTED]> > Out: 450 <[EMAIL PROTECTED]>: Sender address > rejected: Domain not found > > > but my domain is running fine.. problems at samba's .. ? There was a problem with the nameserver on samba.org. I think it's been fixed now. I've no idea what happened. I have never seen named crash before. Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] subscriber only, an opinion
On Sat, 2005-08-06 at 12:34 +0200, Geert Stappers wrote: > It is the blocking of communication with related projects > that makes me worry. In fact we are trying to build a fence > that will be never high enough, because we don't act on the actual > problem. I've decided to moderate the non-member posters rather than automatically rejecting them (i.e every so often I go through the queue and accept the good mails and reject the spam). It has turned out to be not so much work which is good. All the cross-project emails and so on will make it to the list, just delayed slightly. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [ADMIN] Testing non-member posting to list
Testing non-member posting to the Samba list. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [ADMIN] Changing list to members-only posting
Hi everyone. In reaction to the escalating spam problem I'm trialling turning on member-only posting for a week or so. Hopefully this should make the list a bit nicer for everyone but at the expense of posters requiring to join the list. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.11 torrent available
On Fri, 2005-02-04 at 11:14 -0600, Gerald (Jerry) Carter wrote: > Download Details > > > The uncompressed tarball and patch file have been signed > using GnuPG (ID F17F9772). The source code can be > downloaded from: > > http://download.samba.org/samba/ftp/ I've created a .torrent file for the 3.0.11 release. Please try downloading from http://download.samba.org/samba/ftp/samba-3.0.11.tar.gz.torrent and help us reduce the load on our servers. Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: bugzilla.samba.org temporarily down due to server migration
On Wed, Apr 21, 2004 at 03:25:16AM +, Gerald (Jerry) Carter wrote: > will be back up in the next 24 hours. In fact it's up again now. Thanks to Jerry for fixing it. Tim. signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Terminal Server Whitepaper
On Sat, Jan 24, 2004 at 12:40:00PM -0800, Eric Roseme wrote: > Attached is a 500KB read-only .doc file with a Samba and Terminal Server > whitepaper. I have tried to hit every known issue and all available > workarounds. If anyone has comments or suggestions, let me know. JT > has it, so it should end up in the next How-To. Sorry about the file > format, but the .pdf was 2.5MB, which I thought was too big to post. Whoops - the attachment was stripped by mailman. Eric, can you post a link to the document? 700KB (base64) is a little bit on the large side for the list. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] wins hook functionality broken in Samba 3.0.0
I've just fixed a bug (#528 in bugzilla) to do with wins hook functionality. The wins hook parameter is broken in Samba 3.0.0 but will be fixed in 3.0.1. The attached patch against the release samba-3.0.0.tar.gz file can be used to fix it. Tim. Index: nmbd_winsserver.c === RCS file: /data/cvs/samba/source/nmbd/nmbd_winsserver.c,v retrieving revision 1.51.2.12 retrieving revision 1.51.2.14 diff -c -u -r1.51.2.12 -r1.51.2.14 cvs server: conflicting specifications of output style --- source/nmbd/nmbd_winsserver.c 27 Aug 2003 15:07:46 - 1.51.2.12 +++ nmbd_winsserver.c 29 Sep 2003 04:57:20 - 1.51.2.14 @@ -107,7 +107,7 @@ { pstring command; char *cmd = lp_wins_hook(); - char *p; + char *p, *namestr; int i; if (!cmd || !*cmd) return; @@ -119,11 +119,17 @@ } } + /* Use the name without the nametype (and scope) appended */ + + namestr = nmb_namestr(&namerec->name); + if ((p = strchr(namestr, '<'))) + *p = 0; + p = command; p += slprintf(p, sizeof(command)-1, "%s %s %s %02x %d", cmd, operation, - nmb_namestr(&namerec->name), + namestr, namerec->name.name_type, ttl); -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: More files randomly corrupted
On Tue, Sep 16, 2003 at 07:04:48PM -0700, Steve Jr Ramage wrote: > Still having that problem with samba seemingly corrupting files, This class of problems is usually caused by either by bad network hardware or bad network drivers. Check the half/full duplex settings on your switch or try swapping brands of network card. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] snprintf, vsnprintf
On Wed, Jun 25, 2003 at 06:53:45PM -0400, William Jojo wrote: > I'm tracking a compiling issue with 2.2.8a on AIX 5.2-ML01 with IBM C for > AIX 6.0 and i'm having an issue with lib/snprintf.c > > The first thing i noticed is that "includes.h" is not included which is > in many other places, but I'm sure there are reaasons. I'm not sure why either but there probably is a good reason. (-: > The other thing is there is a check at the beginning for HAVE_SNPRINTF, > HAVE_VSNPRINTF and HAVE_C99_VSNPRINTF to include stdio.h - that one i > get. the one i don't get is at line 790: > > #if !defined(HAVE_SNPRINTF) || !defined(HAVE_C99_SNPRINTF) > > i can't find a HAVE_C99_SNPRINTF anywhere in configure unless it's under > another name, but it seems to me based on the description given by > "mbp" in the code that it may need to look like this: This should be HAVE_C99_VSNPRINTF (it's fixed in Samba 3.0). You might get a different error though. Give it a go and let me know what happens. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: python bindings api
On Thu, May 29, 2003 at 08:30:50AM -0500, Brett A. Funderburg wrote: > > This looks like a problem in Samba's unmarshalling of security > > descriptors. I'd be interested in seeing a debug level 10 log of what > > is happening here. Add 'debug level = 10' to your smb.conf file to > > get this. > > I'm happy to send this to you. Where will the output go? It should go to standard output. > > As an historical note, the python smb module is more of an experiment that > > anything particularly useful at the moment. I was initially using it to > > write some tests for a security descriptor project I was working on. > > I've only implemented the bare minimum number of calls required to get > > and set security descriptors on a file share. > > What do you think it needs in order to be production quality? I might be > interested in lending a hand here. Well I'm not sure exactly what you would do in production with this module but it sounds like you have thought of something. I was thinking that development of this module would occur as people think of useful things to do with it. I'd be happy to look at any contributions if you are interesting in making any. I have no immediate plans for this module at the moment. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] finger print for samba-pubkey.asc
On Fri, Feb 21, 2003 at 03:47:59PM -0800, Stephen Carville wrote: > > When I run > > > > gpg --verify samba-2.2.7a.tar.asc > > > > I get the following output: > > gpg: Signature made Fri Dec 13 12:23:00 2002 CST using DSA key ID 2F87AF6F > > gpg: Good signature from "Samba Distribution Verification Key > > <[EMAIL PROTECTED]>" > > WARNING: This key is not certified with a trusted signature! > >There is no indication that the signature belongs to the owner. > > Primary key fingerprint: ... > > This means no one you trust or is traceable back to someone you trust has > signed the key. You can sign the key locally yourself if you wan to > eliminate the message. Or better still, attend some key signing parties or have one yourself. Your local Linux users' group is a good place to start. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] CVS pserver upgraded on samba.org
I've just upgrade the CVS pserver running on samba.org. If anyone sees any problems please let me know via email. Luckily we are running the anonymous CVS pserver in a chroot jail which is updated via rsync from the actual repository so the effects of anyone exploiting the bug would be minimal. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: \System32\GroupPolicy named pipe?
On Sun, 01 Dec 2002 11:48:34 +1100, Andrew Bartlett wrote: >> http://lightconsulting.com/~thalakan/gpdump.cap > > A comparitive capture of what Win2k does could be useful here. Yes - maybe the MMC program tries to do all its operations by bashing away at a file over SMB. I think Access works like this as well. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: MS DFS and File Replication
On Tue, 26 Nov 2002 16:11:38 +, alex wrote: > The problem we've come accross is that once the DFS root has been > created (hosted by a Win2k server), the primary SMB server can be added > as a 'link' to the root (and the failover) (and the DFS link opened > through a DFS client), however, when an attempt is made to configure the > replication between the two links (rather the point of the whole > exercise), Win2k is reporting that 'the RPC server is > unavailable'...and simply refuses to allow replication to be > configured between the two SMB servers. I've had a bit of a poke around at the win2k file replication and can tell you that it's not supported under Samba at the moment because we don't implement the particular RPC pipe that FRS uses. FRS also uses a new type of encryption (I think it's actually documented in a RFC somewhere - hmac-brezak?) that Samba doesn't support yet either. Jeremy and others are correct about rsync. It doesn't support ACLs of any sort although people have been interested in transfering POSIX (Linux, Solaris) and NT ACLs for obvious reasons! Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problem
On Mon, Nov 25, 2002 at 10:14:12AM -0600, Benjamin Herbert wrote: > Im running samba 2.2.7 on a redhat 7.2 machine. I run winbindd and it > says it can't connect to the Win2k machine. I know that this is due to > the fact the anonymous connections arent allowed. So to fix this I run > 'wbinfo -A admin%password'. Looking at winbindd in interactive and > debug mode I see that winbind now uses admin to try to connect but now > winbind crashes with this error: > > 18 lsa_io_r_enum_trust_dom > 0018 enum_context: 8000 > 001c num_domains : > 0020 ptr_enum_domains: > 0024 status: NT_STATUS_NO_MORE_ENTRIES The no more entries status code is not an error. It just means that there are no trusted domains to return for this call. > invalid permissions on socket directory /tmp/.winbindd > failed to create socket > > I checked the permissions on /tmp/.winbindd and it's owned by root with > 777 permissions. The winbindd socket cannot have 777 permissions - that's a security hole. I'm not sure how it got that way in the first place??? Try doing rm -rf /tmp/.winbindd and restarting. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: IP in utmp: smbd/session.c
On Mon, 25 Nov 2002 12:48:50 +1100, Paul Szabo wrote: > I disagree that DNS lookups are an issue. You use hostnames at least for > log file names and for "hosts allow" lookups. The fashion lately is to put DNS lookups are definitely an issue. If you have a broken DNS server then mysterious slowdowns and hangs occur when clients try to connect. Samba now does not require a working DNS server to clients to successfully connect, except if you are using the hosts allow/deny functionality. The log filenames can use the %m parameter which is replaced by the NetBIOS name. This doesn't require a DNS lookup. > tcp-wrappers around all remote services: does not samba deserve the > same? The hosts allow/hosts deny code uses the TCP wrapper code so it should be equivalent to using /etc/hosts.{allow,deny} > Sure, avoid repeated lookups (by saving the name upon first lookup); even > implement short timeouts if really needed (but really, just refuse if the > forward/reverse lookups do not "work"). But you can't tell whether the lookups work without actually doing one, and if the lookup takes longer than 30 seconds the client times out Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compile Samba 2.2.7's option suggestion?
On Mon, Nov 25, 2002 at 01:38:02AM +0800, Patrick Kwan wrote: > Anyone can provide the suggestion of what options should use > basically when compiling samba 2.2.7? > > My requirement: > -Samba server as PDC with user auth in the same machine. > -client: win98/NT4/win2000/win xp. > -printing support. > > I'm confuse should I enable the --with-acl-support option in > my environment? The --with-acl-support enables mapping of NT ACLs (NTFS permissions) to POSIX ACLs. If ACL support isn't enabled then the standard UNIX permissions on the files determines who has access to files on a file share. >From the list of features above it doesn't sound like you especially need ACL support. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compile Error
On Mon, Nov 25, 2002 at 09:45:06PM +, Patrick Beaumont wrote: > I have tried running "./configure -disable-cups" but I get the same > problem, I do not have cups installed but I wouldnt have thought that > would stop it form working. The option is called --disable-cups (i.e with two -- in front). Is this what you ran or is it a typo in the message? Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind 0xc0000022 error
On Wed, Nov 20, 2002 at 08:01:35PM -0600, Daniel Wittenberg wrote: > # wbinfo -t > Secret is good > > # wbinfo -u > 0xc022 > > I takes it about 4 seconds to respond, but then all I get is that hex > code...where does that come from? I found one reference in the archive, > and it was samba running version 3 with a bad secret. This is 2.2.6 on > Red Hat Linux 7.3. Any ideas why I can't get wbinfo to work? Do you have RestrictAnonymous set on your DC? Is the Everyone group not a member of the "Pre-Windows 2000 Compatibility" group? You can check to see if anonymous enumeration of user lists (required for wbinfo -u) can be done using rpcclient: rpcclient SERVER -U % -c querydispinfo If this returns access denied then one of the above situations is true. You can either enable anonymous access to your domain controller or use wbinfo --set-auth user username%password to give winbindd a username to use instead of connecting anonymously. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Change administrator password remotely with Samba?
On Sun, Nov 24, 2002 at 07:16:57PM +0100, Sven Hazejager wrote: > I need to change the local administrator password on a number of Windows > 2000 machines in our network. I would like to do this automatically from > our FreeBSD server. Is it possible to use Samba for this? Of course, the > passwords are known. Use smbpasswd: smbpasswd -r SERVER -U Administrator If SERVER is a domain controller this will change the domain administrator password. If SERVER is a domain member then the local administrator password will be changed. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Error code 0
On Sun, Nov 10, 2002 at 03:52:03PM +0200, Nir Soffer wrote: > > http://msdn.microsoft.com/library/en-us/debug/base/system_erro > > r_codes.asp?frame=false > > Err. AFAIK, "error code 0" means "Success", in nearly every errno system > I've seen, btw. > > I've seen an error code 0 once in Samba, and I was told it has to do > with the peer "going away". Since the packet doesn't exist or is all > zeroed out in these cases, extraction of the error code field in the > packet results in a "0". This is what gets reported to the end user. > > Am I right? Pretty much. The error 0 appears when a SMB packet is sent but there is no response within 30 seconds. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] passwd command problem with Solaris/winbind/pam
On Fri, Nov 08, 2002 at 01:42:22PM -0500, Mike Gerdts wrote: > > Now, one problem. nscd (Name Service Caching Daemon) will now run! That > > sounds good, right, because normally when winbind is in nsswitch.conf, nscd > > bails? Well, when nscd is running, name resolution is done by nscd, NOT the > > application, so our fopen(2) override is ineffective. nscd doesn't crash, > > but doesn't resolve through winbind either, so smbd fails to lookup Windows > > Domain accounts. Solution: turn off nscd, easy as that. > > I fixed this problem (or one very close to it) a long time ago. Please > verify that the version of winbind that you are running has this patch. > > http://samba.cadcamlab.org/lists/samba-technical/May2002/00221.html I merged this into winbindd - there should be a configure test to determine whether the pwent structure contains pw_comment and pw_age. Check for HAVE_PASSWORD_PW_AGE and HAVE_PASSWORD_PW_COMMENT in the include/config.h file. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] spoolss back connections to client
On Wed, Jun 12, 2002 at 09:11:12AM +0200, Tom Vandepoel wrote: > # diff srv_spoolss.c srv_spoolss.c.orig > 1415,1416c1415,1416 > < /* {"SPOOLSS_RFFPCNEX", SPOOLSS_RFFPCNEX, > api_spoolss_rffpcnex }, */ > < /* {"SPOOLSS_RFNPCNEX", SPOOLSS_RFNPCNEX, > api_spoolss_rfnpcnex }, */ > --- > > {"SPOOLSS_RFFPCNEX", SPOOLSS_RFFPCNEX, > api_spoolss_rffpcnex }, > > {"SPOOLSS_RFNPCNEX", SPOOLSS_RFNPCNEX, > api_spoolss_rfnpcnex }, > > Running this since yesterday now. All printing functionality that worked > before still seems to work. Might even have speeded up connecting to > printers; it seems to me anyway, but that might be purely psychological ;-) What happens to a port monitor when you print a document from another machine? I'm curious to find out whether it falls back to polling or whether you have to hit f5 to refresh all the time. > Anyway, an smb.conf option for this would be nice. I guess a lot of > people have been wondering how to disable this annoying behavior ;-) Something like 'disable spoolss notify'? Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: spoolss back connections to client
On Tue, Jun 11, 2002 at 11:12:08AM +0200, Tom Vandepoel wrote: > Since we've switched to spoolss printing (samba 2.2.4) it seems that the > server is always trying to connect to the client. > > [2002/06/11 10:52:41, 3] lib/util_sock.c:open_socket_out(843) > Connecting to 10.0.40.80 at port 445 > [2002/06/11 10:52:41, 2] lib/util_sock.c:open_socket_out(871) > error connecting to 10.0.40.80:445 (Connection refused) > [2002/06/11 10:52:41, 3] lib/util_sock.c:open_socket_out(843) > Connecting to 10.0.40.80 at port 139 > > I've traced this back in the source to the "spoolss_connect_to_client" > call in rpc_server/srv_spoolss_nt.c. It seems this is used to reply back > to the client with printing info. It's actually for the printer notifcation stuff. I.e if you have a port monitor open on one machine, then print a document from a second machine, the port monitor will be notified asynchonrously that a new document has been spooled. Under Windows 9x/ME this doesn't happen. The port monitor must poll every 15 seconds or so to see if new jobs have been spooled. > However, in our environment, such connections typically fail, as we > disable the "Server" service on NT/W2K clients as much as possible. In > those cases, printing still works fine, so I'm starting to wonder if > these back connections are absolutely needed. They are especially > annoying when the back connection is made to a firewalled client; it > slows down response of the print server enormously (the server waits > until the back connection times out). I've been poking at these last week and I'm pretty sure if there is an error creating the back channel connection, it just falls back to polling mode. Also, with a back channel connection open when you hit 'Apply' on a printer properties dialog box the hourglass appears until all notification data has been sent to connected clients which can slow things down. > So, I was thinking; is there an smb.conf option (or could it be > implemented) to disable these back connections? What would the impact be > if I modified the src_spoolss_replyopenprinter() routine to always > return false? Would that break anything? Good idea. It should affect anything. If you find any problems with this post them to the list! Regards, Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Will rpcclient ever get better?
On Wed, May 29, 2002 at 12:56:04PM -0500, Klopf, Tom wrote: > I was wondering if anyone has heard of someone trying to improve on > rpcclient, specifically regarding the printer-related commands. Also, it > seems that rpcclient has trouble returning a large list of printers > (enumprinters), like in the range of 200. Has anyone heard about this? > > Thanks in advance for replies :-) rpcclient is admittedly pretty crappy. It's only meant as a developer tool which is not really an excuse. The HEAD version has a lot of the printing commands repaired if you would like to try it out instead of the 2.2 version. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinNT offline file attribute
On Thu, Apr 25, 2002 at 09:36:30AM -0700, Jeremy Allison wrote: > > As I understood it (and I could be wrong), indicating offline wasn't a > > problem, the problem was finding out if a file was offline. I'm sure Damir > > could code up a custom fix to make Samba do it (using ioctl's or whatever) > > and distribute the fix as his patch. But I don't see how there could be a > > generic fix. I remember there was talk of such a thing. > > Yes, the problem is there is no standard POSIX call to tell if > a file is offline or not. I was thinking they could be stored as extended attributes (along with the dos, system and archive bits). I guess this doesn't solve the POSIX I/O business though. There is probably a way of getting this information using the DMAPI specification which from my 10 minute web search (-: seems to be at least mentioned by other people like SGI, IBM, etc. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba