Re: [Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a

2008-04-10 Thread Angela Gavazzi 
Am Freitag, 16. November 2007 11.33:06 schrieb Duncan Brannen:
> Setting the User Account Flags to [UX] on the LDAP server allows the
> user to log in,
>
> Previous to this pdbedit was reporting 'Password must change: 0' should
> that have been -1?
>
> Any way to get back to what seemed to be default behaviour prior to 3.0.25
> ?
>
> Cheers,
>  Duncan
>

Dear Duncan,

I'm having the same trouble between 3.0.24 and all later than 3.0.25.

Did you find a solution for it?

Thank you very much,

Angela
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a

2008-04-04 Thread Angela Gavazzi 
Am Mittwoch, 5. März 2008 20.24:23 schrieb Tomasz Chmielewski:
> Jayabrata Tripathy schrieb:
> > Hi Tomasz,
> >
> > How to set the "sambaPwdMustChange"? and Where to set this parameter?
> > smb.conf is not able to understand this parameter.
> >
> > This problem bugging me quite a long time.
>
> I keep all user data in LDAP, and I use LAM for that - http://lam.sf.net
>
>
> --
> Tomasz Chmielewski
> http://wpkg.org
>

Hi all,

I'm testing an upgrade vom 3.0.24 to 3.0.28 just now and have the same issue.
Userdata also in LDAP.

The sambaPwdMustChange is set, but I don't understand what I should change 
there. I don't want to have the X flag set for all users!

Can somebody explain me why 3.0.28 doesn't accept the values that work in 
3.0.24 and what exactly is needed to get it working again?

Tia,

Angela
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] member server config problem

2007-09-10 Thread Angela Gavazzi 
Hi,

I'm settin up a member Server in a samba domain. (both 3.0.24)

getent passwd/group shows all user and groups
wbinfo -u/g shows user and groups
net groupmap list shows all groups correctly

Here's the testparm output:

Server role: ROLE_DOMAIN_MEMBER

[global]
workgroup = AAG
server string = FILES (%v)
security = DOMAIN
password server = 192.168.100.72
passdb backend = ldapsam:ldap://192.168.100.72/
log level = 10
log file = /var/log/samba/%m.log
name resolve order = host wins bcast
deadtime = 15
keepalive = 0
load printers = No
preferred master = No
local master = No
domain master = No
wins server = 192.168.100.72
ldap admin dn = cn=admin,dc=aag
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap suffix = dc=aag
ldap user suffix = ou=users
panic action = /etc/samba/panic-action %d
idmap backend = ldap:ldap://erde.aag
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind trusted domains only = Yes
read only = No
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
inherit acls = Yes
map acl inherit = Yes
strict sync = Yes
sync always = Yes
use sendfile = Yes
veto oplock files = /*.mdb/
delete readonly = Yes
dos filemode = Yes
msdfs root = No

[Homes]
path = /userdata/%S
invalid users = root, admin, bin, daemon, sys, sync, lp, mail, news, 
uucp, proxy, www-data, backup, irc, sshd, man, identd, bacula, nobody, 
Debian-exim
create mask = 0700
directory mask = 0700
browseable = No
Then all the shares

ACLS are enabled in fstab

I have /groupdata with all groupshares and /userdata for homes.
/groupdata is actually owned by me.domain_admins

I can set acls from linux with
setfacl -R -d -m g:group:rwx folder

unfortunately I cannot change permissions from windows, not as domain-root nor 
as me even if I am in the domain_admins group and privileges are activated I 
get a permission denied message. I also don't see the acls I set for "group" 
under windows even if linux shows them correctly.

I'm afraid it is something very stupid I don't see, but I would be very 
gratefull if somebody could point me to the error.

Please let me know what logs I should append

tia,

Angela

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind 3.0.25c: Problem joining 3.0.24 domain

2007-08-23 Thread Angela Gavazzi 
I have a machine with a running samba 3.0.24 with winbind.
After an update to 3.0.25c I couldn't connect from win clients.
So I first tried to rejoin and got some errors about trust account problems - 
sorry didn't save them.
Then I deletet the account the tried a fresh join from the machine:

 net rpc join -Uaga -Waag -Serde
Password:
[2007/08/23 11:13:39, 
0] ./source/utils/net_rpc_join.c:net_rpc_join_newstyle(304)
  error setting trust account password: NT code 0x1c010002
Unable to join domain AAG.

When going back to 3.0.24 there is no problem with joining.

I found some similar posting when googling, but no solution.

Is it a known problem with 3.0.25 or could somebody point me to a solution?

Thanks
Angela
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACLs and winbind

2007-08-09 Thread Angela Gavazzi 
On Thursday 09 August 2007 13:28:49 Thierry Lacoste wrote:

>
> Thanks Henrik.
> Can someone explain why or point me to some doc?
> What I read everywhere is that winbind is used to identify users of a
> windows domain at the NSS level (mapping them localy with
> winbindd_idmap.tdb or globaly with ldap) while my users are correctly
> identified by nss_ldap.
>
> What puzzles me is that I didn't touch my /etc/nsswitch.conf which reads:
> group: files ldap
> hosts: files dns
> networks: files
> passwd: files ldap
>
> Is this a common setting to use winbind for samba and not for NSS?

My working nsswitch.conf look like this:

passwd: files winbind ldap
group:  files winbind ldap
shadow: files winbind ldap

By, Angela


>
> Also I realized that my smb.conf was not entirely functional.
> When I create a file with XP the domain part of the initial ACLs
> is the NetBIOS name of the server and not my domain name.
> Moreover when I pick a domain group (which truly appears as
> a domain group) to add it in the ACLs of the file it is mapped
> to gid 1 through entries in winbindd_idmap.tdb.
>
> Adding the following lines to my smb.conf solved the problem.
>   passdb backend = ldapsam:ldap://aldap1.stars.net
>   ldap ssl = start_tls
>   ldap suffix = o=stars
>   ldap admin dn = cn=sambamgr,ou=Managers,o=stars
>   ldap machine suffix = ou=Computers,ou=Accounts
>   ldap user suffix = ou=Users,ou=Accounts
>   ldap group suffix = ou=Groups
>
> In this case getfacl reports the correct group and winbindd_idmap.tdb
> appears to never change.
> Still I need the idmap lines to be able to add ACLs.
>
> Regards,
> Thierry.
>
> > > workgroup = STARS
> > > netbios name = CAPELLA
> > > security = DOMAIN
> > > name resolve order = wins bcast
> > > wins server = castor
> > > netbios aliases = AHOMES APROFILES
> > > password server = ALDAP1 ALDAP2
> > >
> > > log level = 2
> > >
> > > idmap gid = 1-2
> > > idmap uid = 1-2
> > >
> > > [homes]
> > >   comment = Home Directories
> > >   valid users = %S
> > >   read only = No
> > >   browseable = No
> > >
> > > [Profiles]
> > >   comment = Roaming Profile Share
> > >   path = /export/profiles
> > >   read only = No
> > >   profile acls = Yes


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Winbind dies silently

2007-08-06 Thread Angela Gavazzi 
On Wednesday 16 May 2007 08:25:14 Christian Perrier wrote:
> > Can anyone confirm a bug here or offer any suggestions as to where to go
> > next?
>
> Well, if this is reproducible safely and downgrading to samba 3.0.24
> removes the bug, I'd suggest reporting this in the Debian BTS, along
> with your smb.conf file, as many details as possible about your setup
> and the level 10 log file you mentioned.
>
> We'll investigate this and, if necessary, pass it along to samba
> upstream.

Does anybody know if this problem is solved?
I have exactly the same problem with versions after 3.0.24

Thanks Angela
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem compliling samba 3.0.25b with openldap-2.3.32(stable)

2007-08-02 Thread Angela Gavazzi 
Hallo!

When compiling samba 3.0.25b with openldap-2.3.32 make failes with the 
following error:
Compiling passdb/pdb_ldap.c
./source/passdb/pdb_ldap.c: In function ‘ldapsam_get_new_rid’:
./source/passdb/pdb_ldap.c:4459: error: incompatible types in assignment
./source/passdb/pdb_ldap.c: In function ‘pdb_init_ldapsam’:
./source/passdb/pdb_ldap.c:5654: error: incompatible types in assignment
The following command failed:
gcc -I. -I/usr/src/samba/samba-070802/samba-3.0.25b/./source  
-I/usr/local/ldap/include -D_SAMBA_BUILD_=3  
-I/usr/src/samba/samba-070802/samba-3.0.25b/./source/iniparser/src -Iinclude 
-I/usr/src/samba/samba-070802/samba-3.0.25b/./source/include -I. 
-I/usr/src/samba/samba-070802/samba-3.0.25b/./source 
-I/usr/src/samba/samba-070802/samba-3.0.25b/./source/lib/replace 
-I/usr/src/samba/samba-070802/samba-3.0.25b/./source/lib/talloc 
-I/usr/src/samba/samba-070802/samba-3.0.25b/./source/tdb/include 
-I/usr/src/samba/samba-070802/samba-3.0.25b/./source/libaddns 
-I/usr/src/samba/samba-070802/samba-3.0.25b/./source/librpc -DHAVE_CONFIG_H  
-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_DEPRECATED
-I/usr/src/samba/samba-070802/samba-3.0.25b/./source/lib -D_SAMBA_BUILD_=3 
-fPIC -c ./source/passdb/pdb_ldap.c -o 
passdb/pdb_ldap.o
make: *** [passdb/pdb_ldap.o] Fehler 1


This is my install script which works with samba 3.0.25 on the same machine.

CFLAGS="-I/usr/local/ldap/include"
LDFLAGS="-L/usr/local/ldap/lib"

export CFLAGS
export LDFLAGS

configure \
'--prefix=/usr/local/samba' \
'--sysconfdir=/etc' \
'--localstatedir=/usr/local/samba/var' \
'--with-configdir=/etc/samba' \
'--with-ldap=/usr/local/ldap' \
'--with-privatedir=/etc/samba' \
'--with-lockdir=/usr/local/samba/var/lock' \
'--with-piddir=/usr/local/samba/var/run' \
'--with-swatdir=/usr/local/samba/swat' \
'--with-smbmount' \
'--with-quotas' \
'--with-acl-support'

Thanks
Angela
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] urgent: winbind doesn't see groups from samba pdc+ldap

2007-06-07 Thread Angela Gavazzi 
Hallo!

after migrating the pdc from nt to samba+ldap my member fileserver doesn't see 
the groups anymore.
I set it up  with nss as shown in:
http://samba.org/samba/docs/man/Samba-Guide/unixclients.html#ch9-sdmnss

getent passwd + group show all user and groups correctly

wbinfo -u shows all users correctly, but wbinfo -g show only 2 builtin 
accounts.

I tried without nss only with winbind before in the hope I had not to reset 
all permissions but it was exacty the same.

Machine is debian/etch samba 3.0.24

Please let me know if I should send more infos.

I'm very greateful for any hints.

thanks angela



here my smb.conf

[global]

# Server Definition
server string = %h (%v)
domain logons = no
domain master = no
local master = no
preferred master = no

timeserver = no

# Domaenen Zugehoerigkeit
workgroup = AAG
security = domain
password server = 192.168.100.72

# Namensaufloesung
name resolve order = host wins bcast

# Erlaubte Authentifizierungsprotokolle

map archive = yes
map hidden = no
map readonly = yes
map system = no
map to guest = never
delete readonly = yes

preserve case = yes

# Nach 15 Min. Inaktivität trennenlog file = /var/log/samba/%m.log
log level = 10
syslog = 1

panic action = /usr/share/samba/panic-action %d

# Wann werden DAten auf die Platten geschrieben?
strict sync = yes
sync always = yes

use sendfile = yes

# Auf mdbs keine Oplocks setzen
veto oplock files = /*.mdb/

# OpenOffice hat Problem beim Speichern, es liegt aber nicht an den Oplocks!
oplocks = yes
level2 oplocks = yes

# Winbind - fÃr Authentifizierung Ãber einen anderen Server
#winbind cache time = 300
#winbind enum groups = yes
#winbind enum users = yes
#winbind uid = 1-2
#winbind gid = 1-2

ldap admin dn = cn=admin,dc=aag
ldap suffix = dc=aag
ldap group suffix = ou=groups
ldap user suffix = ou=users
ldap machine suffix = ou=computers
ldap idmap suffix = ou=idmap
idmap backend = ldap:ldap://erde.aag
idmap uid = 1-2
idmap gid = 1-2
winbind trusted domains only = yes

deadtime = 15
keepalive = 0

... shares


/etc/ldap/ldap.conf

BASEdc=aag
URI ldap://erde.aag:389 ldap://mond.aag:389

nss_base_passwd ou=users,dc=aag?one
nss_base_passwd ou=computers,dc=aag?one
nss_base_shadow ou=users,dc=aag?one
nss_base_group  ou=groups,dc=aag?one

TLS_CACERT  /etc/ldap/certs/cacert.pem
TLS_CERT/etc/ldap/certs/memberserver_cert.pem
TLS_KEY /etc/ldap/certs/memberserver_key.pem
TLS_CHECKPEER   yes
SSL start_tls

TLS_REQCERT allow


It make no difference if I activate TLS or not.

**
/etc/nsswitch.conf
**
passwd: files ldap winbind
group:  files ldap winbind
shadow: files ldap winbind

hosts:  files dns
networks:   files

protocols:  db files
services:   db files
ethers: db files
rpc:db files

netgroup:   nis



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.0.23d with ldap compile problem - SOLVED

2007-01-18 Thread Angela Gavazzi 
Am Donnerstag, 18. Januar 2007 14:50 schrieb [EMAIL PROTECTED]:
> Hi,
>
> >> and in the default location ?
> >
> > no: /usr/local/ldap
>
> Ok the problem come from this,
>
> ldconfig will help to load the librairie at run stage but won't help
> configure or the linker to find it when linking.


>
> I think that the simplest way to solve it , if you cant put  your open ldap
> librairy in a standard place, is to put a symbolic link referencing the
> .a file an .so file in /usr/local/ldap/lib in /usr/lib .

thank you very much.
This is just what I just tried now and it solved the problem.
I was expecting ldconfig to help also configure.

by, angela
>
> Regards,
>
> Yanick
>
> >> Seen to me that you have missed a step in the installation / compilation
> >> of openldap, since configure can't find the open ldap library.
> >>
> >> Did you have the librairy libldap.so in /usr/lib or /usr/local/lib ?
> >
> > find / -name libldap.so
> > /usr/src/openldap-2.3.27/libraries/libldap/.libs/libldap.so
> > /usr/local/ldap/lib/libldap.so
> >
> > but
> >
> > cat /etc/ld.so.conf
> >
> > /usr/X11R6/lib
> > /usr/lib/include
> > /usr/local/lib
> > /usr/local/ldap/include
> > /usr/local/ldap/lib
> >
> > I thought that this should work after executing ldconfig. Is this wrong?
> >
> > Tia, Angela
> >
> >> Regards,
> >>
> >> Yanick Durant / Linagora
> >>
> >> > Hi,
> >> >
> >> > I'm trying to compile samba 3.0.23d for use with ldap as backend.
> >> >
> >> > The system is Debian Sarge fresh installed, all updates installed, and
> >> > openldap-2.3.27 installed from sources.
> >> >
> >> > I searched a lot but couldn't google out anythink that helped.
> >> >
> >> > I sent this same mail jesterday with configure options for ldap,
> >> > ld.so.conf
> >> > and samba error.log but it was too long. So another time with less
> >>
> >> text.
> >>
> >> > Can anybody here help? It would be great!
> >> >
> >> > Thank you very much.
> >> >
> >> > Angela
> >> >
> >> >
> >> > samba configure:
> >> >
> >> > ./source/configure \
> >> > '--prefix=/usr/local/samba' \
> >> > '--sysconfdir=/etc' \
> >> > '--localstatedir=/usr/local/samba/var' \
> >> > '--with-configdir=/etc/samba' \
> >> > '--with-privatedir=/etc/samba' \
> >> > '--with-lockdir=/usr/local/samba/var/lock' \
> >> > '--with-piddir=/usr/local/samba/var/run' \
> >> > '--with-swatdir=/usr/local/samba/swat' \
> >> > '--with-smbmount' \
> >> > '--with-quotas' \
> >> > '--with-ldap' \
> >> > '--with-acl-support'
> >> >
> >> > *
> >> >
> >> > Configure aborts with this error:
> >> >
> >> > 
> >> > checking for LDAP support... yes
> >> > checking ldap.h usability... yes
> >> > checking ldap.h presence... yes
> >> > checking for ldap.h... yes
> >> > checking lber.h usability... yes
> >> > checking lber.h presence... yes
> >> > checking for lber.h... yes
> >> > checking for ber_scanf in -llber... no
> >> > checking for ldap_init in -lldap... no
> >> > checking for ldap_set_rebind_proc... no
> >> > checking whether ldap_set_rebind_proc takes 3 arguments... 3
> >> > checking for ldap_dn2ad_canonical... no
> >> > configure: error: libldap is needed for LDAP support
> >> >
> >> > *
> >> >
> >> >
> >> > --
> >> > To unsubscribe from this list go to the following URL and read the
> >> > instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.0.23d with ldap compile problem

2007-01-18 Thread Angela Gavazzi 
Hi,

I'm trying to compile samba 3.0.23d for use with ldap as backend.

The system is Debian Sarge fresh installed, all updates installed, and 
openldap-2.3.27 installed from sources.

I searched a lot but couldn't google out anythink that helped.

I sent this same mail jesterday with configure options for ldap, ld.so.conf 
and samba error.log but it was too long. So another time with less text.

Can anybody here help? It would be great!

Thank you very much.

Angela


samba configure:

./source/configure \
'--prefix=/usr/local/samba' \
'--sysconfdir=/etc' \
'--localstatedir=/usr/local/samba/var' \
'--with-configdir=/etc/samba' \
'--with-privatedir=/etc/samba' \
'--with-lockdir=/usr/local/samba/var/lock' \
'--with-piddir=/usr/local/samba/var/run' \
'--with-swatdir=/usr/local/samba/swat' \
'--with-smbmount' \
'--with-quotas' \
'--with-ldap' \
'--with-acl-support'

*

Configure aborts with this error:


checking for LDAP support... yes
checking ldap.h usability... yes
checking ldap.h presence... yes
checking for ldap.h... yes
checking lber.h usability... yes
checking lber.h presence... yes
checking for lber.h... yes
checking for ber_scanf in -llber... no
checking for ldap_init in -lldap... no
checking for ldap_set_rebind_proc... no
checking whether ldap_set_rebind_proc takes 3 arguments... 3
checking for ldap_dn2ad_canonical... no
configure: error: libldap is needed for LDAP support

*


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem saving opendocument files

2006-10-31 Thread Angela Gavazzi 
Hallo!

did anybody else experience problems saving opendocument files?

We have a running samba 3.0.21a on a debian machine and saving odt/ods files 
is getting very slowly. About 15sec. In this time the program (openoffice) is 
totally blocked. I don't know if the problem comes from samba or from oo.
I tried to deactivate oplocks, but it makes no difference.
We have no error messages in the logs.

Any help would be very appreciated

Thanks
angela
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Migration NT4 domain to Samba/LDAP howto

2006-10-17 Thread Angela Gavazzi 
Am Dienstag, 17. Oktober 2006 14:33 schrieb Dr.Peer-Joachim Koch:
> Hi,
>
> is it possible to setup a dedicated BDC  and test everything
> and do the main step after verifing that everything is working ?
As I understood from the Samba Documentation it's not possible to set up a 
Samba BDC for a Windows PDC.
For testing I use Virtual Maschines with vmware. Here I can set up a virtual 
domain and test all I need.
By Angela

>
> > Have a look at Samba 3 by Example.
> > http://us4.samba.org/samba/docs/man/Samba-Guide/
> >
> > Chapter 9 tells you how to do this.  You may also want to look at Chapter
> > 5. This has info. on using LDAP with Samba 3.
> >
> > You can migrate all the user and computer info. from your NT 4.0 PDC
> > straight to Samba.  When you shutdown your NT box and activate your Samba
> > box, the users/client machines will not know the difference.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba, cups and cupsaddsmb

2006-01-04 Thread Angela Gavazzi 
I am used to do the following to install a new printer using the cups driver, 
(which is in /usr/share/cups/drivers - and also tried the same with adobe and 
wind. generic ps driver)

1. I install the printer in cups with its ppd file - from foomatic-db or 
vendor ppd over the webinterface (its the best way for me)
2. reload the smb.conf for the new printer be seen from samba
3. cupsaddsmb -U adminuser -v cupsprintername

step 3 should copy the files the windows clients need to printer-driver-path 
from smb.conf ([print$]) wich in this case is /var/lib/samba/printers
here are is the folder W32X86 with the subfolders 2 and 3. The drivers are the 
copied to one of theese two.
from here the windows clients get the driver when "connecting" to the printer 
the first time.

Now on my new installations (i tried many times in the last days) the drivers 
are not copied to the [print$] share, so the windows client don't find them.

so it looks like the driver was "cupsadded" but it isn't really.
This is the problem and I really don't find out what i could have forgotten to 
configure or to do.

thanks for answer!

cheers angela



Am Mittwoch, 4. Januar 2006 04.39 schrieben Sie:
> > I installed a new samba-cups server on a sarge machine. Windbind
> > works, I can get all users and groups.
> > I copied the generic windows postscript driver files as in
> > cupsaddsmb-manpage described to /usr/share/cups/drivers (tried also
> > adobe drivers) Also tried the same with the cups driver, that I would
> > prefere to use. Installed a printer in cups (test), reloaded smb.conf
> > (also restarted samba) - I can see the printer from windows.
>
> What precisely is the problem?  This seems like a fine setup.
>
> > When I try to cupsaddsmb the printer driver for the windows clients,
> > nothing happens. No driver is copied
> > to /var/lib/samba/printers/W32X86/3, on the console I get the
> > message, that the driver was addedd successfully, nothing seem to be
> > written to printers.tdb (size doesn't change and tdbbackup gives an
> > empy file)
>
> AFAIK, cupsaddsmb only tells Samba there's a new CUPS printer it should
> make available over the network.  It doesn't have anything to do with
> drivers, that's a CUPS issue.  cupsaddsmb will "install" standard
> PostScript drivers if you have them, as that's what CUPS uses to
> print.  If you want to use the native Windows drivers for your printer,
> you'll presumably have to install the files manually.  I'm not sure
> where to start with this, as I've only ever used the Adobe PS driver.
>
> Cheers,
> Adam.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba, cups and cupsaddsmb

2006-01-03 Thread Angela Gavazzi 
Does really nobody have an idea?

thanks angela

Am Dienstag, 3. Januar 2006 10.31 schrieb Angela Gavazzi:
> Hallo,
>
> I have an old samba-cups printserver (debian woody), connected to the
> domain through winbind, that I must replace now.
>
> I installed a new samba-cups server on a sarge machine. Windbind works, I
> can get all users and groups.
> I copied the generic windows postscript driver files as in
> cupsaddsmb-manpage described to /usr/share/cups/drivers (tried also adobe
> drivers)
> Also tried the same with the cups driver, that I would prefere to use.
> Installed a printer in cups (test), reloaded smb.conf (also restarted
> samba) - I can see the printer from windows.
>
> When I try to cupsaddsmb the printer driver for the windows clients,
> nothing happens. No driver is copied to /var/lib/samba/printers/W32X86/3,
> on the console I get the message, that the driver was addedd successfully,
> nothing seem to be written to printers.tdb (size doesn't change and
> tdbbackup gives an empy file)
>
> cupsaddsmb -v -U administrator test
> Password for administrator required to access localhost via SAMBA:
> Running command: rpcclient localhost -N -U'administrator%x' -c
> 'setdriver test test'
> Succesfully set test to driver test.
>
> I tried with version 3.0.14 from sarge, 3.0.20b from testing and now 3.0.21
> from sid, because I saw that there was a resolved bug about not writing to
> printers.tdb
>
> Set this permissions:
> (user admin is in lpadmin group)
> drwxrwxrwx  4 root root 4096 Jan  2 12:05 /var/lib/samba/printers/*
> drwxrwsr-x  2 admin lpadmin 4096 Jan  2 11:52 /usr/share/cups/drivers/
>
> drwxrwxrwt  2 admin lpadmin 4096 Jan  2 21:49 /var/spool/samba/
>
> -rw-r--r--  1 admin lpadmin 131584 J /usr/share/cups/drivers/PS5UI.DLL
> -rw-r--r--  1 admin lpadmin  25113  /usr/share/cups/drivers/PSCRIPT.HLP
> -rw-r--r--  1 admin lpadmin 792644  /usr/share/cups/drivers/PSCRIPT.NTF
> -rw-r--r--  1 admin lpadmin 455168  /usr/share/cups/drivers/PSCRIPT5.DLL
>
> (tried also with lower and uppercase driver file names.)
> -r-xr-xr-x  1 admin lpadmin   760 Jan  2 12:57 CUPS6.INF
> -r-xr-xr-x  1 admin lpadmin67 Jan  2 12:57 CUPS6.INI
> -r-xr-xr-x  1 admin lpadmin  9529 Jan  2 12:57 CUPS6.PPD
> -r-xr-xr-x  1 admin lpadmin 12568 Jan  2 12:57 CUPSPS6.DLL
> -r-xr-xr-x  1 admin lpadmin 13672 Jan  2 12:57 CUPSUI6.DLL
>
> -r-xr-xr-x  1 admin lpadmin   760 Jan  2 21:55 cups6.inf
> -r-xr-xr-x  1 admin lpadmin67 Jan  2 21:55 cups6.ini
> -r-xr-xr-x  1 admin lpadmin  9529 Jan  2 21:55 cups6.ppd
> -r-xr-xr-x  1 admin lpadmin 12568 Jan  2 21:55 cupsps6.dll
> -r-xr-xr-x  1 admin lpadmin 13672 Jan  2 21:55 cupsui6.dll
>
> It would be really great if someone could point me to the problem or error
> I don't  see!
>
> tia angela
>
> I attach a log from cupsaddsmb with debug level 5 and here's testparm
> output:
>
>
> [global]
> workgroup = AAG
> server string = Samba %v
> security = DOMAIN
> password server = 192.168.100.30
> log level = 5 winbind:2 passdb:5 printdrivers:5 tdb:5
> syslog = 0
> log file = /var/log/samba/log.%m
> printcap name = cups
> preferred master = No
> domain master = No
> wins server = 192.168.100.30
> panic action = /usr/share/samba/panic-action %d
> idmap uid = 1-2
> idmap gid = 1-2
> winbind separator = +
> printing = cups
> print command =
> lpq command = %p
> lprm command =
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> write list = root, @AAG+Domänen-Admins
> create mask = 0700
> printable = Yes
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
> write list = @AAG+Domänen-admins, root,
> guest ok = Yes
>
>
> This configuration works on my old samba-cups.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba, cups and cupsaddsmb

2006-01-03 Thread Angela Gavazzi 
Hallo,

I have an old samba-cups printserver (debian woody), connected to the domain 
through winbind, that I must replace now. 

I installed a new samba-cups server on a sarge machine. Windbind works, I can 
get all users and groups.
I copied the generic windows postscript driver files as in cupsaddsmb-manpage 
described to /usr/share/cups/drivers (tried also adobe drivers)
Also tried the same with the cups driver, that I would prefere to use.
Installed a printer in cups (test), reloaded smb.conf (also restarted samba) - 
I can see the printer from windows.

When I try to cupsaddsmb the printer driver for the windows clients, nothing 
happens. No driver is copied to /var/lib/samba/printers/W32X86/3, on the 
console I get the message, that the driver was addedd successfully, nothing 
seem to be written to printers.tdb (size doesn't change and tdbbackup gives 
an empy file)

cupsaddsmb -v -U administrator test
Password for administrator required to access localhost via SAMBA:
Running command: rpcclient localhost -N -U'administrator%x' -c 'setdriver 
test test'
Succesfully set test to driver test.

I tried with version 3.0.14 from sarge, 3.0.20b from testing and now 3.0.21 
from sid, because I saw that there was a resolved bug about not writing to 
printers.tdb

Set this permissions:
(user admin is in lpadmin group)
drwxrwxrwx  4 root root 4096 Jan  2 12:05 /var/lib/samba/printers/*
drwxrwsr-x  2 admin lpadmin 4096 Jan  2 11:52 /usr/share/cups/drivers/

drwxrwxrwt  2 admin lpadmin 4096 Jan  2 21:49 /var/spool/samba/

-rw-r--r--  1 admin lpadmin 131584 J /usr/share/cups/drivers/PS5UI.DLL
-rw-r--r--  1 admin lpadmin  25113  /usr/share/cups/drivers/PSCRIPT.HLP
-rw-r--r--  1 admin lpadmin 792644  /usr/share/cups/drivers/PSCRIPT.NTF
-rw-r--r--  1 admin lpadmin 455168  /usr/share/cups/drivers/PSCRIPT5.DLL

(tried also with lower and uppercase driver file names.)
-r-xr-xr-x  1 admin lpadmin   760 Jan  2 12:57 CUPS6.INF
-r-xr-xr-x  1 admin lpadmin67 Jan  2 12:57 CUPS6.INI
-r-xr-xr-x  1 admin lpadmin  9529 Jan  2 12:57 CUPS6.PPD
-r-xr-xr-x  1 admin lpadmin 12568 Jan  2 12:57 CUPSPS6.DLL
-r-xr-xr-x  1 admin lpadmin 13672 Jan  2 12:57 CUPSUI6.DLL

-r-xr-xr-x  1 admin lpadmin   760 Jan  2 21:55 cups6.inf
-r-xr-xr-x  1 admin lpadmin67 Jan  2 21:55 cups6.ini
-r-xr-xr-x  1 admin lpadmin  9529 Jan  2 21:55 cups6.ppd
-r-xr-xr-x  1 admin lpadmin 12568 Jan  2 21:55 cupsps6.dll
-r-xr-xr-x  1 admin lpadmin 13672 Jan  2 21:55 cupsui6.dll

It would be really great if someone could point me to the problem or error I 
don't  see!

tia angela

I attach a log from cupsaddsmb with debug level 5 and here's testparm output:


[global]
workgroup = AAG
server string = Samba %v
security = DOMAIN
password server = 192.168.100.30
log level = 5 winbind:2 passdb:5 printdrivers:5 tdb:5
syslog = 0
log file = /var/log/samba/log.%m
printcap name = cups
preferred master = No
domain master = No
wins server = 192.168.100.30
panic action = /usr/share/samba/panic-action %d
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
printing = cups
print command =
lpq command = %p
lprm command =

[printers]
comment = All Printers
path = /var/spool/samba
write list = root, @AAG+Domänen-Admins
create mask = 0700
printable = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
write list = @AAG+Domänen-admins, root, 
guest ok = Yes


This configuration works on my old samba-cups.
INFO: Current debug levels:
  all: True/5
  tdb: True/5
  printdrivers: True/5
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: True/5
  sam: False/0
  auth: False/0
  winbind: True/2
  vfs: False/0
  idmap: False/0
  quota: False/0
  acls: False/0
  locking: False/0
  msdfs: False/0
doing parameter max log size = 5000
doing parameter syslog = 0
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter security = domain
doing parameter encrypt passwords = true
doing parameter load printers = yes
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter socket options = TCP_NODELAY
doing parameter winbind separator = +
doing parameter winbind uid = 1-2
doing parameter winbind gid = 1-2
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
pm_process() returned Yes
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered

[Samba] Changed UIDs from winbind after server reboot!

2004-05-03 Thread angela . gavazzi 
I set up a samba 3.0.2 server as member server in a NT4 Domain.
Winbind works great and I can "use" the NT Domain users for all I need.
At the moment I'm testing different shares with their permissions.
The Samba will also be our printserver, so I set up also cups and added
the printers to samba with cupsaddsmb - Great tool! . Users could
connect and all worked fine.

After a reboot I had to do after adding a kernel option (RTC),
suddenly the test user told me that they could 
no longer connect to the shares and the printers.
When looking I found out, that all permissions where changed.
The first time I thought I did a big mistake because
working too long in the night. :-)
2 Days later I rebooted the server again - and had the same thing.
Alls permissions where changed.

I tested stopping samba and winbind - nothing strage happened.
Then I rebooted the server again - and a lot of UID changed again.

Did I missunderstood completely the function of winbind or is
there something wrong here?


Here a little more infos to the system 

Let me know if other infos are needed.

Tia Angela

woody 3 with actual sec. patches
samba 3.0.2 from backports
here's the smb.conf

[global]

workgroup = AAG
netbios name = S10amba
security = domain
encrypt passwords = yes
password server = 192.168.100.31
wins server = 192.168.100.30
host msdfs = yes
#

#template shell = /bin/false
#template homedir = /work/home/%u
max mux = 200
max open files = 8000

###
# Umgang mit Daten
###
display charset = ISO8859-1
unix charset = ISO8859-1
dos charset = CP850

#username level = 5
case sensitive = no
Preserve case = yes

log file = /var/log/samba/log.smbd.%m
log level = 1

follow symlinks = yes

#Diverse Einstellungen für DOS und Win
###
map archive = yes
map system = no
map hidden = no

###
# Globale Druckeinstellungen
###

load printers = yes
printing = cups
printcap name = cups


#schreibgeschützte Dateien dürfen gelöscht werden
delete readonly = yes

#Samba als Zeitserver; hauptsache es sind mal alle Uhren gleich
time server = yes
dos filetimes = yes
fake directory create times = yes
dos filetime resolution = yes

# sichert die Integrität der Dateien gegen Verlust von Performance
; Am heikelsten sind Datenbankdateien also nur diese ohne oplocks
; und zwar für alle Verzeichnisse
veto oplock files = /*.mdb/*.dbf/

deadtime = 5

# Die folgenden Punkte müssen auf yes gestellt werden, wenn Samba
; als PDC fungieren soll.

os level = 20

local master = yes
preferred master = no
domain master = no
wins support = no
domain logons = no
winbind separator = +

# Benutze uids von 1-2 für Domänenbenutzer
winbind uid = 1-2

# Benutze gids von 1-2 für Domänengruppen
winbind gid = 1-2

# Erlaube enumeration von winbind user und gruppen
winbind enum users = yes
winbind enum groups = yes

name resolve order = wins hosts lmhosts bcast


# Sicherheitseinstellungen


hosts allow = 127.0.0.1 192.168.100.0/24
hosts deny = 0.0.0.0/0

[IPC$]
path = /tmp
hosts allow = 127.0.0.1 192.168.100.0/24
hosts deny = 0.0.0.0/0
#
#Drucker
#

[print$]
comment = Download Drucker Treiber
path = /work/printerdrivers
browseable = yes
guest ok = no
public = yes
read only = yes
write list = AAG+Domänen-Admins, root, AAG+Administrator

[printers]
path = /var/spool/samba
browseable = yes
public = yes
guest ok = no
writable = no
printable = yes
printer admin = AAG+Domänen-Admins, root, AAG+Administrator
write list = AAG+Domänen-Admins, root, AAG+Administrator
[AAG-Daten]

path = /work/dfs
msdfs root = yes
browseable = yes
writeable = yes
valid users [EMAIL PROTECTED]

[AV]
path=/work/aag/edv/AV
Valid users = AAG+HHA @AAG+Domänen-Admins
write list = AAG+ HHA @AAG+Domänen-Admins

[EDV] 
path = /work/aag/edv
browseable = yes
valid users = AAG+Domänen-Admins
write list = AAG+Domänen-Admins
admin users = AAG+Domänen-Admins

# ACL Einstellungen
nt acl support = yes
inherit acl = yes
create mask = 770
directory mask = 770
Security mask = 770
directory security mask  = 0777

force security mode = 
force directory security mode = 
force group = AAG+Domänen-Admins
force create mode = 0770
force directory mode = 770
fo

[Samba] Re:RE:Cupsprinter over samba won't work from w2k clients

2004-03-19 Thread Angela Gavazzi 
Marcel de Riedmatten wrote:

[snip]
> 
> 
> At this point i would stop samba, remove
> /var/lib/samba/ntdrivers.tdb and ntprinters.tdb,
> restart samba and have a try with the original windows drivers.
> 
> Have a good day.


Hallo!

thank you for the answer. It helped a little.
Even if I only have one driver installed, after deleting the tbd files, I
was able to reinstall the driver to samba and after that again on the
client. I'm also able to show the printer properties on the client after
this, even if I get the same error message and not all properties are
shown.

Interesting is that I'm able to print, but the pages are not logged
in .../cups/pages_log. And I really need this for billing.
It looks like the pages would not be spooled on samba, but sent directly to
the printer.

With the other printer I can print without problems and all is logged, so I
think it is a driver problem and not a samba problem.

When fully installing the driver on the client there is also another piece
of software that works with the printer driver. They call it Network
Extensions. After installing this I have the missing properties within the
printerdriver window, but only for the locally installed printer. I suppose
that this is the cause for the error message. 

I also don't really understand the connection between the locally (on the
samba server) installed ppd for cups and the windows driver I use to
install on the clients. What's used finally to send the job to the printer?
I install the windows driver on samba, then on the client but depending on
the URI for the ppd-printer under cups the jobs can or not be printed. ???

Could it be a ipp problem?

the printer understands 4 URIs
http://ip.ad.re.ss/ipp
http://ip.ad.re.ss:631/ipp
http://ip.ad.re.ss/ipp/lp
http://ip.ad.re.ss:631/ipp/lp

I use http://ip.ad.re.ss:631/ipp 
With other Uris the jobs don't reach the printer...

Thanks i.a. again...

Ang

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Cupsprinter over samba won't work for w2k clients

2004-03-17 Thread Angela Gavazzi 
 
 Hallo!
 
 I installed Samba 3.0.1 on Deb Woody 3.0 with Cups 1.1.19 and joined to an
 NT4 Domain without problems, after solving the "Umlaut" problem.
 Unfortunately the System was installed in german... 
 
 I read a lot in the Samba HowtoCollection and installed the printer
 following to it step by step. Added the printer driver via APW, then
 connected from the Client and changed some settings. I used the vendors
 printer driver from the orig CD. From a Linux Client I can print without
 Problems.
 
 I have 2 Printers installed.
 Both can't print an one give an error when trying to show the properties.
 
 1. Brother - nothing in error_log, on the client side it's ready, but it
say
 that it cannot print. "The printer could not be started. Check the printer
 properties."
 
 2. An OKI C5300: when opening printer properties I get this in error_log:
 
 E [16/Mar/2004:15:59:44 +0100] get_printer_attrs: resource name
 '/printers/::{2227a280-3aea-1069-a2de-08002b30309d}' no good! 
 
 and this on the Client (sorry it's german...)
 
 Der an einen Systemaufruf übergebene Datenbereich ist zu klein" 
 "Funktionsadresse 0x500027e4 hat eine Schutzverletzung verursacht.
 (Ausnahmecode 0xc005) Die Eigenschaftenseite wird  möglicherweise nicht
 richtig angezeigt."
 
 Then it opens the properties. The printer is shows as not connected and
when
 trying to print there are no errors in error_log.
 
 Somewhere in a posting I found that I have to check if rpcclient is
working:
 
 enumdrivers:
 rpcclient -c "enumdrivers 1" -U user -W Domain Host
 rpcclient -c "enumdrivers 2" -U user -W Domain Host
 
 It looks good, give out lists with printerdriver infos..
 
 getdriver:
 rpcclient -c "getdriver drivername" -U user -W Domain Host
 
 Here I could not find out what driver name is expected - sorry...
 
 It's the first time I try to use samba as printserver - I'm working to to
 replace all nt machines with linuxes.
 
 It would be great if anybody could give me any help to get it working.
 
 Thanks i.a.
 
 Angela
 
 
 Here's my smb.conf:
 
 [global]
 
 winbind separator = +
 load printers = yes
 printing = cups
 printcap name = cups
 
 
 #
 #Drucker
 #
 
 [print$]
 comment = Download Drucker Treiber
 path = /work/printerdrivers
 browseable = yes
 guest ok = yes
 #read only = yes
 write list = @Domain+Domänen-Admins, root, Domain+Administrator
 
 [printers]
 path = /var/spool/samba
 browseable = yes
 public = yes
 guest ok = no
 writable = yes
 printable = yes
 printer admin = @Domain+Domänen-Admins, root, Domain+Administrator
 write list = @Domain+Domänen-Admins, root, Domain+Administrator

-- 
Angela Gavazzi
Allg. Anthroposophische Gesellschaft
Goetheanum
Dornach - Switzerland

www.goetheanum.ch  (old one)
www.goetheanum.org ( new one - in construction)

For mail answer please remove "_no_spam_" from mailaddress.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba