from:"ben"

Re: [Samba] How to migrate samba 2.x account to ldap backend

2007-08-01 Thread Ben Tisdall

GreeG wrote:
> Hi there,
> 
> Is anybody has ever made this: Migrate samba 2.x users (and their unix
> accounts) to an openldap? I've found plenty of how to for building a
> blank samba/ldap authentication system, but nothing for migrate existing
> samba 2.x account (but samba 3.x)... smbldap-tools are useful for
> creating groups etc., migratetools are useful for unix account, but what
> about samba 2.x?

I'm in the midst of such a migration & agree the information out there
is surprisingly sparse. **I should point out that was already already on
Samba 3 so apologies if this doesn't apply here - test in a safe manner**

I'm asssuming you've already got all your posix accounts & groups in
place - if you've used the PADL scripts to migrate these you'll have to
modify some entries so that your machine accounts are under ou=computers
rather ou=users or ou=people.

Having laid the ground, I would firstly copy your smb.conf to something
like migrate.smb.conf & put all the stuff in the copy to allow it to
talk to your LDAP server, **but not including the ldapsam backend
directive**, eg:

ldap ssl = [off|on|start_tls]
ldap admin dn = uid=admin,dc=example,dc=com
ldap suffix = dc=example,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=users
ldap machine suffix = ou=computers

Put the ldap admin user in secrets.tdb by doing: smbpasswd -w adminpass

Copy your smbpasswd file to an alternate location avoid accidentally
clobbering the real one with a typo.

Now you can use pdbedit to export users, letting it using the new conf
file by specifying it with '-s':

pdbedit -s /path/to/migrate.smb.conf -e \
ldapsam:ldap://ldap.example.com[:port]

Also group mappings:

pdbedit -s /path/to/migrate.smb.conf -g -e \
ldapsam:ldap://ldap.example.com[:port]

Obviously you'll need to point samba to the new backend once it's ready.

HTH
-- 
Ben Tisdall

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Migrating to ldapsam - group mapping question [Solved]

2007-08-01 Thread Ben Tisdall

Ben Tisdall wrote:

> Everything's working pretty good when I test run with the LDAP backend
> except that the group mappings disappear - do I simply have to recreate
> these & if I do what's the effect if I change back to smbpasswd?

Somehow one of the UNIX groups in the group mapping had 'gone missing'
from my LDAP tree, once restored all the mappings seemed to magically
re-appear. Is this as expected?

-- 
Ben Tisdall
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Migrating to ldapsam - group mapping question

2007-07-31 Thread Ben Tisdall

Hi,

I'm doing a migration from smbpasswd to ldapsam backend on a Samba PDC.
POSIX accounts are fine & I've migrated the Samba accounts using pdbedit.

Everything's working pretty good when I test run with the LDAP backend
except that the group mappings disappear - do I simply have to recreate
these & if I do what's the effect if I change back to smbpasswd?

Cheers,

-- 
Ben Tisdall

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Getting owner of files on Mounted Windows Share (3rd attempt)

2007-07-19 Thread Ben Tisdall

Terlson, Adam (STP) wrote:
> Are people just ignoring my question because I messed something up, not
> getting it, or does no one know anything?
> 
Adam,

I have several replies to your question from the list in my inbox, so
try checking the archives if they didn't reach you for some reason.

In summary, Windows ownerships don't pass through with smbfs, the
ownerships will be those specified as options to the mount command, or
if none are specified they will default to root:root. Check the manpage
for smbmount for more details.

--
Ben Tisdall
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] net rpc join: Percent sign in password

2007-07-11 Thread Eyal Ben David

Hello,

 

How can I pass a password that contains the percent sign to the "net rpc
join" command?

 

I use the format:  Net rpc join -U user%password

Does escaping work? If so, how?

 

Thanks

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smba with Amanda backup --- permissions

2007-06-05 Thread Ben Tisdall

bhoomikasc wrote:
> Hi,
> 
> I am trying to create a Samba share on /media/winshare with the owner as
> amandabackup instead of root. But as soon as I mount the Samba share on to
> the mount point, the permissions for the owner get reverted back to root
> instead of amandabackup.
> 
> Attaching a snapshot of how it looks like.
> http://www.nabble.com/file/p10894282/samba%2Bquery.jpg 

I suspect udev is coming into the picture because you're using /media as
your mountpoint.

Try mounting under /mnt & see what happens.

-- 
Ben Tisdall
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smba with Amanda backup --- permissions

2007-05-31 Thread Ben Tisdall

bhoomikasc wrote:
> Hi,
> 
> I am trying to create a Samba share on /media/winshare with the owner as
> amandabackup instead of root. But as soon as I mount the Samba share on to
> the mount point, the permissions for the owner get reverted back to root
> instead of amandabackup.
> 
> Attaching a snapshot of how it looks like.
> http://www.nabble.com/file/p10894282/samba%2Bquery.jpg 

I suspect udev is coming into the picture because you're using /media as
your mountpoint.

Try mounting under /mnt & see what happens.

-- 
Ben Tisdall
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Group mapping not working consistently - addendum

2007-05-30 Thread Ben Tisdall


Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ben Tisdall wrote:

Pardon me, I meant to include this information:

[EMAIL PROTECTED]:~$ net rpc -d1 group members "Caseworkers"
Password:
[2007/05/29 20:53:13, 1] utils/net_rpc.c:run_rpc_command(170)
  rpc command function failed! (STATUS_SOME_UNMAPPED)


First off, it appears that you are just trying to enumerate
members of a group.  There's no enough context from your
original post to assume otherwise.


Sorry about that. Things otherwise work as expected but the failure of
the command was puzzling.



In this case, the output indicates that some accounts
belonging to the group have most likely been deleted.
Granted, we shouldn't fail here anyways.  But that's
pretty much what the error msg in telling you.



Bingo! Somehow my 'amanda' system user had snuck into this group!

Thanks Jerry, fantastic support :)

Best,

--
Ben Tisdall

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Group mapping not working consistently

2007-05-29 Thread Ben Tisdall

I'm trying to understand why my group mapping doesn't work in a 
consistent fashion. I've studied "Important Samba-3.0.23 Change Notes" & 
 chapter 13 of TOSHARG but am still struggling. I'm on 3.0.23a-1.fc4.1 
(Fedora Core 4) as a PDC, tdbsam backend.


'net groupmap list' gives this:

Domain Power Users (S-1-5-21-1365060548-1276164359-2333037906-31037) -> 
pwrusers
Domain Webmasters (S-1-5-21-1365060548-1276164359-2333037906-31031) -> 
webmaster

Staff (S-1-5-21-1365060548-1276164359-2333037906-3057) -> staff
Domain Admins (S-1-5-21-1365060548-1276164359-2333037906-512) -> root
General Managers (S-1-5-21-1365060548-1276164359-2333037906-3051) -> genmgrs
Domain Guests (S-1-5-21-1365060548-1276164359-2333037906-514) -> nobody
Caseworkers (S-1-5-21-1365060548-1276164359-2333037906-3053) -> caseworkers

'getent group webmaster' outputs this:

webmaster:x:15015:foo,bar,foobar

And 'net rpc group members "Domain Webmasters"' gives:

REDRESSTRUST\foo
REDRESSTRUST\bar
REDRESSTRUST\foo

So far so good, but in the case of 'getent group caseworkers':

caseworkers:x:1026:foo,bar.foobar

'net rpc group members "Caseworkers"' prints nothing.

The problem seems to be related to GIDs - new unix groups are created 
with GIDs above 15000 & mapping works fine, but mapping to existing 
groups with GIDs in the 1000 area seems to fail.


Here's my smb.conf:

[global]
workgroup = REDRESSTRUST
passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n 
*Password*changed*

username map = /etc/samba/users.conf
syslog = 0
log level = 1
name resolve order = wins bcast hosts
time server = yes
printcap name = CUPS
show add printer wizard = No
add user script = /usr/sbin/useradd -m "%u"
delete user script = /usr/sbin/userdel -r "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
add user to group script = /usr/sbin/usermod -a -G "%g" "%u"
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null "%u"
logon script = login.bat
logon drive = P:
domain logons = Yes
preferred master = Yes
wins support = Yes
printing = CUPS
#idmap uid = 15000-2
#idmap gid = 15000-2

Cheers.
--
Ben Tisdall
RedCircle IT Ltd, London NW1.
www.redcircleit.com
[EMAIL PROTECTED]
+44 (0)20 7387 0351
+44 (0)7932 745803
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Group mapping not working consistently - addendum

2007-05-29 Thread Ben Tisdall


Pardon me, I meant to include this information:

[EMAIL PROTECTED]:~$ net rpc -d1 group members "Caseworkers"
Password:
[2007/05/29 20:53:13, 1] utils/net_rpc.c:run_rpc_command(170)
  rpc command function failed! (STATUS_SOME_UNMAPPED)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] mount.cifs and sec=krb5

2007-05-04 Thread Vaughan, Ben R [ECSS]

Thanks to simo and Jerry for their excellent responses.

Ben

Ben Vaughan, RHCE
Engineering Computing Support Services
Iowa State University
[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald (Jerry) 
Carter
Sent: Friday, May 04, 2007 4:12 PM
To: Ben Vaughan
Cc: Samba
Subject: Re: [Samba] mount.cifs and sec=krb5

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ben,


> I am attempting to mount a cifs share on a RHEL 5 box using mount.cifs. 
> The server is another RHEL 5 box.  Both boxes are joined to the same
> Kerberos realm (AD).
> 
> I kinit to get my Kerberos tickets.
> 
> This is the mount command I'm using:
> 
> mount.cifs  //rhel5.server.iastate.edu/benvon ./mnt -o user=benvon,sec=krb5

The cifs.ko krb5 support does not work right now.

You can find more details (inlcuding a list ot the
cifs client ml at http://linux-cifs.samba.org/

We're working on it.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGO6GYIR7qMdg1EfYRAm1/AJ9VAHGTuTQKUcUQCAbrVGxVZzTdFACglbhH
lnfmt5e1T2aSi4oNnSnhjyQ=
=yMyD
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] mount.cifs and sec=krb5

2007-05-04 Thread Ben Vaughan


Hello fellow Samba folks,

I am attempting to mount a cifs share on a RHEL 5 box using  
mount.cifs.  The server is another RHEL 5 box.  Both boxes are joined  
to the same Kerberos realm (AD).


I kinit to get my Kerberos tickets.

This is the mount command I'm using:

mount.cifs  //rhel5.server.iastate.edu/benvon ./mnt -o  
user=benvon,sec=krb5


This results in a password prompt, then a permission denied message  
(even if the password was correct).


The interesting thing to see is the log on the server (log level 10  
excerpt):


[2007/05/04 15:10:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1010)
  sesssetupX:name=[]\[湥潶n䰀湩硵瘠牥楳湯㈠㘮 
ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x]@ 
[129.186.196.8]

[2007/05/04 15:10:30, 6] param/loadparm.c:lp_file_list_changed(3001)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time:  
Fri May  4 10:59:44 2007


[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info_map(161)
  make_user_info_map: Mapping user []\[湥潶n䰀湩硵瘠牥楳湯 
㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x] from  
workstation [129.186.196.8]

[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(75)
  attempting to make a user_info for 湥潶n䰀湩硵瘠牥楳湯㈠ 
㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x (湥潶n 
䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥 
⁴潦⁲楌畮x)

[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(85)
  making strings for 湥潶n䰀湩硵瘠牥楳湯㈠㘮 
ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x's user_info  
struct

[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(117)
  making blobs for 湥潶n䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱ 
汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x's user_info struct

[2007/05/04 15:10:30, 10] auth/auth_util.c:make_user_info(135)
  made an encrypted user_info for 湥潶n䰀湩硵瘠牥楳湯㈠㘮 
ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x (湥潶n䰀 
湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴ 
潦⁲楌畮x)

[2007/05/04 15:10:30, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user []\[湥潶 
n䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥 
[EMAIL PROTECTED] with the new password interface

[2007/05/04 15:10:30, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [IASTATE]\[湥潶n䰀湩硵 
瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲ 
[EMAIL PROTECTED]



Yah

Anyway, when leaving off the sec=krb5 or setting sec=ntlmv2,  
everything works as expected.


smbclient -k works as expected.

Does anyone have any advice?  I can produce as much logging as may be  
needed.


If this isn't the proper place to be asking questions about  
mount.cifs, please redirect me.


Many Thanks,

Ben Vaughan, RHCE
Engineering Computing Support Services
Iowa State University
[EMAIL PROTECTED]
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-useradd not creating machine accounts in correct fashion

2007-05-03 Thread Ben Tisdall

On Fri, April 13, 2007 23:48, Edmundo Valle Neto wrote:
>
> Your script appears to be working right, "smbldap-useradd -w
> machinename$" should only create an account with posix attributes, the
sambaSAMAccount class and attributes will be added by samba when the
client is joined into the domain.
>
> You can see that in the IDEALX smbldap-tools user manual.

Thanks Edmundo and apologies for not having consulted the fine manual more
closely - I should know better.

In the end testing revealed that the tools were putting the machine
accounts under 'ou=computers,${suffix}' (as I wanted) but samba seemed to
be looking for them under 'ou=users,${suffix}', because if I reconfigured
the tools to put the accounts there then everything worked as expected.

This is odd as I have 'machine suffix = ou=computers' in smb.conf & now,
having now put things back as they were, everything's working!

Therefore I can only conclude that the issue was due to some typo that
I've now unwittingly corrected - odd, as I was logging samba at up to 4 &
saw nothing suggestive.

Best,

-- 
Ben Tisdall

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-useradd not creating machine accounts in correct fashion

2007-04-16 Thread Ben Tisdall

On Fri, April 13, 2007 23:48, Edmundo Valle Neto wrote:
>
> Your script appears to be working right, "smbldap-useradd -w
> machinename$" should only create an account with posix attributes, the
sambaSAMAccount class and attributes will be added by samba when the
client is joined into the domain.
>
> You can see that in the IDEALX smbldap-tools user manual.

Thanks Edmundo and apologies for not having consulted the fine manual more
closely - I should know better.

In the end testing revealed that the tools were putting the machine
accounts under 'ou=computers,${suffix}' (as I wanted) but samba seemed to
be looking for them under 'ou=users,${suffix}', because if I reconfigured
the tools to put the accounts there then everything worked as expected.

This is odd as I have 'machine suffix = ou=computers' in smb.conf & now,
having now put things back as they were, everything's working!

Therefore I can only conclude that the issue was due to some typo that
I've now unwittingly corrected - odd, as I was logging samba at up to 4 &
saw nothing suggestive.

Best,

-- 
Ben Tisdall

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbldap-useradd not creating machine accounts in correct fashion

2007-04-14 Thread Ben Tisdall


Hi,

I have OpenLDAP working here generally without problems for a variety of 
applications including the management of Samba. Functioning user 
accounts can be created via 'smbldap-useradd' with the proper samba 
attributes being added in LDAP, however...


Something odd is happening when I (or samba) tries to create a machine 
account with 'smbldap-useradd -w test1$' - an entry is created that 
looks like this:



dn: uid=test1$,ou=computers,dc=redcircle
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: test1$
sn: test1$
uid: test1$
uidNumber: 1041
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer

Needless to the computer is not able to join the domain...

Whereas a working entry migrated from tdbsam looks like this:

dn: uid=sonny$,ou=computers,dc=redcircle
uid: sonny$
sambaSID: S-1-5-21-1595696850-3378076689-3030227139-3008
sambaPrimaryGroupSID: S-1-5-21-1595696850-3378076689-3030227139-1201
objectClass: sambaSamAccount
objectClass: account
displayName: SONNY$
sambaPwdMustChange: 2147483647
sambaAcctFlags: [W  ]
sambaPwdCanChange: 1175234556
sambaPwdLastSet: 1175234556

Feel as what's happening is so wrong that it must be some silliness on 
my part but for the life of me can't figure out what & any help would be 
much appreciated. BTW this is occurring with version 0.9.2a of the tools 
downloaded from SF & also the .deb for my Ubuntu server


--
Ben Tisdall
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbldap-useradd not creating machine accounts in correct fashion

2007-04-13 Thread Ben Tisdall


Hi,

I have OpenLDAP working here generally without problems for a variety of
applications including the management of Samba. Functioning user
accounts can be created via 'smbldap-useradd' with the proper samba
attributes being added in LDAP, however...

Something odd is happening when I (or samba) tries to create a machine
account with 'smbldap-useradd -w test1$' - an entry is created that
looks like this:


dn: uid=test1$,ou=computers,dc=redcircle
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
cn: test1$
sn: test1$
uid: test1$
uidNumber: 1041
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer

Needless to the computer is not able to join the domain...

Whereas a working entry migrated from tdbsam looks like this:

dn: uid=sonny$,ou=computers,dc=redcircle
uid: sonny$
sambaSID: S-1-5-21-1595696850-3378076689-3030227139-3008
sambaPrimaryGroupSID: S-1-5-21-1595696850-3378076689-3030227139-1201
objectClass: sambaSamAccount
objectClass: account
displayName: SONNY$
sambaPwdMustChange: 2147483647
sambaAcctFlags: [W  ]
sambaPwdCanChange: 1175234556
sambaPwdLastSet: 1175234556

Feel as what's happening is so wrong that it must be some silliness on
my part but for the life of me can't figure out what & any help would be
much appreciated. BTW this is occurring with version 0.9.2a of the tools
downloaded from SF & also the .deb for my Ubuntu server.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Poor Quickbooks Performance

2007-04-11 Thread Ben House

I am using Samba (3.0.23) on FreeBSD (5.4 and 6.0) to share a Quickbooks
2007 file, with poor performance relative to Windows XP filesharing (4-5x
worse).  The file is large (about 600MB), and I am aware of the differing
locking mechanisms versus Windows, but is there anything that can be done to
tweak this?

BH

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] logon message

2007-02-27 Thread Ben Natala

I am interested in creating a logon message to be delivered to users  
when they logon. Is this possible? And if so, how can this be done?  
With logon scripts? The majority of my clients are connecting from  
Windows XP Pro, SAMBA is running on Debian Etch.


Thank You
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP, checkpwnam and PDC

2006-12-04 Thread Ben Wheare


Hiya,

I'm trying to set up a Samba PDC with an LDAP backend.
I experienced problems joining machines to domains, the machine account 
was created, but Windows said user name cannot be found.
I resolved this by adding ldap to /etc/nsswitch.conf, but this has the 
side effect of allowing ldap users to login to the server via SSH.
Whilst I can understand the need for LDAP users to be accessible to the 
system, i.e. checkpwnam etc for permisisons, I don't want users to be 
able to login to anywhere except the client Windows 2000/XP boxes.


People (only 3) who can login via SSH already have "real" user accounts 
in /etc/passwd etc.


Is there a way to stop this being allowed?

Thanks.
Ben
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Wins Problem

2006-10-31 Thread Adel Ben Zarrouk

Hi All

I have installed Samba 3 under RHEL v4, with LDAP support for the
authentication and as a PDC Domain, it seems everything works fine, but the
only problem was the network browser list.
We have a different subnet 192.168.X., 192.168.Y., 192.168.Z., etc..., Samba
local browser works fine, but the remote subnet and workgroup are
inaccessible, I double check the nmbd logs, there an error which I can't
resolve it related to wins server , it seems the Samba wins server try to update the database but no
success, I am not sure about the reason behind, I tried many things to solve
it, I installed a samba4wins server which is a replicate server for wins
windows server, but the same, I tried to make a samba to listen to microsoft
wins server (wins server = X.Y.Z.T), but the same problems.

For your information, the all subnet are connected through a Cisco router for
the intranet and for the internet connection through another Linux router,
the default router for the samba server (broadcast) is the internal router
(Cisco).

I have attached my smb.conf here for more details about the configuration.

PS: There is another internal error (Bug) if I try to configure a wins proxy
support with the latest update of Samba with RHEL ES4 U4.

Regards

 --Adel
--
Adel Ben Zarrouk
Senior Project Manager
Opennet MEA FZ LLC
Tel: +971 4 390 1943
Fax: +971 4 390 4360
Cell:+971 50 458 2797
http://www.opennet.ae/

---

-- 
Adel Ben Zarrouk
Senior Project Manager
Opennet MEA FZ LLC
Tel: +971 4 390 1943
Fax: +971 4 390 4360
Cell:+971 50 458 2797
http://www.opennet.ae/



[global]
   workgroup = GMH-SIEGE
netbios name = PDC-SRV
username map = /etc/samba/smbusers
server string = Linux PDC Server
#interfaces = 192.168.0.203 127.0.0.1
#bind interfaces only = Yes
   security = user
encrypt passwords = Yes
passdb backend = ldapsam:ldap://127.0.0.1
min passwd length = 3
obey pam restrictions = No
ldap passwd sync = Yes
log level = 100
syslog = 0
name resolve order = bcast hosts lmhost wins
log file = /var/log/samba/log.%m
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1

logon script = logon.bat
logon drive = H:
logon home = 
logon path = \\%L\profiles\%U

Domain logons = Yes
os level = 33
prefered master = Yes
domain master = Yes
local master = Yes
#wins proxy = yes
wins support = Yes
#wins server = 192.168.0.203
ldap admin dn = cn=Manager,dc=gmh,dc=com,dc=tn
ldap suffix = dc=gmh,dc=com,dc=tn
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

   #idmap uid = 16777216-33554431
   #idmap gid = 16777216-33554431
   idmap uid = 1-2
   idmap gid = 1-2
   ldap ssl = Off
   template shell = /bin/false
   #winbind use default domain = Yes

   remote browse sync = 192.168.4.255 192.168.1.255 192.168.0.255  
192.168.2.255 192.168.5.255 192.168.6.255 
   remote announce = 192.168.4.255/ELECTROSTAR 192.168.1.255/RANDA 
192.168.0.255/SIEGE  192.168.2.255/MIXELEC 192.168.5.255/GMH-SFAX 
192.168.6.255/GMH-SOUSSE

announce as = NT server
 winbind uid =
 winbind gid =
enhanced browsing = yes

[homes]

comment = Users Home Directory
valid users = %U
read only = No
create mask = 0644
directory mask = 0775
browseable = No

[netlogon]
path = /home/samba/netlogon/
browseable = No
read only = Yes

[profiles]
path=/home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable 
force user = %U
valid users = %U @"Domain Admins"

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Shares Work, Browsing Doesn't

2006-10-23 Thread Ben

I'am not sure whether it works. But you may try.

change the "os level=65" to "os level=100". (restart smb)
or
disable the "browse list backup" service in WinXP box. (restart winxp)



"Hal Vaughan" <[EMAIL PROTECTED]> 
???:[EMAIL PROTECTED]
> On Monday 23 October 2006 03:20, you wrote:
>> > I just want Windows users to see each Samba server and be able to
>> > click through to find the shares and click on the shares to open
>> > them.
>>
>> Having servers disappear from the browse list is normally related to
>> the nameserver daemon.  Are you running nmbd as well as smbd?  smbd
>> provides the files, nmbd provides the list of computers.
>
> It's running.  I forgot to give full info, but this is on Debian Sarge
> and installed with aptitude, so it automatically set it up to use smbd
> and nmbd.
>
>> Given that nmbd also uses broadcasts, you might want to make sure
>> that broadcasts are definitely reaching all the PCs.
>>
>> > browseable = yes
>> > guest ok = true
>
> Okay, they're gone.
>
>> These two are only supposed to go into a share definition, I'd remove
>> them from the main config file just in case.
>>
>> > domain master = Yes
>
> Removed as well, still left in
>
> local master = yes
> preferred master = yes
>
>> I'd also disable this if you don't want domain logons - I wouldn't be
>> surprised if this does funny things with WINS and affects browsing on
>> client PCs.
>>
>> The rest of your config looks fine.  I'd make sure nmbd is running,
>> and then look at network issues to make sure broadcasts are reaching
>> the clients.
>
> Double checked with ps -ax.  It's running/
>
>> If your network is at 192.168.0.0/24 you can "ping 192.168.0.255" to
>> send a broadcast packet.  In theory you should get replies from many
>> PCs, but you may only get responses from Linux PCs, I don't think
>> Windows replies to a broadcast ping.  Either way at least one
>> response from a different PC should indicate broadcasts are working.
>
> I got responses on a broadcast ping from several computers.
>
>> If you have another Linux PC you can also try using "nmblookup" to
>> see if Linux can get a list of names too.
>
> Tried that. Tried:
>
> nmblookup -M server
>
> and I got:
>
> querying server on 172.16.7.255
> name_query failed to find name server#1d
>
> (That's a 1d, as in ONE-d, not an "ell".)
>
> I also restarted after the config changes, with no effect.
>
> Thanks for the suggestions!
>
> Hal
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbind nsswitch problem

2006-08-10 Thread Ben Lentz


Greetings list,
I'm using samba 3.0.23a on a Fedora Core 5 system in a member server 
role in an Active Directory domain (security ads). My problem is that, 
although wbinfo -u and -g work great and can pull user and group lists 
respectively from AD, getent passwd and getent group do not. I've 
configured passwd: files winbind and group: files winbind in 
nsswitch.conf, and have configured idmap uid = 1-2 and idmap gid 
= 1-2 in the smb.conf file. testparm is clean, as is net ads 
testjoin. smbd and nmbd are running.


Running winbindd -i -d 10 & and trying a getent passwd results in a tiny 
amount of output from winbindd:

accepted socket 16
process_request: request fn INTERFACE_VERSION
[0]: request interface version
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[0]: request location of privileged pipe
accepted socket 17
process_request: request fn SETPWENT
[0]: setpwent
process_request: request fn ENDPWENT
[0]: endpwent

... but no actual passwd data comes through.

I got this working several years ago with samba 3.0.10 on Fedora Core 1. 
What on earth could I be doing wrong?


Thanks in advance for any hints...
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: winbind nsswitch problem

2006-08-10 Thread Ben Lentz

G... no, my fault! I only read 
http://us1.samba.org/samba/history/samba-3.0.23b.html down to the 
section relevant to the 23 -> 23a and 23a -> 23b changes. D'Oh!


I did, however, once read this great book called "LDAP System 
Administration".


- Original Message -
*From:* "Gerald (Jerry) Carter" <[EMAIL PROTECTED]>
*Sent:* 08/10/2006 04:53:59 PM
*To:* Ben Lentz <[EMAIL PROTECTED]>
*Cc:* samba@lists.samba.org
*Subject:* [Samba] Re: winbind nsswitch problem




-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ben Lentz wrote:
  
FYI... downgrading to samba 3.0.21b fixed the 
problem, upgrading again to 3.0.23a makes it break,

and downgrading one last time to 3.0.21b
fixes it.



You did read in the release notes that winbind enum users/groups
is disabled by default in 3.0.23 right ?




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE25znIR7qMdg1EfYRAgQcAJwMJ0LZHIZD+tkbHWA3kFHpKqtAPwCgxz/C
ldKTXcFrPia7CfbATNhbJ/E=
=alDQ
-END PGP SIGNATURE-
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: winbind nsswitch problem

2006-08-10 Thread Ben Lentz

FYI... downgrading to samba 3.0.21b fixed the problem, upgrading again 
to 3.0.23a makes it break, and downgrading one last time to 3.0.21b 
fixes it.


Not sure if it's a problem with samba, or if Fedora's package is 
borked... I'm kinda assuming that the answer from the list is going to 
be "build 3.0.23b from source and call us in the morning." Perhaps I'll 
give that a try and report my results back here.


- Original Message -
*From:* Ben Lentz <[EMAIL PROTECTED]>
*Sent:* 08/10/2006 03:18:19 PM
*To:* samba@lists.samba.org
*Subject:* winbind nsswitch problem




Greetings list,
I'm using samba 3.0.23a on a Fedora Core 5 system in a member server 
role in an Active Directory domain (security ads). My problem is that, 
although wbinfo -u and -g work great and can pull user and group lists 
respectively from AD, getent passwd and getent group do not. I've 
configured passwd: files winbind and group: files winbind in 
nsswitch.conf, and have configured idmap uid = 1-2 and idmap 
gid = 1-2 in the smb.conf file. testparm is clean, as is net 
ads testjoin. smbd and nmbd are running.


Running winbindd -i -d 10 & and trying a getent passwd results in a 
tiny amount of output from winbindd:

accepted socket 16
process_request: request fn INTERFACE_VERSION
[0]: request interface version
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[0]: request location of privileged pipe
accepted socket 17
process_request: request fn SETPWENT
[0]: setpwent
process_request: request fn ENDPWENT
[0]: endpwent

... but no actual passwd data comes through.

I got this working several years ago with samba 3.0.10 on Fedora Core 
1. What on earth could I be doing wrong?


Thanks in advance for any hints...


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 44, Issue 4

2006-08-04 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 44, Issue 3

2006-08-03 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 44, Issue 2

2006-08-02 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 40

2006-07-31 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 39

2006-07-30 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 37

2006-07-28 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 36

2006-07-28 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 33

2006-07-25 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 31

2006-07-23 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 30

2006-07-22 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 29

2006-07-21 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 27

2006-07-20 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 26

2006-07-20 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 25

2006-07-19 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 24

2006-07-18 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 23

2006-07-17 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 22

2006-07-16 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PATCH: Binding to a local IP address when mounting smb file system.

2006-07-14 Thread Ben Greear


Ben Greear wrote:

I have completed the first draft of the patch to allow binding to
local addresses.  Many of the binaries do not fully support this
option since I did not know a clean way to get the config info to them,
didn't think it was really required for my needs.  As far as I can tell,
the libraries are well supported, so the applications can have support
added as needed.  smbmount and a few others *do* support the new options,
and I have tested that smbmount works as I had hoped.

The attached patch enables this behaviour:


Seems my patch was too big for the list.  Instead, please find it here:
http://www.candelatech.com/oss/samba_local_bind2.patch



SMB client machine:
eth0 IP:  172.2.2.230  netmask 255.255.255.0
eth1 IP:  172.2.2.231  netmask 255.255.255.0
eth2 IP:  173.2.2.232  netmask 255.255.255.0
...

local mount dirs:
/mnt/smb1
/mnt/smb2
/mnt/smb3


SMB server is exporting share 'samba'

I want to stress the SMB server as if many SMB clients are connecting.
I can make arbitrarily many of the (virtual) interfaces on the client,
but when mounting the SMB server, I want each mount point to use a specific
interface and local IP.

With my patch applied, I can bind the smbmount process to a particular
local IP and device:

smbmount //172.2.2.2/samba /mnt/smb2 -o 
local_dev=eth1,local_ip=173.2.2.231,username=lanforge,password=lanforge
smbmount //172.2.2.2/samba /mnt/smb3 -o 
local_dev=eth2,local_ip=173.2.2.232,username=lanforge,password=lanforge
...

As far as I can tell, the server treats each of the mounts as separate 
entities, accomplishing my goal.


I would like to see this patch included in the official samba code, and 
would like your feedback on any changes needed to make that happen.


I already know that I need to get rid of some of the debugging 'printf' 
statements, and will do that when the rest of the issues have been addressed.


Thanks,
Ben




--
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Binding to a local IP address when mounting smb file system.

2006-07-14 Thread Ben Greear


I have completed the first draft of the patch to allow binding to
local addresses.  Many of the binaries do not fully support this
option since I did not know a clean way to get the config info to them,
didn't think it was really required for my needs.  As far as I can tell,
the libraries are well supported, so the applications can have support
added as needed.  smbmount and a few others *do* support the new options,
and I have tested that smbmount works as I had hoped.

The attached patch enables this behaviour:

SMB client machine:
eth0 IP:  172.2.2.230  netmask 255.255.255.0
eth1 IP:  172.2.2.231  netmask 255.255.255.0
eth2 IP:  173.2.2.232  netmask 255.255.255.0
...

local mount dirs:
/mnt/smb1
/mnt/smb2
/mnt/smb3


SMB server is exporting share 'samba'

I want to stress the SMB server as if many SMB clients are connecting.
I can make arbitrarily many of the (virtual) interfaces on the client,
but when mounting the SMB server, I want each mount point to use a specific
interface and local IP.

With my patch applied, I can bind the smbmount process to a particular
local IP and device:

smbmount //172.2.2.2/samba /mnt/smb2 -o 
local_dev=eth1,local_ip=173.2.2.231,username=lanforge,password=lanforge
smbmount //172.2.2.2/samba /mnt/smb3 -o 
local_dev=eth2,local_ip=173.2.2.232,username=lanforge,password=lanforge
...

As far as I can tell, the server treats each of the mounts as separate entities,
accomplishing my goal.

I would like to see this patch included in the official samba code, and would
like your feedback on any changes needed to make that happen.

I already know that I need to get rid of some of the debugging 'printf' 
statements,
and will do that when the rest of the issues have been addressed.

Thanks,
Ben


--
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc  http://www.candelatech.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 20

2006-07-14 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Bug in cac_Connect ?

2006-07-13 Thread Ben Greear


Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ben Greear wrote:


While working on adding support for local-binding, I found this piece of
code
in libmsrpc.c.  Maybe I'm confused..but should that strcmp maybe be
compared to != 0?

  /*change the server name in the server handle if necessary*/
  if(srv && hnd->server && strcmp(hnd->server, srv) == 0) {
 SAFE_FREE(hnd->server);
 hnd->server = SMB_STRDUP(srv);
  }



Looks like it.Send me a patch ?  I'm lazy...
Plus would you like to see you name in the release
notes? :-) :-)


I'll be sending a large patch for the local-binding work..but to be honest,
I'm clueless as to what this particular piece of code *should* be doing,
so I'd rather not get my name in the credits for *that* :)

If you are happy just having it changed to != 0, then I'll add that change
with my other changes...

Ben






jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEttsyIR7qMdg1EfYRAk1rAJ9KGWjGwgHd8lLB243HABCuZNiV8QCgxSUW
ibfcB99MUVbdRRwDGmHiwcI=
=Qvvf
-END PGP SIGNATURE-




--
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Bug in cac_Connect ?

2006-07-13 Thread Ben Greear


While working on adding support for local-binding, I found this piece of code
in libmsrpc.c.  Maybe I'm confused..but should that strcmp maybe be compared to 
!= 0?

   /*change the server name in the server handle if necessary*/
   if(srv && hnd->server && strcmp(hnd->server, srv) == 0) {
  SAFE_FREE(hnd->server);
  hnd->server = SMB_STRDUP(srv);
   }

--
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Binding to a local IP address when mounting smb file system.

2006-07-13 Thread Ben Greear


Hello!

My company makes testing software that, among other things, can be used
to generate file-system traffic.  In order to better support Samba, I need
to make a few changes to the way samba mounts file systems:

1)  I need to be able to specify the local IP address for the socket connection.
  This will allow me to bind different mounts to different local interfaces.
  This information will be passed to the bind system call before initiating
  the 'connect'.

Example code:

   struct sockaddr_in my_ip_addr;
   memset(&my_ip_addr, 0, sizeof(my_ip_addr));

   my_ip_addr.sin_family = AF_INET;
   my_ip_addr.sin_addr.s_addr = htonl(ip_addr);
   my_ip_addr.sin_port = htons(ip_port);

   int r; //retval
   r = bind(s, (struct sockaddr*)(&my_ip_addr), sizeof(my_ip_addr));
   if (r < 0) {
  //system("netstat -an");
  cerr << "ERROR: tcp bind:  " << LFSTRERROR << endl;
  VLOG_ERR(VLOG << "ERROR: tcp bind:  " << LFSTRERROR << "  IP: "
   << toStringIP(ip_addr) << " ipPort: " << ip_port << endl);
  closesocket(s);
  return r;
   }
   else {
  VLOG_INF(VLOG << "Successfully bound to IP: " << toStringIP(ip_addr) << " 
port: "
   << ip_port << endl);
   }


2)  I need to be able to specify the local Network device name.  This will be
  used to also help bind to a specific local interface.  This will be passed
  to setsockopt before the connect() is called.

Example code:

   if (dev_to_bind_to) {
  // Bind to specific device.
#ifndef __WIN32__
  if (setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE,
 dev_to_bind_to, DEV_NAME_LEN + 1)) {
 VLOG_ERR(VLOG << "ERROR:  tcp-connect, setsockopt (BINDTODEVICE):  "
  << LFSTRERROR << "  Not fatal in most 
cases..continuing...\n");
  }
#endif
   }//if


From looking at the Samba code, it appears that I will need to modify the
open_socket_out method in lib/util_sock.c.  I will have to modify the method
to accept the extra configuration info (local IP, local device name) and
of course all of the callers of open_socket_out to pass in the info (or NULL if
the caller does not care to bind locally.)


Please let me know if this is a feature that would be accepted into samba
if I code it up.

Any suggestions are welcome as well.

Thanks,
Ben


--
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 19

2006-07-13 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 18

2006-07-13 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 17

2006-07-12 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 15

2006-07-11 Thread Ben Stewart

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Full Logout of Samba Share (from XP)

2006-06-29 Thread Ben


Thanks Adam -- I now how more information:

If run "\\samba" I get prompted for a login. After login smbstatus (on 
the samba server) shows the connection and "net use" shows \\samba\IPC$.


Ok, then I run "net use \\samba /del" and the connection goes away both 
on net use and smbstatus. If I connect to the samba server, I have to 
relogin. Great.


Now I run "\\samba" and login. Then I map \\samba\data to z:. Then I do 
"net use" I see \\samba\IPC$ and \\samba\data. If I run "net use \\samba 
/del" I lose the \\samba\IPC$ connection, but z: remains. If I run "net 
use z: \del" I get rid of that connection -- "net use" shows no 
connections. However, smbstatus still shows a connection and when I 
connect to the server, I am logged in as the previous user. So it seems 
to show that "net use" isn't able to always disconnect all the 
connections and the problem *may* lie with mapping shares to drives, 
although I believe I've gotten windows into a similar state without 
mapping drives, just by browsing and reconnecting to "\\samba" multiple 
times.


Any more ideas on how to fully disconnect / logout from XP?

Thanks,

Ben


Adam Nielsen wrote:

If, however, I connect to the samba server (file run "\\server") it
doesn't not prompt for a username / password but connects as the user
from the original login. Windows is not saving the password -- if I
logout from XP and log back it, I'm asked for a username/password
again. Somehow the XP client is staying connected to the samba server.



Before you reconnect, run "smbstatus | grep " on the server
and double-check that the user really is staying connected.  It's
possible that Windows does cache the credentials, and only wipes that
cache when you log out.

If the client is staying connected, running "net use \\samba /del"
should disconnect from the server, but I'm surprised that the connection
wouldn't be in the "net use" list.

Cheers,
Adam.
  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Full Logout of Samba Share (from XP)

2006-06-27 Thread Ben

How can I logout of a samba share from Windows XP (without logging out 
the user on XP client)?


I've got a samba 3.0.14 running on debian sarge in user=security mode. 
When I to file run "\\server" from a windows XP client, I get prompted 
for a username / password and everything works fine. If I run "net use" 
on the XP machine it may or may not show the connection to the server.  
(Don't know what affects that -- what shares I'm connected to?). But if 
I run "net use * /del" it disconnects from all the shares it sees. After 
this "net use" does not show any connected shares. If, however, I 
connect to the samba server (file run "\\server") it doesn't not prompt 
for a username / password but connects as the user from the original 
login. Windows is not saving the password -- if I logout from XP and log 
back it, I'm asked for a username/password again. Somehow the XP client 
is staying connected to the samba server. How can I force a disconnect? 
The samba server it setup (and works) to handle domain logons (does that 
matter?), but most clients run certain programs constantly and (want) 
just log in and out to access their files.


Thanks,


Ben
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Mac OSX 10.4.6 and Samba going down

2006-05-17 Thread Ben Opit

We have a wonderful new mac server running osx 10.4.6 but infrequently the nmbd 
needs to be killed and relaunched inorder to get my windows shares working 
again. (shares are on a windows 2000 server)

 

Check out the last lot of logs. I have spoken to a few people in the Australian 
Mac community and there seems to be a common theme.

 

 

Initiating sync with domain master browser OSXSERVER<20> at IP 10.0.0.13 for 
workgroup TOMKINO$

[2006/04/16 15:08:45, 2] 
/SourceCache/samba/samba-92.9/samba/source/nmbd/nmbd_synclists.c:sync_br$

  Initiating browse sync for TK to NTSERVER(10.0.0.2)

[2006/04/16 15:08:45, 2] 
/SourceCache/samba/samba-92.9/samba/source/nmbd/nmbd_synclists.c:complet$

  sync with NTSERVER(10.0.0.2) for workgroup TK completed (2 records)

[2006/04/16 15:13:56, 2] 
/SourceCache/samba/samba-92.9/samba/source/nmbd/nmbd_synclists.c:sync_br$

  Initiating browse sync for TK to NTSERVER(10.0.0.2)

[2006/04/16 15:13:56, 2] 
/SourceCache/samba/samba-92.9/samba/source/nmbd/nmbd_synclists.c:complet$

  sync with NTSERVER(10.0.0.2) for workgroup TK completed (2 records)

[2006/04/16 15:16:11, 0] 
/SourceCache/samba/samba-92.9/samba/source/nmbd/nmbd.c:terminate(56)

  Got SIGTERM: going down... 

 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Write access doesn't grant delete access?!

2006-05-08 Thread Ben Walton

You may also want to lsattr the file and make sure it's not immutable or
something.

-Ben

On Mon, 2006-05-08 at 02:13 -0500, Pitti, Raul wrote:
> Jerry Westrick wrote:
> 
> >On Sunday 07 May 2006 23:24, Adam Nielsen wrote:
> >  
> >
> >>Hi Jeremy,
> >>
> >>Sorry it has taken me so long to get back to you.
> >>
> >>
> >>
> >>>>I didn't realise that Samba treated Delete access separately to
> >>>>Write access - how do I grant Delete access on a folder?
> >>>>
> >>>>
> >>>It doesn't. Can you post a debug level 10 log of a delete request
> >>>please?
> >>>  
> >>>
> >>I'll send you the debug log off-list, but from the looks of it there's
> >>an issue with the ACLs.  Samba says I don't have enough access to
> >>delete files, which I could understand, except for the fact that I can
> >>*modify* the file I'm trying to delete.  I would've assumed in this
> >>case that I didn't have write or execute access to the directory,
> >>but as far as I can tell, I do.
> >>
> >>Thanks,
> >>Adam.
> >>
> >>
> >
> >Yo, Adam...
> >
> >There is a special Linux security attribute which in effect says only
> >owner can delete...  I forget the exact value,  but got bitten by it once.
> >
> >Check to see if that's your problem...
> >
> >Jerry
> >  
> >
> 
> try to apply chmod 0770 or whatever you want to remove all the special 
> attributes.  Tell us how it goes.
> hope this help!
> 
> RP
> 
> 
> -- 
> 
> Raúl D. Pittí Palma
> Associate
> Global Engineering and Technologies
> mobile (507)-6616-0194
> office (507)-264-2362
> Republic of Panama
> www.globaltecsa.com 
> 
-- 
Ben Walton
Systems Programmer
Office of Planning & IT
Faculty of Arts & Science
University of Toronto
Cell: 416.407.5610
PGP Key Id: 8E89F6D2


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Printing identification

2006-05-05 Thread Ben Walton

I'm not positive, but I think if you used Dynamic Local Users
(Accounts?) you might get what you want with print jobs.  This may
require modifying your novell/xp config beyond acceptable limits for
your situation though.  (eg: it may break other things that are working
correctly for you).

Just a thought.

-Ben

On Fri, 2006-05-05 at 08:04 -0500, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Nolan Rumble wrote:
> > Hi,
> > 
> > Is it possible to enable samba so that when a user 
> > prints in windows, it attaches the users Novell
> > login ID (instead of the windows username) to
> > the printing logs so that when we look at the cups log, 
> > we can see which user printed what?
> 
> I'm not aware of any mechanism.  But I don't use
> the Novell win32 client.  There may be any I don't know it.
> 
> 
> 
> 
> 
> cheers, jerry
> =
> Samba--- http://www.samba.org
> Centeris ---  http://www.centeris.com
> "What man is a man who does not make the world better?"  --Balian
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
> 
> iD8DBQFEW01kIR7qMdg1EfYRAlNRAJ9aHO7N7GqqvdfrpfoqJjTlQfD2kgCgr89+
> vy0ezaGMTnNgkh5d1Lz982M=
> =p8rE
> -END PGP SIGNATURE-
-- 
Ben Walton
Systems Programmer
Office of Planning & IT
Faculty of Arts & Science
University of Toronto
Cell: 416.407.5610
PGP Key Id: 8E89F6D2


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] User name in View Connections

2006-05-01 Thread Ben Bodenstein

When using Webmin to view the conections on my Samba Server, the username
is not displayed, only the IP address and process ID. How can I make the
Username to appear on the Current Users list?
Thanks,
Ben

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] hanging smbd(s).....

2006-04-26 Thread Ben Walton

Which revision of rhel4 samba are you using?  4E.6 contains patches to
prevent smbd from borking a system like you describe.


grep samba /var/log/rpmpkgs
or
rpm -q samba

If you're on a lower rpm package revision than .6, you should try the
upgrade.  The version previous to 4E.6 was 4E.2 if memory serves.

Hope that helps.
-Ben

On Wed, 2006-04-26 at 11:52 +0530, [EMAIL PROTECTED] wrote:
> Hi All.
> 
> Iam also facing similar issue with samba version Version 3.0.10-1.4E on 
> RHEL4 (2.6.9-5.0.5.ELsmp)
> smbd process suddenly started filingup and within minutes samba stopped 
> responding.
> 
> Please help.
> 
> Thanks,
> Anilkumar
-- 
Ben Walton
Systems Programmer
Office of Planning & IT
Faculty of Arts & Science
University of Toronto
Cell: 416.407.5610
PGP Key Id: 8E89F6D2


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Domains and Windows Update

2006-04-19 Thread Ben Walton

Mike Petersen has created some updated policy templates to work with XP.
These happen to include settings to force auto update and allow you to
use an SUS/WUS server if you've got one.  There are some other nice
settings in there too.  Use that template (optionally in combination
with the winnt.adm and common.adm as shipped with the policy editor for
w2k) to create an NTConfig.pol file.  Drop that in your netlogon share
and away you go.

http://www.pcc-services.com/projects.html

It's working well for me here.

Hope that helps.
-Ben

On Tue, 2006-04-18 at 09:02 -0500, Adam Williams wrote:
> I've got several dozen Windows XP Pro computers in a Samba/Windows 
> Domain.  The problem is that with them being in the domain, automatic 
> updates does not work on these computers.  I think its because the 
> people log into the computers with the default windows domain 
> restrictions (you know, can't install anything, can't adjust the time on 
> the clock, can't update drivers, etc).  Having staff use IE to go to 
> http://windowsupdate.microsoft.com does not work either, due to 
> permissions.  Are there any solutions to this so that automatic updates 
> can run?
> 
-- 
Ben Walton
Systems Programmer
Office of Planning & IT
Faculty of Arts & Science
University of Toronto
Cell: 416.407.5610
PGP Key Id: 8E89F6D2

signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] changing passwords from Windows XP Pro workstations

2006-03-30 Thread Ben Walton

Yes, I just verified this on my setup.  I've never had luck in the past,
but I must have had a non-working password chat at those times (quite
some time ago now).  Apologies for misleading anyone.

I have a 'unique' setup for my user accounts, so my little script will
still be useful for certain purposes here, but I can now allow normal
password changes.

Thanks Eric & Simo.
-Ben

On Thu, 2006-03-30 at 15:04 -0500, Eric J. Feldhusen wrote:
> On a RHEL4, with Samba 3.0.10, I have the following password options 
> below.  I just tested and with a WinXP Pro client, I did the 
> ctrl-alt-delete and changed my password.  Once I did that, I ssh'ed into 
> the box and it used my new password.
> 
> 
> [global]
> encrypt passwords = yes
> 
> null passwords = yes
> 
> obey pam restrictions = yes
> 
> passwd chat = *New*UNIX*password* %n\n*ReType*new*UNIX*password*%n\n 
> *passwd:*all*authentication*tokens*update
> d*successfully*
> 
> passwd program = /usr/bin/passwd %u
> 
> unix password sync = Yes
> 
> 
> Ben Walton wrote:
> > A note on the password sync issue.  Someone more knowledgeable correct
> > me if I'm wrong.
> > 
> 
> -- 
> Eric Feldhusen
> System Administrator http://www.remc1.org
> [EMAIL PROTECTED]
> PO Box 270  (906) 482-4520  x239
> 809 Hecla St(906) 482-5031 fax
> Hancock, MI  49930  (906) 370 6202 mobile
-- 
Ben Walton
Systems Programmer
Office of Planning & IT
Faculty of Arts & Science
University of Toronto
Cell: 416.407.5610
PGP Key Id: 8E89F6D2


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] changing passwords from Windows XP Pro workstations

2006-03-30 Thread Ben Walton

A note on the password sync issue.  Someone more knowledgeable correct
me if I'm wrong.

When using the password syncing feature, the password must be changed
using the smbpasswd program on the pdc.  The reason being that using the
dialog from a windows client sends the updated password to the pdc as a
pre-hashed value.  The pdc never sees the clear text password...just
like it doesn't during authentication.  (This is a good thing.)  When
using smbpasswd, the smbpasswd binary actually has the clear text
password to work with.  It first attempts to update the unix password
and only proceeds to change the samba password if the unix change was a
success.

So, in my implementation, I've done the following to allow clients to
change their passwords (unix + samba) from the windows machine.  It's
clumsy (requires original password twice) and is text based (a linux
login) rather than a pretty gui, but it does keep the passwords the same
from the windows client.

Step 1: Disable the password change buttons via policy, registry hack,
etc.

Step 2:
I have a perl script that sets up a custom session (passwd) in putty,
stuffs in the key for the password changing server (yes, this isn't
ideal, keys are meant to be validated for a reason) and then launches
putty, calling the custom session.  The user sees a putty window pop up
asking for their password.  Once authenticated, I present some text, and
then drive smbpasswd on the Linux side.  If you didn't need to present
any custom text, you could simply drive smbpasswd directly...I keep this
script on a shared drive, and can therefore update the servers key very
easily if it changes for some reason.

I've attached my script.  I hope someone else can make use of it.

If I'm way off on my assessment of the different password changing
methods (gui vs smbpasswd) and there is a way to do this from the gui,
I'd appreciate someone letting me know.

Thanks
-Ben

On Thu, 2006-03-30 at 14:31 -0500, Gary Dale wrote:
> simo wrote:
> 
> >On Wed, 2006-03-29 at 23:33 -0500, Gary Dale wrote:
> >  
> >
> >>---
> >>
> >>OK, the logs aren't quite silent. Here's one when I tried to change my 
> >>password from a workstation (the log fragment is from 
> >>samba/log. - log.nmbd and log.smbd are silent for the 
> >>period). This time it came back with "you do not have permission to 
> >>change your password" after only a few seconds. The other passwords I've 
> >>been trying to change (and this password in previous attempts) have gone 
> >>away for more than 15 minutes before the dialogue box closed (without 
> >>changing the password):
> >>
> >>
> >>
> >
> >Log level 0 is not that useful, you may raise it to 3 or 5 and see what
> >error is returned on a password change.
> >
> >...
> >
> >Anyway, for some masochistic reason I took the time to go back and see
> >your recent postings and ... well man, you really need to take a breath.
> >
> >All your attempts to set up samba with LDAP have failed just because you
> >do not understand the openLdap ACL model and, more simply, you failed to
> >do basic things like defining the same dn as ldap manager in slapd.conf
> >and smb.conf (as the documentation clearly states).
> >
> >Anyway you got back to tdbsam, fine, it is the simpler option.
> >
> >Now can you check the smb.conf you posted earlier today and:
> >
> >1. Raise the log level
> >
> >2. comment out "password program", "password chat" and "unix password
> >sync" so that we are sure they are not set up wrongly
> >
> >3. tell me how "add group script" and "add user to group script" can
> >possibly ever work (unless the text of the conf has been mangled the
> >first misses the only meaningful parameter which is the group name and
> >the second has a wild back tick ...)
> >
> >And then also "invalid users" and "admin users" are in conflict about
> >root and printing is set to cups yet you try to define a mysterious "lpq
> >command = %p"
> >
> >
> >
> >I agree that one not need to be a developer to set up things, but at
> >least, please, check carefully the configuration file AND the logs
> >before shouting against the hard work of other people and claiming the
> >documentation is wrong.
> >
> >Simo.
> >
> >  
> >
> Thanks Simo. It really is better to light one candle than to curse the 
> darkness!
> 
> re. 1) At various times I did have admin in both files and at others it 
> was samba in both. That didn

Re: [Samba] Linux Samba server mounts hundreds of filesystems

2006-03-29 Thread Ben Walton

You could use the per machine configuration options to enable a
different debug level for only a few clients.

Something like (in [global]):
include = /etc/samba/smb.conf.%m

Then create a file called /etc/samba/smb.conf.

with the debug settings there.  I'm not sure if doing this requires a
config file for every machine or not though.

Just a thought.
-Ben

On Mon, 2006-03-27 at 16:18 -0800, Karandeep Singh wrote:
> We are a fairly large site with several thousand unix filesystems available
> for a Samba server to mount.  Some Windows user or users are running an
> application or command that causes the Samba server to mount everything. Even
> though we have a specially hacked kernel that allows upward of 7000 mounts, 
> the
> mount table fills up and messes up the automounter. This is not a Samba issue.
> I would like some pointers as to how to identify the command(s) users are
> running on the Windows side that causes this on our Linux Samba server. We 
> have
> hundreds of Samba clients and increasing the debug level for all does not
> seem the way to go. I am also not sure as to which the suspect clients are
> to zero in on them.
> 
> Any thoughts or suggestions as to how to proceed with the debug, what log 
> level to set,
> and what strings to look for in (which) log files would be appreciated. 
> 
> Here are some details.
> 
> uname -a
> Linux plxs0131 2.4.9-45lxset36tcpsmp #1 SMP Wed Jan 12 09:16:34 PST 2005 i686 
> unknown
> 
> smbd -V
> Version 3.0.10
> 
> 
> Thanks, 
> 
>  -KD
-- 
Ben Walton
Systems Programmer
Office of Planning & IT
Faculty of Arts & Science
University of Toronto
Cell: 416.407.5610
PGP Key Id: 8E89F6D2


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] sudden intermittent (but predictable) logon & connection failures

2006-03-27 Thread Ben Walton

Hi List,

This one has me completely stumped.  I hope that someone out there can
help.

Setup: 1 PDC (Samba 3.0.10-1.4E.2 from redhat as 4) also doing WINS. [I
know there's an update, but it doesn't help.  I'm trying to keep as many
variables static for troubleshooting as possible.]

On March 8, my server rebooted mysteriously overnight (the only info I
have is from the BMC, which indicates cpu shutdowns and then later power
loss in both power supplies).  Up until this point, samba was working
flawlessly as a PDC (non-production at this point).  I'm running Redhat
AS 4 with mostly current patches.  I run an unattended
(unattended.sourceforge.net) install from this machine (initiated via
PXE, hosted on the same machine) to image workstations.

Since this reboot, the server has performed perfectly except that samba
now 'fails' intermittently.  The failures that I see manifest 2 ways:
1.  During the unattended install, I get 'File or resource not found'
errors from my XPsp2 clients.  Using unattended's "retry" feature allows
a reconnection that then works until the end of install.  This process
was completely hands free and working without error before the server
reboot.

When a connection 'dies', the smbd is still running on the server, but
falls back to root credentials.  Subsequent connections spawn a new pid.
I can see in the logs that credentials are supplied automatically from
the clients cached values.

2.  After a fresh imaging, I cannot perform a domain logon until I've
logged in locally.  (I do nothing more than log in and then back out.)
Subsequent reboots of the machine will allow a working domain logon if I
wait for ~30 seconds before attempting.  If I try before that, I either
get a  not found message (first logon for this user) or a cached
session/profile if the user had logged in previously.  (My policies
trigger messages about \Desktop being unavailable, etc.).  When working
with a cached logon, I can simply hit F5 to get my desktop icons back
from the samba server (logs show cached credentials being supplied)...

The event logs on the XP box show a NETLOGON:5719 error that indicates
the RPC server cannot be found when logons fail (or allow a cached
session).

Google hasn't turned up anything helpful (lots of interesting things) so
far.  All of the RPC Server searches I've done lead me down roads that
haven't helped at all.  I don't think it's a WINS/DNS issue as the setup
does still (mostly) work.

I thought I had a bad NIC in my box, so I switched to the alternate
(moved all IP settings, etc) and things seemed to work well for the
better part of a week.  After the weekend (this is now the 20th), the
problem reoccured.  Logons fail after a boot, imaging fails sometimes.
I still feel like I'm fighting bad hardware, but can find no indication
of this.  All other services on the box are fine, the machine itself has
run properly since the incident, etc.

Since then I've been poring through logs, sniffing packets (I even have
the machines on a hub right now for easier sniffing), poking various
settings, etc.  Nothing seems to resolve this.  I've now wiped out
(after grabbing a backup) my passdb.tdb, secrets.tdb and all files
under /var/cache/samba.  No luck.

I can post smb.conf if anyone thinks it might help, but it hasn't
changed (with the exception of logging values).  I can post any other
info that may help too (sniffing logs?)...Anything that might help
eliminate samba from the problem scenario and point me in a better
(hardware?) direction would be of benefit too. 

Thanks
-Ben
-- 
Ben Walton
Systems Programmer
Office of Planning & IT
Faculty of Arts & Science
University of Toronto
Cell: 416.407.5610
PGP Key Id: 8E89F6D2


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: How-To for FC4/Samba

2006-02-23 Thread Ben

suppose you can use smbclient to connect the FC4 samba at localhost.

for selinux issue,
startx -> (run system-config-securitylevel in terminal) / (Desktop -> System 
Tools -> SecurityLevel)
-> SELinux Tab -> "Modify Policy" for Samba -> diable nmbd & smbd

for firewall issue,
add "137:udp 138:udp 139:tcp" to the firewall custom setting.

hope it may help.
:)


"Ed Babin" <[EMAIL PROTECTED]> 
???:[EMAIL PROTECTED]
> Can someone point me to a step-by-step on samba w/FC4?  Honestly, I'm only
> trying a basic share, no rocket science. I've already a samba server on 
> RH9
> with the same clients and users trying to access a share on FC4. Logs and
> testparm returns everything fine. Had SELINUX on and off. Cannot browse 
> even
> home directories.
>
> Thanks,
> exasperated
>
> -- 
> fedora-list mailing list
> [EMAIL PROTECTED]
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] setting acls from win XP clients

2006-01-13 Thread Ben

> > Actually, this is not a bug but a security measure I do believe.  Win2k and
> > WinXP will not connect to the same server multiple time using different user
> > logon information (actually, sorta pointless if you set up permissions
> > right).  Thus, if John Doe is logged in and Jane wants to reach personal
> > information in her home drive, then A) John Doe has to log out or B)
> > disconnect all drives to the server with the home shares on them, then map
> > her drive.

I could understand denying different simultaneous connections as a
security rule. But why can't Win XP use the same authentication info it
uses for samba shares to get the user list? I'm not trying to login with a
different username or anything.

Ben

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] setting acls from win XP clients

2006-01-12 Thread Ben

I have a samba server using ldap for authentication. All the client
machines are Win XP Pro machines. I am not using domain logons (although,
I tested them and samba is set up for them), but security=user. I have
acl's successfully working on the filesystem that samba is using. I want
to have users to be able to set the ACL permission of files / directories.
When a user tries to do this (from windows, right-click on a file, file
properties, security, add) XP asks them to log on to the workgroup to get
a list of valid users / groups / security principals. When I try to log in
(with valid or invalid username or password), I get an error stating that
"Multiple connections to a server or shared resource by the same user,
using more than one user name, are not allowed" I get this error even when
I haven't yet logged onto an samba shares.

My googling has only found this error in regard to server logons, not user
lists. On a suggestion there, I tried adding "map to guest = Never",
without success. Any ideas what I have set up wrong? I'm using debian
sarge, so samba 3.0.14a. Nothing (that I know of) on samba or Win XP is
setup much different from the default settings (except ldap on samba)

Thanks,


Ben
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] new oplocks

2005-12-28 Thread Ben Donnelly

I noticed that the Release Notes for Samba 3.0.21 say that the oplock 
implementation has been rewritten. And we seem to be having problems 
with some .exe files we are sharing out as read-only shares. The shares 
now only allow the first person to open the executable and run it. Other 
users time out with a memory address error. Do I need to specify some 
new oplock option for these shares now? I tried specifying *fake oplocks 
= yes* on the share, but it didn't fix it. The same configuration 
options allow multiple users on a server running 3.0.14



Here's my global locking options:

% testparm -v  | grep lock
[snip]

kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
lock directory = /var/lib/samba
block size = 1024
veto oplock files =
blocking locks = Yes
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Yes

And here's the  share defs on a problem share

[firefox]
comment = firefox web browser application for windows
path = /windowsbin/firefox
read only = yes
browseable = yes
guest ok = no
write list = root

thanks,
Ben Donnelly
Nicholas School
Duke University
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] pseudo domain login (fast user switch)

2005-12-28 Thread Ben

I've got a bunch of Win XP Pro machines, and I setup domain logins to the
samba server so I'd have roaming profiles, etc. Alas, I've now discovered
that windows doesn't let you use fast user switching when you do domain
logins.

I really want fast user switching -- is there a way to configure samba /
winXP to fake some the domain login features? I don't care about password
sync between local users and samba users. But I'd like to have, say,
thunderbird mail settings, firefox bookmarks and ideally desktop icons,
etc all stored on the samba server and available to a user once they
authenticate to the samba server (which may or may not be at login)
regardless of which WinXP box that are using.

Is this possible?

Ben
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] question on socket tuning on windows

2005-12-08 Thread Ben Greear


I have an app that I compile with mingw.  It uses 'write' to send chunks
of data to a file system in configurable sizes.

I notice that a windows drag-n-drop file copy of a 100MB file completes
about 3 times faster than I can write the same amount of data using my
app.  I have tried 2k, 4k, and 16k write sizes.

Should I try even larger write sizes and/or are there some sort of
ioctls or similar I can use to increase performance?

Thanks,
Ben

--
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Can't fetch domain SID for name: HostName

2005-09-13 Thread Ben


try to run "net getlocalsid" before the samba using "passdb backend =
ldap...".

I means run samba using "passdb backend = smbpasswd" & and run "net
getlocalsid" to obtain the SID for the host.
then run the samba using "passdb backend = ldap...".

Cheers,



"EMILIO ANTONIO HERRERA TRUJILLO" <[EMAIL PROTECTED]> ???
news:[EMAIL PROTECTED] ???...
>
> Hi there!!
>
> I got this message when I run net getlocalsid:
>
> Can't fetch domain SID for name: HostName
>
> I don't understand why?, because I have my ldap and smb services running
> well. I ran smbpasswd -w password. What does this message means?
>
> I have almost 10 users (of 550 aprox.) that can't login to the domain
> defined in smb.conf. And when I want to create a new one, I got this
> message:
>
> User SID already owned by
> uid=XXX,ou=Users,dc=domain,dc=com
>
> where XXX was the last one added to the openldap.
>
>
> Pls help !!!
>
> Saludos
>
> Emilio Herrera
> Lima -Perú
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba + OpenLDAP: LDAP server is running but could notrespond to a search request

2005-09-09 Thread Ben

Have you face the problem that the smbldap-adduser would not declare the new
user as "objectClass=sambaSamAccount".

I use smbldap-adduser & smbldap-passwd (smbldap-tools-0.9.1-1)
to add new user 'testuser1', and then use "Softerra (TM) LDAP Browser 2.6"
on Window client to browse the LDAP data. I found that the user 'testuser1'
is only declared as objectClass 'top,inetOrgPerson,posixAccount &
shadowAccount', but NOT 'sambaSamAccount'. The error 'no such object' may be
caused by the missing of declaration 'sambaSamAccount'.

"Beast" <[EMAIL PROTECTED]> ??? news:[EMAIL PROTECTED] ???...
> Steven Truong wrote:
> >
> > If you looked at the log, the second line where BIND dn="", I don't know
if
> > this is correct or an indication that something is missing.
>
> It means bind anonymously, make sure you give suficient raed access for
> anon user.
> What ldap * suffix in smb.conf? try searching from there, ie.
>
> ldapsearch -xLLL -b "dc=sample,dc=com" uid=testuser
>
>
> > However,
> > net groupmap list
> > [2005/09/09 04:39:30, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2763)
> > ldapsam_setsamgrent: LDAP search failed: No such object
> > [2005/09/09 04:39:30, 0]
passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2828)
> > ldapsam_enum_group_mapping: Unable to open passdb
>
> Did you already run net groupmap add?
>
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html
>
> -- 
>
> --beast
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Windows authentification

2005-08-25 Thread Ben Timby

I assume you want samba to act as a domain member server, thus allowing 
domain users to access file shares and printers using their domain 
credentials.


The following document can help you with this.

http://us5.samba.org/samba/docs/man/Samba-Guide/

I currently have the setup I described above, you need to compile samba 
with kerberos and ldap support, and use winbind to fetch account info 
from the domain controller(s).


Dennis Soltau (Listen) wrote:

Hello!

I want to set-up a Linux Server (SuSE9.3) with Samba 3.0.13. Because I have 
only a little expierience in Samba I have a question:
Is it possible to let Samba act as an domain server for the Windows clients? 
If so, where can I download an HowTo or any other documentation.


Kind Regards,
Dennis

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] File change notification.

2005-08-24 Thread Ben Timby


Regarding the following thread.

http://lists.samba.org/archive/samba-technical/2005-March/040075.html

Does anyone know where to obtain the patch, it appears to be truncated 
in the mail archive. I am having the same problem, Windows 2003 + IIS6 
is not updating cached ASP and ASP.NET pages. I see that Samba replies 
to all file change notification requests with 0x010C 
(STATUS_NOTIFY_ENUM_DIR), however IIS does not seem to respect this 
response.


Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] winbind lookup errors

2005-07-22 Thread Vaughan, Ben R [ECSS]

I'm going to follow-up to my own post...

Using a W2k Server, SP4 *NOT* post SP4 Rollup 1 as the password server,
Samba will behave as it should.  Using a 2k3sp1 or 2ksp4+r1 machine as
the password server, Samba misbehaves.

I saw some traffic on the list a few weeks back that talked about
something very similar to this.  I didn't see any resolution (other than
"don't install rollup 1").

What is the status of this situation?

Thanks,

Ben Vaughan

Engineering Computing Support Services
CLUE Network Admin
2240 Hoover Hall
515 294 1629
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Vaughan, Ben
R
> [ECSS]
> Sent: Friday, July 22, 2005 8:39 AM
> To: samba@lists.samba.org
> Subject: [Samba] winbind lookup errors
> 
> Hello Samba folks,
> 
> I have recently begun seeing some disturbing behavior from winbind.
> Winbind will fail to look up users and groups.  Examples:
> 
> The machine is configured to use winbind as a nss module.
> 
> "getent passwd " will yield no results.
> 
> "wbinfo -n " will yield "Could not lookup name "
> 
> "wbinfo -g" works... all of the domain groups are dumped
> 
> "wbinfo -u" works.
> 
> "wbinfo -t" says everything is ok.
> 
> "net ads testjoin" says everything is ok.
> 
> I have turned off winbind caching (by adding the -n flag) and have set
> "winbind cache time = 0" in smb.conf in an attempt to remove caching
as
> a culprit.
> 
> Any help would be greatly appreciated.  This problem is affecting
quite
> a few of my servers (around a dozen).
> 
> Interesting data is included below.
> 
> Thanks,
> 
> Ben Vaughan
> College of Engineering
> Iowa State University
> 
> Here is a log level 10 dump from winbind.log after running "wbinfo -n
> benvon" (my username):
> 
> [2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603)
>   accepted socket 19
> [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
>   process_request: request fn INTERFACE_VERSION
> [2005/07/22 08:33:19, 3]
> nsswitch/winbindd_misc.c:winbindd_interface_version(460)
>   [0]: request interface version
> [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
>   process_request: request fn WINBINDD_PRIV_PIPE_DIR
> [2005/07/22 08:33:19, 3]
> nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
>   [0]: request location of privileged pipe
> [2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603)
>   accepted socket 21
> [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
>   process_request: request fn INFO
> [2005/07/22 08:33:19, 3] nsswitch/winbindd_misc.c:winbindd_info(448)
>   [0]: request misc info
> [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
>   process_request: request fn DOMAIN_NAME
> [2005/07/22 08:33:19, 3]
> nsswitch/winbindd_misc.c:winbindd_domain_name(470)
>   [0]: request domain name
> [2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
>   process_request: request fn LOOKUPNAME
> [2005/07/22 08:33:19, 3]
> nsswitch/winbindd_sid.c:winbindd_lookupname(103)
>   [0]: lookupname ENGR\benvon
> [2005/07/22 08:33:19, 5]
nsswitch/winbindd_async.c:lookupname_recv(627)
>   lookup_name returned an error
> [2005/07/22 08:33:19, 5] nsswitch/winbindd_sid.c:lookupname_recv(116)
>   lookupname returned an error
> 
> 
> And a log level 10 dump from winbind.log after running "wbinfo -r
> benvon"
> 
> [2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603)
>   accepted socket 19
> [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
>   process_request: request fn INTERFACE_VERSION
> [2005/07/22 08:34:12, 3]
> nsswitch/winbindd_misc.c:winbindd_interface_version(460)
>   [0]: request interface version
> [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
>   process_request: request fn WINBINDD_PRIV_PIPE_DIR
> [2005/07/22 08:34:12, 3]
> nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
>   [0]: request location of privileged pipe
> [2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603)
>   accepted socket 21
> [2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
>   process_request: request fn GETGROUPS
> [2005/07/22 08:34:12, 3]
> nsswitch/winbindd_group.c:winbindd_getgroups(916)
>   [0]: getgroups benvon
> [2005/07/22 08:34:12, 7]
> nsswitch/winbindd_group.c:winbindd_getgroups(952)
>   winbindd_getpwnam: My domain -- rejecting getgroups() for
ENGR\benvon.
> 
> 
> 
> Here is my smb.conf:
> 
> [global]
>

[Samba] winbind lookup errors

2005-07-22 Thread Vaughan, Ben R [ECSS]

Hello Samba folks,

I have recently begun seeing some disturbing behavior from winbind.
Winbind will fail to look up users and groups.  Examples:

The machine is configured to use winbind as a nss module.

"getent passwd " will yield no results.

"wbinfo -n " will yield "Could not lookup name "

"wbinfo -g" works... all of the domain groups are dumped

"wbinfo -u" works.

"wbinfo -t" says everything is ok.

"net ads testjoin" says everything is ok.

I have turned off winbind caching (by adding the -n flag) and have set
"winbind cache time = 0" in smb.conf in an attempt to remove caching as
a culprit.  

Any help would be greatly appreciated.  This problem is affecting quite
a few of my servers (around a dozen).  

Interesting data is included below.

Thanks,

Ben Vaughan
College of Engineering
Iowa State University

Here is a log level 10 dump from winbind.log after running "wbinfo -n
benvon" (my username):

[2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603)
  accepted socket 19
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn INTERFACE_VERSION
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
  [0]: request interface version
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
  [0]: request location of privileged pipe
[2005/07/22 08:33:19, 6] nsswitch/winbindd.c:new_connection(603)
  accepted socket 21
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn INFO
[2005/07/22 08:33:19, 3] nsswitch/winbindd_misc.c:winbindd_info(448)
  [0]: request misc info
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn DOMAIN_NAME
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_misc.c:winbindd_domain_name(470)
  [0]: request domain name
[2005/07/22 08:33:19, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn LOOKUPNAME
[2005/07/22 08:33:19, 3]
nsswitch/winbindd_sid.c:winbindd_lookupname(103)
  [0]: lookupname ENGR\benvon
[2005/07/22 08:33:19, 5] nsswitch/winbindd_async.c:lookupname_recv(627)
  lookup_name returned an error
[2005/07/22 08:33:19, 5] nsswitch/winbindd_sid.c:lookupname_recv(116)
  lookupname returned an error


And a log level 10 dump from winbind.log after running "wbinfo -r
benvon"

[2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603)
  accepted socket 19
[2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn INTERFACE_VERSION
[2005/07/22 08:34:12, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
  [0]: request interface version
[2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/07/22 08:34:12, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
  [0]: request location of privileged pipe
[2005/07/22 08:34:12, 6] nsswitch/winbindd.c:new_connection(603)
  accepted socket 21
[2005/07/22 08:34:12, 10] nsswitch/winbindd.c:process_request(332)
  process_request: request fn GETGROUPS
[2005/07/22 08:34:12, 3]
nsswitch/winbindd_group.c:winbindd_getgroups(916)
  [0]: getgroups benvon
[2005/07/22 08:34:12, 7]
nsswitch/winbindd_group.c:winbindd_getgroups(952)
  winbindd_getpwnam: My domain -- rejecting getgroups() for ENGR\benvon.



Here is my smb.conf:

[global]
#unix charset = UTF8
workgroup = ENGR
realm = ENGR.super.secret
server string = Samba 3 server
security = ADS
#password server = domain.controller.example
username map = /etc/samba/smbusers
guest ok = no
log file = /var/log/samba/%m.log
max log size = 50
log level = 1


socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = xxx, yyy
idmap uid = 10-20
idmap gid = 10-20
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
winbind trusted domains only = yes
winbind cache time = 0
wins support = no

map hidden = no
map archive = no
map system = no

# we had to do this... hope it helps. Don't confuse this with
file locking
# this turns off file caching on the client.
oplocks = no




Engineering Computing Support Services
CLUE Network Admin
2240 Hoover Hall
515 294 1629
[EMAIL PROTECTED]
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Delete user from winbind db.

2005-06-14 Thread Ben Timby

OK, I added an account to my Windows domain, then later deleted that 
account.


hebe bin # wbinfo -u
...
PROD+site2
...

Still shows this user, how can I delete it from the winbind database?

I tried:

hebe bin # wbinfo -x site2
Could not delete user account

and

hebe bin # wbinfo -x PROD+site2
Could not delete user account

Any ideas?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Add user to winbind db.

2005-06-14 Thread Ben Timby

OK, I just added a user to my Windows domain. I would like to add acls 
for this user on my samba server using setfacl. Thus I need the UID this 
user will map to.


hebe bin # id PROD+site0002
id: PROD+site0002: No such user

I understand that when the user attempts to access the share, winbind 
will perform the mapping to the next available UID in my configured 
range. However, I would like to know if there is a command that can 
force this to occur immediately.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smb an NFS dir?

2005-05-26 Thread Ben Ransom

Both NFS server and SMB servers are RHEL 3, and yes, I'm running 
nfslock.  These are not LDAP or Winbind -- just using same usernames on 
both Win and Unix.  My Samba is 3.0.9.


I couldn't get any improvement with the nfs mount options you suggested -- 
thanks tho.  However, I found a solution in specifying 'posix locking = no' 
in smb.conf (for the nfs mounted share, not global).  With this, smb 
clients now connect fine to shares of NFS mounted file systems.  I have not 
looked fully into other possible side effects of using this parameter (my 
disclaimer :)  ).

-Ben Ransom


At 08:25 AM 5/25/2005 -0400, Tobias Bluhm wrote:

What sort of box is your NFS server? If it's also RH or other Linux/Unix,
could put samba on the NFS box and use msdfs on the main smb server to
point to the NFS shares. You will cut down on network traffic as the data
will now only make one trip.

Or perhaps you need to tweak your nfs mount options. These are the nfs
options I had used for smb re-sharing of nfs:

from Tru64, RH9 and NetApp NFS servers -
rw,hard,bg,rsize=8192,wsize=8192,sync,noac
from WhiteBox EL 3 NFS server -
rw,hard,bg,rsize=8192,wsize=8192,proto=udp,vers=3

All NFS servers used default export options. WBEL defaults to sync export.
At one time long ago I had experimented with larger values for rsize &
wsize, but saw no increase in performance.


-
toby bluhm
philips medical systems, cleveland ohio
[EMAIL PROTECTED]
440-483-5323









Ben Ransom <[EMAIL PROTECTED]>
Sent by:
[EMAIL PROTECTED]
05/24/2005 06:04 PM

To: samba@lists.samba.org
cc: (bcc: Tobias Bluhm/CLE/MS/PHILIPS)
Subject:[Samba] smb an NFS dir?
Classification:




I have /home nfs mounted from a NFS server to /home on a SMB server.  Can
I
make %H shares available from the SMB server?  Or, more specifically, I
used to be able to with earlier versions of Linux and Samba, but have
problems now after upgrading to RHEL 3 and Samba 3.0.  From the windows
client, I can 'net use' the home share fine, but then cannot read or write

anything below that top level home/user directory.  I get Oplock errors.

If I change the user's dir to something non-nfs, everything works fine

Any help would be most appreciated,
-Ben

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Linux 2.4.29 w/ acl, joining domain, all system memory used up?!

2005-05-25 Thread Ben Timby

I have Gentoo with 2.4.29 kernel installed on a 1.0Ghz Celeron. I 
patched the kernel for extended attributes and acl support. I compiled 
samba with acl, kerberos and ldap support. I am now trying to join my 
Windows 2000 domain.


--
smb.conf (cleansed):
[global]
realm = SOMEDOMAIN
workgroup = SOMEDOMAIN
security = domain
password server = 00.00.00.00
security = ADS
encrypt passwords = yes
winbind uid = 1-65000
winbind gid = 1-65000
winbind enum users = yes
winbind enum groups = yes

[vwww]
comment = My Comment Here
path = /somefolder
public = no
writable = yes
create mask = 0700
directory mask = 0700
directory security mask = 0700
admin users = PROD\
--

I issed the following command, with these results:

--
hebe root # net ads join -U btimby
btimby's password:
Killed
--

And in my syslog:

--
hebe root # tail -n 2 /var/log/messages
May 25 08:39:58 hebe __alloc_pages: 0-order allocation failed (gfp=0x1d2/0)
May 25 08:39:59 hebe VM: killing process net
--

Funny that it seems ALL my memory gets used up!

before:
--
hebe root # vmstat -s
   256812  total memory
27520  used memory
 2192  active memory
 5624  inactive memory
   229292  free memory
  700  buffer memory
 5488  swap cache
  1028128  total swap
 4304  used swap
  1023824  free swap
   414645 non-nice user cpu ticks
0 nice user cpu ticks
   113415 system cpu ticks
  7609360 idle cpu ticks
0 IO-wait cpu ticks
0 IRQ cpu ticks
0 softirq cpu ticks
   351571 pages paged in
  5751832 pages paged out
 3576 pages swapped in
  1283260 pages swapped out
  8515319 interrupts

--

during/after:
--
hebe root # vmstat -s
   256812  total memory
   253404  used memory
  484  active memory
 2428  inactive memory
 3408  free memory
  264  buffer memory
 1328  swap cache
  1028128  total swap
   921176  used swap
   106952  free swap
   416043 non-nice user cpu ticks
0 nice user cpu ticks
   114325 system cpu ticks
  7612061 idle cpu ticks
0 IO-wait cpu ticks
0 IRQ cpu ticks
0 softirq cpu ticks
   380787 pages paged in
  6669008 pages paged out
 4294 pages swapped in
  1512549 pages swapped out
  8538630 interrupts
--

Any ideas?

Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: sharing NFS mounts

2005-05-25 Thread Ben Ransom

True, would be good to share both SMB and NFS from the same 
server.  However, there is a possible reason to use SMB from NFS client 
mount point:  Win clients cannot mount SMB shares of two different user 
names on the same box.  I.E., from a Win box I cannot do:

net use \\serverA\home /user:Adomain\john
net use \\serverA\lab/user:Adomain\labmanager

In my case, 'home' and 'lab' files were historically in different Win 
domains anyway, so I moved on to a work-around to the above, where I NFS 
mount the 'lab' files from serverA in Adomain to server B in a different 
domain, and I can do:

net use \\serverA\home /user:Adomain\john
net use \\serverB\lab  /user:Bdomain\labmanager

I have a small subset of users in both A Bdomain, so the accounts 
management is not too cumbersome.  Perhaps there are more elegant solutions 
though, serving all from the same SMB+NFS box.


Will look at some of the suggestions as to how to get SMB from NFS mount to 
work again now with Samba 3

-Ben Ransom



I think you should have your Samba daemon running on the same machine as
the NFS daemon. If you do it the other way, then you have two different
points of latency for file retrieval for the Samba downloads.
Furthermore, what will happen if you have to take down either Samba or
NFS for maintenance?  This way they need not both be down.

For larger systems you might consider having an SCSI hard drive with two
ports so that you can access it from two different machine's busses.
One machine could run Samba and the other NFS.  For even larger storage
solutions, think "Network Attached Storage" with a gigabit or fiber
backbone and possibly Balancing Domain Controllers.


Jim C.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFClALrB4AhF6wVFMERAghWAKCBLIjWP3aNCGQ2PueV29QB/Lnx7ACfS2dn
kGSrYgOljPo03YYPo2BhtME=
=JG87
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smb an NFS dir?

2005-05-24 Thread Ben Ransom

I have /home nfs mounted from a NFS server to /home on a SMB server.  Can I 
make %H shares available from the SMB server?  Or, more specifically, I 
used to be able to with earlier versions of Linux and Samba, but have 
problems now after upgrading to RHEL 3 and Samba 3.0.  From the windows 
client, I can 'net use' the home share fine, but then cannot read or write 
anything below that top level home/user directory.  I get Oplock errors.


If I change the user's dir to something non-nfs, everything works fine

Any help would be most appreciated,
-Ben 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smb an NFS dir?

2005-05-24 Thread Ben Ransom

I have /home nfs mounted from a NFS server to /home on a SMB server.  Can I 
make %H shares available from the SMB server?  Or, more specifically, I 
used to be able to with earlier versions of Linux and Samba, but have 
problems now after upgrading to RHEL 3 and Samba 3.0.  From the windows 
client, I can 'net use' the home share fine, but then cannot read or write 
anything below that top level home/user directory.  I get Oplock errors.


If I change the user's dir to something non-nfs, everything works fine

Any help would be most appreciated,
-Ben

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [revised] bad file number / dlopen failure (fwd)

2005-04-28 Thread Ben Kim


I found errors in my previous post. The
/usr/lib/security/pam_winbind.so_042605
should all read  /samba/source/nsswitch/pam_winbind.so. 

I also found that if I run an old binary (sshd 3.6.1p1), this problem goes
away. 

So a temporary fix for me is to use the old version, but it's not what I
can live with.

If there's anyone who runs sshd for windows users and is willing,
I'd like to hear about his/her experience.

==
READ AS:
Apr 28 08:43:58 bkim sshd[7609]: [ID 305314 local3.debug] load_modules:
/samba/source/nsswitch/pam_winbind.so
...





Thanks.


Ben Kim
Developer
College of Education 
Texas A&M University






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [help!] bad file number / dlopen failure

2005-04-28 Thread Ben Kim

Dear list,

I'd appreciate some input from experts. I'm on Solaris 8, openssh 3.9p1,
openssl 0.9.7e, samba 2.2.9.

I'm using winbind so Windows users can use UNIX services. Pop, telnet, ftp
work with both windows and unix passwords OK, but I have a problem with
ssh.

Ssh accepts unix password, but not windows password. 

I'm trying to do password authentication, but it fails with this.
(with no UsePAM line)

Apr 28 12:49:58 bkim sshd[25576]: [ID 800047 local3.info] Failed password
for bkim from 127.0.0.1 port 35721 ssh2

If I add "UsePAM yes",

Apr 28 08:43:58 bkim sshd[7609]: [ID 305314 local3.debug] load_modules:
/usr/lib/security/pam_winbind.so_042605
Apr 28 08:43:58 bkim sshd[7609]: [ID 401707 local3.debug] open_module:
/usr/lib/security/pam_winbind.so_042605 failed: Bad file number
Apr 28 08:43:58 bkim sshd[7609]: [ID 487707 local3.error] load_modules:
can not open module /usr/lib/security/pam_winbind.so_042605
Apr 28 08:43:58 bkim sshd[7609]: [ID 585537 local3.debug]
pam_authenticate: load_modules failed
Apr 28 08:43:58 bkim sshd[7609]: [ID 800047 local3.debug] debug1: PAM:
password authentication failed for bkim: Dlopen failure

I'm guessing the load_modules and open_module messages come from ld.so.1.
This seems a problem with library. Since other services have no problem, I
think this might be a problem with compiling ssh, so I recompiled openssl
(0.9.7e), openssh and samba 2.2.9, with no joy.

I wanted to know if someone can point to me where to look at.

Here is my configurations.

pam.conf

sshdauthsufficient /samba/source/nsswitch/pam_winbind.so debug
sshdauth requisite  pam_authtok_get.so.1
sshdauth required   pam_dhkeys.so.1
sshdauth required/usr/lib/security/$ISA/pam_unix.so.1 use_first_pass
sshdaccount sufficient  /samba/source/nsswitch/pam_winbind.so
sshdaccount requisite   pam_roles.so.1
sshdaccount required/usr/lib/security/$ISA/pam_unix.so.1
sshdsession sufficient  /samba/source/nsswitch/pam_winbind.so
sshdsession required/usr/lib/security/$ISA/pam_unix.so.1

# cat ~bkim/openssh-3.9p1-configure-options.txt
./configure \
  --with-pam  \
  --with-ssl-dir=/usr/local/ssl \
  --with-privsep-user=sshd \
  --with-xauth=/usr/X/bin/xauth \
  --with-mantype=man \
  --with-md5-passwords

# cat ~bkim/samba-2.2.9-configure-options.txt
./configure \
--with-winbind \
--with-winbind-auth-challenge \
--with-pam   \
--with-pam_smbpass \
--with-smbwrapper \
--enable-debug \
--with-libsmbclient\
--with-ssl 



I'd appreciate any clue.

Thanks.


Ben Kim
Developer
College of Education 
Texas A&M University





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] WU-FTPD and pam_winbind

2005-04-22 Thread Ben Kim

Hi, 
I'm writing regarding your post to samba list on 1/31/2005. 
http://lists.samba.org/archive/samba/2005-January/099486.html
 
I have the same problem, and I wondered if you solved the problem. Would you 
mind sharing your experiences?
 
Regards,


Ben Kim
Database Developer
Dean's Office
College of Education and Human Development
Phone: 979-458-3677
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can't log in, but logs say auth succeeded?

2005-04-10 Thread Ben Davis

*sigh*  I hate it when I finally answer my own question _right_ after 
posting to the list...   I figured out that the reason I was getting 
this error was because my SIDs for my users did not contain the value 
of  "net getlocalsid".. must have been an old SID.  Is there an easy way 
to update the SIDs of all my users? maybe I'll just write a script...   
Anyways, it works now :-)   now onto the more complex stuff :-P

Ben Davis wrote:
I've just gotten my first machine to join the domain, and now I'm 
trying to log in as a normal user.  I get this error in windows "The 
system could not log you on. Make sure your username and password are 
correct (bla bla...)".  However, when I check the log for that machine 
it says at the end that authentication succeeded?

/var/log/samba/log.melisa:  (log level=2, debug timestamp=no)
netsec_decode: FAILED: packet sequence number:
[000] 7D AD 7D F4 29 CE 7C D4   }.}.).|.
should be:
[000] 00 00 00 00 80 00 00 00   
smbldap_open_connection: connection opened
init_sam_from_ldap: Entry found for user: melisa$
init_sam_from_ldap: Entry found for user: bdavis
init_group_from_ldap: Entry found for group: 512
init_group_from_ldap: Entry found for group: 0
init_group_from_ldap: Entry found for group: 100
check_ntlm_password:  authentication for user [bdavis] -> [bdavis] -> 
[bdavis] succeeded

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Can't log in, but logs say auth succeeded?

2005-04-10 Thread Ben Davis

I've just gotten my first machine to join the domain, and now I'm trying 
to log in as a normal user.  I get this error in windows "The system 
could not log you on. Make sure your username and password are correct 
(bla bla...)".  However, when I check the log for that machine it says 
at the end that authentication succeeded?

/var/log/samba/log.melisa:  (log level=2, debug timestamp=no)
netsec_decode: FAILED: packet sequence number:
[000] 7D AD 7D F4 29 CE 7C D4   }.}.).|.
should be:
[000] 00 00 00 00 80 00 00 00   
smbldap_open_connection: connection opened
init_sam_from_ldap: Entry found for user: melisa$
init_sam_from_ldap: Entry found for user: bdavis
init_group_from_ldap: Entry found for group: 512
init_group_from_ldap: Entry found for group: 0
init_group_from_ldap: Entry found for group: 100
check_ntlm_password:  authentication for user [bdavis] -> [bdavis] -> 
[bdavis] succeeded

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Samba binding anonymously (was: Re: [Samba] smbldap-tools not playing nice w/ samba ?)

2005-04-08 Thread Ben Davis

After looking at this further,  I realized I had only grepped the log 
for the last connection that I saw.  What happened was samba opened up a 
connection (conn=20538),  and  after that a new  connection (conn=20539) 
was opened up,  the conn=20539 connection was the one that _added_ the 
machine account...  and it looks like samba did some further operations 
on the 20538 connection,  the last of which is a search for the machine 
user.  So, Tony,  I stand corrected!   

I discovered that the reason this search failed is because samba was 
binding anonymously on the 20538 connection, and my ACLs are set up to 
deny  access for anonymous binds.  My conf file is set up to bind with 
the cn=Manager dn.  Why would Samba ever bind to ldap anonymously?

Tony Earnshaw wrote:
tor, 07.04.2005 kl. 20.10 skrev Ben Davis:
 

I tried this and it still did not work.  The problem as far as I can 
tell is that samba is not even attempting to search for the user after 
it adds it.  The very last operations in my slapd.log after the error 
occured,  were:
   

This is not so:
 

conn=20539 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=melisa$))"
   

This is a search, scope sub, for
(&(objectClass=posixAccount)(uid=melisa$))
 

conn=20539 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=20539 op=2 SRCH 
   

This is the log entry that says that no object is found. I.e., there is
either no combination of objectClass=posixAccount and uid=melisa$, or
the LDAP ACL prohibits it being read.
Do a search with 'ldapsearch -x' and the same filter. If it doesn't
return anything, the object probably doesn't exist. Don't get led astray
by nss, it's not used here.
The samba ldapsam backend and tools (not idealx) are first class and
brilliantly written.
--Tonni
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-tools not playing nice w/ samba ?

2005-04-08 Thread Ben Davis

Tony Earnshaw wrote:
tor, 07.04.2005 kl. 20.10 skrev Ben Davis:
 

I tried this and it still did not work.  The problem as far as I can 
tell is that samba is not even attempting to search for the user after 
it adds it.  The very last operations in my slapd.log after the error 
occured,  were:
   

This is not so:
onn=20539 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=melisa$))"
   

This is a search, scope sub, for
(&(objectClass=posixAccount)(uid=melisa$))
onn=20539 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=20539 op=2 SRCH 
   

This is the log entry that says that no object is found. I.e., there is
either no combination of objectClass=posixAccount and uid=melisa$, or
the LDAP ACL prohibits it being read.
 

Right,  but that is only the FIRST operation for that connection. Read 
that log again. The LAST operation is where it adds the entry.  
Therefore it is my understanding that samba (or the idealx script) is 
searching for the entry which doesn't exist (as expected, because this 
is the first time the machine has joined) and then adding it...   My 
point was that the very LAST thing that happened is the machine user 
gets added, and then nothing else (so searches or anything) happens 
after that.

My question is why isn't samba doing anything _after_ the user gets 
added to LDAP?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-tools not playing nice w/ samba ?

2005-04-07 Thread Ben Davis

I tried this and it still did not work.  The problem as far as I can 
tell is that samba is not even attempting to search for the user after 
it adds it.  The very last operations in my slapd.log after the error 
occured,  were:

conn=20539 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=melisa$))"
conn=20539 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=20539 op=2 SRCH 
base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
filter="(objectClass=sambaUnixIdPool)"
conn=20539 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=20539 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=20539 op=3 MOD attr=uidNumber
conn=20539 op=3 RESULT tag=103 err=0 text=
conn=20539 op=3 RESULT tag=103 err=0 text=
conn=20539 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(uidNumber=1109)"
conn=20539 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=20539 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=20539 op=5 RESULT tag=105 err=0 text=
conn=20539 op=5 RESULT tag=105 err=0 text=
conn=20539 op=6 UNBIND
conn=20539 fd=32 closed

So, according to this,  samba searches for the machine,  and when it 
doesn't find it, it adds the machine successfully to the LDAP 
directory,  and that is the last thing that happens.

Any idea what's going on?

Joaquin Villanueva wrote:
I had the same problem here. The change you've made was the same. 
Going up to the root level of LDAP and set a sub search. No way. The 
solution was to put TWO nss_base_passwd lines:

nss_base_passwd ou=Users,dc=liga-acb,dc=es?one
nss_base_passwd ou=Computers,dc=liga-acb,dc=es?one
Try it and let me know...
Ben Davis wrote:
Joaquin wrote:
Ben Davis wrote:
Please help!
I'm having a difficult time getting a machine to join my domin.  
Samba sucessfully adds the machine account using the 
smbldap-useradd -w script,  but I get the error "The user name 
could not be found".

Here's what it looks like it's doing in the ldap logs:  1. There's 
a login as cn=Manager, which searches for the root account, and 
then for a bunch of gidNumbers.  It then searches for the machine$ 
with a sambaSamAccount objectclass, and exits.

2. It then reconnects anonymously and searches for machine$ and 
MACHINE$ twice (no results).
3. After that it connects again as cn=Manager and and searches for 
the machine$ under posixAccount (still no restuls).  It then 
finally adds the entry for machine$  but without the 
sambaSamAccount objectclass.

After that there are no more LDAP queries.   What could be causing 
the error I'm getting?

If you have a Machines= suffix different as the Users= suffix, the 
problem is in the ldap.conf settings. Nothing to do with the 
smbldap-tools. The smbldap-tools creates only a posix entry in the 
Machines tree, leaving to samba the addition of the SambaSamAccount 
class to the machine entry. The problem is that Samba relies in the 
ldap.conf config to search for the machine account. Usually, you 
have only a search here for the users account. The trick is to add a 
second nss_base_password line pinting to the machines tree of LDAP. 
And then works.

Yeah,  I read about that earlier and changed my  nss_base_password 
line to read:

nss_base_passwd   dc=pca-wichita,dc=com?sub
(that is my base dn).  The problem is that in the slapd logs,  the 
LAST thing happens before I get the error is samba ADDS the posix 
machine account.  It does nothing after that. Here's the slapd log of 
all operations of the last connection before the error occurs:

conn=9996 fd=18 ACCEPT from IP=127.0.0.1:52517 (IP=0.0.0.0:389)
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" method=128
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" mech=SIMPLE 
ssf=0
conn=9996 op=0 RESULT tag=97 err=0 text=
conn=9996 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=melisa$))"
conn=9996 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=2 SRCH 
base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
filter="(objectClass=sambaUnixIdPool)"
conn=9996 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=9996 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=9996 op=3 MOD attr=uidNumber
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(uidNumber=1108)"
conn=9996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=6 UNBIND
conn=9996 fd=18 closed

As soon as it ADDs the machine account,  it doesn't try to modify 
it's objectClass, or anything like that. What's going on here?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap-tools not playing nice w/ samba ?

2005-04-07 Thread Ben Davis

Joaquin wrote:
Ben Davis wrote:
Please help!
I'm having a difficult time getting a machine to join my domin.  
Samba sucessfully adds the machine account using the smbldap-useradd 
-w script,  but I get the error "The user name could not be found".

Here's what it looks like it's doing in the ldap logs:  1. There's a 
login as cn=Manager, which searches for the root account, and then 
for a bunch of gidNumbers.  It then searches for the machine$ with a 
sambaSamAccount objectclass, and exits.

2. It then reconnects anonymously and searches for machine$ and 
MACHINE$ twice (no results).
3. After that it connects again as cn=Manager and and searches for 
the machine$ under posixAccount (still no restuls).  It then finally 
adds the entry for machine$  but without the sambaSamAccount 
objectclass.

After that there are no more LDAP queries.   What could be causing 
the error I'm getting?

If you have a Machines= suffix different as the Users= suffix, the 
problem is in the ldap.conf settings. Nothing to do with the 
smbldap-tools. The smbldap-tools creates only a posix entry in the 
Machines tree, leaving to samba the addition of the SambaSamAccount 
class to the machine entry. The problem is that Samba relies in the 
ldap.conf config to search for the machine account. Usually, you have 
only a search here for the users account. The trick is to add a second 
nss_base_password line pinting to the machines tree of LDAP. And then 
works.

Yeah,  I read about that earlier and changed my  nss_base_password line 
to read:

nss_base_passwd   dc=pca-wichita,dc=com?sub
(that is my base dn).  The problem is that in the slapd logs,  the LAST 
thing happens before I get the error is samba ADDS the posix machine 
account.  It does nothing after that. Here's the slapd log of all 
operations of the last connection before the error occurs:

conn=9996 fd=18 ACCEPT from IP=127.0.0.1:52517 (IP=0.0.0.0:389)
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" method=128
conn=9996 op=0 BIND dn="cn=Manager,dc=pca-wichita,dc=com" mech=SIMPLE ssf=0
conn=9996 op=0 RESULT tag=97 err=0 text=
conn=9996 op=1 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(objectClass=posixAccount)(uid=melisa$))"
conn=9996 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=2 SRCH 
base="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com" scope=0 
filter="(objectClass=sambaUnixIdPool)"
conn=9996 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=9996 op=3 MOD dn="sambaDomainName=PCA-USERS,dc=pca-wichita,dc=com"
conn=9996 op=3 MOD attr=uidNumber
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=3 RESULT tag=103 err=0 text=
conn=9996 op=4 SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(uidNumber=1108)"
conn=9996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=9996 op=5 ADD dn="uid=melisa$,ou=Computers,dc=pca-wichita,dc=com"
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=5 RESULT tag=105 err=0 text=
conn=9996 op=6 UNBIND
conn=9996 fd=18 closed

As soon as it ADDs the machine account,  it doesn't try to modify it's 
objectClass, or anything like that. What's going on here?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbldap-tools not playing nice w/ samba ?

2005-04-06 Thread Ben Davis

Please help!
I'm having a difficult time getting a machine to join my domin.  Samba 
sucessfully adds the machine account using the smbldap-useradd -w 
script,  but I get the error "The user name could not be found".

Here's what it looks like it's doing in the ldap logs:   

1. There's a login as cn=Manager, which searches for the root account, 
and then for a bunch of gidNumbers.  It then searches for the machine$ 
with a sambaSamAccount objectclass, and exits.

2. It then reconnects anonymously and searches for machine$ and MACHINE$ 
twice (no results). 

3. After that it connects again as cn=Manager and and searches for the 
machine$ under posixAccount (still no restuls).  It then finally adds 
the entry for machine$  but without the sambaSamAccount objectclass.

After that there are no more LDAP queries.   What could be causing the 
error I'm getting?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: MYSQL - Was Functional till Update to 3.13

2005-04-06 Thread Ben Gaide

Did you make the posix users aswell ?? (with a script?)  -- POSIX not 
familiar with that, but Yes the users have valid linux accounts, I have 
reverted back to 3.10 and samba once again adds users.

I didnt try to comment out foo:domain column = 'DOMAIN' because I 
reverted before I received your last message. I know that samba was able 
to read and insert the sql (permission wise) because I did check useing 
the samba_sql_user with samba_sql_password. I also know this because the 
samba password file, which is the only backup login method, did not 
contain anyone but administrator; yet people who already had accounts 
were able to login and there profile loaded etc.

Also, users that I added BY HAND to the Sql database worked just fine.
Does Anyone know if the SMB.conf requires changes with 3.13 so that 
samba will insert the data for the following fields. Is is possible that 
samba is trying to change the type versus what used to be there? Ie # 
instead of V char etc.

 usernamedomainnt_usernament_fullnamehome_dir
dir_drive 

Note that there were no other changes to the system nor any changes to 
the smb.conf besides compileing samba 3.10 to make the system work again.

System:
Gentoo Linux
   x86 Core
   Kernel 2.6.10
   Samba Configured as PDC, Mysql passdb
   Mysql on same physical machine. Accepts local host connections 
useing samba sql_username/pass

Collen wrote:
Hmm, You don't miss mutch.. straingely you miss a username aswell in 
the  DB!

Did you make the posix users aswell ?? (with a script?)
try to comment 'foo:domain column = 'DOMAIN' ' out, and try again
also try to connect to the databse with a mysql-client, to see if that 
part works.!
use the exact same settings you use with samba!
(user, ip, pass)
and try to update a record, ea. username ?
if that part works (the mysqlclient), you know that the problem is 
something else.

my guesses is that it's a matter of eliminating possebilety's..
Collen.
Ben Gaide wrote:
Samba is Connecting and Inserting 1 Row, but It only sets 2 colums. 
NT Password and Lanman Password, The other colums Stay as Default.

For Insance. For the Attached log file I started Samba
As Root Did
smbpasswd -a username
password
password
Stop Samba
The mysql Database has the following new row
Row Headers
logon_timelogoff_timekickoff_timepass_last_set_time
pass_can_change_timepass_must_change_timeusername
domainnt_usernament_fullnamehome_dirdir_drive
logon_scriptprofile_pathacct_descworkstations
unknown_strmunged_dialuidgiduser_sidgroup_sid
lm_pwnt_pwacct_ctrlunknown_3logon_divs
hours_lenunknown_5unknown_6bad_password_countlogon_count

Values
NULL  NULL  NULL  1112742397  1112742397  
2147483647  NULL  FIJINET  NULL  NULL  NULL  
NULL  NULL  NULL  NULL  NULL  NULL  NULL  
75  NULL  NULL  NULL  
AAA8B176C3D8E3DEAAD3AA35B51404EE 
AAA899154197E8AAA33121D76A240AB5  16  NULL  NULL  
NULL  NULL  NULL  NULL  NULL

Collen wrote:
No errors in the log ???
try setting the debug level a little higher.. (2 - 5)
if samba can't connect to the db, it will show's up.
you could also try to login with a mysql client, with the same
settings of your samba config, to see if that part is right.
dunno how you configed the mysql-server, sometimes people
set it to only connect to the localhost (127.0.0.1)
or disable localhost, and make it use the network IP.
just be sure, that the settings you use within samba also work with 
the mysql-client.

but in both cases you should see debug info in the samba log's
(like can't connect to the passwd-backend mysql, or something like 
that)

Laterz
Collen.
Ben Gaide wrote:
I didnt change anything else excludeing printer settings which when 
I reverted to the old config file still made no difference. I can 
add foo:mysql host = xxx.xxx.xxx.xxx, but I understand it deafults 
to local host and it is clear to see that it does actually connect 
and insert the correct lanman password. It even will change the 
password of people that were added before the update properly.

Log file lists No errors and I could not find any useful info. I 
will stop samba, Clear the log, start samba add user stop samba and 
attach that log later today.

i miss the ' foo:mysql host = xxx.xxx.xxx.xxx '
also what is your log-file telling you?
does it find the backend? did something else change aswell ?
Greet's
Collen
Ben Gaide wrote:
I updated samba from 3.10 to 3.13 to get the updated print fixes, 
but I noticed today that the smbpasswd script no longer 
functions. It fails to update the the following fields.

Please let me know if you have any ideas.
Sorry I didnt include the appropriate config file so I will atach 
the appropriate section now. P

Re: [Samba] RE: MYSQL - Was Functional till Update to 3.13

2005-04-05 Thread Ben Gaide

Samba is Connecting and Inserting 1 Row, but It only sets 2 colums. NT 
Password and Lanman Password, The other colums Stay as Default.

For Insance. For the Attached log file I started Samba
As Root Did
smbpasswd -a username
password
password
Stop Samba
The mysql Database has the following new row
Row Headers
logon_timelogoff_timekickoff_timepass_last_set_time
pass_can_change_timepass_must_change_timeusernamedomain
nt_usernament_fullnamehome_dirdir_drivelogon_script
profile_pathacct_descworkstationsunknown_str
munged_dialuidgiduser_sidgroup_sidlm_pwnt_pw
acct_ctrlunknown_3logon_divshours_lenunknown_5
unknown_6bad_password_countlogon_count

Values
NULL  NULL  NULL  1112742397  1112742397  
2147483647  NULL  FIJINET  NULL  NULL  NULL  
NULL  NULL  NULL  NULL  NULL  NULL  NULL  
75  NULL  NULL  NULL  AAA8B176C3D8E3DEAAD3AA35B51404EE  
   AAA899154197E8AAA33121D76A240AB5  16  NULL  NULL  
NULL  NULL  NULL  NULL  NULL

Collen wrote:
No errors in the log ???
try setting the debug level a little higher.. (2 - 5)
if samba can't connect to the db, it will show's up.
you could also try to login with a mysql client, with the same
settings of your samba config, to see if that part is right.
dunno how you configed the mysql-server, sometimes people
set it to only connect to the localhost (127.0.0.1)
or disable localhost, and make it use the network IP.
just be sure, that the settings you use within samba also work with 
the mysql-client.

but in both cases you should see debug info in the samba log's
(like can't connect to the passwd-backend mysql, or something like that)
Laterz
Collen.
Ben Gaide wrote:
I didnt change anything else excludeing printer settings which when I 
reverted to the old config file still made no difference. I can add 
foo:mysql host = xxx.xxx.xxx.xxx, but I understand it deafults to 
local host and it is clear to see that it does actually connect and 
insert the correct lanman password. It even will change the password 
of people that were added before the update properly.

Log file lists No errors and I could not find any useful info. I will 
stop samba, Clear the log, start samba add user stop samba and attach 
that log later today.

i miss the ' foo:mysql host = xxx.xxx.xxx.xxx '
also what is your log-file telling you?
does it find the backend? did something else change aswell ?
Greet's
Collen
Ben Gaide wrote:
I updated samba from 3.10 to 3.13 to get the updated print fixes, 
but I noticed today that the smbpasswd script no longer functions. 
It fails to update the the following fields.

Please let me know if you have any ideas.
Sorry I didnt include the appropriate config file so I will atach 
the appropriate section now. Please not it is 3.0.13 not 3.13 as 
that would be impossible.

 # Samba Password Database configuration:
   passdb backend = mysql:foo
   foo:mysql user = samba
   foo:mysql password = PASSWORD
   foo:mysql database = samba
   foo:domain column = 'DOMAIN'


  Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2005/04/05 17:04:52, 3] printing/pcap.c:pcap_cache_reload(114)
  reloading printcap cache
[2005/04/05 17:04:52, 5] printing/print_cups.c:cups_cache_reload(71)
  reloading cups printcap cache
[2005/04/05 17:04:52, 3] printing/pcap.c:pcap_cache_reload(213)
  reload status: ok
[2005/04/05 17:04:52, 3] param/loadparm.c:lp_add_printer(2439)
  adding printer service PDF
[2005/04/05 17:04:52, 3] param/loadparm.c:lp_add_printer(2439)
  adding printer service FIJI-LJ1200
[2005/04/05 17:04:52, 2] lib/interface.c:add_interface(81)
  added interface ip=138.67.86.203 bcast=138.67.86.255 nmask=255.255.255.0
[2005/04/05 17:04:52, 5] lib/util.c:init_names(256)
  Netbios name list:-
  my_netbios_names[0]="FIJIFILES"
[2005/04/05 17:04:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/04/05 17:04:52, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/04/05 17:04:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/04/05 17:04:52, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2005/04/05 17:04:52, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/04/05 17:04:52, 5] passdb/pdb_interface.c:make_pdb_context_list(823)
  Trying to load: mysql:foo
[2005/04/05 17:04:52, 5] passdb/pdb_interface.c:smb_register_passdb(94)
  Attempting to register passdb backend ldapsam
[2005/04/05 17:04:52, 5] passdb/pdb_interface.c:smb_register_passdb(107)
  Successfully added passdb backend 'ldapsam'
[2005/04/05 17:04:52, 5] passdb/pdb_interface.c:smb_register_passdb(94)
  Attemptin

[Samba] Strange LDAP add machine problem

2005-04-04 Thread Ben Davis

I'm setting up a Samba/LDAP PDC (samba-3.0.13 / openldap-2.1.30) and I'm 
trying to join a machine (called "melisa") to the domain.  When I try to 
join the domain, I type in the Administrator (which maps to root) 
credentials.  and after a few seconds I get a windows error that says:

 The following error occurred while attempting to joing the domain 
"PCA-USERS":
 The user name could not be found.

The machine was successfully added to the ldap dir, in "ou=Computers", 
but I can't seem to figure out why I'm getting this error.   I saw the 
following searches in my slapd.log:

SRCH base="dc=pca-wichita,dc=com" scope=2 
filter="(&(uid=melisa$)(objectClass=sambaSamAccount))"

SRCH base="ou=Users,dc=pca-wichita,dc=com" scope=1 
filter="(&(objectClass=posixAccount)(uid=melisa$))"

The first search returned 1 entry,  but the second search returned 0.  
I'm not really sure why it's looking in ou=Users and using a scope of 1 
(isn't that the "base" scope?).  My smb.conf settings have the following:

ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
Does anyone know of anything else I can look at to try and troubleshoot 
this problem?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] RE: MYSQL - Was Functional till Update to 3.13

2005-04-01 Thread Ben Gaide

I updated samba from 3.10 to 3.13 to get the updated print fixes, but I 
noticed today that the smbpasswd script no longer functions. It fails to 
update the the following fields.

domain 

	
nt_username 

	
nt_fullname 

	
home_dir 

	
dir_drive 

	
logon_script 

	
profile_path 

	
acct_desc 

	
workstations 

	
unknown_str 

	
munged_dial 

	
uid 

	
gid 

	
user_sid 

	
group_sid 


Please let me know if you have any ideas.
Sorry I didnt include the appropriate config file so I will atach the 
appropriate section now. Please not it is 3.0.13 not 3.13 as that would 
be impossible.

 # Samba Password Database configuration:
   passdb backend = mysql:foo
   foo:mysql user = samba
   foo:mysql password = PASSWORD
   foo:mysql database = samba
   foo:domain column = 'DOMAIN'
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] MYSQL - Was Functional till Update to 3.13 i

2005-04-01 Thread Ben Gaide

I updated samba from 3.10 to 3.13 to get the updated print fixes, but I 
noticed today that the smbpasswd script no longer functions. It fails to 
update the the following fields.

domain 

	
nt_username 

	
nt_fullname 

	
home_dir 

	
dir_drive 

	
logon_script 

	
profile_path 

	
acct_desc 

	
workstations 

	
unknown_str 

	
munged_dial 

	
uid 

	
gid 

	
user_sid 

	
group_sid 


Please let me know if you have any ideas.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Print Management - Cups - Samba PDC/Print Server / Perl Script

2005-03-30 Thread Ben Gaide

All Version Information and Print Section of cmb.conf at end of email.
Ok I have a Samba server set up and functioning as a Primary Domain 
Controller with File and Print services, but there are a few glitches + 
odds and ends not yet functional.

1. Printer Management. - I have a HP Laserjet 1200 connected to the USB 
ports and configured via cups. Print Que does not list any of the items 
in the Print Que, nor can I pause it as an administrator.

2. When selecting this as the printer from windows it is exteremely slow 
and may take up to 3 minutes to acknowlage your selection, but when you 
click print with it set as the default printer it prints right away.

3. print command is apairently being ignored completely. I attempted as 
you can see in the config to add a perl script that would count how many 
prints each user made and add it to a MYSQL database. Even when I 
removed the stuff after the perl script on both the Printer Config and 
the general printer configs it still printed and did not call the perl 
script.

My primary Goal is to record the number of pages printed by each user.  
If you have a way to output user:pages as a new line to a  text file I 
can parse that with a cron job. Please let me know.

PS. I appricate all the work done with samba over the years.
Ben Gaide

# Partial Samba Config File. -- Shows All Printer config lines --
# 2. Printing Options:
   printcap name = cups
   load printers = yes
   printing = cups
   printer admin = @administrators
   show add printer wizard = yes
   max print jobs = 100
[printers]
  min print space = 4000
  comment = All Printers
  path = /var/spool/samba
  browseable = no
  guest ok = no
  public = no
  writable = no
  printable = yes
  print command = /usr/bin/printcount.pl lpr-cups -P %p -o raw %s -r
#   lppause command = /usr/bin/enable %p
#   lpresume command = /usr/bin/disable %p
#   lpq command = lpq -P %p
#   lprm command = cancel %p-%j
[HPLJ1200]
   comment = Fiji Study Printer
   printer admin = @administrators
   browseable = yes
   printable = yes
   writable = no
   guest ok = no
   print command = /usr/bin/printcount.pl# lpr-cups -P %p -o raw %s -r
   valid users = @administrators
[print$]
   comment = Printer Driver Download Area
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   write list = @administrators, root
   guest ok = no
Samba  3.0.10
cups v. 1.1.23-r1.
Clients:
Windows XP Pro SP2 * 10.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] getent passwd / winbind uid / log file configuration

2005-02-22 Thread Ben Kim


Hi,

This is Solaris 8, samba-2.2.9 with winbind. I'd like to get some help.


1. My problem is this configuration directive is not working.

  winbind uid = 3-6
  winbind use default domain = yes

  Regardless of this, the uid maps to 1 ~.

  This is the problem.

  We are actually using uid range 2 ~ in /etc/passwd, so I'm afraid
there might be a clash later. 

  So, is there a way to find what's wrong?

  (Also, Does anyone know what happens if winbind account base grows to
require 2? Will winbind automatically avoid the range?)

2. The log file setting is not working either. 

  log file = /var/log/sambalogs/logfile.%m

  Whatever I set up, samba just logs to /usr/local/samba/var/log.winbindd.

3. getent passwd is not returning windows only users.

I'm using slightly different configuration files for samba and winbind
(the latter without share configuration).

I'd appreciate any help.



Regards,

Ben Kim
Database Developer/Systems Administrator
434E Harrington Tower / College of Education 
Texas A&M University

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.11pre2 and wbinfo --users-sids

2005-01-25 Thread Ben Vaughan

Hello good people of Samba,

I've been working with the latest Samba (3.0.11pre2) and have noticed
that between 3.0.11pre1 and 3.0.11pre2, wbinfo --user-sids  has
stopped working.  I have confirmed that going back to version 3.0.11pre1
(everything else being held steady) corrects the error I'm seeing.

#wbinfo -n 


#wbinfo --user-sids=
Could not get group SIDs for user SID 

The specific errors were these:

Jan 25 10:08:18 discovery winbindd[3795]: [2005/01/25 10:08:18, 0]
rpc_client/cli_pipe.c:rpc_api_pipe(435)
Jan 25 10:08:18 discovery winbindd[3795]:   cli_pipe: return critical
error. Error was NT_STATUS_INVALID_HANDLE

It appears that the command will be successful the first attempt after
starting winbind, but will fail every time after that.

Can anyone reproduce these results?

Does anyone know what might be going on?

Thanks,

Ben Vaughan


Ben Vaughan
Engineering Computing Support Services
CLUE Network SysAdmin
Iowa State University 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

< 1 2 3 4 >

101 - 200 of 332 matches

Mail list logo