[Samba] Samba 4 install packages for Ubuntu 10
Hello, I want to upgrade my current samba 3.7 that I compiled, to samba 4, and wondered if I can get binaries compatible with Ubuntu 10? Sent from my iPhone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unable to access Samba 3.6.6 shares
Hello, I compiled and installed v3.6.6 from source on my ubuntu 10.04 server though I am unable to access my shares from my client windows machines; the error message indicates that I don't have permissions. I am using the same user/passwords and shares as with the previous v3.5.7 Samba. >From console I can access the shares with smbclient. I checked the path to my Samba commands and config files and everything looks correct. I recreated my Samba users under the new Samba 3.6.6 install. The problem may be with the password database though not sure how to proceed. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba share access problems
Hello, I have Samba 3.6.6 compiled and running under Ubuntu 10.04 server, I upgraded from 3.5.x and used the same share and configuration file. I have access problems from my Windows machines "network path not found" that I am trying to diagnose via smbclient from the server console: with smbclient... When I run, smblcient -L wen-chang\,. For any of my users, I see the error message "Error returning browse list: NT STATUS OK". The shares are browseable=yes, so I think this is a permissions problem or an issue with the way I created my Samba users. Suggestions on additional tests to locate the problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.6 error loading shared libraries
Hello, I have compiled Samba 3.6.6 from the git branch 3-6-stable for my Ubuntu 10.04 system. Configure and make completed successfully though I get the error: "error while loading shared libraries: libwbclient.so.0: cannot open shared object fie: No such file or directory" This seems like a missing file, though I updated my Debian packages according to the dependencies before compiling. Also, would it be wise to use another branch? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba build errors (Derek Lewis)
Jorell, I installed the packages from your list and attempted to build with your configuration. I still get errors during build referring to swrap_close or nwrap_getgrnam. Also I did not use. /autogen.she, just config and make. Derek Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba build errors
Jorell, Thanks for the config info, I will try it when I get back from travel. How do you test your Samba install after compiling? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba build errors
Jorell, Thanks for the build info, I am on travel now but try it out when I get home. Also, how do you test your Samba install to make sure it functions as expected? On Saturday, June 2, 2012, wrote: > Send samba mailing list submissions to >samba@lists.samba.org > > To subscribe or unsubscribe via the World Wide Web, visit >https://lists.samba.org/mailman/listinfo/samba > or, via email, send a message with subject or body 'help' to >samba-requ...@lists.samba.org > > You can reach the person managing the list at >samba-ow...@lists.samba.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of samba digest..." > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.5 build errors
Hello, I am rebuilding my Ubuntu 10.04 NAS to use Samba 3.6.5 for file sharing. Starting from the current stable tar file, I was able to configure although ran into problems when building. I get a list of error messages of the form "undefined reference": Do I need to wait for a patch or am I missing some libraries? Also, is there a list of the dependencies and their sources? Would prefer Debian packages if at all possible instead another source compile. Thank you, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] errors during samba 3.6.5 compile
Hello, I am trying to compile Samba 3.6.5 from the official tarball, I am following the how-to from samba.org and run into several errors like the following example when I try to run configure from the source3 directory: configure: failed program was: | /* confdefs.h */ I am running Ubuntu 10.04 LTS server edition. I have compiled a previous version and ran into a similar problem, I suspect I am missing some libraries. Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Maintain file ownership when writing to share with different owner
Hello, I have a question regarding control of file ownership: I have shares accessed by several users belonging to a group though the share is owned by only one of the users. I can force the group id for files written to the share to match the share group though I wondered if I can preserve the file's original owner id (one of the users in the group) if a file is copied from another location? Related to this question: I am looking for an up to date source of information on using acls. I have implemented acl and extended attribute support for storing dos file attributes and metadata. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
Thanks for the advice - Good to know not to go down the trust relationship
path. A seperate domain does sound like a good path. Leave the existing
nt/exchange setup as just an email platform. Users are likely to need to
login again once we move that email/calendar/contacts funtion to the cloud
anyway.
Gives a nice clean migration path - here is your new win7 pc and your new
login for it.
Though I've also considered not making the new win7 domain members anyway.
They are all going laptops and staff are somewhat mobile to highly mobile.
When the domain is not avilable because of poor network link quality or no
network at all laptop performance suffers. I know this to be the case with
XP, I have no indication that its
any different with Win7.
Thanks
Derek
-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Gaiseric Vandal
Sent: Friday, October 28, 2011 11:05 AM
To: samba@lists.samba.org
Subject: Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x
ldapbacked PDC and MS Exchange 5.5 still
If you are getting rid of the exchange server it seems a lot of work to do
the trusts thing. Having outlook remember your password isn't a major
problem. Except of course then people are pretty likely to have forgotten
their e-mail password if they ever use another PC.
I have found Samba trusts to be fairly painful. I had a Samba 3.0.x PDC
(LDAP backend) which I tried having a trust with a Windows 2003
domain.In order for trusts to work, the Samba machine uses Idmap to
create a range of unix uid's and gid's for the trusted Windows users.
With Samba 3.0.x, these idmap entries were created but would stop
working after the cache period expired.I don't know why. When I
moved to Samba 3.4.x, the expiration issue went away but then idmap
entries were not automatically. We didn't have many people in the
Windows 2003 domain so I can manually create idmap entries as needed.
My gut feeling is that any changes you make to support Windows 7 machines
will break compatibility with legacy machines (e.g. NT4) or the domain
trusts- altho installing the latest NT4 SP pack (6a?) may help.
Could you make migrate the PDC role from your NT server to a samba 3.4.x
or 3.5.x server? I don't think Exchange 5.5 has to be on the domain
controller.
At my work we have a Samba domain for most of the users and computers.
We also have a separate untrusted Win 2008 domain just to support our
Exchange 2007 server.It would be nice if we could consolidate to a
single domain (or at least a single Active Directory tree) but for the
moment people have to maintain separate e-mail accounts.
FYI- I had a look at the latest version of Zimbra- it looks like a pretty
nice product for a small business, if you decide not to go with
the hosting route.I do like Exchange 2007 but it can be a big
challenge to set up and maintain, and you really have to have a
background with Active Directory and Exchange.Not what I would use
for a really small site.
On 10/28/2011 10:34 AM, Derek Werthmuller wrote:
> Looking to make some changes to an old but working LAN, that has about 10
> samba servers serving printers and network shares and a NT 4 PDC server
with
> Exchange 5.5 on it. The samba servers are members of the nt4 domain, XP
> systems are members of the nt 4 domain also. Samba servers are
ldapbacked.
> We use the ldap component directly to login to the Linux servers.
>
> I'd like to be able to support windows 7 clients as domain members, right
> now the clients are all XP. The plan I'm considering is building a new
> domain with the latest version of samba 3.x stable series for my RHEL6
> servers, join my new windows clients to that domain and create a trust
> relationship to the NT 4 domain. The existing samba servers can be joined
> to the new domain so that only the email server will be in the old domain.
> The idea behind the trust
> relationship is so that entering email for my users can be just a click
and
> won't have to login again. We'd want to keep the ldap backend capability
> too.
>
> Keeping the exchange is really a stop gap till we can move that function
to
> the cloud.
>
> Have others done similar upgrades successfully? Does this sound
reasonable?
>
> Is the trust relationship overkill and likely to cause problems? (tell
users
> to cache the outlook login and be done)
>
> Thanks
> Derek
>
> Derek Werthmuller
> Director of Technology Innovation and Services
> Center for Technology in Government
> 518.442.3892
> www.ctg.albany.edu
>
>
>
>
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
>>I have a client in a similar situation. NT4 PDC w/Exchange 5.5 and Samba member servers. Main problem is that >>they're running an old custom Outlook/Exchange workflow app which locks them in until it can be replaced. Similar situation - though we've been able to replicate it fairly easily in google apps. >>As you're aware newer then XP cannot join an NT4 domain but can join a Samba domain - and they will eventually >>need some new desktops. So my thoughts have been running along the lines of demoting the NT4 PDC and having a >>Samba server take over those duties. Problem's are the NT4 PDC is not a supported task, and even if a registry >>hack can accomplish it (according to an old post by Minasi it should) but the effect on Exchange after this is >>apparently unknown. Also a test attempt to vampire the PDC did not work due to capitalization problems (if the >>vampire script did a lower case conversion this might have been a big start). I did consider this, though the issue is what do I do with the existing NT4 PDC - I can demote this to BDC but from the samba docs samba PDC and Windows BDC is not supported. And I don't think it can demote the PDC to server role. I'm also trying to be very careful not to make substantial changes to the exchange host - I need that working for a short while longer. Thanks Derek -Original Message- From: Chris Smith [mailto:smb...@chrissmith.org] Sent: Friday, October 28, 2011 12:07 PM To: Derek Werthmuller Cc: samba@lists.samba.org Subject: Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still On Fri, Oct 28, 2011 at 10:34 AM, Derek Werthmuller wrote: > Looking to make some changes to an old but working LAN, that has about > 10 samba servers serving printers and network shares and a NT 4 PDC > server with Exchange 5.5 on it. The samba servers are members of the > nt4 domain, XP systems are members of the nt 4 domain also. > > I'd like to be able to support windows 7 clients as domain members, > right now the clients are all XP. > > Keeping the exchange is really a stop gap till we can move that > function to the cloud. > > Have others done similar upgrades successfully? Does this sound reasonable? All services except for PDC, WINS and Exchange have been moved from the NT4 box. Outside email is handled by Google Apps. DNS, NTP, file and print services, etc. all handled by Linux servers, firewall is OpenBSD/PF. Also to protect from failure of the old hardware the PDC has been virtrualized and running under VirtualBox where regular snapshots can be taken. The virtualization of the NT4 PDC also provides an opportunity to experiment with copies/snapshots so I hope to tackle this a bit more in depth when time permits. Of course any clues, hints, experience to be shared in this area are very welcome. I will gladly provide anything I find out that may be useful. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still
Looking to make some changes to an old but working LAN, that has about 10 samba servers serving printers and network shares and a NT 4 PDC server with Exchange 5.5 on it. The samba servers are members of the nt4 domain, XP systems are members of the nt 4 domain also. Samba servers are ldapbacked. We use the ldap component directly to login to the Linux servers. I'd like to be able to support windows 7 clients as domain members, right now the clients are all XP. The plan I'm considering is building a new domain with the latest version of samba 3.x stable series for my RHEL6 servers, join my new windows clients to that domain and create a trust relationship to the NT 4 domain. The existing samba servers can be joined to the new domain so that only the email server will be in the old domain. The idea behind the trust relationship is so that entering email for my users can be just a click and won't have to login again. We'd want to keep the ldap backend capability too. Keeping the exchange is really a stop gap till we can move that function to the cloud. Have others done similar upgrades successfully? Does this sound reasonable? Is the trust relationship overkill and likely to cause problems? (tell users to cache the outlook login and be done) Thanks Derek Derek Werthmuller Director of Technology Innovation and Services Center for Technology in Government 518.442.3892 www.ctg.albany.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Auto creation of home directories on Samba-3.5.4(CentOS 6) using PAM authenticating via ADS
Hi, I have installed samba 3.5.4 on Centos 6 and have set it up to authenticate to a Windows 2008 Domain Controller. When I do a "su - some-domain-user", the home directory gets created. However, I want the home directory to be created when a user accesses the samba shares(no shell access). Following are the relevant configurations. What are the PAM changes I need to make? Help is much appreciated. ==smb.conf== [global] workgroup = RADON realm = RADON.LAB security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /sbin/nologin winbind use default domain = true winbind offline logon = false domain master = no obey pam restrictions = yes server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 passdb backend = tdbsam [homes] comment = Home Directories browseable = no writable = yes [public] comment = Public Stuff path = /home/shared public = yes writable = yes printable = no ==/etc/pam.d/samba== #%PAM-1.0 auth required pam_nologin.so auth include password-auth accountinclude password-auth sessioninclude password-auth password include password-auth ==/etc/pam.d/password-auth== #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid >= 500 quiet authsufficientpam_krb5.so use_first_pass authsufficientpam_winbind.so use_first_pass authrequired pam_deny.so account required pam_unix.so broken_shadow account sufficientpam_localuser.so account sufficientpam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 type= passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass use_authtok passwordsufficientpam_krb5.so use_authtok passwordsufficientpam_winbind.so use_authtok passwordrequired pam_deny.so session optional pam_mkhomedir.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so ---- Regards, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOS 5.6 X86_64 install problem
John
Thank you for the quick reply on this trying that now
here is what I have tried ./configure.developer --disable-s3build
returns
waf [command] [options]
Main commands (example: ./waf build -j4)
build : build all targets
clean : removes the build files
configure : configures the project
ctags : build 'tags' file using ctags
dist: makes a tarball for distribution
distcheck : test that distribution tarball builds and installs
distclean : removes the build directory
etags : build TAGS file using etags
install : installs the build files
pydoctor: build python apidocs
reconfigure : reconfigure if config scripts have changed
test: Run the test suite (see test options below)
testonly: run tests without doing a build first
uninstall : removes the installed files
wafdocs : build wafsamba apidocs
wildcard_cmd: called on a unknown command
waf: error: no such option: --disable-s3build
next I tried running ./configure.developer then make --disable-s3build
this also fails with make: unrecognized option `--disable-s3build'
Looked around on the internet and found this information
--- script/installsamba4.sh (revision 2813)
+++ script/installsamba4.sh (working copy)
@@ -280,17 +280,8 @@
pushd samba4
error_check $? "samba4 setup"
# this is a temporary hack while we try to support both git and
samba
# alpha 15 tarball. the tarball doesn't know --disable-s3build and
# samba git won't currently build without --disable-s3build because
of
# https://bugzilla.samba.org/show_bug.cgi?id=8113
if test -z "$TARPATH"; then
./configure.developer -C --prefix=$SAMBA_PREFIX
--disable-s3build
error_check $? "samba4 git configure"
else
./configure.developer -C --prefix=$SAMBA_PREFIX
error_check $? "samba4 configure"
fi
./configure.developer -C --prefix=$SAMBA_PREFIX
error_check $? "samba4 git configure"
echo "Step2: Compile Samba4 (Source)"
$MAKE -j
this ran fine on system but same results it is still trying to compile
samba3 code.
Can you think of anything I can try right now I am currently
downloading the rsync of samba4 just to see if that makes any difference
from the git source I have
Derek
On Tue, 17 May 2011 16:23:40 -0500, Taylor, Jonn wrote:
By default samba 3 and samba 4 are built. Use --disable-s3build to
only
build samba 4. There is also a how to that someone did for CentOS,
just
search the archives for it.
Jonn
On 05/17/2011 03:46 PM, de...@podoll.com wrote:
I am trying to install samba 4 on a CentOS 5.6 X86_64 with all
update
installed following the directions from
http://wiki.samba.org/index.php/Samba4/HOWTO
Installed git and am able to use that to pull down latest version of
samba source code
ran ./configure.developer (can post output from this long file if
needed)
Once that was done I ran the make command and got this at the end
[3364/3441] Linking default/source3/smbd/smbd
default/source3/libsamba3core.so: undefined reference to `cap_free'
default/source3/libsamba3core.so: undefined reference to
`cap_set_flag'
default/source3/libsamba3core.so: undefined reference to
`cap_get_proc'
default/source3/libsamba3core.so: undefined reference to
`cap_set_proc'
collect2: ld returned 1 exit status
Waf: Leaving directory `/samba-master/bin'
Build failed: -> task failed (err #1):
{task: cc_link epmd_7.o,server_98.o,msg_idmap_98.o -> smbd}
make: *** [all] Error 1
I can provide a full output of the make if required also
I was able to install samba 4 following the same directions on this
system around a month or so ago but I am reinstalling to because I
wanted to get a clean version and make this one the PDC on the
network
because it is a physical system not virtual like the current samba 4
PDC I have running right now.
Derek
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] CentOS 5.6 X86_64 install problem
I am trying to install samba 4 on a CentOS 5.6 X86_64 with all update
installed following the directions from
http://wiki.samba.org/index.php/Samba4/HOWTO
Installed git and am able to use that to pull down latest version of
samba source code
ran ./configure.developer (can post output from this long file if
needed)
Once that was done I ran the make command and got this at the end
[3364/3441] Linking default/source3/smbd/smbd
default/source3/libsamba3core.so: undefined reference to `cap_free'
default/source3/libsamba3core.so: undefined reference to `cap_set_flag'
default/source3/libsamba3core.so: undefined reference to `cap_get_proc'
default/source3/libsamba3core.so: undefined reference to `cap_set_proc'
collect2: ld returned 1 exit status
Waf: Leaving directory `/samba-master/bin'
Build failed: -> task failed (err #1):
{task: cc_link epmd_7.o,server_98.o,msg_idmap_98.o -> smbd}
make: *** [all] Error 1
I can provide a full output of the make if required also
I was able to install samba 4 following the same directions on this
system around a month or so ago but I am reinstalling to because I
wanted to get a clean version and make this one the PDC on the network
because it is a physical system not virtual like the current samba 4 PDC
I have running right now.
Derek
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba4 install
Thank you for the replies to my question I asked about upgrading samba4 I am having a new problem and will post a new thread on it. On Wed, 11 May 2011 12:02:00 +0400, Matthieu Patou wrote: Hello, On 09/05/2011 19:52, de...@podoll.com wrote: I have a install of samba4 that I have been using on my home network for testing with one PDC and BDC on the local network and a 3rd BDC located on another network with IPSEC tunnel between the two networks. The problem I have is all 3 servers are running different versions on the samba4 code I would like to get all the system on the same code level. Do any of you know an easy way to do this so I do not loose all the account and policy information in the PDC when I update it? either that or is there a backup method anyone would recommend before trying it preform any updates. So depending on your version of samba you'll have to update just the binaries or also to update the structure and the content of the database. Best is to first know the version. Upgrading the binaries is ok there is nothing to do apart from make;make install , to update the structure we have a tool but for the moment it's limited to 1 DC (so you have to demote your other server). In theory we could support multi DC upgrade, but I have a bit of work to do but it shouldn't be too hard. Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repohttp://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade samba4 install
I have a install of samba4 that I have been using on my home network for testing with one PDC and BDC on the local network and a 3rd BDC located on another network with IPSEC tunnel between the two networks. The problem I have is all 3 servers are running different versions on the samba4 code I would like to get all the system on the same code level. Do any of you know an easy way to do this so I do not loose all the account and policy information in the PDC when I update it? either that or is there a backup method anyone would recommend before trying it preform any updates. System info below OS Centos 5.5 on all systems with bind installed to support dynamic updates Hardware local PDC and BDC run off of XENSERVER virtual machines from two different xenserver platforms Hardware offsite HP server Network connection between servers IPV6 with IPSEC tunnel running over internet using IPV6 Thank you for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] corrupt security data warning and Samba 3.5.6
I creating an archive of files stored on a share with WinRAR and I get an error message indicating that the security information is missing or corrupt. I can create an archive with the same files on the PC local drive, but not on the Samba share. Could this be caused by ACL configuration problems? Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.6 file error/no disk space message
I have Samba 3.5.6 with the ACL patch running and I was in the process of creating a large ~80GB RAR file on the share from my PC, when I encountered several messages near the end of the write. The messages indicated by WinRAR were: no disk space remaining or write error. The computer and share connection were active for a long period of time (~1 day) which may have contributed to the problem. I will be checking my Samba logs tonight, though I am interested in other debugging steps and whether I should configure my network/Samba differently for more stable sessions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6 and ACL patch
I thought this indicated a problem in the mapping since these ids donot correspond to the users on the PC. -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Tuesday, November 23, 2010 4:53 PM To: Derek Lewis Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 3.5.6 and ACL patch On Thu, Nov 18, 2010 at 01:07:48AM -0800, Derek Lewis wrote: > I have Samba 3.5.6 running patched with the ACL jumbo patch. When checking > the properties of directories under a Samba share, I do not see differences > in the mapping of users and permissions for directories from the un-patched > version. I still get "CREATOR OWNER" and "CREATOR GROUP" showing up in the > security tab under properties. What are you expecting ? We'll display "CREATOR OWNER" and "CREATOR GROUP" when creating a mapping for the default POSIX ACL on a directory. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.6 and ACL patch
I have Samba 3.5.6 running patched with the ACL jumbo patch. When checking the properties of directories under a Samba share, I do not see differences in the mapping of users and permissions for directories from the un-patched version. I still get "CREATOR OWNER" and "CREATOR GROUP" showing up in the security tab under properties. This could be an install/configuration problem on my server, though I wanted to ask and see if anyone has had the same experience. Would I be able to work around this problem with explicit user/permission mapping between PC and Samba server? Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] robust file transfers in Samba
I have Samba 3.5.6 working, now I am interested in ensuring that the file transfers to/from my server are robust. I have seen some threads on file corruption and I wondered if there are recommended setups for Samba and the server to make the file transfers as reliable as possible; cache flushing and op-locks? This may be unnecessary, though I wanted to look into this question before I start moving a lot of data to the server. On a related note, when I un-map my connection to Samba, Windows XP pops up a window warning that there are files still open. I have closed the relevant applications and files but the message persists. This is a windows issue but I wanted to ask if anyone else has seen this while connecting to a Samba share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
I installed Samba 3.5.6 and started testing the directory ACLs. So far the
behavior is the same as my previous build, with the CREATOR USER and CREATOR
GROUP entries showing up in the directory ACLs.
I checked that the patch was applied with git log --pretty=fuller -1.
-Original Message-
From: Michael Wood [mailto:esiot...@gmail.com]
Sent: Saturday, November 13, 2010 12:43 PM
To: Derek Lewis
Cc: samba@lists.samba.org; Jeremy Allison; samba-techni...@lists.samba.org
Subject: Re: [Samba] Problems with ACL jumbo patch
Hi
On 10 November 2010 10:22, Derek Lewis wrote:
> Okay, I search the apt repositories and found three Kerberos libraries:
> libpam-krb5, krb5-auth-dialog and libkrb5-dev.
libkrb5-dev is the one you want.
> After installing, I configured my build with autogen and
configure.developer
> as before. Attempting to make the binaries resulted in the same
> cli_krb5_get_ticket' error as before.
Try making sure you're starting from a clean checkout. i.e. get rid
of any previous build attempts. The following should work assuming
you're in the checked out directory and on the right branch:
$ git reset --hard HEAD
$ git clean -dxf
Then do the autogen and configure again.
After running configure.developer, do this (from the source3 directory):
$ grep 'HAVE_KRB5\>' include/config.h
It should print out:
#define HAVE_KRB5 1
since you now have the libkrb5-dev package installed.
> I looked through the options for configure.developer, can I disable
Kerberos
> in the configure step and bypass the problem?
I don't know.
Jeremy, any idea why Derek is getting link errors with your ACL jumbo
patch for 3.5.x despite the HAVE_KRB5 check in
source3/libsmb/clikrb5.c?
> -Original Message-
> From: Michael Wood [mailto:esiot...@gmail.com]
> Sent: Tuesday, November 09, 2010 3:52 AM
> To: Derek Lewis
> Cc: Miguel Medalha; samba@lists.samba.org; Jeremy Allison
> Subject: Re: [Samba] Problems with ACL jumbo patch
>
> On 9 November 2010 11:20, Derek Lewis wrote:
>> I have attached the config.log file, and a capture of the messages from
>> making that I called make.log.
>
> OK, then it does seem to have something to do with Kerberos.
>
> The cli_krb5_get_ticket function is defined in
> source3/libsmb/clikrb5.c and if you don't have HAVE_KRB5 defined, then
> it's supposed to do this:
>
> /* this saves a few linking headaches */
> int cli_krb5_get_ticket(const char *principal, time_t time_offset,
> DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
> uint32 extra_ap_opts,
> const char *ccname, time_t *tgs_expire,
> const char *impersonate_princ_s)
> {
> DEBUG(0,("NO KERBEROS SUPPORT\n"));
> return 1;
> }
>
> but for some reason that's not happening for you, so you get link errors.
>
> The solution to your problem is, of course, to install the Kerberos
> libs (either MIT or Heimdal).
>
> Try "apt-get install libkrb5-dev".
--
Michael Wood
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
So far so good...I wanted to thank you, Miguel and the Samba team for all of
the help.
The krb5 test was successful.
The hard reset and make of Samba 3.5.6 was successful though I have not
completed the install yet.
I have a question, does the git reset/clean commands remove the acl patch?
Can I confirm that the patch files were included into the build?
>From the Samba side, how would I test the patch viability?
Derek
-Original Message-
From: Michael Wood [mailto:esiot...@gmail.com]
Sent: Saturday, November 13, 2010 12:43 PM
To: Derek Lewis
Cc: samba@lists.samba.org; Jeremy Allison; samba-techni...@lists.samba.org
Subject: Re: [Samba] Problems with ACL jumbo patch
Hi
On 10 November 2010 10:22, Derek Lewis wrote:
> Okay, I search the apt repositories and found three Kerberos libraries:
> libpam-krb5, krb5-auth-dialog and libkrb5-dev.
libkrb5-dev is the one you want.
> After installing, I configured my build with autogen and
configure.developer
> as before. Attempting to make the binaries resulted in the same
> cli_krb5_get_ticket' error as before.
Try making sure you're starting from a clean checkout. i.e. get rid
of any previous build attempts. The following should work assuming
you're in the checked out directory and on the right branch:
$ git reset --hard HEAD
$ git clean -dxf
Then do the autogen and configure again.
After running configure.developer, do this (from the source3 directory):
$ grep 'HAVE_KRB5\>' include/config.h
It should print out:
#define HAVE_KRB5 1
since you now have the libkrb5-dev package installed.
> I looked through the options for configure.developer, can I disable
Kerberos
> in the configure step and bypass the problem?
I don't know.
Jeremy, any idea why Derek is getting link errors with your ACL jumbo
patch for 3.5.x despite the HAVE_KRB5 check in
source3/libsmb/clikrb5.c?
> -Original Message-
> From: Michael Wood [mailto:esiot...@gmail.com]
> Sent: Tuesday, November 09, 2010 3:52 AM
> To: Derek Lewis
> Cc: Miguel Medalha; samba@lists.samba.org; Jeremy Allison
> Subject: Re: [Samba] Problems with ACL jumbo patch
>
> On 9 November 2010 11:20, Derek Lewis wrote:
>> I have attached the config.log file, and a capture of the messages from
>> making that I called make.log.
>
> OK, then it does seem to have something to do with Kerberos.
>
> The cli_krb5_get_ticket function is defined in
> source3/libsmb/clikrb5.c and if you don't have HAVE_KRB5 defined, then
> it's supposed to do this:
>
> /* this saves a few linking headaches */
> int cli_krb5_get_ticket(const char *principal, time_t time_offset,
> DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
> uint32 extra_ap_opts,
> const char *ccname, time_t *tgs_expire,
> const char *impersonate_princ_s)
> {
> DEBUG(0,("NO KERBEROS SUPPORT\n"));
> return 1;
> }
>
> but for some reason that's not happening for you, so you get link errors.
>
> The solution to your problem is, of course, to install the Kerberos
> libs (either MIT or Heimdal).
>
> Try "apt-get install libkrb5-dev".
--
Michael Wood
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
I have attached the config.log file, and a capture of the messages from making that I called make.log. I have been able to build working binaries from the git, though I run into problems when I tried to patch git branch and compile. -Original Message- From: Michael Wood [mailto:esiot...@gmail.com] Sent: Monday, November 08, 2010 3:35 AM To: Derek Lewis Cc: Miguel Medalha; samba@lists.samba.org Subject: Re: [Samba] Problems with ACL jumbo patch On 8 November 2010 10:31, Derek Lewis wrote: > I have been able to get the unpatched versions to compile from git > successfully, though not with the patch implemented. > > I followed these steps to compile Samba 3.5.6 with the patch: > > 1. sudo git clone git://git.samba.org/samba.git samba102510 > 2. sudo wget http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz > 3. sudo tar -xvf samba-3-5-x-acl-jumbo-patch.tgz > 4. cd samba102510 > 5. sudo git checkout -b my_branch release-3-5-6 > 6. sudo git am -3 ../samba_patches/samba-3-5-x-acl-jumbo-patch/*.patch > 7. cd source3 > 8. sudo ./autogen.sh > 9. sudo ./configure.developer --prefix=/usr/local/samba35 > 10. sudo make [The build failed on the error 'cli_krb5_get_ticket', in the > function 'spnego_gen_negTokenTarg'. Make: *** [libsmb/clispnego.o] Error 1] You should generally not compile things as root. You do not need the "sudo"s above. Only when you "make install" should you need it, because then it will need to write to /usr/local/samba35 where a normal user would not have write access. This is, however, not the cause of your problems. I have just tried the above and it compiled successfully for me. What is the full output of the errors you get? It should provide more information than you have quoted above. > I am still learning how to use git, I wondered if the error messages are the > result of missing a step. I did not explicitly commit the changes, do I > need to update the index or pull in remote files? What you have above should work. "git am" automatically commits the patches. > I am searching for references to this make error though I have not found > much, except the library: libldap2-dev. I installed it and the problem > persists. > > Could you recommend other debug options? Post the full error and maybe someone will be able to figure out what the problem is. Are you able to build 3.5.6 without the patches applied? -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
Okay, I search the apt repositories and found three Kerberos libraries:
libpam-krb5, krb5-auth-dialog and libkrb5-dev.
After installing, I configured my build with autogen and configure.developer
as before. Attempting to make the binaries resulted in the same
cli_krb5_get_ticket' error as before.
I looked through the options for configure.developer, can I disable Kerberos
in the configure step and bypass the problem?
-Original Message-
From: Michael Wood [mailto:esiot...@gmail.com]
Sent: Tuesday, November 09, 2010 3:52 AM
To: Derek Lewis
Cc: Miguel Medalha; samba@lists.samba.org; Jeremy Allison
Subject: Re: [Samba] Problems with ACL jumbo patch
On 9 November 2010 11:20, Derek Lewis wrote:
> I have attached the config.log file, and a capture of the messages from
> making that I called make.log.
OK, then it does seem to have something to do with Kerberos.
The cli_krb5_get_ticket function is defined in
source3/libsmb/clikrb5.c and if you don't have HAVE_KRB5 defined, then
it's supposed to do this:
/* this saves a few linking headaches */
int cli_krb5_get_ticket(const char *principal, time_t time_offset,
DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
uint32 extra_ap_opts,
const char *ccname, time_t *tgs_expire,
const char *impersonate_princ_s)
{
DEBUG(0,("NO KERBEROS SUPPORT\n"));
return 1;
}
but for some reason that's not happening for you, so you get link errors.
The solution to your problem is, of course, to install the Kerberos
libs (either MIT or Heimdal).
Try "apt-get install libkrb5-dev".
--
Michael Wood
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
I have found the equivalent entries with apt-get search krb5. Though for only a few of the files sofar. I will try again to build the binaries. Derek -Original Message- From: Miguel Medalha [mailto:miguelmeda...@sapo.pt] Sent: Monday, November 08, 2010 6:21 AM To: Derek Lewis Cc: samba@lists.samba.org Subject: Re: [Samba] Problems with ACL jumbo patch > I have been able to get the unpatched versions to compile from git > successfully, though not with the patch implemented. I just reproduced all your steps and it went well, without any glitch. I am on CentOS 5.5. All the patches were applied correctly. Maybe you have a path problem here? > 6. sudo git am -3 ../samba_patches/samba-3-5-x-acl-jumbo-patch/*.patch > I adapted your line to my own path (without the "/samba_patches" part) and all went well... > 10. sudo make [The build failed on the error 'cli_krb5_get_ticket', in the > function 'spnego_gen_negTokenTarg'. Make: *** [libsmb/clispnego.o] Error 1] Maybe you have some missing dependency here, related to kerberos... rpm -qa | grep krb5 gives me the following: pam_krb5-2.2.14-15.x86_64 krb5-libs-1.6.1-36.el5_5.5.x86_64 krb5-workstation-1.6.1-36.el5_5.5.x86_64 krb5-auth-dialog-0.7-1.x86_64 krb5-devel-1.6.1-36.el5_5.5.x86_64 krb5-server-1.6.1-36.el5_5.5.x86_64 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
I am looking into the dependency issue now and will add the packages and try again. I am running on Ubuntu 10.04 server. - Original Message - From: Miguel Medalha To: Derek Lewis Cc: samba@lists.samba.org Sent: Mon, 8 Nov 2010 09:21:21 -0500 (EST) Subject: Re: [Samba] Problems with ACL jumbo patch > I have been able to get the unpatched versions to compile from git > successfully, though not with the patch implemented. I just reproduced all your steps and it went well, without any glitch. I am on CentOS 5.5. All the patches were applied correctly. Maybe you have a path problem here? > 6. sudo git am -3 ../samba_patches/samba-3-5-x-acl-jumbo-patch/*.patch > I adapted your line to my own path (without the "/samba_patches" part) and all went well... > 10. sudo make [The build failed on the error 'cli_krb5_get_ticket', in the > function 'spnego_gen_negTokenTarg'. Make: *** [libsmb/clispnego.o] Error 1] Maybe you have some missing dependency here, related to kerberos... rpm -qa | grep krb5 gives me the following: pam_krb5-2.2.14-15.x86_64 krb5-libs-1.6.1-36.el5_5.5.x86_64 krb5-workstation-1.6.1-36.el5_5.5.x86_64 krb5-auth-dialog-0.7-1.x86_64 krb5-devel-1.6.1-36.el5_5.5.x86_64 krb5-server-1.6.1-36.el5_5.5.x86_64 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
Yes, I have been able to build samba 3.5.6 and 3-5-test versions without problems up through the "make" command. I will get the log of the build out today. - Original Message - From: Michael Wood To: Derek Lewis Cc: Miguel Medalha , samba@lists.samba.org Sent: Mon, 8 Nov 2010 06:35:28 -0500 (EST) Subject: Re: [Samba] Problems with ACL jumbo patch On 8 November 2010 10:31, Derek Lewis wrote: > I have been able to get the unpatched versions to compile from git > successfully, though not with the patch implemented. > > I followed these steps to compile Samba 3.5.6 with the patch: > > 1. sudo git clone git://git.samba.org/samba.git samba102510 > 2. sudo wget http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz > 3. sudo tar -xvf samba-3-5-x-acl-jumbo-patch.tgz > 4. cd samba102510 > 5. sudo git checkout -b my_branch release-3-5-6 > 6. sudo git am -3 ../samba_patches/samba-3-5-x-acl-jumbo-patch/*.patch > 7. cd source3 > 8. sudo ./autogen.sh > 9. sudo ./configure.developer --prefix=/usr/local/samba35 > 10. sudo make [The build failed on the error 'cli_krb5_get_ticket', in the > function 'spnego_gen_negTokenTarg'. Make: *** [libsmb/clispnego.o] Error 1] You should generally not compile things as root. You do not need the "sudo"s above. Only when you "make install" should you need it, because then it will need to write to /usr/local/samba35 where a normal user would not have write access. This is, however, not the cause of your problems. I have just tried the above and it compiled successfully for me. What is the full output of the errors you get? It should provide more information than you have quoted above. > I am still learning how to use git, I wondered if the error messages are the > result of missing a step. I did not explicitly commit the changes, do I > need to update the index or pull in remote files? What you have above should work. "git am" automatically commits the patches. > I am searching for references to this make error though I have not found > much, except the library: libldap2-dev. I installed it and the problem > persists. > > Could you recommend other debug options? Post the full error and maybe someone will be able to figure out what the problem is. Are you able to build 3.5.6 without the patches applied? -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
I have been able to get the unpatched versions to compile from git successfully, though not with the patch implemented. I followed these steps to compile Samba 3.5.6 with the patch: 1. sudo git clone git://git.samba.org/samba.git samba102510 2. sudo wget http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz 3. sudo tar -xvf samba-3-5-x-acl-jumbo-patch.tgz 4. cd samba102510 5. sudo git checkout -b my_branch release-3-5-6 6. sudo git am -3 ../samba_patches/samba-3-5-x-acl-jumbo-patch/*.patch 7. cd source3 8. sudo ./autogen.sh 9. sudo ./configure.developer --prefix=/usr/local/samba35 10. sudo make [The build failed on the error 'cli_krb5_get_ticket', in the function 'spnego_gen_negTokenTarg'. Make: *** [libsmb/clispnego.o] Error 1] I am still learning how to use git, I wondered if the error messages are the result of missing a step. I did not explicitly commit the changes, do I need to update the index or pull in remote files? I am searching for references to this make error though I have not found much, except the library: libldap2-dev. I installed it and the problem persists. Could you recommend other debug options? -Original Message- From: Miguel Medalha [mailto:miguelmeda...@sapo.pt] Sent: Friday, November 05, 2010 2:31 AM To: Derek Lewis Cc: samba@lists.samba.org Subject: Re: [Samba] Problems with ACL jumbo patch > I still cannot get a successful build with either the original set of patch > files or the diff file. Although I can compile samba without the patch, > could I this be dependency problem or an out of date git version? It worked for me in both cases. I did it from the sources for 3.5.6 available from the Samba site: www.samba.org The only problems I found were some glitches in the RPM spec file when building RPMs for RHEL/CentOS, but those were easily corrected. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
I could still be missing a dependency. Most likely, I am not patching and compiling correctly. -Original Message- From: Miguel Medalha [mailto:miguelmeda...@sapo.pt] Sent: Friday, November 05, 2010 2:31 AM To: Derek Lewis Cc: samba@lists.samba.org Subject: Re: [Samba] Problems with ACL jumbo patch > I still cannot get a successful build with either the original set of patch > files or the diff file. Although I can compile samba without the patch, > could I this be dependency problem or an out of date git version? It worked for me in both cases. I did it from the sources for 3.5.6 available from the Samba site: www.samba.org The only problems I found were some glitches in the RPM spec file when building RPMs for RHEL/CentOS, but those were easily corrected. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems with ACL jumbo patch
I still cannot get a successful build with either the original set of patch files or the diff file. Although I can compile samba without the patch, could I this be dependency problem or an out of date git version? Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Diff patch for Samba 3.5.6
Okay, I selected the release-3-5-6 branch and applied the patch, then attempted to build. No errors so far. First question, how can I confirm that the patch was integrated with the branch? Second question, will this patch make all the updates that the original jumbo patch set was to? The patch/compile problems I am having are due to lack of knowledge. Not sure what the best forum would be for further git usage questions. Regards, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6 jumbo patch
Update, I was able to configure samba 3-5-test with the patch, though make fails when I use source3. Make fails with the error 'cli_krb5_get_ticket'. Derek -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: Friday, October 29, 2010 1:28 AM To: Derek Lewis Cc: 'Jeremy Allison'; samba@lists.samba.org Subject: Re: [Samba] Samba 3.5.6 jumbo patch On Fri, Oct 29, 2010 at 01:17:30AM -0700, Derek Lewis wrote: > I selected the origin/v3-5-test and tested the patch with git apply --check. > I see the same error message as before. I also confirmed that the new > branch I created for the build is the current branch via git branch. Just tried the following git am -3 /tmp/samba-3-5-x-acl-jumbo-patch/* in a git checkout of v3-5-test. Works fine. I've also uploaded a summary patch against 3.5.6 at http://www.samba.org/~vlendec/jumbo-patch-3-5-6.diff that you should be able to apply with patch -p1 < jumbo-patch-3-5-6.diff Hope that helps. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6 jumbo patch
Okay, I selected the origin/v3-5-test and tested the patch with git apply --check. I see the same error message as before. I also confirmed that the new branch I created for the build is the current branch via git branch. Derek -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Thursday, October 28, 2010 10:26 AM To: Derek Lewis Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 3.5.6 jumbo patch On Wed, Oct 27, 2010 at 10:14:48PM -0700, Derek Lewis wrote: > I have cloned the samba git file and selected the version with the tag: > release-3-5-6. I tested the patch with git apply -check, and I get the > following error: > > Error: patch failed: source3/smbd/posix_acls.c:3856 > > Error: source3/smbd/posix_acls.c: patch does not apply. Hmmm. Try "v3-5-test", not the release branch. The v3-5-test branch is what becomes the next release. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.6 jumbo patch
I have cloned the samba git file and selected the version with the tag: release-3-5-6. I tested the patch with git apply -check, and I get the following error: Error: patch failed: source3/smbd/posix_acls.c:3856 Error: source3/smbd/posix_acls.c: patch does not apply. I am new to compiling source for packages, so this may not be a real problem. I wanted to make I have a samba version with extended attributes and ACL operational. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Folder ACLs
I am running Samba 3.6 and I have implemented extended attributes and acls for my shares. I want to make directory behavior as similar as possible to client Windows XP. When I open the properties tab on a directory in a share, under user names I see two additional users: CREATOR GROUP and CREATOR OWNER. This seems to be a consequence of the ACL translation, as copying or moving this directory back to the PC results in the user list to the same users as the directories on the PC. The inherit permissions flag is not set on the share folder although it is set on the PC. I have tried to edit the folder permissions from the Windows property menu for both the file owner as well as the CREATOR OWNER user above, and the making a change as deselecting full control flag, reverts back to the original state. I can post my configuration if required, I intended to map permissions as directly as possible, though leave them flexible so that I can edit them later if required. I saw the posting earlier regarding an experimental patch for Samba 3.6 ACL handling. Are these changes already included in the next version of 3.x Samba? Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6 and server string formatting
I am Samba 3.6 up and running and I have a question on the implementation of the server string command. Specifically, I wanted to use this string to identify the share window on the PC side. I have tried to use: server string = %S on server %L, to display the share name and server name. Though I cannot seem to get the option to work with anything other than %h. Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 94, Issue 18
When I built and compiled Samba, I set a path for installing Samba to: /usr/local/samba, in order to keep the installation separate from my current Samba 3.4.7 installation while testing. I left all other options on their defaults. Derek -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of samba-requ...@lists.samba.org Sent: Sunday, October 17, 2010 11:00 AM To: samba@lists.samba.org Subject: samba Digest, Vol 94, Issue 18 Send samba mailing list submissions to samba@lists.samba.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.samba.org/mailman/listinfo/samba or, via email, send a message with subject or body 'help' to samba-requ...@lists.samba.org You can reach the person managing the list at samba-ow...@lists.samba.org When replying, please edit your Subject line so it is more specific than "Re: Contents of samba digest..." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6 directory ACLs
I have ACLs working for files with the following set in my share definitions: inherit permissions = yes inherit acls=yes map acl inherit=yes vfs_objects = acl_tdb While testing my Samba configuration, I found that permissions are being set to 'special' for directories being copied from Windows instead of the ACL being fully populated. Does Samba 3.6 fully implement ACLS, or are there further configuration steps for storing the ACL information for directories? Note, I have used a TDB for ACLs since I have extended attributes enabled on the file system level to store timestamp information. Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6 startup configuration
I have compiled and installed Samba 3.6 from git to a separate directory for testing. Now that everything is operating, I would like to start Samba at the boot-up of the server. The installation did not configure Samba to start automatically, and I wondered if there is a startup script I could use. I thought that the build/compile process would generate the required scripts but I have not found them. Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Browsing shares
I have a question regarding firewall settings and share browsing. I have set-up my firewall to allow the usual ports for Samba to work and I would like to control the connections used for providing Windows with share browsing. I currently have a range of ports opened to allow browsing as described in the documentation, and Samba shares are browseable and accessable. Can I restrict/specify the port to a small range or single port? Would this just be a matter of a hosts allow (with ports) added to the $IPC share? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error message on disconnecting (Samba) network drive
I have Samba 3.6 up and running with my Windows XP machine and connect easily with Map Network Drive, though I get a warning message upon disconnecting the share. The warning message indicates that files or folders are still open and requests confirmation to disconnect the share. This seems more a Windows issue, though I wanted to eliminate Samba configuration as the problem. I made sure to close all files before attempting disconnect. I wonder what Windows detected that would raise this warning? I should also note I have seen a similar error with Samba 3.0 as well. Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6 and extended attributes
I have extended user attributes enabled for my Samba drive (ext4) and configured within Samba for storing timestamps. I have added acl support to the drive mount point to store permissions information, although this change appears to have broken the extended user attributes. I have not modified my smb.conf since adding extended attributes support. Can I my ext4 drive be modified to store both attribute sets or do I have to use a tdb database? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Preserve Windows File permissions with extended attributes under Samba 3.6
I have successfully compiled and installed Samba 3.6 with extended attributes enabled (ext4 partition) to preserve the Windows XP file create/modified dates. With that problem solved, I want to control the file permissions in order to preserve Windows file access controls when copied to the Samba share. With extended attributes enabled as described above, can I also store the permissions information? What is a good reference for ACL manipulation? On a related note, how should fstab be configured to preserve the user permission on files copied to the share? I can provide my current fstab and Samba configuration if it would help. Though it is fairly basic. Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] fstab configuration for extended attributes
I have extended attributes in my fstab set with the following options: /dv/md0 /mnt/raid ext4 auto,errors=remount-ro,user_xattr 0 2 Aside from the "user_xattr" flag, do I have to set any other options to save extended attribute or file permissions information correctly to my share? I am running Samba 3.4.7 under Ubuntu 10.04 server. Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 compile instructions
Sorry for the delay... I downloaded the latest stable Samba v4.0 via git and prepared a branch to work with locally. I was able to configure and perform make quicktest without error. I then tried to create the binaries with sudo make, which reported the build finished successfully. When I configured samba 4 I set prefix=/usr/local/samba4 in order to install/test without removing my current samba 3.4.7. Can I keep my current Samba installed but disabled while testing samba4? Derek -Original Message- From: Andrew Bartlett [mailto:abart...@samba.org] Sent: Wednesday, September 08, 2010 9:56 PM To: Derek Lewis Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 4 compile instructions On Mon, 2010-09-06 at 23:33 -0700, Derek Lewis wrote: > I am interested in compiling Samba 4 and trying the advanced features. > I followed the instructions on samba.org to build and compile, though > I get the error: failed program.confdefs.h. I have run into this > error before, and looking over config log, I see that the build does > not see many of the dependencies. > > > > > > > > Can I modify the build to point to the required files, or at least > trace the source of the problem? Are you running the current version from GIT? We are long overdue with making another Samba4 release, and the last alpha is quite old now. Please try again with the current version in our GIT tree. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 compile instructions
I am interested in compiling Samba 4 and trying the advanced features. I followed the instructions on samba.org to build and compile, though I get the error: failed program.confdefs.h. I have run into this error before, and looking over config log, I see that the build does not see many of the dependencies. Can I modify the build to point to the required files, or at least trace the source of the problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] preserve windows create/modify dates
I have Samba 3.4.7 installed and running though I cannot get extended attributes to work completely. If this version of Samba will support it, I want to configure my shares to preserve the create and modified date information for my Windows files. At present, create date is set to the modified; though the accessed date is correct. I have formatted my RAID in ext4 and enabled extended user attributes. I have checked the extended attribute functions with getattr and setattr commands. In the global section of my smb.conf file, I have the following set: ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no map hidden = no When I run testparm, only the map archive, and map readonly are listed for some reason. I have searched through numerous threads looking for a solution, and it seemed this was not commonly used feature. If there are workarounds, I would entertain them. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba compile docs
I am interested in compiling Samba 4 and trying the advanced features. I followed the instructions on samba.org to build and compile, though I get the error: failed program.confdefs.h. I have run into this error before, and looking over config log, I see that the build does not see many of the dependencies. Can I modify the build to point to the required files, or at least trace the source of the problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.4 dependencies
I am trying to compile the latest Samba from source and I am getting an error that the build is failing due to: confdefs.h. What are the dependencies for compiling Samba? Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Compiling and installing Samba 4
I have Samba 3.4.7 configured and running, though I am interested in trying Samba 4. How can I find dependency information for compiling the code? Also, can I install Samba 4 and leave v3.4.7 intact while I evaluate it? Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Preserve create/modify dates in Samba 3.4.7
I have configured Samba 3.4.7 with extended attributes enabled to preserve file create/modify dates. In the [global] section of smb.conf: ea support =yes store dos attributes =yes map archive = no map readonly =no The map hidden and map system are ignored when I check with testparm. In the share section I have: create mask =0771 directory mask =0771 I also checked the share directory and applied chmod 771 to match the directory permissions to Samba settings and allow the minimal permissions for the attributes mapping. I went ahead and tried to map a network drive, and successfully copied a file over to samba, though the create date is set to the modified date on the copy. When I check the extended attributes of the file I copied over with: sudo getfattr -d -encoding=text [share directory] I see one attribute: user.DOSATTRIB For my /etc/fstab, I have set the following options set for a ext4 filesystem: auto,relatime,errors=remount-ro,user_xattr Is there a way to check the contents of user.DOSATTRIB? I am not seeing any obvious error messages in the samba log file, do I need to patch the Ubuntu 10.04 kernel or switch to Samba 3.4.7 to store file create/modify information? Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Preserve create/modify dates and attributes in samba
I have configured Samba 3.4.7 with extended attributes enabled to preserve file create/modify dates. I went ahead and tried to map a network drive, and successfully copied a file over to samba, though the create date is set to the modified date on the copy. For my /etc/fstab, I have set the following options set for a ext4 filesystem: auto,relatime,errors=remount-ro,user_xattr Do I have to change the default kernel configuration for Ubuntu 10.04 or apply a patch to the filesystem to get extended attributes to work? Do I have to upgrade to Samba 3.5? Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Preserve create/modify dates and attributes in samba
I have Samba 3.4.7 running with basic shares under Ubuntu 10.04, though I am interested in configuring Samba to store the Windows file attributes and create/modify dates. I have found some hints to this being done though no details. I have experimented with NTFS and found that most of the attributes and modified/accessed dates are preserved. If Samba 3.4.x will not store the file information, will Samba 3.5? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5 dependencies
I am interested in trying Samba 3.5.x, how can I check on library dependencies before I compile? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba and Windows file timestamps
I have setup Samba 3.4.7 as a network file server for a Windows XP machine and have the basic sharing working. For my Windows files, I would like to preserve the attributes and create/modify dates and my searches have found some mention of modifying Samba to accomplish this. Has anyone made this work with the current Samba package? Does Samba 3.5.x support this natively? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] setuids mount option broke
> /Does it work if you change 'setuids' to 'suid'?/ No. Using "suid", the behavior is identical as "setuids". I was hoping to use either Samba over SSH, or else sshfs (Fuse), for mounting these remote home dirs using SSH. But Samba's "setuids" option is broke, and sshfs doesn't even have that option. Thus, I was forced to set up an OpenVPN server and mount the homes with NFS over OpenVPN. NFS sucks, and I hope the setuids option comes back. Getting offtopic, but for the archives: I had to use the NFS mount options "soft,udp,retrans=0" so that I could log in if the VPN went down. With those options, there's only a ~4 second delay before the NFS gives up with an error. If you leave set it to "tcp", your SSH shell will lock up for 5 minutes (when you log in and it tries to read ~/.bashrc), another 5 minutes if you accidentally type "ls", and another 5 minutes if you hit [TAB] and it tries to do command-line completion for you. You can tweak your TCP timeouts, but do you really want to tweak TCP settings just to make NFS fail in a reasonable fashion (and thus possibly break everything else)? And if you leave it at the default "hard" instead of "soft", the system will lock up indefinitely when you log in (trying to read ~/.bashrc). I love OpenVPN, but installing, configuring, generating certs, copying certs to the client, testing, setting up monitoring, etc. was a couple hours of work, compared to 5 minutes setting up an SSH tunnel with my pre-existing key... and yet, OpenVPN was still less work than trying to tunnel NFS over SSH (thanks to dynamic RPC ports, lockd, etc.). Thanks, Derek On 05/29/2010 05:11 AM, Scott Lovenberg wrote: On Fri, May 28, 2010 at 4:12 PM, Derek Simkowiak <mailto:der...@realloc.net>> wrote: I can mount it using these options in /etc/fstab... note the use of "setuids" here: //cst6/testhome /testhome cifs iocharset=utf8,credentials=/root/cst6_password.txt,setuids 0 0 Does it work if you change 'setuids' to 'suid'? Is there anything else I can try? Looking at this earlier post, it seems like maybe "setuids" is not even a supported option anymore...? http://lists.samba.org/archive/linux-cifs-client/2010-March/005600.html The client code has been moved out of the samba package recently. In the current release of the client (the client is now released separately from the samba suite, but the two aren't in sync yet) the setuid functionality is deprecated (but can still be enabled at compile time). At the moment the option is being called 'legacy'; I don't know if the functionality is being dropped or upgraded/redesigned, though. -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] setuids mount option broke
Hello, I'm trying to export a /home/ partition for multiple users, using Samba and the setuids option. My goal is to deliver emails into $HOME/.Maildir/ for each user. So I mount the share as user "root", hoping that each user will be able to use their own home directory (just like an NFS /home/ mount). (This feature depends on the Unix extensions.) I have the following share configured in smb.conf: [testhome] comment = Root-mounted Home Dir browseable = no writable = yes valid user = root path = /home I can mount it using these options in /etc/fstab... note the use of "setuids" here: //cst6/testhome /testhome cifs iocharset=utf8,credentials=/root/cst6_password.txt,setuids 0 0 But setuids seems to be broken, either in the server, or in the client, or both. With an Ubuntu 9.10 or 10.4 client (Samba 3.4.0 or 3.4.7), it's completely broke. If I try to create a file as a regular user, it does create the file (as root) but then fails when it goes to set the ownership. Note the "Permission denied" error below, after the file was successfully created: r...@cst5:/testhome# mkdir test r...@cst5:/testhome# chmod 777 test r...@cst5:/testhome# su - ubuntu ubu...@cst5:~$ cd /testhome/test/ ubu...@cst5:/testhome/test$ touch file_test1.txt touch: cannot touch `file_test1.txt': Permission denied ubu...@cst5:/testhome/test$ mkdir dir_test1.d ubu...@cst5:/testhome/test$ ls -la total 0 drwxrwxrwx 3 root root 0 2010-05-28 12:58 . drwxr-xr-x 7 root root 0 2010-05-28 12:57 .. drwxr-xr-x 2 root root 0 2010-05-28 12:58 dir_test1.d -rw-r--r-- 1 root root 0 2010-05-28 12:58 file_test1.txt ubu...@cst5:/testhome/test$ The "Permission denied" error indicates that it is trying to set the UID, but failing. But using an ebox client (Samba 3.4.5), it *almost* works. Newly-created files have the correct UID, but new directories are still owned by root (with no error message printed): r...@ebox:/testhome# mkdir test r...@ebox:/testhome# chmod 777 test r...@ebox:/testhome# su - ubuntu ubu...@ebox:~$ cd /testhome/test ubu...@ebox:/testhome/test$ touch file_test1.txt ubu...@ebox:/testhome/test$ mkdir dir_test1.d ubu...@ebox:/testhome/test$ ls -la total 0 drwxrwxrwx 3 root root 0 2010-05-28 12:51 . drwxr-xr-x 7 root root 0 2010-05-28 12:50 .. drwxr-xr-x 2 root root 0 2010-05-28 12:51 dir_test1.d -rw-r--r-- 1 ubuntu ubuntu 0 2010-05-28 12:50 file_test1.txt ubu...@ebox:/testhome/test$ Based on this testing, it looks like setuids works for files, but only for Samba client 3.4.5. Using setuids for directories fails completely. Since there is no error message printed, it looks like the client is not even trying to set the directory UID. These results are the same regardless of the Samba server version. I tried it with an Ubuntu 9.10 server (Samba 3.4.0) and Ubuntu 10.4 server (Samba 3.4.7). All the pre-existing UIDs and GIDs seem to be recognized correctly on the share, so I think the Unix extensions are working correctly. Is there anything else I can try? Looking at this earlier post, it seems like maybe "setuids" is not even a supported option anymore...? http://lists.samba.org/archive/linux-cifs-client/2010-March/005600.html Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password Change from Windows machines ("You do not have permission to change your password")
For anyone else trying to get this to work, I should also add that a problem in the Ubuntu auth-client-config package was also giving me the same (misleading) error message. In /etc/pam.d/common-password, you must remove the "use_authtok" option on the pam_ldap.so line: _Wrong:_ password[success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass _Correct:_ password[success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass This problem also resulted in the misleading "You do not have permission to change your password" error message. Between this and the problem below, I was pulling my hair out... Thanks, Derek On 12/01/2009 12:26 AM, Derek Simkowiak wrote: Hello, I just wasted several hours trying to figure out why I could not change Samba passwords from Windows XP computers. I'm posting here so that there is some form of documentation about this on the web. My setup is basically this: - Samba 3.3.2 (running under Ubuntu 9.04) - OpenLDAP user database - Full O.S. support for OpenLDAP auth, using nsswitch and PAM.(My client LDAP config was installed using *auth-client-config *as per https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html, plus some tweaking in /etc/smbldap-tools/. ) I can ssh into the box as a system user that exists only in LDAP (and not in /etc/passwd). I can also change my LDAP password at the bash prompt by typing "passwd" (via PAM), or smbldap-passwd, or smbpasswd. That all works as per the documentation. The problem: I could not change my password from Windows boxen. They kept giving me "You do not have permission to change your password." I found the solution by cranking up the log level to 10. I eventually found this golden snippet in all the noise: [2009/11/30 23:23:37, 4] auth/pampass.c:smb_pam_chauthtok(670) smb_pam_chauthtok: PAM: Password Change for User: dereks [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(284) smb_pam_passchange_conv: starting converstation for 1 messages [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(312) smb_pam_passchange_conv: Processing message 0 [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(346) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: New password: [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |*enter new * password:*| to |New password:| [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |*retype new * password:*| to |New password:| [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |*password updated successfully*| to |New password:| [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match || to |New password:| [2009/11/30 23:23:37, 3] auth/pampass.c:smb_pam_passchange_conv(370) smb_pam_passchange_conv: Could not find reply for PAM prompt: New password: [2009/11/30 23:23:37, 0] auth/pampass.c:smb_pam_chauthtok(699) PAM: User not known to PAM [2009/11/30 23:23:37, 2] auth/pampass.c:smb_pam_error_handler(77) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2009/11/30 23:23:37, 0] auth/pampass.c:smb_pam_passchange(861) smb_pam_passchange: PAM: Password Change Failed for user dereks! [2009/11/30 23:23:37, 4] auth/pampass.c:smb_pam_end(450) smb_pam_end: PAM: PAM_END OK. [2009/11/30 23:23:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/11/30 23:23:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (4202, 513) - sec_ctx_stack_ndx = 1 [2009/11/30 23:23:37, 5] rpc_server/srv_samr_nt.c:_samr_ChangePasswordUser2(1907) _samr_ChangePasswordUser2: 1907 samr_ChangePasswordUser2: struct samr_ChangePasswordUser2 out: struct samr_ChangePasswordUser2 result : NT_STATUS_ACCESS_DENIED Here you can see that the "password chat" was attempting to communicate with PAM in a fashion similar to 'expect'. My "passwd chat" setting in /etc/samba/smb.conf was not correct, so the password change failed. The resulting error code "NT_STATUS_ACCESS_DENIED" caused Windows to print that useless "You do not have permission to change your password" dialog box, and sent me on a wild goose chase. The comments in the smb.conf that come with Ubuntu say this: # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan < for # sending the correct chat script for the passwd program in Debian Sarge). p
[Samba] Password Change from Windows machines ("You do not have permission to change your password")
docs and forum postings I found online.
But, as shown in the logs above, the correct answer was "pam
password change = yes" with a corrected "passwd chat" setting. Here is
a setting that works for me on Ubuntu 9.04:
passwd program = /usr/bin/passwd %u
passwd chat = *New\spassword:* %n\n *New\spassword:* %n\n
*password\supdated\ssuccessfully* .
pam password change = yes
I deduced that customized chat script by running "/usr/bin/passwd
username" at the bash prompt to see what happens.
Alternatively, I now know that the default setting for "passwd chat"
setting will work with PAM, if I comment out the broken one that comes
with the Ubuntu (and Debian?) smb.conf file and also comment out the
"passwd program = ..." line.
In short, the combination of these issues made troubleshooting time
consuming and difficult:
- Misleading error message ("You do not have permission to change your
password.")
- Misleading docs that imply EITHER "pam password change = yes" OR
"passwd program" with "passwd chat"
- An outdated, incorrect setting for "passwd chat" in the Debian and
Ubuntu smb.conf file that does not work with /usr/bin/passwd
- Missing Samba docs to explain "passwd chat" might be used, even in the
case of "pam password change = yes"
- Missing Samba docs to explain the default setting for "passwd chat"
will work with PAM, in the case of "pam password change"
Hopefully this will help somebody else avoid the same mistake.
Thank You,
Derek Simkowiak
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is the net rpc vampire at all destructive to a NT4 PDC?
Reading through the Samba3 -By Example guide and I'm confused with the statement section 9.2 http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html#id2594565 about accessing the SAM and Security sections of the registry will render the PDC non operable. Its clear from the text if you go and edit the registry(regedit etc..) so you can read the entries your PDC will not work. What's not exactly clear is if any of the tools like net rcp vampire or getsid tools change the operation of the PDC in this way or any other way for that mater. The net rcp tools don't access the registry in this destructive way do they? Like: # net rpc vampire -S TRANSGRESSION -U Administrator%not24get > /tmp/vampire.log 2>1 Is it safe to run the net rpc vampire command on a PDC as many times as you want in effort to test the NT4 -> samba PDC? While keeping the NT4 PDC in production mode? With the goal of test the full operation of the migrated PDC on a separate network. Thanks Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] gidNumber's and ldap backed samba PDC
Ok I see it appears that the ldap entries that samba needs in the directory are under a different O. ou=groups,o=smb,dc=unav,dc=es for example. dn: cn=Domain Admins,ou=groups,o=smb,dc=unav,dc=es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins Where my user/file system groups would be under traditional ldap entries like: dn: cn=usrgrp,ou=Group,dc=ct,dc=unav,dc=es objectClass: posixGroup objectClass: top cn: usrgrp userPassword:: e2NyexB0fX9g= gidNumber: 512 creatorsName: cn=Manager, dc=ct,dc=unav,dc=es createTimestamp: 20021007160601Z modifiersName: cn=Manager,dc=ct,dc=unav,dc=es modifyTimestamp: 20081205192619Z This right? Thanks Derek -Original Message- From: samba-bounces+dwerthmu=ctg.albany@lists.samba.org [mailto:samba-bounces+dwerthmu=ctg.albany@lists.samba.org] On Behalf Of Adam Tauno Williams Sent: Tuesday, March 24, 2009 1:38 PM To: 'samba@lists.samba.org' Subject: Re: [Samba] gidNumber's and ldap backed samba PDC On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote: > In the planning process for migrating from NT4 PDC, and external ldap > directory to samba 3.2.8 PDC. The external existing openldap directory > is used currently to support the local uid mapping for the Linux > logins and samba file servers that are members of the current NT4 PDC. > While looking at the existing openldap UIDs and GIDs in use and what > the samba PDC wants to use I see some uid/gid collisions. For example > I see that the Domain Admins uses gid 512, just so happens to be the > same as a file system group(in the ldap directory). No, it doesn't. RID != GID. A RID is a component of the SID and SIDs are mapped to UIDs & GIDs. > Is it better to change the users group gid and leave the samba domain > admins and such the way they are? Not necessary. > I suspect a small shell script can crawl the file system and replace > one gid for another if I were to change the users GID. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] gidNumber's and ldap backed samba PDC
In the planning process for migrating from NT4 PDC, and external ldap directory to samba 3.2.8 PDC. The external existing openldap directory is used currently to support the local uid mapping for the Linux logins and samba file servers that are members of the current NT4 PDC. While looking at the existing openldap UIDs and GIDs in use and what the samba PDC wants to use I see some uid/gid collisions. For example I see that the Domain Admins uses gid 512, just so happens to be the same as a file system group(in the ldap directory). Is it better to change the users group gid and leave the samba domain admins and such the way they are? I suspect a small shell script can crawl the file system and replace one gid for another if I were to change the users GID. Thanks Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User home directories on a windows server question.
Ya that's not really an option, I don't control the AD servers, so no suf or schema extensions. But what I'm finding make it pretty clear there is no way to replace NFS with SMB for a large multiuser system. I find that very disappointing given the age of the samba project. I really figured someone would have a great solution for dropping a Linux box into a AD domain with no modification to the AD. Follow question. mount.cifs //server/share /mnt/folder -ousername=user,sec=krb5i works okay, other then mounting as root and not enforcing perms. mount.cifs //server/share /mnt/folder - ousername=user,sec=krb5i,uid=12345 returns an mount error 126 = Required key not available Anybody got a comment? cifs.upcall is working otherwise the first mount wouldn't work. This is attempting to connect to a W2k8 server in an AD. Thanks, Derek On Mar 14, 2009, at 05:15 AM, Per-Erik Persson wrote: I had a similair problem a couple of years ago. I tried to get the users credentials to automaticly map the homedirectories off the windows machine. I never got it working. In theory it should since the users got a kerberos ticket while they logged on to linux. But I could not spend to much time on it. The only solution I got woking was to install services for unix on the windowsmachine and then export the homedirectories over nfs. But then I had to spend time to build a script to sync userid:s between unix and windows. I don't know it that works better nowdays. I assume microsoft don't want to build a to good solutions for integrating with unix. Okay I've run out of cool ideas and am hoping that someone can offer a brilliant solution to this problem. I'm attempting to deploy a RHEL 5.3 server as a shared ssh servers, user home directories are coming off a Windows 2008 fileserver. I though autofs would be the winning solution but it doesn't/can't mount the users home directory using kerberos, RedHat doesn't provide pam_mount so until I build that next week I won't know how well then works. So does anyone have a suggest? How do you provide smb home directories on multiuser systems? Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] User home directories on a windows server question.
Okay I've run out of cool ideas and am hoping that someone can offer a brilliant solution to this problem. I'm attempting to deploy a RHEL 5.3 server as a shared ssh servers, user home directories are coming off a Windows 2008 fileserver. I though autofs would be the winning solution but it doesn't/can't mount the users home directory using kerberos, RedHat doesn't provide pam_mount so until I build that next week I won't know how well then works. So does anyone have a suggest? How do you provide smb home directories on multiuser systems? Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permissions problems
Hey guys, Having a problem with permissions on shares I've setup. I recently migrated a working samba install over to a new box. This new servers is running the same distro (Gentoo 2008.0), same version (3.0.32), and using the exact same smb.conf. I'm trying to get directories to have the permissions of 0770 and 0660, respectively, so users in the same group can read/write to them. Here is an example share: [test] comment = testing path = /var/samba/files/test valid users = +users read only = No browsable = No force group = users force create mode = 0660 force directory mode = 0770 However, directories are being created as 0755 and files as 0644. I do have inherit permissions set to no in the global section. I'm sure there's something obvious that I'm missing that's overriding the mask, but I can't seem to find it. The exact same share declaration is working as expected on the previous box I'm migrating from. Thanks for your help. -- Derek Bodner subscribedli...@derekbodner.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD controller problems.
I did check that by doing a time sync against both of the other DCs. Ntpdate adjusted the clock by a couple of milliseconds, not enough to through off kerberos. Thanks, Derek On Dec 9, 2008, at 12:29 PM, Giovanni Cambria wrote: What about the time syncronization of the RTC clock of every DCs? G. - Original Message - From: "Derek Harkness" <[EMAIL PROTECTED] > To: "Samba List" Sent: Monday, December 08, 2008 4:40 PM Subject: [Samba] AD controller problems. In my AD setup I have 3 domain controllers (dc1, dc2, dc3) when samba/ winbind are talking to dc1 everything is great when talking to dc2 or dc3 I get this error "kinit succeeded but ads_sasl_spnego_krb5_bind failed: Strong(er) authentication required" and nothing works. I don't think its a samba config problem but my AD admins aren't real helpful in getting samba working. Has anybody else seen this or maybe got a solution/work around? Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] template homedir question
Okay I'm a bit lost at this point. I've got created an idmap plugin that loads and does some useful stuff for me but I'm still having a rough time with the homedir. I've been working this the nss_*_get_info() using nss_rfc2307_get_info() and nss_sfu_get_info() as a guide and the big problem I've run into at this point it I don't know the username of the user I'm creating the homedir for. Variable substitution happens after I munge the homedir string so, any suggestions on where I can get the username would help. Thanks, Derek On Dec 2, 2008, at 11:04 AM, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Derek Harkness wrote: Hello All, I'm integrating an existing unix environment into an exist AD environment. I'm thinking of switching from nssldap to nss_winbind but have one problem. My user's home directories are in the format of /home/user/<$first letter>/<$second letter>/<$username> (/home/user/d/h/dhaknes). Looking at the template homedir it doesn't appear that I can use this format. Is there away to pull the first and second letters of the username as variables to use in template homedir? No but this would be easy to implement. The nss_info API allows you to write a new plugin. if you code in C, I can point you right at what to do. Maybe an hour's work. Side question, I'm looking at using pam_mkhomedir and it is creating home directories for computer accounts is there anyway to prevent that? Not really. A Computer object is derived from a user object in AD. SO both share the same set of base attributes (i.e. a computer is just a special type of user). cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNVx/IR7qMdg1EfYRArppAJ4i7Bm3E+UOa0Jk4Y4SL0Xi46TzUACfTpqy WmNCZFHJnPLWub7fDm0q59E= =SqmA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD controller problems.
In my AD setup I have 3 domain controllers (dc1, dc2, dc3) when samba/ winbind are talking to dc1 everything is great when talking to dc2 or dc3 I get this error "kinit succeeded but ads_sasl_spnego_krb5_bind failed: Strong(er) authentication required" and nothing works. I don't think its a samba config problem but my AD admins aren't real helpful in getting samba working. Has anybody else seen this or maybe got a solution/work around? Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] template homedir question
On Dec 2, 2008, at 11:04 AM, Gerald (Jerry) Carter wrote: No but this would be easy to implement. The nss_info API allows you to write a new plugin. if you code in C, I can point you right at what to do. Maybe an hour's work. Seems doing able. Point me where I need to go. Thanks! Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] template homedir question
Hello All, I'm integrating an existing unix environment into an exist AD environment. I'm thinking of switching from nssldap to nss_winbind but have one problem. My user's home directories are in the format of /home/user/<$first letter>/<$second letter>/<$username> (/home/user/ d/h/dhaknes). Looking at the template homedir it doesn't appear that I can use this format. Is there away to pull the first and second letters of the username as variables to use in template homedir? Side question, I'm looking at using pam_mkhomedir and it is creating home directories for computer accounts is there anyway to prevent that? Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print Operator Rights in AD environment
Cool thanks. -W did the trick. Derek On Dec 1, 2008, at 13:12 PM, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Derek, Derek Harkness wrote: net sam addmember gives me "Adding local group member failed with NT_STATUS_NO_SUCH_ALIAS". $ net sam createbuiltingroup Administrators You will need to configure a valid 'idmap alloc backend' for this. I added root to my local smbpasswd file but if I attempt to use the account I get NT_STATUS_LOGON_FAILURE. Make sure you use -U root -W when connecting. (where is replaced by your local machine name. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNCkcIR7qMdg1EfYRAkwWAJ9DlQmeGjpDtAn+wegsuw7L0tvEswCg5PDt gPBjLF2KITWBfFMwSSyLMTY= =J5ck -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print Operator Rights in AD environment
net sam addmember gives me "Adding local group member failed with NT_STATUS_NO_SUCH_ALIAS". I added root to my local smbpasswd file but if I attempt to use the account I get NT_STATUS_LOGON_FAILURE. More information might help. Or it might just confuse the situation. I am running winbind but not using nss_winbind. This is an old Samba/ unix domain that I'm integrating into an existing AD domain, so I have all the user's posix information in ldap and have this in my smb.conf idmap domains = ADS Domain idmap config ADSROOT:backend = nss idmap config ADSROOT:default = yes Oh and to confuse the matter a bit more, the AD is setup to use pass thru authentication to an external kerberos realm. Thanks, Derek On Dec 1, 2008, at 12:11 PM, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek Harkness wrote: I am attempting to set the SePrintOperatorPrivilege right on my RHEL 5.2 samba server and need some guidance. The samba box is currently joined to an AD forest in which I have a delegated OU, I do not have a Domain Admin account. Samba seems to want/need an Admin account in order to make changes to the server configuration such as rights. So the question is. Is there away to set a local administrator account or to map my AD account to a local administrator? if you are running Winbind, then add your account to the BUILTIN\Administrators group (net sam addmem Administrators " Or you can temporarily enable a root in Samba's account db. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNBqnIR7qMdg1EfYRAtQcAJwNjbWFB93Ulhqnv8LABdKfxkwQzgCfZVK7 8Umn5en2HjdmEO0DsO741so= =S6/3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Print Operator Rights in AD environment
I am attempting to set the SePrintOperatorPrivilege right on my RHEL 5.2 samba server and need some guidance. The samba box is currently joined to an AD forest in which I have a delegated OU, I do not have a Domain Admin account. Samba seems to want/need an Admin account in order to make changes to the server configuration such as rights. So the question is. Is there away to set a local administrator account or to map my AD account to a local administrator? Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CVE-2008-1105
Hello list! Just wanted to confirm whether this CVE affects the 3.0.4 version of Samba.. The samba.org website claims "This security advisory is applicable to all Samba 3.0.x releases to date" Yet the actual CVE [1] has "Versions: Samba 3.0.0 - 3.0.29 (inclusive)" The CVE suggests that the version 3.0.4 would not be affected, my confused! Thanks in advance, Derek [1] http://us1.samba.org/samba/security/CVE-2008-1105.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba in NATed network
You should be able to run the samba server on one of the vlans giving it an internal ip address just make sure the routing between all the vlans will forward the traffic to your PDC. Also for security I would put the samba server behind the NAT address there should be no reason to make it public to the Internet unless you have remote people that connect in to it. And if that is the case they should be coming in over some kind of vpn type link. That can then route there connection to the correct enteral server or network. Here is an example of my simple network I am right now running a small group of samba server at my house and some family members houses that has 3 PDC on 3 different networks all using private address. With all the networks linked together over a IPSEC network-to-network VPN. So I can have trusted networks setup between the servers. This allows me to log in to any of the Domains from my workstation and manage it. > We have about 300 users distributed on different vlans using private ip > network spaces, and sharing one single public IP when going out to the > Internet. Our samba (3.0.24) server has a pulbic IP and is running as a > primary domain controller. All clients receive Sambas's public IP as > their WINS server. I am able to join the domain but samba stops > responding sporadically. Looking at the logs, I found two things: > First on samba/log.smb: > > oscar01 (4.5.6.7) closed connection to service netlogon > [2008/04/30 11:55:12, 0] lib/util_sock.c:get_peer_addr(1229) > getpeername failed. Error was Transport endpoint is not connected > [2008/04/30 11:55:12, 0] lib/util_sock.c:write_data(562) > write_data: write failure in writing to client 4.5.6.7. Error > Connection reset by peer > [2008/04/30 11:55:12, 0] lib/util_sock.c:send_smb(769) > Error writing 4 bytes to client. -1. (Connection reset by peer) > > Searching on google It seems that this is caused by smb ports=445 139 > and can be fixed by setting it to smb ports=445. I already made this > change. > > Second on samba/log.nmbd > > [2008/04/30 14:25:31, 1] libsmb/cliconnect.c:cli_connect(1369) > Error connecting to 4.5.6.7 (Operation already in progress) > [2008/04/30 14:40:40, 1] lib/util_sock.c:open_socket_out(896) > timeout connecting to 4.5.6.7:139 > > Here it looks like samba is trying to initiate a connection using the > NAT/firewall public IP, which is never going to work since there's no > port forwarding in place. Which makes me wonder, is it possible to run > samba on a NATed network?? > Thank you in advance for your input, > eric. > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Secondary groups and Posix ACL
Okay I found the solution to this problem. It appears you shouldn't
run winbindd on a samba PDC.
Derek Harkness
Data Security Analyst Senior
University of Michigan-Dearborn
(313) 593-5089
On Jan 31, 2008, at 08:08 AM, Derek Harkness wrote:
I've got a very odd situation occurring. I recently upgraded to
Samba 2.0.26a and now secondary group membership doesn't work.
On the filesystem I have this layout
/derek
/derek/Folder 1
/derek/Folder 2
derek has these ACLs
# file: derek
# owner: root
# group: root
user::rwx
group::r-x
other:r-x
Folder 1 has these ACLs
# file: Folder 1
# owner: root
# group: g1
user::rwx
group:rwx
other: ---
default:user::rwx
default:group::rwx
default:group:g1:rwx
default:mask:rwx
default:other:---
Folder 2 has these ACLs
# file: Folder 2
# owner: root
# group: g2
user::rwx
group:rwx
other: ---
default:user::rwx
default:group::rwx
default:group:g2:rwx
default:mask:rwx
default:other:---
Here is the share block from the smb.conf
[derek]
comment = Posix ACL test
path = /derek
guest ok = no
browseable = no
writeable = yes
Now my user testuser1's primary group is g1 and testuser1 is also a
member of g2. From the shell testuser1 can access both directories
and all is good. Through samba testuser1 get an access denied or
network path not found when accessing Folder 2. If I add g1 to the
acl on Folder 2 then samba will let testuser1 in. Am I missing
something?
Derek
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Secondary groups and Posix ACL
I've got a very odd situation occurring. I recently upgraded to Samba
2.0.26a and now secondary group membership doesn't work.
On the filesystem I have this layout
/derek
/derek/Folder 1
/derek/Folder 2
derek has these ACLs
# file: derek
# owner: root
# group: root
user::rwx
group::r-x
other:r-x
Folder 1 has these ACLs
# file: Folder 1
# owner: root
# group: g1
user::rwx
group:rwx
other: ---
default:user::rwx
default:group::rwx
default:group:g1:rwx
default:mask:rwx
default:other:---
Folder 2 has these ACLs
# file: Folder 2
# owner: root
# group: g2
user::rwx
group:rwx
other: ---
default:user::rwx
default:group::rwx
default:group:g2:rwx
default:mask:rwx
default:other:---
Here is the share block from the smb.conf
[derek]
comment = Posix ACL test
path = /derek
guest ok = no
browseable = no
writeable = yes
Now my user testuser1's primary group is g1 and testuser1 is also a
member of g2. From the shell testuser1 can access both directories
and all is good. Through samba testuser1 get an access denied or
network path not found when accessing Folder 2. If I add g1 to the
acl on Folder 2 then samba will let testuser1 in. Am I missing
something?
Derek
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 18GB file Transfer
Brad C wrote: Hello Guys, Having a bit of trouble transferring an 18GB file for backup purposes to a Samba Server. I think the 2GB limit issue was resolved a long time ago? Running Version: Version 3.0.23c-SerNet-SuSE The error on the windows client side ( this is done in some type of bat script ) file creation error the network connection was aborted by the local system. tailing the samba logs, I think the part in bold is where things go wrong, though i cant find anything on it. Any advice would be really welcome: [2007/08/20 13:13:20, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) NativeOS=[Windows Server 2003 R2 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/08/20 13:13:20, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) Got user=[root] domain=[ARCH-SERVER] workstation=[ARCH-SERVER] len1=24 len2=24 [2007/08/20 13:19:26, 3] smbd/oplock.c:init_oplocks(862) open_oplock_ipc: initializing messages. [2007/08/20 13:19:26, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260) Linux kernel oplocks enabled [2007/08/20 13:19:26, 3] smbd/process.c:process_smb(1110) Transaction 0 of length 137 [2007/08/20 13:19:26, 3] smbd/process.c:switch_message(914) switch message SMBnegprot (pid 30689) conn 0x0 [2007/08/20 13:19:26, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 13:19:26, 3] smbd/negprot.c:reply_negprot(487) Requested protocol [PC NETWORK PROGRAM 1.0] [2007/08/20 13:19:26, 3] smbd/negprot.c:reply_negprot(487) Requested protocol [LANMAN1.0] [2007/08/20 13:19:26, 3] smbd/negprot.c:reply_negprot(487) Requested protocol [Windows for Workgroups 3.1a] [2007/08/20 13:19:26, 3] smbd/negprot.c:reply_negprot(487) Requested protocol [LM1.2X002] [2007/08/20 13:19:26, 3] smbd/negprot.c:reply_negprot(487) Requested protocol [LANMAN2.1] [2007/08/20 13:19:26, 3] smbd/negprot.c:reply_negprot(487) Requested protocol [NT LM 0.12] [2007/08/20 13:19:26, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2007/08/20 13:19:26, 3] smbd/negprot.c:reply_negprot(580) Selected protocol NT LM 0.12 [2007/08/20 13:19:26, 3] smbd/process.c:process_smb(1110) Transaction 1 of length 282 [2007/08/20 13:19:26, 3] smbd/process.c:switch_message(914) switch message SMBsesssetupX (pid 30689) conn 0x0 [2007/08/20 13:19:26, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 13:19:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) wct=12 flg2=0xc807 [2007/08/20 13:19:26, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/20 13:19:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) Doing spnego session setup [2007/08/20 13:19:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) NativeOS=[Windows Server 2003 R2 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/08/20 13:19:26, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) Got OID 1 3 6 1 4 1 311 2 2 10 [2007/08/20 13:19:26, 3] smbd/sesssetup.c:reply_spnego_negotiate(554) Got secblob of size 40 [2007/08/20 13:19:26, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088297 [2007/08/20 13:19:26, 3] smbd/process.c:process_smb(1110) Transaction 2 of length 408 [2007/08/20 13:19:26, 3] smbd/process.c:switch_message(914) switch message SMBsesssetupX (pid 30689) conn 0x0 [2007/08/20 13:19:26, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 13:19:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) wct=12 flg2=0xc807 [2007/08/20 13:19:26, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/20 13:19:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) Doing spnego session setup [2007/08/20 13:19:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) NativeOS=[Windows Server 2003 R2 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/08/20 13:19:26, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) Got user=[root] domain=[ARCH-SERVER] workstation=[ARCH-SERVER] len1=24 len2=24 When mounting in Linux, I found I had to use "-o lfs" at the end to get around the 2GB limit. But I don't know from a Windows client. -- Sincerely, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] roaming profiles for XP RPO Vista 2000 and automounted home directorys
Background on setup Here is some basic background of my setup I have 3 domains setup running over a IPSEC tunnel over the Internet with one PDC BDC and some file servers at each location all running samba (I am sorry I do not have the version number in front of me for samba) from SUSE enterprise 10 using the LDAP backend. There is a trust setup between all the domains and the IPSEC tunnels is setup so I can access it using client software on my laptop even if I am not plugged in to any of the networks. Problem Background on problem I have a Windows 2000 XP PRO and Vista Ultimate client that connect to the domains. The 2000 and XP PRO computers are able to automount my home directory from any of the domains I login to and both use the same roaming profile. But the Vista Ultimate client when I connected that one to the network it created a new profile directory for the same account and added .V2 at the end of the name using that as the location for storing the vista profile. And the vista client does not automount the home directory for any of the domains. But I am able to browse and mount it after I have the desktop up and running. Question Is there a way to make samba use the same roaming profile directory for all 3 type of clients. I have files in my documents folder and other stuff in my profile that I would like to have access to using any of the clients. Also is there a change that needs to be made to vista or samba in order to get vista to automount my home directory. Once again I am sorry I do not have access to the samba version right now and the smb.conf file. It is running the latest version of samba that is automatically installed with SUSE Enterprise 10. I have made no changes to the home shares and the roaming profiles sections of the smb.conf file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] roaming profiles for XP RPO Vista 2000 and automounted home directorys
Background on setup Here is some basic background of my setup I have 3 domains setup running over a IPSEC tunnel over the Internet with one PDC BDC and some file servers at each location all running samba (I am sorry I do not have the version number in front of me for samba) from SUSE enterprise 10 using the LDAP backend. There is a trust setup between all the domains and the IPSEC tunnels is setup so I can access it using client software on my laptop even if I am not plugged in to any of the networks. Problem Background on problem I have a Windows 2000 XP PRO and Vista Ultimate client that connect to the domains. The 2000 and XP PRO computers are able to automount my home directory from any of the domains I login to and both use the same roaming profile. But the Vista Ultimate client when I connected that one to the network it created a new profile directory for the same account and added .V2 at the end of the name using that as the location for storing the vista profile. And the vista client does not automount the home directory for any of the domains. But I am able to browse and mount it after I have the desktop up and running. Question Is there a way to make samba use the same roaming profile directory for all 3 type of clients. I have files in my documents folder and other stuff in my profile that I would like to have access to using any of the clients. Also is there a change that needs to be made to vista or samba in order to get vista to automount my home directory. Once again I am sorry I do not have access to the samba version right now and the smb.conf file. It is running the latest version of samba that is automatically installed with SUSE Enterprise 10. I have made no changes to the home shares and the roaming profiles sections of the smb.conf file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows clients can't see workgroup at all
Here are a few things you might try if the samba server is the only server on the network. In the smb.conf file make sure wins support = yes And on the windows computer in the tcp/ip settings add the ip address of the server to the wins tab. Then when the servers and other windows computers are running check the logs on the server to see if one of the windows computers is fighting with the Samba server for browse master on the network. If this is happening change the OS level in the smb.conf file to make samba win the master browser slot on the network. If this samba server is not going to be the wins server add these settings to the smb.conf wins support = no wins server = (192.168.0.2 ip address of your wins server) Make sure the wins server ip address is set in the tcp/ip settings > I'm trying to troubleshoot a new samba setup on a tiny network, and I'm > clearly missing something. I'm running Samba 3.0.22 on Ubuntu Linux. > > When I first set it up, it seemed to go so smoothly. I changed all the > workstations to the same workgroup (RABNETWORK) and they could see each > other and the server, but they couldn't open anything on the server. I > don't > really understand what the problem is, but I didn't change anything, I > gave > up and went home. Now, none of the workstations can browse the network at > all. When I click "View workgroup computers" the error I get says that the > network is not accessible. Even with the server off, the network is not > accessible (hence my suspicion that samba is not the problem). > > What I can't sort out is what the problem is likely to be. I tried > stopping > the firewall (AVG) altogether, which didn't make a difference. I tried to > walk through this diagnosis worksheet: > http://samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html > > and got the following results: > 1) testparm works > 2) ping by name fails; I can ping the server's IP address from the Windows > clients, but can't ping the Windows machines from the server. > 3) works: smbclient -L BIGSERVER > > Domain=[BEASTIE] OS=[Unix] Server=[Samba 3.0.22] > > Sharename Type Comment > - --- > homes Disk Home Directories > print$ Disk Printer Drivers > Share Drive Disk This is the server. > tmp Disk temporary files > IPC$IPC IPC Service (beastie server (Samba, > Ubuntu)) > ADMIN$ IPC IPC Service (beastie server (Samba, > Ubuntu)) > amanda Disk Home Directories > Domain=[BEASTIE] OS=[Unix] Server=[Samba 3.0.22] > > Server Comment > ---- > > WorkgroupMaster > ---- > RABNETWORK BEASTIE > > 4) works: *nmblookup -B BIGSERVER __SAMBA__ > [EMAIL PROTECTED]:~$ nmblookup -B BEASTIE __SAMBA__ > querying __SAMBA__ on 127.0.0.1 > 192.168.1.102 __SAMBA__<00> > > *5) fails:* nmblookup -B ACLIENT '*'** >[EMAIL PROTECTED]:~$ nmblookup -B presta '*' >querying * on 0.0.0.0 >192.168.1.102 *<00> > > I'm stopping here because it seems pretty clear that the Windows XP client > machines are hating me.Where do I go from here? > > Thanks, > Amanda > > * > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows clients can't see workgroup at all
Here are a few things you might try if the samba server is the only server on the network. In the smb.conf file make sure wins support = yes And on the windows computer in the tcp/ip settings add the ip address of the server to the wins tab. Then when the servers and other windows computers are running check the logs on the server to see if one of the windows computers is fighting with the Samba server for browse master on the network. If this is happening change the OS level in the smb.conf file to make samba win the master browser slot on the network. If this samba server is not going to be the wins server add these settings to the smb.conf wins support = no wins server = (192.168.0.2 ip address of your wins server) Make sure the wins server ip address is set in the tcp/ip settings > I'm trying to troubleshoot a new samba setup on a tiny network, and I'm > clearly missing something. I'm running Samba 3.0.22 on Ubuntu Linux. > > When I first set it up, it seemed to go so smoothly. I changed all the > workstations to the same workgroup (RABNETWORK) and they could see each > other and the server, but they couldn't open anything on the server. I > don't > really understand what the problem is, but I didn't change anything, I > gave > up and went home. Now, none of the workstations can browse the network at > all. When I click "View workgroup computers" the error I get says that the > network is not accessible. Even with the server off, the network is not > accessible (hence my suspicion that samba is not the problem). > > What I can't sort out is what the problem is likely to be. I tried > stopping > the firewall (AVG) altogether, which didn't make a difference. I tried to > walk through this diagnosis worksheet: > http://samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html > > and got the following results: > 1) testparm works > 2) ping by name fails; I can ping the server's IP address from the Windows > clients, but can't ping the Windows machines from the server. > 3) works: smbclient -L BIGSERVER > > Domain=[BEASTIE] OS=[Unix] Server=[Samba 3.0.22] > > Sharename Type Comment > - --- > homes Disk Home Directories > print$ Disk Printer Drivers > Share Drive Disk This is the server. > tmp Disk temporary files > IPC$IPC IPC Service (beastie server (Samba, > Ubuntu)) > ADMIN$ IPC IPC Service (beastie server (Samba, > Ubuntu)) > amanda Disk Home Directories > Domain=[BEASTIE] OS=[Unix] Server=[Samba 3.0.22] > > Server Comment > ---- > > WorkgroupMaster > ---- > RABNETWORK BEASTIE > > 4) works: *nmblookup -B BIGSERVER __SAMBA__ > [EMAIL PROTECTED]:~$ nmblookup -B BEASTIE __SAMBA__ > querying __SAMBA__ on 127.0.0.1 > 192.168.1.102 __SAMBA__<00> > > *5) fails:* nmblookup -B ACLIENT '*'** >[EMAIL PROTECTED]:~$ nmblookup -B presta '*' >querying * on 0.0.0.0 >192.168.1.102 *<00> > > I'm stopping here because it seems pretty clear that the Windows XP client > machines are hating me.Where do I go from here? > > Thanks, > Amanda > > * > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] network share from samba slow over vpn
I've setup a standard Samba share on one of our Solaris servers. Everything works great locally. Even a fast VPN connection work fine. But a VPN slower then 80ms ping response time and they start to see delays when trying to brows through the shared directories. With an even slower connection of 120ms ping time an the browsing becomes unbearable. Seems to me that the connection is timing out or trying to retransmit. At first I thought it may be our firewall or the type of VPN. But I tested other services (telnet, ftp, xterm, vnc) at the slower speed without any issues. Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Replacing debian packages with compiled source
The Samba that is packaged for Xandros 2.0 seems to be broken; at least, mine keeps giving me "segmentation fault" errors. I've tried wiping it out and re-installing it, but it hasn't helped. Recently I decided to get the latest version of Samba and compile it from source, which, to my amazement, actually worked. Now, before I try "make install," I would like to know: which existing packages do I need to remove? I know the base samba package will have to go, but I don't know which other ones also have to be deleted, versus which ones are actually separate -- for example, I think smbclient is separate, but I'm not sure. I presume "make install" will overwrite any files in the way, but I'd rather clear out the old stuff before doing the install. On the other hand, I don't want to remove related packages that I need to use Samba on that computer. Thanks, Derek Croxton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] subdirectory permissions
Hi I recently installed Redhat ES 4 with a view to eventually doing away with our SBS 2003 server. I can share directories ok but cannot seem to pass the directory share parameters onto the subdirectories and files within. Is there a way to do this without creating seperate shares for the subdirectories (there are far too many subdirectories to consider this, unless I have no option). I have tried the 'Inherit permissions from parent directory' but this does not seem to work. I am quite new to the linux environment as far as using it as a file server are concerned anyway. Any help would be much appreciated Thanks in advance Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printer admin: deprecated?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 28, 2005, at 3:37 AM, Fabio wrote: Hi! On Thu, 2005-11-24 at 09:53 +1000, Adam Nielsen wrote: If "printer admin" is deprecated, what option replace it? I'm not sure, I was wondering this same question myself. printer admin is still valid? if yes, until version will support it? I'm using Samba 3.0.20 and it still seems to work, but I'm not sure when it'll be taken out. I understand it has been replaced with proper ACLs and privileges. Check the release notes. Ok, I can use SePrintOperatorPrivilege but I use printer admin in the share section so that I can decide which users/groups are administrators (for a printer) and which not. I can do that using SePrintOperatorPrivilege ? No, I think, because I can't specify a particular printer. is it wrong? I granted the SePrintOperatorPrivilege to everyone who will be managing printers and then added specific users or groups to the security tab of the printer(s) they will be managing. Derek Thanks a lot, Fabio Andrew Bartlett -- Dott. Fabio Marcone 2T srl Telefono+39 - 0871- 540154 Fax +39 - 0871- 571594 Email [EMAIL PROTECTED] Indirizzo Viale B. Croce 573, 66013 Chieti Scalo (CH) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDiwe4sUNgsBVjM+0RApVmAJ0Vm4Hf1fBLBYq6dLws1fW8FElQ9wCdEJQT cAZE+q2/tcfSm/9L7bn+63g= =JNN2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba domain vs linux network security
We use AFS/Kerberos/LDAP to provide home directories to our Linux/ Unix/OSX users, our Windows users connect into our Samba domain. Samba has pretty good AFS support for gatewaying SMB <-> AFS requests, at a minor weakening of filesystem security. I'm hoping Samba4 will allow me to use Kerberos all the way through. The biggest downside to the AFS/Kerberos/LDAP/Samba setup is complexity, each service is a pain to setup by itself, getting them working together nearly involved human sacrifice. But the system has been working for about a year with 99.99% uptime. A big thanks to all the Samba developers! Derek On Nov 10, 2005, at 8:27 AM, mourik jan c heupink wrote: You have several options. First, there are steps that you can take to improve NFS security somewhat, such as restricting it to particular IP addresses (although IP addresses can be spoofed). Second, you can use NFSv4, which supports proper authentication. Third, you can use an alternative means of sharing drives to Linux. I've actually been using SMB to access my Linux server's drives from my Linux client, to avoid setting up a separate file-sharing service. Several other options exist - including SSHFS (for more of a quick-and-dirty approach), AFS, and Coda, but I don't have experience with any of them. Thanks very much for the feedback. since nfs4 is NOT included in sles9 (apparently because it's acl code is not yet stable..?) I will take look at the two alternatives you mention. The feedback was very much appreciated. Mourik Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.14a AFS funkyness
I've been using Samba as an AFS gateway since December 04 and it's been working great but I recently deployed a 3.0.14a server and now samba isn't honoring AFS acls. It is enforcing unix mode permissions which is completely the wrong behavior in this case. For example I have a directory with the following unix permissions and AFS acl rwxrwxr--dharknesuserstestfolder Access list for testfolder is Normal rights: itsdept rlidwk system:administrtors rlidwka With that setup I will not be able to write to the directory through samba even though I'm in the itsdept AFS group. Samba is generating the proper AFS tokens since I can get access to the folder, it just wants to enforce file and directory permissions. Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP PDC question
The cool thing is, I didn't either I simply forgot to comment one out. But hey I'll certainly make use of it. Derek On Oct 4, 2005, at 9:46 AM, Marcel de Riedmatten wrote: Le mar 04/10/2005 à 14:57, Derek Harkness a écrit : Thanks! I was doing some testing this morning and found that on the pdc I was setup nss like this nss_base_passwd ou=People nss_base_passwd ou=machines,ou=Samba I just didn't know that you could have many nss_base_passwd entries ;-). -- Marcel de Riedmatten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP PDC question
Thanks! I was doing some testing this morning and found that on the pdc I was setup nss like this nss_base_passwd ou=People nss_base_passwd ou=machines,ou=Samba In my 15 minutes of testing it appears to work well. With the size of our LDAP, searching from the base could take a very long time. Thanks again, Derek On Oct 4, 2005, at 8:52 AM, Marcel de Riedmatten wrote: Le ven 30/09/2005 à 15:37, Derek Harkness a écrit : When setting up an LDAP PDC do I have to have both user and machines in the ou=People container? Here's what I've got. LDAP Tree ou=People,o=umd.umich.edu ou=NIS,ou=Groups,o=umd.umich.eud ou=machines,ou=Samba,ou=Services,o=umd.umich.edu ou=Idmap,ou=Samba,ou=Services,o=umd.umich.edu -m I get "Failed to initialise SAM_ACCOUNT for user its-1150d$. Does this user exist in the UNIX password database" which would be correct since machine accounts aren't under ou=People the local workstation won't be able to look them up. I don't want my unix users seeing all the windows workstations. The domain controllers have to see machine account. I have a setup like yours but on the pdc my nss setup is: base o=umd.umich.edu #nss_base_passwd ou=People so the whole tree is searched while on other machines it is: base o=umd.umich.edu nss_base_passwd ou=People and here the machines account are not seen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP PDC question
When setting up an LDAP PDC do I have to have both user and machines in the ou=People container? Here's what I've got. LDAP Tree ou=People,o=umd.umich.edu ou=NIS,ou=Groups,o=umd.umich.eud ou=machines,ou=Samba,ou=Services,o=umd.umich.edu ou=Idmap,ou=Samba,ou=Services,o=umd.umich.edu smb.conf (ldap stuff) ldap delete dn = no ldap suffix = o=umd.umich.edu ldap user suffix = ou=People ldap group suffix = ou=NIS,ou=Groups ldap machine suffix = ou=machines,ou=Samba,ou=Services ldap idmap suffix = ou=Idmap,ou=Services ldapsam:trusted = yes idmap backend = ldap:ldap://tien.its.umd.umich.edu passdb backend = ldapsam:ldap://tien.its.umd.umich.edu NSS setting nss_base_passwd ou=People nss_base_groups ou=NIS When I attempt to join a workstation to the domain the smbldap- useradd script works and creates the posix entry, but the samba attributes are never add and the workstation returns the error user can not be found. If I try adding the workstation using smbpasswd -a -m I get "Failed to initialise SAM_ACCOUNT for user its-1150d$. Does this user exist in the UNIX password database" which would be correct since machine accounts aren't under ou=People the local workstation won't be able to look them up. I don't want my unix users seeing all the windows workstations. Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba(4) + AFS
This maybe more appropriate on the developers list but I'll ask here first. Anybody know if any improved support for AFS is being added to either samba 3 or 4? We currently share all user home directories, shared files, web sites, etc. etc. from AFS using Samba. This setup is working great, thank you to everyone involved!! I'm just concerned that AFS support might not make it into 4. Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Login to windows with samba running as domain master doesn't set HOMEPATH environment variable
I'm running samba as a domain master, Have implemented roaming profiles (correctly I hope). However, have discovered that if I use the client Windows 2K machine on the domain "Local machine" the environment variable %HOMEPATH% is set correctly to \Documents and Settings\myname however if I then login to my domain implemented by samba %HOMEPATH% is simply not defined. HOMEDRIVE and the rest seem OK, it's just HOMEPATH. Now I have searched the archives for related questions but nothing really applicable has come up therefore its going to be something wrong with my configuration (either server or client) but I really am stuck to what it could be. Thanks Derek Information - Server: OS SuSE Linux 9.1 Samba Version 3.0.13-1.1-SUSE Smb.conf - # Global parameters [global] workgroup = ELMSCLOSE map to guest = Bad User unix password sync = Yes passdb backend = smbpasswd:/etc/samba/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *changed* passwd chat debug = Yes printcap cache time = 750 printcap name = cups add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon path = \\%L\profiles\.msprofile logon drive = Y: logon home = \\%L\%U\.9xprofile domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes admin users = root, derek printer admin = @ntadmin, root, administrator cups options = raw include = /etc/samba/dhcp.conf template homedir = /home/%D/%U [homes] path = /home/%U/ comment = Home Directories valid users = %S read only = No inherit acls = Yes browseable = No [profiles] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root [public] comment = Public Shared Directory path = /home/public read only = No inherit acls = Yes Client: OS Windows 2000 Pro Have joined domain ELMSCLOSE without any problems Have created a user with profiles being copied to LINUX box without problems No other changes made -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to change file permissions on samba mount.
Ok an update. I tried mannually mounting the share via mount_smbfs. Since it defaults to whatever the owner and group IDs from the directory where the volume is mounted, I got 755 for all the files. But when I chmod anything the change doesn't take. Is there something seriously wrong with the samba client in Tiger? It just doesn't make any sense that I can't change file permissions on this smb share mounted on a mac. Especially when I can do it from a windows machine. Any thoughts? Thanks, Derek derek wrote: Hello, We share out user home dirs from a a solaris server via samba. On a windows machine I can change file permissions to files in my samba home dir. From OS X 10.4.2 all the files are at 700 and chmod does nothing to them. From the GUI get info just says that I can read and write. The smb.conf on the sun server has the following entries under the [home] section: browseable = no read only = no create mode = 0700 directory mode = 0700 wide links = no hide dot files = yes any help would be appreciated. I have also bound the mac to the windows domain and it logs me on and auto connects the samba home dir fine, I just can't change file permissions. Thanks, Derek -- Derek Pearson Systems Administrator Baskin School of Engineering UCSC 459-5605 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to change file permissions on samba mount.
Hello, We share out user home dirs from a a solaris server via samba. On a windows machine I can change file permissions to files in my samba home dir. From OS X 10.4.2 all the files are at 700 and chmod does nothing to them. From the GUI get info just says that I can read and write. The smb.conf on the sun server has the following entries under the [home] section: browseable = no read only = no create mode = 0700 directory mode = 0700 wide links = no hide dot files = yes any help would be appreciated. I have also bound the mac to the windows domain and it logs me on and auto connects the samba home dir fine, I just can't change file permissions. Thanks, Derek -- Derek Pearson Systems Administrator Baskin School of Engineering UCSC 459-5605 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print configuration question?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually determined this was a CUPS issue. I split the CUPS and Samba servers, system load on the Samba box now averages about 0.3 while load average on the CUPS system is about 0.8 or 1. Thanks, Derek On Aug 28, 2005, at 9:47 AM, Jim Ross wrote: Derek Harkness wrote: Is it better to setup lots of small print servers or one big print server? I've currently got 1 print server serving up about 55 printers. All the server does is Samba and CUPS the box has 2 2.8gig P4 xeon, 2 gigs of RAM and a load average of 3. Which is way to high since users are complaining about slow print performance. I went with this solution because I didn't like the idea of having 2,3, or 4 servers just for printing but now I'm wondering if having multiple boxes isn't the better solution. The other thought I had was splitting the box by moving cups to it own server. Any opinions, Derek I've got 25 print queues on a similar server at DTE without a speed problem. I'm suspect in your case students are dumping some huge print jobs on it. You've probably seen this tool before, but if you haven't, it's what I use to look at the system, http:// dag.wieers.com/home-made/dstat/, which pulls together output from what would normal be multiple tools under Linux. So I was thinking, for a couple minutes, this morning about this. It's unlikely that CPU or memory is the problem, but more likely that network or disk has bottlenecked. More likely the disk, since you're probably 100mb there at the server and you probably require heavier logging to track and charge for paper, etc. It sounds like you might have to try adding another box, maybe smaller boxes with fast disks, given you can't cut logging, students always print too much, and disks are likely already maxed out. I suspect the disk is really churning. Too bad you couldn't spool to ram disk, but it's probably not feasible. Just doing some idle brainstorming a bit on this early Sunday. I find it helps sometimes. Jim Ross -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDFHR1sUNgsBVjM+0RAjQlAJ49ZnSCZ5a1gZHkW6AxZ+8t5qSNCwCdF9AS xYGyppPxb2aWfI/QvS9RTVY= =diYl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Print configuration question?
Is it better to setup lots of small print servers or one big print server? I've currently got 1 print server serving up about 55 printers. All the server does is Samba and CUPS the box has 2 2.8gig P4 xeon, 2 gigs of RAM and a load average of 3. Which is way to high since users are complaining about slow print performance. I went with this solution because I didn't like the idea of having 2,3, or 4 servers just for printing but now I'm wondering if having multiple boxes isn't the better solution. The other thought I had was splitting the box by moving cups to it own server. Any opinions, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
