[Samba] Samba ads member
Hi, I have few Problems with a Samba 3.6.7, The first is if the Windows is shut down over the night they can't autificate on the next day. [2013/04/13 13:03:10.538406, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [jefe] - [jefe] FAILED with error NT_STATUS_NO_SUCH_USE After I restart winbindd it works up to the next morning. Sometimes we have few Problems with looking our users saying, that every second day can open a document only in read-only-mode then from an another client is the same they have to save the changes in a new name delete the old name and rename the changes file to the old name [global] log level = 2 realm = ed.xxx.de security = ADS encrypt passwords = yes client use spnego = yes workgroup = ED netbios name = DATENSERVER wins support = yes idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes we use folder redirection with gpo in windows server 2008 r2 and windows 7 clients on \\DATENSERVER\Profiles\username [profiles] path = /var/lib/samba/profiles browsable = no read only = no create mode = 0600 directory mode = 0700 force group = domänen-benutzer veto files = /$RECYCLE.BIN/desktop.ini/ our shares looking like that [Studio] path = /var/lib/samba/studio browsable = yes read only = no create mode = 0660 directory mode = 0770 force create mode = 0060 force directory mode = 0070 force group = domänen-benutzer valid users = administrator @ED+geschaeftsleitung whith posibility have I to set posix acls from the windows clients? Felipe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba ADDS DC krb5 and samba_nsupdate
bind-9.9.2-P1 how can I check it? It have access to read dig give me results of my windows domain. I tried to set rights to 777 of the private directory with option -R samba_dnsupdate --verbose --all-names say dns_tkey_negotiategss: TKEY is unacceptable greetings -Mensaje original- De: Andrew Bartlett [mailto:abart...@samba.org] Enviado el: miércoles, 02 de enero de 2013 12:22 Para: samba CC: samba@lists.samba.org Asunto: Re: [Samba] Samba ADDS DC krb5 and samba_nsupdate On Wed, 2013-01-02 at 03:40 +, Felipe wrote: OK now I tried to join again I saw this messages descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=*,DC=de not found under DC=*,DC=de descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=*,DC=de not found under DC=*,DC=de Unable to find group id for BIND, set permissions to sam.ldb* files manually Unable to find group id for BIND, set permissions to sam.ldb* files manually bind is running as user root Given your errors, you should check that bind can access the database and dns.keytab correctly. Are you running 9.8 or 9.9? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba ADDS DC krb5 and samba_nsupdate
. 900 IN SRV 0 100 88 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._udp.dncom.de linux.dncom.de 88 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._udp.dncom.de. 900IN SRV 0 100 88 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.dncom.de linux.dncom.de 389 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.dncom.de.900 IN SRV 0 100 389 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.dc._msdcs.dncom.de linux.dncom.de 389 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.dc._msdcs.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.gc._msdcs.dncom.de linux.dncom.de 3268 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.gc._msdcs.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.dncom.de linux.dncom.de 389 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.dncom.de linux.dncom.de 389 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.default-first-site-name._sites.dc._msdcs.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.dncom.de linux.dncom.de 3268 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.default-first-site-name._sites.gc._msdcs.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.891fe5ff-4712-4ab5-951c-c1584391f0fd.domains._msdcs.dncom.de linux.dncom.de 389 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.891fe5ff-4712-4ab5-951c-c1584391f0fd.domains._msdcs.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _gc._tcp.dncom.de linux.dncom.de 3268 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _gc._tcp.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _gc._tcp.default-first-site-name._sites.dncom.de linux.dncom.de 3268 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _gc._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Failed update of 20 entries Felipe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba ADDS DC krb5 and samba_nsupdate
OK now I tried to join again I saw this messages descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=*,DC=de not found under DC=*,DC=de descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=*,DC=de not found under DC=*,DC=de Unable to find group id for BIND, set permissions to sam.ldb* files manually Unable to find group id for BIND, set permissions to sam.ldb* files manually bind is running as user root hope to get help Felipe -Mensaje original- De: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] En nombre de Felipe Enviado el: miércoles, 02 de enero de 2013 2:55 Para: samba@lists.samba.org Asunto: [Samba] Samba ADDS DC krb5 and samba_nsupdate Hello I tried on two vms on my vmware Workstation to use samba as DC. I want use BIND for dns system. To join the Domain had worked successfully after I recompiled the bind. It seems the zone are the same but Samba isn't in the ns-record. If I run dcpromo.exe I get this error message: This Active Directory DC is the last dns-server for the AD-zones. If I remove the DC the dns-names can't be resolved any more. Also Exchange doesn't find the DC If I type kinit administrator I didn't get an answer root@linux:~# kinit administrator Password for administra...@dncom.de: root@linux:~# samba-tool drs showrepl have't errors for the replication but on the end Connection -- Connection name: b1449b55-6603-4b33-abe2-6d78071a5d76 Enabled: TRUE Server DNS name : QC2NDOHUS2B.dncom.de Server DN name : CN=NTDS Settings,CN=QC2NDOHUS2B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dncom,DC=de TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! samba_dnsupdate --verbose --all-names makes also problems IPs: ['fe80::20c:29ff:fe65:b90e%eth0', '172.16.128.120'] Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we are not a PDC Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we are not a PDC Calling nsupdate for A dncom.de 172.16.128.120 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: dncom.de. 900 IN A 172.16.128.120 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for A linux.dncom.de 172.16.128.120 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: linux.dncom.de. 900 IN A 172.16.128.120 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for A gc._msdcs.dncom.de 172.16.128.120 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: gc._msdcs.dncom.de. 900 IN A 172.16.128.120 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for CNAME f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de linux.dncom.de Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de. 900 IN CNAME linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kpasswd._tcp.dncom.de linux.dncom.de 464 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._tcp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kpasswd._udp.dncom.de linux.dncom.de 464 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._udp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.dncom.de linux.dncom.de 88 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.dncom.de. 900IN SRV 0 100 88 linux.dncom.de. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.dncom.de linux.dncom.de 88 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.dc._msdcs.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de. dns_tkey_negotiategss: TKEY
[Samba] How to prevent /var/log/samba/log.[sn]mbd creation?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311300 I agree with comment #48, with syslog only = Yes early log messages should go to stderr. As the current behavior is by design, I ask if there is some way to prevent these files of being created. log file = /dev/null did not work (Fedora 18, Samba 4.0.0rc5). Regards, Marcos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP: Mixing local and LDAP-Users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04-10-2011 04:16, Daniel Müller wrote: When you use LDAP?! Why do you need local users and ldap users? Just you need LDAP that’s all. I'm pretty sure different networks have differents demands. This is not one rule fit them all. Kind regards, - -- Felipe Augusto van de Wiel felipe.w...@hpp.org.br Tecnologia da Informação (TI) - Complexo Pequeno Príncipe http://www.pequenoprincipe.org.br/T: +55 41 3310 1747 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJOi0CdAAoJECCPPxLgxLxPRoEP/Rk3cGxiHjKSoIG4RZfWICAL HcjT1L+tjpsUswgjupVnN4xQT5tAG92BfUoQJ0Qtw9ZMSjW3JOnGsp2BHfhAehrZ 7dZ+vsKjFSNrK2HmfCIQUiIxe1RZ5Gipsp7IVtJMEtUfQYah2bMdLp78JyGDEERT ojMc97DWhRL1do2bE1MnNCVDU5o93OdZzEIAOo5jhj3yjqsGxnqnzPAy9TMvfpDD RIeCFlM6jKHvlrHfUmgQAA7b83MS7tPSAQoJTxAPVmXW98JeAuhhAfGPoowd5K+d xoHCaGwLrbhBvCJmWogos/yXPPwXs3g72Dn2tBwbWUZd6YtsZzEb1Gdv4umq/G1m UZMkafPjRPGjo45MeqOFiH/W1HuUB/FjYi5oRbPVzyYwalPexl+Jh3dgBxq0tB3B MM2gmCu+v3S+PFbB6mDa3Z2S9yiRUY2eQZQvgfwvlGb2Bssdclj5adQBu/Y9GvWi W+IeDtHxMWu7G0M0XLNg/oHWLNSOE4XkQceSu6G6T6BnkgCGM2PkXY+hP3JY4epf 2Y2J65eY08L8nnpQkDL3oSrvaEc8+YuvM174E0mq/WPenoDcdBWVta1ixXOeVcqi zq3RqPtZzulqYeTv4iWgYjN1TMToWlyHcxQmDD37RAUIRvtvlhDLSqTvKIw1DTGD 75OXG/sYRLlWSkRFSLkC =HJdF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP: Mixing local and LDAP-Users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Denis, On 18-09-2011 17:18, Denis Witt wrote: is it possible to mix local and LDAP-Users? Especially I need to know if it's possible to use an LDAP-Group (like the group that is mapped to Domain Administrators) together with an local user. It is, but you aren't going to do that with standard tools. :-) (If I use adduser $username $ldap-group the group isn't found, even if the group is shown using getent group.) Just go to LDAP Group and use the member attribute to add your user. Depend if you are using rfc2703bis or not that may vary. Once LDAP reports the user is present in the group, the system should do the rest. :) If this isn't possible, is there a way to map more than one group to the rid=512 (ntgroup=Domain Admins)? That's also possible, you should use 'net groupmap' Kind regards, - -- Felipe Augusto van de Wiel felipe.w...@hpp.org.br Tecnologia da Informação (TI) - Complexo Pequeno Príncipe http://www.pequenoprincipe.org.br/T: +55 41 3310 1747 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJOe6yUAAoJECCPPxLgxLxP86UP/3fz4TVezW3+EZ0cIM4oBXtV 4Zgna0Mdx8GuREcXyU/wQYiLbd5VK7k6xF1T9rkIS4fjWlfNk7W9jWHadiMnlKOr +KIHeG43bH2YdxO784T0vNyuz1dZgpLaA9LKJeCxY/8j/JrzAIuBJNayarFtyU7D yDJ9CI5zJMM2IL9GvDLcQKeoW+61mjVCxpnMiI3Wd+PYjjwIY+YDJZAGYx8bWoKo +hpShR6VbmOqR7hjbMheaVeoHv9GPEvGLwroCAnYHsvO0oyD6ksmm9XFZQfLVt/E 1SxDu0WPCRkiuUGFLpCQrUMWOi21S8+ge5lsMSHFKjuMOslvU/6rfhrS3SkfAX3q 47nQMw/FIPqrNRRIa6kwSFTiD749r1bAjibhvI4A8p2qehsf0/MNF012Od3zNfcY v2P/OXBJfoO3mfUlSQAz4rhWHp7YdWBh+eY4Gt0fsLYwae8QjB2vBmL0FwvE6Kb7 mB1XaNr6BGoPXiTTziUi14wkqpaQt/geIxg92r0iUWH1G5WPCCxsHE0jBX2mDF8B dOr67hkWMY9/2m6ch1P4eW2psyRyVYlDxyq3RFGlcO2Q6FP0Ox/tYlVDbB4i744j gKDYeJAMKTMo2XasnI5bdiC96p9tvI4syi8Tq95RDoqKHJgUJKyaysDf+shZ4CzZ effZ/6aquAS0E91O8Pjx =9yjd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] window, samba and ldap passwords
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 16-08-2011 08:40, L.P.H. van Belle wrote: Hai, on your master, in smb.conf change these settings. ( im also running debian with pdc/bdc ldap master and multiple slaves through syncrepl ) passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* remove : unix password sync = Yes and try again. I would like to avoid using smbldap-tools, did you manage to get it working without it? Kind regards, - -- Felipe Augusto van de Wiel felipe.w...@complexopequenoprincipe.org.br Tecnologia da Informação (TI) - Complexo Pequeno Príncipe http://www.pequenoprincipe.org.br/T: +55 41 3310 1747 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJOTuicAAoJECCPPxLgxLxPhKEP/0kGEtDJ3Wwv2ZL2mWR5YAaV I8ma78RBcEn+Tix88bK7lPsLwi+ZVGuyWlzIuQZYDyqxr3LhQYutv4sIFdDKi3OK wHg0ud4vQi8AGlnaeJAZEsvvFmJFCYdgCZWiU27zn1l/6NAA1Uvl/8OhADcOsE9u jkklocHOG5C7t48a1eAb2RKiprWBkdM4YrDjhPXIaHe3jgL9LeEJ1jdMe9AbVp3L bYxiSwCSjLg66URPUbf26eSTsVkz4ZUL8LOR04aCIYnXG14cT6zx8SzcPJfZtL+p wl1xygrVJzdl/rdmLjW5V+yqB/cac+zFhs3fVciHaWDlZtQ9ABIw+4e0MXuIbkwM F5h/N9BTNX8PwccuADwwLXPgOOW+dE/zCiW6b0MjxP8aFlA5A9hgaPaaKDFBFN3/ fm4ti61bKjpZX8Ii538KRX7OHeszkKT/yXogGBxLn7TRrrr4oYccg9Wtm48DGQfh 5AbmBUOPzgROYhZpJDxMYBcPKtTKgUCoH+jpJJT9Tr6p1gaEduKDhl8aD1nTYYlc 1BS9Z3CWwOqcIdzPAdJKGm28FGBR+Khuo6Behm1YwK+PQRdW7zkqgxXS+Ra/3itI r/zwAGiKKGksiv06N2UVq+xQ7PNw9pO+9Q9BKCewSsTd9mmwCrtEoOwxQ90zCI6a Baks02kCfpM2SRYW9df/ =orz1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [OT] OpenLDAP dynamic groups with samba/libnss
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I know this is off-topic for this list but I'm trying to find somebody with an OpenLDAP dyngroup setup that is actually working and could help me with some examples. :) I'm using Debian Lenny with samba 3.4.7 (from Debian backports), and although my 'getent group GRP' is working perfect, 'id user' and samba are not seeing user as part of GRP (even if getent is properly reporting user as part of GRP). Documentation is not really helping. I'm using libnss-ldap, pam_ldap and RFC2307bis, it would be great if you could contact me off-list. Kind regards, - -- Felipe Augusto van de Wiel felipe.w...@hpp.org.br Tecnologia da Informação (TI) - Complexo Pequeno Príncipe http://www.pequenoprincipe.org.br/T: +55 41 3310 1747 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJMFsLTAAoJECCPPxLgxLxPTvEP/0Swz5sSysS/gSKQ4YxXrnbn u+scAsfzo0r3UD2qdUQhcMTGFMxnlspt5jn12Z8xi4rX8ex8S3H2PdyReV76nQE1 9aAbG0IKf7TOlarPv/l8s2i8HrtPpZvbsfiA20j3EluR6DBYQZ3SYOMN1Zr9s2r+ vDXcAWkaiq7aOSoHZzPFEFe49lV7x9sieczq4yjgRZtvu90j6gtF3odMdr191XW/ yhlLhAmbkQa1JfBkoI6GlVdXEBgu3uL7RaGfoWllONWwKMwQXa+bfDi9annpIUFV RKLCrhlvZmIvzn8goqnMkTLFBSskJqagYkePxYoZVkESL/SA+bNk1DVdh8HuPz5o dz6eu5OMsVggTof2bY4EaSWWXLeRYu4xaqX1Le63GpYgE7P9q9bI3Dm8CWGRg3t6 BVQVTMsWhEHXIGQYXYfml3BUvmnVzg6/d/HmLysw60dlmhYKaw3JJFEOLlzBbC71 5u8qtbaTGvPW8Fa/u72+gmFQNPpCZVBhIsFJ9dn6xKoK2QT9rSxQx7l//icZFkV2 umvjhfc6Dvv5Qx7oHeM1XC+UmKIoG1ls3F7rtRlmqxWt2B7rlAK0dhY5gUsGBGUu P1UQoWHgcDIrcChBquc3jXJouPYz58KvivkpDNpPGumcOlVxcXKPegluvSmKJd+m k68tJBWJt/UPA8qic89O =Z4Cy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Veto files: adding exceptions per user and/or extension
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I'm using Samba 3 on a Debian 5.0 (Lenny), the package is version 3.4.7 (from Debian backports, the full version 2:3.4.7~dfsg-2~bpo50+2). We use some 'veto files' on our shares to avoid users to have multimedia files (movies, mp3 and so on). Now we have a true demand to allow certain users to store corporate videos (about our institution) and also promotional videos (made to present to potential sponsors). Are there options to make exceptions for the vetos we implement? Or the only solution would be to remove the vetos for that specific extensions. Kind regards, - -- Felipe Augusto van de Wiel felipe.w...@hpp.org.br Tecnologia da Informação (TI) - Complexo Pequeno Príncipe http://www.pequenoprincipe.org.br/T: +55 41 3310 1747 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJL8YTSAAoJECCPPxLgxLxPrusQAKFuXSOj/+U7IvvfYV6LLm8G liCEoqCZEoWVtrqH9/ldT189F2N/6tFWoZ6k/VoLS3DbspQKpohSg740262vbWmz UdFFSR5wWRjmcLcsaCBMk6zIyA8C7ybqX582zIEmEOeDfAIj4WC+tgqjqaEpD37V Fr1gYtG1WKbAkBImmSKjgvlIA4VxNtv5dt5udruyEkG0Ljx8mbW2ABqteQvHJiiV l6w0w5qahNrXdLLeFfGNCuHOL2mPH/TOmwhDRAxpe1XQSKVhsCqKxhKU7+knmB2p ZWM4+A5JWqz5JOpb6gx65QF4W2pu14ktQf1GShYvVhmt3lVUKWhNZfxUpMQjowzh 689utdYKrFl/Oloj5RvS6UmgeRC55ZD7Qx+35h2kvxU+ChOgzTRNQNEhFW2WHvNK pjXx2cUkyYOu4oZczCwQQBodrru8vr0NAvMRc2dUjSDRs+n19i2C1D/5UMH7rGxi z2iKBBopiDEI1fusJCgxD0hWBTi4m4xG/826Ep3DXU5bUteDtAyKOUSeozMRIltJ pv0SjPlfQfFQulkEW7nV2h/m/k6fhUAchBnIskKOts5uJWvT4DuCcQ5Ve3rlfP9s 9Q6w8qxj0S6aQTO/YnoZHw99PtYmBIcC0TQ1Og0ouWm6r54xn/LPfZxpy08Jd7xV dmu7U43lMvsQqjhr8EUt =gcwS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Volume serial number changes
Hi, How can the volume serial number of a share can be especified in the smb.conf? I have a machine that each times it connects to the share displays two differents volume serial number, not at the same time The server uses samba 3.2.5-4 over debian and the disks are in a software raid 1. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Volume serial number
Hi, I have a little trouble with samba shares, I have a windows application files inside a share, Windows XP clients use it to run the application. This application uses the Volume Serial Number to check the license, but in a same machine the volume serial number changes day by day, so my question is, Is any place to specify samba a Volume serial number for that share? Is a problem of samba? Im using samba 3.2.5-4 over debian. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Aplication slow after migration
Scott Lovenberg escribió: Felipe Martinez Hermo wrote: Scott Lovenberg escribió: On Feb 6, 2008 4:19 AM, Felipe Martinez Hermo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Sinisa Bandin escribió: Felipe Martinez Hermo wrote: OK, so we're apples to apples, so to speak; the servers are tuned the same. I'll assume your disks are tuned from hdparm and up to snuff, otherwise you wouldn't be tuning sockets ;). Did your old server have samba settings for oplocks set? -- Peace and Blessings, -Scott. Of course, that's just my opinion; I could be wrong -Dennis Miller Erm, sorry, I didn't catch that you had 2 .conf files there. I'm back to the drawing board. Sorry about that. Anyone else have any ideas? Yes, that's whats shocking me. Apparently we're apples to apples. Except for the kernel (newslow 2.6.18-4-686 vs oldfast 2.6.8) I've sniffed both eth0 interfaces and I've got some more information. When talking to the slow server, the client needs to send 76 TCP segment of a reassembled PDU that are not sent when talking to the old and fast server. How can I workaround this issue? Should I lower server's MTU? How much? Thank you Do you happen to have a Realtek 8169 based gigabit ethernet in new server? If you do, I had the same problem several times last year, and solved all of them by changing motherboards (all were integrated, and I like them to stay that way because I can achieve full gigabit speed with several concurent clients) Best regards, Sinisa Bandin No, machines are out-of-the-box HP DL servers: Ethernet controller: Broadcom Corporation NetXtreme BCM5705_2 Gigabit Ethernet (rev 03) I've made a spreadsheet with summarizing wireshark results and comparing results for both servers. You can see it here: http://spreadsheets.google.com/ccc?key=pnLL2fInqFq2YKuZIphtQdA It's meaningful that fast server makes 406 Trans2 calls, while slow server makes 616 calls to perform the same operation. The difference is mainly in QUERY_PATH_INFO (200 vs 305) and FIND_FIRST2 (94 vs 199) calls. Next try: change ethernet wire? :-? -- == Felipe Martínez Hermo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] == Servicios Informáticos UGT Galicia [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hrm, are you using SACKs or DSACKs or tcp_low_delay in /proc/sys/net/somethingOrOther? They didn't change congestion control default in your upstream kernel, did they? Should be reno by default. Doing a netstat -a, do you have many packets queued in either direction? This one is puzzling me. -- Peace and Blessings, -Scott. Apparently everything is configured the same way in /proc/sys/net (both sack dsack = 1). Regarding the kernel, Oldfast kernel is 2.6.8 (no /proc/sys/net/ipv4/tcp_congestion_control) while newslow is 2.6.18-4-686 and congestion control is bic: [EMAIL PROTECTED]:~$ cat /proc/sys/net/ipv4/tcp_congestion_control bic Should I try other congestion control algorithm? I've made this rudimentary test, and old server is a little bit faster, but I don't know if it is meaningful at all. [EMAIL PROTECTED]:~$ ping -i 0.2 fast_server --- fast_server ping statistics --- 2156 packets transmitted, 2156 received, 0% packet loss, time 431208ms rtt min/avg/max/mdev = 0.135/0.171/0.245/0.018 ms [EMAIL PROTECTED]:~$ ping -i 0.2 slow_server --- slow_server ping statistics --- 2146 packets transmitted, 2146 received, 0% packet loss, time 429165ms rtt min/avg/max/mdev = 0.152/0.179/0.333/0.021 ms Regards, try: echo reno /proc/sys/net/ipv4/tcp_congestion_control That'll make sure the tcp/ip stack isn't messing with the tests by doing window scaling and such. OK, that's one more variable isolated... let's see what happens. Sorry that this is taking to long to troubleshoot; I'm an armchair administrator. Actually I'm a software development major in college, but either way, I'm a bit out of my element as compared to the professional administrators. I've tried reno on tcp_congestion, but performance is still poor. I think I'm giving up and will look for an alternate workaround next week. I've spent enough time on this issue. Anyway, Scott, your help and Sinisa's is very much appreciated. Greetings from Spain :-) -- == Felipe Martínez Hermo [EMAIL PROTECTED] [EMAIL PROTECTED
Re: Re: [Samba] Aplication slow after migration
Scott Lovenberg escribió: On Feb 6, 2008 4:19 AM, Felipe Martinez Hermo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Sinisa Bandin escribió: Felipe Martinez Hermo wrote: OK, so we're apples to apples, so to speak; the servers are tuned the same. I'll assume your disks are tuned from hdparm and up to snuff, otherwise you wouldn't be tuning sockets ;). Did your old server have samba settings for oplocks set? -- Peace and Blessings, -Scott. Of course, that's just my opinion; I could be wrong -Dennis Miller Erm, sorry, I didn't catch that you had 2 .conf files there. I'm back to the drawing board. Sorry about that. Anyone else have any ideas? Yes, that's whats shocking me. Apparently we're apples to apples. Except for the kernel (newslow 2.6.18-4-686 vs oldfast 2.6.8) I've sniffed both eth0 interfaces and I've got some more information. When talking to the slow server, the client needs to send 76 TCP segment of a reassembled PDU that are not sent when talking to the old and fast server. How can I workaround this issue? Should I lower server's MTU? How much? Thank you Do you happen to have a Realtek 8169 based gigabit ethernet in new server? If you do, I had the same problem several times last year, and solved all of them by changing motherboards (all were integrated, and I like them to stay that way because I can achieve full gigabit speed with several concurent clients) Best regards, Sinisa Bandin No, machines are out-of-the-box HP DL servers: Ethernet controller: Broadcom Corporation NetXtreme BCM5705_2 Gigabit Ethernet (rev 03) I've made a spreadsheet with summarizing wireshark results and comparing results for both servers. You can see it here: http://spreadsheets.google.com/ccc?key=pnLL2fInqFq2YKuZIphtQdA It's meaningful that fast server makes 406 Trans2 calls, while slow server makes 616 calls to perform the same operation. The difference is mainly in QUERY_PATH_INFO (200 vs 305) and FIND_FIRST2 (94 vs 199) calls. Next try: change ethernet wire? :-? -- == Felipe Martínez Hermo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] == Servicios Informáticos UGT Galicia [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hrm, are you using SACKs or DSACKs or tcp_low_delay in /proc/sys/net/somethingOrOther? They didn't change congestion control default in your upstream kernel, did they? Should be reno by default. Doing a netstat -a, do you have many packets queued in either direction? This one is puzzling me. -- Peace and Blessings, -Scott. Apparently everything is configured the same way in /proc/sys/net (both sack dsack = 1). Regarding the kernel, Oldfast kernel is 2.6.8 (no /proc/sys/net/ipv4/tcp_congestion_control) while newslow is 2.6.18-4-686 and congestion control is bic: [EMAIL PROTECTED]:~$ cat /proc/sys/net/ipv4/tcp_congestion_control bic Should I try other congestion control algorithm? I've made this rudimentary test, and old server is a little bit faster, but I don't know if it is meaningful at all. [EMAIL PROTECTED]:~$ ping -i 0.2 fast_server --- fast_server ping statistics --- 2156 packets transmitted, 2156 received, 0% packet loss, time 431208ms rtt min/avg/max/mdev = 0.135/0.171/0.245/0.018 ms [EMAIL PROTECTED]:~$ ping -i 0.2 slow_server --- slow_server ping statistics --- 2146 packets transmitted, 2146 received, 0% packet loss, time 429165ms rtt min/avg/max/mdev = 0.152/0.179/0.333/0.021 ms Regards, -- == Felipe Martínez Hermo [EMAIL PROTECTED] [EMAIL PROTECTED] == Servicios Informáticos UGT Galicia [EMAIL PROTECTED] [EMAIL PROTECTED] == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Aplication slow after migration
Sinisa Bandin escribió: Felipe Martinez Hermo wrote: OK, so we're apples to apples, so to speak; the servers are tuned the same. I'll assume your disks are tuned from hdparm and up to snuff, otherwise you wouldn't be tuning sockets ;). Did your old server have samba settings for oplocks set? -- Peace and Blessings, -Scott. Of course, that's just my opinion; I could be wrong -Dennis Miller Erm, sorry, I didn't catch that you had 2 .conf files there. I'm back to the drawing board. Sorry about that. Anyone else have any ideas? Yes, that's whats shocking me. Apparently we're apples to apples. Except for the kernel (newslow 2.6.18-4-686 vs oldfast 2.6.8) I've sniffed both eth0 interfaces and I've got some more information. When talking to the slow server, the client needs to send 76 TCP segment of a reassembled PDU that are not sent when talking to the old and fast server. How can I workaround this issue? Should I lower server's MTU? How much? Thank you Do you happen to have a Realtek 8169 based gigabit ethernet in new server? If you do, I had the same problem several times last year, and solved all of them by changing motherboards (all were integrated, and I like them to stay that way because I can achieve full gigabit speed with several concurent clients) Best regards, Sinisa Bandin No, machines are out-of-the-box HP DL servers: Ethernet controller: Broadcom Corporation NetXtreme BCM5705_2 Gigabit Ethernet (rev 03) I've made a spreadsheet with summarizing wireshark results and comparing results for both servers. You can see it here: http://spreadsheets.google.com/ccc?key=pnLL2fInqFq2YKuZIphtQdA It's meaningful that fast server makes 406 Trans2 calls, while slow server makes 616 calls to perform the same operation. The difference is mainly in QUERY_PATH_INFO (200 vs 305) and FIND_FIRST2 (94 vs 199) calls. Next try: change ethernet wire? :-? -- == Felipe Martínez Hermo [EMAIL PROTECTED] [EMAIL PROTECTED] == Servicios Informáticos UGT Galicia [EMAIL PROTECTED] [EMAIL PROTECTED] == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Aplication slow after migration
OK, so we're apples to apples, so to speak; the servers are tuned the same. I'll assume your disks are tuned from hdparm and up to snuff, otherwise you wouldn't be tuning sockets ;). Did your old server have samba settings for oplocks set? -- Peace and Blessings, -Scott. Of course, that's just my opinion; I could be wrong -Dennis Miller Erm, sorry, I didn't catch that you had 2 .conf files there. I'm back to the drawing board. Sorry about that. Anyone else have any ideas? Yes, that's whats shocking me. Apparently we're apples to apples. Except for the kernel (newslow 2.6.18-4-686 vs oldfast 2.6.8) I've sniffed both eth0 interfaces and I've got some more information. When talking to the slow server, the client needs to send 76 TCP segment of a reassembled PDU that are not sent when talking to the old and fast server. How can I workaround this issue? Should I lower server's MTU? How much? Thank you -- == Felipe Martínez Hermo [EMAIL PROTECTED] [EMAIL PROTECTED] == Servicios Informáticos UGT Galicia [EMAIL PROTECTED] [EMAIL PROTECTED] == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Aplication slow after migration
Hi, everybody! I have been using samab on Debian for years and I have recently migrated my file server from version 3.0.14a-3sarge2 to 3.0.24-6etch4. One or our applications stores its data in a shared folder. This data is distributed in over 29000 files of about 1k-40k and is so much slower when it runs on the new server. I have thoroughly revised both smb.conf files, but can't see significant differences. I have read them so much that probably I'm already obfuscated. I have tuned socket options, but can't see any improvement. Any ideas? Thanks in advance -- == Felipe Martínez Hermo [EMAIL PROTECTED] [EMAIL PROTECTED] == Servicios Informáticos UGT Galicia [EMAIL PROTECTED] [EMAIL PROTECTED] == New server max. Version 3.0.24-6etch4. Old server clarence. Version 3.0.14a-3sarge2 WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_DOMAIN_PDC Loaded services file OK. # Global parameters [global] workgroup = UGTGALICIA server string = Max. Servidor de disco de UGT Galicia obey pam restrictions = Yes passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes log level = 0 auth:2 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes deadtime = 15 fam change notify = No max disk size = 5000 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u logon script = scripts/%U.bat logon path = \\%h\profiles\%U logon drive = z: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No ldap ssl = no utmp = Yes panic action = /usr/share/samba/panic-action %d invalid users = root create mask = 0700 force create mode = 0700 directory mask = 0700 force directory mode = 0700 hosts allow = 172.15.1., 127.0.0.1 printing = cups print command = lpq command = %p lprm command = [homes] comment = Carpetas de Usuarios path = /home/%u valid users = %S read only = No browseable = No [informatica] comment = Servicios Informaticos path = /home/informatica valid users = @informatica force group = informatica read only = No create mask = 0770 force create mode = 0770 security mask = 0770 directory mask = 0770 force directory mode = 0770 directory security mask = 0770 Loaded services file OK. # Global parameters [global] workgroup = GALICIA server string = %h server (Samba %v) passdb backend = tdbsam, guest log file = /var/log/samba/log.%m max log size = 1000 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 printcap name = cups domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d hosts allow = 172.15.1., 127. printing = cups print command = lpq command = lprm command = [homes] comment = Home Directories invalid users = root read only = No create mask = 0700 directory mask = 0700 force directory mode = 0700 browseable = No [informatica] comment = Servicios Informaticos path = /home/informatica force group = informatica read only = No create mask = 0770 force create mode = 0770 force security mode = 0770 force directory mode = 0770 directory security mask = 0770 force directory security mode = 0770 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Aplication slow after migration
I've got vfs_cache_pressure = 100 on both servers and ext3 filesystems on both. These are the files on /proc/sys/vm: slow server: file value -rw-r--r-- 1 root root 0 2008-02-01 13:31 block_dump -rw-r--r-- 1 root root 0 2008-02-01 13:31 dirty_background_ratio -rw-r--r-- 1 root root 0 2008-02-01 13:31 dirty_expire_centisecs -rw-r--r-- 1 root root 0 2008-02-01 13:31 dirty_ratio -rw-r--r-- 1 root root 0 2008-02-01 13:31 dirty_writeback_centisecs -rw-r--r-- 1 root root 0 2008-02-01 13:31 drop_caches -rw-r--r-- 1 root root 0 2008-02-01 13:31 laptop_mode -rw-r--r-- 1 root root 0 2008-02-01 13:31 legacy_va_layout -rw-r--r-- 1 root root 0 2008-02-01 13:31 lowmem_reserve_ratio -rw-r--r-- 1 root root 0 2008-02-01 13:31 max_map_count -rw-r--r-- 1 root root 0 2008-02-01 13:31 min_free_kbytes -r--r--r-- 1 root root 0 2008-02-01 13:31 nr_pdflush_threads -rw-r--r-- 1 root root 0 2008-02-01 13:31 overcommit_memory -rw-r--r-- 1 root root 0 2008-02-01 13:31 overcommit_ratio -rw-r--r-- 1 root root 0 2008-02-01 13:31 page-cluster -rw-r--r-- 1 root root 0 2008-02-01 13:31 panic_on_oom -rw-r--r-- 1 root root 0 2008-02-01 13:31 percpu_pagelist_fraction -rw-r--r-- 1 root root 0 2008-02-01 13:31 swappiness -rw-r--r-- 1 root root 0 2008-02-01 13:31 swap_token_timeout -rw-r--r-- 1 root root 0 2008-02-01 13:31 vdso_enabled -rw-r--r-- 1 root root 0 2008-02-01 13:31 vfs_cache_pressure0 10 3000 40 500 0 0 0 256 256 32 65536 3831 2 0 50 3 0 0 60 300 1 100 Fast server: file value -rw-r--r-- 1 root root 0 2008-02-01 13:32 block_dump -rw-r--r-- 1 root root 0 2008-02-01 13:32 dirty_background_ratio -rw-r--r-- 1 root root 0 2008-02-01 13:32 dirty_expire_centisecs -rw-r--r-- 1 root root 0 2008-02-01 13:32 dirty_ratio -rw-r--r-- 1 root root 0 2008-02-01 13:32 dirty_writeback_centisecs -rw-r--r-- 1 root root 0 2008-02-01 13:32 laptop_mode -rw-r--r-- 1 root root 0 2008-02-01 13:32 lower_zone_protection -rw-r--r-- 1 root root 0 2008-02-01 13:32 max_map_count -rw-r--r-- 1 root root 0 2008-02-01 13:32 min_free_kbytes -r--r--r-- 1 root root 0 2008-02-01 13:32 nr_pdflush_threads -rw-r--r-- 1 root root 0 2008-02-01 13:32 overcommit_memory -rw-r--r-- 1 root root 0 2008-02-01 13:32 overcommit_ratio -rw-r--r-- 1 root root 0 2008-02-01 13:32 page-cluster -rw-r--r-- 1 root root 0 2008-02-01 13:32 swappiness -rw-r--r-- 1 root root 0 2008-02-01 13:32 vfs_cache_pressure 0 10 3000 40 500 0 0 65536 957 2 0 50 3 60 100 Scott Lovenberg escribió: Felipe Martinez Hermo wrote: Hi, everybody! I have been using samab on Debian for years and I have recently migrated my file server from version 3.0.14a-3sarge2 to 3.0.24-6etch4. One or our applications stores its data in a shared folder. This data is distributed in over 29000 files of about 1k-40k and is so much slower when it runs on the new server. I have thoroughly revised both smb.conf files, but can't see significant differences. I have read them so much that probably I'm already obfuscated. I have tuned socket options, but can't see any improvement. Any ideas? Thanks in advance how are your settings in /proc/sys/vm/*? If you've got the RAM, turn down the vfs_cache_pressure - you should get more hits. Also, what file system are you using? -- == Felipe Martínez Hermo [EMAIL PROTECTED] [EMAIL PROTECTED] == Servicios Informáticos UGT Galicia [EMAIL PROTECTED] [EMAIL PROTECTED] == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ACL and Samba
Hey Robert Thanks for your mail, here is what a did: 1. Set the ACLs to all dirs and files in the ADM dir: find adm/ -type f -exec setfacl -m g:administ:rwx {} \; find adm/ -type f -exec setfacl -m g:administ:rwx {} \; 3. Setting the default ACLs to the ADM dir: setfacl -d -m u::rwx,g::rwx,o::--- adm/ setfacl -d -m g:administ:rwx adm/ 4. Setting the default ACLs to all subdirs on ADM find adm/ -type d -exec setfacl -d -m u::rwx,g::rwx,o::--- {} \; find adm/ -type d -exec setfacl -d -m g:administ:rwx {} \; 5. In the Samba server I did this conf: valid users = suporte,administ write list = suporte,administ read only = No * force security mode = 0770 force create mode = 0777 force directory mode = 0777 inherit permissions = Yes The more important flag, that solve the problem is force security mode = 0770. Thanks a lot for all replyes! Felipe On Dec 19, 2007 11:21 PM, Cybionet [EMAIL PROTECTED] wrote: Greeting Felipe, Here a solution for your problem (I hope so). It works for me with MSOffice 2000/2003. First you need to set the POSIX rights before ACL(EA). These rights will be the base for your real permissions. - Create your folder, and set 2775 or 2770 permissions. - The assign the owner and group to root:root (you will understand shortly why). - Now you are ready to set the ACL(EA) permissions. The use of the 2775 permissions will gave access to the folder and his subdirectory for the share of the files. Or use directly the 2770 permissions to limit access and share immediately your files in the folder. The SGID define in this permission allow the group to never be change, whatever the group of the owner who create a new file ou change a existing file. The owner has no importance, because it will be change at the creation ou modification of the file (it is the goal to know who have made the change). The share configuration, I suggest you something like this. The only parameters very important is force create mode = 660 and directory mode = 770. [workspace] comment = Whatever path = /pat/to/my/folder browseable = yes read only = no force create mode = 660 directory mode = 770 csc policy = disable Best Regards Robert -- Cybionet - Solution reseautique http://www.cybionet.com Dear All I am facing a strange problem that I could not solve, so, maybe you can help me. Look at this situation: I created a new directory with those ACLs (through Samba using Windows XP) [EMAIL PROTECTED] /home/smb/adm]# getfacl teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- My ACLs are right, ok, now I will copy a XLS file to that folder: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::rw- group:suporte:rwx group:administ:rwx mask::rwx other::--- OK, the samba server inhert the permissions and the ACLs, everything is fine until now. But when I edit this file with MS Excel, and save it, look what happen to the ACLs: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::--- group:suporte:rwx mask::rwx other::--- The ACL entry group:administ:rwx just have gone after I save the file. It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through Ports. Anybody knows what is wrong? Thanks a lot! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Felipe Tocchetto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ACL and Samba
Hey Greg, thanks your reply: I put the defaults acls in my previous email, take a look: [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- The default acls have the entries: group:suporte:rwx group:administ:rwx But after I edit the file, one of these disapear. I read something about a samba bug: https://bugzilla.samba.org/show_bug.cgi?id=2346 But it has been fixed a long time ago. Any tips? On Dec 19, 2007 8:50 AM, Greg Byshenk [EMAIL PROTECTED] wrote: On Tue, Dec 18, 2007 at 10:15:42PM -0200, Felipe Tocchetto wrote: I am facing a strange problem that I could not solve, so, maybe you can help me. Look at this situation: I created a new directory with those ACLs (through Samba using Windows XP) [EMAIL PROTECTED] /home/smb/adm]# getfacl teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- My ACLs are right, ok, now I will copy a XLS file to that folder: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::rw- group:suporte:rwx group:administ:rwx mask::rwx other::--- OK, the samba server inhert the permissions and the ACLs, everything is fine until now. But when I edit this file with MS Excel, and save it, look what happen to the ACLs: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::--- group:suporte:rwx mask::rwx other::--- The ACL entry group:administ:rwx just have gone after I save the file. It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through Ports. Anybody knows what is wrong? I'm not sure if it is the cause, but what are your default ACLs for the directory in question? When you copy in a file from Windows, I think that it will preserve its permissions, but if you edit and save, you are actually creating a new file, which will be created based on the defaults for that location/user. Check the output of 'gefacl -d teste'. -- greg byshenk - [EMAIL PROTECTED] - Leiden, NL -- Felipe Tocchetto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with ACL and Samba
Dear All I am facing a strange problem that I could not solve, so, maybe you can help me. Look at this situation: I created a new directory with those ACLs (through Samba using Windows XP) [EMAIL PROTECTED] /home/smb/adm]# getfacl teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- My ACLs are right, ok, now I will copy a XLS file to that folder: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::rw- group:suporte:rwx group:administ:rwx mask::rwx other::--- OK, the samba server inhert the permissions and the ACLs, everything is fine until now. But when I edit this file with MS Excel, and save it, look what happen to the ACLs: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::--- group:suporte:rwx mask::rwx other::--- The ACL entry group:administ:rwx just have gone after I save the file. It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through Ports. Anybody knows what is wrong? Thanks a lot! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What management of samba is available for large scale deployment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 D G Teed wrote, On 21-09-2007 08:17: Thanks for the response, Felipe. You are welcome. I mean something like this: the Windows user would right click on their folder which they have full access to, and select users to which they would like to assign read/modify/write access. In what I understand, this is possible from Novell Netware - probably via the client driver. As it is faculty, it is difficult to take away freedoms without complaints. As Adam already pointed, I also thinks that works from the Windows clients, probably just needs some test. But be aware (and keep in mind) that SMB networks are quite different from Novell Netware. I remember that one can use MARS_NWE to provide Netware access, and if I'm not wrong Samba has some support for it also, but it is far from the Novell proprietary solution or from something like NDS (Novell Directory). The LDAP suggestion is a good one for controlling departments, but there are always lots of other associations we cannot predict, like who becomes a Teaching Assistant for some faculty member and needs access to grade assignments. In these scenarios, self-administer is ideal. No, this is very relative. Although you can't predict, you can always react, you can even give group control over LDAP tools for some people, once somebody appears in the group it inherits the permissions, but this is a design story and it is a complete different one. :-) Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8+aiCj65ZxU4gPQRCIW1AKC6Kkv7C2g/rGPvzSle+S5Z3H+iAQCgyC80 nnV1kq5cySU6fsuIIS5SLFE= =LaRr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] log rotation in samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tomasz Chmielewski wrote, On 21-09-2007 11:10: Melanie Pfefer schrieb: Could you please share how you used logadm/logrotate to rotate samba logs? Hmm, doesn't Samba rotate the logs by itself? I.e.: log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 5000 AFAIK, no. This only tells samba how much information to keep in each file and how detailed they are. If you want to have history, you need to rotate it using something like logrotate. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8+dNCj65ZxU4gPQRCK/LAJ9Yy7acWPrLshH/DU104uz31j7jeACeJV4K 77vSctYnY48GC84NHhjV+WE= =s8aW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - How to disable system locking on Windows XP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Adam Tauno Williams wrote, On 21-09-2007 09:20: I have tried many approaches and am out of idea. I would like my Windows XP to stop locking the screen when I leave for 10 minutes or so. I know this is an XP question, but I feel it is related to Samba PDC since all suggestions that I have found indicate I should not be seeing this This is purely a Windows question and has nothing at all to do with Samba Unless you have domain policies (via an Samba server in NT4 PDC mode) that define screen saver preferences this is entirely a workstation configuration or user profile issue. What what what, Samba can do policies NT4 domain policies, yes. NT4 domain policies are entirely passive and are really just a shared file. Samba cannot do AD policies / GPO policies. This is well documented in the official Samba Guide and HOWTO. Although this is really entirely a Windows issue as Samba doesn't really 'do anything' when using NT4 policies. Hmmm, using LDAP (at least) you can do a few Domain Policies (I really don't know how to call it) to define number of logon tries before lock, Password History, minimum password size. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8+fNCj65ZxU4gPQRCJgtAKC9hatcLIY7LKACETf4lalM7aLfQwCbBBRs sA3trhPdao+rEPFAoTjtzks= =rXH1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating to LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim Bates wrote, On 20-09-2007 20:46: Felipe Augusto van de Wiel wrote: [...] Check sambaldap-tools (smbldap-tools) from IdealX, it probably has what you want. :-) Already looked. Doesn't seem to. I always thought they did it aswell, but it seems they don't. Something is wrong, last time I used them, they did it. Ignaciou Coupeau tutorials are also nice (even if they are somewhat out-of-date). Seems more interested in starting from scratch or migrating from older LDAP based installs. Nothing about going from another backend to LDAP. If you want to understand more about the LDAP process in Samba and how they evolve, that's a very good documentation, YMMV. And of course, the Samba By Example and Samba Official HOWTO are the best and official source of information about it. Same as above... Unfortunately. Yes, it seems unfortunately, even if I heard of quite a few people on this list talking about these tools and docs to migrate their bases. A pity. :-( Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8+idCj65ZxU4gPQRCJaBAJ9DS/HGt/pAvLSPZWPlaspUEOOCuACff7TQ dIj01mBbGcSjs21xtyfwTK0= =Bblc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] acl permissions not staying
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Neil Wilson wrote, On 20-09-2007 14:28: Hi guys, I've got a problem where if I set permissions on a folder(Admin) setfacl -R -d -m u::rwx,g::wrx,o::- Admin/ and setfacl -m o:- Admin I get the following. mail:/data/samba/shared # getfacl Admin/ # file: Admin # owner: BCP+administrator # group: samba user::rwx user:samba:rwx group::rwx group:BCP+admin:r-x mask::rwx other::--- default:user::rwx default:group::rwx default:group:BCP+admin:r-x default:mask::rwx default:other::--- If I then browse to the share through windows and look at the permissions for everyone(other), they have none which is what I want. I only want the user and group to have rwx on the folder(recursively) and I want everyone to have no access. If I then go and change any of the permissions through windows eg: adding/removing a group/user etc. then suddenly everyone(other) gets the following permissions. May I suggest that you then stop changing permission from Windows? :-) Seriously, it seems like some default of Windows when changing something. mail:/data/samba/shared # getfacl Admin/ # file: Admin # owner: BCP+administrator # group: samba user::rwx user:samba:rwx group::rwx group:BCP+admin:r-x mask::rwx other::r-x default:user::rwx default:group::rwx default:group:BCP+admin:r-x default:mask::rwx default:other::r-- No matter what I do through windows I cant remove access for everyone unless I use the setfacl coomand again like above. That's strange and it seems more a Windows problem than a Samba one. Did you tried with other versions with Windows? I remember having managed directories under MS Windows clients without such behaviour. Maybe your inheriting something from parent folder or some option from the tool you are using. Another thing is that the permissions I'm applying aren't being applied recursively, even though I'm applying them to recursively. mail:/data/samba/shared/Admin/Pippa # getfacl Wills/ # file: Wills # owner: BCP+administrator # group: samba user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:other::--- Please could someone shed some light here as I'm very baffled. Thanks in advance. Just to be sure, do you have ACL support compiled in Samba? We are using ACLs with Samba in Debian etch (4.0), without any problems and with the expected behaviour. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG9BD0Cj65ZxU4gPQRCP4/AKC4tOCFv/vUh0lw5/QS9Sz9ETf1UQCgyZSt P7uMp0zvEBtijdOoKA+T6Yc= =qRTn -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What management of samba is available for large scale deployment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 D G Teed wrote, On 19-09-2007 11:58: I'm working for a higher education institution, and we have Novell Netware for our file sharing services. We are looking at what migration paths are available. I know samba works, we use it on a number of Solaris and Linux boxes and have it authenticate against our Windows ADS. Manually editing samba confiiguration files for up to a hundred users is OK. The challenge is how do you manage a few thousand users with backends that auto-populate the samba config and front ends which administrators can tweak as needed? I'm not sure I really understand what your are talking about. When you say backends that auto-populate the samba config this turns on the red light as it sounds like something a little bit //dangerous//. I worked with scenarios with thousands of accounts and usually the best way is to work with LDAP and ACLs on the filesystem to make it easier to automatic inherit access by groups, which should be simpler to keep up. By front-ends I know some people that users SWAT and a lof of people that uses PHP tools like phpLDAPadmin or LDAP Account Manager. I'm not aware of any tools that looks like similar to Novell Graphical Admin tools, but in a similar case, there are people use Windows Management Console to deal with users in Samba backends. Does someone make a product which helps with the management of Samba and provide features like autocreation of groups to support shared permissions on folders, etc? If not a product, has there been a guide on how to deploy samba with a large number (5000) of users and a large number (perhaps 300-500) groups? Yes, it is called Samba By Example and it is available as a book or on-line in the Samba Docs section. Having a product which permits users to self-administer their share and allow read or write access to certain users or groups would be ideal. Self administer their share? You mean the share available in the server? Sounds odd. But it probably can be done with some LDAP ACLs. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8pWRCj65ZxU4gPQRCJWcAKDGECnV/4ov9f90B3s5EfWHqsGqTQCeJwJj VUluxzW4SRPvV3kp+NLdapM= =NIxY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating to LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim Bates wrote, On 19-09-2007 23:29: Can anyone point me to a guide on migrating Linux and Samba accounts to LDAP? I can only find part guides, and I can't figure out how to get the account data combined (without a lot of manual effort). I can get the Linux accounts over no problems. I then tried to do pdbedit -i tdbsam -e ldapsame -s /path/to/modified/smb.conf, but it only manages to stuff things up by skipping the real accounts and creating the system accounts (which I don't want). I then tried clearing the LDAP data and doing the pdbedit thing first. But it still skips real users and just creates the systems accounts. It does say it created the real users, but they don't appear. I don't really want to have to reset all the passwords and rejoin all the PCs to the domain... So I need a method of doing this. Check sambaldap-tools (smbldap-tools) from IdealX, it probably has what you want. :-) Ignaciou Coupeau tutorials are also nice (even if they are somewhat out-of-date). And of course, the Samba By Example and Samba Official HOWTO are the best and official source of information about it. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8pj8Cj65ZxU4gPQRCAxHAKC2Dfrs23Jv8nnYNaO3WkRMRyF9oACg0LiB rd9Jd5//OtFLBYkkFKHmBjg= =CX5T -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem after joining Windows domain: Will Samba support fallback to local domain for authentication of local users?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Windsor Dave L. (AdP/MOE2.12) wrote, On 19-09-2007 16:45: Will Samba support fallback to local domain for authentication of local users? I joined a RHEL4 server running Samba 3.0.10-1.4E.11 to a Windows 2000/2003 mixed-mode domain today using security = domain, after having run for many months in security = user mode. Authentication works fine for users defined in the Windows domain, but we have a few users (mainly on manufacturing equipment) who are not in the domain, and are defined in /etc/passwd and an old-fashioned smbpasswd file only. When mapping drives (these are old W2K clients), these users must now use servername\username for their username, or the server will try to authenticate to the domain and get a NT_STATUS_NO_SUCH_USER error. You can join the machine on the domain, use 'security = user' and uses winbind to authenticate all your users local. Because you can use winbind to have users via NSS and then, both your users from DOMAIN and from passwd/shadow will be available. :-) Probably you'll need some magic to auto-add them to the local backend, but it seems more like what you want. I seem to recall that an old server we used to have that ran Samba 2.2.x in security = domain mode would try to authenticate against the domain first, then fall back to the smbpasswd file if that failed, so authentication of locally defined users was transparent. Is there a way to make Samba3 fall back to the smbpasswd file if the user is not in the Windows domain? I've experimented a bit with passdb backend, but I haven't seen any difference. Of course, I can just go to all the production equipment and remap the drives, but there are quite a few of them, and I'm trying to avoid the downtime. security = server is deprecated but it might do something similar to what you want, anyway, you should check the Account Information chapter to get more detail on how to use the security parameter and how other parameters must be tweaked according to your choice. http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html And because of the encryption and other options, I'm not sure about the best way to configure the fallback idea. Good luck. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8ph2Cj65ZxU4gPQRCKraAJ9otNF69ZCCj+oNimofgVmg34YK3ACcCl3C JqUGmEzjwlfeREJXLwL5jO4= =Ycci -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3+openldap:Problem during the LDAP search
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Edmund Lin wrote, On 19-09-2007 00:04: Hi, I'm sorry that I'm new to LDAP. We used to use tdbsam as the passdb backend. I wish I had time to learn more about LDAP but I need to finish this in these few days. I just followed the steps from Samba guide chapter 5 and got stucked at the point of joining domain. I also use ldapsearch -x uid=root and see the root account's information. If this is not the right way, would you tell me how to check it and correct it? I swear I will study LDAP in depth after I get through this. You don't need to swear to us, I think Adam is more concerned with you when he say that it needs glue, otherwise you probably will face some troubles finding where exactly is the problem. ldapsearch is fine, but you should invest a couple of hours to read the LDAP Administrator's Guide and a few bits of the whole LDAP+Samba dance, it can save you hours of hitting the head against the wall. :-) And I can use the root account/password to access the share folders of the server without joining the domain. My guess is that you are missing the admin account of the Domain. You should use 'net groupmap' or 'net rpc rights' to give to the LDAP-root user the ability to join machines to the domain. But looking for the error you sent in the previous message: logon failure:unknown user name or bad password, it seems that there is still a problem with your account/password configs. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8T1kCj65ZxU4gPQRCKv1AJ9bCR62OSp6+0dx6wpZzgUULwAJqACeNyo6 acpG77L7c7Qe2fmBBhbkuhk= =7f1C -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdbedit -P password history doesn't work !!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hubert Choma wrote, On 19-09-2007 06:36: Hi ! This is my firs post here. I've got a problem with password history policy -C 3 which doesn't work !! I set policy pdbedit -P maximum password age -C 777600 (90days) pdbedit -P minimum password age -C 691200 (80days) user must logon to change password -C 2 password history -C 3 On clients (XP PRO) some of people doesn't see warrning with password expired information and password history doesn't work !!! I can set still the same password . Usually this only affects users _after_ the policy is in place. In my experience, only after we made all the users change their passwords, the policy applied to them all, from time to time, for whatever reason, the policy lost our setup and fallback to default, I'm using LDAP as a backend and Samba 3.0.24 in Debian. My backend is smbpasswd in smb.conf .I tried with pdbedit but when I changed backend after restarting samba XP cannot login because it must be added to domain again. In my production serwer I use smbpasswd backend. So I don't want to add all computers again to domain!!! SID of domain is the same like before ! I think you can use pdbedit to help you changing backends, you shouldn't need to rejoin all machines just because you change the passdb, some people move from smbpasswd to LDAP and are able to avoid that. Why after changing backend i must add again computer to domain?? Because some info got lost in the migration. Try to use pdbedit to migrate the info from one backend to the other. To use pdbedit policies which backend should I use ?? Please help!!! My ver. of samba Version 3.0.26a-0.fc7 Any one. :-) http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8T7+Cj65ZxU4gPQRCEedAJ9gHrISmyqszhD/vHTVjoohL8Y+mgCfUxuM kw55AwgJg1OOhcDUXjJFhRc= =eabD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3+openldap:Problem during the LDAP search
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Edmund Lin wrote, On 16-09-2007 23:59: From: On Behalf Of Adam Tauno Williams Sent: Thursday, September 13, 2007 4:50 PM To: samba@lists.samba.org Subject: Re: [Samba] samba3+openldap:Problem during the LDAP search I'm trying to use samba3+openldap as our PDC. I installed the server using CentOS4.4 single service CD and then use yum install openldap-servers to install openldap server. I already ran smbpasswd -w secret. When I invoked smbpasswd -a root the following error showed up: [EMAIL PROTECTED] samba]# smbpasswd -a root smbldap_search_suffix: Problem during the LDAP search: (No such object) New SMB password: Retype new SMB password: smbldap_search_suffix: Problem during the LDAP search: (No such object) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) smbldap_search_suffix: Problem during the LDAP search: (No such object) Failed to add entry for user root. Failed to modify password entry for user root Is there a user root in your Dit? Hi, I'm sorry I don't understand the word Dit. DIT == Directory Information Tree If you mean the account name of linux, yes there is a user root. And all I did is under the root account. The question is if you have a user root inside your LDAP directory, not the root in passwd/shadow. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG7nkQCj65ZxU4gPQRCB/hAKCi/2WT082Kdw5ZFJ38ac46bCgAOQCgzW0G rJOos1rPDTsoHQId7uqTmRo= =GeHM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Different user permissions on the same share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Marco A. Ferra wrote, On 09-09-2007 09:12: I have installed Samba on a OpenBSD machine that belongs to a network that have a bunch of Windows 2000 and Windows XP machines. These Windows machines are part of a Windows Domain but not the OpenBSD machine. Any special reason to not join the OpenBSD on the domain? By doing this, you could use 'security = domain' instead of 'security = share' and you could use read/write lists. The problem is this: On the OpenBSD machine I need to create one share that anybody can read but only some users can write to. Well, if the security = share, anybody could read or could read/write, but I can't define some users that can write. (I have read the documention and it seems that, by design, the option write list on Samba 3.x doesn't work with security = share, correct me if I'm mistaken). The best situation possible is, because the user on the Windows machine is already identified himself on the Domain, the Samba should see the username that is trying to access the share and, without asking for a password, give to him write permissions. (remember that anyone is able to read the files at all times!) The second best situation is for the Samba to ask a password to that user. Please keep in mind that this machine should be isolated on the network so it will not join the Windows Domain. That's strange, you will benefit by joining the Domain, anyway, if you prefer to not do so, you probably can use ACLs or change it to 'security = user' and use ACLs. In conclusion: This should be done under the same share point; all users can read but only some users can write, and they shouldn't supply a password. Can any of you point me the right directions for doing this? If you have the list of your users some way accessible (even if you recreate them by hand, but that could be a problem with password) you can either use ACLs or Samba read/write lists. There is some time I last used 'security = share', if it still uses the user connected to read/write to the disk before get the guest account, you could use ACLs on the filesystem. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG5ScgCj65ZxU4gPQRCAj4AJ9AflohgNOsDvDVo8/7QtDgHVI/JACeJM/K orUo/rBwaORjX68cC1bs76I= =M9+s -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] php includes lost
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Phill Atwood wrote, On 22-08-2007 15:34: On Wed, 2007-22-08 at 15:03 -0300, Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Phill Atwood wrote, On 22-08-2007 11:56: We have a windows network and the server is running mysql and php. If I access our web app via firefox from a windows box the app works fine. However, if I connect to it thru my laptop which is running Debian Etch and using samba I can access the web page but it doesn't function properly because the include statments in the php code aren't functioning properly. I have a feeling it is either a problem with my samba configuration or perhaps it is because I'm not entering the correct workgroup in the password dialog. When I use another windoze machine it doesn't ask me for a workgroup. I'm having trouble discovering what ones are defined if any on our system. Any suggestions for this problem are appreciated. If you don't access your PHP files using a web browser then you are not accessing the HTTP server that handles the PHP dynamic content and this is the expected behaviour. It is not clear to me how you are accessing the pages, but if you use IceWeasel (firefox without brand) in Debian it should work just fine. If you use a file browser in a samba mount point, it shouldn't work. Yes, I'm using IceWeasel. My url is smb://server/wwwroot/repository/index.php If you access your pages using this URL your request does not pass thru a HTTP server and the PHP is not processed, you can use IceWeasel to access the Samba Share, but then it it Samba serving the file and not some process like Apache that is able to interpret PHP code. If I try: http://server/wwwroot/repository/index.php I get redirected to www.server.com Phill This is explained by Andrew, check you DNS. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzaHrCj65ZxU4gPQRCI6PAKCRil+Bq/0/5RUh9UycMBHeKnlsxACfbRKq 0XLO8hTTpwdUO2ZZwoEWi/Q= =sJrL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] php includes lost
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Phill Atwood wrote, On 22-08-2007 11:56: We have a windows network and the server is running mysql and php. If I access our web app via firefox from a windows box the app works fine. However, if I connect to it thru my laptop which is running Debian Etch and using samba I can access the web page but it doesn't function properly because the include statments in the php code aren't functioning properly. I have a feeling it is either a problem with my samba configuration or perhaps it is because I'm not entering the correct workgroup in the password dialog. When I use another windoze machine it doesn't ask me for a workgroup. I'm having trouble discovering what ones are defined if any on our system. Any suggestions for this problem are appreciated. If you don't access your PHP files using a web browser then you are not accessing the HTTP server that handles the PHP dynamic content and this is the expected behaviour. It is not clear to me how you are accessing the pages, but if you use IceWeasel (firefox without brand) in Debian it should work just fine. If you use a file browser in a samba mount point, it shouldn't work. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzHp0Cj65ZxU4gPQRCO1OAKCa2mFQVOjd5AjuPAW8t1texS5OigCdH4Ly CV9m/2Bvj8uOi76JkabEmcM= =ft/h -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 upgrade misery
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Curtis Maloney wrote, On 16-08-2007 21:08: Felipe Augusto van de Wiel wrote: Curtis Maloney wrote, On 15-08-2007 21:07: [...] There are quite a few messages on the archive about different speed problems with regards to Samba serving files, Honestly, I think if I can stop smbd barfing and closing sockets, the problems might just clear up... Seems reasonable. smbd is repeatedly spewing forth lists of socket options from print_socket_options: [...] What testparm tells you about your smb.conf parameters with regards to the socket options? What options did you tried? Can you post more details about your smb.conf? With samba 2 I used the line: socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_BROADCAST In recent version of Linux (2.6.x) it is the consensus on this list to drop some of the flags, I'm not so sure about Solaris kernel. And things were just fine. Here are a few messages from threads about performance, maybe you can find something useful for your case. http://lists.samba.org/archive/samba/2007-April/131096.html http://lists.samba.org/archive/samba/2007-February/129562.html http://lists.samba.org/archive/samba/2007-April/131091.html http://lists.samba.org/archive/samba/2007-February/129139.html http://lists.samba.org/archive/samba/2007-January/128814.html http://lists.samba.org/archive/samba/2007-January/128645.html http://lists.samba.org/archive/samba/2007-February/129652.html http://lists.samba.org/archive/samba/2007-February/129797.html 3) And what can I say to my boss who keeps asking What does samba3 give us over samba2? Because frankly, I'm coming up empty. First, maintainance, Samba2 is deprecated, no security updates. It is better to talk with client machines in several ways. It uses tdbs and/or LDAP, account policies, group mappings. Well, security's always a good point... Could you possibly elaborate at all on what advantage tdbs gives? I have switched to using it, but, again, the docs aren't very specific on its gains. Check tdb source forge page: http://sourceforge.net/projects/tdb/ The idea is that it allow multiple writes, should be faster and safer (because it uses internal locks). http://wiki.samba.org/index.php/TDB It also has nice backup tools to keep various different information about Samba and its network environment. I'm not sure if you are using LDAP, it is a powerful resource, specially if you want to have PDC/BDC behaviour. The Samba3 changes a few points in the course of his development, I don't know what migration doc you read, but if it is not about 3.0.25, you need to check a few extra points from the release notes that will solve a few problems. The only feature of a PDC we use is the single point of authentication. Hmmm... PDC/BDC spreads the authentication among them, they do not use a single point. You can have a authentication server without being a PDC. :-) Other than that, we just need to share files (and because of some ridiculously old apps, printers). Nice, a standalone server would work great. The possibility of using LDAP has surfaced a few times, but as yet it's been avoided as grossly over complex for us, a security hassle, and various other issues. I'm biased, but I would use LDAP for networks with 10 users. :-) I read the migration docs on the web site, so if they're not current, someone should make them so. Seems fair, do you have any links? Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGxaHvCj65ZxU4gPQRCPQbAKC2d+i8dF9elM8SmVdO3CQCjyVbkQCcDJSn uiZ3OQ7pSyKc6ISmvoEaegg= =xwoG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 upgrade misery
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Curtis Maloney wrote, On 17-08-2007 02:45: Well, just had a user come and show me a JPEG that's been corrupted because the file copy died part way through. The error was that the destination folder was no longer available. I have no idea how much of the copious logs are relevant to the debugging of this issue, as there are no log level indications (why not??) so I'll paste as much as seems relevant. Feel free to ask for more. [2007/08/17 15:38:59, 8] smbd/dosmode.c:dos_mode(371) dos_mode: PROJS/R425_E1022_EV15_12 Scan Eng/EV12_assy_TB1.JPG [2007/08/17 15:38:59, 8] smbd/dosmode.c:dos_mode_from_sbuf(188) dos_mode_from_sbuf returning a [2007/08/17 15:38:59, 8] smbd/dosmode.c:dos_mode(409) dos_mode returning a[sparse] [2007/08/17 15:38:59, 10] smbd/trans2.c:call_trans2qfilepathinfo(3539) call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION [2007/08/17 15:38:59, 5] smbd/trans2.c:call_trans2qfilepathinfo(3549) SMB_QFBI - create: Fri Aug 17 15:34:36 2007 access: Fri Aug 17 15:34:36 2007 write: Fri Aug 17 15:34:36 2007 change: Fri Aug 17 15:34:36 2007 mode: 220 [2007/08/17 15:38:59, 9] smbd/trans2.c:send_trans2_replies(712) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2007/08/17 15:38:59, 9] smbd/trans2.c:send_trans2_replies(714) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2007/08/17 15:38:59, 5] lib/util.c:show_msg(484) [2007/08/17 15:38:59, 5] lib/util.c:show_msg(494) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51265 smb_tid=1 smb_pid=2532 smb_uid=101 smb_mid=13570 smt_wct=10 smb_vwv[ 0]=2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]=0 (0x0) smb_vwv[ 3]=2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]=0 (0x0) smb_vwv[ 9]=0 (0x0) smb_bcc=45 [2007/08/17 15:38:59, 10] lib/util.c:dump_data(2261) [000] 00 00 00 00 00 00 7E 19 4C 90 E0 C7 01 00 7E 19 ..~. L.~. [010] 4C 90 E0 C7 01 00 7E 19 4C 90 E0 C7 01 00 7E 19 L.~. L.~. [020] 4C 90 E0 C7 01 20 02 00 00 00 00 00 00 L .. . For now, I can NOT afford for Samba to be destroying my files, so I'm going to switch back to 2.x and statically link the CUPS libs (the main driving reason to upgrade in the first place - samba2 doesn't support CUPS 1.2) Good luck. I remember that you said that the Samba 3 compilation was not very smooth on Solaris 9, did you check the compilation info from here: http://us4.samba.org/samba/ftp/Binary_Packages/solaris/sparc/ Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGxaKbCj65ZxU4gPQRCEUvAJ4z8hjBiX3H8jEuoj0YPBwUipJ31QCgzgih rl4zyXMqyhrDCju4pKPB1U0= =gwqB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 upgrade misery
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Curtis Maloney wrote, On 15-08-2007 21:07: Greetings, all Hey Curtis, [...] Then the user complaints started. The network is _slow_. Files can take minutes to load. I tried eliminating all the variables - disable the virus checker, copy the file locally, etc etc. There are quite a few messages on the archive about different speed problems with regards to Samba serving files, frankly speaking, I couldn't tell you one idea, I've been fortunate enough to not have performance problems with my Samba boxes, but all in all, it seems to be related with several small good practices of oplocks, socket options and other smb.conf parameters. It's samba. [...] First, the details: Solaris 9 Samba 3.0.25b GCC 3.4.6 1) Why are so many socket connections being aborted? How can I track down the cause? Try to increase the debug level (log level) to 10, you can also strace the process and/or capture the packages to try to figure out something. 2) Why does set_socket_options have errors for ANY options I specify? Samba2 didn't. What options did you tried? Can you post more details about your smb.conf? 3) And what can I say to my boss who keeps asking What does samba3 give us over samba2? Because frankly, I'm coming up empty. First, maintainance, Samba2 is deprecated, no security updates. It is better to talk with client machines in several ways. It uses tdbs and/or LDAP, account policies, group mappings. I'm not sure if you are using LDAP, it is a powerful resource, specially if you want to have PDC/BDC behaviour. The Samba3 changes a few points in the course of his development, I don't know what migration doc you read, but if it is not about 3.0.25, you need to check a few extra points from the release notes that will solve a few problems. I hope this helps. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGxEuACj65ZxU4gPQRCH9rAKCf7ioP3sB1PrL9K0c6SC0tboCKDACfUaB9 Uwva4paIZvFYIjs/d809sXM= =urGP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permission problems with Samba Version 3.0.23d
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dennis Schwan wrote, On 08-08-2007 06:00: [Agents] comment = Gemeinsames Laufwerk browseable = yes path = /samba/public writeable = yes write list = @agents, sonja, administrator, engesser, atzler admin users = administrator force create mode = 0770 force directory mode = 0770 create mask = 0770 directory mode = 0770 force group = agents nt acl support = yes inherit acls = yes oplocks = no But now i have the problem that all files that are copied on this share are generated as follows: -rwxr-xr-x I treid to change the create mask and force create mode options but i never got a write permission for the group. Copy in this context is the act of add a new file or the act of duplicate an existent file in the share? I'm asking because sometimes, some aplications can do strange things with file permissions when they are duplicating an existent file that differs when they are creating it. The server is used as PDC with LDAP Authentication and the clients are all W2000. I hope that you can help me. Sorry if this sounds silly, but did you reload or restart or gave enough time to have the configs automatically reloaded by samba? You should check for filesystem ACLs, that could change the behaviour. You should also check the 'directory security mask' but as far as I can see there are no problems with your setup, I have a similar share (with similar permissions) and it is working fine. (I'm using Samba 3.0.24 from Debian etch). Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGucEXCj65ZxU4gPQRCNQgAKChLGMajDa5RZ2bhfJLmkL6E5A1wgCeMhYP OQL/IvRtERkFPh/eHGlsum0= =H51d -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Wireless + samba domain.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Duarte Lázaro wrote, On 07-08-2007 05:56: hi there, for implementing samba domain, whit wireless suport, what are the possible solutions? the frist i think of is cached logins !! are there any others ? What do you mean when you say with wireless support? As long as your client is in your network and properly configured to access you domain/workgroup, it doesn't really matter if their network is wireless, Ethernet, Fast Ethernet, Gigabit Ethernet, Frame Relay, Dial Up, across the ocean... If you are thinking about Road Warriors, people that are connected in your network but have to move on and use the notebook or wi-fi client outside your network (and with no network access), then you can create a local account for them or use cached logins. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuHxECj65ZxU4gPQRCJTtAJwJ+RVKwHzgUcSozm2EQca1XlEBLwCgrLuI Hn7nWUC7FfcmSlmijXb+Q6s= =6XE+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Newbie Setup.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Grant Peel wrote, On 07-08-2007 10:42: I have a working setup (apparently) using this configuration file: # Samba config file created using SWAT # from 192.168.1.101 (192.168.1.101) # Date: 2007/07/21 16:09:38 [global] workgroup = OFFICE server string = Home UNIX log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 99 [homes] read only = no guest ok = no browseable = no And a regular /usr/local/etc/samba/smbpassword file. Again, All I am looking for is the ability to have my users map thier unix folder on my servers to thier Windows Explorer as another drive, again, that appears to be working. A few last questions if anyone has time for them: 1. Are there any show stopper security risks I need to address with this type of setup? Maybe, do you have your other parameters like 'security', 'invalid users', probably the result of 'testparm' and 'testparm -v' would make the trick. ;) The default configuration of samba (from official samba source) is pretty sane, but security is a process not a product, so you may have more higher standards of security than others. 2. How does Samba allow authenticating from the Samba file when it seems there is no (apparent) mapping to the master.passwd file? 'testparm' probably can answer that. ;) 3. For this simple setup, should I be adding any more Samba directives to the samba.conf file? Long time ago, and 'old school' sysadmin said to me that you should never trust the defaults, always explicit add in the config file what you want, and if the default change you will be safe. testparm can show you the values as they are now, you can them make the result of testparm your new smb.conf, but there is no big point on doing that if you trust the default values. The Official Samba HOWTO has tips about security all over the chapters, restrict the bind interfaces, the IPs networks, the users, for example, some people use 'valid users = %S' in their [homes]. I can't believe it was that simple to setup...should it have been, or am I missing something that created a big security hole? Samba is simple, it just requires some patience, care and attention. ;) And so far, I didn't see any big security hole, but again, your security is as strong as the weakest link in the chain. The type of your passwords, the measures to ensure they are safe and with right permissions, and other small options can make the difference. P.S. I AM reading all the howtos and Faqs and things! That's good. ;) Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuH8rCj65ZxU4gPQRCLyWAKCGdrUWKPG3pZ6SRuL2yuGRX4r7BgCeNFzR FLb6WaEjLXq5XWhPoSn2+qE= =Zpkt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rename workstation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Linux Guy wrote, On 04-08-2007 12:31: Am using ldap samba If I try to rename a workstation, it asks for username and password. I'm logged in as root, I get access denied after I enter the name and password. Is there a way to fix this? Probably. You should tell samba that root is your Domain Admin, but I'm guessing everything since you didn't send any logs and didn't showed us your smb.conf so we can understand what machine is the PDC and the step you are taking in order to rename the workstation. Please, provide more information and details. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGtw+6Cj65ZxU4gPQRCHBPAJ49DdweyMO1jdvhrmGNeXYMOKuAdQCcC8Vc D6G1OOA3BKZIxXSv1VklPb0= =oUSB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB VFS INTERFACE VERSION and samba version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Saurabh Suman wrote, On 04-08-2007 04:44: Hi all, I am trying to develop VFS module for samba to work with interface version (=6). I am just wondering after which samba version SMB_VFS_INTERFACE_VERSION becomes =6, so that I can put the dependency for my module for minimal samba version to be installed. Is there anybosy who can help me? Thanks in advance. Perhaps you should try the samba-technical mail list that is focused on Samba development. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFGtxAOCj65ZxU4gPQRCO5RAJiv+zWp9ZAdl1yKWfpWDwJ0HHtDAJ0W6FEl J8UKXn/ubc4M/8sTiO7mqA== =w7Z0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to configure vfs object = audit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Indracyd wrote, On 05-08-2007 22:38: Felipe Augusto van de Wiel wrote: Indracyd wrote, On 01-08-2007 02:50: Dear all, someone can help i have samba and i won to see activied user, open, closed, delete, rename files can samba do it?and i know to configured the vfs object = audit this is my sample script : [AnCtest] comment = Audit and Controlling Tester vfs object = audit veto files = /*.exe/*.mp3/*.msi/*.mpeg/*.mov/*.scr/*.dat/*.wav/*.3gp I'm not sure, I just saw this now, your veto files should end with a slash: /*.exe/*.mp3/ delete veto files = yes nt acl support = yes path = /data/AnCtest public = no browseable = no valid users = @audit read only = no writeable = yes create mask = 0760 force create mode = 0760 directory mask = 2760 force directory mode = 2760 inherit permissions = yes but how to see the log vfs object = audit? For more info use 'vfs object = full_audit' (or extd_audit, depending on your Samba version), your log messages should appear in syslog, usually under the 'smbd_audit' module name and, at least on my Debian system, in messages, auth.log and user.log. syslog-ng can change this and you might also be interested in http://sourceforge.net/projects/smbdaudit i have follow your configuration but still not work, can somebody help me configuration vfs object for audit?i'm using samba version : [EMAIL PROTECTED] ~]$ rpm -qa | grep samba samba-swat-3.0.20-3mdk samba-common-3.0.20-3mdk samba-server-3.0.20-3mdk samba-client-3.0.20-3mdk samba-winbind-3.0.20-3mdk Hmmm... you should configure your 'log level' and check your syslog (or syslog-ng) rules to be sure where your logs are ending. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGtw2uCj65ZxU4gPQRCAnzAKCYCE4QDa74f+W7ufrJZOi0Fz2djACdEvgT sS1TCKpxVpt18PfjVFCSTIo= =cajd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] maybe I should explain what i am after!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 joop gerritse wrote, On 03-08-2007 16:07: I started just copying the smb.conf from the primary controller, and setting the priority somewhat lower. I assumed that it would just lose the election from the PDC, and still stay present, and available. No, that's not //just// like that. You need to change a few options in order to get the PDC/BDC expected behaviour. I am aware of the difficulties of keeping the user directories in sync; this would, in due course, require LDAP, but for the moment I decided that the user population is quite stable, so I just copy /etc/passwd and /etc/shadow and smbpasswd over in the --rare-- event that a user is added or removed. In fact, filesystem sync and account sync are two different problems, they are related but not dependent. You could use vampire or tdbsam or winbind or LDAP to keep accounts in sync. 1. It is quite hard to even make the second controller visible. In fact, I had to include a remote announce = Ip address of PDC/workgroup name line before it even showed up in Network Environment. And I am quite unsure whether this is the right way, it just worked, to some extent. No, it is not. You should use a WINS server, probably on the PDC, and properly use other paramenters in smb.conf like 'local master' and 'preferred master'. 2. I am not sure whether the backup domain controller will function as such. How could I be? Did you check the Official Samba HOWTO? Specially the Domain Control chapter? http://samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id327269 http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html If I take down the primary I might find out, but the server is too critical for the whole organization to just try. How can I make sure that a BDC will work without taking down the PDC? First of all, you should use the right commands and configuration options (man smb.conf) and you can use a small network for the BDC, change a workstation from PDC network to BDC one and see if it works. 3. And then there is the irregular behavior which I mentioned before. Sometimes the host is visible, but the shares are inaccessible; sometimes I can even get a view of the shares, but I cannot access them. In addition, i have a far simpler configuration at home, where I can just read and write to the shares. So I know it can be done, but what are the rules? Samba needs some care and attention, specially on special cases like PDC/BDC, the Samba By Example is also a good read to understad real case scenarios. http://samba.org/samba/docs/man/Samba-Guide/ And I am no Windows expert. I know quite a lot about Linux, but the apparent (lack of) logic in Windows baffles me. That is the background. Maybe it helps to get the right answers. thanks in advance for any attempts. BTW I am quite happy with an RTFM answer, as long as it's accompanied with a URL. I have read quite a few FMs, but so far without real enlightenment... This is not exactly a RTFM, but you will need to give us more information if you really want help, smb.conf, logs and better subject lines would be a great improvement. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGs7voCj65ZxU4gPQRCKGZAJ9WTXlq4h3te/i6GQcmtXrpDEhwiwCfaeGQ +AChFqanodOyAjCBYF6uZL8= =Y8nE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] my next question: no accesss
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 joop gerritse wrote, On 03-08-2007 15:40: Even if I can find back a share, (which I sometimes can, for no clear reason) then the next message I get is no access. I suspect this may be a Linux config thing, but I am still unable to figure what ownership rights I should give to the shares: root:root or someuser:users or samba:samba (this user:group does not exist as yet). What is meant by no access: is it a Windows or a Unix message (well, I suspect that this question is not unusual in a mixed environment). What message? In which context? From which log file? Please, try to give us more information and details about what's going on, USB crystal balls are quite expensive. :) Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGs7xSCj65ZxU4gPQRCPT6AJ9n664nklmqyyY1L3w5OvkdQnmHWwCfaqL5 sXP0YwmMbWF8rb72Oz2oSqI= =a/8T -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to create Users problem. PLUS further evidence
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daryl wrote, On 01-08-2007 18:05: Hi Felipe (and others), Thanks very much for your help so far. You are welcome. :-) Felipe Augusto van de Wiel wrote: Assuming that's true, how would I change things to get this problem to go away? Add some kind of group mapping or something? How does one go about doing that? Did you checked the Release Notes? And the Samba Official HOWTO about Group Mapping? I did check out the Release Notes, but I'm no samba expert so I didn't fully understand them. I will check out the HOWTO on Group Mapping later. Before 3.0.23, Samba automagically create some groupmaps when you use tdbsam, after that, you need to create them by yourself. The HOWTO has the specific commands, it is not a big chapter and it is really relevant to read and understand. I was hoping you (or anybody, really) had a quick way to get this done that didn't require me to do lots of research beforehand. Maybe somebody has come across and solved this problem before, and knew exactly what to do with say 1 simple command or something. Anyway, I'll look into it myself later. Unfortunately, Samba requires some understanding of what's going on, in this specific case it is not one line that will solve your problem, but a few of them and there is not much point in repeating the docs here, this part of the HOWTO is good and clear on what to do. You will use 'net groupmap'. And of course, you need to have *nix accounts on the server that are mapped by Samba to convert users from Windows world in real users and permissions. Probably because you are not login anonymously from Windows. Anonymous logins are different from WinXP logins, AFAICT. Okay, I didn't know that. When I try as a specific user, I get the following: $ smbclient -L //www -U daryl Password: session setup failed: NT_STATUS_LOGON_FAILURE Ok, this is a user/password error. So, you are really missing the user or something else related to permissions on the server. When I check the log for that machine on the samba server, the log is filled with the same sorts of messages as the generic log.smbd (but what you see below is from log.[worstation-name]): [2007/08/01 15:03:06, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/08/01 15:03:06, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2007/08/01 15:03:06, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/08/01 15:03:06, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users I also saw this at the top of that log file, which seems strange to me since I'm using tdbsam: [2007/08/01 10:06:10, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(241) startsmbfilepwent_internal: file /var/lib/samba/private/smbpasswd did not exist. File successfully created. I will keep my hint, try to create the groups, users and groupmaps and make sure that everything is consistent (SIDs, permissions, shares, usernames, uids, gids). I tried increasing the log level to 10 before, and didn't see anything unusual beyond the errors reported already. I will try that again though, and get back to you. It is not just the error, but also when the error happens and what happened before it. Thanks again for the help. Sincerely, Daryl. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGsdEICj65ZxU4gPQRCIwgAKCa4AFEmHT4nCa6m0qJwNVB4AJA1ACdGUGm ava9r1ZQTQL2kZse1W9b61s= =l0Yo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to create Users problem.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daryl wrote, On 31-07-2007 22:57: This problem has been driving me nuts for a while, because everything /used to/ work fine with an almost identical setup on my old Fedora Core 5 machine (same filesystem directories, same users, etc; they were moved from one machine to the other). But looking at the logs on that machine, I never had a Failed to create Users error message. I'd greatly appreciate any help anybody could give me. Hmmm... the builtin groups changed a little bit in the course of Samba releases, did you check Release Notes or your FC packages about that? If I'm not wrong this happened on 3.0.23: http://samba.org/samba/history/samba-3.0.23.html Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGsH2ICj65ZxU4gPQRCBBQAKC/zc3d3fjmU8H1udUH7p908euujgCbBOIY YP+FZlx1+A+FQT9PgKDVI1Y= =EoGR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to create Users problem. PLUS further evidence
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daryl wrote, On 01-08-2007 11:48: Hi, Felipe Augusto van de Wiel wrote: Hmmm... the builtin groups changed a little bit in the course of Samba releases, did you check Release Notes or your FC packages about that? If I'm not wrong this happened on 3.0.23 Assuming that's true, how would I change things to get this problem to go away? Add some kind of group mapping or something? How does one go about doing that? Did you checked the Release Notes? And the Samba Official HOWTO about Group Mapping? I may try verifying that 3.0.23 introduced this issue by rolling back samba to its previous version (whatever it was). We'll see. Ok. ALSO My Windows XP client also dual-boots into Fedora 7 as well, and from Fedora 7 on the workstation I can access the samba shares: $ smbclient -L //www Password: Anonymous login successful Domain=[HOME] OS=[Unix] Server=[Samba 3.0.25b-2.fc7] Sharename Type Comment - --- homes Disk Home Directories files Disk IPC$IPC IPC Service (Samba Server Version 3.0.25b-2.fc7) Anonymous login successful Domain=[HOME] OS=[Unix] Server=[Samba 3.0.25b-2.fc7] Server Comment ---- WWW Samba Server Version 3.0.25b-2.fc7 WorkgroupMaster ---- HOME WWW This is an anonymous login. But for some strange reason, the same machine in Windows cannot see the www machine at all. Probably because you are not login anonymously from Windows. My question is now: What reason would there be for the client to be able to connect to samba from Linux but not from Windows? Anonymous logins are different from WinXP logins, AFAICT. I am going to hook up wireshark and watch what's going on at the network level when I get a free moment. In the meantime, any suggestions whatsoever are welcome. If everything is ok with you user and group account, group mappings and SID, everything should be ok, getting the error about builtin accounts with the fact of the migration hint me to the BUILTIN Group problems. It could be something else, increased log levels (10) can help a lot in this context, you can also test simples shares decreasing the security level just to figure out what's going on. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGsMekCj65ZxU4gPQRCMp+AKDQ5VAoy0xYnBlAuQTAiGyQoJ7b9ACgyI8z oro+1m1yc6sv5sG7F+0FhC4= =e0w7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access share from client out of second domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Marc Muehlfeld wrote, On 24-07-2007 09:26: Hello, I have two samba domains and I want to let users of each domain connect to shares of each other PDC. As long as I use samba =3.0.22 it works fine (DOM1\user1 is automatically mapped to DOM2\user2) , but later versions won't (DOM1\user1 is shown as DOM1\user1 on PDC2). How can I do this? Since you didn't speak about the previous configuration and don't give any details about your smb.conf in both domains, I will just hard guess what you could do. :-) Have you tried Interdomain Trusts? http://samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGpiVMCj65ZxU4gPQRCLzVAKCNBdCRQYOr6zXgg+Tw/W4clZgAMACgpTYp x/BBaP+YmI1aNoP6YbWKJj4= =Dn/a -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing AD domain info with 2 SBS2003 servers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bill Ries-Knight wrote, On 20-07-2007 12:07: [...] The firewall was restored, different but similar function. The OpenVPN tunnel was restored with the same configuration. All is fine except for the lack of name based browsing. The second domain no longer shows. From local, there is no Local2. From Local2, there is no Local. From Local2 server one can find Local by name, but only because of an entry in the hosts file. [...] Any thoughts, suggestions, links to solutions and requests for clarification are appreciated.. Do you need AD? If you don't, change for NT4 style with LDAP and you can safely use WINS to share names across the VPN. If you really need AD, you can use WINS and/or winbind (but I'm not sure about the setup, since I avoid the AD for now, until Samba4). I do not have any contact with SBS2003, except testing it to show problems to the IT Team, so I can't really help specific with this, sorry. :-( WINS should solve your name problem and you could use two Sambas only, not sure if you really need the SBS2003. Hope this helps, Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGpL1MCj65ZxU4gPQRCP1eAKCia0Ca1Ggsv/rpOTIgoYZkzuMqJACg0Sy+ Q2qGv+AJ8xFi5xT9If9anbs= =doEX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 4 TP5 support group policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 KS Tan wrote, On 19-07-2007 23:59: Seems the Group Policy features will release on TP6. Anybody know the exactly date? Sorry, I don't think there is a pre-defined release schedule with an exact date, sometimes TP releases happen in 2 months, sometimes it needs more time like 6 months. TP5 happened on 20070608, so I would imagine that the next release would happen after August, 2007. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGoNpqCj65ZxU4gPQRCOMwAJ9biX2HAUUcc1oEYDn6nuS+f9dcEwCeO6NZ 5LzKd3/pntHJygZxsv+nytM= =rI5N -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Changing domain name
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Didster wrote, On 19-07-2007 15:33: Hi, Thanks for the response. I did think that about getlocalsid - the clues in the name and all - but what got me is this from one of the offical howto's Good, there is now a safe copy of the local machine SID. On a PDC/BDC this is the domain SID also. Which implies on a PDC getlocalsid will return the SID of the domain the PDC is PDC for? Maybe I'm miss reading it! Which means that the DOMAIN SID and PDC SID are the same if everything is correctly configured. SID is part of the process to have the machine as a PDC for a given domain, but it is not the only thing, you still need smb.conf parameters to tell which one is the PDC and which ones are BDCs. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGoNuRCj65ZxU4gPQRCBcsAKCCOfqUTlaWTQhWJDWGBBnzLkF+SACgjndw R+5IvrepJ2l4GfJ1wCHGOPQ= =C8I7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] odd Not listening on called name behavior
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Matthew Easton wrote, On 19-07-2007 12:33: After migrating from RHEL 3 to Fedora Core 6 I get the following error message repeatedly libsmb/cliconnect.c:cli_start_connection(1445) session request to *SMBSERVER failed (Not listening on called name) : 15 Time(s) What is *SMBSERVER? I don't have anything with that name on the network. libsmb/cliconnect.c:cli_start_connection(1445) session request to DSARABIA-WKS failed (Not listening on called name) : 2 Time(s) libsmb/cliconnect.c:cli_start_connection(1445) session request to WKS-035 failed (Not listening on called name) : 13 Time(s) In smb.conf I have hosts allow = 127.0.0.1 192.168.192.0/24 hosts deny = 0.0.0.0/0 interfaces = eth0 lo bind interfaces only = yes The two workstations DSARABIA-WKS and WKS-035 are both members of the domain and have valid IP addresses on the subnet. They have statically defined leases in DHCP. The only thing I can figure is that they lose their IP address on every reboot, and then try to connect to the server by broadcast before they get an address. Is that even possible? Hmmm, not sure but the smb.conf man pages says that the 'hosts allow' parameter is a comma separated list, *maybe* that could be the cause of your problem. And I don't think that your workstations are trying to access the server without an IP address, if you set the IP address without the DHCP, does the error still appears? Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGoN56Cj65ZxU4gPQRCJiTAJ9E7d85IhP+AE8aKz9U6+OwiA/VYQCcCV+c LaPCg/4ZvuuJqCs1j5hQ+BU= =sOnP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Prewin2kname with samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kaustubh Chaudhari wrote, On 19-07-2007 08:24: Hi All, I create a user in windows2k3 AD server whose Name is test Logon name is win2k3test and Pre-win2k name is testprewin2k (You get all this options when you create user in AD) My samba is connected with this AD every thing works fine but when i Do wbinfo -u i can see the prewin2kname of the user ie: testprewin2k and not the win2k3test not sure what is the reason for this. Even i can access the share with this prewin2k name and not with win2k3test user. wbinfo -a win2k3test%testpasswd-fails wbinfo -a testprewin2k%testpasswdworks fine May be there is some concept behind this but i was not able to find the same can any one of you re-direct me to the same or explain it. Imagining that Samba3 is not as good as Samba4 with AD and that Samba3 gives preference to NT4-style domains, probably it is using the pre-win2k names. If you create a user without all the options that AD gives what happens? Thanks for you all help. Kind Regards, Kaustubh. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGoN9GCj65ZxU4gPQRCOTPAJ9l1IwqoN+Brl1nO5GqCiITvZLwIgCfUG4A 8qBwnyf/AJ4idewQpoHeK+w= =P7e9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 4 TP5 support group policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kim Sim Tan wrote, On 19-07-2007 10:26: Hi all, Recently I'd install samba 4 TP5 in my computer for testing purpose. Everything is done and my Windows XP pro computer able to join my samba4 domain. Nice. So the next step I want to do is test the Group Policy (I know samba 4 support this), but I can't get any documentation. Any help is appreciated. Did you already took at look at the wiki? http://wiki.samba.org/index.php/Samba4 There are some links for papers and other references, and in the Samba Wiki you can find more info and FAQs about Samba4 in the Developer area, in the first page: http://wiki.samba.org Hope this helps. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGn3YWCj65ZxU4gPQRCO07AJ9PqHftfV9EcS4ZLyhBpEmAE60sxACgywqi ziO90hnEFlBwYF3o3ooZD2o= =wNlQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba roaming profile
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Lukasz Szybalski wrote, On 18-07-2007 13:13: [...] Profiles are sort of ninja magic, sometimes it works, sometimes it doesn't and as the documentation says, it can be the heaven for some people and the hell for others. BTW, did you check the Desktop Profile Management in Samba HOWTO? http://samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html [profiles] comment = Network PRofiles Share path = /home/samba/profiles #read only = No #store dos attributes = Yes #create mask = 0600 #directory mask = 0700 #browseable = no #guest ok = no #printable = no writable = yes Here is an example of profiles that we used for quite some time on our company: [Profiles] path = /srv/samba/profiles browseable = yes guest ok = yes writeable = yes read only = no profile acls = yes csc policy = disable create mode = 0600 directory mode = 0700 [profiles] admin users = newuser2 This means that newuser2 can act root. In my profile I get another folder created automatically only for newuser2 1. Why is the folder created only for newuser2 and not newuser? drwxr-xr-x 2 root newuser2 4096 2007-07-18 09:20 newuser2 Sounds related to the permissions. 2. Why is the /home/samba/profiles/newuser2 empty? It is not filled with roaming profile after I logging out of windows XP? That can be a WinXP problem. If for some reason, your user and/or workstation has any setup to act as a local profile, then it wouldn't upload anything to the server. Local policies can be modified to force only local profiles, you can also change some settings on how your roaming profile works. I log in to newuser: cannot load a roaming profile, loading your local profile cannot locate local profile I log in to newuser2: cannot locate roaming profile on server 3. How do I make the roaming profile working. It is the case that setting up the users and adding logon path, logon home, profiles to smb.conf is not enough? What else needs to be done? 'logon path' and 'logon home' are used by different clients, sometimes (and specially for XP) you need the 'csc policy' option. Hope this helps. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGn3kYCj65ZxU4gPQRCAoQAJ9cq8st/g3fmVCpVEQf6pOz07CmdACfaJCa pOayniJjTwdvWn7lwsfqVb4= =php4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cannot access shares
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ryan Johnson wrote, On 16-07-2007 02:49: [...] so why might i be able to access the user directories, but not my self made one? i have tried adding another that points to another random directory i created to test out, and that too does not work. i should mention that /netshare is the mount point for /dev/hdb1 (just a 120GB drive that is used to store shared stuff) Hi Ryan, Do you have any logs? Can you try increase the log level and check what the logs says about your tries to access 'netshare'? Kind regards - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGnhlNCj65ZxU4gPQRCP9BAJ9JWQ8cJE9zSbCHgYbo9vxwvn5rxgCgjPwT pgat8/u9gETXI85LA6eSc60= =hBbm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] does samba support non-flat /home
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 john wrote, On 15-07-2007 20:19: Hi all, I hope this is an easy one: We've just set up a samba server and We're using winbind with the idmap_rid backend option to authenticate users via AD. So far so good! Now we want window users to have there home shares on the samba server. When Winbind pulls a list of users from AD it appears to use the template homedir option in our smb.conf to figure out where users home directories should be located (Am I wrong about this?) This relationship seems to get hard coded into the idmap. I wouldn't say hard coded, I would say it has a default value /home/%D/%U My question is can the smb.conf Global Option template homedir = be used to allow users to log in to their home dir if /home isn't flat? Is there another way to do this? Yes, 'template homedir' can be used to change the value, but I'm not sure if it will work for you, because you have years in the template. You could use a envvar: %$(envvar) the value of the environment variable envar. But I'm not sure how would you tell samba on a per-user basis about that, except by my suggestion below to use primary groups. We have about 1500 hundred kids whose home directories should look like /home/graduationYear/studentName So student a's home directory should look like: /home/2008/astudent and student b's might be: /home/2009/bstudent That's the point, I don't know how you could use a variable for the year. /home/$year/%U, not sure but maybe you can have your students in the primary group of their graduation year and use that as a variable: /home/g2008/astudent /home/g2009/bstudent template homedir = /home/%G/%U astudent primary group is g2008 bstudent primary group is g2009 Would it be better to just leave out template homedir, remove the tdb's and rebind to windows? What would SAMBA's process be to map windows users to unix home directories then? Not sure about that, but I think if you can afford that change, you could opt to change the primary groups and go with the above solution or something similar. Check the variables available in smb.conf. Perhaps the real solution is to create shares like this: [2007] path = /home/students/2007 valid users = %S readonly = no writable = yes printable = no create mode = 0600 directory mode = 0600 [2008] path = /home/students/2008 valid users = %S readonly = no writable = yes printable = no create mode = 0600 directory mode = 0600 Uhhh... sorry, that's ugly and will give you a lot of work every year, the group approach seems to be more maintainable. ;) Any advice would be appreciated! Thanks! John Hope this helps. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGnh6QCj65ZxU4gPQRCOn3AJ9Gp51+Y70UBahF3aEMiTNEMX0HUQCfeY+D TOFQ5p4E2Z2hHPp5eZjWK6U= =7TPS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can create files, but not modify...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/25/2007 11:32 AM, Thomas Stasch wrote: Results: 1) I can open all old data 2) I can create new files 3) I cannot modify and open the new files [...] [dokumente] path = /share/dokumente read only = No guest only = Yes guest ok = Yes [dok] path = /share/doks read only = No guest only = Yes guest ok = Yes And here is part of the directory I tried to access: drwxrwxrwx 3 stasch stasch 4096 25. Jun 14:12 . drwxrwxrwx 46 stasch stasch 20480 23. Jun 19:55 .. -rwxr--r-- 1 stasch stasch 0 25. Jun 08:04 b la.txt -rwxr--r-- 1 stasch stasch 0 25. Jun 08:04 bla.txt -rwxr--r-- 1 stasch stasch 0 23. Jun 20:41 Neu Bitmap.bmp -rwxr--r-- 1 stasch stasch 10752 25. Jun 07:46 Neu Microsoft Word-Dokument (2).doc [...] Could someone help me? Thanks a lot I am at my wits end :-( Try to use 'force create mode' or 'force directory mode', or mask parameters, see smb.conf for more details about the options and what they do. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhAXECj65ZxU4gPQRAouTAKCwsofO/9/MdkVyl9F1Emojhr1r7wCfdton fNzevRz2THOnDkU0Ku5zaFI= =nIZT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with smbmount
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/22/2007 01:46 PM, Barry Stear wrote: I am trying to mount another linux samba mount on my linux machine. I can only mount using root account and when i do this the permissions for the samba mount are all owned by group root and user root. I want to have rw access to this by myself. I have even specified in the options of smbmount a uid and gid but still no luck. Have you tried LinNighborhood? Mount a CIFS/SMB filesystem is not much different from a regular block device, the restrictions and security limitations still applies, you can add a line to /etc/fstab to allow users to mount it and specify the options. You can also use SUID approach or have it automounted on boot or other software. And using uid,gid is supposed to work. Can you show the command lines, permissions and errors? (Logs?) Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhA0NCj65ZxU4gPQRAn+EAKCHIYf3zQeHHQV2h7j8NF0fS0ypeACgqAEp AfD9ajLcalQwFC+HiefpT14= =Oz8H -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Veto files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/20/2007 04:37 PM, Diego Ramos wrote: Hi list. I'm having a big problem: I have a Samba Server that has a share where all my users can read any information. I have now a new situation, I have to configure this share to allow some users to write a xml file. It's like the opposite of the Veto Files options. Is there way that I can configure my share to let this happen? I'm not sure if a parameter in smb.conf for a specific share can help you with that. But I'm pretty sure that you can achieve what you want using ACLs on the filesystem, specially if it is only one xml file. Thanks a lot, Diego. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhBbmCj65ZxU4gPQRAp46AJ4hPTG8nNsjpPdhxIX3Y1u0nE2SpACgsmpE e7JcxAcsRSHqxnTW0fkt9E4= =V16j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help with Samba win2k3 domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/22/2007 12:23 AM, nix_kot wrote: winbind cache time = 15 After restart winbinnd, newusers groups have been shown. :/ But command: id newuser don't working... :( You need to setup nss to get the info from winbind. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGAp6vCj65ZxU4gPQRApJvAJ4yGjFzj5WjN403QdAQygBS8WcnxwCgrx8A XJJ0Kq7I7qbpMSQ7G0jevms= =CpnX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help with Samba win2k3 domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/22/2007 01:31 PM, nix_kot wrote: You received my configuration files? No, I didn't. If is not present, I shall include them in a body of the letter! What you mean under setup nss? Configure the NSS. nsswitch.conf and related files in order to have information from winbind in your system (like when you use the 'id' command). nssswitch.conf: passwd:files winbind group: files winbind Yes, that should do the trick. Just for the sake of it, the file is /etc/nsswitch.conf and I use them in Debian GNU/Linux machines with LDAP as the samba backend, so I'm not 100% sure about the required steps to have this info available under winbind environment. When using glibc, instead of 'files' I use 'compat', not sure if that would have an impact on the information of your system accounts. nscd and other services (like nis, nys) can mess with that. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGAu29Cj65ZxU4gPQRAkW8AJ0RukviZy94wDGOqgTdY1EUR2vIngCgxihe kFRkOPA/XORdS4HE3R8Ns8Y= =yNN4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [OT] Problem with 02 domains on a single PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/21/2007 08:57 AM, Allysson Steve Mota Lacerda wrote: On 3/21/07, Asier Baranguán [EMAIL PROTECTED] wrote: This is not related to yout question, instead is about your setup. I've seen that you share the same LDAP between two domains, and you share the ou's of users, groups and computers. I'm looking for a similar setup for my work and your experience would be very useful. I have Qmail, Samba, Moodle and Squid sharing a single account for each user. The problem with this integration is related to Samba and Qmail schemas because it's not possible to have person and sambaSamAccount in a single entry. I solved this by inserting 'manually' the entries on LDAP. Are you using qmail-ldap patch? I have pretty much the same (but I'm using qmail-ldap), and the accounts share qmailUser and the sambaSamAccount object. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGAUFKCj65ZxU4gPQRAjNgAJ9Tr/OwlYahHTjogBZ3V8ru0tUfNACcCsOW W6qSnLp6x9uG8nx+PjJI7KA= =pRe5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] a lot off nmbd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/20/2007 07:54 PM, b.robin wrote: Hello, I have installed a new server with mandriva 2007 free edition, with samba 3.0.23d on it. It is good but a new nmbd appears every 5 minutes and they don't die when I stop samba. So, I compiled samba 3.0.24 and ... idem. This is not my first install, on my other servers they're only 2 nmbd. With this install, after one day, I have more than 250 daemons, it is the hell ! What que c'est que ça ? Do you know this problem ? What about the logs? You could increase the log level to see more info, you could also strace the nmbds to see what's going on and why they are dying. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGAUIhCj65ZxU4gPQRAtHfAJ94qJF8tuMhaDoSZu36khwld0ot6wCgzYQ5 cUht2DZaiS94cu4+emIpA/4= =kKkf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Copying local profiles to domain profiles...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/20/2007 08:29 PM, Eric Knudstrup wrote: I just set up a Samba 3 PDC, and my users want to use their local profiles. Unfortunately their XP systems won't allow them to copy their existing profiles - that option grays out for their local accounts. Is there another way to accomplish this? Not quite sure if it is a samba problem. Samba has a tool called 'profiles' that might help you. About profiles, usually, the WinXP would upload the profile if it detect that the server supports it, unless some local policy says to keep the profiles local. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGAUKCCj65ZxU4gPQRAqwpAKDFxKz5nZVGeSoLC6e4sJlH5Nhj0wCgnY46 stY1qGyaz7NrAAC94w+MpBA= =15Kf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help with Samba win2k3 domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/21/2007 12:09 AM, nix_kot wrote: Hello, samba. OS: FreeBSD 6.1 Samba: Version 3.0.23d Kerberos: Heimdal 0.6.3 I setup samba and add in win2k3 domain. wbinfo -u|g show me users and groups. But after adding new user or group in the domain they are not displayed in wbinfo -u|g. But wbinfo -a newuser%pass success. Please, help me. SOS!!! Hmmm... it smells like cache. ;) Did the users appeared after a while? Check your winbind cache time parameter in smb.conf. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGAUOKCj65ZxU4gPQRAp9hAJ4ri70HBy7ZjHNbcieMGoyB1ovyEQCfVVJV EAZZLDwzyuR5e1JVqLPaWuI= =/8g0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] error while migrating users to ldap with pdbedit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/21/2007 08:56 AM, Markus Krause wrote: hi list, we want to migrate all our users from smbpasswd into ldap, but first test it so the current samba server in production should not be changed. to achieve this i created a smb.conf file with the following content: Are you using the same machine? Or you are doing the tests on a new machine? --- [smb.conf] [...] ---[end of smb.conf] Did you register the LDAP password using 'smbpasswd -w'? but executing pdbedit results in an error because pdbedit tries to connect the ldap server localhost: --- [...] -- where do i set the name of the ldapserver? i also tried passdb backend = ldapsam:ldap://10.251.0.16:389/ and ldap server = ldapserv.biochem.mpg.de but without change! the ldapserver can be reached by both ping and ldapsearch via the console (but as pdbedit does not seem to try to connect to it this does not matter now). I would say that it could be the password problem, but could also be some configuration related to the LDAP parameters and ACLs. any hints are appreciated! thanks in advance! markus Hope this helps, kind regards. - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGAUUmCj65ZxU4gPQRApX5AKCZuS5rLgzjooaYCTyLPzq+oFerMQCdFqIm 8k/XH5k4rFyCI50lqJLrcP0= =KwFc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't change password change dates with PDBEDIT
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Boaz, I'm using LDAP as a backend so YMMV. On 03/16/2007 12:10 PM, Boaz Bezborodko wrote: I'm setting up a Samba server using CentOS 4's (RedHat Enterprise Linux) standard version (v.3.0101411). I Hmmm, you should upgrade your samba version. Not sure if it will solve your problem, but I'm using 3.0.24 and the information of this message is based on this version. Anyway, 3.0.14 and 3.0.2x has lots of improvements and fixes that are worthwhile. want to be able to force users to change their password upon first logging in and to have to change them after a certain period of time (per user, not system-wide). The problem is that the pdbedit commands don't seem to be registering at all in the database. If I enter the following command: pdbedit --pwd-must-change-time=2010-01-01 --time-format=%Y-%m-%d Not sure if it is a bug in pdbedit, but there is an unusual behaviour of samba with regards to passwd fields, here is a message where I explain the behaviour: http://lists.samba.org/archive/samba/2007-February/129890.html I still get: Password last set:Fri, 16 Mar 2007 10:02:06 GMT Password can change: Fri, 16 Mar 2007 10:02:06 GMT Password must change: Mon, 18 Jan 2038 22:14:07 GMT How do I control login times? Basically, even when changing it per-user, you need to respect that global policy to get things working as expected. I've been adding users and doind the pwd dance for a few months now, and everything is working fine. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF/pDICj65ZxU4gPQRArnbAJ4ogQBBs6p5aRVpE/L4nzt7860pkgCgnMJJ 0+mBiGOwm/3B0O69iFhGwsM= =86gH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Errors logging in from Windows - LDAP + Samba PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/16/2007 10:54 AM, Paul Traylor wrote: There are not any 2000 or 2003 servers on the network, but I bumped the os level up to 100 anyways and restarted samba though it still gives me the same login error. The system cound not log you on. Make sure your User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case It stills sounds like the client is not finding your samba server. Try to increase the log level and see what happens on the server side with more detail. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+qePCj65ZxU4gPQRArQiAJ92s82BgCAMYXae3p7awNG8syq36wCgiwuU cCgONW6d/Fk32VtxdmzZwnw= =R+w4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Information about SSID structure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2007 09:16 PM, Allysson Steve Mota Lacerda wrote: I'm experiencing some problems with Samba-LDAP and I wanna know a little more about the structure of SSID. Does anyone know where I can find information about this? Samba Docs have some information about this. You can also find Microsoft Technet articles, and Samba source code could also have some information on this matter. It will depend on what type of information and details that you are looking for. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+qglCj65ZxU4gPQRAlKHAKCILzYUUSYz65EtIaiuq0MIGufaowCguuo/ O80e5JxElb0LWS21xefcbCc= =5heO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] refuse machine password change
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2007 04:02 AM, Dmitry Melekhov wrote: Hello! Looks like this policy doesn't work for win2000 domain members. Could somebody confirm this? Sorry, I can't, but if nobody replies, you should think about reporting a bug. https://bugzilla.samba.org Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+UgdCj65ZxU4gPQRApqWAJ9v49fFcikH/LVgHvVilWRhiMI2aACfYbIk AXAJ2o+WN+H6g5yyGfJSADY= =uJry -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] close_low_fds
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/14/2007 12:50 PM, drweb wrote: Hello! I found at my smbd.log many record, like this: [2007/03/14 18:15:00, 0] lib/util.c:close_low_fds(668) Didn't get file descriptor 0 What this means? Sorry, I don't think that it will help a lot, but it means exactly what it says, that it didn't get a file descriptor. File descriptor are resources of the programming language to read or write to files (there are other uses, but you get the basic idea). Probably a Samba Developer (that really know the underlay code) could give you more information of what should be the related problem, or why such a error is triggered, it is kind of associated with a file. :-) With more logs, some context and configuration information, probably the list could help you, but IMHO, it shouldn't be something to be worried about. I find an old reference for a bug with this error in the context, but don't know if it is directly related since you didn't sent much information: http://lists.samba.org/archive/samba/2002-November/056563.html Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+Up6Cj65ZxU4gPQRAkrsAJ45T4Ua6e2dwm7RoSHcJqWm3m1R9ACgpRFz jDIK3vdC6KO4iEx8E2DH8Kw= =nocx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Errors logging in from Windows - LDAP + Samba PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/14/2007 11:06 AM, Paul Traylor wrote: [...] os level = 35 [...] Any chances that you have a Windows machine around (like a 2000 server or a 2003) that could win the election and answering the domain requests instead of you samba server? Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+Us7Cj65ZxU4gPQRAnVwAJ9r4ageQKrAmZsoO0bGLe0BWp6KiACbBvse 6Q5NCLSXYzSMsmufZ7w6dP8= =2AyG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is anything special needed for connecting two linux computers?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/2007 04:19 PM, Tomáš Hnyk wrote: Oops, yeah, I know about that, I did not realize this difference in smb.conf. Sorry for the misinformation. The files are actually as follows (so they have unique names): Have you tried to use smbclient? And what about LinNeighborhood? Using 'security = share' should be quite simples, once you have the shares, you only need access them. Have you checked the Samba 3 By Example, the first scenario is quite simples to implement and use. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9U2CCj65ZxU4gPQRAsGtAJ958C0m6KQQ7lU5yM2QVAERCsY2KQCgrN9x NBqguCRv1Pjfi8816EzjPjI= =4Yyn -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I cannot see the network in the PDC server but yes in xp stations, any idea?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/2007 12:58 PM, Ferran Martínez wrote: I have set samba server as PDC and I can see the network in others computers but not in the server, any idea? The first idea is that you don't really need to send the same message three times with minutes of difference. :-) thx for advance my smb.cnf: # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2007/03/09 22:38:36 [global] When you say that you can't the network, what exactly do you mean? You can't ping them? They didn't appear on the smbtree? You can connect using smbclient? Do you have a firewall on the server? Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9U5TCj65ZxU4gPQRAp7mAKDBrQMIsFf64Zsa5kcM5lo9wQyqCgCeNnpd jPuTJU7YkDHGieNS1a6sRFw= =ut6+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - upgrading from winxp clients to linux (OpenSUSE) clients
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/2007 12:51 PM, Lake-Wind wrote: [...] My question is this: How do I set up the OpenSUSE clients to have the same behavior as the Windows XP clients. They need to store their profiles both locally on the client and on the server in the existing users home directory. Authentication for the existing PDC is smbpasswd. My first idea would be: NFS. If it is not possible, you should try pam_mount, you would be able to mount the home once the logon happens and that should solve the problem. The real problem will come up if you need to have a HOT copy of local $HOME and $SERVERHOME, that could be tricky to implement and you would probably need to use a distributed file system, but I'm not really sure what would be the best solution in that case. Any help with this matter would be greatly appreciated. Thank you in advance! Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9U/CCj65ZxU4gPQRAjupAKDAQXhLB3svFSKnplJBuA927jUKhgCgjYVg OC13H9qr+quYvhIt4rVSA+Y= =Jo0g -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Users Read/Write/Delete Permission
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/09/2007 03:03 PM, Bruce Olds wrote: Hi, is there any possible way to configure access for a user that could be able to create/modify files on a shared directory but can't delete them or any other file? Kind of, you can use the unix stick bit or POSIX ACLs to achieve such behaviour, but, what would stop the user to open the file and erase its entire content? :) For things like sockets and pipes and makes sense since there is nothing inside the file, but if you are trying to protect documents from being deleted by bad-users then it would not solve your problem. In such scenarios, audit of the filesystem with backups would be very helpful. Thanks Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9VH5Cj65ZxU4gPQRAjRgAJ9VMaV5PEEJ7piMy/w92YqrlLTuSACguZI3 RktQl0uwha4mjm38+I/TV4M= =KaRF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdc root password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/09/2007 01:51 PM, Mateus wrote: Hello, i'm doing a PDC samba server. It's working fine, but i have a question. When i configure winxp to enter in a domain, i need to put the root password, after reboot the machine, i put the passwords that i created with smbpasswd, in this way works. but i would not like to put the root password to enter in the domain. all the others passwords is wrong in this case. just the root works. how can i do this? I can imagine at least two ways to solve that problem. 1) You could give privileges to other users to allow them to join workstations into the domain. 2) You can configure the 'add machine script' parameter in your smb.conf to automagically join new machines into the domain. For both scenarios, you can find more details in the Samba Official HOWTO and in the Samba By Example. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9VK2Cj65ZxU4gPQRApUiAKCIeR6QkrPyO/rgDtz7Xv80fB69xQCgsZgi LDaUXK4xmPv8gVebepcaMY0= =Vcjo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem adding machine to a samba domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/09/2007 07:51 AM, Arnaud Bougeard wrote: Hello, I 've just upgrade my samba server from 2.2.12 version to 3.0.24 (to accept windows vista machines) The machines already recorded on domain are connected without difficulty, on the other hand I have problem to add a machine to the field. It is necessary that I put twice. By put twice you mean try to join the machine twice to the network? A migration from 2.2.x series to 3.0.x would need a small checklist, new group behaviour, new groupmap, changes in privileges, SID mapping and others listed in WHATSNEW. It seems that you are not using LDAP, so apparently I would say that it is something related to the configuration of your smb.conf or your machine account, but without any info would be hard to guess. Here the example of file of log of a machine added to the field obtained after the first attempt cat /var/log/samba/log.pcvista [2007/02/28 13:19:12, 0] lib/util_sock.c:write_data(561) write_data: write failure in writing to client 0.0.0.0. Error Connexion ré-initialisée par le correspondant [2007/02/28 13:19:13, 0] lib/util_sock.c:send_smb(768) Error writing 4 bytes to client. -1. (Connexion ré-initialisée par le correspondant) No error at the second attemp. PS: vista machines work with samba 3 domain. Try to increase the log level to get more info. - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9VQzCj65ZxU4gPQRAqvDAJ9VTFbnjDxtF7ZFZkRPPj/jkmqaEwCgqGL6 /7GUX8Uzdv/K2Pco/i4bo5I= =3OuV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba reporting wrong space
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/09/2007 07:11 AM, Alexander HUEMER wrote: hello everybody! i have a samba (3.0.24) running on a gentoo (alpha) box. i connect to a share using cifs and when i then run df -h, i get the following [EMAIL PROTECTED] distfiles % df -h FilesystemSize Used Avail Use% Mounted on /dev/sda1 34G 31G 3.3G 91% / udev 759M 2.8M 756M 1% /dev shm 759M 20K 759M 1% /dev/shm //axp/export 226E -240E 456E - /mnt/axp [EMAIL PROTECTED] distfiles % which would be great indeed (except the minus of course...), but that's simply totally wrong. when connecting with smbfs i get [EMAIL PROTECTED] ~ % df -h FilesystemSize Used Avail Use% Mounted on /dev/sda1 34G 31G 3.2G 91% / udev 759M 2.8M 756M 1% /dev shm 759M 20K 759M 1% /dev/shm //axp/export 2.0T 0 2.0T 0% /mnt/test [EMAIL PROTECTED] ~ % that's wrong too. the sizes should be about 153G used and about 45G available. samba works normally, i use it since 1,5 years. i first experienced this behavior some months ago, i had a lower version then. since it does not really cause any trouble i forgot about it. does anybody have a idea why this happens or were i could have a look? If it smells like a BUG you should report it to bugzilla. https://bugzilla.samba.org Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9VVJCj65ZxU4gPQRAvMHAJ43p3K5l5lGaxZTXcVDi9HxOd2whgCeILee hZIA0wFsYdrxnVnnW7/hjx8= =6kJh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Buffalo Terastation with 3.0.23d PDC and LDAP backend?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2007 11:01 PM, Eric Knudstrup wrote: [...] [2007/03/06 17:51:44, 0] rpc_server/srv_netlog_nt.c:get_md4pw(258) get_md4pw: Workstation VAULT1$: account is not a trust account [2007/03/06 17:51:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) _net_auth2: failed to get machine password for account VAULT1$: NT_STATUS_NO_TRUST_SAM_ACCOUNT For some reason, it doesn't appear to be a valid account. slapcat returns this for the vault1 account: dn: uid=vault1$,ou=Computers,dc=MY DOMAIN,dc=com You mangled MY DOMAIN, right? [...] sambaAcctFlags: IW Here it should be something like [W ] I added this account using smbldap-useradd -w -i vault1 and had to change the gidNumber to 513 and also set the W sambaAcctFlags value. Can anyone help? Check the field again, it seems to be wrong. Thanks, Eric Kind regards. - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7sOrCj65ZxU4gPQRAjADAJ9VH9tVlULsOEvc8eQlvrIZZJ7nHgCgrEXC j9pBMAqz0QR4BuJDNQTqL0M= =f9FL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Shares losing group entries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2007 08:01 PM, Mostro Mostro wrote: Hello, This my first post to this list. I just spent the last day an a half building a Samba server for our corporate network. Our Windows file server crashed so I stepped up and decided to go with Samba 3.023d on Suse 10.2. Ok, so SAMBA is now the PDC or something like that? Or it is playing with other windows on the neighborhood? Anyway, I am using Winbindd to control access. The problem I am currently faced with has to do with security permissions sticking to the share. From the Windows MMC I right click the share, go to the security tab, select advanced and try to assign the Domain Users group and a few others. After clicking ok all the way through I go back in to verify an see my groups have been replaces with SIDs. It seems to be a problem with the ROLE model, if this Samba Server is now in charge of the network, IMHO, you don't need winbind, you should use tdbsam or LDAP. On the other hand, if you still have a password server and your Samba Server will query it, then the problem should be related to the winbind (and related info, uid/gid maps, queries and so on). If you use getent you are able to see your winbind users? [...] Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7sTsCj65ZxU4gPQRAvDqAJkB+PCasPga2UwIGvIys1EKBFfxjACfSHDp kKSqVBzkhNOMfsjE8PemOQs= =Vkxl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba+ldap: Simu.- login of 2 different users = user rejected
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/05/2007 02:02 PM, Tim Boneko wrote: Has anybody had this problem before? If not, where should i start digging? By the logs you sent, definetely PAM. :-) I'm running Samba 3.0.24 on Debian stable with slapd-2.2.23 backend. smb.conf is attached below. When two different users log in at the same moment, the login process seems to freeze for a minute and the client (win2k) complains about missing profile or missing access to profile. A single user login works perfectly. The log.smbd contains this: krake smbd[28474]: [2007/03/05 15:06:09, 0] auth/pampass.c:smb_pam_account(573) krake smbd[28474]: smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: ws13 krake smbd[28474]: [2007/03/05 15:06:09, 0] auth/pampass.c:smb_pam_accountcheck(781) krake smbd[28474]: smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User ws13! PAM: UNKNOWN PAM ERROR is not something nice to see on your longs. By the description of the problem, I would say that the try to access the profile (specially if it is a big one) could lead do RO/RW problems, but I'm not sure, that's just MHO. Nothing interesting in auth.log and the same message in syslog (where slapd logs to). I don't know if this is a samba issue or ldap or network... It seems something in the middle. ;) Did you already increase the log level of Samba? Any suggestions are highly welcome. We've got 20+ clients and users typically log in simultaneously. Simultaneously should be interpreted at the exactly same time, or should be interpreted as a user logs in the morning and the same user logs in the afternoon. timbo smb.conf: [...] obey pam restrictions = yes pam password change = yes You are using PAM, so you really should check there, it could be the problem. socket options =IPTOS_LOWDELAY SO_SNDBUF=32768 SO_RCVBUF=32768 Are you aware that under kernel 2.6.x you can have a better network performance if you remove SO_SNDBUF and SO_RCVBUF? [netlogon] path = /ghswa/home/netlogon write list = supervisor browseable = yes [profiles] path = /ghswa/home/%u writeable = yes write list = %u browseable = no Maybe you should try 'csc policy = disable' and maybe 'profile acls' can help you on this one. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7XpfCj65ZxU4gPQRArDWAJ0T7jbRlTwSdcS9dpOQsmExj5h5/QCbBV6X m6NLCHaK2kRH2GlafeZROyU= =Mzz/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Delete permission question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/04/2007 11:05 PM, Richard Greaney wrote: [...] I am not using any ACLs, nor am I using any special entries in the service definition of my smb.conf. [infoshare] path = /var/www/infoshare writable = yes force group = folder-infoshare-modify ls -l /var/www/ drwxrwx---+ 6 root folder-infoshare-modify 4096 infoshare What are the permissions of the files inside the infoshare? In this case, my users belong to the correct group (folder-infoshare-modify) so they can write to the share without problem. However, unless their username is root, none of these users will be able to delete any file they save. Is there a way to do this? Is a user that can't delete files via samba able to delete the files in a shell (ssh, or terminal)? I hope I have made this clear enough. If anyone can assist, I'd appreciate it. Regards Richard Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7BJGCj65ZxU4gPQRAkecAJ9hd+hk3v43kk192wLZuygMOMCatQCeImyz 8SsgpGKP/zpTI9uRjrqta94= =AESb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Change user IDs on Samba PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/04/2007 08:42 PM, Marco De Vitis wrote: Hi, I've got a Samba 3.0.24 Debian server which I'm currently moving to a new hardware. It uses tdbsam as password backend. So, while looking at configuration files, I was thinking: is there a way I could change the Unix UIDs for some users, without breaking anything? That's a little bit of a hard guess. Windows can be an wild environment, and profiles can be even wilder. :-) The problem is that, since migrating from a different Linux distribution a long time ago, I still have some UIDs and GIDs which do not follow the related Debian policy (http://www.debian.org/doc/debian-policy/ch-opersys.html), i.e. they are well below 1000 (from 500 and up for UIDs, but as low as 200 for GIDs). I would be happy if I could simply change the user IDs (or delete and create the Linux users again), fix file ownerships where needed, and then run Samba with no other change. On the other hand, if this is really impossible, I suppose I can live with it... Any info? Thanks. AFAICT, when you change the uid you will need to change the sambaSID and that would break the profile. You can definetely migrate the profiles (but sorry, I can't give you much info, since I never migrate user profiles). PS: actually, I suppose I could simple delete both Linux and Samba users and create them again, as long as I know their passwords or inform the human users that they have to enter a new password... but what happens to their roaming profiles? Are they completely lost? Can't I reuse them by just changing file ownerships? There is a great chance that with new sid the workstation will create a new profile, isn't anything in the Samba Official HOWTO (Desktop Profile Management Chapter) about this? Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7BncCj65ZxU4gPQRAiBDAJ0UMRw3s7DCNqy83NJebaJ/Vy52UwCfSJz4 WPGYzD9Ofx9MiZulWk90gHg= =5DQG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sambapwdcanchange is not working!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/02/2007 06:50 PM, Eduardo Fernandes wrote: Hi all, We are trying to avoid that some specific users can change their passwords. For that we are setting the sambapwdcanchange parameter in smbldap-usermod using the key -A 0. We have checked that the parameter sambapwdcanchange was altered for a date in the future using pdbedit -Lv nameuser. However, when we tested if the user is able to change the password using a WINXP PRO the user was permited to change it. Any suggestions about this problem? Thanks for any information. Samba version: 3.0.24 Linux: Debian 3.1 PwdCanChange, PwdLastSet and PwdMustChange can be tricky. For some reason, and there are bug reports with regards to this behaviour, the fields of the LDAP user must be compatible with the Domain Policy (sambaDomainName). For example, we want to create new users, change their password and make mandatory a change of password on the first login, we discovered that the only possible way to do that (right now) is to change the fields to look like the password change was one week ago, we do a field dance explained in a thread on this maillist a few days ago. Depending on how did you set up the age of the password, changing the CanChange in the way you are doing would not work. Eduardo Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7BxFCj65ZxU4gPQRAvkLAKCHipqFoK6HekGwO14d3znjxINB0QCdGXKs fYc9XpUZvCIDk39Br9TMd1k= =wQu7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] View the Client's SID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/28/2007 10:21 AM, Beginner wrote: Hi, I am trying to debug some machine account errors. Is it possible to see what the client is sending to the server as it's SID? I want to ensure that the Client's SID and what the server has for the client SID match. Not 100% sure, but sniffing the network should do the trick. Maybe using a high debug level in Samba could also help. Thanx, Dp. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5unwCj65ZxU4gPQRAj6NAKCXdcVIn+dH/PEjDJhlB/VeGyTXHQCeJ5Ky VHQe4QBZ+C9q1CXNCFGRfDg= =eaIo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba problems. accounts expire after a hour, but work after reset
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/28/2007 10:11 AM, Collen Blijenberg wrote: Hello I'm having some strange problems with samba 3.0.23d (PDC) on my FC6 Hi Collen! if i start samba, everything works fine, but after an hour orso(some times 2 hours if there is not mutch traffic) machines and user accounts start expiring. i don't know why, but it is ?! after i do a restart, samba comes up and works again. i checked the mysql server (coz' i use pdb-sql as backend) but the sql query's get executed and value's are returned. (even if goes into bug-mode) so that part works ok!, all i can think of is that tdb files get corrupted ?? That's strange. Are you using Policy for you domain? Like the length of the password, time before user can change password and so on. the funny part is that i also have a BDC running the same samba version and sql version, and that one has no prob's ad all (only the smb.conf is differed and the netbios name) but on the counter part, the bdc isn't really doing anything, ot's not serving shares or printers actively.. some input would be nice, coz' i really have no idea where to look... ??? Can you provide logs when your server is working? That could help diagnose the problem. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5usCCj65ZxU4gPQRAjF0AJ0bU9di1VckV0pmvKEj6b/ouEuRNwCfenYu jz79l+zzDiTyYu6GRwpsxug= =3R6i -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrate users to ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/27/2007 08:16 PM, Markus Krause wrote: Thank you for your answer. I actually did not point out exactly enough what i want to do, sorry for that ... I read these postings and also some sections in the samba howto and several descriptions on the net, but i understand all these in that way, that the samba server is reconfigured to use ldap and stays there. at the moment we are some time away from finally migrating all samba accounts, which are currently stored in smbpasswd, to ldap and it is no option to take down and reconfigure samba even for a short time. Hmmm, sorry, but I can see how you want to accomplish that. You are changing the backend, you need to tell samba about this. so what i in fact need is a way to get a snapshot of the current accounts and copy them into ldap, the samba server should/can/must not be touched (i mean start/stop/reconfigure etc.) in any way during this process. can this be done ? I'm not sure I _really_ understood what you want, but using some of the famous migration script, you can create your new LDAP database in a few minutes, them you need to tell Samba to start using the new backend (LDAP) instead of the old backend (smbpasswd file). thanks in advance for any hints! regards markus Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5bGqCj65ZxU4gPQRAm1aAKCkfwywzZdifkYh84nBH/aUurFevACgx+KV QY5t4fxioStZsod6apo5UCc= =7Pnw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 join domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/27/2007 03:57 PM, Daniel Davidson wrote: I have found a fixed my previous problems (two typos that were hard to find) and now the smbldap-tools all work as expected if I run them as root. However when I try to join a domain from a windows machine, the scripts never run and get an Access is denied message. Since I am using 0.10 I do not think I can use net rpc rights, so do I need to add that into ldap manually? Add what into LDAP? Or do I have to use a specific user other than just someone in domain admins? AFAIK, privileges came with 3.0.11, so you need to use root account, or an account with uid:gid equivalent (0:0). And Domain Admins would not work as expected on versions previous than 3.0.11. thanks, Dan Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5bJkCj65ZxU4gPQRAg0nAJ9bo8WPgDLBwwpHaLCKGJUj3nJuLwCgo+Bk 8VTD+FbIspVL7fKzyChFh6E= =y0NK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Scripting net command problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/27/2007 02:32 PM, Henrik Zagerholm wrote: Hello list, I'm writing some scripts that executes the net command. I have noticed that sometimes when things goes wrong the net command asks for input i.e a password which results in a hanging script. Is there some way to avoid this? I've looked at the different flags fro net command but haven't found anything that could help me with this. Cheers, henrik If you can't find a way, perhaps you should report a wishlist bug against Samba Bugzilla. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5bK/Cj65ZxU4gPQRAs9NAJ9gXbEo4UulcJqeOx+inarhzSTpaQCdHOlM NPYPgPlyOorWUZcbnZo8M/g= =98zG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC and Win2k PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/26/2007 09:26 AM, Stefan Weber wrote: hi, I would like to change the old windows 2000 domain structure into one samba 3 domain. the migration is to take place gradually for the departments. I had imagined to packing the samba pdc with another domain name into the same subnetz as windows pdc. Windows 2k DN = work.wurst.local Samba 3 DN = work.wurst.de IP Subnet = 192.168.2.0/24 (Samba and Windows) is it possible ? IHMO, yes. Without the entire picture it becomes hard to confirm that, but as I would imagine it, yes, it should be possible to add a PDC in another Domain and move your workstantions gradually to the new domain. You will need to check how would you share the files and printers while you have two domains, maybe a InterTrust Domain can help, maybe just a set of ACLs and special shares. thank stefan Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5bOqCj65ZxU4gPQRArRJAJ45wsY6DciUxJ0JWjTnAmFJcq52jACdFiJ5 epROdmqfjaQLnP1OaGXoXq4= =YTl0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 ldap password change
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/27/2007 08:17 AM, Daniel Müller wrote: Hello to all, I got samba3 PDC working with ldap. But I' m still wondering how to set important things about the users passwords. You can use pdbedit to configure that. Your sambaDomainName object will have the fiedls to define the size of password, minimum time before change, maximum time to change, date of must change and so on. You can also export from tdbsam do LDAP using something like this (from the manpage): pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host The first thing when a user login the first time should be to change his/her password? You need to set the MustChange field to 0. Be aware that samba has a strange behaviour with regards to CanChange and LastSet. If you have a new user, change his password and want that he/she changes it on the first login, you probably will need to adjust the LastSet to $TODAY-MinPwdTime and the CanChange to $TODAY (remember that it uses the number of secs. So, an example would be: Fields Just After Mandatory Change Chang PWD on next logon sambaPwdCanChange 1173192147 1172587347 sambaPwdLastSet 1172587347 1171982547 sambaPwdMustChange 1175179347 0 Where do I set when the passwords expire and how do I set it to 60 days? Define the number of seconds in the sambaDomainName object, field: sambaMaxPwdAge I do not work mith Microsoft's usrmgr because of Vista clients. I look at my samba/ldap with LDAP Admin. Does someone manage this point with this tool? I use phpLDAPadmin to control our LDAP database and to set samba options. greetings Daniel Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5FaHCj65ZxU4gPQRAroPAKDMEiRM/FqMzC8OHVzUUyRHHDLQ0QCgqoL1 4Js0pxyHq8S4+QUAOCtkjPo= =QrZ8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrate users to ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/23/2007 10:03 PM, Markus Krause wrote: Hi List! we have about 1200 users in the regular user database of samba 2.2.8a installation. is it possible to move/migrate them all into ldap? i only found descriptions on how to add new users to ldap. Yes it is. Check the archive of this list (2007 is enough), we already discussed this subject this year a few times with good tips and points about the migration. thanks in advance for any hints! regards markus Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF4s6hCj65ZxU4gPQRArUWAKCAg0/pm0vvKVGheWzpZ+31jePUZQCfXRKt mbRfpQnxHEPfgG5YARXbgYo= =keIk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating from 3.0.7 to 3.0.23c problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/12/2007 06:01 PM, Gary Martin wrote: The samba logs didn't contain anything interesting or pertinent. Here is my smb.conf: [global] [...] admin users = +groupname Are you aware of WHATSNEW changes about the way groups are handled? Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF0eMWCj65ZxU4gPQRAh8dAKCLnOlST7EqDhZjkpNAZUXS8GOnegCgxl5g hAFlkJ87JQCn7i0dYoBLqpg= =Q04j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The Samba 3 Network speed too slow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/10/2007 09:14 AM, Srini wrote: On 2/8/07, Felipe Augusto van de Wiel [EMAIL PROTECTED] wrote: Or how to fix it? You probably would need to check 'socket options'. We have a similar problem sometimes. What should be the ideal value for 'socket options' in Samba v3.x? The recent discussions on this list had showed that with recent kernels there is no need to use SO_SNDBUF and SO_RCV_BUF. Thanks Srini Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF0GD6Cj65ZxU4gPQRAgeRAKDLzDaY1ZRYXRB2vaffXEhXTgx9vgCfW5Tg jFYYlLY2cl33QnuvkesBO18= =UTXu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating from 3.0.7 to 3.0.23c problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/08/2007 05:03 PM, Gary Martin wrote: We built a new server running Samba 3.0.23c and configured it to replace our corporate PDC that was running Samba 3.0.7. The PDC uses tdbsam and has the admin users directive defined. All user accounts were copied to the new server. Using the output of net groupmap list from the old server we mapped the windows accounts and SIDs to their unix group counterparts on the new server. When we started using the new server we experienced some problems, users could log in to the domain and access samba shares but not could not access windows shares on the domain. Also our Domain Admins had a uid of 0 as expected but could not perform administrative duties on pc domain members. We downgraded the system to samba version 3.0.21b and got it running properly performing the same steps. We would still like to upgrade to 3.0.24 though. Does anybody have an idea of what went wrong with our upgrade? Can anyone offer tips or instructions on how to upgrade from 3.0.21b to 3.0.24? Did you check the Release Notes and WHATSNEW? There are a few changes between 3.0.21 and 3.0.24 that impacts the way that groups are handled. In our setup, we add users in Domain Admins group and that's enough to let them do administrative tasks on the clients, we also did the 'net rpc rights' to the Domain Admins group, considering that, we don't need 0-uid users. After 3.0.8 and 3.0.14 there are some changes in the way groups are handled and also other important changes on how Samba checks permissions and control access. Perhaps you could post your smb.conf and some logs so we can try to help you find out what are the missing points. Thanks, Gary Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzIR7Cj65ZxU4gPQRAqN+AJ9dz4YVUGC26fH5AIdhv4ihHCZywgCgmlRk cKsOiviZYgwC/aAf7UJ4MII= =Vr4+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tree connect failled: ERRDOS - ERRnoaccess (Access denied.)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/08/2007 04:09 PM, [EMAIL PROTECTED] wrote: [...] how do i create sambaSAMAccounts? The same way you create other object classes in a LDAP database. I would recommend you to read the Samba Official HOWTO and Samba By Example, you will find detailed info about Samba schemas and LDAP. It is also worth to check Samba+LDAP HOWTO from Ignaciou Coupeau, is a little bit out-of-date if you compare with the actual scenario, but has important base concepts. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFy2idCj65ZxU4gPQRArsdAJsFbwDqudCLhPyfySDo5lPfpQyrXACfUifD 1gRjxqbxY1LkkGU07lbq0xo= =H9VH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba