Re: [Samba] samba 3.4.2 centos with ldap 2.4.11 stucks

2009-10-15 Thread Kent Nasveschuk
Sorry, don't have a BDC running in test environment. 

Kent 

- Original Message - 
From: "Martin Hochreiter"  
To: "Kent Nasveschuk"  
Cc: samba@lists.samba.org 
Sent: Thursday, October 15, 2009 10:10:17 AM GMT -05:00 US/Canada Eastern 
Subject: Re: [Samba] samba 3.4.2 centos with ldap 2.4.11 stucks 

Hi Kent, 

yes - our PDC is running the same combination - without any problems, 
and on that BDC machine (that I have completely reinstalled to eliminate 
other errors) I have 
that confusing daemon problems ... 

regard 
> I have the same setup Centos5.3, Samba3.4.2, OpenLDAP 2.4.11 (running on 
> 127.0.0.1). Those entries show up in individual machine logs, there are no 
> problems that I can see between OpenLDAP and Samba. 
> 
> smb.conf: 
> ... 
> log file = /opt/samba-3.4.2/var/log/samba.%m 
> ... 
> 
> Kent 
> 
> - Original Message - 
> From: "Martin Hochreiter"  
> To: samba@lists.samba.org 
> Sent: Thursday, October 15, 2009 8:51:25 AM GMT -05:00 US/Canada Eastern 
> Subject: [Samba] samba 3.4.2 centos with ldap 2.4.11 stucks 
> 
> Hi! 
> 
> We are using Samba 3.4.2 from sernet on a centos 5.3 box with 
> ldap 2.4.11 as db. 
> 
> I have very heavy problems with the smbd daemon. 
> If I set the smb.conf to the local ldap 
> via ldapsam:ldap://127.0.0.1 or just ldapsam 
> 
> # LDAP SETTINGS 
> ldap admin dn="uid=Admin,ou=Users,dc=xxx,dc=xxx" 
> ldap ssl = no 
> passdb backend = ldapsam:ldap://127.0.0.1 
> ldap delete dn = no 
> ldap user suffix = ou=Users 
> ldap group suffix = ou=Groups 
> ldap machine suffix = ou=Clients 
> ldap suffix = dc=fh-stpoelten,dc=ac.at 
> ldap passwd sync = yes 
> 
> the smbd daemon stucks while connecting to it (see "non working log") 
> I have to kill -9 the daemons 
> 
> If I use the same 3.4.2 ldap externally from a similar centos 5.3 machine 
> the the connection works without problems (see "working log") 
> 
> You can query the local ldap with the ldaptools in various ways and you 
> get the correct response (with the credentials stored to the .tdb) 
> 
> - does anyone has a hint for me? 
> 
> regards 
> Maritn 
> 
> 
> 
> 
> 
> Non working log (debug 2): 
> 
> 
> [2009/10/15 14:42:59, 2] smbd/server.c:676(smbd_parent_loop) 
> waiting for connections 
> [2009/10/15 14:43:02, 2] smbd/sesssetup.c:1360(setup_new_vc_session) 
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
> all old resources. 
> [2009/10/15 14:43:02, 2] lib/smbldap.c:856(smbldap_open_connection) 
> smbldap_open_connection: connection opened 
> [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) 
> init_sam_from_ldap: Entry found for user: nsc 
> [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
> init_group_from_ldap: Entry found for group: 999 
> [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
> init_group_from_ldap: Entry found for group: 999 
> [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
> init_group_from_ldap: Entry found for group: 999 
> [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
> init_group_from_ldap: Entry found for group: 1003 
> [2009/10/15 14:43:02, 2] auth/auth.c:310(check_ntlm_password) 
> check_ntlm_password: authentication for user [nsc] -> [nsc] -> [nsc] 
> succeeded 
> 
> 
> 
> 
> 
> 
> Working log (debug 2): 
> 
> 
> [2009/10/15 14:45:41, 2] smbd/sesssetup.c:1360(setup_new_vc_session) 
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
> all old resources. 
> [2009/10/15 14:45:41, 2] lib/smbldap.c:856(smbldap_open_connection) 
> smbldap_open_connection: connection opened 
> [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) 
> init_sam_from_ldap: Entry found for user: nsc 
> [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
> init_group_from_ldap: Entry found for group: 999 
> [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
> init_group_from_ldap: Entry found for group: 999 
> [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
> init_group_from_ldap: Entry found for group: 999 
> [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
> init_group_from_ldap: Entry found for group: 1003 
> [2009/10/15 14:45:41, 2] auth/auth.c:310(check_ntlm_password) 
> check_ntlm_password: authentication for user [nsc] -> [nsc] -> [nsc] 
> succeeded 
> [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
> init_group_from_ldap: Entry found for group: 998 
> [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_lda

Re: [Samba] samba 3.4.2 centos with ldap 2.4.11 stucks

2009-10-15 Thread Kent Nasveschuk
I have the same setup Centos5.3, Samba3.4.2, OpenLDAP 2.4.11 (running on 
127.0.0.1). Those entries show up in individual machine logs, there are no 
problems that I can see between OpenLDAP and Samba. 

smb.conf: 
... 
log file = /opt/samba-3.4.2/var/log/samba.%m 
... 

Kent 

- Original Message - 
From: "Martin Hochreiter"  
To: samba@lists.samba.org 
Sent: Thursday, October 15, 2009 8:51:25 AM GMT -05:00 US/Canada Eastern 
Subject: [Samba] samba 3.4.2 centos with ldap 2.4.11 stucks 

Hi! 

We are using Samba 3.4.2 from sernet on a centos 5.3 box with 
ldap 2.4.11 as db. 

I have very heavy problems with the smbd daemon. 
If I set the smb.conf to the local ldap 
via ldapsam:ldap://127.0.0.1 or just ldapsam 

# LDAP SETTINGS 
ldap admin dn="uid=Admin,ou=Users,dc=xxx,dc=xxx" 
ldap ssl = no 
passdb backend = ldapsam:ldap://127.0.0.1 
ldap delete dn = no 
ldap user suffix = ou=Users 
ldap group suffix = ou=Groups 
ldap machine suffix = ou=Clients 
ldap suffix = dc=fh-stpoelten,dc=ac.at 
ldap passwd sync = yes 

the smbd daemon stucks while connecting to it (see "non working log") 
I have to kill -9 the daemons 

If I use the same 3.4.2 ldap externally from a similar centos 5.3 machine 
the the connection works without problems (see "working log") 

You can query the local ldap with the ldaptools in various ways and you 
get the correct response (with the credentials stored to the .tdb) 

- does anyone has a hint for me? 

regards 
Maritn 





Non working log (debug 2): 


[2009/10/15 14:42:59, 2] smbd/server.c:676(smbd_parent_loop) 
waiting for connections 
[2009/10/15 14:43:02, 2] smbd/sesssetup.c:1360(setup_new_vc_session) 
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources. 
[2009/10/15 14:43:02, 2] lib/smbldap.c:856(smbldap_open_connection) 
smbldap_open_connection: connection opened 
[2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) 
init_sam_from_ldap: Entry found for user: nsc 
[2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
init_group_from_ldap: Entry found for group: 999 
[2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
init_group_from_ldap: Entry found for group: 999 
[2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
init_group_from_ldap: Entry found for group: 999 
[2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
init_group_from_ldap: Entry found for group: 1003 
[2009/10/15 14:43:02, 2] auth/auth.c:310(check_ntlm_password) 
check_ntlm_password: authentication for user [nsc] -> [nsc] -> [nsc] 
succeeded 






Working log (debug 2): 


[2009/10/15 14:45:41, 2] smbd/sesssetup.c:1360(setup_new_vc_session) 
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources. 
[2009/10/15 14:45:41, 2] lib/smbldap.c:856(smbldap_open_connection) 
smbldap_open_connection: connection opened 
[2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) 
init_sam_from_ldap: Entry found for user: nsc 
[2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
init_group_from_ldap: Entry found for group: 999 
[2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
init_group_from_ldap: Entry found for group: 999 
[2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
init_group_from_ldap: Entry found for group: 999 
[2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
init_group_from_ldap: Entry found for group: 1003 
[2009/10/15 14:45:41, 2] auth/auth.c:310(check_ntlm_password) 
check_ntlm_password: authentication for user [nsc] -> [nsc] -> [nsc] 
succeeded 
[2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) 
init_group_from_ldap: Entry found for group: 998 
[2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) 
init_sam_from_ldap: Entry found for user: Admin 
[2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) 
init_sam_from_ldap: Entry found for user: Admin 
[2009/10/15 14:45:41, 1] smbd/service.c:1047(make_connection_snum) 
10.222.0.240 (10.222.0.240) connect to service netlogon initially as 
user nsc (uid=1746, gid=999) (pid 3061) 
-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Samba] sambaShare used?

2009-10-14 Thread Kent Nasveschuk
Just curious, is sambaShare objectClass used by Samba 3.4.2? Currently testing 
Samba 3.4.2 with OpenLDAP 2.4.11 backend in test environment. Couldn't find out 
much about it other than it has 2 attributes and is part of the samba.schema. 

Thanks 

Kent 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Re: [Samba] invalid computer name when accessing a Samba server from a Samba client

2009-09-28 Thread Kent Tong


Andrew Masterson wrote:
> 
> Does the NAS have a machine account in the domain?
> 

Yes, I can see an account named ho-nas01 in the "Computers" folder in AD.

-
--
Kent Tong
Wicket tutorials freely available at http://www.agileskills2.org/EWDW
Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA
-- 
View this message in context: 
http://www.nabble.com/invalid-computer-name-when-accessing-a-Samba-server-from-a-Samba-client-tp25608649p25655616.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Samba] invalid computer name when accessing a Samba server from a Samba client

2009-09-25 Thread Kent Tong

Hi,

I am trying to access a Samba server (a NAS, actually, a Level One FNS
7000B). However, it 
will only return an error NT_STATUS_INVALID_COMPUTER_NAME. Below is the
output of some
test commands. Thanks in advance for any help!

r...@hoadms004:/etc/network# smbclient -L //ho-nas01
Password:
Anonymous login successful
Domain=[CPTTM] OS=[Unix] Server=[Samba 3.0.20b]

Sharename   Type  Comment
-     ---
...
vm  Disk
IPC$IPC   IPC Service (HO-NAS01)
ADMIN$  IPC   IPC Service (HO-NAS01)
Anonymous login successful
Domain=[CPTTM] OS=[Unix] Server=[Samba 3.0.20b]

Server   Comment
----
HO-NAS01 HO-NAS01

WorkgroupMaster
----
CPTTMHO-NAS01
DOMAIN   BACKUP01
WORKGROUPCPTTM

r...@hoadms004:/etc/network# smbclient  //HO-NAS01/vm -W CPTTM -U vmadmin
-d3
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
added interface ip=172.18.19.53 bcast=172.18.19.255 nmask=255.255.255.0
Client started (version 3.0.28a).
resolve_lmhosts: Attempting lmhosts lookup for name HO-NAS01<0x20>
resolve_wins: Attempting wins lookup for name HO-NAS01<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name HO-NAS01<0x20>
Connecting to 172.18.20.11 at port 445
Password: r_candy   Disk
Doing spnego session setup (blob length=102)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2k
got OID=1 3 6 1 4 1 311 2 2 10
got principal=cifs/ho-na...@cpttm.org.mo
Got challenge flags:Disk
Got NTLMSSP neg_flags=0x60898215
NTLMSSP: Set final flags:isk
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
SPNEGO login failed: Invalid computer name
session setup failed: NT_STATUS_INVALID_COMPUTER_NAME

-
--
Kent Tong
Wicket tutorials freely available at http://www.agileskills2.org/EWDW
Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA
-- 
View this message in context: 
http://www.nabble.com/invalid-computer-name-when-accessing-a-Samba-server-from-a-Samba-client-tp25608649p25608649.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Re: [Samba] migrating Samba PDC to a new server

2009-04-05 Thread Kent Tong


Squeezer99 wrote:
> 
> it should work ok.  make sure to run net getlocalsid and net 
> getdomainsid and write them down and on the new server do net 
> setlocalsid and net setdomainsid if they are different.
> 

Thanks!


-
--
Kent Tong
Wicket tutorials freely available at http://www.agileskills2.org/EWDW
Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA
-- 
View this message in context: 
http://www.nabble.com/migrating-Samba-PDC-to-a-new-server-tp22861046p22900728.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Samba] migrating Samba PDC to a new server

2009-04-02 Thread Kent Tong

Hi,

I'd like to migrate Samba 3.0.24-6etch10 PDC running on a Debian server to a
new 
Ubuntu server. I plan to install Samba 3.0.28a-1ubuntu4.4 on the new server
and
then copy the files in /etc/samba and /var/lib/samba and copy the related
Linux
users in /etc/passwd and /etc/shadow. Will it work?

Thanks in advance!

-
--
Kent Tong
Wicket tutorials freely available at http://www.agileskills2.org/EWDW
Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA
-- 
View this message in context: 
http://www.nabble.com/migrating-Samba-PDC-to-a-new-server-tp22861046p22861046.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


RE: [Samba] Where does Windows get the samba name to put into the Network Share name?

2009-02-11 Thread Cross, Kent G (US SSA)
Thank you all. Clearing out the registry did the trick. I was even able
to set the server name to WHATEVER in the smb.conf file and got
"WHATEVER" to come through. 

Kent

-Original Message-
From: Tom Crummey [mailto:t...@ee.ucl.ac.uk] 
Sent: Wednesday, February 11, 2009 2:03 AM
To: Cross, Kent G (US SSA)
Subject: Re: [Samba] Where does Windows get the samba name to put into
the Network Share name?

Hello,

It's in the registry on the PC.

Cross, Kent G (US SSA) wrote:
> I have upgraded our sun server from samba 3.0.20b to version 3.2.4. If
I
> type "smb -V" on the sun, I get the proper version number of "Version
> 3.2.4". When I map a network drive from my PC to a share named "home1"
> on the sun, the PC mount point is named "home1 on 'Samba 3.0.20b
> (server)'. I have unmapped all drives and re-mapped them with the same
> result. 
> 
>  
> 
> Where is my PC getting the older version number from? I copied the
> private folder, smb.conf, and smbpasswd from the old version to the
new
> install location. Could it be getting "Samba 3.0.20b" from one of
these
> files?
> 
>  
> 
> Thanks in Advance
> 
>  
> 
>  
> 

-- 
Tom.


--
  Tom Crummey, Systems and Network Manager,EMAIL: t...@ee.ucl.ac.uk
  Dept. of Electronic and Electrical Engineering,
  University College London, Roberts Building,   TEL: +44 (0)20 7679 
3898
  Torrington Place,  FAX: +44 (0)20 7388
9325
  London, UK, WC1E 7JE.

--


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Samba] Where does Windows get the samba name to put into the Network Share name?

2009-02-10 Thread Cross, Kent G (US SSA)
I have upgraded our sun server from samba 3.0.20b to version 3.2.4. If I
type "smb -V" on the sun, I get the proper version number of "Version
3.2.4". When I map a network drive from my PC to a share named "home1"
on the sun, the PC mount point is named "home1 on 'Samba 3.0.20b
(server)'. I have unmapped all drives and re-mapped them with the same
result. 

 

Where is my PC getting the older version number from? I copied the
private folder, smb.conf, and smbpasswd from the old version to the new
install location. Could it be getting "Samba 3.0.20b" from one of these
files?

 

Thanks in Advance

 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Samba] conceptual question regarding file ownership and uid

2008-11-03 Thread Kent Tong

Hi,

For a samba member server s1 that uses the built-in user mapping (ie, no
winbind), if a domain
user DOM\u1 creates a file on the server, it will be owned by the local u1
user on the server,
right? What if a user is using explorer on a Windows client to view its
ownership, will it appear
as s1\u1 or DOM\u1?

How to ensure that it is the latter?

Thanks!

-
--
Kent Tong
Wicket tutorials freely available at http://www.agileskills2.org/EWDW
Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA
-- 
View this message in context: 
http://www.nabble.com/conceptual-question-regarding-file-ownership-and-uid-tp20315417p20315417.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: schannel_store.tdb appearing in /etc/samba

2007-06-05 Thread Kent Tong
Steve Granger  magellan-technology.com> writes:

> smbd -b | less
> 
> to see the private_dir and other file location. From my knowledge these
> are set with compile time options.

Thanks! Got this:

   SBINDIR: /usr/sbin
   BINDIR: /usr/bin
   SWATDIR: /usr/share/samba/swat
   CONFIGFILE: /etc/samba/smb.conf
   LOGFILEBASE: /var/log/samba
   LMHOSTSFILE: /etc/samba/lmhosts
   LIBDIR: /usr/lib/samba
   SHLIBEXT: so
   LOCKDIR: /var/run/samba
   PIDDIR: /var/run/samba
   SMB_PASSWD_FILE: /etc/samba/smbpasswd
   PRIVATE_DIR: /etc/samba

/var/lib/samba is not one of them, but why are those .tdb files put 
into there (instead of /etc/samba)?

Does it make sense to set the private dir to /etc/samba? If not, I'll
file a bug report to Debian.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] schannel_store.tdb appearing in /etc/samba

2007-06-05 Thread Kent Tong
Hi,

I just upgrade from Debian Sarge to Etch. Now, while Samba (3.0.24-6etch4) is 
running, it creates the schannel_store.tdb /etc/samba. However, it should
really store it into the "private dir", which is supposed to be /var/lib/samba
as I see files like passdb.tdb in there. Any idea what's going on?

In addition, "private dir" is not defined in smb.conf. I don't know how it
gets defaulted to /var/lib/samba. The man page says it defaults to 
${prefix}/private. Obviously this is not the case.

In addition, I can't find where "prefix" is defined in the man page.

Any help? Thanks!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Repost: Can't follow DFS link

2007-06-03 Thread Kent Tong
Jim McDonough  samba.org> writes:

> 
> On 6/1/07, Kent Tong  cpttm.org.mo> wrote:
> 
> >   smb_flg2=51203
> >
> Kent, I know you already rebooted the client since we discussed this before
> (though did you reboot the terminal server?).  This flags2 value is 0xC803,
> and we need to see the 0x1000 bit on before we recognize that the client is
> interested in DFS pathnames.  So now comes the tricky part...why is this
> client different from your other client that works? 

I've tried it on three clients: two Win2K pro and one Win2K terminal server.
Only one Win2K pro works. All have been rebooted.

> Can you give me
> anything on how you connected, security environment (ADS vs USER vs DOMAIN),
> or even how you specified the server address (netbios name, dns name, ip
> address)?  These can all play a role, unfortunately, in how a window client
> decides to ask for DFS referrals.

We're in a Win2K AD domain. The DFS host (samba) is using user security
and have the user accounts in the samba password DB (yes, we duplicated
the user accounts from AD and it works fine). The share is access using
netbios name. I just tried accessing it using IP and it works! What can
I do in that case?



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Repost: Can't follow DFS link

2007-06-01 Thread Kent Tong
Hi,

I am using 3.0.22 on Ubuntu 6.06. I'm trying to setup a DFS root. Here
is the smb.conf share section:

My smb.conf file is:

[global]
# use default
; security = user
host msdfs = yes

[Share]
path=/var/Share
writable=yes
msdfs root=yes

The dfs link is:

# ls -l /var/Share/Data/2007/OfficeAdmin/pdf
lrwxrwxrwx 1 root root 19 2007-05-23 09:14 
/var/Share/Data/2007/OfficeAdmin/pdf -> msdfs:cladms004\pdf

All the clients have been rebooted. They can all connect to 
\\cladms004\pdf directly.

On one Win2K client the DFS link works fine. But on another Win2K client 
and a Win2K terminal server, I can't go into the "pdf" folder. I can 
see the "pdf" folder inside the share. But when I try to go into the 
"pdf" folder, Windows says the folder is inaccessible.

The level 10 log is:

[2007/05/28 17:24:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(618)
  got smb length of 128
[2007/05/28 17:24:14, 6] smbd/process.c:process_smb(1193)
  got message type 0x0 of len 0x80
[2007/05/28 17:24:14, 3] smbd/process.c:process_smb(1194)
  Transaction 257270 of length 132
[2007/05/28 17:24:14, 5] lib/util.c:show_msg(454)
[2007/05/28 17:24:14, 5] lib/util.c:show_msg(464)
  size=128
  smb_com=0x32
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51203
  smb_tid=10
  smb_pid=2264
  smb_uid=187
  smb_mid=9153
  smt_wct=15
  smb_vwv[ 0]=   60 (0x3C)
  smb_vwv[ 1]=0 (0x0)
  smb_vwv[ 2]=2 (0x2)
  smb_vwv[ 3]=   40 (0x28)
  smb_vwv[ 4]=0 (0x0)
  smb_vwv[ 5]=0 (0x0)
  smb_vwv[ 6]=0 (0x0)
  smb_vwv[ 7]=0 (0x0)
  smb_vwv[ 8]=0 (0x0)
  smb_vwv[ 9]=   60 (0x3C)
  smb_vwv[10]=   68 (0x44)
  smb_vwv[11]=0 (0x0)
  smb_vwv[12]=0 (0x0)
  smb_vwv[13]=1 (0x1)
  smb_vwv[14]=5 (0x5)
  smb_bcc=63
[2007/05/28 17:24:14, 10] lib/util.c:dump_data(2058)
  [000] 00 00 00 EC 03 00 00 00  00 5C 00 44 00 61 00 74   .\.D.a.t
  [010] 00 61 00 5C 00 32 00 30  00 30 00 37 00 5C 00 4F  .a.\.2.0 .0.7.\.O
  [020] 00 66 00 66 00 69 00 63  00 65 00 41 00 64 00 6D  .f.f.i.c .e.A.d.m
  [030] 00 69 00 6E 00 5C 00 70  00 64 00 66 00 00 00 .i.n.\.p .d.f...
[2007/05/28 17:24:14, 3] smbd/process.c:switch_message(993)
  switch message SMBtrans2 (pid 3864) conn 0x83ed558
[2007/05/28 17:24:14, 4] smbd/uid.c:change_to_user(222)
  change_to_user: Skipping user change - already user
[2007/05/28 17:24:14, 3] smbd/trans2.c:call_trans2qfilepathinfo(2861)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2007/05/28 17:24:14, 5] smbd/filename.c:unix_convert(108)
  unix_convert called on file "Data/2007/OfficeAdmin/pdf"
[2007/05/28 17:24:14, 10] smbd/statcache.c:stat_cache_lookup(215)
  stat_cache_lookup: lookup failed for name [DATA/2007/OFFICEADMIN/PDF]
[2007/05/28 17:24:14, 10] smbd/statcache.c:stat_cache_lookup(248)
  stat_cache_lookup: lookup succeeded for name 
[DATA/2007/OFFICEADMIN] -> [Data/2007/OfficeAdmin]
[2007/05/28 17:24:14, 5] smbd/filename.c:unix_convert(185)
  unix_convert begin: name = Data/2007/OfficeAdmin/pdf, dirpath = Data/2007/Offi
ceAdmin, start = pdf
[2007/05/28 17:24:14, 10] smbd/mangle_hash2.c:is_mangled(276)
  is_mangled pdf ?
[2007/05/28 17:24:14, 10] smbd/mangle_hash2.c:is_mangled_component(215)
  is_mangled_component pdf (len 3) ?
[2007/05/28 17:24:14, 10] smbd/mangle_hash2.c:is_mangled(276)
  is_mangled pdf ?
[2007/05/28 17:24:14, 10] smbd/mangle_hash2.c:is_mangled_component(215)
  is_mangled_component pdf (len 3) ?
[2007/05/28 17:24:14, 5] smbd/statcache.c:stat_cache_add(140)
  stat_cache_add: Added entry (83e4d88:size1a) 
DATA/2007/OFFICEADMIN/PDF -> Data
/2007/OfficeAdmin/pdf
[2007/05/28 17:24:14, 5] smbd/statcache.c:stat_cache_add(140)
  stat_cache_add: Added entry (83e4d88:size1a) 
DATA/2007/OFFICEADMIN/PDF -> Data
/2007/OfficeAdmin/pdf
[2007/05/28 17:24:14, 5] smbd/filename.c:unix_convert(400)
  conversion finished Data/2007/OfficeAdmin/pdf -> 
Data/2007/OfficeAdmin/pdf
[2007/05/28 17:24:14, 3] smbd/trans2.c:call_trans2qfilepathinfo(2886)
  call_trans2qfilepathinfo: SMB_VFS_STAT of 
Data/2007/OfficeAdmin/pdf failed (No such file or directory)
[2007/05/28 17:24:14, 10] smbd/trans2.c:set_bad_path_error(2623)
  set_bad_path_error: err = 2 bad_path = 0
[2007/05/28 17:24:14, 3] smbd/error.c:error_packet(146)
  error packet at smbd/trans2.c(2629) cmd=50 (SMBtrans2) 
NT_STATUS_OBJECT_NAME_NOT_FOUND

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Can't follow DFS link

2007-05-28 Thread Kent Tong
Jim McDonough  samba.org> writes:

> 
> On 5/22/07, Kent Tong  cpttm.org.mo> wrote:
> >
> > Can't believe that! Rebooting does fix the problem. Thanks a lot!
> >
> The client remembers whether or not we're a DFS server...so you can't change
> from one to the other without rebooting.

Sorry, actually it works only a computer but not on another. Both computers
have been rebooted. The symptom is the same: I can see the folder (the link) 
but when I try to change into it, it says the folder has been moved or 
removed.

My smb.conf file is:

[global]
# use default
; security = user
host msdfs = yes

[Share]
path=/var/Share
writable=yes
msdfs root=yes

The dfs link is:

# ls -l /var/Share/Data/2007/OfficeAdmin/pdf
lrwxrwxrwx 1 root root 19 2007-05-23 09:14 
/var/Share/Data/2007/OfficeAdmin/pdf -> msdfs:cladms004\pdf

The level 10 log is:

[2007/05/28 17:24:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(618)
  got smb length of 128
[2007/05/28 17:24:14, 6] smbd/process.c:process_smb(1193)
  got message type 0x0 of len 0x80
[2007/05/28 17:24:14, 3] smbd/process.c:process_smb(1194)
  Transaction 257270 of length 132
[2007/05/28 17:24:14, 5] lib/util.c:show_msg(454)
[2007/05/28 17:24:14, 5] lib/util.c:show_msg(464)
  size=128
  smb_com=0x32
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51203
  smb_tid=10
  smb_pid=2264
  smb_uid=187
  smb_mid=9153
  smt_wct=15
  smb_vwv[ 0]=   60 (0x3C)
  smb_vwv[ 1]=0 (0x0)
  smb_vwv[ 2]=2 (0x2)
  smb_vwv[ 3]=   40 (0x28)
  smb_vwv[ 4]=0 (0x0)
  smb_vwv[ 5]=0 (0x0)
  smb_vwv[ 6]=0 (0x0)
  smb_vwv[ 7]=0 (0x0)
  smb_vwv[ 8]=0 (0x0)
  smb_vwv[ 9]=   60 (0x3C)
  smb_vwv[10]=   68 (0x44)
  smb_vwv[11]=0 (0x0)
  smb_vwv[12]=0 (0x0)
  smb_vwv[13]=1 (0x1)
  smb_vwv[14]=5 (0x5)
  smb_bcc=63
[2007/05/28 17:24:14, 10] lib/util.c:dump_data(2058)
  [000] 00 00 00 EC 03 00 00 00  00 5C 00 44 00 61 00 74   .\.D.a.t
  [010] 00 61 00 5C 00 32 00 30  00 30 00 37 00 5C 00 4F  .a.\.2.0 .0.7.\.O
  [020] 00 66 00 66 00 69 00 63  00 65 00 41 00 64 00 6D  .f.f.i.c .e.A.d.m
  [030] 00 69 00 6E 00 5C 00 70  00 64 00 66 00 00 00 .i.n.\.p .d.f...
[2007/05/28 17:24:14, 3] smbd/process.c:switch_message(993)
  switch message SMBtrans2 (pid 3864) conn 0x83ed558
[2007/05/28 17:24:14, 4] smbd/uid.c:change_to_user(222)
  change_to_user: Skipping user change - already user
[2007/05/28 17:24:14, 3] smbd/trans2.c:call_trans2qfilepathinfo(2861)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2007/05/28 17:24:14, 5] smbd/filename.c:unix_convert(108)
  unix_convert called on file "Data/2007/OfficeAdmin/pdf"
[2007/05/28 17:24:14, 10] smbd/statcache.c:stat_cache_lookup(215)
  stat_cache_lookup: lookup failed for name [DATA/2007/OFFICEADMIN/PDF]
[2007/05/28 17:24:14, 10] smbd/statcache.c:stat_cache_lookup(248)
  stat_cache_lookup: lookup succeeded for name 
[DATA/2007/OFFICEADMIN] -> [Data/2007/OfficeAdmin]
[2007/05/28 17:24:14, 5] smbd/filename.c:unix_convert(185)
  unix_convert begin: name = Data/2007/OfficeAdmin/pdf, dirpath = Data/2007/Offi
ceAdmin, start = pdf
[2007/05/28 17:24:14, 10] smbd/mangle_hash2.c:is_mangled(276)
  is_mangled pdf ?
[2007/05/28 17:24:14, 10] smbd/mangle_hash2.c:is_mangled_component(215)
  is_mangled_component pdf (len 3) ?
[2007/05/28 17:24:14, 10] smbd/mangle_hash2.c:is_mangled(276)
  is_mangled pdf ?
[2007/05/28 17:24:14, 10] smbd/mangle_hash2.c:is_mangled_component(215)
  is_mangled_component pdf (len 3) ?
[2007/05/28 17:24:14, 5] smbd/statcache.c:stat_cache_add(140)
  stat_cache_add: Added entry (83e4d88:size1a) 
DATA/2007/OFFICEADMIN/PDF -> Data
/2007/OfficeAdmin/pdf
[2007/05/28 17:24:14, 5] smbd/statcache.c:stat_cache_add(140)
  stat_cache_add: Added entry (83e4d88:size1a) 
DATA/2007/OFFICEADMIN/PDF -> Data
/2007/OfficeAdmin/pdf
[2007/05/28 17:24:14, 5] smbd/filename.c:unix_convert(400)
  conversion finished Data/2007/OfficeAdmin/pdf -> 
Data/2007/OfficeAdmin/pdf
[2007/05/28 17:24:14, 3] smbd/trans2.c:call_trans2qfilepathinfo(2886)
  call_trans2qfilepathinfo: SMB_VFS_STAT of 
Data/2007/OfficeAdmin/pdf failed (No such file or directory)
[2007/05/28 17:24:14, 10] smbd/trans2.c:set_bad_path_error(2623)
  set_bad_path_error: err = 2 bad_path = 0
[2007/05/28 17:24:14, 3] smbd/error.c:error_packet(146)
  error packet at smbd/trans2.c(2629) cmd=50 (SMBtrans2) 
NT_STATUS_OBJECT_NAME_NOT_FOUND

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Can't follow DFS link

2007-05-22 Thread Kent Tong
Jim McDonough  samba.org> writes:

> Could you include a little more from globals?  The "host msdfs" option, and
> believe it or not, the "security" option?  Is this AD?
> 
> Also, perhaps more important, have you rebooted the client after turning on
> msdfs on the server?

Hi Jim,

Can't believe that! Rebooting does fix the problem. Thanks a lot!



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Can't follow DFS link

2007-05-22 Thread Kent Tong
Hi,

I am using 3.0.22 on Ubuntu 6.06. I'm trying to setup a DFS root. Here
is the smb.conf share section:

[test]
path=/var/test
writable=yes
msdfs root=yes

The /var/test contains a single symlink:

$ ls -l /var/test
total 0
lrwxrwxrwx 1 root root 19 2007-05-22 14:56 pdf -> msdfs:cladms004\pdf

On a Win2K client I can connect to \\cladms004\pdf successfully. I
can also access the test share defined above. I can see the "pdf"
folder inside the share. But when I try to go into the "pdf" folder,
Windows says the folder is inaccessible.

The level 10 debug log is shown below. Any help is much appreciated!

[2007/05/22 15:33:42, 4] smbd/vfs.c:vfs_ChDir(738)
  vfs_ChDir to /var/test
[2007/05/22 15:33:42, 3] smbd/trans2.c:call_trans2qfilepathinfo(2861)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2007/05/22 15:33:42, 5] smbd/filename.c:unix_convert(108)
  unix_convert called on file "pdf"
[2007/05/22 15:33:42, 10] smbd/statcache.c:stat_cache_lookup(248)
  stat_cache_lookup: lookup succeeded for name [PDF] -> [pdf]
[2007/05/22 15:33:42, 5] smbd/filename.c:unix_convert(185)
  unix_convert begin: name = pdf, dirpath = , start = pdf
[2007/05/22 15:33:42, 10] smbd/mangle_hash2.c:is_mangled(276)
  is_mangled pdf ?
[2007/05/22 15:33:42, 10] smbd/mangle_hash2.c:is_mangled_component(215)
  is_mangled_component pdf (len 3) ?
[2007/05/22 15:33:42, 10] smbd/mangle_hash2.c:is_mangled(276)
  is_mangled pdf ?
[2007/05/22 15:33:42, 10] smbd/mangle_hash2.c:is_mangled_component(215)
  is_mangled_component pdf (len 3) ?
[2007/05/22 15:33:42, 5] smbd/statcache.c:stat_cache_add(140)
  stat_cache_add: Added entry (83bea58:size4) PDF -> pdf
[2007/05/22 15:33:42, 5] smbd/statcache.c:stat_cache_add(140)
  stat_cache_add: Added entry (83bea58:size4) PDF -> pdf
[2007/05/22 15:33:42, 5] smbd/filename.c:unix_convert(400)
  conversion finished pdf -> pdf
[2007/05/22 15:33:42, 3] smbd/trans2.c:call_trans2qfilepathinfo(2886)
  call_trans2qfilepathinfo: SMB_VFS_STAT of pdf failed (No such file or director
y)
[2007/05/22 15:33:42, 10] smbd/trans2.c:set_bad_path_error(2623)
  set_bad_path_error: err = 2 bad_path = 0
[2007/05/22 15:33:42, 3] smbd/error.c:error_packet(146)
  error packet at smbd/trans2.c(2629) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_N
OT_FOUND

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Many msgs log.winbindd about "group xxxxx in domain yyyyy does not exist"

2006-04-26 Thread Kent Wick
I am seeing many, many msgs in log.winbindd with the following text:
[2006/04/14 08:54:29, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(255)
  group system in domain AIXSAMBA does not exist

Would anybody be able to point me in the right direction to determine what this 
is complaining about?
One area I do not understand is why it is complaining about AIXSAMBA (the 
NETBIOS name).

There is an entry in /etc/group for the "system" group (GID = 0).

I do have some directories in one of the samba shares with an acl set as 
follows:
*
* ACL_type   AIXC
*
attributes: 
base permissions
owner(root):  rwx
group(win_domain_users):  rwx
others:  r-x
extended permissions
enabled
  permit  rwx  g:system

Environment:
AIX 5.3:  long names enabled (31 char including ending zero), using pam for 
authentication
Samba 3.0.22 (compiled from source), configure options were:
--with-pam --with-acl-support --with-aio-support --with-winbind

smb.conf contents:
[global]
workgroup = ERSSECURITY
netbios name = AIXSAMBA
server string = Samba3
security = DOMAIN
log file = /usr/local/samba/var/log.%m
log level = 1
algorithmic rid base = 50
winbind uid = 11-50
winbind gid = 11-50

[denali_d]
path = /samba/denali01
acl group control = yes
create mask = 0775
directory mask = 2775
#   force group = win_domain_cntlr
#   inherit acls = yes
inherit permissions = yes
read only = no
writeable = yes
guest ok = no
admin users = @win_domain_admin

[denali_f]
path = /samba/denali02
acl group control = yes
create mask = 0775
directory mask = 2775
force group = win_domain_admin
#   inherit acls = yes
inherit permissions = yes
read only = no
writeable = yes
guest ok = no
admin users = @win_domain_admin

Results from wbinfo -g:
BUILTIN\system operators
BUILTIN\administrators
followed by all the groups in the WinNT PDC domain.

Results from "net groupmap list":
System Operators (S-1-5-32-549) -> win_sys_oper
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Controllers (S-1-5-21-1748253822-1525897820-1959552931-3641) -> 
win_domain_cntlr
Domain Admins (S-1-5-21-3484108990-1107034133-219603564-512) -> win_domain_admin
Domain Guests (S-1-5-21-3484108990-1107034133-219603564-514) -> -1
Power Users (S-1-5-32-547) -> -1
Domain Users (S-1-5-21-3484108990-1107034133-219603564-513) -> win_domain_users
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> win_administrator
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

The "win_x" groups above are in the /etc/group file as:
win_sys_oper:!:5001:
win_domain_admin:!:5002:user1,user2,user3,user4
win_administrator:!:5003:user1,user2
win_domain_users:!:5004:user5,user6,user7,user3,user1,usert,user2,user8
win_domain_cntlr:!:5005:

Thanks for any assistance/advice that y'all can provide.

K Wick, Texas Emp Retirement Syst
Phone: 512-867-7325


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] AIX 52 and long (>8) character Windows usernames

2006-02-14 Thread Kent Wick
Env: AIX 5.2 ML07 with Samba 3.0.21b (compiled in-house) with config options of:
  --with-pam --with-winbind --with-acl-support --with-aio-support

Can anybody shed any light on why users that have 8 characters or less
(Windows and AIX) and are defined in /etc/passwd can access the defined
Samba share while those users with a Windows username of 9 characters
or more (who have been defined in the "username map" file are always 
presented with an authentication window?

Is there something that I have wrong that I am just not seeing?

This Samba server is functioning as a member server in an existing Windows NT 
domain.

smb.conf reads:
[global]
workgroup = ERSSECURITY
netbios name = SAMBASRVR
server string = Samba
security = DOMAIN
algorithmic rid base = 50
username map = /usr/local/samba/lib/nt_dom_2_unix_user_map
ldap ssl = no
idmap uid = 10001-3
idmap gid = 10001-3
winbind separator = +

[denali_d]
path = /samba/denali_d
read only = No
#   guest ok = Yes

The file noted in "username map" reads:
brad=ERSSECURITY/bstafford
mrutherf=ERSSECURITY/mrutherford
sambat2=ERSSECURITY/sambatest
sambat2=sambatest

/etc/pam.conf reads:
#   Authentication
#
login   authrequired/usr/lib/security/pam_winbind.so
login   authrequired/usr/lib/security/pam_aix try_first_pass
#  loginauthrequired/usr/lib/security/pam_aix
#  loginauthrequired/usr/lib/security/pam_winbind.so 
try_first_pass
su  authsufficient  /usr/lib/security/pam_aix
OTHER   authrequired/usr/lib/security/pam_aix
#
#   Account Mgmt
#
#  loginaccount required/usr/lib/security/pam_aix
login   account sufficient  /usr/lib/security/pam_winbind.so try_first_pass
OTHER   account required/usr/lib/security/pam_aix
#
#   Session Mgmt
#
OTHER   session required/usr/lib/security/pam_aix
#
#   Password Mgmt
#
OTHER   passwordrequired/usr/lib/security/pam_aix




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Question on AIX 5.2, Samba and NT domains

2006-02-10 Thread Kent Wick
Environment:
  AIX 5.2
  Samba 3.0.21b (compiled at this site with Visualage C/C++ 6.0)
  configure was run as:
  ./configure --prefix=/usr/local/samba --with-pam --with-acl-support 
--with-aio-support --with-winbind
  Windows environment is a mix of Windows NT domain and Novell file servers.

Does anybody know of a single document or set of documents that have a 
"cookbook"
approach to creating/modifying the necessary AIX files to work with Samba with 
"pam",
"winbind" and NSS support as a "member server"?

If I have userids in the NT domain that are longer than 8 characters, am I 
"effed" when trying to get
them to seamlessly access Samba?  AIX 5.2 and below do not allow a username or 
group name to 
have a value longer than 8 characters.  Do I need a "username map" file for the 
long usernames?
As far as I can tell, the issue of long names in NT versus limitations of some 
OS versions is never
discussed.

The "Samba3-HOWTO" document(s) in Chapter 23 talk about the compile process 
creating the file
"libnss_winbind.so".  Something changed between document and Makefile because I 
get a file named
WINBIND automatically created.  In that same chapter, it goes on to talk about 
verifying winbind.
I can run the "wbinfo -u" and "wbinfo -g" commands just find and it returns the 
the users and gorups
in the NT domain that Samba joined.  Then the document talks about using 
"getent" to see both local
(AIX) and PDC users and groups.  Unfortunately, I don't have that one in 
executable form.  I can see
the "getent" source in the testsuite/nsswitch directory but when I compile just 
that program all that
it returns in the local users, nothing from the PDC.

If I am using Samba as a member server, do I even need to worry about 
integrating PAM and winbindd?

Another few "nit's" in the Samba-HOWTO in "The Samba Checklist":
(1) When I run the "smbclient -L sambasrvrname" (as root), it asks for a 
password.  When I give it the root
password, it comes back with "session setup failed: NT_STATUS_LOGON_FAILURE".  
When I just press
enter in response to the password request, it responds that it connected 
anonymously and returns the 
necessary data.
(2) The "nmblookup" command in step 4 needs to be clarified a bit more.  When I 
look at a print of the
web page, it sure looks like the BIGSERVER and the "__SAMBA__" are run 
together.  For that matter,
I had to go the web page source to be certain that the "__" was a double 
underscore and not a single.
Given the way some laser printer formatting works, it is entirely possible that 
it could have been a single
underscore.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Samba on FDC5

2006-01-31 Thread kent
Anyone know what version will be on Fedora Core 5? Core 4 has 3.0.14a-2


Kent Nasveschuk

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] synchronise time

2005-10-11 Thread kent
Hello,
This is new to me (WPKG). I started to use a product that I had to pay for
to switch users. Tell me more if you can. I've started looking at the web
site documentation.

Kent N

> Patrick DUBAU schrieb:
>
>  > Hi,
>  >
>  > in my logon.bat file i put : net time \\admin /SET /YES to
> synchronise computer time with the server.
>  > This works when the user who is login in has administrator rights on
> the computer.
>  > How can i do with users who are just "member of the domain"? Is there
> a way to run this command "as administrator" ?
>  > Thanks for any help
>
>
> I use WPKG for that - http://wpkg.org - (and for all other tasks needing
> administrator rights, like changing printers, installing and updating
> software, changing file permissions and registry entries etc.).
>
>
> --
> Tomek
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba as an NT5 (Win2K) PDC

2005-09-21 Thread kent
Hi,
I don't know who else responded to this, but there are many people out
there using Samba as replacement for Win2k servers.

Here's my personal involvement and a little history. I'm in a school
system in Mass. where we have 7 Samba servers (1 PDC 6 BDC). I'm guessing
there are about 2300+ user accounts and don't know how many computer
accounts. It works well. We started with version 2.2.X on Slackware with 1
server 3 users. Graduated to RedHat 8.0/LDAP on 5 servers. This past
summer every server was upgraded to Fedora Core 4 Samba
3.0.14a/passbackend LDAP 2.2.23. There is a slave LDAP server running on
the BDCs because they are in different buildings. LDAP master is on a
separate server than the PDC but they are in the same data closet in the
same building. We did this because the LDAP master serves as a passbackend
for other systems, for example: Cyrus IMAP, Moddle, SquirrelMail, other
home grown applications that use LDAP for authentication.

We don't use the normal tools for managing user/group accounts. We are a
school system, accounts for students start in Middle School and follow
them to High School. We needed to be able to bulk add, delete and modify
user accounts in addition to one-at-a-time modifications, so our tools are
geared towards this.

Our client systems range from Win95 to XP. We use Kixtart script processor
to run OS specific scripts.

The howto's are a good place to start and they are pretty specific. I'd
start with getting a working LDAP directory first, then move on to Samba.
I can't give you any specifics, but if you are going to use LDAP determine
how your directory tree will look, and get your base local/domain groups
in LDAP. There are many smb.confs out there that will work as PDC. Post
how things are going. Everyone's here to help.

Kent N

> Hi
>
> I am trying to find someone who can help me with configuring samba as a
> Win2k PDC, I have read various How-TO's and the online reference material
> but some of it has conflicting advice. I wondered if someone who has
> actually managed to configure and uses samba as a Win2k PDC and logon
> server
> could email me to help me with this issue.
>
> Javid Mahdavi
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Roots of Samba

2005-09-01 Thread kent
Hi all,

I have a class of Linux/OpenSource newbies and want to explain the origins of
Samba as a typical Open Source project. My interest in Samba has grown, as well
as my implementation of Samba. I started with 3 users on one server and now have
~2300 users in 10 buildings using Samba w/LDAP backend in a public school
district.

Anyway, I can give them my perspective, but I want them to know what an Open
Source project is like. Andrew Tridgell is one of or the original developer. Can
anyone give me brief history to tell the class?

Thanks in advance.

Kent Nasveschuk
Open Source, alive and well in Wareham, MA...


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] BDC and password change program

2005-08-31 Thread kent
Hi Stephane,
That worked! No more password sync problems. I commented out the password
program and the password chat on the BDCs. I tested the password change on
a XP and Win 98 several times then checked the replicas. All the paswords
are in sync as well as the posix account passwords.

Thanks again

Kent N

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi,
>
> I think simply that with the parameter ldap passwd sync, the passwd
> chat is not called.
> The only question that I ask to me is : why changing a passwd on a BDC ?
> A BDC is a backup DC, if the PDC is down, a BDC can provide
> authentification.
>
> But, you can modifiy the smb.conf of BDC to
>
> passdb backend = ldapsam:"ldap://127.0.0.1 ldap://172.16.0.24";
>
> kent a écrit :
>
>> Hi, Thanks for getting back to me so fast.
>>
>>
>> Stéphane_Purnelle <[EMAIL PROTECTED]> wrote:
>>
>>
>
>> The LDAP server in 172.16.0.24 is the master ldap server, but on
>> smb.conf of BDC, the ldap server is on localhost. If the IP adresse
>> of BDC is 172.16.0.24, you must have no problem. Now, if different,
>> you must configure ldap for replication. Because changing password
>> on the PDC is not replicated to BDC.
>>
>>> PDC: 172.16.0.13 However the master ldap server is on
>>> 172.16.0.24. We use LDAP for mail authentication as well as
>>> OpenGoupware etc. There is no local copy
>> of LDAP
>>> directory on the PDC. Everthing including the operating system
>> points to
>>> 172.16.0.24.
>>
>>> All of the BDCs have replicas. I realize that authentication to a
>>>
>> BDC on a
>>> subnet uses the pass backend which in all of my BDCs is
>>> localhost.
>> My problem
>>> with the BDCs is the password program that I believe is changing
>> the LDAP
>>> replica on the BDC and not the PDC. So I end up with a password
>> mismatch.
>>
>>> If I disable the password chat on all BDCs will password chat be
>> passed on to
>>> the PDC?
>>
>>> Thank you for your help.
>>
>>> Kent N
>>
>> The BDC not verify password with the PDC, but with the passwd
>> backend only. You can disable these lines : passwd program =
>> /usr/bin/smbpasswd %u passwd chat = *Enter\snew\sUNIX\spassword:*
>> %n\n*Retype\snew\sUnix\spassword:* %n\n
>>
>> On BDC
>>
>> kent a écrit :
>>
>>> Have you used the -r option for smbpasswd to connect to the PDC
>>> in smb.conf? Just wondering what the password chat would be. I
>>> can test it out and see what works.
>>
>>> Kent N
>>
>>> Bruno Guerreiro <[EMAIL PROTECTED]> wrote:
>>
>>>> Hi there, The best (only?) way to go is with a LDAP
>>>> Master+slave architecture. All changes must be done at the LDAP
>>>> Master server which automatically replicates them to all slave
>>>> ldap servers. So, yes, the BDC MUST talk to the PDC, or at
>>>> least the master ldap server to change the password.
>>
>>>> Best Regards. Bruno Guerreiro
>>
>>>> -Original Message- From: kent
>>>> [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 31 de
>>>> Agosto de 2005 11:15 To: [EMAIL PROTECTED]; Samba
>>>> Subject: Re: [Samba] BDC and password change program
>>
>>
>>>> Hello, How are you doing? I just switched this summer from
>>>> RedHat 8.0 with compiled versions of Samba, OpenLDAP and
>>>> Berkeley DB to Fedora Core 4 with precompiled Samba, OpenLDAP
>>>> and BerkeleyDB. Here is the smb.conf from one school that is a
>>>> BDC: [global] workgroup = WarehamPS encrypt passwords = Yes
>>>> time offset = 60 time server = Yes # log level = 5 socket
>>>> options = TCP_NODELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>> security = user username map = /etc/samba/smbusers logon script
>>>> = whs1.bat writable = Yes interfaces = eth0 eth1 directory mask
>>>> = 02770 preferred master = yes netbios name = whs1 server
>>>> string = Fedora Core 4 SAMBA server passdb backend =
>>>> ldapsam:ldap://127.0.0.1 ldap passwd sync = Yes machine
>>>> password timeout = 604800 passwd program = /usr/bin/smbpasswd
>>>> %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
>>>> *Retype\snew\sUnix\spassword:* %n\n log file =
>>>> /var/log/samba/%m.log debug level = 2 max log size = 50 add
>>>> machine script = /usr/sbin/addmachine.sh "%u" logon path =
>>>> logon drive = H: lo

RE: [Samba] BDC and password change program

2005-08-31 Thread kent
Have you used the -r option for smbpasswd to connect to the PDC in smb.conf?
Just wondering what the password chat would be. I can test it out and see what
works.

Kent N

Bruno Guerreiro <[EMAIL PROTECTED]> wrote:
> Hi there,
> The best (only?) way to go is with a LDAP Master+slave architecture.
> All changes must be done at the LDAP Master server which automatically
> replicates them to all slave ldap servers.
> So, yes, the BDC MUST talk to the PDC, or at least the master ldap server to
> change the password.
>
> Best Regards.
> Bruno Guerreiro
>
> -Original Message-
> From: kent [mailto:[EMAIL PROTECTED]
> Sent: quarta-feira, 31 de Agosto de 2005 11:15
> To: [EMAIL PROTECTED]; Samba
> Subject: Re: [Samba] BDC and password change program
>
>
> Hello,
> How are you doing? I just switched this summer from RedHat 8.0 with compiled
> versions of Samba, OpenLDAP and Berkeley DB to Fedora Core 4 with
> precompiled
> Samba, OpenLDAP and BerkeleyDB. Here is the smb.conf from one school that is
> a
> BDC:
> [global]
>workgroup = WarehamPS
> encrypt passwords = Yes
> time offset = 60
> time server = Yes
> #   log level = 5
> socket options = TCP_NODELAY TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
> security = user
> username map = /etc/samba/smbusers
> logon script = whs1.bat
> writable = Yes
> interfaces = eth0 eth1
> directory mask = 02770
> preferred master = yes
> netbios name = whs1
> server string = Fedora Core 4 SAMBA server
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap passwd sync = Yes
> machine password timeout = 604800
> passwd program = /usr/bin/smbpasswd %u
>passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUnix\spassword:* %n\n
> log file = /var/log/samba/%m.log
> debug level = 2
> max log size = 50
> add machine script = /usr/sbin/addmachine.sh "%u"
> logon path =
> logon drive = H:
> logon home =
> domain logons = Yes
> os level = 64
> domain master = No
> dns proxy = no
> admin users = @domain_admins
> wins support = no
> wins server = 172.16.0.13
> wins proxy = yes
> local master = yes
> name resolve order = hosts wins bcast
> ldap suffix = dc=tow,dc=net
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap admin dn = cn=admin,dc=tow,dc=net
> ldap ssl = no
>
> [homes]
> comment = Home Directories
> read only = no
> browseable = no
> writable = yes
> path = %H
> #   valid users = %S
>
> [netlogon]
> root preexec = /accounts/netlogon/prelogon.pl %U
> path = /accounts/netlogon
> comment = Netlogon share
> locking = no
> browseable = yes
> valid users = @whsstaff, @whsstudent, @whs-cafe, navinstall, kent
> read only = yes
> hide files = /.*/*dll/*DLL/*.bat/*.kix/*.rap/*pl/
> write list = @domain_admins
> [staff]
> comment = Staff directory
> path = /accounts/common
> create mode = 0660
> browseable = no
> write list = @whsstaff
> valid users = @whsstaff
> [programs]
> comment = Applications
> path = /accounts/programs
> browseable = no
> create mode = 0660
> write list = @whsstaff
> valid users = @whsstaff
>
> [cafeteria]
> path = /accounts/cafeteria/data
> browseable = no
> valid users = @whs-cafe, dperry
> force group = whs-cafe
> create mode = 0660
> directory mode = 0770
>
> Here is the smb.conf for the PDC:
> [global]
> workgroup = WarehamPS
> encrypt passwords = Yes
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> security = user
> writable = Yes
> interfaces = eth0 eth1
> directory mask = 02770
> preferred master = yes
> local master = Yes
> username map = /etc/samba/smbusers
> netbios name = wms1
> server string = Fedora Core 4 SAMBA Server
> passdb backend = ldapsam:ldap://172.16.0.24
> ldap passwd sync = Yes
> machine password timeout = 604800
> passwd program = /usr/bin/smbpasswd %u
>passwd chat = *Enter\snew\sUNIX\spassword:* %n\n

Re: [Samba] BDC and password change program

2005-08-31 Thread kent
Hello,
How are you doing? I just switched this summer from RedHat 8.0 with compiled
versions of Samba, OpenLDAP and Berkeley DB to Fedora Core 4 with precompiled
Samba, OpenLDAP and BerkeleyDB. Here is the smb.conf from one school that is a
BDC:
[global]
   workgroup = WarehamPS
encrypt passwords = Yes
time offset = 60
time server = Yes
#   log level = 5
socket options = TCP_NODELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = user
username map = /etc/samba/smbusers
logon script = whs1.bat
writable = Yes
interfaces = eth0 eth1
directory mask = 02770
preferred master = yes
netbios name = whs1
server string = Fedora Core 4 SAMBA server
passdb backend = ldapsam:ldap://127.0.0.1
ldap passwd sync = Yes
machine password timeout = 604800
passwd program = /usr/bin/smbpasswd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba/%m.log
debug level = 2
max log size = 50
add machine script = /usr/sbin/addmachine.sh "%u"
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 64
domain master = No
dns proxy = no
admin users = @domain_admins
wins support = no
wins server = 172.16.0.13
wins proxy = yes
local master = yes
name resolve order = hosts wins bcast
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no

[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
path = %H
#   valid users = %S

[netlogon]
root preexec = /accounts/netlogon/prelogon.pl %U
path = /accounts/netlogon
comment = Netlogon share
locking = no
browseable = yes
valid users = @whsstaff, @whsstudent, @whs-cafe, navinstall, kent
read only = yes
hide files = /.*/*dll/*DLL/*.bat/*.kix/*.rap/*pl/
write list = @domain_admins
[staff]
comment = Staff directory
path = /accounts/common
create mode = 0660
browseable = no
write list = @whsstaff
valid users = @whsstaff
[programs]
comment = Applications
path = /accounts/programs
browseable = no
create mode = 0660
write list = @whsstaff
valid users = @whsstaff

[cafeteria]
path = /accounts/cafeteria/data
browseable = no
valid users = @whs-cafe, dperry
force group = whs-cafe
create mode = 0660
directory mode = 0770

Here is the smb.conf for the PDC:
[global]
workgroup = WarehamPS
encrypt passwords = Yes
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = user
writable = Yes
interfaces = eth0 eth1
directory mask = 02770
preferred master = yes
local master = Yes
username map = /etc/samba/smbusers
netbios name = wms1
server string = Fedora Core 4 SAMBA Server
passdb backend = ldapsam:ldap://172.16.0.24
ldap passwd sync = Yes
machine password timeout = 604800
passwd program = /usr/bin/smbpasswd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba/%m.log
debug level = 2
max log size = 30
#   add machine script = /usr/bin/smbpasswd -m %u
add machine script = /usr/sbin/addmachine.sh "%u"
logon script = wms1.bat
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 255
domain master = Yes
dns proxy = Yes
admin users = @domain_admins
wins support = Yes
remote browse sync = 172.16.0.3 172.16.0.19 172.16.0.15 172.16.0.26
172.16.0.20 172.16.80.1
name resolve order = hosts wins bcast
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no

[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
path = %H
hide files = /.*/
[netlogon]
comment = Netlogon share
root preexec = /accounts/netlogon/prelogon.pl %U
path = /accounts/netlogon
valid users = @wmsstaff, @wmsstudent, @domain_users, @wms-cafe,
navinstall
locking = no
browseable = no
read only = yes
write list = @domain_admins
hide files = /*.dll/*.

[Samba] BDC and password change program

2005-08-30 Thread kent
Hello,
Just wondering what I should be using for the password change program on a BDC.
Should it be:
passwd program = /usr/bin/smbpasswd -r  %u

I'm having a problem with passwords not staying in sync between the PDC and BDC
with pass backend ldap.

The systems are all Fedora Core 4, Samba 3.0.14a, openldap 2.2.23

Kent N

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: New maintainer needed for the Linux smb filesystem

2005-08-23 Thread Ian Kent
On Tue, 23 Aug 2005, Gerald (Jerry) Carter wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Ian Kent wrote:
> > On Sun, 21 Aug 2005, Gerald (Jerry) Carter wrote:
> > 
> >>-BEGIN PGP SIGNED MESSAGE-
> >>Hash: SHA1
> >>
> >>Steven French wrote:
> >>|
> >>| We are close, but not quite ready to disable smbfs.
> >>
> >>Steve,
> >>
> >>I have been itching to work on some kernel code.
> >>If you need someone just to keep things afloat,
> >>I'd been happy to look into it.  There would be some
> >>start up time of course.  If you would be willing to
> >>help me navigate the things other than code, it
> >>shouldn't be that big of a deal.
> > 
> > I wouldn't mind helping out here either.  Perhaps a joint 
> > effort Jerry?
> 
> That's fine by me.
> 
> Steve, I'll touch base with on #samba-technical to work out
> what to do first.  I know we have had a lot of reports
> on https://bugzilla.samba.org/ that were originally closed
> as invalid since were weren't supporting the kernel smbfs code
> at that time.

Just spin me round and stop me when I'm pointing in the right direction!

I'll see if I can find anything in the kernel bugzilla.

Ian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: New maintainer needed for the Linux smb filesystem

2005-08-22 Thread Ian Kent
On Sun, 21 Aug 2005, Gerald (Jerry) Carter wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Steven French wrote:
> |
> | We are close, but not quite ready to disable smbfs.
> 
> Steve,
> 
> I have been itching to work on some kernel code.
> If you need someone just to keep things afloat,
> I'd been happy to look into it.  There would be some
> start up time of course.  If you would be willing to
> help me navigate the things other than code, it
> shouldn't be that big of a deal.

I wouldn't mind helping out here either.
Perhaps a joint effort Jerry?

Ian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] samba ignores supplementary groups for acl

2005-07-27 Thread Kent Tong
Hi,

I'm running samba 3.0.14a-3 on Debian sarge (sparc). The filesystem
is ext3 with acl support. winbind works fine. Please see below. 
when I am logged in using ssh, I can list the files in a folder 
(/var/Share) for which the group "staff" has r-x permissions. The 
problem is I can't list the folder through samba:

$ ssh [EMAIL PROTECTED]
Password:
Linux cladms003 2.6.8-2-sparc64 #1 Wed Mar 23 04:23:37 EST 2005 sparc64 
GNU/Linux
Last login: Thu Jul 28 10:13:46 2005 from 172.18.17.237

[EMAIL PROTECTED]:~$ getfacl /var/Share/
getfacl: Removing leading '/' from absolute path names
# file: var/Share
# owner: root
# group: root
user::rwx
group::r-x
group:staff:r-x
mask::r-x
other::---
default:user::rwx
default:group::r-x
default:group:staff:r-x
default:mask::r-x
default:other::---

[EMAIL PROTECTED]:~$ id
uid=1(CYBERLAB+kent) gid=1(CYBERLAB+domain users) groups=50(staff),1
(CYBERLAB+domain users),10001(CYBERLAB+staffs)

[EMAIL PROTECTED]:~$ ls -l /var/Share/
total 24
drwxr-x---+ 16 root root 4096 2005-07-25 18:14 Applications
drwxr-x---+ 11 root root 4096 2005-07-25 21:30 Data
drwxr-x---+ 63 root root 4096 2005-07-26 17:37 Packages

In a DOS prompt on a Windows 2000 client:

C:\>net use f: \\cladms003\Share
command completed successfully

C:\>dir f:
access denied

I believe this problem only happens when used with winbind (a domain
user whose is in a linux group). If I set security to user and access 
the share as linux user "kent" who is in the "staff" group (but not 
primary group), then it will work.

Thanks for any info!


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: wbinfo can't list users

2005-07-27 Thread Kent Tong
Gerald (Jerry) Carter  samba.org> writes:

> You've got Windows 2000 SP4 SR1 installed don't you?
> The only current fix is to either set 'client schannel = no'
> in smb.conf or to just disable schannel connections
> oln the SAMR pipe in nsswitch/winbindd_cm.c.

Hi Jerry,

Thanks a lot! This fix works!


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] wbinfo can't list users

2005-07-26 Thread Kent Tong
Hi,

I'm running debian sarge with kernel 2.6.8-2-sparc64. I'm trying
to use winbind to connect to a Windows 2000 server. I can use
"net rpc join" to join the domain, but "wbinfo -u" returns an 
error. The trusted domains listed doesn't include the domain.
Please see below:

cladms003:~# net rpc join -U Administrator
Password:
Joined domain CYBERLAB.

cladms003:~# wbinfo -u
Error looking up domain users

cladms003:~# wbinfo -g
BUILTIN+system operators
BUILTIN+replicators
BUILTIN+guests
BUILTIN+power users
BUILTIN+print operators
BUILTIN+administrators
BUILTIN+account operators
BUILTIN+backup operators
BUILTIN+users

cladms003:~# wbinfo -m
CLADMS003
BUILTIN

Debug level 3 gives the following info when I try wbinfo after starting
winbindd:

cladms003:~# winbindd -d 3 -i
winbindd version 3.0.14a-Debian started.
Copyright The Samba Team 2000-2004
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Share]"
adding IPC service
adding IPC service
added interface ip=172.18.17.2 bcast=172.18.17.255 nmask=255.255.255.0
added interface ip=172.18.17.2 bcast=172.18.17.255 nmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Added domain CYBERLAB  S-0-0
cm_get_ipc_userpass: No auth-user defined
lsa_io_sec_qos: length c does not match size 8
add_trusted_domain: CYBERLAB is an ADS mixed mode domain
rpc: trusted_domains
cm_get_ipc_userpass: No auth-user defined
Added domain BUILTIN  S-1-5-32
Added domain CLADMS003  S-1-5-21-3711304764-3117404737-3876783093
rpc: trusted_domains
[ 5044]: request interface version
[ 5044]: request location of privileged pipe
[ 5044]: list users
cm_get_ipc_userpass: No auth-user defined

The debug level 5 output shows an error of NT_STATUS_INSUFFICIENT_RESOURCES 
near the end (I can provide the full log on request):

...skipped...
rpc_api_pipe: len left: 0 smbtrans read: 96
rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes
seal No 
00 smb_io_rpc_hdr_auth auth_hdr
 auth_type: 44
0001 auth_level   : 05
0002 padding  : 08
0003 reserved : 00
0004 auth_context : 0001
08 smb_io_rpc_auth_netsec_chk schannel_auth_sign
0008 sig  : 77 00 ff ff ff ff 00 00 
0010 seq_num: 76 68 2a 4b f3 e0 bc ff 
0018 packet_digest: 6c ff 52 eb 48 5c 57 50 
0020 confounder: 00 00 00 00 00 00 00 00 
18 samr_io_r_connect 
0018 data1: 
001c data2: 
0020 data3: 
0022 data4: 
0024 data5: 00 00 00 00 00 00 00 00 
002c status: NT_STATUS_INSUFFICIENT_RESOURCES



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Accounts disabled moving from v 3.00 3.0.14

2005-07-19 Thread kent
Hello,
1. Just having a problem when moving from version 3.0.0 RedHat8 to FDC4 v
3.0.14. I realize there are some attributes new to the schema in 3.0.14 but when
a user attempts to login, a "D" is placed in the account flags. How can I get
around this without having to run smbpasswd -e? I have many users in my LDAP
directory and don't want to enable accounts one at a time.

What entry needs to be in LDAP for Samba so that a user must change password on
first login? Will putting sambaPwdMustChange as a date in the past do this?



Kent N


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Fedora core 2 domain trust account fails

2005-03-01 Thread kent
I haven't read them but I will, thanks.

Kent


Misty Stanley-Jones <[EMAIL PROTECTED]> wrote: 
> On Tuesday 01 March 2005 11:30 am, kent wrote:
> > Hello,
> > Having a problem with trust accounts failing after creation. The following
> > is the system that I'm running Samba on:
> >
> > Fedora Core 2
> > (compiled from source)
> > Samba 3.0.11
> > OpenLDAP 2.2.23
> > BerkeleyDB 4.3.27
> 
> If you read the release notes for 3.0.12pre1 you will see there is a bug with 
> interdomain trusts in 3.0.11.  Nobody ever told me that even though I have 
> asked repeated on the mailing list.  I wlll save you the time I wasted and 
> let you know.
> 
> Misty
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Fedora core 2 domain trust account fails

2005-03-01 Thread kent
Hello,
Having a problem with trust accounts failing after creation. The following is
the system that I'm running Samba on:

Fedora Core 2
(compiled from source)
Samba 3.0.11
OpenLDAP 2.2.23
BerkeleyDB 4.3.27

Windows 2000 client machine

I have a script to add machine trust accounts to LDAP. The first part adds a
posix Account and attributes to LDAP, the second uses smbpasswd to add the Samba
account and attributes. I use PAM to point to the LDAP directory for user, group
info and authentication.

This method has worked on Samba 3.0.0 with ldap 2.1.30 backend systems fine.

I add the account using root, the account is created in LDAP, and I get a
"Welcome to blah blah domain" message. After I reboot and attempt to login, I
get a trust account failure error message. I compared the sid for the domain and
the machine account and they are identical. The only password that is created is
sambaNTPassword. The following are attributes that are found in LDAP after
account creation:

[EMAIL PROTECTED] root]# ldapsearch -xv -b "ou=computers,dc=tow,dc=net"
uid=wms-0106$ldap_initialize(  )
filter: uid=wms-0106$
requesting: ALL
# extended LDIF
#
# LDAPv3
# base  with scope sub
# filter: uid=wms-0106$
# requesting: ALL
#
 

# wms-0106$, Computers, tow.net
dn: uid=wms-0106$,ou=Computers,dc=tow,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
uid: wms-0106$
cn: wms-0106$
sn: wms-0106$
uidNumber: 8049
gidNumber: 502
homeDirectory: /dev/null
description: Computer
loginShell: /bin/false
sambaSID: S-1-5-21-1129281578-1295143107-3311307472-17098
sambaPrimaryGroupSID: S-1-5-21-1129281578-1295143107-3311307472-515
displayName: wms-0106$
sambaPwdCanChange: 1109349002
sambaPwdMustChange: 2147483647
sambaNTPassword: 6B92BAAA9FAD3E498BF4665F0B42BF95
sambaPwdLastSet: 1109349002
sambaAcctFlags: [W  ]
 
# search result
search: 2
result: 0 Success

Any suggestions?


Kent L. Nasveschuk
Wareham Public Schools

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] sambaPwdMustChange

2005-01-18 Thread kent
Another time converter is a perl script amtime.pl that can be used in
shell scripts to convert back and forth between seconds and human readable
time.

http://www.unixreview.com/documents/s=1344/ur0307g/ur0307g_script.htm


Kent N

> Patrick,
>
> This number is a timestamp. To figure out what day it means paste it in
> this
> url
> http://www.4webhelp.net/us/timestamp.php?action=stamp&stamp=&timezone=0
>
> To set an account to never expire it´s password you have to set
> sambaacctflags to [UX]
>
> Regards,
>
> Gustavo
>
>
> - Original Message -
> From: "Patrick DUBAU" <[EMAIL PROTECTED]>
> To: 
> Sent: Monday, January 17, 2005 1:14 PM
> Subject: [Samba] sambaPwdMustChange
>
>
>> Hi,
>>
>> i have samba 3.0.10 installed with LDAP.
>> I noticed few days ago that my adminsitrator account has expired. I
>> think
>> it's because of the sambaPwdMustChange field of LDAP. I changed the
>> passwd
>> now i have the value 1108741705 in it. What does it mean (when will i be
>> prompted again to change my passwd) and do i have to put in this field
>> so
>> that the password will never expire ?
>>
>> Thanks for any help
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Cannot enable "Enable advanced printing features"

2004-09-28 Thread Kent B. Hansen
Hi,

Well, I'm no expert - but if I connect the Windows clients directly to the
CUPS-backend of the Samba-server, there's no problem enabling the "advanced
features" and using them...

Samba should just pass the binary print-dump-file from the Windows clients
on to CUPS - I can se no reason why Samba needs to execute anything?

The same clients, the same server, the same configuration - if works if I
points the clients towards cups (http://192.168.0.10:631/printers/myprinter)
but not if I use Samba (\\192.168.0.10\myprinter). It must be Samba that
explicit disallows the use of the "Enable advanced printing features", which
I cannot see why, since it works thru cups on the same server...

Regards,
Kent B. Hansen

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Manuel
Capinha

Hey.

I've just been bitten by the same problem recently.
What happens is that when you click on the "Enable advanced printer
features" option on windows, what it does is enable EMF support.
EMF works by letting the printer driver embbed some printer commands
that will be executed by the print server. For this to work, the print
server must be running on Windows, since cups+samba don't do EMF (and
from what i've gathered this will _never_ work).

I'm currently investigating if there's some other way to achieve the
n-pages-to-1 print option under the cups+samba combo... this will have
to go through some sort of filter on the cups backend but all of this
is still a sketch in my head..

Hope this helps.


On Tue, 28 Sep 2004 11:22:20 +0200, Pierre Dinh-van
<[EMAIL PROTECTED]> wrote:
> Le mardi 28 Septembre 2004 11:15, Kent B. Hansen a écrit :
> > Hi all.
>
> Hi
>
> > I'm trying to use Samba to replace an old Windows print server, and
> > everything works just like a charm - almost...
> >
> > There's one thing, which prevents my organization from accepting this
new
> > printerserver, and that is that I'm unable to activate and save the
"Enable
> > advanced printing features" setting for the printers - this is used to
> > allow for printing multiple pages onto one page etc. Samba doesn't give
any
> > errors, the settings is just cleared the next time I open the
> > preferences...
>
> I have the same problem with a Xerox DocuColor 1632. When the driver is
> downloaded by the client from the print$ share, I can't activate the
finition
> module of the printer.
> If I install the printer driver locally "by hand", it works...
> I'm still looking for a solution...
>
> > I'm using cups for the backend, and all printers are configured as raw
> > queues. The click'n'print feature are working nicely, and I can change
and
> > save all other settings beside this crusual "advanced features" setting
(so
> > it doesn't seem like a persission problem).
>
> Same configuration...
>
> I hope someone can help us :-)
>
> Pierre Dinh-van
>
> --
> --- Racisme ---
> Le casse-tête de Toubon :  comment pondre une loi anti-raciste qui
> n'envoie pas Debré en prison ?
> +-- Brèves Charlie Hebdo n°223 (25/09/96) --+
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Cannot enable "Enable advanced printing features"

2004-09-28 Thread Kent B. Hansen
Hi all.

I'm trying to use Samba to replace an old Windows print server, and
everything works just like a charm - almost...

There's one thing, which prevents my organization from accepting this new
printerserver, and that is that I'm unable to activate and save the "Enable
advanced printing features" setting for the printers - this is used to allow
for printing multiple pages onto one page etc. Samba doesn't give any
errors, the settings is just cleared the next time I open the preferences...
:-(

I'm using cups for the backend, and all printers are configured as raw
queues. The click'n'print feature are working nicely, and I can change and
save all other settings beside this crusual "advanced features" setting (so
it doesn't seem like a persission problem).

My collegues are killing me, and want to reinstall Windows - so please help
me out, if you can! ;)

Regards,
Kent B. Hansen

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] login scripts do not run

2004-09-24 Thread kent
Mayebe I should have explained more of what is encrypted. Below is an example  
of what is encrypted:  
  
  
5B1CC95BAF6B10DD09D42ADE1A14D8D27134E31B1FBD6BDBB90993FC9D284C730E53ABC70C7ACC4C661CE4BD6E00F8C372A3B9A2A18C142AE0D1CB23B8870C772045D1FDA1D3B13729D75B66D97FB1360B1599735F2E2FBA2B3723C10F2A81A79BD4D7B89AF2684B8D245597F89D71962786FFE9069D1D93CD8EC895C1084440D7ADE53C9A4584A0DCCDAAB86433934767E9D72A3E48ABF02B870C9BB1A657114FE340972054C578602DB4A032ED0FFFD1B83149FDBBB73A34941D13626B84DA
 
  
That contains the username, password, path to command to run, domain, and an  
option for a directory to start in.  
  
It is used like this: rurasp.exe somefile.rap where the contents of 
somefile.rap is the string of characters above.  
 
Does that help? 
 
Denis Vlasenko <[EMAIL PROTECTED]> wrote:   
> On Thursday 23 September 2004 20:18, kent wrote:  
> > Hello,  
> > We have been successfully using RUNASP.exe  
> > (http://www.mast-computer.com/c_9-s_7-l_en.html). You have to pay for  
licensing  
> > however. We use it for everything, running programs, udate Norton AV.  
Password  
> > is encrypted. Is very simple to use.  
>   
> If this script is runnable by the user then user can see that  
> encrypted password and use it to launch some malicious code  
> instead using this tool with admin rights.  
>   
> Correct me if im wrong.  
> --  
> vda  
>   
>   
  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Upgrade Novell 4.11 to Samba 3.0.7 wisdom needed

2004-09-22 Thread kent
Hello, 
I ran into this problem in the past but have since resolved group issues. 
First of all I am currently using: 
RedHat 8.0 
OpenLDAP 2.1.30 
Berkeley DB 4.2.52 LDAP backend 
Samba 3.0.0 
(1) PDC (5) BDC many, (1) master OpenLDAP (6) slave OpenLDAP 
These reside in different buildings around town. 
 
All groups and users exist in the LDAP directory, there are only a few local 
user accounts. I used authconfig to move authentication to LDAP where each 
server has a copy of the directory. You should also add a line to system-auth: 
account sufficient/lib/security/pam_localuser.so 
 
This allows logon to a local account in the event LDAP is down. 
 
In smb.conf in the netlogon share I have: 
 
[netlogon] 
comment = Netlogon share 
root preexec = /usr/local/samba/netlogon/prelogon.pl %U 
path = /usr/local/samba/netlogon 
locking = no 
browseable = no 
read only = yes 
hide files = /*.dll/*.rap/*.kix/*.bat/*.pl/ 
 
The prelogon.pl creates individual batch files for the user based on group 
membership. Here is some of prelogon.pl: 
 
#!/usr/bin/perl 
$user = $ARGV[0]; 
$groups = `/usr/bin/groups $user`; 
chomp $groups; 
open (LOGON,">/usr/local/samba/netlogon/$user.bat"); 
# 
# Cafeteria maps 
# 
if ($groups =~ m/whs-cafe/ ) { 
print LOGON "net use q: whs1\\cafeteria /yes\r\n"; 
} 
f ($groups =~ m/whsstaff/ ) { 
print LOGON "net use s: whs1\\staff /yes\r\n"; 
print LOGON "net use p: whs1\\common /yes\r\n"; 
} 
close (LOGON); 
 
The first part of the logon process calls either an assigned script that is in 
LDAP or the default that is in smb.conf. Here is the default whs1.bat: 
 
net time \\whs1 /set /y 
rem \\whs1\pca\PCAnalyser.exe /ignore all 
NNN0XX1PNN535495%apppath%\netdiscover\%computername%.pca 
net use H: /HOME /yes 
net use x: \\whs1\netlogon 
net use p: \\whs1\programs 
x: 
x:\wkix32.exe whs1.kix 
 
This calls a kixtart script processor script whs1.kix that does stuff based on 
OS: 
 
CLS 
x: 
CD \ 
If @PRODUCTTYPE = "Windows 95" 
Shell "w9x.bat" 
Shell "@USERID.bat" 
EndIf 
If @PRODUCTTYPE = "Windows 98" 
Shell "w9x.bat" 
Shell "@USERID.bat" 
EndIf 
If @PRODUCTTYPE = "Windows 2000 Professional" 
Shell "@USERID.bat" 
Shell "\\whs1\netlogon\runasp.exe whs1xp.rap" 
EndIf 
If @PRODUCTTYPE = "Windows XP Home Edition" 
Shell "@USERID.bat" 
Shell "\\whs1\netlogon\runasp.exe whs1xp.rap" 
EndIf 
If @PRODUCTTYPE = "Windows XP Professional" 
Shell "@USERID.bat" 
Shell "\\whs1\netlogon\runasp.exe whs1xp.rap" 
EndIf 
EXIT 
 
The USERID.bat was the batch file created by prelogon.pl. The additional batch 
file and runasp.exe are used to update virus definitions. 
 
Since everything is located in the netlogon directory I sync these at night 
with rsync. If a person from one building logons into the system in another 
building they get the correct drive mappings based on group membership. Their 
logon script exists in LDAP and group membership used by prelogon.pl comes 
from LDAP which is common to all servers. 
 
Hope this helps.  
 
 
Kent N 
 
[EMAIL PROTECTED] wrote:  
> On 21 Sep 2004 , Misty Stanley-Jones entreated about 
>  "[Samba] Upgrade Novell 4.11 to Samba 3.0.7 wisdom": 
>  
> } Has anybody done such a thing as this?  I'm looking to make this 
> } transition as smooth as possible.  I have the new fileserver up and 
>  
> I'm busy replacing a Netware 3.12 box with FreeBSD 5.2.1 and  
> Samba 3.0.7 
>  
> } running, and I'm using rsync to keep the Novell data current on the 
>  
> 3.12 won't do fancy stuff like that, and when I tried to use  
> mount_nwfs I rather successfully locked up the BSD box completely.   
> through several tries with different configs.  so I'll be  
> transferring data via a PC with mappings to both systems... 
>  
> } Samba server.  Any words of advice on transferring the users and groups 
> } and permissions over to the new server in the least painful way 
> } possible?  I have some idea that Novell uses LDAP so that I should be 
>  
> My system needs a makeover so I'm not transferring so much as re- 
> engineering, so can't help you much.   I'm creating new groups to  
> mirror some of the existing Novell groups, dropping some, and adding  
> others.  My big hurdle at the moment is figuring a way round the  
> sheer versatility I had on the Novell box 
> ie, have a volume named 'graf' 
> a folder on that is assigned to software pacakge X users 
> another folder is assigned to software package Y users 
> drive mappings to the relevant folder are done via group membership. 

Re: [Samba] Upgrade Novell 4.11 to Samba 3.0.7 wisdom needed

2004-09-21 Thread kent
Hello,
I didn't think that Novell 4.11 used LDAP but could be wrong. Later versions use
LDAP with their schema extensions. I went from Novell 5.1 to Samba 3.0.0. I
moved users a little at a time removing the Novell client from client machines
and reconfiguring networking. Since I am with a school system the HS students
are dumped at the end of the year and accounts recreated in the fall. It was a
difficult process but I feel worth it.

Kent N


Misty Stanley-Jones <[EMAIL PROTECTED]> wrote: 
> Has anybody done such a thing as this?  I'm looking to make this transition as

> smooth as possible.  I have the new fileserver up and running, and I'm using 
> rsync to keep the Novell data current on the Samba server.  Any words of 
> advice on transferring the users and groups and permissions over to the new 
> server in the least painful way possible?  I have some idea that Novell uses 
> LDAP so that I should be able do it somehow.  I don't want to screw this 
> upgrade up, and any help would be appreciated.  I am hoping someone has 
> already done it before and has written a Howto or something about it.
> 
> Thanks,
> Misty
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Reset machine trust account passwords

2004-08-31 Thread kent
Can I use rpcclient to reset workstation trust account passwords or how
can I reset trust account passwords without rejoining them to the domain?

Kent N

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Samba+LDAP - so close yet so far:) ...STILL NOTSOLVED

2004-07-23 Thread kent
Yes, running RH 8, samba 3.0.0, openldap 2.1.30, Berkeley DB 4.2.52. Seems
to work fine.

ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net

Kent N

> Hi,
>
>ldap admin dn = cn=root,dc=juwimm,dc=local
>ldap suffix = ou=juwidc01,dc=juwimm,dc=local
>ldap user suffix = ou=users
>ldap group suffix = ou=groups
>ldap machine suffix = ou=machines
>
> Works well with samba 3.0.2a on a suse 9.0 machine
>
>> Is there anyone succes with place Users and Computers in
>> different ou's ?
>>
>> regards
>> reza
>
>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba upgrade

2004-07-22 Thread kent
I noticed v 3.05 came out with some security fixes. I'm still using v
3.0.0 and it seems to work just fine. I've never done an upgrade on Samba
which I'd like to do by the end of the summer. I've already upgraded the
backend support, OpenLDAP and Berkeley DB.

What do I need to backup before compiling and installing a new version
besides smb.conf? All my accounts are in LDAP.

Kent N

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] posixAccount for Machines in LDAP?

2004-07-14 Thread kent
John,
I have everything running finally. Of course this is always in a state of
evolution as I'm sure you know. I posted a question about objectclasses
that are required to make machine accounts available if they reside
entirely in the LDAP directory. The perl scripts from IDEALX, seem to
include inetOrgPerson as an objectclass when using smbldap-useradd.pl for
machine accounts. I wanted to know if inetOrgPerson is necessary and if I
could adjust the perl scripts to include just:

sambaSAMAccount
posixAccount

Everything in /etc/passwd has been migrated to LDAP with exception of
system accounts (root,sys,nobody,etc), thanks to PAM_LDAP and NSS_LDAP.

I have to say that this is marvelous software. You guys do an excellent
job revising, advising and the support list server is without a doubt the
best tech support money can't buy.

Thanks for you help.

Kent N
Wareham Public Schools

> Kent,
>
> You may find value from reading chapter 6 of the book "Samba-3 by Example"
> that is available from Amazon.Com. This book is also available
> electronically
> from http://www.samba.org/samba/docs/Samba-Guide.pdf. The advantage of the
> book is that it comes with a CDROM that has all the example config files
> that
> might help you get this resolved faster.
>
> In any case, if the examples and documentation in this book do NOT solve
> your
> problem please let me know so I can update it.
>
> Cheers,
> John T.
>
> On Wednesday 14 July 2004 07:25, [EMAIL PROTECTED] wrote:
>> Hi Paul,
>> I'm getting a user not found after I made the changes. That's what I
>> used
>> to get when I didn't add the machine account to /etc/passwd first.
>>
>> The good news is that I removed a machine account from /etc/passwd and
>> added it to LDAP to the existing account that was created with smbpasswd
>> (added posixAccount and attributes). This worked fine. All of the
>> posixAccount  information need only be in LDAP. I will migrate my
>> existing
>> machine account info from /etc/passwd to their respective accounts in
>> LDAP. Just seems that smbldap_useradd.pl is not able to add the account
>> information to LDAP on the fly.
>>
>> Just curious, do you have a working system that does just that, where if
>> you add a machine by joining it to the domain, smbldap_useradd.pl
>> creates
>> the posixAccount and sambaSAMAccount in LDAP?
>>
>> I'll continue to tinker with it. If you have any other suggestions, let
>> me
>> know. I'm very close.
>>
>> > Changes below:
>> >
>> > [EMAIL PROTECTED] wrote:
>> >>Thanks for getting back to me, Paul.
>> >>Here's the domain controllers smb.conf
>> >>
>> >>
>> >>[global]
>> >>workgroup = WarehamPS
>> >>   encrypt passwords = Yes
>> >>   time server = Yes
>> >>   socket options = TCP_NODELAY
>> >>   security = user
>> >>   logon script = whs1.bat
>> >>   writable = Yes
>> >>   dns proxy = no
>> >>   directory mask = 02770
>> >>   preferred master = yes
>> >>netbios name = WHS1
>> >>server string = RedHat 8.0 LDAP Server
>> >>passdb backend = ldapsam
>> >>ldap passwd sync = Yes
>> >>   machine password timeout = 604800
>> >>passwd program = /usr/local/samba/bin/smbpasswd %u
>> >>   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
>> >>*Retype\snew\sUnix\spassword:* %n\n
>> >>log file = /var/log/samba.%m
>> >>debug level = 2
>> >>max log size = 50
>> >>add user script = /usr/local/sbin/smbldap-useradd.pl %u
>> >>delete user script = /usr/local/sbin/smbldap-useradd.pl %u
>> >>add group script = /usr/local/sbin/smbldap-groupadd.pl
>> >>delete group script = /usr/local/sbin/smbldap-groupdel.pl
>> >>add machine script = /usr/sbin/useradd -c "Computer" -d
>> /dev/null
>> >>-s /bin/false -g 502 -M %u; /usr/local/samba/bin/smbpasswd -a -m
>> >>%u
>> >
>> > Change these scripts to be liks so:
>> >
>> > add user script = /usr/sbin/smbldap-useradd -a -m "%u"
>> > delete user script = /usr/sbin/smbldap-userdel "%u"
>> > add group script = /usr/sbin/smbldap-groupadd "%g"
>> > delete group script = /usr/sbin/smbldap-groupdel "%g"
>> > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>>

[Samba] objectclasses required for Samba 3

2004-07-14 Thread kent
Hello,
I'm using smbldap-useradd.pl from IDEALX to add machine accounts to the
LDAP directory for Samba. Works good, have a question though. The
objectclasses generated by add machine script are:

posixAccount
sambaSAMAccount
inetOrgPerson

inetOrgPerson seems as though it is not needed. Am I right? Suggestions on
removing from the smbldap-useradd.pl??

smbpasswd by itself will generate:
sambaSAMAccount
account

Currently all, users for Samba and Posix are located in the LDAP
directory. I don't want to add unnecessary objectclasses to an entry that
are never going to be used.

Kent N
Wareham Public Schools

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Fwd: Re: [Samba] posixAccount for Machines in LDAP?]

2004-07-14 Thread kent
 Original Message 
Subject: Re: [Samba] posixAccount for Machines in LDAP?
From:[EMAIL PROTECTED]
Date:Wed, July 14, 2004 12:19 pm
To:  "Paul Gienger" <[EMAIL PROTECTED]>
--

Hi Paul,
Finally got it to work. This is great!! I had 2 problems. First the script
paths were wrong, second neither the smbldap_conf.pm nor
smbldap-useradd.pl would pass perl -c syntax check. I should have checked
that first. I was tinkering with the perl scripts because I don't use
profiles and wanted to delete these from being created.

One more thing to do is to get the smb.conf and perl scripts straightened
out on the BDCs so everything is the same.

Thank you for your support!

Kent N

> [EMAIL PROTECTED] wrote:
>
>>Hi Paul,
>>I'm getting a user not found after I made the changes. That's what I
used to get when I didn't add the machine account to /etc/passwd first.
>>
>>
> Ok, so now the question is this, when you try to join, are you giving it
the root user or root equivilent (uid=0) account?  Is it making the
posix account but not modifying it with sambaSAM information?  You are
sure that everything is using ou=People (or whatever users container
you're using)?

I use the root account. When I started this quest I tried to get a root
equivalent account to work and couldn't. I may revisit this now that I've
overcome other obstacles.

I tried keeping the users separate from the computers in smb.conf. This
seems to work. It may have been a bug but seems to work for me. ??
Machines go under ou=Computers,dc=tow.net and users under
ou=users,dc=tow,net.

>
>>Just curious, do you have a working system that does just that, where if
you add a machine by joining it to the domain, smbldap_useradd.pl
creates the posixAccount and sambaSAMAccount in LDAP?
>>
>>
> I *did* when I was migration testing for samba3 but now my test box has
been scrapped for a Sun trade in. I need to rebuild it before I go live
with S3 (still on 2.2.8 here sadly) so I'll be building entirely from
scratch again, hopefully this week if other projects get taken care of.
I've done a pile of testing in my setup to get it to work with our
remote LDAP master and local and/or distributed DC boxes.  There were
some timing issues there if replication didn't happen quick enough, a
real PITA.
>
>>I'll continue to tinker with it. If you have any other suggestions, let
>> me
>>know. I'm very close.
>>
>>
>>
>>>Changes below:
>>>
>>>[EMAIL PROTECTED] wrote:
>>>
>>>
>>>
>>>>Thanks for getting back to me, Paul.
>>>>Here's the domain controllers smb.conf
>>>>
>>>>
>>>>[global]
>>>>   workgroup = WarehamPS
>>>>encrypt passwords = Yes
>>>>time server = Yes
>>>>socket options = TCP_NODELAY
>>>>security = user
>>>>logon script = whs1.bat
>>>>writable = Yes
>>>>dns proxy = no
>>>>directory mask = 02770
>>>>preferred master = yes
>>>>   netbios name = WHS1
>>>>   server string = RedHat 8.0 LDAP Server
>>>>   passdb backend = ldapsam
>>>>   ldap passwd sync = Yes
>>>>machine password timeout = 604800
>>>>   passwd program = /usr/local/samba/bin/smbpasswd %u
>>>>  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
>>>>*Retype\snew\sUnix\spassword:* %n\n
>>>>   log file = /var/log/samba.%m
>>>>   debug level = 2
>>>>   max log size = 50
>>>>   add user script = /usr/local/sbin/smbldap-useradd.pl %u delete
user script = /usr/local/sbin/smbldap-useradd.pl %u add group
script = /usr/local/sbin/smbldap-groupadd.pl
>>>>   delete group script = /usr/local/sbin/smbldap-groupdel.pl add
machine script = /usr/sbin/useradd -c "Computer" -d
>>>> /dev/null
>>>>-s /bin/false -g 502 -M %u; /usr/local/samba/bin/smbpasswd -a -m %u
>>>>
>>>>
>>>>
>>>>
>>>Change these scripts to be liks so:
>>>
>>>add user script = /usr/sbin/smbldap-useradd -a -m "%u"
>>>delete user script = /usr/sbin/smbldap-userdel "%u"
>>>add group script = /usr/sbin/smbldap-groupadd "%g"
>>>delete group script = /usr/sbin/smbldap-groupdel "%g"
>>>add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/s

Re: [Samba] posixAccount for Machines in LDAP?

2004-07-14 Thread kent
Hi Paul,
I'm getting a user not found after I made the changes. That's what I used
to get when I didn't add the machine account to /etc/passwd first.

The good news is that I removed a machine account from /etc/passwd and
added it to LDAP to the existing account that was created with smbpasswd
(added posixAccount and attributes). This worked fine. All of the
posixAccount  information need only be in LDAP. I will migrate my existing
machine account info from /etc/passwd to their respective accounts in
LDAP. Just seems that smbldap_useradd.pl is not able to add the account
information to LDAP on the fly.

Just curious, do you have a working system that does just that, where if
you add a machine by joining it to the domain, smbldap_useradd.pl creates
the posixAccount and sambaSAMAccount in LDAP?

I'll continue to tinker with it. If you have any other suggestions, let me
know. I'm very close.

> Changes below:
>
> [EMAIL PROTECTED] wrote:
>
>>Thanks for getting back to me, Paul.
>>Here's the domain controllers smb.conf
>>
>>
>>[global]
>>workgroup = WarehamPS
>>  encrypt passwords = Yes
>>  time server = Yes
>>  socket options = TCP_NODELAY
>>  security = user
>>  logon script = whs1.bat
>>  writable = Yes
>>  dns proxy = no
>>  directory mask = 02770
>>  preferred master = yes
>>netbios name = WHS1
>>server string = RedHat 8.0 LDAP Server
>>passdb backend = ldapsam
>>ldap passwd sync = Yes
>>  machine password timeout = 604800
>>passwd program = /usr/local/samba/bin/smbpasswd %u
>>   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
>>*Retype\snew\sUnix\spassword:* %n\n
>>log file = /var/log/samba.%m
>>debug level = 2
>>max log size = 50
>>add user script = /usr/local/sbin/smbldap-useradd.pl %u
>>delete user script = /usr/local/sbin/smbldap-useradd.pl %u
>>add group script = /usr/local/sbin/smbldap-groupadd.pl
>>delete group script = /usr/local/sbin/smbldap-groupdel.pl
>>add machine script = /usr/sbin/useradd -c "Computer" -d /dev/null
>>-s /bin/false -g 502 -M %u; /usr/local/samba/bin/smbpasswd -a -m
>>%u
>>
>>
> Change these scripts to be liks so:
>
> add user script = /usr/sbin/smbldap-useradd -a -m "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add group script = /usr/sbin/smbldap-groupadd "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>
> make sure the paths line up of course.  The quotes are important in case
> you get spaces in the parameters.
>
>>logon script = whs1.bat
>>  logon path =
>>logon drive = H:
>>  logon home =
>>domain logons = Yes
>>os level = 64
>>domain master = Yes
>>dns proxy = Yes
>>  admin users = @domain_admins
>>  wins support = Yes
>>  name resolve order = wins hosts bcast
>>ldap suffix = dc=tow,dc=net
>>ldap machine suffix = ou=Computers
>>
>>
> Make ldap machine suffix match ldap user suffix.  Known bug.
>
>>ldap user suffix = ou=Users
>>ldap group suffix = ou=Groups
>>ldap admin dn = cn=admin,dc=tow,dc=net
>>ldap ssl = no
>>
>>
> 
>
> Of course, make sure your smbldap config file matches the above LDAP dn
> information for users, computers.  Check back after trying it out.
>
> Paul
>
>>Kent
>>Wareham Public Schools
>>
>>
>>
>>>[EMAIL PROTECTED] wrote:
>>>
>>>
>>>
>>>>Hello,
>>>>I have a question about machine accounts.
>>>>I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on
>>>>RedHat machines.
>>>>I also have 3 slave/BDC's and 1 master/PDC
>>>>
>>>>Right now all of my users and groups exist entirely in the LDAP
>>>>directory.
>>>>I have a few accounts in addition to the normal system accounts that
>>>> are
>>>>used for emergency access. All authention and group enumeration uses
>>>>PAM_LDAP with NSS_LDAP.
>>>>
>>>

Re: [Samba] posixAccount for Machines in LDAP?

2004-07-13 Thread kent
Thanks, I'll give this a try tomorrow and let you know how things go. I
really appreciate your help. This is the last major hurdle that I can see.

Kent N

> Changes below:
>
> [EMAIL PROTECTED] wrote:
>
>>Thanks for getting back to me, Paul.
>>Here's the domain controllers smb.conf
>>
>>
>>[global]
>>workgroup = WarehamPS
>>  encrypt passwords = Yes
>>  time server = Yes
>>  socket options = TCP_NODELAY
>>  security = user
>>  logon script = whs1.bat
>>  writable = Yes
>>  dns proxy = no
>>  directory mask = 02770
>>  preferred master = yes
>>netbios name = WHS1
>>server string = RedHat 8.0 LDAP Server
>>passdb backend = ldapsam
>>ldap passwd sync = Yes
>>  machine password timeout = 604800
>>passwd program = /usr/local/samba/bin/smbpasswd %u
>>   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
>>*Retype\snew\sUnix\spassword:* %n\n
>>log file = /var/log/samba.%m
>>debug level = 2
>>max log size = 50
>>add user script = /usr/local/sbin/smbldap-useradd.pl %u
>>delete user script = /usr/local/sbin/smbldap-useradd.pl %u
>>add group script = /usr/local/sbin/smbldap-groupadd.pl
>>delete group script = /usr/local/sbin/smbldap-groupdel.pl
>>add machine script = /usr/sbin/useradd -c "Computer" -d /dev/null
>>-s /bin/false -g 502 -M %u; /usr/local/samba/bin/smbpasswd -a -m
>>%u
>>
>>
> Change these scripts to be liks so:
>
> add user script = /usr/sbin/smbldap-useradd -a -m "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add group script = /usr/sbin/smbldap-groupadd "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>
> make sure the paths line up of course.  The quotes are important in case
> you get spaces in the parameters.
>
>>logon script = whs1.bat
>>  logon path =
>>logon drive = H:
>>  logon home =
>>domain logons = Yes
>>os level = 64
>>domain master = Yes
>>dns proxy = Yes
>>  admin users = @domain_admins
>>  wins support = Yes
>>  name resolve order = wins hosts bcast
>>ldap suffix = dc=tow,dc=net
>>ldap machine suffix = ou=Computers
>>
>>
> Make ldap machine suffix match ldap user suffix.  Known bug.
>
>>ldap user suffix = ou=Users
>>ldap group suffix = ou=Groups
>>ldap admin dn = cn=admin,dc=tow,dc=net
>>ldap ssl = no
>>
>>
> 
>
> Of course, make sure your smbldap config file matches the above LDAP dn
> information for users, computers.  Check back after trying it out.
>
> Paul
>
>>Kent
>>Wareham Public Schools
>>
>>
>>
>>>[EMAIL PROTECTED] wrote:
>>>
>>>
>>>
>>>>Hello,
>>>>I have a question about machine accounts.
>>>>I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on
>>>>RedHat machines.
>>>>I also have 3 slave/BDC's and 1 master/PDC
>>>>
>>>>Right now all of my users and groups exist entirely in the LDAP
>>>>directory.
>>>>I have a few accounts in addition to the normal system accounts that
>>>> are
>>>>used for emergency access. All authention and group enumeration uses
>>>>PAM_LDAP with NSS_LDAP.
>>>>
>>>>My question is that when I have a machine join the domain, in the LDAP
>>>>directory an objectclass Account and sambaSAMAccount are created. I
>>>> still
>>>>need to create a machine account in /etc/passwd for this to happen. Is
>>>>there anyone out there that is first creating a posixAccount with
>>>>appropriate attributes in LDAP then using the Samba/Windows to generate
>>>>the sambaSAMAccount object and attributes in LDAP also?
>>>>
>>>>
>>>>
>>>>
>>>You shouldn't need anything in /etc/passwd.  Perhaps by posting an
>>>smb.conf you could be pointed in the right direction.
>>>
>>>
>>>

[Fwd: Re: [Samba] posixAccount for Machines in LDAP?]

2004-07-13 Thread kent
 Original Message 
Subject: Re: [Samba] posixAccount for Machines in LDAP?
From:[EMAIL PROTECTED]
Date:Tue, July 13, 2004 4:54 pm
To:  "Paul Gienger" <[EMAIL PROTECTED]>
--

Thanks for getting back to me, Paul.
Here's the domain controllers smb.conf


[global]
workgroup = WarehamPS
encrypt passwords = Yes
time server = Yes
socket options = TCP_NODELAY
security = user
logon script = whs1.bat
writable = Yes
dns proxy = no
directory mask = 02770
preferred master = yes
netbios name = WHS1
server string = RedHat 8.0 LDAP Server
passdb backend = ldapsam
ldap passwd sync = Yes
machine password timeout = 604800
passwd program = /usr/local/samba/bin/smbpasswd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba.%m
debug level = 2
max log size = 50
add user script = /usr/local/sbin/smbldap-useradd.pl %u
delete user script = /usr/local/sbin/smbldap-useradd.pl %u add
group script = /usr/local/sbin/smbldap-groupadd.pl
delete group script = /usr/local/sbin/smbldap-groupdel.pl
add machine script = /usr/sbin/useradd -c "Computer" -d /dev/null
-s /bin/false -g 502 -M %u; /usr/local/samba/bin/smbpasswd -a -m
%u
logon script = whs1.bat
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 64
domain master = Yes
dns proxy = Yes
admin users = @domain_admins
wins support = Yes
name resolve order = wins hosts bcast
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no

[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
path = %H
hide files = /.*/

[netlogon]
comment = Netlogon share
root preexec = /usr/local/samba/sbin/prelogon.pl %U
path = /usr/local/samba/netlogon
locking = no
browseable = no
read only = yes
hide files = /*.dll/*.rap/*.kix/*.bat/

[staff]
comment = Staff Directory
path = /accounts/common
browseable = no
create mode = 0660
valid users = @whsstaff
write list = @whsstaff
force group = whsstaff

[programs]
comment = Programs
path = /accounts/programs
valid users = @whsstaff
browseable = no

[adm-pgms$]
comment = Admin Programs
path = /accounts/adm_pgms
browseable = no
valid users = @techstaff
write list = @techstaff
force group = techstaff
create mode = 0660

[images$]
comment = Ghost image files
path = /accounts/images
browseable = no
force group = techstaff
create mode = 0660
valid users = @techstaff
write list = @techstaff

[cafeteria]
path = /accounts/cafeteria/data
browseable = no
valid users = @whs-cafe
force group = whs-cafe
create mode = 0660
directory mode = 0770

[printers]
comment = All Printers
path = /var/spool/samba
valid users = @whsstaff, @techstaff
read only = Yes
printable = Yes
browseable = No
[hp8100]
path = /tmp
comment = HP8100 Laser
browseable = yes
writable = no
printable = yes
printer name = hp8100
[tricker]
path = /accounts/whsart/tricker
comment = WHS Art students
browseable = No
valid users = +tricker
write list = +tricker
force group = tricker
create mode = 0660
directory mode = 0770
[gunnels]
path = /accounts/whsart/gunnels
comment = WHS Art students
browseable = No
valid users = +gunnels
write list = +gunnels
force group = gunnels
create mode = 0660
directory mode = 0770
[einstein]
path = /accounts/whsart/einstein
comment = WHS Art students
browseable = No
valid users = +einstein
write list = +einstein
force group = einstein
create mode = 0660

[PCA]
comment = PC Analyzer files
path = /usr/local/samba/PCAnalyser
browseable = no
force group = techstaff
directory mode = 0770
    create mode = 0770

Kent
Wareham Public Schools

> [EMAIL PROTECTED] wrote:
>
>>Hello,
>>I have a question about machine accounts.
>>I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on
RedHat

[Samba] posixAccount for Machines in LDAP?

2004-07-13 Thread kent
Hello,
I have a question about machine accounts.
I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on
RedHat machines.
I also have 3 slave/BDC's and 1 master/PDC

Right now all of my users and groups exist entirely in the LDAP directory.
I have a few accounts in addition to the normal system accounts that are
used for emergency access. All authention and group enumeration uses
PAM_LDAP with NSS_LDAP.

My question is that when I have a machine join the domain, in the LDAP
directory an objectclass Account and sambaSAMAccount are created. I still
need to create a machine account in /etc/passwd for this to happen. Is
there anyone out there that is first creating a posixAccount with
appropriate attributes in LDAP then using the Samba/Windows to generate
the sambaSAMAccount object and attributes in LDAP also?

I was so happy to get all of the user/group stuff consolidated into the
directory. Now I see that this is a possibility also but I haven't tried
it.

Kent N
Wareham Public Schools

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Having issues with rpcclient's adddriver

2004-05-17 Thread Tim Kent
Hi,
I'm trying to add a Windows NT/2000 OKI C5100 print driver to a Samba 
2.2.3a server.  I've been told that this driver does some server-side 
stuff, so I'll have to use 'adddriver' in rpcclient.

I've read the manual page for rpcclient, and I printed out a 'Windows 
2000 Printer Test Page' to get all the relevant information.

This is probably just something simple, but I've checked this out a 
couple of times and keep getting a syntax error.  Do I have too many 
files listed, and if so do I need all of these listed files?

[EMAIL PROTECTED]:~$ rpcclient test -U root
INFO: Debug class all level = 2   (pid 9287 from pid 9287)
Enter Password:
session setup ok
Domain=[TEST] OS=[Unix] Server=[Samba 2.2.3a-13 for Debian]
rpcclient $> adddriver "Windows NT x86" "OKI 
C5100:IMFNT4.DLL:OPHCWDDM.SDD:SDNTOK.DLL:OP51ENU.HLP:\
OKI HiperC Language Monitor:RAW:ABEXPW32.DLL,CANLKN.PRF,CNNbapie.DLL,\
CNNsCore.DLL,CNPPDCE.DLL,CNXADR.DLL,CNXCOV1.EMF,CNXCOV2.EMF,\
CNXCOV3.EMF,CNXCOVL.EMF,CNXCR.DLL,CNXDMAN.DLL,CNXECR.DLL,CNXP5EE.DLL,\
CNXP5EE0.CNT,CNXP5EE0.HLP,CNXP5EEP.DLL,CNXP5EEU.DLL,CNXPRASX.DLL,\
CNZ005N.ICC,CNZ006N.ICC,CNZ007N.ICC,CNZE15N.ICC,CNZE18N.ICC,\
CNZE21N.ICC,CNZN15N.ICC,CNZN18N.ICC,CNZN21N.ICC,CNZP15N.ICC,\
CNZP18N.ICC,CNZP21N.ICC,CnP5eE.DLL,CnP5eE0.CNT,CnP5eE0.HLP,\
CnP5eEUI.DLL,CnP5eEUM.DLL,DCS.DLL,DCSTBL.DLL,GP300FK.XPD,GP300PK.XPD,\
IMF32.DLL,IMFPRINT.DLL,ML51NSAR.DLL,OK001U2H.CAP,OK009U0H.CCM,\
OK714NHE.VER,OMRDM32.DLL,OP5100.DAT,OP5100.UNZ,OP51ICB.BIN,\
OPCLB002.DLL,OPCST000.DLL,OPDMN004.DLL,OPDVA002.DLL,OPHCRENU.DLL,\
OPHCSENU.DLL,OPHCWDDM.DLL,OPHCWDUI.DLL,OPHCWINF.DAT,OPHCWM00.DAT,\
OPHCWNXS.DLL,OPHCWNXT.DLL,OPHCWS00.DAT,OPNE000C.SCR,OPRCL000.DLL,\
OPS00ENU.DLL,OPS00JPN.DLL,OPUSB000.DLL,QDPRIOK.DLL,RDMWIN32.DLL,\
SDDM.INI,SDDMOK.DLL,SDDMUK.DLL,SDIMFOK.DLL,SDNTUM4.DLL,SDOK.DLL,\
SQMCODER.DLL,SROK.DLL,ZENOCMM.DLL,ZENOICM.DLL,ZGDIOK.DLL,ZLANG.DLL,\
ZSPOOL.DLL,ZSPOOLOK.EXE,ZTAG32.DLL"
Usage: adddriver \
:::\
:::\
:

I know that looks like a very long list, but that's what the 'Windows 
2000 Printer Test Page' told me!  I'm assuming that most of those files 
are related to some kind of monitor that I could perhaps do without.

As far as my syntax is concerned I have the files in the right order.
Cheers,
Tim
--
Tim Kent CCNA CNS
Wilkinson-Kent Consulting Pty Ltd
t +61 7 3862 1963
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Upgrade path v 3.0.0 to 3.0.3

2004-05-05 Thread Kent L. Nasveschuk
Hello all,

Just a question on upgrading from Samba 3.0.0 to 3.0.3.

I have several servers running 3.0.0 that I want to upgrade.They all use
OpenLDAP backend.

What I think I should backup are:

samba/lib/smb.conf
samba/var/locks/*.tdb
samba/private/secrets.tdb

Wipe the old system, recompile and install the new system, restore above
files to appropriate location.

Anything else I should backup, or suggestions?

-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Logon scripts

2004-04-02 Thread Kent L. Nasveschuk
Hello Urs,

I've been experimenting with RunAsP.exe to do exactly what you are
suggesting.

By using kixtart script processor you can fork part of your clients that
login (2000/XP) to runasp.exe. This can switch user context to an
administrator, run a program, then return to the user's context. The
only drawback is that they charge $ per client machine. The passwords
are kept in an encrypted form in a file that can be launched from the
netlogon directory.

I've evaluated it enough that to determine that I can't do without it.
I've tested it for automating Norton AV virus definition updates from
login scripts as well as running older programs that write to priveleged
directories, but there are many thing it can be used for. Nobody has
written a free version to my knowledge, would be a great project.


Good luck


-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba Release 3.0.1 group enumeration

2004-04-02 Thread Kent L. Nasveschuk
Hello,

I was looking at the release notes for version 3.0.1 and it mentions a
bug fix for enumerating group mappings from an LDAP directory. I know
the version that I run 3.0.0, is not able to get group membership from
an OpenLDAP directory. Could someone just confirm that this is is the
case in version 3.0.1?


Thanks.


-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] smb.conf

2004-03-11 Thread Kent L. Nasveschuk
This is just a quick question, what is the difference between "+" and
"@" when using groups for say valid users or write list

ex

valid users = +staff
valid users = @staff



-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] changing desktop/profiles

2004-01-20 Thread kent E.
hi to all...

just one thing that annoys me in a day... that an employee will approach
me and tell me that his/her settings was changed

i did even disabled the profiles long before so they are using the
locally stored cache .. and why does it still change..???

and im also having these error
=
get_domain_user_groups: primary gid of user [leslie] is not a Domain
group !
Jan 19 13:02:31 genesis smbd[3994]:   get_domain_user_groups: You should
fix it, NT doesn't like that
=

but this user is in the ntadmins groups as mapped as "domainAdmins"


help



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] logging messenger service in windows

2004-01-15 Thread kent E.
hi to all im not sure if i have the appropriate subject to put...

but anyways... we have windows workstations(mostly) and a samba3.0 on a
rh9... is there a way to log any communications using the windows 'net
send'

tia

kent

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] editing important files with running samba

2004-01-14 Thread kent E.
hello to all...

does anyone here worry about the look of their
/etc/passwd
/etc/group

for me, yes i do.. i wanted to separate the users with pc accounts.. but
would my network go crazy if i will reset some of the gid and uid and
also i've noticed that the file 
/etc/samba/smbpasswd is also somehow link to the /etc/group ... any 

advice on how to properly edit things.. 
tia

kent

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Multiple domains on one PDC

2004-01-12 Thread kent E.

im looking forward for this i wish i could setup our network like
this...


On Tue, 2004-01-13 at 01:56, Peter Depuydt wrote:
> Hello,
>  
> Is it possible to maintain multiple domains on a single samba server ?
>  
> If needed we can create an overall masterdomain (eg forest) where the
> Current domains could be trees.
>  
> Currently we manage every domain on a separate server and running as
> An separate PDC . We would like to maintain an single server .
>  
> Is it possible..
>  
> Peter Depuydt
>  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] disabled roaming profile

2004-01-11 Thread kent E.
ok.. at first i thought this is nice but i seem (still) don't know how
to control things so i decided not to use roaming profiles...

i disabled it and some of the workstations is now using their local
profiles (winNT and winXP) but i have still problems with windows 2000
... it kept on contacting the server for the profile.. 

i can't find how to disable the roaming profile in win2k i already tried
to do .. MY COMPUTER>>PROPERTIES>>USER PROFILES but it is set on local
not roaming... 

i also tried to search the registry but i don't know that to search
for..

pls help..
TIA 
Kent

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1

2004-01-10 Thread Kent L. Nasveschuk
preciate any
> help as I'm just tired of reading and just can't seem to get past adding
> a machine.  Thanks for any help...
> 
> Jason
> 
> 
> --- begin ldap.conf 
> 
> HOST 127.0.0.1
> BASE dc=test,dc=edu
> 
>  end ldap.conf 
> 
> 
> --- begin slapd.conf 
> 
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/samba.schema
> 
> pidfile /var/run/slapd.pid
> argsfile /var/run/slapd.args
> database bdb
> suffix "dc=test,dc=edu"
> rootdn "cn=root,dc=test,dc=edu"
> rootpw testing
> 
> directory /var/lib/ldap
> index objectClass eq
> index cn pres,sub,eq
> index sn pres,sub,eq
> index uid pres,sub,eq
> index displayName pres,sub,eq
> index uidNumber eq
> index gidNumber eq
> index memberUid eq
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index sambaDomainName eq
> index default sub
> 
>  end slapd.conf 
> 
> 
>  begin smb.conf 
> [global]
> passdb backend = ldapsam
> ldap suffix = "dc=test,dc=edu"
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap admin dn = "cn=root,dc=test,dc=edu"
> ldap ssl = no
> idmap backend = ldap:ldap://127.0.0.1
> passwd chat debug = Yes
> passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
> passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

Never used the IDEALX scripts. Right now I use a shell script to batch
add computers and users.


> add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
> add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
> delete user script = /usr/local/sbin/smbldap-userdel.pl %u
> add group script = /usr/local/sbin/smbldap-groupadd.pl %g
> delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
> add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
> delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g
> set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
> workgroup = TEST
> netbios name = donald
> comment = test samba pdc
> security = user
> null passwords = yes
> encrypt passwords = yes
> logon script=logon.bat
> logon drive =
> logon path =
> domain master = yes
> domain logons = yes
> preferred master = yes
> os level = 33
> wins support = yes
> wins proxy = no
> log file = /var/log/samba/%m.log
> public = No
> browseable = yes
> writable = No
> 
> ; necessary share for domain controller
> [netlogon]
> path = /netlogon
> locking = no
> read only = yes
> write list = ntadmin
> 
> ;test share
> [tmp]
> writeable = yes
> public = yes
> path = /tmp
> 
> [profiles]
> path = /profiles
> read only = no
> writeable = yes
> create mask = 0600
> directory mask = 0700
> 
>  end smb.conf ---

One other thing I found that would cause problems adding a computer to a
domain. Duplicate names. If you use ghost disk imaging this is a common
problem.

-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Secondary, tertiary group problems in Samba LDAP

2004-01-09 Thread Kent L. Nasveschuk
I don't, is it essential for this to work correctly?


On Fri, 2004-01-09 at 10:52, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On 7 Jan 2004, Kent L. Nasveschuk wrote:
> 
> > Hello,
> > I found an interesting thing that I don't know if it is a bug, by design
> > or I need to be doing something that I'm not but here goes.
> > 
> > My system
> > RedHat 8.0 (1) PDC with LDAP 2.1.23 backend master,
> > (3) BDC with LDAP slave backend. All are Samba 3.0.
> > 
> > I had a probelem with secondary, tertiary etc groups that people belong
> > to and Samba recognizing these groups if they were stored in LDAP. The
> > primary group was no problem. When I created shares but used
> > "@groupname"  for valid users or write list, Samba would fail to get
> > that info from LDAP. They needed to be in /etc/group to work. As soon as
> > I added users in secondary groups to /etc/group users were recognized
> > and rights were assigned.
> 
> do you have nss_ldap setup correctly?
> 
> 
> 
> 
> 
> 
> 
> cheers, jerry
>  --
>  Hewlett-Packard- http://www.hp.com
>  SAMBA Team -- http://www.samba.org
>  GnuPG Key   http://www.plainjoe.org/gpg_public.asc
>  "If we're adding to the noise, turn off this song" --Switchfoot (2003)
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.0 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
> 
> iD8DBQE//s5YIR7qMdg1EfYRApHUAKDfecFReHBdV4XU8femIsKXkbdR5wCg6Rxa
> 2DWV4KTXVLdyl22z1Tkcjzs=
> =ptcK
> -END PGP SIGNATURE-
-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] roaming profiles...

2004-01-08 Thread kent E.
On Fri, 2004-01-09 at 10:45, Kent L. Nasveschuk wrote:
> I don't use roaming profile for this reason.

i didn't enable this in the first place, but with my first logon pc it
is what the error says that i can't connect to the \\server\profiles ...
so i was thinking that maybe they needed it most so i just find ways to
enable it...


> You tell 'em don't store everything on the desktop or it will take a long time to 
> login, and they
> do the opposite. 

some users forgets...

> There is no advantage to these in my opinion also. 
for me maybe yes... if ever i will reformat that pc ... then i have same
desktop and some (small) files

> I don't have the advantage of having many machines that are identical in
> terms of software installed. A person that moves to another machine is
> going to have a bunch of icons that lead nowhere. 


> I'm content with storing profiles on the local machine.
i guess i can disable this option and go to local profiles

> 
> Say, where'd you get that first name Kent?

errr... i don't know ... but maybe from my grandpa... he is a US citizen
(i think)

> 
> On Thu, 2004-01-08 at 05:19, kent E. wrote:
> > hey guys i want to hear your experience regarding this situation
> > 
> > got this one user who store lots of big chunk files in his "My
> > Documents" folder now as she logs out ... it took us several minutes for
> > us to be able to shut down...
> > 
> > how to take care of this? can i select which to include in the roaming
> > files ...
> > 
> > TIA
> > Kent

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: WAS: Re: [Samba] net groupmap / domain admins problem - Amazon prize

2004-01-08 Thread Kent L. Nasveschuk
John,

I actually did try this out +, I don't believe I could get
it to work. I tryed many variations. I guess I need to experiment more
with how nsswitch.conf and how pam is configured. I'm not real
knowledgeable in this area.

I found an interesting work around for those of you looking for mapping
drives from login scripts based on secondary + groups.


/etc/group

dusers:x:500:
staff:x:680:kent,fred,joe

/etc/passwd

kent:x:4044:500::/accounts/staff/kent:/bin/bash
ksnider:x:4045:500::/accounts/staff/fred:/bin/bash
joe:x:4045:500::/accounts/staff/joe:/bin/bash

Users primary group is dusers 500 but have secondary group staff 680.

In netlogon directory I put directory same name as share for example:

netlogon/staff-files

In the directory put single file secured by directory permissions
example:

netlogon/staff-files/readme

directory permissions on staff-files directory in netlogon (0750)

drwxr-x---2 root staff 4096 Jan  7 07:40 staff-files

share is smb.conf:

[staff-files]
comment = Staff Files
path = /accounts/staff/staff-files
valid users = @staff
write list = @staff


In netlogon script reads as follows:


if exist \\SERVERNAME\netlogon\staff-files net use S:
\\SERVERNAME\staff-files

Samba checks local Linux groups and if user is in group he/she is
capable of reading file, drive is mapped.

Of course I wish all this info was in LDAP so I wouldn't have to mess
with local groups but Christmas has gone by and I didn't find this
solution in my stocking.

I can't take any credit for this idea. I found it in a 1999 posting but
it's a temporary fix for something that I believe many of us are
seeking.


Just have to say this stuff is marvelous. I've been utterly frustrated
and amazed at the versatilaty of Samba. Thanks for you support.


On Thu, 2004-01-08 at 03:54, John H Terpstra wrote:
> Hansjoerg,
> 
> Instead of:
>   valid users = @Groupe
> 
> Please try:
>   valid users = +Groupe
> 
> Thanks.
> 
> - John T.
> 
> 
> On Thu, 8 Jan 2004, Hansjoerg Maurer wrote:
> 
> > Hi
> >
> > thank you, for your fast replay.
> > I have a user sporer
> > [EMAIL PROTECTED] root]# id -a sporer
> > uid=1000(sporer) gid=1000(sensodrivegroup)
> > Gruppen=1000(sensodrivegroup),1001(managementgroup)
> >
> > The user and the group is in ldap and nss_ldap seems to work..
> > [EMAIL PROTECTED] root]# getent group
> > root:x:0:root
> > 
> > Domain Admins:x:912:
> > Domain Users:x:913:
> > Domain Guests:x:914:
> > Administrators:x:944:
> > Users:x:945:
> > Guests:x:946:
> > Power Users:x:947:
> > Account Operators:x:948:
> > Server Operators:x:949:
> > Print Operators:x:950:Administrator
> > Backup Operators:x:951:
> > Replicator:x:952:
> > Domain Computers:x:953:
> > sensodrivegroup:x:1000:sporer,haehnle,sporers,unterholzner,geist,bertleff,hauschild,sensodrive,root
> > managementgroup:x:1001:management,root,haehnle,sporer,sporers
> >
> > I am using
> > [EMAIL PROTECTED] root]# rpm -q nss_ldap
> > nss_ldap-207-3
> >
> > on RH9
> >
> > Within samba I have to shares
> > [Projekte]
> >comment = Sensodrive-Projekte
> >path = /home/sensodrive
> >force group = sensodrivegroup
> >force user = sensodrive
> >valid users = @sensodrivegroup,root
> >
> > [Management]
> >comment = Sensodrive-Management
> >path = /home/management
> >force group = managementgroup
> >force user = management
> >valid users = @managementgroup,root
> >
> > Every user can access the Projekte share, because the primary  group of
> > every user is sensodrivegroup.
> > When user sporer tries to acess the Management share, he gets
> >  user 'sporer' (from session setup) not permitted to access this share
> > (Management)
> >
> > If I add the user sporer by his username to valid users it works
> >valid users = @managementgroup,root,sporer,haehnle,sporers
> >
> > Maybe this helps to solve the problem
> > If you need more information, or further testing give me a note
> >
> > Thank you very much
> >
> > Greetings
> >
> > HansjÃrg
> >
> >
> >
> >
> > John H Terpstra wrote:
> >
> > >On Thu, 8 Jan 2004, Hansjoerg Maurer wrote:
> > >
> > >
> > >
> > >>Hi
> > >>
> > >>i have a question related to the groupmapping with ldapsam as backend.
> > >>You discribed, that groupentries have to be in /etc/group with tdbsam as
> > >>backend.
> > >>
> > >>I 

[Samba] roaming profiles...

2004-01-08 Thread kent E.
hey guys i want to hear your experience regarding this situation

got this one user who store lots of big chunk files in his "My
Documents" folder now as she logs out ... it took us several minutes for
us to be able to shut down...

how to take care of this? can i select which to include in the roaming
files ...

TIA
Kent

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] user administrator rights

2004-01-07 Thread kent E.
hi to all

i have just successfully created a samba PDC ... now i added users and
machine accounts ... 

but how to give administrative rights in the users?

or it is really built-in ... for security purposes

Kent

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Secondary, tertiary group problems in Samba LDAP

2004-01-07 Thread Kent L. Nasveschuk
Hello,
I found an interesting thing that I don't know if it is a bug, by design
or I need to be doing something that I'm not but here goes.

My system
RedHat 8.0 (1) PDC with LDAP 2.1.23 backend master,
(3) BDC with LDAP slave backend. All are Samba 3.0.

I had a probelem with secondary, tertiary etc groups that people belong
to and Samba recognizing these groups if they were stored in LDAP. The
primary group was no problem. When I created shares but used
"@groupname"  for valid users or write list, Samba would fail to get
that info from LDAP. They needed to be in /etc/group to work. As soon as
I added users in secondary groups to /etc/group users were recognized
and rights were assigned.

As a side note each line of /etc/group is limited to 1024 bytes, so
there is a limit on how many users you can add to a group using
/etc/group. If you exceed that when the system scans the /etc/group
file, it will fail at the line >1024 bytes and any groups below will
fail to be recognized. I believe that this is a bug. If you do "ls" on a
directory or "id " where one of the entries in your /etc/group
has exceeded the limit, the groups will show as numbers and not a group
name.

   
Can I use pam_winbindd to extract group membership from LDAP at this
time for secondary, tertiary etc groups?

-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] problems with profiles and netlogon

2004-01-07 Thread kent E.
newbie here..

my samba3.0 sits on a redhat9 and i have a winNT4.0 logging into it..
the name of the ntPC is cpu3 now.. im not sure what to put into my
profiles and netlogon.. 

here is a the log of the specific workstation

[2004/01/07 18:47:10, 2] smbd/sesssetup.c:setup_new_vc_session(535)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2004/01/07 18:47:32, 2] auth/auth.c:check_ntlm_password(302)
  check_ntlm_password:  authentication for user [cpu3] -> [cpu3] ->
[cpu3] succeeded
[2004/01/07 18:47:35, 2] auth/auth.c:check_ntlm_password(302)
  check_ntlm_password:  authentication for user [cpu3] -> [cpu3] ->
[cpu3] succeeded
[2004/01/07 18:47:35, 0] smbd/service.c:make_connection_snum(670)
  '/etc/samba/profiles' does not exist or is not a directory, when
connecting to [profiles]
[2004/01/07 18:47:35, 0] smbd/service.c:make_connection_snum(670)
  '/etc/samba/profiles' does not exist or is not a directory, when
connecting to [profiles]
[2004/01/07 18:47:51, 0] smbd/service.c:make_connection_snum(670)
  '/etc/samba/netlogon' does not exist or is not a directory, when
connecting to [netlogon]
[2004/01/07 18:47:52, 2] smbd/service.c:make_connection_snum(384)
  user 'cpu3' (from session setup) not permitted to access this share
(cpu3)
[2004/01/07 18:47:52, 2] smbd/service.c:make_connection_snum(384)
  user 'cpu3' (from session setup) not permitted to access this share
(cpu3)
[2004/01/07 18:47:52, 0] smbd/service.c:make_connection_snum(670)
  '/etc/samba/netlogon' does not exist or is not a directory, when
connecting to [netlogon]
[2004/01/07 18:47:52, 0] smbd/service.c:make_connection_snum(670)
  '/etc/samba/netlogon' does not exist or is not a directory, when
connecting to [netlogon]
[2004/01/07 18:47:52, 0] smbd/service.c:make_connection_snum(670)
  '/etc/samba/netlogon' does not exist or is not a directory, when
connecting to [netlogon]



a snippet of my smb.conf

[netlogon]
comment = Network Logon Service
path = /etc/samba/netlogon
public = yes
read only = yes
valid users = @cdr
browseable = no

[profiles]
path = /etc/samba/profiles
writable = yes
create mask = 0600
directory mask = 0700
browseable = no
;   valid users = root @cdr


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] simple question

2004-01-07 Thread kent E.

thanks that works but i have another problem ... ill be posting it
in another thread

On Wed, 2004-01-07 at 17:16, Fermín Galán Márquez wrote:
> As far I know, you cannot use the same name for users and a machines
> account.
> 
> This is the way that I follow to create machine accounts:
> 
> 1. Create a "user" account in /etc/passwd (note the '$')
> 
> # useradd cpu3$
> 
> 2. Create the machine account with smbpasswd (note now '$' is not in the
> name)
> 
> # smbpasswd -a -m cpu3
> 
> I hope this may help you...
> 
> --
> Fermín
> 
> -Mensaje original-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] En nombre
> de kent E.
> Enviado el: miércoles, 07 de enero de 2004 9:26
> Para: samba
> Asunto: [Samba] simple question
> 
> i just got confused in creating machine accounts in my samba server
> 
> 1rst creating the user
> [EMAIL PROTECTED] root]# smbpasswd -a cpu3
> New SMB password:
> Retype new SMB password:
> Added user cpu3.
> 
> than adding the machine...
> [EMAIL PROTECTED] root]# smbpasswd -a -m cpu3$
> Failed initialise SAM_ACCOUNT for user cpu3$.
> Failed to modify password entry for user cpu3$
> [EMAIL PROTECTED] root]#
> 
> what am i missing... (still googling...)
> 
> TIA
> Kent
> 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] simple question

2004-01-07 Thread kent E.
i just got confused in creating machine accounts in my samba server

1rst creating the user
[EMAIL PROTECTED] root]# smbpasswd -a cpu3
New SMB password:
Retype new SMB password:
Added user cpu3.

than adding the machine...
[EMAIL PROTECTED] root]# smbpasswd -a -m cpu3$
Failed initialise SAM_ACCOUNT for user cpu3$.
Failed to modify password entry for user cpu3$
[EMAIL PROTECTED] root]#

what am i missing... (still googling...)

TIA
Kent


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] How do I get Winbind accounts in LDAP?

2004-01-03 Thread Kent L. Nasveschuk
I've seen this posting before but I need to get a grasp on this. I am
using winbindd for users that don't have a local account on a Linux box.
I thought that placing the entries below in the smb.conf would create
users in ou=Idmap. Instead the ou=Idmap increments the uidNumber with
every user that is added,but the user ID mappings are stored in
/usr/local/var/locks/winbindd_idmap.tdb. What entry in smb.conf will
change this. These are the applicable portions of smb.conf.

ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no
idmap backend = ldap:ldap://127.0.0.1
ldap idmap suffix = ou=Idmap
winbind separator = +
idmap uid = 4-5
idmap gid = 4-5
winbind enum users = yes
winbind enum groups = yes
template homedir = /accounts/default/%D/%U
template shell = /bin/bash
winbind use default domain = yes
winbind cache time = 15
obey pam restrictions = yes

So I use wbinfo -c . This returns a RID number. User can now
login or use smbclient -L localhost -U   and get
available shares on this BDC. In LDAP directory is incremented by 1, but
there are no entries.

How do I move the entries that are stored in
/usr/local/var/locks/winbindd_idmap.tdb to the LDAP directory?

What I've omitted in all this is that pam and pam_winbind is setup
correctly, which I believe it is.


-- 
Kent
[EMAIL PROTECTED]
[EMAIL PROTECTED]

Tips:-->
"OpenOffice.org ... Stops Word macro viruses DEAD!"
"Postgresql.org ... Don't 'kill -9' the postmaster"
"Technology is legislation - C. Einfeldt on OO.o discuss list"

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Several people on this mailing list have the W32/Swen@MM virus

2004-01-03 Thread Kent L. Nasveschuk
I get these often, but I use Linux as a desktop machine so it's not from
me.


On Fri, 2004-01-02 at 08:07, Rob Taft wrote:
> Ever since I signed up for this mailing list and sent my first question, I have been 
> bombarded with the W32/[EMAIL PROTECTED] and the emails aren't all from the same 
> person.  Is anyone else experiencing this?
> 
> Rob
-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Winbind not quite working yet

2004-01-01 Thread Kent L. Nasveschuk
Hello,
I'm trying to get Winbind to authenticate users that don't have local
accounts on a SAMBA BDC.

I have (3) BDCs (1) PDC running OpenLDAP 2.1.23 pass backend and Samba
3.0. These are on RedHat 8.0 systems. 3 BDC are also slave LDAP and 1
master directory server on the PDC.


I went through the Samba documentation CH21 and made modifications to
the BDCs and PDC as follows:

nsswitch.conf files winbind for passwd and group

pam.d/login

#%PAM-1.0
#auth   required /lib/security/pam_securetty.so
auth   sufficient   /lib/security/pam_winbind.so
auth   sufficient   /lib/security/pam_unix.so use_first_pass
auth   required /lib/security/pam_stack.so service=system-auth
auth   required /lib/security/pam_nologin.so
accountsufficient   /lib/security/pam_winbind.so
accountrequired /lib/security/pam_stack.so service=system-auth
password   required /lib/security/pam_stack.so service=system-auth
sessionrequired /lib/security/pam_stack.so service=system-auth
sessionoptional /lib/security/pam_console.so


pam.d/samba

#%PAM-1.0
#authrequired/lib/security/pam_stack.so service=system-auth
#account required/lib/security/pam_stack.so service=system-auth
authrequired/lib/security/pam_nologin.so
authrequired/lib/security/pam_pwdb.so nullok shadow
authrequired/lib/security/pam_stack.so service=system-auth
account required/lib/security/pam_winbind.so
account required/lib/security/pam_pwdb.so
account required/lib/security/pam_stack.so service=system-auth
session required/lib/security/pam_stack.so service=system-auth
password required   /lib/security/pam_stack.so service=system-auth


pam.d.system-auth

#%PAM-1.0
authsufficient/lib/security/pam_winbind.so
authrequired  /lib/security/pam_env.so
authsufficient/lib/security/pam_unix.so likeauth nullok
use_first_pass
authrequired  /lib/security/pam_deny.so
account sufficient/lib/security/pam_winbind.so
account required  /lib/security/pam_unix.so
passwordrequired  /lib/security/pam_cracklib.so retry=3 type=
passwordsufficient/lib/security/pam_unix.so nullok use_authtok
md5 shadow
passwordrequired  /lib/security/pam_deny.so
session required  /lib/security/pam_mkhomedir.so umask=0022
session required  /lib/security/pam_limits.so
session required  /lib/security/pam_unix.so

pam_winbind.s is in /lib/security

libnss_winbind.so and symbolic link to it from libnss_winbind.so.2

smb.conf
...
winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /accounts/default/%D/%U
template shell = /bin/bash
winbind use default domain = yes

...

If I run smbclient on a BDC:
smbclient -L localhost -U fred

where fred is a local account I get shares and an appropriate response.
When I check the logs, samba.bdc name it indicates that samba is getting
information from the LDAP directory, including password.

When I do the same for a person without a local account, the LDAP
directory returns user found but :

session setup failed: NT_STATUS_LOGON_FAILURE

Also when I run getent passwd as root I only get local accounts. When I
run wbinfo -u I get all users in the LDAP directory, wbinfo -g only
domain groups no local groups.

Any help would be appreciated. I'm a little stumped with this one.
-- 
Kent
[EMAIL PROTECTED]
[EMAIL PROTECTED]

Tips:-->
"OpenOffice.org ... Stops Word macro viruses DEAD!"
"Postgresql.org ... Don't 'kill -9' the postmaster"
"Technology is legislation - C. Einfeldt on OO.o discuss list"


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] installing gui interfaces for samba

2003-12-29 Thread kent E.
On Mon, 2003-12-29 at 23:06, Andrew Gaffney wrote:
> kent E. wrote:
> > i've browse the web and found 'Smb4K - An SMB share browser for KDE'
> > since this is something similar like a windows sharing this would be
> > safer for our newbie(unix) users but i have problem installing the
> > package 
> > 
> > ===
> > checking for Qt... configure: error: Qt (>= Qt 3.1 (20021021)) (headers
> > and libraries) not found. Please check your installation!
> > For more details about this problem, look at the end of config.log.
> > 
> > 
> > i already installed the qt ver 3.1++
> > 
> > [EMAIL PROTECTED] smb4k-0.3.1]# rpm -qa qt
> > qt-3.1.1-6
> > 
> 
> You might want to try to find an RPM for your distro for that program. 

yes. i already did install the rpm version of the distro.. i think
before(by default) it is 3.0 

> Another good SMB browser I've found is Xfsamba.

ok i will check it out.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] installing gui interfaces for samba

2003-12-28 Thread kent E.
i've browse the web and found 'Smb4K - An SMB share browser for KDE'
since this is something similar like a windows sharing this would be
safer for our newbie(unix) users but i have problem installing the
package 

===
checking for Qt... configure: error: Qt (>= Qt 3.1 (20021021)) (headers
and libraries) not found. Please check your installation!
For more details about this problem, look at the end of config.log.


i already installed the qt ver 3.1++

[EMAIL PROTECTED] smb4k-0.3.1]# rpm -qa qt
qt-3.1.1-6


but still don't know whats missing ...

guyz can u help me up... 

TIA

Kent



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Valid users as group fails

2003-12-23 Thread Kent L. Nasveschuk
Just wondering if anyone is experiencing a similar problem.

System:

RedHat 8.0
Samba 3.0
LDAP 2.1.23

vaild users on a share fails yet individual users works. I've seen other
posts similar to this.

Users have a memberUID entry directory in LDAP. The Linux box has group
506 mapped to sambaSid Sxxx...-2013

Where can I look for problems?
-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba BDC doesn't talk to LDAP slave on same machine

2003-12-17 Thread Kent L. Nasveschuk
Hello,
I can't get my BDC to talk to the LDAP slave running on the same
machine. Replication between slave and master works but samba on the BDC
doesn't appear to be communicating with the slave LDAP server.

Everything off the PDC works fine.



--
smb.conf on BDC
--
[global]
workgroup = WarehamPS
encrypt passwords = Yes
time offset = 60
time server = Yes
socket options = TCP_NODELAY
security = user
logon script = netlogon.bat
writable = Yes
dns proxy = no
directory mask = 02770
preferred master = yes
netbios name = Decas2
server string = RedHat 8.0 Samba LDAP
passdb backend = ldapsam:"ldap://172.16.0.3 ldap://127.0.0.1";
ldap passwd sync = Yes
machine password timeout = 604800
passwd program = /usr/local/samba/bin/smbpasswd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba.%m
debug level = 2
max log size = 50
add user script = /usr/local/sbin/smbldap-useradd.pl %u
delete user script = /usr/local/sbin/smbldap-useradd.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl
delete group script = /usr/local/sbin/smbldap-groupdel.pl
add machine script = /usr/local/samba/bin/smbpasswd -a -m %u
logon script = netlogon.bat
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 64
domain master = No
dns proxy = Yes
admin users = @domain_admins
wins support = no
wins server = 172.16.0.3
wins proxy = no
name resolve order = wins hosts bcast
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no

[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
path = %H
#   valid users = %S
hide files = /.*/
   
   
[netlogon]
comment = Netlogon share
path = /usr/local/samba/netlogon
locking = no
browseable = no
read only = yes
write list = @domain_admins
   
   
[programs]
comment = Programs
path = /accounts/programs

[printers]
comment = All Printers
path = /var/spool/samba
read only = Yes
printable = Yes
browseable = No


--
slapd.conf ond BDC
--
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
17:06:18 kurt Exp $
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
databaseldbm
suffix  "dc=tow,dc=net"
rootdn  "cn=admin,dc=tow,dc=net"
rootpw  {SSHA}bbcOI00dfOOJdNCsuFfWf8forJC/Q2P8
directory   /usr/local/var/openldap-slurp/wareham
updatedn"cn=admin,dc=tow,dc=net"
updateref   "ldap://172.16.0.3";
schemacheck on
lastmod on
# Indices to maintain
#index  objectClass eq
index   objectClass,uid,uidNumber,gidNumber eq
#index  cn,mail,surname,givenname   eq,subinitial
index   cn,snpres,eq,sub
access to dn=".*dc=tow,dc=net"
by self write
by * read
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn="cn=root,ou=Users,dc=tow,dc=net" write
by self write
#   by anonymousauth
by * none


--
LDAP.conf on BDC
--
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04
19:57:01 kurt Exp $
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASEdc=tow,dc=net
URI ldap://172.16.151.254
host172.16.151.254 172.16.0.20
ldap_version 3
#SIZELIMIT  12
#TIMELIMIT  15
#DEREF  never

-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Winbindd

2003-12-17 Thread Kent L. Nasveschuk
The message I got from Jerry Carter yesterday says that Winbindd is only
required for trust accounts between 2 domains. I was confused also, the
documentation seems to lead one to the contrary.



-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Authenticating to BDC with LDAP backend

2003-12-16 Thread Kent L. Nasveschuk
Hello,
I'm still trying to get this straightened out. 
I have the following system:

System description
RedHat 8.0
LDAP 2.1.23
Samba 3.0


I have basically 2 BDC that I want users to have home directories on.
These also run LDAP backend as slave servers.


Do all machines using the domain need to have machine accounts on the
PDC or do some that use the BDC for home directories need to have
machine accounts on the BDC?


 

Any help or suggestions would be appreciated. 


-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>



-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Winbind pdc bdc problem

2003-12-16 Thread Kent L. Nasveschuk
Thanks, guess I don't need it then. I wasn't quite sure what the full
function was for winbindd.



On Tue, 2003-12-16 at 10:01, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Kent L. Nasveschuk wrote:
> 
> | Do I need to use winbind between pdc and bdc if I'm
> | using LDAP backend?
> 
> On a Samba DC, Winbindd is only needed when the DC's have
> established trusts with other domains (and you need
> winbindd to generate accounts for the trusted users
> and groups).
> 
> 
> - --
> ciao, jerry
> ~ --
> ~ Hewlett-Packard- http://www.hp.com
> ~ SAMBA Team -- http://www.samba.org
> ~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
> ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQE/3x5NIR7qMdg1EfYRAu0aAJ0bf1xldkSU72onr/iL1l9wl70n1QCfTi+f
> pj/6UNQJrMakJb0dUhTVO1E=
> =nmX/
> -END PGP SIGNATURE-
-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Winbind pdc bdc problem

2003-12-16 Thread Kent L. Nasveschuk
Do I need to use winbind between pdc and bdc if I'm using LDAP backend?
I have a PDC setup with LDAP master on backend and a BDC with slave LDAP
in another building.I'm just having a problem with getting users to
authenticate and use the BDC for home directories and exactly how to
have W2k clients join the domain.. The BDC is in another building
(connected by a slow connection) so it needs to have a copy of LDAP for
authentication purposes.
I've tested LDAP replication and it works fine and receives updates from
the master. The PDC does everthing that it should. I can join W2k
clients, and users can get to their home directories. My problem is in
Samba and how to configure the BDC for users to use it.

System description
RedHat 8.0
LDAP 2.1.23
Samba 3.0

Any help or suggestions would be appreciated. 


-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Re: Can't access remote server

2003-12-12 Thread Kent Wang
2934 ?S  0:04 nmbd -D

So nmbd is running. That's what've been guessing. But why is it that it is
not responding to remote inquiries?

"Joel Hammer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> What does ps ax | grep nmbd show on the box you can't connect to?
> Sometimes nmbd exits if there is an error of some sort or another.
> Joel
>
> On Thu, Dec 11, 2003 at 01:28:35PM -0600, Kent Wang wrote:
> > I've run iptables -L and iptables -t nat -L and there are no settings.
I've
> > setup iptables lots of times before so I'm pretty familiar with it.
> >
> > A few things that are bugging me is that I have a smb entry in my
> > /etc/rc.d/init.d but no nmbd entry. Has this been merged into one entry?
It
> > doesn't seem like my nmb functionality is actually broken as
nmblookup -B
> > webdev.ic2.org __SAMBA__ runs successfully on the server.
> >
> > However, this command when run from a remote machine fails:
> >
> > [EMAIL PROTECTED] kwang]$ nmblookup -B webdev.ic2.org __SAMBA__
> > querying __SAMBA__ on 128.83.222.87
> > name_query failed to find name __SAMBA__
> >
> > DIAGNOSIS.txt has been pretty helpful, but I'm stuck on Test 8. I'm not
sure
> > how to "fixup the nmbd installation" but I've managed to do all the
other
> > recommended solutions with no success.
> >
> > Anyway, thanks for your help so far.
> >
> > Kent Wang
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Can't access remote server

2003-12-11 Thread Kent Wang
I've run iptables -L and iptables -t nat -L and there are no settings. I've
setup iptables lots of times before so I'm pretty familiar with it.

A few things that are bugging me is that I have a smb entry in my
/etc/rc.d/init.d but no nmbd entry. Has this been merged into one entry? It
doesn't seem like my nmb functionality is actually broken as nmblookup -B
webdev.ic2.org __SAMBA__ runs successfully on the server.

However, this command when run from a remote machine fails:

[EMAIL PROTECTED] kwang]$ nmblookup -B webdev.ic2.org __SAMBA__
querying __SAMBA__ on 128.83.222.87
name_query failed to find name __SAMBA__

DIAGNOSIS.txt has been pretty helpful, but I'm stuck on Test 8. I'm not sure
how to "fixup the nmbd installation" but I've managed to do all the other
recommended solutions with no success.

Anyway, thanks for your help so far.

Kent Wang


"Joel Hammer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> How are you so sure there are "no firewall settings." These things tend
> to get turned on my default.
> Walk thru DIAGNOSIS.txt. For example, can you ping the samba server?
> What do you see with, let me recall, iptables -L (?), might be the
command.
>
> Joel
>
> On Mon, Dec 08, 2003 at 10:58:48AM -0600, Kent Wang wrote:
> > RedHat 9, samba-2.2.7a-8.9.0. Fresh install. No iptables or any firewall
> > settings.
> >
> > I can access my server fine locally with smbclient, but using smbclient
from
> > a machine located in a network I get this:
> >
> > [EMAIL PROTECTED] kwang]$ smbclient //webdev.ic2.org/home
> > added interface ip=24.243.211.67 bcast=24.243.223.255
nmask=255.255.240.0
> > added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0
> > error connecting to 128.83.222.87:139 (No route to host)
> > Error connecting to 128.83.222.87 (No route to host)
> > Connection to webdev.ic2.org failed
> >
> > Attempting this through Windows Explorer also fails.
> >
> > My hosts allow and hosts deny are both blank.
> >
> > Are there any settings that I need to check to enable the server to
respond
> > to outside connections?
> >
> > Thanks,
> > Kent Wang
> > IC2 Institute
> >
> >
> >
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Can't access remote server

2003-12-09 Thread Kent Wang
RedHat 9, samba-2.2.7a-8.9.0. Fresh install. No iptables or any firewall
settings.

I can access my server fine locally with smbclient, but using smbclient from
a machine located in a network I get this:

[EMAIL PROTECTED] kwang]$ smbclient //webdev.ic2.org/home
added interface ip=24.243.211.67 bcast=24.243.223.255 nmask=255.255.240.0
added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0
error connecting to 128.83.222.87:139 (No route to host)
Error connecting to 128.83.222.87 (No route to host)
Connection to webdev.ic2.org failed

Attempting this through Windows Explorer also fails.

My hosts allow and hosts deny are both blank.

Are there any settings that I need to check to enable the server to respond
to outside connections?

Thanks,
Kent Wang
IC2 Institute



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Help with home directories on BDC using LDAP

2003-12-09 Thread Kent L. Nasveschuk
Hello,
I'm having problems with creating machine accounts with W2K clients
connecting to a Samba server that is also a BDC.I'm using LDAP as a
backend for Samba 3.0. 

I have LDAP running as a master on the PDC and slave on the BDC. I am
unsure where to create the UNIX machine accounts for clients that will
be using the BDC for home directories.

Do the machine accounts (computername$) need to be created on the PDC or
the BDC?

I am able to authenticate to the BDC and access shares as a user but
when I attempt to join the domain with it fails unless I have the
machine account on the PDC.

Any help would be appreciated.


-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba LDAP multiple servers

2003-11-29 Thread Kent L. Nasveschuk
Thank you. I have set up one server as BDC and slave LDAP to master. The
others should be easy now that I have one set up. The only way I was
able to achieve replication was using the rootdn account. In the slave
slapd.conf one specifies the updatedn and updateref. Is there any place
to put a password if bindmethod is simple? I believe that is the
problem. I configured write access to a replication account as:

slave slapd.conf...

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
17:06:18 kurt Exp $
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
databaseldbm
suffix  "dc=tow,dc=net"
rootdn  "cn=admin,dc=tow,dc=net"
rootpw  {SSHA}bbcOI00dfOOJdNCsuFfWf8forJC/Q2P8
directory   /usr/local/var/openldap-slurp/wareham
updatedn"uid=hugo,ou=users,dc=tow,dc=net"
updateref   "ldap://172.16.0.3";
schemacheck on
lastmod on
# Indices to maintain
#index  objectClass eq
index   objectClass,uid,uidNumber,gidNumber eq
#index  cn,mail,surname,givenname   eq,subinitial
index   cn,snpres,eq,sub
access to dn=".*dc=tow,dc=net"
by self write
by dn="uid=hugo,ou=users,dc=tow,dc=net" write
by * read
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn="cn=hugo,ou=Users,dc=tow,dc=net" write
by self write
by anonymousauth
by * none


When I start slapd -d1 I can watch attempts to update from the master
but it doesn't occur.

Suggestions?

CH 6 samba-howto collection helped with setup also.




On Wed, 2003-11-26 at 14:34, Patrick wrote:
> Adam Williams wrote:
> 
> >>I have 1 Samba 3.0 server with LDAP 2.1.23 running on backend from the same 
> >>machine. These are both RedHat 8.0. I have 2 other servers I would like to use the 
> >>same LDAP directory. I used net join to join the servers to the domain. Prior to 
> >>joining the domain the the servers had no SID. After using net join they got a new 
> >>SID (net getlocalsid). In the LDAP directory what SID base should be attached to 
> >>users and computers that I add? The original Domain SID?
> >>
> >>
> >
> >You should really add users VIA samba,  or at least the sambaSamAccount
> >objectclass.  This will work if you already have a posixAccount
> >objectclass.  It will generate the SID based upon the domain SID and the
> >uidNumber/gidNumber.
> >
> >  
> >
> >>I may have messed this up. What I want to do is set up the second 2 servers as 
> >>member servers in the domain, and put user accounts with home directories on them. 
> >>User uses LDAP to authenticate to member server. So far I can create an account 
> >>and login in but I am unsure if I m using the SID for the user correctly.
> >>
> >>
> >
> >Let Samba set the SID.
> >
> >  
> >
> >>What is a recommended for master slave LDAP servers that are used primarily for 
> >>authentication to Samba servers. Should I set up a slave LDAP server for the 
> >>member servers? These member servers would be located in separate buildings. The 
> >>main server has about 1000 user accounts, and member servers about 120 each when 
> >>finished.
> >>
> >>
> >
> >Eh?  User accounts exist in the SAM,  in this case LDAP - everywhere. 
> >Slaves are just replicas of the master for redundancy and performance.
> >
> >  
> >
> >> At any one time I anticipate 20-30% will be logged in during peak hours.
> >>
> >>Any help that anyone can give me on this I'd appreciate. This is a fairly large 
> >>installation that eventually will span 8 building each with there own Samba server 
> >>but authenticating to a single OpenLDAP directory.
> >>
> >>
> >
> >Make a master LDAP on the PDC,  load all the users.
> >Join the member servers to the domain.
> >Create LDAP replicas on several/all member servers.
> >Setup NSS on the member servers to use their local/near-by LDAP replica.
> >  
> >
> 
>  From what it sounds like you want to span the load of the PDC to 
> mahines that will be in each building.  In this case the samba server in 
> each building should not be member servers.  They should instead be a 
> BDC.  Each machine should me using a replica LDAP server and have samba 
> configured as a BDC.  As  mentioned by Adam Williams you will need each 
> of the BDC machines using NSS setup to use the LDAP replicas.
> 
> To setup the BDC the Samba 3 HowTo Collection gives all the information 
> you should need.  This is what I used and everything seems to be working 
> here.
> 
> Partick
-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba LDAP multiple servers

2003-11-26 Thread kent
Here's my question:

I have 1 Samba 3.0 server with LDAP 2.1.23 running on backend from the same machine. 
These are both RedHat 8.0. I have 2 other servers I would like to use the same LDAP 
directory. I used net join to join the servers to the domain. Prior to joining the 
domain the the servers had no SID. After using net join they got a new SID (net 
getlocalsid). In the LDAP directory what SID base should be attached to users and 
computers that I add? The original Domain SID?

I may have messed this up. What I want to do is set up the second 2 servers as member 
servers in the domain, and put user accounts with home directories on them. User uses 
LDAP to authenticate to member server. So far I can create an account and login in but 
I am unsure if I m using the SID for the user correctly.

What is a recommended for master slave LDAP servers that are used primarily for 
authentication to Samba servers. Should I set up a slave LDAP server for the member 
servers? These member servers would be located in separate buildings. The main server 
has about 1000 user accounts, and member servers about 120 each when finished. At any 
one time I anticipate 20-30% will be logged in during peak hours.

Any help that anyone can give me on this I'd appreciate. This is a fairly large 
installation that eventually will span 8 building each with there own Samba server but 
authenticating to a single OpenLDAP directory.


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Join Machine to Domain

2003-11-17 Thread Kent L. Nasveschuk
Hey,
Thanks for getting back to me. I could not put this down till I knew why
things weren't working.I finally succeded in making everyting work and
finding out why I had problems.

I couldn't make it work with administrator. As soon as I deleted the
administrator user and replaced user with root, Wah lah! I can join
workstations. I removed username map from smb.conf.

I also had a very strange error message that I have discovered is caused
by some keys in the workstation registry that I changed. These are keys
that are reported to need to be changed in XP and not W2K.

The learning curve for this is high. I learned a great deal about Samba
and LDAP but both packages are slick and work together quite well. All
the time I've spent on this has been well worth it.

Thanks for your help.

Kent N

On Mon, 2003-11-17 at 09:27, [EMAIL PROTECTED] wrote:
> 
> 
> Hi,
> 
> I forgot to tell you, that the samba password from the
> uid=Administrator,ou=Users,dc=tow,dc=net MUST be the same like the samba
> password for root .
> Because samba will expect both the client and the server user to have the
> same password. After that the option "username map" will work correctly.
> 
> 
> 
> Regards
> 
> Manuel Piessnegger
> 
> 
> 
>    
>  "Kent L.  
>  Nasveschuk"   
>  <[EMAIL PROTECTED]  To 
>  .ma.us>   [EMAIL PROTECTED]
> cc 
>  14.11.2003 17:44  Samba List Server   
><[EMAIL PROTECTED]> 
>Subject 
>Re: [Samba] Join Machine to Domain  
>
>
>
>
>
>
> 
> 
> 
> 
> I appreciate your help on this. I still am having problems. Attached a
> some of the pertinent configuration files.
> 
> I can login in with any account so connection and password to access
> ldap server works, just can't join domain. I get an error message bad
> passwd or unknown user. I added the username map but root =
> administrator still doesn't work.
> 
> # Administrator, Users, tow.net
> dn: uid=Administrator,ou=Users,dc=tow,dc=net
> cn: Administrator
> sn: Administrator
> objectClass: inetOrgPerson
> objectClass: sambaSAMAccount
> objectClass: posixAccount
> gidNumber: 0
> uid: Administrator
> uidNumber: 0
> homeDirectory: /accounts/Administrator
> sambaPwdLastSet: 1068814077
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 1068814077
> sambaPwdMustChange: 2147483647
> sambaHomePath: \\whs1\Administrator
> sambaHomeDrive: H:
> sambaProfilePath: \\whs1\profiles\
> sambaLMPassword: E3B4E05BE6A182C9E13B8E8F6853DCAC
> sambaNTPassword: F4858C7E53BB628AE91E00E9DB6CD467
> sambaAcctFlags: [U  ]
> sambaSID: S-1-5-21-1129281578-1295143107-3311307472-1000
> loginShell: /bin/bash
> gecos: Netbios Domain Administrator
> sambaPrimaryGroupSID: S-1-5-21-1129281578-1295143107-3311307472-1001
> userPassword:: e1NNRDV9ZGpiNFo3ODQ3VFlKYWJYZEM5ZGRtSkFpMklzPQ==
> 
> 
> 
> smb.conf:
> 
> 
> [global]
> workgroup = WarehamPS
> encrypt passwords = Yes
> time server = Yes
> socket options = TCP_NODELAY
> security = user
> logon script = netlogon.bat
> writable = Yes
> dns proxy = no
> directory mask = 02770
> preferred master = yes
> netbios name = WHS1
> server string = RedHat 8.0 LDAP Server
> passdb backend = ldapsam
> ldap passwd sync = Yes
> passwd program = /usr/local/samba/bin/smbpasswd %u
>passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUnix\spassword:* %n\n
> log file = /var/log/samba.%m
> debug level = 2
> max log size = 50
> add user script = /usr/local/sbin/smbldap-useradd.pl %u
> #de

[Samba] Login after join domain fails

2003-11-15 Thread Kent L. Nasveschuk
Hello,

Samba 3.0.0/LDAP 2.1.23 RedHat 8.0

After wrestling with the probelem of attempting to join a W2K computer
to domain I finally succeded only to run into another problem.

First I was not able to use user "administrator" as samba admin alias
root to join computers to domain.I needed to create user "root" in LDAP
with:

uid=root
uidNumber=0
gidNumber=0
sambaSID=S-1...1000
sambaPrimaryGroup=S-1...1001

Then I was able to join to domain. When I reboot I get an error message
when trying to login:

error 3221356590

I can't login with any account, same message. An account must be used,
I'm assuming "nobody", through the network to create authentication
tokens so that any user that logs in with a valid login name in LDAP
will be able to login on this machine.The machine must authenticate
first prior to the user.


Anyone have this problem before. Could use some insite into where to
look to fix this problem.

-- 
Kent
[EMAIL PROTECTED]
[EMAIL PROTECTED]
W 508 291-3510 X122
C 508 317-2755

Tips:-->
"OpenOffice.org ... Stops Word macro viruses DEAD!"
"Postgresql.org ... Don't 'kill -9' the postmaster"
"Technology is legislation - C. Einfeldt on OO.o discuss list"

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Join Machine to Domain

2003-11-14 Thread Kent L. Nasveschuk
I appreciate your help on this. I still am having problems. Attached a
some of the pertinent configuration files.

I can login in with any account so connection and password to access
ldap server works, just can't join domain. I get an error message bad
passwd or unknown user. I added the username map but root =
administrator still doesn't work. 

# Administrator, Users, tow.net
dn: uid=Administrator,ou=Users,dc=tow,dc=net
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
gidNumber: 0
uid: Administrator
uidNumber: 0
homeDirectory: /accounts/Administrator
sambaPwdLastSet: 1068814077
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 1068814077
sambaPwdMustChange: 2147483647
sambaHomePath: \\whs1\Administrator
sambaHomeDrive: H:
sambaProfilePath: \\whs1\profiles\
sambaLMPassword: E3B4E05BE6A182C9E13B8E8F6853DCAC
sambaNTPassword: F4858C7E53BB628AE91E00E9DB6CD467
sambaAcctFlags: [U  ]
sambaSID: S-1-5-21-1129281578-1295143107-3311307472-1000
loginShell: /bin/bash
gecos: Netbios Domain Administrator
sambaPrimaryGroupSID: S-1-5-21-1129281578-1295143107-3311307472-1001
userPassword:: e1NNRDV9ZGpiNFo3ODQ3VFlKYWJYZEM5ZGRtSkFpMklzPQ==
 


smb.conf:


[global]
workgroup = WarehamPS
encrypt passwords = Yes
time server = Yes
socket options = TCP_NODELAY
security = user
logon script = netlogon.bat
writable = Yes
dns proxy = no
directory mask = 02770
preferred master = yes
netbios name = WHS1
server string = RedHat 8.0 LDAP Server
passdb backend = ldapsam
ldap passwd sync = Yes
passwd program = /usr/local/samba/bin/smbpasswd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba.%m
debug level = 2
max log size = 50
add user script = /usr/local/sbin/smbldap-useradd.pl %u
#delete user script = /usr/local/sbin/smbldap-useradd.pl
#add group script = /usr/local/sbin/smbldap-groupadd.pl
delete group script = /usr/local/sbin/smbldap-groupdel.pl
add machine script = /usr/local/samba/bin/smbpasswd -a -m %u
#add machine script = /usr/sbin/useradd -d /dev/null -g 502 -s
/bin/false -M %u
logon script = netlogon.bat
logon path = \\%N\profiles\%g
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 64
domain master = Yes
dns proxy = No
admin users = @domain_admins
#   wins support = Yes
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no
username map = /usr/local/samba/private/smbusers
[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
path = %H
#   valid users = %S
hide files = /.*/

[profiles]
path = /accounts/profiles
read only = no
create mask = 0600
directory mask = 0700

[netlogon]
comment = Netlogon share
path = /usr/local/samba/netlogon
locking = no
browseable = no
read only = yes
write list = @domain_admins

[staff]
comment = Staff common
path = /accounts/staff
read list = @staff @techstaff
write list = @staff @techstaff

[programs]
comment = Programs
path = /accounts/programs

[adm-pgms$]
comment = Admin Programs
path = /accounts/adm_pgms
read list = @techstaff
write list = @techstaff

[images$]
comment = Ghost image files
path = /accounts/images
write list = kent
read list = @techstaff

[printers]
comment = All Printers
path = /var/spool/samba
read only = Yes
printable = Yes
browseable = No

slapd.conf

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
17:06:18 kurt Exp $
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/

[Samba] Stuck on joining W2K clients to domain Samba 3 LDAP 2.1.23

2003-11-13 Thread Kent L. Nasveschuk
Not related to joining W2K clients to a domain but the "net" command
refuses to work if there is a problem in smb.conf. Even if you run
testparm and nothing is wrong. I don't kno if it's the order or
whitespaces that causes it to not work.

I"ve had to swap out smb.conf several times because I couldn't find the
problem why the "net" command wouldn't run.



I'm still trying to get Win2k clients to join a domain.

from:
http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html

Joining workstations (NT, W2K, XP) to the Samba domain

Basically you need cover these steps to add (join) a windows NT/W2K/XP
to the domain: 
in the PDC samba server create an account for the machine 
one entry in the /etc/passwd or equivalent (nsswitch...)
for the machine_name$-ended
one basic entry in the ldap previous to call to the
smbpasswd
one full entry in the ldapwithsmbpasswd -a -m
$
in the MS workstation, if is a XP or W2K you need set in the
registry: SignOrSeal to "0"
in the MS workstation you need join to the domain ASAP via: 
  
NT
control pannel-> Network
|Identification |
Domain/Change domain
W2K/XP
myPC-> System
properties|Computer name|
Domain/Change domain

I manually created an account in /etc/passwd $

I'm using:
add machine script = /usr/local/samba/bin/smbpasswd -a -m %u
in smb.conf to create ldap account.

The user I am logging in as in LDAP to create account is:
uid=Administrator uidNumber=0 sambaSID=S-1...-1000
sambaPrimaryGroupSID=S-1...-512

I can connect as user Administrator get to home directory but can't add
machine account. I get bad passwd or unknown username.

Please help!

-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Problem Samba 3.0 with net groupmap access LDAP 2.1.23

2003-11-12 Thread Kent L. Nasveschuk
Hello,
I thought I had this all figured out but I don't. I have a RedHat 8
system using LDAP 2.1.23 as backend to Samba 3.0.0. I wasn't able to get
machines to join the domain so I used the debug option in slapd -d 10 to
see what Samba was sending the LDAP server.


It looked like it was resolving my admin to the guest account. I went
back to check groupmap list and got the following error messages:

[EMAIL PROTECTED] root]# /usr/local/samba/bin/net groupmap list
[2003/11/12 12:44:29, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2048)
  ldapsam_setsamgrent: LDAP search failed: No such object
[2003/11/12 12:44:29, 0]
passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2113)
  ldapsam_enum_group_mapping: Unable to open passdb

I cannot tell you how many times I've run accross this message. One time
an error in my smb.conf caused it. This time I don't know. I get this
error message whether I load a base tree or it is empty. There are only
2 other configuration files that 

I'm sure someone has run accross this. Any suggestions I'm running low
on patience.

Another question..

To add a computer to a domain, realize that to store the admin password
for Samba to use for this I need to run smppasswd -w . There are
different options in slapd.conf for encrypting the root user password.
What do I use? Nothing, {SSHA} {CRYPT} ..I may have a GCE (gross
conceptual error) about how this password is accessed. Help!




-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: novice level question

2003-11-10 Thread Kent L. Nasveschuk
I can't speak about whether or not this is a good practice, but I
recently removed an intermediate organization from my LDAP tree. It was
great as a logical entity but in practice it added an another layer to
an already complex structure.

I've had a great deal of experience with Novell that allows many layers
to a directory structure through NDS. It can become very confusing to
the average user about where they reside in the directory structure.
Keep it as simple as possible.



On Mon, 2003-11-10 at 17:11, Shekhar Ayyappan wrote:
> Guys,  
> 
> I have recently been playing around with directory servers. 
> 
> My quick question of the day is as follows.
> 
> I have a directory  installed  whose root points to o=xyz
> 
>  
> 
> So for a user the dn is
> 
>  
> 
> cn=user1,ou=users,o=xyz 
> 
>  
> 
> is this a good practice??? Is it ok to omit the c=nz??? 
> 
> I am not goin to hook my directory onto the internet, this is for my
> private disposal..
> 
> Any thoughts guys???
> 
>  
> 
> Cheers and thnx in advance.
> 
> shekhar
> 
> 
> 
> __
> This email message and attachments are confidential to our
> organisation and subject to legal privilege.  If you have received
> this email in error, please advise the sender immediately and destroy
> the message and any attachments. If you are not the intended recipient
> you are notified that any use, distribution, amendment, copying or any
> action taken or omitted to be taken in reliance of this message or
> attachments is prohibited.  You can read our Privacy Policy here:
> www.asbbank.co.nz/privacystatement.stm 
> __
-- 
Kent
[EMAIL PROTECTED]
[EMAIL PROTECTED]
W 508 291-3510 X122
C 508 317-2755

Tips:-->
"OpenOffice.org ... Stops Word macro viruses DEAD!"
"Postgresql.org ... Don't 'kill -9' the postmaster"
"Technology is legislation - C. Einfeldt on OO.o discuss list"

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba 3.0 - LDAP create machine account fails

2003-11-10 Thread Kent L. Nasveschuk
Hello,
It's me again. I'm running Samba 3.0 and LDAP 2.1.23 on a RedHat 8.0
system.


I am able to browse shares and home directories. I get a:

Logon failure: unknown username or bad password

when I try to connect a W2k machine. For Win/95/98 the system already
works. I believe it is setup OK I need to work on scripts that work with
MMC. I just want a basic connect a w2k machine right now.

Output from /usr/local/samba/bin/net groupmap list


[EMAIL PROTECTED]'s password:
Last login: Mon Nov 10 08:10:41 2003 from 172.16.1.246
[EMAIL PROTECTED] root]# /usr/local/samba/bin/net groupmap list
domain_users (S-1-5-21-1129281578-1295143107-3311307472-513) -> dusers
domain_guests (S-1-5-21-1129281578-1295143107-3311307472-514) -> nobody
domain_admins (S-1-5-21-1129281578-1295143107-3311307472-512) -> root
administrators (S-1-5-32-544) -> 544
users (S-1-5-21-1129281578-1295143107-3311307472-545) -> users
guests (S-1-5-21-1129281578-1295143107-3311307472-546) -> nobody
power_users (S-1-5-21-1129281578-1295143107-3311307472-547) -> 547
account_operators (S-1-5-32-548) -> 548
server_operators (S-1-5-32-549) -> sys
print_operators (S-1-5-32-550) -> lp
backup_operators (S-1-5-32-551) -> bin
replicator (S-1-5-21-1129281578-1295143107-3311307472-552) -> daemon
computers (S-1-5-21-1129281578-1295143107-3311307472-515) -> dcomputers
Enterprise Admins (S-1-5-21-1129281578-1295143107-3311307472-519) -> 519
[EMAIL PROTECTED] root]#

output ldap search =>cn=domain_admins

[EMAIL PROTECTED] root]# ldapsearch -xv -b "dc=tow,dc=net" cn=domain_admins
ldap_initialize(  )
filter: cn=domain_admins
requesting: ALL
# extended LDIF
#
# LDAPv3
# base  with scope sub
# filter: cn=domain_admins
# requesting: ALL
#
 
# domain_admins, Groups, tow.net
dn: cn=domain_admins,ou=Groups,dc=tow,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-1129281578-1295143107-3311307472-512
gidNumber: 0
cn: domain_admins
memberUid: Administrator,kent
description: Netbios Domain Administrators
sambaGroupType: 2
 
# search result
search: 2
result: 0 Success
 
# numResponses: 2
# numEntries: 1


smb.conf

[EMAIL PROTECTED] root]# cat /usr/local/samba/lib/smb.conf
# Samba config file created using SWAT
# from 172.16.1.246 (172.16.1.246)
# Date: 2003/11/04 16:29:07
 
# Global parameters
[global]
workgroup = WarehamPS
netbios name = WHS1
server string = RedHat 8.0 LDAP Server
passdb backend = ldapsam
passwd program = /usr/local/sbin/smbldap-passwd.pl
log file = /var/log/samba.%m
max log size = 50
time server = Yes
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
#   unix password sync = Yes
#   add user script = /usr/local/sbin/smbldap-useradd.pl -w -d
/dev/null -c
'Machine Account' -s /bin/False
#   delete user script = /usr/local/sbin/smbldap-userdel.pl
#   add group script = /usr/local/sbin/smbldap-groupadd.pl
#   delete group script = /usr/local/sbin/smbldap-groupdel.pl
add machine script = /usr/local/sbin/smbldap-useradd.pl -w -g
"domain_computer" -d /dev/null -c "Machine Account" -s /bin/false %u$
add user script = /usr/sbin/useradd -m -d /accounts/"%u" -g 500
%u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groudadd %g
add user to group script = /usr/sbin/usermod -G %g %u
#   add machine script = /usr/sbin/useradd -s /bin/false -g 502 -d
/dev/null %u$
logon script = netlogon.bat
logon home = \\%L\%U
domain logons = Yes
os level = 64
domain master = Yes
dns proxy = No
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
admin users = @domain_admins
ldap ssl = no
read only = No
create mask = 02770
directory mask = 02770
 
[homes]
comment = Home Directories
path = %H
hide files = /.*/
browseable = No
 
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
read only = Yes
hide files = /.*/*.bat/*.dll/200*/
browseable = No
[profiles]
comment = Domain User Profiles
path = /accounts/profiles
read only = No
browseable = No
 
[staff]
comment = Staff common
path = /accounts/staff
 
[images]
comment = Ghost image files
path = /accounts/images
 
[printers]
comment = All Printers
path = /var/spool/samba
read only = Yes
printable = Yes
browseable = No

I've also added the appropriate password to secrets.tdb by:
smbpasswd -w 

slapd.conf

[EMAIL PROTEC

[Samba] smb.conf problems causes net groupmap to fail

2003-11-08 Thread Kent L. Nasveschuk
Hello,

I just thought I would post this since it may be helpful to others if
they run into the same issues I did.

I am using Samba 3.0 with openLDAP 2.1.23 as backend db on a Slackware 9
system. This is purely a test system that I need to test at home
reliably enough to put into production in a school system. I was getting
error messages when I went to run samba/bin/net commands. Couldn't
figure it out until now.
 

If you have a problem in your smb.conf when you try to run samba/bin/net
commands like groupmap list, you get error messages. My guess and the
developers can probably elaborate on this, net command reads the
smb.conf whether or not the daemons smbd or nmbd is running. Errors in
the config file will cause the net commands to fail. It took me a long
time to experiment and find this out but I thought I should pass it on.


-- 
Kent
[EMAIL PROTECTED]
[EMAIL PROTECTED]
W 508 291-3510 X122
C 508 317-2755

Tips:-->
"OpenOffice.org ... Stops Word macro viruses DEAD!"
"Postgresql.org ... Don't 'kill -9' the postmaster"
"Technology is legislation - C. Einfeldt on OO.o discuss list"

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: Réf. : [Samba] Net groupmap fails

2003-11-07 Thread Kent L. Nasveschuk
Did run a lower debug level -d 2 which gave me a clue that there was no
objectclass sambaGroupMapping.

Kent


On Fri, 2003-11-07 at 11:09, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> John H Terpstra wrote:
> 
> |>Should work as far as I can tell.  try running
> |>
> |>~  net groupmap add ntgroup="Domain Admins" \
> |>~  unixgroup="Domain Admins" rid=512 --debuglevel=10
> |>
> |>and see if you get any clues.
> |
> |
> | Hint: Make sure that you have all your "add  scripts"
> | in place.  Also, make sure that these scripts can handle
> | object names that have > upper case characters and/or
> | spaces in them.
> 
> Does matter here.  net group map doesn't run them
> for you anyways.  And in this case the group already
> existed.
> 
> | PS: groupadd does NOT permit spaces or upper case
> | characters in a group name.
> 
> In the unix group name?  or the nt group name?
> I know the ntgroup name is fine.  If the unix group
> name won't accept spaces, then this is a bug.
> (which is why I asked for a log to start with).
> 
> 
> 
> 
> ciao, jerry
> - --
> ~ --
> ~ Hewlett-Packard- http://www.hp.com
> ~ SAMBA Team -- http://www.samba.org
> ~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
> ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQE/q8OvIR7qMdg1EfYRAsyGAKDtVsl4h/vIi+E1ZuMjuV368esfwwCgxZ8W
> gDyTYIou+TeI+46od+gdbxU=
> =YkeB
> -END PGP SIGNATURE-
-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: Réf. : [Samba] Net groupmap fails

2003-11-07 Thread Kent L. Nasveschuk
When I ran smbldap_populate.pl the objectclass sambaGroupMapping was not
present.I don't know if it is supposed to be created or not but when I
used ldapmodify with and a file that contained:


dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net
add: objectclass
objectclass: sambaGroupMapping
sambaSID: S-1-5-21-739112995-4084651483-89095900-512
sambaGroupType: 2

Now when I run net groupmap list I get
Domain Admins (S-1-5-21...512) => 512

Guess I will have to do that with all of the groups created by
smbldap-populate.pl.


found at archive:

http://www.mail-archive.com/[EMAIL PROTECTED]/msg21134.html

Am I doing this right?



On Fri, 2003-11-07 at 10:31, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Kent L. Nasveschuk wrote:
> 
> | [EMAIL PROTECTED]:~# /usr/local/samba/bin/net groupmap add ntgroup="Domain
> | Admins" unixgroup="Domain Admins" rid=512
> | Can't lookup UNIX group Domain Admins
> |
> | Is there something with initial compiling samba 3.0.0 that would disable
> | this? All the documentation that I've seen makes it look so easy, but I
> | can't get it to work.
> 
> Should work as far as I can tell.  try running
> 
> ~  net groupmap add ntgroup="Domain Admins" \
> ~  unixgroup="Domain Admins" rid=512 --debuglevel=10
> 
> and see if you get any clues.
> 
> 
> 
> cheers, jerry
> - --
> ~ --
> ~ Hewlett-Packard- http://www.hp.com
> ~ SAMBA Team -- http://www.samba.org
> ~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
> ~ "You can never go home again, Oatman, but I guess you can shop there."
> ~--John Cusack - "Grosse Point Blank" (1997)
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQE/q7rgIR7qMdg1EfYRApNLAJ9Vl+zRDF6dcF/ILcLBXx1KUyEniQCg2jm8
> awcVVG2Haash31wV5FKIRvo=
> =AzvU
> -END PGP SIGNATURE-
-- 
Kent L. Nasveschuk <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: Réf. : [Samba] Net groupmap fails

2003-11-07 Thread Kent L. Nasveschuk
Stephanie,
Thank you for your help. I tryed what you suggest but no luck.. I get
this:

[EMAIL PROTECTED]:~# /usr/local/samba/bin/net groupmap add ntgroup="Domain
Admins" unixgroup="Domain Admins" rid=512
Can't lookup UNIX group Domain Admins

Is there something with initial compiling samba 3.0.0 that would disable
this? All the documentation that I've seen makes it look so easy, but I
can't get it to work. 

On Fri, 2003-11-07 at 06:48, [EMAIL PROTECTED] wrote:
> try /usr/local/samba/bin/net groupmap add ntgroup="Domain
> Admins" unixgroup="Domain Admins" rid=512
> 
> dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net
> objectClass: posixGroup
> 
> This group is the unix group.
> 
> ---
> StÃphane PURNELLE [EMAIL PROTECTED]
> Service Informatique   Corman S.A.   Tel : 00 32 087/342467
> 
> 
>  
> 
> "Kent L. Nasveschuk" <[EMAIL PROTECTED]> 
>
> Envoyà par :   Pour :  
> Samba List Server <[EMAIL PROTECTED]> 
> [EMAIL PROTECTED]cc :
>   
> .samba.org Objet :   
>[Samba] Net groupmap fails   
>  
> 
>  
> 
> 07/11/2003 12:31 
> 
>  
> 
>  
> 
> 
> 
> 
> 
> I have yet to get group mapping to work in samba 3.0. Getting very
> frustrated.
> 
> I'm using openldap 2.1.23 as the backend database for samba 3.0.0. I've
> added the base domain groups as posixAccounts to the LDAP database using
> smbldap-populate.pl.
> 
> [EMAIL PROTECTED]:/usr/local/etc/openldap# ldapsearch -xv -b
> "o=30greatneck,dc=home,dc=net"
> 
> # Administrator, Users, 30GreatNeck, home.net
> dn: uid=Administrator,ou=Users,o=30GreatNeck,dc=home,dc=net
> cn: Administrator
> sn: Administrator
> objectClass: inetOrgPerson
> objectClass: sambaSAMAccount
> objectClass: posixAccount
> gidNumber: 512
> uid: Administrator
> uidNumber: 998
> homeDirectory: /accounts
> sambaPwdLastSet: 0
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaPwdMustChange: 2147483647
> sambaHomePath: \\Lnxsrv2\accounts
> sambaHomeDrive: H:
> sambaProfilePath: \\Lnxsrv2\profiles\
> sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-512
> sambaLMPassword: XXX
> sambaNTPassword: XXX
> sambaAcctFlags: [U  ]
> sambaSID: S-1-5-21-739112995-4084651483-89095900-2996
> loginShell: /bin/false
> gecos: Netbios Domain Administrator
> 
> 
> # nobody, Users, 30GreatNeck, home.net
> dn: uid=nobody,ou=Users,o=30GreatNeck,dc=home,dc=net
> cn: nobody
> sn: nobody
> objectClass: inetOrgPerson
> objectClass: sambaSAMAccount
> objectClass: posixAccount
> gidNumber: 514
> uid: nobody
> uidNumber: 999
> homeDirectory: /dev/null
> sambaPwdLastSet: 0
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaPwdMustChange: 2147483647
> sambaHomePath: \\Lnxsrv2\accounts
> sambaHomeDrive: H:
> sambaProfilePath: \\Lnxsrv2\profiles\
> sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-514
> sambaLMPassword: NO PASSWORDX
> sambaNTPassword: NO PASSWORDX
> sambaAcctFlags: [NU ]
> sambaSID: S-1-5-21-739112995-4084651483-89095900-2998
> loginShell: /bin/false
> 
> # Domain Admins, Groups, 30GreatNeck, home.net
> 
> # Domain Admins, Groups, 30GreatNeck, home.net
> dn: cn=Domain Admins,ou=Groups,o=30Gr

  1   2   >