Re: [Samba] Question about SSL/TLS for ldap and samba
[EMAIL PROTECTED] a écrit sur 08/08/2005 11:17:59 : What is the difference between LDAPs and ldapv3 start-tls ? ldaps listens on port 636 and start-tls is used on the standard 389 ldap port. I know that, but I ask because I read in samba-howto-collection that samba prefer to use ldapv3 start-tls that the protocol ldaps. And I want to know why I select the ldaps protocol in my smb.conf because I don't kown how samba manage certificate. I would use: ldap ssl = start_tls If samba can use a certficate, it's not a problem. But I think that samba use the certificate used with openLDAP client. Samba looks at the standard system ldap.conf, which is in /etc/openldap/ldap.conf yes, but I don't like this because I cannot specify a certificate for samba only, is the certificate specify in /etc/openldap/ldap.conf which is used. You can tell OpenLDAP to only allow TLS connections via the security setting. See man slapd.conf Gavin. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 742001 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Samba, win xp and acls
Hi, [EMAIL PROTECTED] a écrit sur 04/08/2005 17:26:59 : Hello all, I'm working and searching for a few days to obtain this result : * I want to share some directories between differents users and groups (windows XP clients) using a minimum but efficient configuration with samba and posix acls. * I would like that users windows configuration stay on locals machines (no roaming accounts), * When registering users and computers on the domain, users must keep there configuration, * I want to manage users and groups using srvtools.exe I use tdbsam, posix acls work fine and samba (3.0.14a) runs as a PDC. My problems are : * On windows (with administrator account), some directories don't have the acl (security) panel, * On other directories, the panel is present but I cannot modify permissions, If you specify that the admin user is root, the administrator user don't have the right to admin the system. * Users configurations are never stored locally, * Creating new users with srvtools not possible, * How to keep old users windows configuration when entering the domain ? * No way to find a good tutorial answering my needs... SAMBA-HOWTO-COLLECTION and samba by-example in samba web-site Here is my configuration : smb.conf : [global] interfaces = 192.168.1.120/24 enable privileges = yes nt acl support = yes security = user netbios name = FSERVER workgroup = FWSERVER passdb backend = tdbsam server string = File Server add user script = /usr/sbin/useradd -m '%u' add group script = /usr/sbin/groupadd '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' logon script = scripts\logon.bat logon path = logon drive = H: domain logons = yes username map = /etc/samba/smbusers admin users = root socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 encrypt passwords = yes wins support = yes os level = 50 domain master = yes local master = yes preferred master = yes name resolve order = lmhosts host wins bcast preserve case = yes short preserve case = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . [public] writable = yes path = /share/public public = yes create mode = 0777 directory mask = 0777 admin users = root nt acl support = yes [technique] writable = yes path = /share/technique public = no create mode = 0770 directory mask = 0770 valid users= @technique, @admins admin users = root nt acl support = yes [stagiaires] writable = yes path = /share/stagiaires public = no create mode = 0770 directory mask = 0770 valid users= @stagiaires, @admins admin users = root nt acl support = yes [secretariat] writable = yes path = /share/secretariat public = no create mode = 0770 directory mask = 0770 valid users= @secretariat @admins admin users = root nt acl support = yes [finances] writable = yes path = /share/finances public = no create mode = 0770 directory mask = 0770 valid users = @finances @admins admin users = root nt acl support = yes --- My groupmaps seems to be good : System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-3171617769-241562045-158900556-512) - admins Power Users (S-1-5-32-547) - -1 Domain Guests (S-1-5-21-3592376627-3846121942-908627037-514) - -1 Domain Users (S-1-5-21-3592376627-3846121942-908627037-513) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - admins Domain Users (S-1-5-21-3171617769-241562045-158900556-513) - ntusers Account Operators (S-1-5-32-548) - -1 Secretariat (S-1-5-21-3171617769-241562045-158900556-3003) - secretariat Technique (S-1-5-21-3171617769-241562045-158900556-3005) - technique Finances (S-1-5-21-3171617769-241562045-158900556-3007) - finances Stagiaires (S-1-5-21-3171617769-241562045-158900556-3009) - stagiaires Domain Guests (S-1-5-21-3171617769-241562045-158900556-514) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Thx for help. Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] TLS connections between SambaOpenLDAP
Have you set : TLS_CACERT ldap.conf of openldap (not /etc/ldap.conf) The common name in certificat, is it a host name resolvable ? --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 27/07/2005 11:02:58 : Goos morning all, I compiled Samba 3.0.14a with OpenLDAP 2.1.22-0 directory. I then enabled TLS between Samba and OpenLDAP. The following tests succeeded: s_server to s_client -- OK slapd to s_client -- OK slapd to OPenLDAP client commands (ldapsearch..) -- OK The problem is the following: when I start Samba (service smb start), slapd output returns: TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5, got=5 : 15 03 01 00 02 . tls_read: want=2, got=2 : 02 30 .0 TLS trace: SSL3 alert read:fatal:unknown CA TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept. TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:1052 connection_read(14): TLS accept error error=-1 id=2, closing connection_closing: readying conn=2 sd=14 for close May anyone tell me what is going wrong? Thank you ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Problems with access-rights :)
Hi, [EMAIL PROTECTED] a écrit sur 19/07/2005 18:19:49 : Hi! I have a problem with access-right. I have the following dirs: Owner Group rootAll /pub rootAll /pub/kit I have to groups pubadmin kituser I want that pubadmin can read-write to /pub/* and that kituser can readwrite to /pub/kit So i configure: [pub$] path = /exports/pub read only = No write list = @pubadmins # write list = @SCC-EC If you set read only = no, all people can read and write. If you set now, read only = yes, only people which are member of write list can write. [pubkit$] path = /exports/pub/kit read only = No # read list = @SHQ-Alle write list = @kituser There are the users user1 that is member of All and pubadmin user2 that is member of All and kituser When i use the above configuration user2 can write to pub and to pub/kit How can i change it. What i wan't is that the sambaserver can write to every dirs but that i can give the accessrights with red/write list. Thanks for your help! Best regards, Kai. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] SFU required ?
Hi, No, for samba ADS member you must just use winbind and idmap mapping. I suggest you to read the samba-howto-collection and the samba by-example book available on samba website. Stéphane --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 18/07/2005 10:31:31 : Hi, Do I have to install SFU on the W2K DC to make samba ADS member work and use AD auth ? Anthony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Performance about ldapsam:trusted parameter
Hi, today, my nscd server has been died, I don't know what has been happened but if the nscd server not run, the main smbd process up to 99% CPU and the network is very slow. I restarted the nscd server and all work fine. Now, samba team have implemented the parameter ldapsam:trusted and I would like to know if the performances are identical to nscd server. I ask this question by supposing that the fact of not using PAM and NSS, causes to not use nscd serverwhich cause problem. It's a old nscd server (RedHat 8.0) Thanks in advance for your answer. Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible to hide [homes] ?
add parameter : available = no --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 11/07/2005 13:23:36 : Well, [homes] comment = Home Directories browseable = no ... that doesn't work. This is what I have in the smb.conf file: [homes] comment = Home Directories browseable = no writeable = yes valid users = %S create mode = 0600 directory mode = 0700 -Remy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Separating PDC and file-server function
Hi, I would like to separate the PDC function and file/printer server function on two server. The password backend is a LDAP server. Actually, I have one server with PDC function and file and print server function. Server : LDAP master nss_ldap andpam_ldap samba configured for PDC and share function Now, I ask you to tell me if the configuration before is correct for separate these functions. PDC : LDAP master no nss_ldap and pam_ldap samba configured for PDC function -- with-ldap File and print server : LDAP slave nss_ldap and pam_ldap configured samba configured as STANDALONE (share definition) --with-ldap --with-acl-support It's correct ? thanks Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] smbldap-tools problem
Why you try with gidNumber ? If you try with the cn ? smbldap-useradd -a -g Admins utente --- Stphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a crit sur 17/06/2005 13:56:13 : Hi! I'm installing Debian Sarge with Samba 3.0.14a-3, OpenLDAP 2.2.23-8, smbldap-tools 0.8.7-4 ( I tried with 0.9.x version also) It isn't the first time I install a system like this but this time I encountered a problem never seen: during user insert I have an error because of smbldap-tools do not find indicated group (but group exists!). So: SambaTesting:~/install# smbldap-groupshow Admins dn: cnmins,ou=Groups,dc=Duet,dc=it objectClass: posixGroup,sambaGroupMapping cn: Admins gidNumber: 200 sambaSID: S-1-5-21-2275038829-2173144163-3767808964-1401 sambaGroupType: 2 displayName: Admins SambaTesting:~/install# smbldap-useradd -a -g 200 utente /usr/sbin/smbldap-useradd: unknown group 200 SambaTesting:~/install# Anyone can help me? Thanks, Fabio -- Dott. Fabio Marcone 2T srl Telefono +39 - 0871- 540154 Fax +39 - 0871- 571594 Indirizzo Viale B. Croce 573, 66013 Chieti Scalo (CH) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] smbldap adding machine error
Hi, More information could be provided ? ldap.conf smbldap.conf And the version of smbldap-tools... --- Stphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a crit sur 16/06/2005 17:31:19 : On Thursday 16 June 2005 09:18, Corey Spalding wrote: Hi all, I'm currently working on getting the whole samba with ldap working. I'm having an error trying to join a computer to the domain, when windows goes to change to the new domain I get the dialogue box to enter the user/pass to join I do that and it returns: the following error occurred the username could not be found. What is your ldap.conf configuration? When you do a search for users is the computers container searched also? If not, there is your problem! - John T. taking a look at the smbd.log file it shows: [2005/06/16 11:09:18, 2] smbd/reply.c:reply_special(236) netbios connect: name1=BUTCH name2=SHERRI [2005/06/16 11:09:18, 2] smbd/reply.c:reply_special(243) netbios connect: local=butch remote=sherri, name type = 0 [2005/06/16 11:09:18, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/06/16 11:09:18, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/06/16 11:09:18, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/06/16 11:09:18, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: root [2005/06/16 11:09:18, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2005/06/16 11:09:18, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: root [2005/06/16 11:09:18, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain SPRINGFIELD2 - S-1-5-21-44546037-3274923872-710358792 [2005/06/16 11:09:18, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/opt/IDEALX/sbin/smbldap-useradd -w sherri$' gave 9 [2005/06/16 11:09:19, 2] smbd/server.c:exit_server(609) Closing connections my smb.conf file is: [global] dos charset = 850 unix charset = ISO8859-1 workgroup = SPRINGFIELD2 server string = SAMBA-LDAP PDC Server passdb backend = ldapsam:ldap://127.0.0.1/ enable privileges = Yes passwd program = /opt/IDEALX/sbin/smbldap-passwd log level = 2 log file = /var/log/smbd.log add user script = /opt/IDEALX/sbin/smbldap-useradd -m %u delete user script = /opt/IDEALX/sbin/smbldap-userdel %u add group script = /opt/IDEALX/sbin/smbldap-groupadd -p %g delete group script = /opt/IDEALX/sbin/smbldap-groupdel %g add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m %u %g delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x %u %g set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g %g %u add machine script = /opt/IDEALX/sbin/smbldap-useradd -w %u domain logons = Yes os level = 50 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=SPRINGFIELD,dc=ORG ldap delete dn = Yes ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=SPRINGFIELD,dc=ORG ldap ssl = no ldap user suffix = ou=Users If I run the command smbldap-useradd -w sherri$ it runs no problem. Anybody have any ideas as to whats wrong here? Thanks, -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] when working with admin users = inherit owner does not work anymore
hi, This parameter will be added since samba 3.0.15pre2. inherit owner parameter not exist in 3.0.14a and above. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 14/06/2005 13:26:46 : nobody an idea? Michael Gasch wrote: hi list, i'm using samba v3.0.14a when working with admin users = inherit owner does not work for me anymore the owner is set to root any ideas? will inherit owner solve this problem? thx in advance -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] netbios description
Hi, server string parameter in smb.conf --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 10/06/2005 11:35:50 : Guys I have a samba server that has joined and existing 2000 domain (used for squid NTLM auth) When using My network places on an xp server i see the following Samba 3.0.11 (Squid-server) Now the servers name is Squid-server, and the description seems to be Samba 3.0.11. How do i remove this description ? I have look through the smb.conf man pages and can find where you set the netbios name but not the descrition. Cheers Graeme -- Chaos. Panic. Disorder. My work here today is done -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] samba ldap problem
What is your guest user in smb.conf ? check if is not nobody, the guest acoutn is used by samba for first connection. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 10/06/2005 16:20:56 : I have tried to create a samba domain with a ldap backend. This is how my ldap structure looks like. # example.com dn: dc=example,dc=com objectClass: dcObject objectClass: organization o: example dc: example # groups, example.com dn: ou=groups,dc=example,dc=com objectClass: organizationalUnit ou: groups # Domain Admins, groups, example.com dn: cn=Domain Admins,ou=groups,dc=example,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: root description: Netbios Domain Administrators sambaSID: S-1-5-21-3527759599-3696857034-3584459987-512 sambaGroupType: 2 displayName: Domain Admins # Domain Users, groups, example.com dn: cn=Domain Users,ou=groups,dc=example,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: Netbios Domain Users sambaSID: S-1-5-21-3527759599-3696857034-3584459987-513 sambaGroupType: 2 displayName: Domain Users # Domain Guests, groups, example.com dn: cn=Domain Guests,ou=groups,dc=example,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users sambaSID: S-1-5-21-3527759599-3696857034-3584459987-514 sambaGroupType: 2 displayName: Domain Guests # computers, example.com dn: ou=computers,dc=example,dc=com objectClass: organizationalUnit ou: computers # PDC, example.com dn: sambaDomainName=PDC,dc=example,dc=com objectClass: sambaDomain sambaDomainName: PDC sambaNextGroupRid: 9 sambaNextUserRid: 9 sambaSID: S-1-5-21-3527759599-3696857034-3584459987 sambaNextRid: 9 # people, example.com dn: ou=people,dc=example,dc=com objectClass: organizationalUnit ou: people # root, people, example.com dn: uid=root,ou=people,dc=example,dc=com uid: root sambaSID: S-1-5-21-3527759599-3696857034-3584459987-500 sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-512 displayName: root sambaAcctFlags: [U ] objectClass: account objectClass: sambaSamAccount sambaPwdMustChange: 2147483647 sambaLMPassword: 63D2114DE42F744B30A84C4AFE5A sambaNTPassword: 5460FB29D247C383F63E1E3A417FC39B sambaPasswordHistory: sambaPwdCanChange: 1118395221 sambaPwdLastSet: 1118395221 # win2k$, Computers, example.com dn: uid=win2k$,ou=Computers,dc=example,dc=com uid: win2k$ sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3022 sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-1201 objectClass: sambaSamAccount objectClass: account displayName: win2k$ sambaPwdMustChange: 2147483647 sambaAcctFlags: [W ] sambaPwdCanChange: 1118395893 sambaNTPassword: 5C70F10A2EAD0B4FE5588114C98ED1ED sambaPwdLastSet: 1118395893 # Martin Hallgren, people, example.com dn: cn=Martin Hallgren,ou=people,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: top objectClass: krb5Principal objectClass: krb5KDCEntry objectClass: sambaSamAccount krb5PrincipalName: [EMAIL PROTECTED] krb5KeyVersionNumber: 1 krb5MaxLife: 86400 krb5MaxRenew: 604800 krb5KDCFlags: 126 cn: Martin Hallgren givenName: Martin mail: [EMAIL PROTECTED] sn: Hallgren uid: martin uidNumber: 1050 gidNumber: 100 homeDirectory: /home/martin loginShell: /bin/bash sambaAcctFlags: [U ] sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3250 sambaPwdCanChange: 1118395383 sambaPwdMustChange: 2147483647 sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE sambaNTPassword: 0CB6948805F797BF2A82807973B89537 sambaPasswordHistory: sambaPwdLastSet: 1118395383 # nobody, people, example.com dn: uid=nobody,ou=people,dc=example,dc=com objectClass: account objectClass: sambaSamAccount objectClass: posixAccount uid:: bm9ib2R5ICAgICAgICAgICAgICAgICA= sambaPwdLastSet: 0 sambaLogonTime: 2147483647 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 2147483647 sambaPwdMustChange: 2147483648 displayName: Nobody cn: Nobody sambaSID: S-1-5-21-3527759599-3696857034-3584459987-501 sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-514 gecos:: Tm9ib2R5IG9yIEd1ZXN0ICAgICAgIA== homeDirectory:: L2Rldi9udWxsICAgICAgICAgICAgIA== loginShell:: L2Rldi9udWxsICAgICA= uidNumber: 65534 gidNumber: 65534 sambaAcctFlags: [UX ] # Morgan Hallgren, people, example.com dn: cn=Morgan Hallgren,ou=people,dc=example,dc=com objectClass: inetOrgPerson
[Samba] read-only file problem
Hi, I have a little problem : Some user have problem with file is read-only mode But all unix acl and posix acl are correct : ls -l drwxrwx---+ 19 root Utilisateurs 4096 jun 9 11:33 STEPHANE -rwxrwx---+ 1 root Utilisateurs 1027584 jun 7 14:33 dossier fraise.ppt getfacl: Removing leading '/' from absolute path names # file: rsrv/vol2/data1/groupes/CRDMAR/STEPHANE/dossier\040fraise.ppt # owner: root # group: Utilisateurs user::rwx group::--- group:crdmar:rwx mask::rwx other::--- The user etucrd is member of Utilisateurs and crdmar group The Utilisateurs group is the group which contains all user of my domain (is mapped to Domain Users) The crdmar group is the group wich have autority to read and write document. The client is a windows 2000 pro with office 97 SR-1 In log : [2005/06/09 12:54:07, 3] smbd/vfs.c:reduce_name(837) reduce_name [CRDMAR/STEPHANE/dossier fraise.ppt] [/rsrv/vol2/data1/groupes] [2005/06/09 12:54:07, 3] smbd/vfs.c:reduce_name(943) reduce_name: CRDMAR/STEPHANE/dossier fraise.ppt reduced to (null) [2005/06/09 12:54:07, 2] smbd/dosmode.c:unix_mode(60) unix_mode(CRDMAR/STEPHANE/dossier fraise.ppt) inheriting from CRDMAR/STEPHANE [2005/06/09 12:54:07, 2] smbd/dosmode.c:unix_mode(68) unix_mode(CRDMAR/STEPHANE/dossier fraise.ppt) inherit mode 40770 [2005/06/09 12:54:07, 3] smbd/dosmode.c:unix_mode(111) unix_mode(CRDMAR/STEPHANE/dossier fraise.ppt) returning 0760 [2005/06/09 12:54:07, 3] smbd/vfs.c:reduce_name(837) reduce_name [CRDMAR/STEPHANE/dossier fraise.ppt] [/rsrv/vol2/data1/groupes] [2005/06/09 12:54:07, 3] smbd/vfs.c:reduce_name(943) reduce_name: CRDMAR/STEPHANE/dossier fraise.ppt reduced to (null) [2005/06/09 12:54:07, 2] smbd/open.c:open_file(245) etucrd opened file CRDMAR/STEPHANE/dossier fraise.ppt read=Yes write=No (numopen=1) The description of the share is : [groupes] comment = GROUPES path = /rsrv/vol2/data1/groupes read only = No inherit permissions = Yes inherit acls = Yes hide unreadable = Yes create mask = O770 directory mask = 0770 # security mask = 0770 # directory security mask = 0770 force directory mode = 0770 can anyone help me Stéphane --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Winbindd problems ... nevers answered ?
I'm afraid, 3 PDC on the same domain ? --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 07/06/2005 10:28:51 : Hi i have 3 PDC on my network, and after reboot the first PDC, my winbindd can't call with it : [EMAIL PROTECTED] squid]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_INVALID_COMPUTER_NAME (0xc122) Could not check secret [2005/06/07 10:20:30, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [22308]: request interface version [2005/06/07 10:20:30, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [22308]: request location of privileged pipe [2005/06/07 10:20:30, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(41) [22308]: check machine account [2005/06/07 10:20:30, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109) cm_get_ipc_userpass: No auth-user defined [2005/06/07 10:20:31, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256) cli_nt_setup_creds: request challenge failed [2005/06/07 10:20:31, 3] nsswitch/winbindd_cm.c:cm_prepare_connection(387) schannel refused - continuing without schannel (NT_STATUS_INVALID_COMPUTER_NAME) [2005/06/07 10:20:31, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256) cli_nt_setup_creds: request challenge failed [2005/06/07 10:20:31, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68) could not open handle to NETLOGON pipe [2005/06/07 10:20:31, 2] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98) Checking the trust account password returned NT_STATUS_INVALID_COMPUTER_NAME i restart winbindd and now i have [EMAIL PROTECTED] samba]# wbinfo -t checking the trust secret via RPC calls succeeded [EMAIL PROTECTED] samba]# only whith a stop/start 1- Why Winbindd don't reconnect to the PDC when he lose the connection ? 2- Why he don't sent the request to the second PDC when the first are died ? 3- Can i put a script for auto detection if the connexion are good ? 4- Into my smb.conf, i have : security = domain password server = * i can specify a list of IP/PDC for he sent the request ? Please help me to understand this problems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Problems
Hi,
For specify Domain Admins grou mapping, you must use net groupmap with rid
parameter :
proto : net groupmap add {rid=int|sid=string} unixgroup=string
[type={domain|local}] [ntgroup=string] [comment=string]
ex : net groupmap add rid=512 unixgroup=domadm ntgroup=Domain Admins
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
07/06/2005 15:30:40 :
Ok let me ask this:
Why after I create a group map of Domain Admins to my unixgroup
domadm do I now have two entries listed for Domain Admins?
one to -1 the other to my domadm unix group
-
System Operators (S-1-5-32-549) - -1
Domain Admins (S-1-5-21-4008386108-3466510086-266964780-512) - -1
Domain Guests (S-1-5-21-4008386108-3466510086-266964780-514) - -1
Replicators (S-1-5-32-552) - -1
Guests (S-1-5-32-546) - -1
Domain Admins (S-1-5-21-4008386108-3466510086-266964780-2091) - domadm
Power Users (S-1-5-32-547) - -1
Print Operators (S-1-5-32-550) - -1
Administrators (S-1-5-32-544) - -1
Account Operators (S-1-5-32-548) - -1
Backup Operators (S-1-5-32-551) - -1
Users (S-1-5-32-545) - -1
Domain Users (S-1-5-21-4008386108-3466510086-266964780-513) - -1
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Re: [idx-smbldap-tools ] smbldap-tools and joining workstation to domain
Since samba 3.0.2a, samba add sambaSAMAccount directly in LDAP tree. What user you use for adding machine to domain ? --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 06/06/2005 07:23:25 : Tim Verhoeven wrote: On 6/4/05, Andres Toomsalu [EMAIL PROTECTED] wrote: I've reported this before but I guess I'll have to do it again, since it's not fixed yet or I'm understanding something wrong here. The problem is that smbldap-useradd -w 'machinename' will add only posixAccount entrys into ldap but it should add both posixAccount and sambaSAMAccount entrys. So if one doesn't add correct machine account entrys manually to ldap the windows workstation domain joining is impossible. In my experience the smbldap-useradd behaviour is correct. It will only add the posicAccount part of a machine account. Then when you actually join a machine to a domain Samba itself will modify the machine account and add the sambaSAMAccount parts. For this to work you will ofcourse need also to configure Samba that is has a ldap account that has the rights to update items in the ldap tree. I just made fresh tests again with win xp pro sp2 and samba 3.0.14a + smbldap-tools 0.88 just to be sure nothing has changed meanwhile: 1) I can't join XP workstation to domain when I don't have computer account in ldap - Error is Access denied. In result it makes computer account in ldap but only posixAccount part of it as smbldap-useradd -w does it. 2) I can't join XP workstation to domain when I do have computer account in ldap - but only posixAccount entrys as smbldap-useradd -w '%u' makes them like that - Error is Access denied. 3) I can join XP workstation to domain when I manually make correct computer account entrys in ldap with phpldapadmin - then there are both posixAccount and sambaSamAccount entrys present. Here is copy-paste samples of computer accounts in my ldap - first sample is made with smbldap-useradd -w and second that actually works is made manually: # Entry 1: uid=testmasin$,ou=Computers,dc=active,dc=ee dn: uid=testmasin$,ou=Computers,dc=active,dc=ee objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: testmasin$ sn: testmasin$ uid: testmasin$ uidNumber: 1016 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer # Entry 1: uid=windesk$,ou=Computers,dc=active,dc=ee dn: uid=windesk$,ou=Computers,dc=active,dc=ee gidNumber: 515 uidNumber: 3002 uid: windesk$ sambaSID: S-1-5-21-530076877-4031960640-1585896771-7004 sambaAcctFlags: [W ] cn: windesk homeDirectory: /dev/null objectClass: top objectClass: sambaSamAccount objectClass: posixAccount objectClass: account sambaPwdMustChange: 2147483647 sambaPwdCanChange: 1118035851 sambaNTPassword: D8B4AEB073153BADC4CD6DE75CF1BFB0 sambaPwdLastSet: 1118035851 So joining XP workstations to domain with smbldap-tools doesn't work for me. I still think there is a bug in smbldap-useradd script that it won't add sambaSamAccount entrys when invoked as smbldap-useradd -w '%u'. I don't think sambaSamAccount entry's are being added during domain joining procedure because for domain joining samba uses the very same smbldap-useradd -w '%u' command - which doesn't add any sambaSamAccount entrys. The Samba Openldap howto clearly documents that smbldap-useradd -w 'worsktation' should produce following entrys in ldap: dn: uid=testhost3$,ou=Computers,dc=IDEALX,dc=ORG objectClass: top objectClass: posixAccount objectClass: sambaSAMAccount cn: testhost3$ gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false uid: testhost3$ uidNumber: 1005 sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 description: Computer Account rid: 0 primaryGroupID: 0 lmPassword: 7582BF7F733351347D485E46C8E6306E ntPassword: 7582BF7F733351347D485E46C8E6306E acctFlags: [W ] So my guess that this is a bug in the documentation and not in the code. Kind regards, Tim -- -- Andres Toomsalu, [EMAIL PROTECTED] juhataja - general manager, OÜ Active Systems Lille 4-205, Pärnu 80041, phone +372 44 70 595 GSM +372 56 496 124, IM: [EMAIL PROTECTED] http://www.active.ee -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Re: [idx-smbldap-tools ] smbldap-tools and joining workstation to domain
Hi, There are a other parameter which cause to add machine account failed : That is the ldap filter parameter, if the ldap filter contain the filter ((uid=%u)(objectclass=sambaSamAccount)) samba not add the machine account correctly --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 06/06/2005 09:28:40 : The script only adds the posix stuff, when you join the workstation the sambaSam entries are created by samba. BUT... Samba NEEDS to find a posix account with the name of the machine being joined. How are you doing user lookups on your posix side? If you use nss_ldap and you have a seperate ou in your directory for users and computers that could be where your problem is. i.e. if nss_ldap is set to look in ou=users,dc=test,dc=com for its posix userbase then if you do: :~#getent passwd then it will return only users it finds in that ou. So if your add machine script is creating users(machine accounts) in ou=computers,dc=test,dc=com then as far as posix is concerned there is no posix account for the new machine. Samba will not find a possix account and will not add the sambaSam entries and the join will fail. You have 2 options: 1.Add your user accounts and computer accounts to the same ou. 2. Tell nss_ldap to do sub tree searches of the parent ou. eg. set your base to dc=test,dc=com rather than ou=users,dc=test,dc=com This is how I understand it anyhow, I might be wrong, Im no smaba pro but I went for option 2. If anyone can shed some more light on this is or set me straight if Im wrong, please do. Cheers, Rhys On 6/6/05, Andres Toomsalu [EMAIL PROTECTED] wrote: Tim Verhoeven wrote: On 6/4/05, Andres Toomsalu [EMAIL PROTECTED] wrote: I've reported this before but I guess I'll have to do it again, since it's not fixed yet or I'm understanding something wrong here. The problem is that smbldap-useradd -w 'machinename' will add only posixAccount entrys into ldap but it should add both posixAccount and sambaSAMAccount entrys. So if one doesn't add correct machine account entrys manually to ldap the windows workstation domain joining is impossible. In my experience the smbldap-useradd behaviour is correct. It will only add the posicAccount part of a machine account. Then when you actually join a machine to a domain Samba itself will modify the machine account and add the sambaSAMAccount parts. For this to work you will ofcourse need also to configure Samba that is has a ldap account that has the rights to update items in the ldap tree. I just made fresh tests again with win xp pro sp2 and samba 3.0.14a + smbldap-tools 0.88 just to be sure nothing has changed meanwhile: 1) I can't join XP workstation to domain when I don't have computer account in ldap - Error is Access denied. In result it makes computer account in ldap but only posixAccount part of it as smbldap-useradd -w does it. 2) I can't join XP workstation to domain when I do have computer account in ldap - but only posixAccount entrys as smbldap-useradd -w '%u' makes them like that - Error is Access denied. 3) I can join XP workstation to domain when I manually make correct computer account entrys in ldap with phpldapadmin - then there are both posixAccount and sambaSamAccount entrys present. Here is copy-paste samples of computer accounts in my ldap - first sample is made with smbldap-useradd -w and second that actually works is made manually: # Entry 1: uid=testmasin$,ou=Computers,dc=active,dc=ee dn: uid=testmasin$,ou=Computers,dc=active,dc=ee objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: testmasin$ sn: testmasin$ uid: testmasin$ uidNumber: 1016 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer # Entry 1: uid=windesk$,ou=Computers,dc=active,dc=ee dn: uid=windesk$,ou=Computers,dc=active,dc=ee gidNumber: 515 uidNumber: 3002 uid: windesk$ sambaSID: S-1-5-21-530076877-4031960640-1585896771-7004 sambaAcctFlags: [W ] cn: windesk homeDirectory: /dev/null objectClass: top objectClass: sambaSamAccount objectClass: posixAccount objectClass: account sambaPwdMustChange: 2147483647 sambaPwdCanChange: 1118035851 sambaNTPassword: D8B4AEB073153BADC4CD6DE75CF1BFB0 sambaPwdLastSet: 1118035851 So joining XP workstations to domain with smbldap-tools doesn't work for me. I still think there is a bug in smbldap-useradd script that it won't add sambaSamAccount entrys when invoked as smbldap-useradd -w '%u'. I don't think sambaSamAccount entry's are being added during domain joining procedure because for domain joining samba uses the very same smbldap-useradd -w '%u' command - which doesn't add any sambaSamAccount entrys.
Re: [Samba] Samba Password Expiry Date
Normally for compute the value must be set : nb days * 24 * 60 * 60 * 24 for 24 hours * 60 for minutes * 60 for secondes ex : for 60 days : 5184000 --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 02/06/2005 10:15:01 : Matthias Spork wrote: Hello, so, i am seeking the solution making the password expiry feature avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks. the password expires in Unix and Samba. Samba does all changes for itself. You can set password-age to 60 days by typing: # pdbedit -P maximum password age -C 5007600 For Linux you have to change shadowlastchange in LDAP. I wrote a script for this: smb.conf: #- unix password sync = yes passwd program = /etc/samba/scripts/ldap_userPassword_change %u passwd chat = *New*password* %n\n *new*password* %n\n *Success* #- /etc/samba/scripts/ldap_userPassword_change: #- #!/bin/sh LDAP_SERVER=ldapserver LDAP_USER=uid=userPassChange,o=mydomain,c=com LDAP_PASS=secret LDAP_PASSWD=/usr/bin/ldappasswd LDAP_MODIFY=/usr/bin/ldapmodify #DN of User USER_DN=uid=$1,ou=users,o=mydomain,c=com #Get Date TS=`date +%s` SLC=$(($TS/24/3600)) #- MODIFY userPassword $LDAP_PASSWD -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS -S $USER_DN #- MODIFY shadowlastchange if [ $? -eq 0 ]; then echo dn: $USER_DN changetype: modify replace: shadowLastChange shadowLastChange: $SLC | $LDAP_MODIFY -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS /dev/null 21 fi exit #- kind regards Matthias Hiu Yen Onn schrieb: Hi, i have configured a Samba PDC based on idealx.org. now, whenever i set the sambaMustChangePassword flag to 0, then from the subsequent logon, there is a popup urge me for changing password. now, the problem is after i have changed the password, the sambaMustChangePassword is set to 2147483647(unix timestamp), which if i converted it into human readable format, it will be 2038 year, bla..bla..and bla second. it is really unbelieveable that my password will be lasted until year 2038 year??? i have looked thoroughly on the internet resources, some mentioning about on defaultMaxPasswordAge flag. I think i have set it to 55 (actually, i dunno whether what is the quantity representing, day?? time??). but, i have no point to make it works. so, i am seeking the solution making the password expiry feature avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks. Cheers, yenonn how can u calculate the 5007600. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: RE pdb_ldap.c, ldapsam_add_sam_account, existing poxisaccount
John,
I appreciate your reaction, but could you explain this error ?
[2005/05/27 16:19:10, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479)
ldapsam_modify_entry: Failed to add user dn=
uid=infobcer$,ou=machines,dc=corman,dc=be with: Already exists
[2005/05/27 16:19:10, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1911)
ldapsam_add_sam_account: failed to modify/add user with uid = infobcer$
(dn = uid=infobcer$,ou=machines,dc=corman,dc=be)
[2005/05/27 16:19:10, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2398)
could not add user/computer infobcer$ to passdb. Check permissions?
I use root for adding to my PDC, ldap version : 2.1.25
thanks
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit
sur 26/05/2005 20:15:05 :
Stéphane,
The book Samba-3 by Example is being reprinted very soon. Up to date
builds
of the PDF are available on the Samba web site daily. This document can
be
downloaded from:
http://www.samba.org/samba/docs/Samba-Guide.pdf
In chapter 5 I have fully documented how Samba-3 can be deployed
with LDAP and
using the smbldap-tools. It works perfectly for me and in many sites that
have given me feedback that it works. Over the past two months I have
received and applied about 40 suggestions for improvement. Every report
that
it does not work has been resolved, but given all of this I am 100%
certain
that there are still bugs in there.
I would greatly appreciate if you could test-drive this chapter and
report
back any bugs or problems you come across.
I will personally work with you to resolve any issues that you may find.
Your claim below that there has been no reaction from the Samba Teamis
wrong.
A number of us have worked with Jerome Tournier, that has resulted in the
0.9.0 release of the smbldap-tools. We do not make a practice of ignoring
our
uses. I have been working on updating our documentation also as a result
of
feedback an dbug reports. You have never been ignored.
The smbldap-tools should be configured to handle only the POSIX part of
LDAP
based accounts. Samba should handle all the sambaSAM components.
Please review chapter 5 and give me your feedback. I am anxious to fix
any
problem you may have.
Cheers,
John T.
On Thursday 26 May 2005 09:12, [EMAIL PROTECTED] wrote:
Ok,
I re-read the script and the sambasamaccount is only added with -i
option.
My position is :
- I asked the problem in 2004, I a put a BUG. For some reasons,
no
reaction from samba team for this problem.
- My solution is modify the smbldap-script for add
sambasamaccount
and add a machine on two step, it's work (until today)
add theses lines after the
if (defined($Options{'i'})) {
...
}
if (defined($Options{'w'})) {
# For machine account
# Objectclass sambaSAMAccount must be added now !
my $date=time;
my $modify = $ldap_master-modify (
uid=$userName,$config{computersdn},
changes = [
replace =
[objectClass
= ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
add =
[sambaLogonTime
= '0'],
add =
[sambaLogoffTime
= '2147483647'],
add =
[sambaKickoffTime = '2147483647'],
add =
[sambaPwdCanChange = '0'],
add =
[sambaPwdMustChange = '2147483647'],
add =
[sambaPwdLastSet
= $date],
add =
[sambaAcctFlags
= '[W ]'],
add = [sambaSID =
$user_sid],
add =
[sambaPrimaryGroupSID = $config{SID}-515]
]
);
$modify-code die failed to add entry: , $modify-error ;
}
ask me if problem, I cannot add machine today, but if you can test for
me I
appreciate.
thanks
Stéphane Purnelle
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a
écrit
sur 26/05/2005 16:57:49 :
[EMAIL PROTECTED] wrote:
I forgot some details.
the script add the sambasamaccount.
could you send me the smbldap-useradd script for see what version
you
use ?
some smbldap script not add the sambasamaccount, because normally
samba
must add it (and is this part which don't work).
the last version seems to
RE [Samba] ACL and recursive permission
With windows 2000, you must click on advanced button in securuty tab and enable the check box reinit all autorizations for child object and permit the propagation of autorization which can be herited --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Jérôme Deliège [EMAIL PROTECTED] gsi.ucl.ac.be A Envoyé par : samba@lists.samba.org samba-bounces+ste cc phane.purnelle=co [EMAIL PROTECTED] Objet ba.org[Samba] ACL and recursive permission 11/05/2005 10:11 Hello, I'm trying to setup a Samba with ACL support. Everything is working fine BUT I have a problem when I try to change permission on a share from a Windows XP/2000 environment. When I select a directory and goes on the Security tab and change the permissions (for exemple set write for user xyz), it changes the ACL for the directory but it doesn't change the subfolders and subfiles permissions. The same operation on a Windows 2003 share works perfectly. So what am I missing ? Djay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] the administrator profiles problem
Hi! I have aproblem with the administrator problem. Some server is connected with administrator profilesfor running some applications. The same administrator is used for connect and install some applications on workstation. The operator put the administrator profile in local profile, but the administrator profile is modified and each new workstation receive the profile with non-existent icons and link. And now the profile is damaged and some right is not possible are there a way for configuring workstation or administrator user for this profile management. A other question, why when I change the administrator password, workstation create a new profile. ADMINISTRATOR old profile ADMINISTRATOR.000 new profile Thanks Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] gid and uid
[EMAIL PROTECTED] a écrit sur 20/04/2005 17:19:35 : hi! I'm studing samba as PDC (with ldap backend) and I would know: - gid and uid are useful in samba? in other words: if pdc admin knows users' uids, he can recovery some wrong situations ? Samba use unix account. Example: if a user was cancelled and then readded, if his uid changes implies some troubles with shared files? YES. NT mantains, after deletion, association between shared file and uiduser and so if admin readded user with the same uid the system restore the right configuration. Of course Thanks, Fabio -- Dott. Fabio Marcone 2T srl Telefono +39 - 0871- 540154 Fax +39 - 0871- 571594 Indirizzo Viale B. Croce 573, 66013 Chieti Scalo (CH) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] gid and uid
[EMAIL PROTECTED] a écrit sur 20/04/2005 17:40:28 : thanks for your answer! hi! I'm studing samba as PDC (with ldap backend) and I would know: - gid and uid are useful in samba? in other words: if pdc admin knows users' uids, he can recovery some wrong situations ? Samba use unix account. OK Example: if a user was cancelled and then readded, if his uid changes implies some troubles with shared files? YES. how? can you explain me why? I know that privileges are set in smb.conf using user and group name, not uid or gid! The acces to files and directory is verify at unix level, samba make only the gateway between windows and linux. If the user is deleted, and after the admin re-add the same user with a other uid, the user cannot acces to the file and directory. If admin readds an user using the old name (indicate in smb.conf), what problems can occur? NT mantains, after deletion, association between shared file and uiduser and so if admin readded user with the same uid the system restore the right configuration. Of course samba's behavior is the same? Fabio -- Dott. Fabio Marcone 2T srl Telefono +39 - 0871- 540154 Fax +39 - 0871- 571594 Indirizzo Viale B. Croce 573, 66013 Chieti Scalo (CH) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with smbclient RedHat EL 3 ES
Hi, Last week I activate some script that use smbclient on my test server (RedHat EL 3). But when this script run, the kernel make a panic and display a Out of Memory (OOM). The first time, the process was killed is nscd, after I upgraded to kernel 2.6.11 and friday to 3.0.14a (before I use 3.0.13). Now, it's the smbclient process which is killed by kernel. I don't know if it's a kernel error or a distrib error or a samba error. But the same script run fine on my redhat 8.0 (kernel 2.4.26) with samba 3.0.11 The file contains X copies of same directory. anyone can help me to find the error. thanks in advance Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with smbclient RedHat EL 3 ES
It's no an answer. But if I execute the same script with samba 3.0.12, it's work fine. My answer is that samba team made some modification with findNext() loop ( win98 - 3.0.13 and other - 3.0.14a ) smbclient maybe have a bug compared to smbd A other information, that smbclient run 17% CPU, but when the file is equal 1.2Gb, the process increase to 49% and the memory used to. thanks for people that have a valid answer. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 19/04/2005 15:18:04 : [EMAIL PROTECTED] wrote: Last week I activate some script that use smbclient on my test server (RedHat EL 3). But when this script run, the kernel make a panic and display a Out of Memory (OOM). The first time, the process was killed is nscd, after I upgraded to kernel 2.6.11 and friday to 3.0.14a (before I use 3.0.13). Now, it's the smbclient process which is killed by kernel. I don't know if it's a kernel error or a distrib error or a samba error. There is *no* kernel version 2.6 for RHEL3. So you installed somebody-else's ready-rolled, or you compiled your own with the results you describe. But the same script run fine on my redhat 8.0 (kernel 2.4.26) with samba 3.0.11 The file contains X copies of same directory. anyone can help me to find the error. Revert to the standard (update 4) RHEL3 kernel, available through up2date. The latest 100% stable Samba version (srpm from samba.org) runing without any problems whatsoever on my RHAS3 servers is 3.0.11. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl They love us, don't they, They feed us, won't they ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] NFS and ACL
Only NFS v4 have acl support !!! --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Patrick DUBAU [EMAIL PROTECTED] sace.iufm.fr A Envoyé par : samba@lists.samba.org samba-bounces+ste cc phane.purnelle=co [EMAIL PROTECTED] Objet ba.org[Samba] NFS and ACL 29/03/2005 15:01 Hi, i still have no response for my problem, so i try again in another way. i have a share on with i set ACLs. This work fine. I mount this share with NFS on another server, but the ACL, can't be seen on the NFS side (i use getfacl) Is there a way to keep the ACL threw a NFS export ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Samba 3.0.12 (gid of user [joe] doesn't exist) Weird error when Client logs on.
Your user exist in smbpasswd or your samba backend ? --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Peter Shull [EMAIL PROTECTED] A Envoyé par : samba@lists.samba.org samba-bounces+ste cc phane.purnelle=co [EMAIL PROTECTED] Objet ba.org[Samba] Samba 3.0.12 (gid of user [joe] doesn't exist) Weird error when Client logs on. 24/03/2005 16:23 Veuillez répondre à Peter Shull [EMAIL PROTECTED] Hi, I just recently purchased a new server and took this opportunity to upgrade to the latest version of samba (3.0.12). Unfortunatly, I have some weird occurances. I have a user called joe who is my admin user. In /etc/passwd I have this: joe:x:500:500:Joe:/home/joe:/bin/bash In /etc/group I have this: admin:x:500:joe id returns correctly: uid=500(joe) gid=500(admin) groups=500(admin) I have a very simple samba setup. With only 2 users (and 1 machine account) in my smbpasswd. I can login fine and it appears everything works. Unfortunatly, I can see that I am not a domain admin when I login. When I look in /var/log/samba I get an odd message (which is below) and the same message in /var/log/messages. I also modified net groupmap to map my unix group to the Domain Admin group (that is below too). The weird thing is that I have my logon script = %G.bat. I have a file called admin.bat located in /home/netlogon and when I login, that script loads. Any help would be greatly appreciated!!! Thanks, Peter From /var/log/messages Mar 24 09:53:52 lifesaver2 smbd[927]: [2005/03/24 09:53:52, 0] rpc_server/srv_util.c:get_alias_user_groups(206) Mar 24 09:53:52 lifesaver2 smbd[927]: get_alias_user_groups: gid of user joe doesn't exist. Check your /etc/passwd and /etc/group From /var/log/samba/log.clientpc [2005/03/24 09:53:52, 1] rpc_server/srv_util.c:get_domain_user_groups(298) get_domain_user_groups: primary gid of user [joe] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that [2005/03/24 09:53:52, 0] rpc_server/srv_util.c:get_alias_user_groups(206) get_alias_user_groups: gid of user joe doesn't exist. Check your /etc/passwd and /etc/group files System Operators (S-1-5-32-549) - -1 Domain Guests (S-1-5-21-2616513916-3767059419-2471733091-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Domain Users (S-1-5-21-2616513916-3767059419-2471733091-513) - domainuser Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Admins (S-1-5-21-2616513916-3767059419-2471733091-512) - admin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] privileges on samba 3.0.11
Hi, I have a test server and I try to test the new privileges functionnality. But I try to test the SePrintOperatorPrivileges I set a specifiv user with net -S PDC rpc right grant xxx SePrintOperatorPrivilege After I submit a job and I try with this user to cancel the job. But when I want to cancel the job with the user, windows says that the user cannot right to modify the job. In log, I can see : [2005/03/10 10:56:59, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/10 10:56:59, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/03/10 10:56:59, 4] lib/smbldap.c:smbldap_open(919) The LDAP server is succesfully connected [2005/03/10 10:56:59, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2080) ldapsam_getgroup: Did not find group [2005/03/10 10:56:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/03/10 10:56:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/03/10 10:56:59, 5] lib/privileges.c:get_privileges_for_sids(420) get_privileges_for_sids: sid = S-1-5-21-2525780297-265556163-1256307271-3058 Privilege set: SE_PRIV 0x20 0x0 0x0 0x0 [2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226) get_privileges: No privileges assigned to SID [S-1-5-21-2525780297-265556163-1256307271-513] [2005/03/10 10:56:59, 5] lib/privileges.c:get_privileges_for_sids(420) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226) get_privileges: No privileges assigned to SID [S-1-5-2] [2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226) get_privileges: No privileges assigned to SID [S-1-5-11] [2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226) get_privileges: No privileges assigned to SID [S-1-5-21-2525780297-265556163-1256307271-547] [2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226) get_privileges: No privileges assigned to SID [S-1-5-21-2525780297-265556163-1256307271-1453] [2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226) get_privileges: No privileges assigned to SID [S-1-5-21-2525780297-265556163-1256307271-3005] [2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226) get_privileges: No privileges assigned to SID [S-1-5-21-2525780297-265556163-1256307271-3015] [2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226) get_privileges: No privileges assigned to SID [S-1-5-21-2525780297-265556163-1256307271-3017] [2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226) get_privileges: No privileges assigned to SID [S-1-5-21-2525780297-265556163-1256307271-3043] [2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226) get_privileges: No privileges assigned to SID [S-1-5-21-2525780297-265556163-1256307271-3201] [2005/03/10 10:56:59, 5] auth/auth_util.c:make_server_info_sam(830) make_server_info_sam: made server info for user nlam - nlam [2005/03/10 10:56:59, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [NLAM] succeeded [2005/03/10 10:56:59, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/03/10 10:56:59, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/03/10 10:56:59, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/03/10 10:56:59, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2005/03/10 10:56:59, 5] auth/auth_util.c:debug_unix_user_token(507) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/03/10 10:56:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/03/10 10:56:59, 5] auth/auth.c:check_ntlm_password(292) check_ntlm_password: PAM Account for user [nlam] succeeded [2005/03/10 10:56:59, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [NLAM] - [NLAM] - [nlam] succeeded ... A other information is that the user is on a other domain that the test domain. Anyone can help me thanks Stéphane --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Do I need two instances of Samba on the same machine (3rd request) ?
Maybe a normal and a chrooted samba can resolve your problem --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Dani Camps [EMAIL PROTECTED] o.com A Envoyé par : Samba Mailing List samba-bounces+ste samba@lists.samba.org phane.purnelle=co cc [EMAIL PROTECTED] ba.org Objet [Samba] Do I need two instances of Samba on the same machine (3rd 10/03/2005 12:33 request) ? I have two subnets S1 and S2 and only one machine running samba, but this machine is connected to both subnets, ahs one interface in each subnet and is acting as a router. I want to have a workgroup that spans the two subnets, so any machine in subnet S1 should see all the machines regardless of their subnet when doing browsing. I know that to do this I need: -One LMB in each subnet using Samba. -One of the LMB of the two subnets should be a DMB and at the same time a WINS server. -I configure all the clients (Windows and Linux) to use WINS. Since I only have one machine connected to both subnets running samba, I think I need to run two instances of samba (smbd and nmbd) in that machine each one binded to one interface and using different smb.conf files. Is that the only solution ? Thanks __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cups 1.1.17 RedHat EL 3 ES and samba cannot remove job
Hi, I configured my samba 3.0.11 with printing = cups printcap = /etc/printcap when In try to remove a job which are printing, I have a acces deny. But when I look in cups log : [17/Feb/2005:09:49:13 +0100] cancel_job: job #2478080 doesn't exist! If I execute lpq -P , I see that the #2478080 is the size of file to print. It's a cups format or a redhat problem or samba problem I don't know, but if somebody can help me. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Administrator member of Domain Users and Domain Admins group
Hi, I set up my LDAP to contain the administrator user in Domain Users and Domain Admins group. But this user have not the administrators right, all users which in Domain Admins group have not the full right. I would like to know if this problem is due to the user is in Domain Admins and also Domain Users . Thanks Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-HOWTO-Collection : SID for administrator
Hi, I see in Samba-HOWTO-Collection on the samba web-site that the sambaSID must be set to S-1-5-21---xxx-500, but actuelly, my SambaSID for my administrator is from uid *2 +1000 For correct usage of administrator account, do I have to change my sambaSID ? thank you --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] forcing a file to have the same uid from parent directory
Hi, I have a little problem, sometimes the administrator must put a file in a home directory. But the owner of this file is root, not the user which have the home directory. Example : /rsrv/data1/home/toto toto Utilisateurs0700 + toto.id root Administrateurs 0700 + fichier.xls toto Utilisateurs0700 I would like to kown how I set up my conf (linux or samba ) for forcing uid of new file to have the same uid which have the directory. Thank you Stéphane --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] More help on ACL problem please...anyone...anyone...Bueller?
Hi, I think is not a ACL problem, it's a smb.conf share configuration problem, could you sent a part of your smb.conf which about of this share. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Travis Bullock [EMAIL PROTECTED] a A Envoyé par : Samba (E-mail) samba-bounces+ste samba@lists.samba.org phane.purnelle=co cc [EMAIL PROTECTED] ba.org Objet [Samba] More help on ACL problem please...anyone...anyone...Bueller? 24/01/2005 16:59 Hello, I am running Fedora Core 2. Kernel: linux-2.6.5-1.358 Kernel supports ACL: [EMAIL PROTECTED] configs]# grep FS_SECURITY kernel-2.6.5-i686-smp.config CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT3_FS_SECURITY=y CONFIG_XFS_SECURITY=y CONFIG_DEVPTS_FS_SECURITY=y [EMAIL PROTECTED] configs]# grep XATTR kernel-2.6.5-i686-smp.config CONFIG_EXT2_FS_XATTR=y CONFIG_EXT3_FS_XATTR=y CONFIG_DEVPTS_FS_XATTR=y Have extended attributes set in /etc/fstab is as follows: /dev/Goliath/root / ext3acl,user_xattr 1 1 I have a directory called Planning with ACL permissions assigned via the setfacl command: drwxrwx---+ 2 root AVMAX+Planning 4096 Jan 14 09:55 Planning which looks like this with getfacl: [EMAIL PROTECTED] avamx_shares]# getfacl Planning/ # file: Planning # owner: root # group: AVMAX+Planning user::rwx group::rwx group:AVMAX+Domain Users:r-- mask::rwx other::--- Problem: If I add my user to the AVMAX+Planning group on my NT DOMAIN PDC there is no problem. I can browse to the Planning directory via My Network Places. However if I remove my account from the AVMAX+Planning group and browse to the Planning directory it prompts me for a password. Because my account is by default a member of the AVMAX+Domain Users and I have configured (i think) the Planning directory ACL to allow read access to the AVMAX+Domain Users group.I should be able to browse this directory without being prompted for a username and password QUESTION: What did I do wrong or not do at all to make the applied ACL function correctly and allow all users in the AVMAX+Domain Users group read acces to the Planning samba share? Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: RE [Samba] More help on ACL problemplease...anyone...anyone...Bueller?
Extract of smb.conf : valid users (S) This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '' are interpreted using the same rules as described in the invalid users parameter. If this is empty (the default) then any user can login. If a username is in both this list and the invalid users list then access is denied for that user. The current servicename is substituted for %S . This is useful in the [homes] section. Default: valid users = # No valid users list (anyone can login) Example: valid users = greg, @pcusers Travis Bullock [EMAIL PROTECTED] a A [EMAIL PROTECTED] 24/01/2005 17:28 cc Objet RE: RE [Samba] More help on ACL problemplease...anyone...anyone...B ueller? I modified your setting Sure: [Planning] comment = Avmax Domain Shares browseable = yes writable = yes read only = no # valid users = AVMAX+Planning create mode = 0664 directory mode = 0775 path = /usr/avamx_shares/Planning There she is. Do I have to include all groups in 'valid users'? If so what would the separator be? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, January 24, 2005 9:03 AM To: Samba (E-mail) Subject: RE [Samba] More help on ACL problemplease...anyone...anyone...Bueller? Hi, I think is not a ACL problem, it's a smb.conf share configuration problem, could you sent a part of your smb.conf which about of this share. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Travis Bullock [EMAIL PROTECTED] a A Envoyé par : Samba (E-mail) samba-bounces+ste samba@lists.samba.org phane.purnelle=co cc [EMAIL PROTECTED] ba.org Objet [Samba] More help on ACL problem please...anyone...anyone...Bueller? 24/01/2005 16:59 Hello, I am running Fedora Core 2. Kernel: linux-2.6.5-1.358 Kernel supports ACL: [EMAIL PROTECTED] configs]# grep FS_SECURITY kernel-2.6.5-i686-smp.config CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT3_FS_SECURITY=y CONFIG_XFS_SECURITY=y CONFIG_DEVPTS_FS_SECURITY=y [EMAIL PROTECTED] configs]# grep XATTR kernel-2.6.5-i686-smp.config CONFIG_EXT2_FS_XATTR=y CONFIG_EXT3_FS_XATTR=y CONFIG_DEVPTS_FS_XATTR=y Have extended attributes set in /etc/fstab is as follows: /dev/Goliath/root / ext3acl,user_xattr 1 1 I have a directory called Planning with ACL permissions assigned via the setfacl command: drwxrwx---+ 2 root AVMAX+Planning 4096 Jan 14 09:55 Planning which looks like this with getfacl: [EMAIL PROTECTED] avamx_shares]# getfacl Planning/ # file: Planning # owner: root # group: AVMAX+Planning user::rwx group::rwx group:AVMAX+Domain Users:r-- mask::rwx other::--- Problem: If I add my user to the AVMAX+Planning group on my NT DOMAIN PDC there is no problem. I can browse to the Planning directory via My Network Places. However if I remove my account from the AVMAX+Planning group and browse to the Planning directory it prompts me for a password. Because my account is by default a member of the AVMAX+Domain Users and I have configured (i think) the Planning directory ACL to allow read access to the AVMAX+Domain Users group.I should be able to browse this directory without being prompted for a username and password QUESTION: What did I do wrong or not do at all to make the applied ACL function
RE [Samba] samba -cups
Your URI is incorrect if your printer is a network printer the correct URI must be : lpd://myprinter --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 19/01/2005 16:38:44 : hello I try to manage a printer (Apple Lawerwriter 16/600 ) with cups but without succes !!! with cups web interface : I add a printer: device = LPD/LPR Host or Printer URI= lpd://mymachine/lp Type= Apple Model = Apple LaserWriter16/600 Foomatic/Postscript (Recommended)(en) I try to print a testpage but without succes - 'mymachine' is either in my dns and my /etc/hosts file - no problem with ping myprinter - no problem with telnet myprinter 515 - no problem with 'settings of myprinter LaserWriter 16/600 PS TCP/IP Interface Information Interface Status: Ready PostScript Banner Page : Disabled IP Address : xxx.yyy.zzz.aa Subnet Mask : 255.255.255.0 Default Gateway : xxx.yyy.zzz.bb Timeout Checking: Enabled Ethernet Address: 09:01:08:05:7D:99 - but when I add myprinter and try to print a testpage, (loglevel debug )) I have : Remote host did not respond with command status byte after 300 seconds! is there someone to help me? thanks gb. _ MSN Hotmail : antivirus et antispam intégrés http://www.msn.fr/newhotmail/Default.asp?Ath=f -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] INTERNAL ERROR: Signal 6...
Hi, Stop and restart samba quickly. if lock.tdb file is deleted, samba hang. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 14/01/2005 11:24:23 : What can I do with this error ? Thank you, Raphael Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] smbd/tdbutil.c:smbd_tdb_log(42) Jan 11 10:51:21 server smbd[30445]: tdb(/var/lib/samba/locking.tdb): tdb_reopen: open failed (No such file or directory) Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] smbd/server.c:open_sockets_smbd(419) Jan 11 10:51:21 server smbd[30445]: tdb_reopen_all failed. Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/util.c:smb_panic2(1398) Jan 11 10:51:21 server smbd[30445]: PANIC: tdb_reopen_all failed. Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/util.c:smb_panic2(1406) Jan 11 10:51:21 server smbd[30445]: BACKTRACE: 6 stack frames: Jan 11 10:51:21 server smbd[30445]:#0 /usr/sbin/smbd(smb_panic2+0x1b6) [0x81cdceb] Jan 11 10:51:21 server smbd[30445]:#1 /usr/sbin/smbd(smb_panic+0x19) [0x81cdb33] Jan 11 10:51:21 server smbd[30445]:#2 /usr/sbin/smbd [0x8239f73] Jan 11 10:51:21 server smbd[30445]:#3 /usr/sbin/smbd(main+0x5f9) [0x823ab87] Jan 11 10:51:21 server smbd[30445]:#4 /lib/i686/libc.so.6(__libc_start_main+0xc7) [0x402b9d17] Jan 11 10:51:21 server smbd[30445]:#5 /usr/sbin/smbd(ldap_msgfree+0x85) [0x80784f1] Jan 11 10:51:21 server smbd[30445]: Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/fault.c:fault_report(36) Jan 11 10:51:21 server smbd[30445]: === Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/fault.c:fault_report(37) Jan 11 10:51:21 server smbd[30445]: INTERNAL ERROR: Signal 6 in pid 30445 (3.0.4-SerNet-SuSE) Jan 11 10:51:21 server smbd[30445]: Please read the appendix Bugs of the Samba HOWTO collection Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/fault.c:fault_report(39) Jan 11 10:51:21 server smbd[30445]: === -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] SAMBA for 20 days!!! Please help me....... :(
Hi, Your samba server is PDC ? You cannot specify a password server is your server is PDC, see above (man smb.conf): password server (G) By specifying the name of another SMB server or Active Directory domain controller with this option, and using security = [ads|domain|server] it is possible to get Samba to to do all its username/password validation using a specific remote server. This option sets the name or IP address of the password server to use. New syntax has been added to support defining the port to use when connecting to the server the case of an ADS realm. To define a port other than the default LDAP port of 389, add the port number using a colon after the name or IP address (e.g. 192.168.1.100:389). If you do not specify a port, Samba will use the standard LDAP port of tcp/389. Note that port numbers have no effect on password servers for Windows NT 4.0 domains or netbios connections. --- Stphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a crit sur 14/01/2005 11:27:11 : Hi! Please help me... I'm really confused.. I have read almost all the books out there but its not working.. I just want my Windows PC to be able to access UNIX PC with a username and password authentication. Below is my smb.conf file.. [global] workgroup = MyWorkgroup netbios name = board_pc server string = %h server (samba %v) log level = 10 syslog = 0 log file = /usr/local/samba/var/log.%m encrypt passwords = Yes unix password sync = yes username level = 8 password level = 8 domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes interfaces = 127.0.0.1/255.0.0.0 192.168.214.30/255.255.255.0 bind interfaces only = Yes password server = rbtx4938_pc [homes] path = /home writeable = yes browsable = yes guest ok = yes valid users = %S [netlogon] comment = The domain logon service path = /export/samba/logon public = no writeable = no browsable = no [dian] path = /home/dian comment = Dian's home directory writeable = yes valid users = dian, dianag, dianag$, root I have tried all of these commands together with the outputs: 1) ./smbclient -L 192.168.214.30 -U% added ip interface = 127.0.0.1 bcast=192.255.255.255 netmask=255.0.0.0 added ip interface = 192.168.214.30 bcast=192.168.214.255 netmask=255.255.255.0 Password: Domain=[Murata] SharenameType Comment --- - homes Disk . . . . . Server Comment - -- Dianag board_pc 192 server (samba 3.0.5) . . . 2) ./smbpasswd -a -m dianag #to add a trusted domain which resulted a line in smbpasswd: dianag$:501:4B8A4614E53B8055AAD3B435B51404EE: F4D74586093798E91CE014337F533210:[W ]:LCT-41E7AAC2: Then I tried to access the board_pc, but I cant log-in.. And if u'l examine the log files, it has many authentication processes with different results. For example, I've got an error of NT_STATUS_NO_SUCH_USER in one authentication method, then in SAM authentication - I've got NT_WRONG_PASSWORD... Please help me.. I don't know what to do.. Please - Do you Yahoo!? All your favorites on one personal page Try My Yahoo! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Hi, have compiled with --with-ldap or --with-ldapsam ? If --with-ldap, you must delete these lines : ldap server = 486dx66.hrnet.de ldap port = 1389 --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 11/01/2005 16:33:31 : Hi everybody, i'm having serious problems with the configuration of samba 3.0.10. First my setup : samba-3.0.10 built from source openldap-2.2.20 built from source OS : Suse Linux 7.1 (but updated - Kernel 2.4.27) My problem : I'm trying to use smbpasswd like the following : ---snipp--- [PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina Netbios name list:- my_netbios_names[0]=486DX66 Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/ Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ---snipp--- Everything seems to be okay, but the following lines are the important ones ... ---snipp--- ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam) Found pdb backend ldapsam Searching for:[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))] smbldap_search: base = [dc=hrnet,dc=de], filter = [((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope = [2] smbldap_open_connection: ldap://486dx66.hrnet.de:1389/ smbldap_open_connection: connection opened fetch_ldap_pw: neither ldap secret retrieved! ldap_connect_system: Failed to retrieve password from secrets.tdb Connection to LDAP server failed for the 1 try! ---snipp--- And so on. So, it is said, there's a connection opened to ldap://486dx66.hrnet.de:1389/ but it isn't as the logs auf openldap show (there's no entry which shows any connection from smbpasswd to LDAP-Server, believe me, i can't show you anything,although loglevel is set to -1, which means that everything would/will be logged) So one could think, there's simple a problem with OpenLDAP, so let's try a similar search : ---snipp--- [PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x -H ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub '((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))' # extended LDIF # # LDAPv3 # base dc=hrnet,dc=de with scope sub # filter: ((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN)) # requesting: ALL # # HRDOMAIN, hrnet.de dn: sambaDomainName=HRDOMAIN,dc=hrnet,dc=de sambaNextUserRid: 41000 sambaSID: S-1-5-21-2344209003-2394295749-876522236 objectClass: sambaDomain sambaAlgorithmicRidBase: 1000 sambaDomainName: HRDOMAIN # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [PTS2] [EMAIL PROTECTED]:/usr/local/samba3 # ---snipp--- So OpenLDAP works , i can see it in the logs too (too much to show, so you must believe me ;o) Now my question : Does anybody see, where the problem comes from, is there a mistake in my smb.conf or does anyone have hints/solutions ? I tried with ssl=on,ssl=off,ssl = start tls, but this didn't change anything. It must be a samba problem as all tools i tried are working well with Openldap (did mostly try a search to test ..) Here is my smb.conf (only the globals) : ---snipp--- [global] netbios name = 486DX66 workgroup = HRDOMAIN domain logons = Yes domain master = Yes security = User server string = Samba-PDC %v on %h passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/ ldap server = 486dx66.hrnet.de ldap suffix = dc=hrnet,dc=de ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap port = 1389 ldap admin dn = cn=ldapadmin,dc=hrnet,dc=de ldap ssl = off ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=machines encrypt passwords = yes time server = Yes kernel oplocks = no short preserve case = yes wins support = no case sensitive = no max log size = 1000 lock dir = /var/lock/samba log file = /var/log/samba-%m.log load printers = yes logon drive = v: os level = 255 create mask = 0661 logon home = \\%N\%u\.profiles printing = cups printcap = cups ---snipp--- So, i would be very thankfull if someone could give me a hint ... If mor informations/logs/traces are needed tell me, i will
Re: RE [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
You cannot compile with --with-ldap and --with-ldapsam both.
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:52:21 :
Hi,
i compiled with the following little script :
---snipp--
#!/bin/sh
#
# configure make template-script
#
# generated 2005.01.07 13:09,33 by make-mk
#
# (c) H. Rueter 01/2005
#
CPPFLAGS=-I /usr/local/bdb-4.3/include
LDFLAGS=-L /usr/local/bdb-4.3/lib
PATH=/usr/local/heimdal/bin:$PATH
LD_LIBRARY_PATH=/usr/local/bdb-4.3/lib:$LD_LIBRARY_PATH
export CPPFLAGS LDFLAGS LD_LIBRARY_PATH PATH
make clean
./configure \
--prefix=/usr/local/samba-3.0.10 \
--mandir=/usr/man \
--enable-static=yes \
--enable-shared=yes \
--enable-cups \
--with-smbwrapper \
--with-ldap \
--with-ads \
--with-krb5=/usr/local/heimdal \
--with-automount \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-ldapsam \
--with-syslog \
--with-profiling-data \
--with-quotas \
--with-sys-quotas \
--with-utmp \
--with-manpages-langs={en} \
--with-libsmbclient \
--with-acl-support \
--with-sendfile-support \
--with-winbind \
--with-included-popt \
make make install
---snipp--
So compiled in both options , is this a mistake ?
greets Harry
[EMAIL PROTECTED] schrieb:
Hi,
have compiled with --with-ldap or --with-ldapsam ?
If --with-ldap, you must delete these lines :
ldap server = 486dx66.hrnet.de
ldap port = 1389
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:33:31 :
Hi everybody,
i'm having serious problems with the configuration
of samba 3.0.10.
First my setup :
samba-3.0.10 built from source
openldap-2.2.20 built from source
OS : Suse Linux 7.1 (but updated - Kernel 2.4.27)
My problem :
I'm trying to use smbpasswd like the following :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina
Netbios name list:-
my_netbios_names[0]=486DX66
Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
---snipp---
Everything seems to be okay,
but the following lines are the important ones ...
---snipp---
ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam)
Found pdb backend ldapsam
Searching for:[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))]
smbldap_search: base = [dc=hrnet,dc=de], filter =
[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope = [2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389/
smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!
---snipp---
And so on. So, it is said, there's a connection opened to
ldap://486dx66.hrnet.de:1389/
but it isn't as the logs auf openldap show (there's no entry which
shows
any connection from smbpasswd to LDAP-Server, believe me, i can't show
you anything,although loglevel is set to -1, which means that
everything would/will be logged)
So one could think, there's simple a problem with OpenLDAP,
so let's try a similar search :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x -H
ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub
'((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))'
# extended LDIF
#
# LDAPv3
# base dc=hrnet,dc=de with scope sub
# filter: ((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))
# requesting: ALL
#
# HRDOMAIN, hrnet.de
dn: sambaDomainName=HRDOMAIN,dc=hrnet,dc=de
sambaNextUserRid: 41000
sambaSID: S-1-5-21-2344209003-2394295749-876522236
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaDomainName: HRDOMAIN
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[PTS2] [EMAIL PROTECTED]:/usr/local/samba3 #
---snipp---
So OpenLDAP works , i can see it in the logs too
(too much to show, so you must believe me ;o)
Now my question :
Does anybody see, where the problem comes from,
is there a mistake in my smb.conf or does anyone
have hints/solutions ?
I tried with ssl=on,ssl=off,ssl = start tls,
but this didn't change anything.
It must be a samba problem as
Re: RE [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 17:06:16 :
Hi again,
you say, i cannot compile with --with-ldap and --with-ldapsam.
Can you tell me why ?
--with-ldap is used for samba-3 schema
--with-ldapsam is used for old samba 2.2 schema.
You can also read this :
http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2531776
Which one should i use, my intention is to
store all the secrets and attributs samba needs
in an openldap-Server ... ?
Ok, I have a samba server with this configuration
Samb with LDAP+ACL
Greets Harry
[EMAIL PROTECTED] schrieb:
You cannot compile with --with-ldap and --with-ldapsam both.
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:52:21 :
Hi,
i compiled with the following little script :
---snipp--
#!/bin/sh
#
# configure make template-script
#
# generated 2005.01.07 13:09,33 by make-mk
#
# (c) H. Rueter 01/2005
#
CPPFLAGS=-I /usr/local/bdb-4.3/include
LDFLAGS=-L /usr/local/bdb-4.3/lib
PATH=/usr/local/heimdal/bin:$PATH
LD_LIBRARY_PATH=/usr/local/bdb-4.3/lib:$LD_LIBRARY_PATH
export CPPFLAGS LDFLAGS LD_LIBRARY_PATH PATH
make clean
./configure \
--prefix=/usr/local/samba-3.0.10 \
--mandir=/usr/man \
--enable-static=yes \
--enable-shared=yes \
--enable-cups \
--with-smbwrapper \
--with-ldap \
--with-ads \
--with-krb5=/usr/local/heimdal \
--with-automount \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-ldapsam \
--with-syslog \
--with-profiling-data \
--with-quotas \
--with-sys-quotas \
--with-utmp \
--with-manpages-langs={en} \
--with-libsmbclient \
--with-acl-support \
--with-sendfile-support \
--with-winbind \
--with-included-popt \
make make install
---snipp--
So compiled in both options , is this a mistake ?
greets Harry
[EMAIL PROTECTED] schrieb:
Hi,
have compiled with --with-ldap or --with-ldapsam ?
If --with-ldap, you must delete these lines :
ldap server = 486dx66.hrnet.de
ldap port = 1389
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32
087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:33:31 :
Hi everybody,
i'm having serious problems with the configuration
of samba 3.0.10.
First my setup :
samba-3.0.10 built from source
openldap-2.2.20 built from source
OS : Suse Linux 7.1 (but updated - Kernel 2.4.27)
My problem :
I'm trying to use smbpasswd like the following :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina
Netbios name list:-
my_netbios_names[0]=486DX66
Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
---snipp---
Everything seems to be okay,
but the following lines are the important ones ...
---snipp---
ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam)
Found pdb backend ldapsam
Searching
for:[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))]
smbldap_search: base = [dc=hrnet,dc=de], filter =
[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope =
[2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389/
smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!
---snipp---
And so on. So, it is said, there's a connection opened to
ldap://486dx66.hrnet.de:1389/
but it isn't as the logs auf openldap show (there's no entry which
shows
any connection from smbpasswd to LDAP-Server, believe me, i can't
show
you anything,although loglevel is set to -1, which means that
everything would/will be logged)
So one could think, there's simple a problem with OpenLDAP,
so let's try a similar search :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x
-H
ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub
'((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))'
# extended LDIF
#
# LDAPv3
# base dc=hrnet,dc=de with scope sub
# filter:
[Samba] slow network for windows 9x samba 3.0.10
Hello, I experimented a slow network access for windows 9x and no problem for windows 200 with samba 3.0.10 version After some search, I find the printing.patch for 3.0.10. But this patch correct this problem or not. Thank you Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow network and 100% CPU
The problem is very difficult, because is only windows 9x computers that have problem. no with windows 2000. Any idea ? --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Stéphane Purnelle stephane.purnell [EMAIL PROTECTED] A samba@lists.samba.org 03/01/2005 19:13 cc [EMAIL PROTECTED], [EMAIL PROTECTED] Objet Re: [Samba] Slow network and 100% CPU The problem of nscd was runningout out of file gandles is due to an incorrect glibc. nscd and the correct glibc correct version is very important. It's not this problem. The problem is very odd, some compuets hangs as soon as one types something in a spreadsheet for example. Collins, Kevin a écrit : I don't know if this is your problem, but I had a similar problem with Samba 2.2.8 + LDAP. It turns out that my server was running out of file handles. The culprit was NSCD. I killed it off and things have been fine ever since. Good luck. Kevin -Original Message- From: Stéphane Purnelle [mailto:[EMAIL PROTECTED] Sent: Monday, January 03, 2005 10:02 AM To: samba@lists.samba.org; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Samba] Slow network and 100% CPU Hi, I have a samba server which functioned correctly. Only, since 2 weeks, the users have complained about slowness networks and the server is to 100% CPU on the initial process smbd. My version is 3.0.7 and I have a Windows 2000 WINS server for netbios resolution. The samba server use nscd and ldap for password module. I upgraded to samba 3.0.10 for a test, but the problem is not resolved. I would like to know how to determine if is the samba server or the ldap server or is the nscd or is the wins server or is a conflict between to computers which have the same IP adress cause these problems. I don't found in log a trace that is a samba problem. Sometimes I read connection reset by peer and also in nmbd.log, I can read Failing wins test #1. Any information is very apprecied Thank you -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Samba Won't Work
try smbclient //dns name/backup -I 192.168.1.102 -U jesse --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 16/11/2004 15:01:49 : I tried to get Samba running on my new Trustix installation all day yesterday with no luck. I'm a newbie, so there's a lot I don't know yet. At any rate, I have the Smb, nmbd, and smbd services running. I've got my smb.conf file set up properly from what I can tell. When I try the following command on my Linux box: smbclient //192.168.1.102/backup -U jesse I get the error, error connecting to 192.168.1.102 (Invalid Argument). I have tried it without the -U, and that didn't make any difference. Same error. When I try to connect from my Windows PC, I get the following errors in the file log.192.168.1.100: [2004/11/16 02:05:47, 0] lib/util_sock.c:open_socket_in(708) [2004/11/16 02:05:47, 0] smbd/oplock.c:init_oplocks(1308) open_oplock_ipc: Failed to get local UDP socket for address 17f. Error was Cannot assign requested address Also, when I do a smbpasswd -a jesse, I get the error, Segmentation fault, and it doesn't add the user. This may be the cause of all my problem. Any ideas what this means, or how I fix it? Remember, I'm a newbie, so I'll need more details than usual. Here's my smb.conf: [global] workgroup = AWAY_TEAM server string = Trustix Secure Linux Samba Server security = share hosts allow = 192.168.1. 127. log file = /var/log/samba/log.%I # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes writable = yes create mode = 0600 directory mode = 0700 valid users = %S [backup] comment = Backup path = /backup writeable = yes Thanks, Jesse -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
