[Samba] acl problem
Hi all, I habe a strange Problem with Samba 3.0.20-SUSE-SERNET (ad memberserver). Everytime I try to access a file/directory with user-acls via a XP box I get access denied! The group-acls works. On W2K and NT4 Clients there is no problem like this. client output - fetch sid from uid cache 11147 -> S-1-5-21-1935655697-790525478-682003330-1147 [2005/09/28 09:53:27, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(158) fetch sid from uid cache 11149 -> S-1-5-21-1935655697-790525478-682003330-1149 [2005/09/28 09:53:27, 5] smbd/files.c:file_free(459) freed files structure 5002 (0 used) [2005/09/28 09:53:27, 3] lib/util_seaccess.c:se_access_check(250) [2005/09/28 09:53:27, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1977721719-1418567724-1093324438-23294 se_access_check: also S-1-5-21-1977721719-1418567724-1093324438-22027 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1935655697-790525478-682003330-513 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2135 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2142 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2126 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2131 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2128 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2146 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2123 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2136 [2005/09/28 09:53:27, 5] lib/util_seaccess.c:se_access_check(314) se_access_check: access (1) denied. As you can see samba says the user sid ist "S-1-5-21-1977721719-1418567724-1093324438-23294", but this is not correct, true is "S-1-5-21-1935655697-790525478-682003330-1147"! Ok with the wrong user sid I get no access to files with user acls and since the group sids are ok I get access to file with groups acls. What`s going wrong here? Any suggestions? cheers Stefan To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] locked file
Hi all, I have a strange locking file problem. I cannot open (read only) a file (alais.dbf) from my windows box but form the linux box it is possible to read the file. I has something to do with samba. loglevel 10 output nt-client: - [2005/09/23 11:20:24, 10] locking/locking.c:is_locked(109) is_locked: brl start=0 len=512 unlocked for file database.aww.sav/alais.dbf [2005/09/23 11:20:24, 10] locking/posix.c:is_posix_locked(706) is_posix_locked: File database.aww.sav/alais.dbf, offset = 0, count = 512, type = READ [2005/09/23 11:20:24, 10] locking/posix.c:posix_lock_in_range(642) posix_lock_in_range: offset_out = 0, count_out = 512 [2005/09/23 11:20:24, 8] locking/posix.c:posix_fcntl_lock(659) posix_fcntl_lock 24 12 0 512 0 [2005/09/23 11:20:24, 8] lib/util.c:fcntl_lock(1815) fcntl_lock 24 12 0 512 0 [2005/09/23 11:20:24, 3] lib/util.c:fcntl_lock(1834) fcntl_lock: fd 24 is locked by pid 16961 [2005/09/23 11:20:24, 8] locking/posix.c:posix_fcntl_lock(689) posix_fcntl_lock: Lock call successful [2005/09/23 11:20:24, 10] locking/locking.c:is_locked(121) is_locked: posix start=0 len=512 locked for file database.aww.sav/alais.dbf [2005/09/23 11:20:24, 3] smbd/error.c:error_packet(147) error packet at smbd/reply.c(2658) cmd=46 (SMBreadX) NT_STATUS_FILE_LOCK_CONFLICT Any suggestions ? cheers Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] rid_idmap problem
Hi all, in my winbind logfile I get the following errors: rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-551 [2005/09/19 10:32:20, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(478) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 [2005/09/19 10:32:20, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(478) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 [2005/09/19 10:32:20, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(478) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-544 [2005/09/19 10:32:20, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(478) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-544 What`s going wrong? bye Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re:SOLVED [Samba] hide files/directorys
ok I have to look in the smb.conf manual -> "hide unreadable = Yes" do the job ! cheers Stefan Original Message Subject: [Samba] hide files/directorys (16-Sep-2005 12:54) From:[EMAIL PROTECTED] To: samba@lists.samba.org > Hi, > > is there a possibility to hide directorys or files to which the user has no > access (rights)? > > cheers > sk > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] hide files/directorys
Hi, is there a possibility to hide directorys or files to which the user has no access (rights)? cheers sk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: samba and crash server
hi, the smbd daemons are fallting into process status "D" (uninterruptible sleep). The only way to ged rid of these processes is rebooting your system! To analayze why smbd is falling into status "D" you have to check your logs. Another option is building a strace profile of smbd to see what`s going on. cheers Stefan Original Message Subject: [Samba] RE: samba and crash server (14-Sep-2005 11:57) From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] > Hi, > > please check, if your hard drives are ok. Status D means Disk Sleeps and > Samba is > waiting for Harddisk I/O. Can you do a ls in these directories? > > Mit freundlichem Gruß, > > > > Dirk Laurenz > Systems Engineer > > Fujitsu Siemens Computers > S CE DE SE PS N/O > Sales Central Europe Deutschland > Professional Service Nord / Ost > > Hildesheimer Strasse 25 > 30880 Laatzen > Germany > > Telephone:+49 (511) 84 89 - 18 08 > Telefax: +49 (511) 84 89 - 25 18 08 > Mobile: +49 (170) 22 10 781 > Email:mailto:[EMAIL PROTECTED] > Internet: http://www.fujitsu-siemens.com > http://www.fujitsu-siemens.de/services/index.html > > *** > > > -| -Original Message- > -| From: > -| [EMAIL PROTECTED] > -| ts.samba.org > -| [mailto:samba-technical-bounces+dirk.laurenz=fujitsu-siemens > -| [EMAIL PROTECTED] On Behalf Of Oleg Novikov > -| Sent: Tuesday, September 13, 2005 9:38 AM > -| To: samba-technical@lists.samba.org > -| Subject: samba and crash server > -| > -| Hello All! > -| > -| We use Samba 3.0.14a as PDC on server with dual P4 > -| Xeon processor. > -| Earlier we use previos version, but problem is > -| same. On server > -| instaled SLES 9. > -| > -| When samba working in system is occur process with status D, i.e. > -| #ps ax > -| 9264 ?S 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf > -| 9265 ?S 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf > -| 9272 ?D 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf > -| 9274 ?D 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf > -| 9281 ?D 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf > -|^^^ > -| > -| The quantity of such processes quickly grows. We cannot > -| kill any of > -| this process. In few minutes the server is cannot make > -| anything. Then > -| we press reset on server, but in some time this error > -| is repeated > -| again. > -| > -| smb.conf: > -| > -| [global] > -| > -| workgroup = NCSTU > -| netbios name = server-class > -| server string = Server class PDC > -| time server = yes > -| hosts allow = 195.209.245. 195.209.244. 62.76.116. > -| 192.168. 127. 62.76.117. 10.35.5.194 > -| use sendfile = no > -| > -| log file = /var/log/samba/log.%m.%I > -| log level = 3 > -| syslog = 0 > -| max log size = 1000 > -| > -| security = user > -| > -| encrypt passwords = yes > -| null passwords = yes > -| socket options = SO_KEEPALIVE SO_REUSEADDR SO_BROADCAST > -| TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_SNDBUF=5 > -| SO_RCVBUF=5 > -| > -| interfaces = 195.209.244.13/24 127.0.0.1 > -| local master = yes > -| os level = 65535 > -| domain master = yes > -| preferred master = yes > -| domain logons = yes > -| logon script = %m.bat > -| logon script = %U.bat > -| > -| logon path = \\%L\Profiles\%U > -| logon drive = Z: > -| wins support = yes > -| > -| dns proxy = no > -| passwd chat = *new*password* %n\n *new*password* %n\n > -| *seccessfuly* > -| unix password sync = yes > -| add machine script = /usr/local/sbin/smbldap-useradd.pl > -| -w -d /dev/null -g 553 -s /bin/false %u > -| delete user script = /usr/local/sbin/smbldap-userdel.pl %u > -| > -| #ldap > -| passdb backend = ldapsam:ldap://127.0.0.1:389/ > -| ldap suffix = dc=server-class,dc=ncstu,dc=ru > -| ldap ssl = no > -| ldap passwd sync = yes > -| ldap machine suffix = > -| "ou=Computers,cn=int.ncstu.ru,sambaDomainName=NCSTU,dn=serve > -| r-class, dc=ncstu, dc=ru" > -| ldap user suffix = > -| "ou=Users,cn=int.ncstu.ru,sambaDomainName=NCSTU,dn=server-cl > -| ass, dc=ncstu, dc=ru" > -| ldap admin dn = "cn=Manager,dc=server-class,dc=ncstu,dc=ru" > -| > -| nt acl support = yes > -| unix charset = UTF8 > -| dos charset = 866 > -| display charset = UTF8 > -| deadtime = 1 > -| enable privileges = yes > -| > -| # Share Definitions > -| == > -| > -| # Un-comment the following and create the netlogon > -| directory for Domain Logons > -| [netlogon] > -| comment = Network Logon Service > -| path = /var/spool/samba/
Re: SOLVED [Samba] userrights
Sorry guys for this stupid message. It`s early in the morning :) Cheers Stefan Original Message Subject: [Samba] userrights (06-Sep-2005 10:36) From:[EMAIL PROTECTED] To: samba@lists.samba.org > Hi, > > I have a strange problem when I try to delete a file (e.g. CONFIG.ETP). The > windows box says access denied. But the file has the following rights: > > # ls -n CONFIG.ETP > -rwxrwx---+ 1 0 12152 2757 Mar 13 1995 CONFIG.ETP > > The user (Administrator) is member of the group smbadm (GID:12152). > > loglevel 10 output when I try to delete the file > --- > [2005/09/06 10:19:25, 10] smbd/posix_acls.c:check_posix_acl_group_write( > 3910) > check_posix_acl_group_write: ret = -1 before check_stat: > [2005/09/06 10:19:25, 10] smbd/posix_acls.c:check_posix_acl_group_write( > 3920) > check_posix_acl_group_write: file TEMP match on owning group 12152 -> > cannot w > rite. > [2005/09/06 10:19:25, 10] smbd/posix_acls.c:check_posix_acl_group_write( > 3934) > check_posix_acl_group_write: file TEMP returning (ret = 0). > [2005/09/06 10:19:25, 3] smbd/error.c:error_packet(105) > error string = No data available > [2005/09/06 10:19:25, 3] smbd/error.c:error_packet(129) > error packet at smbd/nttrans.c(800) cmd=162 (SMBntcreateX) NT_STATUS_ > ACCESS_DENIED > > > > SYSTEM: sles9, samba 3.0.14a-21 Sernet, SAMBA Member Server in Active > Diretory > > > Can anyone help? > > > Cheers Stefan > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] userrights
Hi, I have a strange problem when I try to delete a file (e.g. CONFIG.ETP). The windows box says access denied. But the file has the following rights: # ls -n CONFIG.ETP -rwxrwx---+ 1 0 12152 2757 Mar 13 1995 CONFIG.ETP The user (Administrator) is member of the group smbadm (GID:12152). loglevel 10 output when I try to delete the file --- [2005/09/06 10:19:25, 10] smbd/posix_acls.c:check_posix_acl_group_write(3910) check_posix_acl_group_write: ret = -1 before check_stat: [2005/09/06 10:19:25, 10] smbd/posix_acls.c:check_posix_acl_group_write(3920) check_posix_acl_group_write: file TEMP match on owning group 12152 -> cannot w rite. [2005/09/06 10:19:25, 10] smbd/posix_acls.c:check_posix_acl_group_write(3934) check_posix_acl_group_write: file TEMP returning (ret = 0). [2005/09/06 10:19:25, 3] smbd/error.c:error_packet(105) error string = No data available [2005/09/06 10:19:25, 3] smbd/error.c:error_packet(129) error packet at smbd/nttrans.c(800) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED SYSTEM: sles9, samba 3.0.14a-21 Sernet, SAMBA Member Server in Active Diretory Can anyone help? Cheers Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with the valid users setting in smb.conf andwinbind/AD (repost)
Hi, is there any samba error message? Please make sure that you use the parameter "valid users = REALMusername". Cheers Stefan Original Message Subject: [Samba] Problems with the valid users setting in smb.conf andwinbind/AD (repost) (01-Sep-2005 10:57) From:[EMAIL PROTECTED] To: samba@lists.samba.org > > Hi the list > > Got a small issue in that the directive "valid users = username" doesn't > work under a share when using winbind/AD for authentication. > > If I remove it, it works, but obviously anyone can see/use it. > > Everything else seems to work, getent passwd wbinfo -u etc permissions etc > all working. > > Any help gratefully received as always :) > > Ross > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kerberos problem with net ads join under AIX
Hi, please configure your kerberos-config-file and verify the connection to the KDC (physical connection, DNS, etc.). But one thing is very strange, how can kinit works with your default kerberos configuration?! Cheers Stefan Original Message Subject: [Samba] Kerberos problem with net ads join under AIX (01-Sep-2005 8:04) From:[EMAIL PROTECTED] To: samba@lists.samba.org > Hello! > > If i try a net ads join i get a kerberos error , but my kerberos works > fine, i can do a kinit,klist and so on. > > the error i get is the following. > > [2005/09/01 08:02:16, 0] libads/kerberos.c:ads_kinit_password(146) > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network > address for KDC in requested realm > [2005/09/01 08:02:16, 0] utils/net_ads.c:ads_startup(191) > ads_connect: Cannot resolve network address for KDC in requested realm > > I tried nearly everthing until now, but i get no other result than the one > above - can anybody help me? > > I run under AIX 5.3 . > > Regards > Markus > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20
Hi, sorry but Samba is not responsilbe for binarys! You will find current SUSE 8.2 binarys at: ftp://ftp.sernet.de/pub/samba/suse/suse82/ Cheers Stefan Original Message Subject: [Samba] 3.0.20 (26-Aug-2005 12:52) From:[EMAIL PROTECTED] To: samba@lists.samba.org > > Will there be an RPM for Suse 8.2? As the last one available is the 3.0.14a > and I would like to update the Samaba server to 3.0.20. If not, how can I > upgrade my existing one? > > Thanks! > > Raymond > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] URGENT winbind problem
Hi all, I have a strange problem with winbind. Samba says that "REALMusername" is not a valid user (winbind getpw() call), but winbind works! The strange thing is when I call "wbinfo -u", the result is a AD-Userlist like this: username1 username2 . . . So far so good, but why not: REALMusername The same problem occurs when I call getent! I have "played" with the parameter "winbind user default domain = yes/no" but without success :( SYSTEM: samba3.0.10/CentOS4 Any suggestions? cheers Stephan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind problem
hi all, i have a strange problem with winbind. Samba says that REALMusername is not a valid user (winbind getpw call), but winbind works! The strange thing happens when I call "wbinfo -u", the result is a AD-Userlist like this: username1 username2 So far, but why not: REALMusername The same problem occurs when I call getent passwd! I have played with ther parameter "winbind user default domain = yes/no" but without success :( Any suggestions? cheers Stephan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba3 x86_64 performance
Hi all, has anyone had any experience with samba3 on a X86_64 system. Are there any significant performance benefits ? cheers Stephan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] set a machine accout password fails
I want to change a machine account password with smbpasswd -m , but smbpasswd fails! error message: Failed to set password for user test$. Failed to modify password entry for user test$ any ideas how to change a machine account password ? regards Stefan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] passwort set problem
Hi @all, I can`t set a new password for a machine accout! create a new account works (smbpasswd -a -m test), but when I would change the password with or the following errors occured: Failed to set password for user test$. Failed to modify password entry for user test$ The strange thing is that samba 3.04 has no problem to change the password. SYSTEM: SLES9, samba 3.07 any ideas ? regards stefan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem Samba 3.0.1
I get the following errors with samba 3.0.1: Dec 20 14:06:30 miclinux smbd[9915]: write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer Dec 20 14:06:30 miclinux smbd[9915]: [2003/12/20 14:06:30, 0] lib/util_sock.c:send_smb(601) Dec 20 14:06:30 miclinux smbd[9915]: Error writing 4 bytes to client. -1. (Connection reset by peer) What is wrong here ? How can I fix the problem ? Any ideas ? Stefan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba