Re: [Samba] Re: Bug#219197: PANIC: internal error
At 02:41 PM 01/26/2004 -0800, Mike Fedyk wrote: I ran the same 3.0.1-2-debug1 under valgrind to get this output. I only ran it for a short period of time because samba is giving access denied errors that it doesn't when not being traced by valgrind. It's probably some interaction with nss-ldap, and I see some references to it in the traces also. Though, there are some errors that don't mention ldap... Jan 26 14:20:00 fileserver samba-valgrind: ==19297== Conditional jump or move depends on uninitialised value(s) MASSIVE SNIP So let's send this to the list twice, just so those of us on slow connections get to enjoy your 111K email *twice*. Can we attempt being a little more considerate? Not everyone has a broadband connection. Post your errors on a web server somewhere and send a link. Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Still trying to backup 66 GB from LINUX to W2K ***
If you're writing to a Windows system, you have to deal with the limitations of the Windows box's file system, right? Are you running NTFS or FAT32 on the Windows box? FAT32 has a maximum file size of 4GB that you would have to contend with. Terry On Thu, Nov 20, 2003 at 07:55:51AM +, John H Terpstra wrote: On Thu, 20 Nov 2003, Stefan G. Weichinger wrote: I do not want to nit pick, but please note that smbfs is not samba. smbfs is a kernel driver in Linux. smbclient is part of Samba. You should be able to use it to backup your files to a Win2K system and it should not be 2GB limited. - John T. Hello, [EMAIL PROTECTED], Mittwoch, 19. November 2003, 17:09 you wrote: CLcd Hi Everyone. CLcd I'm still having that problem that my samba cannot backup more CLcd than 2 GB onto a Windows share (on a Win2K box) (see messages CLcd earlier in this forum - I have to backup a 66 GB file out of database). On the other hand, David Morel has sent me this: for the last time, the 2Gb limitation is a problem with smbfs in 2.4 kernels (which smbmount uses). To circumvent it, either find urban widmark's patches or use cifs with a 2.6 kernel. D.Morel I have not noticed that facts in my setup. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0, Red Hat 9, and Kerberos issues with Windows Server 2003
OK, I've put together a quick-and-dirty fix to make a Red Hat 9/Samba 3 box talk to a Windows 2k3 box. This works for me, and it's not too terribly ugly: Download the SRPMS for Krb5 1.3.1 for the newest Red Hat beta, Severn. You'll also need the SRPMS for e2fsprogs. Build e2fsprogs and update your system. Build Krb5 1.3.1. Uninstall all Krb5 components (server, workstation, debug, devel) except krb5-libs-1.2.7-14 (openssl dependency) Install new krb5 components. You should end up with all krb5 components (don't really need debug) at 1.3.1, with an additional copy of krb5-libs-1.2.7-14. Download Samba 3.0.1pre1 SRPM. rpm -v samba-3.0.1pre1.src.rpm Edit /usr/src/redhat/SPECS/samba3.spec In the CFLAGS settings, add --with-krb5=/usr/lib rpmbuild -bb samba3.spec Go to /usr/src/redhat/RPMS/i386 Install the Samba 3.0.1pre1 RPM there. kinit username password smbclient -k //yourwin2k3box/c$ And you're done. It's not pretty, and it may not be the best idea for a crucial system, but it does work (the builds don't even complain about too many problems!) Any suggestions/improvements would be appreciated. Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 and 2003 server integration
At 07:28 PM 10/17/2003 -0400, [EMAIL PROTECTED] wrote: Hi, Is it possible to have a Windows 2003 server as the PDC and corresponding Exchange server while having domain members being Samba 3? Yes, I've done it. There are some tricks to get Red Hat 9 to talk to Win 2k3 (having to do with the MIT Kerberos libraries) if that's your distro of choice. The big trick is to ensure that your Active Directory is running in Native Mode - NOT Native 2003 Mode (won't work). Keep in mind that, if you have already upgraded to Native 2003 mode, you can't revert to Native mode (AFAIK). Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SMB client signing?
I'm having a bit of trouble getting a share to mount: [EMAIL PROTECTED] samba]# kinit tvsjr Password for [EMAIL PROTECTED]: password [EMAIL PROTECTED] samba]# smbclient -k //server01/e$ smb: \ quit [EMAIL PROTECTED] samba]# mount -t smbfs -o username=tvsjr,krb //server01/e$ /data Warning: kerberos support will only work for samba servers cli_negprot: SMB signing is mandatory and we have disabled it. 2054: protocol negotiation failed SMB connection failed [EMAIL PROTECTED] samba]# My smb.conf: [global] realm = HOME.TVSJR.COM encrypt passwords = yes password server = SERVER01 workgroup = HOME security = ADS client use spnego = yes client signing = yes server signing = yes I'm trying to mount a share from a Windows 2K, XP, or 2k3 box. Any suggestions? Thanks, Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [OT]SPAM
OK, maybe I don't know what I'm talking about... of course, look at the number of people confirming my story. You'll discover that Outlook the mail client and Outlook the news reader are very much intermingled - if someone is using Outlook to browse the newsgroups and is infected, they will still transmit the virus to the direct email addresses shown on Usenet. Read this one more time: I *DO NOT* have the option of running server-side filtering, unless I want to use Earthlink's option, which has given numerous false positives! As a consultant, I can not afford to have customer email ending up in the trash because the server thought it was spam. Furthermore, I'm subscribed to 20+ mailing lists on this account (from various services, including private lists, Yahoo Groups, etc.) The spam count was about 10 per day until I subscribed to the Samba list. Now it's over 200. Argue as much as you like, but no one else seems to have this problem. Terry At 04:50 PM 10/15/2003 +1000, Martin Pool wrote: On Tue, 14 Oct 2003 07:56:18 -0500, tvsjr wrote: Helpful suggestions (although its too late for those of us already subscribed): Quit forwarding the list onto Usenet, at least with email addresses exposed (what's the real use of this, considering it's not that big of a deal for people to subscribe?) I don't think viruses read Usenet. I realize spammers do, but spammers are a relatively small problem compared to Outlook viruses. Protect emails anywhere the list is archived/posted Again, viruses do not read the archives. People who are receiving viruses are probably getting them because their mail was read on an infected Windows PC either by a subscriber, or by somebody subscribed to an echo list. Archives and NNTP mirrors are irrelevant. If I could stop infected people subscribing then I would, but I don't see how to do that. So the only interim solution is to not post from an address without virus filters. I don't see any reason to force anonymous posts when you can do it yourself and some people want to be non-anonymous. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SPAM
At 08:46 AM 10/15/2003 -0400, David Brodbeck wrote: I've never seen a virus arrive *through* the list. I think what people are complaining about is viruses being sent to them directly. There have been a very few that came through the list, according to memory. The vast majority are going direct. Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3: is LDAP required?
Yes or no - is OpenLDAP required to be on the SAMBA 3.0 server in order for Active Directory support to work? Active Directory support == security = ads. Are you trying to make Samba act as an Active Directory server? If so, then Samba won't do that, you're SOL. If you're trying to make your Samba machine join an Active Directory, no, OpenLDAP is not required. The Active Directory must be running in Mixed or Native mode, not in Native 2003 (2k3 Server only) mode. Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT][Samba] SPAM
Yes, too many fair subscribers of this list still use popular inherently insecure mailreaders. I'm afraid, Samba team can do nothing with it. The security of the mailreader has nothing to do with it. I run Eudora, and my corporate installation of Norton AntiVirus catches every one of the incoming Swen mails. However, I'm up to over 200 Swen mails a day, at 55KB/ea., amounting to 11MB of transfer over my 144Kbps symmetrical IDSL line. That's ~11 minutes of additional download time to fetch all of my mail at the end of a long day, not to mention that it fills up my Sprynet account's mailbox. Helpful suggestions (although its too late for those of us already subscribed): Quit forwarding the list onto Usenet, at least with email addresses exposed (what's the real use of this, considering it's not that big of a deal for people to subscribe?) Protect emails anywhere the list is archived/posted I don't have this problem with other lists (this account is subscribed to at least 20), so there's no reason why we should have these problems here, either. Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT][Samba] SPAM
This could stop almost everything, anyway , the mail list admins can't do anything, beacuse it isn't related to the server security/filtering Sure they could. If the members' email addresses were only available to the members (rather than being available via Usenet/Google News, public archives, etc.) we wouldn't become spam targets. I agree the list archives need to be public, but it wouldn't be very hard to either convert the email addresses to an image with a random background (much the same as what's being used for verification these days on many sites) or to not show them at all. This being portrayed as the user's fault is bullshit. Having to install software on your server because of a mailing list is *not* an acceptable answer. And, of course, not all of us run our own mail servers, so we don't have the option of installing filtering server-side (Earthlink's spam-killer offering is too restrictive and has given false positives for me.) And stop using Outlook, get a decent(secure) email client. I totally agree... but, even with a decent email client, dialup users will still have to wait 10-15 seconds per infected email for the download to complete. The system is broken, and needs to be fixed. This is *not* an end-user problem... Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 and Windows Server 2003
At 03:12 PM 10/12/2003 -0500, Bryan Haro wrote: Okay, I'm trying to get my samba server to talk to my Windows 2003 domain running in native 2003 mode. First, while trying to add the samba server with the net ads join command, it just wouldn't work. I wouldn't get an error or a confirmation, I'd just be sent back to the command prompt. My krb5.conf file is setup properly and when I run a kinit command, it runs fine. Anyway, I gave up on that as I really don't need full ADS domain membership. If the directory is running in Windows Server 2003 mode (a superset of native mode) then it won't work, from what I understand. I believe this is stated in the HOWTOs. You'll need to reconfigure your server and use native mode rather than native 2003 mode. Disclaimer: I have successfully joined a few Red Hat 9 boxes to my Active Directory in Native 2000 mode. Now, when I try to join the domain with just net join I get a response saying that the samba server successfully joined the domain. Everything looks good in my smb.conf file and I have corresponding users in the domain and on the linux box so I start up the daemons, go to one of my win 2003 servers and try to open a share on the samba server. Everytime I try, I keep getting a password prompt. Putting in a domain username and password just brings the password prompt back up. Here's what my log file says: I'm having the same problems, but in the other direction - the Samba box won't read a share on the 2k3 Server box, while it will from a 2000 box. This has been isolated to being a problem with too-old versions of the MIT krb5 libraries (for instance, the newest RPM you can get for Red Hat 9 is 1.2.7-14, while MIT is up to 1.3.1, which is supposed to work with 2k3). There are additional problems when trying to rebuild Samba to point at newer krb5 builds - check bug 433 in Bugzilla (https://bugzilla.samba.org/show_bug.cgi?id=433). This bug has been assigned, but has yet to be totally fixed. I'm going to assume you're experiencing the same failure mode, just in the opposite direction. For now, Gavin Davenport ([EMAIL PROTECTED]) has built a workaround, although I have yet to try it (been working on methods to run Linux on an SGI O2 - if anyone has any suggestions, please contact me direct!). Hope that helps... Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Swen virus and spam appears to be coming from Samba list
At 11:39 PM 10/11/2003 -0400, Steve Smith wrote: Shortly after I subscribed to this Samba list I started receiving numerous emails infected with the Swen/Gibe worm. Many of these emails contained the email addresses of Samba list members. I believe a subscriber of the Samba list has the Swen virus. Has anyone else on this list been getting emails infected with the Swen/Gibe worm? Please update your virus definitions and do a virus scan just to make sure your it's not your computer that is sending out this virus. YES! I subscribed a couple of days ago, and my daily Swen count has gone from 1-2/day to 200/day. At 55KB/ea., that's a pretty fair chunk of traffic over my poor IDSL line, too. Norton has been successfully nuking all of them... Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems accessing shares when authenticating to Win 2k3 AD
I'm a bit of a newbie to Samba, and am having some trouble getting it
running with my Windows Server 2003 Active Directory. I've followed the
procedures in the HOWTO-Collection.pdf, with no luck.
kinit administrator works fine, and stores a ticket in the cache:
[EMAIL PROTECTED] root]# klist -5
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
10/10/03 06:39:19 10/10/03 16:39:19 krbtgt/[EMAIL PROTECTED]
[EMAIL PROTECTED] root]#
Joining the domain works:
[EMAIL PROTECTED] root]# net ads join
Using short domain name -- HOME
Joined 'FIREWALL' to realm 'HOME.EXAMPLE.COM'
[EMAIL PROTECTED] root]#
If I switch to the Active Directory server, it shows firewall as a member
of the directory, with an OS of Samba 3.0.0, so there's no problem here.
However, trying to access a share on server01 fails:
[EMAIL PROTECTED] root]# smbclient -k //server01/e$
[2003/10/10 06:43:40, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
session setup failed: Server packet had invalid SMB signature!
[EMAIL PROTECTED] root]# smbclient -k //server01/testshare
[2003/10/10 06:48:10, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
session setup failed: Server packet had invalid SMB signature!
If I try to access a share on a Win2k Pro machine, it works flawlessly:
[EMAIL PROTECTED] root]# smbclient -k //desktop01/c$
smb: \ quit
[EMAIL PROTECTED] root]#
My config files are attached below.
I am playing with this in a development lab with the intention of learning
a bit more about Linux and Linux/Windows interoperability. Eventually, I'm
heading for single sign-on across my Linux and Windows workstations (using
winbindd, etc. as discussed in the HOWTO-Collection.) My Windows boxes
(Win98SE, Win2K Pro/Server, WinXP Pro, Win2k3 Server) have no trouble
authenticating through the Active Directory on server01.
I'm probably missing something incredibly obvious, but any assistance would
be most appreciated.
Thanks,
Terry
Here are my config files (domain name has been changed):
/etc/samba/smb.conf:
[global]
realm = HOME.EXAMPLE.COM
workgroup = HOME
security = ADS
/etc/krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/loc/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = HOME.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
[realms]
HOME.EXAMPLE.COM = {
kdc=server01.home.example.com
admin_server = server01.home.example.com
default_domain = home.example.com
}
[domain_realm]
.home.example.com = HOME.EXAMPLE.COM
home.example.com = HOME.EXAMPLE.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Redhat and windows 2003 Active directory authentication
Before I beat my head against a wall much longer, should I be able to get login authentication (presumably using winbind) to work in light of this bug? My Active Directory servers are running Win2k3 Server. Thanks again for your help, Terry At 01:51 PM 10/10/2003 +0100, Gavin Davenport wrote: No, it's a bug. Please file it in bugzilla. Basically, we look in the path for krb5-config before we consult that parameter. Done. https://bugzilla.samba.org/show_bug.cgi?id=600parameter. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
