[Samba] Samba 3.0.20 Windows 2008
Hello, You ALL, has anybody gotten Samba to work with Windows 2008? do I need to enable any features in Windows 2008? I had read the official unofficial howto and not luck getting samba to work with Windows 2008. FreeBSD 7.0 Windows Longhorn Server Enterprise 2008 Thanks, -Augustin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] full_audit on Samba 3.0.20 vs 3.0.25
On Thu, Aug 09, 2007 at 11:34:29AM -0400, Ryan Steele wrote: On the 3.0.20 box, they seem to be ignored, which causes the logs to fill up very quickly. I appreciate any light that can be shed on this situation. Thanks in advance! The all/none flags were added with r13028, tags/release-3.0.20 was created with r9403. So none was added after 3.0.20. I think you have to upgrade. Volker pgp66HhsErHk5.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] full_audit on Samba 3.0.20 vs 3.0.25
Volker Lendecke wrote: On Fri, Aug 03, 2007 at 04:20:20PM -0400, Ryan Steele wrote: Just a quick question for you: Does Samba 3.0.20 support the full_audit module? I've got the module operating on two boxes, one with Samba The full audit module was added around 3.0.4. 3.0.25 and the other with 3.0.20, and only the former seems to interpret VFS directives, such as: full_audit:prefix = %u full_audit:failure = none full_audit:success = open write close On the 3.0.20 box, they seem to be ignored, which causes the logs to fill up very quickly. I appreciate any light that can be shed on this situation. Thanks in advance! Not sure what this is, I think the full smb.conf would be necessary here. Volker Volker and list, Here's the smb.conf, followed by an example log entry - I'd appreciate any insight as to why it still logs the failures (and lots of them!) Thanks! [global] workgroup = SOMEGROUP server string = %h server (SOMESERVER) wins support = yes dns proxy = yes name resolve order = wins lmhosts host bcast smb ports = 139 log file = /var/log/samba/log.%m max log size = 100 log level = 0 vfs:2 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = ldapsam:ldap://127.0.0.1/ obey pam restrictions = no ldap admin dn = cn=admin,dc=somedomain,dc=com ldap suffix = dc=somedomain,dc=com ldap group suffix = ou=Groups ldapuser suffix = ou=People ldap machine suffix = ou=Computers ldap idmap suffix = ou=People ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [Shared Files] vfs objects = full_audit full_audit:prefix = %u full_audit:failure = none full_audit:success = write comment = SOMESERVER's Files path = /home/sharedfiles browseable = yes writable = yes oplocks = No level 2 oplocks = No directory mask = 0775 create mask = 0664 Here's the log entry: Aug 9 11:04:52 servername smbd_audit: username|sys_acl_get_file|fail (Operation not supported)|/path/to/file -- Ryan Steele Systems Administrator [EMAIL PROTECTED] AgoraNet, Inc. (302) 224-2475 314 E. Main Street, Suite 1 (302) 224-2552 (fax) Newark, DE 19711http://www.agora-net.com GPG Signature:http://www.agora-net.com/~steele/signature.asc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] full_audit on Samba 3.0.20 vs 3.0.25
On Fri, Aug 03, 2007 at 04:20:20PM -0400, Ryan Steele wrote: Just a quick question for you: Does Samba 3.0.20 support the full_audit module? I've got the module operating on two boxes, one with Samba The full audit module was added around 3.0.4. 3.0.25 and the other with 3.0.20, and only the former seems to interpret VFS directives, such as: full_audit:prefix = %u full_audit:failure = none full_audit:success = open write close On the 3.0.20 box, they seem to be ignored, which causes the logs to fill up very quickly. I appreciate any light that can be shed on this situation. Thanks in advance! Not sure what this is, I think the full smb.conf would be necessary here. Volker pgpOvkrWRjcYs.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: Any headway on incorporating the patches into a 3.0.23c release that will help all of us that are running stand-along, no-winbind, simple smbpasswd setups?? I was never able to get the patches to apply properly and my manual compile messed up my ability to print with cups. (yes I compiled with --enable-cups) I have dropped back to the 3.0.20-SuSE rpms and it is working, but I would like to help get 3.0.23b fixed. Any word?? Early next week ? Linuxworld has been going on at San Francisco so that has eaten some time. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFE5UqxIR7qMdg1EfYRAif0AKDvZlujYsARkZTcKES5Aao39V4fJwCfbY9t LN0pvExJi9+c+a0zBMOcQkM= =bTO/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
I've got a long mail that explains we made this change and we had a hard time with 3.0.23. I'll try to send it out next week. that's very good news! i was about to ask the list about these changes because they horribly confused me :) thx! micha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: the patch fixes the valid users problem for me. Or, to come back to the list of different syntaxes, these work: valid users = +users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 These didn't work: valid users = +Unix Group\users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-22-2-100 Please test the patch. Supersedes the previous one. Also available from http://www.samba.org/~jerry/patches/ It's semi-ok that syntax you list doesn't work. You should really only worry about +users for local group names. Hi Jerry, v2 of the patch still works fine, but the list of working syntaxes changed. These work: valid users = +users valid users = +Unix Group\users valid users = S-1-22-2-100 These didn't work: valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 And it's not that I expect all of these to work, it's more that I tried about any combo that I saw in the logs :-). Though I believe that the +Unix Group\users is nice to have in case I switch to PDC, cause personally I like to be explicit in configuration files. Thanks, Franz. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: v2 of the patch still works fine, but the list of working syntaxes changed. These work: valid users = +users valid users = +Unix Group\users valid users = S-1-22-2-100 These didn't work: valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 This is to be expected. All unmapped users will possess a SID in the S-1-22-1 domain and all unmapped groups will be in the S-1-22-2 domain. HOSTNAME\users would work for a mapped group. BUILTIN\users would work if you have local builtin group called users (e.g. net sam createbuiltin Users) And it's not that I expect all of these to work, it's more that I tried about any combo that I saw in the logs :-). Though I believe that the +Unix Group\users is nice to have in case I switch to PDC, cause personally I like to be explicit in configuration files. There problem is that if you create a group map entry for HOSTNAME\users, unix Group\users will resolve to a different SID and hence anyone actually in the users group from /etc/group will have the HOSTNAME\users SID in their token. At this time we are *not* recommending that anyone qualify names with HOSTNAME or Unix XXX. Samba will handle the steps necessary to resolve the name, giving precedence to mapped users and groups over unmapped ones. You only have to qualify domain names and groups in the BUILTIN domain. I've got a long mail that explains we made this change and we had a hard time with 3.0.23. I'll try to send it out next week. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3iKpIR7qMdg1EfYRAtvGAKCCdblzwxS5qv2iL4Dplt9HTEwq6QCgsm6l jVl0lWeAB0JQtsUreRW0xzs= =63O3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
At 00:44 11.08.2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david, HELP! On mandriva, I compiled samba from source and got it running, but I cannot connect from windows. (see my post from earlier [Samba] Compiling and Configuring Samba for Mandrival) [EMAIL PROTECTED]:~ smbclient //bonza/office Password: Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED ... I have attached a level 10 debug if that will help. This is a standalone server. Attachments get stripped from the list. I need your smb.conf, a level 10 debug log from smbd, and output from the following tow commands * pdbedit -L -w | cut -d: -f1 * net groupmap list | cut -d\( -f1 Hi, I have the same problem with a simple security = user, non-LDAP, non-windbindd etc. setup. I can workaround this for gid=100/groupname=users with: valid users = S-1-5-21-1540046517-542637695-1028676802-1201 My net getlocalsid: SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802 These didn't work: valid users = +users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = +Unix Group\users valid users = S-1-22-2-100 This seems also to be related on which versions of samba were working before on a machine (seems to depend on the contents of the .tdb), but so far I could always reproduce it when I delete most of the .tdb's except printer related and secrets.tdb. Maybe some net groupmap statements are now necessary for simple setups as well? bye, Franz. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: I have the same problem with a simple security = user, non-LDAP, non-windbindd etc. setup. I can workaround this for gid=100/groupname=users with: valid users = S-1-5-21-1540046517-542637695-1028676802-1201 My net getlocalsid: SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802 These didn't work: valid users = +users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = +Unix Group\users valid users = S-1-22-2-100 ok. Found the problem. It's smbpasswd. If you use tdbsam everything is fine. Patch forthcoming shortly. Sorry. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3H5VIR7qMdg1EfYRAlqTAJ0ZcnKBwL4cTSqjcjq5rHpITHoG7ACg633E fiP3Ihqaeu+zHUfltU8CbJE= =YTCJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
I had the same problem on AIX with Samba 3.0.23b upgrading Samba 3.0.23a. The solution I found was to change all valid users to users. The documents still say valid users is acceptable; but it would not work once I went to 3.0.23b. Lamar -Original Message- From: Franz Sirl [mailto:[EMAIL PROTECTED] Sent: Friday, August 11, 2006 4:20 AM To: Gerald (Jerry) Carter Cc: samba Subject: Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect. At 00:44 11.08.2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david, HELP! On mandriva, I compiled samba from source and got it running, but I cannot connect from windows. (see my post from earlier [Samba] Compiling and Configuring Samba for Mandrival) [EMAIL PROTECTED]:~ smbclient //bonza/office Password: Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED ... I have attached a level 10 debug if that will help. This is a standalone server. Attachments get stripped from the list. I need your smb.conf, a level 10 debug log from smbd, and output from the following tow commands * pdbedit -L -w | cut -d: -f1 * net groupmap list | cut -d\( -f1 Hi, I have the same problem with a simple security = user, non-LDAP, non-windbindd etc. setup. I can workaround this for gid=100/groupname=users with: valid users = S-1-5-21-1540046517-542637695-1028676802-1201 My net getlocalsid: SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802 These didn't work: valid users = +users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = +Unix Group\users valid users = S-1-22-2-100 This seems also to be related on which versions of samba were working before on a machine (seems to depend on the contents of the .tdb), but so far I could always reproduce it when I delete most of the .tdb's except printer related and secrets.tdb. Maybe some net groupmap statements are now necessary for simple setups as well? bye, Franz. Privileged and Confidential. This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information. If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail. You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Rankin wrote: From: Gerald (Jerry) Carter [EMAIL PROTECTED] ok. Found the problem. It's smbpasswd. If you use tdbsam everything is fine. Patch forthcoming shortly. Sorry. Aahah! I knew the coffee would help ; - ) Hey folks, Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch). It passes very basic testing for standalone servers using smbpasswd. And still has some discussion to go through before it will go into the tree for 3.0.23c. Also available at http://www.samba.org/~jerry/patches/ if the attachment gets messed up. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3J18IR7qMdg1EfYRAjK4AJ9bRS+cXFU0L3nMm9g+Hi+ExeXNxgCfb2/x Omcesq0DAeSWNOv0SGj5q6I= =LfCs -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Hey folks, Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch). Once more with feeling (and the attachment) jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3J3XIR7qMdg1EfYRAr/7AKDdjS+QHraNnUoT5pG/viQsFwcRbgCeNuBy H0ug4P2fgBPHZYDG3dgh9WI= =XCBZ -END PGP SIGNATURE- diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.23b/source/auth/auth_util.c samba-3.0.23b-patched/source/auth/auth_util.c --- samba-3.0.23b/source/auth/auth_util.c 2006-08-07 11:46:33.0 -0500 +++ samba-3.0.23b-patched/source/auth/auth_util.c 2006-08-11 10:03:44.0 -0500 @@ -1052,9 +1052,8 @@ return NT_STATUS_NO_MEMORY; } - if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL, -NULL, NULL, user_sid, type)) { - DEBUG(1, (lookup_name_smbconf for %s failed\n, username)); + if (!lookup_user_smbconf(tmp_ctx, username, user_sid, type)) { + DEBUG(1, (lookup_user_smbconf(%s) failed\n, username)); goto done; } diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.23b/source/include/smb.h samba-3.0.23b-patched/source/include/smb.h --- samba-3.0.23b/source/include/smb.h 2006-07-10 11:27:52.0 -0500 +++ samba-3.0.23b-patched/source/include/smb.h 2006-08-11 10:03:44.0 -0500 @@ -272,7 +272,7 @@ #define LOOKUP_NAME_REMOTE 2 /* Ask others */ #define LOOKUP_NAME_ALL (LOOKUP_NAME_ISOLATED|LOOKUP_NAME_REMOTE) -#define LOOKUP_NAME_GROUP4 /* This is a NASTY hack for valid users = @foo +#define LOOKUP_NAME_GROUP4 /* (unused) This is a NASTY hack for valid users = @foo * where foo also exists in as user. */ /** diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.23b/source/passdb/lookup_sid.c samba-3.0.23b-patched/source/passdb/lookup_sid.c --- samba-3.0.23b/source/passdb/lookup_sid.c2006-08-07 11:46:33.0 -0500 +++ samba-3.0.23b-patched/source/passdb/lookup_sid.c2006-08-11 10:03:44.0 -0500 @@ -120,63 +120,6 @@ goto failed; } - /* -* Nasty hack necessary for too common scenarios: -* -* For 'valid users = +users' we know users is most probably not -* BUILTIN\users but the unix group users. This hack requires the -* admin to explicitly qualify BUILTIN if BUILTIN\users is meant. -* -* Please note that LOOKUP_NAME_GROUP can not be requested via for -* example lsa_lookupnames, it only comes into this routine via -* the expansion of group names coming in from smb.conf -*/ - - if ((flags LOOKUP_NAME_GROUP) ((grp = getgrnam(name)) != NULL)) { - - GROUP_MAP map; - - if (pdb_getgrgid(map, grp-gr_gid)) { - /* The hack gets worse. Handle the case where we have -* 'force group = +unixgroup' but unixgroup has a -* group mapping */ - - if (sid_check_is_in_builtin(map.sid)) { - domain = talloc_strdup( - tmp_ctx, builtin_domain_name()); - } else { - domain = talloc_strdup( - tmp_ctx, get_global_sam_name()); - } - - sid_copy(sid, map.sid); - type = map.sid_name_use; - goto ok; - } - - /* If we are using the smbpasswd backend, we need to use the -* algorithmic mapping for the unix group we find. This is -* necessary because when creating the NT token from the unix -* gid list we got from initgroups() we use gid_to_sid() that -* uses algorithmic mapping if pdb_rid_algorithm() is true. */ - - if (pdb_rid_algorithm() - (grp-gr_gid max_algorithmic_gid())) { - domain = talloc_strdup(tmp_ctx, get_global_sam_name()); - sid_compose(sid, get_global_sam_sid(), - pdb_gid_to_group_rid(grp-gr_gid)); - type = SID_NAME_DOM_GRP; - goto ok; - } - - if (lookup_unix_group_name(name, sid)) { - domain = talloc_strdup(tmp_ctx, -
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
At 17:08 11.08.2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Rankin wrote: From: Gerald (Jerry) Carter [EMAIL PROTECTED] ok. Found the problem. It's smbpasswd. If you use tdbsam everything is fine. Patch forthcoming shortly. Sorry. Aahah! I knew the coffee would help ; - ) Hey folks, Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch). It passes very basic testing for standalone servers using smbpasswd. And still has some discussion to go through before it will go into the tree for 3.0.23c. Also available at http://www.samba.org/~jerry/patches/ if the attachment gets messed up. Hi Jerry, the patch fixes the valid users problem for me. Or, to come back to the list of different syntaxes, these work: valid users = +users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 These didn't work: valid users = +Unix Group\users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-22-2-100 Thanks for the patch! On a side note, 3.0.23 series fixed the long delay/hang when accessing a samba share in explorer after a long pause nuisance for me, thanks for this as well! bye, Franz. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: the patch fixes the valid users problem for me. Or, to come back to the list of different syntaxes, these work: valid users = +users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 These didn't work: valid users = +Unix Group\users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-22-2-100 Thanks for the patch! I understand why now these don't work now. Second round of patches on the way. On a side note, 3.0.23 series fixed the long delay/hang when accessing a samba share in explorer after a long pause nuisance for me, thanks for this as well! Good news :-) Thanks. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3M4BIR7qMdg1EfYRAks4AJ9V0AWVUzuGwmGaPsWVo8QjIGTXJQCeLu+D 51IPyqOeK1dQIkUJqTVIf4k= =IhPQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: the patch fixes the valid users problem for me. Or, to come back to the list of different syntaxes, these work: valid users = +users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 These didn't work: valid users = +Unix Group\users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-22-2-100 Please test the patch. Supersedes the previous one. Also available from http://www.samba.org/~jerry/patches/ It's semi-ok that syntax you list doesn't work. You should really only worry about +users for local group names. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3NHbIR7qMdg1EfYRAj3nAJ4wtGGV5gZdfPex6VoqV0oR56U5jQCfenpt nngKKBmiJcVOXVi60MoQk4w= =e+/6 -END PGP SIGNATURE- Index: groupdb/mapping.c === --- groupdb/mapping.c (revision 17493) +++ groupdb/mapping.c (working copy) @@ -195,7 +195,7 @@ fstrcpy(map.nt_name, grpname); if (pdb_rid_algorithm()) { - rid = pdb_gid_to_group_rid( grp-gr_gid ); + rid = algorithmic_pdb_gid_to_group_rid( grp-gr_gid ); } else { if (!pdb_new_rid(rid)) { DEBUG(3, (Could not get a new RID for %s\n, Index: passdb/util_unixsids.c === --- passdb/util_unixsids.c (revision 17493) +++ passdb/util_unixsids.c (working copy) @@ -42,6 +42,12 @@ return sid_append_rid(sid, uid); } +BOOL uid_to_unix_groups_sid(gid_t gid, DOM_SID *sid) +{ + sid_copy(sid, global_sid_Unix_Groups); + return sid_append_rid(sid, gid); +} + const char *unix_users_domain_name(void) { return Unix User; Index: passdb/lookup_sid.c === --- passdb/lookup_sid.c (revision 17493) +++ passdb/lookup_sid.c (working copy) @@ -43,7 +43,6 @@ DOM_SID sid; enum SID_NAME_USE type; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - struct group *grp; if (tmp_ctx == NULL) { DEBUG(0, (talloc_new failed\n)); @@ -120,63 +119,6 @@ goto failed; } - /* -* Nasty hack necessary for too common scenarios: -* -* For 'valid users = +users' we know users is most probably not -* BUILTIN\users but the unix group users. This hack requires the -* admin to explicitly qualify BUILTIN if BUILTIN\users is meant. -* -* Please note that LOOKUP_NAME_GROUP can not be requested via for -* example lsa_lookupnames, it only comes into this routine via -* the expansion of group names coming in from smb.conf -*/ - - if ((flags LOOKUP_NAME_GROUP) ((grp = getgrnam(name)) != NULL)) { - - GROUP_MAP map; - - if (pdb_getgrgid(map, grp-gr_gid)) { - /* The hack gets worse. Handle the case where we have -* 'force group = +unixgroup' but unixgroup has a -* group mapping */ - - if (sid_check_is_in_builtin(map.sid)) { - domain = talloc_strdup( - tmp_ctx, builtin_domain_name()); - } else { - domain = talloc_strdup( - tmp_ctx, get_global_sam_name()); - } - - sid_copy(sid, map.sid); - type = map.sid_name_use; - goto ok; - } - - /* If we are using the smbpasswd backend, we need to use the -* algorithmic mapping for the unix group we find. This is -* necessary because when creating the NT token from the unix -* gid list we got from initgroups() we use gid_to_sid() that -* uses algorithmic mapping if pdb_rid_algorithm() is true. */ - - if (pdb_rid_algorithm() - (grp-gr_gid max_algorithmic_gid())) { - domain = talloc_strdup(tmp_ctx, get_global_sam_name()); - sid_compose(sid, get_global_sam_sid(), - pdb_gid_to_group_rid(grp-gr_gid)); - type = SID_NAME_DOM_GRP; - goto ok; - } - - if (lookup_unix_group_name(name,
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
From: Gerald (Jerry) Carter [EMAIL PROTECTED] Please test the patch. Supersedes the previous one. Also available from http://www.samba.org/~jerry/patches/ It's semi-ok that syntax you list doesn't work. You should really only worry about +users for local group names. OK, Help, what am I doing wrong with the patch?? How do is get the patch installed? Here is what I did that didn't work. [EMAIL PROTECTED] src]# ll total 36072 drwxr-xr-x 9 david david 4096 Jul 21 11:26 samba-3.0.23a/ -rw-rw-r-- 1 david david 17683518 Jul 21 11:30 samba-3.0.23a.tar.gz drwxr-xr-x 9 david david 4096 Aug 11 15:08 samba-3.0.23b/ -rwxr--r-- 1 david david11033 Aug 11 12:11 samba-3.0.23b-lookup_name_smbconf_v1.patch* -rw-r--r-- 1 root root 17686227 Aug 8 07:50 samba-3.0.23b.tar.gz [EMAIL PROTECTED] src]# patch -p0 samba-3.0.23b-lookup_name_smbconf_v1.patch patching file samba-3.0.23b/source/auth/auth_util.c Hunk #1 FAILED at 1052. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/auth/auth_util.c.rej patching file samba-3.0.23b/source/include/smb.h Hunk #1 FAILED at 272. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/include/smb.h.rej patching file samba-3.0.23b/source/passdb/lookup_sid.c Hunk #1 FAILED at 120. Hunk #2 FAILED at 300. 2 out of 2 hunks FAILED -- saving rejects to file samba-3.0.23b/source/passdb/lookup_sid.c.rej patching file samba-3.0.23b/source/passdb/pdb_interface.c Hunk #1 FAILED at 1532. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/passdb/pdb_interface.c.rej patching file samba-3.0.23b/source/smbd/service.c Hunk #1 FAILED at 443. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/smbd/service.c.rej patching file samba-3.0.23b/source/smbd/share_access.c Hunk #1 FAILED at 94. Hunk #2 FAILED at 108. 2 out of 2 hunks FAILED -- saving rejects to file samba-3.0.23b/source/smbd/share_access.c.rej I know this is basic, but I haven't done it before and 'man patch' is not that helpful. -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: OK, Help, what am I doing wrong with the patch?? How do is get the patch installed? Here is what I did that didn't work. [EMAIL PROTECTED] src]# ll total 36072 drwxr-xr-x 9 david david 4096 Jul 21 11:26 samba-3.0.23a/ -rw-rw-r-- 1 david david 17683518 Jul 21 11:30 samba-3.0.23a.tar.gz drwxr-xr-x 9 david david 4096 Aug 11 15:08 samba-3.0.23b/ -rwxr--r-- 1 david david11033 Aug 11 12:11 samba-3.0.23b-lookup_name_smbconf_v1.patch* -rw-r--r-- 1 root root 17686227 Aug 8 07:50 samba-3.0.23b.tar.gz run the following commands $ wget \ http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2.patch $ tar zxvf samba-3.0.23b.tar.gz $ cd samba-3.0.23b $ patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch $ cd source $ make proto $ make cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3On1IR7qMdg1EfYRAs4OAKDHBqGBULjGY+FgcumMniQfDQpBRwCfaOKq UHEnR8Nz3CACkxbGsPkotOc= =HJuv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
From: Gerald (Jerry) Carter [EMAIL PROTECTED] david rankin wrote: OK, Help, what am I doing wrong with the patch?? How do is get the patch installed? Here is what I did that didn't work. run the following commands $ wget \ http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2.patch $ tar zxvf samba-3.0.23b.tar.gz $ cd samba-3.0.23b All done, that's how I compiled it from source the first time. $ patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch $ cd source $ make proto $ make I must be having a really really bad day [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch patching file source/auth/auth_util.c Hunk #1 FAILED at 1052. 1 out of 1 hunk FAILED -- saving rejects to file source/auth/auth_util.c.rej patching file source/include/smb.h Hunk #1 FAILED at 272. 1 out of 1 hunk FAILED -- saving rejects to file source/include/smb.h.rej patching file source/passdb/lookup_sid.c Hunk #1 FAILED at 120. Hunk #2 FAILED at 300. 2 out of 2 hunks FAILED -- saving rejects to file source/passdb/lookup_sid.c.rej patching file source/passdb/pdb_interface.c Hunk #1 FAILED at 1532. 1 out of 1 hunk FAILED -- saving rejects to file source/passdb/pdb_interface.c.rej patching file source/smbd/service.c Hunk #1 FAILED at 443. 1 out of 1 hunk FAILED -- saving rejects to file source/smbd/service.c.rej patching file source/smbd/share_access.c Hunk #1 FAILED at 94. Hunk #2 FAILED at 108. 2 out of 2 hunks FAILED -- saving rejects to file source/smbd/share_access.c.rej Go Figure??? -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch patching file source/auth/auth_util.c Hunk #1 FAILED at 1052. 1 out of 1 hunk FAILED -- saving rejects to file No idea. I double checked the patch to make sure it applies cleanly. jerry6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3P1SIR7qMdg1EfYRAuSqAKCbPOl9kpvZQp7l9QBHKmRwAk/sTwCgzrHX yaRNb4QimA/JAxbNpI5Ayfc= =vkbr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
On Friday 11 August 2006 18:04, david rankin wrote: From: Gerald (Jerry) Carter [EMAIL PROTECTED] david rankin wrote: OK, Help, what am I doing wrong with the patch?? How do is get the patch installed? Here is what I did that didn't work. run the following commands $ wget \ http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2. patch $ tar zxvf samba-3.0.23b.tar.gz $ cd samba-3.0.23b All done, that's how I compiled it from source the first time. $ patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch $ cd source $ make proto $ make I must be having a really really bad day [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch Notice you are still using v1: the patch ends in v2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
Gerry, all: HELP! On mandriva, I compiled samba from source and got it running, but I cannot connect from windows. (see my post from earlier [Samba] Compiling and Configuring Samba for Mandrival) I think this relates to the group/SID changes discussed in the release notes. However, I'm not smart enough to figure it out. The tarball compiled and installed fine. It appears to run fine, it just wont take the lookup_name: Unix Group\ochiltree = Unix Group (domain), ochiltree (name) handshake for some reason. The samba tests work fine until: querying __SAMBA__ on 192.168.7.15 192.168.7.15 __SAMBA__00 [EMAIL PROTECTED]:~ nmblookup -B rankin-p35 '*' querying * on 192.168.7.98 name_query failed to find name * [EMAIL PROTECTED]:~ nmblookup -d 2 '*' added interface ip=192.168.7.90 bcast=192.168.7.255 nmask=255.255.255.0 querying * on 192.168.7.255 Got a positive name query response from 192.168.7.15 ( 192.168.7.15 ) 192.168.7.15 *00 [EMAIL PROTECTED]:~ smbclient //bonza/office Password: Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED I have attached a level 10 debug if that will help. This is a standalone server. Right now I am running on 3.0.20 after saving myself with a make revert Gotta love it... What should I do/check/read to find out how to get 3.0.23 to allow my clients to connect??? Any help is appreciated.. I think the problems come in at this point: [2006/08/10 10:11:26, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [david] succeeded [2006/08/10 10:11:26, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [david] - [david] - [david] succeeded [2006/08/10 10:11:26, 5] auth/auth_util.c:free_user_info(1816) attempting to free (and zero) a user_info structure [2006/08/10 10:11:26, 10] auth/auth_util.c:free_user_info(1820) structure was created for david [2006/08/10 10:11:26, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-3406342033-1696486390-100470924-2002] [2006/08/10 10:11:26, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-3406342033-1696486390-100470924-2003] [2006/08/10 10:11:26, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 (snip) [2006/08/10 10:11:26, 10] passdb/lookup_sid.c:lookup_name(65) lookup_name: Unix Group\ochiltree = Unix Group (domain), ochiltree (name) [2006/08/10 10:11:26, 10] smbd/share_access.c:user_ok_token(208) User david not in 'valid users' [2006/08/10 10:11:26, 2] smbd/service.c:make_connection_snum(571) user 'david' (from session setup) not permitted to access this share (office) [2006/08/10 10:11:26, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED I am certainly a member of group 'ochiltree', so I'm not sure where to go from here. Help? -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david, HELP! On mandriva, I compiled samba from source and got it running, but I cannot connect from windows. (see my post from earlier [Samba] Compiling and Configuring Samba for Mandrival) [EMAIL PROTECTED]:~ smbclient //bonza/office Password: Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED ... I have attached a level 10 debug if that will help. This is a standalone server. Attachments get stripped from the list. I need your smb.conf, a level 10 debug log from smbd, and output from the following tow commands * pdbedit -L -w | cut -d: -f1 * net groupmap list | cut -d\( -f1 cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE27a4IR7qMdg1EfYRAu97AKDeKIT8n0t/7Z9gRxzIXMfjjVnz6QCglGzx G/dFUy92rL2FdHw3eJ0z104= =wDgQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
getsampwent (smbpasswd) Got deborah from pwnam_cache pdb_getsampwent getsmbfilepwent endsmbfilepwent_internal david deborah nemesis:/home/david/Documents # net groupmap list | cut -d\( -f1 nemesis:/home/david/Documents # -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 www.rankinlawfirm.com - Original Message - From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: david rankin [EMAIL PROTECTED] Cc: samba samba@lists.samba.org Sent: Thursday, August 10, 2006 5:44 PM Subject: Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david, HELP! On mandriva, I compiled samba from source and got it running, but I cannot connect from windows. (see my post from earlier [Samba] Compiling and Configuring Samba for Mandrival) [EMAIL PROTECTED]:~ smbclient //bonza/office Password: Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED ... I have attached a level 10 debug if that will help. This is a standalone server. Attachments get stripped from the list. I need your smb.conf, a level 10 debug log from smbd, and output from the following tow commands * pdbedit -L -w | cut -d: -f1 * net groupmap list | cut -d\( -f1 cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE27a4IR7qMdg1EfYRAu97AKDeKIT8n0t/7Z9gRxzIXMfjjVnz6QCglGzx G/dFUy92rL2FdHw3eJ0z104= =wDgQ -END PGP SIGNATURE- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
Oops, I sent log.dcrlaptop, here is the log.smbd: 0064 mask: 000f01ff [2006/08/10 18:51:21, 8] rpc_parse/parse_prs.c:prs_debug(84) 68 smb_io_dom_sid trustee [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0068 sid_rev_num: 01 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0069 num_auths : 02 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006a id_auth[0] : 00 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006b id_auth[1] : 00 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006c id_auth[2] : 00 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006d id_auth[3] : 00 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006e id_auth[4] : 00 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615) 006f id_auth[5] : 05 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0070 sub_auths : 0020 0220 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 size : 0018 [2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size : 0064 [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_store_values(593) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2006/08/10 18:51:21, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2006/08/10 18:51:21, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/08/10 18:51:21, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/08/10 18:51:21, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-3437134916-4280677633-2819608606-1000. [2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(250) [2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3437134916-4280677633-2819608606-1000 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/08/10 18:51:21, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_store_values(593) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2006/08/10 18:51:21, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2006/08/10 18:51:21, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/08/10 18:51:21, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/08/10 18:51:21, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-3437134916-4280677633-2819608606-1000. [2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(250) [2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3437134916-4280677633-2819608606-1000 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
From: Gerald (Jerry) Carter [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david, HELP! On mandriva, I compiled samba from source and got it running, but I cannot connect from windows. (see my post from earlier [Samba] Compiling and Configuring Samba for Mandrival) [EMAIL PROTECTED]:~ smbclient //bonza/office Password: Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED ... I have attached a level 10 debug if that will help. This is a standalone server. Attachments get stripped from the list. I need your smb.conf, a level 10 debug log from smbd, and output from the following tow commands * pdbedit -L -w | cut -d: -f1 * net groupmap list | cut -d\( -f1 Jerry, There is definately something amiss with 3.0.23b. After I installed the 3.0.23b binaries on SuSE 10 at home, and I could not connect to any share except my home share. (I had deleted the 3.0.23a binaries before the 3.0.23b install -- never again...) This was the same problem I saw with 3.0.23b on mandriva 2005le at work -- that initially started this thread. Anyway, in a panic, I simple got the 3.0.23a tarball and compiled it as a test on the SuSE 10 box to see if the problem was really the 3.0.23b release. It was! This is a problem unique to 3.0.23b. 3.0.23a compiled and installed without a hitch. Now all my shares are accessable again! I didn't even have to reboot the windows clients, they just started connecting and playing nicely with samba again. I've already sent you my level 10 debug, smb.conf and the output you requested above from my SuSE 10 box. Let me know if I can send you anything else to help with this problem. If you need the mandriva info, just let me know. I can just hear the screams going out across the corporate world as 23b gets installed -- at least on standalone servers. Both my mandriva and suse systems are presently such that I can install 23b with a simple 'make install' and get back to a working config with 'make revert' so let me know if you want me to send anything else. I'm not smart enough to know what the difference between 23a and 23b is or why it is causing a problem, but I can confirm the problem. I have installed 23a from rpm and compiled it by hand and it works great. I have installed 23b from rpm and compiled it by hand and I can only connect to my home share -- all other shares fail miserably. Good luck, just put another pot of coffee on. Don't worry, I'm sure it's just a stray comma, semicolon, typo or typecast somewhere in the middle of 764,532 lines of source.. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 www.rankinlawfirm.com -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
From: Gerald (Jerry) Carter [EMAIL PROTECTED] david, HELP! On mandriva, I compiled samba from source and got it running, but I cannot connect from windows. (see my post from earlier [Samba] Compiling and Configuring Samba for Mandrival) [EMAIL PROTECTED]:~ smbclient //bonza/office Password: Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED ... I have attached a level 10 debug if that will help. This is a standalone server. Attachments get stripped from the list. I need your smb.conf, a level 10 debug log from smbd, and output from the following tow commands * pdbedit -L -w | cut -d: -f1 * net groupmap list | cut -d\( -f1 Jerry, I went back and compiled 23a from source on my Mandriva 2005le box at work. I have now confirmed on the Mandriva box that 23a works great!, 23b give me the problems described above. [EMAIL PROTECTED] source]$ smbclient -U% -L localhost Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23a] Sharename Type Comment - --- office Disk Shared Office Files rankin Disk Rankin Law Firm PLLC allen Disk T Stefan Allen bertin Disk Darren Bertin guilloryDisk David Guillory jointcases Disk Joint Client Files lawtoolsDisk Case Development - Summation forms Disk Shared Forms and Briefs computerDisk Computer Drivers and Software closed Disk Closed Case Files print$ Disk pdf-gen Printer PDF Generator (only valid users) IPC$IPC IPC Service (Samba Server 3.0.23a) Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23a] Server Comment ---- BONZASamba Server 3.0.23a CW-DESK cynthia desktop DARREN-XPDarren-XP LISHALisha RANKIN-P35 P35-S629 Laptop RECEPTIONDell 2400 2.6 GHz SECRETARYFront Office TSA-LAPTOP stefan laptop WorkgroupMaster ---- RB_LAW BONZA [EMAIL PROTECTED] source]$ smbclient //bonza/rankin Password: Domain=[BONZA] OS=[Unix] Server=[Samba 3.0.23a] smb: \ dir . D0 Thu Aug 10 12:28:31 2006 .. D0 Mon Jul 17 16:49:17 2006 accounting D0 Thu Aug 10 16:46:30 2006 clients D0 Tue Aug 8 15:23:00 2006 investigation D0 Thu Mar 9 14:53:13 2006 LLC D0 Thu Feb 16 12:03:40 2006 office D0 Tue Jun 6 15:07:08 2006 pllc.docA 6364 Thu Feb 5 12:02:48 2004 tbpeD0 Wed Oct 12 12:28:08 2005 FAA Letter.doc A38912 Tue Nov 1 19:34:47 2005 clients_rejectedD0 Fri Mar 3 09:17:06 2006 clients_potential D0 Mon Jun 12 10:05:32 2006 54209 blocks of size 2097152. 41776 blocks available 3.0.23b won't let me do this Back for another cup of coffee. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 www.rankinlawfirm.com -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba 3.0.20 + squid 2.5 : automatic logonwithinternetexplorer
I can't found the good, sentence for conf squid. any idea ? Rodolphe A. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] after #net join Success in line command.I am searching the good sentence for squid.confwith, or not with that : --helper-protocol=squid-2.5-ntlmsspan idea ?Rodolphe A. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] thanks for answer. my problem : after start winbind, i have tested #/usr/bin/ntlm_auth PARIS.VISEO.NET --username=root NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) the server squid is samba pdc. Robert Schetterer [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rodolphe A. schrieb: hello, samba is setup PDC with ldap client : windows xp pro sp2 server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard is it possible to create an automatic logon with internet explorer ? perhaps with ntlm_auth, but i can't find the good sentence. thanks. Hi, i ve did right this and i works now perfekt for nearly a year. But you have many choises to realize this. The setup which will include all possible features with a smb pdc ( with ldap )is like this. If you use firefox or ie with the automatic search proxy setting the search to files like proxy.dat , proxy.pac wpad.dat on a webserver on the gateway of the lokal network, these files held the data which where the browser will find the proxy. Additional you hav to have entries in you internal dns like wpad.tcpSRV 0 0 80 wpad wpadA 192.168.110.1 TXT service: wpad:!http://intranet.gundk.intern:80/proxy.pac; and on the internal dhcp server like this option wpad code 252 = text; option wpad http://192.168.110.1/proxy.pac\n;; you can find faqs an doku about this on the squid side. I have implemented different groups in the win domain like wwwuser , which can join the internet via proxy , and a group filteroveride to join directly www without using squidguard ( for admins etc ). So you can manage the groups out from usrmgr. so i have entries like this in squid.conf # user group which are allowed to access the internet in general auth_param ntlm program /usr/bin/ntlm_auth - --helper-protocol=squid-2.5-ntlmssp - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 auth_param basic program /usr/bin/ntlm_auth - --helper-protocol=squid-2.5-basic - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 auth_param basic children 5 # auth_param ntlm use_ntlm_negotiate on # auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 15 minutes auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl user proxy_auth REQUIRED http_access allow user #pam auth agains a system group works here too (nss_ldap), we use it to overide the redirector vor vips external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g wwwdirect acl direct external unix_group wwwdirect redirector_access deny direct always_direct allow direct http_access allow direct as you see i used the sid of the nt groups , cause their names didint work, to overide the squidgauard i use a system group which is tha same as a nt group cause there is mapping over nss_ldap ( other setups may be better but this works ) the i configured winbind to use the lokal smb pdc ( just join your own domain )...im not sure why i did this but i think it was a must with squid , squid must run with a user that is able to join the winbind socket ( see squid, samba doku ) After all you need a few iptables rules to forbid bypass the proxy. note you cant use squid auth with a transparent proxy squid setup! But if you dont need auth and the group stuff a setup with a squid transparent proxy and iptables is much more easy to implement automatic filtering ( see squid faqs how to do this ), if you do so you can only manage things with the source ip of the client computer , but not by user name or group auth. ( dont copy and paste this , read the faqs ) Best Regards - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s kf/FSvVp4RbIfgdY6pj1Hmw= =RYf+ -END PGP SIGNATURE- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte
[Samba] Re: samba 3.0.20 + squid 2.5 : automatic logon withinternetexplorer
Hi, I would like to set up my Squid/proxy with users auth to my Samba/Ldap/PDC These are two separate servers. Is there something changed configuring with what you said before ? Is there somewhere a good doc. for doing this ? Thanks a lot Xavier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.20 + squid 2.5 : automatic logon with internet explorer
hello, samba is setup PDC with ldap client : windows xp pro sp2 server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard is it possible to create an automatic logon with internet explorer ? perhaps with ntlm_auth, but i can't find the good sentence. thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.20 + squid 2.5 : automatic logon with internet explorer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rodolphe A. schrieb: hello, samba is setup PDC with ldap client : windows xp pro sp2 server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard is it possible to create an automatic logon with internet explorer ? perhaps with ntlm_auth, but i can't find the good sentence. thanks. Hi, i ve did right this and i works now perfekt for nearly a year. But you have many choises to realize this. The setup which will include all possible features with a smb pdc ( with ldap )is like this. If you use firefox or ie with the automatic search proxy setting the search to files like proxy.dat , proxy.pac wpad.dat on a webserver on the gateway of the lokal network, these files held the data which where the browser will find the proxy. Additional you hav to have entries in you internal dns like wpad.tcpSRV 0 0 80 wpad wpadA 192.168.110.1 TXT service: wpad:!http://intranet.gundk.intern:80/proxy.pac; and on the internal dhcp server like this option wpad code 252 = text; option wpad http://192.168.110.1/proxy.pac\n;; you can find faqs an doku about this on the squid side. I have implemented different groups in the win domain like wwwuser , which can join the internet via proxy , and a group filteroveride to join directly www without using squidguard ( for admins etc ). So you can manage the groups out from usrmgr. so i have entries like this in squid.conf # user group which are allowed to access the internet in general auth_param ntlm program /usr/bin/ntlm_auth - --helper-protocol=squid-2.5-ntlmssp - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 auth_param basic program /usr/bin/ntlm_auth - --helper-protocol=squid-2.5-basic - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 auth_param basic children 5 # auth_param ntlm use_ntlm_negotiate on # auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 15 minutes auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl user proxy_auth REQUIRED http_access allow user #pam auth agains a system group works here too (nss_ldap), we use it to overide the redirector vor vips external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g wwwdirect acl direct external unix_group wwwdirect redirector_access deny direct always_direct allow direct http_access allow direct as you see i used the sid of the nt groups , cause their names didint work, to overide the squidgauard i use a system group which is tha same as a nt group cause there is mapping over nss_ldap ( other setups may be better but this works ) the i configured winbind to use the lokal smb pdc ( just join your own domain )...im not sure why i did this but i think it was a must with squid , squid must run with a user that is able to join the winbind socket ( see squid, samba doku ) After all you need a few iptables rules to forbid bypass the proxy. note you cant use squid auth with a transparent proxy squid setup! But if you dont need auth and the group stuff a setup with a squid transparent proxy and iptables is much more easy to implement automatic filtering ( see squid faqs how to do this ), if you do so you can only manage things with the source ip of the client computer , but not by user name or group auth. ( dont copy and paste this , read the faqs ) Best Regards - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s kf/FSvVp4RbIfgdY6pj1Hmw= =RYf+ -END PGP SIGNATURE- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba 3.0.20 + squid 2.5 : automatic logon with internetexplorer
thanks for answer. my problem : after start winbind, i have tested #/usr/bin/ntlm_auth PARIS.VISEO.NET --username=root NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) the server squid is samba pdc. Robert Schetterer [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rodolphe A. schrieb: hello, samba is setup PDC with ldap client : windows xp pro sp2 server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard is it possible to create an automatic logon with internet explorer ? perhaps with ntlm_auth, but i can't find the good sentence. thanks. Hi, i ve did right this and i works now perfekt for nearly a year. But you have many choises to realize this. The setup which will include all possible features with a smb pdc ( with ldap )is like this. If you use firefox or ie with the automatic search proxy setting the search to files like proxy.dat , proxy.pac wpad.dat on a webserver on the gateway of the lokal network, these files held the data which where the browser will find the proxy. Additional you hav to have entries in you internal dns like wpad.tcpSRV 0 0 80 wpad wpadA 192.168.110.1 TXT service: wpad:!http://intranet.gundk.intern:80/proxy.pac; and on the internal dhcp server like this option wpad code 252 = text; option wpad http://192.168.110.1/proxy.pac\n;; you can find faqs an doku about this on the squid side. I have implemented different groups in the win domain like wwwuser , which can join the internet via proxy , and a group filteroveride to join directly www without using squidguard ( for admins etc ). So you can manage the groups out from usrmgr. so i have entries like this in squid.conf # user group which are allowed to access the internet in general auth_param ntlm program /usr/bin/ntlm_auth - --helper-protocol=squid-2.5-ntlmssp - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 auth_param basic program /usr/bin/ntlm_auth - --helper-protocol=squid-2.5-basic - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 auth_param basic children 5 # auth_param ntlm use_ntlm_negotiate on # auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 15 minutes auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl user proxy_auth REQUIRED http_access allow user #pam auth agains a system group works here too (nss_ldap), we use it to overide the redirector vor vips external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g wwwdirect acl direct external unix_group wwwdirect redirector_access deny direct always_direct allow direct http_access allow direct as you see i used the sid of the nt groups , cause their names didint work, to overide the squidgauard i use a system group which is tha same as a nt group cause there is mapping over nss_ldap ( other setups may be better but this works ) the i configured winbind to use the lokal smb pdc ( just join your own domain )...im not sure why i did this but i think it was a must with squid , squid must run with a user that is able to join the winbind socket ( see squid, samba doku ) After all you need a few iptables rules to forbid bypass the proxy. note you cant use squid auth with a transparent proxy squid setup! But if you dont need auth and the group stuff a setup with a squid transparent proxy and iptables is much more easy to implement automatic filtering ( see squid faqs how to do this ), if you do so you can only manage things with the source ip of the client computer , but not by user name or group auth. ( dont copy and paste this , read the faqs ) Best Regards - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s kf/FSvVp4RbIfgdY6pj1Hmw= =RYf+ -END PGP SIGNATURE- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.20 + squid 2.5
hello, samba is setup PDC with ldap client : windows xp pro sp2 server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard is it possible to create a, automatic logon with internet explorer ? thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?
I can confirm that the problem is fixed in 3.0.22. We tested briefly today in a small maintenance window that presented itself out of immediate need, and everything worked as expected. However, I have a feeling that 3.0.23rc1 would work even better (i.e. warnings about expiring passwords before they're gone, etc). Still, since a stable version addressed the immediate need, I'll wait until 3.0.23 is released before upgrading yet again. Thanks for the help tho! :) Gerald (Jerry) Carter wrote: On Sun, 28 May 2006, Diego Rivera wrote: I'll try. However, I'm currently thinking of trying 3.0.22, which (from looking at the code) appears to also be fixed in this respect (at least, it appears to handle expired tokens more smartly). It'll be easier to sell a test that one rather than a beta (or RC). Is there an ETA on the release 3.0.23? Soon hopefully. Another few weeks I expect. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: However, you seem to imply that this is a known bug, with no workaround other than a (potential) backport of code from 3.0.23rc1? A backport would be really intrusive. It's a fair amount of code. Simo's right though. I'm pretty sure this is fixed in 3.0.23rc1. If you could at least test 3.0.23rc1 and make sure it meets your needs it would be appreciated. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEeZY4IR7qMdg1EfYRAqPrAJ4nShK1hVlk1uG5CXoKIFxLWjUwlQCgj5EU R6mZhaB4cUQZxWeMwUSKXOI= =4e3H -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Samba 3.0.20, pam_winbind broken?
Hello all! I apologize for my previous post, it seems this list doesn't like GPG/GPG-MIME signatures. I'm trying to configure my linux servers to have automatic password changes happen when the passwords expire, or the AD's User must change password... checkbox is marked. I can do this fine with pam_krb5, but not with pam_winbind. I need to use pam_winbind instead of pam_krb5 because there's a requirement to use kerberos tickets to log on to the servers via SSH, and using pam_krb5 in combination with OpenSSH's GSSAPI authentication (required to allow kerberos tickets over SSH from Windows) doesn't seem to work (I sort of understand why...). So, I'm forced to use pam_winbind. So the question is: why isn't pam_winbind forcing a password change on first login or password expiry? I noticed through some experimentation that setting a new password on expiry is triggered in the account phase of pam authorization (probably through returning PAM_NEW_AUTHTOK_REQD). I experimented with pam_krb5 - the only time it wouldn't work as expected was when it wasn't used as part of the account checking phase. I even tried using nothing but pam_winbind to authorize users (temporarily locking out local unix users), and it still wouldn't work. Can anyone provide any insight? Thanks Diego -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?
On Fri, 2006-05-26 at 12:22 -0600, [EMAIL PROTECTED] wrote: Can anyone provide any insight? Diego can you test with 3.0.23rc1 ? There has been a lot of improvements in winbindd lately and I think this one may have already been fixed. Thanks, Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?
Unfortunately, they're all production servers. The experimentation I spoke of happened on one of those servers, in off hours while maintenance was being performed on the other 3 (so I was able to sneak the 4th one in under the closed for maintenance umbrella). However, you seem to imply that this is a known bug, with no workaround other than a (potential) backport of code from 3.0.23rc1? - Original Message - From: simo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] RE: Samba 3.0.20, pam_winbind broken? Date: Fri, 26 May 2006 14:28:59 -0400 On Fri, 2006-05-26 at 12:22 -0600, [EMAIL PROTECTED] wrote: Can anyone provide any insight? Diego can you test with 3.0.23rc1 ? There has been a lot of improvements in winbindd lately and I think this one may have already been fixed. Thanks, Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20, pam_winbind broken?
signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.0.20 usermap script execution
Thanks for your reply Jerry. After reviewing the code, it seems like samba is sending both the unqualified name as well as the fully qualified name to address backwards compatibility. Looking at the release notes from 3.0.8, I see that development decided to only support reading the fully qualified username for consistency with Kerberos. Therefore, user.maps should contain unix login to fully qualified user name mappings only. I believe if the code was changed to only pass the fully qualified username to the username map script, it should not affect any functionality since the user.map is already being forced to be in the fully qualified domain format. Michael Montenegro P.S. canonicalize sounds made up. :^) lib/username.c /*** Map a username from a dos name to a unix name by looking in the username map. Note that this modifies the name in place. This is the main function that should be called *once* on any incoming or new username - in order to canonicalize the name. This is being done to de-couple the case conversions from the user mapping function. Previously, the map_username was being called every time Get_Pwnam was called. Returns True if username was changed, false otherwise. / Samba 3.0.8 release notes: == Change in Username Map == Previous Samba releases would only support reading the fully qualified username (e.g. DOMAIN\user) from the username map when performing a kerberos login from a client. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent behavior sometimes even on the same server. Samba 3.0.8 obeys the following rules when applying the username map functionality: * When performing local authentication, the username map is applied to the login name before attempting to authenticate the connection. * When relying upon a external domain controller for validating authentication requests, smbd will apply the username map to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 04, 2006 3:13 PM To: Montenegro, Michael H (Michael) Cc: 'samba@lists.samba.org' Subject:Re: [Samba] 3.0.20 usermap script execution -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Montenegro, Michael H (Michael) wrote: I have created a mapusers.bash script (listed below) for mapping Active Directory handles to unix logins. This script is currently working as documented. I would like some insight into how and when this script gets called. I assumed that upon establishing each samba connection, after the active directory handle gets authenticated with the domain controller it passes the domain\handle to this script to determine the unix login to use. However, it seems to execute this script multiple times to establish a connection. I have tested this out by clearing the cache using nbtstat -R on the client and running smbstatus -u username and killing the procids then reconnecting. Samba consistently will pass just the active directory handle without the domain first which succeeds because my script will find the correct unix login to map to without the domain. Immediately after, Samba will pass the script the domain\handle which will also succeed. Why is this? grep for map_username() in the samba source tree. Everytime that function get's called, you script will be called assuming smbd is trying to map a new name. Samba has to jump through a lot of hoops when is comes to usernames which is why it frequently tries to lookup the unqualified name as well as the fully qualified version. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDvDpuIR7qMdg1EfYRAsorAJ9jbdCKsGpMvd4XUPIsVtCBy5OYwACgjLlY fuXBc+g9F2UquvQMsHtGz34= =CQZ8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 usermap script execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Montenegro, Michael H (Michael) wrote: I have created a mapusers.bash script (listed below) for mapping Active Directory handles to unix logins. This script is currently working as documented. I would like some insight into how and when this script gets called. I assumed that upon establishing each samba connection, after the active directory handle gets authenticated with the domain controller it passes the domain\handle to this script to determine the unix login to use. However, it seems to execute this script multiple times to establish a connection. I have tested this out by clearing the cache using nbtstat -R on the client and running smbstatus -u username and killing the procids then reconnecting. Samba consistently will pass just the active directory handle without the domain first which succeeds because my script will find the correct unix login to map to without the domain. Immediately after, Samba will pass the script the domain\handle which will also succeed. Why is this? grep for map_username() in the samba source tree. Everytime that function get's called, you script will be called assuming smbd is trying to map a new name. Samba has to jump through a lot of hoops when is comes to usernames which is why it frequently tries to lookup the unqualified name as well as the fully qualified version. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDvDpuIR7qMdg1EfYRAsorAJ9jbdCKsGpMvd4XUPIsVtCBy5OYwACgjLlY fuXBc+g9F2UquvQMsHtGz34= =CQZ8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20 usermap script execution
I have created a mapusers.bash script (listed below) for mapping Active Directory handles to unix logins. This script is currently working as documented. I would like some insight into how and when this script gets called. I assumed that upon establishing each samba connection, after the active directory handle gets authenticated with the domain controller it passes the domain\handle to this script to determine the unix login to use. However, it seems to execute this script multiple times to establish a connection. I have tested this out by clearing the cache using nbtstat -R on the client and running smbstatus -u username and killing the procids then reconnecting. Samba consistently will pass just the active directory handle without the domain first which succeeds because my script will find the correct unix login to map to without the domain. Immediately after, Samba will pass the script the domain\handle which will also succeed. Why is this? Throughout the life of ! the connection it will continue to intermittently pass the active directory handle without the domain. Samba version 3.0.20 Configuration: ./configure --prefix=/opt/samba-3.0.20 --with-smbwrapper --with-nis --with-quotas --with-syslog --with-included-popt OS: Solaris 8 #!/bin/bash if [ $1 ] then echo $1 /tmp/mhm4in #line needed for debugging #cut off the na0x\ part of input na0xlogin=`echo $1 | cut -d '\' -f2` #search for a different unix login unixlogin=`ypcat users.map | grep \$na0xlogin$ | cut -d ' ' -f1` if [[ $? = 0 $unixlogin != ]] then #if unixlogin is in the users.map then return it echo $unixlogin echo $unixlogin /tmp/mhm4out #debugging only else #find unixlogin in NIS passwd map then return it unixlogin=`ypcat passwd | cut -d ':' -f1 | grep ^$na0xlogin$` echo $unixlogin echo $unixlogin /tmp/mhm4out #debugging only fi # below if statement for debugging only if [[ $unixlogin = ]] then #report to /tmp/mhm4error for any requests with no unix login echo $na0xlogin /tmp/mhm4error #debugging only fi else echo You must enter a name to search. exit 1 fi smb.conf global section* [global] debug level = 3 security = domain encrypt passwords = yes password server = * netbios name = server1 netbios aliases = server1 server1a username map script = /opt/samba/lib/mapusers.bash server string = %h (Samba %v) workgroup = domain1 wins proxy = no dns proxy = no wins support = no wins server = w.x.y.z guest account = nobody lock directory = /opt/samba/var/locks browseable = no create mask = 775 directory mask = 775 delete readonly = yes name resolve order = wins lmhosts host bcast case sensitive = no preserve case = yes short preserve case = yes domain master = no local master = no preferred master = no os level = 0 remote announce = w.x.y.255 log file = /opt/samba/var/%I.log max log size = 1000 auto services = Unison locking = yes strict locking = no dead time = 15 load printers = no printing = sysv lpq cache time = 0 map archive = no read only = no bind interfaces only = yes interfaces = a.b.c.d socket options = SO_KEEPALIVE smb ports = 139 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Active Directory and Samba 3.0.20
This is a new install with a very novice samba user . We are running samba 3.0.20 on a Solaris 9 server. We have 3 domains controllers - 1 old NT and 1Win 2000 Active Directory and 1 Win 2003 Active Directory. The support group that administers the domains, have a limited skill set. If its not Windows they have nothing to contribute. The Domain Controllers are called TACOMANEWS - Win 22000 TACOMA - Win 2003 IS_DEPT - NT4 When running wbinfo -m on TACOMANEWS it sees IS_DEPT and TACOMA When running wbinfo -m on IS_DEPT it sees TACOMA When running wbinfo -m on TACOMA it sees TACOMANEWS and TACOMA Checking users in all the domains, the only users that are seen are the ones in the IS_DEPT and TACOMA. Even when joined to TACOMANEWS, it shows no users for this domain. There are at least 80 users in the TACOMANEWS domain. I think there should be users showing for TACOMANEWS, but our support group does not know why. Can anyone offer some insight or point me to some documentation on the issue. I have googled a lot but haven't found what I need. Samba is running as a member of a domain. Below is my smb.conf file, this is very generic. Thanks for any and all help [global] force directory mode = 775 create mode = 777 acl compatibility = auto dns proxy = no force create mode = 775 encrypt passwords = yes idmap gid = 1-2 socket options = TCP_NODELAY max log size = 50 password server = * idmap uid = 1-2 writeable = yes directory mode = 777 security = DOMAIN winbind use default domain = yes server string = zThorin workgroup = TACOMANEWS local master = no log level = 1 print command = lpr -h -r -P%p %s netbios name = zthorin log file = /usr/local/samba/var/%m.log os level = 20 [Fango] path = /fango/gongo printable = no public = yes create mask = 777 directory mask = 777 Richard Bonfoey The News Tribune Information Systems Successfully Meeting the Business Needs of The News Tribune through Information Technology Richard Bonfoey The News Tribune Information Systems Successfully Meeting the Business Needs of The News Tribune through Information Technology -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory and Samba 3.0.20
Does TACOMANEWS allow anonymous binding to it Active Directory LDAP? If not you need to set a authuser (wbinfo --set-auth-user). Also you can determine if it support anonymous bind or not by running simply queries using ldapsearch with and without -D option. On 12/20/05, Rich Bonfoey [EMAIL PROTECTED] wrote: This is a new install with a very novice samba user . We are running samba 3.0.20 on a Solaris 9 server. We have 3 domains controllers - 1 old NT and 1Win 2000 Active Directory and 1 Win 2003 Active Directory. The support group that administers the domains, have a limited skill set. If its not Windows they have nothing to contribute. The Domain Controllers are called TACOMANEWS - Win 22000 TACOMA - Win 2003 IS_DEPT - NT4 When running wbinfo -m on TACOMANEWS it sees IS_DEPT and TACOMA When running wbinfo -m on IS_DEPT it sees TACOMA When running wbinfo -m on TACOMA it sees TACOMANEWS and TACOMA Checking users in all the domains, the only users that are seen are the ones in the IS_DEPT and TACOMA. Even when joined to TACOMANEWS, it shows no users for this domain. There are at least 80 users in the TACOMANEWS domain. I think there should be users showing for TACOMANEWS, but our support group does not know why. Can anyone offer some insight or point me to some documentation on the issue. I have googled a lot but haven't found what I need. Samba is running as a member of a domain. Below is my smb.conf file, this is very generic. Thanks for any and all help [global] force directory mode = 775 create mode = 777 acl compatibility = auto dns proxy = no force create mode = 775 encrypt passwords = yes idmap gid = 1-2 socket options = TCP_NODELAY max log size = 50 password server = * idmap uid = 1-2 writeable = yes directory mode = 777 security = DOMAIN winbind use default domain = yes server string = zThorin workgroup = TACOMANEWS local master = no log level = 1 print command = lpr -h -r -P%p %s netbios name = zthorin log file = /usr/local/samba/var/%m.log os level = 20 [Fango] path = /fango/gongo printable = no public = yes create mask = 777 directory mask = 777 Richard Bonfoey The News Tribune Information Systems Successfully Meeting the Business Needs of The News Tribune through Information Technology Richard Bonfoey The News Tribune Information Systems Successfully Meeting the Business Needs of The News Tribune through Information Technology -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Knowledge is the only wealth that grows as you spend it, and diminishes as you save it. -- ancient Sanskrit saying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20 acls not working anymore and problem with winbindd_idmap.tdb
Hi Folks, I am experiencing some problems with samba 3.0.20 which I can not solve on my own. We have updated from samba 3.0.10 to samba 3.0.20, but I am not sure when the problems started. We had a problem with idmap - I had hoped to solve - before. Whenever we rebooted the server, all of the ACLs got jumbled up. I thought that our winbindd_idmap.tdb somehow got broken. I re-created it, but still the problem persists. We use winbindd to get all the Groups and Users from Active Directory, and we have 2 samba-servers joined to the same domain. Now I have found out that this could be the cause of the problem I have with my idmap. Is it a good idea to change winbindd configuration to windbindd with an NSS/LDAP backend-based idmap facility? How can I change form local tdb to ldap-tbs without using my user and group assignsments? I can not afford to loose all or mess up all the ALCs on the first server. I think this is a bigger issue and needs to be thought over carefully. But now to the other problem I have on the second and smaller samba-server. I have had some trouble concerning access rights where users were trying to save a file on a share getting File exits error messages. (But the file did not exist before!) After another attempt to save the same file the operation was successfull. I could not trace the problem after examining the acls with getfacl on the server. Everything seemed to be alright. Here's the global-section of my smb.conf: # Global parameters [global] workgroup = DTMS netbios name = MAX security = domain password server = skynet, orion, * server string = MAX rate one Fileserver domain master = no os level = 2 unix extensions = Yes encrypt passwords = yes interfaces = eth0 log level = 2 log file = /var/log/samba/%m max log size = 2048 syslog = 0 acl check permissions = yes #seems to change nothing... name resolve order = lmhosts hosts bcast wins support = no wins server = 192.168.9.4 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY # # winbind section # winbind uid = 1-2 winbind gid = 1-2 template shell = /bin/bash template homedir = /distributed/samba-freigaben/user/%U template shell = /bin/false nt acl support = yes winbind separator = + veto files = /*.eml/*.nws/riched20.dll/*.{*}/ winbind enum users = yes winbind enum groups = yes winbind use default domain = yes obey pam restrictions = yes Removing and resetting the acls with setfacl as well as rebooting the machine did not help either. I have tried to view the ACLS via mapped Share through windows, but I don't even see the ACLs there. I only see the local unix-rights (user and owner-group) I have tried to view and change ACLS for a file named glossar.htm with the following rights: max:~ # ls -la /distributed/samba-freigaben/marketing/glossar.htm -rwxrwxrwx+ 1 jordans Marketing_ges 26190 Apr 11 2001 /distributed/samba-freigaben/marketing/glossar.htm max:~ # getfacl /distributed/samba-freigaben/marketing/glossar.htm # file: distributed/samba-freigaben/marketing/glossar.htm # owner: jordans # group: Marketing_ges user::rwx group::rw- group:RO_Management:rwx group:RO_Technik:rwx group:RO_marketing_intern:rwx group:RO_marketing_extern:rwx mask::rwx other::rwx Here's the configuration for the share marketing where the file glossar.htm can be found: [marketing] comment = Marketing path = /distributed/samba-freigaben/marketing nt acl support = no writeable = yes browsable = yes valid users = @ntadmins @RO_Technik @RO_Management @RO_marketing_intern @marketing_extern admin users = @ntadmins [marketing_a] comment = Adminshare marketing copy = marketing nt acl support = yes browsable = no admin users = @DTMS+Domänen-Admins DTMS+WenkP DTMS+JordanS valid users = @DTMS+Domänen-Admins DTMS+WenkP DTMS+JordanS I have mapped the Adminshare, that I can see nt acls... But I don't see the ACLs, I just see the owner (JordanS) and group (Marketing_ges), as well as root/Max. Here are the IDs for this user and group: max:~ # getent passwd |grep 10002 jordans:x:10002:1:Jordan, Sabine:/distributed/samba-freigaben/user/jordans:/bin/false max:~ # getent group |grep 10044 Marketing_ges:x:10044:HeideE,EhrlicC,GibmeiA,KrieseB,partnership,HoefliO,KoriteS,VorbecM,BarossM,ReiterB,DildeiF,LindemY,ConzenN,WirtzP,BockmaA,ZechliT,BuchD,JoergeM,PelkmaR,KottbusM,KartziO,LehmanM When I try to change permissions via file properties/security tab I get an Windows Access Denied - message... I have turned on Samba log (loglevel10) and here are some
[Samba] Samba 3.0.20 acls not working anymore and problem with winbindd_idmap.tdb
Hi Folks, I am experiencing some problems with samba 3.0.20 which I can not solve on my own. We have updated from samba 3.0.10 to samba 3.0.20, but I am not sure when the problems started. We had a problem with idmap - I had hoped to solve - before. Whenever we rebooted the server, all of the ACLs got jumbled up. I thought that our winbindd_idmap.tdb somehow got broken. I re-created it, but still the problem persists. We use winbindd to get all the Groups and Users from Active Directory, and we have 2 samba-servers joined to the same domain. Now I have found out that this could be the cause of the problem I have with my idmap. Is it a good idea to change winbindd configuration to windbindd with an NSS/LDAP backend-based idmap facility? How can I change form local tdb to ldap-tbs without using my user and group assignsments? I can not afford to loose all or mess up all the ALCs on the first server. I think this is a bigger issue and needs to be thought over carefully. But now to the other problem I have on the second and smaller samba-server. I have had some trouble concerning access rights where users were trying to save a file on a share getting File exits error messages. (But the file did not exist before!) After another attempt to save the same file the operation was successfull. I could not trace the problem after examining the acls with getfacl on the server. Everything seemed to be alright. Here's the global-section of my smb.conf: # Global parameters [global] workgroup = DTMS netbios name = MAX security = domain password server = skynet, orion, * server string = MAX rate one Fileserver domain master = no os level = 2 unix extensions = Yes encrypt passwords = yes interfaces = eth0 log level = 2 log file = /var/log/samba/%m max log size = 2048 syslog = 0 acl check permissions = yes #seems to change nothing... name resolve order = lmhosts hosts bcast wins support = no wins server = 192.168.9.4 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY # # winbind section # winbind uid = 1-2 winbind gid = 1-2 template shell = /bin/bash template homedir = /distributed/samba-freigaben/user/%U template shell = /bin/false nt acl support = yes winbind separator = + veto files = /*.eml/*.nws/riched20.dll/*.{*}/ winbind enum users = yes winbind enum groups = yes winbind use default domain = yes obey pam restrictions = yes Removing and resetting the acls with setfacl as well as rebooting the machine did not help either. I have tried to view the ACLS via mapped Share through windows, but I don't even see the ACLs there. I only see the local unix-rights (user and owner-group) I have tried to view and change ACLS for a file named glossar.htm with the following rights: max:~ # ls -la /distributed/samba-freigaben/marketing/glossar.htm -rwxrwxrwx+ 1 jordans Marketing_ges 26190 Apr 11 2001 /distributed/samba-freigaben/marketing/glossar.htm max:~ # getfacl /distributed/samba-freigaben/marketing/glossar.htm # file: distributed/samba-freigaben/marketing/glossar.htm # owner: jordans # group: Marketing_ges user::rwx group::rw- group:RO_Management:rwx group:RO_Technik:rwx group:RO_marketing_intern:rwx group:RO_marketing_extern:rwx mask::rwx other::rwx Here's the configuration for the share marketing where the file glossar.htm can be found: [marketing] comment = Marketing path = /distributed/samba-freigaben/marketing nt acl support = no writeable = yes browsable = yes valid users = @ntadmins @RO_Technik @RO_Management @RO_marketing_intern @marketing_extern admin users = @ntadmins [marketing_a] comment = Adminshare marketing copy = marketing nt acl support = yes browsable = no admin users = @DTMS+Domänen-Admins DTMS+WenkP DTMS+JordanS valid users = @DTMS+Domänen-Admins DTMS+WenkP DTMS+JordanS I have mapped the Adminshare, that I can see nt acls... But I don't see the ACLs, I just see the owner (JordanS) and group (Marketing_ges), as well as root/Max. Here are the IDs for this user and group: max:~ # getent passwd |grep 10002 jordans:x:10002:1:Jordan, Sabine:/distributed/samba-freigaben/user/jordans:/bin/false max:~ # getent group |grep 10044 Marketing_ges:x:10044:HeideE,EhrlicC,GibmeiA,KrieseB,partnership,HoefliO,KoriteS,VorbecM,BarossM,ReiterB,DildeiF,LindemY,ConzenN,WirtzP,BockmaA,ZechliT,BuchD,JoergeM,PelkmaR,KottbusM,KartziO,LehmanM When I try to change permissions via file properties/security tab I get an Windows Access Denied - message... I have turned on Samba log (loglevel10) and here are some
[Samba] problem with windows CE 4.2 and samba 3.0.20
Hi! I replaced a server running RH7.3 and samba 2.2.XX , with a server runnning centos4.2 and samba 3.0.20 . We use several iPAQ handheld that connects to a share on the file server, and then open a file from a network share. In the old server it worked o.k., but now, the same ipaq machines doesnt want to connect to the server. they are able to connect to a windows XP machine, a winnt4 server and a win2003 server without a problem. I have try to log in using the netbios name of the server and the ip address, but everything failed. any ideas ? I can send server logs and my smb.conf if requested.! the error on the ipaq is: Cannot find the file '\\' (or one of its components). Make sure the path and file name are correct and all required libraries are available of course, are the libraries are loaded. The only change in the server is that now i am using utf8 as default language, and before we where using iso-8859-1 . thanks again for your help! RP -- Raúl D. Pittí Palma Associate Global Engineering and Technologies mobile (507)-6616-0194 office (507)-264-2362 Republic of Panama www.globaltecsa.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with windows CE 4.2 and samba 3.0.20
Raúl D. Pittí Palma wrote: Hi! I replaced a server running RH7.3 and samba 2.2.XX , with a server runnning centos4.2 and samba 3.0.20 . We use several iPAQ handheld that connects to a share on the file server, and then open a file from a network share. In the old server it worked o.k., but now, the same ipaq machines doesnt want to connect to the server. they are able to connect to a windows XP machine, a winnt4 server and a win2003 server without a problem. I have try to log in using the netbios name of the server and the ip address, but everything failed. any ideas ? I can send server logs and my smb.conf if requested.! the error on the ipaq is: Cannot find the file '\\' (or one of its components). Make sure the path and file name are correct and all required libraries are available of course, are the libraries are loaded. The only change in the server is that now i am using utf8 as default language, and before we where using iso-8859-1 . thanks again for your help! RP this is the capture of the log file... **log file start [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_KEEPALIVE = 1 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_REUSEADDR = 1 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_BROADCAST = 0 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_NODELAY = 1 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPCNT = 9 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPIDLE = 7200 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPINTVL = 75 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option IPTOS_LOWDELAY = 0 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option IPTOS_THROUGHPUT = 0 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDBUF = 16384 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVBUF = 16384 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDLOWAT = 1 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVLOWAT = 1 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDTIMEO = 0 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVTIMEO = 0 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_KEEPALIVE = 1 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_REUSEADDR = 1 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_BROADCAST = 0 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_NODELAY = 1 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPCNT = 9 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPIDLE = 7200 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPINTVL = 75 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option IPTOS_LOWDELAY = 0 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option IPTOS_THROUGHPUT = 0 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDBUF = 16384 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVBUF = 16384 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDLOWAT = 1 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVLOWAT = 1 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDTIMEO = 0 [2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVTIMEO = 0 [2005/11/29 20:28:01, 6] param/loadparm.c:lp_file_list_changed(2834) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Tue Nov 29 20:22:38 2005 [2005/11/29 20:28:01, 3] smbd/oplock.c:init_oplocks(1380) open_oplock_ipc: opening loopback UDP socket. [2005/11/29 20:28:01, 10] lib/util_sock.c:open_socket_in(832) bind succeeded on port 0 [2005/11/29 20:28:01, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(309) Linux kernel oplocks enabled [2005/11/29 20:28:01, 3] smbd/oplock.c:init_oplocks(1411) open_oplock ipc: pid = 4156, global_oplock_port = 32810 [2005/11/29 20:28:01, 4] lib/time.c:get_serverzone(125) Serverzone is 18000 [2005/11/29 20:28:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 68 [2005/11/29 20:28:01, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2005/11/29 20:28:01, 2] lib
Re: [Samba] Very strange permissions issue with Samba 3.0.20(a/b)
On 11/15/05, Scrivner, Andrew [EMAIL PROTECTED] wrote: I am running Samba 3.0.20a on RHEL 3 u5 x86, my configuration is working perfectly except for cvs commits for 3 users. We are using ADS, pam_winbind, and pam_require to authenticate CVS users against AD. Our CVS directories are mod 2775, and the group ownership of all dirs is the AD group DEN-CVS-Users. Every valid user is a member of this group. But a few users, while they are able to authenticate, and checkout, cannot commit files to the depot. Their group membership is hosed up somehow. Everything is working perfectly except for these few troublemakers. The users can log into CVS, so their group membership is seen by winbind and passed to pam_require, but when it comes writing to a file with AD group ownership they are denied. It works for the rest of us though, so we're baffled. The files are all mod 664. This isn't a CVS issue, as I can login to our CVS server as an affected AD user and replicate the problem. For me, I can write to the depot just fine. My questions: 1. Is there a limit to the number of groups a user may be a member of ( The most so far is 48 groups ) that would cause winbind problems? 2. Are the any special characters within an AD group name that would break winbind? 3. Besides a user's SID, and group membership, what could be different between users ? I ran across this problem. See: http://lists.samba.org/archive/samba/2005-August/109704.html https://bugzilla.samba.org/show_bug.cgi?id=1493 https://bugzilla.samba.org/show_bug.cgi?id=2804 for my post and the relevant bug reports. The bug has been closed, and this should be fixed in the 3.0.21 release, however I haven't tested it. If you do test any of the RCs, post your results. This is our setup: snip -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Very strange permissions issue with Samba 3.0.20(a/b)
Hi Guys, First, thanks for all the hard work! You all rock. I am running Samba 3.0.20a on RHEL 3 u5 x86, my configuration is working perfectly except for cvs commits for 3 users. We are using ADS, pam_winbind, and pam_require to authenticate CVS users against AD. Our CVS directories are mod 2775, and the group ownership of all dirs is the AD group DEN-CVS-Users. Every valid user is a member of this group. But a few users, while they are able to authenticate, and checkout, cannot commit files to the depot. Their group membership is hosed up somehow. Everything is working perfectly except for these few troublemakers. The users can log into CVS, so their group membership is seen by winbind and passed to pam_require, but when it comes writing to a file with AD group ownership they are denied. It works for the rest of us though, so we're baffled. The files are all mod 664. This isn't a CVS issue, as I can login to our CVS server as an affected AD user and replicate the problem. For me, I can write to the depot just fine. My questions: 1. Is there a limit to the number of groups a user may be a member of ( The most so far is 48 groups ) that would cause winbind problems? 2. Are the any special characters within an AD group name that would break winbind? 3. Besides a user's SID, and group membership, what could be different between users ? This is our setup: smb.conf: [global] # workgroup = NT-Domain-Name or Workgroup-Name netbios name = CVS-DR workgroup = DEN realm = DEN.FOO.COM security = ADS password server = den-dc1.den.foo.com winbind use default domain = no winbind nested groups = yes winbind enum users = yes winbind enum groups = yes allow trusted domains = yes log level = 3 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /cvsroot winbind cache time = 3600 winbind separator = - -- RHEL 3 u5 pam config --- /etc/pam.d/cvs: #%PAM-1.0 authrequired pam_env.so authsufficientpam_unix.so likeauth nullok authsufficientpam_winbind.so use_first_pass authrequired pam_deny.so account required pam_require.so @DEN-CVS-Admins @DEN-CVS-Users @NY-CVS-Users @NY-CVS-Admins cvs account required pam_unix.so broken_shadow account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password sufficientpam_winbind.so use_authtok password sufficientpam_unix.so nullok use_authtok md5 shadow password required pam_deny.so sessionrequired pam_unix.so As always, any suggestions would be much appreciated. Thanks, Andrew Scrivner -- This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or disclose the content of all email communications. == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] makepkg.sh for samba 3.0.20
Hi Jerry, pkgadd works fine as I tried your suggested test (setting --with-configdir=/usr/local/samba/etc) Thanks, Xuan Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 xuan van wrote: | Hi, | | I downloaded 3.0.20 from samba.org, ran makepkg.sh to create | samba pkg for Solaris. The install base for the new version | locates in /opt/samba and the smbd locates in /etc/samba. | I tried to modify the makepkg.sh to put everything under | /usr/local/samba as follow: | | Delete: | |--localstatedir=/var/lib/samba \ |--with-piddir=/var/run \ |--with-logfilebase=/var/log/samba \ |--with-privatedir=/etc/samba/private \ |--with-configdir=/etc/samba \ | | Add: | |--localstatedir=/usr/local/samba/lib \ |--with-piddir=/var/run \ |--with-logfilebase=/usr/local/samba/var/log \ |--with-privatedir=/usr/local/samba/private \ |--with-configdir=/usr/local/samba/lib \ | | Replaced INSTALL_BASE=/opt/samba with INSTALL_BASE=/usr/local/samba | | makepkg.sh completed with no error. However pkgadd gives me the | following errors: | # pkgadd -d . samba | | Processing package instance samba from /tmp | | CIFS File and Print server | (sparc) 3.0.20 | Copyright (C) 2001 Samba Team | Using /usr/local/samba as the package base directory. | ## Processing package information. | pkgadd: ERROR: duplicate pathname /usr/local/samba/lib | pkgadd: ERROR: unable to process pkgmap It's probably because the configdir and libdir overlap. Just remove your --with-logbase and --with-configdir lines since those are the default values anyways. Although it could just be a bug in the generated prototype file now that I think of it since we would be defining /usr/local/samba/lib/twice. try setting --with-configdir=/usr/local/samba/etc just as a test cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVSYcIR7qMdg1EfYRAuDLAKC4nu7DBXa2qiKmKfnQ6u/p6xnzpgCg1R48 VpbimmV5yWW6wigq9j1/L9U= =SSDl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] makepkg.sh for samba 3.0.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 xuan van wrote: | Hi, | | I downloaded 3.0.20 from samba.org, ran makepkg.sh to create | samba pkg for Solaris. The install base for the new version | locates in /opt/samba and the smbd locates in /etc/samba. | I tried to modify the makepkg.sh to put everything under | /usr/local/samba as follow: | | Delete: | |--localstatedir=/var/lib/samba \ |--with-piddir=/var/run \ |--with-logfilebase=/var/log/samba \ |--with-privatedir=/etc/samba/private \ |--with-configdir=/etc/samba \ | | Add: | |--localstatedir=/usr/local/samba/lib \ |--with-piddir=/var/run \ |--with-logfilebase=/usr/local/samba/var/log \ |--with-privatedir=/usr/local/samba/private \ |--with-configdir=/usr/local/samba/lib \ | | Replaced INSTALL_BASE=/opt/samba with INSTALL_BASE=/usr/local/samba | | makepkg.sh completed with no error. However pkgadd gives me the | following errors: | # pkgadd -d . samba | | Processing package instance samba from /tmp | | CIFS File and Print server | (sparc) 3.0.20 | Copyright (C) 2001 Samba Team | Using /usr/local/samba as the package base directory. | ## Processing package information. | pkgadd: ERROR: duplicate pathname /usr/local/samba/lib | pkgadd: ERROR: unable to process pkgmap It's probably because the configdir and libdir overlap. Just remove your --with-logbase and --with-configdir lines since those are the default values anyways. Although it could just be a bug in the generated prototype file now that I think of it since we would be defining /usr/local/samba/lib/twice. try setting --with-configdir=/usr/local/samba/etc just as a test cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVSYcIR7qMdg1EfYRAuDLAKC4nu7DBXa2qiKmKfnQ6u/p6xnzpgCg1R48 VpbimmV5yWW6wigq9j1/L9U= =SSDl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] makepkg.sh for samba 3.0.20
Hi, I downloaded 3.0.20 from samba.org, ran makepkg.sh to create samba pkg for Solaris. The install base for the new version locates in /opt/samba and the smbd locates in /etc/samba. I tried to modify the makepkg.sh to put everything under /usr/local/samba as follow: Delete: --localstatedir=/var/lib/samba \ --with-piddir=/var/run \ --with-logfilebase=/var/log/samba \ --with-privatedir=/etc/samba/private \ --with-configdir=/etc/samba \ Add: --localstatedir=/usr/local/samba/lib \ --with-piddir=/var/run \ --with-logfilebase=/usr/local/samba/var/log \ --with-privatedir=/usr/local/samba/private \ --with-configdir=/usr/local/samba/lib \ Replaced INSTALL_BASE=/opt/samba with INSTALL_BASE=/usr/local/samba makepkg.sh completed with no error. However pkgadd gives me the following errors: # pkgadd -d . samba Processing package instance samba from /tmp CIFS File and Print server (sparc) 3.0.20 Copyright (C) 2001 Samba Team Using /usr/local/samba as the package base directory. ## Processing package information. pkgadd: ERROR: duplicate pathname /usr/local/samba/lib pkgadd: ERROR: unable to process pkgmap Installation of samba failed (internal error). No changes were made to the system. What am I missing? Thanks, Xuan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and ADmitMac
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sean Noonan wrote: | Does anyone have any experiences with | integrating Samba and Thursby Software's ADmitMac? | All of our Microsoft XP and Win2000 workstations work | just fine with Samba, but I'm having a hell of a | time getting ADmitMac to play nicely with Samba. | | Conversely, ADmitMac works great with Microsoft NT4, | 2000 and 2003 servers. | | I'm not able to browse the network let alone join | the OSX machines to the domain. Samba is v3.0.20 | running on FreeBSD 5.4-STABLE. Macs are running | OSX v10.3.9 and are fully patched. I've tried | both ADmitMac v2.1 and 3.0 with same results. | | Any experiences with ADmitMac in the Samba community? Not I. Is there a trial version I could grab for my Mac to test? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDT7EtIR7qMdg1EfYRAgh9AJwNLzhYYCRIyGqM6bSawsmpnM7yigCguTSF v4v9E38AhtpDsKSo2wbBfrk= =8q9q -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and ADmitMac
In a message dated 10/14/2005 9:23:04 A.M. Eastern Standard Time, [EMAIL PROTECTED] writes: | I'm not able to browse the network let alone join | the OSX machines to the domain. Samba is v3.0.20 | running on FreeBSD 5.4-STABLE. Macs are running | OSX v10.3.9 and are fully patched. I've tried | both ADmitMac v2.1 and 3.0 with same results. | | Any experiences with ADmitMac in the Samba community? Not I. Is there a trial version I could grab for my Mac to test? There IS a trial version. You can use it for 30 days, I believe. Just a note of caution. AdmitMac Version 3 has a bug in it that primarily affects its operation in Tiger (10.4.2). The original release (build 867) would give you mysterious File I/O errors on large and fast file transfers. The current release that you can download (build 868) seems to rigidly clamp down transfer rates to about 9.5 MB/sec -- even over Gigabit Ethernet. By contrast, the original release (build 867) gave you around 55 MB/sec transfer speed over Gigabit. BUT, with the occasional File I/O error that could cause your application to freeze. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and ADmitMac
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | In a message dated 10/14/2005 9:23:04 A.M. Eastern Standard Time, | [EMAIL PROTECTED] writes: | | | I'm not able to browse the network let alone join | | the OSX machines to the domain. Samba is v3.0.20 | | running on FreeBSD 5.4-STABLE. Macs are running | | OSX v10.3.9 and are fully patched. I've tried | | both ADmitMac v2.1 and 3.0 with same results. | | | | Any experiences with ADmitMac in the Samba community? | | Not I. Is there a trial version I could grab for my | Mac to test? | | There IS a trial version. You can use it for 30 days, I believe. Download URL ? - -- jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDT80VIR7qMdg1EfYRAgZ6AJsGYZlXHlMZkzwmYGo+9agUAgPhSwCgzaW9 dFC7ICEUfKdh00M4S0K3yNM= =QVpK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and ADmitMac
In a message dated 10/14/2005 11:20:49 A.M. Eastern Standard Time, [EMAIL PROTECTED] writes: | There IS a trial version. You can use it for 30 days, I believe. Download URL ? _http://www.thursby.com/evaluations/admitmac.html_ (http://www.thursby.com/evaluations/admitmac.html) Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20, Active Directory, Debian: Username ... is invalid on this system
Hello List, I have a strange problem: I have successfully added my debian system to the local active directory domain. Winbind works and gives me Users, Groups, and relations when I call wbinfo. However, Users cannot connect to a share I prepared. It makes no difference if there is no valid user = entry, or if I put an correct entry with my test user. All I get in log.winbindd is: Username DOMAIN+test is invalid on this system (just like there was a valid user entry.) I have successfully checked the password of this user with wbinfo, user data is handed over correctly, wbinfo -t is successful, domain membership works. What is wrong? Thanks!! -- Mit freundlichen Grüßen Markus Feilner -- Feilner IT Linux GIS Linux Solutions, Training, Seminare und Workshops - auch Inhouse Beraiterweg 4 93047 Regensburg Untere Hauptstr 2 85386 Eching fon regensburg +49 941 8107989 fon eching +49 89 379 956 3 fax +49 89 379 956 444 mobil + +49 170 3027092 skype ID: mfeilner mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.20, Active Directory, Debian: Username ... is invalid on this system
Markus Feilner wrote: Hello List, I have a strange problem: I have successfully added my debian system to the local active directory domain. Winbind works and gives me Users, Groups, and relations when I call wbinfo. However, Users cannot connect to a share I prepared. It makes no difference if there is no valid user = entry, or if I put an correct entry with my test user. All I get in log.winbindd is: Username DOMAIN+test is invalid on this system (just like there was a valid user entry.) I have successfully checked the password of this user with wbinfo, user data is handed over correctly, wbinfo -t is successful, domain membership works. What is wrong? You apparently haven't configured nss_winbind. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20 and ADmitMac
Does anyone have any experiences with integrating Samba and Thursby Software's ADmitMac? All of our Microsoft XP and Win2000 workstations work just fine with Samba, but I'm having a hell of a time getting ADmitMac to play nicely with Samba. Conversely, ADmitMac works great with Microsoft NT4, 2000 and 2003 servers. I'm not able to browse the network let alone join the OSX machines to the domain. Samba is v3.0.20 running on FreeBSD 5.4-STABLE. Macs are running OSX v10.3.9 and are fully patched. I've tried both ADmitMac v2.1 and 3.0 with same results. Any experiences with ADmitMac in the Samba community? Thanks, --Sean Noonan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba (3.0.20) doesn't use TLS for LDAP referrals
Jay Fenlason wrote: I can see _four_ unencrypted tries to the master directory server and a network trace confirms that samba doesn't use TLS with referrals. first contact with the slave directory: Sep 29 18:25:43 slave slapd[30977]: = check a_authz.sai_ssf: ACL 112 OP 168 fwe seconds later the referral is followed: Sep 29 18:25:45 master slapd[6738]: = check a_authz.sai_ssf: ACL 112 OP 0 is it a bug in samba? or in the OpenLDAP libraries? Could be the OpenLDAP libraries. What version of them are you using? OpenLDAP 2.2.28 (it's the last version of the 2.2.x series) It sounds suspiciously like https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161991 which is the OpenLDAP part of http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069 Jay, you are right, I'm hitting this bug[1]. I' will post the question in the OpenLDAP ML. Thank you. [1] http://www.openldap.org/its/index.cgi/Software%20Bugs?id=3791;selectid=3791 -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w--- O+ M+ V- PS+ PE+ Y++ PGP t+ 5 X+$ R- tv-- b+++ DI D+ G++ e- h+(++) !r !z --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20 : AIX 5.2 compile problem
Hi all, I am trying to compile Samba 3.0.20 for AIX 5.2. ./configure runs okay, if very slow. make breaks in some kerberos library. However kerberos works perfectly. Anyone ever done this or other advice ? TIA Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba (3.0.20) doesn't use TLS for LDAP referrals
Hello, Now I'm trying to move the LDAP backend from the master OpenLDAP server to a slave one. The ACL rules for all directories requires a ssf = 112 (Security Strength Factor) just to be sure that all connections are properly encrypted. Also the slave directory has a referral directive pointing the master directory. Samba works perfectly with the slave directory except when a write operation is done, then it gets a referral and this time the modification is tried with the master but with an unencrypted connection. I can see _four_ unencrypted tries to the master directory server and a network trace confirms that samba doesn't use TLS with referrals. first contact with the slave directory: Sep 29 18:25:43 slave slapd[30977]: = check a_authz.sai_ssf: ACL 112 OP 168 fwe seconds later the referral is followed: Sep 29 18:25:45 master slapd[6738]: = check a_authz.sai_ssf: ACL 112 OP 0 is it a bug in samba? or in the OpenLDAP libraries? Thank you. -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w--- O+ M+ V- PS+ PE+ Y++ PGP t+ 5 X+$ R- tv-- b+++ DI D+ G++ e- h+(++) !r !z --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20 aio compile failure on AIX 5.2
I just tried to compile Samba 3.0.20 on AIX 5.2 (someone suggested that it may resolve the other issue I'm having, I doubt it, but it's worth a try). I received the following error when I tried to do the compile: /usr/include/aio.h:76: field `aio_sigevent' has incomplete type /usr/include/aio.h:127: field `aio_sigevent' has incomplete type In file included from dynconfig.c:21: include/includes.h:799: redefinition of `struct timespec' make: 1254-004 The error code from the last command is 1. I'm guessing that I'm not the first to encounter this. Does anyone have a fix? Thanks! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem: FreeBSD 5.4 and Samba 3.0.20 not working with ADS
Hello all, I'm having a really difficult time with this setup. I can communicate with my Win2k3 PDC from my FreeBSD Samba file server by using the wbinfo utility. The wbinfo utility returns all of the information that I expect it to successfully. I've joined the Samba file server to the AD already. Users can access shared resources on the Samba file server *ONLY IF* they have a local account on the Samba file server. What am I doing wrong, it's giving me massive headaches?! Here are my config files: ---[ smb.conf ]--- [global] workgroup = HELLO realm = HELLO.LOCAL server string = Samba File Server security = ADS auth methods = winbind password server = 192.168.20.5 log level = 3 log file = /var/log/samba/log.%m max log size = 100 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 printcap name = cups preferred master = No domain master = No dns proxy = No wins server = 192.168.20.5 ldap ssl = no idmap uid = 1-2 idmap gid = 2-3 winbind use default domain = Yes winbind trusted domains only = Yes invalid users = root acl group control = Yes inherit permissions = Yes inherit acls = Yes write cache size = 262144 [homes] comment = Home Directories read only = No browseable = No [public] comment = Public Share path = /home/pub admin users = Administrator read only = No create mask = 0664 directory mask = 0775 guest ok = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No ---[ krb5.conf ]--- [libdefaults] default_realm = HELLO.LOCAL [realms] HELLO.LOCAL = { kdc = champion.hello.local admin_server = champion.hello.local } [domain_realm] .hello.local = HELLO.LOCAL ---[ nsswitch.conf ]--- group: compat files winbind group_compat: nis hosts: files dns networks: files passwd: compat files winbind passwd_compat: nis shells: files shadow: files winbind ---[ /etc/pam.d/login ]--- # auth authrequiredpam_nologin.so no_warn authsufficient pam_self.so no_warn authinclude system authsufficient pam_winbind.so # account account requisite pam_securetty.so account include system account sufficient pam_winbind.so # session session include system # password passwordinclude system Thanks for taking the time to check this out! -Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to enable AIO in samba-3.0.20 ?
Dear Sirs, is aio supported under FreeBSD ? I recompiled samba with --enable-aio-support, what else should I do in order to enable aio ? Cheers, Ilia Chipitsine -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to enable AIO in samba-3.0.20 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ilia Chipitsine wrote: | Dear Sirs, | | is aio supported under FreeBSD ? | I recompiled samba with --enable-aio-support, what else | should I do in order to enable aio ? Nope. Patches are pending though from the FreeBSD maintainer. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDKzRjIR7qMdg1EfYRAl8vAJ9DeDvNGfrMtFrl9bPqZsTwgnG8WQCgjviW Futa8wYHCbtvTN047KFqoBI= =lMKG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems compiling Samba-3.0.20 on Slackware 10.1 using kernel version 2.4.29 (unmodified)
Processes run: ./autogen.sh ./configure ./make Make results in the following error: /usr/lib/gcc-lib/i486-slackware-linux/3.3.4/../../../../i486-slackware-linux/bin/ld: cannot find -lssl collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 ssl version OpenSSL 0.9.7g 11 Apr 2005 is installed under /usr/local/ssl/ and is listed in /etc/ld.so.conf but is not stipulated when compiling. Does it need to be? Any ideas anyone? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems compiling Samba-3.0.20 on Slackware 10.1 using kernel version 2.4.29 (unmodified)
Processes run: ./autogen.sh ./configure ./make Make results in the following error: /usr/lib/gcc-lib/i486-slackware-linux/3.3.4/../../../../i486-slackware-linux/bin/ld: cannot find -lssl collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 ssl version OpenSSL 0.9.7g 11 Apr 2005 is installed under /usr/local/ssl/ and is listed in /etc/ld.so.conf but is not stipulated when compiling. Does it need to be? Any ideas anyone? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 - Windows 98 problem
On Wed, Sep 07, 2005 at 10:54:17AM +0300, Catalin TOMOZEI wrote: Server - Samba 3.0.20 on INTEL P4 running Slackware 10.1 Client - Windows 98. Can log in, see, browse, and write. Just can't run simultaneous, same *.exe from 2 different computers with Windows 98 With Windows 2000, Xp this keep good time. On samba 3.0.14a, with same smb.conf this problem dont exist. This has just been fixed in SVN. Here is the patch : Jeremy. Author: jra Revision: r10133 Modified: source/smbd/open.c Added: Removed: Fix bug #3044. open-exec is read-only. Jeremy. Index: source/smbd/open.c === --- source/smbd/open.c (revision 10132) +++ source/smbd/open.c (revision 10133) @@ -1046,13 +1046,13 @@ /* Create the NT compatible access_mask. */ switch (GET_OPENX_MODE(deny_mode)) { + case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */ case DOS_OPEN_RDONLY: access_mask = FILE_GENERIC_READ; break; case DOS_OPEN_WRONLY: access_mask = FILE_GENERIC_WRITE; break; - case DOS_OPEN_EXEC: /* This used to be FILE_READ_DATA... */ case DOS_OPEN_RDWR: case DOS_OPEN_FCB: access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE; -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20 winbindd problem on x86-64
We've been having some problems with winbind authentication recently (on 3.0.13) so I've upgraded to 3.0.20 (including all the patches on http://www.samba.org/samba/patches/). This works perfectly on all our 32-bit systems but seems to break badly on the 64-bit systems. Fetching user and group lists (via 'wbinfo -u' and 'wbinfo -n') work fine, as does looking up SIDs (via 'wbinfo -n'). Logging on using an ADS user fails though (causing the winbindd server to lock up, which means all user group lookups then incur a huge delay) - I've narrowed this down to the getgroups call (reproducible via 'wbinfo -r') but I can't follow quite what this is doing in the code (It appears to call through to schedule_async_request twice, hanging on the second call). Any ideas? Here's the smb.conf we're using: [global] utmp = yes workgroup = BIOWISDOM server string = SAMBA time server = yes interfaces = 127.0.0.1 eth0 bind interfaces only = true log file = /var/log/samba/log.%m security = ads realm = INTERNAL.BIOWISDOM.COM password server = * socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no dns proxy = yes encrypt passwords = yes client plaintext auth = no client lanman auth = no client ntlmv2 auth = yes idmap backend = ldap:ldap://ls-ukdevel01.internal.biowisdom.com idmap uid = 1-2 idmap gid = 1-2 Many thanks, Robin -- Robin Hill Linux Systems Administrator, BioWisdom Ltd. http://www.biowisdom.com/ * The information contained in this message is likely to be confidential. It is intended only for the person named above. Any dissemination, distribution, copying, disclosure or use of this message or its contents unless authorised by BioWisdom Ltd is strictly prohibited. Any views or opinions expressed within this e-mail are those of the author and do not necessarily represent those of BioWisdom Ltd. If you have received this message in error, please immediately notify us and delete it. Thank you. BioWisdom Ltd, Harston Mill, Harston, Cambridge, CB2 5GG. Tel: +44 (0)1223 874800, Fax: +44 (0) 1223 874801, Internet:www.biowisdom.com * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20 - Windows 98 problem
Server - Samba 3.0.20 on INTEL P4 running Slackware 10.1 Client - Windows 98. Can log in, see, browse, and write. Just can't run simultaneous, same *.exe from 2 different computers with Windows 98 With Windows 2000, Xp this keep good time. On samba 3.0.14a, with same smb.conf this problem dont exist. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20 build issue
Hi all, I could not get the new 3.0.20 version to compile using a GCC-4 based system without commenting out some code just recently put in (I base this on the SVN commits). The code I had to comment is in the source/include/includes.h file. Here is the commented code. /* #ifndef __cplusplus #define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define protected #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define template #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define this #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define new #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define delete #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #define friend #error DONT_USE_CPLUSPLUS_RESERVED_NAMES #endif */ This code was inserted into the includes.h file after 3.0.14a was released. I can compile the 3.0.14a version perfectly without any changes. Anyway, commenting out the section shown above in the includes.h file results in a clean build and a perfectly (as best as I can tell) running Samba installation of 3.0.20. If I can provide any additional information to help out, let me know. I am not subscribed, but I will follow via the newsgroup and/or archive facilities. -- Randy rmlscsi: [GNU ld version 2.15.94.0.2 20041220] [gcc (GCC) 3.4.3] [GNU C Library stable release version 2.3.4] [Linux 2.6.10 i686] 11:41:01 up 155 days, 11:14, 3 users, load average: 0.08, 0.08, 0.19 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20 on Solaris ( 3.0.14a idem) - C compiler cannot create executables
Hi, I've a real problem on my sol8 server : - gcc, binutils, etc are installed, PATH is ok, as, ld, etc too MIT kerberos and Openldap have compiled without any problem but for samba during configure I directly get : C compiler cannot create executables and no error about a gcc not found ! I only see not found but it doesn't tell me what in config.log, it seems to search for something in /usr/local/.../Openldap/lib and/or include dirs but I don't know what :( Someone said me that I should use Sun compilers instead of gcc but I don't want, I don't have Sun Studio licence and I don't want to buy it just for that ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Beta test of Sparc Solaris packages (Samba 3.0.20)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, I'm uploading a simple package of Samba 3.0.20 for Solaris 9 Sparc to samba.org. The configure options are ./configure --prefix=/opt/samba \ --with-acl-support \ --with-included-popt \ --localstatedir=/var/lib/samba \ --with-piddir=/var/run \ --with-logfilebase=/var/log/samba \ --with-privatedir=/etc/samba/private \ --with-configdir=/etc/samba \ --with-ldap=no --with-ads=no The package was built using gcc 4.0. The package will be in the standard Binary_Packages directory in the download area on http://download.samba.org/ I'm going to work on a separate package with full ads support using statically linked OpenLDAP and the MIT kerberos client libs. Hopefully I'll have that version available next week. But if interested people could test out this one to make sure it runs ok, that would be helpful. Is there any demand for Solaris x86 packages? If so what OS release? I'm not promising anything. Just trying to gauge interest. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDFhbBIR7qMdg1EfYRAi2yAJ9/ZsTRKWx3GUA2YoyTFv3NFrKKJwCfX5v2 zyUMv/awwsMOkBzfDMoiMII= =/oAU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and UserManager
i posted this problem earlier with extensive logging please have a look at: [Samba] Trouble with usrmgr.exe in 3.0.20rc1/2 08/12/05 Guenther Deschner wrote: On Tue, Aug 23, 2005 at 04:13:16PM +0100, Bruno Guerreiro wrote: Hi, I'll do that just for debug purposes. +1800 Usergroups +1000 Users +1000 Computers Accounts There must be another way :-( Yes, could you please provide a debuglevel 10 log.smbd ? This would allow to track your problem. Thanks, Guenther -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 on Solaris: problem with fileaccess in a automounted filesystem
[EMAIL PROTECTED] wrote: Hello Knut, The problem may well be related to locking problems between the samba server and the NFS server (Solaris 2.5.1). Isn't 2.5.1 unsupported now? Have you patched it up as much as you can? Yes, so I have been thinking myself, but when logging on to the Solaris samba server which mounts from the 2.5.1 nfs server, checking/accessing the files/directories seems fine. No locking problems. Also, when using a Sgi samba server mounting from the same Solaris 2.5.1 system, everything is fine. One should think that it is more likely that things would work better between two Sun boxes than between a Sun and a Sgi. I will try to patch the Solaris 2.5.1 server with the latest recommended set and see if this helps. -- ** * Knut Hellebø | DAMN GOOD COFFEE !! * * Hydro IS Partner ESI (Unix) Team | (and hot too) * * | * * E-mail: [EMAIL PROTECTED] | Dale Cooper, FBI* ** *** NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it, may contain confidential or privileged information. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this message is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify the sender and delete the e-mail and attached documents. Thank you. *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20 crashes on startup
Hi, after a problem last week with a kerberos security update from microsoft and my samba version I updated samba to 3.0.20. On most machines this works like a charm, but on one of them smbd crashes on startup. This is whet comes up in the logfile. [2005/08/29 13:35:45, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2005/08/29 13:35:45, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2005/08/29 13:35:45, 2] lib/interface.c:add_interface(81) added interface ip=10.10.1.4 bcast=10.10.255.255 nmask=255.255.0.0 [2005/08/29 13:35:45, 2] lib/tallocmsg.c:register_msg_pool_usage(56) Registered MSG_REQ_POOL_USAGE [2005/08/29 13:35:45, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2005/08/29 13:35:45, 0] printing/nt_printing.c:upgrade_to_version_4(438) upgrade_to_version_4: upgrading printer security descriptors [2005/08/29 13:35:45, 0] lib/fault.c:fault_report(36) === [2005/08/29 13:35:45, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 6871 (3.0.20-0.1-SUSE) Please read the appendix Bugs of the Samba HOWTO collection [2005/08/29 13:35:45, 0] lib/fault.c:fault_report(39) === [2005/08/29 13:35:45, 0] lib/util.c:smb_panic2(1548) PANIC: internal error [2005/08/29 13:35:45, 0] lib/util.c:smb_panic2(1556) BACKTRACE: 14 stack frames: #0 /usr/sbin/smbd(smb_panic2+0x1c5) [0x5b3671] #1 /usr/sbin/smbd(smb_panic+0xe) [0x5b34a7] #2 /usr/sbin/smbd [0x5a06f1] #3 /usr/sbin/smbd [0x5a074d] #4 /lib64/tls/libc.so.6 [0x2a96b7b380] #5 /usr/sbin/smbd(sec_desc_merge+0x45) [0x5cce1e] #6 /usr/sbin/smbd [0x5d442e] #7 /usr/sbin/smbd(tdb_traverse+0x115) [0x5c75a6] #8 /usr/sbin/smbd [0x5d4654] #9 /usr/sbin/smbd(nt_printing_init+0x3cd) [0x5d4cad] #10 /usr/sbin/smbd(print_backend_init+0x182) [0x5ce7eb] #11 /usr/sbin/smbd(main+0x536) [0x631ad7] #12 /lib64/tls/libc.so.6(__libc_start_main+0xfd) [0x2a96b69acd] #13 /usr/sbin/smbd(tcsetattr+0xaa) [0x44141a] The problem is probably printing related, but I do not have any printer shares enabled in my config. Any ideas? Regards, Leen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 crashes on startup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leen Toelen wrote: | Hi, | | after a problem last week with a kerberos | security update from microsoft and my samba version I | updated samba to 3.0.20. On most machines this works like | a charm, but on one of them smbd crashes on | startup. This is whet comes up in the logfile. You're on a 64-bit AMD box running SLES 9 sp1 right ? This is a bug in gcc. If it is a bug in the suse packages, please report tyo [EMAIL PROTECTED] If you compiled it yourself, either upgrade to SLES 9 sp2 or compile with '-O0' or no topimizations. The problem appears to be with -O1 (the default). | cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDEvfxIR7qMdg1EfYRAlsgAKCkGjNChRXYUOzRRBWOeNx1wo1CaACg1YWQ DFzfCzdhk61TMjdSDNHohOw= =RkqL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20
Will there be an RPM for Suse 8.2? As the last one available is the 3.0.14a and I would like to update the Samaba server to 3.0.20. If not, how can I upgrade my existing one? Thanks! Raymond -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20
Hi, sorry but Samba is not responsilbe for binarys! You will find current SUSE 8.2 binarys at: ftp://ftp.sernet.de/pub/samba/suse/suse82/ Cheers Stefan Original Message Subject: [Samba] 3.0.20 (26-Aug-2005 12:52) From:[EMAIL PROTECTED] To: samba@lists.samba.org Will there be an RPM for Suse 8.2? As the last one available is the 3.0.14a and I would like to update the Samaba server to 3.0.20. If not, how can I upgrade my existing one? Thanks! Raymond -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 compiles in aio support on aix by default, and when asked not to
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 J Raynor wrote: I'm trying to install samba-3.0.20 on aix 5.2, and I don't want to use aio, but the build process is compiling it in anyway. By default, it isn't supposed to build in aio support, but it does. When I pass --with-aio-support=no to configure, it also builds in support. It builds in aio support whether I use gcc or xlc. Here's what ldd shows: # ldd bin/smbd bin/smbd needs: /usr/lib/libc.a(shr.o) /usr/lib/libc.a(posix_aio.o) /usr/lib/librtl.a(shr.o) /unix /usr/lib/libcrypt.a(shr.o) J, Would you file this as a bug report for me? Then either Jeremy or I will get it cleaned up. Thanks. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDDxdHIR7qMdg1EfYRAiHdAKDAXIBiWhZVvpv53XhlwP1IiYk5mgCdHRCa SUHKQw4GSDdX7p6D/goFsaE= =Z4Xl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20 on Solaris: problem with fileaccess in a automounted filesystem
Regards, Sent this one before, here's another go: My sambaserver, let's call it sserv, is running Solaris 8 (latest Recommended set) or 9 (tried both) compiled with automount support. When PC client A tries to access a file in a automounted mapping from sserv, the client is freezing and Windows Explorer has to be restarted. The NFS server which the samba server automounts from is a Solaris 2.5.1 system. The strange thing is that the same scenario works OK when the samba server is an Sgi IRIX system. The following pops up in the log for PC client A on sserv: [2005/08/26 15:57:29, 0] smbd/oplock.c:(1081) request_oplock_break: no response received to oplock break request to pid 16838 on port 58990 for dev = 4f4001d, inode = 187327, file_id = 51 [2005/08/26 15:57:29, 0] smbd/open.c:(726) open_mode_check: exlusive oplock left by process 16838 after break ! For file test.zip, dev = 4f4001d, inode = 187327. Deleting it to continue... Someone's got a clue ? -- ** * Knut Hellebø | DAMN GOOD COFFEE !! * * Hydro IS Partner ESI (Unix) Team | (and hot too) * * | * * E-mail: [EMAIL PROTECTED] | Dale Cooper, FBI* ** *** NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it, may contain confidential or privileged information. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this message is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify the sender and delete the e-mail and attached documents. Thank you. *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20 compiles in aio support on aix by default, and when asked not to
I'm trying to install samba-3.0.20 on aix 5.2, and I don't want to use aio, but the build process is compiling it in anyway. By default, it isn't supposed to build in aio support, but it does. When I pass --with-aio-support=no to configure, it also builds in support. It builds in aio support whether I use gcc or xlc. Here's what ldd shows: # ldd bin/smbd bin/smbd needs: /usr/lib/libc.a(shr.o) /usr/lib/libc.a(posix_aio.o) /usr/lib/librtl.a(shr.o) /unix /usr/lib/libcrypt.a(shr.o) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member
Jerry, These were from enterprisesamba.com http://enterprisesamba.com/ (created by sernet). I use them since Earlier 3.0.14a from them worked very well, Absolutely perfect. regards On 8/23/05, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sanjay Upadhyay wrote: Problem Solved. Just trying to build from source and repeating the steps solved the problem, So it seems there are problems with the rpm distribution from sarnet. Sanjay, Just to clarify, these RPMs for SLES 9 came from samba.orghttp://samba.org ? Or for enterprisesamba.com http://enterprisesamba.com (created by SerNet)? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key - http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDCzi+IR7qMdg1EfYRAsyQAKDgkBMk1NSB9fMM/SK+X6MLDSW9ywCeJ65B PDxQymIayr450OyJWIiT7iE= =ZWk2 -END PGP SIGNATURE- -- Sanjay Upadhyay http://saneax.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and UserManager, LDAP database rebuild
On Tue, Aug 23, 2005 at 04:23:43PM +0200, Louis van Belle wrote: Hi i also had this error. Procedure out of range error. I rebuild the ldap database and problem was solved. How to rebuild the LDAP database? Something like: slapcat db ; rm -r /var/lib/ldap/* ; cat db | slapdd ? Or should db taken from the backup because that is a consistent version before the rebuild was due. Louis Cheers Geert Stappers signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and UserManager
Hi, I'll do that just for debug purposes. +1800 Usergroups +1000 Users +1000 Computers Accounts There must be another way :-( Most likely :-) Where it is logical problem, it will help to allow reading in the logical order. Please reply below the text. Thanks, Some one who gets directed to archives by search engines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.20-1 Fedora SRPM on x86_64 build questions
Hi all, I am trying to build the 3.0.20 fedora srpm from samba.org on x86_64 but I am having a problem with the packaging. When I do rpmbuild -ba I get the following errors: Processing files: samba-client-3.0.20-1 error: File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/lowcase.dat error: File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/upcase.dat error: File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/valid.dat Processing files: samba-common-3.0.20-1 error: File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/charset/CP*.so error: File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/idmap/idmap*.so Processing files: samba-swat-3.0.20-1 error: File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/*.msg Processing files: samba-debuginfo-3.0.20-1 Provides: CP437.so.debug()(64bit) CP850.so.debug()(64bit) audit.so.debug()(64bit) cap.so.debug()(64bit) default_quota.so.debug()(64bit) expand_msdfs.so.debug()(64bit) extd_audit.so.debug()(64bit) fake_perms.so.debug()(64bit) full_audit.so.debug()(64bit) idmap_rid.so.debug()(64bit) libnss_winbind.so.debug()(64bit) libnss_wins.so.debug()(64bit) libsmbclient.so.debug()(64bit) net.debug()(64bit) netatalk.so.debug()(64bit) nmbd.debug()(64bit) nmblookup.debug()(64bit) ntlm_auth.debug()(64bit) pam_smbpass.so.debug()(64bit) pam_winbind.so.debug()(64bit) pdbedit.debug()(64bit) profiles.debug()(64bit) readonly.so.debug()(64bit) recycle.so.debug()(64bit) rpcclient.debug()(64bit) shadow_copy.so.debug()(64bit) smbcacls.debug()(64bit) smbclient.debug()(64bit) smbcontrol.debug()(64bit) smbcquotas.debug()(64bit) smbd.debug()(64bit) smbmnt.debug()(64bit) smbmount.debug()(64bit) smbpasswd.debug()(64bit) smbspool.debug()(64bit) smbstatus.debug()(64bit) smbtree.debug()(64bit) smbumount.debug()(64bit) swat.debug()(64bit) tdbbackup.debug()(64bit) tdbdump.debug()(64bit) tdbtool.debug()(64bit) testparm.debug()(64bit) wbinfo.debug()(64bit) winbindd.debug()(64bit) Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 RPM build errors: File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/vfs File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/lowcase.dat File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/upcase.dat File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/valid.dat File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/charset/CP*.so File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/idmap/idmap*.so File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/*.msg (pocono pts32) $ All of the missing files are in /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib/samba/. My question is what is the correct location for these files /usr/lib/samba or /usr/lib64/samba? Regards, Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member
Hi Jerry, I will try to explain what I did and I got the error. 1) downloaded 3.0.20 from http://ftp.sernet.de/pub/samba/sles/sles9-i386/samba3-3.0.20-21.i586.rpm 2) Installed it with rpm -Uvh options.. 3) My smb.conf and krb5.conf were, as it is from earlier settings (which was working with 3.0.14a) 4) Steps to rejoin... (all the logs are attached which were started with debug log levels of 10) #rcsmb stop; rcnmb stop; rcwinbind stop; #kinit [EMAIL PROTECTED] [EMAIL PROTECTED]'s Password: kinit: NOTICE: ticket renewable lifetime is 1 week # net ads join -U Administrator%DingDong.com -d 10 ads_add_machine_acct: Host account for susles9aa already exists - modifying old account Using short domain name -- HUNGER # getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false news:x:9:13:News system:/etc/news:/bin/bash uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash games:x:12:100:Games account:/var/games:/bin/bash man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false ftp:x:40:49:FTP account:/srv/ftp:/bin/bash postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false ntp:x:74:65534:NTP daemon:/var/lib/ntp:/bin/false ldap:x:76:70:User for OpenLDAP:/var/lib/ldap:/bin/bash nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash arun:x:1000:100:Arun Sharma:/home/arun:/bin/bash joker:x:1001:1000:Samba Administrator:/home/joker:/bin/false vvv:x:1002:1001:vvv:/home/vvv:/bin/false aaa:x:1003:1001:aaa:/home/aaa:/bin/false a12:x:1004:1001:a12:/home/a12:/bin/false ggg:x:1005:1001:ggg:/home/ggg:/bin/false user1:x:1006:1001:user1:/home/user1:/bin/false user333:x:1007:1001:user333:/home/user333:/bin/false The AD is Configured on Windows 2003 Enterprise Server, build 3790. There is no service pack istalled as such Please do let me know in case you need any other information. regards Sanjay Upadhyay On 8/22/05, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sanjay Upadhyay wrote: | I have updated samba to 3.0.20, on SLES9. I had a | configuration earlier, where SLES9 was a domain member | 2003 Server (samba 3.0.14a), everything used | to work well earlier. After updating.. I rejoined it to | AD there was no errors. However, Clients from windows | were unable to access the shares. | #getent passwd | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(36) | === | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(37) | INTERNAL ERROR: Signal 11 in pid 4746 (3.0.20-0.1-SUSE) | Please read the appendix Bugs of the Samba HOWTO collection | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(39) | === | [2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1548) | PANIC: internal error | [2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1556) | BACKTRACE: 13 stack frames: | #0 /usr/sbin/winbindd(smb_panic2+0x1ed) [0x80e2128] | #1 /usr/sbin/winbindd(smb_panic+0x25) [0x80e1f35] | #2 /usr/sbin/winbindd [0x80cc967] | #3 /usr/sbin/winbindd [0x80cc9dd] | #4 [0xe420] | #5 /usr/sbin/winbindd(winbindd_getpwent+0x1df) [0x8076253] I really need a level 10 debug log here, or even better, a gdb backtrace of winbindd compiled with --enable-debug. btw...What SP are you running on the server? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDCeSDIR7qMdg1EfYRAkLUAJ9bhQNzQVpn3VQ9/Q7DTevNtmbMywCeOxq0 r0dMsJI8y+BUKn+H7a1ynLw= =MzpW -END PGP SIGNATURE- -- Sanjay Upadhyay http://saneax.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member
hi Folks, Problem Solved. Just trying to build from source and repeating the steps solved the problem, So it seems there are problems with the rpm distribution from sarnet. regards On 8/23/05, Sanjay Upadhyay [EMAIL PROTECTED] wrote: Attaching more debug info... while I connect to Samba Machine from a Windows Client as a Admin User On 8/23/05, Sanjay Upadhyay [EMAIL PROTECTED] wrote: Hi Jerry, I will try to explain what I did and I got the error. 1) downloaded 3.0.20 from http://ftp.sernet.de/pub/samba/sles/sles9-i386/samba3-3.0.20-21.i586.rpm 2) Installed it with rpm -Uvh options.. 3) My smb.conf and krb5.conf were, as it is from earlier settings (which was working with 3.0.14a) 4) Steps to rejoin... (all the logs are attached which were started with debug log levels of 10) #rcsmb stop; rcnmb stop; rcwinbind stop; #kinit [EMAIL PROTECTED] [EMAIL PROTECTED]'s Password: kinit: NOTICE: ticket renewable lifetime is 1 week # net ads join -U Administrator%DingDong.com -d 10 ads_add_machine_acct: Host account for susles9aa already exists - modifying old account Using short domain name -- HUNGER # getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false news:x:9:13:News system:/etc/news:/bin/bash uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash games:x:12:100:Games account:/var/games:/bin/bash man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false ftp:x:40:49:FTP account:/srv/ftp:/bin/bash postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false ntp:x:74:65534:NTP daemon:/var/lib/ntp:/bin/false ldap:x:76:70:User for OpenLDAP:/var/lib/ldap:/bin/bash nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash arun:x:1000:100:Arun Sharma:/home/arun:/bin/bash joker:x:1001:1000:Samba Administrator:/home/joker:/bin/false vvv:x:1002:1001:vvv:/home/vvv:/bin/false aaa:x:1003:1001:aaa:/home/aaa:/bin/false a12:x:1004:1001:a12:/home/a12:/bin/false ggg:x:1005:1001:ggg:/home/ggg:/bin/false user1:x:1006:1001:user1:/home/user1:/bin/false user333:x:1007:1001:user333:/home/user333:/bin/false The AD is Configured on Windows 2003 Enterprise Server, build 3790. There is no service pack istalled as such Please do let me know in case you need any other information. regards Sanjay Upadhyay On 8/22/05, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sanjay Upadhyay wrote: | I have updated samba to 3.0.20, on SLES9. I had a | configuration earlier, where SLES9 was a domain member | 2003 Server (samba 3.0.14a), everything used | to work well earlier. After updating.. I rejoined it to | AD there was no errors. However, Clients from windows | were unable to access the shares. | #getent passwd | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(36) | === | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(37) | INTERNAL ERROR: Signal 11 in pid 4746 (3.0.20-0.1-SUSE) | Please read the appendix Bugs of the Samba HOWTO collection | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(39) | === | [2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1548) | PANIC: internal error | [2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1556) | BACKTRACE: 13 stack frames: | #0 /usr/sbin/winbindd(smb_panic2+0x1ed) [0x80e2128] | #1 /usr/sbin/winbindd(smb_panic+0x25) [0x80e1f35] | #2 /usr/sbin/winbindd [0x80cc967] | #3 /usr/sbin/winbindd [0x80cc9dd] | #4 [0xe420] | #5 /usr/sbin/winbindd(winbindd_getpwent+0x1df) [0x8076253] I really need a level 10 debug log here, or even better, a gdb backtrace of winbindd compiled with --enable-debug. btw...What SP are you running on the server? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDCeSDIR7qMdg1EfYRAkLUAJ9bhQNzQVpn3VQ9/Q7DTevNtmbMywCeOxq0 r0dMsJI8y+BUKn+H7a1ynLw= =MzpW -END PGP SIGNATURE- -- Sanjay Upadhyay http://saneax.blogspot.com -- Sanjay Upadhyay http://saneax.blogspot.com -- Sanjay Upadhyay http://saneax.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20 and UserManager
Hi all. Just tried to upgrade our test PDC server from 3.0.14a to 3.0.20, and now i've stumbled in to the following error. Using the User Manager for Domains causes a Procedure out of range error. Using DameWare NT Utilities causes the application to crash. Tried both in WIN2000 and XP. If I downgrade to 3.0.14a again everything is OK. Server Manager works OK in both versions. I'm trying to use samba-3.0.20, smblda-tools-0.9.1 and openldap-2.2.13 on a FC3 server. I may supply a level 10 debug log if necessary. TIA Bruno Guerreiro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and UserManager
Bruno Guerreiro schrieb: Hi all. Just tried to upgrade our test PDC server from 3.0.14a to 3.0.20, and now i've stumbled in to the following error. Using the User Manager for Domains causes a Procedure out of range error. Using DameWare NT Utilities causes the application to crash. Tried both in WIN2000 and XP. If I downgrade to 3.0.14a again everything is OK. Server Manager works OK in both versions. I'm trying to use samba-3.0.20, smblda-tools-0.9.1 and openldap-2.2.13 on a FC3 server. I may supply a level 10 debug log if necessary. TIA Bruno Guerreiro Hi, i had no failures with usrmgr and suse 9.3 with samba ldap pdc after upgrade to Samba 3.0.20 just for info. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.20 and UserManager
Hi i also had this error. Procedure out of range error. I rebuild the ldap database and problem was solved. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Robert Schetterer Verzonden: dinsdag 23 augustus 2005 16:20 Aan: Bruno Guerreiro CC: samba@lists.samba.org Onderwerp: Re: [Samba] Samba 3.0.20 and UserManager Bruno Guerreiro schrieb: Hi all. Just tried to upgrade our test PDC server from 3.0.14a to 3.0.20, and now i've stumbled in to the following error. Using the User Manager for Domains causes a Procedure out of range error. Using DameWare NT Utilities causes the application to crash. Tried both in WIN2000 and XP. If I downgrade to 3.0.14a again everything is OK. Server Manager works OK in both versions. I'm trying to use samba-3.0.20, smblda-tools-0.9.1 and openldap-2.2.13 on a FC3 server. I may supply a level 10 debug log if necessary. TIA Bruno Guerreiro Hi, i had no failures with usrmgr and suse 9.3 with samba ldap pdc after upgrade to Samba 3.0.20 just for info. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.20 and UserManager
Hi, Rebuild the ldap database? With slapcat and slapadd? Tried that. Didn't work :-( Any other ideas? Best Regards, Bruno Guerreiro -Original Message- From: Louis van Belle [mailto:[EMAIL PROTECTED] Sent: terça-feira, 23 de Agosto de 2005 15:24 To: samba@lists.samba.org Subject: RE: [Samba] Samba 3.0.20 and UserManager Hi i also had this error. Procedure out of range error. I rebuild the ldap database and problem was solved. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Robert Schetterer Verzonden: dinsdag 23 augustus 2005 16:20 Aan: Bruno Guerreiro CC: samba@lists.samba.org Onderwerp: Re: [Samba] Samba 3.0.20 and UserManager Bruno Guerreiro schrieb: Hi all. Just tried to upgrade our test PDC server from 3.0.14a to 3.0.20, and now i've stumbled in to the following error. Using the User Manager for Domains causes a Procedure out of range error. Using DameWare NT Utilities causes the application to crash. Tried both in WIN2000 and XP. If I downgrade to 3.0.14a again everything is OK. Server Manager works OK in both versions. I'm trying to use samba-3.0.20, smblda-tools-0.9.1 and openldap-2.2.13 on a FC3 server. I may supply a level 10 debug log if necessary. TIA Bruno Guerreiro Hi, i had no failures with usrmgr and suse 9.3 with samba ldap pdc after upgrade to Samba 3.0.20 just for info. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sanjay Upadhyay wrote: Problem Solved. Just trying to build from source and repeating the steps solved the problem, So it seems there are problems with the rpm distribution from sarnet. Sanjay, Just to clarify, these RPMs for SLES 9 came from samba.org? Or for enterprisesamba.com (created by SerNet)? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDCzi+IR7qMdg1EfYRAsyQAKDgkBMk1NSB9fMM/SK+X6MLDSW9ywCeJ65B PDxQymIayr450OyJWIiT7iE= =ZWk2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.20 and UserManager
Hi, I'll do that just for debug purposes. +1800 Usergroups +1000 Users +1000 Computers Accounts There must be another way :-( Bruno Guerreiro -Original Message- From: Louis van Belle [mailto:[EMAIL PROTECTED] Sent: terça-feira, 23 de Agosto de 2005 15:59 To: 'Bruno Guerreiro' Subject: RE: [Samba] Samba 3.0.20 and UserManager yes, backup al the tdb files of samba and the ldap database. the try it with a clean enviroment. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Bruno Guerreiro Verzonden: dinsdag 23 augustus 2005 16:55 Aan: samba@lists.samba.org Onderwerp: RE: [Samba] Samba 3.0.20 and UserManager Hi, Rebuild the ldap database? With slapcat and slapadd? Tried that. Didn't work :-( Any other ideas? Best Regards, Bruno Guerreiro -Original Message- From: Louis van Belle [mailto:[EMAIL PROTECTED] Sent: terça-feira, 23 de Agosto de 2005 15:24 To: samba@lists.samba.org Subject: RE: [Samba] Samba 3.0.20 and UserManager Hi i also had this error. Procedure out of range error. I rebuild the ldap database and problem was solved. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Robert Schetterer Verzonden: dinsdag 23 augustus 2005 16:20 Aan: Bruno Guerreiro CC: samba@lists.samba.org Onderwerp: Re: [Samba] Samba 3.0.20 and UserManager Bruno Guerreiro schrieb: Hi all. Just tried to upgrade our test PDC server from 3.0.14a to 3.0.20, and now i've stumbled in to the following error. Using the User Manager for Domains causes a Procedure out of range error. Using DameWare NT Utilities causes the application to crash. Tried both in WIN2000 and XP. If I downgrade to 3.0.14a again everything is OK. Server Manager works OK in both versions. I'm trying to use samba-3.0.20, smblda-tools-0.9.1 and openldap-2.2.13 on a FC3 server. I may supply a level 10 debug log if necessary. TIA Bruno Guerreiro Hi, i had no failures with usrmgr and suse 9.3 with samba ldap pdc after upgrade to Samba 3.0.20 just for info. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and UserManager
On Tue, Aug 23, 2005 at 04:13:16PM +0100, Bruno Guerreiro wrote: Hi, I'll do that just for debug purposes. +1800 Usergroups +1000 Users +1000 Computers Accounts There must be another way :-( Yes, could you please provide a debuglevel 10 log.smbd ? This would allow to track your problem. Thanks, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE LINUX [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] pgpki1JA4Limj.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20 documentation bug
For all new/modified parameters in smb.conf there are no entries in man smb.conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 documentation bug
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mihail Savitsky wrote: | For all new/modified parameters in smb.conf | there are no entries in man smb.conf grrr.not entirely true, but true enough. Here's how things stack up. Parameter Name Docs - -- -- acl check permissions acl group control X acl map full control aio read size aio write size enable asu support X inherit owner X map to guestX max stat cache size X username map script X winbindd nss info So looks like Jeremy and Guenther owe some man pages updates. Here's a short explanation: acl check permissions (S) Share level parameter for re-enabling the pre-3.0.13 write access checking semantics. acl map full control (S) Share level parameter use to determine whether or not the Unix permissions rwx should be mapped to the Windows permissions of Full Control aio read/write size (G) Threshhold in bytes used to swap over internally to AIO vs. synchronous disk IO. winbind nss info (G) Define the type of service (template, sfu) used for setting the posix account information such as home directory and shell information. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDCcW/IR7qMdg1EfYRAvggAKDWQtsw0sn1l9ZEmR/ZROfSrvq4OgCeJFwI oE/7f49WAeFTwXGPe1VKua4= =0rwN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member
Hi folks, I have updated samba to 3.0.20, on SLES9. I had a configuration earlier, where SLES9 was a domain member 2003 Server (samba 3.0.14a), everything used to work well earlier. After updating.. I rejoined it to AD there was no errors. However, Clients from windows were unable to access the shares. #getent passwd [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(36) === [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 4746 (3.0.20-0.1-SUSE) Please read the appendix Bugs of the Samba HOWTO collection [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(39) === [2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1548) PANIC: internal error [2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1556) BACKTRACE: 13 stack frames: #0 /usr/sbin/winbindd(smb_panic2+0x1ed) [0x80e2128] #1 /usr/sbin/winbindd(smb_panic+0x25) [0x80e1f35] #2 /usr/sbin/winbindd [0x80cc967] #3 /usr/sbin/winbindd [0x80cc9dd] #4 [0xe420] #5 /usr/sbin/winbindd(winbindd_getpwent+0x1df) [0x8076253] #6 /usr/sbin/winbindd [0x8072e9b] #7 /usr/sbin/winbindd [0x80736af] #8 /usr/sbin/winbindd [0x8073182] #9 /usr/sbin/winbindd [0x8073c9b] #10 /usr/sbin/winbindd(main+0x5de) [0x80745c5] Any spot lights will be very gratefully followed.. My smb.conf and krb5.conf are herein pasted. ---Smb.conf--- [global] workgroup = HUNGER realm = HUNGERFORD.KOL netbios name = susles9aa encrypt passwords = Yes security = ads winbind uid = 1-3 winbind gid = 1-2 winbind enum users = yes winbind enum users = yes winbind cache time = 10 winbind use default domain = yes winbind enable local accounts = no nt acl support = yes password server = * log file = /home/samba/log/log.%m log level = 1 template shell = /bin/bash template homedir = /home/%D/%U [C] valid users = @Domain Admins, Administrator admin users = @Domain Admins, Administrator comment = Top Level Share path = /DATA read only = no browsable = yes ---krb5.conf--- [libdefaults] default_realm = HUNGERFORD.KOL [realms] HUNGERFORD.KOL = { kdc = URVASHI:88 } [domain_realms] .hungerford.kol = HUNGERFORD.KOL regards Sanjay Upadhyay -- Sanjay Upadhyay http://saneax.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba