[Samba] Samba 3.0.20 Windows 2008

[white list]

Hello, You ALL,
has anybody gotten Samba to work with Windows 2008? do I need to enable any
features in Windows 2008? I had read the official  unofficial howto and not
luck getting samba to work with Windows 2008.

FreeBSD 7.0
Windows Longhorn Server Enterprise 2008

Thanks,
-Augustin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] full_audit on Samba 3.0.20 vs 3.0.25

[Volker Lendecke]

On Thu, Aug 09, 2007 at 11:34:29AM -0400, Ryan Steele wrote:
  On the 3.0.20 box, they seem to be ignored, which causes the logs to
  fill up very quickly.  I appreciate any light that can be shed on this
  situation.  Thanks in advance!


The all/none flags were added with r13028,
tags/release-3.0.20 was created with r9403. So none was
added after 3.0.20. I think you have to upgrade.

Volker


pgp66HhsErHk5.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] full_audit on Samba 3.0.20 vs 3.0.25

[Ryan Steele]

Volker Lendecke wrote:
 On Fri, Aug 03, 2007 at 04:20:20PM -0400, Ryan Steele wrote:
   
 Just a quick question for you: Does Samba 3.0.20 support the full_audit
 module? I've got the module operating on two boxes, one with Samba
 

 The full audit module was added around 3.0.4.

   
 3.0.25 and the other with 3.0.20, and only the former seems to interpret
 VFS directives, such as:

 full_audit:prefix = %u
 full_audit:failure = none
 full_audit:success = open write close

 On the 3.0.20 box, they seem to be ignored, which causes the logs to
 fill up very quickly.  I appreciate any light that can be shed on this
 situation.  Thanks in advance!
 

 Not sure what this is, I think the full smb.conf would be
 necessary here.

 Volker
   
Volker and list,

Here's the smb.conf, followed by an example log entry - I'd appreciate
any insight as to why it still logs the failures (and lots of them!) 
Thanks!

[global]
   workgroup = SOMEGROUP
   server string = %h server (SOMESERVER)
   wins support = yes
   dns proxy = yes
   name resolve order = wins lmhosts host bcast
   smb ports = 139
   log file = /var/log/samba/log.%m
   max log size = 100
   log level = 0 vfs:2
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = user

   encrypt passwords = true
   passdb backend = ldapsam:ldap://127.0.0.1/
   obey pam restrictions = no
   ldap admin dn = cn=admin,dc=somedomain,dc=com
   ldap suffix = dc=somedomain,dc=com
   ldap group suffix = ou=Groups
   ldapuser suffix = ou=People
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=People
   ldap passwd sync = Yes
   passwd program = /usr/sbin/smbldap-passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
   add user script = /usr/sbin/smbldap-useradd -m %u
   ldap delete dn = Yes
   delete user script = /usr/sbin/smbldap-userdel %u
   add machine script = /usr/sbin/smbldap-useradd -w %u
   add group script = /usr/sbin/smbldap-groupadd -p %g
   delete group script = /usr/sbin/smbldap-groupdel %g
   add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
   delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
   set primary group script = /usr/sbin/smbldap-usermod -g %g %u
   invalid users = root
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0700
   directory mask = 0700
[printers]
   comment = All Printers
   browseable = no
   path = /tmp
   printable = yes
   public = no
   writable = no
   create mode = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
[Shared Files]
vfs objects = full_audit
full_audit:prefix = %u
full_audit:failure = none
full_audit:success = write
comment = SOMESERVER's Files
path = /home/sharedfiles
browseable = yes
writable = yes
oplocks = No
level 2 oplocks = No
directory mask = 0775
create mask = 0664




Here's the log entry:
Aug  9 11:04:52 servername smbd_audit: username|sys_acl_get_file|fail
(Operation not supported)|/path/to/file


-- 
Ryan Steele
Systems Administrator   [EMAIL PROTECTED]
AgoraNet, Inc.  (302) 224-2475
314 E. Main Street, Suite 1 (302) 224-2552 (fax)
Newark, DE 19711http://www.agora-net.com

GPG Signature:http://www.agora-net.com/~steele/signature.asc

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] full_audit on Samba 3.0.20 vs 3.0.25

[Volker Lendecke]

On Fri, Aug 03, 2007 at 04:20:20PM -0400, Ryan Steele wrote:
 Just a quick question for you: Does Samba 3.0.20 support the full_audit
 module? I've got the module operating on two boxes, one with Samba

The full audit module was added around 3.0.4.

 3.0.25 and the other with 3.0.20, and only the former seems to interpret
 VFS directives, such as:
 
 full_audit:prefix = %u
 full_audit:failure = none
 full_audit:success = open write close
 
 On the 3.0.20 box, they seem to be ignored, which causes the logs to
 fill up very quickly.  I appreciate any light that can be shed on this
 situation.  Thanks in advance!

Not sure what this is, I think the full smb.conf would be
necessary here.

Volker


pgpOvkrWRjcYs.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

david rankin wrote:
   Any headway on incorporating the patches into a 3.0.23c release that
 will help all of us that are running stand-along, no-winbind, simple
 smbpasswd setups?? I was never able to get the patches to apply properly
 and my manual compile messed up my ability to print with cups. (yes I
 compiled with --enable-cups) I have dropped back to the 3.0.20-SuSE rpms
 and it is working, but I would like to help get 3.0.23b fixed. Any word??

Early next week ?  Linuxworld has been going on at San Francisco
so that has eaten some time.






jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFE5UqxIR7qMdg1EfYRAif0AKDvZlujYsARkZTcKES5Aao39V4fJwCfbY9t
LN0pvExJi9+c+a0zBMOcQkM=
=bTO/
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Michael Gasch]

I've got a long mail that explains we made this change
and we had a hard time with 3.0.23.  I'll try to send
it out next week.

that's very good news!
i was about to ask the list about these changes because they horribly 
confused me :)


thx!
micha
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Franz Sirl]

Gerald (Jerry) Carter schrieb:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Franz Sirl wrote:

the patch fixes the valid users problem for me. Or, 
to come back to the list of different syntaxes,

these work:

   valid users = +users
   valid users = S-1-5-21-1540046517-542637695-1028676802-1201

These didn't work:

   valid users = +Unix Group\users
   valid users = +HOSTNAME\users
   valid users = +BUILTIN\users
   valid users = S-1-22-2-100


Please test the patch.  Supersedes the previous one.
Also available from http://www.samba.org/~jerry/patches/
It's semi-ok that syntax you list doesn't work.  You
should really only worry about +users for local group names.


Hi Jerry,

v2 of the patch still works fine, but the list of working syntaxes 
changed. These work:


valid users = +users
valid users = +Unix Group\users
valid users = S-1-22-2-100

These didn't work:

valid users = +HOSTNAME\users
valid users = +BUILTIN\users
valid users = S-1-5-21-1540046517-542637695-1028676802-1201

And it's not that I expect all of these to work, it's more that I tried 
about any combo that I saw in the logs :-). Though I believe that the 
+Unix Group\users is nice to have in case I switch to PDC, cause 
personally I like to be explicit in configuration files.


Thanks,
Franz.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Franz Sirl wrote:

 v2 of the patch still works fine, but the list 
 of working syntaxes changed. These work:
 
 valid users = +users
 valid users = +Unix Group\users
 valid users = S-1-22-2-100
 
 These didn't work:
 
 valid users = +HOSTNAME\users
 valid users = +BUILTIN\users
 valid users = S-1-5-21-1540046517-542637695-1028676802-1201

This is to be expected.  All unmapped users will
possess a SID in the S-1-22-1 domain and all unmapped
groups will be in the S-1-22-2 domain.

HOSTNAME\users would work for a mapped group.
BUILTIN\users would work if you have local builtin group
  called users (e.g. net sam createbuiltin Users)

 And it's not that I expect all of these to work, it's 
 more that I tried about any combo that I saw in the
 logs :-). Though I believe that the +Unix Group\users
 is nice to have in case I switch to PDC, cause
 personally I like to be explicit in configuration files.

There problem is that if you create a group map entry
for HOSTNAME\users, unix Group\users will resolve to
a different SID and hence anyone actually in the users
group from /etc/group will have the HOSTNAME\users SID in
their token.

At this time we are *not* recommending that anyone qualify
names with HOSTNAME or Unix XXX.  Samba will handle
the steps necessary to resolve the name, giving precedence
to mapped users and groups over unmapped ones.  You only
have to qualify domain names and groups in the BUILTIN domain.

I've got a long mail that explains we made this change
and we had a hard time with 3.0.23.  I'll try to send
it out next week.







cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE3iKpIR7qMdg1EfYRAtvGAKCCdblzwxS5qv2iL4Dplt9HTEwq6QCgsm6l
jVl0lWeAB0JQtsUreRW0xzs=
=63O3
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Franz Sirl]

At 00:44 11.08.2006, Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

david,

HELP! On mandriva, I compiled samba from source
 and got it running, but I cannot connect from windows.
 (see my post from earlier [Samba] Compiling and
 Configuring Samba for Mandrival)

 [EMAIL PROTECTED]:~ smbclient //bonza/office
 Password:
 Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b]
 tree connect failed: NT_STATUS_ACCESS_DENIED
...
I have attached a level 10 debug if that will help.
 This is a standalone server.

Attachments get stripped from the list.  I need
your smb.conf, a level 10 debug log from smbd,
and output from the following tow commands

* pdbedit -L -w | cut -d: -f1
* net groupmap list | cut -d\( -f1


Hi,

I have the same problem with a simple security = user, non-LDAP, 
non-windbindd etc. setup. I can workaround this for 
gid=100/groupname=users with:


   valid users = S-1-5-21-1540046517-542637695-1028676802-1201

My net getlocalsid:
 SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802

These didn't work:

   valid users = +users
   valid users = +HOSTNAME\users
   valid users = +BUILTIN\users
   valid users = +Unix Group\users
   valid users = S-1-22-2-100

This seems also to be related on which versions of samba were working 
before on a machine (seems to depend on the contents of the .tdb), 
but so far I could always reproduce it when I delete most of the 
.tdb's except printer related and secrets.tdb.
Maybe some net groupmap statements are now necessary for simple 
setups as well?


bye,
Franz.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Franz Sirl wrote:

 I have the same problem with a simple security = user, 
 non-LDAP, non-windbindd etc. setup. I can workaround
 this for gid=100/groupname=users with:
 
valid users = S-1-5-21-1540046517-542637695-1028676802-1201
 
 My net getlocalsid:
  SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802
 
 These didn't work:
 
valid users = +users
valid users = +HOSTNAME\users
valid users = +BUILTIN\users
valid users = +Unix Group\users
valid users = S-1-22-2-100

ok.  Found the problem.  It's smbpasswd.  If you use tdbsam
everything is fine.  Patch forthcoming shortly.  Sorry.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE3H5VIR7qMdg1EfYRAlqTAJ0ZcnKBwL4cTSqjcjq5rHpITHoG7ACg633E
fiP3Ihqaeu+zHUfltU8CbJE=
=YTCJ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Lamar.Saxon]

I had the same problem on AIX with Samba 3.0.23b upgrading Samba
3.0.23a.  The solution I found was to change all valid users to
users.  The documents still say valid users is acceptable; but it
would not work once I went to 3.0.23b.

Lamar

-Original Message-
From: Franz Sirl [mailto:[EMAIL PROTECTED]
Sent: Friday, August 11, 2006 4:20 AM
To: Gerald (Jerry) Carter
Cc: samba
Subject: Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

At 00:44 11.08.2006, Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

david,

 HELP! On mandriva, I compiled samba from source
  and got it running, but I cannot connect from windows.
  (see my post from earlier [Samba] Compiling and
  Configuring Samba for Mandrival)

  [EMAIL PROTECTED]:~ smbclient //bonza/office
  Password:
  Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b]
  tree connect failed: NT_STATUS_ACCESS_DENIED
...
 I have attached a level 10 debug if that will help.
  This is a standalone server.

Attachments get stripped from the list.  I need
your smb.conf, a level 10 debug log from smbd,
and output from the following tow commands

* pdbedit -L -w | cut -d: -f1
* net groupmap list | cut -d\( -f1

Hi,

I have the same problem with a simple security = user, non-LDAP,
non-windbindd etc. setup. I can workaround this for
gid=100/groupname=users with:

valid users = S-1-5-21-1540046517-542637695-1028676802-1201

My net getlocalsid:
  SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802

These didn't work:

valid users = +users
valid users = +HOSTNAME\users
valid users = +BUILTIN\users
valid users = +Unix Group\users
valid users = S-1-22-2-100

This seems also to be related on which versions of samba were working
before on a machine (seems to depend on the contents of the .tdb),
but so far I could always reproduce it when I delete most of the
.tdb's except printer related and secrets.tdb.
Maybe some net groupmap statements are now necessary for simple
setups as well?

bye,
Franz.




Privileged and Confidential.  This e-mail, and any attachments there to, is 
intended only for use by the addressee(s) named herein and may contain 
privileged or confidential information.  If you have received this e-mail in 
error, please notify me immediately by a return e-mail and delete this e-mail.  
You are hereby notified that any dissemination, distribution or copying of this 
e-mail and/or any attachments thereto, is strictly prohibited.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Rankin wrote:
 From: Gerald (Jerry) Carter [EMAIL PROTECTED]

 ok.  Found the problem.  It's smbpasswd.  If you use tdbsam
 everything is fine.  Patch forthcoming shortly.  Sorry.

 
 Aahah!
 
 I knew the coffee would help ; - )

Hey folks,

Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch).
It passes very basic testing for standalone servers
using smbpasswd.  And still has some discussion
to go through before it will go into the tree for
3.0.23c.

Also available at http://www.samba.org/~jerry/patches/
if the attachment gets messed up.



cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE3J18IR7qMdg1EfYRAjK4AJ9bRS+cXFU0L3nMm9g+Hi+ExeXNxgCfb2/x
Omcesq0DAeSWNOv0SGj5q6I=
=LfCs
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gerald (Jerry) Carter wrote:

 Hey folks,
 
 Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch).

Once more with feeling (and the attachment)




jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE3J3XIR7qMdg1EfYRAr/7AKDdjS+QHraNnUoT5pG/viQsFwcRbgCeNuBy
H0ug4P2fgBPHZYDG3dgh9WI=
=XCBZ
-END PGP SIGNATURE-
diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes 
samba-3.0.23b/source/auth/auth_util.c 
samba-3.0.23b-patched/source/auth/auth_util.c
--- samba-3.0.23b/source/auth/auth_util.c   2006-08-07 11:46:33.0 
-0500
+++ samba-3.0.23b-patched/source/auth/auth_util.c   2006-08-11 
10:03:44.0 -0500
@@ -1052,9 +1052,8 @@
return NT_STATUS_NO_MEMORY;
}
 
-   if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL,
-NULL, NULL, user_sid, type)) {
-   DEBUG(1, (lookup_name_smbconf for %s failed\n, username));
+   if (!lookup_user_smbconf(tmp_ctx, username, user_sid, type)) {
+   DEBUG(1, (lookup_user_smbconf(%s) failed\n, username));
goto done;
}
 
diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes 
samba-3.0.23b/source/include/smb.h samba-3.0.23b-patched/source/include/smb.h
--- samba-3.0.23b/source/include/smb.h  2006-07-10 11:27:52.0 -0500
+++ samba-3.0.23b-patched/source/include/smb.h  2006-08-11 10:03:44.0 
-0500
@@ -272,7 +272,7 @@
 #define LOOKUP_NAME_REMOTE   2  /* Ask others */
 #define LOOKUP_NAME_ALL (LOOKUP_NAME_ISOLATED|LOOKUP_NAME_REMOTE)
 
-#define LOOKUP_NAME_GROUP4  /* This is a NASTY hack for valid users = @foo
+#define LOOKUP_NAME_GROUP4  /* (unused) This is a NASTY hack for valid 
users = @foo
 * where foo also exists in as user. */
 
 /**
diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes 
samba-3.0.23b/source/passdb/lookup_sid.c 
samba-3.0.23b-patched/source/passdb/lookup_sid.c
--- samba-3.0.23b/source/passdb/lookup_sid.c2006-08-07 11:46:33.0 
-0500
+++ samba-3.0.23b-patched/source/passdb/lookup_sid.c2006-08-11 
10:03:44.0 -0500
@@ -120,63 +120,6 @@
goto failed;
}
 
-   /*
-* Nasty hack necessary for too common scenarios:
-*
-* For 'valid users = +users' we know users is most probably not
-* BUILTIN\users but the unix group users. This hack requires the
-* admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
-*
-* Please note that LOOKUP_NAME_GROUP can not be requested via for
-* example lsa_lookupnames, it only comes into this routine via
-* the expansion of group names coming in from smb.conf
-*/
-
-   if ((flags  LOOKUP_NAME_GROUP)  ((grp = getgrnam(name)) != NULL)) {
-
-   GROUP_MAP map;
-
-   if (pdb_getgrgid(map, grp-gr_gid)) {
-   /* The hack gets worse. Handle the case where we have
-* 'force group = +unixgroup' but unixgroup has a
-* group mapping */
-
-   if (sid_check_is_in_builtin(map.sid)) {
-   domain = talloc_strdup(
-   tmp_ctx, builtin_domain_name());
-   } else {
-   domain = talloc_strdup(
-   tmp_ctx, get_global_sam_name());
-   }
-
-   sid_copy(sid, map.sid);
-   type = map.sid_name_use;
-   goto ok;
-   }
-
-   /* If we are using the smbpasswd backend, we need to use the
-* algorithmic mapping for the unix group we find. This is
-* necessary because when creating the NT token from the unix
-* gid list we got from initgroups() we use gid_to_sid() that
-* uses algorithmic mapping if pdb_rid_algorithm() is true. */
-
-   if (pdb_rid_algorithm() 
-   (grp-gr_gid  max_algorithmic_gid())) {
-   domain = talloc_strdup(tmp_ctx, get_global_sam_name());
-   sid_compose(sid, get_global_sam_sid(),
-   pdb_gid_to_group_rid(grp-gr_gid));
-   type = SID_NAME_DOM_GRP;
-   goto ok;
-   }
-   
-   if (lookup_unix_group_name(name, sid)) {
-   domain = talloc_strdup(tmp_ctx,
-

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Franz Sirl]

At 17:08 11.08.2006, Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Rankin wrote:
 From: Gerald (Jerry) Carter [EMAIL PROTECTED]

 ok.  Found the problem.  It's smbpasswd.  If you use tdbsam
 everything is fine.  Patch forthcoming shortly.  Sorry.


 Aahah!

 I knew the coffee would help ; - )

Hey folks,

Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch).
It passes very basic testing for standalone servers
using smbpasswd.  And still has some discussion
to go through before it will go into the tree for
3.0.23c.

Also available at http://www.samba.org/~jerry/patches/
if the attachment gets messed up.


Hi Jerry,

the patch fixes the valid users problem for me. Or, to come back to 
the list of different syntaxes, these work:


   valid users = +users
   valid users = S-1-5-21-1540046517-542637695-1028676802-1201

These didn't work:

   valid users = +Unix Group\users
   valid users = +HOSTNAME\users
   valid users = +BUILTIN\users
   valid users = S-1-22-2-100

Thanks for the patch!

On a side note, 3.0.23 series fixed the long delay/hang when 
accessing a samba share in explorer after a long pause nuisance for 
me, thanks for this as well!


bye,
Franz.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Franz Sirl wrote:

 the patch fixes the valid users problem for me. Or, to 
 come back to the list of different syntaxes, these work:
 
valid users = +users
valid users = S-1-5-21-1540046517-542637695-1028676802-1201
 
 These didn't work:
 
valid users = +Unix Group\users
valid users = +HOSTNAME\users
valid users = +BUILTIN\users
valid users = S-1-22-2-100
 
 Thanks for the patch!

I understand why now these don't work now.  Second round of
patches on the way.

 On a side note, 3.0.23 series fixed the long delay/hang 
 when accessing a samba share in explorer after a long
 pause nuisance for me, thanks for this as well!

Good news :-)  Thanks.




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE3M4BIR7qMdg1EfYRAks4AJ9V0AWVUzuGwmGaPsWVo8QjIGTXJQCeLu+D
51IPyqOeK1dQIkUJqTVIf4k=
=IhPQ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Franz Sirl wrote:

 the patch fixes the valid users problem for me. Or, 
 to come back to the list of different syntaxes,
 these work:
 
valid users = +users
valid users = S-1-5-21-1540046517-542637695-1028676802-1201
 
 These didn't work:
 
valid users = +Unix Group\users
valid users = +HOSTNAME\users
valid users = +BUILTIN\users
valid users = S-1-22-2-100

Please test the patch.  Supersedes the previous one.
Also available from http://www.samba.org/~jerry/patches/
It's semi-ok that syntax you list doesn't work.  You
should really only worry about +users for local group names.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE3NHbIR7qMdg1EfYRAj3nAJ4wtGGV5gZdfPex6VoqV0oR56U5jQCfenpt
nngKKBmiJcVOXVi60MoQk4w=
=e+/6
-END PGP SIGNATURE-
Index: groupdb/mapping.c
===
--- groupdb/mapping.c   (revision 17493)
+++ groupdb/mapping.c   (working copy)
@@ -195,7 +195,7 @@
fstrcpy(map.nt_name, grpname);
 
if (pdb_rid_algorithm()) {
-   rid = pdb_gid_to_group_rid( grp-gr_gid );
+   rid = algorithmic_pdb_gid_to_group_rid( grp-gr_gid );
} else {
if (!pdb_new_rid(rid)) {
DEBUG(3, (Could not get a new RID for %s\n,
Index: passdb/util_unixsids.c
===
--- passdb/util_unixsids.c  (revision 17493)
+++ passdb/util_unixsids.c  (working copy)
@@ -42,6 +42,12 @@
return sid_append_rid(sid, uid);
 }
 
+BOOL uid_to_unix_groups_sid(gid_t gid, DOM_SID *sid)
+{
+   sid_copy(sid, global_sid_Unix_Groups);
+   return sid_append_rid(sid, gid);
+}
+
 const char *unix_users_domain_name(void)
 {
return Unix User;
Index: passdb/lookup_sid.c
===
--- passdb/lookup_sid.c (revision 17493)
+++ passdb/lookup_sid.c (working copy)
@@ -43,7 +43,6 @@
DOM_SID sid;
enum SID_NAME_USE type;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
-   struct group *grp;
 
if (tmp_ctx == NULL) {
DEBUG(0, (talloc_new failed\n));
@@ -120,63 +119,6 @@
goto failed;
}
 
-   /*
-* Nasty hack necessary for too common scenarios:
-*
-* For 'valid users = +users' we know users is most probably not
-* BUILTIN\users but the unix group users. This hack requires the
-* admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
-*
-* Please note that LOOKUP_NAME_GROUP can not be requested via for
-* example lsa_lookupnames, it only comes into this routine via
-* the expansion of group names coming in from smb.conf
-*/
-
-   if ((flags  LOOKUP_NAME_GROUP)  ((grp = getgrnam(name)) != NULL)) {
-
-   GROUP_MAP map;
-
-   if (pdb_getgrgid(map, grp-gr_gid)) {
-   /* The hack gets worse. Handle the case where we have
-* 'force group = +unixgroup' but unixgroup has a
-* group mapping */
-
-   if (sid_check_is_in_builtin(map.sid)) {
-   domain = talloc_strdup(
-   tmp_ctx, builtin_domain_name());
-   } else {
-   domain = talloc_strdup(
-   tmp_ctx, get_global_sam_name());
-   }
-
-   sid_copy(sid, map.sid);
-   type = map.sid_name_use;
-   goto ok;
-   }
-
-   /* If we are using the smbpasswd backend, we need to use the
-* algorithmic mapping for the unix group we find. This is
-* necessary because when creating the NT token from the unix
-* gid list we got from initgroups() we use gid_to_sid() that
-* uses algorithmic mapping if pdb_rid_algorithm() is true. */
-
-   if (pdb_rid_algorithm() 
-   (grp-gr_gid  max_algorithmic_gid())) {
-   domain = talloc_strdup(tmp_ctx, get_global_sam_name());
-   sid_compose(sid, get_global_sam_sid(),
-   pdb_gid_to_group_rid(grp-gr_gid));
-   type = SID_NAME_DOM_GRP;
-   goto ok;
-   }
-   
-   if (lookup_unix_group_name(name, 

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[david rankin]

From: Gerald (Jerry) Carter [EMAIL PROTECTED]

Please test the patch.  Supersedes the previous one.
Also available from http://www.samba.org/~jerry/patches/
It's semi-ok that syntax you list doesn't work.  You
should really only worry about +users for local group names.





OK, Help, what am I doing wrong with the patch?? How do is get the patch 
installed? Here is what I did that didn't work.


[EMAIL PROTECTED] src]# ll
total 36072
drwxr-xr-x  9 david david 4096 Jul 21 11:26 samba-3.0.23a/
-rw-rw-r--  1 david david 17683518 Jul 21 11:30 samba-3.0.23a.tar.gz
drwxr-xr-x  9 david david 4096 Aug 11 15:08 samba-3.0.23b/
-rwxr--r--  1 david david11033 Aug 11 12:11 
samba-3.0.23b-lookup_name_smbconf_v1.patch*

-rw-r--r--  1 root  root  17686227 Aug  8 07:50 samba-3.0.23b.tar.gz

[EMAIL PROTECTED] src]# patch -p0  samba-3.0.23b-lookup_name_smbconf_v1.patch
patching file samba-3.0.23b/source/auth/auth_util.c
Hunk #1 FAILED at 1052.
1 out of 1 hunk FAILED -- saving rejects to file 
samba-3.0.23b/source/auth/auth_util.c.rej

patching file samba-3.0.23b/source/include/smb.h
Hunk #1 FAILED at 272.
1 out of 1 hunk FAILED -- saving rejects to file 
samba-3.0.23b/source/include/smb.h.rej

patching file samba-3.0.23b/source/passdb/lookup_sid.c
Hunk #1 FAILED at 120.
Hunk #2 FAILED at 300.
2 out of 2 hunks FAILED -- saving rejects to file 
samba-3.0.23b/source/passdb/lookup_sid.c.rej

patching file samba-3.0.23b/source/passdb/pdb_interface.c
Hunk #1 FAILED at 1532.
1 out of 1 hunk FAILED -- saving rejects to file 
samba-3.0.23b/source/passdb/pdb_interface.c.rej

patching file samba-3.0.23b/source/smbd/service.c
Hunk #1 FAILED at 443.
1 out of 1 hunk FAILED -- saving rejects to file 
samba-3.0.23b/source/smbd/service.c.rej

patching file samba-3.0.23b/source/smbd/share_access.c
Hunk #1 FAILED at 94.
Hunk #2 FAILED at 108.
2 out of 2 hunks FAILED -- saving rejects to file 
samba-3.0.23b/source/smbd/share_access.c.rej


   I know this is basic, but I haven't done it before and 'man patch' is 
not that helpful.


--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

david rankin wrote:

 OK, Help, what am I doing wrong with the patch?? How do is 
 get the patch installed? Here is what I did that didn't work.
 
 [EMAIL PROTECTED] src]# ll
 total 36072
 drwxr-xr-x  9 david david 4096 Jul 21 11:26 samba-3.0.23a/
 -rw-rw-r--  1 david david 17683518 Jul 21 11:30 samba-3.0.23a.tar.gz
 drwxr-xr-x  9 david david 4096 Aug 11 15:08 samba-3.0.23b/
 -rwxr--r--  1 david david11033 Aug 11 12:11
 samba-3.0.23b-lookup_name_smbconf_v1.patch*
 -rw-r--r--  1 root  root  17686227 Aug  8 07:50 samba-3.0.23b.tar.gz

run the following commands

$ wget \
http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2.patch
$ tar zxvf samba-3.0.23b.tar.gz
$ cd samba-3.0.23b
$ patch -p1  ../samba-3.0.23b-lookup_name_smbconf_v1.patch
$ cd source
$ make proto
$ make






cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE3On1IR7qMdg1EfYRAs4OAKDHBqGBULjGY+FgcumMniQfDQpBRwCfaOKq
UHEnR8Nz3CACkxbGsPkotOc=
=HJuv
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[david rankin]

From: Gerald (Jerry) Carter [EMAIL PROTECTED]
david rankin wrote:


OK, Help, what am I doing wrong with the patch?? How do is
get the patch installed? Here is what I did that didn't work.



run the following commands

$ wget \
http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2.patch
$ tar zxvf samba-3.0.23b.tar.gz
$ cd samba-3.0.23b


All done, that's how I compiled it from source the first time.


$ patch -p1  ../samba-3.0.23b-lookup_name_smbconf_v1.patch
$ cd source
$ make proto
$ make



I must be having a really really bad day

[EMAIL PROTECTED] samba-3.0.23b]# patch -p1  
../samba-3.0.23b-lookup_name_smbconf_v1.patch

patching file source/auth/auth_util.c
Hunk #1 FAILED at 1052.
1 out of 1 hunk FAILED -- saving rejects to file source/auth/auth_util.c.rej
patching file source/include/smb.h
Hunk #1 FAILED at 272.
1 out of 1 hunk FAILED -- saving rejects to file source/include/smb.h.rej
patching file source/passdb/lookup_sid.c
Hunk #1 FAILED at 120.
Hunk #2 FAILED at 300.
2 out of 2 hunks FAILED -- saving rejects to file 
source/passdb/lookup_sid.c.rej

patching file source/passdb/pdb_interface.c
Hunk #1 FAILED at 1532.
1 out of 1 hunk FAILED -- saving rejects to file 
source/passdb/pdb_interface.c.rej

patching file source/smbd/service.c
Hunk #1 FAILED at 443.
1 out of 1 hunk FAILED -- saving rejects to file source/smbd/service.c.rej
patching file source/smbd/share_access.c
Hunk #1 FAILED at 94.
Hunk #2 FAILED at 108.
2 out of 2 hunks FAILED -- saving rejects to file 
source/smbd/share_access.c.rej


Go Figure???

--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

david rankin wrote:

 [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 
 ../samba-3.0.23b-lookup_name_smbconf_v1.patch
 patching file source/auth/auth_util.c
 Hunk #1 FAILED at 1052.
 1 out of 1 hunk FAILED -- saving rejects to file

No idea.  I double checked the patch to make
sure it applies cleanly.



jerry6

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE3P1SIR7qMdg1EfYRAuSqAKCbPOl9kpvZQp7l9QBHKmRwAk/sTwCgzrHX
yaRNb4QimA/JAxbNpI5Ayfc=
=vkbr
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Andreas Hasenack]

On Friday 11 August 2006 18:04, david rankin wrote:
 From: Gerald (Jerry) Carter [EMAIL PROTECTED]
 
  david rankin wrote:
  OK, Help, what am I doing wrong with the patch?? How do is
  get the patch installed? Here is what I did that didn't work.
 
  run the following commands
 
  $ wget \
  http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2.
 patch $ tar zxvf samba-3.0.23b.tar.gz
  $ cd samba-3.0.23b

 All done, that's how I compiled it from source the first time.

  $ patch -p1  ../samba-3.0.23b-lookup_name_smbconf_v1.patch
  $ cd source
  $ make proto
  $ make

 I must be having a really really bad day

 [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 
 ../samba-3.0.23b-lookup_name_smbconf_v1.patch

Notice you are still using v1: the patch ends in v2
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[david rankin]

Gerry, all:

   HELP! On mandriva, I compiled samba from source and got it running, but 
I cannot connect from windows. (see my post from earlier [Samba] Compiling 
and Configuring Samba for Mandrival)


   I think this relates to the group/SID changes discussed in the release 
notes. However, I'm not smart enough to figure it out. The tarball compiled 
and installed fine. It appears to run fine, it just wont take the 
lookup_name: Unix Group\ochiltree = Unix Group (domain), ochiltree (name) 
handshake for some reason. The samba tests work fine until:


querying __SAMBA__ on 192.168.7.15
192.168.7.15 __SAMBA__00
[EMAIL PROTECTED]:~ nmblookup -B rankin-p35 '*'
querying * on 192.168.7.98
name_query failed to find name *

[EMAIL PROTECTED]:~ nmblookup -d 2 '*'
added interface ip=192.168.7.90 bcast=192.168.7.255 nmask=255.255.255.0
querying * on 192.168.7.255
Got a positive name query response from 192.168.7.15 ( 192.168.7.15 )
192.168.7.15 *00

[EMAIL PROTECTED]:~ smbclient //bonza/office
Password:
Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b]
tree connect failed: NT_STATUS_ACCESS_DENIED

   I have attached a level 10 debug if that will help. This is a standalone 
server.


   Right now I am running on 3.0.20 after saving myself with a make 
revert Gotta love it...


   What should I do/check/read to find out how to get 3.0.23 to allow my 
clients to connect??? Any help is appreciated..


I think the problems come in at this point:

[2006/08/10 10:11:26, 5] auth/auth.c:check_ntlm_password(296)
 check_ntlm_password:  PAM Account for user [david] succeeded
[2006/08/10 10:11:26, 2] auth/auth.c:check_ntlm_password(309)
 check_ntlm_password:  authentication for user [david] - [david] - 
[david] succeeded

[2006/08/10 10:11:26, 5] auth/auth_util.c:free_user_info(1816)
 attempting to free (and zero) a user_info structure
[2006/08/10 10:11:26, 10] auth/auth_util.c:free_user_info(1820)
 structure was created for david
[2006/08/10 10:11:26, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID 
[S-1-5-21-3406342033-1696486390-100470924-2002]

[2006/08/10 10:11:26, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID 
[S-1-5-21-3406342033-1696486390-100470924-2003]

[2006/08/10 10:11:26, 5] lib/privileges.c:get_privileges_for_sids(459)
 get_privileges_for_sids: sid = S-1-1-0
 Privilege set:
 SE_PRIV  0x0 0x0 0x0 0x0


(snip)



[2006/08/10 10:11:26, 10] passdb/lookup_sid.c:lookup_name(65)
 lookup_name: Unix Group\ochiltree = Unix Group (domain), ochiltree (name)
[2006/08/10 10:11:26, 10] smbd/share_access.c:user_ok_token(208)
 User david not in 'valid users'
[2006/08/10 10:11:26, 2] smbd/service.c:make_connection_snum(571)
 user 'david' (from session setup) not permitted to access this share 
(office)

[2006/08/10 10:11:26, 3] smbd/error.c:error_packet(146)
 error packet at smbd/reply.c(676) cmd=117 (SMBtconX) 
NT_STATUS_ACCESS_DENIED



I am certainly a member of group 'ochiltree', so I'm not sure where to go 
from here. Help?


--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

david,

HELP! On mandriva, I compiled samba from source 
 and got it running, but I cannot connect from windows.
 (see my post from earlier [Samba] Compiling and
 Configuring Samba for Mandrival)

 [EMAIL PROTECTED]:~ smbclient //bonza/office
 Password:
 Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b]
 tree connect failed: NT_STATUS_ACCESS_DENIED
...
I have attached a level 10 debug if that will help. 
 This is a standalone server.

Attachments get stripped from the list.  I need
your smb.conf, a level 10 debug log from smbd,
and output from the following tow commands

* pdbedit -L -w | cut -d: -f1
* net groupmap list | cut -d\( -f1






cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE27a4IR7qMdg1EfYRAu97AKDeKIT8n0t/7Z9gRxzIXMfjjVnz6QCglGzx
G/dFUy92rL2FdHw3eJ0z104=
=wDgQ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[David Rankin]

getsampwent (smbpasswd)
Got deborah from pwnam_cache
pdb_getsampwent
getsmbfilepwent
endsmbfilepwent_internal
david
deborah


nemesis:/home/david/Documents # net groupmap list | cut -d\( -f1
nemesis:/home/david/Documents #



--
David C. Rankin, J.D., P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
www.rankinlawfirm.com
- Original Message - 
From: Gerald (Jerry) Carter [EMAIL PROTECTED]
To: david rankin [EMAIL PROTECTED]
Cc: samba samba@lists.samba.org
Sent: Thursday, August 10, 2006 5:44 PM
Subject: Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.


 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 david,

 HELP! On mandriva, I compiled samba from source
  and got it running, but I cannot connect from windows.
  (see my post from earlier [Samba] Compiling and
  Configuring Samba for Mandrival)

  [EMAIL PROTECTED]:~ smbclient //bonza/office
  Password:
  Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b]
  tree connect failed: NT_STATUS_ACCESS_DENIED
 ...
 I have attached a level 10 debug if that will help.
  This is a standalone server.

 Attachments get stripped from the list.  I need
 your smb.conf, a level 10 debug log from smbd,
 and output from the following tow commands

 * pdbedit -L -w | cut -d: -f1
 * net groupmap list | cut -d\( -f1






 cheers, jerry
 =
 Samba--- http://www.samba.org
 Centeris ---  http://www.centeris.com
 What man is a man who does not make the world better?  --Balian
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.4 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

 iD8DBQFE27a4IR7qMdg1EfYRAu97AKDeKIT8n0t/7Z9gRxzIXMfjjVnz6QCglGzx
 G/dFUy92rL2FdHw3eJ0z104=
 =wDgQ
 -END PGP SIGNATURE-


 -- 
 No virus found in this incoming message.
 Checked by AVG Free Edition.
 Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06





-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[David Rankin]

Oops, I sent log.dcrlaptop, here is the log.smbd:

  0064 mask: 000f01ff
[2006/08/10 18:51:21, 8] rpc_parse/parse_prs.c:prs_debug(84)
  68 smb_io_dom_sid trustee
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615)
  0068 sid_rev_num: 01
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615)
  0069 num_auths  : 02
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615)
  006a id_auth[0] : 00
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615)
  006b id_auth[1] : 00
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615)
  006c id_auth[2] : 00
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615)
  006d id_auth[3] : 00
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615)
  006e id_auth[4] : 00
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint8(615)
  006f id_auth[5] : 05
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint32s(991)
  0070 sub_auths : 0020 0220
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint16(675)
  0062 size : 0018
[2006/08/10 18:51:21, 5] rpc_parse/parse_prs.c:prs_uint16(675)
  0016 size : 0064
[2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_store_values(593)
  regdb_store_values: Looking for value of key
[HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
[2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_close(279)
  regdb_close: decrementing refcount (2)
[2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_open(248)
  regdb_open: incrementing refcount (2)
[2006/08/10 18:51:21, 7] registry/reg_frontend.c:regkey_open_internal(359)
  regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS]
[2006/08/10 18:51:21, 10] registry/reg_cachehook.c:reghook_cache_find(95)
  reghook_cache_find: Searching for keyname
[/HKLM/SYSTEM/CurrentControlSet/Services/WINS]
[2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(341)
  pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS]
[2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(413)
  pathtree_find: Exit
[2006/08/10 18:51:21, 5] registry/reg_frontend.c:registry_access_check(59)
  registry_access_check: using root's token
[2006/08/10 18:51:21, 10] lib/util_seaccess.c:se_access_check(233)
  se_access_check: requested access 0x000f003f, for NT token with 5 entries
and first sid S-1-5-21-3437134916-4280677633-2819608606-1000.
[2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(250)
[2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is
S-1-5-21-3437134916-4280677633-2819608606-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
  se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019,
current desired = f003f
  se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask =
f003f, current desired = d0026
[2006/08/10 18:51:21, 5] lib/util_seaccess.c:se_access_check(308)
  se_access_check: access (f003f) granted.
[2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_store_values(593)
  regdb_store_values: Looking for value of key
[HKLM\SYSTEM\CurrentControlSet\Services\WINS]
[2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_close(279)
  regdb_close: decrementing refcount (2)
[2006/08/10 18:51:21, 10] registry/reg_db.c:regdb_open(248)
  regdb_open: incrementing refcount (2)
[2006/08/10 18:51:21, 7] registry/reg_frontend.c:regkey_open_internal(359)
  regkey_open_internal: name =
[HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
[2006/08/10 18:51:21, 10] registry/reg_cachehook.c:reghook_cache_find(95)
  reghook_cache_find: Searching for keyname
[/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security]
[2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(341)
  pathtree_find: Enter
[/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security]
[2006/08/10 18:51:21, 10] lib/adt_tree.c:pathtree_find(413)
  pathtree_find: Exit
[2006/08/10 18:51:21, 5] registry/reg_frontend.c:registry_access_check(59)
  registry_access_check: using root's token
[2006/08/10 18:51:21, 10] lib/util_seaccess.c:se_access_check(233)
  se_access_check: requested access 0x000f003f, for NT token with 5 entries
and first sid S-1-5-21-3437134916-4280677633-2819608606-1000.
[2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(250)
[2006/08/10 18:51:21, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is
S-1-5-21-3437134916-4280677633-2819608606-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
  se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019,
current desired = f003f
  se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask =
f003f, current desired = d0026

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[David Rankin]

From: Gerald (Jerry) Carter [EMAIL PROTECTED]
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 david,

 HELP! On mandriva, I compiled samba from source
  and got it running, but I cannot connect from windows.
  (see my post from earlier [Samba] Compiling and
  Configuring Samba for Mandrival)

  [EMAIL PROTECTED]:~ smbclient //bonza/office
  Password:
  Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b]
  tree connect failed: NT_STATUS_ACCESS_DENIED
 ...
 I have attached a level 10 debug if that will help.
  This is a standalone server.

 Attachments get stripped from the list.  I need
 your smb.conf, a level 10 debug log from smbd,
 and output from the following tow commands

 * pdbedit -L -w | cut -d: -f1
 * net groupmap list | cut -d\( -f1


Jerry,

There is definately something amiss with 3.0.23b. After I installed the
3.0.23b binaries on SuSE 10 at home, and I could not connect to any share
except my home share. (I had deleted the 3.0.23a binaries before the 3.0.23b
install -- never again...) This was the same problem I saw with 3.0.23b on
mandriva 2005le at work -- that initially started this thread. Anyway, in a
panic, I simple got the 3.0.23a tarball and compiled it as a test on the
SuSE 10 box to see if the problem was really the 3.0.23b release. It was!
This is a problem unique to 3.0.23b. 3.0.23a compiled and installed without
a hitch. Now all my shares are accessable again! I didn't even have to
reboot the windows clients, they just started connecting and playing nicely
with samba again.

I've already sent you my level 10 debug, smb.conf and the output you
requested above from my SuSE 10 box. Let me know if I can send you anything
else to help with this problem. If you need the mandriva info, just let me
know. I can just hear the screams going out across the corporate world as
23b gets installed -- at least on standalone servers.

Both my mandriva and suse systems are presently such that I can install
23b with a simple 'make install' and get back to a working config with 'make
revert' so let me know if you want me to send anything else.

I'm not smart enough to know what the difference between 23a and 23b is
or why it is causing a problem, but I can confirm the problem. I have
installed 23a from rpm and compiled it by hand and it works great. I have
installed 23b from rpm and compiled it by hand and I can only connect to my
home share -- all other shares fail miserably.

Good luck, just put another pot of coffee on. Don't worry, I'm
sure it's just a stray comma, semicolon, typo or typecast somewhere in the
middle of 764,532 lines of source..


--
David C. Rankin, J.D., P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
www.rankinlawfirm.com



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.

[David Rankin]

From: Gerald (Jerry) Carter [EMAIL PROTECTED]

 david,

 HELP! On mandriva, I compiled samba from source
  and got it running, but I cannot connect from windows.
  (see my post from earlier [Samba] Compiling and
  Configuring Samba for Mandrival)

  [EMAIL PROTECTED]:~ smbclient //bonza/office
  Password:
  Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b]
  tree connect failed: NT_STATUS_ACCESS_DENIED
 ...
 I have attached a level 10 debug if that will help.
  This is a standalone server.

 Attachments get stripped from the list.  I need
 your smb.conf, a level 10 debug log from smbd,
 and output from the following tow commands

 * pdbedit -L -w | cut -d: -f1
 * net groupmap list | cut -d\( -f1


Jerry,

I went back and compiled 23a from source on my Mandriva 2005le box at
work. I have now confirmed on the Mandriva box that 23a works great!, 23b
give me the problems described above.

[EMAIL PROTECTED] source]$ smbclient -U% -L localhost
Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23a]

Sharename   Type  Comment
-     ---
office  Disk  Shared Office Files
rankin  Disk  Rankin Law Firm PLLC
allen   Disk  T Stefan Allen
bertin  Disk  Darren Bertin
guilloryDisk  David Guillory
jointcases  Disk  Joint Client Files
lawtoolsDisk  Case Development - Summation
forms   Disk  Shared Forms and Briefs
computerDisk  Computer Drivers and Software
closed  Disk  Closed Case Files
print$  Disk
pdf-gen Printer   PDF Generator (only valid users)
IPC$IPC   IPC Service (Samba Server 3.0.23a)
Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23a]

Server   Comment
----
BONZASamba Server 3.0.23a
CW-DESK  cynthia desktop
DARREN-XPDarren-XP
LISHALisha
RANKIN-P35   P35-S629 Laptop
RECEPTIONDell 2400 2.6 GHz
SECRETARYFront Office
TSA-LAPTOP   stefan laptop

WorkgroupMaster
----
RB_LAW   BONZA

[EMAIL PROTECTED] source]$ smbclient //bonza/rankin
Password:
Domain=[BONZA] OS=[Unix] Server=[Samba 3.0.23a]
smb: \ dir
  .   D0  Thu Aug 10 12:28:31 2006
  ..  D0  Mon Jul 17 16:49:17 2006
  accounting  D0  Thu Aug 10 16:46:30 2006
  clients D0  Tue Aug  8 15:23:00 2006
  investigation   D0  Thu Mar  9 14:53:13 2006
  LLC D0  Thu Feb 16 12:03:40 2006
  office  D0  Tue Jun  6 15:07:08 2006
  pllc.docA 6364  Thu Feb  5 12:02:48 2004
  tbpeD0  Wed Oct 12 12:28:08 2005
  FAA Letter.doc  A38912  Tue Nov  1 19:34:47 2005
  clients_rejectedD0  Fri Mar  3 09:17:06 2006
  clients_potential   D0  Mon Jun 12 10:05:32 2006

54209 blocks of size 2097152. 41776 blocks available

3.0.23b won't let me do this Back for another cup of coffee.

--
David C. Rankin, J.D., P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
www.rankinlawfirm.com



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.10.9/416 - Release Date: 8/10/06

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba 3.0.20 + squid 2.5 : automatic logonwithinternetexplorer

[Rodolphe A.]

I can't found the good, sentence for conf squid.

any idea ?


Rodolphe A. [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 after #net join
 Success in line command.I am searching the good sentence for
squid.confwith,
 or  not with that : --helper-protocol=squid-2.5-ntlmsspan idea ?Rodolphe
 A. [EMAIL PROTECTED] wrote in message
 news:[EMAIL PROTECTED] thanks for answer.
 
  my problem :
 
  after start winbind, i have tested
  #/usr/bin/ntlm_auth PARIS.VISEO.NET --username=root
  NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
  (0xc0da)
 
  the server squid is samba pdc.
 
 
 
 
 
  Robert Schetterer [EMAIL PROTECTED] wrote in message
  news:[EMAIL PROTECTED]
   -BEGIN PGP SIGNED MESSAGE-
   Hash: SHA1
  
   Rodolphe A. schrieb:
hello,
   
samba is setup PDC with ldap
   
client : windows xp pro sp2
server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 +
squidGuard
   
is it possible to create an automatic logon with internet explorer ?
   
perhaps with ntlm_auth, but i can't find the good sentence.
   
   
thanks.
   
   
   
   
   Hi, i ve did right this and i works now perfekt for nearly a year.
   But you have many choises to realize this.
   The setup which will include all possible features with a smb pdc (
with
   ldap )is like this.
   If you use firefox or ie with the automatic search proxy setting
   the search to files like proxy.dat , proxy.pac
   wpad.dat on  a webserver on the gateway of the lokal network, these
   files held the data which where the browser will find the proxy.
   Additional you hav to have entries in you internal
   dns like
   wpad.tcpSRV 0 0 80 wpad
   wpadA   192.168.110.1
   TXT service:
   wpad:!http://intranet.gundk.intern:80/proxy.pac;
   and on the internal dhcp server
   like this
   option wpad code 252 = text;
   option wpad http://192.168.110.1/proxy.pac\n;;
   you can find faqs an doku about this on the squid side.
   I have implemented different groups
   in the win domain like wwwuser , which can join the internet via proxy
,
   and a group filteroveride to join directly www without using
   squidguard ( for admins etc ).
   So you can manage the groups out from usrmgr.
  
   so i have entries like this in squid.conf
  
   # user group which are allowed to access the internet in general
  
   auth_param ntlm program /usr/bin/ntlm_auth
   - --helper-protocol=squid-2.5-ntlmssp
 
 - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001
   auth_param basic program /usr/bin/ntlm_auth
   - --helper-protocol=squid-2.5-basic
 
 - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001
   auth_param basic children 5
  
   #   auth_param ntlm use_ntlm_negotiate on
   #   auth_param ntlm max_challenge_reuses 0
   auth_param ntlm max_challenge_lifetime 15 minutes
  
   auth_param basic realm Squid proxy-caching web server
   auth_param basic credentialsttl 2 hours
   acl user proxy_auth REQUIRED
   http_access allow user
  
   #pam auth agains a system group works here too (nss_ldap), we use it
to
   overide the redirector vor vips
  
   external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g
  wwwdirect
   acl direct external unix_group wwwdirect
   redirector_access deny direct
   always_direct allow direct
   http_access allow direct
  
   as you see i used the sid of the nt groups , cause their names didint
   work, to overide the squidgauard i use a system group which is tha
same
   as a nt group cause there is mapping over nss_ldap
   ( other setups may be better but this works )
  
   the i configured winbind to use the lokal smb pdc ( just join your own
   domain )...im not sure why i did this but i think it was a must with
   squid , squid must run with a user that is able to join the winbind
   socket ( see squid, samba doku )
   After all you need a few iptables rules to forbid bypass the proxy.
  
   note you cant use squid auth with a transparent proxy squid setup!
   But if you dont need auth and the group stuff
   a setup with a squid transparent proxy and iptables is much more easy
to
   implement  automatic filtering ( see squid faqs how to do this ), if
you
   do so you can only manage things with the source ip of the client
   computer  , but not by user name or group auth.
  
   ( dont copy and paste this , read the faqs )
   Best Regards
  
   - --
   Mit freundlichen Gruessen
   Best Regards
   Robert Schetterer
  
   robert_at_schetterer_dot_org
   Munich / Bavaria / Germany
   https://www.schetterer.org
   https://www.schetterer.com/public-gpg-robert-schetterer.key
   -BEGIN PGP SIGNATURE-
   Version: GnuPG v1.4.3 (MingW32)
  
   iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s
   kf/FSvVp4RbIfgdY6pj1Hmw=
   =RYf+
   -END PGP SIGNATURE-
  
   --
   Diese Nachricht wurde auf Viren und andere gefährliche Inhalte

[Samba] Re: samba 3.0.20 + squid 2.5 : automatic logon withinternetexplorer

[xavier]

Hi,

I would like to set up my Squid/proxy with users auth to my Samba/Ldap/PDC

These are two separate servers.

Is there something changed  configuring with what you said before ?
Is there somewhere a good doc. for doing this ?

Thanks a lot

Xavier
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.0.20 + squid 2.5 : automatic logon with internet explorer

[Rodolphe A.]

hello,

samba is setup PDC with ldap

client : windows xp pro sp2
server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard

is it possible to create an automatic logon with internet explorer ?

perhaps with ntlm_auth, but i can't find the good sentence.


thanks.




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.0.20 + squid 2.5 : automatic logon with internet explorer

[Robert Schetterer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rodolphe A. schrieb:
 hello,
 
 samba is setup PDC with ldap
 
 client : windows xp pro sp2
 server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard
 
 is it possible to create an automatic logon with internet explorer ?
 
 perhaps with ntlm_auth, but i can't find the good sentence.
 
 
 thanks.
 
 
 
 
Hi, i ve did right this and i works now perfekt for nearly a year.
But you have many choises to realize this.
The setup which will include all possible features with a smb pdc ( with
ldap )is like this.
If you use firefox or ie with the automatic search proxy setting
the search to files like proxy.dat , proxy.pac
wpad.dat on  a webserver on the gateway of the lokal network, these
files held the data which where the browser will find the proxy.
Additional you hav to have entries in you internal
dns like
wpad.tcpSRV 0 0 80 wpad
wpadA   192.168.110.1
TXT service:
wpad:!http://intranet.gundk.intern:80/proxy.pac;
and on the internal dhcp server
like this
option wpad code 252 = text;
option wpad http://192.168.110.1/proxy.pac\n;;
you can find faqs an doku about this on the squid side.
I have implemented different groups
in the win domain like wwwuser , which can join the internet via proxy ,
and a group filteroveride to join directly www without using
squidguard ( for admins etc ).
So you can manage the groups out from usrmgr.

so i have entries like this in squid.conf

# user group which are allowed to access the internet in general

auth_param ntlm program /usr/bin/ntlm_auth
- --helper-protocol=squid-2.5-ntlmssp
- --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001
auth_param basic program /usr/bin/ntlm_auth
- --helper-protocol=squid-2.5-basic
- --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001
auth_param basic children 5

#   auth_param ntlm use_ntlm_negotiate on
#   auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 15 minutes

auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl user proxy_auth REQUIRED
http_access allow user

#pam auth agains a system group works here too (nss_ldap), we use it to
overide the redirector vor vips

external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g wwwdirect
acl direct external unix_group wwwdirect
redirector_access deny direct
always_direct allow direct
http_access allow direct

as you see i used the sid of the nt groups , cause their names didint
work, to overide the squidgauard i use a system group which is tha same
as a nt group cause there is mapping over nss_ldap
( other setups may be better but this works )

the i configured winbind to use the lokal smb pdc ( just join your own
domain )...im not sure why i did this but i think it was a must with
squid , squid must run with a user that is able to join the winbind
socket ( see squid, samba doku )
After all you need a few iptables rules to forbid bypass the proxy.

note you cant use squid auth with a transparent proxy squid setup!
But if you dont need auth and the group stuff
a setup with a squid transparent proxy and iptables is much more easy to
implement  automatic filtering ( see squid faqs how to do this ), if you
do so you can only manage things with the source ip of the client
computer  , but not by user name or group auth.

( dont copy and paste this , read the faqs )
Best Regards

- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
https://www.schetterer.com/public-gpg-robert-schetterer.key
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s
kf/FSvVp4RbIfgdY6pj1Hmw=
=RYf+
-END PGP SIGNATURE-

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba 3.0.20 + squid 2.5 : automatic logon with internetexplorer

[Rodolphe A.]

thanks for answer.

my problem :

after start winbind, i have tested
#/usr/bin/ntlm_auth PARIS.VISEO.NET --username=root
NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
(0xc0da)

the server squid is samba pdc.





Robert Schetterer [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Rodolphe A. schrieb:
  hello,
 
  samba is setup PDC with ldap
 
  client : windows xp pro sp2
  server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard
 
  is it possible to create an automatic logon with internet explorer ?
 
  perhaps with ntlm_auth, but i can't find the good sentence.
 
 
  thanks.
 
 
 
 
 Hi, i ve did right this and i works now perfekt for nearly a year.
 But you have many choises to realize this.
 The setup which will include all possible features with a smb pdc ( with
 ldap )is like this.
 If you use firefox or ie with the automatic search proxy setting
 the search to files like proxy.dat , proxy.pac
 wpad.dat on  a webserver on the gateway of the lokal network, these
 files held the data which where the browser will find the proxy.
 Additional you hav to have entries in you internal
 dns like
 wpad.tcpSRV 0 0 80 wpad
 wpadA   192.168.110.1
 TXT service:
 wpad:!http://intranet.gundk.intern:80/proxy.pac;
 and on the internal dhcp server
 like this
 option wpad code 252 = text;
 option wpad http://192.168.110.1/proxy.pac\n;;
 you can find faqs an doku about this on the squid side.
 I have implemented different groups
 in the win domain like wwwuser , which can join the internet via proxy ,
 and a group filteroveride to join directly www without using
 squidguard ( for admins etc ).
 So you can manage the groups out from usrmgr.

 so i have entries like this in squid.conf

 # user group which are allowed to access the internet in general

 auth_param ntlm program /usr/bin/ntlm_auth
 - --helper-protocol=squid-2.5-ntlmssp
 - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001
 auth_param basic program /usr/bin/ntlm_auth
 - --helper-protocol=squid-2.5-basic
 - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001
 auth_param basic children 5

 #   auth_param ntlm use_ntlm_negotiate on
 #   auth_param ntlm max_challenge_reuses 0
 auth_param ntlm max_challenge_lifetime 15 minutes

 auth_param basic realm Squid proxy-caching web server
 auth_param basic credentialsttl 2 hours
 acl user proxy_auth REQUIRED
 http_access allow user

 #pam auth agains a system group works here too (nss_ldap), we use it to
 overide the redirector vor vips

 external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g
wwwdirect
 acl direct external unix_group wwwdirect
 redirector_access deny direct
 always_direct allow direct
 http_access allow direct

 as you see i used the sid of the nt groups , cause their names didint
 work, to overide the squidgauard i use a system group which is tha same
 as a nt group cause there is mapping over nss_ldap
 ( other setups may be better but this works )

 the i configured winbind to use the lokal smb pdc ( just join your own
 domain )...im not sure why i did this but i think it was a must with
 squid , squid must run with a user that is able to join the winbind
 socket ( see squid, samba doku )
 After all you need a few iptables rules to forbid bypass the proxy.

 note you cant use squid auth with a transparent proxy squid setup!
 But if you dont need auth and the group stuff
 a setup with a squid transparent proxy and iptables is much more easy to
 implement  automatic filtering ( see squid faqs how to do this ), if you
 do so you can only manage things with the source ip of the client
 computer  , but not by user name or group auth.

 ( dont copy and paste this , read the faqs )
 Best Regards

 - --
 Mit freundlichen Gruessen
 Best Regards
 Robert Schetterer

 robert_at_schetterer_dot_org
 Munich / Bavaria / Germany
 https://www.schetterer.org
 https://www.schetterer.com/public-gpg-robert-schetterer.key
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.3 (MingW32)

 iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s
 kf/FSvVp4RbIfgdY6pj1Hmw=
 =RYf+
 -END PGP SIGNATURE-

 --
 Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
 und ist - aktuelle Virenscanner vorausgesetzt - sauber.









 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.0.20 + squid 2.5

[Rodolphe]

hello,

samba is setup PDC with ldap

client : windows xp pro sp2
server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard

is it possible to create a, automatic logon with internet explorer ?




thanks.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?

[Diego Rivera]

I can confirm that the problem is fixed in 3.0.22.

We tested briefly today in a small maintenance window that presented 
itself out of immediate need, and everything worked as expected.  
However, I have a feeling that 3.0.23rc1 would work even better (i.e. 
warnings about expiring passwords before they're gone, etc).  Still, 
since a stable version addressed the immediate need, I'll wait until 
3.0.23 is released before upgrading yet again.


Thanks for the help tho! :)

Gerald (Jerry) Carter wrote:


On Sun, 28 May 2006, Diego Rivera wrote:

I'll try.  However, I'm currently thinking of trying 3.0.22, which (from
looking at the code) appears to also be fixed in this respect (at least,
it appears to handle expired tokens more smartly).  It'll be easier to
sell a test that one rather than a beta (or RC).

Is there an ETA on the release 3.0.23?


Soon hopefully.  Another few weeks I expect.




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian




signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:

 However, you seem to imply that this is a known 
 bug, with no workaround other than a (potential)
 backport of code from 3.0.23rc1?

A backport would be really intrusive.  It's a fair amount
of code.  Simo's right though.  I'm pretty sure this
is fixed in 3.0.23rc1.  If you could at least test 3.0.23rc1
and make sure it meets your needs it would be appreciated.




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEeZY4IR7qMdg1EfYRAqPrAJ4nShK1hVlk1uG5CXoKIFxLWjUwlQCgj5EU
R6mZhaB4cUQZxWeMwUSKXOI=
=4e3H
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] RE: Samba 3.0.20, pam_winbind broken?

[diego]

Hello all!  I apologize for my previous post, it seems this list doesn't like 
GPG/GPG-MIME signatures.

I'm trying to configure my linux servers to have automatic password changes 
happen when the passwords expire, or the AD's User must change password... 
checkbox is marked.

I can do this fine with pam_krb5, but not with pam_winbind.  I need to use 
pam_winbind instead of pam_krb5 because there's a requirement to use kerberos 
tickets to log on to the servers via SSH, and using pam_krb5 in combination 
with OpenSSH's GSSAPI authentication (required to allow kerberos tickets over 
SSH from Windows) doesn't seem to work (I sort of understand why...).  So, I'm 
forced to use pam_winbind.

So the question is: why isn't pam_winbind forcing a password change on first 
login or password expiry?

I noticed through some experimentation that setting a new password on expiry is 
triggered in the account phase of pam authorization (probably through returning 
PAM_NEW_AUTHTOK_REQD).  I experimented with pam_krb5 - the only time it 
wouldn't work as expected was when it wasn't used as part of the account 
checking phase.

I even tried using nothing but pam_winbind to authorize users (temporarily 
locking out local unix users), and it still wouldn't work.

Can anyone provide any insight?

Thanks

Diego 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?

[simo]

On Fri, 2006-05-26 at 12:22 -0600, [EMAIL PROTECTED] wrote:
 Can anyone provide any insight?

Diego can you test with 3.0.23rc1 ?

There has been a lot of improvements in winbindd lately and I think this
one may have already been fixed.
Thanks,
Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: [EMAIL PROTECTED]
http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?

[diego]

Unfortunately, they're all production servers.  The experimentation I spoke of 
happened on one of those servers, in off hours while maintenance was being 
performed on the other 3 (so I was able to sneak the 4th one in under the 
closed for maintenance umbrella).

However, you seem to imply that this is a known bug, with no workaround other 
than a (potential) backport of code from 3.0.23rc1?


 - Original Message -
 From: simo [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?
 Date: Fri, 26 May 2006 14:28:59 -0400
 
 
 On Fri, 2006-05-26 at 12:22 -0600, [EMAIL PROTECTED] wrote:
  Can anyone provide any insight?
 
 Diego can you test with 3.0.23rc1 ?
 
 There has been a lot of improvements in winbindd lately and I think this
 one may have already been fixed.
 Thanks,
 Simo.
 
 --
 Simo Sorce
 Samba Team GPL Compliance Officer
 email: [EMAIL PROTECTED]
 http://samba.org



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20, pam_winbind broken?

[Diego Rivera]

signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] 3.0.20 usermap script execution

[Montenegro, Michael H (Michael)]

Thanks for your reply Jerry.
After reviewing the code, it seems like samba is sending both the unqualified 
name as well as the fully qualified name to address backwards compatibility.  
Looking at the release notes from 3.0.8, I see that development decided to 
only support reading the fully qualified username for consistency with 
Kerberos. Therefore, user.maps should contain unix login to fully qualified 
user name mappings only.  I believe if the code was changed to only pass the 
fully qualified username to the username map script, it should not affect any 
functionality since the user.map is already being forced to be in the fully 
qualified domain format.

Michael Montenegro

P.S. canonicalize sounds made up. :^)


lib/username.c
/***
 Map a username from a dos name to a unix name by looking in the username
 map. Note that this modifies the name in place.
 This is the main function that should be called *once* on
 any incoming or new username - in order to canonicalize the name.
 This is being done to de-couple the case conversions from the user mapping
 function. Previously, the map_username was being called
 every time Get_Pwnam was called.
 Returns True if username was changed, false otherwise.
/

Samba 3.0.8 release notes:
==
Change in Username Map
==

Previous Samba releases would only support reading the fully qualified 
username (e.g. DOMAIN\user) from the username map when performing a 
kerberos login from a client.  However, when looking up a map 
entry for a user authenticated by NTLM[SSP], only the login name would be
used for matches.  This resulted in inconsistent behavior sometimes
even on the same server.

Samba 3.0.8 obeys the following rules when applying the username
map functionality:

  * When performing local authentication, the username map is 
applied to the login name before attempting to authenticate 
the connection.
  * When relying upon a external domain controller for validating
authentication requests, smbd will apply the username map 
to the fully qualified username (i.e. DOMAIN\user) only
after the user has been successfully authenticated.




 -Original Message-
From:   Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Sent:   Wednesday, January 04, 2006 3:13 PM
To: Montenegro, Michael H (Michael)
Cc: 'samba@lists.samba.org'
Subject:Re: [Samba] 3.0.20 usermap script execution

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Montenegro, Michael H (Michael) wrote:
 I have created a mapusers.bash script (listed below) for 
 mapping Active Directory handles to unix logins.  This
 script is currently working as documented.  I would like
 some insight into how and when this script gets called.  I
 assumed that upon establishing each samba connection, after
 the active directory handle gets authenticated with the domain
 controller it passes the domain\handle to this script to
 determine the unix login to use.  However, it seems to
 execute this script multiple times to establish a connection.
 I have tested this out by clearing the cache using nbtstat
 -R on the client and running smbstatus -u username and
 killing the procids then reconnecting.  Samba consistently
 will pass just the active directory handle without the
 domain first which succeeds because my script will find the
 correct unix login to map to without the domain.  Immediately
 after, Samba will pass the script the domain\handle which will
 also succeed. Why is this?

grep for map_username() in the samba source tree.  Everytime
that function get's called, you script will be called assuming
smbd is trying to map a new name.  Samba has to jump through a
lot of hoops when is comes to usernames which is why it
frequently tries to lookup the unqualified name as well as the
fully qualified version.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
Centeris ---  http://www.centeris.com
There's an anonymous coward in all of us.   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDvDpuIR7qMdg1EfYRAsorAJ9jbdCKsGpMvd4XUPIsVtCBy5OYwACgjLlY
fuXBc+g9F2UquvQMsHtGz34=
=CQZ8
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 usermap script execution

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Montenegro, Michael H (Michael) wrote:
 I have created a mapusers.bash script (listed below) for 
 mapping Active Directory handles to unix logins.  This
 script is currently working as documented.  I would like
 some insight into how and when this script gets called.  I
 assumed that upon establishing each samba connection, after
 the active directory handle gets authenticated with the domain
 controller it passes the domain\handle to this script to
 determine the unix login to use.  However, it seems to
 execute this script multiple times to establish a connection.
 I have tested this out by clearing the cache using nbtstat
 -R on the client and running smbstatus -u username and
 killing the procids then reconnecting.  Samba consistently
 will pass just the active directory handle without the
 domain first which succeeds because my script will find the
 correct unix login to map to without the domain.  Immediately
 after, Samba will pass the script the domain\handle which will
 also succeed. Why is this?

grep for map_username() in the samba source tree.  Everytime
that function get's called, you script will be called assuming
smbd is trying to map a new name.  Samba has to jump through a
lot of hoops when is comes to usernames which is why it
frequently tries to lookup the unqualified name as well as the
fully qualified version.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
Centeris ---  http://www.centeris.com
There's an anonymous coward in all of us.   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDvDpuIR7qMdg1EfYRAsorAJ9jbdCKsGpMvd4XUPIsVtCBy5OYwACgjLlY
fuXBc+g9F2UquvQMsHtGz34=
=CQZ8
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.20 usermap script execution

[Montenegro, Michael H (Michael)]

I have created a mapusers.bash script (listed below) for mapping Active 
Directory handles to unix logins.  This script is currently working as 
documented.  I would like some insight into how and when this script gets 
called.  I assumed that upon establishing each samba connection, after the 
active directory handle gets authenticated with the domain controller it passes 
the domain\handle to this script to determine the unix login to use.  However, 
it seems to execute this script multiple times to establish a connection.  I 
have tested this out by clearing the cache using nbtstat -R on the client and 
running smbstatus -u username and killing the procids then reconnecting.  Samba 
consistently will pass just the active directory handle without the domain 
first which succeeds because my script will find the correct unix login to map 
to without the domain.  Immediately after, Samba will pass the script the 
domain\handle which will also succeed. Why is this? Throughout the life of !
 the connection it will continue to intermittently pass the active directory 
handle without the domain.  

Samba version 3.0.20
Configuration: ./configure --prefix=/opt/samba-3.0.20 --with-smbwrapper 
--with-nis --with-quotas --with-syslog --with-included-popt
OS: Solaris 8

#!/bin/bash

if [ $1 ]
then
echo $1  /tmp/mhm4in #line needed for debugging

#cut off the na0x\ part of input
na0xlogin=`echo $1 | cut -d '\' -f2`

#search for a different unix login
unixlogin=`ypcat users.map | grep \$na0xlogin$ | cut -d ' ' -f1`

if [[ $? = 0  $unixlogin !=  ]]
then
#if unixlogin is in the users.map then return it
echo $unixlogin
echo $unixlogin  /tmp/mhm4out #debugging only
else
#find unixlogin in NIS passwd map then return it
unixlogin=`ypcat passwd | cut -d ':' -f1 | grep ^$na0xlogin$`
echo $unixlogin
echo $unixlogin  /tmp/mhm4out #debugging only
fi

# below if statement for debugging only
if [[ $unixlogin =  ]]
then
#report to /tmp/mhm4error for any requests with no unix login
echo $na0xlogin   /tmp/mhm4error #debugging only
fi

else
echo You must enter a name to search.
exit 1
fi




smb.conf global section*
[global]
   debug level = 3
   security = domain
   encrypt passwords = yes
   password server = *
   netbios name = server1
   netbios aliases = server1 server1a
   username map script = /opt/samba/lib/mapusers.bash
   server string = %h (Samba %v)
   workgroup = domain1
   wins proxy = no
   dns proxy = no
   wins support = no
   wins server = w.x.y.z
   guest account = nobody
   lock directory = /opt/samba/var/locks
   browseable = no
   create mask = 775
   directory mask = 775
   delete readonly = yes
   name resolve order = wins lmhosts host bcast
   case sensitive = no
   preserve case = yes
   short preserve case = yes
   domain master = no
   local master = no
   preferred master = no
   os level = 0
   remote announce = w.x.y.255
   log file = /opt/samba/var/%I.log
   max log size = 1000
   auto services = Unison 
   locking = yes
   strict locking = no
   dead time = 15
   load printers = no
   printing = sysv
   lpq cache time = 0
   map archive = no
   read only = no
   bind interfaces only = yes
   interfaces = a.b.c.d
   socket options = SO_KEEPALIVE
   smb ports = 139

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Active Directory and Samba 3.0.20

[Rich Bonfoey]

This is a new install with a very novice samba user .  We are running samba
3.0.20 on a Solaris 9 server.  We have 3 domains controllers - 1 old NT and
1Win 2000 Active Directory and 1 Win 2003 Active Directory.  The support
group that
administers the domains, have a limited skill set.  If its not Windows they
have nothing to contribute.  

The Domain Controllers are called
TACOMANEWS - Win 22000
TACOMA  - Win 2003
IS_DEPT - NT4

When running wbinfo -m on TACOMANEWS it sees IS_DEPT and TACOMA
When running wbinfo -m on IS_DEPT it sees TACOMA
When running wbinfo -m on TACOMA it sees TACOMANEWS and TACOMA

Checking users in all the domains, the only users that are seen are the ones
in the IS_DEPT and TACOMA.  Even when joined to TACOMANEWS, it shows no
users for this domain.  There are at least 80 users in the TACOMANEWS
domain. 

I think there should be users showing for TACOMANEWS, but our support group
does not know why.  

Can anyone offer some insight or point me to some documentation on the
issue.  I have googled a lot but haven't found what I need.  Samba is
running as a member of a domain.  Below is my smb.conf file, this is very
generic.

Thanks for any and all help

[global]
force directory mode = 775
create mode = 777
acl compatibility = auto
dns proxy = no
force create mode = 775
encrypt passwords = yes
idmap gid = 1-2
socket options = TCP_NODELAY
max log size = 50
password server = *
idmap uid = 1-2
writeable = yes
directory mode = 777
security = DOMAIN
winbind use default domain = yes
server string = zThorin
workgroup = TACOMANEWS
local master = no
log level = 1
print command = lpr -h -r -P%p %s
netbios name = zthorin
log file = /usr/local/samba/var/%m.log
os level = 20

[Fango]
path = /fango/gongo
printable = no
public = yes
create mask = 777
directory mask = 777


Richard Bonfoey
The News Tribune
Information Systems
Successfully Meeting the Business Needs of
The News Tribune through Information Technology


Richard Bonfoey
The News Tribune
Information Systems
Successfully Meeting the Business Needs of
The News Tribune through Information Technology

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Active Directory and Samba 3.0.20

[Vijay Avarachen]

Does TACOMANEWS allow anonymous binding to it Active Directory LDAP?  If not
you need to set a authuser (wbinfo --set-auth-user).  Also you can determine
if it support anonymous bind or not by running simply queries using
ldapsearch with and without -D option.

On 12/20/05, Rich Bonfoey [EMAIL PROTECTED] wrote:

 This is a new install with a very novice samba user .  We are running
 samba
 3.0.20 on a Solaris 9 server.  We have 3 domains controllers - 1 old NT
 and
 1Win 2000 Active Directory and 1 Win 2003 Active Directory.  The support
 group that
 administers the domains, have a limited skill set.  If its not Windows
 they
 have nothing to contribute.

 The Domain Controllers are called
 TACOMANEWS - Win 22000
 TACOMA  - Win 2003
 IS_DEPT - NT4

 When running wbinfo -m on TACOMANEWS it sees IS_DEPT and TACOMA
 When running wbinfo -m on IS_DEPT it sees TACOMA
 When running wbinfo -m on TACOMA it sees TACOMANEWS and TACOMA

 Checking users in all the domains, the only users that are seen are the
 ones
 in the IS_DEPT and TACOMA.  Even when joined to TACOMANEWS, it shows no
 users for this domain.  There are at least 80 users in the TACOMANEWS
 domain.

 I think there should be users showing for TACOMANEWS, but our support
 group
 does not know why.

 Can anyone offer some insight or point me to some documentation on the
 issue.  I have googled a lot but haven't found what I need.  Samba is
 running as a member of a domain.  Below is my smb.conf file, this is very
 generic.

 Thanks for any and all help

 [global]
 force directory mode = 775
 create mode = 777
 acl compatibility = auto
 dns proxy = no
 force create mode = 775
 encrypt passwords = yes
 idmap gid = 1-2
 socket options = TCP_NODELAY
 max log size = 50
 password server = *
 idmap uid = 1-2
 writeable = yes
 directory mode = 777
 security = DOMAIN
 winbind use default domain = yes
 server string = zThorin
 workgroup = TACOMANEWS
 local master = no
 log level = 1
 print command = lpr -h -r -P%p %s
 netbios name = zthorin
 log file = /usr/local/samba/var/%m.log
 os level = 20

 [Fango]
 path = /fango/gongo
 printable = no
 public = yes
 create mask = 777
 directory mask = 777


 Richard Bonfoey
 The News Tribune
 Information Systems
 Successfully Meeting the Business Needs of
 The News Tribune through Information Technology


 Richard Bonfoey
 The News Tribune
 Information Systems
 Successfully Meeting the Business Needs of
 The News Tribune through Information Technology

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba




--
Knowledge is the only wealth that grows as you spend it, and diminishes as
you save it.
-- ancient Sanskrit saying
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20 acls not working anymore and problem with winbindd_idmap.tdb

[Sabine Jordan]

Hi Folks,

I am experiencing some problems with samba 3.0.20 which I can not solve
on my own. We have updated from samba 3.0.10 to samba 3.0.20, but I am
not sure when the problems started.

We had a problem with idmap - I had hoped to solve - before. Whenever
we rebooted the server, all of the ACLs got jumbled up. I thought that
our winbindd_idmap.tdb somehow got broken. I re-created it, but still
the problem persists. We use winbindd to get all the Groups and Users
from Active Directory, and we have 2 samba-servers joined to the same
domain. Now I have found out that this could be the cause of the
problem I have with my idmap. Is it a good idea to change winbindd
configuration to windbindd with an NSS/LDAP backend-based idmap
facility? How can I change form local tdb to ldap-tbs without using my
user and group assignsments? I can not afford to loose all or mess up
all the ALCs on the first server. I think this is a bigger issue and
needs to be thought over carefully.

But now to the other problem I have on the second and smaller
samba-server. I have had some trouble concerning access rights where
users were trying to save a file on a share getting File exits error
messages. (But the file did not exist before!) After another attempt to
save the same file the operation was successfull. I could not trace the
problem after examining the acls with getfacl on the server. Everything
seemed to be alright.

Here's the global-section of my smb.conf:

# Global parameters
[global]
workgroup = DTMS
netbios name = MAX
security = domain
password server = skynet, orion, *
server string = MAX rate one Fileserver
domain master = no
os level = 2
unix extensions = Yes
encrypt passwords = yes
interfaces = eth0

log level = 2
log file = /var/log/samba/%m
max log size = 2048
syslog = 0

acl check permissions = yes
   #seems to change nothing...

name resolve order = lmhosts hosts bcast
wins support = no
wins server = 192.168.9.4
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY

#   
#   winbind section
#   
winbind uid = 1-2
winbind gid = 1-2
template shell = /bin/bash
template homedir = /distributed/samba-freigaben/user/%U
template shell = /bin/false
nt acl support = yes
winbind separator = +
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
obey pam restrictions = yes

Removing and resetting the acls with setfacl as well as rebooting the
machine did not help either. I have tried to view the ACLS via mapped
Share through windows, but I don't even see the ACLs there. I only see
the local unix-rights (user and owner-group)

I have tried to view and change ACLS for a file named glossar.htm with
the following rights:

max:~ # ls -la /distributed/samba-freigaben/marketing/glossar.htm
-rwxrwxrwx+ 1 jordans Marketing_ges 26190 Apr 11  2001
/distributed/samba-freigaben/marketing/glossar.htm

max:~ # getfacl /distributed/samba-freigaben/marketing/glossar.htm
# file: distributed/samba-freigaben/marketing/glossar.htm
# owner: jordans
# group: Marketing_ges
user::rwx
group::rw-
group:RO_Management:rwx
group:RO_Technik:rwx
group:RO_marketing_intern:rwx
group:RO_marketing_extern:rwx
mask::rwx
other::rwx

Here's the configuration for the share marketing where the file
glossar.htm can be found:

[marketing]
comment = Marketing
path = /distributed/samba-freigaben/marketing
nt acl support = no
writeable = yes
browsable = yes
valid users = @ntadmins @RO_Technik @RO_Management
@RO_marketing_intern @marketing_extern
admin users = @ntadmins

[marketing_a]
comment = Adminshare marketing
copy = marketing
nt acl support = yes
browsable = no
admin users = @DTMS+Domänen-Admins DTMS+WenkP DTMS+JordanS
valid users = @DTMS+Domänen-Admins DTMS+WenkP DTMS+JordanS

I have mapped the Adminshare, that I can see nt acls... But I don't see
the ACLs, I just see the owner (JordanS) and group (Marketing_ges), as
well as root/Max.

Here are the IDs for this user and group:

max:~ # getent passwd |grep 10002
jordans:x:10002:1:Jordan,
Sabine:/distributed/samba-freigaben/user/jordans:/bin/false
max:~ # getent group |grep
10044
Marketing_ges:x:10044:HeideE,EhrlicC,GibmeiA,KrieseB,partnership,HoefliO,KoriteS,VorbecM,BarossM,ReiterB,DildeiF,LindemY,ConzenN,WirtzP,BockmaA,ZechliT,BuchD,JoergeM,PelkmaR,KottbusM,KartziO,LehmanM

When I try to change permissions via file properties/security tab I get
an Windows Access Denied - message... I have turned on Samba log
(loglevel10) and here are some

[Samba] Samba 3.0.20 acls not working anymore and problem with winbindd_idmap.tdb

[Sabine Jordan]

Hi Folks,

I am experiencing some problems with samba 3.0.20 which I can not solve
on my own. We have updated from samba 3.0.10 to samba 3.0.20, but I am
not sure when the problems started.

We had a problem with idmap - I had hoped to solve - before. Whenever
we rebooted the server, all of the ACLs got jumbled up. I thought that
our winbindd_idmap.tdb somehow got broken. I re-created it, but still
the problem persists. We use winbindd to get all the Groups and Users
from Active Directory, and we have 2 samba-servers joined to the same
domain. Now I have found out that this could be the cause of the
problem I have with my idmap. Is it a good idea to change winbindd
configuration to windbindd with an NSS/LDAP backend-based idmap
facility? How can I change form local tdb to ldap-tbs without using my
user and group assignsments? I can not afford to loose all or mess up
all the ALCs on the first server. I think this is a bigger issue and
needs to be thought over carefully.

But now to the other problem I have on the second and smaller
samba-server. I have had some trouble concerning access rights where
users were trying to save a file on a share getting File exits error
messages. (But the file did not exist before!) After another attempt to
save the same file the operation was successfull. I could not trace the
problem after examining the acls with getfacl on the server. Everything
seemed to be alright.

Here's the global-section of my smb.conf:

# Global parameters
[global]
workgroup = DTMS
netbios name = MAX
security = domain
password server = skynet, orion, *
server string = MAX rate one Fileserver
domain master = no
os level = 2
unix extensions = Yes
encrypt passwords = yes
interfaces = eth0

log level = 2
log file = /var/log/samba/%m
max log size = 2048
syslog = 0

acl check permissions = yes
   #seems to change nothing...

name resolve order = lmhosts hosts bcast
wins support = no
wins server = 192.168.9.4
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY

#   
#   winbind section
#   
winbind uid = 1-2
winbind gid = 1-2
template shell = /bin/bash
template homedir = /distributed/samba-freigaben/user/%U
template shell = /bin/false
nt acl support = yes
winbind separator = +
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
obey pam restrictions = yes

Removing and resetting the acls with setfacl as well as rebooting the
machine did not help either. I have tried to view the ACLS via mapped
Share through windows, but I don't even see the ACLs there. I only see
the local unix-rights (user and owner-group)

I have tried to view and change ACLS for a file named glossar.htm with
the following rights:

max:~ # ls -la /distributed/samba-freigaben/marketing/glossar.htm
-rwxrwxrwx+ 1 jordans Marketing_ges 26190 Apr 11  2001
/distributed/samba-freigaben/marketing/glossar.htm

max:~ # getfacl /distributed/samba-freigaben/marketing/glossar.htm
# file: distributed/samba-freigaben/marketing/glossar.htm
# owner: jordans
# group: Marketing_ges
user::rwx
group::rw-
group:RO_Management:rwx
group:RO_Technik:rwx
group:RO_marketing_intern:rwx
group:RO_marketing_extern:rwx
mask::rwx
other::rwx

Here's the configuration for the share marketing where the file
glossar.htm can be found:

[marketing]
comment = Marketing
path = /distributed/samba-freigaben/marketing
nt acl support = no
writeable = yes
browsable = yes
valid users = @ntadmins @RO_Technik @RO_Management
@RO_marketing_intern @marketing_extern
admin users = @ntadmins

[marketing_a]
comment = Adminshare marketing
copy = marketing
nt acl support = yes
browsable = no
admin users = @DTMS+Domänen-Admins DTMS+WenkP DTMS+JordanS
valid users = @DTMS+Domänen-Admins DTMS+WenkP DTMS+JordanS

I have mapped the Adminshare, that I can see nt acls... But I don't see
the ACLs, I just see the owner (JordanS) and group (Marketing_ges), as
well as root/Max.

Here are the IDs for this user and group:

max:~ # getent passwd |grep 10002
jordans:x:10002:1:Jordan,
Sabine:/distributed/samba-freigaben/user/jordans:/bin/false
max:~ # getent group |grep
10044
Marketing_ges:x:10044:HeideE,EhrlicC,GibmeiA,KrieseB,partnership,HoefliO,KoriteS,VorbecM,BarossM,ReiterB,DildeiF,LindemY,ConzenN,WirtzP,BockmaA,ZechliT,BuchD,JoergeM,PelkmaR,KottbusM,KartziO,LehmanM

When I try to change permissions via file properties/security tab I get
an Windows Access Denied - message... I have turned on Samba log
(loglevel10) and here are some

[Samba] problem with windows CE 4.2 and samba 3.0.20

[Raúl D. Pittí Palma]

Hi!
I replaced a server running RH7.3 and samba 2.2.XX , with a server 
runnning centos4.2 and samba 3.0.20 .
We use several iPAQ handheld that connects to a share on the file 
server, and then open a file from a network share.
In the old server it worked o.k., but now, the same ipaq machines doesnt 
want to connect to the server.  they are able to connect to a windows XP 
machine, a winnt4 server and a win2003 server without a problem.


I have try to log in using the netbios name of the server and the ip 
address, but everything failed.

any ideas ?
I can send server logs and my smb.conf if requested.!

the error on the ipaq is:
Cannot find the file '\\' (or one of its components).  Make sure the 
path and file name are correct and all required libraries are available

of course, are the libraries are loaded.
The only change in the server is that now i am using utf8 as default 
language, and before we where using iso-8859-1 .


thanks again for your help!
RP

--

Raúl D. Pittí Palma
Associate
Global Engineering and Technologies
mobile (507)-6616-0194
office (507)-264-2362
Republic of Panama
www.globaltecsa.com 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with windows CE 4.2 and samba 3.0.20

[Raúl D. Pittí Palma]

Raúl D. Pittí Palma wrote:


Hi!
I replaced a server running RH7.3 and samba 2.2.XX , with a server 
runnning centos4.2 and samba 3.0.20 .
We use several iPAQ handheld that connects to a share on the file 
server, and then open a file from a network share.
In the old server it worked o.k., but now, the same ipaq machines 
doesnt want to connect to the server.  they are able to connect to a 
windows XP machine, a winnt4 server and a win2003 server without a 
problem.


I have try to log in using the netbios name of the server and the ip 
address, but everything failed.

any ideas ?
I can send server logs and my smb.conf if requested.!

the error on the ipaq is:
Cannot find the file '\\' (or one of its components).  Make sure the 
path and file name are correct and all required libraries are available

of course, are the libraries are loaded.
The only change in the server is that now i am using utf8 as default 
language, and before we where using iso-8859-1 .


thanks again for your help!
RP


this is the capture of the log file...

**log file start
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_KEEPALIVE = 1
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_REUSEADDR = 1
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_BROADCAST = 0
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option TCP_NODELAY = 1
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option TCP_KEEPCNT = 9
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option TCP_KEEPIDLE = 7200
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option TCP_KEEPINTVL = 75
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option IPTOS_LOWDELAY = 0
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option IPTOS_THROUGHPUT = 0
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_SNDBUF = 16384
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_RCVBUF = 16384
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_SNDLOWAT = 1
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_RCVLOWAT = 1
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_SNDTIMEO = 0
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_RCVTIMEO = 0
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_KEEPALIVE = 1
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_REUSEADDR = 1
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_BROADCAST = 0
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option TCP_NODELAY = 1
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option TCP_KEEPCNT = 9
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option TCP_KEEPIDLE = 7200
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option TCP_KEEPINTVL = 75
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option IPTOS_LOWDELAY = 0
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option IPTOS_THROUGHPUT = 0
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_SNDBUF = 16384
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_RCVBUF = 16384
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_SNDLOWAT = 1
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_RCVLOWAT = 1
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_SNDTIMEO = 0
[2005/11/29 20:28:01, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_RCVTIMEO = 0
[2005/11/29 20:28:01, 6] param/loadparm.c:lp_file_list_changed(2834)
 lp_file_list_changed()
 file /etc/samba/smb.conf - /etc/samba/smb.conf  last mod_time: Tue 
Nov 29 20:22:38 2005


[2005/11/29 20:28:01, 3] smbd/oplock.c:init_oplocks(1380)
 open_oplock_ipc: opening loopback UDP socket.
[2005/11/29 20:28:01, 10] lib/util_sock.c:open_socket_in(832)
 bind succeeded on port 0
[2005/11/29 20:28:01, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(309)
 Linux kernel oplocks enabled
[2005/11/29 20:28:01, 3] smbd/oplock.c:init_oplocks(1411)
 open_oplock ipc: pid = 4156, global_oplock_port = 32810
[2005/11/29 20:28:01, 4] lib/time.c:get_serverzone(125)
 Serverzone is 18000
[2005/11/29 20:28:01, 10] 
lib/util_sock.c:read_smb_length_return_keepalive(615)

 got smb length of 68
[2005/11/29 20:28:01, 3] lib/access.c:check_access(313)
 check_access: no hostnames in host allow/deny list.
[2005/11/29 20:28:01, 2] lib

Re: [Samba] Very strange permissions issue with Samba 3.0.20(a/b)

[Svend Sorensen]

On 11/15/05, Scrivner, Andrew [EMAIL PROTECTED] wrote:

  I am running Samba 3.0.20a on RHEL 3 u5 x86, my configuration is working
 perfectly except for cvs commits for 3 users. We are using ADS, pam_winbind, 
 and pam_require to authenticate CVS users against AD.

 Our CVS directories are mod 2775, and the group ownership of all dirs is
 the AD group DEN-CVS-Users. Every valid user is a member of this group. But
 a few users, while they are able to authenticate, and checkout, cannot commit 
 files to the depot. Their group membership is hosed up somehow. Everything is 
 working perfectly except for these few troublemakers.

 The users can log into CVS, so their group membership is seen by winbind and 
 passed to pam_require, but when it comes writing to a file with AD group
 ownership they are denied. It works for the rest of us though, so we're 
 baffled. The files are all mod 664.

 This isn't a CVS issue, as I can login to our CVS server as an affected AD 
 user and replicate the problem. For me, I can write to the depot just fine.

 My questions:
 1. Is there a limit to the number of groups a user may be a member of ( The 
 most so far is 48 groups ) that would cause winbind problems?

 2. Are the any special characters within an AD group name that would break 
 winbind?

 3. Besides a user's SID, and group membership, what could be different 
 between users ?

I ran across this problem.  See:

http://lists.samba.org/archive/samba/2005-August/109704.html
https://bugzilla.samba.org/show_bug.cgi?id=1493
https://bugzilla.samba.org/show_bug.cgi?id=2804

for my post and the relevant bug reports.  The bug has been closed,
and this should be fixed in the 3.0.21 release, however  I haven't
tested it.  If you do test any of the RCs, post your results.

  This is our setup:
 snip
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Very strange permissions issue with Samba 3.0.20(a/b)

[Scrivner, Andrew]

Hi Guys, 

First, thanks for all the hard work! You all rock.

 I am running Samba 3.0.20a on RHEL 3 u5 x86, my configuration is working
perfectly except for cvs commits for 3 users. We are using ADS, pam_winbind, 
and pam_require to authenticate CVS users against AD. 

Our CVS directories are mod 2775, and the group ownership of all dirs is
the AD group DEN-CVS-Users. Every valid user is a member of this group. But 
a few users, while they are able to authenticate, and checkout, cannot commit 
files to the depot. Their group membership is hosed up somehow. Everything is 
working perfectly except for these few troublemakers. 

The users can log into CVS, so their group membership is seen by winbind and 
passed to pam_require, but when it comes writing to a file with AD group 
ownership they are denied. It works for the rest of us though, so we're 
baffled. The files are all mod 664. 

This isn't a CVS issue, as I can login to our CVS server as an affected AD user 
and replicate the problem. For me, I can write to the depot just fine.

My questions:
1. Is there a limit to the number of groups a user may be a member of ( The 
most so far is 48 groups ) that would cause winbind problems?

2. Are the any special characters within an AD group name that would break 
winbind?

3. Besides a user's SID, and group membership, what could be different between 
users ?


 This is our setup:

smb.conf:
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
   netbios name = CVS-DR
   workgroup = DEN
   realm = DEN.FOO.COM
   security = ADS
   password server = den-dc1.den.foo.com
   winbind use default domain = no
   winbind nested groups = yes
   winbind enum users = yes
   winbind enum groups = yes
   allow trusted domains = yes
   log level = 3
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/bash
   template homedir = /cvsroot
   winbind cache time = 3600
   winbind separator = -

--
RHEL 3 u5 pam config
---

/etc/pam.d/cvs: 
#%PAM-1.0
authrequired  pam_env.so
authsufficientpam_unix.so likeauth nullok
authsufficientpam_winbind.so use_first_pass
authrequired  pam_deny.so

account required pam_require.so @DEN-CVS-Admins @DEN-CVS-Users 
@NY-CVS-Users @NY-CVS-Admins cvs

account required pam_unix.so broken_shadow
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so

password   sufficientpam_winbind.so use_authtok
password   sufficientpam_unix.so nullok use_authtok md5 shadow
password   required  pam_deny.so

sessionrequired  pam_unix.so


As always, any suggestions would be much appreciated.

Thanks, 
Andrew Scrivner








--
This e-mail transmission may contain information that is proprietary, 
privileged and/or confidential and is intended exclusively for the person(s) to 
whom it is addressed. Any use, copying, retention or disclosure by any person 
other than the intended recipient or the intended recipient's designees is 
strictly prohibited. If you are not the intended recipient or their designee, 
please notify the sender immediately by return e-mail and delete all copies. 
OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or 
disclose the content of all email communications.
==
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] makepkg.sh for samba 3.0.20

[xuan van]

Hi Jerry,

pkgadd works fine as I tried your suggested test
(setting --with-configdir=/usr/local/samba/etc)

Thanks,

Xuan
Gerald (Jerry) Carter wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

xuan van wrote:
| Hi,
|
| I downloaded 3.0.20 from samba.org, ran makepkg.sh to create
| samba pkg for Solaris. The install base for the new version
| locates in /opt/samba and the smbd locates in /etc/samba.
| I tried to modify the makepkg.sh to put everything under
| /usr/local/samba as follow:
|
| Delete:
| 
|--localstatedir=/var/lib/samba \
|--with-piddir=/var/run \
|--with-logfilebase=/var/log/samba \
|--with-privatedir=/etc/samba/private \
|--with-configdir=/etc/samba \
|
| Add:
| 
|--localstatedir=/usr/local/samba/lib \
|--with-piddir=/var/run \
|--with-logfilebase=/usr/local/samba/var/log \
|--with-privatedir=/usr/local/samba/private \
|--with-configdir=/usr/local/samba/lib \
|
| Replaced INSTALL_BASE=/opt/samba with INSTALL_BASE=/usr/local/samba
|
| makepkg.sh completed with no error. However pkgadd gives me the
| following errors:
| # pkgadd -d . samba
|
| Processing package instance samba from /tmp
|
| CIFS File and Print server
| (sparc) 3.0.20
| Copyright (C) 2001 Samba Team
| Using /usr/local/samba as the package base directory.
| ## Processing package information.
| pkgadd: ERROR: duplicate pathname /usr/local/samba/lib
| pkgadd: ERROR: unable to process pkgmap

It's probably because the configdir and libdir overlap.
Just remove your --with-logbase and --with-configdir lines
since those are the default values anyways.

Although it could just be a bug in the generated prototype file
now that I think of it since we would be defining
/usr/local/samba/lib/twice.

try setting --with-configdir=/usr/local/samba/etc

just as a test








cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
There's an anonymous coward in all of us.   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDVSYcIR7qMdg1EfYRAuDLAKC4nu7DBXa2qiKmKfnQ6u/p6xnzpgCg1R48
VpbimmV5yWW6wigq9j1/L9U=
=SSDl
-END PGP SIGNATURE-



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] makepkg.sh for samba 3.0.20

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

xuan van wrote:
| Hi,
|
| I downloaded 3.0.20 from samba.org, ran makepkg.sh to create
| samba pkg for Solaris. The install base for the new version
| locates in /opt/samba and the smbd locates in /etc/samba.
| I tried to modify the makepkg.sh to put everything under
| /usr/local/samba as follow:
|
| Delete:
| 
|--localstatedir=/var/lib/samba \
|--with-piddir=/var/run \
|--with-logfilebase=/var/log/samba \
|--with-privatedir=/etc/samba/private \
|--with-configdir=/etc/samba \
|
| Add:
| 
|--localstatedir=/usr/local/samba/lib \
|--with-piddir=/var/run \
|--with-logfilebase=/usr/local/samba/var/log \
|--with-privatedir=/usr/local/samba/private \
|--with-configdir=/usr/local/samba/lib \
|
| Replaced INSTALL_BASE=/opt/samba with INSTALL_BASE=/usr/local/samba
|
| makepkg.sh completed with no error. However pkgadd gives me the
| following errors:
| # pkgadd -d . samba
|
| Processing package instance samba from /tmp
|
| CIFS File and Print server
| (sparc) 3.0.20
| Copyright (C) 2001 Samba Team
| Using /usr/local/samba as the package base directory.
| ## Processing package information.
| pkgadd: ERROR: duplicate pathname /usr/local/samba/lib
| pkgadd: ERROR: unable to process pkgmap

It's probably because the configdir and libdir overlap.
Just remove your --with-logbase and --with-configdir lines
since those are the default values anyways.

Although it could just be a bug in the generated prototype file
now that I think of it since we would be defining
/usr/local/samba/lib/twice.

try setting --with-configdir=/usr/local/samba/etc

just as a test








cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
There's an anonymous coward in all of us.   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDVSYcIR7qMdg1EfYRAuDLAKC4nu7DBXa2qiKmKfnQ6u/p6xnzpgCg1R48
VpbimmV5yWW6wigq9j1/L9U=
=SSDl
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] makepkg.sh for samba 3.0.20

[xuan van]

Hi,

I downloaded 3.0.20 from samba.org, ran makepkg.sh to create
samba pkg for Solaris. The install base for the new version
locates in /opt/samba and the smbd locates in /etc/samba.
I tried to modify the makepkg.sh to put everything under
/usr/local/samba as follow:

Delete:

   --localstatedir=/var/lib/samba \
   --with-piddir=/var/run \
   --with-logfilebase=/var/log/samba \
   --with-privatedir=/etc/samba/private \
   --with-configdir=/etc/samba \

Add:

   --localstatedir=/usr/local/samba/lib \
   --with-piddir=/var/run \
   --with-logfilebase=/usr/local/samba/var/log \
   --with-privatedir=/usr/local/samba/private \
   --with-configdir=/usr/local/samba/lib \

Replaced INSTALL_BASE=/opt/samba with INSTALL_BASE=/usr/local/samba

makepkg.sh completed with no error. However pkgadd gives me the 
following errors:

# pkgadd -d . samba

Processing package instance samba from /tmp

CIFS File and Print server
(sparc) 3.0.20
Copyright (C) 2001 Samba Team
Using /usr/local/samba as the package base directory.
## Processing package information.
pkgadd: ERROR: duplicate pathname /usr/local/samba/lib
pkgadd: ERROR: unable to process pkgmap

Installation of samba failed (internal error).
No changes were made to the system.

What am I missing?

Thanks,

Xuan




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 and ADmitMac

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sean Noonan wrote:

| Does anyone have any experiences with
| integrating Samba and Thursby Software's ADmitMac?
| All of our Microsoft XP and Win2000 workstations work
| just fine with Samba, but I'm having a hell of a
| time getting ADmitMac to play nicely with Samba.
|
| Conversely, ADmitMac works great with Microsoft NT4,
| 2000 and 2003 servers.
|
| I'm not able to browse the network let alone join
| the OSX machines to the domain.  Samba is v3.0.20
| running on FreeBSD 5.4-STABLE.  Macs are running
| OSX v10.3.9 and are fully patched.  I've tried
| both ADmitMac v2.1 and 3.0 with same results.
|
| Any experiences with ADmitMac in the Samba community?

Not I.  Is there a trial version I could grab for my
Mac to test?





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDT7EtIR7qMdg1EfYRAgh9AJwNLzhYYCRIyGqM6bSawsmpnM7yigCguTSF
v4v9E38AhtpDsKSo2wbBfrk=
=8q9q
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 and ADmitMac

[AndyLiebman]

 
In a message dated 10/14/2005 9:23:04 A.M. Eastern Standard Time,  
[EMAIL PROTECTED] writes:

| I'm  not able to browse the network let alone join
| the OSX machines to the  domain.  Samba is v3.0.20
| running on FreeBSD 5.4-STABLE.  Macs  are running
| OSX v10.3.9 and are fully patched.  I've tried
| both  ADmitMac v2.1 and 3.0 with same results.
|
| Any experiences with  ADmitMac in the Samba community?

Not I.  Is there a trial version  I could grab for my
Mac to test?




There IS a trial version. You can use it for 30 days, I believe. Just a  note 
of caution. AdmitMac Version 3 has a bug in it that primarily affects its  
operation in Tiger (10.4.2). The original release (build 867) would give you  
mysterious File I/O errors on large and fast file transfers. The current  
release that you can download (build 868) seems to rigidly clamp down transfer  
rates to about 9.5 MB/sec -- even over Gigabit Ethernet. 
 
By contrast, the original release (build 867) gave you around 55 MB/sec  
transfer speed over Gigabit. BUT, with the occasional File I/O error that  
could 
cause your application to freeze. 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 and ADmitMac

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:
| In a message dated 10/14/2005 9:23:04 A.M. Eastern Standard Time,
| [EMAIL PROTECTED] writes:
|
| | I'm not able to browse the network let alone join
| | the OSX machines to the domain.  Samba is v3.0.20
| | running on FreeBSD 5.4-STABLE.  Macs are running
| | OSX v10.3.9 and are fully patched.  I've tried
| | both ADmitMac v2.1 and 3.0 with same results.
| |
| | Any experiences with ADmitMac in the Samba community?
|
| Not I.  Is there a trial version I could grab for my
| Mac to test?
|
| There IS a trial version. You can use it for 30 days, I believe.

Download URL ?






- -- jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDT80VIR7qMdg1EfYRAgZ6AJsGYZlXHlMZkzwmYGo+9agUAgPhSwCgzaW9
dFC7ICEUfKdh00M4S0K3yNM=
=QVpK
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 and ADmitMac

[AndyLiebman]

 
In a message dated 10/14/2005 11:20:49 A.M. Eastern Standard Time,  
[EMAIL PROTECTED] writes:

| There  IS a trial version. You can use it for 30 days, I believe.

Download URL  ?


_http://www.thursby.com/evaluations/admitmac.html_ 
(http://www.thursby.com/evaluations/admitmac.html) 
 
Andy
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20, Active Directory, Debian: Username ... is invalid on this system

[Markus Feilner]

Hello List,
I have a strange problem:
I have successfully added my debian system to the local active directory 
domain. Winbind works and gives me Users, Groups, and relations when I call 
wbinfo. However, Users cannot connect to a share I prepared.
It makes no difference if there is no valid user =  entry, or if I put an 
correct entry with my test user. 
All I get in log.winbindd is:
Username DOMAIN+test is invalid on this system
(just like there was a valid user entry.)
I have successfully checked the password of this user with wbinfo, user data 
is handed over correctly, wbinfo -t is successful, domain membership works.
What is wrong?
Thanks!!
-- 
Mit freundlichen Grüßen
Markus Feilner

--
Feilner IT Linux  GIS 
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Beraiterweg 4 93047 Regensburg
Untere Hauptstr 2 85386 Eching
fon regensburg  +49 941 8107989
fon eching  +49 89 379 956 3 
fax +49 89 379 956 444  
mobil + +49 170 3027092 
skype ID: mfeilner mail: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba 3.0.20, Active Directory, Debian: Username ... is invalid on this system

[Rex Dieter]

Markus Feilner wrote:

Hello List,
I have a strange problem:
I have successfully added my debian system to the local active directory 
domain. Winbind works and gives me Users, Groups, and relations when I call 
wbinfo. However, Users cannot connect to a share I prepared.
It makes no difference if there is no valid user =  entry, or if I put an 
correct entry with my test user. 
All I get in log.winbindd is:

Username DOMAIN+test is invalid on this system
(just like there was a valid user entry.)
I have successfully checked the password of this user with wbinfo, user data 
is handed over correctly, wbinfo -t is successful, domain membership works.

What is wrong?


You apparently haven't configured nss_winbind.

-- Rex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20 and ADmitMac

[Sean Noonan]

Does anyone have any experiences with integrating Samba and Thursby
Software's ADmitMac?  All of our Microsoft XP and Win2000 workstations work
just fine with Samba, but I'm having a hell of a time getting ADmitMac to
play nicely with Samba.

Conversely, ADmitMac works great with Microsoft NT4, 2000 and 2003 servers.

I'm not able to browse the network let alone join the OSX machines to the
domain.  Samba is v3.0.20 running on FreeBSD 5.4-STABLE.  Macs are running
OSX v10.3.9 and are fully patched.  I've tried both ADmitMac v2.1 and 3.0
with same results.

Any experiences with ADmitMac in the Samba community?

Thanks,

--Sean Noonan.






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba (3.0.20) doesn't use TLS for LDAP referrals

[José M. Fandiño]

Jay Fenlason wrote:
  I can see _four_ unencrypted tries to the master directory server and
  a network trace confirms that samba doesn't use TLS with referrals.
 
  first contact with the slave directory:
  Sep 29 18:25:43 slave slapd[30977]: = check a_authz.sai_ssf: ACL 112  OP 
  168
 
  fwe seconds later the referral is followed:
  Sep 29 18:25:45 master slapd[6738]: = check a_authz.sai_ssf: ACL 112  OP 0
 
  is it a bug in samba? or in the OpenLDAP libraries?
 
 Could be the OpenLDAP libraries.  What version of them are you using?

OpenLDAP 2.2.28 (it's the last version of the 2.2.x series)

 It sounds suspiciously like
 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161991
 which is the OpenLDAP part of
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069

Jay,

you are right, I'm hitting this bug[1]. I' will post the question in
the OpenLDAP ML.

Thank you.

[1] http://www.openldap.org/its/index.cgi/Software%20Bugs?id=3791;selectid=3791
-- 
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP t+ 5 X+$ R- tv-- b+++ DI D+
G++ e- h+(++) !r !z
--END GEEK CODE BLOCK--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.20 : AIX 5.2 compile problem

[Dan Am]

Hi all,
I am trying to compile Samba 3.0.20 for AIX 5.2. ./configure runs okay,
if very slow. make breaks in some kerberos library. However kerberos
works perfectly. Anyone ever done this or other advice ?
TIA
Dan






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba (3.0.20) doesn't use TLS for LDAP referrals

[José M. Fandiño]

Hello,

 Now I'm trying to move the LDAP backend from the master OpenLDAP
server to a slave one. The ACL rules for all directories requires 
a ssf = 112 (Security Strength Factor) just to be sure that all 
connections are properly encrypted. Also the slave directory has a 
referral directive pointing the master directory. 

Samba works perfectly with the slave directory except when a write
operation is done, then it gets a referral and this time the modification
is tried with the master but with an unencrypted connection.

I can see _four_ unencrypted tries to the master directory server and
a network trace confirms that samba doesn't use TLS with referrals.

first contact with the slave directory:
Sep 29 18:25:43 slave slapd[30977]: = check a_authz.sai_ssf: ACL 112  OP 168

fwe seconds later the referral is followed:
Sep 29 18:25:45 master slapd[6738]: = check a_authz.sai_ssf: ACL 112  OP 0

is it a bug in samba? or in the OpenLDAP libraries?

Thank you.
-- 
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP t+ 5 X+$ R- tv-- b+++ DI D+
G++ e- h+(++) !r !z
--END GEEK CODE BLOCK--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20 aio compile failure on AIX 5.2

[Ric Tibbetts]

I just tried to compile Samba 3.0.20 on AIX 5.2 (someone suggested 
that it may resolve the other issue I'm having, I doubt it, but it's 
worth a try).

I received the following error when I tried to do the compile:

/usr/include/aio.h:76: field `aio_sigevent' has incomplete type
/usr/include/aio.h:127: field `aio_sigevent' has incomplete type
In file included from dynconfig.c:21:
include/includes.h:799: redefinition of `struct timespec'
make: 1254-004 The error code from the last command is 1.


I'm guessing that I'm not the first to encounter this. Does anyone have a fix?

Thanks!

-Ric


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem: FreeBSD 5.4 and Samba 3.0.20 not working with ADS

[Thomas Lesh]

Hello all,

I'm having a really difficult time with this setup.  I can communicate
with my Win2k3 PDC from my FreeBSD Samba file server by using the wbinfo
utility.  The wbinfo utility returns all of the information that I
expect it to successfully.  I've joined the Samba file server to the AD
already.  Users can access shared resources on the Samba file server
*ONLY IF* they have a local account on the Samba file server.  What am I
doing wrong, it's giving me massive headaches?!  Here are my config
files:

---[ smb.conf ]---
[global]
workgroup = HELLO
realm = HELLO.LOCAL
server string = Samba File Server
security = ADS
auth methods = winbind
password server = 192.168.20.5
log level = 3
log file = /var/log/samba/log.%m
max log size = 100
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
printcap name = cups
preferred master = No
domain master = No
dns proxy = No
wins server = 192.168.20.5
ldap ssl = no
idmap uid = 1-2
idmap gid = 2-3
winbind use default domain = Yes
winbind trusted domains only = Yes
invalid users = root
acl group control = Yes
inherit permissions = Yes
inherit acls = Yes
write cache size = 262144

[homes]
comment = Home Directories
read only = No
browseable = No

[public]
comment = Public Share
path = /home/pub
admin users = Administrator
read only = No
create mask = 0664
directory mask = 0775
guest ok = Yes

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

---[ krb5.conf ]---
 [libdefaults]
default_realm = HELLO.LOCAL

[realms]
HELLO.LOCAL = {
kdc = champion.hello.local
admin_server = champion.hello.local
}

[domain_realm]
.hello.local = HELLO.LOCAL

---[ nsswitch.conf ]---
group: compat files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: compat files winbind
passwd_compat: nis
shells: files
shadow: files winbind

---[ /etc/pam.d/login ]---
# auth
authrequiredpam_nologin.so  no_warn
authsufficient  pam_self.so no_warn
authinclude system
authsufficient  pam_winbind.so

# account
account requisite   pam_securetty.so
account include system
account sufficient  pam_winbind.so

# session
session include system

# password
passwordinclude system


Thanks for taking the time to check this out!
-Tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] how to enable AIO in samba-3.0.20 ?

[Ilia Chipitsine]

Dear Sirs,

is aio supported under FreeBSD ?
I recompiled samba with --enable-aio-support, what else should I do in 
order to enable aio ?


Cheers,
Ilia Chipitsine
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to enable AIO in samba-3.0.20 ?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ilia Chipitsine wrote:
| Dear Sirs,
|
| is aio supported under FreeBSD ?
| I recompiled samba with --enable-aio-support, what else
| should I do in  order to enable aio ?

Nope.  Patches are pending though from the FreeBSD maintainer.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDKzRjIR7qMdg1EfYRAl8vAJ9DeDvNGfrMtFrl9bPqZsTwgnG8WQCgjviW
Futa8wYHCbtvTN047KFqoBI=
=lMKG
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems compiling Samba-3.0.20 on Slackware 10.1 using kernel version 2.4.29 (unmodified)

[Tony Roberts]

Processes run:

./autogen.sh
./configure
./make

Make results in the following error:

/usr/lib/gcc-lib/i486-slackware-linux/3.3.4/../../../../i486-slackware-linux/bin/ld: 
cannot find -lssl

collect2: ld returned 1 exit status
make: *** [bin/smbd] Error 1


ssl version OpenSSL 0.9.7g 11 Apr 2005
is installed under /usr/local/ssl/ and is listed in /etc/ld.so.conf but 
is not stipulated when compiling. Does it need to be?



Any ideas anyone?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems compiling Samba-3.0.20 on Slackware 10.1 using kernel version 2.4.29 (unmodified)

[Tony Roberts]

Processes run:

./autogen.sh
./configure
./make

Make results in the following error:

/usr/lib/gcc-lib/i486-slackware-linux/3.3.4/../../../../i486-slackware-linux/bin/ld: 
cannot find -lssl

collect2: ld returned 1 exit status
make: *** [bin/smbd] Error 1


ssl version OpenSSL 0.9.7g 11 Apr 2005
is installed under /usr/local/ssl/ and is listed in /etc/ld.so.conf but 
is not stipulated when compiling. Does it need to be?



Any ideas anyone?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 - Windows 98 problem

[Jeremy Allison]

On Wed, Sep 07, 2005 at 10:54:17AM +0300, Catalin TOMOZEI wrote:
 Server - Samba 3.0.20 on INTEL P4 running Slackware 10.1 Client - Windows 
 98.
 
 Can log in, see, browse, and write.
 
 Just can't run simultaneous, same *.exe from 2 different computers with 
 Windows 98
 
 With Windows 2000, Xp this keep good time.
 
 On samba 3.0.14a, with same smb.conf this problem dont exist.

This has just been fixed in SVN. Here is the patch :

Jeremy.
Author: jra
Revision: r10133
Modified: source/smbd/open.c
Added: 
Removed: 


Fix bug #3044. open-exec is read-only.
Jeremy.


Index: source/smbd/open.c
===
--- source/smbd/open.c  (revision 10132)
+++ source/smbd/open.c  (revision 10133)
@@ -1046,13 +1046,13 @@
 
/* Create the NT compatible access_mask. */
switch (GET_OPENX_MODE(deny_mode)) {
+   case DOS_OPEN_EXEC: /* Implies read-only - used to be 
FILE_READ_DATA */
case DOS_OPEN_RDONLY:
access_mask = FILE_GENERIC_READ;
break;
case DOS_OPEN_WRONLY:
access_mask = FILE_GENERIC_WRITE;
break;
-   case DOS_OPEN_EXEC: /* This used to be FILE_READ_DATA... */
case DOS_OPEN_RDWR:
case DOS_OPEN_FCB:
access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20 winbindd problem on x86-64

[Robin Hill]

We've been having some problems with winbind authentication recently
(on 3.0.13) so I've upgraded to 3.0.20 (including all the patches on
http://www.samba.org/samba/patches/).  This works perfectly on all our
32-bit systems but seems to break badly on the 64-bit systems.  Fetching
user and group lists (via 'wbinfo -u' and 'wbinfo -n') work fine, as
does looking up SIDs (via 'wbinfo -n').  Logging on using an ADS user
fails though (causing the winbindd server to lock up, which means all
user  group lookups then incur a huge delay) - I've narrowed this down
to the getgroups call (reproducible via 'wbinfo -r') but I can't follow
quite what this is doing in the code (It appears to call through to
schedule_async_request twice, hanging on the second call).

Any ideas?  Here's the smb.conf we're using:

[global]
utmp = yes
workgroup = BIOWISDOM
server string = SAMBA
time server = yes
interfaces = 127.0.0.1 eth0
bind interfaces only = true
log file = /var/log/samba/log.%m
security = ads 
realm = INTERNAL.BIOWISDOM.COM
password server = *
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
dns proxy = yes
encrypt passwords = yes
client plaintext auth = no
client lanman auth = no
client ntlmv2 auth = yes

idmap backend = ldap:ldap://ls-ukdevel01.internal.biowisdom.com
idmap uid = 1-2
idmap gid = 1-2

Many thanks,
Robin
-- 
Robin Hill
Linux Systems Administrator, BioWisdom Ltd.
http://www.biowisdom.com/

*
The information contained in this message is likely to be confidential.  It is 
intended only for the person named above.  Any dissemination, distribution, 
copying, disclosure or use of this message or its contents unless authorised by 
BioWisdom Ltd is strictly prohibited. Any views or opinions expressed within 
this e-mail are those of the author and do not necessarily represent those of 
BioWisdom Ltd. If you have received this message in error, please immediately 
notify us and delete it.  Thank you.  BioWisdom Ltd, Harston Mill, Harston, 
Cambridge, CB2 5GG.  Tel: +44 (0)1223 874800, Fax: +44 (0) 1223 874801, 
Internet:www.biowisdom.com

*

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20 - Windows 98 problem

[Catalin TOMOZEI]

Server - Samba 3.0.20 on INTEL P4 running Slackware 10.1 Client - Windows 
98.


Can log in, see, browse, and write.

Just can't run simultaneous, same *.exe from 2 different computers with 
Windows 98


With Windows 2000, Xp this keep good time.

On samba 3.0.14a, with same smb.conf this problem dont exist.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.20 build issue

[Randy McMurchy]

Hi all,

I could not get the new 3.0.20 version to compile using a GCC-4 based
system without commenting out some code just recently put in (I base
this on the SVN commits). The code I had to comment is in the
source/include/includes.h file. Here is the commented code.

/*
#ifndef __cplusplus
#define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define protected #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define template #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define this #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define new #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define delete #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define friend #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#endif
*/

This code was inserted into the includes.h file after 3.0.14a was
released. I can compile the 3.0.14a version perfectly without any
changes. Anyway, commenting out the section shown above in the
includes.h file results in a clean build and a perfectly (as best
as I can tell) running Samba installation of 3.0.20.

If I can provide any additional information to help out, let me
know. I am not subscribed, but I will follow via the newsgroup
and/or archive facilities.


-- 
Randy

rmlscsi: [GNU ld version 2.15.94.0.2 20041220] [gcc (GCC) 3.4.3]
[GNU C Library stable release version 2.3.4] [Linux 2.6.10 i686]
11:41:01 up 155 days, 11:14, 3 users, load average: 0.08, 0.08, 0.19
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20 on Solaris ( 3.0.14a idem) - C compiler cannot create executables

[Anthony PEROT]

Hi,

I've a real problem on my sol8 server :

- gcc, binutils, etc are installed, PATH is ok, as, ld, etc too

MIT kerberos and Openldap have compiled without any problem but for samba
during configure I directly get : C compiler cannot create executables
and no error about a gcc not found !

I only see   not found but it doesn't tell me what in config.log, it
seems to search for something in /usr/local/.../Openldap/lib and/or
include dirs but I don't know what :(

Someone said me that I should use Sun compilers instead of gcc but I don't
want, I don't have Sun Studio licence and I don't want to buy it just for
that !

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Beta test of Sparc Solaris packages (Samba 3.0.20)

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Folks,

I'm uploading a simple package of Samba 3.0.20 for Solaris 9 Sparc
to samba.org.  The configure options are

./configure --prefix=/opt/samba \
--with-acl-support \
--with-included-popt \
--localstatedir=/var/lib/samba \
--with-piddir=/var/run \
--with-logfilebase=/var/log/samba \
--with-privatedir=/etc/samba/private \
--with-configdir=/etc/samba \
--with-ldap=no --with-ads=no

The package was built using gcc 4.0.

The package will be in the standard Binary_Packages
directory in the download area on http://download.samba.org/

I'm going to work on a separate package with full
ads support using statically linked OpenLDAP and
the MIT kerberos client libs.  Hopefully I'll have that
version available next week.  But if interested people
could test out this one to make sure it runs ok, that
would be helpful.

Is there any demand for Solaris x86 packages?  If so what
OS release?  I'm not promising anything.  Just trying to
gauge interest.







cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
I never saved anything for the swim back. Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFhbBIR7qMdg1EfYRAi2yAJ9/ZsTRKWx3GUA2YoyTFv3NFrKKJwCfX5v2
zyUMv/awwsMOkBzfDMoiMII=
=/oAU
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 and UserManager

[Michael Gasch]

i posted this problem earlier with extensive logging

please have a look at:
[Samba] Trouble with usrmgr.exe in 3.0.20rc1/2
08/12/05






Guenther Deschner wrote:

On Tue, Aug 23, 2005 at 04:13:16PM +0100, Bruno Guerreiro wrote:


Hi,
I'll do that just for debug purposes.
+1800 Usergroups
+1000 Users
+1000 Computers Accounts

There must be another way :-(



Yes, could you please provide a debuglevel 10 log.smbd ? This would allow
to track your problem.

Thanks,
Guenther





--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 on Solaris: problem with fileaccess in a automounted filesystem

[Knut Hellebø]

[EMAIL PROTECTED] wrote:

Hello Knut,

The problem may well be related to locking problems between the samba
server and the NFS server (Solaris 2.5.1). Isn't 2.5.1 unsupported now?
Have you patched it up as much as you can?



Yes, so I have been thinking myself, but when logging on to the Solaris 
samba server which mounts from the 2.5.1 nfs server, checking/accessing 
the files/directories seems fine. No locking problems. Also, when using 
a Sgi samba server mounting from the same Solaris 2.5.1 system, 
everything is fine. One should think that it is more likely that things 
would work better between two Sun boxes than between a Sun and a Sgi. I 
will try to patch the Solaris 2.5.1 server with the latest recommended 
set and see if this helps.

--

  **
  * Knut Hellebø | DAMN GOOD COFFEE !! *
  * Hydro IS Partner ESI (Unix) Team | (and hot too)   *
  *  | *
  * E-mail: [EMAIL PROTECTED]   | Dale Cooper, FBI*
  **



***
NOTICE: This e-mail transmission, and any documents, files or previous
e-mail messages attached to it, may contain confidential or privileged
information. If you are not the intended recipient, or a person
responsible for delivering it to the intended recipient, you are
hereby notified that any disclosure, copying, distribution or use of
any of the information contained in or attached to this message is
STRICTLY PROHIBITED. If you have received this transmission in error,
please immediately notify the sender and delete the e-mail and attached
documents. Thank you.
***

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.20 crashes on startup

[Leen Toelen]

Hi,

after a problem last week with a kerberos security update from
microsoft and my samba version I updated samba to 3.0.20. On most
machines this works like a charm, but on one of them smbd crashes on
startup. This is whet comes up in the logfile.


[2005/08/29 13:35:45, 0] printing/print_cups.c:cups_cache_reload(85)
  Unable to connect to CUPS server localhost - Connection refused
[2005/08/29 13:35:45, 0] printing/print_cups.c:cups_cache_reload(85)
  Unable to connect to CUPS server localhost - Connection refused
[2005/08/29 13:35:45, 2] lib/interface.c:add_interface(81)
  added interface ip=10.10.1.4 bcast=10.10.255.255 nmask=255.255.0.0
[2005/08/29 13:35:45, 2] lib/tallocmsg.c:register_msg_pool_usage(56)
  Registered MSG_REQ_POOL_USAGE
[2005/08/29 13:35:45, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2005/08/29 13:35:45, 0] printing/nt_printing.c:upgrade_to_version_4(438)
  upgrade_to_version_4: upgrading printer security descriptors
[2005/08/29 13:35:45, 0] lib/fault.c:fault_report(36)
  ===
[2005/08/29 13:35:45, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 6871 (3.0.20-0.1-SUSE)
  Please read the appendix Bugs of the Samba HOWTO collection
[2005/08/29 13:35:45, 0] lib/fault.c:fault_report(39)
  ===
[2005/08/29 13:35:45, 0] lib/util.c:smb_panic2(1548)
  PANIC: internal error
[2005/08/29 13:35:45, 0] lib/util.c:smb_panic2(1556)
  BACKTRACE: 14 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x1c5) [0x5b3671]
   #1 /usr/sbin/smbd(smb_panic+0xe) [0x5b34a7]
   #2 /usr/sbin/smbd [0x5a06f1]
   #3 /usr/sbin/smbd [0x5a074d]
   #4 /lib64/tls/libc.so.6 [0x2a96b7b380]
   #5 /usr/sbin/smbd(sec_desc_merge+0x45) [0x5cce1e]
   #6 /usr/sbin/smbd [0x5d442e]
   #7 /usr/sbin/smbd(tdb_traverse+0x115) [0x5c75a6]
   #8 /usr/sbin/smbd [0x5d4654]
   #9 /usr/sbin/smbd(nt_printing_init+0x3cd) [0x5d4cad]
   #10 /usr/sbin/smbd(print_backend_init+0x182) [0x5ce7eb]
   #11 /usr/sbin/smbd(main+0x536) [0x631ad7]
   #12 /lib64/tls/libc.so.6(__libc_start_main+0xfd) [0x2a96b69acd]
   #13 /usr/sbin/smbd(tcsetattr+0xaa) [0x44141a]

The problem is probably printing related, but I do not have any
printer shares enabled in my config.

Any ideas?

Regards,
Leen
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 crashes on startup

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Leen Toelen wrote:
| Hi,
|
| after a problem last week with a kerberos
| security update from microsoft and my samba version I
| updated samba to 3.0.20. On most machines this works like
| a charm, but on one of them smbd crashes on
| startup. This is whet comes up in the logfile.

You're on a 64-bit AMD box running SLES 9 sp1 right ?
This is a bug in gcc.  If it is a bug in the suse packages, please
report tyo [EMAIL PROTECTED]  If you compiled it yourself, either
upgrade to SLES 9 sp2 or compile with '-O0' or no topimizations.
The problem appears to be with -O1 (the default).
|





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDEvfxIR7qMdg1EfYRAlsgAKCkGjNChRXYUOzRRBWOeNx1wo1CaACg1YWQ
DFzfCzdhk61TMjdSDNHohOw=
=RkqL
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.20

[raymond]

Will there be an RPM for Suse 8.2? As the last one available is the 3.0.14a
and I would like to update the Samaba server to 3.0.20. If not, how can I
upgrade my existing one?

Thanks!

Raymond

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20

[stefanke]

Hi,

sorry but Samba is not responsilbe for binarys! 

You will find current SUSE 8.2 binarys at:

ftp://ftp.sernet.de/pub/samba/suse/suse82/


Cheers Stefan

 Original Message 
Subject: [Samba] 3.0.20 (26-Aug-2005 12:52)
From:[EMAIL PROTECTED]
To:  samba@lists.samba.org

 
 Will there be an RPM for Suse 8.2? As the last one available is the 3.0.14a
 and I would like to update the Samaba server to 3.0.20. If not, how can I
 upgrade my existing one?
 
 Thanks!
 
 Raymond
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba
 
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 compiles in aio support on aix by default, and when asked not to

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

J Raynor wrote:
 
 I'm trying to install samba-3.0.20 on aix 5.2, and I don't want 
 to use aio, but the build process is compiling it in
 anyway.  By default, it isn't supposed to build in aio support, but
 it does.  When I pass --with-aio-support=no to configure, it
 also builds in support.  It builds in aio support whether I
 use gcc or xlc.
 
 Here's what ldd shows:
 
 # ldd bin/smbd
 bin/smbd needs:
  /usr/lib/libc.a(shr.o)
  /usr/lib/libc.a(posix_aio.o)
  /usr/lib/librtl.a(shr.o)
  /unix
  /usr/lib/libcrypt.a(shr.o)

J,

Would you file this as a bug report for me?  Then either Jeremy
or I will get it cleaned up.  Thanks.





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDDxdHIR7qMdg1EfYRAiHdAKDAXIBiWhZVvpv53XhlwP1IiYk5mgCdHRCa
SUHKQw4GSDdX7p6D/goFsaE=
=Z4Xl
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20 on Solaris: problem with fileaccess in a automounted filesystem

[Knut Hellebø]

Regards,

Sent this one before, here's another go:

My sambaserver, let's call it sserv, is running Solaris 8 (latest 
Recommended set) or 9 (tried both) compiled with automount support.
When PC client A tries to access a file in a automounted mapping from 
sserv, the client is freezing and Windows Explorer has to be restarted.
The NFS server which the samba server automounts from is a Solaris 2.5.1 
system.
The strange thing is that the same scenario works OK when the samba 
server is an Sgi IRIX system. The following pops up in the log for PC 
client A on sserv:


[2005/08/26 15:57:29, 0] smbd/oplock.c:(1081)
  request_oplock_break: no response received to oplock break request to 
pid 16838 on port 58990 for dev = 4f4001d, inode = 187327, file_id = 51

[2005/08/26 15:57:29, 0] smbd/open.c:(726)
  open_mode_check: exlusive oplock left by process 16838 after break ! 
For file test.zip, dev = 4f4001d, inode = 187327. Deleting it to continue...


Someone's got a clue ?
--

  **
  * Knut Hellebø | DAMN GOOD COFFEE !! *
  * Hydro IS Partner ESI (Unix) Team | (and hot too)   *
  *  | *
  * E-mail: [EMAIL PROTECTED]   | Dale Cooper, FBI*
  **



***
NOTICE: This e-mail transmission, and any documents, files or previous
e-mail messages attached to it, may contain confidential or privileged
information. If you are not the intended recipient, or a person
responsible for delivering it to the intended recipient, you are
hereby notified that any disclosure, copying, distribution or use of
any of the information contained in or attached to this message is
STRICTLY PROHIBITED. If you have received this transmission in error,
please immediately notify the sender and delete the e-mail and attached
documents. Thank you.
***

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.20 compiles in aio support on aix by default, and when asked not to

[J Raynor]

I'm trying to install samba-3.0.20 on aix 5.2, and I don't want to use 
aio, but the build process is compiling it in anyway.  By default, it 
isn't supposed to build in aio support, but it does.  When I pass 
--with-aio-support=no to configure, it also builds in support.  It 
builds in aio support whether I use gcc or xlc.


Here's what ldd shows:

# ldd bin/smbd
bin/smbd needs:
 /usr/lib/libc.a(shr.o)
 /usr/lib/libc.a(posix_aio.o)
 /usr/lib/librtl.a(shr.o)
 /unix
 /usr/lib/libcrypt.a(shr.o)






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member

[Sanjay Upadhyay]

Jerry,
These were from enterprisesamba.com http://enterprisesamba.com/ (created 
by sernet). I use them since Earlier 3.0.14a from them worked very well, 
Absolutely perfect.

regards

On 8/23/05, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote:
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Sanjay Upadhyay wrote:
 
  Problem Solved. Just trying to build from source and repeating the
  steps solved the problem, So it seems there are problems with
  the rpm distribution from sarnet.
 
 Sanjay,
 
 Just to clarify, these RPMs for SLES 9 came from samba.orghttp://samba.org
 ?
 Or for enterprisesamba.com http://enterprisesamba.com (created by 
 SerNet)?
 
 
 
 
 cheers, jerry
 =
 Alleviating the pain of Windows(tm) --- http://www.samba.org
 GnuPG Key - http://www.plainjoe.org/gpg_public.asc
 I never saved anything for the swim back. Ethan Hawk in Gattaca
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.0 (GNU/Linux)
 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
 iD8DBQFDCzi+IR7qMdg1EfYRAsyQAKDgkBMk1NSB9fMM/SK+X6MLDSW9ywCeJ65B
 PDxQymIayr450OyJWIiT7iE=
 =ZWk2
 -END PGP SIGNATURE-
 



-- 
Sanjay Upadhyay
http://saneax.blogspot.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 and UserManager, LDAP database rebuild

[Geert Stappers]

On Tue, Aug 23, 2005 at 04:23:43PM +0200, Louis van Belle wrote:
 Hi i also had this error. 
 
  Procedure out of range error.
 
 I rebuild the ldap database and problem was solved.

How to rebuild the LDAP database?

Something like:
 slapcat  db ; rm -r /var/lib/ldap/* ; cat db | slapdd
?

Or should db taken from the backup because that is a consistent
version before the rebuild was due.

 Louis

Cheers
Geert Stappers



signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 and UserManager

[Geert Stappers]

 Hi,
 I'll do that just for debug purposes.
 +1800 Usergroups
 +1000 Users
 +1000 Computers Accounts
 
 There must be another way :-(

Most likely  :-)


Where it is logical problem,
it will help to allow reading in the logical order. 

Please reply below the text.


Thanks,
Some one who gets directed to archives by search engines.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba-3.0.20-1 Fedora SRPM on x86_64 build questions

[Tom Diehl]

Hi all,

I am trying to build the 3.0.20 fedora srpm from samba.org on x86_64 but I am
having a problem with the packaging. When I do rpmbuild -ba I get the following
errors:

Processing files: samba-client-3.0.20-1
error: File not found: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/lowcase.dat
error: File not found: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/upcase.dat
error: File not found: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/valid.dat
Processing files: samba-common-3.0.20-1
error: File not found by glob: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/charset/CP*.so
error: File not found by glob: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/idmap/idmap*.so
Processing files: samba-swat-3.0.20-1
error: File not found by glob: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/*.msg
Processing files: samba-debuginfo-3.0.20-1
Provides: CP437.so.debug()(64bit) CP850.so.debug()(64bit) 
audit.so.debug()(64bit) cap.so.debug()(64bit) default_quota.so.debug()(64bit) 
expand_msdfs.so.debug()(64bit) extd_audit.so.debug()(64bit) 
fake_perms.so.debug()(64bit) full_audit.so.debug()(64bit) 
idmap_rid.so.debug()(64bit) libnss_winbind.so.debug()(64bit) 
libnss_wins.so.debug()(64bit) libsmbclient.so.debug()(64bit) net.debug()(64bit) 
netatalk.so.debug()(64bit) nmbd.debug()(64bit) nmblookup.debug()(64bit) 
ntlm_auth.debug()(64bit) pam_smbpass.so.debug()(64bit) 
pam_winbind.so.debug()(64bit) pdbedit.debug()(64bit) profiles.debug()(64bit) 
readonly.so.debug()(64bit) recycle.so.debug()(64bit) rpcclient.debug()(64bit) 
shadow_copy.so.debug()(64bit) smbcacls.debug()(64bit) smbclient.debug()(64bit) 
smbcontrol.debug()(64bit) smbcquotas.debug()(64bit) smbd.debug()(64bit) 
smbmnt.debug()(64bit) smbmount.debug()(64bit) smbpasswd.debug()(64bit) 
smbspool.debug()(64bit) smbstatus.debug()(64bit) smbtree.debug()(64bit) 
smbumount.debug()(64bit) swat.debug()(64bit) tdbbackup.debug()(64bit) 
tdbdump.debug()(64bit) tdbtool.debug()(64bit) testparm.debug()(64bit) 
wbinfo.debug()(64bit) winbindd.debug()(64bit)
Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 
rpmlib(PayloadFilesHavePrefix) = 4.0-1


RPM build errors:
File not found: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/vfs
File not found: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/lowcase.dat
File not found: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/upcase.dat
File not found: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/valid.dat
File not found by glob: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/charset/CP*.so
File not found by glob: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/idmap/idmap*.so
File not found by glob: 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/*.msg
(pocono pts32) $

All of the missing files are in 
/home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib/samba/.

My question is what is the correct location for these files /usr/lib/samba or 
/usr/lib64/samba? 

Regards,

Tom Diehl   [EMAIL PROTECTED]   Spamtrap address [EMAIL 
PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member

[Sanjay Upadhyay]

Hi Jerry,
I will try to explain what I did and I got the error.
1) downloaded 3.0.20 from 
http://ftp.sernet.de/pub/samba/sles/sles9-i386/samba3-3.0.20-21.i586.rpm
2) Installed it with rpm -Uvh options..
3) My smb.conf and krb5.conf were, as it is from earlier settings (which was 
working with 3.0.14a)
4) Steps to rejoin... (all the logs are attached which were started with 
debug log levels of 10)
#rcsmb stop; rcnmb stop; rcwinbind stop;
#kinit [EMAIL PROTECTED]
[EMAIL PROTECTED]'s Password:
kinit: NOTICE: ticket renewable lifetime is 1 week

# net ads join -U Administrator%DingDong.com -d 10
ads_add_machine_acct: Host account for susles9aa already exists - modifying 
old account
Using short domain name -- HUNGER

# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/bash
daemon:x:2:2:Daemon:/sbin:/bin/bash
lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash
mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
news:x:9:13:News system:/etc/news:/bin/bash
uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
games:x:12:100:Games account:/var/games:/bin/bash
man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash
wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false
sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false
ntp:x:74:65534:NTP daemon:/var/lib/ntp:/bin/false
ldap:x:76:70:User for OpenLDAP:/var/lib/ldap:/bin/bash
nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
arun:x:1000:100:Arun Sharma:/home/arun:/bin/bash
joker:x:1001:1000:Samba Administrator:/home/joker:/bin/false
vvv:x:1002:1001:vvv:/home/vvv:/bin/false
aaa:x:1003:1001:aaa:/home/aaa:/bin/false
a12:x:1004:1001:a12:/home/a12:/bin/false
ggg:x:1005:1001:ggg:/home/ggg:/bin/false
user1:x:1006:1001:user1:/home/user1:/bin/false
user333:x:1007:1001:user333:/home/user333:/bin/false

The AD is Configured on Windows 2003 Enterprise Server, build 3790. There is 
no service pack istalled as such
Please do let me know in case you need any other information.

regards
Sanjay Upadhyay

On 8/22/05, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote:
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Sanjay Upadhyay wrote:
 
 | I have updated samba to 3.0.20, on SLES9. I had a
 | configuration earlier, where SLES9 was a domain member
 | 2003 Server (samba 3.0.14a), everything used
 | to work well earlier. After updating.. I rejoined it to
 | AD there was no errors. However, Clients from windows
 | were unable to access the shares.
 
 | #getent passwd
 | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(36)
 | ===
 | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(37)
 | INTERNAL ERROR: Signal 11 in pid 4746 (3.0.20-0.1-SUSE)
 | Please read the appendix Bugs of the Samba HOWTO collection
 | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(39)
 | ===
 | [2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1548)
 | PANIC: internal error
 | [2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1556)
 | BACKTRACE: 13 stack frames:
 | #0 /usr/sbin/winbindd(smb_panic2+0x1ed) [0x80e2128]
 | #1 /usr/sbin/winbindd(smb_panic+0x25) [0x80e1f35]
 | #2 /usr/sbin/winbindd [0x80cc967]
 | #3 /usr/sbin/winbindd [0x80cc9dd]
 | #4 [0xe420]
 | #5 /usr/sbin/winbindd(winbindd_getpwent+0x1df) [0x8076253]
 
 I really need a level 10 debug log here, or even better,
 a gdb backtrace of winbindd compiled with --enable-debug.
 
 btw...What SP are you running on the server?
 
 
 
 
 
 cheers, jerry
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.0 (GNU/Linux)
 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
 iD8DBQFDCeSDIR7qMdg1EfYRAkLUAJ9bhQNzQVpn3VQ9/Q7DTevNtmbMywCeOxq0
 r0dMsJI8y+BUKn+H7a1ynLw=
 =MzpW
 -END PGP SIGNATURE-
 



-- 
Sanjay Upadhyay
http://saneax.blogspot.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member

[Sanjay Upadhyay]

hi Folks,
Problem Solved.
Just trying to build from source and repeating the steps solved the problem, 
So it seems there are problems with the rpm distribution from sarnet.

regards


On 8/23/05, Sanjay Upadhyay [EMAIL PROTECTED] wrote:
 
 Attaching more debug info... while I connect to Samba Machine from a 
 Windows Client as a Admin User
 
 On 8/23/05, Sanjay Upadhyay  [EMAIL PROTECTED] wrote:
  
  Hi Jerry,
  I will try to explain what I did and I got the error.
  1) downloaded 3.0.20 from 
  http://ftp.sernet.de/pub/samba/sles/sles9-i386/samba3-3.0.20-21.i586.rpm 
  
  2) Installed it with rpm -Uvh options..
  3) My smb.conf and krb5.conf were, as it is from earlier settings (which 
  was working with 3.0.14a)
  4) Steps to rejoin... (all the logs are attached which were started with 
  debug log levels of 10)
  #rcsmb stop; rcnmb stop; rcwinbind stop;
  #kinit [EMAIL PROTECTED]
  [EMAIL PROTECTED]'s Password:
  kinit: NOTICE: ticket renewable lifetime is 1 week
  
  # net ads join -U Administrator%DingDong.com -d 10
  ads_add_machine_acct: Host account for susles9aa already exists - 
  modifying old account
  Using short domain name -- HUNGER
  
  # getent passwd
  root:x:0:0:root:/root:/bin/bash
  bin:x:1:1:bin:/bin:/bin/bash
  daemon:x:2:2:Daemon:/sbin:/bin/bash
  lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash
  mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
  news:x:9:13:News system:/etc/news:/bin/bash
  uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
  games:x:12:100:Games account:/var/games:/bin/bash
  man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
  at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash
  wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
  ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
  postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false
  sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false
  ntp:x:74:65534:NTP daemon:/var/lib/ntp:/bin/false
  ldap:x:76:70:User for OpenLDAP:/var/lib/ldap:/bin/bash
  nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
  arun:x:1000:100:Arun Sharma:/home/arun:/bin/bash
  joker:x:1001:1000:Samba Administrator:/home/joker:/bin/false
  vvv:x:1002:1001:vvv:/home/vvv:/bin/false
  aaa:x:1003:1001:aaa:/home/aaa:/bin/false
  a12:x:1004:1001:a12:/home/a12:/bin/false
  ggg:x:1005:1001:ggg:/home/ggg:/bin/false
  user1:x:1006:1001:user1:/home/user1:/bin/false
  user333:x:1007:1001:user333:/home/user333:/bin/false
  
  The AD is Configured on Windows 2003 Enterprise Server, build 3790. 
  There is no service pack istalled as such
  Please do let me know in case you need any other information.
  
  regards
  Sanjay Upadhyay
  
  On 8/22/05, Gerald (Jerry) Carter [EMAIL PROTECTED]  wrote:
   
   -BEGIN PGP SIGNED MESSAGE-
   Hash: SHA1
   
   Sanjay Upadhyay wrote:
   
   | I have updated samba to 3.0.20, on SLES9. I had a
   | configuration earlier, where SLES9 was a domain member
   | 2003 Server (samba 3.0.14a), everything used
   | to work well earlier. After updating.. I rejoined it to
   | AD there was no errors. However, Clients from windows
   | were unable to access the shares.
   
   | #getent passwd
   | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(36) 
   | ===
   | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(37)
   | INTERNAL ERROR: Signal 11 in pid 4746 (3.0.20-0.1-SUSE)
   | Please read the appendix Bugs of the Samba HOWTO collection 
   | [2005/08/22 15:41:41, 0] lib/fault.c:fault_report(39)
   | ===
   | [2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1548)
   | PANIC: internal error
   | [2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1556) 
   | BACKTRACE: 13 stack frames:
   | #0 /usr/sbin/winbindd(smb_panic2+0x1ed) [0x80e2128]
   | #1 /usr/sbin/winbindd(smb_panic+0x25) [0x80e1f35]
   | #2 /usr/sbin/winbindd [0x80cc967]
   | #3 /usr/sbin/winbindd [0x80cc9dd] 
   | #4 [0xe420]
   | #5 /usr/sbin/winbindd(winbindd_getpwent+0x1df) [0x8076253]
   
   I really need a level 10 debug log here, or even better,
   a gdb backtrace of winbindd compiled with --enable-debug.
   
   btw...What SP are you running on the server? 
   
   
   
   
   
   cheers, jerry
   -BEGIN PGP SIGNATURE-
   Version: GnuPG v1.4.0 (GNU/Linux)
   Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
   
   iD8DBQFDCeSDIR7qMdg1EfYRAkLUAJ9bhQNzQVpn3VQ9/Q7DTevNtmbMywCeOxq0
   r0dMsJI8y+BUKn+H7a1ynLw=
   =MzpW
   -END PGP SIGNATURE-
   
  
  
  
  -- 
  Sanjay Upadhyay
  http://saneax.blogspot.com 
  
  
 
 
 -- 
 Sanjay Upadhyay
 http://saneax.blogspot.com 
 
 


-- 
Sanjay Upadhyay
http://saneax.blogspot.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20 and UserManager

[Bruno Guerreiro]

Hi all.
Just tried to upgrade our test PDC server from 3.0.14a to 3.0.20, and now
i've stumbled in to the following error.
Using the User Manager for Domains causes a Procedure out of range error.
Using DameWare  NT Utilities causes the application to crash.
Tried both in WIN2000 and XP.
If I downgrade to 3.0.14a again everything is OK.
Server Manager works OK in both versions.
I'm trying to use samba-3.0.20, smblda-tools-0.9.1 and openldap-2.2.13 on a
FC3 server.
I may supply a level 10 debug log if necessary.

TIA
Bruno Guerreiro
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 and UserManager

[Robert Schetterer]

Bruno Guerreiro schrieb:


Hi all.
Just tried to upgrade our test PDC server from 3.0.14a to 3.0.20, and now
i've stumbled in to the following error.
Using the User Manager for Domains causes a Procedure out of range error.
Using DameWare  NT Utilities causes the application to crash.
Tried both in WIN2000 and XP.
If I downgrade to 3.0.14a again everything is OK.
Server Manager works OK in both versions.
I'm trying to use samba-3.0.20, smblda-tools-0.9.1 and openldap-2.2.13 on a
FC3 server.
I may supply a level 10 debug log if necessary.

TIA
Bruno Guerreiro
 


Hi,
i had no failures with usrmgr and suse 9.3 with samba ldap pdc after 
upgrade to Samba 3.0.20

just for info.
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba 3.0.20 and UserManager

[Louis van Belle]

Hi i also had this error. 

 Procedure out of range error.

I rebuild the ldap database and problem was solved.

Louis

 

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] 
Namens Robert Schetterer
Verzonden: dinsdag 23 augustus 2005 16:20
Aan: Bruno Guerreiro
CC: samba@lists.samba.org
Onderwerp: Re: [Samba] Samba 3.0.20 and UserManager

Bruno Guerreiro schrieb:

Hi all.
Just tried to upgrade our test PDC server from 3.0.14a to 
3.0.20, and now
i've stumbled in to the following error.
Using the User Manager for Domains causes a Procedure out of 
range error.
Using DameWare  NT Utilities causes the application to crash.
Tried both in WIN2000 and XP.
If I downgrade to 3.0.14a again everything is OK.
Server Manager works OK in both versions.
I'm trying to use samba-3.0.20, smblda-tools-0.9.1 and 
openldap-2.2.13 on a
FC3 server.
I may supply a level 10 debug log if necessary.

TIA
Bruno Guerreiro
  

Hi,
i had no failures with usrmgr and suse 9.3 with samba ldap pdc after 
upgrade to Samba 3.0.20
just for info.
Regards
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba 3.0.20 and UserManager

[Bruno Guerreiro]

Hi,
Rebuild  the ldap database?
With slapcat and slapadd?

Tried that. Didn't work :-(

Any other ideas?

Best Regards,
Bruno Guerreiro

-Original Message-
From: Louis van Belle [mailto:[EMAIL PROTECTED]
Sent: terça-feira, 23 de Agosto de 2005 15:24
To: samba@lists.samba.org
Subject: RE: [Samba] Samba 3.0.20 and UserManager


Hi i also had this error. 

 Procedure out of range error.

I rebuild the ldap database and problem was solved.

Louis

 

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] 
Namens Robert Schetterer
Verzonden: dinsdag 23 augustus 2005 16:20
Aan: Bruno Guerreiro
CC: samba@lists.samba.org
Onderwerp: Re: [Samba] Samba 3.0.20 and UserManager

Bruno Guerreiro schrieb:

Hi all.
Just tried to upgrade our test PDC server from 3.0.14a to 
3.0.20, and now
i've stumbled in to the following error.
Using the User Manager for Domains causes a Procedure out of 
range error.
Using DameWare  NT Utilities causes the application to crash.
Tried both in WIN2000 and XP.
If I downgrade to 3.0.14a again everything is OK.
Server Manager works OK in both versions.
I'm trying to use samba-3.0.20, smblda-tools-0.9.1 and 
openldap-2.2.13 on a
FC3 server.
I may supply a level 10 debug log if necessary.

TIA
Bruno Guerreiro
  

Hi,
i had no failures with usrmgr and suse 9.3 with samba ldap pdc after 
upgrade to Samba 3.0.20
just for info.
Regards
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sanjay Upadhyay wrote:

 Problem Solved.  Just trying to build from source and repeating the 
 steps solved the problem, So it seems there are problems with
 the rpm distribution from sarnet.

Sanjay,

Just to clarify, these RPMs for SLES 9 came from samba.org?
Or for enterprisesamba.com (created by SerNet)?




cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
I never saved anything for the swim back. Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDCzi+IR7qMdg1EfYRAsyQAKDgkBMk1NSB9fMM/SK+X6MLDSW9ywCeJ65B
PDxQymIayr450OyJWIiT7iE=
=ZWk2
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba 3.0.20 and UserManager

[Bruno Guerreiro]

Hi,
I'll do that just for debug purposes.
+1800 Usergroups
+1000 Users
+1000 Computers Accounts

There must be another way :-(

Bruno Guerreiro

-Original Message-
From: Louis van Belle [mailto:[EMAIL PROTECTED]
Sent: terça-feira, 23 de Agosto de 2005 15:59
To: 'Bruno Guerreiro'
Subject: RE: [Samba] Samba 3.0.20 and UserManager


yes, backup al the tdb files of samba and the ldap database.

the try it with a clean enviroment.

Louis
 

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] 
Namens Bruno Guerreiro
Verzonden: dinsdag 23 augustus 2005 16:55
Aan: samba@lists.samba.org
Onderwerp: RE: [Samba] Samba 3.0.20 and UserManager

Hi,
Rebuild  the ldap database?
With slapcat and slapadd?

Tried that. Didn't work :-(

Any other ideas?

Best Regards,
Bruno Guerreiro

-Original Message-
From: Louis van Belle [mailto:[EMAIL PROTECTED]
Sent: terça-feira, 23 de Agosto de 2005 15:24
To: samba@lists.samba.org
Subject: RE: [Samba] Samba 3.0.20 and UserManager


Hi i also had this error. 

 Procedure out of range error.

I rebuild the ldap database and problem was solved.

Louis

 

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] 
Namens Robert Schetterer
Verzonden: dinsdag 23 augustus 2005 16:20
Aan: Bruno Guerreiro
CC: samba@lists.samba.org
Onderwerp: Re: [Samba] Samba 3.0.20 and UserManager

Bruno Guerreiro schrieb:

Hi all.
Just tried to upgrade our test PDC server from 3.0.14a to 
3.0.20, and now
i've stumbled in to the following error.
Using the User Manager for Domains causes a Procedure out of 
range error.
Using DameWare  NT Utilities causes the application to crash.
Tried both in WIN2000 and XP.
If I downgrade to 3.0.14a again everything is OK.
Server Manager works OK in both versions.
I'm trying to use samba-3.0.20, smblda-tools-0.9.1 and 
openldap-2.2.13 on a
FC3 server.
I may supply a level 10 debug log if necessary.

TIA
Bruno Guerreiro
  

Hi,
i had no failures with usrmgr and suse 9.3 with samba ldap pdc after 
upgrade to Samba 3.0.20
just for info.
Regards
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.20 and UserManager

[Guenther Deschner]

On Tue, Aug 23, 2005 at 04:13:16PM +0100, Bruno Guerreiro wrote:
 Hi,
 I'll do that just for debug purposes.
 +1800 Usergroups
 +1000 Users
 +1000 Computers Accounts
 
 There must be another way :-(

Yes, could you please provide a debuglevel 10 log.smbd ? This would allow
to track your problem.

Thanks,
Guenther

-- 
Günther DeschnerGPG-ID: 8EE11688
Novell / SUSE LINUX   [EMAIL PROTECTED]
Samba Team  [EMAIL PROTECTED]


pgpki1JA4Limj.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.20 documentation bug

[Mihail Savitsky]

For all new/modified parameters in smb.conf there are no entries in
man smb.conf

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.20 documentation bug

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mihail Savitsky wrote:
| For all new/modified parameters in smb.conf
| there are no entries in man smb.conf

grrr.not entirely true, but true enough.
Here's how things stack up.

Parameter Name  Docs
- --  --
acl check permissions
acl group control   X
acl map full control
aio read size
aio write size
enable asu support  X
inherit owner   X
map to guestX
max stat cache size X
username map script X
winbindd nss info

So looks like Jeremy and Guenther owe some man
pages updates.


Here's a short explanation:

acl check permissions (S)

Share level parameter for re-enabling the pre-3.0.13
write access checking semantics.

acl map full control (S)

Share level parameter use to determine whether or
not the Unix permissions rwx should be mapped to
the Windows permissions of Full Control

aio read/write size (G)

Threshhold in bytes used to swap over internally
to AIO vs. synchronous disk IO.

winbind nss info (G)

Define the type of service (template, sfu) used for
setting the posix account information such as
home directory and shell information.




cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
I never saved anything for the swim back. Ethan Hawk in Gattaca

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDCcW/IR7qMdg1EfYRAvggAKDWQtsw0sn1l9ZEmR/ZROfSrvq4OgCeJFwI
oE/7f49WAeFTwXGPe1VKua4=
=0rwN
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member

[Sanjay Upadhyay]

Hi folks,
I have updated samba to 3.0.20, on SLES9. I had a configuration earlier, 
where SLES9 was a domain member 2003 Server (samba 3.0.14a), everything used 
to work well earlier. After updating.. I rejoined it to AD there was no 
errors.
However, Clients from windows were unable to access the shares. 
#getent passwd
[2005/08/22 15:41:41, 0] lib/fault.c:fault_report(36)
===
[2005/08/22 15:41:41, 0] lib/fault.c:fault_report(37)
INTERNAL ERROR: Signal 11 in pid 4746 (3.0.20-0.1-SUSE)
Please read the appendix Bugs of the Samba HOWTO collection
[2005/08/22 15:41:41, 0] lib/fault.c:fault_report(39)
===
[2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1548)
PANIC: internal error
[2005/08/22 15:41:41, 0] lib/util.c:smb_panic2(1556)
BACKTRACE: 13 stack frames:
#0 /usr/sbin/winbindd(smb_panic2+0x1ed) [0x80e2128]
#1 /usr/sbin/winbindd(smb_panic+0x25) [0x80e1f35]
#2 /usr/sbin/winbindd [0x80cc967]
#3 /usr/sbin/winbindd [0x80cc9dd]
#4 [0xe420]
#5 /usr/sbin/winbindd(winbindd_getpwent+0x1df) [0x8076253]
#6 /usr/sbin/winbindd [0x8072e9b]
#7 /usr/sbin/winbindd [0x80736af]
#8 /usr/sbin/winbindd [0x8073182]
#9 /usr/sbin/winbindd [0x8073c9b]
#10 /usr/sbin/winbindd(main+0x5de) [0x80745c5]

Any spot lights will be very gratefully followed..
My smb.conf and krb5.conf are herein pasted.

---Smb.conf---
[global]
workgroup = HUNGER
realm = HUNGERFORD.KOL
netbios name = susles9aa
encrypt passwords = Yes
security = ads
winbind uid = 1-3
winbind gid = 1-2
winbind enum users = yes
winbind enum users = yes
winbind cache time = 10
winbind use default domain = yes
winbind enable local accounts = no
nt acl support = yes
password server = *
log file = /home/samba/log/log.%m
log level = 1
template shell = /bin/bash
template homedir = /home/%D/%U
[C]
valid users = @Domain Admins, Administrator
admin users = @Domain Admins, Administrator
comment = Top Level Share
path = /DATA
read only = no
browsable = yes

---krb5.conf---
[libdefaults]
default_realm = HUNGERFORD.KOL

[realms]
HUNGERFORD.KOL = {
kdc = URVASHI:88
}

[domain_realms]
.hungerford.kol = HUNGERFORD.KOL

regards
Sanjay Upadhyay

-- 
Sanjay Upadhyay
http://saneax.blogspot.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba