[Samba] Problem with samba as a member of AD with a trusted domain

[Nathaniel Madura]

First, I am not sure if this is a problem with samba or a misconfiguration 
somewhere along the way in AD. Unfortunately, I am a little peon on a large 
campus who is trying to use samba, so I have to figure out how to make samba 
work with what is in place.

I am using samba 3.5.8 on Ubuntu 11.04

Here is the issue, I have gotten Samba/Winbind to successfully communicate with 
AD and perform authentication and all that jazz. Then I started getting email 
messages about sending 700,000 requests a day to our dns servers. So I started 
digging deeper. It appears that when winbindd starts up and searches the UMROOT 
domain, it finds a trusted domain (MPATHWAYS2). It then tries to track down 
MPATHWAYS2 and is unsuccessful, it receives a NT_STATUS_CONNECTION_REFUSED. 
Because it can't find the domain, it schedules a retry in 30 secs and then 
repeats the whole process. So every 30 seconds it is sending 500+ dns requests 
to the server. (isn't there a caching mechanism?). A small snippet from a 
tcpdump capture of the DNS requests is below.

I have found the variable 'winbind reconnect delay' which I can use to change 
the 30 secs into say 5 minutes, but it is only decreasing the number of 
requests, not really solving any problems. Is there any way for me to tell 
Samba not to look for MPATHWAYS2? 

a full debug dump of what is repeated every reconnect attempt is at 
http://pastebin.com/A3GvYWRp

Thanks,
Nathaniel

-- DNS requests (http://pastebin.com/wqsij79H for all 500+ entries) 
-
10:35:16.081633 IP 10.224.53.248.56483 > dns.umich.edu.domain: 20669+ ? 
itcs-dc01.umich.edu. (50)
10:35:16.082452 IP 10.224.53.248.59121 > dns.umich.edu.domain: 6691+ ? 
itcs-dc01.umich.edu. (50)
10:35:16.083343 IP 10.224.53.248.42311 > dns.umich.edu.domain: 43846+ A? 
itcs-dc01.umich.edu. (50)
10:35:16.084457 IP 10.224.53.248.40043 > dns.umich.edu.domain: 3355+ ? 
itcs-dc02.umich.edu. (50)
10:35:16.085337 IP 10.224.53.248.42704 > dns.umich.edu.domain: 17221+ ? 
itcs-dc02.umich.edu. (50)
10:35:16.086085 IP 10.224.53.248.44859 > dns.umich.edu.domain: 8613+ A? 
itcs-dc02.umich.edu. (50)
10:35:16.087147 IP 10.224.53.248.43603 > dns.umich.edu.domain: 29799+ ? 
itcs-dc03.umich.edu. (50)
10:35:16.088032 IP 10.224.53.248.34606 > dns.umich.edu.domain: 36522+ ? 
itcs-dc03.umich.edu. (50)
10:35:16.088833 IP 10.224.53.248.34569 > dns.umich.edu.domain: 37501+ A? 
itcs-dc03.umich.edu. (50)
10:35:16.089942 IP 10.224.53.248.43461 > dns.umich.edu.domain: 14302+ ? 
itcs-dc04.umich.edu. (50)
10:35:16.091454 IP 10.224.53.248.36589 > dns.umich.edu.domain: 41996+ ? 
itcs-dc04.umich.edu. (50)
10:35:16.092592 IP 10.224.53.248.57894 > dns.umich.edu.domain: 38619+ A? 
itcs-dc04.umich.edu. (50)
10:35:16.096440 IP 10.224.53.248.38878 > dns.umich.edu.domain: 48760+ SRV? 
_kerberos-master._tcp.UMICH.EDU. (62)

-- cat /etc/samba/smb.conf --
[global]
workgroup = UMROOT
realm = UMICH.EDU
netbios name = TRI-BIO-PROFILE
server string = Biosciences Profile Server
interfaces = eth1, localhost
bind interfaces only = Yes
security = ADS
allow trusted domains = No
map to guest = Bad User
password server = itcs-dc01.umich.edu itcs-dc02.umich.edu 
itcs-dc03.umich.edu
restrict anonymous = 2
client NTLMv2 auth = Yes
syslog = 0
log file = /var/log/samba/log.%m
smb ports = 139
name resolve order = lmhosts wins host
dns proxy = No
wins server = 141.213.143.150, 141.213.238.150
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 1-6
idmap gid = 1-6
template shell = /bin/bash
winbind reconnect delay = 300
winbind enum users = Yes
winbind enum groups = Yes

[ProfileStore]
comment = Users profiles
path = /shares/profiles
read only = No
create mask = 0600
strict locking = No


---
Nathaniel Madura
Engineer in Research
UMTRI - Biosciences Division
2901 Baxter Rd
Ann Arbor, MI 48109
W: 734-936-1109 F: 734-647-3330
nmad...@umich.edu


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with samba share file permissions: Write protection is not working as expected

[raj kernel]

Thanks for the solution TAKAHASHI Motonobu.

Removing "guest account = root" line from smb.conf fixed the problem.

Thanks once again.

On Wed, Aug 3, 2011 at 8:26 PM, TAKAHASHI Motonobu  wrote:

> From: raj kernel 
> Date: Wed, 3 Aug 2011 20:11:20 +0530
>
> > Thanks for the reply. Here is the info you have requested for.
> >
> > cat /usr/local/samba/lib/smb.conf
> > -
> > [global]
> (snip)
> > security = share
> (snip)
> > guest account = root
>
> (snip)
>
> >[data1]
> > path = /mnt/data1
> > guest ok = yes
>
> (snip)
>
> > I have created two subdir's 'private' and 'public' under /mnt/data1.
> > public has all access permissions '777', but private has only read
> > permissions.
> > I am able to write/create files to both 'public' as well as
> > 'private' directory when these shares are accessed from Windows7
> > machine.
>
> You set "guest account = root" and "guest ok = yes", so all accesses
> are made as root.
>
> Thus you can always access every files regardless of permissions.
>
> ---
> TAKAHASHI Motonobu 
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with samba share file permissions: Write protection is not working as expected

[raj kernel]

Dear TAKAHASHI Motonobu,

Thanks for the reply. Here is the info you have requested for.

cat /usr/local/samba/lib/smb.conf
-
[global]
server string = Star's 9100 Samba TEST Server
security = share
socket options = TCP_NODELAY IPTOS_LOWDELAY
max xmit = 65535
read size = 65535
interfaces = eth0
dns proxy = no
guest account = root
use mmap = yes
large readwrite = yes

ls output
--
# ls -la /mnt/data1
total 1
drwxr-xr-x4 root root33 Jan  1 05:09 .
drwxr-xr-x   12 root root  1024 Jan  1 00:26 ..
dr2 root root21 Jan  1 05:11 private
drwxr-xr-x2 root root21 Jan  1 05:11 public
#

Please let me know if you need any additional information.




On Wed, Aug 3, 2011 at 7:54 PM, TAKAHASHI Motonobu  wrote:

> From: raj kernel 
> Date: Wed, 3 Aug 2011 18:35:16 +0530
>
> > I have configured samba server on a Linux machine. My smb.conf for the
> samba
> > share is as follows:
> >
> > [data1]
> > path = /mnt/data1
> > guest ok = yes
> > public = yes
> > writable  = yes
> > read only = no
> > create mode = 0777
> > directory mode = 0777
> > printable = no
> >
> > I have created two subdir's 'private' and 'public' under /mnt/data1.
> public
> > has all access permissions '777', but private has only read permissions.
> > I am able to write/create files to both 'public' as well as 'private'
> > directory when these shares are accessed from Windows7 machine.
> Write/create
> > operation has to be denied for 'private' dir as it only has 'read'
> > permission enabled, but it's not denied, file write/create operation
> still
> > succeeds :(
> >
> > Could someone help me what am I missing?
> > Do I need to add ACL support to my file system and samba for the
> > directory/read permissions to work?
>
> It seems that your "data1" configuration is not bad.
> Show the result of "ls -la /mnt/data1" and your global section.
>
> ---
> TAKAHASHI Motonobu 
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with samba share file permissions: Write protection is not working as expected

[TAKAHASHI Motonobu]

From: raj kernel 
Date: Wed, 3 Aug 2011 20:11:20 +0530

> Thanks for the reply. Here is the info you have requested for.
> 
> cat /usr/local/samba/lib/smb.conf
> -
> [global]
(snip)
> security = share
(snip)
> guest account = root

(snip)

>[data1]
> path = /mnt/data1
> guest ok = yes

(snip)

> I have created two subdir's 'private' and 'public' under /mnt/data1.
> public has all access permissions '777', but private has only read
> permissions.
> I am able to write/create files to both 'public' as well as
> 'private' directory when these shares are accessed from Windows7
> machine.

You set "guest account = root" and "guest ok = yes", so all accesses
are made as root.

Thus you can always access every files regardless of permissions.

---
TAKAHASHI Motonobu 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with samba share file permissions: Write protection is not working as expected

[TAKAHASHI Motonobu]

From: raj kernel 
Date: Wed, 3 Aug 2011 18:35:16 +0530

> I have configured samba server on a Linux machine. My smb.conf for the samba
> share is as follows:
> 
> [data1]
> path = /mnt/data1
> guest ok = yes
> public = yes
> writable  = yes
> read only = no
> create mode = 0777
> directory mode = 0777
> printable = no
> 
> I have created two subdir's 'private' and 'public' under /mnt/data1. public
> has all access permissions '777', but private has only read permissions.
> I am able to write/create files to both 'public' as well as 'private'
> directory when these shares are accessed from Windows7 machine. Write/create
> operation has to be denied for 'private' dir as it only has 'read'
> permission enabled, but it's not denied, file write/create operation still
> succeeds :(
> 
> Could someone help me what am I missing?
> Do I need to add ACL support to my file system and samba for the
> directory/read permissions to work?

It seems that your "data1" configuration is not bad.
Show the result of "ls -la /mnt/data1" and your global section.

---
TAKAHASHI Motonobu 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Problem with samba + AD Win. 2003

[Nicolas QUINQUIS]

Hi,

Since 2 week, I try to join my Ubuntu server to an Domain Controller 2003
with krb, samba and winbind but even I try, I fail.

In fact, when I make a ticket with kerberos (kinit usern...@domain.lan),
it's a right but after, when I do :
net join administrat...@domain.lan, there is an error like :

[2011/07/08 15:16:02.638124,  0] libads/sasl.c:821(ads_sasl_spnego_bind)
   kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid
credentials
Failed to join domain: failed to connect to AD: Invalid credentials
ADS join did not work, falling back to RPC...

Can you help me please?

Thx a lot,

Nicolas
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] problem with samba 3.5.6 try to join W2K8 solve

[zorg]

sorry for the mistake
I  meant with ADS
In fact the problem is the domain controller in have use in my conf was 
a second controller in read only so it could not  work


thank

Le 02/03/2011 13:58, zorg a écrit :

hi,
 I trying to join a samba 3.5.6 (debian) on a domain W2K8 without 
kerberos followin the wiki page 
(http://wiki.samba.org/index.php/Samba_&_Active_Directory)
using net ads join i've got this error Failed to join domain: failed 
to join domain 'MYDOMAIN.COM' over rpc: NT_STATUS_NOT_SUPPORTED


conf in /etc/smb.conf
  workgroup = MYDOMAIN

   server string = %h server
# allow trusted domains = no
   realm =   MYDOMAIN.COM
   password server = mntphone001.mydomain.com
preferred master = no
   security = ADS
   encrypt passwords = yes
   log level = 5
   log file = /var/log/samba/%m
   max log size = 50
   printcap name = cups
   printing = cups
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   winbind separator = +
   idmap uid = 2000-2
   idmap gid = 2000-2
client use spnego = yes
  ;template primary group = "Domain Users"
   template shell = /bin/bash
   auth methods = winbind


log i have when i do
net ads join  -Umylogin%passwd -S mntphone001.mydomain.com -d 2
  rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
[2011/03/02 13:24:00.801641,  2] lib/interface.c:340(add_interface)
  added interface eth0 ip=fe80::213:72ff:fe56:6db6%eth0 
bcast=fe80:::::%eth0 netmask=:::::

[2011/03/02 13:24:00.801787,  2] lib/interface.c:340(add_interface)
  added interface eth0 ip=172.23.36.4 bcast=172.23.36.255 
netmask=255.255.255.0

[2011/03/02 13:24:00.802018,  1] libnet/libnet_join.c:1947(libnet_Join)
  libnet_Join:
  libnet_JoinCtx: struct libnet_JoinCtx
  in: struct libnet_JoinCtx
  dc_name  : 'mntphone001.mydomain.com'
  machine_name : 'MNTSLX001'
  domain_name  : *
  domain_name  : 'MYDOMAIN.COM'
  account_ou   : NULL
  admin_account: 'mylogin'
  admin_password   : *
  machine_password : NULL
  join_flags   : 0x0023 (35)
 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
  os_version   : NULL
  os_name  : NULL
  create_upn   : 0x00 (0)
  upn  : NULL
  modify_config: 0x00 (0)
  ads  : NULL
  debug: 0x01 (1)
  use_kerberos : 0x00 (0)
  secure_channel_type  : SEC_CHAN_WKSTA (2)
[2011/03/02 13:24:00.814776,  1] libnet/libnet_join.c:1978(libnet_Join)
  libnet_Join:
  libnet_JoinCtx: struct libnet_JoinCtx
  out: struct libnet_JoinCtx
  account_name : NULL
  netbios_domain_name  : 'MYDOMAIN'
  dns_domain_name  : 'mydomain.com'
  forest_name  : 'root.com'
  dn   : NULL
  domain_sid   : *
  domain_sid   : 
S-1-5-21-796845957-790525478-725345543

  modified_config  : 0x00 (0)
  error_string : 'failed to join domain 
'MYDOMAIN.COM' over rpc: NT_STATUS_NOT_SUPPORTED'

  domain_is_ad : 0x01 (1)
  result   : WERR_NOT_SUPPORTED
[2011/03/02 13:24:00.815116,  2] utils/net.c:916(main)
  return code = -1
Failed to join domain: failed to join domain 'MYDOMAIN.COM' over rpc: 
NT_STATUS_NOT_SUPPORTED




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] problem with samba 3.5.6 try to join W2K8

[tms3]

hi,
   I trying to join a samba 3.5.6 (debian) on a domain W2K8 without
kerberos followin the wiki page
(http://wiki.samba.org/index.php/Samba_&_Active_Directory)
using net ads join

ads implies kerberos




i've got this error Failed to join domain: failed to
join domain 'MYDOMAIN.COM' over rpc: NT_STATUS_NOT_SUPPORTED

conf in /etc/smb.conf
 workgroup = MYDOMAIN

   server string = %h server
# allow trusted domains = no
   realm =   MYDOMAIN.COM
   password server = mntphone001.mydomain.com
 preferred master = no
   security = ADS
   encrypt passwords = yes
   log level = 5
   log file = /var/log/samba/%m
   max log size = 50
   printcap name = cups
   printing = cups
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   winbind separator = +
   idmap uid = 2000-2
   idmap gid = 2000-2
 client use spnego = yes
 ;template primary group = "Domain Users"
   template shell = /bin/bash
   auth methods = winbind


log i have when i do
net ads join  -Umylogin%passwd -S mntphone001.mydomain.com -d 2
 rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
[2011/03/02 13:24:00.801641,  2] lib/interface.c:340(add_interface)
 added interface eth0 ip=fe80::213:72ff:fe56:6db6%eth0
bcast=fe80:::::%eth0 netmask=:::::
[2011/03/02 13:24:00.801787,  2] lib/interface.c:340(add_interface)
 added interface eth0 ip=172.23.36.4 bcast=172.23.36.255
netmask=255.255.255.0
[2011/03/02 13:24:00.802018,  1] 
libnet/libnet_join.c:1947(libnet_Join)

 libnet_Join:
 libnet_JoinCtx: struct libnet_JoinCtx
 in: struct libnet_JoinCtx
 dc_name  : 
'mntphone001.mydomain.com'

 machine_name : 'MNTSLX001'
 domain_name  : *
 domain_name  : 
'MYDOMAIN.COM'

 account_ou   : NULL
 admin_account: 'mylogin'
 admin_password   : *
 machine_password : NULL
 join_flags   : 0x0023 
(35)
   0: 
WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
   0: 
WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
   0: 
WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
   0: 
WKSSVC_JOIN_FLAGS_DEFER_SPN
   0: 
WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
   0: 
WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
   1: 
WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
   0: 
WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
   0: 
WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
   1: 
WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
   1: 
WKSSVC_JOIN_FLAGS_JOIN_TYPE

 os_version   : NULL
 os_name  : NULL
 create_upn   : 0x00 (0)
 upn  : NULL
 modify_config: 0x00 (0)
 ads  : NULL
 debug: 0x01 (1)
 use_kerberos : 0x00 (0)
 secure_channel_type  : SEC_CHAN_WKSTA 
(2)
[2011/03/02 13:24:00.814776,  1] 
libnet/libnet_join.c:1978(libnet_Join)

 libnet_Join:
 libnet_JoinCtx: struct libnet_JoinCtx
 out: struct libnet_JoinCtx
 account_name : NULL
 netbios_domain_name  : 'MYDOMAIN'
 dns_domain_name  : 'mydomain.com'
 forest_name  : 'root.com'
 dn   : NULL
 domain_sid   : *
 domain_sid   :
S-1-5-21-796845957-790525478-725345543
 modified_config  : 0x00 (0)
 error_string : 'failed to 
join domain

'MYDOMAIN.COM' over rpc: NT_STATUS_NOT_SUPPORTED'
 domain_is_ad : 0x01 (1)
 result   : 
WERR_NOT_SUPPORTED

[2011/03/02 13:24:00.815116,  2] utils/net.c:916(main)
 return code = -1
Failed to j

[Samba] problem with samba 3.5.6 try to join W2K8

[zorg]

hi,
 I trying to join a samba 3.5.6 (debian) on a domain W2K8 without 
kerberos followin the wiki page 
(http://wiki.samba.org/index.php/Samba_&_Active_Directory)
using net ads join i've got this error Failed to join domain: failed to 
join domain 'MYDOMAIN.COM' over rpc: NT_STATUS_NOT_SUPPORTED


conf in /etc/smb.conf
  workgroup = MYDOMAIN

   server string = %h server
# allow trusted domains = no
   realm =   MYDOMAIN.COM
   password server = mntphone001.mydomain.com
preferred master = no
   security = ADS
   encrypt passwords = yes
   log level = 5
   log file = /var/log/samba/%m
   max log size = 50
   printcap name = cups
   printing = cups
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   winbind separator = +
   idmap uid = 2000-2
   idmap gid = 2000-2
client use spnego = yes
  ;template primary group = "Domain Users"
   template shell = /bin/bash
   auth methods = winbind


log i have when i do
net ads join  -Umylogin%passwd -S mntphone001.mydomain.com -d 2
  rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
[2011/03/02 13:24:00.801641,  2] lib/interface.c:340(add_interface)
  added interface eth0 ip=fe80::213:72ff:fe56:6db6%eth0 
bcast=fe80:::::%eth0 netmask=:::::

[2011/03/02 13:24:00.801787,  2] lib/interface.c:340(add_interface)
  added interface eth0 ip=172.23.36.4 bcast=172.23.36.255 
netmask=255.255.255.0

[2011/03/02 13:24:00.802018,  1] libnet/libnet_join.c:1947(libnet_Join)
  libnet_Join:
  libnet_JoinCtx: struct libnet_JoinCtx
  in: struct libnet_JoinCtx
  dc_name  : 'mntphone001.mydomain.com'
  machine_name : 'MNTSLX001'
  domain_name  : *
  domain_name  : 'MYDOMAIN.COM'
  account_ou   : NULL
  admin_account: 'mylogin'
  admin_password   : *
  machine_password : NULL
  join_flags   : 0x0023 (35)
 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
  os_version   : NULL
  os_name  : NULL
  create_upn   : 0x00 (0)
  upn  : NULL
  modify_config: 0x00 (0)
  ads  : NULL
  debug: 0x01 (1)
  use_kerberos : 0x00 (0)
  secure_channel_type  : SEC_CHAN_WKSTA (2)
[2011/03/02 13:24:00.814776,  1] libnet/libnet_join.c:1978(libnet_Join)
  libnet_Join:
  libnet_JoinCtx: struct libnet_JoinCtx
  out: struct libnet_JoinCtx
  account_name : NULL
  netbios_domain_name  : 'MYDOMAIN'
  dns_domain_name  : 'mydomain.com'
  forest_name  : 'root.com'
  dn   : NULL
  domain_sid   : *
  domain_sid   : 
S-1-5-21-796845957-790525478-725345543

  modified_config  : 0x00 (0)
  error_string : 'failed to join domain 
'MYDOMAIN.COM' over rpc: NT_STATUS_NOT_SUPPORTED'

  domain_is_ad : 0x01 (1)
  result   : WERR_NOT_SUPPORTED
[2011/03/02 13:24:00.815116,  2] utils/net.c:916(main)
  return code = -1
Failed to join domain: failed to join domain 'MYDOMAIN.COM' over rpc: 
NT_STATUS_NOT_SUPPORTED


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP

[Claudio Prono]

Ok thanks, i have resolved it...now the samba+ldap part as domain
controller works like a charm!

Thank you to all.

Claudio.


Dale Schroeder ha scritto:
> Claudio,
>
> Your problems may arise from the fact that you have set the
> "workgroup" and "netbios name" to identical values.
>
> [global]
> workgroup = MEDIADC
> netbios name = MEDIADC
>
>
> See the last sentence of this link:
>
> On 09/28/2010 4:06 AM, Claudio Prono wrote:
> http://oreilly.com/catalog/samba/chapter/book/ch04_04.html
>
> Dale
>
>
>> Ok, now the join to the domain works, but when i create a new user, and
>> i try to login to the Windows XP domain, the windows says to me "Unable
>> to access. A periferic is not working". (sorry for the poor  traduction,
>> but my windows  is in italian). Into the  samba logs i read this:
>>
>> [2010/09/28 10:07:45.795892,  2] smbd/reply.c:536(reply_special)
>>netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0
>> [2010/09/28 10:07:45.796139,  2] smbd/reply.c:547(reply_special)
>>netbios connect: local=mediadc remote=testafs, name type = 0
>> [2010/09/28 10:07:45.799185,  2]
>> smbd/sesssetup.c:1390(setup_new_vc_session)
>>setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all old resources.
>> [2010/09/28 10:07:45.801093,  2]
>> smbd/sesssetup.c:1390(setup_new_vc_session)
>>setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all old resources.
>> [2010/09/28 10:07:45.801767,  2]
>> lib/smbldap.c:950(smbldap_open_connection)
>>smbldap_open_connection: connection opened
>> [2010/09/28 10:07:45.865629,  2]
>> passdb/pdb_ldap.c:572(init_sam_from_ldap)
>>init_sam_from_ldap: Entry found for user: AFS
>> [2010/09/28 10:07:45.872442,  2] auth/auth.c:304(check_ntlm_password)
>>check_ntlm_password:  authentication for user [AFS] ->  [AFS] -> 
>> [AFS]
>> succeeded
>> [2010/09/28 10:07:45.872630,  1]
>> rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base)
>>_netr_LogonSamLogon: user MEDIADC\AFS has user sid
>> S-1-5-21-3218914170-3340994528-1537192846-3010
>> but group sid S-1-5-21-1949818787-1514111066-129980733-513.
>>The conflicting domain portions are not supported for NETLOGON calls
>>
>> This is my testparm (actually):
>>
>> [global]
>>  workgroup = MEDIADC
>>  netbios name = MEDIADC
>>  map to guest = Bad User
>>  passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri
>>  log level = 2
>>  printcap name = cups
>>  add user script = /usr/sbin/ldapsmb -a -u "%u" -smbacct
>> --makehomedir --homedir /home/%u -f
>>  delete user script = /usr/sbin/ldapsmb -d -u "%u" -f
>>  add group script = /usr/sbin/ldapsmb -a -g "%g" -f
>>  delete group script = /usr/sbin/ldapsmb -d -g "%g" -f
>>  add user to group script = /usr/sbin/ldapsmb -j -u "%u" -g
>> "%g" -f
>>  delete user from group script = /usr/sbin/ldapsmb -r -u "%u" -g
>> "%g" -f
>>  add machine script = "/usr/sbin/ldapsmb -a -wks %u -f"
>>  logon path = \\%L\profiles\.msprofile
>>  logon drive = P:
>>  logon home = \\%L\%U\.9xprofile
>>  domain logons = Yes
>>  os level = 99
>>  preferred master = Yes
>>  domain master = Yes
>>  wins support = Yes
>>  ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
>>  ldap group suffix = ou=group
>>  ldap idmap suffix = ou=Idmap
>>  ldap machine suffix = ou=Machines
>>  ldap passwd sync = yes
>>  ldap suffix = dc=mediaservice-test,dc=pri
>>  ldap ssl = no
>>  ldap user suffix = ou=people
>>  usershare allow guests = Yes
>>  idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
>>  cups options = raw
>>
>> [homes]
>>  comment = Home Directories
>>  valid users = %S, %D%w%S
>>  read only = No
>>  inherit acls = Yes
>>  browseable = No
>>
>> [profiles]
>>  comment = Network Profiles Service
>>  path = %H
>>  read only = No
>>  create mask = 0600
>>  directory mask = 0700
>>  store dos attributes = Yes
>>
>> [users]
>>  comment = All users
>>  path = /home
>>  read only = No
>>  inherit acls = Yes
>>  veto files = /aquota.user/groups/shares/
>>
>> [groups]
>>  comment = All groups
>>  path = /home/groups
>>  read only = No
>>  inherit acls = Yes
>>
>> [printers]
>>  comment = All Printers
>>  path = /var/tmp
>>  create mask = 0600
>>  printable = Yes
>>  browseable = No
>>
>> [print$]
>>  comment = Printer Drivers
>>  path = /var/lib/samba/drivers
>>  write list = @ntadmin, root
>>  force group = ntadmin
>>  create mask = 0664
>>  directory mask = 0775
>>
>> [netlogon]
>>  comment = N

Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP

[Dale Schroeder]

Claudio,

Your problems may arise from the fact that you have set the "workgroup" 
and "netbios name" to identical values.


[global]
workgroup = MEDIADC
netbios name = MEDIADC


See the last sentence of this link:

On 09/28/2010 4:06 AM, Claudio Prono wrote:
http://oreilly.com/catalog/samba/chapter/book/ch04_04.html

Dale



Ok, now the join to the domain works, but when i create a new user, and
i try to login to the Windows XP domain, the windows says to me "Unable
to access. A periferic is not working". (sorry for the poor  traduction,
but my windows  is in italian). Into the  samba logs i read this:

[2010/09/28 10:07:45.795892,  2] smbd/reply.c:536(reply_special)
   netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0
[2010/09/28 10:07:45.796139,  2] smbd/reply.c:547(reply_special)
   netbios connect: local=mediadc remote=testafs, name type = 0
[2010/09/28 10:07:45.799185,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/28 10:07:45.801093,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/28 10:07:45.801767,  2] lib/smbldap.c:950(smbldap_open_connection)
   smbldap_open_connection: connection opened
[2010/09/28 10:07:45.865629,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
   init_sam_from_ldap: Entry found for user: AFS
[2010/09/28 10:07:45.872442,  2] auth/auth.c:304(check_ntlm_password)
   check_ntlm_password:  authentication for user [AFS] ->  [AFS] ->  [AFS]
succeeded
[2010/09/28 10:07:45.872630,  1]
rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base)
   _netr_LogonSamLogon: user MEDIADC\AFS has user sid
S-1-5-21-3218914170-3340994528-1537192846-3010
but group sid S-1-5-21-1949818787-1514111066-129980733-513.
   The conflicting domain portions are not supported for NETLOGON calls

This is my testparm (actually):

[global]
 workgroup = MEDIADC
 netbios name = MEDIADC
 map to guest = Bad User
 passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri
 log level = 2
 printcap name = cups
 add user script = /usr/sbin/ldapsmb -a -u "%u" -smbacct
--makehomedir --homedir /home/%u -f
 delete user script = /usr/sbin/ldapsmb -d -u "%u" -f
 add group script = /usr/sbin/ldapsmb -a -g "%g" -f
 delete group script = /usr/sbin/ldapsmb -d -g "%g" -f
 add user to group script = /usr/sbin/ldapsmb -j -u "%u" -g "%g" -f
 delete user from group script = /usr/sbin/ldapsmb -r -u "%u" -g
"%g" -f
 add machine script = "/usr/sbin/ldapsmb -a -wks %u -f"
 logon path = \\%L\profiles\.msprofile
 logon drive = P:
 logon home = \\%L\%U\.9xprofile
 domain logons = Yes
 os level = 99
 preferred master = Yes
 domain master = Yes
 wins support = Yes
 ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
 ldap group suffix = ou=group
 ldap idmap suffix = ou=Idmap
 ldap machine suffix = ou=Machines
 ldap passwd sync = yes
 ldap suffix = dc=mediaservice-test,dc=pri
 ldap ssl = no
 ldap user suffix = ou=people
 usershare allow guests = Yes
 idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
 cups options = raw

[homes]
 comment = Home Directories
 valid users = %S, %D%w%S
 read only = No
 inherit acls = Yes
 browseable = No

[profiles]
 comment = Network Profiles Service
 path = %H
 read only = No
 create mask = 0600
 directory mask = 0700
 store dos attributes = Yes

[users]
 comment = All users
 path = /home
 read only = No
 inherit acls = Yes
 veto files = /aquota.user/groups/shares/

[groups]
 comment = All groups
 path = /home/groups
 read only = No
 inherit acls = Yes

[printers]
 comment = All Printers
 path = /var/tmp
 create mask = 0600
 printable = Yes
 browseable = No

[print$]
 comment = Printer Drivers
 path = /var/lib/samba/drivers
 write list = @ntadmin, root
 force group = ntadmin
 create mask = 0664
 directory mask = 0775

[netlogon]
 comment = Network Logon Service
 path = /var/lib/samba/netlogon
 write list = root

How i can debug what is wrong?

Any suggestion?

Cordially,

Claudio Prono.




Gaiseric Vandal ha scritto:

Wait, you are using samba with openldap backend.

Why are you using useradd ??? with this backend you need smbldap instead.
like this:

 passdb backend = ldapsam:ldap://your ldap server
 ldap passwd sync = yes
 ldap delete dn = Yes
 ldap admin dn = cn=root,dc=domain,dc=com,dc=br
 ldap

Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP

[Daniel Müller]

On Mon, 27 Sep 2010 17:08:12 +0200, Claudio Prono

wrote:
> Gaiseric Vandal ha scritto:
>> Do you have an underlying unix account for the pc (eg SOMEMACHINE$)
>>
>> It is possible to configure scripts that the unix account is created
>> by samba if necessary when samba creates the "Windows" account for the
>> machine.  I don't have it set up this way, so I need to create the
>> unix account 1st.
>>
> add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
> /bin/false %m$
> 
> This script automatically add the machine if needed, or i am wrong ?
>> Also, I found that since the underlying unix OS may need validate the
>> machine account,  I put my machine accounts in either the same ldap ou
>> as people (or in a sub ou.)  ("getent passwd" command may need to show
>> your machine accounts as well as people accounts.)
>>
>> If you have manually created the unix account for the machine, can you
>> them manually create the samba account for it
>>
>> e.g. smbpasswd -m -a SOMEMACHINE
>>
>> (I think you leave the $ off .)
>>
>>
>> I use LDAP for both "unix" and "windows" clients so my config choices
>> may not be applicable to a windows-only client environment.
>>
>>
>> On 09/27/2010 09:59 AM, Claudio Prono wrote:
>>> Hello all,
>>>
>>> I have some problems to make work a configuration like Samba and
>>> OpenLDAP as domain controller. My operative system is OpenSuSE 11.3.
>>>
>>> Here is my testparm:
>>>
>>> [global]
>>>  workgroup = MEDIADC
>>>  netbios name = MEDIADC
>>>  map to guest = Bad User
>>>  passdb backend =
ldapsam:ldap://afs-test.mediaservice-test.pri
>>>  log level = 2
>>>  printcap name = cups
>>>  add machine script = /usr/sbin/useradd  -c Machine -d
>>> /var/lib/nobody -s /bin/false %m$
>>>  logon path = \\%L\profiles\.msprofile
>>>  logon drive = P:
>>>  logon home = \\%L\%U\.9xprofile
>>>  domain logons = Yes
>>>  os level = 65
>>>  preferred master = Yes
>>>  domain master = Yes
>>>  wins support = Yes
>>>  ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
>>>  ldap group suffix = ou=group
>>>  ldap idmap suffix = ou=Idmap
>>>  ldap machine suffix = ou=Machines
>>>  ldap passwd sync = yes
>>>  ldap suffix = dc=mediaservice-test,dc=pri
>>>  ldap ssl = no
>>>  ldap user suffix = ou=people
>>>  usershare allow guests = Yes
>>>  idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
>>>  idmap uid = 1000-6
>>>  idmap gid = 1000-6
>>>  cups options = raw
>>>
>>> [homes]
>>>  comment = Home Directories
>>>  valid users = %S, %D%w%S
>>>  read only = No
>>>  inherit acls = Yes
>>>  browseable = No
>>>
>>> [profiles]
>>>  comment = Network Profiles Service
>>>  path = %H
>>>  read only = No
>>>  create mask = 0600
>>>  directory mask = 0700
>>>  store dos attributes = Yes
>>>
>>> [users]
>>>  comment = All users
>>>  path = /home
>>>  read only = No
>>>  inherit acls = Yes
>>>  veto files = /aquota.user/groups/shares/
>>>
>>> [groups]
>>>  comment = All groups
>>>  path = /home/groups
>>>  read only = No
>>>  inherit acls = Yes
>>>
>>> [printers]
>>>  comment = All Printers
>>>  path = /var/tmp
>>>  create mask = 0600
>>>  printable = Yes
>>>  browseable = No
>>>
>>> [print$]
>>>  comment = Printer Drivers
>>>  path = /var/lib/samba/drivers
>>>  write list = @ntadmin, root
>>>  force group = ntadmin
>>>  create mask = 0664
>>>  directory mask = 0775
>>>
>>> [netlogon]
>>>  comment = Network Logon Service
>>>  path = /var/lib/samba/netlogon
>>>  write list = root
>>>
>>> If i try to join a windows xp into the domain i have this results:
>>>
>>> [2010/09/27 14:58:52.229946,  0]
>>> lib/util_sock.c:1432(get_peer_addr_internal)
>>>getpeername failed. Error was Transport endpoint is not connected
>>> [2010/09/27 14:58:52.233371,  2] smbd/reply.c:536(reply_special)
>>>netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0
>>> [2010/09/27 14:58:52.233498,  2] smbd/reply.c:547(reply_special)
>>>netbios connect: local=mediadc remote=testafs, name type = 0
>>> [2010/09/27 14:58:52.234068,  2]
>>> smbd/sesssetup.c:1390(setup_new_vc_session)
>>>setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close
>>> all old resources.
>>> [2010/09/27 14:58:52.233647,  0] lib/util_sock.c:675(write_data)
>>> [2010/09/27 14:58:52.234876,  0]
>>> lib/util_sock.c:1432(get_peer_addr_internal)
>>>getpeername failed. Error was Transport endpoint is not connected
>>>write_data: write failure in writing to client 0.0.0.0. Error
>>> Connection reset by

Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP

[Gaiseric Vandal]

The default user add script in samba may not be quiet appropriate for 
creating local users on your particular platform.   How do you manually 
create local users?  Does it match up to how the scripts are trying to 
do it?


You may need to read thru the openldap documentation to see the 
appropriate commands for creating ldap users (I use Sun Directory Server 
not openldap .)


Alternately, you could use an LDIF file as a template for a new user, 
and just import the user.   I use apache directory studio for LDAP 
management.


Below is an example of a unix user, before the samba account has been 
created.   (Unix password would also need to be set.)



dn: uid=jsmith,ou=people,o=mycompany.com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: shadowAccount
cn: John Smith
gidNumber: 500
homeDirectory: /home/smith
sn: Smith
uid: jsmith
uidNumber: 301
c: US
displayName: John Smith
facsimileTelephoneNumber: 888-555-1212
gecos: John Smith
givenName: John
l: Woburn
loginShell: /bin/tcsh
mail: john.sm...@mycompany.com
mail: jsm...@mycompany.com
mobile: UNKNOWN
o: My Company
postalCode: 12345
st: CA
street: 500 Pretroli Aiv
telephoneNumber: 888-555-1212
userPassword:




On 09/27/2010 12:15 PM, Claudio Prono wrote:


Gaiseric Vandal ha scritto:
   

You user script may be adding a LOCAL unix account (in /etc/passwd.)
Do you see the accounts in there?   You may need to custom script that
adds the accounts to ldap.

 

The strange thing is i don't see a local account, like the script is not
executed
   

The following may help

https://gna.org/projects/smbldap-tools/


 

Ok, i'll take a look, thank you.
   

Remember, that being root on your unix system does not automatically
make you LDAP admin.

If you have a single server then having your unix may be OK-  samba
will match the samba user to the unix user via the user id.I have
multiple server so I use LDAP for unix accounts (previously used
NIS.)   So now an LDAP user has both windows and unix account info.

 

If i try to add a user to LDAP manually, and try something like

smbclient -L localhost -U user

The user is authenticated perfectly...so the samba-ldap authentication
seems to work The problem is the automatic user and machine add, i
don't realize why it don't work...
   




On 09/27/2010 11:08 AM, Claudio Prono wrote:
 

Gaiseric Vandal ha scritto:

   

Do you have an underlying unix account for the pc (eg SOMEMACHINE$)

It is possible to configure scripts that the unix account is created
by samba if necessary when samba creates the "Windows" account for the
machine.  I don't have it set up this way, so I need to create the
unix account 1st.


 

add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
/bin/false %m$

This script automatically add the machine if needed, or i am wrong ?

   

Also, I found that since the underlying unix OS may need validate the
machine account,  I put my machine accounts in either the same ldap ou
as people (or in a sub ou.)  ("getent passwd" command may need to show
your machine accounts as well as people accounts.)

If you have manually created the unix account for the machine, can you
them manually create the samba account for it

  e.g. smbpasswd -m -a SOMEMACHINE

  (I think you leave the $ off .)


I use LDAP for both "unix" and "windows" clients so my config choices
may not be applicable to a windows-only client environment.


On 09/27/2010 09:59 AM, Claudio Prono wrote:

 

Hello all,

I have some problems to make work a configuration like Samba and
OpenLDAP as domain controller. My operative system is OpenSuSE 11.3.

Here is my testparm:

[global]
   workgroup = MEDIADC
   netbios name = MEDIADC
   map to guest = Bad User
   passdb backend =
ldapsam:ldap://afs-test.mediaservice-test.pri
   log level = 2
   printcap name = cups
   add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
   logon path = \\%L\profiles\.msprofile
   logon drive = P:
   logon home = \\%L\%U\.9xprofile
   domain logons = Yes
   os level = 65
   preferred master = Yes
   domain master = Yes
   wins support = Yes
   ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
   ldap group suffix = ou=group
   ldap idmap suffix = ou=Idmap
   ldap machine suffix = ou=Machines
   ldap passwd sync = yes
   ldap suffix = dc=mediaservice-test,dc=pri
   ldap ssl = no
   ldap user suffix = ou=people
   usershare allow guests = Yes
   idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
   idmap uid = 1000-6
   idmap gid = 1000-6
   cups options = raw

[homes]
   comment = Home Directories
   valid 

Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP

[Claudio Prono]

Gaiseric Vandal ha scritto:
> You user script may be adding a LOCAL unix account (in /etc/passwd.)  
> Do you see the accounts in there?   You may need to custom script that
> adds the accounts to ldap.
>
The strange thing is i don't see a local account, like the script is not
executed
> The following may help
>
> https://gna.org/projects/smbldap-tools/
>
>
Ok, i'll take a look, thank you.
> Remember, that being root on your unix system does not automatically
> make you LDAP admin.
>
> If you have a single server then having your unix may be OK-  samba
> will match the samba user to the unix user via the user id.I have
> multiple server so I use LDAP for unix accounts (previously used
> NIS.)   So now an LDAP user has both windows and unix account info.
>
If i try to add a user to LDAP manually, and try something like

smbclient -L localhost -U user

The user is authenticated perfectly...so the samba-ldap authentication
seems to work The problem is the automatic user and machine add, i
don't realize why it don't work...
>
>
>
>
> On 09/27/2010 11:08 AM, Claudio Prono wrote:
>>
>> Gaiseric Vandal ha scritto:
>>   
>>> Do you have an underlying unix account for the pc (eg SOMEMACHINE$)
>>>
>>> It is possible to configure scripts that the unix account is created
>>> by samba if necessary when samba creates the "Windows" account for the
>>> machine.  I don't have it set up this way, so I need to create the
>>> unix account 1st.
>>>
>>>  
>> add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
>> /bin/false %m$
>>
>> This script automatically add the machine if needed, or i am wrong ?
>>   
>>> Also, I found that since the underlying unix OS may need validate the
>>> machine account,  I put my machine accounts in either the same ldap ou
>>> as people (or in a sub ou.)  ("getent passwd" command may need to show
>>> your machine accounts as well as people accounts.)
>>>
>>> If you have manually created the unix account for the machine, can you
>>> them manually create the samba account for it
>>>
>>>  e.g. smbpasswd -m -a SOMEMACHINE
>>>
>>>  (I think you leave the $ off .)
>>>
>>>
>>> I use LDAP for both "unix" and "windows" clients so my config choices
>>> may not be applicable to a windows-only client environment.
>>>
>>>
>>> On 09/27/2010 09:59 AM, Claudio Prono wrote:
>>> 
 Hello all,

 I have some problems to make work a configuration like Samba and
 OpenLDAP as domain controller. My operative system is OpenSuSE 11.3.

 Here is my testparm:

 [global]
   workgroup = MEDIADC
   netbios name = MEDIADC
   map to guest = Bad User
   passdb backend =
 ldapsam:ldap://afs-test.mediaservice-test.pri
   log level = 2
   printcap name = cups
   add machine script = /usr/sbin/useradd  -c Machine -d
 /var/lib/nobody -s /bin/false %m$
   logon path = \\%L\profiles\.msprofile
   logon drive = P:
   logon home = \\%L\%U\.9xprofile
   domain logons = Yes
   os level = 65
   preferred master = Yes
   domain master = Yes
   wins support = Yes
   ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
   ldap group suffix = ou=group
   ldap idmap suffix = ou=Idmap
   ldap machine suffix = ou=Machines
   ldap passwd sync = yes
   ldap suffix = dc=mediaservice-test,dc=pri
   ldap ssl = no
   ldap user suffix = ou=people
   usershare allow guests = Yes
   idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
   idmap uid = 1000-6
   idmap gid = 1000-6
   cups options = raw

 [homes]
   comment = Home Directories
   valid users = %S, %D%w%S
   read only = No
   inherit acls = Yes
   browseable = No

 [profiles]
   comment = Network Profiles Service
   path = %H
   read only = No
   create mask = 0600
   directory mask = 0700
   store dos attributes = Yes

 [users]
   comment = All users
   path = /home
   read only = No
   inherit acls = Yes
   veto files = /aquota.user/groups/shares/

 [groups]
   comment = All groups
   path = /home/groups
   read only = No
   inherit acls = Yes

 [printers]
   comment = All Printers
   path = /var/tmp
   create mask = 0600
   printable = Yes
   browseable = No

 [print$]
   comment = Printer Drivers
   path = /var/lib/samba/drivers
   write list = @ntadmin, root
   

Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP

[Gaiseric Vandal]

You user script may be adding a LOCAL unix account (in /etc/passwd.)   
Do you see the accounts in there?   You may need to custom script that 
adds the accounts to ldap.


The following may help

https://gna.org/projects/smbldap-tools/


Remember, that being root on your unix system does not automatically 
make you LDAP admin.


If you have a single server then having your unix may be OK-  samba will 
match the samba user to the unix user via the user id.I have 
multiple server so I use LDAP for unix accounts (previously used NIS.)   
So now an LDAP user has both windows and unix account info.






On 09/27/2010 11:08 AM, Claudio Prono wrote:


Gaiseric Vandal ha scritto:
   

Do you have an underlying unix account for the pc (eg SOMEMACHINE$)

It is possible to configure scripts that the unix account is created
by samba if necessary when samba creates the "Windows" account for the
machine.  I don't have it set up this way, so I need to create the
unix account 1st.

 

add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
/bin/false %m$

This script automatically add the machine if needed, or i am wrong ?
   

Also, I found that since the underlying unix OS may need validate the
machine account,  I put my machine accounts in either the same ldap ou
as people (or in a sub ou.)  ("getent passwd" command may need to show
your machine accounts as well as people accounts.)

If you have manually created the unix account for the machine, can you
them manually create the samba account for it

 e.g. smbpasswd -m -a SOMEMACHINE

 (I think you leave the $ off .)


I use LDAP for both "unix" and "windows" clients so my config choices
may not be applicable to a windows-only client environment.


On 09/27/2010 09:59 AM, Claudio Prono wrote:
 

Hello all,

I have some problems to make work a configuration like Samba and
OpenLDAP as domain controller. My operative system is OpenSuSE 11.3.

Here is my testparm:

[global]
  workgroup = MEDIADC
  netbios name = MEDIADC
  map to guest = Bad User
  passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri
  log level = 2
  printcap name = cups
  add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
  logon path = \\%L\profiles\.msprofile
  logon drive = P:
  logon home = \\%L\%U\.9xprofile
  domain logons = Yes
  os level = 65
  preferred master = Yes
  domain master = Yes
  wins support = Yes
  ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
  ldap group suffix = ou=group
  ldap idmap suffix = ou=Idmap
  ldap machine suffix = ou=Machines
  ldap passwd sync = yes
  ldap suffix = dc=mediaservice-test,dc=pri
  ldap ssl = no
  ldap user suffix = ou=people
  usershare allow guests = Yes
  idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
  idmap uid = 1000-6
  idmap gid = 1000-6
  cups options = raw

[homes]
  comment = Home Directories
  valid users = %S, %D%w%S
  read only = No
  inherit acls = Yes
  browseable = No

[profiles]
  comment = Network Profiles Service
  path = %H
  read only = No
  create mask = 0600
  directory mask = 0700
  store dos attributes = Yes

[users]
  comment = All users
  path = /home
  read only = No
  inherit acls = Yes
  veto files = /aquota.user/groups/shares/

[groups]
  comment = All groups
  path = /home/groups
  read only = No
  inherit acls = Yes

[printers]
  comment = All Printers
  path = /var/tmp
  create mask = 0600
  printable = Yes
  browseable = No

[print$]
  comment = Printer Drivers
  path = /var/lib/samba/drivers
  write list = @ntadmin, root
  force group = ntadmin
  create mask = 0664
  directory mask = 0775

[netlogon]
  comment = Network Logon Service
  path = /var/lib/samba/netlogon
  write list = root

If i try to join a windows xp into the domain i have this results:

[2010/09/27 14:58:52.229946,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
[2010/09/27 14:58:52.233371,  2] smbd/reply.c:536(reply_special)
netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0
[2010/09/27 14:58:52.233498,  2] smbd/reply.c:547(reply_special)
netbios connect: local=mediadc remote=testafs, name type = 0
[2010/09/27 14:58:52.234068,  2]
smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:52.233647,  0] lib/util_sock.c:675(write_data)
[2010/09/27 14:58:52.2

Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP

[Claudio Prono]

Gaiseric Vandal ha scritto:
> Do you have an underlying unix account for the pc (eg SOMEMACHINE$)
>
> It is possible to configure scripts that the unix account is created
> by samba if necessary when samba creates the "Windows" account for the
> machine.  I don't have it set up this way, so I need to create the
> unix account 1st.
>
add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
/bin/false %m$

This script automatically add the machine if needed, or i am wrong ?
> Also, I found that since the underlying unix OS may need validate the
> machine account,  I put my machine accounts in either the same ldap ou
> as people (or in a sub ou.)  ("getent passwd" command may need to show
> your machine accounts as well as people accounts.)
>
> If you have manually created the unix account for the machine, can you
> them manually create the samba account for it
>
> e.g. smbpasswd -m -a SOMEMACHINE
>
> (I think you leave the $ off .)
>
>
> I use LDAP for both "unix" and "windows" clients so my config choices
> may not be applicable to a windows-only client environment.
>
>
> On 09/27/2010 09:59 AM, Claudio Prono wrote:
>> Hello all,
>>
>> I have some problems to make work a configuration like Samba and
>> OpenLDAP as domain controller. My operative system is OpenSuSE 11.3.
>>
>> Here is my testparm:
>>
>> [global]
>>  workgroup = MEDIADC
>>  netbios name = MEDIADC
>>  map to guest = Bad User
>>  passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri
>>  log level = 2
>>  printcap name = cups
>>  add machine script = /usr/sbin/useradd  -c Machine -d
>> /var/lib/nobody -s /bin/false %m$
>>  logon path = \\%L\profiles\.msprofile
>>  logon drive = P:
>>  logon home = \\%L\%U\.9xprofile
>>  domain logons = Yes
>>  os level = 65
>>  preferred master = Yes
>>  domain master = Yes
>>  wins support = Yes
>>  ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
>>  ldap group suffix = ou=group
>>  ldap idmap suffix = ou=Idmap
>>  ldap machine suffix = ou=Machines
>>  ldap passwd sync = yes
>>  ldap suffix = dc=mediaservice-test,dc=pri
>>  ldap ssl = no
>>  ldap user suffix = ou=people
>>  usershare allow guests = Yes
>>  idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
>>  idmap uid = 1000-6
>>  idmap gid = 1000-6
>>  cups options = raw
>>
>> [homes]
>>  comment = Home Directories
>>  valid users = %S, %D%w%S
>>  read only = No
>>  inherit acls = Yes
>>  browseable = No
>>
>> [profiles]
>>  comment = Network Profiles Service
>>  path = %H
>>  read only = No
>>  create mask = 0600
>>  directory mask = 0700
>>  store dos attributes = Yes
>>
>> [users]
>>  comment = All users
>>  path = /home
>>  read only = No
>>  inherit acls = Yes
>>  veto files = /aquota.user/groups/shares/
>>
>> [groups]
>>  comment = All groups
>>  path = /home/groups
>>  read only = No
>>  inherit acls = Yes
>>
>> [printers]
>>  comment = All Printers
>>  path = /var/tmp
>>  create mask = 0600
>>  printable = Yes
>>  browseable = No
>>
>> [print$]
>>  comment = Printer Drivers
>>  path = /var/lib/samba/drivers
>>  write list = @ntadmin, root
>>  force group = ntadmin
>>  create mask = 0664
>>  directory mask = 0775
>>
>> [netlogon]
>>  comment = Network Logon Service
>>  path = /var/lib/samba/netlogon
>>  write list = root
>>
>> If i try to join a windows xp into the domain i have this results:
>>
>> [2010/09/27 14:58:52.229946,  0]
>> lib/util_sock.c:1432(get_peer_addr_internal)
>>getpeername failed. Error was Transport endpoint is not connected
>> [2010/09/27 14:58:52.233371,  2] smbd/reply.c:536(reply_special)
>>netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0
>> [2010/09/27 14:58:52.233498,  2] smbd/reply.c:547(reply_special)
>>netbios connect: local=mediadc remote=testafs, name type = 0
>> [2010/09/27 14:58:52.234068,  2]
>> smbd/sesssetup.c:1390(setup_new_vc_session)
>>setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all old resources.
>> [2010/09/27 14:58:52.233647,  0] lib/util_sock.c:675(write_data)
>> [2010/09/27 14:58:52.234876,  0]
>> lib/util_sock.c:1432(get_peer_addr_internal)
>>getpeername failed. Error was Transport endpoint is not connected
>>write_data: write failure in writing to client 0.0.0.0. Error
>> Connection reset by peer
>> [2010/09/27 14:58:52.236855,  0] smbd/process.c:79(srv_send_smb)
>>Error writing 4 bytes to client. -1. (Transport endpoint is not
>> connected)
>> [2010/09/27 14:58:52.238615,  2]
>>

Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP

[Gaiseric Vandal]

Do you have an underlying unix account for the pc (eg SOMEMACHINE$)

It is possible to configure scripts that the unix account is created by 
samba if necessary when samba creates the "Windows" account for the 
machine.  I don't have it set up this way, so I need to create the unix 
account 1st.


Also, I found that since the underlying unix OS may need validate the 
machine account,  I put my machine accounts in either the same ldap ou 
as people (or in a sub ou.)  ("getent passwd" command may need to show 
your machine accounts as well as people accounts.)


If you have manually created the unix account for the machine, can you 
them manually create the samba account for it


e.g. smbpasswd -m -a SOMEMACHINE

(I think you leave the $ off .)


I use LDAP for both "unix" and "windows" clients so my config choices 
may not be applicable to a windows-only client environment.



On 09/27/2010 09:59 AM, Claudio Prono wrote:

Hello all,

I have some problems to make work a configuration like Samba and
OpenLDAP as domain controller. My operative system is OpenSuSE 11.3.

Here is my testparm:

[global]
 workgroup = MEDIADC
 netbios name = MEDIADC
 map to guest = Bad User
 passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri
 log level = 2
 printcap name = cups
 add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
 logon path = \\%L\profiles\.msprofile
 logon drive = P:
 logon home = \\%L\%U\.9xprofile
 domain logons = Yes
 os level = 65
 preferred master = Yes
 domain master = Yes
 wins support = Yes
 ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
 ldap group suffix = ou=group
 ldap idmap suffix = ou=Idmap
 ldap machine suffix = ou=Machines
 ldap passwd sync = yes
 ldap suffix = dc=mediaservice-test,dc=pri
 ldap ssl = no
 ldap user suffix = ou=people
 usershare allow guests = Yes
 idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
 idmap uid = 1000-6
 idmap gid = 1000-6
 cups options = raw

[homes]
 comment = Home Directories
 valid users = %S, %D%w%S
 read only = No
 inherit acls = Yes
 browseable = No

[profiles]
 comment = Network Profiles Service
 path = %H
 read only = No
 create mask = 0600
 directory mask = 0700
 store dos attributes = Yes

[users]
 comment = All users
 path = /home
 read only = No
 inherit acls = Yes
 veto files = /aquota.user/groups/shares/

[groups]
 comment = All groups
 path = /home/groups
 read only = No
 inherit acls = Yes

[printers]
 comment = All Printers
 path = /var/tmp
 create mask = 0600
 printable = Yes
 browseable = No

[print$]
 comment = Printer Drivers
 path = /var/lib/samba/drivers
 write list = @ntadmin, root
 force group = ntadmin
 create mask = 0664
 directory mask = 0775

[netlogon]
 comment = Network Logon Service
 path = /var/lib/samba/netlogon
 write list = root

If i try to join a windows xp into the domain i have this results:

[2010/09/27 14:58:52.229946,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
   getpeername failed. Error was Transport endpoint is not connected
[2010/09/27 14:58:52.233371,  2] smbd/reply.c:536(reply_special)
   netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0
[2010/09/27 14:58:52.233498,  2] smbd/reply.c:547(reply_special)
   netbios connect: local=mediadc remote=testafs, name type = 0
[2010/09/27 14:58:52.234068,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:52.233647,  0] lib/util_sock.c:675(write_data)
[2010/09/27 14:58:52.234876,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
   getpeername failed. Error was Transport endpoint is not connected
   write_data: write failure in writing to client 0.0.0.0. Error
Connection reset by peer
[2010/09/27 14:58:52.236855,  0] smbd/process.c:79(srv_send_smb)
   Error writing 4 bytes to client. -1. (Transport endpoint is not connected)
[2010/09/27 14:58:52.238615,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:52.239888,  2] lib/smbldap.c:950(smbldap_open_connection)
   smbldap_open_connection: connection opened
[2010/09/27 14:58:52.242954,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
   init_sam_from_ldap: Entry found for user: Administrator
[2010/09/27 14:58:52.295749,  2] auth/auth.c:304(check_ntlm_password)
   check_ntlm_password:  authentication for user [Administrator] ->
[A

[Samba] Problem with Samba - Openldap and domain autentication of Windows XP

[Claudio Prono]

Hello all,

I have some problems to make work a configuration like Samba and
OpenLDAP as domain controller. My operative system is OpenSuSE 11.3.

Here is my testparm:

[global]
workgroup = MEDIADC
netbios name = MEDIADC
map to guest = Bad User
passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri
log level = 2
printcap name = cups
add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
ldap group suffix = ou=group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = yes
ldap suffix = dc=mediaservice-test,dc=pri
ldap ssl = no
ldap user suffix = ou=people
usershare allow guests = Yes
idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
idmap uid = 1000-6
idmap gid = 1000-6
cups options = raw

[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No

[profiles]
comment = Network Profiles Service
path = %H
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes

[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/

[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes

[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root

If i try to join a windows xp into the domain i have this results:

[2010/09/27 14:58:52.229946,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
[2010/09/27 14:58:52.233371,  2] smbd/reply.c:536(reply_special)
  netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0
[2010/09/27 14:58:52.233498,  2] smbd/reply.c:547(reply_special)
  netbios connect: local=mediadc remote=testafs, name type = 0
[2010/09/27 14:58:52.234068,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:52.233647,  0] lib/util_sock.c:675(write_data)
[2010/09/27 14:58:52.234876,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  write_data: write failure in writing to client 0.0.0.0. Error
Connection reset by peer
[2010/09/27 14:58:52.236855,  0] smbd/process.c:79(srv_send_smb)
  Error writing 4 bytes to client. -1. (Transport endpoint is not connected)
[2010/09/27 14:58:52.238615,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:52.239888,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2010/09/27 14:58:52.242954,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: Administrator
[2010/09/27 14:58:52.295749,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [Administrator] ->
[Administrator] -> [Administrator] succeeded
[2010/09/27 14:58:52.780610,  0]
rpc_server/srv_netlog_nt.c:669(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate: no challenge sent to client TESTAFS
[2010/09/27 14:58:53.337111,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:53.338938,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/27 14:58:53.339808,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2010/09/27 14:58:53.342371,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: Administrator
[2010/09/27 14:58:53.347683,  2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password:  authentication for user [Administrator] ->
[Administrator] -> [Administrator] succeeded
[2010/09/27 14:58:53.812728,  2]
rpc_server/srv_sam

[Samba] Problem with samba shares authentified against Active Directory

[Patrice OLIVER]

Hello,

I followed a howto found on samba website.

I use Samba v3.2.5  shares whom access are authentified against Active 
Directory, I have an
error 233, saying that there is no process at the end of the chanel
(excuse me if my english is not so good).
The kerberos setup is good and kinit works fine.
net ads join ... worked fine. Except a dns error message, I can see the
server in Active Directory.

How can I manage this goal ?
This is quiet urgent because my chief wants a result in the next 7 days else I 
will have to use a Windows box :(

Regards.



--

*Hospices Civils de Beaune*

*Patrice OLIVER*
/Adjoint du RSIO
Service Informatique/

BP 104
21203 BEAUNE Cedex



patrice.oli...@ch-beaune.fr 
T. 03 80 24 44 09 / F. 03 80 24 45 90




Ce message, y compris les pièces jointes, est établi à l'attention 
exclusive de son ou ses destinataires et est confidentiel. Toute 
utilisation non conforme à sa destination, toute diffusion ou 
publication, totale ou partielle, est interdite sauf autorisation 
expresse de l'expéditeur. Si vous n'êtes pas le destinataire de ce 
message, merci d'avertir l'expéditeur de l'erreur de distribution puis 
de le détruire.
Tout message électronique est susceptible d'altération et son intégrité 
ne peut être assurée. L'expéditeur décline toute responsabilité dans 
l'hypothèse où il aurait été modifié ou falsifié.




P *Afin de contribuer au respect de l'environnement, merci de n'imprimer 
ce mail qu'en cas de nécessité.*


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Problem with Samba and Windows Terminal Server 2008 (reprise)

[Emanuele Salvador]

Hi,
has somebody found a solution for the single smbd process opened on a samba
server by TS 2008?
Or found the correct syntax for multiuserenable on Windows 2008 server?
Thanks,
Emanuele
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] problem with samba PDC and Windows 7 loading roaming profiles

[Robert Schulz]

Since years I have a Suse Samba PDC running with Win2000 and WinXP clients.
Now I tried to add 2 Win7 clients and I'm having a problem. Win7 don't 
load my
roaming profiles, Win7 always logged in to a domain user using a 
temporary profile.


First I upgrades to Samba 3.4.2 (Suse 11.2), than I set the registry 
entries according

Samba wiki: http://wiki.samba.org/index.php/Windows7
Now I was able to register the Win7 clients and I could login with a 
domain user but
the user always using a temporary profile. I tried this with different 
user -> same result.


I copied the domain profiles to .V2 -> same result.
My domain profile looks like:

[nt-profile]
   comment = Client Profiles
   path = /BUERO/samba/nt-profile/%u
   read only = No
   create mask = 0600
   directory mask = 0700


drwsrwsr-x 32 adminusers  4096 2010-03-10 19:51 admin
drwxr-sr-x 30 adminusers  4096 2010-03-08 19:24 admin.V2


Following the samba log at login:

[2010/03/12 16:43:06,  2] auth/auth.c:310(check_ntlm_password)
 check_ntlm_password:  authentication for user [admin] -> [admin] -> [admin] 
succeeded
[2010/03/12 16:43:06,  2] auth/token_util.c:450(create_local_nt_token)
 WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind allocate 
gids?
[2010/03/12 16:43:06,  2] auth/token_util.c:474(create_local_nt_token)
 WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2010/03/12 16:43:06,  0] smbd/service.c:1188(make_connection)
 virt03 (192.168.1.101) couldn't find service nt-profile.v2
[2010/03/12 16:43:06,  0] smbd/service.c:1188(make_connection)
 virt03 (192.168.1.101) couldn't find service nt-profile.v2
[2010/03/12 16:43:06,  0] smbd/service.c:1188(make_connection)
 virt03 (192.168.1.101) couldn't find service nt-profile.v2
[2010/03/12 16:43:06,  0] smbd/service.c:1188(make_connection)
 virt03 (192.168.1.101) couldn't find service nt-profile.v2
[2010/03/12 16:43:06,  1] smbd/service.c:1047(make_connection_snum)
 virt03 (192.168.1.101) connect to service netlogon initially as user admin 
(uid=0, gid=100) (pid 10603)
[2010/03/12 16:43:06,  1] smbd/service.c:1047(make_connection_snum)
 virt03 (192.168.1.101) connect to service nt-profile initially as user admin 
(uid=0, gid=100) (pid 10603)
[2010/03/12 16:43:07,  2] smbd/open.c:580(open_file)
 admin opened file virt03.bat read=Yes write=No (numopen=1)
[2010/03/12 16:43:07,  2] smbd/open.c:580(open_file)
 admin opened file virt03.bat read=Yes write=No (numopen=2)
[2010/03/12 16:43:07,  2] smbd/close.c:612(close_normal_file)
 admin closed file virt03.bat (numopen=1) NT_STATUS_OK


I found in the log an entry telling about nt-profile.v2. I didn't find 
any information about
that service (is it necessary or not). For testing I defined it in 
smb.conf but no success (maybe

I defined it wrong).

The WinXP clients are still working prefectly. Any help would be 
appreciated.


regards robert
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with Samba 3.4.3 - previous 3.3.x worked fine

[Karl Denninger]

The explicit declaration of the passdb back end fixed the authentication
problem, but the printer connection issue remains.

I get NOTHING in the log files indicating a problem.  Here's what
"testparm" returns:

FS# ./testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[faxserver]"
Processing section "[pics]"
Processing section "[Music]"
Processing section "[Archive]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
workgroup = DENNINGER
server string = Denninger FileServer
interfaces = 192.168.1.0/24
passdb backend = smbpasswd
log file = /var/log/log.%m
max log size = 50
deadtime = 15
logon path = \\%L\Profiles\%U
logon drive = Z:
logon home = \\%L\%U
os level = 35
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap ssl = no
remote announce = 192.168.1.255
invalid users = root
hosts allow = 192.168.1.0/255.255.255.0, 127.
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j

[homes]
comment = Home Directories
read only = No
browseable = No
browsable = No

[printers]
comment = All Printers
path = /disk/spool/samba
printable = Yes
browseable = No
browsable = No

[faxserver]
comment = Fax Server Files
path = /disk/system
valid users = karl
read only = No
create mask = 0765

[pics]
comment = Picture files
path = /pics
valid users = karl
read only = No
create mask = 0765

[Music]
comment = Music
path = /archive/CD-Jukebox
write list = @music-write
read only = No

[Archive]
comment = Archive
path = /archive
valid users = karl
read only = No

I am running as a "workgroup" as the domain overhead doesn't appear to
be worthwhile in my application.

Unix printing works, and so does printing from Windows XP clients
(including "adding" the printers on the network to a windows machine as
a network printer.)  I have no VISTA clients, but the Windows 7 machines
cannot connect to printers - they connect to file shares just fine.


Dale Schroeder wrote:
> passdb backend default changed in 3.4 to tdbsam.  If you did not have
> it explicitly declared, you now have to say
>passdb backend = smbpasswd
>
> I can't comment specifically to your printing issues.  3.4 did alter
> the printing subsystem, which may be the source
> of your problem.  I had several printers whose PCL5 drivers no longer
> worked.  I resolved by either upgrading to
> the latest driver or switching to PS drivers.  However, that does not
> explain your problem with Win 7.
>
> http://www.samba.org/samba/history/samba-3.4.0.html
>
> Dale
>
>
> Karl Denninger wrote:
>> Hi folks;
>>
>> I have an odd one.
>>
>> I recently upgraded from 3.3.x to 3.4.3 and suddenly lost both the old
>> "smbpasswd" file AND the ability to connect to printers from Windows 7
>> clients.
>>
>> File server is fine, and everything else is working - I can connect to
>> printers from XP machines, but not from Windows 7 any more.
>>
>> I get an "0xd" error from Win7 when I try to connect no
>> further info available that I can find on what that is.
>>
>> Ideas?
>>
>> -- Karl Denninger
>>   
>
>
> %SPAMBLOCK-SYS: Matched [samba.org], message ok
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Problem with Samba 3.4.3 - previous 3.3.x worked fine

[Karl Denninger]

Hi folks;

I have an odd one.

I recently upgraded from 3.3.x to 3.4.3 and suddenly lost both the old
"smbpasswd" file AND the ability to connect to printers from Windows 7
clients.

File server is fine, and everything else is working - I can connect to
printers from XP machines, but not from Windows 7 any more.

I get an "0xd" error from Win7 when I try to connect no
further info available that I can find on what that is.

Ideas?

-- Karl Denninger
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with Samba 3.4 Franky: Internal Error starting Samba3

[Christian Geiger]

I'm not giving up. :)

I now tried a

net ads join -s /etc/samba/smb3.conf -U samba-admin -d 10

in order to find out what the real problem might be. After a successful 
LDAP ping and some other good looking messages, I get the following error:


 snip 
[2009/09/10 07:42:39,  3] lib/util_sock.c:open_socket_out(1400)
  Connecting to 192.168.182.185 at port 445
[2009/09/10 07:42:39,  2] lib/util_sock.c:open_socket_out(1440)
  error connecting to 192.168.182.185:445 (Connection refused)
[2009/09/10 07:42:39,  3] lib/util_sock.c:open_socket_out(1400)
  Connecting to 192.168.182.185 at port 139
[2009/09/10 07:42:39,  2] lib/util_sock.c:open_socket_out(1440)
  error connecting to 192.168.182.185:139 (Connection refused)
[2009/09/10 07:42:39,  2] libsmb/cliconnect.c:cli_connect(1577)
  Error connecting to 192.168.182.185 (Connection refused)
[2009/09/10 07:42:39,  1] libsmb/cliconnect.c:cli_start_connection(1656)
  cli_start_connection: failed to connect to GUARDIAN.LOHRMAN<20> 
(0.0.0.0). Error NT_STATUS_CONNECTION_REFUSED

[2009/09/10 07:42:39,  1] libnet/libnet_join.c:libnet_Join(1908)
  libnet_Join:
  libnet_JoinCtx: struct libnet_JoinCtx
  out: struct libnet_JoinCtx
  account_name : NULL
  netbios_domain_name  : NULL
  dns_domain_name  : NULL
  forest_name  : NULL
  dn   : NULL
  domain_sid   : NULL
  domain_sid   : (NULL SID)
  modified_config  : 0x00 (0)
  error_string : 'failed to lookup DC info for 
domain 'LOHRMANN.DE' over rpc: The connection was refused'

  domain_is_ad : 0x00 (0)
  result   : DOS code 0x04c9
[2009/09/10 07:42:39, 10] intl/lang_tdb.c:lang_tdb_init(138)
  lang_tdb_init: /usr/share/samba/de_DE.UTF-8.msg: No such file or 
directory
Failed to join domain: failed to lookup DC info for domain 'LOHRMANN.DE' 
over rpc: The connection was refused

[2009/09/10 07:42:39,  2] utils/net.c:main(769)
  return code = -1
 snap ---

I understand that ports 445 and 139 are for the CIFS interface which is 
disabled in Samba4 as I plan to start Samba in merged-mode and thus the 
CIFS interface shall be provided by Samba3. However, a quick test 
enabling the CIFS interface in Samba4 resulted in no real difference, 
except that a connection on port 445 could be established (though a 
connection on port 139 was refused although the port is open according 
to a port scan).


Running net ads info successfully delivers information about the server. 
However it seems it cannot determine the server's current time.


Running net ads status delivers no information at all. Running it in 
debug-mode it says "Could not open connection to LDAP server 
guardian.lohrmann.de:389: Transport endpoint is not connected".


Unfortunately I have no more ideas how to identify the problem. Any help 
is really appreciated!


Thx
Chris


Am 08.09.2009 11:41, schrieb Christian Geiger:

I've investigated further onto this problem by starting smbd with debug
level 10. The "no version information available" message seems not to be
the problem. It further looks like smbd can generally connect to the
Samba4-ADS ("pdb backend ads has a valid init" and several successful
pathtree_add, though my interpretation might be wrong).

The real problem seems to be connected to the user:

 snip 
Cache entry with key = IDMAP/UID2SID/0 couldn't be found
uid_to_sid: winbind failed to find a sid for uid 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
NT user token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
LEGACY: uid 0 -> sid S-1-22-1-0
Cache entry with key = IDMAP/GID2SID/0 couldn't be found
gid_to_sid: winbind failed to find a sid for gid 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
NT user token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
LEGACY: gid 0 -> sid S-1-5-21-1185138813-3764441650-1242382106-0
Create local NT token for S-1-22-1-0
Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found
 snap 

To my understanding, winbind cannot find a sid for user root (who has
uid 0). That's probably due to the fact that I started smbd as root user
for testing purposes.

Unfortunately this is where my knowledge ends. I'm a rather newbie to
Samba and LDAP, so help is really appreciated. I'm quite sure it's just
a small thing I missed.

Can anyone help?

Thx!
Chris



Am 07.09.2009 12:25, schrieb Christian Geiger:

Hi all,

I got a problem while trying to set up a Samba 3.4 Se

Re: [Samba] Problem with Samba 3.4 Franky: Internal Error starting Samba3

[Christian Geiger]

I've investigated further onto this problem by starting smbd with debug 
level 10. The "no version information available" message seems not to be 
the problem. It further looks like smbd can generally connect to the 
Samba4-ADS ("pdb backend ads has a valid init" and several successful 
pathtree_add, though my interpretation might be wrong).


The real problem seems to be connected to the user:

 snip 
Cache entry with key = IDMAP/UID2SID/0 couldn't be found
uid_to_sid: winbind failed to find a sid for uid 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
NT user token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
LEGACY: uid 0 -> sid S-1-22-1-0
Cache entry with key = IDMAP/GID2SID/0 couldn't be found
gid_to_sid: winbind failed to find a sid for gid 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
NT user token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
LEGACY: gid 0 -> sid S-1-5-21-1185138813-3764441650-1242382106-0
Create local NT token for S-1-22-1-0
Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found
 snap 

To my understanding, winbind cannot find a sid for user root (who has 
uid 0). That's probably due to the fact that I started smbd as root user 
for testing purposes.


Unfortunately this is where my knowledge ends. I'm a rather newbie to 
Samba and LDAP, so help is really appreciated. I'm quite sure it's just 
a small thing I missed.


Can anyone help?

Thx!
Chris



Am 07.09.2009 12:25, schrieb Christian Geiger:

Hi all,

I got a problem while trying to set up a Samba 3.4 Server in hybrid-mode.
After trying for some time I managed doing a merged-build of Samba3 and
Samba4 and I can now start samba4 without getting errors. However, the
same is not true for Samba3: starting it, I get the below error message.
Has anyone an idea about what the reason could be? Did I miss anything
during build/setup?

Thank you very much in advance for your help! If you need any further
information, please let me know.

Best regards
Chris


--
=>  console output smbd
 snip 

r...@guardian:/var/run/samba/samba3# smbd -i -s /etc/samba/smb3.conf
smbd: /usr/local/lib/liblber-2.4.so.2: no version information available
(required by smbd)
smbd: /usr/local/lib/libldap_r-2.4.so.2: no version information available
(required by smbd)
smbd version 3.4.0-GIT-38995d7-devel started.
Copyright Andrew Tridgell and the Samba Team 1992-2009
===
INTERNAL ERROR: Signal 6 in pid 1395 (3.4.0-GIT-38995d7-devel)
Please read the Trouble-Shooting section of the Samba3-HOWTO

From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
===
smb_panic: clobber_region() last called from [sid_to_fstring(178)]
PANIC (pid 1395): internal error
BACKTRACE: 18 stack frames:
  #0 smbd(log_stack_trace+0x2b) [0x84874ab]
  #1 smbd(smb_panic+0x180) [0x848724e]
  #2 smbd [0x8470ab8]
  #3 smbd [0x8470ac9]
  #4 [0xb7f13400]
  #5 /lib/tls/i686/cmov/libc.so.6(abort+0x188) [0xb7bee098]
  #6 /usr/lib/libtalloc.so.1(talloc_free+0x22d) [0xb7afa5dd]
  #7 /usr/lib/libwbclient.so.0(wbcFreeMemory+0x21) [0xb7d3cd93]
  #8 /usr/lib/libwbclient.so.0(wbcSidToGid+0xb4) [0xb7d3f26d]
  #9 smbd(winbind_sid_to_gid+0x3e) [0x8444936]
  #10 smbd(sid_to_gid+0x1bd) [0x8409419]
  #11 smbd(create_local_nt_token+0x3f8) [0x8507eca]
  #12 smbd(get_root_nt_token+0x1be) [0x8506fff]
  #13 smbd(svcctl_init_keys+0x2d) [0x832a88c]
  #14 smbd(registry_init_full+0xa4) [0x8923a4c]
  #15 smbd(main+0xe68) [0x895fed1]
  #16 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7bd7775]
  #17 smbd [0x80de0e1]
smb_panic(): calling panic action [/bin/sleep 9]

 snap 


--
=>  console output samba4
 snip 

r...@guardian:/usr/local/samba/etc# samba4 -i -s /etc/samba/smb4.conf
samba version 3.4.0-GIT-38995d7-devel started.
Copyright Andrew Tridgell and the Samba Team 1992-2009
samba: using 'standard' process model

 snap 


--
=>  smb3.conf
 snip 

[globals]
 netbios name= guardian
 workgroup   = myworkgroup
 realm   = mydomain.de
 security= ads
 passdb backend  = ads
 pid directory   = /var/run/samba/samba3/

[netlogon]
 path = /usr/local/samba/var/locks/sysvol/mydomain.de/scripts
 read only = no

[sysvol]
 path = /usr/local/samba/var/locks/sysvol
 read only = no

[share]
 path = /share
 read only = no

 snap ---


--
=>  sm

[Samba] Problem with Samba 3.4 Franky: Internal Error starting Samba3

[Christian Geiger]

Hi all,

I got a problem while trying to set up a Samba 3.4 Server in hybrid-mode. 
After trying for some time I managed doing a merged-build of Samba3 and 
Samba4 and I can now start samba4 without getting errors. However, the 
same is not true for Samba3: starting it, I get the below error message. 
Has anyone an idea about what the reason could be? Did I miss anything 
during build/setup?

Thank you very much in advance for your help! If you need any further 
information, please let me know.

Best regards
Chris


--
=> console output smbd
 snip 

r...@guardian:/var/run/samba/samba3# smbd -i -s /etc/samba/smb3.conf 
smbd: /usr/local/lib/liblber-2.4.so.2: no version information available 
(required by smbd)
smbd: /usr/local/lib/libldap_r-2.4.so.2: no version information available 
(required by smbd)
smbd version 3.4.0-GIT-38995d7-devel started.
Copyright Andrew Tridgell and the Samba Team 1992-2009
===
INTERNAL ERROR: Signal 6 in pid 1395 (3.4.0-GIT-38995d7-devel)
Please read the Trouble-Shooting section of the Samba3-HOWTO

From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
===
smb_panic: clobber_region() last called from [sid_to_fstring(178)]
PANIC (pid 1395): internal error
BACKTRACE: 18 stack frames:
 #0 smbd(log_stack_trace+0x2b) [0x84874ab]
 #1 smbd(smb_panic+0x180) [0x848724e]
 #2 smbd [0x8470ab8]
 #3 smbd [0x8470ac9]
 #4 [0xb7f13400]
 #5 /lib/tls/i686/cmov/libc.so.6(abort+0x188) [0xb7bee098]
 #6 /usr/lib/libtalloc.so.1(talloc_free+0x22d) [0xb7afa5dd]
 #7 /usr/lib/libwbclient.so.0(wbcFreeMemory+0x21) [0xb7d3cd93]
 #8 /usr/lib/libwbclient.so.0(wbcSidToGid+0xb4) [0xb7d3f26d]
 #9 smbd(winbind_sid_to_gid+0x3e) [0x8444936]
 #10 smbd(sid_to_gid+0x1bd) [0x8409419]
 #11 smbd(create_local_nt_token+0x3f8) [0x8507eca]
 #12 smbd(get_root_nt_token+0x1be) [0x8506fff]
 #13 smbd(svcctl_init_keys+0x2d) [0x832a88c]
 #14 smbd(registry_init_full+0xa4) [0x8923a4c]
 #15 smbd(main+0xe68) [0x895fed1]
 #16 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7bd7775]
 #17 smbd [0x80de0e1]
smb_panic(): calling panic action [/bin/sleep 9]

 snap 


--
=> console output samba4
 snip 

r...@guardian:/usr/local/samba/etc# samba4 -i -s /etc/samba/smb4.conf 
samba version 3.4.0-GIT-38995d7-devel started.
Copyright Andrew Tridgell and the Samba Team 1992-2009
samba: using 'standard' process model

 snap 


--
=> smb3.conf
 snip 

[globals]
netbios name= guardian
workgroup   = myworkgroup
realm   = mydomain.de
security= ads
passdb backend  = ads
pid directory   = /var/run/samba/samba3/

[netlogon]
path = /usr/local/samba/var/locks/sysvol/mydomain.de/scripts
read only = no

[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = no

[share]
path = /share
read only = no

 snap ---


--
=> smb4.conf
 snip 

[globals]
netbios name= guardian
workgroup   = myworkgroup
realm   = mydomain.de
server role = domain controller
server services = ldap, cldap, kdc
socket address  = 127.0.0.1
pid directory   = /var/run/samba/samba4/

 snap 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] problem with samba and ldap

[Theodoro]

hi,


On Wed, Aug 5, 2009 at 4:42 PM, Miguel Medalha wrote:

> In order to help you, I must know the following:
>
> Are you using nss with ldap?


yes


>
> What is your samba version?


I tried with 3.0.33 on RHEL5.3 and now with 3.3.7


>
>
> Your version of the smbldap scripts is too old. Version 0.9.5 resides here.


I'm using  0.9.5



>
>
> http://download.gna.org/smbldap-tools/0.9.2-1packages/
>
> The project page can be found here:
>
> https://gna.org/projects/smbldap-tools/
>
>


-- 
Daniel Theodoro
9399-3364

(LPIC-1) Junior Level Linux Professional
(LPIC-2) Advanced Level Linux Professional
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] problem with samba and ldap

[Norberto Bensa]

On Wed, Aug 5, 2009 at 4:28 PM, Theodoro wrote:
> Does anybody know what might be happening?

In /etc/ldap.conf, I bet your nss_base_passwd is
"ou=users,dc=test,dc=com,dc=br". It should be "dc=test,dc=com,dc=br".
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] problem with samba and ldap

[Theodoro]

hi,

I have a problem with samba and ldap, when I add a machine in a domain,
samba is not searching on *ou=machine*, but on *ou=users*.
But if i change in smbldap.conf *computersdn="ou=machine,${suffix}"* to *
computersdn="ou=users,${suffix}"* it works.

bellow is my smb.conf


[global]
workgroup = TEST
netbios name = PDC
server string = Samba Server
passdb backend = ldapsam:ldap://127.0.0.1
log file = /var/log/samba/log.%m
max log size = 500
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g"
"%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=test,dc=com,dc=br
ldap delete dn = Yes
ldap group suffix = ou=group
ldap idmap suffix = ou=users
ldap machine suffix = ou=machine
ldap passwd sync = yes
ldap suffix = dc=test,dc=com,dc=br
ldap ssl = no
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1-2
idmap gid = 1-2
admin users = root


Does anybody know what might be happening?

-- 
Daniel Theodoro

(LPIC-1) Junior Level Linux Professional
(LPIC-2) Advanced Level Linux Professional
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] problem with samba saving credentials

[Robert Beaty]

I have a samba server which is providing print services. There are times
when we must deny printing to certain user names and are accomplishing
this by having a preexec script which checks the username against a list
and will deny access to the share based on that. This has been working
very well except that now I also have a list of allowed users for
certain printers (color). This is also done in the preexec script and
works quite well when you go through a samba client (in windows doing a
net use). The problem comes in when you pull up a run prompt and connect
directly to the share.

If you do a run prompt and connect to printer1 (the color allowed users
only) you will be denied as you should if you are either in the deny
list or not in the allow list. - this is working correctly 

Now, I connect directly to the server that printer1 is on and I get
presented a blank list because browsing is off. However, now I go back
to my run prompt and connect to printer1 again and this time it works.

My assumption here is that I have been authenticated when I log into the
server for a share list and now it won't go through and run a preexec
for any future shares I connect to. Which is a problem because once
someone is connected I can't stop them from printing to printer1 if they
aren't in the allow list.

My setup is using domain security and I need to force the preexec to run
again for each new share the user connects to. Is that possible or have
I missed the problem entirely I guess is where I'm stuck.

I didn't feel like this required copies of configuration files but I
will be happy to get the relevant portions obscured and up if need be.

Thanks,
-Robert

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with Samba and Windows Terminal Server 2008

[Eric Roseme]

Ron Daniel wrote:

Hello all,

We have a Windows 2008 Terminal Server which people connect into to 
run their programs. We are getting upwards of 60 people connecting in 
at any time. We are seeing error messages from the application 
complaining that it can't access one of the files on one of the 
shares.  I have read that this problem is likely to be due to the fact 
that we run one machine as a terminal server and there is only one 
netbios host being used by mutliple people. The paper I have read from 
HP refers to registry key called "MultiUserEnabled" on earlier 
versions of windows terminal server needs to be set to 1 in order for 
the father smbd process to recognise different sessions connecting 
from the one host.


The paper is at 
http://www.docs.hp.com/en/12131/Samba-TerminalServer_106.pdf




I'll look around this afternoon and see if there are any clues that 2008 
has a newly-named mulit-user parm.


Eric Roseme

Ron - I cannot find any evidence that 
MultiUserEnabled/EnableMultiUser/MultipleUsersOnConnection has been 
rolled forward into Windows 2008.  It's possible that the functionality 
was embedded in 2008 - but very unlikely.  Can you verify that your 60 
TS users are being serviced from one Samba smbd?  If you do not have any 
non-TS users connecting, then that is easy enough by doing a "ps -ef | 
grep smbd" and seeing if there are 61 processes or 2.  In the 
whitepaper, there are several workarounds suggested.


I'll see if I can find out from MS what the story is about 2008, but for 
2000 and 2003 it was a 3-year delay each time, as I recall.


Eric Roseme



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with Samba and Windows Terminal Server 2008

[Eric Roseme]

Ron Daniel wrote:

Hello all,

We have a Windows 2008 Terminal Server which people connect into to run their programs. 
We are getting upwards of 60 people connecting in at any time. We are seeing error 
messages from the application complaining that it can't access one of the files on one of 
the shares.  I have read that this problem is likely to be due to the fact that we run 
one machine as a terminal server and there is only one netbios host being used by 
mutliple people. The paper I have read from HP refers to registry key called 
"MultiUserEnabled" on earlier versions of windows terminal server needs to be 
set to 1 in order for the father smbd process to recognise different sessions connecting 
from the one host.

The paper is at http://www.docs.hp.com/en/12131/Samba-TerminalServer_106.pdf

Oops - that's my paper.  Sorry, I have not looked at 2008 for the 
parameter yet.  FYI - for both 2000 and 2003 Microsoft delayed rolling 
it forward for a few years.  Many customers were left hanging both 
times.  So it is possible that the parm is not on 2008 - I did a quick 
google and did not get any hits, but they have changed the name for each 
release, so that is not definitive.


I'll look around this afternoon and see if there are any clues that 2008 
has a newly-named mulit-user parm.


Eric Roseme

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with Samba and Windows Terminal Server 2008

[Jeremy Allison]

On Thu, Apr 16, 2009 at 02:09:06PM +1000, Ron Daniel wrote:

> The samba server is a Solaris 9 box.
> The samba verson is 3.0.9.

This version of Samba is beyond ancient. You really need
to upgrade.

>   startsmbfilepwent_internal: unable to open file 
> /usr/local/samba/private/smbpasswd. Error was: Too many open files
> [2009/04/15 15:19:48, 0] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1326)
>   Unable to open passdb database.

You're running out of file descriptors. Increase the
system limit. See this page :

http://e-docs.bea.com/wls/docs81/perform/HWTuning.html#1119561

might help.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Problem with Samba and Windows Terminal Server 2008

[Ron Daniel]

Hello all,

We have a Windows 2008 Terminal Server which people connect into to run their 
programs. We are getting upwards of 60 people connecting in at any time. We are 
seeing error messages from the application complaining that it can't access one 
of the files on one of the shares.  I have read that this problem is likely to 
be due to the fact that we run one machine as a terminal server and there is 
only one netbios host being used by mutliple people. The paper I have read from 
HP refers to registry key called "MultiUserEnabled" on earlier versions of 
windows terminal server needs to be set to 1 in order for the father smbd 
process to recognise different sessions connecting from the one host.

The paper is at http://www.docs.hp.com/en/12131/Samba-TerminalServer_106.pdf

Previously we were using a WIN4LIN terminal server which assigned unique 
hostnames to each users session.

We are not running a domain.

The samba server is a Solaris 9 box.
The samba verson is 3.0.9.

The config file is as follows. Its very simple

<>

# Samba config file created using SWAT
# Global parameters
[global]
workgroup = UNIX
log file = /var/samba/log/log.%m
os level = 255
create mask = 0660
directory mask = 0770
print command = /usr/lpplus/bin/dcclp -c -f plain -o nobanner -d%p 
%s >> /tmp/%p.log ; rm %s

[tmp]
comment = temprorary files
path = /tmp
read only = No
guest ok = Yes
browseable = No

[roothome]
comment = home root directory
path = /home
browseable = No

[export_home]
comment = home directory
path = /home
browseable = No

[home]
comment = Home Directory
path = /home/%u
read only = No

[usr]
comment = usr directory
path = /usr
browseable = No

[progress]
comment = Progress Users
path = /Progress/Client
read only = No

[public]
comment = Public Stuff
path = /public
read only = No
guest ok = Yes

[free]
comment = IT Stuff
path = /free
read only = No
guest ok = Yes

<>

Note that I have removed a number of printer and other file shares not relevant 
to this problem. The problem we are getting is on the "Progress" share.

The contents of the [global] section from the full config per the swat page is 
as follows :

<>

# Samba config file created using SWAT
# from 10.153.2.24 (10.153.2.24)
# Date: 2009/04/15 17:26:54

# Global parameters
[global]
dos charset = CP850
unix charset = UTF-8
display charset = LOCALE
workgroup = UNIX
netbios name = SIMSNSW
netbios aliases =
netbios scope =
server string = Samba 3.0.9
interfaces =
bind interfaces only = No
security = USER
auth methods =
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
hosts equiv =
min password length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /usr/local/samba/private/smbpasswd
private dir = /usr/local/samba/private
passdb backend = smbpasswd
algorithmic rid base = 1000
root directory =
guest account = nobody
pam password change = No
passwd program =
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
check password script =
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
preload modules =
use kerberos keytab = No
log level = 1
syslog = 1
syslog only = No
log file = /var/samba/log/log.%m
max log size = 5000
debug timestamp = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
smb ports = 445 139
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
acl compatibility =
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
 

Re: [Samba] Problem with Samba 4 and Fedora Directory Server

[Andrew Bartlett]

On Mon, 2009-03-16 at 14:28 -0700, Alan Worstell wrote:
> Hi,
> I'm trying to integrate Samba with an existing CentOS Directory Server

How do you plan to 'integrate' this?  Remember, Samba4 creates a new
directory tree from scratch (rather than Samba3's ability to easily
'attach' to another directory).

> using the instructions at
> http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS
> 
> I'm at the step "On both hosts, prepare the backend:" and use the code
> there, replacing the realm, domain, and password with my own, and I get
> this error:
> 
> provision-backend: error: no such option: --ldap-manager-pass

This particular option has been renamed to --ldap-admin-pass

> If I remove the password line I get a bunch of python errors. Does
> anyone have any suggestions?

The Fedora DS backend has become un-maintained, as has the wiki page.
While it is the aim to have this working again at some point, more
effort (particularly by some very helpful external contributors) has
gone into the OpenLDAP backend at this time.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Red Hat Inc.  http://redhat.com



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Problem with Samba 4 and Fedora Directory Server

[Alan Worstell]

Hi,
I'm trying to integrate Samba with an existing CentOS Directory Server
using the instructions at
http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS

I'm at the step "On both hosts, prepare the backend:" and use the code
there, replacing the realm, domain, and password with my own, and I get
this error:

provision-backend: error: no such option: --ldap-manager-pass

If I remove the password line I get a bunch of python errors. Does
anyone have any suggestions?

Thanks,
Alan Worstell
http://a-1networks.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Problem with Samba DFS and Active Directory/XP

[Faye Gibbins]

Hi,

 Samba version 3.0.28 from RPM samba-3.0.28-1.el5_2.1 on Scientific 
Linux 5. Although I'm finding this problem with samba 3.0.33 and a few 
others I've randomly tried.


 Full experiment here: http://xweb.geos.ed.ac.uk/~fgibbins/DFS-tests.txt

 I've got an AD joined samba server which exports a share to an AD 
joined XP machine, same M$ 2003 AD in both cases. This share is setup as 
a DFS share and appears to properly serve DFS links as seen on the XP box.


 Then I reconfigure samba's smb.conf so the share I'm exporting  _is_ 
_not_ a DFS share (see experiment above). After rebooting the XP box it 
naturally does not see the symlinks in the share as DFS links, it can 
still see the share though.


 However putting the original samba config back, restarting the samba 
server and rebooting the XP box does not re-export my share with 
symlinks that operate from the XP box as DFS links, it can still see the 
share though.


 Rebuilding the XP client and the box the samba server is on does not 
work either.


 Can anyone explain what is going on? Is something being cached in the 
AD which is stopping my samba server exporting shares with working DFS 
links (as seen from an XP box)? If so does anyone know how I clear this 
info from the AD?


smb.conf:

 [global]

workgroup = ED
netbios name = XEN210120092
server string = xen210120092.geos.ed.ac.uk
security = ads
realm = ED.AC.UK
passdb backend = tdbsam
load printers = no
host msdfs = yes

[data]
comment = Data
path = /tmp/data
read only = Yes
guest ok = Yes
msdfs root = yes

Yours
Faye

--

Please sign my petition:
http://petitions.number10.gov.uk/alcohol-buying/

-
Faye Gibbins, Computing Officer (Infrastructure Services)
 GeoS KB; Linux, Unix, Security and Networks.
Beekeeper  - The Apiary Project, KB -   www.bees.ed.ac.uk
-

  I grabbed at spannungsbogen before I knew I wanted it.
 (x(x_(X_x(O_o)x_x)_X)x)

The University of Edinburgh is a charitable body,
registered in Scotland, with registration number SC005336.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with samba/cifs mountpoint Error Xxffffff90, Send error, no response...

[EXT OSIATIS]

Hi,

 

We have sometimes a strange but blocking error with some samba mountpoints on a 
linux client:

The client is a Redhat AS4u6, kernel 2.6.9-67. Samba 3.0.25b from Redhat.

Mount options are :

//server/inter_dec on /applis/psoft/DEC_APPL/PRFDECV5/travail/inter type cifs 
(rw,mand)

//server/data_dec on /applis/psoft/DEC_APPL/PRFDECV5/travail/data type cifs 
(rw,mand)

 

Server is an HP-UX 11iv2 with Samba

Samba version 3.0.22 based HP CIFS Server A.02.03.03

 

We have this in client size:

CIFS VFS: Error 0xff90 on cifs_get_inode_info in lookup of /PRFDECV5

…

 CIFS VFS: Error 0xff90 on cifs_get_inode_info in lookup of /PRFDECV5

 CIFS VFS: No response for cmd 4 mid 64730

 CIFS VFS: Send error in Close = -11

 CIFS VFS: No response for cmd 162 mid 64729

 CIFS VFS: Send error in Close = -9

 CIFS VFS: No task to wake, unknown frame rcvd! NumMids 1

Received Data is: : dump of 37 bytes of data at 0x3cf39000

 403b 424d53ff 002e c0018000 ; @ . . � S M B . . . . . . .

�    5b080003 . . . . . . . . . . . . . . . [

 00630064 ff0c d . c . .

 CIFS VFS: Send error in Close = -9

…

 CIFS VFS: Send error in Close = -9

 CIFS VFS: Send error in Close = -9

 

Nothing happens in server size… But all clientswhich have mountpoints from this 
server received at same time the same errors !

 

Where is the problem ?

 

Help !

 

Sebastien ROHAUT

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba

[Scott Lovenberg]

Ross, Brian wrote:

Yes, another newbie asking for help.  Please bear with me.  I don't doubt my 
problem has a simple solution but it has me stumped.

I have a solaris server which carries some confidential financial information on it.  I 
have been asked to install samba on it to share out a particular directory.  They 
obviously want to restrict access to this information.  We run a Windows 2003 domain as 
well.  My problem is that I cannot get my samba server to ask for user authentication (or 
rather, I can, if I slightly change the smb.conf file but then it asks for 
"Guest" rather than the user designated).   My smb.conf file is:

___
[global]
workgroup = CALM
server string = calm-kens-27
security = DOMAIN
password server = 192.147.114.4, 192.147.114.17
username map = /etc/samba/smbusers
log file = /var/log/samba
max log size = 200
; min protocol = NT1
; preferred master = No
; local master = No
; domain master = No
; browse list = No
; enhanced browsing = No
dns proxy = No
wins server = 192.147.114.4
; ldap ssl = no
hosts allow = 
localhost,calm-kens-27,192.147.114.,192.147.114.54,10.20.201.59,10.20.200.119,10.20.201.88,10.20.201.175
hosts deny = All
;hosts allow = all
encrypt passwords = yes
browseable = no
;smb passwd file = /etc/samba/smbpasswd



[CBA]
path = /u02/prod/clmfinpr/clmfinprappl/calm/11.5.0/secure
comment = "DEC read only share"
read only = Yes
guest ok = no
;force user = finance
;force group = sw_user
hide dot files = No
inherit permissions = Yes
___

On another not unrelated problem, I am unable to get SWAT to work.   I keep 
getting the message:

"This document contains no data, Try again later or contact the domain's 
administrator"

Any idea about how to get it working (this I suspect will help me to cure my 
configuration problem).

Cheers

Brian 



___

Brian Ross
  

Do you have the winbind service running and the nscd service off?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba

[Ross, Brian]

Yes, another newbie asking for help.  Please bear with me.  I don't doubt my 
problem has a simple solution but it has me stumped.

I have a solaris server which carries some confidential financial information 
on it.  I have been asked to install samba on it to share out a particular 
directory.  They obviously want to restrict access to this information.  We run 
a Windows 2003 domain as well.  My problem is that I cannot get my samba server 
to ask for user authentication (or rather, I can, if I slightly change the 
smb.conf file but then it asks for "Guest" rather than the user designated).   
My smb.conf file is:

___
[global]
workgroup = CALM
server string = calm-kens-27
security = DOMAIN
password server = 192.147.114.4, 192.147.114.17
username map = /etc/samba/smbusers
log file = /var/log/samba
max log size = 200
; min protocol = NT1
; preferred master = No
; local master = No
; domain master = No
; browse list = No
; enhanced browsing = No
dns proxy = No
wins server = 192.147.114.4
; ldap ssl = no
hosts allow = 
localhost,calm-kens-27,192.147.114.,192.147.114.54,10.20.201.59,10.20.200.119,10.20.201.88,10.20.201.175
hosts deny = All
;hosts allow = all
encrypt passwords = yes
browseable = no
;smb passwd file = /etc/samba/smbpasswd



[CBA]
path = /u02/prod/clmfinpr/clmfinprappl/calm/11.5.0/secure
comment = "DEC read only share"
read only = Yes
guest ok = no
;force user = finance
;force group = sw_user
hide dot files = No
inherit permissions = Yes
___

On another not unrelated problem, I am unable to get SWAT to work.   I keep 
getting the message:

"This document contains no data, Try again later or contact the domain's 
administrator"

Any idea about how to get it working (this I suspect will help me to cure my 
configuration problem).

Cheers

Brian 


___

Brian Ross
 
  



This email, together with any attachments, is intended for the
addressee only. It may contain confidential or privileged information.
If you are not the intended recipient of this email, please notify
the sender, delete the email and attachments from your system and
destroy any copies you may have taken of the email and its attachments.
Duplication or further distribution by hardcopy, by electronic means
or verbally is not permitted without permission.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem with samba and acl

[bikrish]

Hi all


I am using centos 5.2. Samba 3.2.1 as PDC with ldap backend.? Is it possible to 
acheive windows acls in samba?? My requirement is 

1.? In a particular share, a specfied users should be able to modify the 
created the files like Microsoft word or excel etc. but should not be able to 
delete or create any new? files in the share ( which is possible in windows NT 
share) 

2. I am able to modify the notepad files in the share where i have not given 
delete permission to users. But when i modify the Microsoft word file, users 
are not able to edit it and found the reason behind it , microsoft word create 
temp file in the current working directory. Because user are not given 
permission to create file so temp file doesn't get create when editing 
microsoft word file and they are not able to edit the MS word file. Notepad 
doesn't create any temp file so i am able edit the notepad file.

I have mounted the share with acl options too. 
Here is my smb.conf file
[global]
??? dos charset = 850
??? unix charset = ISO8859- 1
??? workgroup = TETRADOM
??? obey pam restrictions = Yes
??? password server = 192.168.1.151
??? passdb backend = ldapsam:ldap://127.0.0.1/
??? username map = /etc/samba/smbusers
??? log level = 3
??? log file = /var/log/samba/%m.log
??? time server = Yes
??? unix extensions = No
??? add user script = /usr/sbin/smbldap-useradd -m %u
??? delete user script = /usr/sbin/smbldap-userdel %u
??? add group script = /usr/sbin/smbldap-groupadd -p %g
??? delete group script = /usr/sbin/smbldap-groupdel %g
??? add user to group script = /usr/sbin/smbldap-groupmod -m %g %u
??? delete user from group script = /usr/sbin/smbldap-groupmod -x %g %u
??? set primary group script = /usr/sbin/smbldap-usermod -g %g %u
??? add machine script = /usr/sbin/smbldap-useradd -w %u
??? logon script =
??? logon path =
??? logon drive = H:
??? logon home =
??? domain logons = Yes
??? os level = 65
??? preferred master = Yes
??? domain master = Yes
??? ldap admin dn = cn=Manager,dc=tetra,dc=com
??? ldap group suffix = ou=Groups
??? ldap idmap suffix = ou=Users
??? ldap machine suffix = ou=Computers
??? ldap passwd sync = Yes
??? ldap suffix = dc=tetra,dc=com
??? ldap ssl = no
??? ldap user suffix = ou=People
??? idmap uid = 15000-2
??? idmap gid = 15000-2
??? ea support = Yes
??? map acl inherit = Yes
??? store dos attributes = Yes
??? dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
??? dos filemode = Yes

[homes]
??? comment = Home Directories
??? path = /home/%u
??? valid users = %S
??? read only = No
??? browseable = No

[netlogon]
??? comment = Network Logon service
??? path = /home/netlogon
??? guest ok = Yes
??? browseable = No

[test]
??? comment = Data2
??? path = /test
??? valid users = +tetrasuper, +tetra
??? read list = +tetrasuper, +tetra
??? write list = +tetrasuper, +tetra
??? create mask = 0644
??? force create mode = 0766
??? inherit owner = Yes

[tetra]
??? comment = data
??? path = /tetra
??? read only = No
??? create mask = 0644
??? force create mode = 01666
??? directory mask = 01755
??? inherit owner = Yes
??? hide files = /*.tmp/
??? nt acl support = yes



If there anyone who can help with this situation.

Thanks
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba+openldap with regard changing passwords from windows

[Edmundo Valle Neto]

(...)


Here you go...

http://pastebin.com/f61c911dd - logs

In answer to your questions...

Yeah that command works as root on the CLI
Samba version is 3.0.25b-1.el5_1.4
No I used the RPM's
OpenLDAP version...
slapd -V
@(#) $OpenLDAP: slapd 2.3.27 (Nov 10 2007 09:24:08) $
   
[EMAIL PROTECTED]:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd 



Many thanks for your help.  It is much appreciated.

Alan


...
[2008/02/20 10:06:11, 3] smbd/chgpasswd.c:chat_with_program(430)
 chat_with_program: Dochild for user alan (uid=0,gid=0) (as_root = Yes)
[2008/02/20 10:06:14, 2] smbd/chgpasswd.c:expect(285)
 expect: Success
[2008/02/20 10:06:14, 3] smbd/chgpasswd.c:talktochild(316)
 Response 1 incorrect
...

Your log is showing that something is going wrong when chating with the 
passwd program.


1. Asking again, have you tried to use only "ldap passwd sync = yes and 
unix password sync = no"? This way the password program is not used.


2. Enable password chat debug "passwd chat debug = yes" and raise the 
log level to 100 in the related debug class, "log level = 3 smb:100". It 
will print even your passwords used in the chat.


You can raise the log level to a specific machine if you have other 
useless traffic together:

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/bugreport.html

Or the error is there or you have a samba version with a broken password 
chat processing (I dont know CentOS).



Regards.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba+openldap with regard changing passwords from windows

[Alan Goodman]

Edmundo Valle Neto wrote:

Alan Goodman escreveu:

Edmundo Valle Neto wrote:

Alan Goodman escreveu:
I have implemented samba with LDAP backend, domain logins and 
roaming profiles and everything is great - except for one thing.


Noone can change their passwords from windows - trying to change 
your password results in windows telling you your not allowed to do 
that!


I did smbldap-show alan and among other information the line: 
sambaPwdCanChange: 0 appeared.


From my understanding if I do smbldap-usermod -A0 -B0 alan that 
line should then be changed to have a value of 1 allowing users to 
change passwords from their windows logins, however running the 
above command does not appear to be changing these values at all 
and thus im left with manually smbldap-passwd user to change each 
persons passwords (which does work)


If someone could let me know which logs you require and how to 
obtain them I would be happy to post them up here.


OS = CentOS 5.1

Alan


Post your smb.conf.

Edmundo Valle Neto

http://pastebin.com/f5fba0114

Alan


netbios name = MARANATHACENTRA

Netbios names can have a maximum of 12 characters, it will probably be 
truncated. (but this isnt related to your problem)


You only need password options if you want that unix passwords stay in 
sync.


Then, you only need "ldap passwd sync = Yes". Its commented out, you 
already tried it? What happens?


These three options together works too.
unix password sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype 
new password*" %n\n"


Theres a double quote that isn't needed at the end (its not opening 
nor closing any string), the old smbldap-tools documentation shows 
that way (wrong), I dont have sure if it is really a problem.


If it doesn't work as you said that it works at command line, include 
a piece of log using level 3 when a client try to change its password.


Regards.

Edmundo Valle Neto

Besides that, the configuration is right.

"/usr/local/sbin/smbldap-passwd -u anyuser" works when executed from 
the command line?

What samba version you use, you compile your own packages?

Here you go...

http://pastebin.com/f61c911dd - logs

In answer to your questions...

Yeah that command works as root on the CLI
Samba version is 3.0.25b-1.el5_1.4
No I used the RPM's
OpenLDAP version...
slapd -V
@(#) $OpenLDAP: slapd 2.3.27 (Nov 10 2007 09:24:08) $
   
[EMAIL PROTECTED]:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd 



Many thanks for your help.  It is much appreciated.

Alan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba+openldap with regard changing passwords from windows

[Edmundo Valle Neto]

Alan Goodman escreveu:

Edmundo Valle Neto wrote:

Alan Goodman escreveu:
I have implemented samba with LDAP backend, domain logins and 
roaming profiles and everything is great - except for one thing.


Noone can change their passwords from windows - trying to change 
your password results in windows telling you your not allowed to do 
that!


I did smbldap-show alan and among other information the line: 
sambaPwdCanChange: 0 appeared.


From my understanding if I do smbldap-usermod -A0 -B0 alan that line 
should then be changed to have a value of 1 allowing users to change 
passwords from their windows logins, however running the above 
command does not appear to be changing these values at all and thus 
im left with manually smbldap-passwd user to change each persons 
passwords (which does work)


If someone could let me know which logs you require and how to 
obtain them I would be happy to post them up here.


OS = CentOS 5.1

Alan


Post your smb.conf.

Edmundo Valle Neto

http://pastebin.com/f5fba0114

Alan


netbios name = MARANATHACENTRA

Netbios names can have a maximum of 12 characters, it will probably be 
truncated. (but this isnt related to your problem)


You only need password options if you want that unix passwords stay in sync.

Then, you only need "ldap passwd sync = Yes". Its commented out, you 
already tried it? What happens?


These three options together works too.
unix password sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new 
password*" %n\n"


Theres a double quote that isn't needed at the end (its not opening nor 
closing any string), the old smbldap-tools documentation shows that way 
(wrong), I dont have sure if it is really a problem.


If it doesn't work as you said that it works at command line, include a 
piece of log using level 3 when a client try to change its password.


Regards.

Edmundo Valle Neto

Besides that, the configuration is right.

"/usr/local/sbin/smbldap-passwd -u anyuser" works when executed from the 
command line?

What samba version you use, you compile your own packages?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba+openldap with regard changing passwords from windows

[Alan Goodman]

Edmundo Valle Neto wrote:

Alan Goodman escreveu:
I have implemented samba with LDAP backend, domain logins and roaming 
profiles and everything is great - except for one thing.


Noone can change their passwords from windows - trying to change your 
password results in windows telling you your not allowed to do that!


I did smbldap-show alan and among other information the line: 
sambaPwdCanChange: 0 appeared.


From my understanding if I do smbldap-usermod -A0 -B0 alan that line 
should then be changed to have a value of 1 allowing users to change 
passwords from their windows logins, however running the above 
command does not appear to be changing these values at all and thus 
im left with manually smbldap-passwd user to change each persons 
passwords (which does work)


If someone could let me know which logs you require and how to obtain 
them I would be happy to post them up here.


OS = CentOS 5.1

Alan


Post your smb.conf.

Edmundo Valle Neto

http://pastebin.com/f5fba0114

Alan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba+openldap with regard changing passwords from windows

[Edmundo Valle Neto]

Alan Goodman escreveu:
I have implemented samba with LDAP backend, domain logins and roaming 
profiles and everything is great - except for one thing.


Noone can change their passwords from windows - trying to change your 
password results in windows telling you your not allowed to do that!


I did smbldap-show alan and among other information the line: 
sambaPwdCanChange: 0 appeared.


From my understanding if I do smbldap-usermod -A0 -B0 alan that line 
should then be changed to have a value of 1 allowing users to change 
passwords from their windows logins, however running the above command 
does not appear to be changing these values at all and thus im left 
with manually smbldap-passwd user to change each persons passwords 
(which does work)


If someone could let me know which logs you require and how to obtain 
them I would be happy to post them up here.


OS = CentOS 5.1

Alan


Post your smb.conf.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba+openldap with regard changing passwords from windows

[Jerome Tournier]

Le Mon, Feb 18, 2008 at 02:39:21PM +, Alan Goodman a ecrit:
> I did smbldap-show alan and among other information the line: 
> sambaPwdCanChange: 0 appeared.
>
> From my understanding if I do smbldap-usermod -A0 -B0 alan that line should 
> then be changed to have a value of 1 allowing users to change passwords 
> from their windows logins

No. sambaPwdCanChange is the Timestamp of when the user is allowed to
update his password. A value of 0 let hime change his paswword since
01/01/70. This value (0) is then what you need.

> appear to be changing these values at all and thus im left with manually 
> smbldap-passwd user to change each persons passwords (which does work)
>
> If someone could let me know which logs you require and how to obtain them 
> I would be happy to post them up here.


I don't have an answer, but you could have a look at that:
http://lists.samba.org/archive/samba/2008-February/138426.html

-- 
Jerome Tournier  
GPG key ID (pgp.mit.edu): 75FE0A51
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with samba+openldap with regard changing passwords from windows

[Alan Goodman]

I have implemented samba with LDAP backend, domain logins and roaming 
profiles and everything is great - except for one thing.


Noone can change their passwords from windows - trying to change your 
password results in windows telling you your not allowed to do that!


I did smbldap-show alan and among other information the line: 
sambaPwdCanChange: 0 appeared.


From my understanding if I do smbldap-usermod -A0 -B0 alan that line 
should then be changed to have a value of 1 allowing users to change 
passwords from their windows logins, however running the above command 
does not appear to be changing these values at all and thus im left with 
manually smbldap-passwd user to change each persons passwords (which 
does work)


If someone could let me know which logs you require and how to obtain 
them I would be happy to post them up here.


OS = CentOS 5.1

Alan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem with samba+winbind+kerberos+AD

[Esteban Torres Rodriguez]

I have a server with samba+winbind+kerberos+AD sharing files. When users log in 
there is NO-DELAY communication with this server, but, after some minutes of 
inactivity there is a 5 secs. delay until the server starts offering data.

Log files don't show any net-split, neither user disconnections... there isn't 
any unusual info.

Have you any idea about this issue?

I think that relevant information about smb.conf could be like this (I can 
attach more if needed):

 domain master = no
 server string = myMachine
 encrypt passwords = yes
 max log size = 50
 socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 dns proxy = yes 




Esteban Torres Rodríguez
ÁREA DE SOPORTE TÉCNICO - Administración de Servidores
Subdirección de Sistemas Informáticos
Empresa Pública Desarrollo Agrario y Pesquero, 
email: [EMAIL PROTECTED] 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem with samba as pdc

[Andrea Lanza]

hi all,
I am trying to setup samba as a PDC of a newly created domain.
I read about it here:
http://en.opensuse.org/Howto_setup_SUSE_10.1_as_Samba_PDC#OpenLDAP_Setup
and here
http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10

unfortunately I am not using samba 10.1 or ubuntu 7.1

I am using opensuse 10.3

Anyway I think I walked across almost all problem, and I also used to join
a windows xp workstation to the domain, WITHOUT having to create the
computer account
before.
The problem is that if i logon to the xp as root everything is OK; but
if I try to logon with another samba account I get strange errors (see at
the bottom about this...)

Moreover: If I issue a "net user" command at the pdc, I see only root and
nobody listed;
The same if I try to add a member to a group in the "manage group" of the
windows xp workstation.

If I issue getent passwd :
...
+::0:0:::
request done: ld 0x8054918 msgid 1
root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false
nobody:x:999:514:nobody:/dev/null:/bin/false
andrea:x:1010:513:System User:/home/andrea:/bin/bash
request done: ld 0x8054918 msgid 2
xptest01$:*:1001:515:Computer:/dev/null:/bin/false
request done: ld 0x8054918 msgid 3

(andrea is the user I tried to add using smbldap-useradd command)

If I use ldapsearch -x -b dc=my,dc=domain | grep andrea
memberUid: andrea
# andrea, Users, gas.it
dn: uid=andrea,ou=Users,dc=my,dc=domain
cn: andrea
sn: andrea
uid: andrea
homeDirectory: /home/andrea
sambaLogonScript: andrea.cmd
sambaProfilePath: \\VRTLDAP01\profiles\andrea
sambaHomePath: \\VRTLDAP01\homes\andrea


The "Strange error" I see is (translated)
Could not log on due to the following error
a device connected to the system is not working

If I issue a "smbpasswd andrea" and give apassword, then I go 
a little further, but I get a policy error on the windows xp.

Any help will be gratly appreciated.

Thanks in advance,

Andrea


smime.p7s
Description: S/MIME cryptographic signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba and ldap

[Michaël Todorovic]

Hello and sorry for the late answer,
I tried to change "add machine script" line but this is not the solution I think
: smbldap-useradd returns 0 when computer does not exist in the ldap directory.
Even if I change the line, it always returns 9 when the computer account already
exists.
getent passwd machine_account$ returns nothing because I don't use nss nor pam
for the moment. I'll try later but last time I tried ldap/samba, nss worked like
a charm :) Joining domain (for windows clients) didn't work.

I tried to search in phpldapadmin what was the difference between a computer
account and a user account. My computer account does not have any
sambaSamAccount, just posixAccount ! I think it cannot work like this because
windows clients needs a sambaSamAccount. I tried to add the sambaSamAccount
property to my computer account. PhpLdapAdmin guessed me to put SambaSID
(SID+group number). I tried again to join the domain (with net join and windows
client) and it worked !

Now I am looking for ways to modify the machine adding method in order to put
sambaSamAccount automatically. I don't know if this is normal or if it's a bug
but it works :)


Merci

Regards,
Michaël Todorovic



-


Selon Quinn Fissler <[EMAIL PROTECTED]>:

 Bonjour,

 I have seen this behaviour myself on more than one occasion and for
 different reasons.

 It took some time to diagnose at first but it was an education :-)

 The first thing to remember is that samba uses two methods to talk to ldap.

 As far as I remember, when you first issue the join, the client tries to log
 into to the domain - this fails so it tries to create an account - this is
 done by samba using the method configured in smb.conf viz:
   add machine script = /usr/sbin/smbldap-useradd -w "%u".
 which itself uses a perl module to make the connection and which is
 confirgured by the smbldap_bind.conf and smbldap.conf.

 Once the script has been called, samba checks that it worked using the
 nssldap libraries.
 Here, samba does the equivalent of:
 getent passwd MyMachineName

 Try running this - there are so many reasons it could fail - does it work
 from the command line?

 As you haven't included this in your description, I presume that it's the
 bit you overlooked.

 It is configured using ldap.conf  - I found that these are in /etc and
 /etc/openldap so I hard linked to make one file.

 I am going to work now - let us know if you need more help with that file.

 Bonne Année !

 Regards,

 Quinn

 On 01/01/2008, Michaël Todorovic <[EMAIL PROTECTED]> wrote:
 >
 > Hello and happy new year :)
 >
 > I have to set up a samba server as a PDC with a openldap backend. My
 > openldap server is fully functionnal and it is not secured yet (so no
 > problems with tls). I must use debian etch or lenny.
 > My server's IP is 192.168.9.10/24. I have set up a dns server (bind9)
 > for my domain named "mik". It's a local domain for testing only. There
 > is a piece of the configuration file of bind :
 > pdc A   192.168.9.10
 > _ldap._tcp.dc._msdcsIN  CNAME   pdc
 > This permits windows clients to find the pdc. When I try to join the
 > domain under linux, it fails. I try with "net join mik -U root" on the
 > pdc (no other pc than the pdc to test) and it returns :
 > Creation of workstation account failed
 > Unable to join domain MIK.
 > Here are the logs :
 > /var/log/samba/log.pdc :
 > [2008/01/01 11:44:47, 2] lib/smbldap.c:smbldap_open_connection(786)
 >   smbldap_open_connection: connection opened
 > [2008/01/01 11:44:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
 >   init_sam_from_ldap: Entry found for user: root
 > [2008/01/01 11:44:47, 2] auth/auth.c:check_ntlm_password(309)
 >   check_ntlm_password:  authentication for user [root] -> [root] ->
 > [root] succeeded
 > [2008/01/01 11:44:49, 0]
 > passdb/pdb_interface.c:pdb_default_create_user(329)
 >   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
 > "pdc$"' gave 9
 >
 > smbldap-useradd returns 9 when the user already exists in the directory
 > but it does not change anything if I delete it. It returns 0 (no
 > problems) but joining domain fails again. root authentification is ok :
 > the log is produced with the correct password; I tried with a wrong
 > password and it said me that the password is bad so the authentification
 > is ok.
 >
 > /var/log/samba/log.192.168.9.10 :
 > [2008/01/01 11:44:46, 2] lib/smbldap.c:smbldap_open_connection(786)
 >   smbldap_open_connection: connection opened
 > [2008/01/01 11:44:46, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
 >   get_md4pw: Workstation PDC$: no account in domain
 > [2008/01/01 11:44:46, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
 >   _net_auth2: failed to get machine password for account PDC$:
 > NT_STATUS_ACCESS_DENIED
 >
 > I don't know why it tries to find a password for a workstation. It does
 > not make sense for me.
 >
 > It seems to be a known problem but still no answers. Yo

[Samba] Problem with samba 3.0.25b-33

[Mario Gzuk]

Hi,

our window file server running 3.0.25b-33 (X64) (Sernet rpm)
on SLES 9 SP3 has been stoped working.
The log file shows nothing new. No error ...
Only the clients can not connect to the server. After a restart
of smbd it seems to work for a while.
Any idea ?

Any help is welcome !!

-The last logline before was 10:39; at10:42 no connection was 
possible-

Jan  7 10:42:30 modena smbd[9266]: nss_ldap: reconnected to LDAP server 
after 1 attempt(s)
Jan  7 10:42:40 modena smbd[9266]: [2008/01/07 10:42:40, 0] 
smbd/service.c:make_connection(1191)
Jan  7 10:42:40 modena smbd[9266]:   namibia (141.5.19.206) couldn't 
find service c-sid
Jan  7 10:42:42 modena smbd[9784]: nss_ldap: reconnecting to LDAP
server...
Jan  7 10:42:42 modena smbd[9784]: nss_ldap: reconnected to LDAP server 
after 1 attempt(s)
Jan  7 10:42:44 modena smbd[24293]: [2008/01/07 10:42:44, 0] 
lib/util_sock.c:get_peer_addr(1232)
Jan  7 10:42:44 modena smbd[24293]:   getpeername failed. Error was 
Transport endpoint is not connected
Jan  7 10:42:44 modena smbd[10567]: [2008/01/07 10:42:44, 0] 
lib/util_sock.c:get_peer_addr(1232)
Jan  7 10:42:44 modena smbd[10567]:   getpeername failed. Error was 
Transport endpoint is not connected
Jan  7 10:42:44 modena smbd[10567]: [2008/01/07 10:42:44, 0] 
lib/util_sock.c:write_data(562)
Jan  7 10:42:44 modena smbd[10567]:   write_data: write failure in 
writing to client 0.0.0.0. Error Connection reset by peer
Jan  7 10:42:44 modena smbd[10567]: [2008/01/07 10:42:44, 0] 
lib/util_sock.c:send_smb(769)
Jan  7 10:42:44 modena smbd[10567]:   Error writing 4 bytes to client. 
-1. (Connection reset by peer)
Jan  7 10:42:46 modena smbd[9266]: [2008/01/07 10:42:46, 0] 
smbd/service.c:make_connection(1191)
Jan  7 10:42:46 modena smbd[9266]:   namibia (141.5.19.206) couldn't 
find service c-sid
Jan  7 10:42:52 modena smbd[10534]: nss_ldap: reconnecting to LDAP
server...
Jan  7 10:42:52 modena smbd[10534]: nss_ldap: reconnected to LDAP
server 
after 1 attempt(s)
Jan  7 10:43:04 modena smbd[10569]: [2008/01/07 10:43:04, 0] 
lib/util_sock.c:write_data(562)
Jan  7 10:43:04 modena smbd[10569]:   write_data: write failure in 
writing to client 141.5.16.46. Error Connection reset by peer
Jan  7 10:43:04 modena smbd[10569]: [2008/01/07 10:43:04, 0] 
lib/util_sock.c:send_smb(769)
Jan  7 10:43:04 modena smbd[10569]:   Error writing 4 bytes to client. 
-1. (Connection reset by peer)
Jan  7 10:43:15 modena smbd[9266]: [2008/01/07 10:43:15, 0] 
lib/util_sock.c:write_data(562)
Jan  7 10:43:15 modena smbd[9266]:   write_data: write failure in 
writing to client 141.5.19.206. Error Connection reset by peer
Jan  7 10:43:15 modena smbd[9266]: [2008/01/07 10:43:15, 0] 
lib/util_sock.c:send_smb(769)
Jan  7 10:43:15 modena smbd[9266]:   Error writing 88 bytes to client. 
-1. (Connection reset by peer)
Jan  7 10:43:15 modena smbd[9266]: [2008/01/07 10:43:15, 0] 
lib/util_sock.c:write_data(562)
Jan  7 10:43:15 modena smbd[9266]:   write_data: write failure in 
writing to client 141.5.19.206. Error Broken pipe
Jan  7 10:43:15 modena smbd[9266]: [2008/01/07 10:43:15, 0] 
lib/util_sock.c:send_smb(769)
Jan  7 10:43:15 modena smbd[9266]:   Error writing 75 bytes to client. 
-1. (Broken pipe)
Jan  7 10:44:20 modena smbd[9566]: nss_ldap: reconnecting to LDAP
server...
Jan  7 10:44:20 modena smbd[9566]: nss_ldap: reconnected to LDAP server 
after 1 attempt(s)
Jan  7 10:44:22 modena sshd[10574]: Accepted publickey for root from 
141.5.16.150 port 55694 ssh2
Jan  7 10:44:30 modena nmbd[10010]: [2008/01/07 10:44:30, 0] 
nmbd/nmbd_namequery.c:query_name_response(109)
Jan  7 10:44:30 modena nmbd[10010]:   query_name_response: Multiple (2) 
responses received for a query on subnet 141.5.16.61 for name BGC<1d>.
Jan  7 10:44:30 modena nmbd[10010]:   This response was from IP 
141.5.16.29, reporting an IP address of 141.5.16.29.
Jan  7 10:44:33 modena smbd[24293]: [2008/01/07 10:44:33, 0] 
lib/util_sock.c:get_peer_addr(1232)
Jan  7 10:44:33 modena smbd[24293]:   getpeername failed. Error was 
Transport endpoint is not connected
Jan  7 10:44:33 modena smbd[10607]: [2008/01/07 10:44:33, 0] 
lib/util_sock.c:get_peer_addr(1232)
Jan  7 10:44:33 modena smbd[10607]:   getpeername failed. Error was 
Transport endpoint is not connected
Jan  7 10:44:33 modena smbd[10607]: [2008/01/07 10:44:33, 0] 
lib/util_sock.c:write_data(562)
Jan  7 10:44:33 modena smbd[10607]:   write_data: write failure in 
writing to client 0.0.0.0. Error Connection reset by peer
Jan  7 10:44:33 modena smbd[10607]: [2008/01/07 10:44:33, 0] 
lib/util_sock.c:send_smb(769)
Jan  7 10:44:33 modena smbd[10607]:   Error writing 4 bytes to client. 
-1. (Connection reset by peer)
Jan  7 10:45:11 modena smbd[9065]: nss_ldap: reconnecting to LDAP
server...
Jan  7 10:45:11 modena smbd[9065]: nss_ldap: reconnected to LDAP server 
after 1 attempt(s)
Jan  7 10:45:34 modena smbd[10638]: [2008/01/07 10:45:34, 0] 
lib/util_tdb.c:tdb_chainlock_with_timeout_internal(84)
Jan  7 10:45:34 modena smbd[1

Re: [Samba] Problem with samba and ldap

[Quinn Fissler]

Bonjour,

I have seen this behaviour myself on more than one occasion and for
different reasons.

It took some time to diagnose at first but it was an education :-)

The first thing to remember is that samba uses two methods to talk to ldap.

As far as I remember, when you first issue the join, the client tries to log
into to the domain - this fails so it tries to create an account - this is
done by samba using the method configured in smb.conf viz:
  add machine script = /usr/sbin/smbldap-useradd -w "%u".
which itself uses a perl module to make the connection and which is
confirgured by the smbldap_bind.conf and smbldap.conf.

Once the script has been called, samba checks that it worked using the
nssldap libraries.
Here, samba does the equivalent of:
getent passwd MyMachineName

Try running this - there are so many reasons it could fail - does it work
from the command line?

As you haven't included this in your description, I presume that it's the
bit you overlooked.

It is configured using ldap.conf  - I found that these are in /etc and
/etc/openldap so I hard linked to make one file.

I am going to work now - let us know if you need more help with that file.

Bonne Année !

Regards,

Quinn

On 01/01/2008, Michaël Todorovic <[EMAIL PROTECTED]> wrote:
>
> Hello and happy new year :)
>
> I have to set up a samba server as a PDC with a openldap backend. My
> openldap server is fully functionnal and it is not secured yet (so no
> problems with tls). I must use debian etch or lenny.
> My server's IP is 192.168.9.10/24. I have set up a dns server (bind9)
> for my domain named "mik". It's a local domain for testing only. There
> is a piece of the configuration file of bind :
> pdc A   192.168.9.10
> _ldap._tcp.dc._msdcsIN  CNAME   pdc
> This permits windows clients to find the pdc. When I try to join the
> domain under linux, it fails. I try with "net join mik -U root" on the
> pdc (no other pc than the pdc to test) and it returns :
> Creation of workstation account failed
> Unable to join domain MIK.
> Here are the logs :
> /var/log/samba/log.pdc :
> [2008/01/01 11:44:47, 2] lib/smbldap.c:smbldap_open_connection(786)
>   smbldap_open_connection: connection opened
> [2008/01/01 11:44:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
>   init_sam_from_ldap: Entry found for user: root
> [2008/01/01 11:44:47, 2] auth/auth.c:check_ntlm_password(309)
>   check_ntlm_password:  authentication for user [root] -> [root] ->
> [root] succeeded
> [2008/01/01 11:44:49, 0]
> passdb/pdb_interface.c:pdb_default_create_user(329)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> "pdc$"' gave 9
>
> smbldap-useradd returns 9 when the user already exists in the directory
> but it does not change anything if I delete it. It returns 0 (no
> problems) but joining domain fails again. root authentification is ok :
> the log is produced with the correct password; I tried with a wrong
> password and it said me that the password is bad so the authentification
> is ok.
>
> /var/log/samba/log.192.168.9.10 :
> [2008/01/01 11:44:46, 2] lib/smbldap.c:smbldap_open_connection(786)
>   smbldap_open_connection: connection opened
> [2008/01/01 11:44:46, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
>   get_md4pw: Workstation PDC$: no account in domain
> [2008/01/01 11:44:46, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
>   _net_auth2: failed to get machine password for account PDC$:
> NT_STATUS_ACCESS_DENIED
>
> I don't know why it tries to find a password for a workstation. It does
> not make sense for me.
>
> It seems to be a known problem but still no answers. You can find my
> configuration files in enclosives ;)
>
> Here are the versions used of samba, openldap ans smbldap-tools :
> samba:
>   Installé : 3.0.28-1~lenny1
>   Candidat : 3.0.28-1~lenny1
> Table de version :
> *** 3.0.28-1~lenny1 0
> 500 http://security.debian.org lenny/updates/main Packages
> 100 /var/lib/dpkg/status
>  3.0.27a-1 0
> 500 http://ftp.fr.debian.org lenny/main Packages
>
> slapd:
>   Installé : 2.3.38-1+lenny1
>   Candidat : 2.3.38-1+lenny1
> Table de version :
> *** 2.3.38-1+lenny1 0
> 500 http://security.debian.org lenny/updates/main Packages
> 100 /var/lib/dpkg/status
>  2.3.38-1 0
> 500 http://ftp.fr.debian.org lenny/main Packages
>
> smbldap-tools:
>   Installé : 0.9.4-1
>   Candidat : 0.9.4-1
> Table de version :
> *** 0.9.4-1 0
> 500 http://ftp.fr.debian.org lenny/main Packages
> 100 /var/lib/dpkg/status
>
>
> Maybe one clue : slapd log says me that some keys are not indexed. I
> don't think that it hurts (this is just for performance ?)
>
> Do you have some tip to make the pdc functionnal ? If you need more
> information, please do not hesitate to ask.
> Best regards,
>
> Michaël Todorovic
>
>
> # Global parameters
> [global]
> workgroup = mik
> netbios name = PDC
> security = user
> enable privileges = ye

[Samba] Problem with samba and ldap

[Michaël Todorovic]

Hello and happy new year :)

I have to set up a samba server as a PDC with a openldap backend. My 
openldap server is fully functionnal and it is not secured yet (so no 
problems with tls). I must use debian etch or lenny.
My server's IP is 192.168.9.10/24. I have set up a dns server (bind9) 
for my domain named "mik". It's a local domain for testing only. There 
is a piece of the configuration file of bind :

pdc A   192.168.9.10
_ldap._tcp.dc._msdcsIN  CNAME   pdc
This permits windows clients to find the pdc. When I try to join the 
domain under linux, it fails. I try with "net join mik -U root" on the 
pdc (no other pc than the pdc to test) and it returns :

Creation of workstation account failed
Unable to join domain MIK.
Here are the logs :
/var/log/samba/log.pdc :
[2008/01/01 11:44:47, 2] lib/smbldap.c:smbldap_open_connection(786)
 smbldap_open_connection: connection opened
[2008/01/01 11:44:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
 init_sam_from_ldap: Entry found for user: root
[2008/01/01 11:44:47, 2] auth/auth.c:check_ntlm_password(309)
 check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded

[2008/01/01 11:44:49, 0] passdb/pdb_interface.c:pdb_default_create_user(329)
 _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w 
"pdc$"' gave 9


smbldap-useradd returns 9 when the user already exists in the directory 
but it does not change anything if I delete it. It returns 0 (no 
problems) but joining domain fails again. root authentification is ok : 
the log is produced with the correct password; I tried with a wrong 
password and it said me that the password is bad so the authentification 
is ok.


/var/log/samba/log.192.168.9.10 :
[2008/01/01 11:44:46, 2] lib/smbldap.c:smbldap_open_connection(786)
 smbldap_open_connection: connection opened
[2008/01/01 11:44:46, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
 get_md4pw: Workstation PDC$: no account in domain
[2008/01/01 11:44:46, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
 _net_auth2: failed to get machine password for account PDC$: 
NT_STATUS_ACCESS_DENIED


I don't know why it tries to find a password for a workstation. It does 
not make sense for me.


It seems to be a known problem but still no answers. You can find my 
configuration files in enclosives ;)


Here are the versions used of samba, openldap ans smbldap-tools :
samba:
 Installé : 3.0.28-1~lenny1
 Candidat : 3.0.28-1~lenny1
Table de version :
*** 3.0.28-1~lenny1 0
   500 http://security.debian.org lenny/updates/main Packages
   100 /var/lib/dpkg/status
3.0.27a-1 0
   500 http://ftp.fr.debian.org lenny/main Packages

slapd:
 Installé : 2.3.38-1+lenny1
 Candidat : 2.3.38-1+lenny1
Table de version :
*** 2.3.38-1+lenny1 0
   500 http://security.debian.org lenny/updates/main Packages
   100 /var/lib/dpkg/status
2.3.38-1 0
   500 http://ftp.fr.debian.org lenny/main Packages

smbldap-tools:
 Installé : 0.9.4-1
 Candidat : 0.9.4-1
Table de version :
*** 0.9.4-1 0
   500 http://ftp.fr.debian.org lenny/main Packages
   100 /var/lib/dpkg/status


Maybe one clue : slapd log says me that some keys are not indexed. I 
don't think that it hurts (this is just for performance ?)


Do you have some tip to make the pdc functionnal ? If you need more 
information, please do not hesitate to ask.

Best regards,

Michaël Todorovic

# Global parameters
[global]
workgroup = mik
netbios name = PDC
security = user
enable privileges = yes
server string = Samba Server %v
encrypt passwords = Yes
min passwd length = 3

unix password sync = yes
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" 
%n\n"

log level = 2
syslog = 0
log file = /var/log/samba/log.%m
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1

logon script = logon.bat
logon drive = H:
logon home = 
logon path = 

domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=mik
ldap suffix = dc=mik
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g" 
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/s

Re: [Samba] problem with samba 3.0.28/Solaris 8/smbclient

[Kenneth Marshall]

On Wed, Dec 19, 2007 at 06:18:50PM +0100, Volker Lendecke wrote:
> On Wed, Dec 19, 2007 at 09:35:15AM -0600, Kenneth Marshall wrote:
> > Is there anything else I can do to help track this problem down?
> > Is anyone else running Samba 3.0.28 on Solaris 8? With Heimdal Kerberos
> > or with MIT Kerberos? I would appreciate any feedback.
> 
> I'd be surprised if this is kerberos specific. Can we see a
> tcpdump of smbclient doing its job up to the crash?
> 
> Volker

I agree with you that this problem is not kerberos specific. My
suspicion is that, as was suggested in another reply, there is a
problem with one of the function definitions. I am currently
looking at the vasprintf() function provided with Samba in the
replace library and also by Heimdal in the roken library. I will
follow-up to the list with my results.

Cheers,
Ken
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with samba 3.0.28/Solaris 8/smbclient

[Volker Lendecke]

On Wed, Dec 19, 2007 at 09:35:15AM -0600, Kenneth Marshall wrote:
> Is there anything else I can do to help track this problem down?
> Is anyone else running Samba 3.0.28 on Solaris 8? With Heimdal Kerberos
> or with MIT Kerberos? I would appreciate any feedback.

I'd be surprised if this is kerberos specific. Can we see a
tcpdump of smbclient doing its job up to the crash?

Volker


pgpmBHEuxB9q8.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with samba 3.0.28/Solaris 8/smbclient

[Kenneth Marshall]

On Tue, Dec 18, 2007 at 07:15:23AM -0600, Kenneth Marshall wrote:
> On Mon, Dec 17, 2007 at 01:26:51PM -0600, Kenneth Marshall wrote:
> > Dear Samba users,
> > 
> > I am trying to update our local samba packages to 3.0.28.
> > They are built against heimdal-1.0.1 and openldap-2.3.38.
> > The Redhat Enterprise Linux 3 and 4 packages are working
> > fine so far in my limited testing. The problem with heimdal
> > and "net ads join..." has been fixed on all 3 platforms.
> > On the Solaris 8 server, the "net ads join..." works
> > correctly and the machine registers with the domain. The
> > problem is that the smbclient segfaults on the ls command.
> > A put command worked correctly. Here is what a truss
> > returned:
> > 
> > 21056:  ioctl(1, TCGETA, 0xFFBECFA4)= 0
> > 21056:  write(1, " s m b :   \ k \ k t m \".., 14)  = 14
> > 21056:  read(0, 0xFFBED3E3, 1)  (sleeping...)
> > 21056:  signotifywait() (sleeping...)
> > 21056:  door_return(0x, 0, 0x, 0) (sleeping...)
> > 21056:  lwp_cond_wait(0xFF3834E8, 0xFF3834F8, 0xFF37CD80) (sleeping...)
> > 21056:  read(0, " l", 1)= 1
> > 21056:  write(1, " l", 1)   = 1
> > 21056:  read(0, " s", 1)= 1
> > 21056:  write(1, " s", 1)   = 1
> > 21056:  read(0, "\r", 1)= 1
> > 21056:  write(1, "\n", 1)   = 1
> > 21056:  ioctl(0, TCSETSW, 0xFF345C28)   = 0
> > 21056:  sigaction(SIGINT, 0xFFBED4C0, 0xFFBED5C0)   = 0
> > 21056:  sigaction(SIGTERM, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGQUIT, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGALRM, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGTSTP, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGTTOU, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGTTIN, 0xFFBED4C0, 0xFFBED5C0)  = 0
> > 21056:  sigaction(SIGWINCH, 0xFFBED4C0, 0xFFBED5C0) = 0
> > 21056:  time()  = 1197919173
> > 21056:  write(6, "\0\0\0 bFF S M B 2\0\0\0".., 102) = 102
> > 21056:  poll(0xFFBEAF18, 1, 2)  = 1
> > 21056:  read(6, "\0\003AC", 4)  = 4
> > 21056:  poll(0xFFBEAF88, 1, 2)  = 1
> > 21056:  read(6, "FF S M B 2\0\0\0\08801C8".., 940)  = 940
> > 21056:  open("/usr/share/lib/zoneinfo/US/Central", O_RDONLY) = 8
> > 21056:  read(8, " T Z i f\0\0\0\0\0\0\0\0".., 8192) = 1279
> > 21056:  close(8)= 0
> > 21056:  stat64("/usr/site/samba-3.0.28/lib/C.msg", 0xFFBEA948) Err#2 ENOENT
> > 21056:  Incurred fault #6, FLTBOUNDS  %pc = 0xFE833218
> > 21056:siginfo: SIGSEGV SEGV_MAPERR addr=0x40498000
> > 21056:  Received signal #11, SIGSEGV [default]
> > 21056:siginfo: SIGSEGV SEGV_MAPERR addr=0x40498000
> > 21056:  *** process killed ***
> > 
> > Here is a gdb backtrace:
> > 
> > (gdb) run -U 'AD\ktm' //storage.rice.edu/home -D k/ktm
> > Starting program: /build/samba-3.0.28/sunos5/bin/smbclient -U 'AD\ktm' 
> > //storage.rice.edu/home -D k/ktm
> > [New LWP 1]
> > [New LWP 2]
> > [New LWP 3]
> > params.c:OpenConfFile() - Unable to open configuration file 
> > "/usr/site/samba-3.0.28/lib/smb.conf":
> > No such file or directory
> > [New LWP 4]
> > [New LWP 5]
> > /build/samba-3.0.28/sunos5/bin/smbclient: Can't load 
> > /usr/site/samba-3.0.28/lib/smb.conf - run testparm to debug it
> > Password: 
> > Domain=[AD] OS=[BlueArc Titan 4.3.990q] Server=[BlueArc Titan 4.3.990q]
> > smb: \k\ktm\> ls
> > 
> > Program received signal SIGSEGV, Segmentation fault.
> > 0xfe833218 in strlen () from /usr/lib/libc.so.1
> > (gdb) bt
> > #0  0xfe833218 in strlen () from /usr/lib/libc.so.1
> > #1  0xfedcadcc in wait_for_process () from 
> > /usr/site/samba-3.0.28/ext/libroken.so.18
> > #2  0xfedcadcc in wait_for_process () from 
> > /usr/site/samba-3.0.28/ext/libroken.so.18
> > Previous frame identical to this frame (corrupt stack?)
> > (gdb) 
> > 
> > I am building a debug version of the heimdal 1.0.1 libraries to
> > try and get some more information, but I wanted to post a preliminary
> > message to see if this is a know issue or not and whether there are
> > some other debugging measures that could be tried.
> > 
> > Cheers,
> > Ken
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > 
> 
> Dear Samba users,
> 
> As promised here s the backtrace from the debug version of the
> Heimdal 1.0.1 libraries:
> 
> Starting program: /build/samba-3.0.28/sunos5/bin/smbclient -U 'ADRICE\ktm' 
> //storage.rice.edu/home -D k/ktm
> [New LWP 1]
> [New LWP 2]
> [New LWP 3]
> params.c:OpenConfFile() - Unable to open configuration file 
> "/usr/site/samba-3.0.28/lib/smb.conf":
> No 

Re: [Samba] problem with samba 3.0.28/Solaris 8/smbclient

[Kenneth Marshall]

On Mon, Dec 17, 2007 at 01:26:51PM -0600, Kenneth Marshall wrote:
> Dear Samba users,
> 
> I am trying to update our local samba packages to 3.0.28.
> They are built against heimdal-1.0.1 and openldap-2.3.38.
> The Redhat Enterprise Linux 3 and 4 packages are working
> fine so far in my limited testing. The problem with heimdal
> and "net ads join..." has been fixed on all 3 platforms.
> On the Solaris 8 server, the "net ads join..." works
> correctly and the machine registers with the domain. The
> problem is that the smbclient segfaults on the ls command.
> A put command worked correctly. Here is what a truss
> returned:
> 
> 21056:  ioctl(1, TCGETA, 0xFFBECFA4)= 0
> 21056:  write(1, " s m b :   \ k \ k t m \".., 14)  = 14
> 21056:  read(0, 0xFFBED3E3, 1)  (sleeping...)
> 21056:  signotifywait() (sleeping...)
> 21056:  door_return(0x, 0, 0x, 0) (sleeping...)
> 21056:  lwp_cond_wait(0xFF3834E8, 0xFF3834F8, 0xFF37CD80) (sleeping...)
> 21056:  read(0, " l", 1)= 1
> 21056:  write(1, " l", 1)   = 1
> 21056:  read(0, " s", 1)= 1
> 21056:  write(1, " s", 1)   = 1
> 21056:  read(0, "\r", 1)= 1
> 21056:  write(1, "\n", 1)   = 1
> 21056:  ioctl(0, TCSETSW, 0xFF345C28)   = 0
> 21056:  sigaction(SIGINT, 0xFFBED4C0, 0xFFBED5C0)   = 0
> 21056:  sigaction(SIGTERM, 0xFFBED4C0, 0xFFBED5C0)  = 0
> 21056:  sigaction(SIGQUIT, 0xFFBED4C0, 0xFFBED5C0)  = 0
> 21056:  sigaction(SIGALRM, 0xFFBED4C0, 0xFFBED5C0)  = 0
> 21056:  sigaction(SIGTSTP, 0xFFBED4C0, 0xFFBED5C0)  = 0
> 21056:  sigaction(SIGTTOU, 0xFFBED4C0, 0xFFBED5C0)  = 0
> 21056:  sigaction(SIGTTIN, 0xFFBED4C0, 0xFFBED5C0)  = 0
> 21056:  sigaction(SIGWINCH, 0xFFBED4C0, 0xFFBED5C0) = 0
> 21056:  time()  = 1197919173
> 21056:  write(6, "\0\0\0 bFF S M B 2\0\0\0".., 102) = 102
> 21056:  poll(0xFFBEAF18, 1, 2)  = 1
> 21056:  read(6, "\0\003AC", 4)  = 4
> 21056:  poll(0xFFBEAF88, 1, 2)  = 1
> 21056:  read(6, "FF S M B 2\0\0\0\08801C8".., 940)  = 940
> 21056:  open("/usr/share/lib/zoneinfo/US/Central", O_RDONLY) = 8
> 21056:  read(8, " T Z i f\0\0\0\0\0\0\0\0".., 8192) = 1279
> 21056:  close(8)= 0
> 21056:  stat64("/usr/site/samba-3.0.28/lib/C.msg", 0xFFBEA948) Err#2 ENOENT
> 21056:  Incurred fault #6, FLTBOUNDS  %pc = 0xFE833218
> 21056:siginfo: SIGSEGV SEGV_MAPERR addr=0x40498000
> 21056:  Received signal #11, SIGSEGV [default]
> 21056:siginfo: SIGSEGV SEGV_MAPERR addr=0x40498000
> 21056:  *** process killed ***
> 
> Here is a gdb backtrace:
> 
> (gdb) run -U 'AD\ktm' //storage.rice.edu/home -D k/ktm
> Starting program: /build/samba-3.0.28/sunos5/bin/smbclient -U 'AD\ktm' 
> //storage.rice.edu/home -D k/ktm
> [New LWP 1]
> [New LWP 2]
> [New LWP 3]
> params.c:OpenConfFile() - Unable to open configuration file 
> "/usr/site/samba-3.0.28/lib/smb.conf":
> No such file or directory
> [New LWP 4]
> [New LWP 5]
> /build/samba-3.0.28/sunos5/bin/smbclient: Can't load 
> /usr/site/samba-3.0.28/lib/smb.conf - run testparm to debug it
> Password: 
> Domain=[AD] OS=[BlueArc Titan 4.3.990q] Server=[BlueArc Titan 4.3.990q]
> smb: \k\ktm\> ls
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0xfe833218 in strlen () from /usr/lib/libc.so.1
> (gdb) bt
> #0  0xfe833218 in strlen () from /usr/lib/libc.so.1
> #1  0xfedcadcc in wait_for_process () from 
> /usr/site/samba-3.0.28/ext/libroken.so.18
> #2  0xfedcadcc in wait_for_process () from 
> /usr/site/samba-3.0.28/ext/libroken.so.18
> Previous frame identical to this frame (corrupt stack?)
> (gdb) 
> 
> I am building a debug version of the heimdal 1.0.1 libraries to
> try and get some more information, but I wanted to post a preliminary
> message to see if this is a know issue or not and whether there are
> some other debugging measures that could be tried.
> 
> Cheers,
> Ken
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 

Dear Samba users,

As promised here s the backtrace from the debug version of the
Heimdal 1.0.1 libraries:

Starting program: /build/samba-3.0.28/sunos5/bin/smbclient -U 'ADRICE\ktm' 
//storage.rice.edu/home -D k/ktm
[New LWP 1]
[New LWP 2]
[New LWP 3]
params.c:OpenConfFile() - Unable to open configuration file 
"/usr/site/samba-3.0.28/lib/smb.conf":
No such file or directory
[New LWP 4]
[New LWP 5]
/build/samba-3.0.28/sunos5/bin/smbclient: Can't load 
/usr/site/samba-3.0.28/lib/smb.conf - run testparm to debug it
Password: 
Domain=[ADRICE] OS=[BlueArc Titan 4.3.990q] Server=[BlueArc Titan 4.3.990q]
smb: \k\ktm\> ls

Program r

[Samba] problem with samba 3.0.28/Solaris 8/smbclient

[Kenneth Marshall]

Dear Samba users,

I am trying to update our local samba packages to 3.0.28.
They are built against heimdal-1.0.1 and openldap-2.3.38.
The Redhat Enterprise Linux 3 and 4 packages are working
fine so far in my limited testing. The problem with heimdal
and "net ads join..." has been fixed on all 3 platforms.
On the Solaris 8 server, the "net ads join..." works
correctly and the machine registers with the domain. The
problem is that the smbclient segfaults on the ls command.
A put command worked correctly. Here is what a truss
returned:

21056:  ioctl(1, TCGETA, 0xFFBECFA4)= 0
21056:  write(1, " s m b :   \ k \ k t m \".., 14)  = 14
21056:  read(0, 0xFFBED3E3, 1)  (sleeping...)
21056:  signotifywait() (sleeping...)
21056:  door_return(0x, 0, 0x, 0) (sleeping...)
21056:  lwp_cond_wait(0xFF3834E8, 0xFF3834F8, 0xFF37CD80) (sleeping...)
21056:  read(0, " l", 1)= 1
21056:  write(1, " l", 1)   = 1
21056:  read(0, " s", 1)= 1
21056:  write(1, " s", 1)   = 1
21056:  read(0, "\r", 1)= 1
21056:  write(1, "\n", 1)   = 1
21056:  ioctl(0, TCSETSW, 0xFF345C28)   = 0
21056:  sigaction(SIGINT, 0xFFBED4C0, 0xFFBED5C0)   = 0
21056:  sigaction(SIGTERM, 0xFFBED4C0, 0xFFBED5C0)  = 0
21056:  sigaction(SIGQUIT, 0xFFBED4C0, 0xFFBED5C0)  = 0
21056:  sigaction(SIGALRM, 0xFFBED4C0, 0xFFBED5C0)  = 0
21056:  sigaction(SIGTSTP, 0xFFBED4C0, 0xFFBED5C0)  = 0
21056:  sigaction(SIGTTOU, 0xFFBED4C0, 0xFFBED5C0)  = 0
21056:  sigaction(SIGTTIN, 0xFFBED4C0, 0xFFBED5C0)  = 0
21056:  sigaction(SIGWINCH, 0xFFBED4C0, 0xFFBED5C0) = 0
21056:  time()  = 1197919173
21056:  write(6, "\0\0\0 bFF S M B 2\0\0\0".., 102) = 102
21056:  poll(0xFFBEAF18, 1, 2)  = 1
21056:  read(6, "\0\003AC", 4)  = 4
21056:  poll(0xFFBEAF88, 1, 2)  = 1
21056:  read(6, "FF S M B 2\0\0\0\08801C8".., 940)  = 940
21056:  open("/usr/share/lib/zoneinfo/US/Central", O_RDONLY) = 8
21056:  read(8, " T Z i f\0\0\0\0\0\0\0\0".., 8192) = 1279
21056:  close(8)= 0
21056:  stat64("/usr/site/samba-3.0.28/lib/C.msg", 0xFFBEA948) Err#2 ENOENT
21056:  Incurred fault #6, FLTBOUNDS  %pc = 0xFE833218
21056:siginfo: SIGSEGV SEGV_MAPERR addr=0x40498000
21056:  Received signal #11, SIGSEGV [default]
21056:siginfo: SIGSEGV SEGV_MAPERR addr=0x40498000
21056:  *** process killed ***

Here is a gdb backtrace:

(gdb) run -U 'AD\ktm' //storage.rice.edu/home -D k/ktm
Starting program: /build/samba-3.0.28/sunos5/bin/smbclient -U 'AD\ktm' 
//storage.rice.edu/home -D k/ktm
[New LWP 1]
[New LWP 2]
[New LWP 3]
params.c:OpenConfFile() - Unable to open configuration file 
"/usr/site/samba-3.0.28/lib/smb.conf":
No such file or directory
[New LWP 4]
[New LWP 5]
/build/samba-3.0.28/sunos5/bin/smbclient: Can't load 
/usr/site/samba-3.0.28/lib/smb.conf - run testparm to debug it
Password: 
Domain=[AD] OS=[BlueArc Titan 4.3.990q] Server=[BlueArc Titan 4.3.990q]
smb: \k\ktm\> ls

Program received signal SIGSEGV, Segmentation fault.
0xfe833218 in strlen () from /usr/lib/libc.so.1
(gdb) bt
#0  0xfe833218 in strlen () from /usr/lib/libc.so.1
#1  0xfedcadcc in wait_for_process () from 
/usr/site/samba-3.0.28/ext/libroken.so.18
#2  0xfedcadcc in wait_for_process () from 
/usr/site/samba-3.0.28/ext/libroken.so.18
Previous frame identical to this frame (corrupt stack?)
(gdb) 

I am building a debug version of the heimdal 1.0.1 libraries to
try and get some more information, but I wanted to post a preliminary
message to see if this is a know issue or not and whether there are
some other debugging measures that could be tried.

Cheers,
Ken
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba cutting dir listings short

[John Drescher]

> > What version of samba are you using? I believe I have seen this
> > recently on the list and it was a bug that was fixed in samba-3.0.27a
>
> I was using 3.0.24-6etch7, which came with the Debian net install.
>
> I've upgraded to 3.0.24-6etch8 via apt-get upgrade, which was enough to solve
> the problem.
>

Although I was wrong with the version number that was the correct
solution. Here is the thread
http://lists.samba.org/archive/samba/2007-November/136587.html

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba cutting dir listings short

[B. Boom]

John Drescher wrote:


On Nov 29, 2007 12:06 PM, B. Boom <[EMAIL PROTECTED]> wrote:

Hi,

I have a peculiar problem with my Samba installation. I have a directory with
lots of files that I want to make available via Samba. I can connect just fine,
but I quickly noticed a lot of files seemed to be missing.

After some testing I found out that the directory listing was simple cut off,
right in the middle of a filename even. I created a test-directory with 1000
random files in another directory, and the same happens.
I can access all files without trouble, if I enter them via the command line,
they just don't appear in any directory listings in windows.


What version of samba are you using? I believe I have seen this
recently on the list and it was a bug that was fixed in samba-3.0.27a


I was using 3.0.24-6etch7, which came with the Debian net install.

I've upgraded to 3.0.24-6etch8 via apt-get upgrade, which was enough to solve 
the problem.


Thanks for the tip!

.Bobo
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba 3.0.14a-3sarge9 on Debian Sarge

[Alessandro FAGLIA]

 Original Message  
Subject: Re: [Samba] Problem with samba 3.0.14a-3sarge9 on Debian Sarge
From: Christian Perrier <[EMAIL PROTECTED]>
To: samba@lists.samba.org
Date: Thu Nov 29 2007 18:17:19 GMT+0100 (ora solare Europa occidentale)


Quoting Marco ([EMAIL PROTECTED]):

Alessandro FAGLIA wrote:

After I upgraded to 3.0.14a-3sarge9, I observed a strange behaviour with 
no apparent explanation.

Perhaps this link could be helpful:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453050



And -sarge10 should be available in the meantime, thanks again to
Steve Langasek's work.

The same stands for 3.0.24-etch8 packages that should fix the same
"long directory listing" regression for the package in Etch.

(and /me crosses fingers for no more regressions)


I've just upgrade to -sarge10 and I confirm that the issue is fixed (at 
least at a first glance).



Thanks to the debian maintainer for his responsiveness.


--Alessandro
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba 3.0.14a-3sarge9 on Debian Sarge

[Christian Perrier]

Quoting Marco ([EMAIL PROTECTED]):
> Alessandro FAGLIA wrote:
>
>> After I upgraded to 3.0.14a-3sarge9, I observed a strange behaviour with 
>> no apparent explanation.
>
> Perhaps this link could be helpful:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453050


And -sarge10 should be available in the meantime, thanks again to
Steve Langasek's work.

The same stands for 3.0.24-etch8 packages that should fix the same
"long directory listing" regression for the package in Etch.

(and /me crosses fingers for no more regressions)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba cutting dir listings short

[John Drescher]

On Nov 29, 2007 12:06 PM, B. Boom <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have a peculiar problem with my Samba installation. I have a directory with
> lots of files that I want to make available via Samba. I can connect just 
> fine,
> but I quickly noticed a lot of files seemed to be missing.
>
> After some testing I found out that the directory listing was simple cut off,
> right in the middle of a filename even. I created a test-directory with 1000
> random files in another directory, and the same happens.
> I can access all files without trouble, if I enter them via the command line,
> they just don't appear in any directory listings in windows.
>
What version of samba are you using? I believe I have seen this
recently on the list and it was a bug that was fixed in samba-3.0.27a

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba cutting dir listings short

[B. Boom]

Hi,

I have a peculiar problem with my Samba installation. I have a directory with 
lots of files that I want to make available via Samba. I can connect just fine, 
but I quickly noticed a lot of files seemed to be missing.


After some testing I found out that the directory listing was simple cut off, 
right in the middle of a filename even. I created a test-directory with 1000 
random files in another directory, and the same happens.
I can access all files without trouble, if I enter them via the command line, 
they just don't appear in any directory listings in windows.


I compared a 'dir /b' from windows with 'ls -U' on the server, and found that 
the listings were the same up to the cut-off point. The first 220 lines are the 
same.


ls -U listing (fragment line 215-225):

000807_hayhujzrrpmsnqsh.txt
000484_epomsssmbnmqpvbq.txt
000132_hnabfdecadllofev.txt
000172_fbgoiudtneqxyoan.txt
000260_zoxmakggifjiailc.txt
000954_jhntvnufaxxqdozb.txt
000628_nclhlggazkibogtq.txt
000471_zoiwbgkxmiaplowr.txt
24_ljjgsfdsrnpqrypr.txt
000420_nwjxahzjeegkzcag.txt

dir listing (fragment line 215-EOF):

000807_hayhujzrrpmsnqsh.txt
000484_epomsssmbnmqpvbq.txt
000132_hnabfdecadllofev.txt
000172_fbgoiudtneqxyoan.txt
000260_zoxmakggifjiailc.txt
00095


So somehow, the dir-listing gets cut-off right in the middle of 
'000954_jhntvnufaxxqdozb.txt'. I'm at a loss to explain this. I've tried running 
with "log level = 3", but there were no obvious errors in the logfile. Tail 
attached below.


Another curious thing is that both the smb.conf and the files are a copy of an 
older server, which always worked just fine.


Any ideas?

Regards,

.Bobo

--



my smb.conf:

#=== Global Settings ===

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = INTRONET

# server string is the equivalent of the NT Description field
   server string = %h server (Samba %v)

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
;   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# What naming service and in what order should we use to resolve host names
# to IP addresses
;   name resolve order = lmhosts host wins bcast


 Debugging/Accounting 

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
;   syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d


### Authentication ###

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc
# package for details.
#   security = user

# You may wish to use password encryption.  See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
   encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
#   passdb backend = tdbsam guest

   obey pam restrictions = yes

;   guest account = nobody
   invalid users = root

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
;   unix password sync = no

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Augustin Luton <[EMAIL PROTECTED]> for
# sending the correct chat script for the passwd program in Debian Potato).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .


# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
;   pam password change = no


## Printing ##

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
;   load printers = yes

# lpr(ng) printing. You may wish to override the location of the
# printcap file
;   printing = bsd
;   printcap name = /etc/printcap

# CUPS prin

Re: [Samba] Problem with samba 3.0.14a-3sarge9 on Debian Sarge

[Marco]

Alessandro FAGLIA wrote:

After I upgraded to 3.0.14a-3sarge9, I observed a strange behaviour with 
no apparent explanation.


Perhaps this link could be helpful:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453050

--
Kind regards,
  Marco Romano.




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with samba 3.0.14a-3sarge9 on Debian Sarge

[Alessandro FAGLIA]

Hi list.
My box is a Debian Sarge with samba 3.0.14a-3sarge4. I created many 
shares for a Windows network, and everything has been working with no 
flaw. The filesystem is Reiser.


After I upgraded to 3.0.14a-3sarge9, I observed a strange behaviour with 
no apparent explanation.


One of shared folders is fed with PDF obtained by scanning documents. 
Yesterday one user clained that somebody deleted a part of these files. 
When I tried to restore the folder from a backup, I had that:
- files seems to be copied correctly on the samba share (at least I can 
see them with an ls command on the server console);

- from a windows machine, I can see only a subset of them.

I tried to copy this list with scp, smb but the outcome is always the same.
After a bit of panic, I downgraded back to 3.0.14a-3sarge4 and the 
problem disappeared.


Did anybody experience strangeness like that?


Regards
-- Alessandro
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem with SAMBA as PDC

[Adel ESSAFI]

Hi list,
I am configuring a samba server as a PDC (called DSERVER). I have follow 
some good docs to build my smb.conf file (see below).
However, my server does not works correctly: when I execute smbclient, I 
don't find my workgroup (SOCINFO) alghouth I activated the wins support.

[EMAIL PROTECTED] ~]$ smbclient -L localhost -U root
Password:
Domain=[DSERVER] OS=[Unix] Server=[Samba 3.0.26a-0.fc7]

   Sharename   Type  Comment
   -     ---
   IPC$IPC   IPC Service (serveur samba 3.0.26a-0.fc7)
   samsungDI   Printer   samsungDI
   epson   Printer   epson
   rootDisk  Repertoire personnel
Domain=[DSERVER] OS=[Unix] Server=[Samba 3.0.26a-0.fc7]

   Server   Comment
   ----

   WorkgroupMaster
   ----
   UTICDPCADEL

Can  someone  help me please.
Regards
Adel

[global]
   workgroup = SOCINFO
   netbios name = DSERVER
   server string = serveur samba %v
   interfaces = eth0:0, 127.0.0.1
   log level = 2
   log file = /var/log/samba/log.%m
   max log size = 50
   logon script = netlogon.bat
   logon path = \\%L\profiles\%U
   logon drive = H:
   os level = 65
   preferred master = Yes
   domain master = Yes
   name resolve order = wins bcast hosts
   wins support = Yes

[homes]
   comment = Repertoire personnel
   read only = No
   browseable = No

[profiles]
   path = /home/samba/profiles
   read only = No
   create mask = 0600
   directory mask = 0700
   browseable = No

[netlogon]
   path = /home/netlogon
   browseable = No

[printers]
   comment = All Printers
   path = /var/spool/samba
   printable = Yes
   browseable = No

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba config under SUSE SLES 10

[Shearer, Greg GS]

Hi all,

I'm having some difficulty configuring Samba correctly.
Something I've noticed is that changes I make to Samba config through YAST 
aren't being retained in smb.conf.
The smb.conf timestamp appears to change ... but that is all.
Can anyone suggest what the problem could be?
Does this mean I'll have to use command line configuration?

Greg Shearer

Greg Shearer - Senior Systems Engineer
PO Box 245C, Newcastle, NSW 2300
PH: 02 4935 4962 Fax: 02 4935 4959
Email: [EMAIL PROTECTED]  Web: www.onesteel.com 
OneSteel Market Mills




The material contained in this email may be confidential, privileged or 
copyrighted. If you are not the intended recipient, use, disclosure or copying 
of this information is prohibited. If you have received this document in error, 
please advise the sender and delete the document. Neither OneSteel nor the 
sender accept responsibility for any viruses contained in this email or any 
attachments.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba Net RPC Behind a firewall

[Gianluca Culot]

Hello list
 
How can I manually register a server in a Samba Wins Server ?
 
 
 
I'm facing this scenario
 
firewalled net
 
in the DMZSamba Box 3.0.25FreeBsd 6
 
In the NETWindows 2003 SP1
 
The samba box is authenticating user against the Windows 2003 server. Of
course the firewall is open for TCP 445 88 137-139 UDP 137-139
 
problems pop up for all NET RPC comands
the samba box cannot find a Domain Server.
Obviously it is because the firewall is stopping broadcasts from DMZ to
Intranet.
So I made Samba working as WINS server
the problem is this
 
The Domain server WILL NEVER try to register on the Samba Wins Server
and I'm not willing to open Intranet to DMZ WINS comunications over the
firewall
 
I'd rather preferr to register MANUALLY and ONCE the Windows2003 server on
the Samba WINS server.
How can I do this ?
I searched over and over in google, but found no clue at all.
 
[global]
workgroup = DMSWARE
Wins support = yes
dns proxy = yes
#name resolve order = host wins bcast
name resolve order = wins lmhosts hosts bcast
local master = yes
#domain master = yes
domain master = no
preferred master = auto
enhanced browsing = yes
#encrypt password = yes # YES = Default
 
realm = DMSWARE.it
server string = mail
security = ADS
password server = orion
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
client use spnego = yes
server signing = auto
client signing = auto
#passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
#passwd chat debug = yes
log file = /var/log/samba/log.%m
add user script = /usr/sbin/pw useradd %u
delete user script = /usr/sbin/pw userdel %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/pw groupdel %g
 
template homedir = /home/%U
template shell = /bin/csh
winbind cache time = 3600
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
 
idmap domains = DMSWARE
idmap config DMSWARE:range = 1-4
idmap config DMSWARE:base_rid = 0
idmap config DMSWARE:backend = rid
idmap uid = 1-4
idmap gid = 1-4
 
#  Networking configuration options
hosts allow = 192.168.0. 192.168.1. localhost
#guest ok = yes
#guest only = yes
browseable = yes
#read only = yes
#force directory mode = 744
public = yes
available = yes
browse list = yes
 
 
 

--
Gianluca Culot
DMS Multimedia
Via delle Arti e dei Mestieri, 6
20050 Sulbiate (Mi) - Italy
Tel: +39 039 5968925
Fax: +39 039 3309813

www.dmsware.com 

Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in
questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora
il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza
copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il
mittente comunica che il presente messaggio ed ogni suo allegato, al momento
dell’invio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri
tipo di codice software dannoso. Questo messaggio e i suoi allegati
potrebbero essere stati infettati durante la trasmissione. Leggendo il
messaggio e/o aprendo gli allegati, il Destinatario si prende la piena
responsabilità nei confronti di ogni azione protettiva o di rimedio per la
rimozione di virus ed altri difetti. DMS Multimedia non potrà essere
considerata responsabile per qualsivoglia danno o perdita derivata qualunque
modo da questo messaggio o dai suoi allegati.

The information in this electronic mail message, including any attachments,
is confidential and may be legally privileged. It is intended solely for the
addressee(s). Access to this Internet electronic mail message by anyone else
is unauthorised. If you are not the intended recipient, any disclosure,
copying, distribution or action taken or omitted to be taken in reliance on
it is prohibited and may be unlawful. The sender believes that this E-mail
and any attachments were free of any virus, worm, Trojan horse, and/or
malicious code when sent. This message and its attachments could have been
infected during transmission. By reading the message and opening the
attachments, the recipient accepts full responsibility for taking protective
and remedial action about viruses and other defects.DMS Multimedia is not
liable for any loss or damage arising in any way from this message or its
attachments 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem with Samba Wins Server

[Gianluca Culot]

Hello List

I'm experienceing problems with Samba 3.0.25,1 running in a FreeBSD box.

I've succesfully joined a domain, and I've configured mail with auth on W2k3
server thorugh PAM. 

But I have problems with wins name resolution .

If I issue

mail# /usr/local/www > net rpc testjoin

Unable to find a suitable server

Join to domain 'DMSWARE' is not valid

BUT

mail# /etc > net rpc testjoin -S orion

Join to 'DMSWARE' is OK

AND

mail# /usr/local/www > net ads testjoin

Join is OK

I know that RPC and ADS use two different methods to find the server... But

RPC shouldn't net rpc first try with files, then DNS, then broadcast ?

I've listed Orion in the machine host file, and the name can be successfully
resolved by name server, with or without domain

And giving "-S orion" is nothing more than what is already listed in
smb.conf

So Why RPC fails ?

Here are my conf files

**

mail# /etc > less nsswitch.conf

passwd: files winbind

shadow: files winbind

group: files winbind

#hosts: db files nisplus nis dns

#hosts: files dns wins

hosts: files dns bcast

# Example - obey only what nisplus tells us...

#services: nisplus [NOTFOUND=return] files

#networks: nisplus [NOTFOUND=return] files

#protocols: nisplus [NOTFOUND=return] files

#rpc: nisplus [NOTFOUND=return] files

#ethers: nisplus [NOTFOUND=return] files

#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: db files

netmasks: files

networks: files dns

protocols: db files

rpc: files

services: files

netgroup: files

publickey: nisplus

automount: files

aliases: files nisplus

nsswitch.conf (END)

**

mail# /etc > less smb.conf

[global]

workgroup = DMSWARE

Wins support = yes

dns proxy = yes

name resolve order = host wins bcast

local master = yes

domain master = no

preferred master = auto

enhanced browsing = yes

#encrypt password = yes # YES = Default

realm = DMSWARE.it

server string = mail

security = ADS

password server = orion

passdb backend = tdbsam

passwd program = /usr/bin/passwd %u

client use spnego = yes

server signing = auto

client signing = auto

#passwd chat = *Enter\snew\sUNIX\spassword:* %n\n

*Retype\snew\sUNIX\spassword:* %n\n .

#passwd chat debug = yes

log file = /var/log/samba/log.%m

add user script = /usr/sbin/pw useradd %u

delete user script = /usr/sbin/pw userdel %u

add group script = /usr/sbin/groupadd %g

delete group script = /usr/sbin/pw groupdel %g

preferred master = No

template homedir = /home/%U

template shell = /bin/csh

winbind cache time = 3600

winbind enum users = Yes

winbind enum groups = Yes

winbind use default domain = Yes

winbind nss info = rfc2307

idmap domains = DMSWARE

idmap config DMSWARE:range = 1-4

idmap config DMSWARE:base_rid = 0

idmap config DMSWARE:backend = rid

**

mail# /etc > less hosts

127.0.0.1 localhost.DMSWARE.it localhost

192.168.1.38 MAIL.DMSWARE.it MAIL

192.168.1.38 MAIL.DMSWARE.it.

192.168.0.12 orion.dmsware.it

192.168.0.12 orion

hosts (END)

Thanks everybody for any help



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba-3.0.25rc3 & idmap_ldap (winbind dumps core)

[simo]

On Wed, 2007-05-02 at 19:34 +, [EMAIL PROTECTED] wrote:
> On Tue, May 01, 2007 at 02:49:10AM -0500, Don Meyer wrote:
> [...]
> 
> > Then I traced the secret retrieval process back to passdb/secrets.c, 
> > where I then traced the secrets_store_generic function back out to 
> > the 'net idmap secret' command.   For others reference, to set the 
> > ldap_user_dn password for each defined domain, and for the idmap 
> > alloc config side, you use the following commands:
> > 
> > net idmap secret  
> > net idmap secret alloc 
> > 
> > 
> > (Note:  A little pointer dropped in the man page for idmap_ldap would 
> > have been quite helpful here...)
> 
> There is a note in the man pages that say:
> 
>   NOTE
> 
>   In order to use authentication against ldap servers you may need to
>   provide a DN and a password. To avoid exposing the password in plain
>   text in the configuration file we store it into a security store. The
>   "net idmap " command is used to store a secret for the DN specified in a
>   specific idmap domain. 
> 
> From:
> http://www.samba.org/samba/docs/man/manpages-3/idmap_ldap.8.html
> 
> 
> [..]
> 
> > I'm having trouble tracing this beyond the idmap_init function in 
> > nsswitch/idmap.c.
> > 
> > 
> > If this points to a problem in samba, I hope this helps.   On the 
> > other hand, if this is a problem in my setup, any pointers in the 
> > direction of fixing it would be greatly appreciated.
> 
> A core dump is definitively an issue, I will try to reproduce and fix it
> today on my train trip or at worst tomorrow.

Dan, found the problem, it was our fault.
I fixed it in r22645.
Here
http://websvn.samba.org/cgi-bin/viewcvs.cgi?makepatch=1&rev=22645&view=rev
you can get the patch and apply it to test everything else is ok for
you.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: [EMAIL PROTECTED]
http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba-3.0.25rc3 & idmap_ldap (winbind dumps core)

[idra]

On Tue, May 01, 2007 at 02:49:10AM -0500, Don Meyer wrote:
[...]

> Then I traced the secret retrieval process back to passdb/secrets.c, 
> where I then traced the secrets_store_generic function back out to 
> the 'net idmap secret' command.   For others reference, to set the 
> ldap_user_dn password for each defined domain, and for the idmap 
> alloc config side, you use the following commands:
> 
> net idmap secret  
> net idmap secret alloc 
> 
> 
> (Note:  A little pointer dropped in the man page for idmap_ldap would 
> have been quite helpful here...)

There is a note in the man pages that say:

NOTE

In order to use authentication against ldap servers you may need to
provide a DN and a password. To avoid exposing the password in plain
text in the configuration file we store it into a security store. The
"net idmap " command is used to store a secret for the DN specified in a
specific idmap domain. 

From:
http://www.samba.org/samba/docs/man/manpages-3/idmap_ldap.8.html


[..]

> I'm having trouble tracing this beyond the idmap_init function in 
> nsswitch/idmap.c.
> 
> 
> If this points to a problem in samba, I hope this helps.   On the 
> other hand, if this is a problem in my setup, any pointers in the 
> direction of fixing it would be greatly appreciated.

A core dump is definitively an issue, I will try to reproduce and fix it
today on my train trip or at worst tomorrow.


Simo.

--
Simo Sorce   [EMAIL PROTECTED]
---
Samba Team http://www.samba.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba-3.0.25rc3 & idmap_ldap (winbind dumps core)

[Don Meyer]

In an effort to improve my lot, I'm trying to move to a ldap backend 
for idmap synchronization when I deploy the new 3.0.25 version on my 
systems.   In preparation for this, I've set up some test systems -- 
where I'm having some problems that I think others may be 
encountering  (according to a few comments I've seen recently).


In a nutshell, I believe I have set up my ldap services correctly -- 
largely following the ldap portion of the guide 
at: 
http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_server_using_LDAP


At least according to phpldapadmin, I have a functioning master ldap 
service on one RHEL4 system and a replicating slave service 
established on a second RHEL4 system.  I then install the 
samba-3.0.25rc3-5 packages, and  alter my standard configuration 
according to the samba portion of the guide, taking into account the 
apparent changes needed due to the man pages for smb.conf & 
idmap_ldap.(Relevant configs attached below...)


One step that I'm having a bit of a problem with, and I think it is 
contributing to the remainder of the problem below, is the entry of 
the credentials for the access to the ldap services.   Several guides 
state that the proper method to store the credentials for your ldap 
access dn is to use smbpasswd:


smbpasswd -w {password}

However, this command complains:
ERROR: 'ldap admin dn' not defined! Please check your smb.conf

Only when you put the following line in smb.conf does smbpasswd allow 
you to store the password in secrets.tdb.


At this point, I think that everything is ready.  After firing up the 
upgraded smb & winbind services, I run through my function checklist:


wbinfo -tm OK
wbinfo -D ACESOK
wbinfo -D EXTENSION OK
wbinfo -u   OK

All this is looking good, but I don't see any activity on either ldap 
service.   I don't really expect much, however, until I get to user 
enumeration -- the 'getent passwd' stage.


When I issue my first 'getent passwd {user}' command, winbindd dumps 
core with the following log excerpt from log.winbindd-idmap:


--
[2007/04/30 12:44:04, 1] nsswitch/idmap.c:idmap_init(343)
  Initializing idmap domains
[2007/04/30 12:44:04, 0] nsswitch/idmap_ldap.c:get_credentials(86)
  get_credentials: Unable to fetch auth credentials for 
cn=sambaadmin,dc=aces-web in ACES

[2007/04/30 12:44:04, 1] nsswitch/idmap_ldap.c:idmap_ldap_db_init(805)
  idmap_ldap_db_init: Failed to get connection credentials 
(NT_STATUS_ACCESS_DENIED)

[2007/04/30 12:44:04, 0] nsswitch/idmap.c:idmap_init(438)
  ERROR: Initialization failed for backend ldap (domain ACES), deferred!
[2007/04/30 12:44:04, 0] lib/fault.c:fault_report(41)
  ===
[2007/04/30 12:44:04, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 29969 (3.0.25rc3)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/04/30 12:44:04, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2007/04/30 12:44:04, 0] lib/fault.c:fault_report(45)
  ===
[2007/04/30 12:44:04, 0] lib/util.c:smb_panic(1620)
  PANIC (pid 29969): internal error
[2007/04/30 12:44:04, 0] lib/util.c:log_stack_trace(1724)
  BACKTRACE: 20 stack frames:
   #0 winbindd(log_stack_trace+0x2d) [0x23cc82]
   #1 winbindd(smb_panic+0x56) [0x23cd89]
   #2 winbindd [0x2294e5]
   #3 /lib/tls/libc.so.6 [0x414898]
   #4 winbindd [0x35ca8c]
   #5 winbindd(idmap_init+0xecc) [0x357078]
   #6 winbindd(idmap_sids_to_unixids+0x29) [0x358a78]
   #7 winbindd(idmap_sid_to_uid+0x68) [0x35bda6]
   #8 winbindd(winbindd_dual_sid2uid+0x12b) [0x1dde2b]
   #9 winbindd [0x1dc15d]
   #10 winbindd [0x1dceb9]
   #11 winbindd(winbindd_sid2uid_async+0x7d) [0x1ddcf6]
   #12 winbindd [0x1b1de5]
   #13 winbindd [0x1e0f3f]
   #14 winbindd [0x1dce07]
   #15 winbindd [0x1dc852]
   #16 winbindd [0x1af89c]
   #17 winbindd(main+0x779) [0x1b0d24]
   #18 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x401de3]
   #19 winbindd [0x1af351]
[2007/04/30 12:44:04, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/samba/cores/winbindd
--



What I note in idmap_ldap.c is that the get_credentials function 
appears to be calling idmap_fetch_secret with some combination of the 
DOMAIN and 'ldap_user_dn'.   However, smbpasswd appears to be fixated 
on the presence of the 'ldap admin dn' directive, leading me to 
believe that smbpasswd may be storing under a different key than the 
retrieval function is looking for...   I traced the smbpasswd code 
back to param/loadparm.c, and everything keys to 'ldap_admin_dn', 
with no association with any domain value.


Then I traced the secret retrieval process back to passdb/secrets.c, 
where I then traced the secrets_store_generic function back out to 
the 'net idmap secret' command.   For others reference, to s

[Samba] Problem with Samba and Xp

[Tim]

I had Samba setup up on a debian box with three XP\2000 clients accessing the 
four samba shares but only allowing three users access to a couple of the  
folders. These 3 users had dummy accounts set up on the debian box (they 
never logged onto the debian box). The samba shares live on an external USB 
hard disk connected to the debian box (formatted as fat32).

For non (samba) related reason I have changed my OS to Mepis and now I can't 
seem to recreate the setup I previously had ( I did save my old smb.conf 
(along with 90% of my home folder) but that is now sat in a corrupt archive 
file which I can't access!!

At the moment my XP\2000 boxes can read and copy files from the samba shares 
but can't write to the Samba share which I want.

Below is my smb.conf, it may look a little messy as I have been trying things 
to get it working

Any suggestion please?

Tim

;***section global*
[global]

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
printing = cups
workgroup = home
server string = %h server (Samba %v)
hosts allow = 192.168.1.
socket options = TCP_NODELAY IPTOS_LOWDELAY 
log level = 1
dead time = 15
wins support = yes
hide unreadable = yes
passdb backend = tdbsam guest
dns proxy = no
max log size = 1000
restrict anonymous = no
domain master = no
preferred master = no
max protocol = NT
ldap ssl = No
server signing = Auto
oplocks = no
level2 oplocks = no
case sensitive = no
msdfs proxy = no
read only = no
security = share
;***section mit*
[Shared]
comment = /home/mit/Shared
path = /home/mit/Shared
guest ok = yes
;***section homes*
[homes]
comment = Home Directories
browseable = no
create mask = 0755
;***section printers*
[printers]
comment = All Printers
path = /tmp
browseable = no
printable = yes
guest ok = yes
create mask = 0700

[mp3]
guest ok = yes
path = /mnt/sda1/mp3/

[pictures]
guest ok = yes
path = /mnt/sda1/pictures
valid users = karen

[ZUNK]
path = /mnt/sda1/Zunk/
create mask = 0755
guest ok = yes


Inbox.com is giving away free iPODs, movie tickets and gigabytes! 
Learn more about this contest on http://www.inbox.com/contest
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problem with samba and XP

[Dennis McLeod]

The actual permissions on the folders. Not the share permissions (controlled
by Samba), but the folder permissions. 

Like this (From Samba By Example):

Under the directory called /data, create two directories named ftmfiles and
officefiles, and set ownership and permissions: 

root#  mkdir -p /data/{ftmfiles,officefiles/{letters,invitations,misc}}
root#  chown -R abmas:office /data
root#  chmod -R ug+rwxs,o-w,o+rx /data

Of course change your folder and user names as required.




http://samba.org/samba/docs/man/Samba-Guide/simple.html#id286980






-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Tim
Sent: Friday, April 06, 2007 9:00 AM
To: samba@lists.samba.org
Subject: [Samba] Problem with samba and XP


I had Samba setup up on a debian box with three XP\2000 clients accessing
the four samba shares but only allowing three users access to a couple of
the folders. These 3 users had dummy accounts set up on the debian box (they
never logged onto the debian box). The samba shares live on an external USB
hard disk connected to the debian box (formatted as fat32).

For non (samba) related reason I have changed my OS to Mepis and now I can't
seem to recreate the setup I previously had ( I did save my old smb.conf
(along with 90% of my home folder) but that is now sat in a corrupt archive
file which I can't access!!

At the moment my XP\2000 boxes can read and copy files from the samba shares
but can't write to the Samba share which I want.

Below is my smb.conf, it may look a little messy as I have been trying
things to get it working

Any suggestion please?

Tim

;***section global* [global]

# Do something sensible when Samba crashes: mail the admin a backtrace panic
action = /usr/share/samba/panic-action %d printing = cups workgroup = home
server string = %h server (Samba %v) hosts allow = 192.168.1.
socket options = TCP_NODELAY IPTOS_LOWDELAY log level = 1 dead time = 15
wins support = yes hide unreadable = yes passdb backend = tdbsam guest dns
proxy = no max log size = 1000 restrict anonymous = no domain master = no
preferred master = no max protocol = NT ldap ssl = No server signing = Auto
oplocks = no
level2 oplocks = no
case sensitive = no
msdfs proxy = no
read only = no
security = share
;***section mit* [Shared] comment =
/home/mit/Shared path = /home/mit/Shared guest ok = yes
;***section homes* [homes] comment = Home
Directories browseable = no create mask = 0755 ;***section
printers* [printers] comment = All Printers path = /tmp
browseable = no printable = yes guest ok = yes create mask = 0700

[mp3]
guest ok = yes
path = /mnt/sda1/mp3/

[pictures]
guest ok = yes
path = /mnt/sda1/pictures
valid users = karen

[ZUNK]
path = /mnt/sda1/Zunk/
create mask = 0755
guest ok = yes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba and XP

[Gary Dale]

You haven't really provided enough information. It looks like you are 
using Samba to share files but not to control a domain. I gather this is 
a home setup and you may be using either XP/Home or have a separate 
Windows PDC. Either way, I'd suggest you install and use SWAT if you 
aren't already. It has a wizard to set up the  Samba server appropriately.


If you aren't using a Domain, make sure that each person is in the 
appropriate Unix group to access each share. Set the share permissions 
and valid users appropriately. Right now, karen is the only one with 
access to pictures, which may not be what you want. For guest ok to 
work, you also need to make sure that the shares are world accessible.


If you are using a Domain, then use your Windows domain admin account to 
create the appropriate groups and set the share permissions. Have the 
Unix permissions set to give Samba full access to the shares.


You may also want to consider using a better file system for the shared 
folders. Fat32 is very limited. It can't use proper Unix permissions, 
doesn't allow large files, doesn't support journalling and doesn't 
support advanced features.



Tim wrote:
I had Samba setup up on a debian box with three XP\2000 clients accessing the 
four samba shares but only allowing three users access to a couple of the  
folders. These 3 users had dummy accounts set up on the debian box (they 
never logged onto the debian box). The samba shares live on an external USB 
hard disk connected to the debian box (formatted as fat32).


For non (samba) related reason I have changed my OS to Mepis and now I can't 
seem to recreate the setup I previously had ( I did save my old smb.conf 
(along with 90% of my home folder) but that is now sat in a corrupt archive 
file which I can't access!!


At the moment my XP\2000 boxes can read and copy files from the samba shares 
but can't write to the Samba share which I want.


Below is my smb.conf, it may look a little messy as I have been trying things 
to get it working


Any suggestion please?

Tim

;***section global*
[global]

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
printing = cups
workgroup = home
server string = %h server (Samba %v)
hosts allow = 192.168.1.
socket options = TCP_NODELAY IPTOS_LOWDELAY 
log level = 1

dead time = 15
wins support = yes
hide unreadable = yes
passdb backend = tdbsam guest
dns proxy = no
max log size = 1000
restrict anonymous = no
domain master = no
preferred master = no
max protocol = NT
ldap ssl = No
server signing = Auto
oplocks = no
level2 oplocks = no
case sensitive = no
msdfs proxy = no
read only = no
security = share
;***section mit*
[Shared]
comment = /home/mit/Shared
path = /home/mit/Shared
guest ok = yes
;***section homes*
[homes]
comment = Home Directories
browseable = no
create mask = 0755
;***section printers*
[printers]
comment = All Printers
path = /tmp
browseable = no
printable = yes
guest ok = yes
create mask = 0700

[mp3]
guest ok = yes
path = /mnt/sda1/mp3/

[pictures]
guest ok = yes
path = /mnt/sda1/pictures
valid users = karen

[ZUNK]
path = /mnt/sda1/Zunk/
create mask = 0755
guest ok = yes
  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with samba and XP

[Tim]

I had Samba setup up on a debian box with three XP\2000 clients accessing the 
four samba shares but only allowing three users access to a couple of the  
folders. These 3 users had dummy accounts set up on the debian box (they 
never logged onto the debian box). The samba shares live on an external USB 
hard disk connected to the debian box (formatted as fat32).

For non (samba) related reason I have changed my OS to Mepis and now I can't 
seem to recreate the setup I previously had ( I did save my old smb.conf 
(along with 90% of my home folder) but that is now sat in a corrupt archive 
file which I can't access!!

At the moment my XP\2000 boxes can read and copy files from the samba shares 
but can't write to the Samba share which I want.

Below is my smb.conf, it may look a little messy as I have been trying things 
to get it working

Any suggestion please?

Tim

;***section global*
[global]

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
printing = cups
workgroup = home
server string = %h server (Samba %v)
hosts allow = 192.168.1.
socket options = TCP_NODELAY IPTOS_LOWDELAY 
log level = 1
dead time = 15
wins support = yes
hide unreadable = yes
passdb backend = tdbsam guest
dns proxy = no
max log size = 1000
restrict anonymous = no
domain master = no
preferred master = no
max protocol = NT
ldap ssl = No
server signing = Auto
oplocks = no
level2 oplocks = no
case sensitive = no
msdfs proxy = no
read only = no
security = share
;***section mit*
[Shared]
comment = /home/mit/Shared
path = /home/mit/Shared
guest ok = yes
;***section homes*
[homes]
comment = Home Directories
browseable = no
create mask = 0755
;***section printers*
[printers]
comment = All Printers
path = /tmp
browseable = no
printable = yes
guest ok = yes
create mask = 0700

[mp3]
guest ok = yes
path = /mnt/sda1/mp3/

[pictures]
guest ok = yes
path = /mnt/sda1/pictures
valid users = karen

[ZUNK]
path = /mnt/sda1/Zunk/
create mask = 0755
guest ok = yes
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba and McAfee?

[Tom Gederberg]

I am having trouble with my Windows XP machine and my Linux machine
(Fedora Core 6) communicating with Samba.  My XP machine is running
McAfee Security Center and I think that is what is causing the problem.

Does anyone know of any conflicts?

Regards,
Tom

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem with Samba, nsswitch.conf - wins

[Antonín Večeřa]

Hello all,

can you help me please - I have FreeBSD 6.2 + Samba installed. I try to
setup it so that I needn't to maintain /etc/hosts file and my FreeBSD
station will know all my local computers with MS-Windows by hostname.

I guess, I should add "wins" option to my /etc/nsswitch.conf file but it
doesn't work for me. :-(

My config files look like this:

/etc/nsswitch.conf:
hosts: files wins

/etc/rc.conf:
 nmbd_enable="YES"

/usr/local/etc/smb.conf:
[global]
workgroup = HOME
log file = /var/log/samba/log.%m
max log size = 50

But it is not working, when I try on pc1bsd "ping pc2win", the pc2win is
unknown and on console is:

pc1bsd ping: NSSWITCH(nss_load_module): wins, Undefined symbol
"nss_module_register"

The library /usr/local/lib/nss_wins.so.1 really doesn't contain any text
"nss_module_register".
To the contrary from Windows station it works, when I "ping pc1bsd", I have
immediate reply.
It just shows, that nmbd works OK.

What is wrong? Or is it a bug?

Antonin V.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba Authentication

[Charles Marcus]

On 2/22/2007 Adam Tauno Williams ([EMAIL PROTECTED]) wrote:
Windows is not UNIX; it works the way Windows works, not the way you 
want it to work. If you want to authenticate Windows user's against 
an LDAP DSA you must setup Samba as a PDC and join the machines to

the domain.


Or use the pGINA...

www.pgina.org/?page_id=3

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba Authentication

[Adam Tauno Williams]

> Hi, i have installed a PDC authenticated with LDAP in a network with Linux 
> and 
> Win XP hosts. My intention is to authenticate (throught TLS) every user or at 
> least the machines wich are trying to get access to the resources. LDAP and 
> Samba are in the same machine so the communication is by the 389 port. 
> Besides, LDAP communication with the network is by ldap ssl. 
> I have tried a lot of configurations, but i have not found the right one. I 
> want that every Win host sends a TLS certificate to Samba in order to the 
> server to authenticate them, and if it fails, the user could not log into the 
> machine.
> I have to say that with Linux hosts it is working the way i want. So the TLS 
> configuration in LDAP is right.

Windows is not UNIX;  it works the way Windows works, not the way you
want it to work.  If you want to authenticate Windows user's against an
LDAP DSA you must setup Samba as a PDC and join the machines to the
domain.

> Anyone knows if i can get this? 

No.

> or even better, Can anyone tell me wich would 
> be the basic configuration options to get it?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba Authentication

[Francisco Javier López de San Pedro]

Hi, i have installed a PDC authenticated with LDAP in a network with Linux and 
Win XP hosts. My intention is to authenticate (throught TLS) every user or at 
least the machines wich are trying to get access to the resources. LDAP and 
Samba are in the same machine so the communication is by the 389 port. 
Besides, LDAP communication with the network is by ldap ssl. 

I have tried a lot of configurations, but i have not found the right one. I 
want that every Win host sends a TLS certificate to Samba in order to the 
server to authenticate them, and if it fails, the user could not log into the 
machine.

I have to say that with Linux hosts it is working the way i want. So the TLS 
configuration in LDAP is right.


Anyone knows if i can get this? or even better, Can anyone tell me wich would 
be the basic configuration options to get it?

Greetings and apologizes for my English
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] PROBLEM WITH SAMBA AS PDC + LDAP joining MS MACHINES

[Pablo Bullian]

hi, i have a problem whe i try to join windows XP or 2000 to my new
samba+ldap PDC, i get the error USER COULD NOT BE FOUND,, or something
like that (I have it in spanish), but whit the phpmyldapadmin i see
that the machine appear, i'm joining in the machines with the user
root, that i add with smbldap-populate -a root, and then with
smbldap-usermod -u 0 root (i think that make the uid 0).

I give u my configs

-
smb.conf

# Global parameters
[global]
   workgroup = SIS
   netbios name = pdc-linux
   #interfaces = 192.168.5.11
   #username map = /etc/samba/smbusers
   enable privileges = yes
   server string = Samba Server %v
   security = user
   encrypt passwords = Yes
   min passwd length = 3
   obey pam restrictions = No
   ldap passwd sync = Yes
   #unix password sync = Yes
   passwd program = /usr/sbin/smbldap-passwd -u %u
   passwd chat = "Changing password for*\nNew password*" %n\n
"*Retype new password*" %n\n"
   ldap passwd sync = Yes
   log level = 0
   syslog = 0
   log file = /var/log/samba/log.%m
   max log size = 10
   time server = Yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   mangling method = hash2
   Dos charset = 850
   Unix charset = ISO8859-1

   obey pam restrictions = no

   logon script = logon.bat
   logon drive = H:
   logon home =
   logon path =

   domain logons = Yes
   os level = 65
   preferred master = Yes
   domain master = Yes
   wins support = Yes
   passdb backend = ldapsam:ldap://127.0.0.1/
   # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com";
   # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
   ldap admin dn = cn=Admin,dc=PDC,dc=COM
   ldap suffix = dc=PDC,dc=COM
   ldap group suffix = ou=Groups
   ldap user suffix = ou=Users
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=Users
  # ldap ssl = start tls
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   ldap delete dn = Yes
   #delete user script = /usr/sbin/smbldap-userdel "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   #delete group script = /usr/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

   # printers configuration
   printer admin = @"Print Operators"
   load printers = Yes
   create mask = 0640
   directory mask = 0750
   nt acl support = No
   printing = cups
   printcap name = cups
   deadtime = 10
   guest account = nobody
   map to guest = Bad User
   dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
   show add printer wizard = yes
   ; to maintain capital letters in shortcuts in any of the
profile folders:
   preserve case = yes
   short preserve case = yes
   case sensitive = no

[homes]
   comment = repertoire de %U, %u
   read only = No
   create mask = 0644
   directory mask = 0775
   browseable = No

[netlogon]
   path = /home/netlogon/
   browseable = No
   read only = yes

[profiles]
   path = /home/profiles
   read only = no
   create mask = 0600
   directory mask = 0700
   browseable = No
   guest ok = Yes
   profile acls = yes
   csc policy = disable
   # next line is a great way to secure the profiles
   force user = %U
   # next line allows administrator to access all profiles
   valid users = %U "Domain Admins"

[printers]
   comment = Network Printers
   printer admin = @"Print Operators"
   guest ok = yes
   printable = yes
   path = /home/spool/
   browseable = No
   read only  = Yes
   printable = Yes
   print command = /usr/bin/lpr -P%p -r %s
   lpq command = /usr/bin/lpq -P%p
   lprm command = /usr/bin/lprm -P%p %j

[print$]
   path = /home/printers
   guest ok = No
   browseable = Yes
   read only = Yes
   valid users = @"Print Operators"
   write list = @"Print Operators"
   create mask = 0664
   directory mask = 0775

[public]
   comment = Repertoire public
   path = /home/public
   browseable = Yes
   guest ok = Yes
   read only = No
   directory mask = 0775
   create mask = 0664

-

nsswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:  

Re: [Samba] Problem with Samba 3.0.23c-d

[Nerijus Baliunas]

On Mon, 27 Nov 2006 18:58:30 -0800 Jeremy Allison <[EMAIL PROTECTED]> wrote:

> > I think it's the same bug - 
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208253
> > Does anyone know if it is fixed in 3.0.23d? Or did OP test 3.0.23d (as
> > there is no -d packages in Fedora)?
> 
> This is a bug in the Fedora NISplus nss module - I think
> it needs to be fixed there.

Thanks, I updated the bug report. BTW, workaround is to use 'write list = 
+users'
instead of 'write list = @users' in smb.conf.

Regards,
Nerijus
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba 3.0.23c-d

[Jeremy Allison]

On Tue, Nov 28, 2006 at 03:37:34AM +0200, Nerijus Baliunas wrote:
> On Mon, 27 Nov 2006 17:13:29 +0200 (EET) [EMAIL PROTECTED] wrote:
> 
> > I used smbpasswd authentication and the samba version was the default
> > version of fedora core 5 (3.0.21b-2). After the upgrade i couldn't login
> > anymore.
> 
> I think it's the same bug - 
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208253
> Does anyone know if it is fixed in 3.0.23d? Or did OP test 3.0.23d (as
> there is no -d packages in Fedora)?

This is a bug in the Fedora NISplus nss module - I think
it needs to be fixed there.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba 3.0.23c-d

[Nerijus Baliunas]

On Mon, 27 Nov 2006 17:13:29 +0200 (EET) [EMAIL PROTECTED] wrote:

> I used smbpasswd authentication and the samba version was the default
> version of fedora core 5 (3.0.21b-2). After the upgrade i couldn't login
> anymore.

I think it's the same bug - 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208253
Does anyone know if it is fixed in 3.0.23d? Or did OP test 3.0.23d (as
there is no -d packages in Fedora)?

Regards,
Nerijus
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba 3.0.23c-d

[daniel]

Hello list !

Today i ran yum update on my corporate server thta runs fedoara core 5.
All went well but i stumbled on the samba update...

My network setup is as follows..

I have a small office network, no domain controller and such.

The setup uses user authentication, and all shares are devided into
departments, each defined group is a department, the groups cannot
access/browse eachothers shares and i map all shares to the root account
so i don't have to mess with permissions relying all authentication to
samba (i know it's not wise).

I used smbpasswd authentication and the samba version was the default
version of fedora core 5 (3.0.21b-2). After the upgrade i couldn't login
anymore.

The guest account worked like normal after the upgrade but all the other
accounts which required authentication didn't.

After some log digging i discovered that the current version of samba uses
an updated authentication mechanism something about SID's and RID's.

I poke around a little (deleting all the users and starting from scratch
with pdbedit but to no avail). The logs echo an internal error and then it
core dumpes. I searched a local mirror and downloaded the original fc5
samba packages which, for the moment, work like before the update.

If this of some help here's a part of the log file.

[2006/11/27 15:52:30, 0] lib/fault.c:fault_report(41)
  ===
[2006/11/27 15:52:30, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 18492 (3.0.23d)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/11/27 15:52:30, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/11/27 15:52:30, 0] lib/fault.c:fault_report(45)
  ===
[2006/11/27 15:52:30, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 18492): internal error
[2006/11/27 15:52:30, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 19 stack frames:
   #0 smbd(log_stack_trace+0x2d) [0xe0d09d]
   #1 smbd(smb_panic+0x5d) [0xe0d1cd]
   #2 smbd [0xdf890a]
   #3 [0xb21420]
   #4 /lib/libc.so.6(__strdup+0x1f) [0x882893]
   #5 /lib/libnsl.so.1(nis_list+0x5d2) [0x611b5f]
   #6 /lib/libnss_nisplus.so.2(_nss_nisplus_setnetgrent+0x8f) [0x31b62e]
   #7 /lib/libc.so.6(innetgr+0xb2) [0x8fdd05]
   #8 smbd(user_in_netgroup+0x65) [0xc43315]
   #9 smbd(token_contains_name_in_list+0x23d) [0xc45d1d]
   #10 smbd(user_ok_token+0x4f) [0xc4610f]
   #11 smbd [0xca3a7f]
   #12 smbd(make_connection+0x194) [0xca51f4]
   #13 smbd(reply_tcon_and_X+0x21d) [0xc68abd]
   #14 smbd [0xca02d0]
   #15 smbd(smbd_process+0x7ab) [0xca140b]
   #16 smbd(main+0xbd0) [0xebbb80]
   #17 /lib/libc.so.6(__libc_start_main+0xdc) [0x82e4e4]
   #18 smbd [0xc2b8a1]
[2006/11/27 15:52:30, 0] lib/fault.c:dump_core(173)
  dumping core in /var/log/samba/cores/smbd


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba PDC LDAP backend and groups

[Volker Lendecke]

On Thu, Oct 12, 2006 at 01:04:51PM -0700, Alex Long wrote:
> I join the domain from a FreeBSD box, and then run a net rpc groups, it
> is able to pull group information, and display.
> 
> I then switch to the new binaries.  Restart slapd and smbd.  I run a net
> rpc group and no information is returned.  Again net rpc user works as
> expected.  I also make sure to flush the system and add users so that it
> is not just retrieving cached information.

Do you have group mappings for all the groups?

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba PDC LDAP backend and groups

[Alex Long]

I have configured a SambaPDC with a OpenLDAP backend.

I recently upgraded Samba from 3.0.10-1.4E.9, to 3.0.23c and have run
into a problem with groups.  Specifically, the machines I have joined to
the domain, are not able to retrieve group information.

Please note that "net rpc user" works as expected on both smbd
versions.0

Version Information:
OpenLDAP 2.3.27 
Samba version   3.0.10-1.4E.9
OS: CentOS release 4.4

I join the domain from a FreeBSD box, and then run a net rpc groups, it
is able to pull group information, and display.

I then switch to the new binaries.  Restart slapd and smbd.  I run a net
rpc group and no information is returned.  Again net rpc user works as
expected.  I also make sure to flush the system and add users so that it
is not just retrieving cached information.

Please also note this is a test Samba PDC, and is meant to be a proof of
concept / testing machine.

Thanks

Alex

Below is my smb.conf file:
[global]
   workgroup = ESCPDC
   netbios name = ESC-17
   server string = SambaPDC
   printcap name = /etc/printcap
   load printers = yes
 log level = 10
 log file = /var/log/samba/%m.log
   max log size = 50
   security = user
   #include = /etc/samba/smb.conf.%m
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = yes
   os level = 65
   domain master = yes
   preferred master = yes
   domain logons = yes
   logon script = %U.bat
   logon path = \\%L\profiles\%U
   logon drive = Z:
   #hlogon path =
   name resolve order = wins lmhosts host bcast
   wins support = yes
   dns proxy = no
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=escldap,dc=com
ldap suffix = dc=escldap,dc=com
ldap admin dn  = cn=root,dc=escldap,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=People
ldap passwd sync = yes
admin users = root Administrator
null passwords = yes
add user script = /usr/local/sbin/smbldap-useradd.pl -m "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
idmap uid = 10-20
idmap gid = 10-20
template shell = /bin/false
winbind use default domain = no
time server = yes
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with samba and mounted devices.

[lllll]

i have the folllowing configuration

[global]
.
.
.
.

[pubstro]
comment = pubstro
path = /mnt
create mask = 0777
force create mode = 0777
directory mask = 0777


in /mnt directory i have mounted disks

bash# ls -al /mnt
total 24
drwxr-xr-x  4 root root 4096 Oct 11 23:56 .
drwxr-xr-x 24 root root 4096 Oct 11 15:26 ..
drwxrwxrwx  6 root root 4096 Oct 11 23:58 200GB
drwxrwxrwx  8 root root 4096 Oct 12 09:19 250GB

when i try to connect from a windows pc to pubstro
i can't see the contents of /mnt. (directories 200GB 250GB).

how i can export mounted directories via samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba 3.0.10 as PDC & WinXP clients

[PaLo]

Hi, I’m using Samba 3.0.10 as PDC & LDAP as users data base. Clients are 
Windows XP and I’m having problems with network drive disconections. I 
map a network drive, and some time later, it appears as disconnect. When 
I click to acces, the network drive has no problem about connecting 
again, but I don’t understand why the disconection occurs. In the log 
file appears this:


smbd/service.c:close_cnum(841)
clientxp1 (xxx.xxx.xxx.xxx) closed connection to service 

I would like to know if any of you know something about this, or have 
had this kind of problems…

Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with samba 3.0.23c and windows NT4 workstation

[stephane . purnelle]

It's a test for trying to find problem.

This special section have was created only for testing.
However, the printer is loading with standard printer section.

Now, I started on samba server a ethereal and when I trie to print a page, 
I have no communication.
Do you have a idea for that ?
You can notice that the message call_nt_transact_ioctl(0x90028) is only on 
the connection or reconnection, not each time.

I attached a log level 10 of this client  and the share promatic is 
created from printer section.



---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

"Gerald (Jerry) Carter" <[EMAIL PROTECTED]> a écrit sur 06/09/2006 16:18:26 
:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> [EMAIL PROTECTED] wrote:
> > It's a old NT4 SP4
> > 
> > Yesterday this machine hang one time and after no 
> > print occur on this  machines.
> > I'm not sure that is a samba problem  but my chief 
> > think that is a problem  because I upgraded samba
> > from 3.0.21b to 3.0.23c.
> > 
> > Now, I tried with a special section for a printer like : 
> ...
> > [promatic]
> > comment = Imprimante etiquette salle OTC1
> > path = /var/spool/samba
> > read only = No
> > printable = Yes
> > printer name = promatic
> > use client driver = yes
> > 
> > And is always not work !
> 
> So you believe the 'use client driver' setting is to blame?
> Do you absolutely need that option?
> 
> 
> 
> 
> 
> cheers, jerry
> =
> Samba--- http://www.samba.org
> Centeris ---  http://www.centeris.com
> "What man is a man who does not make the world better?"  --Balian
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.4 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFE/tiyIR7qMdg1EfYRAuehAJ91/O3EROiSMs9gKJjxO7dGK8yFcwCdFhQo
> AHgjAnxPJPL6XBcynoMaEGM=
> =qeFg
> -END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with samba 3.0.23c and windows NT4 workstation

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:
> It's a old NT4 SP4
> 
> Yesterday this machine hang one time and after no 
> print occur on this  machines.
> I'm not sure that is a samba problem  but my chief 
> think that is a problem  because I upgraded samba
> from 3.0.21b to 3.0.23c.
> 
> Now, I tried with a special section for a printer like : 
...
> [promatic]
> comment = Imprimante etiquette salle OTC1
> path = /var/spool/samba
> read only = No
> printable = Yes
> printer name = promatic
> use client driver = yes
> 
> And is always not work !

So you believe the 'use client driver' setting is to blame?
Do you absolutely need that option?





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE/tiyIR7qMdg1EfYRAuehAJ91/O3EROiSMs9gKJjxO7dGK8yFcwCdFhQo
AHgjAnxPJPL6XBcynoMaEGM=
=qeFg
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with samba 3.0.23c and windows NT4 workstation

[stephane . purnelle]

It's a old NT4 SP4

Yesterday this machine hang one time and after no print occur on this 
machines.
I'm not sure that is a samba problem  but my chief think that is a problem 
because I upgraded samba from 3.0.21b to 3.0.23c.

Now, I tried with a special section for a printer like : 


[printers]
comment = Imprimantes
path = /tmp
guest ok = Yes
printable = Yes
browseable = No
printable = Yes
public = Yes
use client driver = No


[promatic]
comment = Imprimante etiquette salle OTC1
path = /var/spool/samba
read only = No
printable = Yes
printer name = promatic
use client driver = yes

And is always not work !


---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

"Gerald (Jerry) Carter" <[EMAIL PROTECTED]> a écrit sur 06/09/2006 15:50:24 
:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> [EMAIL PROTECTED] wrote:
> > Hi,
> > 
> > I upgraded my samba 3.0.21b to 3.0.23c, after that 
> > printing from this NT 4  workstation don't work !
> > 
> > I have : 
> >call_nt_transact_ioctl(0x90028): Currently not implemented.
> > 
> > And on the workstation : 
> >write error on \\admin01\promatic for that document : 
> >name file syntax, directory or volume is incorrect
> > 
> >Would you want to retry or cancer job ?
> > 
> > anyone can help me ?
> 
> Are you vending drivers from Samba ?  Is spoolss enabled ?
> I just tested printing locally from NT4.  Driver download
> worked fine and I send a test job through without any hitches.
> 
> 
> 
> 
> 
> cheers, jerry
> =
> Samba--- http://www.samba.org
> Centeris ---  http://www.centeris.com
> "What man is a man who does not make the world better?"  --Balian
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.4 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFE/tIgIR7qMdg1EfYRAtlKAJ0QV5W/t1RF0a9jPQhBz6Mt91b1AQCfSyJk
> shxa7LH69WODJSHPq3+tleI=
> =38JI
> -END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with samba 3.0.23c and windows NT4 workstation

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:
> Hi,
> 
> I upgraded my samba 3.0.21b to 3.0.23c, after that 
> printing from this NT 4  workstation don't work !
> 
> I have : 
>call_nt_transact_ioctl(0x90028): Currently not implemented.
> 
> And on the workstation : 
>write error on \\admin01\promatic for that document : 
>name file syntax, directory or volume is incorrect
> 
>Would you want to retry or cancer job ?
> 
> anyone can help me ?

Are you vending drivers from Samba ?  Is spoolss enabled ?
I just tested printing locally from NT4.  Driver download
worked fine and I send a test job through without any hitches.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE/tIgIR7qMdg1EfYRAtlKAJ0QV5W/t1RF0a9jPQhBz6Mt91b1AQCfSyJk
shxa7LH69WODJSHPq3+tleI=
=38JI
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] problem with samba 3.0.23c and windows NT4 workstation

[stephane . purnelle]

Hi,

I upgraded my samba 3.0.21b to 3.0.23c, after that printing from this NT 4 
workstation don't work !

I have : 
[2006/09/06 09:01:44, 0] 
smbd/nttrans.c:call_nt_transact_ioctl(2332)
call_nt_transact_ioctl(0x90028): Currently not 
implemented.

And on the workstation : 
write error on \\admin01\promatic for that document : name file 
syntax, direcrory or volume is incorrect

Would you want to retry or cancer job ?

anyone can help me ?

thanks


Stéphane Purnelle
 




---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba and Groups

[Manuel Erber]

Volker Lendecke wrote:

On Fri, Jun 16, 2006 at 10:10:12AM +0200, Manuel Erber wrote:
  

I have a problem with samba Version 3.0.22.
Samba auth against LDAP. It takes up to 5 houres , till samba change the 
groupmembership.

In the groups are up to 600 members.
Is that a problem?
Cache samba the groupmembership?



What do you exactly do? Do you see the old values in usrmgr,
during login, with "id"? Do your users re-connect after you
changed the membership? Re-connecting is a very important
step, even on Windows.

Volker
  


In the usrmgr I see the old memberships but I fixed the Problem. When I 
enable indexing in LDAP, the problem is fixed.


Thanks

--
Manuel Erber
Fachinformatiker/Systemintegration
Hospital of Johannes Gutenberg-University
D6 / Dezernat für Informationstechnologie
Obere Zahlbacher Str. 69, 55101 Mainz, Germany
Phone: (0049) (0)6131 17-487195
Fax:   (0049) (0)6131 17-5606

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with Samba and Groups

[Volker Lendecke]

On Fri, Jun 16, 2006 at 10:10:12AM +0200, Manuel Erber wrote:
> I have a problem with samba Version 3.0.22.
> Samba auth against LDAP. It takes up to 5 houres , till samba change the 
> groupmembership.
> In the groups are up to 600 members.
> Is that a problem?
> Cache samba the groupmembership?

What do you exactly do? Do you see the old values in usrmgr,
during login, with "id"? Do your users re-connect after you
changed the membership? Re-connecting is a very important
step, even on Windows.

Volker


pgpC1z1Ur5lHI.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Samba and Groups

[Manuel Erber]

I have a problem with samba Version 3.0.22.
Samba auth against LDAP. It takes up to 5 houres , till samba change the 
groupmembership.

In the groups are up to 600 members.
Is that a problem?
Cache samba the groupmembership?


Thanks

--
Manuel Erber
Fachinformatiker/Systemintegration
Hospital of Johannes Gutenberg-University
D6 / Dezernat für Informationstechnologie
Obere Zahlbacher Str. 69, 55101 Mainz, Germany
Phone: (0049) (0)6131 17-487195
Fax:   (0049) (0)6131 17-5606

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba