[Samba] smbpasswd -d nobody, listing still possible?
hi, i wondered why i can still list my shares with smbclient -NL localip, security = SHARE i just disable the user nobody? the log: [2005/11/27 12:05:48, 2] lib/interface.c:add_interface(81) added interface ip=192.168.10.66 bcast=192.168.10.255 nmask=255.255.255.0 [2005/11/27 12:05:48, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/27 12:05:48, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/27 12:05:48, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/27 12:05:48, 3] smbd/server.c:main(839) loaded services [2005/11/27 12:05:48, 3] smbd/server.c:main(854) Becoming a daemon. [2005/11/27 12:05:48, 2] lib/tallocmsg.c:register_msg_pool_usage(56) Registered MSG_REQ_POOL_USAGE [2005/11/27 12:05:48, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2005/11/27 12:05:48, 3] printing/printing.c:start_background_queue(1321) start_background_queue: Starting background LPQ thread [2005/11/27 12:05:48, 2] smbd/server.c:open_sockets_smbd(334) waiting for a connection [2005/11/27 12:05:54, 3] smbd/oplock.c:init_oplocks(1380) open_oplock_ipc: opening loopback UDP socket. [2005/11/27 12:05:54, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(309) Linux kernel oplocks enabled [2005/11/27 12:05:54, 3] smbd/oplock.c:init_oplocks(1411) open_oplock ipc: pid = 5986, global_oplock_port = 32771 [2005/11/27 12:05:54, 3] smbd/process.c:process_smb(1114) Transaction 0 of length 183 [2005/11/27 12:05:54, 3] smbd/process.c:switch_message(900) switch message SMBnegprot (pid 5986) conn 0x0 [2005/11/27 12:05:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [MICROSOFT NETWORKS 1.03] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [MICROSOFT NETWORKS 3.0] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [LANMAN1.0] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [LM1.2X002] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [DOS LANMAN2.1] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [Samba] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_nt1(331) not using SPNEGO [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(559) Selected protocol NT LANMAN 1.0 [2005/11/27 12:05:54, 3] smbd/process.c:process_smb(1114) Transaction 1 of length 142 [2005/11/27 12:05:54, 3] smbd/process.c:switch_message(900) switch message SMBsesssetupX (pid 5986) conn 0x0 [2005/11/27 12:05:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/27 12:05:54, 3] smbd/sesssetup.c:reply_sesssetup_and_X(751) wct=13 flg2=0xc801 [2005/11/27 12:05:54, 3] smbd/sesssetup.c:reply_sesssetup_and_X(897) Domain=[MIDEARTH] NativeOS=[Unix] NativeLanMan=[Samba 3.0.20b] PrimaryDomain=[null] [2005/11/27 12:05:54, 3] smbd/sesssetup.c:reply_sesssetup_and_X(912) sesssetupX:[EMAIL PROTECTED] [2005/11/27 12:05:54, 3] smbd/sesssetup.c:check_guest_password(115) Got anonymous request [2005/11/27 12:05:54, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/11/27 12:05:54,
RE: [Samba] smbpasswd -d nobody, listing still possible?
Julius, Set 'security = user'. Kind regards, Jeroen van Meeuwen -- kanarip -Original Message- Subject: [Samba] smbpasswd -d nobody, listing still possible? hi, i wondered why i can still list my shares with smbclient -NL localip, security = SHARE i just disable the user nobody? my conf: [global] workgroup = MIDEARTH netbios name = GANDALF security = SHARE message command = sh -c '/usr/kde/3.4/bin/winpopup-send.sh %s %m' bind interfaces only = yes interfaces = eth0 lo passdb backend = tdbsam guest account = nobody #logging log file = /tmp/samba.log log level = 3 [data] comment = Data path = /home/metalfan/Windows guest only = Yes writeable = Yes and the smbclient -NL localip output: Domain=[MIDEARTH] OS=[Unix] Server=[Samba 3.0.20b] Sharename Type Comment - --- dataDisk Data data2 Disk IPC$IPC IPC Service (Samba 3.0.20b) ADMIN$ IPC IPC Service (Samba 3.0.20b) Domain=[MIDEARTH] OS=[Unix] Server=[Samba 3.0.20b] Server Comment ---- GANDALF Samba 3.0.20b WorkgroupMaster ---- MIDEARTH shouldnt i just get some error like..no user.. ? greets Julius -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -a UID/privs checking needed
FreeBSD 6.0 + Samba 3.0.20b running smbpasswd -a login under non-root privileges dumps core instead of polite warning not root ... cannot add users. Samba should IMHO behave better at this point ... Hugo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -r .. doesn t work
Hey there I got a little problem with the remote changing of smb-passwords. The problem: I created a smbpasswd file with mksmbpasswd and so all the passwords are blank now. Because only root can log on to the server eyerybody has to change his/her password remote. Trying this gets me this error Retype new SMB password: machine 192.168.41.8 rejected the (anonymous) password change: Error was : Wrong Password. Failed to change password for *** everybody trying to give me the Don´t use the wrong password answer, believe me, it is the right password, I changed it locally on the server. I don´t know what to change next, so please help me. The samba client is running on a SuSe Linux 8.1. samba-client-2.2.5-178 samba-2.2.5-178 thx for the help kispel -- ohne Titel oder schlauen Spruch Raum 2005 Tel: 7379i -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd
All; I have, what should be a simple install, that is stuck. I need to set this up, very simply to authenticate the windows user coming in, and present the shares, NOT requiring a password. I've tried everything I can think of, but it always prompts for a password. If I put the user in smbpasswd, they can log on, but it requires an initial passwrd (only the first time, then never again). But... I've built servers in the past that did not require the users to be in smbpasswd, a valid, matching, unix password was sufficient. If I put security = DOMAIN in smb.conf, it will ALWAYS prompt for a passwrd. If I put: security = USER it prompts once, but the user has to exist as a unix account, AND in smbpaswd. How do I get around this? I've done it on other servers, in other places, with no problem. But this one is hanging me up. I could use a pointer. Thanks! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMBPASSWD failing for normal users - smb 3.0.14a
Hello - Im having a problem w/ my users being able to change their SMB password. What is the best approach to allow users acces to smbpasswd to change their own passwords when they want? Right now Im getting the following error: machine 127.0.0.1 rejected the (anonymous) password change: Error was : Wrong Password. Failed to change password for donald Here is my global from the smb.conf [global] netbios name = WOOT socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 server string = SMB v3.0.14a local master = yes preferred master = yes domain logons = no domain master = no workgroup = Puddin interfaces = 146.61.201.2 bind interfaces only = no log file = /var/log/samba-log.%m log level = 2 max log size = 50 lock directory = /var/lock/samba printcap name = /etc/printcap wins support = no wins server = 136.61.203.14 os level = 62 remote announce = 136.61.203.255 deadtime = 15 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd and LDAP backend
On 09/09/05, Mark Proehl [EMAIL PROTECTED] wrote: Hello, you have to set unix password sync = No ldap passwd sync = Yes What about just: passdb backend = ldapsam:ldap://ldap.blah.org and use an LDAP-server that supports the password modify extended operation (like OpenLDAP). A password change via smbpasswd will update all userPassword attributes of the LDAP entry Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd - RAP86 error - 3.0.20
System Fedora Core 4/SeLinuxSecurity disabled SAMBA 3.0.20 unix password sync=yes passwd backend smbpasswd Problem - Users logged into XP pro cannot change password Detail: When a user tries to change their password they get the error message: You do not have permission to change your password. However - the Linux password is changed and the SAMBA password is not. logging in to Fedora as root and invoking passwd and smbpasswd for the user returns no errors su 'username' and repeating the process (with good password given) passwd - okay smbpasswd - machine 127.0.0.1 rejected the password change: Error was: RAP86: The specified password is invalid. The only difference if you use a bad password - passwd won't allow the change either. So my conclusion thus far is that passwd is being invoked as root but smbpasswd is being invoked as the logged in user and refuses the password change. However, I have no idea what to do now and I cannot set unix passwd sync = no (even though that fixes it) - Please help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd and LDAP backend
Dear List, If I have a PDC with an LDAP backend, would just running smbpasswd username update the users passwd in both the LDAP directory and smb secrets? Thanks, Paul. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] smbpasswd and LDAP backend
I think you have to use smbldap-tools (available at samba.org) Cyrille Paul Henry [EMAIL PROTECTED] Envoyé par : [EMAIL PROTECTED] 09/09/2005 09:43 Veuillez répondre à [EMAIL PROTECTED] A samba@lists.samba.org cc Objet [Samba] smbpasswd and LDAP backend Dear List, If I have a PDC with an LDAP backend, would just running smbpasswd username update the users passwd in both the LDAP directory and smb secrets? Thanks, Paul. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd and LDAP backend
Paul Henry wrote: Dear List, If I have a PDC with an LDAP backend, would just running smbpasswd username update the users passwd in both the LDAP directory and smb secrets? Yes, as long as you give the correct setting for passwd program in smb.conf. -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd and LDAP backend
Hello, you have to set unix password sync = No ldap passwd sync = Yes and use an LDAP-server that supports the password modify extended operation (like OpenLDAP). A password change via smbpasswd will update all userPassword attributes of the LDAP entry Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Smbpasswd -s option
Hello I try to get smbpasswd adding users and passwd from script the following way : smbpasswd -a -s username password this used to work not to long ago , but now I get a list with usage options back instead. Currently using samba-3.0.11 What is the correct syntax for using smbpasswd with -s option? TIA Wim bakker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbpasswd -s option
Op Monday 27 June 2005 11:40, schreef u: Wim Bakker schrieb: Hello I try to get smbpasswd adding users and passwd from script the following way : smbpasswd -a -s username password What is the correct syntax for using smbpasswd with -s option? printf password\npassword\n | smbpasswd -a -s username Thanks, I did : echo passwd | smbpasswd -a -s username which gave me a mismatch error apparently smbpasswd wants to see a confirmation nowadays with -s. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RV: [Samba] smbpasswd -a -m
Just I need that users exists in Windows Domain Server (CAPRE-SANTIAGO) but are not all the machine in the domain. Jaime -Mensaje original- De: Mark Sarria [mailto:[EMAIL PROTECTED] Enviado el: mircoles, 15 de junio de 2005 18:35 Para: Jaime Amigo Pinilla; samba@lists.samba.org Asunto: RE: [Samba] smbpasswd -a -m Not quite sure what you want, but it sounds like you want to access your home share, without providing credentials? --mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaime Amigo Pinilla Sent: Wednesday, June 15, 2005 2:43 PM To: samba@lists.samba.org Subject: [Samba] smbpasswd -a -m I am trying to configure Samba 2.2x with Win2K. I need that samba shares a directory in the Linux server and the users Windows access that without authentication. I created the UNIX users (etc/passwd). dic00037$:*:504:65533:DIC00037:/dev/null:/bin/false dic00024$:*:505:65533:DIC00024:/dev/null:/bin/false dic00021$:*:506:65533:DIC00021:/dev/null:/bin/false I creates the Samba users. smbpasswd -a -m dic00037 smbpasswd -a -m dic00024 smbpasswd -a -m dic00021 I'm trying to access by Windows with \\150.10.10.70, show me [homes] but I cannot access the folder. Any suggestion? Regards Jaime Attached additional information: peumo:/etc/samba # smbclient -L \\localhost -U% added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 added interface ip=150.10.10.70 bcast=150.10.255.255 nmask=255.255.0.0 Domain=[SANTIAGO] OS=[Unix] Server=[Samba 2.2.5-UL] Sharename Type Comment - --- homes Disk ComparteLinux IPC$ IPC IPC Service (Servidor Samba Linux) ADMIN$ Disk IPC Service (Servidor Samba Linux) Server Comment ---- CAPRE-SANTIAGO PEUMOServidor Samba Linux WorkgroupMaster ---- SANTIAGO CAPRE-SANTIAGO /etc/samba/smb.conf [global] workgroup = SANTIAGO netbios name = peumo server string = Servidor Samba Linux unix extensions = yes security = share encrypt passwords = yes load printers = no socket options = IPTOS_LOWDELAY TCP_NODELAY hosts allow = 150.10.12. localhost interfaces = 127.0.0.1/8 150.10.10.70/16 bind interfaces only = yes password server = CAPRE-SANTIAGO username map = /etc/samba/smbusers smb passwd file = /etc/samba/smbpasswd log level = 1 large readwrite = yes max log size = 1000 auto services = homes log file = /var/log/samba/%m.log veto files = /*.eml/*.nws/riched20.dll/*.{*}/ local master = yes [homes] path= /home/compartelinux comment = ComparteLinux volume = Disco-Linux browseable = yes writeable = yes guest ok = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd doesn't work for users
Hello list, I have a problem with users changing their password from the command line of the localhost with smbpasswd. As root the whole thing works fine but not as a normal user. First I had the connection to the localhost refused because I didn't list localhost at the interfaces and had bind interfaces only set to yes. (manual smb.conf) I fixed that and added localhost. Now I can connect to the localhost from the command line e.g. with smbclient but smbpasswd still doesn't work as expected. [EMAIL PROTECTED]:~ smbpasswd Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the (anonymous) password change: Error was : Password restriction. Failed to change password for user Where do I have to configure the password restriction? I can post my smb.conf if that would be of any help. Any hint would be really helpful. Thanks Ulf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -r connecting to old samba not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wayne Schroeder wrote: The error message is on the SERVER though... regardless of the server's error bugs or not, the new smbpasswd won't work, yet the old one does... so something in smbpasswd or it's supporting libs on the new version 3 source tree is doing something different I would imagine. On Tue, Jun 14, 2005 at 05:39:01PM -0500, Wayne Schroeder wrote: I am trying to build 3.0.14a and use it's smbpasswd binary to change passwords on a remote debian woody samba install -- the samba install on the remote debian machine is listed as '2.2.3a-15' I can use the previous smbpasswd binary from the same version on the client linux machine to smbpasswd -r and change user passwords, but the new version from 3.0.14a does not work against the 2.2.3a version. I get an error message like: [2005/06/14 16:45:17, 0] smbd/chgpasswd.c:check_oem_password(817) check_oem_password: incorrect password length (-177685840). I would be more inclined to call this a bug in 2.2.3a (on debian right) ? Since 2.2 is no longer being maintained, you could try to track this down own your own or possibly upgrade. Another method would be to start trying smbpasswd from 3.0.x releases 3.0.14a and movning backwards to see when the incompatibility was introduced. We could then look at the svn logs to try to isolate the change and come up with a workaround. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCsE66IR7qMdg1EfYRAkWoAJ9tEL/d1NsRpWTq014PgV9/7S6H4QCg8a/0 EIR4WfoKq4b8w1/2LmMZ9hk= =rs0+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -r connecting to old samba not working
The only problem with that is the old servers are NOT our servers -- they are not managed by us. It's hard for us to tell people 'hey, we updated something, so now you have to'. Regardless of if it is a bug with the old version of samba, I would imagine there is some value in being backwards compatible with old versions, regardless of being maintained. The crux of the whole deal is that in the world of password changing, the old smbpassword worked against everything, now in order to get support for the new 2003 server boxes that need samba 3 to connect to them, we lose support for changing passwords on a large set of other boxes. The obvious answer to this from an operational stand point is to use the old binary / install base for changing passwords on these boxes, but I was hoping that there was some simple fix / work around that would address the backwards compatibility issue I have ran into. It seems somewhat strange that we would strive for backwards compatibility for old servers using protocols like CORE, COREPLUS, LANMAN1, LANMAN2 etc.. but not support older samba releases IMHO. Wayne Gerald (Jerry) Carter wrote: Wayne Schroeder wrote: The error message is on the SERVER though... regardless of the server's error bugs or not, the new smbpasswd won't work, yet the old one does... so something in smbpasswd or it's supporting libs on the new version 3 source tree is doing something different I would imagine. On Tue, Jun 14, 2005 at 05:39:01PM -0500, Wayne Schroeder wrote: I am trying to build 3.0.14a and use it's smbpasswd binary to change passwords on a remote debian woody samba install -- the samba install on the remote debian machine is listed as '2.2.3a-15' I can use the previous smbpasswd binary from the same version on the client linux machine to smbpasswd -r and change user passwords, but the new version from 3.0.14a does not work against the 2.2.3a version. I get an error message like: [2005/06/14 16:45:17, 0] smbd/chgpasswd.c:check_oem_password(817) check_oem_password: incorrect password length (-177685840). I would be more inclined to call this a bug in 2.2.3a (on debian right) ? Since 2.2 is no longer being maintained, you could try to track this down own your own or possibly upgrade. Another method would be to start trying smbpasswd from 3.0.x releases 3.0.14a and movning backwards to see when the incompatibility was introduced. We could then look at the svn logs to try to isolate the change and come up with a workaround. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -r connecting to old samba not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wayne Schroeder wrote: | The only problem with that is the old servers are | NOT our servers -- they are not managed by us. It's | hard for us to tell people 'hey, we updated something, | so now you have to'. Regardless of if it is a bug | with the old version of samba, I would imagine there | is some value in being backwards compatible with old | versions, regardless of being maintained. The crux of | the whole deal is that in the world of password | changing, the old smbpassword worked against everything, | now in order to get support for the new 2003 server | boxes that need samba 3 to connect to them, we lose | support for changing passwords on a large set of other | boxes. The obvious answer to this from an operational | stand point is to use the old binary / install base | for changing passwords on these boxes, but I was hoping | that there was some simple fix / work around that would | address the backwards compatibility issue I have ran | into. It seems somewhat strange that we would | strive for backwards compatibility for old servers using | protocols like CORE, COREPLUS, LANMAN1, LANMAN2 etc.. | but not support older samba releases IMHO. Wayne, First off, any breakage was not intentional. Second, I gave you instructions for helping us track it down. What I said about 2.2.x is that we will not issue a patch for it. I will be happy to issue a patch for smbpasswd to fix any incompatibilities with older Samba version if possible. But it requires that you do some things to help me out Here they are again: | Another method would be to start trying smbpasswd | from 3.0.x releases 3.0.14a and moving backwards to | see when the incompatibility was introduced. We could | then look at the svn logs to try to isolate the change | and come up with a workaround. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCsJ3LIR7qMdg1EfYRAjh7AJ9L6SIE6zJa5oGF6hAJyEkc2oN4mACgwVTZ uzTz4x5jHNVN5dr51IQhGW0= =P9j6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -r connecting to old samba not working
Gerald (Jerry) Carter wrote: Wayne, First off, any breakage was not intentional. Second, I gave you instructions for helping us track it down. What I said about 2.2.x is that we will not issue a patch for it. I will be happy to issue a patch for smbpasswd to fix any incompatibilities with older Samba version if possible. But it requires that you do some things to help me out Here they are again: | Another method would be to start trying smbpasswd | from 3.0.x releases 3.0.14a and moving backwards to | see when the incompatibility was introduced. We could | then look at the svn logs to try to isolate the change | and come up with a workaround. I should have been more clear .. the last message was generally directed at those suggesting that I should just upgrade the old samba installs instead of isolating the change / making a potential work around (or fix, if it is deemed as such) in the new code. I will gladly assist in isolating where the problem was introduced, and I am sure that no change / breakage was intentional and did not intend to imply that if it sounded as such. I will post more information as it becomes available, thanks again. Wayne -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -a -m
I am trying to configure Samba 2.2x with Win2K. I need that samba shares a directory in the Linux server and the users Windows access that without authentication. I created the UNIX users (etc/passwd). dic00037$:*:504:65533:DIC00037:/dev/null:/bin/false dic00024$:*:505:65533:DIC00024:/dev/null:/bin/false dic00021$:*:506:65533:DIC00021:/dev/null:/bin/false I creates the Samba users. smbpasswd -a -m dic00037 smbpasswd -a -m dic00024 smbpasswd -a -m dic00021 I'm trying to access by Windows with \\150.10.10.70, show me [homes] but I cannot access the folder. Any suggestion? Regards Jaime Attached additional information: peumo:/etc/samba # smbclient -L \\localhost -U% added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 added interface ip=150.10.10.70 bcast=150.10.255.255 nmask=255.255.0.0 Domain=[SANTIAGO] OS=[Unix] Server=[Samba 2.2.5-UL] Sharename Type Comment - --- homes Disk ComparteLinux IPC$ IPC IPC Service (Servidor Samba Linux) ADMIN$ Disk IPC Service (Servidor Samba Linux) Server Comment ---- CAPRE-SANTIAGO PEUMOServidor Samba Linux WorkgroupMaster ---- SANTIAGO CAPRE-SANTIAGO /etc/samba/smb.conf [global] workgroup = SANTIAGO netbios name = peumo server string = Servidor Samba Linux unix extensions = yes security = share encrypt passwords = yes load printers = no socket options = IPTOS_LOWDELAY TCP_NODELAY hosts allow = 150.10.12. localhost interfaces = 127.0.0.1/8 150.10.10.70/16 bind interfaces only = yes password server = CAPRE-SANTIAGO username map = /etc/samba/smbusers smb passwd file = /etc/samba/smbpasswd log level = 1 large readwrite = yes max log size = 1000 auto services = homes log file = /var/log/samba/%m.log veto files = /*.eml/*.nws/riched20.dll/*.{*}/ local master = yes [homes] path= /home/compartelinux comment = ComparteLinux volume = Disco-Linux browseable = yes writeable = yes guest ok = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -a -m
Jaime Amigo Pinilla wrote: I am trying to configure Samba 2.2x with Win2K. I need that samba shares a directory in the Linux server and the users Windows access that without authentication. I created the UNIX users (etc/passwd). dic00037$:*:504:65533:DIC00037:/dev/null:/bin/false dic00024$:*:505:65533:DIC00024:/dev/null:/bin/false dic00021$:*:506:65533:DIC00021:/dev/null:/bin/false I creates the Samba users. smbpasswd -a -m dic00037 smbpasswd -a -m dic00024 smbpasswd -a -m dic00021 The above creates machine accounts which is unnecessary. This will not help. You need to read the docs about guest users. Another easy way is to create 1 samba user account and have everyone mount the drive using that account. Not very secure but that doesn't seem to be a concern for you. I'm trying to access by Windows with \\150.10.10.70, show me [homes] but I cannot access the folder. Any suggestion? Regards Jaime Attached additional information: peumo:/etc/samba # smbclient -L \\localhost -U% added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 added interface ip=150.10.10.70 bcast=150.10.255.255 nmask=255.255.0.0 Domain=[SANTIAGO] OS=[Unix] Server=[Samba 2.2.5-UL] Sharename Type Comment - --- homes Disk ComparteLinux IPC$ IPC IPC Service (Servidor Samba Linux) ADMIN$ Disk IPC Service (Servidor Samba Linux) Server Comment ---- CAPRE-SANTIAGO PEUMOServidor Samba Linux WorkgroupMaster ---- SANTIAGO CAPRE-SANTIAGO /etc/samba/smb.conf [global] workgroup = SANTIAGO netbios name = peumo server string = Servidor Samba Linux unix extensions = yes security = share encrypt passwords = yes load printers = no socket options = IPTOS_LOWDELAY TCP_NODELAY hosts allow = 150.10.12. localhost interfaces = 127.0.0.1/8 150.10.10.70/16 bind interfaces only = yes password server = CAPRE-SANTIAGO username map = /etc/samba/smbusers smb passwd file = /etc/samba/smbpasswd log level = 1 large readwrite = yes max log size = 1000 auto services = homes log file = /var/log/samba/%m.log veto files = /*.eml/*.nws/riched20.dll/*.{*}/ local master = yes [homes] path= /home/compartelinux comment = ComparteLinux volume = Disco-Linux browseable = yes writeable = yes guest ok = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbpasswd -a -m
Not quite sure what you want, but it sounds like you want to access your home share, without providing credentials? --mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaime Amigo Pinilla Sent: Wednesday, June 15, 2005 2:43 PM To: samba@lists.samba.org Subject: [Samba] smbpasswd -a -m I am trying to configure Samba 2.2x with Win2K. I need that samba shares a directory in the Linux server and the users Windows access that without authentication. I created the UNIX users (etc/passwd). dic00037$:*:504:65533:DIC00037:/dev/null:/bin/false dic00024$:*:505:65533:DIC00024:/dev/null:/bin/false dic00021$:*:506:65533:DIC00021:/dev/null:/bin/false I creates the Samba users. smbpasswd -a -m dic00037 smbpasswd -a -m dic00024 smbpasswd -a -m dic00021 I'm trying to access by Windows with \\150.10.10.70, show me [homes] but I cannot access the folder. Any suggestion? Regards Jaime Attached additional information: peumo:/etc/samba # smbclient -L \\localhost -U% added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 added interface ip=150.10.10.70 bcast=150.10.255.255 nmask=255.255.0.0 Domain=[SANTIAGO] OS=[Unix] Server=[Samba 2.2.5-UL] Sharename Type Comment - --- homes Disk ComparteLinux IPC$ IPC IPC Service (Servidor Samba Linux) ADMIN$ Disk IPC Service (Servidor Samba Linux) Server Comment ---- CAPRE-SANTIAGO PEUMOServidor Samba Linux WorkgroupMaster ---- SANTIAGO CAPRE-SANTIAGO /etc/samba/smb.conf [global] workgroup = SANTIAGO netbios name = peumo server string = Servidor Samba Linux unix extensions = yes security = share encrypt passwords = yes load printers = no socket options = IPTOS_LOWDELAY TCP_NODELAY hosts allow = 150.10.12. localhost interfaces = 127.0.0.1/8 150.10.10.70/16 bind interfaces only = yes password server = CAPRE-SANTIAGO username map = /etc/samba/smbusers smb passwd file = /etc/samba/smbpasswd log level = 1 large readwrite = yes max log size = 1000 auto services = homes log file = /var/log/samba/%m.log veto files = /*.eml/*.nws/riched20.dll/*.{*}/ local master = yes [homes] path= /home/compartelinux comment = ComparteLinux volume = Disco-Linux browseable = yes writeable = yes guest ok = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -r connecting to old samba not working
I am trying to build 3.0.14a and use it's smbpasswd binary to change passwords on a remote debian woody samba install -- the samba install on the remote debian machine is listed as '2.2.3a-15' I can use the previous smbpasswd binary from the same version on the client linux machine to smbpasswd -r and change user passwords, but the new version from 3.0.14a does not work against the 2.2.3a version. I get an error message like: [2005/06/14 16:45:17, 0] smbd/chgpasswd.c:check_oem_password(817) check_oem_password: incorrect password length (-177685840). I searched a bit and found that this has something to do with hash lengths, or so it seems. I tried various configuration changes in the smb.conf that I was using to no avail -- I tried all the hash tuning and lanman auth options I could find. A few data points: The binary in question from 3.0.14a DOES change passwords against an exchange server just fine. The old 2.2.3a smbpasswd binary changes passwords against both the exchange server and the remote linux running the same version of samba. The 3.0.14a smbclient connects fine to the 2.2.3a samba linux host and the exchange server. It seems that the only thing that is broken is changing passwords on the older remote samba server. I am concerned that this may be a symptom of a bigger issue of the new smbpasswd binary being incompatible with older servers already deployed. Thanks in advance for any help. Wayne Schroeder -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -r connecting to old samba not working
On Tue, Jun 14, 2005 at 05:39:01PM -0500, Wayne Schroeder wrote: I am trying to build 3.0.14a and use it's smbpasswd binary to change passwords on a remote debian woody samba install -- the samba install on the remote debian machine is listed as '2.2.3a-15' I can use the previous smbpasswd binary from the same version on the client linux machine to smbpasswd -r and change user passwords, but the new version from 3.0.14a does not work against the 2.2.3a version. I get an error message like: [2005/06/14 16:45:17, 0] smbd/chgpasswd.c:check_oem_password(817) check_oem_password: incorrect password length (-177685840). I searched a bit and found that this has something to do with hash lengths, or so it seems. I tried various configuration changes in the smb.conf that I was using to no avail -- I tried all the hash tuning and lanman auth options I could find. A few data points: The binary in question from 3.0.14a DOES change passwords against an exchange server just fine. It's a error message bug I'm afraid. Jerry just fixed it in the SVN source. If you bug him enough I'm sure he'll post a patch :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -r connecting to old samba not working
The error message is on the SERVER though... regardless of the server's error bugs or not, the new smbpasswd won't work, yet the old one does... so something in smbpasswd or it's supporting libs on the new version 3 source tree is doing something different I would imagine. Jeremy Allison wrote: On Tue, Jun 14, 2005 at 05:39:01PM -0500, Wayne Schroeder wrote: I am trying to build 3.0.14a and use it's smbpasswd binary to change passwords on a remote debian woody samba install -- the samba install on the remote debian machine is listed as '2.2.3a-15' I can use the previous smbpasswd binary from the same version on the client linux machine to smbpasswd -r and change user passwords, but the new version from 3.0.14a does not work against the 2.2.3a version. I get an error message like: [2005/06/14 16:45:17, 0] smbd/chgpasswd.c:check_oem_password(817) check_oem_password: incorrect password length (-177685840). I searched a bit and found that this has something to do with hash lengths, or so it seems. I tried various configuration changes in the smb.conf that I was using to no avail -- I tried all the hash tuning and lanman auth options I could find. A few data points: The binary in question from 3.0.14a DOES change passwords against an exchange server just fine. It's a error message bug I'm afraid. Jerry just fixed it in the SVN source. If you bug him enough I'm sure he'll post a patch :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd password via stdin?
Running under debian, using SAMBA V3.0.7, I use PASS=secretworld USER=joe (echo $PASS; echo $PASS) | smbpasswd -s -a $USER Note: smbpasswd requires a double typed in password, It took me a lot of minutes to figure that difference between earlier version and the 3.0.7 out but now it works. In perl scripts I use this commandline like #...somewhere in a for/while loop... my $cmd = (echo $pass; echo $pass) | smbpasswd -s -a $user; my $retcode = `$cmd`; #...next user... HJ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd, tdb_fetch_uint32 failed
On Mon, 11 Apr 2005, Gerald (Jerry) Carter wrote: Nicolas Kowalski wrote: | | Since I upgraded my samba PDC from 3.0.11 to 3.0.13, I have | some strange warnings when changing the passwords with | 'smbpasswd' (it works, but gives these messages): | | # smbpasswd username | New SMB password: | Retype new SMB password: | account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age (seconds since 1970)), returning 0 | account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age (seconds since 1970)), returning 0 Should be fixed in 3.0.14 once it is out in the next day or so. That's great, Thanks ! Regards, -- Nicolas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd, tdb_fetch_uint32 failed
Hello, Since I upgraded my samba PDC from 3.0.11 to 3.0.13, I have some strange warnings when changing the passwords with 'smbpasswd' (it works, but gives these messages): # smbpasswd username New SMB password: Retype new SMB password: account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age (seconds since 1970)), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age (seconds since 1970)), returning 0 Any idea about it ? Can I safely ignore them ? Thanks. PS: the password database is the text smbpasswd file, the account_policy.tdb file looks just good (not changed since Jun 24 2004). -- Nicolas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -as
I have a problem by using smbpasswd -as USER PASSWORD it returns with this: [EMAIL PROTECTED] ~]# smbpasswd -as USER PASSWORD When run by root: smbpasswd [options] [username] otherwise: smbpasswd [options] I has been a problem for about 6 month now on both debian testing and redhat ES 3 / 4 It is still working on Redhat 9 with samba-2.2.12-0.90.2.legacy Any one know why? Sure, passing the password on the command line is no longer supported. I can't remember the exact version (maybe in the release notes?) but it simply isn't an option. There are ways around it however if you're trying to create a script. My script usage, ripped off the list a while ago is this: `(echo $password; echo $password) | $smbpasswd -s -a $username` Note: The above is a line from a perl script, however I think the original was for bash. You can probably figure out how to adapt it to your language from there ;) -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd, tdb_fetch_uint32 failed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nicolas Kowalski wrote: | Hello, | | Since I upgraded my samba PDC from 3.0.11 to 3.0.13, I have | some strange warnings when changing the passwords with | 'smbpasswd' (it works, but gives these messages): | | # smbpasswd username | New SMB password: | Retype new SMB password: | account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age (seconds since 1970)), returning 0 | account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age (seconds since 1970)), returning 0 Should be fixed in 3.0.14 once it is out in the next day or so. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCWqUwIR7qMdg1EfYRArxEAKDXLNFome1rZei1xmhRqLOyl8YFjQCgouO1 QrF9rLhhA+1KzXGNhMHuOaw= =mGaC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -as
Hi! I have a problem by using smbpasswd -as USER PASSWORD it returns with this: [EMAIL PROTECTED] ~]# smbpasswd -as USER PASSWORD When run by root: smbpasswd [options] [username] otherwise: smbpasswd [options] I has been a problem for about 6 month now on both debian testing and redhat ES 3 / 4 It is still working on Redhat 9 with samba-2.2.12-0.90.2.legacy Any one know why? Regards Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd and Sun ONE Directory Server problem
Hi, I want to use samba as PDC for various M$ clients. All informations are stored on Sun Directory Server ( 5.1 or 5.2 ). All thinks went well, but if I tried to change password with smbpasswd, it tells me ldap password change requested, but LDAP server doesnt support it --ignoring I have look at the source codes, it seems that password change operation requires password change extension ( RFC 3062, oid 1.3.6.1.4.1.4203.1.11.1 ), but such extension isn't supported on sun's directory servers. Is possible to run samba without this extension ? If not, it means samba isn't compatible with Sun ONE Directory servers. ( interesting part of source code: file pdb_ldap.c at line 1511 ) Thanks, Mirek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
Quoting Paul Gienger [EMAIL PROTECTED]: mess. My question is Shouldn't I somehow be able to insert samba passwords into the LDAP database and move on? Or is it just past that point now? Well, you can do one of two things, as I see it: 1. Try to run pdbedit with import/export flags and point it at your password file. Note that I don't know what this will do with existing entries' data. Will not work. All user passwords are already in LDAP in the current server. 2. Grab the password hashes out of the file and manually insert them. This did work. I'll have to write a script to take care of this for our site here. Thanks for all the help. Naturally 1 would be easier. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
mess. My question is Shouldn't I somehow be able to insert samba passwords into the LDAP database and move on? Or is it just past that point now? Well, you can do one of two things, as I see it: 1. Try to run pdbedit with import/export flags and point it at your password file. Note that I don't know what this will do with existing entries' data. Will not work. All user passwords are already in LDAP in the current server. I don't think I was clear here, I didn't say to point it at your smbpasswd file, instead I said passsword file. You already stated that you didn't have the windows passwords in LDAP so there shouldn't be any overlap there. My concern was how it would handle if you had somehow gotten the sambaSamAccount objectClass on the users already. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
Quoting Paul Gienger [EMAIL PROTECTED]: mess. My question is Shouldn't I somehow be able to insert samba passwords into the LDAP database and move on? Or is it just past that point now? Well, you can do one of two things, as I see it: 1. Try to run pdbedit with import/export flags and point it at your password file. Note that I don't know what this will do with existing entries' data. Will not work. All user passwords are already in LDAP in the current server. I don't think I was clear here, I didn't say to point it at your smbpasswd file, instead I said passsword file. You already stated that you didn't have the windows passwords in LDAP so there shouldn't be any overlap there. My concern was how it would handle if you had somehow gotten the sambaSamAccount objectClass on the users already. I really do not follow what you suggested I try with the pdbedit command. All I'm interested in is the LM and NT hashes inside of the sambapassword file on my production server. How would the pdbedit command help me get those LM and NT hashes into my LDAP database on my new server? -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
I don't think I was clear here, I didn't say to point it at your smbpasswd file, instead I said passsword file. You already stated that you didn't have the windows passwords in LDAP so there shouldn't be any overlap there. My concern was how it would handle if you had somehow gotten the sambaSamAccount objectClass on the users already. I really do not follow what you suggested I try with the pdbedit command. All I'm interested in is the LM and NT hashes inside of the sambapassword file on my production server. How would the pdbedit command help me get those LM and NT hashes into my LDAP database on my new server? It would help you because that is exactly what it does. If you have ldap set up and working already, so that a newly added user works, the command should be something like pdbedit -i smbpasswd:/etc/smbpasswd.old otherwise you'd have to specify the ldapsam with the -e flag Quoting the man page -i passdb-backend Use a different passdb backend to retrieve users than the one specified in smb.conf. Can be used to import data into your lo- cal user database. This option will ease migration from one passdb backend to another. -e passdb-backend Exports all currently available users to the specified password database backend. This option will ease migration from one passdb backend to another and will ease backing up. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd to LDAP
Is there a way to take users samba passwords from an old 2.x Samba server, and insert them into a new 3.x Samba server that using an LDAP backend? The new server is already populated with all users and groups in LDAP and is currently on a test network. All that is needed is the users samba passwords from the old server that is using the smbpasswd file. Thanks -- Matt Lung Midwest Tool Die, Corp. This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
Matt Lung wrote: Is there a way to take users samba passwords from an old 2.x Samba server, and insert them into a new 3.x Samba server that using an LDAP backend? The new server is already populated with all users and groups in LDAP and is currently on a test network. All that is needed is the users samba passwords from the old server that is using the smbpasswd file. If there aren't samba attributes in ldap you can use pdbedit -i smbpasswd:smbpasswd-file-path If there are already samba attributes this won't work. What I did was: - clean the ldap database (easy here since I was just testing) - smbldap-populate -k 0 -a root - obtain /etc/passwd, /etc/shadow, /etc/samba/smbpasswd from the old machine - remove all machine accounts, system groups and other users/groups you don't in ldap from all these files at this point, if you have special characters (like, á, é, í, etc.) in your files, you'll have to make somewhat a cleaned-up copy, since the idealx tools don't work with non us-ascii characters -temporarily add users in /etc/passwd of the new machine -pdbedit -i smbpasswd:smbpasswd-file -remove the users previously added to /etc/passwd -smbldap-migrate-passwd -d account -a -P your cleansed passwd file -S your shadow file -smbldap-migrate-group -a -G your cleansed group file What I done may be totally wrong, YMMV, etc., but it seems it has worked fine so far. Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
Quoting Luca Olivetti [EMAIL PROTECTED]: Matt Lung wrote: Is there a way to take users samba passwords from an old 2.x Samba server, and insert them into a new 3.x Samba server that using an LDAP backend? The new server is already populated with all users and groups in LDAP and is currently on a test network. All that is needed is the users samba passwords from the old server that is using the smbpasswd file. If there aren't samba attributes in ldap you can use pdbedit -i smbpasswd:smbpasswd-file-path If there are already samba attributes this won't work. What I did was: Hmm... I don't think that will work for us here. Our users have been migrated out of the passwd and shadow file on the old server for a while now. Their account info (except their samba password) has lived in LDAP for a few years now. I'm just trying to avoid having to change all the users passwords on the new server and having a big mess. I'd like it to be very transparent. I guess if what I'm asking is impossible at this point I'm sort of heading towards the mess. My question is Shouldn't I somehow be able to insert samba passwords into the LDAP database and move on? Or is it just past that point now? When I change my password on the new server I know it is changing the sambaLMPassword attribute. So how is the migrate tool setting that from the sambapasswd file when someone is migrating? - clean the ldap database (easy here since I was just testing) - smbldap-populate -k 0 -a root - obtain /etc/passwd, /etc/shadow, /etc/samba/smbpasswd from the old machine - remove all machine accounts, system groups and other users/groups you don't in ldap from all these files at this point, if you have special characters (like, á, é, í, etc.) in your files, you'll have to make somewhat a cleaned-up copy, since the idealx tools don't work with non us-ascii characters -temporarily add users in /etc/passwd of the new machine -pdbedit -i smbpasswd:smbpasswd-file -remove the users previously added to /etc/passwd -smbldap-migrate-passwd -d account -a -P your cleansed passwd file -S your shadow file -smbldap-migrate-group -a -G your cleansed group file What I done may be totally wrong, YMMV, etc., but it seems it has worked fine so far. Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
mess. My question is Shouldn't I somehow be able to insert samba passwords into the LDAP database and move on? Or is it just past that point now? Well, you can do one of two things, as I see it: 1. Try to run pdbedit with import/export flags and point it at your password file. Note that I don't know what this will do with existing entries' data. 2. Grab the password hashes out of the file and manually insert them. Naturally 1 would be easier. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd
G'day, I've just updated a server from samba 3.04 to samba 3.10. Somewhere in between the functionality of smbpasswd appears to have changed. When run as root user from: smbpasswd [options] username password to: smbpasswd [options] username Is there a simple replacement to the original non interaction functionality? There probably is, but I've not been able to find it. If not with smbpasswd then some other cmd line tool. Comments appreciated. Regards, Ashley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd
Somewhere in between the functionality of smbpasswd appears to have changed. When run as root user from: smbpasswd [options] username password to: smbpasswd [options] username Is there a simple replacement to the original non interaction functionality? I believe the change was stated in the release notes for the version that the change was made in. There is a option to change the input mode of smbpasswd to listen to stdin rather than the tty, which is what it does and keeps you from scripting a solution. I believe the switch is -s, much like the standard passwd program's --stdin flag. What this does is allow you to do something like: (echo $PASS; echo $PASS) | smbpasswd -s username in a script. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -w
Did you do --with-ldap or --with-ldapsam as well? _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Mon, 7 Feb 2005, Jochen Witte wrote: Hi, I try to set up samba (latest) to use LDAP. I get # smbpasswd -w secret -w not available unless configured --with-ldapsam I xompiled with LDAP support. Any hints? -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -w
Hi, I try to set up samba (latest) to use LDAP. I get # smbpasswd -w secret -w not available unless configured --with-ldapsam I xompiled with LDAP support. Any hints? -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -w
I xompiled with LDAP support. Any hints? Are you sure? The binaries very seldom lie. Check the output of smbd -b |grep LDAP You should see the following: (for example) [fgoserv:/]# /opt/samba/sbin/smbd -b |grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_DOMAIN2HOSTLIST HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -a -s /add smbuser via bash script
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Colin E. McDonald wrote: | I have a script that used to work fine under Samba 2.2.7a. | | I would pass the username and password to smbpasswd | -a -s $user $password and it worked fine. (echo $pw; echo $pw ) | smbpasswd -s -a $user cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6CdbIR7qMdg1EfYRAlJGAJ9hm9NbVLGhfrneTLzTiK9XqGBlIgCg7TPX UDYLCbPNBCnFKpOE/PjLIDw= =crZ/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -a -s /add smbuser via bash script
I have a script that used to work fine under Samba 2.2.7a. I would pass the username and password to smbpasswd -a -s $user $password and it worked fine. Now it isnt working with 3.07. Has anyone run into this? It looks like I could pass the password variable to the command twice (password entry and confirmation) but i am not sure how to do this via bash (how to make the variable look like it came from stdin. Thanks for any assistance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -e (3.0.10)
AIX 5.2, OpenLDAP 2.2.20 We've just moved to LDAP (this weekend) and when I do a smbpasswd -e to enable a user it is prompting for a New SMB password: I've secured the attributes like so: access to dn.subtree=ou=People,dc=hvcc,dc=edu attrs=userPassword by self write by dn=cn=root,dc=hvcc,dc=edu write by * auth access to dn.subtree=ou=People,dc=hvcc,dc=edu attrs=sambaLMPassword,sambaNTPassword by dn=cn=root,dc=hvcc,dc=edu write by * none Per the docs, but the problem is a -D10 shows: smbldap_get_single_attribute: [sambaUserWorkstations] = [does not exist] smbldap_get_single_attribute: [sambaMungedDial] = [does not exist] smbldap_get_single_attribute: [sambaLMPassword] = [does not exist] smbldap_get_single_attribute: [sambaNTPassword] = [does not exist] Which clearly indicates the security is too tight, but why doesn't it connect as rootdn since I'm running it as the root user anyway? Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd
Dear all, How can I convert the Linux users password (/etc/shadow) to Samba users password (.../private/smbpasswd)? Best Brazilian regards -- Rodrigo Noroaldo de Castro Fernandes [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd
If I have correctly understood what you want to do, the simple answer is: you can't. The passwords stored in shadow file and in smbpasswd, though they may be the same (in clear text), are encrypted with two different one way hash functions. In order to put in smbpasswd the same user passwords than in shadow, you need to compute the hash string from the passwords in clear text. The only reasonable way to achieve this is to implement some solution that keeps unix passwords and samba passwords synchronized (such as what can be done in smb.conf with unix password sync and passwd program but there are many other solutions) and to ask users to change their passwords once, so that shadow and smbpasswd hash strings are computed from the same password. Le mer 29/12/2004 à 13:26, Rodrigo Noroaldo de Castro Fernandes a écrit : --ms080602000709060800080902 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Dear all, How can I convert the Linux users password (/etc/shadow) to Samba users password (.../private/smbpasswd)? Best Brazilian regards -- Olivier Navas Groupement Informatique et Télécommunications SDIS 33 - Humor in the Court: Q: Are you qualified to give a urine sample? A: Yes, I have been since early childhood. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -w not working
On Monday 27 December 2004 18:29, Adi Nugraha wrote: Hi, I'm tyrying to set up a Samba PDC with LDAP backend, i followed the excellent samba guide on the chapter making users happy, the problem is according to the guide when I execute the smbpasswd -w secret command, the expected outcome is Setting stored password for cn=Manager,dc=abmas,dc=biz in secrets.tdb but what i get is Setting stored password for in secrets.tdb can anyone tell me what's wrong, I checked and rechecked the smb.conf and slapd.conf and ldap.conf, there is nothing wrong, (at least according to the guide), please help me with this, I've been stuck trying to solve this for weeks now any hint is greatly appreciated, thanks in advance Please make certain that you have specified the correct administrative dn (ldap admin dn) in your smb.conf file. Also, suggest you download the latest version of the smbldap-tools from www.idealx.org _and_ make sure that your Perl is correctly configured. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -w not working
Hi, I'm tyrying to set up a Samba PDC with LDAP backend, i followed the excellent samba guide on the chapter making users happy, the problem is according to the guide when I execute the smbpasswd -w secret command, the expected outcome is Setting stored password for cn=Manager,dc=abmas,dc=biz in secrets.tdb but what i get is Setting stored password for in secrets.tdb can anyone tell me what's wrong, I checked and rechecked the smb.conf and slapd.conf and ldap.conf, there is nothing wrong, (at least according to the guide), please help me with this, I've been stuck trying to solve this for weeks now any hint is greatly appreciated, thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -w not working
- Original Message - From: Adi Nugraha [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Tuesday, December 28, 2004 8:29 AM Subject: [Samba] smbpasswd -w not working Hi, I'm tyrying to set up a Samba PDC with LDAP backend, i followed the excellent samba guide on the chapter making users happy, the problem is according to the guide when I execute the smbpasswd -w secret command, the expected outcome is Setting stored password for cn=Manager,dc=abmas,dc=biz in secrets.tdb but what i get is Setting stored password for in secrets.tdb can anyone tell me what's wrong, I checked and rechecked the smb.conf and slapd.conf and ldap.conf, there is nothing wrong, (at least according to the guide), please help me with this, I've been stuck trying to solve this for weeks now any hint is greatly appreciated, thanks in advance sorry forgot my specs info, Mandrake Linuc 9.1 samba 3.0.9 openldap2.2.17 stable also there is no pam_unix2.so module in my linux installation, there is pam_unix.so though, can anyone help me, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -w not working
already solved that, seems the smbpasswd file I copied from other samba version needs to be directed to the smb.conf , now the smbldap-populate scripts doesn't work, with an error message like this : [EMAIL PROTECTED] sbin]# ./smbldap-populate.pl Can't locate Convert/ASN1.pm in @INC (@INC contains: /var/lib/samba/sbin/ /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at /usr/lib/perl5/vendor_perl/5.8.0/Net/LDAP.pm line 11. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.0/Net/LDAP.pm line 11. Compilation failed in require at /var/lib/samba/sbin//smbldap_tools.pm line 5. BEGIN failed--compilation aborted at /var/lib/samba/sbin//smbldap_tools.pm line 5. Compilation failed in require at ./smbldap-populate.pl line 34. BEGIN failed--compilation aborted at ./smbldap-populate.pl line 34. anyone know what to do about this - Original Message - From: Adi Nugraha [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Tuesday, December 28, 2004 8:39 AM Subject: Re: [Samba] smbpasswd -w not working - Original Message - From: Adi Nugraha [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Tuesday, December 28, 2004 8:29 AM Subject: [Samba] smbpasswd -w not working Hi, I'm tyrying to set up a Samba PDC with LDAP backend, i followed the excellent samba guide on the chapter making users happy, the problem is according to the guide when I execute the smbpasswd -w secret command, the expected outcome is Setting stored password for cn=Manager,dc=abmas,dc=biz in secrets.tdb but what i get is Setting stored password for in secrets.tdb can anyone tell me what's wrong, I checked and rechecked the smb.conf and slapd.conf and ldap.conf, there is nothing wrong, (at least according to the guide), please help me with this, I've been stuck trying to solve this for weeks now any hint is greatly appreciated, thanks in advance sorry forgot my specs info, Mandrake Linuc 9.1 samba 3.0.9 openldap2.2.17 stable also there is no pam_unix2.so module in my linux installation, there is pam_unix.so though, can anyone help me, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbpasswd -a USERNAME PASSWORD -- no longer works in samba 3.0.9!!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sysrm wrote: | All our scripts etc no longer work since installing 3.0.9 when adding new | users. | | We use a perl script to make sure there are no duplicate names/uid's etc and | generate a random 8 char password. | | It then adds the user to /etc/passwd with that password and then invokes | smbpasswd -a $username $password which no longer works with the 3.0.9 | version of smbpasswd! (echo $pw; echo $pw ) | smbpasswd -s -a $username It was mentioned in the release notes in case anyone ever reads those :-) cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBucnRIR7qMdg1EfYRApPWAJ49nLiKY2ZwF07gOWp/Os6zh4h5qQCfasLQ h3EbKtZ83kpOdewlH4lKc3A= =3eTm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Smbpasswd -a USERNAME PASSWORD -- no longer works in samba 3.0.9!!!
All our scripts etc no longer work since installing 3.0.9 when adding new users. We use a perl script to make sure there are no duplicate names/uid's etc and generate a random 8 char password. It then adds the user to /etc/passwd with that password and then invokes smbpasswd -a $username $password which no longer works with the 3.0.9 version of smbpasswd! Why has this mind bogglingly useful function been taken out?? Is there a way I can put it back in or use a 3.0.5 version with out issues?? Cheers Ross McInnes (A now bald) system admin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd in 3.0.9 broken
Hello, i have an wierd problem under 3.0.8. This versions seems to encrypt password different to 2.2.9 an by this lock out any user. The machine is a Sun under Solaris 8 with the recommended patch cluster. User Repository is done by ldap_compat, because of several Systems in need of the old samba-schema (2.2.9). Anybody out there, who can reproduce the behaviour ? I´ve already filed a bug under 2020. Regards Joerg Example: bash-2.03# ./smbpasswd smbtest10 New SMB password: Retype new SMB password: bash-2.03# ./smbclient -s/usr/local/smb/system/config/customersite/smb.pdc2.conf -U smbtest10 //pdc2-customersite/smbtest10 Password: session setup failed: NT_STATUS_LOGON_FAILURE NOW CHANGING PASSWORD FROM A DIFFERENT SERVER UNDER 2.2.9 to same value bash-2.03# ./smbclient -s/usr/local/smb/system/config/customersite/smb.pdc2.conf -U smbtest10 //pdc2-customersite/smbtest10 Password: Domain=[domainname] OS=[Unix] Server=[Samba 3.0.8] smb: \ quit working Userentry-LDIF, changed with smbpasswd of 2.2.9 dn: uid=smbtest10,ou=people,ou=allgemein,o=organisation objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: account objectClass: top objectClass: organizationalPerson objectClass: person objectClass: sambaAccount acctFlags: [U ] cn: smbtest10 displayName: smbtest10 gecos: #T:common gidNumber: 1 homeDirectory: /somedirectory/smbtest10 kickoffTime: 2147483647 lmPassword: 86859AF790F4B217AAD3B435B51404EE loginShell: /bin/false logofftime: 2147483647 logonTime: 2147483647 ntPassword: 0C6AE10552793A8B88778B8185E47B78 primaryGroupID: 21001 pwdCanChange: 1086693852 pwdLastSet: 1100177214 pwdMustChange: 2147483647 rid: 41734 shadowFlag: 0 sn: smbtest10 uid: smbtest10 uidNumber: 20367 userPassword:: e1NTSEF9N1dJcjNIaWxGeENiZ0VSRmJxckpTN1dNWG1pNkZyWVB1RHBtUHc9P Q== Same user, changed with smbpassword with Samba 3.0.8, login not possible dn: uid=smbtest10,ou=people,ou=allgemein,o=organisation objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: account objectClass: top objectClass: organizationalPerson objectClass: person objectClass: sambaAccount acctFlags: [U ] cn: smbtest10 displayName: smbtest10 gecos: #T:common gidNumber: 1 homeDirectory: /somedirectory/smbtest10 kickoffTime: 2147483647 lmPassword: FE12086CE1A36EF5AAD3B435B51404EE loginShell: /bin/false logofftime: 2147483647 logonTime: 2147483647 ntPassword: 314040DC01195C391E161E6B39824C78 primaryGroupID: 21001 pwdCanChange: 1086693852 pwdLastSet: 1100177019 pwdMustChange: 2147483647 rid: 41734 shadowFlag: 0 sn: smbtest10 uid: smbtest10 uidNumber: 20367 userPassword:: e1NTSEF9N1dJcjNIaWxGeENiZ0VSRmJxckpTN1dNWG1pNkZyWVB1RHBtUHc9P Q== Diff of both ldifs : 18c18 lmPassword: 86859AF790F4B217AAD3B435B51404EE --- lmPassword: FE12086CE1A36EF5AAD3B435B51404EE 22c22 ntPassword: 0C6AE10552793A8B88778B8185E47B78 --- ntPassword: 314040DC01195C391E161E6B39824C78 25c25 pwdLastSet: 1100177214 --- pwdLastSet: 1100177019 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd and password on command line
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim Winders wrote: | Hello - | | I see from the 3.0.8 release notes: | | * Remove support for passing the new password to smbpasswd | on the command line without using the -s option. | | I used to use the option: | | smbpasswd -a $user $pass | | to quickly add a new user to the smbpasswd database. | This no longer works in 3.0.8. I have tried every combination | I can think of adding the -s and -L options to the command line (echo $pw; echo $pw ) | smbpasswd -s -a $user cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBqzYAIR7qMdg1EfYRAj3pAJ4p5hMWGtLHri5vI7PXIB5RRKSbDQCg0nF/ XrGKt26KLi+B1ck+ALDErts= =cWbE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd produces INCORRECT sambaNTPasswd hash on ppc (yellowdog 4.0 on xserve G5)
I'm having trouble setting up samba as a PDC on an apple xserve, using yellowdog linux 4.0. After a lot of thrashing, I believe the problem may be smbpasswd generating the wrong NT hash. Running smbpasswd on a redhat box (intel architecture) produces the follow LDAP entry: dn: uid=testuser2,ou=Users,dc=allstate,dc=network objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: testuser2 sn: testuser2 uid: testuser2 uidNumber: 1006 gidNumber: 513 homeDirectory: /home/testuser2 loginShell: /bin/bash gecos: System User description: System User sambaSID: S-1-5-21-813279244-2815909583-2512609307-3012 sambaPrimaryGroupSID: S-1-5-21-813279244-2815909583-2512609307-513 displayName: System User sambaPwdMustChange: 2147483647 sambaAcctFlags: [U ] sambaPwdCanChange: 1100885825 sambaLMPassword: 44EFCE164AB921CAAAD3B435B51404EE sambaNTPassword: 32ED87BDB5FDC5E9CBA88547376818D4 Running smbpasswd on the Xserve produces the following entry: dn: uid=testuser1,ou=Users,dc=allstate,dc=network objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: testuser1 sn: testuser1 uid: testuser1 uidNumber: 1000 gidNumber: 513 homeDirectory: /home/testuser1 loginShell: /bin/bash gecos: System User description: System User sambaSID: S-1-5-21-471028381-1047030085-1551032810-3000 sambaPrimaryGroupSID: S-1-5-21-471028381-1047030085-1551032810-513 displayName: System User sambaPasswordHistory: sambaLMPassword: 44EFCE164AB921CAAAD3B435B51404EE sambaPwdCanChange: 1100920198 sambaPwdMustChange: 2147483647 sambaNTPassword: CAE238A01BFF98AB2A465882B20D01B7 sambaPwdLastSet: 1100920198 sambaAcctFlags: [U ] userPassword:: e1NNRDV9Z09tN08zWjJ6TEpOQUNvdDVYN0FQTCs2NWM0PQ== Notice that the sambaNTPassword: entries are different! And if I run: [EMAIL PROTECTED] /]# smbclient -L localhost -U testuser1%123456 Domain=[ALLSTATE] OS=[Unix] Server=[Samba 3.0.8] Sharename Type Comment - --- print$ Disk public Disk Repertoire public IPC$IPC IPC Service (Samba Server 3.0.8) ADMIN$ IPC IPC Service (Samba Server 3.0.8) testuser1 Disk repertoire de testuser1, testuser1 Domain=[ALLSTATE] OS=[Unix] Server=[Samba 3.0.8] Server Comment ---- PDC-SMB3 Samba Server 3.0.8 WorkgroupMaster ---- ALLSTATE PDC-SMB3 INDIANA EWC-TECH Seems to work just fine, but if I try that from the redhat box, (or from a windows machine): smbclient -L PDC-SMB3 -U testuser1%123456 added interface ip=192.168.1.253 bcast=192.168.1.255 nmask=255.255.255.0 Got a positive name query response from 192.168.1.5 ( 192.168.1.5 ) session setup failed: NT_STATUS_LOGON_FAILURE I thought I had resolved the problem by using smbldap-passwd, which uses Crypt::SmbHash and produces the correct sambaNTPassword, I can authenticate from the windows box and from the intel redhat box just fine, even though smbclient -L localhost -U testuser1%123456 from the Xserve fails, but alas when I try to add a windows XP box to the domain I get an access denied error. I've done some googling, but havent found the solution to this dilemma. Is anyone else trying this? Is this a new bug, or am I RTFing the wrong Manual? smb.conf follows: # Global parameters [global] workgroup = allstate netbios name = PDC-SMB3 #interfaces = 192.168.5.11 username map = /etc/samba/smbusers #admin users= @Domain Admins server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /usr/local/sbin/smbldap-passwd -u %u #passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n ldap passwd sync = Yes log level = 20 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:ldap://127.0.0.1/ ldap://slave.idealx.com; # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) #ldap admin dn =
[Samba] smbpasswd - Segmentation fault
When I execute the following: smbpasswd -a jesse, I get a Segmentation fault error. Any ideas what might cause that error? Thanks, Jesse -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd and password on command line
Hello - I see from the 3.0.8 release notes: * Remove support for passing the new password to smbpasswd on the command line without using the -s option. I used to use the option: smbpasswd -a $user $pass to quickly add a new user to the smbpasswd database. This no longer works in 3.0.8. I have tried every combination I can think of adding the -s and -L options to the command line and in every case I get the smbpasswd help file. Can someone give me the correct syntax to be able to add a user and set their password on a single command line? Thanks! -- Tim Winders Associate Dean of Information Technology South Plains College Levelland, TX 79336 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd hash type
I've found an issue for us when users do a windows password change. The password is stored in LDAP with a crypt type of SMD5, which apparently is not liked very well by our smtp server, and manifests itself as the user not being able to use smpt-auth. When I change my password from the command line with the unix password change I get md5crypt, so it's not using the system password settings. The smbldap-tools.conf file lists the password hash as CRYPT, of course I doubt this is actually being called. My question is: Is there a way to tell samba what kind of password hash to use when changing passwords? There's other things that break for us with what samba (or whatever it is calling) is doing, but mail/smtp-auth is the biggest one. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd fails on samba 2.2.x
Hi, setup upgraded to samba 2.2.12, from 2.2.3 with win95 clients. following winXP guide http://www.faqs.org/docs/samba/ch03.html created a test account. but smbpasswd fails.. [EMAIL PROTECTED] data]# smbpasswd test New SMB password: Retype new SMB password: Failed to find entry for user test. Failed to modify password entry for user test [EMAIL PROTECTED] data]# the account exists in /etc/passwd What now? thanks r -- here's part of the config -- [..] smb passwd file = /etc/samba/smbpasswd add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u pam password change = yes encrypt passwords = yes wins support = true max log size = 0 obey pam restrictions = yes directory mode = 775 security = user passwd program = /usr/bin/passwd %u [..] ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd fails on samba 2.2.x
created a test account. but smbpasswd fails.. [EMAIL PROTECTED] data]# smbpasswd test New SMB password: Retype new SMB password: Failed to find entry for user test. Failed to modify password entry for user test [EMAIL PROTECTED] data]# the account exists in /etc/passwd You have to run smbpasswd with the -a flag to create the entry in smbpasswd before you can modify it, which is what they assume you're wanting with no flags. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd with password on the command line
I've upgraded my samba server to 3.0.6 and without any warning the command smbpasswd no longer accepts passing the user password on the command line! This was a very bad thing for me since the scripts I use to generate all my users account stopped working :-( Anyone had the same problem? Any suggestions before rewriting everything Pedro Silva -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd with password on the command line
On Sunday 26 September 2004 21:00, Pedro Silva wrote: I've upgraded my samba server to 3.0.6 and without any warning the command smbpasswd no longer accepts passing the user password on the command line! This was a very bad thing for me since the scripts I use to generate all my users account stopped working :-( Anyone had the same problem? Any suggestions before rewriting everything Pedro Silva Hi Just use (echo password;echo password)| smbpasswd -s -a username seen it somewhere hope it help's Hugo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbpasswd problem fine before but now ?
I'm still trying to solve my problem below. I have found that in my smb.conf file, all information relating to ldap is either # or ; out, but when i run testparm it shows settings for ldap which is pointed to locally. I completely deleted all commented reverences to ldap, restarted samba, run testparm but it insists that ldap is being called locally. I even used a previous smb.conf from before i upgraded to 2.2.8a, which has no referance to ldap, but it still shows up in testparm as ldap= local. My other machine that was also upgraded to 2.2.8a has no reference to ldap or indications it is being called in testparm I'm completely confused. Can anybody help Ken On Tue, 14 Sep 2004 14:36:05 +0100, Ken Walker [EMAIL PROTECTED] wrote: I set up a LM ( Linux Mandrake ) machine a 6 or 7 months ago with LM8.2 and samba 2.2.8a. I set up a 5 disk software raid 5 and made 5 accounts and 5 entries into smbpasswd using smbpasswd -an XX All went fine, nothing out of the usual happened and all users could hammer the raid remotely to see if it died. I have just resurrected the machine, which has been powered down for about 4 months now. When i now enter smbpasswd -an i get the following !! [EMAIL PROTECTED] mctkeaw]# smbpasswd -an mctssvw LDAPS option set...! ldap_connect_system: Binding to ldap server as Bind failed: Can't contact LDAP server LDAPS option set...! ldap_connect_system: Binding to ldap server as Bind failed: Can't contact LDAP server Failed to add entry for user mctssvw. Failed to modify password entry for user mctssvw [EMAIL PROTECTED] mctkeaw]# I have looked in passwd and mctssvw is there. allow null passwords is in the global settings of smb.conf I have also looked in smb.conf and the ldap options are commented out. I have no idea why this should start now, nothing has been added or changed since it was last powered down. Can anybody help Many thanks Ken -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbpasswd problem fine before but now ?
Ken Walker wrote: I even used a previous smb.conf from before i upgraded to 2.2.8a, which has no referance to ldap, but it still shows up in testparm as ldap= local. Did you try to specify smb.conf file on the command line to smbd with '-s' option to be sure that this is the file your samba uses? Just a thought. Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Smbpasswd problem fine before but now ?
I set up a LM ( Linux Mandrake ) machine a 6 or 7 months ago with LM8.2 and samba 2.2.8a. I set up a 5 disk software raid 5 and made 5 accounts and 5 entries into smbpasswd using smbpasswd -an XX All went fine, nothing out of the usual happened and all users could hammer the raid remotely to see if it died. I have just resurrected the machine, which has been powered down for about 4 months now. When i now enter smbpasswd -an i get the following !! [EMAIL PROTECTED] mctkeaw]# smbpasswd -an mctssvw LDAPS option set...! ldap_connect_system: Binding to ldap server as Bind failed: Can't contact LDAP server LDAPS option set...! ldap_connect_system: Binding to ldap server as Bind failed: Can't contact LDAP server Failed to add entry for user mctssvw. Failed to modify password entry for user mctssvw [EMAIL PROTECTED] mctkeaw]# I have looked in passwd and mctssvw is there. allow null passwords is in the global settings of smb.conf I have also looked in smb.conf and the ldap options are commented out. I have no idea why this should start now, nothing has been added or changed since it was last powered down. Can anybody help Many thanks Ken -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd in samba 3.0
For scripting then, what would the appropriate syntax be? smbpasswd -s -a username password this was working fine for me in 2.2.x and 3.0.x until the upgrade 3.0.6 If I want to change password with a script - i.e. single line of code. what is the appropriate command syntax in 3.0.6? Jake Holmquist Manhattan College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd in samba 3.0
Try it: # (echo password; echo password) | smbpasswd -s -a username Best Regards! Jacky Kim . For scripting then, what would the appropriate syntax be? smbpasswd -s -a username password this was working fine for me in 2.2.x and 3.0.x until the upgrade 3.0.6 If I want to change password with a script - i.e. single line of code. what is the appropriate command syntax in 3.0.6? Jake Holmquist Manhattan College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd complains about LDAP: Object class violation
Does anyone else have any ideas on this? I think I've got the right direction, at least. If someone with a working LDAP-Samba PDC -- preferably 2.2.8, ideally on OS X -- could post the results of an ldapsearch for one of their machines, I might be able to figure out which attribute in specific is causing the problem. Or, if anyone out there in sambaland has other ideas, I'm totally open to suggestions. Thanks. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Mon, 30 Aug 2004, Lance Levsen wrote: And that would explain that: 3.0.6. Sorry. Cheers, lance On Mon, 2004-08-30 at 08:17, Chris St. Pierre wrote: Hmm. I poked around a little bit, but couldn't find a schema that included the sambaSamAccount object class in my examples directory. Maybe different versions? I'm on version 2.2.8a on Mac OS X. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Fri, 27 Aug 2004, Lance Levsen wrote: On Fri, 2004-08-27 at 09:50, Chris St. Pierre wrote: Here's more info for anyone who's interested: Quite the opposite of what I expected, smbldap-useradd.pl is not using sambaAccount as the structural objectClass; it's not using it *at all*. Here's a sample: Okay, weird. I'm using the samba schema from ./examples/LDAP/ and it creates users w/ objectclass sambaSamAccount, not sambaAccount. sambaAccount is in that schema, but commented out. Cheers, lance -- Lance Levsen, Catprint Computing Linux Systems and programming Saskatoon, SK., CA. gpg --keyserver wwwkeys.pgp.net --recv-keys 0xF2DA79C8 -- Lance Levsen, Catprint Computing Linux Systems and programming Saskatoon, SK., CA. gpg --keyserver wwwkeys.pgp.net --recv-keys 0xF2DA79C8 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd problems with RedHat 9.0
This is really hot. I manage a lab of 25 dual boot computers in the school where I teach, running fedora and (cough) win2k. Last year all went very well for the Windows users in my lab, but this year every time the users attempt to change their samba passwords using smbpasswd they get this error message: console dialog for a user trying to change their samba password will logged on to the server - [EMAIL PROTECTED] aford]$ smbpasswd Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the session setup. Error was : NT_STATUS_LOGON_FAILURE. Failed to change password for aford [EMAIL PROTECTED] aford]$ - end of dialog - Any help would be greatly appreciated, since the other teacher using the lab is unable to teach... OUCH! steve -- Steve Strong Math and Computer Science Washington High School 2205 Forest Dr. SE Cedar Rapids, IA 5243 email:[EMAIL PROTECTED] web site: http://crwash.org phone: 319-558-4685 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Internal: Unable to lock /etc/samba/smbpasswd......PROBLEM
On Samba 3.0.5 (and Samba 3.0.6) PDC I typically see messages in the logs of my Samba PDC of several terminals (I separate logs by the terminal). They all seem to happen at about the same time and they cause the terminals in question to get messages indicating that the PDC is not present. After a few minutes it seems to stop and things resume as normal. I have not had this problem prior to 3.0.5. I use the smbpasswd and all entries are in the NEW format. Is there something that I can do to fix this? Or is this a bug in the current version(s). I had to backoff from Samba 3.0.6 because the problem was far more disabling to my user community. . . . [2004/08/31 08:28:01, 3] smbd/uid.c:push_conn_ctx(351) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/08/31 08:28:01, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/08/31 08:28:06, 0] lib/util_file.c:do_file_lock(67) do_file_lock: failed to lock file. [2004/08/31 08:28:06, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(204) startsmbfilepwent_internal: unable to lock file /etc/samba/smbpasswd. Error was Interrupted system call [2004/08/31 08:28:06, 0] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1305) Unable to open passdb database. [2004/08/31 08:28:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/08/31 08:28:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 . . . Anybody got a workaround on this? Help would be appreciated of course. I don't see what interrupted system call is being talked about either. Full listing of global setting of smb.conf file: (via testparm -v) Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = DOMAIN realm = netbios name = DOMAIN1 netbios aliases = DOMAIN2 netbios scope = server string = Server - File - (%h - %v) interfaces = eth3, lo bind interfaces only = Yes security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Bad User null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = smbpasswd algorithmic rid base = 1000 root directory = guest account = samba pam password change = No passwd program = /bin/false passwd chat = passwd chat debug = No passwd chat timeout = 2 username map = /etc/samba/smbusers password level = 0 username level = 0 unix password sync = Yes restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = log level = 3 syslog = 0 syslog only = No log file = /SYSTEMS/log/samba/log.%m max log size = 20 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No acl compatibility = nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes change notify timeout = 60 deadtime = 15 getwd cache = Yes keepalive = 300 kernel change notify = Yes lpq cache time = 10 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 1 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use mmap = Yes hostname lookups = No name cache timeout = 660 load printers = Yes printcap name = cups disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = No os2 driver map = mangling method = hash2 mangle prefix = 1 stat cache = Yes machine password timeout = 604800 add user script = delete user script = add group
Re: [Samba] Internal: Unable to lock /etc/samba/smbpasswd......PROBLEM
h, i've been having the same EXACT problem and thought i had suddenly become extraordinarily stupidi haven't tried going back to 3.0.4 as that would greatly interrupt many many peoplebut i'll look into it... Bill On Tue, 31 Aug 2004, M. D. Parker wrote: On Samba 3.0.5 (and Samba 3.0.6) PDC I typically see messages in the logs of my Samba PDC of several terminals (I separate logs by the terminal). They all seem to happen at about the same time and they cause the terminals in question to get messages indicating that the PDC is not present. After a few minutes it seems to stop and things resume as normal. I have not had this problem prior to 3.0.5. I use the smbpasswd and all entries are in the NEW format. Is there something that I can do to fix this? Or is this a bug in the current version(s). I had to backoff from Samba 3.0.6 because the problem was far more disabling to my user community. . . . [2004/08/31 08:28:01, 3] smbd/uid.c:push_conn_ctx(351) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/08/31 08:28:01, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/08/31 08:28:06, 0] lib/util_file.c:do_file_lock(67) do_file_lock: failed to lock file. [2004/08/31 08:28:06, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(204) startsmbfilepwent_internal: unable to lock file /etc/samba/smbpasswd. Error was Interrupted system call [2004/08/31 08:28:06, 0] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1305) Unable to open passdb database. [2004/08/31 08:28:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/08/31 08:28:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 . . . Anybody got a workaround on this? Help would be appreciated of course. I don't see what interrupted system call is being talked about either. Full listing of global setting of smb.conf file: (via testparm -v) Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = DOMAIN realm = netbios name = DOMAIN1 netbios aliases = DOMAIN2 netbios scope = server string = Server - File - (%h - %v) interfaces = eth3, lo bind interfaces only = Yes security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Bad User null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = smbpasswd algorithmic rid base = 1000 root directory = guest account = samba pam password change = No passwd program = /bin/false passwd chat = passwd chat debug = No passwd chat timeout = 2 username map = /etc/samba/smbusers password level = 0 username level = 0 unix password sync = Yes restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = log level = 3 syslog = 0 syslog only = No log file = /SYSTEMS/log/samba/log.%m max log size = 20 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No acl compatibility = nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes change notify timeout = 60 deadtime = 15 getwd cache = Yes keepalive = 300 kernel change notify = Yes lpq cache time = 10 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 1 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use mmap = Yes hostname lookups = No name cache timeout = 660 load printers = Yes
Re: [Samba] smbpasswd complains about LDAP: Object class violation
Here's more info for anyone who's interested: Quite the opposite of what I expected, smbldap-useradd.pl is not using sambaAccount as the structural objectClass; it's not using it *at all*. Here's a sample: - # ldapsearch -LLL -b ou=machines,o=nebrwesleyan.edu,o=isp uid=guinea* dn: uid=guinea-pig$,ou=Machines,o=NebrWesleyan.edu,o=isp objectClass: top objectClass: posixAccount cn: guinea-pig$ uid: guinea-pig$ uidNumber: 1001 gidNumber: 1 homeDirectory: /dev/null loginShell: /bin/false description: Computer - Adding the sambaAccount objectClass manually helped, actually; now I get this: - # ./smbpasswd -a -m guinea-pig$ ldap_connect_system: Binding to ldap server as cn=directory manager ldap_connect_system: Binding to ldap server as cn=directory manager failed to modify user with uid = guinea-pig$ with: Object class violation Password changed for user guinea-pig$. Failed to modify entry for user guinea-pig$. Failed to modify password entry for user guinea-pig$ - Again, though, setting the debug level to 10 doesn't help much. And again, there's still an object class violation. Anyone have any ideas what this one might be? Thanks. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 On Thu, 26 Aug 2004, Chris St. Pierre wrote: I'm trying to get Samba on a Mac OS X box running as a PDC with an LDAP backend. I've read through all of the major walkthroughs I can find, and we've actually already got it running very nicely as a file server; people are currently authenticating against a different PDC and then mapping drives from the Samba box in question. However, I'd like it to be the PDC eventually, but I'm running up against a problem. It is my understanding that the machine trust accounts need to be added with smbpasswd (or an LDAP workaround such as the smbldap-useradd.pl that comes with samba), but smbpasswd fails with the following error: # ./smbpasswd -a -m guinea-pig$ ldap_connect_system: Binding to ldap server as cn=directory manager LDAP search ((uid=guinea-pig_)(objectclass=sambaAccount)) returned 0 entries. ldap_connect_system: Binding to ldap server as cn=directory manager failed to modify user with uid = guinea-pig$ with: Object class violation Failed to add entry for user guinea-pig$. Failed to modify password entry for user guinea-pig$ The best thing I could find on the web was this: http://lists.samba.org/archive/samba/2003-February/062371.html, which only suggests upping my debug level. Doing so provides no better info, though: ./smbpasswd -D 10 -a -m guinea-pig$ [snip] Initializing connection to newman.nebrwesleyan.edu on port 389 ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as cn=directory manager ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[((uid=guinea-pig$)(objectclass=sambaAccount))] ldap_search_one_user: searching for:[uid=guinea-pig$] User exists without samba properties: adding them Setting entry for user: guinea-pig$ failed to modify user with uid = guinea-pig$ with: Object class violation Failed to add entry for user guinea-pig$. Failed to modify password entry for user guinea-pig$ If that thread I linked to is correct, then smbpasswd is trying to add the machine user guinea-pig$ with the structural objectClass sambaAccount -- which is bogus. If that's the case, is there a fix that doesn't involve hacking smbpasswd? Or, if that's not the case, what is and how do I fix it? Thanks for your help! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd complains about LDAP: Object class violation
On Fri, 2004-08-27 at 09:50, Chris St. Pierre wrote: Here's more info for anyone who's interested: Quite the opposite of what I expected, smbldap-useradd.pl is not using sambaAccount as the structural objectClass; it's not using it *at all*. Here's a sample: Okay, weird. I'm using the samba schema from ./examples/LDAP/ and it creates users w/ objectclass sambaSamAccount, not sambaAccount. sambaAccount is in that schema, but commented out. Cheers, lance -- Lance Levsen, Catprint Computing Linux Systems and programming Saskatoon, SK., CA. gpg --keyserver wwwkeys.pgp.net --recv-keys 0xF2DA79C8 signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd backend, group-per-user, and primary gid not a domain group
On Mon, 2004-07-19 at 17:09, Frank H wrote: After changing from 2.x to 3.0 I get these messages: rpc_server/srv_util.c:get_domain_user_groups(376) get_domain_user_groups: primary gid of user [fred] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that ... Craig White wrote: I would change to tdb but that's me. ... To sum up my experience, in case it helps anyone... This is with 3.0.3. Changing to the tdbsam password backend is utterly painless. (Thank you samba developers.) Apart from the fact that the smbpasswd file password backend is deprecated, tdbsam is better in that it allows you to set a user's primary group with pdbedit. You can set your group to domain admin and you'll be an administrator when you log into Windows - no messing with net groupmap or unix groups required. When I do this however, samba still logs the message shown above! I know my group setting is working because otherwise I wouldn't be an administrator when I log in. So I think producing the message in this case is a bug. I had one other problem due to a mismatch between the pdbedit man page and the behavior of the program. The man page says the -r flag is not needed but I found I could not change my group without it. Finally, for what it's worth, I've been running for over a month with NT doesn't like that with w2k clients and I'm not aware of any problems. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd complains about LDAP: Object class violation
I'm trying to get Samba on a Mac OS X box running as a PDC with an LDAP backend. I've read through all of the major walkthroughs I can find, and we've actually already got it running very nicely as a file server; people are currently authenticating against a different PDC and then mapping drives from the Samba box in question. However, I'd like it to be the PDC eventually, but I'm running up against a problem. It is my understanding that the machine trust accounts need to be added with smbpasswd (or an LDAP workaround such as the smbldap-useradd.pl that comes with samba), but smbpasswd fails with the following error: # ./smbpasswd -a -m guinea-pig$ ldap_connect_system: Binding to ldap server as cn=directory manager LDAP search ((uid=guinea-pig_)(objectclass=sambaAccount)) returned 0 entries. ldap_connect_system: Binding to ldap server as cn=directory manager failed to modify user with uid = guinea-pig$ with: Object class violation Failed to add entry for user guinea-pig$. Failed to modify password entry for user guinea-pig$ The best thing I could find on the web was this: http://lists.samba.org/archive/samba/2003-February/062371.html, which only suggests upping my debug level. Doing so provides no better info, though: ./smbpasswd -D 10 -a -m guinea-pig$ [snip] Initializing connection to newman.nebrwesleyan.edu on port 389 ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as cn=directory manager ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[((uid=guinea-pig$)(objectclass=sambaAccount))] ldap_search_one_user: searching for:[uid=guinea-pig$] User exists without samba properties: adding them Setting entry for user: guinea-pig$ failed to modify user with uid = guinea-pig$ with: Object class violation Failed to add entry for user guinea-pig$. Failed to modify password entry for user guinea-pig$ If that thread I linked to is correct, then smbpasswd is trying to add the machine user guinea-pig$ with the structural objectClass sambaAccount -- which is bogus. If that's the case, is there a fix that doesn't involve hacking smbpasswd? Or, if that's not the case, what is and how do I fix it? Thanks for your help! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd issue
Howdy All, I am trying to add more winxp machines to an existing domain and I think I must have broken something. The story goes, I discovered that it is a bad idea to have the computername and username the same, so I thought I would change the computername on one machine ( at a time ). However after trying with the first machine ( and failing ) I gave up thinking I would come back to this issue. However,when I try to add ANY new machine to the domain with smbpasswd -a -m newmachinename I get failed to initialise SAM_ACCOUNT for user newmachinename$ failed tomodify password entry for user newmachinename$ This tells me that it recognises the account as a machine trust account, but the database is bust. HOW DO I FIX IT ( or if all else fails can I remove the smbpasswd file and simply add all of the accounts again ) ?? The latter is not my favourite option but I will do it to get things going. The second and more important question is WHAT DID I DO to break it. I really dont want to have to go through this regularly.AND is there some backup of the database ( or can I create one on a dynamic system ) and if so what files should I be backing up. Thanks in advance. Regards Greg -- System Manager RGTechnologies Pty Ltd 606 Skipton Street Ballarat 3350 613 53363603 0417 511 731 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd in samba 3.0
In samba 2.2.8, smbpasswd can change a user's smb password without prompt: # smbpasswd username newpswd How to do it in samba 3.0 Best Regards! Jacky Kim . - ,? http://smspop.163.com/personal/wang/17/index.htm -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd in samba 3.0
In samba 2.2.8, smbpasswd can change a user's smb password without prompt: # smbpasswd username newpswd How to do it in samba 3.0? I do want to change user's password without prompt! Best regards! Jacky Kim . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd password via stdin?
Is there a method to pass a password to smbpasswd from stdin? Currently it appears only the user or machine name can be passed. Would like to automate the process via shell script. -- Raymond -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd in samba 3.0
Jacky Kim wrote: In samba 2.2.8, smbpasswd can change a user's smb password without prompt: # smbpasswd username newpswd How to do it in samba 3.0? I do want to change user's password without prompt! I use samba 3.0.5 and smbpasswd works the same way as in 2.28 for changing passwords without prompt. Regards, -- Filipi Vianna Laboratrio de Mecnica Computacional (DEMM) Faculdade de Engenharia - PUC-RS telefone: (51) 3320-3500 ramal: 4053 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd password via stdin?
Raymond wrote: Is there a method to pass a password to smbpasswd from stdin? Currently it appears only the user or machine name can be passed. Would like to automate the process via shell script. NAME smbpasswd - change a user's SMB password SYNOPSIS smbpasswd [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r remote machine] [-R name resolve order] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username] The smbpasswd suports the password as an argument. In my shell script to automate the user creation process, I do something like this: echo Adding and enabling samba user $user # smbpasswd -a -s $user $password smbpasswd -e $user Hope that helps, Regards, -- Filipi Vianna Laboratório de Mecânica Computacional (DEMM) Faculdade de Engenharia - PUC-RS telefone: (51) 3320-3500 ramal: 4053 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd in samba 3.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Filipi Vianna wrote: | Jacky Kim wrote: | | In samba 2.2.8, smbpasswd can change a user's smb password | without prompt: | # smbpasswd username newpswd | | How to do it in samba 3.0? I do want to change user's password | without prompt! | | | I use samba 3.0.5 and smbpasswd works the same way as in 2.28 | for changing passwords without prompt. Just to clarify. This was changed for the upcoming 3.0.6. You have to use the -s flag now. 'smbpasswd -a user passwd' is no longer supported. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBI5LrIR7qMdg1EfYRAkoiAJ0VmGhYFeuQoxlw2AxBExFr2oqerQCg1vjg 2ZKxdJopjpoGmJ8eiQJdHe8= =amCc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd overwrites existing displayname in LDAP entry
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ruud Baart wrote: | Configuration: Samba 2.2.8a with openLDAP 2.1.30 on a SeSE | 8.2. server | | When adding a user using a ldif file we give the user a given | name, say Ruud Baart. The cn and uid are the same, say | 21cs12345 (a studentnumber). | | After adding the user to LDAP the displayname is as | expected: Ruud Baart. However after smbpasswd -a 21cs12345 | -s secret the displayname is 21cs12345. | | That is, of course, not what we want. Is there any solution | for this problem? This is fixed in 3.0 IIRC. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBIKkCIR7qMdg1EfYRAmXdAKCRe02NaxG2XpumFiMvQHJJcdjEfACgisUG P47vxvteQ8KB8uWvpCOPa34= =h4e7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd overwrites existing displayname in LDAP entry
Configuration: Samba 2.2.8a with openLDAP 2.1.30 on a SeSE 8.2. server When adding a user using a ldif file we give the user a given name, say Ruud Baart. The cn and uid are the same, say 21cs12345 (a studentnumber). After adding the user to LDAP the displayname is as expected: Ruud Baart. However after smbpasswd -a 21cs12345 -s secret the displayname is 21cs12345. That is, of course, not what we want. Is there any solution for this problem? Met vriendelijke groet/Regards, Prompt R.J. Baart Kerkstraat 173 5261 CW Vught Netherlands Http://WWW.Prompt.NL Tel.: +31 73 6567041 Fax.: +31 73 6573513 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd overwrites existing displayname in LDAP entry
Made mistake in my question, sorry. Question should be: Configuration: Samba 2.2.8a with openLDAP 2.1.30 on a SeSE 8.2. server When adding a user using a ldif file we give the user a displayName, say Ruud Baart. The cn and uid are the same, say 21cs12345 (a studentnumber). After adding the user to LDAP the displayname is as expected: Ruud Baart. However after smbpasswd -a 21cs12345 -s secret the displayname is suddenly 21cs12345. That is, of course, not what we want. Is there any solution for this problem? Met vriendelijke groet/Regards, Prompt R.J. Baart Kerkstraat 173 5261 CW Vught Netherlands Http://WWW.Prompt.NL Tel.: +31 73 6567041 Fax.: +31 73 6573513 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd error
smbd/chgpasswd.c:check_oem_password(832) check_oem_password: incorrect password length (1292521526). [2004/08/03 10:12:51, 0] passdb/passdb.c:pdb_free_sam(210) pdb_free_sam: SAM_ACCOUNT was NULL Hi there, I had this problem too when trying to setup password syncing. I can't for the life of me remember what the solution was. Although I'm pretty darn certain that it _isn't_ password length. I did however write up my solution:- http://gensig.nibsc.ac.uk/~dmccann/ (there's something odd with out web servers at the moment, so if that linkt doesn't work for you, please let me know and I'll get it fixed.) Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd error
Hi Samba people I saw this as a problem in the archives about a month ago but no solution ? I'm running samba 2.2.10 on Solaris 8. We have a script to replace /usr/bin/passwd which changes the NIS passwd and then uses smbpasswd to change the user's smb password to the same thing. Some users are getting : NIS password changed for diane on cauchy machine 127.0.0.1 rejected the password change : Error was : The specified password was invalid. Failed to change password for diane and in the log file : smbd/chgpasswd.c:check_oem_password(832) check_oem_password: incorrect password length (1292521526). [2004/08/03 10:12:51, 0] passdb/passdb.c:pdb_free_sam(210) pdb_free_sam: SAM_ACCOUNT was NULL In all cases passwords are between 6 and 9 characters. Janet * Janet Dickson| http://www.bioss.sari.ac.uk/~janet Biomathematics Statistics Scotland | email: janet at bioss.sari.ac.uk The King's Buildings, Mayfield Rd| Telephone: +44 (0) 131 650 4888 Edinburgh EH9 3JZ, Scotland, UK. | Fax: +44 (0) 131 650 4901 * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd - XML (part 2)
after I added -d 1000 I got the following: (only the last lines shown, after that program hangs): pdb_getsampwent getsmbfilepwent: returning passwd entry for user statt, uid 1022 pdb_set_username: setting username statt, was element 12 - now SET pdb_set_full_name: setting full name , was element 13 - now SET pdb_set_unix_homedir: setting home dir /home/statt, was NULL element 22 - now SET pdb_set_domain: setting domain SOLAR, was element 14 - now DEFAULT pdb_set_user_sid: setting user sid S-1-5-21-1906877464-905504629-2230954338-3044 element 18 - now SET pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1906877464-905504629-2230954338-3044 from rid 3044 tdb_unpack(ddff, 26) - 26 tdb_unpack(ddff, 22) - 22 tdb_unpack(ddff, 21) - 21 tdb_unpack(ddff, 16) - 16 tdb_unpack(ddff, 23) - 23 tdb_unpack(ddff, 23) - 23 tdb_unpack(ddff, 21) - 21 tdb_unpack(ddff, 25) - 25 tdb_unpack(ddff, 24) - 24 tdb_unpack(ddff, 27) - 27 tdb_unpack(ddff, 26) - 26 tdb_unpack(ddff, 15) - 15 pdb_set_group_sid: setting group sid S-1-5-21-1906877464-905504629-2230954338-1201 element 19 - now SET pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1906877464-905504629-2230954338-1201 from rid 1201 pdb_set_profile_path: setting profile path \\sol\statt\profile, was element 2 - now DEFAULT pdb_set_homedir: setting home dir \\sol\statt, was element 1 - now DEFAULT pdb_set_dir_drive: setting dir drive Z:, was NULL element 3 - now DEFAULT pdb_set_logon_script: setting logon script s.bat, was element 4 - now DEFAULT element 20 - now DEFAULT element 33 - now SET element 32 - now SET element 20 - now SET element 21 - now SET element 9 - now SET getsampwent (smbpasswd): done element 21: SET xmlsam_add_sam_account called! element 5: DEFAULT element 6: DEFAULT element 7: DEFAULT element 9: SET element 10: DEFAULT -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd - XML (part 3)
sol# ls -l /var/db/pkg | grep samba drwxr-xr-x 2 root wheel 512 24 15:32 samba-3.0.5,1 sol# -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] /etc/samba/smbpasswd keeps changing - pulling my hair out
This is really bizarre. Running Samba 3.0.4 on SuSE 9.1. The password backend is smbpasswd. Each user has a system and samba account and everything has worked as expected until recently. But now, every new user I create is unable to log into Samba server (older users are still able to log in). Inspecting log.smbd the following messages are displayed: [2004/07/22 11:44:56, 2] smbd/sesssetup.c:setup_new_vc_session(602) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/07/22 11:44:56, 2] smbd/sesssetup.c:setup_new_vc_session(602) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/07/22 11:44:56, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [seara] - [seara] FAILED with error NT_STATUS_NO_SUCH_USER [2004/07/22 11:45:04, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [andreiaferreira] - [andreiaferreira] FAILED with error NT_STATUS_WRONG_PASSWORD [2004/07/22 11:45:07, 2] smbd/server.c:exit_server(568) Closing connections But what is most bizarre is that the /etc/samba/smbpasswd entry for this user is modified after this logon attempt! The password field is all XXed: andreiaferreira:1001:: [U ]:LTC-36635F00: If I reset the password by running smbpasswd -a andreiaferreira, the entry becomes: andreiaferreira:1001:58DF4B83F19C0B91AAD3B435B51404EE:050B689D4906009845CE4D4E17AA6AF7 [U ]:LTC-36635F00: BUT the next time this user tries to log into the server she is denied and the password entry is again XXed: andreiaferreira:1001:: [U ]:LTC-36635F00: I even tried to chmod a-w /etc/samba/smb.conf just to see what happened. But it was still modified! This happens using Windows XP Home and also using smbclient from a Linux host. What is going on here?! Why the NT_STATUS_WRONG_PASSWORD when the password is correct? How the hell the password in smbpasswd can be XXed by Samba after a logon attempt? The [global] section of my smb.conf is as follows: [global] workgroup = SEARA-LX log level = 2 syslog = 0 preferred master = Yes domain master = Yes wins support = Yes I would be grateful if anyone can enlighten me on this. Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: /etc/samba/smbpasswd keeps changing - pulling my hair out
Solved the problem. Apparently it has nothing to do with Samba, but with the CGI script ChangePassword (http://changepassword.sourceforge.net) which used the string LTC instead of LCT in smbpasswd entries. I edited the affected smbpasswd entries and changed LTC to LCT, and now it works. Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd backend, group-per-user, and primary gid not a domain group
After changing from 2.x to 3.0 I get these messages: rpc_server/srv_util.c:get_domain_user_groups(376) get_domain_user_groups: primary gid of user [fred] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that I understand why this is: fred's group needs to be mapped like so net groupmap modify ntgroup=Domain Users unixgroup=fred's group The problem is this: each user is in a different group (i.e. fred's initial group, the one mentioned in /etc/passed, is fred) and I can only map one onto Domain Users. I don't want to give up my group-per-user, umask is always 2 system. I'm hoping to avoid a more complicated password backend, assuming that would even help. My best idea so far is to set everyone's initial group (the one in /etc/passwd) to user mapped to Domain Users and also add them to their personal group. Then home directories have to be setgid so files don't end up in group user. But it's too easy to lose setgid bits. mkdir /tmp/dir; mv /tmp/dir ~ and files made in ~/dir are now the wrong group. My questions are: Is there a clean solution using the smbpasswd file password backend and keeping the group-per-user plan? If I bite the bullet and go to ldapsam or tdbsam does that help? Do I even need to worry about this? NT doesn't like that sounds ominous, but everything seems to work. My clients are mainly W2K if that matters. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd backend, group-per-user, and primary gid not a domain group
On Mon, 2004-07-19 at 17:09, Frank H wrote: After changing from 2.x to 3.0 I get these messages: rpc_server/srv_util.c:get_domain_user_groups(376) get_domain_user_groups: primary gid of user [fred] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that I understand why this is: fred's group needs to be mapped like so net groupmap modify ntgroup=Domain Users unixgroup=fred's group The problem is this: each user is in a different group (i.e. fred's initial group, the one mentioned in /etc/passed, is fred) and I can only map one onto Domain Users. I don't want to give up my group-per-user, umask is always 2 system. I'm hoping to avoid a more complicated password backend, assuming that would even help. My best idea so far is to set everyone's initial group (the one in /etc/passwd) to user mapped to Domain Users and also add them to their personal group. Then home directories have to be setgid so files don't end up in group user. But it's too easy to lose setgid bits. mkdir /tmp/dir; mv /tmp/dir ~ and files made in ~/dir are now the wrong group. My questions are: Is there a clean solution using the smbpasswd file password backend and keeping the group-per-user plan? If I bite the bullet and go to ldapsam or tdbsam does that help? Do I even need to worry about this? NT doesn't like that sounds ominous, but everything seems to work. My clients are mainly W2K if that matters. you are the chief - you make the call according to samba 3 How-to http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html smbpasswd This option allows continued use of the smbpasswd file that maintains a plain ASCII (text) layout that includes the MS Windows LanMan and NT encrypted passwords as well as a field that stores some account information. This form of password backend does not store any of the MS Windows NT/200x SAM (Security Account Manager) information required to provide the extended controls that are needed for more comprehensive inter-operation with MS Windows NT4/200x servers. This backend should be used only for backward compatibility with older versions of Samba. It may be deprecated in future releases. tdbsam This backend provides a rich database backend for local servers. This backend is not suitable for multiple Domain Controllers (i.e., PDC + one or more BDC) installations. The tdbsam password backend stores the old smbpasswd information plus the extended MS Windows NT / 200x SAM information into a binary format TDB (trivial database) file. The inclusion of the extended information makes it possible for Samba-3 to implement the same account and system access controls that are possible with MS Windows NT4/200x-based systems. The inclusion of the tdbsam capability is a direct response to user requests to allow simple site operation without the overhead of the complexities of running OpenLDAP. It is recommended to use this only for sites that have fewer than 250 users. For larger sites or implementations, the use of OpenLDAP or of Active Directory integration is strongly recommended. I would change to tdb but that's me. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd - zero size
I solved it. just used the default : passwd backend = smbpasswd by Alexander Varga [EMAIL PROTECTED] 07/14/04 10:54AM hi why is my always /usr/local/samba/private/smbpasswd of zero size? I add an user with smbpasswd -a username and only the files secrets.tdb passdb.tdb changed. any ideas? Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd - zero size
hi why is my always /usr/local/samba/private/smbpasswd of zero size? I add an user with smbpasswd -a username and only the files secrets.tdb passdb.tdb changed. any ideas? Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba