Re: [Samba] smbpasswd not working

[John Tate]

On Fri, Jan 20, 2012 at 2:15 AM, Helmut Hullen  wrote:

> Hallo, John,
>
> Du meintest am 20.01.12:
>
> > root@hayek:~# smbpasswd john
> > New SMB password:
> > Retype new SMB password:
> > Failed to find entry for user john.
>
> > This is despite the existence of the user
> > root@hayek:~# cat /etc/samba/smbpasswd
> > #
> > # SMB password file.
> > #
> > nobody:65534::XXX
> > X:[U ]:LCT-:nobody
> > john:1000::XX
> > XX:[U ]:LCT-:John Tate,,,
>
> Tells
>
>pdbedit -Lw -u john
>
> the same contents?
> And - please - don't show this contents (at least the unchanged
> contents); it's very simple to restore the original password from this
> contents.
>
> Additional (related to Volkers answer): what tells
>
>testparm -sv 2>/dev/null | grep backend
>


> root@hayek:~# testparm -sv 2>/dev/null | grep backend
> passdb backend = tdbsam
> idmap backend = tdb
> idmap config * : backend = tdb
>
>
Yeah I'm using a different backend to what I thought. I've actually not
configured samba on Linux in a long time. Some things have changed it seems
I'll just have to catch up on the docs. I know what area I'm wrong in now
so thanks.

> Viele Gruesse!
> Helmut
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
www.johntate.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd not working

[Helmut Hullen]

Hallo, John,

Du meintest am 20.01.12:

> root@hayek:~# smbpasswd john
> New SMB password:
> Retype new SMB password:
> Failed to find entry for user john.

> This is despite the existence of the user
> root@hayek:~# cat /etc/samba/smbpasswd
> #
> # SMB password file.
> #
> nobody:65534::XXX
> X:[U ]:LCT-:nobody
> john:1000::XX
> XX:[U ]:LCT-:John Tate,,,

Tells

pdbedit -Lw -u john

the same contents?
And - please - don't show this contents (at least the unchanged  
contents); it's very simple to restore the original password from this  
contents.

Additional (related to Volkers answer): what tells

testparm -sv 2>/dev/null | grep backend

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd not working

[Volker Lendecke]

On Fri, Jan 20, 2012 at 02:01:29AM +1100, John Tate wrote:
> When I used smbpasswd it gives me the following error...
> root@hayek:~# smbpasswd john
> New SMB password:
> Retype new SMB password:
> Failed to find entry for user john.
> 
> This is despite the existence of the user
> root@hayek:~# cat /etc/samba/smbpasswd
> #
> # SMB password file.
> #
> nobody:65534:::[U
> ]:LCT-:nobody
> john:1000:::[U
> ]:LCT-:John Tate,,,
> 
> I do not understand what is going on. I really need to get this working.

You might be running with "passdb backend = tdbsam" (the
default right now). In that case, the smbpasswd file is no
longer used. It's replaced by a file called passdb.tdb.

With best regards,

Volker Lendecke

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kont...@sernet.de
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd not working

[John Tate]

When I used smbpasswd it gives me the following error...
root@hayek:~# smbpasswd john
New SMB password:
Retype new SMB password:
Failed to find entry for user john.

This is despite the existence of the user
root@hayek:~# cat /etc/samba/smbpasswd
#
# SMB password file.
#
nobody:65534:::[U
]:LCT-:nobody
john:1000:::[U
]:LCT-:John Tate,,,

I do not understand what is going on. I really need to get this working.

John Tate

-- 
www.johntate.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd and replica ldap server

[tony archibald]

Hi, I have a replica ldap server running on a machine and the samba passdb
back end on this machine points to this replica ldap server. I have
defined  an update ref pointing to the master in my slapd.conf.

the question is... will utilities like smbpasswd follow these references
and update the master or will they try to update the replica ldap directory.

thanks in advance Tony
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd doesn't accept -'s in username?

[Gilles]

Hello

Since Lighttpd sets /var/www to www-data, I ran this:

# grep -i "www-data" /etc/passwd
www-data:x:33:33:www-data:/var/www:/bin/sh

# smbpasswd -a "www-data"
New SMB password:
Retype new SMB password:
Unable to modify TDB passwd: NT_STATUS_UNSUCCESSFUL!
Failed to add entry for user www-data.

Can you confirm that Samba doesn't allow dashes in usernames? Is there
a work-around?

Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] How ot migrate from /etc/samba/smbpasswd -> LDAP ldapsam:trusted

[Gaiseric Vandal]

Pdbedit should have some import /export commands.I don't remember if you
want to change the smb.conf entry for backend before or after you do the
import.  I actually had the tdb backend for samba but already had the "unix"
users in ldap.   I was trying to update the accounts with the samba
passwords, SIDs and other "windows" specific stuff.  

None-the-less, it didn't import properly for me.  About 1/2 users did not
get a password imported.  

Smbpasswd (smbpasswd -w?) should also let you dump out info into a text
file.  You could write a script to run thru each line, split the fields up
and the use the ldap commands to  create/modify the users accounts.  Perl
works pretty well for this with the "split" command.



-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Götz Reinicke - IT Koordinator
Sent: Sunday, May 02, 2010 4:39 AM
To: samba@lists.samba.org
Subject: [Samba] How ot migrate from /etc/samba/smbpasswd -> LDAP
ldapsam:trusted

Hi,

has anyone done a migration from an "old" smb passwd file =
/etc/samba/smbpasswd setup to a "up to date" LDAP ldapsam:trusted setting?

(Centos 5.4, samba-3.0.33-3.28, openldap-2.3.43)

If so, is there some how to? Or may somewone share his/her experience
with me.

Thanks a lot and best regards,

Götz
-- 
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reini...@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner

Geschäftsführer:
Prof. Thomas Schadt
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] How ot migrate from /etc/samba/smbpasswd -> LDAP ldapsam:trusted

[Götz Reinicke - IT Koordinator]

Hi,

has anyone done a migration from an "old" smb passwd file =
/etc/samba/smbpasswd setup to a "up to date" LDAP ldapsam:trusted setting?

(Centos 5.4, samba-3.0.33-3.28, openldap-2.3.43)

If so, is there some how to? Or may somewone share his/her experience
with me.

Thanks a lot and best regards,

Götz
-- 
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reini...@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner

Geschäftsführer:
Prof. Thomas Schadt
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd fails

[Chris Smith]

On Mon, Apr 12, 2010 at 3:23 PM, Chris Smith  wrote:
> Any clues?

Does smbpasswd just not work as a user with NTLMv2? Is this documented anywhere?

The problem is that I'm trying to test unix password sync and don't
have a windows box. Running smbpasswd as root or using pdbedit update
the database directly and do not rely on the client/server mode.

Is there another way to test unix password sync using NTLMv2 and no windows box?

Thanks.

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd fails

[Chris Smith]

Trying to use smbpasswd to change a password and I get:

Old SMB password:
New SMB password:
Retype new SMB password:
SAMR connection to machine NT_STATUS_ACCESS_DENIED failed. Error was
127.0.0.1, but LANMAN password changed are disabled

This is with samba-3.5.2.

Any clues?

Thanks,

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd issue in a migration.

[Gabriel Burgos Informatica]

Hi, thank you for answer, in the new server tells (8.04),

r...@server:~# which -a smbpasswd
/usr/bin/smbpasswd

r...@server:~# ls -l /usr/bin/smbpasswd
-rwxr-xr-x 1 root root 1307112 2007-02-05 22:14 /usr/bin/smbpasswd

In the ubuntu 5.10 (original server),


r...@sever:~# which -a smbpasswd
/usr/bin/smbpasswd
/usr/bin/X11/smbpasswd

r...@sever:~# ls -l /usr/bin/smbpasswd
-rwxr-xr-x  1 root root 1307112 2007-02-05 22:15 /usr/bin/smbpasswd


Thanks,

g.

-Mensaje original-
De: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] En
nombre de Helmut Hullen
Enviado el: viernes, 05 de febrero de 2010 04:10 a.m.
Para: samba@lists.samba.org
Asunto: Re: [Samba] smbpasswd issue in a migration.

Hallo, Gabriel,

Du meintest am 04.02.10:

> My problem is when I try to change an user?s password. To change from
> the original server a password I use the command smbpasswd ?user? and
> it works; but when I try to do the same in the new server I get this
> error bash: /usr/bin/smbpasswd  no such file or directory exist.

What tells

which -a smbpasswd
ls -l /usr/bin/smbpasswd


> I try to change the password with passwd but then it doesn?t allow me
> to log on a windows?s terminal with the new password.

That's simple: "passwd" changes (only) the Linux password, and  
"smbpasswd" only changes the Samba password.

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd issue in a migration.

[Helmut Hullen]

Hallo, Gabriel,

Du meintest am 04.02.10:

> My problem is when I try to change an user?s password. To change from
> the original server a password I use the command smbpasswd ?user? and
> it works; but when I try to do the same in the new server I get this
> error bash: /usr/bin/smbpasswd  no such file or directory exist.

What tells

which -a smbpasswd
ls -l /usr/bin/smbpasswd


> I try to change the password with passwd but then it doesn?t allow me
> to log on a windows?s terminal with the new password.

That's simple: "passwd" changes (only) the Linux password, and  
"smbpasswd" only changes the Samba password.

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd issue in a migration.

[Gabriel Burgos]

Hi,

 

I migrated a server from Ubuntu 5.10 to a Ubuntu 8.04. Also I migrated
samba.

 

My problem is when I try to change an user´s password. To change from the
original server a password I use the command smbpasswd ´user´ and it works;
but when I try to do the same in the new server I get this error bash:
/usr/bin/smbpasswd  no such file or directory exist. I try to change the
password with passwd but then it doesn´t allow me to log on a windows´s
terminal with the new password. Maybe is important to say that users with
their own passwords can log on without a problem.

 

Any idea? Do you need any more information?

 

Thanks.

 

Gabriel.

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd vs passwd to change

[Adam Tauno Williams]

On Thu, 2010-02-04 at 10:11 -0600, Adam wrote:
> so what's you're question?
> Nickolas Gray wrote:
> > Not sure if someone here can answer this for me. The OpenLDAP guys 
> > have blown me off on this one.

Don't feel bad;  providing opportunities to blow people off is the
primarily purpose of their listserv.

> > I have a standalone server which is using ldap as the passdb backend. 
> > I can ssh into an account.  I can show that "smbclient works  -L 
> > localhost -U ldaptestuser" works. If I change the password using 
> > smbpasswd both still work with new password. If i change the password 
> > using /usr/bin/passwd I can login interactively with the new password 
> > but samba still uses the old password.

Of course. passwd does not update the SAM password attributes.  With a
Samba 3.x SAM you have [at least] two passwords in your LDAP object -
userpassword and sambantpassword.  Samba may know to update all the
password entries, and potentially other meta-data, but passwd certainly
does not.  Unless you've been successful at configuring the smbk5pwd
module and are performing password changes via the password change
extended operation.

This is covered in the official documentation somwhere.

-- 
OpenGroupware developer: awill...@whitemice.org

OpenGroupare & Cyrus IMAPd documenation @


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd vs passwd to change

[Adam]

so what's you're question?

Nickolas Gray wrote:
Not sure if someone here can answer this for me. The OpenLDAP guys 
have blown me off on this one.


I have a standalone server which is using ldap as the passdb backend. 
I can ssh into an account.  I can show that "smbclient works  -L 
localhost -U ldaptestuser" works. If I change the password using 
smbpasswd both still work with new password. If i change the password 
using /usr/bin/passwd I can login interactively with the new password 
but samba still uses the old password.



The relevant part of the smb.conf is

[global]
workgroup = ISLANDS
server string = Samba Server Version %v on Kailua
netbios name = kailua
hosts allow = 192.168.136. 127.
log file = /var/log/samba/%m.log
max log size = 50
log level = 10
debug timestamp = yes

security = user

passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=local,dc=austin,dc=rr,dc=com
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=root,dc=local,dc=austin,dc=rr,dc=com
ldap delete dn = no
ldap ssl = no
ldap passwd sync = yes
local master = yes
os level = 33
preferred master = yes
load printers = yes
cups options = raw
restrict anonymous = 2


Thanks, Nick Gray

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd vs passwd to change

[Nickolas Gray]

Not sure if someone here can answer this for me. The OpenLDAP guys  
have blown me off on this one.


I have a standalone server which is using ldap as the passdb backend.  
I can ssh into an account.  I can show that "smbclient works  -L  
localhost -U ldaptestuser" works. If I change the password using  
smbpasswd both still work with new password. If i change the password  
using /usr/bin/passwd I can login interactively with the new password  
but samba still uses the old password.



The relevant part of the smb.conf is

[global]
workgroup = ISLANDS
server string = Samba Server Version %v on Kailua
netbios name = kailua
hosts allow = 192.168.136. 127.
log file = /var/log/samba/%m.log
max log size = 50
log level = 10
debug timestamp = yes

security = user

passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=local,dc=austin,dc=rr,dc=com
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=root,dc=local,dc=austin,dc=rr,dc=com
ldap delete dn = no
ldap ssl = no
ldap passwd sync = yes
local master = yes
os level = 33
preferred master = yes
load printers = yes
cups options = raw
restrict anonymous = 2


Thanks, Nick Gray
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd: where's the file of password?

[Gaiseric Vandal]

On 11/17/09 14:43, Pol Hallen wrote:

Hi all :-)
I compiled samba on my debian stable (all bin are in /usr/local/samba/bin/),
smbpasswd too. I use it but I don't see the smbpasswd password file. Where
smbpasswd update own file of passwords?

thanks

Pol
   

"testparm -v"  should show this.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd: where's the file of password?

[Pol Hallen]

Hi all :-)
I compiled samba on my debian stable (all bin are in /usr/local/samba/bin/), 
smbpasswd too. I use it but I don't see the smbpasswd password file. Where 
smbpasswd update own file of passwords?

thanks

Pol
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ./smbpasswd: symbol lookup error: ./smbpasswd: undefined symbol: _talloc_get_type_abort

[Michael Wood]

2009/11/15 Pol Hallen :
>> What does "ldd ./smbpasswd" give you?
> debian-test-0:/usr/local/samba/bin# ldd smbpasswd
>        linux-gate.so.1 =>  (0xb7adf000)
>        libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7abd000)
>        libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7aa4000)
>        libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7a9f000)
>        libtalloc.so.1 => /usr/lib/libtalloc.so.1 (0xb7a97000)
>        libtdb.so.1 => /usr/lib/libtdb.so.1 (0xb7a8a000)
>        libwbclient.so.0 => /usr/lib/libwbclient.so.0 (0xb7a81000)
>        libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7926000)
>        /lib/ld-linux.so.2 (0xb7ae)

Right.  So it's using the system libtalloc (and libtdb etc.) instead
of the ones you compiled.

Try:

# echo /usr/local/samba/lib >/etc/ld.so.conf.d/00self-compiled-samba
# ldconfig

Then when you run "ldd smbclient" again it should point libtalloc.so.1
to /usr/local/samba/lib/libtalloc.so.1.

-- 
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ./smbpasswd: symbol lookup error: ./smbpasswd: undefined symbol: _talloc_get_type_abort

[dave mathis]

Michael Wood wrote:
> 2009/11/13 Pol Hallen :
>> Hi folks :-)
>>
>> I compiled samba (latest stable v3.4.3) on my debian stable, everything seems
>> ok but when I try to add new samba user ./smbpasswd:
>>
>> ./smbpasswd: symbol lookup error: ./smbpasswd: undefined symbol:
>> _talloc_get_type_abort
>>
>> I already checked useful libreries but I don't understand this problem.
>>
>> what can I do?
> 
> What does "ldd ./smbpasswd" give you?
> 

I solved this by installing libtalloc1 version 3.4.3
when upgrading from 3.2.7

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ./smbpasswd: symbol lookup error: ./smbpasswd: undefined symbol: _talloc_get_type_abort

[Michael Wood]

2009/11/13 Pol Hallen :
> Hi folks :-)
>
> I compiled samba (latest stable v3.4.3) on my debian stable, everything seems
> ok but when I try to add new samba user ./smbpasswd:
>
> ./smbpasswd: symbol lookup error: ./smbpasswd: undefined symbol:
> _talloc_get_type_abort
>
> I already checked useful libreries but I don't understand this problem.
>
> what can I do?

What does "ldd ./smbpasswd" give you?

-- 
Michael Wood 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] ./smbpasswd: symbol lookup error: ./smbpasswd: undefined symbol: _talloc_get_type_abort

[Pol Hallen]

Hi folks :-)

I compiled samba (latest stable v3.4.3) on my debian stable, everything seems 
ok but when I try to add new samba user ./smbpasswd:

./smbpasswd: symbol lookup error: ./smbpasswd: undefined symbol: 
_talloc_get_type_abort

I already checked useful libreries but I don't understand this problem.

what can I do?

(samba pre-compiled packages on debian are some grave bugs)

thanks :-)

Pol
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd refuses to add a user if the UID exists somewhere in LDAP

[John Du]

All the experts.

We have been running samba 3.0.xx (currently at 3.0.28a) on RHEL 4 with 
LDAP back end for a few years now.  It has been working well for us.


Now we are having a little problem. I am not sure if the behavior we see 
is by design or a bug.


In smb.conf

We have:
ldap suffix = o=COMPANY,c=US
ldap user suffix = ou=People

The LDAP database also has an ou=Terms tree for people who have 
terminated employment with the company.  The entries on the ou=Terms 
tree has a uid attribute.


When we rehire people, we would like to give them the same UID as 
before.  We can add the new user with recycled uid to the ou=People 
tree.  But when we run smbpasswd -a uid to make the user also a Samba 
user, smbpasswd returns an error saying the UID is already used.


The entries in Terms are not of posixAccount class and they do not have 
the "ldap user suffix" specified in smb.conf.  Is smbpasswd supposed to 
refuse to make the user a Samba user?


It is not a big deal for us. We can just give the rehires a new UID.  
But it would be nice to know this is a bug or not.


Thanks,

John

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd

[Vnpenguin]

On Mon, Apr 13, 2009 at 11:46 AM, Res  wrote:
> Hi,
> For automation in Perl scripts that add users, trying to add in smbpasswd,
> I'm sure, years ago, there was a way of issuing this without drama, now it
> seems it wont just take the password, is there a hidden option? or can we
> get "-w" changed so that it inserts the password into the pass file?
>
> `smbpasswd -a foo -w bar`;  would be nice and painless for automation
> without writing yet another messy expect script :)
>
>

Maybe this can help you ?

http://www.programmingforums.org/thread6522.html

-- 
http://vnoss.org
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd

[Res]

Hi,
For automation in Perl scripts that add users, trying to add in smbpasswd,
I'm sure, years ago, there was a way of issuing this without drama, now 
it seems it wont just take the password, is there a hidden option? or can 
we get "-w" changed so that it inserts the password into the pass file?


`smbpasswd -a foo -w bar`;  would be nice and painless for automation
without writing yet another messy expect script :)


--
Res

-Beware of programmers who carry screwdrivers
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd or tdbsam? Which one?

[Miguel Medalha]

I do use it, though, at it works fine mostly. I've heard it explained
that the reasoning for avoiding TDBSAM is that if you're running a PDC,
you probably also need features not provided by TDBSAM. In many cases,
that isn't exactly accurate. We have MANY users, but our needs are
fairly simple (and there are few workstations -- it's just a public lab).

  
I prefer LDAP, but if I was to choose between smbpasswd or tdbsam I 
would definitely go for the later.


The reasons why tdbsam is better are clearly explained on the Samba 
documentation. See:


Samba3-ByExample
Samba3-HOWTO

Search the PDFs for "backend" and you will find plenty of information.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd or tdbsam? Which one?

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Miguel Medalha wrote:
> According to the Samba documentation, smbpasswd is not even recommended
> for a PDC...

I do use it, though, at it works fine mostly. I've heard it explained
that the reasoning for avoiding TDBSAM is that if you're running a PDC,
you probably also need features not provided by TDBSAM. In many cases,
that isn't exactly accurate. We have MANY users, but our needs are
fairly simple (and there are few workstations -- it's just a public lab).

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkl6TPoACgkQmb+gadEcsb6KJgCg5FJq0+rb0Zp70u1nLhTSje0E
xokAoNd3U8i/1CxknkSWmZ7Mq+a95oWR
=niPb
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd or tdbsam? Which one?

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I think you want tdbsam. There's virtually no downside.

=R

Aaron Souza wrote:
> All, I have a site with around 200 concurrent users, with a user count of
> over a thousand... I'm currently using just one PDC using the smbpasswd
> backend. I currently do not want to go into an LDAP backend... but would
> tdbsam be a better alternative?
> 
> One of the issues I have is, pretty randomly, I have some machines that
> cannot find the domain controller (dell wireless card utility tells you it
> cant via login). I'm guessing its because when I grep on 'corrupt' from
> /var/log/messages, I have many errors because of poor account managment.
> (exists in smbpaswd but not unix /etc/passwd. )
> 
> Thanks for the support.


- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkl6QPwACgkQmb+gadEcsb6fsACgqj0/d95xcq/DalFPRljbkhk7
v3kAoMesOSdMaYct3YROfNmPi9DY6Ob2
=Y9XA
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd or tdbsam? Which one?

[Miguel Medalha]

I was asking the same question not too many days ago.

I went with LDAP. It is not as difficult as some people think. It seems 
somewhat daunting at first but then you quickly get the grasp of it.


It simply *works* and solves *a lot* of challenges at the same time, 
leaving you ready for future expansion.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd or tdbsam? Which one?

[Miguel Medalha]

According to the Samba documentation, smbpasswd is not even recommended 
for a PDC...

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd or tdbsam? Which one?

[Aaron Souza]

All, I have a site with around 200 concurrent users, with a user count of
over a thousand... I'm currently using just one PDC using the smbpasswd
backend. I currently do not want to go into an LDAP backend... but would
tdbsam be a better alternative?

One of the issues I have is, pretty randomly, I have some machines that
cannot find the domain controller (dell wireless card utility tells you it
cant via login). I'm guessing its because when I grep on 'corrupt' from
/var/log/messages, I have many errors because of poor account managment.
(exists in smbpaswd but not unix /etc/passwd. )

Thanks for the support.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sharing samba smbpasswd

[Gavin Henry]

You don't have to use slapd.d (I'm working on more and better
documentation) and can just stick to slapd.conf. Only use that if you
want to make changes on the fly that stick around at restart.

On 29/12/2008, Scott Grizzard  wrote:
> I agree completely.  LDAP is the "right" way to go.  However, openldap
> is a bit daunting for first time users, and the slapd.d way of
> configuring openldap is not well documented for beginners.
>
> If the samba servers can go down for a few hours without causing too
> big of a headache, and you are not doing domain authentications for
> workstations, I wouldn't bother with ldap.  It will take you a month
> to get LDAP working the first time out, and if anything breaks, it is
> much groping in the dark to get it working again.
>
> Bottom line: LDAP is the "right" way to do it, but the learning curve
> is pretty steep.  If you can live with the single point of failure,
> live with it.  If you can't, hire a consultant to walk you through it
> the first time or buy a Mac X-Server, or invest in several bottles of
> Malox and kiss a month of weekends goodbye.  (On the plus side, doing
> it yourself will teach you a lot about linux, ldap, and samba:
> knowledge which you can lord over Microsoft techs that don't know the
> first thing about the protocols and logic underlying Active Directory,)
>
> - Scott Grizzard
>
> On Dec 29, 2008, at 10:56 AM, John Drescher wrote:
>
>>> 1) LDAP where one server runs ldap and all servers authenticate
>>> against it.
>>> Advantages: easy to replicate and easily extendable for other uses.
>>> Disadvantages: difficult to set up if you don't know what you are
>>> doing.
>>>
>> With syncrepl pretty easy to add more ldap servers. I generally use 1
>> master and several read only replicas. I would never run a network (of
>> more than 3 machines) with only 1 ldap server.
>>
>> http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl-ro
>>
>> On the subject of domain controllers using LDAP. Since I have been
>> doing this for > 5 years, I have a few comments. The ldap servers do
>> not have to be on the same machine as the PDC or BDC. At work I have 3
>> LDAP servers. All 3 of them are on VIRTUAL machines. I have 1 my PDC
>> on xen and my BDC on openvz. And the PDC and BDC do not have any samba
>> file shares on them.  One nice thing about this is moving the LDAP
>> servers or domain controllers in this case becomes trivial. And also I
>> do have backup servers on other virtual machines that are offline and
>> can be turned on as needed and in less than 5 minutes any of these
>> virtual machines can be the PDC and/or be the master ldap server.
>>
>> John
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

-- 
Sent from my mobile device

http://www.suretecsystems.com/services/openldap/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sharing samba smbpasswd

[John Drescher]

> I agree completely.  LDAP is the "right" way to go.  However, openldap is a
> bit daunting for first time users, and the slapd.d way of configuring
> openldap is not well documented for beginners.
>
> If the samba servers can go down for a few hours without causing too big of
> a headache, and you are not doing domain authentications for workstations, I
> wouldn't bother with ldap.  It will take you a month to get LDAP working the
> first time out, and if anything breaks, it is much groping in the dark to
> get it working again.
>
> Bottom line: LDAP is the "right" way to do it, but the learning curve is
> pretty steep.  If you can live with the single point of failure, live with
> it.  If you can't, hire a consultant to walk you through it the first time
> or buy a Mac X-Server, or invest in several bottles of Malox and kiss a
> month of weekends goodbye.  (On the plus side, doing it yourself will teach
> you a lot about linux, ldap, and samba: knowledge which you can lord over
> Microsoft techs that don't know the first thing about the protocols and
> logic underlying Active Directory,)
>

Exactly, I fully agree with all of this. I am in a bit of a rush so I
can not add anything of real substance at the moment.. Will try back
later.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sharing samba smbpasswd

[Scott Grizzard]

I agree completely.  LDAP is the "right" way to go.  However, openldap  
is a bit daunting for first time users, and the slapd.d way of  
configuring openldap is not well documented for beginners.


If the samba servers can go down for a few hours without causing too  
big of a headache, and you are not doing domain authentications for  
workstations, I wouldn't bother with ldap.  It will take you a month  
to get LDAP working the first time out, and if anything breaks, it is  
much groping in the dark to get it working again.


Bottom line: LDAP is the "right" way to do it, but the learning curve  
is pretty steep.  If you can live with the single point of failure,  
live with it.  If you can't, hire a consultant to walk you through it  
the first time or buy a Mac X-Server, or invest in several bottles of  
Malox and kiss a month of weekends goodbye.  (On the plus side, doing  
it yourself will teach you a lot about linux, ldap, and samba:  
knowledge which you can lord over Microsoft techs that don't know the  
first thing about the protocols and logic underlying Active Directory,)


- Scott Grizzard

On Dec 29, 2008, at 10:56 AM, John Drescher wrote:

1) LDAP where one server runs ldap and all servers authenticate  
against it.

Advantages: easy to replicate and easily extendable for other uses.
Disadvantages: difficult to set up if you don't know what you are  
doing.



With syncrepl pretty easy to add more ldap servers. I generally use 1
master and several read only replicas. I would never run a network (of
more than 3 machines) with only 1 ldap server.

http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl-ro

On the subject of domain controllers using LDAP. Since I have been
doing this for > 5 years, I have a few comments. The ldap servers do
not have to be on the same machine as the PDC or BDC. At work I have 3
LDAP servers. All 3 of them are on VIRTUAL machines. I have 1 my PDC
on xen and my BDC on openvz. And the PDC and BDC do not have any samba
file shares on them.  One nice thing about this is moving the LDAP
servers or domain controllers in this case becomes trivial. And also I
do have backup servers on other virtual machines that are offline and
can be turned on as needed and in less than 5 minutes any of these
virtual machines can be the PDC and/or be the master ldap server.

John
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sharing samba smbpasswd

[John Drescher]

> 1) LDAP where one server runs ldap and all servers authenticate against it.
>  Advantages: easy to replicate and easily extendable for other uses.
>  Disadvantages: difficult to set up if you don't know what you are doing.
>
With syncrepl pretty easy to add more ldap servers. I generally use 1
master and several read only replicas. I would never run a network (of
more than 3 machines) with only 1 ldap server.

http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl-ro

On the subject of domain controllers using LDAP. Since I have been
doing this for > 5 years, I have a few comments. The ldap servers do
not have to be on the same machine as the PDC or BDC. At work I have 3
LDAP servers. All 3 of them are on VIRTUAL machines. I have 1 my PDC
on xen and my BDC on openvz. And the PDC and BDC do not have any samba
file shares on them.  One nice thing about this is moving the LDAP
servers or domain controllers in this case becomes trivial. And also I
do have backup servers on other virtual machines that are offline and
can be turned on as needed and in less than 5 minutes any of these
virtual machines can be the PDC and/or be the master ldap server.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sharing samba smbpasswd

[Scott Grizzard]

There are four ways, off the top of my head, to get this done:

1) LDAP where one server runs ldap and all servers authenticate  
against it.  Advantages: easy to replicate and easily extendable for  
other uses.  Disadvantages: difficult to set up if you don't know what  
you are doing.


2) rsync the smbpasswd file.  Advantages: simple and easy.   
Disadvantages: no one does this, so you will wind up with a very weird  
setup which will be difficult to debug and which no one can help you  
with.


3) Kerberos.  Advantages: Very cool; single sign-on.  Disadvantages:  
pain in the ankle to set up.


4) Set up one samba server as a Domain Controller with a tdbsam  
backend, and join the other samba servers to that domain.  It is  
relatively easy to do, gives you single sign-on and one password file,  
and the computers don't need any special configuration to use the  
shares.  Disadvantages: the PDC becomes a single point of failure for  
all four file servers.


I recommend using the last option and setting up the Domain  
Controller.  Follow along with chapter 4 from Samba by Example (http://us1.samba.org/samba/docs/man/Samba-Guide/Big500users.html 
).  Do backups of your password files, and live with the single point  
of failure.


If the single point of failure is impossible to live with, you are  
back into replicating ldap.


- Scott Grizzard

On Dec 29, 2008, at 9:54 AM, Adam Williams wrote:


openldap.  read chapter 5 of samba 3 by example.pdf.

Dean Clapper wrote:
Is there a way to share smbpasswd (samba user name and password  
file) between multiple servers.  The servers are not on a domain  
controller, NIS nor ldap.
We have 2 - 3 redhat samba servers just for network share drives.   
Instead of managing passwords and user names on multiple systems,  
I'm trying to leverage one machine and use its logins and passwords  
for all samba machines.


Is there a good way to implement this strategy configuring the  
smb.conf file or is this going to require a different mechanism?


Thanks
Dean


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sharing samba smbpasswd

[Adam Williams]

openldap.  read chapter 5 of samba 3 by example.pdf.

Dean Clapper wrote:
Is there a way to share smbpasswd (samba user name and password file) 
between multiple servers.  The servers are not on a domain controller, NIS 
nor ldap. 

We have 2 - 3 redhat samba servers just for network share drives.  Instead 
of managing passwords and user names on multiple systems, I'm trying to 
leverage one machine and use its logins and passwords for all samba 
machines.


Is there a good way to implement this strategy configuring the smb.conf file 
or is this going to require a different mechanism?


Thanks
Dean
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sharing samba smbpasswd

[John Drescher]

On Sun, Dec 28, 2008 at 11:21 PM, Dean Clapper
 wrote:
>
> Is there a way to share smbpasswd (samba user name and password file)
> between multiple servers.  The servers are not on a domain controller, NIS
> nor ldap.
>
> We have 2 - 3 redhat samba servers just for network share drives.  Instead
> of managing passwords and user names on multiple systems, I'm trying to
> leverage one machine and use its logins and passwords for all samba
> machines.
>
> Is there a good way to implement this strategy configuring the smb.conf file
> or is this going to require a different mechanism?
>

Take a look at LDAP. After figuring it out (there is some learning
curve) it is very easy to implement and maintain.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] sharing samba smbpasswd

[Dean Clapper]

Is there a way to share smbpasswd (samba user name and password file) 
between multiple servers.  The servers are not on a domain controller, NIS 
nor ldap. 

We have 2 - 3 redhat samba servers just for network share drives.  Instead 
of managing passwords and user names on multiple systems, I'm trying to 
leverage one machine and use its logins and passwords for all samba 
machines.

Is there a good way to implement this strategy configuring the smb.conf file 
or is this going to require a different mechanism?

Thanks
Dean
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd web frontend

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andrea Venturoli wrote:
> Michael Mohn ha scritto:
> 
>> I would try a minimal setup of webmin.
> 
> 
> Thanks. I tried this today, but, even with only the samba module loaded,
> it still has too many features, which I don't want to give to my users.
> 
> I ended up wrapping smbpasswd in a cgi script. Ugly and risky, but I
> guess it's the "less worst" thing.

Did you try swat?

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIxYmZmb+gadEcsb4RAtUGAJ9y/c1POXphlrYQhNFznMzq6oo2qgCfRsZH
YKX6LSVc9Q+OCambxCrm5ns=
=6aUg
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd web frontend

[Michael Mohn]

Am 08.09.2008 um 21:07 schrieb Andrea Venturoli:


Michael Mohn ha scritto:


I would try a minimal setup of webmin.



Thanks. I tried this today, but, even with only the samba module  
loaded, it still has too many features, which I don't want to give  
to my users.


I ended up wrapping smbpasswd in a cgi script. Ugly and risky, but I  
guess it's the "less worst" thing.


in a second thought: maybe there is something like a addon for usermin  
(webmins user-centered part). maybe you should try google on this ;)



bye,

Michael.


PGP.sig
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd web frontend

[Andrea Venturoli]

Michael Mohn ha scritto:


I would try a minimal setup of webmin.



Thanks. I tried this today, but, even with only the samba module loaded, 
it still has too many features, which I don't want to give to my users.


I ended up wrapping smbpasswd in a cgi script. Ugly and risky, but I 
guess it's the "less worst" thing.


 bye & Thanks
av.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd web frontend

[Michael Mohn]

Am 03.09.2008 um 11:51 schrieb Andrea Venturoli:


Hello.

Before starting to write such a thing myself, I'm asking whether it  
already exists.


What I want is the ability to give a non-technical admin the ability  
to change passwords for any user.

This web page will obviusly be protected and only accessible to him.

The thing should be as simple as possible; I don't need UNIX  
password sync, the ability to add or remove users, or any other  
feature.


I also guess that the web way would be the easiest, but I'm open to  
other solutions.


I would try a minimal setup of webmin.



bye,

Michael.



PGP.sig
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd web frontend

[Andrea Venturoli]

Hello.

Before starting to write such a thing myself, I'm asking whether it 
already exists.


What I want is the ability to give a non-technical admin the ability to 
change passwords for any user.

This web page will obviusly be protected and only accessible to him.

The thing should be as simple as possible; I don't need UNIX password 
sync, the ability to add or remove users, or any other feature.


I also guess that the web way would be the easiest, but I'm open to 
other solutions.


 bye & Thanks
av.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbpasswd help101

[Friedrich Strohmaier]

Hi Cao, Minh, *,

Cao, Minh schrieb:

>Hi,
>
>I am using samba 3 came with redhat 5.1 , samba-3.0.25b-0.el5.4
>Please help to answer these questions
>
>1/ How can I can smb.conf to use /etc/samba/smbpasswd file ?
>2/ What is the default 'security' on samba 3   user  ?
>3/ Does the lines start with a ; (semi-colo) are default configuration
> ? example ; security = user

The answers You will get calling

man smb.conf

on Your shell prompt

>This email contains confidential and privileged material for the sole
> use of the intended recipient(s).  Any review, use, distribution or
> disclosure by others is strictly prohibited.  If you are not the
> intended recipient (or authorized to receive for the recipient),
> please contact the sender by reply email and delete all copies of
> this message.

really?? Then a public mailing list might not be a good place for it.
:o))

-- 
Friedrich
beste Grüße/best regards
von der/from the
Sonnenalb - Germany

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Smbpasswd help101

[Cao, Minh]

Hi,
 
I am using samba 3 came with redhat 5.1 , samba-3.0.25b-0.el5.4
Please help to answer these questions
 
1/ How can I can smb.conf to use /etc/samba/smbpasswd file ?
2/ What is the default 'security' on samba 3   user  ?
3/ Does the lines start with a ; (semi-colo) are default configuration
 ? example ; security = user
 


This email contains confidential and privileged material for the sole use of 
the intended recipient(s).  Any review, use, distribution or disclosure by 
others is strictly prohibited.  If you are not the intended recipient (or 
authorized to receive for the recipient), please contact the sender by reply 
email and delete all copies of this message.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] compare users in /etc/passwd versus /etc/samba/smbpasswd

[Colb, Andrew]

Comm command is ideal; it was built for this type of text processing
problem. It requires sorted ("collated") input lists. 

cut -d: -f1 /etc/passwd | sort > pass_f1   # provide sorted list of the
first field in the passwd file
cut -d: -f1 /etc/samba/smbpasswd | sort > smbpass_f1  # provide sorted
list of the first field in the smbpasswd file

then run

comm. -3 pass_f1 smbpass_f1 |more 
this will show two columns: first is entries unique to passwd, the
second column are entries unique to smbpasswd

comm command has several forms based on its output in three columns:
lines unique to file1, lines unique to file2 and lines found in both
files.
 
   comm -1 file1 file2  displays the items that are unique to file2  [-1
says omit results unique to file1 ]
   comm -2 file1 file2  displays the items that are unique to file1  [-2
says omit results unique to file2]
   comm -3 file1 file2  displays the items that are not common to file1
and file2
   comm -12 file1 file2  displays the items that are found in both file1
and file2


Andy Colb
Investment Company Institute


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ryan
Novosielski
Sent: Thursday, January 24, 2008 2:25 PM
To: John Drescher
Cc: Samba
Subject: Re: [Samba] compare users in /etc/passwd versus
/etc/samba/smbpasswd

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Drescher wrote:
> On Jan 24, 2008 1:15 PM, Kristoffer Knigga
<[EMAIL PROTECTED]> wrote:
>>  diff
>>
> probably sort as well and maybe awk

cut -f1 -d: to get the first field. Then sort, then diff, or a new
favorite: comm .

=R

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
|$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHmOYcmb+gadEcsb4RAlwxAKDZMjjuURRaHss5hM4QraGP52g7fQCgg3vX
Iaqio+2+Xb7afWRGSUGoe2M=
=I0yg
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd error: rejected the tconX on the IPC$ share

[Bayer, Gerard J (Jerry Bayer)]

 

Can anyone help on this matter in changing samba password:

 

[EMAIL PROTECTED] ~]$ smbpasswd

Old SMB password:

New SMB password:

Retype new SMB password:

read_socket_with_timeout: timeout read. read error = Connection reset by
peer.

Receiving SMB: Server stopped responding

machine 127.0.0.1 rejected the tconX on the IPC$ share. Error was : Read
error:

Connection reset by peer.

Failed to change password for d8tsjb0

[EMAIL PROTECTED] ~]$

 

 

Thanks

 

 

 

Regards

Jerry Bayer

 

Sr. Eng. Lan/Wan

International Partner Solutions Data Centers & Systems Support

Phone: (732) 885-4208

VNET: 783-4208

 

Verizon Business - global capability. personal accountability.

 

This e-mail is strictly confidential and intended only for use by the
addressee unless otherwise indicated.

 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd database is corrupt!

[Adam Williams]

i did, otherwise I wouldn't be able to ssh in and su -l to awilliam.

[EMAIL PROTECTED] ldap]# cat /etc/nsswitch.conf |grep ldap
passwd: files ldap
shadow: files ldap
group:  files ldap
protocols:  files ldap
services:   files ldap
netgroup:   files ldap
automount:  files ldap

Robert Pollard wrote:
Just taking a stab at this but did you modify nsswitch.conf to look in 
the LDAP server.  I believe this is where you would set it to look for 
authentication info other than "files"


- Original Message - From: "Adam Williams" 
<[EMAIL PROTECTED]>

To: "Samba" 
Sent: Friday, January 25, 2008 10:28 AM
Subject: [Samba] smbpasswd database is corrupt!


I added myself into OpenLDAP and deleted my user account from 
/etc/passwd. Now samba complains in the log file:


Jan 25 10:17:56 roark smbd[2767]:   build_sam_account: smbpasswd 
database is corrupt!  username awilliam with uid 511 is not in unix 
passwd database!


however, I'm resolving my awilliam with nss_ldap, so I can ssh and su 
-l awilliam fine.  so shouldn't samba be able to get the user 
awilliam w/ uid 511 out of ldap via nss_ldap instead of looking for 
it directly in /etc/passwd?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd database is corrupt!

[Robert Pollard]

Just taking a stab at this but did you modify nsswitch.conf to look in the 
LDAP server.  I believe this is where you would set it to look for 
authentication info other than "files"


- Original Message - 
From: "Adam Williams" <[EMAIL PROTECTED]>

To: "Samba" 
Sent: Friday, January 25, 2008 10:28 AM
Subject: [Samba] smbpasswd database is corrupt!


I added myself into OpenLDAP and deleted my user account from /etc/passwd. 
Now samba complains in the log file:


Jan 25 10:17:56 roark smbd[2767]:   build_sam_account: smbpasswd database 
is corrupt!  username awilliam with uid 511 is not in unix passwd 
database!


however, I'm resolving my awilliam with nss_ldap, so I can ssh and su -l 
awilliam fine.  so shouldn't samba be able to get the user awilliam w/ uid 
511 out of ldap via nss_ldap instead of looking for it directly in 
/etc/passwd?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd database is corrupt!

[Adam Williams]

I added myself into OpenLDAP and deleted my user account from 
/etc/passwd.  Now samba complains in the log file:


Jan 25 10:17:56 roark smbd[2767]:   build_sam_account: smbpasswd 
database is corrupt!  username awilliam with uid 511 is not in unix 
passwd database!


however, I'm resolving my awilliam with nss_ldap, so I can ssh and su -l 
awilliam fine.  so shouldn't samba be able to get the user awilliam w/ 
uid 511 out of ldap via nss_ldap instead of looking for it directly in 
/etc/passwd?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] compare users in /etc/passwd versus /etc/samba/smbpasswd

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Drescher wrote:
> On Jan 24, 2008 1:15 PM, Kristoffer Knigga <[EMAIL PROTECTED]> wrote:
>>  diff
>>
> probably sort as well and maybe awk

cut -f1 -d: to get the first field. Then sort, then diff, or a new
favorite: comm .

=R

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHmOYcmb+gadEcsb4RAlwxAKDZMjjuURRaHss5hM4QraGP52g7fQCgg3vX
Iaqio+2+Xb7afWRGSUGoe2M=
=I0yg
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] compare users in /etc/passwd versus /etc/samba/smbpasswd

[John Drescher]

On Jan 24, 2008 1:15 PM, Kristoffer Knigga <[EMAIL PROTECTED]> wrote:
>
>  diff
>
probably sort as well and maybe awk
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] compare users in /etc/passwd versus /etc/samba/smbpasswd

[Kristoffer Knigga]

 diff


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Adam Williams
Sent: Thursday, January 24, 2008 12:04 PM
To: Samba
Subject: [Samba] compare users in /etc/passwd versus
/etc/samba/smbpasswd

Is there a command I can run that will compare the users in 
/etc/samba/smbpasswd against the users in /etc/passwd and print the ones

that exist in smbpasswd but not passwd?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] compare users in /etc/passwd versus /etc/samba/smbpasswd

[Adam Williams]

Is there a command I can run that will compare the users in 
/etc/samba/smbpasswd against the users in /etc/passwd and print the ones 
that exist in smbpasswd but not passwd?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd and 8 character limit

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This is the most current, I would think, source of information on
Solaris (since it is newer than Solaris 10, even). There would be a
rather large implication here that larger than 8 character names will
present a problem:

http://www.opensolaris.org/os/community/security/library/long_usernames/

Gaiseric Vandal wrote:
> The problem is with passwords that exceed 8 characters, not usernames.
>  Solaris (at least Solaris 9 ) will let you create usernames with more
> than 8 characters-  (although it complains about.)  Most of the
> usernames are 8 characters or less, including the test account.And
> I would think that the unix password store is usually irrelevant to
> samba anyway (with the exception of password syncing.)
> 
> Older versions of Solaris did have an issue with unix passwd length
> (basically any characters beyond 8 were ignored.)Switching from
> DES to MD5 password encryption seems to have fixed this.
> 
> 
> I will try compiling 3.026a on a linux box  (or 3.024 on solaris) and
> see if it really is Solaris specific.
> 
> 
> 
> On Nov 7, 2007 4:14 PM, Ryan Novosielski <[EMAIL PROTECTED]> wrote:
> I can confirm that Solaris only allows 8 character usernames (just
> looked this up last week). As such, your usage of /etc/passwd (or
> whatever other PAM backend) is likely the problem.
> 
> Eric Diven wrote:
>>>> I'm pretty sure it's Solaris specific, I didn't have problems on my
>>>> CentOS box I've been using as a reference machine.  See this bug in
>>>> bugzilla: https://bugzilla.samba.org/show_bug.cgi?id=4863
>>>>
>>>> ~Eric
>>>>
>>>> -Original Message-----
>>>> From: [EMAIL PROTECTED]
>>>> [mailto:[EMAIL PROTECTED] On Behalf
>>>> Of Gaiseric Vandal
>>>> Sent: Friday, November 02, 2007 5:04 PM
>>>> To: Samba
>>>> Subject: [Samba] smbpasswd and 8 character limit
>>>>
>>>> The smbpasswd on my PDC (Solaris 9, Samba 3.026a) will truncate or
>>>> corrupt passwords over 8 chars.
>>>>
>>>> The smbpasswd command on the linux clients (Samba 3.024a) is OK.
>>>> Anyone know if this is a samba version issue or something solaris
>>>> specific.
>>>>
>>>> Thanks
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>>> o/samba
- --
>>
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
>>

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHM427mb+gadEcsb4RAsK9AJ9ZY/kE5OjI4A1qrbW1wxXkHxiVbwCeL8Hp
o1D3lKlSH4Lqa5r7ELl85cU=
=WMed
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd and 8 character limit

[Gaiseric Vandal]

The problem is with passwords that exceed 8 characters, not usernames.
 Solaris (at least Solaris 9 ) will let you create usernames with more
than 8 characters-  (although it complains about.)  Most of the
usernames are 8 characters or less, including the test account.And
I would think that the unix password store is usually irrelevant to
samba anyway (with the exception of password syncing.)

Older versions of Solaris did have an issue with unix passwd length
(basically any characters beyond 8 were ignored.)Switching from
DES to MD5 password encryption seems to have fixed this.


I will try compiling 3.026a on a linux box  (or 3.024 on solaris) and
see if it really is Solaris specific.



On Nov 7, 2007 4:14 PM, Ryan Novosielski <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I can confirm that Solaris only allows 8 character usernames (just
> looked this up last week). As such, your usage of /etc/passwd (or
> whatever other PAM backend) is likely the problem.
>
> Eric Diven wrote:
> > I'm pretty sure it's Solaris specific, I didn't have problems on my
> > CentOS box I've been using as a reference machine.  See this bug in
> > bugzilla: https://bugzilla.samba.org/show_bug.cgi?id=4863
> >
> > ~Eric
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf
> > Of Gaiseric Vandal
> > Sent: Friday, November 02, 2007 5:04 PM
> > To: Samba
> > Subject: [Samba] smbpasswd and 8 character limit
> >
> > The smbpasswd on my PDC (Solaris 9, Samba 3.026a) will truncate or
> > corrupt passwords over 8 chars.
> >
> > The smbpasswd command on the linux clients (Samba 3.024a) is OK.
> > Anyone know if this is a samba version issue or something solaris
> > specific.
> >
> > Thanks
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > o/samba
>
> - --
>   _  _ _  _ ___  _  _  _
>  |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
>  |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
>  \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.5 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHMirImb+gadEcsb4RAm8sAKCigwww8tI4yJ/t0zeeXolrfcOLLwCfSOtt
> YXa2QVJTSMAnuGUzhtetbrc=
> =9KWD
> -END PGP SIGNATURE-
> --
>
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd and 8 character limit

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I can confirm that Solaris only allows 8 character usernames (just
looked this up last week). As such, your usage of /etc/passwd (or
whatever other PAM backend) is likely the problem.

Eric Diven wrote:
> I'm pretty sure it's Solaris specific, I didn't have problems on my
> CentOS box I've been using as a reference machine.  See this bug in
> bugzilla: https://bugzilla.samba.org/show_bug.cgi?id=4863
> 
> ~Eric
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Gaiseric Vandal
> Sent: Friday, November 02, 2007 5:04 PM
> To: Samba
> Subject: [Samba] smbpasswd and 8 character limit
> 
> The smbpasswd on my PDC (Solaris 9, Samba 3.026a) will truncate or
> corrupt passwords over 8 chars.
> 
> The smbpasswd command on the linux clients (Samba 3.024a) is OK.
> Anyone know if this is a samba version issue or something solaris
> specific.
> 
> Thanks
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> o/samba

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHMirImb+gadEcsb4RAm8sAKCigwww8tI4yJ/t0zeeXolrfcOLLwCfSOtt
YXa2QVJTSMAnuGUzhtetbrc=
=9KWD
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] smbpasswd and 8 character limit

[Eric Diven]

Sorry, brain-fart, you'll probably be interested in knowing what version
does work.  The latest version of Samba that I've tested as working with
the password issue is 3.0.24.  I'm having trouble getting ACL support to
work with it, but I have got ADS and winbind working seamlessly.

~Eric 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Gaiseric Vandal
Sent: Friday, November 02, 2007 5:04 PM
To: Samba
Subject: [Samba] smbpasswd and 8 character limit

The smbpasswd on my PDC (Solaris 9, Samba 3.026a) will truncate or
corrupt passwords over 8 chars.

The smbpasswd command on the linux clients (Samba 3.024a) is OK.
Anyone know if this is a samba version issue or something solaris
specific.

Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
o/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] smbpasswd and 8 character limit

[Eric Diven]

I'm pretty sure it's Solaris specific, I didn't have problems on my
CentOS box I've been using as a reference machine.  See this bug in
bugzilla: https://bugzilla.samba.org/show_bug.cgi?id=4863

~Eric

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Gaiseric Vandal
Sent: Friday, November 02, 2007 5:04 PM
To: Samba
Subject: [Samba] smbpasswd and 8 character limit

The smbpasswd on my PDC (Solaris 9, Samba 3.026a) will truncate or
corrupt passwords over 8 chars.

The smbpasswd command on the linux clients (Samba 3.024a) is OK.
Anyone know if this is a samba version issue or something solaris
specific.

Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
o/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd and 8 character limit

[Gaiseric Vandal]

The smbpasswd on my PDC (Solaris 9, Samba 3.026a) will truncate or
corrupt passwords over 8 chars.

The smbpasswd command on the linux clients (Samba 3.024a) is OK.
Anyone know if this is a samba version issue or something solaris
specific.

Thanks
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd -a not working with ldap

[James]

Hi i'm trying to add new samba users with an ldap backend
i can use smbpasswd to change current samba user passwords but if i try 
to add a user it won't add the attributes to the ldap account.

i have run smbpasswd -w already
I noticed that when running smbpasswd and adding a user the search 
filter is looking for a sambasamaccount but that attribute needs to be 
CREATED by smbpasswd -a right?

Debian Etch
Samba 3.0.24-6etch4
TIA

Here's my smb.conf and my smbpasswd debug

smb.conf

[global]
workgroup = PDC-TEST
netbios name = machine
server string = Samba %v


# Domain Directives #
os level = 65
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
name resolve order = wins lmhosts host bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
#interfaces = eth1

# Generic Directives #
hide dot files = yes
security = user
max log size = 1000
log level = 9
syslog = 1666
username map = /etc/samba/smbusers
#passdb backend = tdbsam
# LDAP Directives #
passdb backend = ldapsam:"ldap://ldap-master.example.com";
ldap suffix = dc=example,dc=com
ldap admin dn = cn=admin,dc=example,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap uid = 1-2
idmap gid = 1-2

#add user script = /usr/sbin/smbldap-useradd -a -m "%u"
#add machine script = /usr/sbin/smbldap-useradd -a -w "%u"
#add group script = /usr/sbin/smbldap-groupadd -a -p "%g"
#add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
#set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

#passwd program = /usr/sbin/smbldap-passwd -u %u
#passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new 
password*" %n\n"



## Comment Out to Disable PASSWD Sync #
ldap passwd sync = yes
encrypt passwords = yes

[homes]
  comment = Home Directories
  browseable = no
  writable = no
  create mask = 0700
  directory mask = 0700
  valid users = %S

[netlogon]
   path = /var/lib/samba/netlogon
   guest ok = yes
   browseable = No

[profiles]
   comment = Network Profiles Service
   path = %H
   read only = no
   store dos attributes = yes
   create mask = 0700
   directory mask = 0700
   browseable = no


SMBPASSWD Debug:
# smbpasswd -a Admin -D 256
The LDAP server is succesfully connected
pdb backend ldapsam:"ldap://ldap-master.example.com"; has a valid init
New SMB password:
Retype new SMB password:
smbldap_search_ext: base => [dc=example,dc=com], filter => 
[(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2]

smbldap_open: already connected to the LDAP server
ldapsam_getsampwnam: Unable to locate user [Admin] count=0
Failed to modify password entry for user Admin


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd on solaris clients

[James Craig]

I may be mixing water and oil here, but with a recent upgrade
I am discovering our solaris clients aren't able to update samba
passwords.

Our server is running 2.2.12  (I intend to upgrade to 3.0.x when
I get LDAP working) with it's own password database.

If I use the smbpasswd that came with 2.2.12 on the solaris clients
everything works.  however if I use the smbpasswd that comes with
blastwave (3.0.23) on the x86 solaris machines,

I get this error:

Could not connect to machine xxx.xxx.xxx.xxx: NT_STATUS_LOGON_FAILURE
Failed to change password for username


the server throws this into the logs:

[2007/09/03 15:41:21, 1] smbd/password.c:pass_check_smb(545)
  Couldn't find user '\username' in passdb.
[2007/09/03 15:41:21, 2] smbd/reply.c:reply_sesssetup_and_X(997)
  NT Password did not match for user '\username'!
[2007/09/03 15:41:21, 2] smbd/reply.c:reply_sesssetup_and_X(1007)
  Defaulting to Lanman password for \username
[2007/09/03 15:41:21, 1] smbd/password.c:pass_check_smb(545)
  Couldn't find user '\username' in passdb.
[2007/09/03 15:41:21, 1] smbd/reply.c:reply_sesssetup_and_X(1023)
  Rejecting user '\username': authentication failed
[2007/09/03 15:41:21, 2] smbd/server.c:exit_server(511)
  Closing connections



I have not had to create machine accounts for the client machines
before.  Is this something I need to change?  Do I need to flesh
out the currently empty smb.conf on the client machines?
Is the problem due to my attempt to mix client and server versions,
or does blastwave compile their smbpassword to expect a certain style
of server?


jim craig

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] smbpasswd truncates password to 8 chars on Solaris sparc?

[Schaefer Jr, Thomas R.]

On Wed, 18 Jul 2007 20:35:30 -0600
Zube <[EMAIL PROTECTED]> wrote:

> 
> Following up to my own query, it appears that bugs 4782 and 4677 in
> bugzilla.samba.org also mention this issue.  Using the smbpasswd from
> 3.0.24 seems to work around the problem.
> 

Yep, I'm the reporter of bug 4677, hadn't seen 4782 but it does look
like the same thing.  A third similiar bug I have entered is 4674 where
I eventually discovered I can't connect with smbclient when the users
password is greater than 8 characters.  4674 is also on Sparc Solaris.
I haven't tried any of it on x86 Solaris, my hunch would be the same
problem exists there too.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd truncates password to 8 chars on Solaris sparc?

[Zube]

On Wed Jul 18 02:57:07 PM, Zube wrote:

> Good Day.  In June, I posted a small query under the Subject of
> 
> _odd smbpasswd / smbclient error from Linux to Solaris_
> 
> Briefly, a Solaris sparc server running 3.0.25a would not accept passwords 
> from the Linux smbclient program if the password was 9 characters or greater.
> Instead, one would get this:
> 
> session setup failed: NT_STATUS_LOGON_FAILURE
> 
> but it worked fine with the Solaris sparc smbclient.  Again, this with
> just with a passwd backend, very simple.
> 
> Now running 3.0.25b and after digging deeper, it appears that things are
> worse than I first thought.  smbpasswd is truncating passwords at 8 
> characters.  For example, set a 9+ character password for a user with:
> 
> smbpasswd dummy
> 
> then try to mount the dummy share from windows using the dummy user and 
> password or use smbclient from linux.  In both cases, it fails.  However,
> if one types only the first 8 characters of the password, it works fine.
> 
> Any pointers are greatly appreciated.

Following up to my own query, it appears that bugs 4782 and 4677 in
bugzilla.samba.org also mention this issue.  Using the smbpasswd from
3.0.24 seems to work around the problem.

Cheers,
Zube
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd truncates password to 8 chars on Solaris sparc?

[Zube]

Good Day.  In June, I posted a small query under the Subject of

_odd smbpasswd / smbclient error from Linux to Solaris_

Briefly, a Solaris sparc server running 3.0.25a would not accept passwords 
from the Linux smbclient program if the password was 9 characters or greater.
Instead, one would get this:

session setup failed: NT_STATUS_LOGON_FAILURE

but it worked fine with the Solaris sparc smbclient.  Again, this with
just with a passwd backend, very simple.

Now running 3.0.25b and after digging deeper, it appears that things are
worse than I first thought.  smbpasswd is truncating passwords at 8 
characters.  For example, set a 9+ character password for a user with:

smbpasswd dummy

then try to mount the dummy share from windows using the dummy user and 
password or use smbclient from linux.  In both cases, it fails.  However,
if one types only the first 8 characters of the password, it works fine.

Any pointers are greatly appreciated.

Cheers,
Zube
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd problem on Solaris-10

[Ole Benner]

I get this:

$ smbpasswd -D 10 olb
Netbios name list:-
my_netbios_names[0]="FILES"
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to find an passdb backend to match smbpasswd (smbpasswd)
Found pdb backend smbpasswd
pdb backend smbpasswd has a valid init
New SMB password:
Retype new SMB password:
getsampwnam (smbpasswd): search by name: olb
startsmbfilepwent_internal: opening file /data/samba/private/smbpasswd
getsmbfilepwent: returning passwd entry for user olb, uid 1
endsmbfilepwent_internal: closed password file.
getsampwnam (smbpasswd): found by name: olb
Finding user olb
Trying _Get_Pwnam(), username as lowercase is olb
Get_Pwnam_internals did find user [olb]!
pdb_set_username: setting username olb, was
pdb_set_full_name: setting full name , was
pdb_set_domain: setting domain FILES, was
Home server: files
pdb_set_profile_path: setting profile path \\files\olb\profile, was
Home server: files
pdb_set_homedir: setting home dir \\files\olb, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
pdb_set_user_sid: setting user sid
S-1-5-21-4108215807-3801520835-147286624-21000
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-4108215807-3801520835-147286624-21000
from rid 21000
grant_privilege: S-1-1-0
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-548
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-549
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-550
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-551
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-544
original privilege mask:
SE_PRIV  0xff0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0xff0 0x0 0x0 0x0
account_policy_get: name: maximum password age, val: -1
account_policy_get: name: password history, val: 0
pdb_set_username: setting username olb, was
pdb_set_domain: setting domain FILES, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name , was
Home server: files
pdb_set_homedir: setting home dir \\files\olb, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: files
pdb_set_profile_path: setting profile path \\files\olb\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid
S-1-5-21-4108215807-3801520835-147286624-21000
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-4108215807-3801520835-147286624-21000
from rid 21000
account_policy_get: name: password history, val: 0
mod_smbfilepwd_entry: opening file /data/samba/private/smbpasswd
mod_smbfilepwd_entry: entry exists for user olb


I have now tried to compile samba-3.0.21b with the exactly same
configuration as samba-3.0.25b version (same compiler etc.) and this
version works with more than 8 chars passwords.

Regards
Ole Benner
Netic A/S


Roberto Lizana wrote:
> What can you see in console if you type this 'smbpasswd -D 10 anyUser' ???
> 
> 
> Ole Benner escribió:
>> I have compiled both samba-3.0.25a and samba-3.0.25b and with both I
>> have problems setting user password longer than 8 chars with smbpasswd.
>> I get no errors, but if I try to set a password with more than 8 chars
>> the password will only be generated using the first 8 chars.
>>
>> This is on Solaris-10 update 3 on amd64 and I have compiled samba using
>> Sun Studio 11 compiler suite and no other options to configure than
>> --prefix=/some/path.
>>
>> Solaris-10 comes with samba 3.0.21b preinstalled and if I use smbpasswd
>> from that installation there is no problems and the smaba-3.0.25(a/b)
>> version works alright with >8 chars passwd once it is set.
>>
>> This looks like some 32/64 bit bug or similar.
>>
>>   
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd problem on Solaris-10

[Roberto Lizana]

What can you see in console if you type this 'smbpasswd -D 10 anyUser' ???


Ole Benner escribió:

I have compiled both samba-3.0.25a and samba-3.0.25b and with both I
have problems setting user password longer than 8 chars with smbpasswd.
I get no errors, but if I try to set a password with more than 8 chars
the password will only be generated using the first 8 chars.

This is on Solaris-10 update 3 on amd64 and I have compiled samba using
Sun Studio 11 compiler suite and no other options to configure than
--prefix=/some/path.

Solaris-10 comes with samba 3.0.21b preinstalled and if I use smbpasswd
from that installation there is no problems and the smaba-3.0.25(a/b)
version works alright with >8 chars passwd once it is set.

This looks like some 32/64 bit bug or similar.

  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd problem on Solaris-10

[Ole Benner]

I have compiled both samba-3.0.25a and samba-3.0.25b and with both I
have problems setting user password longer than 8 chars with smbpasswd.
I get no errors, but if I try to set a password with more than 8 chars
the password will only be generated using the first 8 chars.

This is on Solaris-10 update 3 on amd64 and I have compiled samba using
Sun Studio 11 compiler suite and no other options to configure than
--prefix=/some/path.

Solaris-10 comes with samba 3.0.21b preinstalled and if I use smbpasswd
from that installation there is no problems and the smaba-3.0.25(a/b)
version works alright with >8 chars passwd once it is set.

This looks like some 32/64 bit bug or similar.

-- 
Mvh
Ole Benner
Netic A/S
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd and machine accounts

[Eric A. Hall]

I'm using samba-3.0.23d-19 on openSUSE 10.2 with an LDAP PDC arrangement

I'm trying to sort out some problems with adding a trust relationship.
Specifically, smbpasswd is failing when I try to create/modify the domain
account. Further investigation shows that it is also failing to modify
workstation accounts. However it is able to modify user accounts fine. The
big difference here seems to be the ordering:

Here is the debug level 4 output for trying to modify machine "PC-1":

[ root# ] smbpasswd -D4 -m PC-1

smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=LABS))]

smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected

init_sam_from_ldap: Entry found for user: pc-1$

init_group_from_ldap: Entry found for group: 515

ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-515] count=0

init_group_from_ldap: Entry found for group: 515

ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-515] count=0

init_group_from_ldap: Entry found for group: 515

store_gid_sid_cache: gid 515 in cache ->
S-1-5-21-284210356-3264030311-3336521042-515

Failed to set password for user PC-1$.
Failed to modify password entry for user PC-1$


Here is the output for modifying user account "jbleau":

[ root# ] smbpasswd -D4 jbleau

smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=LABS))]

smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected

New SMB password:
Retype new SMB password:

init_sam_from_ldap: Entry found for user: jbleau

init_group_from_ldap: Entry found for group: 513

ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-513] count=0

init_group_from_ldap: Entry found for group: 513

ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-513] count=0

init_group_from_ldap: Entry found for group: 513

store_gid_sid_cache: gid 513 in cache ->
S-1-5-21-284210356-3264030311-3336521042-513

ldapsam_update_sam_account: user jbleau to be modified has dn:
uid=jbleau,ou=Users,dc=labs,dc=ntrg,dc=com

init_ldap_from_sam: Setting entry for user: jbleau

ldapsam_modify_entry: LDAP Password changed for user jbleau

ldapsam_update_sam_account: successfully modified uid = jbleau in the LDAP
database


Note that smbpasswd prompted for the user password before trying to search
(perhaps this is bind-related). Also note that neither the workstation or
user modification routines claimed to be able to locate the associated SID
(judging from LDAP traces, the search appears to be malformed), but that
did not have any effect on the outcome of the user operation.

Anybody know what's up?

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd doesn't prompt root for password

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Alexander Skwar wrote:
> Hello.
> 
> When I run smbpasswd from samba 3.0.23a on a MIPSEL system running
> Linux 2.4.20 as root, I'm NEVER asked for a password. Even when I
> create a new user in smbpasswd, I'm not asked:

Please file a bug an attach the gzipped config.log from your build.
Thanks.






jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE1yrRIR7qMdg1EfYRAn9mAKDhMhH2QHypbfpKfEdfAMiVi8P9OwCgnv0U
J5A75qR7QKD0M8c8zAWg2hk=
=7dDK
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd doesn't prompt root for password

[Alexander Skwar]

Hello.

When I run smbpasswd from samba 3.0.23a on a MIPSEL system running
Linux 2.4.20 as root, I'm NEVER asked for a password. Even when I
create a new user in smbpasswd, I'm not asked:

[EMAIL PROTECTED]:/etc/samba# strings smbpasswd
root:0:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[U 
 ]:LCT-44D63D42:
bin:1:::[DU 
]:LCT-:
daemon:2:::[DU  
   ]:LCT-:
adm:3:::[DU 
]:LCT-:
sync:5:::[DU
 ]:LCT-:
nobody:99:::[DU 
]:LCT-:
[EMAIL PROTECTED]:/etc/samba# smbpasswd -a askwar
Added user askwar.
[EMAIL PROTECTED]:/etc/samba# smbpasswd askwar
[EMAIL PROTECTED]:/etc/samba# strings smbpasswd
root:0:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[U 
 ]:LCT-44D63D42:
bin:1:::[DU 
]:LCT-:
daemon:2:::[DU  
   ]:LCT-:
adm:3:::[DU 
]:LCT-:
sync:5:::[DU
 ]:LCT-:
nobody:99:::[DU 
]:LCT-:
askwar:1000:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[U
  ]:LCT-44D63EAE:

When I run smbpasswd as a user, eg. as Unix user "askwar", I AM prompted
for a password.

[EMAIL PROTECTED]:~/src/samba-3.0.23a/source$ smbpasswd
Old SMB password:

But as I don't know the "Old SMB password", I'm somewhat at a loss... :)

I also cannot feed the password over stdin as root:

[EMAIL PROTECTED]:/etc/samba# echo foo | smbpasswd -s askwar
Mismatch - password unchanged.
Unable to get new password.

What's happening here?

Thanks a lot,
Alexander Skwar
--
Johnson's First Law:
When any mechanical contrivance fails, it will do so at the
most inconvenient possible time.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd doesn't prompt root for password

[Alexander Skwar]

Hello.

When I run smbpasswd from samba 3.0.23a on a MIPSEL system running
Linux 2.4.20 as root, I'm NEVER asked for a password. Even when I
create a new user in smbpasswd, I'm not asked:

[EMAIL PROTECTED]:/etc/samba# strings smbpasswd
root:0:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[U 
 ]:LCT-44D63D42:
bin:1:::[DU 
]:LCT-:
daemon:2:::[DU  
   ]:LCT-:
adm:3:::[DU 
]:LCT-:
sync:5:::[DU
 ]:LCT-:
nobody:99:::[DU 
]:LCT-:
[EMAIL PROTECTED]:/etc/samba# smbpasswd -a askwar
Added user askwar.
[EMAIL PROTECTED]:/etc/samba# smbpasswd askwar
[EMAIL PROTECTED]:/etc/samba# strings smbpasswd
root:0:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[U 
 ]:LCT-44D63D42:
bin:1:::[DU 
]:LCT-:
daemon:2:::[DU  
   ]:LCT-:
adm:3:::[DU 
]:LCT-:
sync:5:::[DU
 ]:LCT-:
nobody:99:::[DU 
]:LCT-:
askwar:1000:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[U
  ]:LCT-44D63EAE:

When I run smbpasswd as a user, eg. as Unix user "askwar", I AM prompted
for a password.

[EMAIL PROTECTED]:~/src/samba-3.0.23a/source$ smbpasswd
Old SMB password:

But as I don't know the "Old SMB password", I'm somewhat at a loss... :)

I also cannot feed the password over stdin as root:

[EMAIL PROTECTED]:/etc/samba# echo foo | smbpasswd -s askwar
Mismatch - password unchanged.
Unable to get new password.

What's happening here?

Thanks a lot,

Alexander Skwar
-- 
Asket:
  schwächlicher Charakter, der der Versuchung erliegt,
  sich ein Vergnügen zu versagen.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd batch mode

[Matthew Daubenspeck]

On Fri, Jun 09, 2006 at 05:09:13PM -0500, Craig Jackson wrote:
> Hi,
> 
> I need to create a large number of users in the smbpasswd file.Is there a way 
> to do this without having to type passwords? I need a batch mode. Using Samba 
> 3.

# cat importusers.sh 
#!/bin/bash
datafile=userdata
line_count=`cat $datafile | wc -l`
filesystem="/dev/sda1"

for data in `seq $line_count`
do
  read data
  username=`echo $data | awk -F" " '{print $1}'`
  password=`echo $data | awk -F" " '{print $2}'`
  /usr/sbin/adduser -m -s /bin/false -p $password $username
  (echo $password; echo $password) | /usr/bin/smbpasswd -s -a $username
  /usr/sbin/setquota -u $username 0 1048576 0 0 -a $filesystem
  /bin/chmod 700 /home/$username
done < "$datafile"

# cat userdata 
user1 password1
user2 password2
etc etc

Take out or add as necessary :)

-- 
  Matthew Daubenspeck
  http://www.oddprocess.org

Gentoo Linux 2.6.15-gentoo-r5 x86_64 Dual Core AMD Opteron(tm) Processor 165
19:13:22 up 29 days, 3:57, 1 user, load average: 0.07, 0.08, 0.08
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd batch mode

[Craig Jackson]

Hi,

I need to create a large number of users in the smbpasswd file.Is there a way 
to do this without having to type passwords? I need a batch mode. Using Samba 3.

Thanks,
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd and /etc/samba/smbusers

[Felipe Alfaro Solana]

You add root and not administrator.  This is by design.
When in security = user, think of the username map as
simply an alias file used for authentication requests.
smbpasswd and pdbedit work below that layer.


You were completely right. I was screwed. Adding "root" via smbpasswd
allows me to authenticate using "smbclient" as "Administrator".

Thanks a lot, Jerry.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd and /etc/samba/smbusers

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Felipe Alfaro Solana wrote:
> Hi,
> 
> I've been Googling around trying to found why I can't make SAMBA
> (concretely smbpasswd and pdbedit) make good use of the information
> held in the file /etc/samba/smbusers. I have done a clean install of
> Red Hat Enterprise Linux ES 4.1 Update 3 (both x86_64 and IA32) and
> Fedora Core 5. In all cases, running the following command fails:
> 
> # smbpasswd -a Administrator
> New SMB password:
> Retype new SMB password:
> Failed to initialise SAM_ACCOUNT for user Administrator. Does this
> user exist in the UNIX password database ?
> Failed to modify password entry for user Administrator
> 
> Even though /etc/samba/smbusers look like this:
> 
> root = Administrator admin

You add root and not administrator.  This is by design.
When in security = user, think of the username map as
simply an alias file used for authentication requests.
smbpasswd and pdbedit work below that layer.




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEajOgIR7qMdg1EfYRAhm/AJ44cwoQlFfpjQEfCv11OKFkDE2TjQCg08U9
BVhWLnVshEaIzsPImaG6du0=
=plQc
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd and /etc/samba/smbusers

[Felipe Alfaro Solana]

Hi,

I've been Googling around trying to found why I can't make SAMBA
(concretely smbpasswd and pdbedit) make good use of the information
held in the file /etc/samba/smbusers. I have done a clean install of
Red Hat Enterprise Linux ES 4.1 Update 3 (both x86_64 and IA32) and
Fedora Core 5. In all cases, running the following command fails:

# smbpasswd -a Administrator
New SMB password:
Retype new SMB password:
Failed to initialise SAM_ACCOUNT for user Administrator. Does this
user exist in the UNIX password database ?
Failed to modify password entry for user Administrator

Even though /etc/samba/smbusers look like this:

root = Administrator admin
guest = nobody


Running:

# smbpasswd -a root

Works fine, however.

I don't understand why both smbpasswd and pdbedit ignore the user
mapping defined in /etc/samba/smbusers.

Any ideas? Am I wrong?
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Smbpasswd versus Winbind and tdb backend

[Ricardo Chamorro]

For a LAN of 15 clients W9x/2000/XP with  Samba 3 PDC level security User, 
backend default smbpasswd and without winbind, I have problem to view NT domain 
users groups lists in Windows 9x "Sharing" (I ran "net groupmap modify" to 
change english language name groups to spanish )...  
This problem are because I don't use tdb backend and winbind
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Smbpasswd versus Winbind and tdb backend

[Ricardo Chamorro]

For a LAN of 15 clients W9x/2000/XP with  Samba 3 PDC level security User, 
backend default smbpasswd and without winbind, I have problem to view NT domain 
users groups lists in Windows 9x "Sharing" (I ran "net groupmap modify" to 
change english language name groups to spanish )...  
This problem are because I don't use tdb backend and winbind
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbpasswd in a cron job

[Dennis Duggen]

Hi Sebastian

> echo -e "${PASSWD}\n${PASSWD}" | smbpasswd -a -s ${USER}
Thanks a lot, it worked nicely

Dennis

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbpasswd in a cron job

[Sebastian Held]

Try 

echo -e "${PASSWD}\n${PASSWD}" | smbpasswd -a -s ${USER}

br,
Sebastian


pgpY2IZTjjNNb.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbpasswd in a cron job

[lists]

Hi Tomasz

> You might try running your expect script through screen (although I
> solved the cupsaddsmb problem differently).
Thanks for your suggestion. I've tried it, but receive the message:
"Must be connected to a terminal.".

Any more suggestions would be great.

Is there maybe an easy way like with the system user: "usermod -p `crypt
pass` user"

Thanks,

Dennis

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbpasswd in a cron job

[Tomasz Chmielewski]

Dennis Duggen wrote:

Hi list

For a project we are trying to change the samba password automatically 
in a cron job. Since smbpasswd doesn't allow the password to be entered 
otherwise than though the console (user input). We found a solution to 
the input part though expect. But as thing go expect doesn't work in a 
cron job since it has no tty.


Is there anyone who can point us the right way to a solution.


Hi,

I also had a similar problem with providing a password to cupsaddsmb.

You might try running your expect script through screen (although I 
solved the cupsaddsmb problem differently).



--
Tomasz Chmielewski
Software deployment with Samba
http://wpkg.org
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Smbpasswd in a cron job

[Dennis Duggen]

Hi list

For a project we are trying to change the samba password automatically 
in a cron job. Since smbpasswd doesn't allow the password to be entered 
otherwise than though the console (user input). We found a solution to 
the input part though expect. But as thing go expect doesn't work in a 
cron job since it has no tty.


Is there anyone who can point us the right way to a solution.

Thanks in advance.

Dennis
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbpasswd -m -x not working, "object class violation" error

[Fermin Molina]

On Thu, 2006-02-16 at 11:43 -0300, Andrés Yacopino wrote:
> This time i add values to cn , the object class inetOrgPerson and a value
> for sn.
> After that i try to delete the machine account and it works.
> Apparently it needs this object class as you said.
> How can i do to add this class automatically when a add a machine account
> using smbpasswd?


Are you using "smbldap-tools"?

In my case, I need to put some aditional information to new machine
accounts like you. I modified the "sub add_posix_machine" in
"smbldap_tools.pm" perl script to add the information I need. But I
think class inetOrgPerson is added by this scripts...

I use smbldap-tool 0.9.1 version.

Hope this helps.

/Fermin



> 2006/2/16, Daniel Wilson <[EMAIL PROTECTED]>:
> >
> >
> > > I also found that displayName belongs to inetorgperson object class.
> > > I try to add this object class to the user but i obtain and object
> > > class violation.
> > Usually objectclasses have a set of required attributes that must have
> > values before you can commit adding the object class. Did you just try
> > and add the object class without adding values to the new attributes?
> > >
> > > I see that a user account(not a machine account) has a lot of object
> > > class, the machine account account has only the three classes
> > > sambaSamAccount,account,top.
> > ok so mayby its trying to delete the attribute displayName from the
> > inetorgperson which a machines doesnt have then...?
> > > Thanks.
> > >
> > >
> > >
> > >
> > > 2006/2/16, Andrés Yacopino <[EMAIL PROTECTED]
> > > >:
> > >
> > > I see the attribute displayName(as allowed attribute) in these
> > > user object classes:
> > >
> > > -pabperson
> > > -sambasamaccount
> > > -smabagroupmapping
> > >
> > > The user account has only this classes:
> > >
> > > sambaSamAccount
> > > account
> > > top
> > >
> > > Is this wrong?, the attribute could be in some classes at the same
> > > time?
> > > Thanks,
> > > Andres.
> > >
> > > 2006/2/15, Daniel Wilson < [EMAIL PROTECTED]
> > > >:
> > >
> > > What object class is the displayName in and does the user
> > > account have
> > > that object class ? Im sure you need to have the object class
> > > before you
> > > can add/remove the attribute assigned to the object classs.
> > >
> > > Attributes belong to and are grouped in objectclasses.
> > >
> > > Regards
> > >
> > > Daniel Wilson
> > > Systems Manager
> > > Student and Learning Support
> > > University of Sunderland
> > > Tel: 0191 515 2695
> > >
> > >
> > >
> > > Andrés Yacopino wrote:
> > >
> > > > Thanks for replying Daniel, i execute :grep -il displayName
> > > *.ldif
> > > >
> > > > and i obtain:
> > > >
> > > > 00core.ldif
> > > > 50ns-admin.ldif
> > > > 50ns-iabs.ldif
> > > > 99samba-schema-netscapeds5.x.ldif
> > > > 99user.ldif
> > > >
> > > > And also see the configuration in the console and i see:
> > > >
> > > > Standard Attribute(Read Only):
> > > >
> > > > Name: displayName
> > > > OID: 2.16.840.1.113730.3.1.241
> > > > Syntax: DirectoryString
> > > > Multivalued: not checked
> > > >
> > > > Do you know what is wrong with this?
> > > > Thanks a lot,
> > > > Andrés.
> > > >
> > > > 2006/2/14, Daniel Wilson <[EMAIL PROTECTED]
> > > 
> > > >  > > >>:
> > > >
> > > > Im sure this means that its trying to delete the
> > > displayName attribute
> > > > which is more than likely not in your LDAP schema.
> > > >
> > > > Look in "/slapd-/config/schema/"
> > > directory for
> > > > your schema
> > > >
> > > > To see if "displayName" is part of any object classes in
> > > your LDAP
> > > > schema search the schema files:
> > > >
> > > > bash# grep -il displayName
> > > > /slapd-/config/schema/*.ldif
> > > >
> > > > If its not part of your schema you may want to add this
> > > attribute to
> > > > your 99user.ldif schema file or add the attribute via the
> > > Sun LDAP
> > > > console (recommended):
> > > >
> > > > bash # /startconsole &
> > > > Server Group > Directory  Server (Open) > Configuration >
> > > Schema >
> > > > Attributes > Create
> > > >
> > > > -or-
> > > >
> > > > you may want to just disable schema checking in your LDAP
> > > server :
> > > >
> > > > bash # /startconsol

Re: [Samba] Smbpasswd -m -x not working, "object class violation" error

[Andrés Yacopino]

This time i add values to cn , the object class inetOrgPerson and a value
for sn.
After that i try to delete the machine account and it works.
Apparently it needs this object class as you said.
How can i do to add this class automatically when a add a machine account
using smbpasswd?
Thanks.
Andres.


2006/2/16, Daniel Wilson <[EMAIL PROTECTED]>:
>
>
> > I also found that displayName belongs to inetorgperson object class.
> > I try to add this object class to the user but i obtain and object
> > class violation.
> Usually objectclasses have a set of required attributes that must have
> values before you can commit adding the object class. Did you just try
> and add the object class without adding values to the new attributes?
> >
> > I see that a user account(not a machine account) has a lot of object
> > class, the machine account account has only the three classes
> > sambaSamAccount,account,top.
> ok so mayby its trying to delete the attribute displayName from the
> inetorgperson which a machines doesnt have then...?
> > Thanks.
> >
> >
> >
> >
> > 2006/2/16, Andrés Yacopino <[EMAIL PROTECTED]
> > >:
> >
> > I see the attribute displayName(as allowed attribute) in these
> > user object classes:
> >
> > -pabperson
> > -sambasamaccount
> > -smabagroupmapping
> >
> > The user account has only this classes:
> >
> > sambaSamAccount
> > account
> > top
> >
> > Is this wrong?, the attribute could be in some classes at the same
> > time?
> > Thanks,
> > Andres.
> >
> > 2006/2/15, Daniel Wilson < [EMAIL PROTECTED]
> > >:
> >
> > What object class is the displayName in and does the user
> > account have
> > that object class ? Im sure you need to have the object class
> > before you
> > can add/remove the attribute assigned to the object classs.
> >
> > Attributes belong to and are grouped in objectclasses.
> >
> > Regards
> >
> > Daniel Wilson
> > Systems Manager
> > Student and Learning Support
> > University of Sunderland
> > Tel: 0191 515 2695
> >
> >
> >
> > Andrés Yacopino wrote:
> >
> > > Thanks for replying Daniel, i execute :grep -il displayName
> > *.ldif
> > >
> > > and i obtain:
> > >
> > > 00core.ldif
> > > 50ns-admin.ldif
> > > 50ns-iabs.ldif
> > > 99samba-schema-netscapeds5.x.ldif
> > > 99user.ldif
> > >
> > > And also see the configuration in the console and i see:
> > >
> > > Standard Attribute(Read Only):
> > >
> > > Name: displayName
> > > OID: 2.16.840.1.113730.3.1.241
> > > Syntax: DirectoryString
> > > Multivalued: not checked
> > >
> > > Do you know what is wrong with this?
> > > Thanks a lot,
> > > Andrés.
> > >
> > > 2006/2/14, Daniel Wilson <[EMAIL PROTECTED]
> > 
> > >  > >>:
> > >
> > > Im sure this means that its trying to delete the
> > displayName attribute
> > > which is more than likely not in your LDAP schema.
> > >
> > > Look in "/slapd-/config/schema/"
> > directory for
> > > your schema
> > >
> > > To see if "displayName" is part of any object classes in
> > your LDAP
> > > schema search the schema files:
> > >
> > > bash# grep -il displayName
> > > /slapd-/config/schema/*.ldif
> > >
> > > If its not part of your schema you may want to add this
> > attribute to
> > > your 99user.ldif schema file or add the attribute via the
> > Sun LDAP
> > > console (recommended):
> > >
> > > bash # /startconsole &
> > > Server Group > Directory  Server (Open) > Configuration >
> > Schema >
> > > Attributes > Create
> > >
> > > -or-
> > >
> > > you may want to just disable schema checking in your LDAP
> > server :
> > >
> > > bash # /startconsole &
> > > Server Group > Directory  Server (Open) > Configuration >
> > Schema
> > > (Disable)
> > >
> > > Regards
> > >
> > > Daniel Wilson
> > > Systems Manager
> > > Student and Learning Support
> > > University of Sunderland
> > > Tel: 0191 515 2695
> > >
> > >
> > >
> > > Andrés Yacopino wrote:
> > >
> > > > Daniel, check the log as you said and i hit this:
> > > >
> > > > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema  -
> > conn

Re: [Samba] Smbpasswd -m -x not working, "object class violation" error

[Andrés Yacopino]

I see the attribute displayName(as allowed attribute) in these user object
classes:

-pabperson
-sambasamaccount
-smabagroupmapping

The user account has only this classes:

sambaSamAccount
account
top

Is this wrong?, the attribute could be in some classes at the same time?
Thanks,
Andres.

2006/2/15, Daniel Wilson <[EMAIL PROTECTED]>:
>
> What object class is the displayName in and does the user account have
> that object class ? Im sure you need to have the object class before you
> can add/remove the attribute assigned to the object classs.
>
> Attributes belong to and are grouped in objectclasses.
>
> Regards
>
> Daniel Wilson
> Systems Manager
> Student and Learning Support
> University of Sunderland
> Tel: 0191 515 2695
>
>
>
> Andrés Yacopino wrote:
>
> > Thanks for replying Daniel, i execute :grep -il displayName *.ldif
> >
> > and i obtain:
> >
> > 00core.ldif
> > 50ns-admin.ldif
> > 50ns-iabs.ldif
> > 99samba-schema-netscapeds5.x.ldif
> > 99user.ldif
> >
> > And also see the configuration in the console and i see:
> >
> > Standard Attribute(Read Only):
> >
> > Name: displayName
> > OID: 2.16.840.1.113730.3.1.241
> > Syntax: DirectoryString
> > Multivalued: not checked
> >
> > Do you know what is wrong with this?
> > Thanks a lot,
> > Andrés.
> >
> > 2006/2/14, Daniel Wilson <[EMAIL PROTECTED]
> > >:
> >
> > Im sure this means that its trying to delete the displayName
> attribute
> > which is more than likely not in your LDAP schema.
> >
> > Look in "/slapd-/config/schema/" directory
> for
> > your schema
> >
> > To see if "displayName" is part of any object classes in your LDAP
> > schema search the schema files:
> >
> > bash# grep -il displayName
> > /slapd-/config/schema/*.ldif
> >
> > If its not part of your schema you may want to add this attribute to
> > your 99user.ldif schema file or add the attribute via the Sun LDAP
> > console (recommended):
> >
> > bash # /startconsole &
> > Server Group > Directory  Server (Open) > Configuration > Schema >
> > Attributes > Create
> >
> > -or-
> >
> > you may want to just disable schema checking in your LDAP server :
> >
> > bash # /startconsole &
> > Server Group > Directory  Server (Open) > Configuration > Schema
> > (Disable)
> >
> > Regards
> >
> > Daniel Wilson
> > Systems Manager
> > Student and Learning Support
> > University of Sunderland
> > Tel: 0191 515 2695
> >
> >
> >
> > Andrés Yacopino wrote:
> >
> > > Daniel, check the log as you said and i hit this:
> > >
> > > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema  - conn=-1
> op=-1
> > > msgId=-1 -
> > > User error:  Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar
> > 
> > > ,dc=acasalud,dc=c
> > > om,dc=ar", attribute "displayName" is not allowed
> > >
> > > What does it means?
> > >
> > > Thanks,
> > > Andrés.
> > >
> > >
> > >
> > > 2006/2/14, Daniel Wilson < [EMAIL PROTECTED]
> > 
> > >  > >>:
> > >
> > > Have you checkes the Sun LDAP errors.log file for the
> > specific object
> > > class violation? Usually at
> > > /slapd-/logs/errors.log
> > >
> > > Daniel Wilson
> > > Systems Manager
> > > Student and Learning Support
> > > University of Sunderland
> > > Tel: 0191 515 2695
> > >
> > >
> > >
> > > Andrés Yacopino wrote:
> > >
> > > >I have deployed a samba server with Sun Java Ldap Directory.
> > > >
> > > >I sucessfully create users and deleted them when ldap delete
> > > dn=yes in
> > > >smb.conf, but when ldap delete dn=no i obtain this error when
> i
> > > issue a
> > > >smbpasswd -m -x command:
> > > >
> > > >ldapsam_delete_entry: Could not delete attributes for
> > > >uid=aprueba$,ou=computers,
> > > >o= acasalud.com.ar 
> > > ,dc=acasalud,dc=com,dc=ar, error:
> > Object
> > > class violation ()
> > > >Failed to delete entry for user aprueba$.
> > > >Failed to modify password entry for user aprueba$
> > > >
> > > >My smb.conf is:
> > > >
> > > >[global]
> > > >
> > > >   workgroup = ACASALUDROS
> > > >   server string = Sun Samba Server
> > > >   security = user
> > > >   dos filetimes = yes
> > > >   time offset = -360
> > > >   load printers = yes
> > > >   printcap name = /etc/printcap
> > > >   printing = cups
> > > >   guest account = guest
> > > >   log file = /usr/local/samba/var/log.%m
> > > >   log level = 5
> > > >   max log siz

Re: [Samba] Smbpasswd -m -x not working, "object class violation" error

[Daniel Wilson]

What object class is the displayName in and does the user account have 
that object class ? Im sure you need to have the object class before you 
can add/remove the attribute assigned to the object classs.


Attributes belong to and are grouped in objectclasses.

Regards

Daniel Wilson
Systems Manager
Student and Learning Support
University of Sunderland
Tel: 0191 515 2695



Andrés Yacopino wrote:


Thanks for replying Daniel, i execute :grep -il displayName *.ldif

and i obtain:

00core.ldif
50ns-admin.ldif
50ns-iabs.ldif
99samba-schema-netscapeds5.x.ldif
99user.ldif

And also see the configuration in the console and i see:

Standard Attribute(Read Only):

Name: displayName
OID: 2.16.840.1.113730.3.1.241
Syntax: DirectoryString
Multivalued: not checked

Do you know what is wrong with this?
Thanks a lot,
Andrés.

2006/2/14, Daniel Wilson <[EMAIL PROTECTED] 
>:


Im sure this means that its trying to delete the displayName attribute
which is more than likely not in your LDAP schema.

Look in "/slapd-/config/schema/" directory for
your schema

To see if "displayName" is part of any object classes in your LDAP
schema search the schema files:

bash# grep -il displayName
/slapd-/config/schema/*.ldif

If its not part of your schema you may want to add this attribute to
your 99user.ldif schema file or add the attribute via the Sun LDAP
console (recommended):

bash # /startconsole &
Server Group > Directory  Server (Open) > Configuration > Schema >
Attributes > Create

-or-

you may want to just disable schema checking in your LDAP server :

bash # /startconsole &
Server Group > Directory  Server (Open) > Configuration > Schema
(Disable)

Regards

Daniel Wilson
Systems Manager
Student and Learning Support
University of Sunderland
Tel: 0191 515 2695



Andrés Yacopino wrote:

> Daniel, check the log as you said and i hit this:
>
> [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema  - conn=-1 op=-1
> msgId=-1 -
> User error:  Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar

> ,dc=acasalud,dc=c
> om,dc=ar", attribute "displayName" is not allowed
>
> What does it means?
>
> Thanks,
> Andrés.
>
>
>
> 2006/2/14, Daniel Wilson < [EMAIL PROTECTED]

> >>:
>
> Have you checkes the Sun LDAP errors.log file for the
specific object
> class violation? Usually at
> /slapd-/logs/errors.log
>
> Daniel Wilson
> Systems Manager
> Student and Learning Support
> University of Sunderland
> Tel: 0191 515 2695
>
>
>
> Andrés Yacopino wrote:
>
> >I have deployed a samba server with Sun Java Ldap Directory.
> >
> >I sucessfully create users and deleted them when ldap delete
> dn=yes in
> >smb.conf, but when ldap delete dn=no i obtain this error when i
> issue a
> >smbpasswd -m -x command:
> >
> >ldapsam_delete_entry: Could not delete attributes for
> >uid=aprueba$,ou=computers,
> >o= acasalud.com.ar 
> ,dc=acasalud,dc=com,dc=ar, error:
Object
> class violation ()
> >Failed to delete entry for user aprueba$.
> >Failed to modify password entry for user aprueba$
> >
> >My smb.conf is:
> >
> >[global]
> >
> >   workgroup = ACASALUDROS
> >   server string = Sun Samba Server
> >   security = user
> >   dos filetimes = yes
> >   time offset = -360
> >   load printers = yes
> >   printcap name = /etc/printcap
> >   printing = cups
> >   guest account = guest
> >   log file = /usr/local/samba/var/log.%m
> >   log level = 5
> >   max log size = 50
> >   null passwords = yes
> >   encrypt passwords = yes
> >   ldap password sync = yes
> >   unix password sync = yes
> >   username level = 2
> >   password level = 0
> >   passwd program = /usr/bin/passwd %u
> >   passwd chat = *New* password* %n\n *new* password* %n\n
> *successfully*
> >idmap backend = ldapsam:ldap://localhost:389
> >passdb backend = ldapsam:ldap://localhost:389
> >ldap admin dn = cn=Directory Manager
> >ldap suffix = o= acasalud.com.ar

> ,dc=acasalud,dc=com,dc=ar
> >ldap user suffix = ou=people
> >ldap group suffix = ou=groups
> >ldap machine suffix = ou=computers
> >ldap idmap suffix = ou=id

Re: [Samba] Smbpasswd -m -x not working, "object class violation" error

[Andrés Yacopino]

Thanks for replying Daniel, i execute :grep -il displayName *.ldif

and i obtain:

00core.ldif
50ns-admin.ldif
50ns-iabs.ldif
99samba-schema-netscapeds5.x.ldif
99user.ldif

And also see the configuration in the console and i see:

Standard Attribute(Read Only):

Name: displayName
OID: 2.16.840.1.113730.3.1.241
Syntax: DirectoryString
Multivalued: not checked

Do you know what is wrong with this?
Thanks a lot,
Andrés.

2006/2/14, Daniel Wilson <[EMAIL PROTECTED]>:
>
> Im sure this means that its trying to delete the displayName attribute
> which is more than likely not in your LDAP schema.
>
> Look in "/slapd-/config/schema/" directory for
> your schema
>
> To see if "displayName" is part of any object classes in your LDAP
> schema search the schema files:
>
> bash# grep -il displayName
> /slapd-/config/schema/*.ldif
>
> If its not part of your schema you may want to add this attribute to
> your 99user.ldif schema file or add the attribute via the Sun LDAP
> console (recommended):
>
> bash # /startconsole &
> Server Group > Directory  Server (Open) > Configuration > Schema >
> Attributes > Create
>
> -or-
>
> you may want to just disable schema checking in your LDAP server :
>
> bash # /startconsole &
> Server Group > Directory  Server (Open) > Configuration > Schema (Disable)
>
> Regards
>
> Daniel Wilson
> Systems Manager
> Student and Learning Support
> University of Sunderland
> Tel: 0191 515 2695
>
>
>
> Andrés Yacopino wrote:
>
> > Daniel, check the log as you said and i hit this:
> >
> > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema  - conn=-1 op=-1
> > msgId=-1 -
> > User error:  Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar
> > ,dc=acasalud,dc=c
> > om,dc=ar", attribute "displayName" is not allowed
> >
> > What does it means?
> >
> > Thanks,
> > Andrés.
> >
> >
> >
> > 2006/2/14, Daniel Wilson < [EMAIL PROTECTED]
> > >:
> >
> > Have you checkes the Sun LDAP errors.log file for the specific
> object
> > class violation? Usually at
> > /slapd-/logs/errors.log
> >
> > Daniel Wilson
> > Systems Manager
> > Student and Learning Support
> > University of Sunderland
> > Tel: 0191 515 2695
> >
> >
> >
> > Andrés Yacopino wrote:
> >
> > >I have deployed a samba server with Sun Java Ldap Directory.
> > >
> > >I sucessfully create users and deleted them when ldap delete
> > dn=yes in
> > >smb.conf, but when ldap delete dn=no i obtain this error when i
> > issue a
> > >smbpasswd -m -x command:
> > >
> > >ldapsam_delete_entry: Could not delete attributes for
> > >uid=aprueba$,ou=computers,
> > >o= acasalud.com.ar
> > ,dc=acasalud,dc=com,dc=ar, error: Object
> > class violation ()
> > >Failed to delete entry for user aprueba$.
> > >Failed to modify password entry for user aprueba$
> > >
> > >My smb.conf is:
> > >
> > >[global]
> > >
> > >   workgroup = ACASALUDROS
> > >   server string = Sun Samba Server
> > >   security = user
> > >   dos filetimes = yes
> > >   time offset = -360
> > >   load printers = yes
> > >   printcap name = /etc/printcap
> > >   printing = cups
> > >   guest account = guest
> > >   log file = /usr/local/samba/var/log.%m
> > >   log level = 5
> > >   max log size = 50
> > >   null passwords = yes
> > >   encrypt passwords = yes
> > >   ldap password sync = yes
> > >   unix password sync = yes
> > >   username level = 2
> > >   password level = 0
> > >   passwd program = /usr/bin/passwd %u
> > >   passwd chat = *New* password* %n\n *new* password* %n\n
> > *successfully*
> > >idmap backend = ldapsam:ldap://localhost:389
> > >passdb backend = ldapsam:ldap://localhost:389
> > >ldap admin dn = cn=Directory Manager
> > >ldap suffix = o=acasalud.com.ar
> > ,dc=acasalud,dc=com,dc=ar
> > >ldap user suffix = ou=people
> > >ldap group suffix = ou=groups
> > >ldap machine suffix = ou=computers
> > >ldap idmap suffix = ou=idmap
> > >ldap delete dn = no
> > >   socket options = TCP_NODELAY=0
> > >   wins server = 10.11.0.2 
> > >   dns proxy = no
> > >
> > >what is wrong?
> > >
> > >Is that works only when
> > >
> > >   preferred master = yes
> > >   domain master = yes
> > >   local master = yes
> > >   domain logons = yes
> > >
> > >are yes?
> > >Any other ideas?
> > >
> > >Thanks a lot.
> > >
> > >
> > >--
> > >Andrés Yacopino
> > >
> > >
> >
> >
> >
> >
> >
> > --
> > Andrés Yacopino
>
>
>
>


--
Andrés Yacopino
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbpasswd -m -x not working, "object class violation" error

[Daniel Wilson]

Im sure this means that its trying to delete the displayName attribute 
which is more than likely not in your LDAP schema.


Look in "/slapd-/config/schema/" directory for 
your schema


To see if "displayName" is part of any object classes in your LDAP 
schema search the schema files: 

bash# grep -il displayName 
/slapd-/config/schema/*.ldif


If its not part of your schema you may want to add this attribute to 
your 99user.ldif schema file or add the attribute via the Sun LDAP 
console (recommended):


bash # /startconsole &
Server Group > Directory  Server (Open) > Configuration > Schema > 
Attributes > Create


-or-

you may want to just disable schema checking in your LDAP server :

bash # /startconsole &
Server Group > Directory  Server (Open) > Configuration > Schema (Disable)

Regards

Daniel Wilson
Systems Manager
Student and Learning Support
University of Sunderland
Tel: 0191 515 2695



Andrés Yacopino wrote:


Daniel, check the log as you said and i hit this:

[14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema  - conn=-1 op=-1 
msgId=-1 -
User error:  Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar 
,dc=acasalud,dc=c

om,dc=ar", attribute "displayName" is not allowed

What does it means?

Thanks,
Andrés.



2006/2/14, Daniel Wilson < [EMAIL PROTECTED] 
>:


Have you checkes the Sun LDAP errors.log file for the specific object
class violation? Usually at
/slapd-/logs/errors.log

Daniel Wilson
Systems Manager
Student and Learning Support
University of Sunderland
Tel: 0191 515 2695



Andrés Yacopino wrote:

>I have deployed a samba server with Sun Java Ldap Directory.
>
>I sucessfully create users and deleted them when ldap delete
dn=yes in
>smb.conf, but when ldap delete dn=no i obtain this error when i
issue a
>smbpasswd -m -x command:
>
>ldapsam_delete_entry: Could not delete attributes for
>uid=aprueba$,ou=computers,
>o= acasalud.com.ar
,dc=acasalud,dc=com,dc=ar, error: Object
class violation ()
>Failed to delete entry for user aprueba$.
>Failed to modify password entry for user aprueba$
>
>My smb.conf is:
>
>[global]
>
>   workgroup = ACASALUDROS
>   server string = Sun Samba Server
>   security = user
>   dos filetimes = yes
>   time offset = -360
>   load printers = yes
>   printcap name = /etc/printcap
>   printing = cups
>   guest account = guest
>   log file = /usr/local/samba/var/log.%m
>   log level = 5
>   max log size = 50
>   null passwords = yes
>   encrypt passwords = yes
>   ldap password sync = yes
>   unix password sync = yes
>   username level = 2
>   password level = 0
>   passwd program = /usr/bin/passwd %u
>   passwd chat = *New* password* %n\n *new* password* %n\n
*successfully*
>idmap backend = ldapsam:ldap://localhost:389
>passdb backend = ldapsam:ldap://localhost:389
>ldap admin dn = cn=Directory Manager
>ldap suffix = o=acasalud.com.ar
,dc=acasalud,dc=com,dc=ar
>ldap user suffix = ou=people
>ldap group suffix = ou=groups
>ldap machine suffix = ou=computers
>ldap idmap suffix = ou=idmap
>ldap delete dn = no
>   socket options = TCP_NODELAY=0
>   wins server = 10.11.0.2 
>   dns proxy = no
>
>what is wrong?
>
>Is that works only when
>
>   preferred master = yes
>   domain master = yes
>   local master = yes
>   domain logons = yes
>
>are yes?
>Any other ideas?
>
>Thanks a lot.
>
>
>--
>Andrés Yacopino
>
>





--
Andrés Yacopino 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbpasswd -m -x not working, "object class violation" error

[Andrés Yacopino]

Daniel, check the log as you said and i hit this:

[14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema  - conn=-1 op=-1
msgId=-1 -
User error:  Entry "uid=aprueba$,ou=computers,o=acasalud.com.ar
,dc=acasalud,dc=c
om,dc=ar", attribute "displayName" is not allowed

What does it means?

Thanks,
Andrés.



2006/2/14, Daniel Wilson <[EMAIL PROTECTED]>:
>
> Have you checkes the Sun LDAP errors.log file for the specific object
> class violation? Usually at /slapd-/logs/errors.log
>
> Daniel Wilson
> Systems Manager
> Student and Learning Support
> University of Sunderland
> Tel: 0191 515 2695
>
>
>
> Andrés Yacopino wrote:
>
> >I have deployed a samba server with Sun Java Ldap Directory.
> >
> >I sucessfully create users and deleted them when ldap delete dn=yes in
> >smb.conf, but when ldap delete dn=no i obtain this error when i issue a
> >smbpasswd -m -x command:
> >
> >ldapsam_delete_entry: Could not delete attributes for
> >uid=aprueba$,ou=computers,
> >o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar, error: Object class violation
> ()
> >Failed to delete entry for user aprueba$.
> >Failed to modify password entry for user aprueba$
> >
> >My smb.conf is:
> >
> >[global]
> >
> >   workgroup = ACASALUDROS
> >   server string = Sun Samba Server
> >   security = user
> >   dos filetimes = yes
> >   time offset = -360
> >   load printers = yes
> >   printcap name = /etc/printcap
> >   printing = cups
> >   guest account = guest
> >   log file = /usr/local/samba/var/log.%m
> >   log level = 5
> >   max log size = 50
> >   null passwords = yes
> >   encrypt passwords = yes
> >   ldap password sync = yes
> >   unix password sync = yes
> >   username level = 2
> >   password level = 0
> >   passwd program = /usr/bin/passwd %u
> >   passwd chat = *New* password* %n\n *new* password* %n\n *successfully*
> >idmap backend = ldapsam:ldap://localhost:389
> >passdb backend = ldapsam:ldap://localhost:389
> >ldap admin dn = cn=Directory Manager
> >ldap suffix = o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar
> >ldap user suffix = ou=people
> >ldap group suffix = ou=groups
> >ldap machine suffix = ou=computers
> >ldap idmap suffix = ou=idmap
> >ldap delete dn = no
> >   socket options = TCP_NODELAY=0
> >   wins server = 10.11.0.2
> >   dns proxy = no
> >
> >what is wrong?
> >
> >Is that works only when
> >
> >   preferred master = yes
> >   domain master = yes
> >   local master = yes
> >   domain logons = yes
> >
> >are yes?
> >Any other ideas?
> >
> >Thanks a lot.
> >
> >
> >--
> >Andrés Yacopino
> >
> >
>
>
>


--
Andrés Yacopino
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbpasswd -m -x not working, "object class violation" error

[Daniel Wilson]

Have you checkes the Sun LDAP errors.log file for the specific object 
class violation? Usually at /slapd-/logs/errors.log


Daniel Wilson
Systems Manager
Student and Learning Support
University of Sunderland
Tel: 0191 515 2695



Andrés Yacopino wrote:


I have deployed a samba server with Sun Java Ldap Directory.

I sucessfully create users and deleted them when ldap delete dn=yes in
smb.conf, but when ldap delete dn=no i obtain this error when i issue a
smbpasswd -m -x command:

ldapsam_delete_entry: Could not delete attributes for
uid=aprueba$,ou=computers,
o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar, error: Object class violation ()
Failed to delete entry for user aprueba$.
Failed to modify password entry for user aprueba$

My smb.conf is:

[global]

  workgroup = ACASALUDROS
  server string = Sun Samba Server
  security = user
  dos filetimes = yes
  time offset = -360
  load printers = yes
  printcap name = /etc/printcap
  printing = cups
  guest account = guest
  log file = /usr/local/samba/var/log.%m
  log level = 5
  max log size = 50
  null passwords = yes
  encrypt passwords = yes
  ldap password sync = yes
  unix password sync = yes
  username level = 2
  password level = 0
  passwd program = /usr/bin/passwd %u
  passwd chat = *New* password* %n\n *new* password* %n\n *successfully*
   idmap backend = ldapsam:ldap://localhost:389
   passdb backend = ldapsam:ldap://localhost:389
   ldap admin dn = cn=Directory Manager
   ldap suffix = o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar
   ldap user suffix = ou=people
   ldap group suffix = ou=groups
   ldap machine suffix = ou=computers
   ldap idmap suffix = ou=idmap
   ldap delete dn = no
  socket options = TCP_NODELAY=0
  wins server = 10.11.0.2
  dns proxy = no

what is wrong?

Is that works only when

  preferred master = yes
  domain master = yes
  local master = yes
  domain logons = yes

are yes?
Any other ideas?

Thanks a lot.


--
Andrés Yacopino
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Smbpasswd -m -x not working, "object class violation" error

[Andrés Yacopino]

I have deployed a samba server with Sun Java Ldap Directory.

I sucessfully create users and deleted them when ldap delete dn=yes in
smb.conf, but when ldap delete dn=no i obtain this error when i issue a
smbpasswd -m -x command:

ldapsam_delete_entry: Could not delete attributes for
uid=aprueba$,ou=computers,
o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar, error: Object class violation ()
Failed to delete entry for user aprueba$.
Failed to modify password entry for user aprueba$

My smb.conf is:

[global]

   workgroup = ACASALUDROS
   server string = Sun Samba Server
   security = user
   dos filetimes = yes
   time offset = -360
   load printers = yes
   printcap name = /etc/printcap
   printing = cups
   guest account = guest
   log file = /usr/local/samba/var/log.%m
   log level = 5
   max log size = 50
   null passwords = yes
   encrypt passwords = yes
   ldap password sync = yes
   unix password sync = yes
   username level = 2
   password level = 0
   passwd program = /usr/bin/passwd %u
   passwd chat = *New* password* %n\n *new* password* %n\n *successfully*
idmap backend = ldapsam:ldap://localhost:389
passdb backend = ldapsam:ldap://localhost:389
ldap admin dn = cn=Directory Manager
ldap suffix = o=acasalud.com.ar,dc=acasalud,dc=com,dc=ar
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=idmap
ldap delete dn = no
   socket options = TCP_NODELAY=0
   wins server = 10.11.0.2
   dns proxy = no

what is wrong?

Is that works only when

   preferred master = yes
   domain master = yes
   local master = yes
   domain logons = yes

are yes?
Any other ideas?

Thanks a lot.


--
Andrés Yacopino
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd and rpcclient differences between 3.0.14a and 3.0.21a

[gints neimanis]

Hi all,

The problem is that from version 3.0.21a the commands rpcclient and
smbpasswd does't work as before (and as I wish), when connecting to
remote Windows2000 domain controller.

Below are some tests and outputs, which show the command outputs. In
both cases samba is compiled from original sources. OS - Debian testing
and verified on Ubuntu.

RPCLIENT:
./rpcclient -c 'queryuser 0x2270' -U admin%password PDC

3.0.14a returns neccessary user data, like:

User Name   :   ...
...

...
logon_hrs[0..21]...


3.0.21a returns:
===
result was NT_STATUS_NONE_MAPPED
===
(other tested rpclient commands works as expected)



SMBPASSWD:
in version 3.0.21a it is impossible to change expired passwords and
passwords, where the option "User must change password at next logon" is
enabled.

3.0.21a:
==
./smbpasswd -r PDC -U domuser
Old SMB password:
New SMB password:
Retype new SMB password:
cli_pipe_validate_current_pdu: RPC fault code NT code 0x0005
received from remote machine PDC pipe \samr fnum 0x4002!
machine PDC rejected the password change: Error was : NT code 0x0005.
Failed to modify password entry for user domuser
==

3.0.14a:
==
./smbpasswd -r PDC -U domuser
Old SMB password:
New SMB password:
Retype new SMB password:
Password changed for user domuser on PDC.
==


Actually both commands are very useful, we are used it for our tasks (to
query user data and change passwords from web form), but now with new
versions they don't work as (we) expected.

Or I'm something missing, and both tasks can be accomplished in
different ways?

Have a nice day!
Gints Neimanis
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd usage

[Michel Bouchet]

Hi,

I used to set up Samba password on the command line with smbpasswd using the
following syntax :
smbpasswd -a newuser "usersecretpasswd"
smbpasswd -e newuser
but it does work any more.

How can I do the same without having to type in the password ?

Thanks in advance.

Michel

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd and password sync

[Francesc Guasch]

Hi. I wanted to test password sync. I only have one linux
server, with no windows PCs around. When I change the
password with smbpasswd the sync is not executed. I wonder
why ? Maybe smbpasswd access directly the database.

Is there a way I can test it from within only one linux box ?

This is ubuntu hoary, with samba 3.0.10-1. samba config :

unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .

passdb backend = tdbsam

I tried both
  pam password change = yes
and no.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd script fails

[Jack Mendez]

my useradd script works exactly the same way, why does that one work and
not this one?
kinda new to awk so just want to learn, i will give this a shot though.

On Thu, December 1, 2005 9:02 pm, Herb Lewis said:
> You are sending all the output to a single bash shell so only one
> command gets executed. You need to figure out a way to execute
> the "awk | bash" for each line of users.csv
>
> Something like the following should work
>
> #! /bin/bash
>
> cat users.csv | while  read ;
> do
> echo $REPLY | awk 'BEGIN {FS=","}{print "smbpasswd -a -s
> "$1"\n"$3"\n"$3"\n"}' | /bin/bash
> done
>
>
> Jack Mendez wrote:
>> i am using a script with awk which only works to add the first user from
>> my csv file.
>> when running with out the -s switch the output seems to be correct using
>> echo to test.
>>
>> here is the script
>>
>> #!/bin/bash
>> cat users.csv |awk 'BEGIN {FS=","}{print "echo smbpasswd -a -s
>> "$1"\n"$3"\n"$3"\n"}' |/bin/bash
>>
>> this script successfuly adds the first user.
>> when using the -s switch.
>>
>> when i tried this same script with out the -s switch the output is like
>> this.
>> smbpasswd -a username
>> then bash complains
>> and smbpasswd wants a password
>> it does this for each user twice.
>> dunno
>> any ideas?
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd script fails

[Herb Lewis]

You are sending all the output to a single bash shell so only one
command gets executed. You need to figure out a way to execute
the "awk | bash" for each line of users.csv

Something like the following should work

#! /bin/bash

cat users.csv | while  read ;
do
echo $REPLY | awk 'BEGIN {FS=","}{print "smbpasswd -a -s 
"$1"\n"$3"\n"$3"\n"}' | /bin/bash

done


Jack Mendez wrote:

i am using a script with awk which only works to add the first user from
my csv file.
when running with out the -s switch the output seems to be correct using
echo to test.

here is the script

#!/bin/bash
cat users.csv |awk 'BEGIN {FS=","}{print "echo smbpasswd -a -s
"$1"\n"$3"\n"$3"\n"}' |/bin/bash

this script successfuly adds the first user.
when using the -s switch.

when i tried this same script with out the -s switch the output is like this.
smbpasswd -a username
then bash complains
and smbpasswd wants a password
it does this for each user twice.
dunno
any ideas?



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd script fails

[Jack Mendez]

i am using a script with awk which only works to add the first user from
my csv file.
when running with out the -s switch the output seems to be correct using
echo to test.

here is the script

#!/bin/bash
cat users.csv |awk 'BEGIN {FS=","}{print "echo smbpasswd -a -s
"$1"\n"$3"\n"$3"\n"}' |/bin/bash

this script successfuly adds the first user.
when using the -s switch.

when i tried this same script with out the -s switch the output is like this.
smbpasswd -a username
then bash complains
and smbpasswd wants a password
it does this for each user twice.
dunno
any ideas?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba