[Samba] Compile samba 3.0.8 fail
Hello all When I install Samba 3.0.8 I get error messages, anyone know how to fix it? Thanks Compiling dynconfig.c In file included from include/includes.h:792, from dynconfig.c:21: tdb/tdb.h:114: argument format specified for non-function `log_fn' make: *** [dynconfig.o] Error 1 david -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] distribute/deploy software to clients
http://www.opennet.ru/docs/RUS/windows_auto_inst/index.html I'm not sure most people understand russian, but the article itself is just amazing! If You won't find any translator, let me know, I'll translate it. /me doesn't understand Russian. ;-) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Differences: ADS vs Samba-3 controlled domain
Hi, what are the essential differences between a Samba 3 controlled domain (thus an NT4-legacy domain) vs an ADS Microsoft controlled domain? AFAICT single-sign on, common password backends etc. can be modelled with LDAP KRB. Without ADS I cannot use some Microsoft GUIs to add/edit/remove users/printers/file shares. Also deploying group policies seems to be harder. What are the true reasons for going ADS, and what can be done against it? ;) And what are blockers for a Linux/Unix environment to go ADS? Is LDAP scripting with ADS as easy as with OpenLDAP for instance? Can I place all my NIS schemes onto ADS' LDAP, or will I stumble over proprietary extensions. Background: A medium sized educational facility (order 1000 nodes and users) considers consolidating Linux and Windows = 2000 authentication services and the Win-fraction praises ADS for it, while the Linux fraction shivers with the idea of having the most important piece of security lost to a black box ... Thanks! -- Axel.Thimm at ATrpms.net pgpaXRxt4NCNk.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences: ADS vs Samba-3 controlled domain
Axel Thimm wrote: what are the essential differences between a Samba 3 controlled domain (thus an NT4-legacy domain) vs an ADS Microsoft controlled domain? AFAICT single-sign on, common password backends etc. can be modelled with LDAP KRB. Without ADS I cannot use some Microsoft GUIs to add/edit/remove users/printers/file shares. Also deploying group policies seems to be harder. What are the true reasons for going ADS, and what can be done against it? ;) And what are blockers for a Linux/Unix environment to go ADS? Is LDAP scripting with ADS as easy as with OpenLDAP for instance? Can I place all my NIS schemes onto ADS' LDAP, or will I stumble over proprietary extensions. Background: A medium sized educational facility (order 1000 nodes and users) considers consolidating Linux and Windows = 2000 authentication services and the Win-fraction praises ADS for it, while the Linux fraction shivers with the idea of having the most important piece of security lost to a black box ... One thing Samba can't do is deploying software installation to all of its clients (consider updating Office on 1000 machines, by going from one to another). Of course it can be achieved by other means, but there is no golden method yet - see distribute/deploy software to clients topic which started a couple of days ago and is still alive. Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] distribute/deploy software to clients
Florian Effenberger wrote: http://www.opennet.ru/docs/RUS/windows_auto_inst/index.html I'm not sure most people understand russian, but the article itself is just amazing! If You won't find any translator, let me know, I'll translate it. /me doesn't understand Russian. ;-) /me neither :) Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] distribute/deploy software to clients
http://www.opennet.ru/docs/RUS/windows_auto_inst/index.html I'm not sure most people understand russian, but the article itself is just amazing! If You won't find any translator, let me know, I'll translate it. /me doesn't understand Russian. ;-) not very hard language to learn :-) German is much harder. At least I know many people in Germany who speak Russian. ok, I'll translate it. Cheers, Ilia Chipitsine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Domain doesnt work anymore
Hello, I have a redhat 9 system with samba 2.2.8 as PDC, this worked fine for almost a year. Since yesterday it is not possible to log on from the win2k workstations with the error message that the given username/password is wrong. With the same username/password it possible to connect to the server from win 98 machines. I attached the log entries of smbd and nmbd direct after the unsuccsessfull logon. I would appreciate any hints that could help to get it running again. Thanks Arne NMBD [EMAIL PROTECTED] root]# tail /var/log/samba/log.nmbd [2004/11/09 11:31:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(253) process_logon_packet: SAMLOGON request from GPI-B(xxx.xxx.xxx.xx) for , returning logon svr \\GEOLOGIE2 domain GPI code 13 token= [2004/11/09 11:31:38, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(480) process_name_query_request: Name query from xxx.xxx.xxx.xx on subnet xxx.xxx.xxx.xx for name GPI1b [2004/11/09 11:31:38, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(617) OK [2004/11/09 11:31:38, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from xxx.xxx.xxx.xx : code = 0x7 [2004/11/09 11:31:38, 3] nmbd/nmbd_processlogon.c:process_logon_packet(184) process_logon_packet: GETDC request from GPI-B at IP xxx.xxx.xxx.xx , reporting GEOLOGIE2 domain GPI 0xc ntversion=b lm_nt token= lm_20 token= [EMAIL PROTECTED] root]# SMBD [EMAIL PROTECTED] root]# tail /var/log/samba/log.smbd [2004/11/09 11:32:41, 3] smbd/uid.c:fetch_sid_from_gid_cache(667) fetch sid from gid cache 100 - S-1-5-21-2821890299-870506459-1885353054-1201 [2004/11/09 11:32:41, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1687) call_nt_transact_query_security_desc: sd_size = 120. [2004/11/09 11:32:41, 3] smbd/process.c:process_smb(846) Transaction 251 of length 45 [2004/11/09 11:32:41, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 5934) [2004/11/09 11:32:41, 3] smbd/reply.c:reply_close(3178) close directory fnum=6376 [EMAIL PROTECTED] root]# tail /var/log/samba/log.smbd [2004/11/09 11:34:41, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/09 11:34:41, 2] smbd/server.c:exit_server(511) Closing connections [2004/11/09 11:34:41, 3] smbd/connection.c:yield_connection(48) Yielding connection to [2004/11/09 11:34:41, 3] smbd/server.c:exit_server(545) Server exit (normal exit) [2004/11/09 11:34:47, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc user add fails
I have tried net rpc user add username password. The command fails with an error message User must be specified. This message comes from function rpc_user_add_internals - only one argument ist allowed. Something seems to be wrong - code or documentation. regards Mathias Wohlfarth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Option password never expires does not work correctly
We have set option password never expires for a user with pdbedit -u username -c [X]. The user must not change his password, but gets a message, that Password expires today. Do you want to change. This is confusing. regards Mathias Wohlfarth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] distribute/deploy software to clients
http://www.opennet.ru/docs/RUS/windows_auto_inst/index.html I'm not sure most people understand russian, but the article itself is just amazing! If You won't find any translator, let me know, I'll translate it. /me doesn't understand Russian. ;-) http://babelfish.altavista.com/babelfish/trurl_pagecontent?url=http%3A%2F%2Fwww.opennet.ru%2Fdocs%2FRUS%2Fwindows_auto_inst%2Findex.htmllp=ru_en -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] conecting xp client to a smb server
Hi I am having som problems conecting a xp box to a samba server, in the log i get the folowing error: [2004/11/09 12:50:52, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) get_md4pw: Workstation gm8$: no account in domain I have tryed to add gm8 to the domain, but it dont seem to work Any link to a good howto or a fast explenation woud be great my smb.conf is as folow [global] workgroup = Netzone server string = Netzone Linux file server v2.0 encrypt passwords = yes netbios name = maze hosts allow = 212.125.193. 212.125.252. log file = /var/log/samba/log.%m max log size = 300 null passwords = no #interfaces = 195.204.128.192/255.255.255.192 interfaces = 212.125.193.128/255.255.255.128 security = user default service = reference socket options = TCP_NODELAY SO_KEEPALIVE local master = yes domain master = yes preferred master = yes os level = 65 domain logons = yes logon path = \\%L\Profiles\%U logon script = logon.bat #map to guest = Bad User wins support = yes # For andre samba servere : wins server = 192.168.1.6 browse list = Yes preserve case = yes #short case preserve = yes case sensitive = no [homes] comment = Home Directories browseable = no writable = yes valid users = guest, vakt, surfer, drift [netlogon] comment = Network Logon Service path = /home/netlogon browseable = no guest ok = no share modes = no writeable = no valid users = guest, vakt, surfer, drift [profiles] comment = User profiles path = /mnt/disk2/profiles browseable = no guest ok = no writeable = yes create mask = 0700 valid users = guest, vakt, surfer, drift Best regards Einar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Segmendation Fault with smbpasswd
If i do a bash~#smbpasswd -a -m uos-staff i get a Segmendation Fault if u use the idealx scripts this appears in log.smbd (in using samba 3.0.7 with ldap support) Help!! === [2004/11/09 11:51:07, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 2018 (3.0.7) Please read the appendix Bugs of the Samba HOWTO collection [2004/11/09 11:51:07, 0] lib/fault.c:fault_report(39) === [2004/11/09 11:51:07, 0] lib/util.c:smb_panic2(1381) PANIC: internal error [2004/11/09 11:51:07, 0] lib/util.c:smb_panic2(1389) BACKTRACE: 29 stack frames: #0 /usr/local/sbin/smbd(smb_panic2+0x18c) [0x8193e16] #1 /usr/local/sbin/smbd(smb_panic+0x10) [0x8193c88] #2 /usr/local/sbin/smbd [0x818405a] #3 /usr/local/sbin/smbd [0x81840af] #4 /lib/libc.so.6 [0x400e65c8] #5 /usr/local/sbin/smbd [0x8174890] #6 /usr/local/sbin/smbd [0x81748eb] #7 /usr/local/sbin/smbd [0x816d550] #8 /usr/local/sbin/smbd(pdb_getsampwnam+0x29) [0x816ecbf] #9 /usr/local/sbin/smbd [0x80f7d7b] #10 /usr/local/sbin/smbd(_net_auth_2+0x7b) [0x80f8173] #11 /usr/local/sbin/smbd [0x80f706a] #12 /usr/local/sbin/smbd(api_rpcTNP+0x200) [0x812b7be] #13 /usr/local/sbin/smbd(api_pipe_request+0xd2) [0x812b53e] #14 /usr/local/sbin/smbd [0x8125ba8] #15 /usr/local/sbin/smbd [0x8125d84] #16 /usr/local/sbin/smbd [0x8126001] #17 /usr/local/sbin/smbd [0x81261b8] #18 /usr/local/sbin/smbd(write_to_pipe+0xd7) [0x812613c] #19 /usr/local/sbin/smbd [0x808817a] #20 /usr/local/sbin/smbd [0x8088353] #21 /usr/local/sbin/smbd(reply_trans+0x9d8) [0x8088d9d] #22 /usr/local/sbin/smbd [0x80c0b45] #23 /usr/local/sbin/smbd [0x80c0bd7] #24 /usr/local/sbin/smbd(process_smb+0x1c6) [0x80c0ee6] #25 /usr/local/sbin/smbd(smbd_process+0x157) [0x80c1a0e] #26 /usr/local/sbin/smbd(main+0x716) [0x81eb561] #27 /lib/libc.so.6(__libc_start_main+0xce) [0x400d28ae] #28 /usr/local/sbin/smbd(strcpy+0x35) [0x8076a91] -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Segmendation Fault with smbpasswd
sorry its a Segmentation fault! (cant spell!! :p) Daniel Wilson wrote: If i do a bash~#smbpasswd -a -m uos-staff i get a Segmendation Fault if u use the idealx scripts this appears in log.smbd (in using samba 3.0.7 with ldap support) Help!! === [2004/11/09 11:51:07, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 2018 (3.0.7) Please read the appendix Bugs of the Samba HOWTO collection [2004/11/09 11:51:07, 0] lib/fault.c:fault_report(39) === [2004/11/09 11:51:07, 0] lib/util.c:smb_panic2(1381) PANIC: internal error [2004/11/09 11:51:07, 0] lib/util.c:smb_panic2(1389) BACKTRACE: 29 stack frames: #0 /usr/local/sbin/smbd(smb_panic2+0x18c) [0x8193e16] #1 /usr/local/sbin/smbd(smb_panic+0x10) [0x8193c88] #2 /usr/local/sbin/smbd [0x818405a] #3 /usr/local/sbin/smbd [0x81840af] #4 /lib/libc.so.6 [0x400e65c8] #5 /usr/local/sbin/smbd [0x8174890] #6 /usr/local/sbin/smbd [0x81748eb] #7 /usr/local/sbin/smbd [0x816d550] #8 /usr/local/sbin/smbd(pdb_getsampwnam+0x29) [0x816ecbf] #9 /usr/local/sbin/smbd [0x80f7d7b] #10 /usr/local/sbin/smbd(_net_auth_2+0x7b) [0x80f8173] #11 /usr/local/sbin/smbd [0x80f706a] #12 /usr/local/sbin/smbd(api_rpcTNP+0x200) [0x812b7be] #13 /usr/local/sbin/smbd(api_pipe_request+0xd2) [0x812b53e] #14 /usr/local/sbin/smbd [0x8125ba8] #15 /usr/local/sbin/smbd [0x8125d84] #16 /usr/local/sbin/smbd [0x8126001] #17 /usr/local/sbin/smbd [0x81261b8] #18 /usr/local/sbin/smbd(write_to_pipe+0xd7) [0x812613c] #19 /usr/local/sbin/smbd [0x808817a] #20 /usr/local/sbin/smbd [0x8088353] #21 /usr/local/sbin/smbd(reply_trans+0x9d8) [0x8088d9d] #22 /usr/local/sbin/smbd [0x80c0b45] #23 /usr/local/sbin/smbd [0x80c0bd7] #24 /usr/local/sbin/smbd(process_smb+0x1c6) [0x80c0ee6] #25 /usr/local/sbin/smbd(smbd_process+0x157) [0x80c1a0e] #26 /usr/local/sbin/smbd(main+0x716) [0x81eb561] #27 /lib/libc.so.6(__libc_start_main+0xce) [0x400d28ae] #28 /usr/local/sbin/smbd(strcpy+0x35) [0x8076a91] -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PANIC in logs. What does it mean? How to avoid?
Hello. Now have samba-3.0.7 installed on my system. The problem is this strange message in my logs: Nov 9 14:36:18 alustem smbd[14188]: [2004/11/09 14:36:18, 0] lib/util.c:smb_panic2(1381) PANIC: PANIC: deferred_open_entries_identical: logic error. [2004/11/09 14:36:18, 0] lib/util.c:smb_panic2(1389) BACKTRACE: 1 stack frames: #0 /usr/sbin/smbd(smb_panic2+0xfc) [0x81bb594] How should I debug this problem? Is this problem serious. Please help me. This is in production enviroment, so it need to be up forever. I'm very worring about this. Thank you in advance, Peter. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Confused with profile filesystem permissions
On Mon, Nov 08, 2004 at 07:38:28PM -0700, John H Terpstra wrote: My top level: /var/lib/samba/profiles is owned by root, group = root. Permissions are: 0770 If I leave my /var/lib/samba/profiles like that, I get this error upon logon: [2004/11/09 10:02:06, 1] smbd/service.c:make_connection_snum(648) einstein (10.0.4.142) connect to service profiles initially as user buffy (uid=19422, gid=100) (pid 12965) [2004/11/09 10:02:06, 0] smbd/service.c:set_current_service(51) chdir (/var/lib/samba/profiles) failed I assume this happens because the connection is being made as user buffy who cannot enter /var/lib/samba/profiles if it is root:root 0770 My profile directory as user jht: drwxr-xr-x 16 jht Domain Users 552 2004-07-19 14:08 jht/ The Windows and unix group Domain Users is mapped as follows: frodo:~ # net groupmap list Domain Admins (S-1-5-21-726309263-4128913605-1168186429-512) - Domain Admins Domain Users (S-1-5-21-726309263-4128913605-1168186429-513) - Domain Users You called the local group Domain Users just for convenience, I assume. I have this mapping on the samba PDC: # net groupmap list | grep users Domain Users (S-1-5-21-1283145168-670325121-1332409668-1201) - users And: # id buffy uid=19422(buffy) gid=100(users) grupos=100(users) That's ok, right? I'm getting permission denied errors from winxp pro sp2 and samba 3.0.8pre2. Does it have something to do with profile acls? My profile share definition is: [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes I have now: [profiles] path = /var/lib/samba/profiles writable = yes create mask = 0600 directory mask = 0700 profile acls = yes I'll keep on testing, thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Confused with profile filesystem permissions
On Tue, Nov 09, 2004 at 10:07:20AM -0200, Andreas wrote: path = /var/lib/samba/profiles writable = yes create mask = 0600 directory mask = 0700 profile acls = yes I'll keep on testing, thanks for your help. Still not working, with or without profile acls. The only files that are created in /var/lib/samba/profiles/buffy are: -rw--- 1 buffy users 524288 2004-11-09 10:26 NTUSER.DAT -rw--- 1 buffy users 1024 2004-11-09 10:26 NTUSER.DAT.LOG -rw--- 1 buffy users210 2004-11-09 10:07 ntuser.ini Upon logout, winxp complains about not being able to copy SendTo to the profile directory, claiming access was denied. In the logs (level 2 for now) I have (einstein is the winxp sp2 workstation): [2004/11/09 10:26:55, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2487) Returning domain sid for domain TREINAMENTO - S-1-5-21-1283145168-670325121-1332409668 [2004/11/09 10:26:55, 1] smbd/service.c:make_connection_snum(648) einstein (10.0.4.142) connect to service profiles initially as user buffy (uid=19422, gid=100) (pid 13664) [2004/11/09 10:26:56, 2] smbd/open.c:open_file(245) buffy opened file buffy/prf14.tmp read=Yes write=No (numopen=1) [2004/11/09 10:26:56, 2] smbd/close.c:close_normal_file(270) buffy closed file buffy/prf14.tmp (numopen=0) [2004/11/09 10:26:56, 2] smbd/open.c:open_file(245) buffy opened file buffy/prf14.tmp read=Yes write=Yes (numopen=1) (...) [2004/11/09 10:26:56, 2] smbd/open.c:open_file(245) buffy opened file buffy/prf16.tmp read=Yes write=No (numopen=1) [2004/11/09 10:26:56, 2] smbd/close.c:close_normal_file(270) buffy closed file buffy/prf16.tmp (numopen=0) [2004/11/09 10:26:56, 2] smbd/trans2.c:call_trans2setfilepathinfo(3681) file_set_dosmode of buffy/SendTo failed (Não há dados disponíveis) --- no data available [2004/11/09 10:27:07, 1] smbd/service.c:close_cnum(836) einstein (10.0.4.142) closed connection to service netlogon (...) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2000 Scheduler Permission Problem
Hello, I'm struggling with a Samba 3.07 installation on a Debian Sarge system. This system is used as a backup server and a scheduler job on a windows 2000 server should backup some data on that system. The integration of samba and the Windows 2000 domain works fine, as long as we interactivly access the samba box from the windows server. In this case the user is recognized correctly from the samba system. As soon as the job is started from the scheduler I can't even access the samba box, because there is no user mapped to samba. I got these error message in the samba log: check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface If I manually run the job I got this in the log file: check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface I already tried to map the samba box using in the job: net use drive: \\sambabox\directory /user:domain\user password but even with this there is no user mapping on the samba box. And again if run interactivly its working fine, but as a scheduler task its not. Any hints to solve that problem would be fine.. thanks in advance. regards Lars -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Segmendation Fault with smbpasswd
Hi, I've got exactly the same problem with this version of samba (and also with 3.0.6) but it works with 3.0.2a I upgraded to 3.0.8 today and it seems to work (on a testing machine). I can't explain this problem. Cheers Daniel Wilson a écrit : sorry its a Segmentation fault! (cant spell!! :p) Daniel Wilson wrote: If i do a bash~#smbpasswd -a -m uos-staff i get a Segmendation Fault if u use the idealx scripts this appears in log.smbd (in using samba 3.0.7 with ldap support) Help!! === [2004/11/09 11:51:07, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 2018 (3.0.7) Please read the appendix Bugs of the Samba HOWTO collection [2004/11/09 11:51:07, 0] lib/fault.c:fault_report(39) === [2004/11/09 11:51:07, 0] lib/util.c:smb_panic2(1381) PANIC: internal error [2004/11/09 11:51:07, 0] lib/util.c:smb_panic2(1389) BACKTRACE: 29 stack frames: #0 /usr/local/sbin/smbd(smb_panic2+0x18c) [0x8193e16] #1 /usr/local/sbin/smbd(smb_panic+0x10) [0x8193c88] #2 /usr/local/sbin/smbd [0x818405a] #3 /usr/local/sbin/smbd [0x81840af] #4 /lib/libc.so.6 [0x400e65c8] #5 /usr/local/sbin/smbd [0x8174890] #6 /usr/local/sbin/smbd [0x81748eb] #7 /usr/local/sbin/smbd [0x816d550] #8 /usr/local/sbin/smbd(pdb_getsampwnam+0x29) [0x816ecbf] #9 /usr/local/sbin/smbd [0x80f7d7b] #10 /usr/local/sbin/smbd(_net_auth_2+0x7b) [0x80f8173] #11 /usr/local/sbin/smbd [0x80f706a] #12 /usr/local/sbin/smbd(api_rpcTNP+0x200) [0x812b7be] #13 /usr/local/sbin/smbd(api_pipe_request+0xd2) [0x812b53e] #14 /usr/local/sbin/smbd [0x8125ba8] #15 /usr/local/sbin/smbd [0x8125d84] #16 /usr/local/sbin/smbd [0x8126001] #17 /usr/local/sbin/smbd [0x81261b8] #18 /usr/local/sbin/smbd(write_to_pipe+0xd7) [0x812613c] #19 /usr/local/sbin/smbd [0x808817a] #20 /usr/local/sbin/smbd [0x8088353] #21 /usr/local/sbin/smbd(reply_trans+0x9d8) [0x8088d9d] #22 /usr/local/sbin/smbd [0x80c0b45] #23 /usr/local/sbin/smbd [0x80c0bd7] #24 /usr/local/sbin/smbd(process_smb+0x1c6) [0x80c0ee6] #25 /usr/local/sbin/smbd(smbd_process+0x157) [0x80c1a0e] #26 /usr/local/sbin/smbd(main+0x716) [0x81eb561] #27 /lib/libc.so.6(__libc_start_main+0xce) [0x400d28ae] #28 /usr/local/sbin/smbd(strcpy+0x35) [0x8076a91] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Segmendation Fault with smbpasswd
Hi, I have fixed the problem, i did a: /etc/init.d/smbd stop however when i did a ps -ef | grep smb there was still smbd processes, so did a kil -9 id on all the process, the started smbd +nmbd and this has fixed my problem! may by you could try the same? regards Norbert Gomes wrote: Hi, I've got exactly the same problem with this version of samba (and also with 3.0.6) but it works with 3.0.2a I upgraded to 3.0.8 today and it seems to work (on a testing machine). I can't explain this problem. Cheers Daniel Wilson a écrit : sorry its a Segmentation fault! (cant spell!! :p) Daniel Wilson wrote: If i do a bash~#smbpasswd -a -m uos-staff i get a Segmendation Fault if u use the idealx scripts this appears in log.smbd (in using samba 3.0.7 with ldap support) Help!! === [2004/11/09 11:51:07, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 2018 (3.0.7) Please read the appendix Bugs of the Samba HOWTO collection [2004/11/09 11:51:07, 0] lib/fault.c:fault_report(39) === [2004/11/09 11:51:07, 0] lib/util.c:smb_panic2(1381) PANIC: internal error [2004/11/09 11:51:07, 0] lib/util.c:smb_panic2(1389) BACKTRACE: 29 stack frames: #0 /usr/local/sbin/smbd(smb_panic2+0x18c) [0x8193e16] #1 /usr/local/sbin/smbd(smb_panic+0x10) [0x8193c88] #2 /usr/local/sbin/smbd [0x818405a] #3 /usr/local/sbin/smbd [0x81840af] #4 /lib/libc.so.6 [0x400e65c8] #5 /usr/local/sbin/smbd [0x8174890] #6 /usr/local/sbin/smbd [0x81748eb] #7 /usr/local/sbin/smbd [0x816d550] #8 /usr/local/sbin/smbd(pdb_getsampwnam+0x29) [0x816ecbf] #9 /usr/local/sbin/smbd [0x80f7d7b] #10 /usr/local/sbin/smbd(_net_auth_2+0x7b) [0x80f8173] #11 /usr/local/sbin/smbd [0x80f706a] #12 /usr/local/sbin/smbd(api_rpcTNP+0x200) [0x812b7be] #13 /usr/local/sbin/smbd(api_pipe_request+0xd2) [0x812b53e] #14 /usr/local/sbin/smbd [0x8125ba8] #15 /usr/local/sbin/smbd [0x8125d84] #16 /usr/local/sbin/smbd [0x8126001] #17 /usr/local/sbin/smbd [0x81261b8] #18 /usr/local/sbin/smbd(write_to_pipe+0xd7) [0x812613c] #19 /usr/local/sbin/smbd [0x808817a] #20 /usr/local/sbin/smbd [0x8088353] #21 /usr/local/sbin/smbd(reply_trans+0x9d8) [0x8088d9d] #22 /usr/local/sbin/smbd [0x80c0b45] #23 /usr/local/sbin/smbd [0x80c0bd7] #24 /usr/local/sbin/smbd(process_smb+0x1c6) [0x80c0ee6] #25 /usr/local/sbin/smbd(smbd_process+0x157) [0x80c1a0e] #26 /usr/local/sbin/smbd(main+0x716) [0x81eb561] #27 /lib/libc.so.6(__libc_start_main+0xce) [0x400d28ae] #28 /usr/local/sbin/smbd(strcpy+0x35) [0x8076a91] -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Segmendation Fault with smbpasswd
At that time, I tried everything (complete uninstal etc...) but always the same thing. I will test the 3.0.8 version as it seems to work thanks Daniel Wilson a écrit : Hi, I have fixed the problem, i did a: /etc/init.d/smbd stop however when i did a ps -ef | grep smb there was still smbd processes, so did a kil -9 id on all the process, the started smbd +nmbd and this has fixed my problem! may by you could try the same? regards Norbert Gomes wrote: Hi, I've got exactly the same problem with this version of samba (and also with 3.0.6) but it works with 3.0.2a I upgraded to 3.0.8 today and it seems to work (on a testing machine). I can't explain this problem. Cheers Daniel Wilson a écrit : sorry its a Segmentation fault! (cant spell!! :p) Daniel Wilson wrote: If i do a bash~#smbpasswd -a -m uos-staff i get a Segmendation Fault if u use the idealx scripts this appears in log.smbd (in using samba 3.0.7 with ldap support) Help!! === [2004/11/09 11:51:07, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 2018 (3.0.7) Please read the appendix Bugs of the Samba HOWTO collection [2004/11/09 11:51:07, 0] lib/fault.c:fault_report(39) === [2004/11/09 11:51:07, 0] lib/util.c:smb_panic2(1381) PANIC: internal error [2004/11/09 11:51:07, 0] lib/util.c:smb_panic2(1389) BACKTRACE: 29 stack frames: #0 /usr/local/sbin/smbd(smb_panic2+0x18c) [0x8193e16] #1 /usr/local/sbin/smbd(smb_panic+0x10) [0x8193c88] #2 /usr/local/sbin/smbd [0x818405a] #3 /usr/local/sbin/smbd [0x81840af] #4 /lib/libc.so.6 [0x400e65c8] #5 /usr/local/sbin/smbd [0x8174890] #6 /usr/local/sbin/smbd [0x81748eb] #7 /usr/local/sbin/smbd [0x816d550] #8 /usr/local/sbin/smbd(pdb_getsampwnam+0x29) [0x816ecbf] #9 /usr/local/sbin/smbd [0x80f7d7b] #10 /usr/local/sbin/smbd(_net_auth_2+0x7b) [0x80f8173] #11 /usr/local/sbin/smbd [0x80f706a] #12 /usr/local/sbin/smbd(api_rpcTNP+0x200) [0x812b7be] #13 /usr/local/sbin/smbd(api_pipe_request+0xd2) [0x812b53e] #14 /usr/local/sbin/smbd [0x8125ba8] #15 /usr/local/sbin/smbd [0x8125d84] #16 /usr/local/sbin/smbd [0x8126001] #17 /usr/local/sbin/smbd [0x81261b8] #18 /usr/local/sbin/smbd(write_to_pipe+0xd7) [0x812613c] #19 /usr/local/sbin/smbd [0x808817a] #20 /usr/local/sbin/smbd [0x8088353] #21 /usr/local/sbin/smbd(reply_trans+0x9d8) [0x8088d9d] #22 /usr/local/sbin/smbd [0x80c0b45] #23 /usr/local/sbin/smbd [0x80c0bd7] #24 /usr/local/sbin/smbd(process_smb+0x1c6) [0x80c0ee6] #25 /usr/local/sbin/smbd(smbd_process+0x157) [0x80c1a0e] #26 /usr/local/sbin/smbd(main+0x716) [0x81eb561] #27 /lib/libc.so.6(__libc_start_main+0xce) [0x400d28ae] #28 /usr/local/sbin/smbd(strcpy+0x35) [0x8076a91] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] installing printer in a logon script
Hi, But it seems to me that Windows is simply ignoring /if /f flags, because it doesn't print any error (even with no /q) when I put some nonsense instead of the location of the ini file. Well here we just have : rundll32 printui.dll,PrintUIEntry /in /n \\server\printer in a script called from the login script. It seems to work fine for us except for the nice feature in XP SP1 that disables users from installing printers - we haven't got round to pushing out a registry hack to fix that yet, but before SP1 went on it worked. Hi, would you mind posting the .reg file? Tarjei As for adding print drivers to the server, we use cupsaddsmb (as per the Samba howtos). So, we add a printer to cups, select the right PPD and put it in /etc/cups/ppd, then run cupsaddsmb to install the drivers. Add the rundll ... line to the login scripts, and next time a user logs in they get the printer installed (subject to the point and print policy in place). This is with samba 2.2.8a-224 and cups 1.1.15-170 (current versions for Suse Linux Openexchange server). Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- Tarjei Huse [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions problem with 3.0.8
Since 3.0.8 we have a file permission problem (group related???). I didn't take a closer look at it, our production environment went back to 3.0.7. symptoms: certain files can't be recreated/deleted, but group rights should allow it. 3.0.7 works fine. Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] installing printer in a logon script
Tarjei Huse wrote: except for the nice feature in XP SP1 that disables users from installing printers - we haven't got round to pushing out a registry hack to fix that yet, but before SP1 went on it worked. Hi, would you mind posting the .reg file? I haven't built one yet, on my list of things to 'get around to'. Details can be found at : http://support.microsoft.com/?kbid=319939 I have to say I was 'mildly surprised' to find a description of the registry entries, since everything else I've ever tried to find has been covered by see insert name group policy. Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions problem with 3.0.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beschorner Daniel wrote: | Since 3.0.8 we have a file permission problem (group related???). | I didn't take a closer look at it, our production environment went back to | 3.0.7. | | symptoms: certain files can't be recreated/deleted, but group rights should | allow it. | | 3.0.7 works fine. We'll need a lot more information. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkNEaIR7qMdg1EfYRAm3ZAJ9OusYDoQOvA8a/hglSsrn+ctw6DQCg6ugq Ty8XyPgZBQb24C+qVMpFmpk= =p3FL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Segmendation Fault with smbpasswd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Wilson wrote: | If i do a | bash~#smbpasswd -a -m uos-staff | | i get a | Segmendation Fault | | if u use the idealx scripts this appears in log.smbd | (in using samba 3.0.7 with ldap support) You're using the 2.2 schema right ? I thought this bug was fixed in 3.0.8. See https://bugzilla.samba.org/show_bug.cgi?id=1857 cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkNGAIR7qMdg1EfYRApmqAKC/31TYfjBhUbv9JfivcwwQa3MuAQCfbpZa tul+z53hBTwDqT6TY124DT4= =YYJw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Segmendation Fault with smbpasswd
We also use this schema (2.2) and now it works with the 3.0.8 version (the segfault occured in 3.0.7 and 3.0.6) Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Wilson wrote: | If i do a | bash~#smbpasswd -a -m uos-staff | | i get a | Segmendation Fault | | if u use the idealx scripts this appears in log.smbd | (in using samba 3.0.7 with ldap support) You're using the 2.2 schema right ? I thought this bug was fixed in 3.0.8. See https://bugzilla.samba.org/show_bug.cgi?id=1857 cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkNGAIR7qMdg1EfYRApmqAKC/31TYfjBhUbv9JfivcwwQa3MuAQCfbpZa tul+z53hBTwDqT6TY124DT4= =YYJw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Segmendation Fault with smbpasswd
Norbert Gomes wrote: We also use this schema (2.2) and now it works with the 3.0.8 version (the segfault occured in 3.0.7 and 3.0.6) Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Wilson wrote: | If i do a | bash~#smbpasswd -a -m uos-staff | | i get a | Segmendation Fault | | if u use the idealx scripts this appears in log.smbd | (in using samba 3.0.7 with ldap support) You're using the 2.2 schema right ? I thought this bug was fixed in 3.0.8. See https://bugzilla.samba.org/show_bug.cgi?id=1857 cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkNGAIR7qMdg1EfYRApmqAKC/31TYfjBhUbv9JfivcwwQa3MuAQCfbpZa tul+z53hBTwDqT6TY124DT4= =YYJw -END PGP SIGNATURE- i was using the netscape schema, as we are using Sun One Directory Server! But it seems to have gone, but now i have a nother problem whe making samba the trusting domain in a two domain inter-trust. [2004/11/09 14:59:34, 0] libsmb/samlogon_cache.c:netsamlogon_cache_store(123) netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write! can you help? -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 openldap posixAccount
Hi: I have heard that with samba 3 you don't need to have posixAccount objectclass as part of the entries in the ldap directory anymore. I couldn't find any information about how to get this going, so I am recurring to this list. What I want to achieve is to have my ldap directory to validate windows users through samba. I just want to validate the users to have access to the windows hosts, and I don't want to give any user access to a share in the samba server. I tried to follow many of the howtos that I did find in google, but failed to achieve my goal. As far as I know when you do 'getent passwd', nss_ldap looks in the ldap directory for a entry that has the posixAccount objectclass, so in this case I couldn't use this to test if the samba is seeing the ldap correctly. I tell you this, because in my tests, I always got in the samba log files: 'User myuser in passdb, but getpwnam() failed!. And right after that the error messages that the user cannot logon. This makes me think that I cannot avoid the posixAccount entry in my samba users... is this right? Why is the posixAccount entry needed in the first place? I dont want to give these users any kind of access to my samba (linux) server I hope you can understand my problem, and that you can give me any kind of answer in order to overcome it regards ricardo pd: sorry for the long long mail , but I couldn't write less to fully explain my situation -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PANIC in logs. What does it mean? How to avoid?
On Tuesday 09 November 2004 17:15, you wrote: Peter Volkov Alexandrovich wrote: | Now have samba-3.0.7 installed on my system. The problem is this strange | message in my logs: | Nov 9 14:36:18 alustem smbd[14188]: | | [2004/11/09 14:36:18, 0] lib/util.c:smb_panic2(1381) | PANIC: PANIC: deferred_open_entries_identical: logic error. This was fixed in 3.0.8 IIRC. cheers, jerry Thank you, jerry. I think it's time to upgrade for me. Peter. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba: CUPS connection refused
Hello, I have an IBM 225 xSeries under SuSe 9.1 professional. I have some PC's connected under samba to server and Lexmark T630 running under cups. It´s works fine but sometimes I cannot print. Looking in smb.conf I found: [2004/11/09 13:44:21, 0] smbd/server.c:main(757) smbd version 3.0.4-SUSE started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/11/09 13:44:21, 0] printing/print_cups.c:cups_printer_fn(108) Unable to connect to CUPS server localhost - Connection refused This appears every day in /var/log/samba/log.smbd, but I can print anyway. It isn´t error message in /var/log/cups/error_log. My smb.conf is: # Samba config file created using SWAT # from 192.168.3.254 (192.168.3.254) # Date: 2004/11/09 09:09:42 # Global parameters [global] workgroup = BPM server string = Samba Server interfaces = 192.168.3.111 client schannel = Yes server schannel = Yes passwd chat = *New*Password* username map = /etc/samba/smbusers syslog = 0 name resolve order = wins bcast hosts show add printer wizard = No add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd logon script = scripts\login.bat logon path = logon drive = X: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap suffix = dc=example,dc=com ldap ssl = no idmap uid = 1-2 idmap gid = 29000-3 [printers] comment = SMB Print Spool path = /var/spool/samba printer admin = root printable = Yes use client driver = Yes browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon valid users = %S read only = No Can you help me?, thanks and excuse me for my english. __ Renovamos el Correo Yahoo!: ¡100 MB GRATIS! Nuevos servicios, más seguridad http://correo.yahoo.es -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbmount and session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.
hi, i try to mount on a windows domain a network share with the following command: smbmount //windowsserver/share ~/mnt -o username=domain\\myacount this works fine for some of my collegues with redhat, debian and suse 8.x. but for my and one of my collegues with Suse 9.0 it is not working. I get the following error message: Password: 8696: session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) SMB connection failed If i try to mount a windows directory on another computer (not on the domain) and i use a local user acount it is working. a smbclient -L windowsserver -U username returns all the shares on that computer? i tried it with smbclient version 2.2.8 and a 3.0.8 with both the same problem. thanks alex -- NEU +++ DSL Komplett von GMX +++ http://www.gmx.net/de/go/dsl GMX DSL-Netzanschluss + Tarif zum supergünstigen Komplett-Preis! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] windows explorer lockup
When exploring a share served by Samba 3.0.8 from Windows 2000, explorer will frequently lock up for exactly 10 seconds. A packet capture reveals that windows tries to open a directory as a file (create andx request) with samba responding STATUS_FILE_IS_A_DIRECTORY. After a few attempts of create andx windows waits for 10 seconds and then creates a new connection to samba and everything works again for a little while and then the whole process repeats. Why is windows treating a directory as a file, when requesting information for the path samba indicates that it is a directory. Is this an explorer bug? The packet dump can be found at http://devcentre.dwl.co.uk/~dammj/lockup.dump The first erroneous request is in packet 43, the 10 second pause starts after packet 87. Andreas Damm. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] TCP_NODELAY
I recently downloaded and installed v3.0.8 and installed it on HP-UX 11.11. Thankfully, all of the compile problems I reported in 3.0.2 are now gone (not sure why no one ever acknowledged my bug, but whatever). However, now my system is complaining that TCP_NODELAY is not a valid option. I did not turn it off during the compile, don't see it listed as an option, and worse than that, it is a default option in smb.conf. Can anyone give me a clue as to what might have happened? _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] workgroup set in smb.conf doesn't show on w2k clients
Hello, version samba-2.2.7-3.7.3, OS redhat 7.3 I'm trying to figure out why I can't see the workgroup I set in the smb.conf file, when using a windows 2K client. I see other workgroups but not the samba one. Plus it was there at first, then over time it disappears.If I add a pc to the workgroup, then I see everything including the linux boxes. Thanks __ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming Profiles
I'm mulling over the idea of replacing my Win 2k MS AD using Samba. But I'd like to retain roaming profile capability for all my users. Based on your experience is it stable enough to implement for a production environment? I have only 30 using Win 2k Pro and some XP. What are the pit falls I need to look out for? Thank you! Joe -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
AW: [Samba] Permissions problem with 3.0.8
We use LDAP backend and Linux 2.6. It happens only --with-acl-support. This 2 errors I found in the level 10 log when I try to copy a fresh copied file a second time on itself (permissions of test file are -r-xrw, user and group match) Maybe the attribute mapping goes another path with acl support? 3.0.7 works fine. Daniel [2004/11/09 17:02:02, 10] smbd/open.c:open_file_shared1(1038) open_file_shared: fname = bootfont.bin, dos_attrs = 27, share_mode = 41, ofun = 12, mode = 560, oplock request = 3 [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) dos_mode: bootfont.bin [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning ra [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning ra [2004/11/09 17:02:02, 10] smbd/open.c:open_match_attributes(922) open_match_attributes: file bootfont.bin old_dos_mode = 0x21, existing_mode = 0100560, new_dos_mode = 0x27 returned_mode = [2004/11/09 17:02:02, 5] smbd/open.c:open_file_shared1(1141) open_file_shared: read/write access requested for file bootfont.bin on read only file [2004/11/09 17:02:02, 5] smbd/files.c:file_free(385) freed files structure 5799 (2 used) [2004/11/09 17:02:02, 10] smbd/trans2.c:set_bad_path_error(2234) set_bad_path_error: err = 13 bad_path = 0 [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(105) error string = Permission denied [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2243) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED ... [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) dos_mode: bootfont.bin [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning ra [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning ra [2004/11/09 17:02:02, 6] smbd/trans2.c:call_trans2setfilepathinfo(3621) actime: Wed Apr 2 13:00:00 2003 modtime: Thu Jan 1 01:00:00 1970 size: 4952 dosmode: a0 [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) dos_mode: bootfont.bin [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning ra [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning ra [2004/11/09 17:02:02, 10] smbd/trans2.c:call_trans2setfilepathinfo(3678) call_trans2setfilepathinfo: file bootfont.bin : setting dos mode a0 [2004/11/09 17:02:02, 10] smbd/dosmode.c:file_set_dosmode(340) file_set_dosmode: setting dos mode 0xa0 on file bootfont.bin [2004/11/09 17:02:02, 2] smbd/trans2.c:call_trans2setfilepathinfo(3681) file_set_dosmode of bootfont.bin failed (No data available) [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(105) error string = No data available [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(3682) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED -Ursprüngliche Nachricht- Von: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 9. November 2004 15:16 An: Beschorner Daniel Cc: '[EMAIL PROTECTED]' Betreff: Re: [Samba] Permissions problem with 3.0.8 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beschorner Daniel wrote: | Since 3.0.8 we have a file permission problem (group related???). | I didn't take a closer look at it, our production environment went | back to 3.0.7. | | symptoms: certain files can't be recreated/deleted, but group rights should | allow it. | | 3.0.7 works fine. We'll need a lot more information. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkNEaIR7qMdg1EfYRAm3ZAJ9OusYDoQOvA8a/hglSsrn+ctw6DQCg6ugq Ty8XyPgZBQb24C+qVMpFmpk= =p3FL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Confused with profile filesystem permissions
On Tue, Nov 09, 2004 at 10:32:29AM -0200, Andreas wrote: [2004/11/09 10:26:55, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2487) Returning domain sid for domain TREINAMENTO - S-1-5-21-1283145168-670325121-1332409668 [2004/11/09 10:26:55, 1] smbd/service.c:make_connection_snum(648) einstein (10.0.4.142) connect to service profiles initially as user buffy (uid=19422, gid=100) (pid 13664) [2004/11/09 10:26:56, 2] smbd/open.c:open_file(245) buffy opened file buffy/prf14.tmp read=Yes write=No (numopen=1) [2004/11/09 10:26:56, 2] smbd/close.c:close_normal_file(270) buffy closed file buffy/prf14.tmp (numopen=0) [2004/11/09 10:26:56, 2] smbd/open.c:open_file(245) buffy opened file buffy/prf14.tmp read=Yes write=Yes (numopen=1) (...) [2004/11/09 10:26:56, 2] smbd/open.c:open_file(245) buffy opened file buffy/prf16.tmp read=Yes write=No (numopen=1) [2004/11/09 10:26:56, 2] smbd/close.c:close_normal_file(270) buffy closed file buffy/prf16.tmp (numopen=0) [2004/11/09 10:26:56, 2] smbd/trans2.c:call_trans2setfilepathinfo(3681) file_set_dosmode of buffy/SendTo failed (Não há dados disponíveis) --- no data available [2004/11/09 10:27:07, 1] smbd/service.c:close_cnum(836) einstein (10.0.4.142) closed connection to service netlogon (...) Quick strace (grepped for brevity): # grep -E '(mkdir|getx|rmdir)' log mkdir(buffy/SendTo, 0700) = 0 getxattr(buffy/SendTo, system.posix_acl_access, 0xbfffc330, 132) = -1 ENODATA (No data available) getxattr(buffy/SendTo, system.posix_acl_access, 0xbfff9080, 132) = -1 ENODATA (No data available) rmdir(buffy/SendTo) There are lots of stat() and stat64() for the buffy directory and buffy/SendTo in between. The /var/lib/samba/profiles partition is reiserfs from kernel 2.6 and mounted with the acl option. From the grep result above, it seems the SendTo directory is created, probed and then removed?! Why? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Popup messages on login
On Mon, 08 Nov 2004 17:19:22 -0800, Cole S. Ashcraft [EMAIL PROTECTED] wrote: I have a samba server running in a workgroup. It is not usesd to facilitate domain logons. When someone logs on, I'd like for a popup message to come up. How would I do this (they are Win2K clients). Thanks, Cole Cole, The following requires my users to run the netlogon script logon/logoff (or was it restart?), but it does just what you're asking. Pops up a message on Win2K XP that users must acknowledge before logging in, even if 'autologon' is enabled. I added lines similar to the following in my netlogon.cmd: NET USE X: \\server\sharename REGEDIT /S X:\.scripts\legalnoticetext.reg I use the following in the legalnoticetext.reg file (Unicode text file): Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] LegalNoticeCaption=Legal Notice - System Usage Policy LegalNoticeText=Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel. In the course of monitoring individuals improperly using this system, or in the course of system maintenance, the activities of authorized users may also be monitored. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials. That should do it. -- Lars -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions problem with 3.0.8
On Tue, Nov 09, 2004 at 05:14:44PM +0100, Beschorner Daniel wrote: [2004/11/09 17:02:02, 10] smbd/open.c:open_file_shared1(1038) open_file_shared: fname = bootfont.bin, dos_attrs = 27, share_mode = 41, ofun = 12, mode = 560, oplock request = 3 [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) dos_mode: bootfont.bin [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning ra [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning ra [2004/11/09 17:02:02, 10] smbd/open.c:open_match_attributes(922) open_match_attributes: file bootfont.bin old_dos_mode = 0x21, existing_mode = 0100560, new_dos_mode = 0x27 returned_mode = [2004/11/09 17:02:02, 5] smbd/open.c:open_file_shared1(1141) open_file_shared: read/write access requested for file bootfont.bin on read only file [2004/11/09 17:02:02, 5] smbd/files.c:file_free(385) freed files structure 5799 (2 used) [2004/11/09 17:02:02, 10] smbd/trans2.c:set_bad_path_error(2234) set_bad_path_error: err = 13 bad_path = 0 [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(105) error string = Permission denied [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2243) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED ... [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) dos_mode: bootfont.bin [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning ra [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning ra [2004/11/09 17:02:02, 6] smbd/trans2.c:call_trans2setfilepathinfo(3621) actime: Wed Apr 2 13:00:00 2003 modtime: Thu Jan 1 01:00:00 1970 size: 4952 dosmode: a0 [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) dos_mode: bootfont.bin [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning ra [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning ra [2004/11/09 17:02:02, 10] smbd/trans2.c:call_trans2setfilepathinfo(3678) call_trans2setfilepathinfo: file bootfont.bin : setting dos mode a0 [2004/11/09 17:02:02, 10] smbd/dosmode.c:file_set_dosmode(340) file_set_dosmode: setting dos mode 0xa0 on file bootfont.bin [2004/11/09 17:02:02, 2] smbd/trans2.c:call_trans2setfilepathinfo(3681) file_set_dosmode of bootfont.bin failed (No data available) [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(105) error string = No data available [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(3682) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED I'm getting what seems to be (at first glance) the same error in my roaming profiles problem. It happens with a winxp sp2 pro pt_BR workstation while trying to copy the profiles to the profile share. (user maria) (...) [2004/11/09 14:21:42, 3] smbd/trans2.c:call_trans2setfilepathinfo(3096) call_trans2setfilepathinfo(8) maria/SendTo (fnum 8786) info_level=1004 totdata=40 [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode(283) dos_mode: maria/SendTo [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning d [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning d [2004/11/09 14:21:42, 6] smbd/trans2.c:call_trans2setfilepathinfo(3621) actime: Tue Nov 9 14:21:42 2004 modtime: Wed Dec 31 21:00:00 1969 size: 0 dosmode: 13 [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode(283) dos_mode: maria/SendTo [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning d [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning d [2004/11/09 14:21:42, 10] smbd/trans2.c:call_trans2setfilepathinfo(3678) call_trans2setfilepathinfo: file maria/SendTo : setting dos mode 13 [2004/11/09 14:21:42, 10] smbd/dosmode.c:file_set_dosmode(340) file_set_dosmode: setting dos mode 0x13 on file maria/SendTo [2004/11/09 14:21:42, 2] smbd/trans2.c:call_trans2setfilepathinfo(3681) file_set_dosmode of maria/SendTo failed (No data available) [2004/11/09 14:21:42, 3] smbd/error.c:error_packet(105) error string = No data available [2004/11/09 14:21:42, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(3682) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED (...) strace from that part shows a mkdir for maria/SendTo, then getxattr(maria/SendTo... which returns ENODATA and later on a rmdir for maria/SendTo. Perhaps windows couldn't set some permissions and gave up? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.08 winbind question
Noticed this in /var/log/samba while I was applying 'getent groups|grep groupname ' [2004/11/09 10:29:04, 1] nsswitch/winbindd_ads.c:enum_dom_groups(282) No rid for Performance Monitor Users !? [2004/11/09 10:29:04, 1] nsswitch/winbindd_ads.c:enum_dom_groups(282) No rid for Terminal Server License Servers !? [2004/11/09 10:29:04, 1] nsswitch/winbindd_ads.c:enum_dom_groups(282) No rid for Pre-Windows 2000 Compatible Access !? [2004/11/09 10:29:04, 1] nsswitch/winbindd_ads.c:enum_dom_groups(282) No rid for Performance Log Users !? [2004/11/09 10:29:04, 1] nsswitch/winbindd_ads.c:enum_dom_groups(282) No rid for Windows Authorization Access Group !? Alsom from the changelog All usernames returned by winbindd are now converted to lower case for better consistency. This means any winbind installation relying on the winbind username will need to rename existing directories and/or files based on the username (%u and %U) to lower case (e.g. mv $name `echo $name | tr '[A-Z]' '[a-z]'`). This may include mail spool files, home directories, valid user lines in smb.conf, etc I am not sure if I understand this correctly. All my group names are showing in their usual case. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Fixed downgrading to 3.0.7 (Re: [Samba] Confused with profile filesystem permissions)
On Tue, Nov 09, 2004 at 02:19:53PM -0200, Andreas wrote: Quick strace (grepped for brevity): # grep -E '(mkdir|getx|rmdir)' log mkdir(buffy/SendTo, 0700) = 0 getxattr(buffy/SendTo, system.posix_acl_access, 0xbfffc330, 132) = -1 ENODATA (No data available) getxattr(buffy/SendTo, system.posix_acl_access, 0xbfff9080, 132) = -1 ENODATA (No data available) rmdir(buffy/SendTo) There are lots of stat() and stat64() for the buffy directory and buffy/SendTo in between. The /var/lib/samba/profiles partition is reiserfs from kernel 2.6 and mounted with the acl option. From the grep result above, it seems the SendTo directory is created, probed and then removed?! Why? Downgrading to version 3.0.7 fixed the problem for me. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions problem with 3.0.8
On Tue, Nov 09, 2004 at 05:14:44PM +0100, Beschorner Daniel wrote: We use LDAP backend and Linux 2.6. It happens only --with-acl-support. This 2 errors I found in the level 10 log when I try to copy a fresh copied file a second time on itself (permissions of test file are -r-xrw, user and group match) Maybe the attribute mapping goes another path with acl support? 3.0.7 works fine. 3.0.7 also started working fine for me and my roaming profiles. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles
Joe, Given how many MS Windows sites use roaming profiles it is safe to say that it is stable enough. Do you mean is Samba stable enough? Well again, we have a huge number of users, I'd say it is. OK. So if you mean does Samba handle profile in a stable manner? Samba does not handle profiles - the Windows client does. The windows client reads the users' profile from the profile share and writes it back on logout. I have set up hundreds of sites that use roaming profiles with a Samba domain controller - so far none have had any problems. That does not means that problems do not exist, but if they do the users have not noticed them or are too reluctant to report them. I'll leave that to your interpretation. Pitfalls? Well, if you follow Chapter 6 of the Samba-3 By Example book and you have a problem I'll help you to solve it - so far as the problem is capable of being solved. Oh, if you do not want to buy the book - download it for free from http://www.samba.org/samba/docs/Samba-Guide.pdf Cheers, John T. On Tuesday 09 November 2004 09:05, Joe Aldeguer wrote: I'm mulling over the idea of replacing my Win 2k MS AD using Samba. But I'd like to retain roaming profile capability for all my users. Based on your experience is it stable enough to implement for a production environment? I have only 30 using Win 2k Pro and some XP. What are the pit falls I need to look out for? Thank you! Joe -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.08 winbind question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sharif islam wrote: | Noticed this in /var/log/samba while I was applying 'getent | groups|grep groupname ' | [2004/11/09 10:29:04, 1] nsswitch/winbindd_ads.c:enum_dom_groups(282) | No rid for Performance Monitor Users !? | [2004/11/09 10:29:04, 1] nsswitch/winbindd_ads.c:enum_dom_groups(282) | No rid for Terminal Server License Servers !? | [2004/11/09 10:29:04, 1] nsswitch/winbindd_ads.c:enum_dom_groups(282) | No rid for Pre-Windows 2000 Compatible Access !? | [2004/11/09 10:29:04, 1] nsswitch/winbindd_ads.c:enum_dom_groups(282) | No rid for Performance Log Users !? | [2004/11/09 10:29:04, 1] nsswitch/winbindd_ads.c:enum_dom_groups(282) | No rid for Windows Authorization Access Group !? | | Alsom from the changelog | | All usernames returned by winbindd are now converted to lower ~ ^ | case for better consistency. This means any winbind installation | relying on the winbind username will need to rename existing | directories and/or files based on the username (%u and %U) to lower | case (e.g. mv $name `echo $name | tr '[A-Z]' '[a-z]'`). This may | include mail spool files, home directories, valid user lines in | smb.conf, etc | | I am not sure if I understand this correctly. All my group names are | showing in their usual case. The case for domain groups did not change in the release. We debated changing that as well but held back for now. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkPZDIR7qMdg1EfYRAnbwAKClopNY4gnGVvclvQIXp8RCjtg2nQCgmy3m AQhQ+b7llPQ6ssEkUqdEHcs= =Wxg2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating NT4 Domain with Idealx tools
Hi all For several days I've been doing tests for our upcoming migration from an NT domain to Samba PDC with ldapsam. We have ~200 clients, mostly NT4 and some Win2k. We want all of our users eventually switch from Windows to KDE on Linux with thin clients through NX :-) I managed to net rpc vampire all user and machine accounts into LDAP, but then I realized some problems: - The migrated machine accounts have no samba attributes. I can reproduce this behavior adding a machine account doing smbldap-useradd -w [machinename], just as in the 'add machine script' line in smb.conf suggested by Idealx. The machine account machinename$ will exist then, but without sambaSAMAccount object class nor any other samba attribute. Only after adding these by hand and joning the machine to my samba domain, users can login. I tried also using smbldap-useradd with multiple options, -w for workstation account and -a for samba attributes, but no luck. I wish I shouldn't add 200 machines to an already existing domain after the migration... - Users, once logged in to Linux, cannot change their password with smbldap-passwd. They get 'user [username] doesn't exist.' Well, I'm talking about a logged in user... This is how Samba, OpenLDAP and the Idealx-Tools are configured: # egrep -v '^$|^#' smb.conf [global] netbios name = SARGE-TS workgroup = UB security = User server string = %h server (Samba %v) wins support = yes preferred master = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 encrypt passwords = true domain logons = yes domain master = yes logon drive = H: logon home = \\%L\%U ldap passwd sync = Yes os level = 65 passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=manager,dc=ub,dc=unibas,dc=ch ldap suffix = dc=ub,dc=unibas,dc=ch ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u short preserve case = yes case sensitive = no map to guest = Bad User guest account = nobody invalid users = root ldap password sync = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [homes] comment = Home Directory for %U browseable = no writable = yes create mask = 0700 directory mask = 0700 [netlogon] path = /export/home/samba/netlogon/ # browseable = No # locking = No read only = yes [profiles] path = /export/home/samba/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable force user = %U valid users = %U Domain Admins # egrep -v '^$|^#' slapd.conf include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/solaris-nis.schema include /etc/ldap/schema/solaris.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/phpgwaccount.schema include /etc/ldap/schema/phpgwcontact.schema modulepath /usr/lib/ldap moduleload back_ldbm backend ldbm schemacheck on pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd/slapd.args password-hash {MD5} replogfile /var/lib/ldap/replog loglevel256 databaseldbm suffix dc=ub,dc=unibas,dc=ch rootdn cn=manager,dc=ub,dc=unibas,dc=ch rootpw {MD5}XX== directory /var/lib/ldap/ub lastmod on cachesize 4 dbcachesize 6000 index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index objectClass eq index default sub index phpgwContactOwner pres,eq,sub access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by dn=cn=manager,dc=ub,dc=unibas,dc=ch write by dn=cn=nss,dc=ub,dc=unibas,dc=ch read by * auth # egrep -v '^$|^#' smbldap_bind.conf slaveDN=cn=manager,dc=ub,dc=unibas,dc=ch slavePw=XXX masterDN=cn=manager,dc=ub,dc=unibas,dc=ch masterPw=XX # egrep -v '^$|^#' smbldap.conf
[Samba] samba 3.0.2a and passwords
Hello version samba-3.0.2a, OS redhat 9 I configure the samba-server to use pdbedit but my stations winXP can't change the passwords, always we receive message error (You not have permission to change password) but all users can change and permission is ok... I read in internet that version of the samba maybe have a problem with passwords on windows Xp, is this true? Anybody can help-me? -- Emerson Lombardi Machado -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP suffix question
Hi, I would like to have a DIT similar to this for my Samba server : ou=People,dc=domain,dc=com: users accounts ou=Group,dc=Domain,dc=com: groups ou=Hosts,dc=domain,dc=com: machine accounts ou=Samba,dc=domain,dc=com: Samba specific stuff, such as sambaDomain, sambaUnixIdPool, etc My understanding is that ldap [user|group|machine] suffix is relative to ldap suffix. Example : ldap suffix = dc=domain,dc=com ldap user suffix = ou=People Thus, the effective ldap user suffix would be ou=People,dc=domain,dc=com. This does not match the DIT I would like to achieve, as I would need to specify lateral suffix for user, group, machine. I tried : ldap suffix = ou=Samba,dc=domain,dc=com ldap user suffix = ou=People,dc=domain,dc=com ... But it does not work. Any idea how to achieve that ? The reason I would like to design my DIT in such a way is strictly cosmetic, as I would prefer not to clutter the root with sambaDomain and sambaUnixIdPool entry. Thanks ! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] config.pol
(excuse me for my bad english) I use samba 3.0.1pre1 I make a config.pol with .adm templates. But, when I use it in netlogon, register are no set. netlogon and config.pol have correct permissions. Leandro. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] TCP_NODELAY
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Novosielski wrote: | I recently downloaded and installed v3.0.8 and installed it on HP-UX | 11.11. Thankfully, all of the compile problems I reported in 3.0.2 are | now gone (not sure why no one ever acknowledged my bug, but whatever). That was my fault. I dropped the ball. Someone else picked up some patches for HP-UX. | However, now my system is complaining that TCP_NODELAY is not a valid | option. I did not turn it off during the compile, don't see it listed as | an option, and worse than that, it is a default option in smb.conf. Can | anyone give me a clue as to what might have happened? it's one of the default 'socket potions' that gets set. Just override this in smb.conf if its not working for you. And if you come up with a good set of defaults for HP-UX, let me know and I'll try not to forgot about you this time. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkPkAIR7qMdg1EfYRAn4mAKDI/CXRK8WKSlUQnqW9vihadrRLuwCg8GEq nw0ypqk3coXzBQvk4J7YuHs= =1BWp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.2a and passwords
There was a fix relating to password changes made in 3.0.4. Please review the release notes to see if this affects you. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 9 Nov 2004, Emerson Lombardi Machado wrote: Hello version samba-3.0.2a, OS redhat 9 I configure the samba-server to use pdbedit but my stations winXP can't change the passwords, always we receive message error (You not have permission to change password) but all users can change and permission is ok... I read in internet that version of the samba maybe have a problem with passwords on windows Xp, is this true? Anybody can help-me? -- Emerson Lombardi Machado -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] TCP_NODELAY
Well... I see what happened. I went digging and see that the problem (relating to the duplicate definition of TCP_NODELAY and TCP_MAXSEG) was fixed as a result of bug 1065. However, though the fix (changes to includes.h, one example being the section starting at line 312, another starting at line 371, and the last starting at 399) looks sane to me, there appears to be a problem with it. TCP_NODELAY does not get defined at all in my setup. I suspect the same is true of TCP_MAXSEG, but I don't know what that's used for, if anything. It looks like even though it is supposed to be getting defined 2x (and that is the reason for all of the #undef's), it seems to be getting #undef'd 2x also, instead of just once and then redefined. Since TCP_NODELAY is reported to be a performance enhancer, I certainly don't want to go without it (or at least, I don't /think/ I do). _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 9 Nov 2004, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Novosielski wrote: | I recently downloaded and installed v3.0.8 and installed it on HP-UX | 11.11. Thankfully, all of the compile problems I reported in 3.0.2 are | now gone (not sure why no one ever acknowledged my bug, but whatever). That was my fault. I dropped the ball. Someone else picked up some patches for HP-UX. | However, now my system is complaining that TCP_NODELAY is not a valid | option. I did not turn it off during the compile, don't see it listed as | an option, and worse than that, it is a default option in smb.conf. Can | anyone give me a clue as to what might have happened? it's one of the default 'socket potions' that gets set. Just override this in smb.conf if its not working for you. And if you come up with a good set of defaults for HP-UX, let me know and I'll try not to forgot about you this time. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkPkAIR7qMdg1EfYRAn4mAKDI/CXRK8WKSlUQnqW9vihadrRLuwCg8GEq nw0ypqk3coXzBQvk4J7YuHs= =1BWp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] couple of minor issues with the Samba 3.0.8 release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For anyone building Samba from source: I goofed a couple of small details in the 3.0.8 release. (a) the docs are the ones from 3.0.8pre2. The latest docs ~build can be downloaded from ~http://samba.org/~samba-bugs/docs/samba-docs-latest.tar.bz2 ~Just unpack this archives and move the contents into ~samba-3.0.8/docs/ (b) for some reason a large majority of the files are don't ~include group/other read access. Just making you aware ~of it (thanks to Buchan @ Mandrake for making me aware ~of the issue. I don't see where this warrants the bandwidth required for another release. Hopefully we can all just work around it. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkP7FIR7qMdg1EfYRAtTFAKCtKLCUfLrYUwQbYOGorERrtG09kACeMiFU YsBvxq/kcn4IrzddOqof+rw= =en2U -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles
Hi Joe, i have samba 3 running for 100 Users with roaming profiles in 3 offices over openvpn and it works like charme. But before you migrate i recommend you to setup a small samba test server and a few clients for testing and playing with it. Also do a deep study of the faqs. Sharing roaming profiles with different win versions is not recommended as it is so on win servers too. Regards Joe Aldeguer schrieb: I'm mulling over the idea of replacing my Win 2k MS AD using Samba. But I'd like to retain roaming profile capability for all my users. Based on your experience is it stable enough to implement for a production environment? I have only 30 using Win 2k Pro and some XP. What are the pit falls I need to look out for? Thank you! Joe -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Confused with profile filesystem permissions
On Mon, Nov 08, 2004 at 07:38:28PM -0700, John H Terpstra wrote: My top level: /var/lib/samba/profiles is owned by root, group = root. Permissions are: 0770 I noticed that if /var/lig/samba/profiles doesn't have a subdirectory with the user's name, and if it has permissions like 1777, then windows will create the user's profile directory automatically. Do you see anything obviously wrong with it? If one uses create mask 0600 and directory mask 0700 for the profile share, the user's profile will be mode 0700 and thus protected from other users. BUT the user him/herself would be able to delete the profile directory... Hmm... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.8 build failure OS X 10.3.6
I am trying to build 3.0.8 Release on OS X Server 10.3.6 as the latest version of samba installed with the 10.3.6 update (3.0.5) has broken our backup strategy which has a Windows server backing up SAMBA/SMB volumes ( this issue is noted in Dantz Retrospect KB and the solution is to upgrade to SAMBA 3.0.6+). We use the OS X server as a PDC. After a ./configure; make Using FLAGS = -O -I./popt -Iinclude -I/Users/admin/Documents/samba-3.0.8/source/include -I/Users/admin/Documents/samba-3.0.8/source/ubiqx -I/Users/admin/Documents/samba-3.0.8/source/smbwrapper -I. -I/sw/include -I/Users/admin/Documents/samba-3.0.8/source LIBS = -lresolv -ldl -liconv LDSHFLAGS = -bundle -flat_namespace -undefined suppress -L/sw/lib LDFLAGS = -L/sw/lib Compiling dynconfig.c Compiling smbd/vfs.c Compiling libsmb/clikrb5.c libsmb/clikrb5.c: In function `krb5_locate_kdc': libsmb/clikrb5.c:209: error: `krb5_krbhst_handle' undeclared (first use in this function) libsmb/clikrb5.c:209: error: (Each undeclared identifier is reported only once libsmb/clikrb5.c:209: error: for each function it appears in.) libsmb/clikrb5.c:209: error: parse error before hnd libsmb/clikrb5.c:210: error: `krb5_krbhst_info' undeclared (first use in this function) libsmb/clikrb5.c:210: error: `hinfo' undeclared (first use in this function) libsmb/clikrb5.c:219: error: `KRB5_KRBHST_KDC' undeclared (first use in this function) libsmb/clikrb5.c:219: error: `hnd' undeclared (first use in this function) make: *** [libsmb/clikrb5.o] Error 1 Andrew -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8 build failure OS X 10.3.6
On Tue, Nov 09, 2004 at 10:30:58AM -0800, Andrew Cunningham wrote: I am trying to build 3.0.8 Release on OS X Server 10.3.6 as the latest version of samba installed with the 10.3.6 update (3.0.5) has broken our backup strategy which has a Windows server backing up SAMBA/SMB volumes ( this issue is noted in Dantz Retrospect KB and the solution is to upgrade to SAMBA 3.0.6+). We use the OS X server as a PDC. After a ./configure; make Using FLAGS = -O -I./popt -Iinclude -I/Users/admin/Documents/samba-3.0.8/source/include -I/Users/admin/Documents/samba-3.0.8/source/ubiqx -I/Users/admin/Documents/samba-3.0.8/source/smbwrapper -I. -I/sw/include -I/Users/admin/Documents/samba-3.0.8/source LIBS = -lresolv -ldl -liconv LDSHFLAGS = -bundle -flat_namespace -undefined suppress -L/sw/lib LDFLAGS = -L/sw/lib Compiling dynconfig.c Compiling smbd/vfs.c Compiling libsmb/clikrb5.c libsmb/clikrb5.c: In function `krb5_locate_kdc': libsmb/clikrb5.c:209: error: `krb5_krbhst_handle' undeclared (first use in this function) libsmb/clikrb5.c:209: error: (Each undeclared identifier is reported only once The problem is we don't have regular access to a MacOSX server to test on. I'll bug Apple again to give me an old machine What version of krb5 does MacOSX ship with ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] groupmap + ldapsam questions
Hi, Two questions regarding the use of group map combined with ldapsam. First, the Official HOWTO is relatively unclear about what need to be done wrt to group map when using ldapsam. It state it is the responsability of the admin to add the group map to the ldap backend, but nothing else. What need to be in an LDAP groupmap object ? I tried the following LDIF, and it seem to work using net groupmap list : # Domain Users, Group, domain.com dn: displayName=Domain Users,ou=Group,dc=domain,dc=com objectClass: sambaSidEntry objectClass: sambaGroupMapping gidNumber: 100 description: Netbios Domain Users sambaSID: S-1-5-21-3952100455-2014430628-1234567890-513 sambaGroupType: 2 displayName: Domain Users Notice that the object is not of objectClass posixAccount. Also not that the gidNumber is the one of the users group, defined in /etc/group. Similarly, I want to map the Domain Guests group to Unix group nobody, and Domain Admins to group root. Are there implication I should be aware of ? Any better way to achieve similar results ? Also, I can list group map with net groupmap list, but I fail to add any groupmap. Example : [EMAIL PROTECTED] root]# net groupmap add ntgroup=blah unixgroup=wheel No rid or sid specified, choosing algorithmic mapping adding entry for group blah failed! Logs are silent. How come ? Are we supposed to managed the group map at the LDAP level, and forego the use of net groupmap for this purpose? Thanks very much for your input ! Etienne Goyer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] groupmap + ldapsam questions
Etienne, Please refer to the Samba-3 by Example book Chapters 5 and 6 for detailed worked examples of how to use Samba-3 with LDAP. You can download the latest version of this book from: http://www.samba.org/samba/docs/Samba-Guide.pdf When you have it all figured out, please send me your patches to help make the Samba-HOWTO-Collection much clearer. We very much appreciate user contributions as we believe that the knowledge of the masses makes Samba a better proposition. I apologize for any lack of clarity in the Samba-HOWTO-Collection - but do point out that it is a green document. This means it is constantly updated, either as I receive tips, suggestions - and in particular contributions. The latest version can be found on the Samba web site as: http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf I look forward to your assistance to make Samba a better product. Cheers, John T. On Tuesday 09 November 2004 11:37, Etienne Goyer wrote: Hi, Two questions regarding the use of group map combined with ldapsam. First, the Official HOWTO is relatively unclear about what need to be done wrt to group map when using ldapsam. It state it is the responsability of the admin to add the group map to the ldap backend, but nothing else. What need to be in an LDAP groupmap object ? I tried the following LDIF, and it seem to work using net groupmap list : # Domain Users, Group, domain.com dn: displayName=Domain Users,ou=Group,dc=domain,dc=com objectClass: sambaSidEntry objectClass: sambaGroupMapping gidNumber: 100 description: Netbios Domain Users sambaSID: S-1-5-21-3952100455-2014430628-1234567890-513 sambaGroupType: 2 displayName: Domain Users Notice that the object is not of objectClass posixAccount. Also not that the gidNumber is the one of the users group, defined in /etc/group. Similarly, I want to map the Domain Guests group to Unix group nobody, and Domain Admins to group root. Are there implication I should be aware of ? Any better way to achieve similar results ? Also, I can list group map with net groupmap list, but I fail to add any groupmap. Example : [EMAIL PROTECTED] root]# net groupmap add ntgroup=blah unixgroup=wheel No rid or sid specified, choosing algorithmic mapping adding entry for group blah failed! Logs are silent. How come ? Are we supposed to managed the group map at the LDAP level, and forego the use of net groupmap for this purpose? Thanks very much for your input ! Etienne Goyer -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8 build failure OS X 10.3.6
On Nov 9, 2004, at 10:36 AM, Jeremy Allison wrote: What version of krb5 does MacOSX ship with ? Sorry, I am pretty ignorant of the internals of kerebos. How does one find the version? Andrew -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PAM Error 9
Hi all I have set my Samba server up to join an AD realm. Winbind is working fine and I am able to use it for authentication as needed. When I try to connect to one of my shares via a Windows client, I get the following error: [2004/11/04 11:57:54, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: MYDOMAIN+room1 [2004/11/04 11:57:54, 2] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: Account Check Failed : Authentication service cannot retrieve authentication info. [2004/11/04 11:57:54, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User MYDOMAIN+room1! [2004/11/04 11:57:54, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [room1] - [room1] FAILED with error NT_STATUS_LOGON_FAILURE My smb.conf file looks something like this: [global] winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 15 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/false winbind use default domain = yes panic action = /usr/share/samba/panic-action %d # passwd program = /usr/bin/passwd %u printing = bsd netbios name = proxy dns proxy = no syslog only = no name resolve order = lmhosts host wins bcast encrypt passwords = true # passdb backend = smbpasswd guest socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 short preserve case = yes printcap name = /etc/printcap invalid users = root max log size = 1000 obey pam restrictions = yes # passwd chat = *Enter\snew\sUNIX\spassword:* %n\n Retype\snew\sUNIX\spassword:* %n\n . security = ads password server = DC1 realm = MYDOMAIN.BLAH preserve case = yes unix password sync = false workgroup = MYDOMAIN server string = %h server (Samba %v) syslog = 0; guest account = nobody load printers = yes For what it's worth, my /etc/pam.d/samba file is as follows: authrequired /lib/security/pam_env.so authsufficient/lib/security/pam_unix.so likeauth nullok authsufficient/lib/security/pam_winbind.so use_first_pass authrequired /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient/lib/security/pam_winbind.so use_first_pass passwordrequired /lib/security/pam_cracklib.so retry=3 type= # Note: The above line is complete. There is nothing following the '=' passwordsufficient/lib/security/pam_unix.so \ nullok use_authtok md5 shadow passwordsufficient/lib/security/pam_winbind.so use_first_pass passwordrequired /lib/security/pam_deny.so session required /lib/security/pam_limits.so session sufficient/lib/security/pam_unix.so session sufficient/lib/security/pam_winbind.so use_first_pass` Interestingly enough, if I connect using smbclient and force it to use kerberos with the -k option, I am able to connect. It's not until I try to use NTLM that I receive the error. Any suggestions? Cheers Richard -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] group a machine account belongs to (samba pdc)
Does it matter to what group a machine account belongs to? Does that group have to be mapped to a domain group with net groupmap? I created a local group in my linux box (samba pdc 3.0.7) called machines and I'm using it as primary group for all the machine accounts. Do I have to map this group to some windows group? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PAM Error 9
Richard, What entries did you put in /etc/nsswitch.conf? Does 'getent passwd' return the ADS user info? - John T. On Tuesday 09 November 2004 12:45, Richard Greaney wrote: Hi all I have set my Samba server up to join an AD realm. Winbind is working fine and I am able to use it for authentication as needed. When I try to connect to one of my shares via a Windows client, I get the following error: [2004/11/04 11:57:54, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: MYDOMAIN+room1 [2004/11/04 11:57:54, 2] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: Account Check Failed : Authentication service cannot retrieve authentication info. [2004/11/04 11:57:54, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User MYDOMAIN+room1! [2004/11/04 11:57:54, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [room1] - [room1] FAILED with error NT_STATUS_LOGON_FAILURE My smb.conf file looks something like this: [global] winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 15 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/false winbind use default domain = yes panic action = /usr/share/samba/panic-action %d # passwd program = /usr/bin/passwd %u printing = bsd netbios name = proxy dns proxy = no syslog only = no name resolve order = lmhosts host wins bcast encrypt passwords = true # passdb backend = smbpasswd guest socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 short preserve case = yes printcap name = /etc/printcap invalid users = root max log size = 1000 obey pam restrictions = yes # passwd chat = *Enter\snew\sUNIX\spassword:* %n\n Retype\snew\sUNIX\spassword:* %n\n . security = ads password server = DC1 realm = MYDOMAIN.BLAH preserve case = yes unix password sync = false workgroup = MYDOMAIN server string = %h server (Samba %v) syslog = 0; guest account = nobody load printers = yes For what it's worth, my /etc/pam.d/samba file is as follows: authrequired /lib/security/pam_env.so authsufficient/lib/security/pam_unix.so likeauth nullok authsufficient/lib/security/pam_winbind.so use_first_pass authrequired /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient/lib/security/pam_winbind.so use_first_pass passwordrequired /lib/security/pam_cracklib.so retry=3 type= # Note: The above line is complete. There is nothing following the '=' passwordsufficient/lib/security/pam_unix.so \ nullok use_authtok md5 shadow passwordsufficient/lib/security/pam_winbind.so use_first_pass passwordrequired /lib/security/pam_deny.so session required /lib/security/pam_limits.so session sufficient/lib/security/pam_unix.so session sufficient/lib/security/pam_winbind.so use_first_pass` Interestingly enough, if I connect using smbclient and force it to use kerberos with the -k option, I am able to connect. It's not until I try to use NTLM that I receive the error. Any suggestions? Cheers Richard -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group a machine account belongs to (samba pdc)
On Tuesday 09 November 2004 13:04, Andreas wrote: Does it matter to what group a machine account belongs to? It does not matter what UNIX group a machine belongs to. You can map the Windows group to any UNIX group you like. Generally, I do not map the group machines belong to. I am not aware of any problem with that. Does that group have to be mapped to a domain group with net groupmap? Not essential. I created a local group in my linux box (samba pdc 3.0.7) called machines and I'm using it as primary group for all the machine accounts. Do I have to map this group to some windows group? No. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8 build failure OS X 10.3.6
from the apple developer connection ... --888---8--8- The current version of Kerberos for Macintosh is 4.5.1 and is included in 10.2.3 or later versions of Mac OS X Jaguar. At its core, Kerberos for Macintosh 4.5.x is based on MIT Kerberos v5 release 1.2.6. http://developer.apple.com/darwin/projects/kerberos/ --888---8--8- Jeremy Allison wrote: On Tue, Nov 09, 2004 at 10:30:58AM -0800, Andrew Cunningham wrote: I am trying to build 3.0.8 Release on OS X Server 10.3.6 as the latest version of samba installed with the 10.3.6 update (3.0.5) has broken our backup strategy which has a Windows server backing up SAMBA/SMB volumes ( this issue is noted in Dantz Retrospect KB and the solution is to upgrade to SAMBA 3.0.6+). We use the OS X server as a PDC. After a ./configure; make Using FLAGS = -O -I./popt -Iinclude -I/Users/admin/Documents/samba-3.0.8/source/include -I/Users/admin/Documents/samba-3.0.8/source/ubiqx -I/Users/admin/Documents/samba-3.0.8/source/smbwrapper -I. -I/sw/include -I/Users/admin/Documents/samba-3.0.8/source LIBS = -lresolv -ldl -liconv LDSHFLAGS = -bundle -flat_namespace -undefined suppress -L/sw/lib LDFLAGS = -L/sw/lib Compiling dynconfig.c Compiling smbd/vfs.c Compiling libsmb/clikrb5.c libsmb/clikrb5.c: In function `krb5_locate_kdc': libsmb/clikrb5.c:209: error: `krb5_krbhst_handle' undeclared (first use in this function) libsmb/clikrb5.c:209: error: (Each undeclared identifier is reported only once The problem is we don't have regular access to a MacOSX server to test on. I'll bug Apple again to give me an old machine What version of krb5 does MacOSX ship with ? Jeremy. -- Mit freundlichen Gruessen / With kind regards Daniel S. Haischt | phone:+49 -7032-992909 Grabenstrasse 11| +49 -700-DHAISCHT | fax: +49 -7032-992910 D-71083 Herrenberg | fax2mail: +49 -7032-7999738 GERMANY | cell: +49 -172-7668936 email: [EMAIL PROTECTED] web: http://www.daniel.stefan.haischt.name/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 upgrade
Would like to do upgrade of couple of older SuSE 7.3 systems currently running Samba 2.2.7 (as a PDC) to Samba 3.0.8. There are no RPM's availalble but I would rather compile the source anyway and place Samba3 under the 'local' hierarchy (such as /usr/local, etc.) leaving the Samba2 virtually untouched in case I need to fall back for any reason. Is there a documented procedure for doing this safely? What tdb's need to be saved and/or copied for the new install to take over the duties seamlessly? How does one maintain the sids, etc. so that the change is transparent to the domain members and machines? Any other assorted details or gotcha's would be useful as well. Thank you. Chris PS. We do plan server upgrades within the next 6 months but right now we need to move ahead to clean up the XP issues with the older version of Samba. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.8 compile warnings and link error
Hi, compile warnings in 3.0.8: lib/util_str.c: In function `strstr_m': lib/util_str.c:1337: warning: return discards qualifiers from pointer target type tdb/tdbutil.c: In function `make_tdb_data': tdb/tdbutil.c:46: warning: assignment discards qualifiers from pointer target type tdb/tdbutil.c: In function `tdb_chainlock_with_timeout_internal': tdb/tdbutil.c:60: warning: passing arg 1 of `tdb_set_lock_alarm' discards qualifiers from pointer target type client/client.c: In function `do_get': client/client.c:699: warning: passing arg 4 of `cli_getattrE' from incompatible pointer type client/client.c: In function `do_put': client/client.c:1075: warning: passing arg 4 of `cli_getattrE' from incompatible pointer type utils/smbcontrol.c: In function `do_printnotify': utils/smbcontrol.c:431: warning: passing arg 3 of `notify_printer_byname' discards qualifiers from pointer target type rpcclient/cmd_spoolss.c: In function `get_driver_3_param': rpcclient/cmd_spoolss.c:1279: warning: passing arg 1 of `strtok' discards qualifiers from pointer target type rpcclient/cmd_reg.c: In function `cmd_reg_shutdown': rpcclient/cmd_reg.c:910: warning: passing arg 2 of `getopt' from incompatible pointer type rpcclient/cmd_shutdown.c: In function `cmd_shutdown_init': rpcclient/cmd_shutdown.c:43: warning: passing arg 2 of `getopt' from incompatible pointer type libsmb/spnego.c: In function `read_negTokenInit': libsmb/spnego.c:51: warning: passing arg 2 of `asn1_read_OID' from incompatible pointer type libsmb/spnego.c: In function `read_negTokenTarg': libsmb/spnego.c:186: warning: passing arg 2 of `asn1_read_OID' from incompatible pointer type libsmb/spnego.c: In function `free_spnego_data': libsmb/spnego.c:321: warning: passing arg 1 of `free' discards qualifiers from pointer target type libsmb/spnego.c:330: warning: passing arg 1 of `free' discards qualifiers from pointer target type lib/util_str.c: In function `strstr_m': lib/util_str.c:1337: warning: return discards qualifiers from pointer target type tdb/tdbutil.c: In function `make_tdb_data': tdb/tdbutil.c:46: warning: assignment discards qualifiers from pointer target type tdb/tdbutil.c: In function `tdb_chainlock_with_timeout_internal': tdb/tdbutil.c:60: warning: passing arg 1 of `tdb_set_lock_alarm' discards qualifiers from pointer target type And we have the same link error due failed test from configure.in: if test $ac_cv_prog_gnu_ld = yes; then ac_cv_gnu_ld_version=`$LD -v 2/dev/null | head -1` echo $as_me:$LINENO: checking GNU ld release date 5 echo $ECHO_N checking GNU ld release date... $ECHO_C 6 ac_cv_gnu_ld_date=`echo $ac_cv_gnu_ld_version | sed -n 's,^.*\([2-9][0-9][0-9][0-9]\ )[-]*\([01][0-9]\)[-]*\([0-3][0-9]\).*$,\1\2\3,p'` echo $as_me:$LINENO: result: ${ac_cv_gnu_ld_date} 5 echo ${ECHO_T}${ac_cv_gnu_ld_date} 6 if test $ac_cv_gnu_ld_date -lt 20030217; then ac_cv_gnu_ld_no_default_allow_shlib_undefined=yes fi fi test2 # echo $ac_cv_gnu_ld_version GNU ld version 2.12 test2 # echo $ac_cv_gnu_ld_version | sed -n 's,^.*\([2-9][0-9][0-9][0-9]\)[-]*\([01][0-9]\)[-]*\([0-3][0-9]\).*$,\1\2\3,p' test2 # Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8 build failure OS X 10.3.6
Hi, Actually that tech note refers to 10.2, 10.3 runs at least 1.3.1, and Kerberos was updated to at least 1.3.3 as part of the various Security Updates http://web.mit.edu/macdev/KfM/Common/Documentation/release-5.0.html I am sure there is a simple kxxx command that can report the version, I just can't find it at the moment. Andrew On Nov 9, 2004, at 12:22 PM, Daniel S. Haischt wrote: from the apple developer connection ... --888---8--8- The current version of Kerberos for Macintosh is 4.5.1 and is included in 10.2.3 or later versions of Mac OS X Jaguar. At its core, Kerberos for Macintosh 4.5.x is based on MIT Kerberos v5 release 1.2.6. http://developer.apple.com/darwin/projects/kerberos/ --888---8--8- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading a Samba Domain
I am trying to upgrade our fully functional Samba domain from v3.0.2 to v3.0.7 or v3.0.8. My question is, do I have to upgrade every server in the domain in order for it to work or should I be able to upgrade one server at a time, test it, and move on to the next server? Or should I upgrade the domain controller first, then upgrade the member servers one at a time? I've tried to upgrade one member server to v3.0.7 and then to v3.0.8 and I have the same problem with both versions: I can't even access the server in Windows Explorer. I get this error: \\server is not available. You might not have permission to use this network resource...There are currently no logon servers available to service the logon request. The Samba log gives these types of errors: [2004/11/09 14:26:42, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user FAILED with error NT_STATUS_PIPE_NOT_AVAILABLE [2004/11/09 14:26:45, 2] smbd/server.c:exit_server(571) Closing connections [2004/11/09 14:26:45, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user FAILED with error NT_STATUS_NO_LOGON_SERVERS [2004/11/09 14:26:45, 2] smbd/server.c:exit_server(571) Closing connections [2004/11/09 14:26:45, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user FAILED with error NT_STATUS_NO_LOGON_SERVERS [2004/11/09 14:26:45, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/11/09 14:26:45, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/11/09 14:26:45, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user FAILED with error NT_STATUS_NO_LOGON_SERVERS [2004/11/09 14:26:45, 2] smbd/server.c:exit_server(571) Closing connections Our basic environment consists of one domain made up of: * Nearly 30 Unix/Solaris 8 9 servers - all member servers except one which is the domain controller (no backup domain controller) * A handful of Windows NT 2003 member servers * Windows 98, NT, 2000 XP workstations configured to access various Samba shares * We also use winbindd * Pertinent Global settings in domain controller server: [global] workgroup = ourwkgrp netbios name = domainsvr username map = /opt/local/samba/user_map/user.map domain logons = Yes preferred master = Yes domain master = Yes wins server = 159.181.33.12 * Pertinent Global settings in member server: [global] workgroup=ourwkgrp netbios name = membersvr security = domain password server = domainsvr domain master = no local master = no wins server = 159.181.33.12 idmap uid = 1-16000 idmap gid = 18000-24000 winbind trusted domains only = Yes Thank you for any help you can give. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles
I found the support I needed to hear! Linux is much harder to setup but the sense of accomplishment makes up for it. I'm also getting tired of keeping track of costly client, server licenses on MS including virus or worm threats design to exploit Windows Vulnerabilities. By the way I did buy your book SAMBA (Bruce Peren's) Open Source series. I like the way you use scenarios to describe different network setups. Easy to follow and interesting to read. I forgot to ask the lists about how you guys use SAMBA to distribute Group Policies. Is the implementation about the same using Win 2k AD? Thank you. Joe Joe, Given how many MS Windows sites use roaming profiles it is safe to say that it is stable enough. Do you mean is Samba stable enough? Well again, we have a huge number of users, I'd say it is. OK. So if you mean does Samba handle profile in a stable manner? Samba does not handle profiles - the Windows client does. The windows client reads the users' profile from the profile share and writes it back on logout. I have set up hundreds of sites that use roaming profiles with a Samba domain controller - so far none have had any problems. That does not means that problems do not exist, but if they do the users have not noticed them or are too reluctant to report them. I'll leave that to your interpretation. Pitfalls? Well, if you follow Chapter 6 of the Samba-3 By Example book and you have a problem I'll help you to solve it - so far as the problem is capable of being solved. Oh, if you do not want to buy the book - download it for free from http://www.samba.org/samba/docs/Samba-Guide.pdf Cheers, John T. On Tuesday 09 November 2004 09:05, Joe Aldeguer wrote: I'm mulling over the idea of replacing my Win 2k MS AD using Samba. But I'd like to retain roaming profile capability for all my users. Based on your experience is it stable enough to implement for a production environment? I have only 30 using Win 2k Pro and some XP. What are the pit falls I need to look out for? Thank you! Joe -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8 compile warnings and link error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Bork wrote: | Hi, | | compile warnings in 3.0.8: Thanks. These are all ok I think (i've checked them before). | And we have the same link error due failed test from configure.in: | | if test $ac_cv_prog_gnu_ld = yes; then | ac_cv_gnu_ld_version=`$LD -v 2/dev/null | head -1` | echo $as_me:$LINENO: checking GNU ld release date 5 | echo $ECHO_N checking GNU ld release date... $ECHO_C 6 | ac_cv_gnu_ld_date=`echo $ac_cv_gnu_ld_version | sed -n | 's,^.*\([2-9][0-9][0-9][0-9]\ | )[-]*\([01][0-9]\)[-]*\([0-3][0-9]\).*$,\1\2\3,p'` | echo $as_me:$LINENO: result: ${ac_cv_gnu_ld_date} 5 | echo ${ECHO_T}${ac_cv_gnu_ld_date} 6 | if test $ac_cv_gnu_ld_date -lt 20030217; then | ac_cv_gnu_ld_no_default_allow_shlib_undefined=yes | fi | fi | | test2 # echo $ac_cv_gnu_ld_version | GNU ld version 2.12 | test2 # echo $ac_cv_gnu_ld_version | sed -n | 's,^.*\([2-9][0-9][0-9][0-9]\)[-]*\([01][0-9]\)[-]*\([0-3][0-9]\).*$,\1\2\3,p' | test2 # What's the bug ID # on this again? I thought tim had things worked [EMAIL PROTECTED] cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkTXXIR7qMdg1EfYRAsdpAKDvAMVrj94gN+tSDSbInaP3xn8VWwCfR8Zz Es5w2OvwgCNNaBBCoPfCapI= =GwDk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb.conf issue
Hi, My problem is like this ... I have 2 users USERA and USERB. They both are authenticated by 2 different servers (PDC). USERA is authenticated by NAMD001 and USERB is authenticated by NYC020 servers. In this case, for me to provide Unix (slsnyd2 server) directory access, how should my smb.conf file look like ?. Currently I have the following. It is not working. workgroup = WWSS server string = slsnyd2 security = SERVER encrypt passwords = Yes password server = namd001,nyc020 In the above configuration, only USERA has access to the Unix directories. Because once Samba finds NAMD001 responding, it never bothers to check NYC020. I tried with security = DOMAIN. That doesnt work as well. In fact, both the users lose connection!. HELP!. Note: I am trying to connect to Unix directories from a Win 2000 machine. Thanx, Sreeni -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8 build failure OS X 10.3.6
Andrew Cunningham wrote: I am sure there is a simple kxxx command that can report the version, I just can't find it at the moment. that exactly was my problem. kinit, kadmin, kpasswd etc. are not reporting any version number ... -- Mit freundlichen Gruessen / With kind regards Daniel S. Haischt | phone:+49 -7032-992909 Grabenstrasse 11| +49 -700-DHAISCHT | fax: +49 -7032-992910 D-71083 Herrenberg | fax2mail: +49 -7032-7999738 GERMANY | cell: +49 -172-7668936 email: [EMAIL PROTECTED] web: http://www.daniel.stefan.haischt.name/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Windows 2000 Scheduler Permission Problem
W2k by default runs scheduled tasks as system user, which isnt a samba user. somewhere in the config of the W2K job schedule interface (it may be under an advanced button) you can change the user that the job runs under. Change it to a user who is in your samba system, and can read/write the share you want to access. gordon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8 build failure OS X 10.3.6
On Tue, Nov 09, 2004 at 10:27:09PM +0100, Daniel S. Haischt wrote: Andrew Cunningham wrote: I am sure there is a simple kxxx command that can report the version, I just can't find it at the moment. that exactly was my problem. kinit, kadmin, kpasswd etc. are not reporting any version number ... Try grepping for KRB5_BRAND in one of the krb5 libraries: $ strings /usr/lib/krb5/libkrb5.so.3.2 | grep KRB5_BRAND KRB5_BRAND: krb5-1-3-5-final 1.3.5 20040910 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join AD (FreeBSD)
Hi, I am trying to get samba 3.0.7 working with our win2k DC. I installed samba from the ports collection, so the kerberos library looks to be the heimdel version. I can use kinit to create a ticket and it authenticates against the DC just fine. However when I attempt to use net ads join it fails with the following response: [2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183) ads_connect: Unknown error: -1765328343 Also note running net ads join without the -U parameter simply prompts for a password for root even though I have created a ticket successfully with kinit. I have configured krb5.conf and smb.conf with the minimal items. smb.conf [global] workgroup = CPOLDOM netbios name = BSDWEB realm = CPOL.DOM security = ads encrypt passwords = yes password server = 192.168.1.10 krb5.conf [libdefaults] default_realm = CPOL.DOM [domain_realm] .cpol.dom = CPOL.DOM cpol.dom = CPOL.DOM [realms] CPOL.DOM = { kdc = 192.168.1.10 default_domain = cpol.dom } Thanks, Josh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8 build failure OS X 10.3.6
Hi Group, I am not very familiar how Samba authenticates users, but currently where I work Samba authenticates users using NTLM. We are only using Samba to share out home directories(shares) for Windows 2000 users to mount(map). Does Samba support Kerberos authentication against ActiveDirectory for this purpose? How about support for Kerberos authentication for MIT Kerberos? Thanks in advance for any help. Sincerely, Michel. -- Michel Edward Lacle Computer Science Florida Institute of Technology http://www.fit.edu a href=http://www.spreadfirefox.com/?q=affiliatesamp;id=15145amp;t=1;Get Firefox! -- The web's safest browser./a -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] config.pol
I use samba 3.0.1pre1 I make a config.pol with .adm templates. But, when I use it in netlogon, register are no set. netlogon and config.pol have correct permissions. Shouldn't it be ntconfig.pol? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Does Samba support Kerberos
Hi Group, I am not very familiar how Samba authenticates users, but currently where I work Samba authenticates users using NTLM. We are only using Samba to share out home directories(shares) for Windows 2000 users to mount(map). Does Samba support Kerberos authentication against ActiveDirectory for this purpose? How about support for Kerberos authentication for MIT Kerberos? Thanks in advance for any help. Sincerely, Michel. -- Michel Edward Lacle Computer Science Florida Institute of Technology http://www.fit.edu a href=http://www.spreadfirefox.com/?q=affiliatesamp;id=15145amp;t=1;Get Firefox! -- The web's safest browser./a -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.8 compile warnings and link error
Gerald (Jerry) Carter wrote: Thanks. These are all ok I think (i've checked them before). thanks. What's the bug ID # on this again? I thought tim had things worked [EMAIL PROTECTED] Sorry, no bug ID yet. Thought that reporting this was enough. Here is the error: + LD=ld + echo 'configure:3162: checking if the linker (ld) is GNU ld' + echo -n 'checking if the linker (ld) is GNU ld... ' checking if the linker (ld) is GNU ld... + test '' = set + ld -v + egrep '(GNU|with BFD)' + ac_cv_prog_gnu_ld=yes + echo 'configure:3174: result: yes' + echo yes yes + test yes = yes ++ ld -v ++ head -1 + ac_cv_gnu_ld_version=GNU ld version 2.12 + echo 'configure:3180: checking GNU ld release date' + echo -n 'checking GNU ld release date... ' checking GNU ld release date... ++ echo GNU ld version 2.12 ++ sed -n 's,^.*\([2-9][0-9][0-9][0-9]\)[-]*\([01][0-9]\)[-]*\([0-3][0-9]\).*$,\1\2\3,p' + ac_cv_gnu_ld_date= + echo 'configure:3183: result: ' + echo '' + test '' -lt 20030217 ./configure: test: : integer expression expected -- der tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.8 and looong logout time
I've got two WinXP SP2 users. Roaming profiles. One of them takes about 25 seconds to log out unless she has made pretty drastic changes to her profile (My Documents, etc). My second user takes upwards of 3 minutes to log out, even if he has just logged in, not opened a thing or made changes, and then logged back out. Below is part of a strace as I don't know what I'm looking for. Any ideas in debugging this? I do have ACLs enabled but this was happening before I enabled them too. My understanding was that the network profile just gets checked against the local one, and any changes are written to the server upon logout. It almost looks like, for him, it is writing his entire profile back to the network every time he logs out. It certainly feels like it! geteuid32() = 1011 write(30, change_to_user: Skipping user ..., 54) = 54 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 3] smbd/tr..., 70) = 70 geteuid32() = 1011 write(30, call_trans2qfilepathinfo: TRAN..., 62) = 62 fstat64(27, {st_mode=S_IFREG|0600, st_size=793069, ...}) = 0 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 3] smbd/tr..., 70) = 70 geteuid32() = 1011 write(30, call_trans2qfilepathinfo dwayn..., 139) = 139 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 8] smbd/do..., 54) = 54 geteuid32() = 1011 write(30, dos_mode: dwayne/WinXP/My Docu..., 78) = 78 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 8] smbd/do..., 64) = 64 geteuid32() = 1011 write(30, dos_mode_from_sbuf returning \n, 32) = 32 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 8] smbd/do..., 54) = 54 geteuid32() = 1011 write(30, dos_mode returning \n, 22) = 22 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 10] smbd/t..., 71) = 71 geteuid32() = 1011 write(30, call_trans2qfilepathinfo: SMB_..., 58) = 58 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 9] smbd/tr..., 64) = 64 geteuid32() = 1011 write(30, t2_rep: params_sent_thistime =..., 84) = 84 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 9] smbd/tr..., 64) = 64 geteuid32() = 1011 write(30, t2_rep: params_to_send = 2, da..., 78) = 78 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 6] lib/uti..., 59) = 59 geteuid32() = 1011 write(30, write_socket(22,88)\n, 22) = 22 send(22, \0\0\0T\377SMB2\0\0\0\0\210A\310\0\0\0\0\0\0\0\0\0\0\0..., 88, 0) = 88 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 6] lib/uti..., 59) = 59 geteuid32() = 1011 write(30, write_socket(22,88) wrote 88\n, 31) = 31 time(NULL) = 1100038555 select(25, [22 23 24], NULL, NULL, {60, 0}) = 1 (in [22], left {60, 0}) read(22, \0\0\0), 4) = 4 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 10] lib/ut..., 80) = 80 geteuid32() = 1011 write(30, got smb length of 41\n, 23) = 23 read(22, \377SMB\4\0\0\0\0\30\7\310\0\0\0\0\0\0\0\0\0\0\0\0\3\0..., 41) = 41 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 6] smbd/pr..., 58) = 58 geteuid32() = 1011 write(30, got message type 0x0 of len 0x..., 35) = 35 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 3] smbd/pr..., 58) = 58 geteuid32() = 1011 write(30, Transaction 151010 of length 4..., 34) = 34 time(NULL) = 1100038555 geteuid32() = 1011 write(30, [2004/11/09 17:15:55, 5] lib/uti..., 50) = 50 time(NULL) = 1100038556 geteuid32() = 1011 write(30, [2004/11/09 17:15:56, 5] lib/uti..., 50) = 50 geteuid32() = 1011 write(30, size=41\n, 10)
Re: [Samba] group name length limit?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sharif islam wrote: | I am using samba 3.07 with winbind in AD. I have some | long group names (30 char or more, includes spaces). And | I noticed users get access denied for those groups. Is | there a limit on group name length? Thanks. Shouldn't be (none that I am aware of). Try 3.0.8 though since there were a couple of group issues fixed there. Could be a limit in the libc on your platform. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkUMkIR7qMdg1EfYRAk5xAKDf57t29Tr4ZzA+402CYAP/KXjiWACfdkci 83G+qC72BWKiIk4BySpr/SY= =6qsy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Offline folders and XP SP2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Graeme Walker wrote: | Hi All | | Various versions and patches of Samba (23) seen this on a | number of sites now. XP SP 2 will report a server off | line, and go offline, typically after being connected | to a network for 1-2 mins. Mainly all sites running Mandrake | Linux 9.2 or 10.0 with default shipping Samba. | | Removing off line folders or SP2 solves the problem. There | is no bandwidth or networking issues. | | I have tried to upgrade a site or 2 to the latest | updates, will monitor, tried searching archives and Google, | not much luck there. | | Is this a known issue/workaround/ Since you both reported problems with Samba and XP sp2 open a bug report at bugzilla.samba.org if the problem has not been resolved? Thanks. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkUgPIR7qMdg1EfYRAgy7AJ9UlaAg+GIkMmOqFOfKTRZjWcjYJwCfW7GV wxLIu5c7ePWB6eeEGw3GlYs= =S6zA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
On Fri, 22 Oct 2004 18:11:10 -0400, Igor Belyi [EMAIL PROTECTED] wrote: I'd guess it's a good idea to check if DNS name - IP - DNS name gives consistent result on all 3 participants: Samba server, XP client, and ADS. Hope it's not useless, Igor Not sure if this covers it: Samba Server : maul(.ddm.apm.bpm.eds.com) ADS Server: ucosddm001(.edsadddm.ddm.apm.bpm.eds.com) WinXP Client: mule(.edsadddm.ddm.apm.bpm.eds.com) SAMBA SERVER DNS lookups maul Server: uscosddm001 Address: 199.42.192.103 Non-authoritative answer: Name:maul.DDM.APM.BPM.EDS.COM Address: 199.42.192.180 # ping -s 199.42.192.180 PING 199.42.192.180: 56 data bytes 64 bytes from maul (199.42.192.180): icmp_seq=0. time=0. ms mule.edsadddm.ddm.apm.bpm.eds.com Server: uscosddm001 Address: 199.42.192.103 Name:mule.edsadddm.ddm.apm.bpm.eds.com Address: 199.42.192.45 # ping -s 199.42.192.45 PING 199.42.192.45: 56 data bytes 64 bytes from mule (199.42.192.45): icmp_seq=0. time=0. ms uscosddm001.edsadddm.ddm.apm.bpm.eds.com Server: uscosddm001 Address: 199.42.192.103 Name:uscosddm001.edsadddm.ddm.apm.bpm.eds.com Address: 199.42.192.103 # ping -s 199.42.192.103 PING 199.42.192.103: 56 data bytes 64 bytes from uscosddm001 (199.42.192.103): icmp_seq=0. time=0. ms ADS SERVER lookups maul Server: uscosddm001 Address: 199.42.192.103 Non-authoritative answer: Name:maul.DDM.APM.BPM.EDS.COM Address: 199.42.192.180 mule Server: uscosddm001 Address: 199.42.192.103 Name:mule.EDSADDDM.DDM.APM.BPM.EDS.COM Address: 199.42.192.45 uscosddm001 Server: uscosddm001 Address: 199.42.192.103 Name:uscosddm001.EDSADDDM.DDM.APM.BPM.EDS.COM Address: 199.42.192.103 Windows XP Client lookups maul Server: uscosddm001 Address: 199.42.192.103 Non-authoritative answer: Name:maul.DDM.APM.BPM.EDS.COM Address: 199.42.192.180 mule Server: uscosddm001 Address: 199.42.192.103 Name:mule.EDSADDDM.DDM.APM.BPM.EDS.COM Address: 199.42.192.45 uscosddm001 Server: uscosddm001 Address: 199.42.192.103 Name:uscosddm001.EDSADDDM.DDM.APM.BPM.EDS.COM Address: 199.42.192.103 Here's the section of a level 10 log from samba 3.0.7 when connecting from the Windows XP client, and I think it's here that samba decides to choose the NT LM protocol. The question is why? [2004/11/09 14:21:57, 6] param/loadparm.c:lp_file_list_changed(2681) lp_file_list_changed() file /opt/samba/lib/smb.conf - /opt/samba/lib/smb.conf last mod_time: Tue Nov 9 14:21:42 2004 [2004/11/09 14:21:57, 3] smbd/oplock.c:init_oplocks(1302) open_oplock_ipc: opening loopback UDP socket. [2004/11/09 14:21:57, 10] lib/util_sock.c:open_socket_in(717) bind succeeded on port 0 [2004/11/09 14:21:57, 3] smbd/oplock.c:init_oplocks(1333) open_oplock ipc: pid = 27221, global_oplock_port = 55305 [2004/11/09 14:21:57, 4] lib/time.c:get_serverzone(122) Serverzone is 28800 [2004/11/09 14:21:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 133 [2004/11/09 14:21:57, 6] smbd/process.c:process_smb(1091) got message type 0x0 of len 0x85 [2004/11/09 14:21:57, 3] smbd/process.c:process_smb(1092) Transaction 0 of length 137 [2004/11/09 14:21:57, 5] lib/util.c:show_msg(439) [2004/11/09 14:21:57, 5] lib/util.c:show_msg(449) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2004/11/09 14:21:57, 10] lib/util.c:dump_data(1835) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2004/11/09 14:21:57, 3] smbd/process.c:switch_message(887) switch message SMBnegprot (pid 27221) conn 0x0 [2004/11/09 14:21:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/09 14:21:57, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/11/09 14:21:57, 5]
Re: [Samba] Re: ADS valid users can't map share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | Here's the section of a level 10 log from samba 3.0.7 when connecting | from the Windows XP client, and I think it's here that samba decides | to choose the NT LM protocol. The question is why? ... | using SPNEGO | Selected protocol NT LM 0.12 | negprot index=5 This is the NTLM 0.12 dialect of the CIFS protocol and not necessarily NTLMSSP authentication. | Do you think that Samba 3.0.8 would fix the problem? Maybe. There were several major kerberos fixes in that release. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkUpqIR7qMdg1EfYRAvmSAJ49zvxmMfDfhJa1tLauSf5KOjWu6QCgks0F xcKkEfw+uigHLcdtJkZKIFU= =eg+4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.8 and testparm, smbstatus, tdbbackup
Hi, testparm: - testparm shows: ERROR: the 'passwd program' (/usr/bin/passwd %u) requires a '%u' parameter. You can see, passwd program _is_ /usr/bin/passwd %u smbstatus: -- smbstatus command always shows processes _and_ shares even if using the switches '-p' for showing processes only or '-S' for showing shares only or '-B' for showing locks only: test2 # smbstatus -p Samba version 3.0.8 PID Username Group Machine --- 32010 tbusers r40 (192.168.0.9) Service pid machine Connected at --- public 32010 r40 Tue Nov 9 23:29:20 2004 IPC$ 32010 r40 Tue Nov 9 23:29:18 2004 test2 # smbstatus -S Samba version 3.0.8 PID Username Group Machine --- 32010 tbusers r40 (192.168.0.9) Service pid machine Connected at --- public 32010 r40 Tue Nov 9 23:29:20 2004 IPC$ 32010 r40 Tue Nov 9 23:29:18 2004 test2 # smbstatus -B Samba version 3.0.8 PID Username Group Machine --- 32010 tbusers r40 (192.168.0.9) Service pid machine Connected at --- public 32010 r40 Tue Nov 9 23:29:20 2004 IPC$ 32010 r40 Tue Nov 9 23:29:18 2004 No locked files tdbbackup: -- Backing up and verifying _printing_ databases uses 20-96% cpu and takes a long time (there are only few entries and smbd and nmbd were not running): for i in /var/lock/samba/?*.tdb /var/lock/samba/printing/?*.tdb /etc/?*.tdb do date echo $i.samba.bak rm -f $i.samba.bak tdbbackup -s .samba.bak $i tdbbackup -v $i # 1 /dev/null done Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/account_policy.tdb.samba.bak /var/lock/samba/account_policy.tdb : 10 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/brlock.tdb.samba.bak /var/lock/samba/brlock.tdb : 0 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/connections.tdb.samba.bak /var/lock/samba/connections.tdb : 5 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/gencache.tdb.samba.bak /var/lock/samba/gencache.tdb : 8 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/group_mapping.tdb.samba.bak /var/lock/samba/group_mapping.tdb : 13 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/locking.tdb.samba.bak /var/lock/samba/locking.tdb : 0 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/messages.tdb.samba.bak /var/lock/samba/messages.tdb : 0 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/ntdrivers.tdb.samba.bak /var/lock/samba/ntdrivers.tdb : 1 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/ntforms.tdb.samba.bak /var/lock/samba/ntforms.tdb : 0 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/ntprinters.tdb.samba.bak /var/lock/samba/ntprinters.tdb : 21 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/registry.tdb.samba.bak /var/lock/samba/registry.tdb : 10 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/sessionid.tdb.samba.bak /var/lock/samba/sessionid.tdb : 1 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/share_info.tdb.samba.bak /var/lock/samba/share_info.tdb : 1 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/unexpected.tdb.samba.bak /var/lock/samba/unexpected.tdb : 0 records Tue Nov 9 23:39:07 CET 2004 /var/lock/samba/printing/eisfax.tdb.samba.bak /var/lock/samba/printing/eisfax.tdb : 6 records Tue Nov 9 23:39:13 CET 2004 /var/lock/samba/printing/pdf.tdb.samba.bak /var/lock/samba/printing/pdf.tdb : 8 records Tue Nov 9 23:39:18 CET 2004 /var/lock/samba/printing/pdfdef.tdb.samba.bak /var/lock/samba/printing/pdfdef.tdb : 1 records Tue Nov 9 23:39:24 CET 2004 /var/lock/samba/printing/pdfpre.tdb.samba.bak /var/lock/samba/printing/pdfpre.tdb : 1 records Tue Nov 9 23:39:28 CET 2004 /var/lock/samba/printing/pr2.tdb.samba.bak /var/lock/samba/printing/pr2.tdb : 8 records Tue Nov 9 23:39:34 CET 2004 /var/lock/samba/printing/pr3.tdb.samba.bak /var/lock/samba/printing/pr3.tdb : 6 records Tue Nov 9 23:39:39 CET 2004 /var/lock/samba/printing/printerlong.tdb.samba.bak /var/lock/samba/printing/printerlong.tdb : 1 records Tue Nov 9 23:39:44 CET 2004 /var/lock/samba/printing/repr1.tdb.samba.bak /var/lock/samba/printing/repr1.tdb : 6 records Tue Nov 9 23:39:49 CET 2004 /var/lock/samba/printing/repr10.tdb.samba.bak /var/lock/samba/printing/repr10.tdb : 6 records Tue Nov 9 23:39:55 CET 2004 /var/lock/samba/printing/repr11.tdb.samba.bak /var/lock/samba/printing/repr11.tdb : 6 records Tue Nov 9 23:40:00 CET 2004 /var/lock/samba/printing/repr2.tdb.samba.bak /var/lock/samba/printing/repr2.tdb : 6 records Tue Nov 9 23:40:05 CET 2004
[Samba] unexpected.tdb (26628, 93068) is already open in this process
Hello, the last days, I get this error in log.nmbd: [2004/11/09 23:47:07, 2] tdb/tdbutil.c:tdb_log(725) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (26628,93068) is already open in this process [2004/11/09 23:47:07, 2] tdb/tdbutil.c:tdb_log(725) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (26628,93068) is already open in this process [2004/11/09 23:47:07, 2] tdb/tdbutil.c:tdb_log(725) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (26628,93068) is already open in this process [2004/11/09 23:47:07, 2] tdb/tdbutil.c:tdb_log(725) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (26628,93068) is already open in this process [2004/11/09 23:47:07, 2] tdb/tdbutil.c:tdb_log(725) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (26628,93068) is already open in this process [2004/11/09 23:47:07, 2] tdb/tdbutil.c:tdb_log(725) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (26628,93068) is already open in this process [2004/11/09 23:47:07, 2] tdb/tdbutil.c:tdb_log(725) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (26628,93068) is already open in this process [2004/11/09 23:47:07, 2] tdb/tdbutil.c:tdb_log(725) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (26628,93068) is already open in this process [2004/11/09 23:47:07, 2] tdb/tdbutil.c:tdb_log(725) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (26628,93068) is already open in this process [2004/11/09 23:47:07, 2] nmbd/nmbd_synclists.c:complete_sync(283) What's this? matze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join AD (FreeBSD)
I was having the same problem as you decribe with 4.10 version of freebsd and found a number of reasons why it was not working, but I manage to find this great walk through and get it working with 5.2.1. http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html Try it and see if it helps and curious what version of freebsd are you using? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Kropf Sent: Tuesday, November 09, 2004 4:47 PM To: [EMAIL PROTECTED] Subject: [Samba] Unable to join AD (FreeBSD) Hi, I am trying to get samba 3.0.7 working with our win2k DC. I installed samba from the ports collection, so the kerberos library looks to be the heimdel version. I can use kinit to create a ticket and it authenticates against the DC just fine. However when I attempt to use net ads join it fails with the following response: [2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183) ads_connect: Unknown error: -1765328343 Also note running net ads join without the -U parameter simply prompts for a password for root even though I have created a ticket successfully with kinit. I have configured krb5.conf and smb.conf with the minimal items. smb.conf [global] workgroup = CPOLDOM netbios name = BSDWEB realm = CPOL.DOM security = ads encrypt passwords = yes password server = 192.168.1.10 krb5.conf [libdefaults] default_realm = CPOL.DOM [domain_realm] .cpol.dom = CPOL.DOM cpol.dom = CPOL.DOM [realms] CPOL.DOM = { kdc = 192.168.1.10 default_domain = cpol.dom } Thanks, Josh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Improper link handling?
Samba supports links now, right? I was recently experimenting with a setup for cross-platform access to a user's FireFox bookmarks. Unfortunately, FireFox overwrites the link to the bookmarks file on exit. How is this possible if Samba is interpreting the link correctly? Shouldn't the file that the bookmarks link points to be overwritten instead? Both the link and the file are on the same share and it is described as follows: samba-server-3.0.6-4.1.100mdk [homes] comment = Home Directories valid users = %S read only = No hide special files = Yes browseable = No vfs objects = recycle recycle:repository = ./Desktop/Trash recycle:noversions = *.doc|*.xls|*.ppt recycle:excludedir = /tmp|/temp|/cache recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~?? recycle:maxsize = 0 recycle:versions = Yes recycle:touch = Yes recycle:keeptree = Yes Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join AD (FreeBSD)
Elijah Savage wrote: I was having the same problem as you decribe with 4.10 version of freebsd and found a number of reasons why it was not working, but I manage to find this great walk through and get it working with 5.2.1. http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html This is quite good. However, the best option is to install 5.3RC2 and use the samba 3.0.7 port in the ports collection. Works VERY well. Try it and see if it helps and curious what version of freebsd are you using? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Kropf Sent: Tuesday, November 09, 2004 4:47 PM To: [EMAIL PROTECTED] Subject: [Samba] Unable to join AD (FreeBSD) Hi, I am trying to get samba 3.0.7 working with our win2k DC. I installed samba from the ports collection, so the kerberos library looks to be the heimdel version. I can use kinit to create a ticket and it authenticates against the DC just fine. However when I attempt to use net ads join it fails with the following response: [2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183) ads_connect: Unknown error: -1765328343 Also note running net ads join without the -U parameter simply prompts for a password for root even though I have created a ticket successfully with kinit. I have configured krb5.conf and smb.conf with the minimal items. smb.conf [global] workgroup = CPOLDOM netbios name = BSDWEB realm = CPOL.DOM security = ads encrypt passwords = yes password server = 192.168.1.10 krb5.conf [libdefaults] default_realm = CPOL.DOM [domain_realm] .cpol.dom = CPOL.DOM cpol.dom = CPOL.DOM [realms] CPOL.DOM = { kdc = 192.168.1.10 default_domain = cpol.dom } Thanks, Josh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join AD (FreeBSD)
On Tue, Nov 09, 2004 at 04:46:40PM -0500, Josh Kropf wrote: | I am trying to get samba 3.0.7 working with our win2k DC. I installed samba | from the ports collection, so the kerberos library looks to be the heimdel | version. Which version of FreeBSD ? Which version of heimdal ? Are you 100% certain that samba is compiling linking against krb5? | I can use kinit to create a ticket and it authenticates against the DC just | fine. Once you do that, can you use smbclient -k //someotherCIFSserver/share to connect? (That can help test Samba's krb5 support) Actually, have you tried k5init instead of kinit ? | However when I attempt to use net ads join it fails with the | following response: | | [2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183) | ads_connect: Unknown error: -1765328343 According to http://unix.newark.rutgers.edu/krb5_error.html that is -1765328343 KRB5KRB_AP_ERR_MODIFIED Message stream modified No idea what triggers that. Cheers, Luke. pgpvLuTEXkZrf.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compile samba 3.0.8 fail
My OS is Linux kernel 2.4.20, and my configure line is ./configure --prefix=/usr --with-ldapsam --enable-static=yes david Paul Gienger : When I install Samba 3.0.8 I get error messages, anyone know how to fix it? Probably not without more info, such as perhaps your build OS, configure line, any info about your system in general. But then again maybe someone has seen that exact error and is running a system very close to your setup. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Security Permissions
Hi all, I am running Samba 3.0.7 joined to an AD domain with ACL support and XFS. Files served by this server are only being accessed via Samba. I can successfully set the ACL permissions; however I am having permissions issues that I believe to be related to the Unix file permissions. 2 issues are: 1) If the primary group has no permissions (IE 700), but a user has permission defined in the ACLs, the user still does not have access the file. 2) Files, directories and sub-directories are created with the user's primary group rather than inherited. Is there a way that Samba will only use ACLs for security permissions and ignore the Unix permissions? If not, Could someone point me in the direction of how to seamlessly manage security permissions in Samba as if it were a Windows file server? Thanks, Joe -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Improper link handling?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim C. wrote: | Samba supports links now, right? I was recently experimenting with a | setup for cross-platform access to a user's FireFox bookmarks. | Unfortunately, FireFox overwrites the link to the bookmarks file on | exit. How is this possible if Samba is interpreting the link correctly? | Shouldn't the file that the bookmarks link points to be overwritten | instead? Both the link and the file are on the same share and it is | described as follows: Samba has always supported symlinks. The changes you are thinking of had to do with the link semantics enforced by the Samba server when communicating with a UNIX client using 'unix extensions' firefox is probably doing a unlink and rename for the new bookmarks file. A level 10 debug log would verify this. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkXINIR7qMdg1EfYRAlOMAKCZXsbcutCp8kAgri0VvETlXnm2eQCg8Ney 87e5VORrLBNrNJXXHxWc6UY= =PnxF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join AD (FreeBSD)
Well yes I would agree now that 5.3 is production release that this is a safe bet. -Original Message- From: Thomas M. Skeren III [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 6:52 PM To: Elijah Savage Cc: Josh Kropf; [EMAIL PROTECTED] Subject: Re: [Samba] Unable to join AD (FreeBSD) Elijah Savage wrote: I was having the same problem as you decribe with 4.10 version of freebsd and found a number of reasons why it was not working, but I manage to find this great walk through and get it working with 5.2.1. http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html This is quite good. However, the best option is to install 5.3RC2 and use the samba 3.0.7 port in the ports collection. Works VERY well. Try it and see if it helps and curious what version of freebsd are you using? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Kropf Sent: Tuesday, November 09, 2004 4:47 PM To: [EMAIL PROTECTED] Subject: [Samba] Unable to join AD (FreeBSD) Hi, I am trying to get samba 3.0.7 working with our win2k DC. I installed samba from the ports collection, so the kerberos library looks to be the heimdel version. I can use kinit to create a ticket and it authenticates against the DC just fine. However when I attempt to use net ads join it fails with the following response: [2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183) ads_connect: Unknown error: -1765328343 Also note running net ads join without the -U parameter simply prompts for a password for root even though I have created a ticket successfully with kinit. I have configured krb5.conf and smb.conf with the minimal items. smb.conf [global] workgroup = CPOLDOM netbios name = BSDWEB realm = CPOL.DOM security = ads encrypt passwords = yes password server = 192.168.1.10 krb5.conf [libdefaults] default_realm = CPOL.DOM [domain_realm] .cpol.dom = CPOL.DOM cpol.dom = CPOL.DOM [realms] CPOL.DOM = { kdc = 192.168.1.10 default_domain = cpol.dom } Thanks, Josh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join AD (FreeBSD)
Elijah Savage wrote: Well yes I would agree now that 5.3 is production release that this is a safe bet. Well shoot...they must've released it today. I got 5.3 rc2 on a server working well, and my laptop too. But yeah, use 5.3. -Original Message- From: Thomas M. Skeren III [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 6:52 PM To: Elijah Savage Cc: Josh Kropf; [EMAIL PROTECTED] Subject: Re: [Samba] Unable to join AD (FreeBSD) Elijah Savage wrote: I was having the same problem as you decribe with 4.10 version of freebsd and found a number of reasons why it was not working, but I manage to find this great walk through and get it working with 5.2.1. http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html This is quite good. However, the best option is to install 5.3RC2 and use the samba 3.0.7 port in the ports collection. Works VERY well. Try it and see if it helps and curious what version of freebsd are you using? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Kropf Sent: Tuesday, November 09, 2004 4:47 PM To: [EMAIL PROTECTED] Subject: [Samba] Unable to join AD (FreeBSD) Hi, I am trying to get samba 3.0.7 working with our win2k DC. I installed samba from the ports collection, so the kerberos library looks to be the heimdel version. I can use kinit to create a ticket and it authenticates against the DC just fine. However when I attempt to use net ads join it fails with the following response: [2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183) ads_connect: Unknown error: -1765328343 Also note running net ads join without the -U parameter simply prompts for a password for root even though I have created a ticket successfully with kinit. I have configured krb5.conf and smb.conf with the minimal items. smb.conf [global] workgroup = CPOLDOM netbios name = BSDWEB realm = CPOL.DOM security = ads encrypt passwords = yes password server = 192.168.1.10 krb5.conf [libdefaults] default_realm = CPOL.DOM [domain_realm] .cpol.dom = CPOL.DOM cpol.dom = CPOL.DOM [realms] CPOL.DOM = { kdc = 192.168.1.10 default_domain = cpol.dom } Thanks, Josh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SerNet Samba RPMs for SuSE and RedHat
Hi Samba-Folks, there are Samba 3.0.8 RPMs available now on the SerNet ftp-server: ftp://ftp.sernet.de/pub/samba/ Currently we have built 3.0.8 for SuSE 8.2 SuSE 9.0 SuSE 9.1 SuSE 9.2 (i386 and x86_64) SLES 8 (i386) SLES 9 (i386 and x86_64) RHEL3 (i386) s390 and s390x versions for SLES will follow later. be aware that our RHEL3 RPMs have a different package style than the RPMs which Red Hat ships; our RPMs follow our SerNet style (formally known as SuSE package style). We also statically link against a modified version of Heimdal Kerberos to get proper ADS support with Windows 2003 - we do not use MIT Kerberos like Red Hat does. Samba SerNet Team -- Guenther Deschner Samba Team SerNet GmbH - Goettingen [EMAIL PROTECTED],org [EMAIL PROTECTED] pgpmxmzcLbzgT.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SerNet Samba RPMs for SuSE and RedHat
Hi Guenther, as Suse released just their own packs can you describe whats the difference between their packs and sernets? Best Regards Robert Guenther Deschner schrieb: Hi Samba-Folks, there are Samba 3.0.8 RPMs available now on the SerNet ftp-server: ftp://ftp.sernet.de/pub/samba/ Currently we have built 3.0.8 for SuSE 8.2 SuSE 9.0 SuSE 9.1 SuSE 9.2 (i386 and x86_64) SLES 8 (i386) SLES 9 (i386 and x86_64) RHEL3 (i386) s390 and s390x versions for SLES will follow later. be aware that our RHEL3 RPMs have a different package style than the RPMs which Red Hat ships; our RPMs follow our SerNet style (formally known as SuSE package style). We also statically link against a modified version of Heimdal Kerberos to get proper ADS support with Windows 2003 - we do not use MIT Kerberos like Red Hat does. Samba SerNet Team -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] lots of samba temporary file under my /tmp
Hi, I am running Samba 3.0.7 on my Solaris 8 x86, and I see lots of Samba temporary files under my /tmp directory. Is it okay? Is any to turn them off because Samba daemon never remove them automatically? Thank you. ming-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ftp and samba domain memeber server ?
hi all... has anyone setup ftp access to a samber domain momber server to allow clients to connect and pick up files while away from the office... -ipguy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] audit module
is anyone able to CP a snip from the audit logs module ? i'd liek to see the output if possible -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba