Re: [Samba] windows env variable for USERDOMAIN is wrong

2005-12-18 Thread Greg Fischer 
I am not logged in locally.  I checked for that.

I did, however, find a cure...  since it's a new install with new user
accts, I just deleted the samba account and recreated it.  (not the unix
acct)

smbpasswd -x username
smbpasswd -a username

The user then had the domain name set correctly for USERDOMAIN.  And this
didnt affect the XP profile.  (since this fixed it, I have to assume this is
a Samba prob)

Just a guess, but this might have been an issue because I created some users
before I made Samba a PDC. (since I think this is why I had the name wrong,
it's really my prob :)

Thanks for the help.

Greg

On 12/18/05, Doug VanLeuven <[EMAIL PROTECTED]> wrote:
>
> Greg Fischer wrote:
> > Hi all,
> >
> > I just setup my Samba PDC.  Mostly everything works, but I am wondering
> why
> > on some clients, they have the wrong USERDOMAIN environment
> variable.  (when
> > you run 'set' in win xp cmd)
> >
> > The domain name is MEIDLING, and the user and computer are joined
> ok.  But
> > in set, it shows USERDOMAIN as the Server name. Which is MAIN.
> >
> > How do I change that?
>
> As far as I know, when the environment variable USERDOMAIN is set to the
> machine
> name, it means you have logged in locally to the machine instead of on the
> domain.
>
> Not a samba problem.
>
> Regards, Doug
>



--
Greg Fischer
1st Byte Solutions
http://www.1stbyte.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [SAMBA] getpeername failed

2005-12-18 Thread Dennis B. Hopp 

Franck Y wrote:


Hello,
Thanks for your reply !
Not something in particular but i get more when i was doing a backup
It s so weird.
I think it something with acces to files u don t know and it pi**ing me off...
Franck
 

To my understanding Windows (XP at least) tries to connect to both port 
139 and 445 (it sends the request to each port at basically the same 
time).  If it receives a response on port 445 it will drop the 
connection to 139, but it doesn't do it gracefully and so the samba 
server just says "connection reset by peer".


The default behavoir of samba is to listen on both ports (since it's the 
default for windows).  You can override it in smb.conf and tell samba to 
only listen on one of the ports.


It could also be a problem with oplocks, but I'm not familiar with those 
at all so somebody else will have to chime in.


--Dennis
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3: "restrict anonymous = 2" breaks domain joining

2005-12-18 Thread Andrew Bartlett 
On Sun, 2005-12-18 at 16:12 +0100, Marek Szuba wrote:
> Hello,

> As it turned out, the setting which made me unable to join the domain
> from the Linux box itself by calling "net -U domadm join DOMAIN" was
> "restrict anonymous = 2". When it is set, executing the command fails
> after a few seconds' delay even though the machine account gets added
> to LDAP; when I change the number to 0 or 1, the command succeeds
> immediately despite still showing the "no results from AD" warning I
> mentioned in my previous message.

The warning is because it is trying an AD style join, which Samba3
doesn't support.  Samba3 (due to NT4 protocol limitations) doesn't
support being a DC and having 'restrict anonymous = 2' set.  

Even if Samba worked around this (there are ways), I believe a windows
client would not work.

> Considering what I'm trying to do here is talk to a Samba PDC (which
> does support this setting) using Samba's native tool (which, logic
> dictates, should support it too), this is kind of weird - especially
> taking into account that one of my shares is set to "guest ok = yes"
> ATM and that is said to nullify the effect of "restrict anonymous = 2".

It is the other way around.  If you set 'restrict anonymous = 2', then
you cannot get to a share as a guest, even with 'guest ok = yes', as the
anonymous connection has already been denied.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] windows env variable for USERDOMAIN is wrong

2005-12-18 Thread Jesse Spangenberger 
Quote: 


Hi all,

I just setup my Samba PDC.  Mostly everything works, but I am wondering why
on some clients, they have the wrong USERDOMAIN environment variable.  (when
you run 'set' in win xp cmd)

The domain name is MEIDLING, and the user and computer are joined ok.  But
in set, it shows USERDOMAIN as the Server name. Which is MAIN.

How do I change that?

Thanks in advance.
==

Same problem i have.  Not sure if its deals with WINS or not. but I get my domain showing up on XP boxes along with a domain named after my server showing up.  


When logging in both Domain\username and PDC\username work.  (sighs)



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] WXPPSP2 issue

2005-12-18 Thread Jon Miller 
Having a problem connecting to a Samba v3 server (domain ).  Does anyone have 
any traces from a ethereal trace or any special info that I can look at.
User has account in /etc/passwd file also in smbpasswd file.  PC has account in 
/etc/smbpasswd also.

Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Novell Gold Partner, Cisco Partner, Peopletelecom, Westnet, 
Sophos Anti-Virus, 

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby





Having a problem connecting to a Samba v3 server (domain ).  Does 
anyone have any traces from a ethereal trace or any special info that I can 
look 
at.
User has account in /etc/passwd file also in smbpasswd file.  PC has 
account in /etc/smbpasswd also.
 
Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNADirector/Sr Systems 
ConsultantMMT Networks Pty Ltdhttp://www.mmtnetworks.com.au";>http://www.mmtnetworks.com.auResellers
 
for: Novell Gold Partner, Cisco Partner, Peopletelecom, Westnet, Sophos 
Anti-Virus, 
 
"I don't know the key to success, but the key to failure is 
trying 
to please everybody." -Bill Cosby
 
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [SAMBA] getpeername failed

2005-12-18 Thread Dennis B. Hopp 

Franck Y wrote:


Fellows,
I need some help regarding this thing!1!
I get tons of messages like this ?
Can anyone help me with resolving this problem ?

Dec 18 13:52:42 constellation smbd[8063]: [2005/12/18 13:52:42, 0]
lib/util_sock.c:send_smb(647)
Dec 18 13:52:42 constellation smbd[8063]:   Error writing 4 bytes to
client. -1. (Connection reset by peer)
Dec 18 14:00:01 constellation crond(pam_unix)[8126]: session opened
for user root by (uid=0)
Dec 18 14:00:04 constellation syslogd 1.4.1: restart.
Dec 18 14:00:04 constellation crond(pam_unix)[8126]: session closed
for user root
Dec 18 14:01:01 constellation crond(pam_unix)[8136]: session opened
for user root by (uid=0)
Dec 18 14:01:02 constellation crond(pam_unix)[8136]: session closed
for user root
Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0]
lib/util_sock.c:get_peer_addr(1150)
Dec 18 14:24:55 constellation smbd[8333]:   getpeername failed. Error
was Transport endpoint is not connected
Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0]
lib/util_sock.c:write_socket_data(430)
Dec 18 14:24:55 constellation smbd[8333]:   write_socket_data: write
failure. Error = Connection reset by peer
Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0]
lib/util_sock.c:write_socket(455)
Dec 18 14:24:55 constellation smbd[8333]:   write_socket: Error
writing 4 bytes to socket 24: ERRNO = Connection reset by peer


Thanks !
--
Franck
 


Does this happen when you are doing something in particular?

--Dennis
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbclient lookup fails when querying local machine

2005-12-18 Thread Adam Nielsen 
> Port 139 is open in the iptables config for both TCP and UDP.

Hmm, I have an additional port open:

tcp0  0 192.168.0.1:139 0.0.0.0:*   LISTEN  
2694/smbd   
tcp0  0 127.0.0.1:139   0.0.0.0:*   LISTEN  
2694/smbd   
tcp0  0 192.168.0.1:445 0.0.0.0:*   LISTEN  
2694/smbd   
tcp0  0 127.0.0.1:445   0.0.0.0:*   LISTEN  
2694/smbd   

But I don't know whether that's CIFS or something.  Are you able to
"telnet localhost 139"?  I suspect that doing that would also timeout,
whereas I can connect immediately.  If telnet also times out, it's
almost certainly a firewall issue.  Also check your "hosts allow" line
in smb.conf.

Cheers,
Adam.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to give users access to folders within Samba share

2005-12-18 Thread Adam Nielsen 
Hi Jerry,

Thanks for your reply!

> What Samba version?  Are you using security = ads ?

I was using Samba 3.0.20 with security = domain, however I have since
upgraded to 3.0.21rc2 with security = ads in the hope that this may
have fixed the problem.

I think the problem may have been something to do with the fact that we
have so many users and groups (probably more than 65536) and once
winbind had retrieved as many of these as it could, it stopped working
with newly added groups.

Since upgrading Samba I removed all the cache files so it rebuilt them
and the user/group thing works now, all that remains to be seen is
whether it breaks again once all the groups have been retrieved or
whether it'll keep going this time.  There are a few minor differences
(e.g. the group names are all lowercase now) so it's obviously doing
something differently to before.

Cheers,
Adam.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Lessons learned

2005-12-18 Thread Henrik Zagerholm 

Great guide Vijay!

Thank you for sharing.

Cheers,
Henrik
18 dec 2005 kl. 21:30 skrev Vijay Avarachen:


Hello,
 I would like to share few things I have learned over time in  
my attempt
to integrate all my Linux clients to an existing corporate Windows  
2000
Active Directory (AD).  I am a Linux admin for a small division in  
a large
company and do not posses any special rights as far as AD goes.  I  
ONLY have

privileges on my division part of the tree in AD.

Goals:
- Integrate all Linux client to existing AD so the AD Dynamic DNS will
register hostnames
- Enable AD users to logon to Linux clients.  No users should be  
maintained

in local passwd files.
- Seem less samba share access from Windows.

I have accomplished all the goals listed above and here are a few  
things

that I learned:

- Distro
After much trial and error, I learned that the version of Samba  
shipped with
RHEL 3.0 is not very reliable when it comes to handling sites with  
large
amount of users.  Regardless of the idmap back end, winbind will  
die.  I
have standardized on RHEL 4.0 for workstations, Gentoo for back end  
servers.


- IDMAP
My initial attempts to achieve above listed golas used local tdb  
files for

keeping track of idmaps.  As our Linux environment grew from two
workstations to 13, and users started to move files around, all  
sort of
permission issues started to appear.  This happens because if you  
use local
tdb files for idmapping, the user might not get assigned the same  
UID, GID
on all the Linux hosts.  Even if you have a small userbase in AD, I  
highly

recomment using LDAP for idmap backend.

- IPTABLES
In RHEL place the following rules to enable Samba related activity
(/etc/sysconfig/iptables).  You might want to consider tightening  
the rules

further using -s (source).
#Winbindd
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport  
139 -j

ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport  
445 -j

ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport  
137 -j

ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport  
138 -j

ACCEPT

- TESTPARM
/usr/bin/testparm (RHEL) is your friend.  Every time you make  
changes to

smb.conf, use it to verify your changes.  Also smb.conf man
pagesare

crucial.

- RPMS
You will need the following RPM's:
#Samba base

= samba-3.0.10-1.4E.2
= samba-client-3.0.10-1.4E.2
= samba-common-3.0.10-1.4E.2

# OpenLDAP for idmap backend

= openldap-2.2.13-4
= nss_ldap-226-10
= openldap-clients-2.2.13-4

# Kerberos
krb5-libs-1.3.4-17

- Kerberos
/etc/krb5.conf is the key.  Without getting this file right you  
will not be
able to get a kerberos ticket from your AD.  The configuration of  
this file
really depends on your particular site.  You will know you got the  
contents

of this file right when you do kinit [EMAIL PROTECTED] and after
entering the password you get no errors.  Also doing klist should  
show you

the tickets and the expiration time 7 date.

- smb.conf Log Level
log level = 1 ads:10 auth:10 sam:10 rpc:10 winbind:5
Tail the log files and watch for errors.  (tail -f /var/log/samba/ 
{smbd.log,

winbind.log,nmbd.log}

- AD Binding
Our corporate team does not allow anonymous binding to AD.  One  
easy was for
you to test this is to use either a command line utility like  
ldapsearch
(*nix) or Softerra LDAP browser (free).  Try connecting to your AD  
LDAP
anonymously, if you cannot then you need to use a non-privileged  
service
account with winbind for LDAP lookups. You might want to set this  
users
account to "Password never expires", or write a simple script that  
updates

settings on all Linux clients when the password changes.
wbinfo --set-auth-user=nonpriv.user%good.password

-OpenLDAP Privileged User
For OpenLDAP to serve as IDMAP backend, you must store a privileged  
users

credentials in secrets.tdb file.
In smb.conf I have:
ldap admin dn = cn=priv_ldap.user,o=company
ldap idmap suffix = ou=Idmap
ldap suffix = o=company
idmap backend = ldap:ldaps://ldapserver.company.com
#Keep the following consistant across all linux clients
idmap uid = 15-55
idmap gid = 15-55

To store the password for priv_ldap.user in secrets.tdb do:
smbpasswd -w good.password

priv_ldap.user is used to populate the idmap ou.  This user has no
relationship with AD LDAP lookup user.  One exists in AD ldap
(nonpriv.user) and the other in OpenLDAP (priv_ldap.user).  The user
only needs write
access to idmap ou.  So rather than using the ldap admin user, try  
setting
permissions in your slapd.conf file for a normal user with only  
write access

to idmap ou.

- NTP
Kerberos heavily depends on time.  Make sure your Linux clients  
synchronize
to the same time server as your AD Domain Controller (ADDC).  If  
not, you

will see error messages similar to "clock skew too great".

- Check List
[1] Ensure smb, winbind, nscd are n

Re: [Samba] Implementation Question

2005-12-18 Thread Graham Leggett 

Dennis B. Hopp wrote:

Did you just use the LDAP schema that is included with Samba or did you 
make your own and then make Samba use that?


I used the standard v3.0 schema that came with Samba.


Did you use some howto or come up with it on your own?


As I recall I used the normal Samba manual, but it was a while ago, I 
may have used some other info as well.


I'm pretty familiar with Samba but LDAP is sort of new to me (I can 
query an LDAP database for information I need, but to actually construct 
an LDAP schema ground up is a different story).


Sticking to standard schemas gives you better odds that tools you add to 
your system will work without any fiddling around.


I used a tool called directory_administrator to admin the LDAP server, 
although the tool can be flaky at times.


Start off by creating a small experimental LDAP based PDC, and then 
slowly adding users to it as you get it working. Don't try migrate 
everything in one go, otherwise it will give you major headaches.


Regards,
Graham
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Implementation Question

2005-12-18 Thread Craig White 
On Sun, 2005-12-18 at 15:56 -0600, Dennis B. Hopp wrote:
> Graham Leggett wrote:
> 
> > Craig White wrote:
> >
> >> LDAP is what would make sense - scales well, replicates, portable,
> >> combines UNIX/Samba users into one object.
> >
> >
> > I have an LDAP directory which backs a Samba PDC, and offers single 
> > signon for email, and LDAP backed Linux user accounts. Works very well.
> >
> > Regards,
> > Graham
> > -- 
> 
> Did you just use the LDAP schema that is included with Samba or did you 
> make your own and then make Samba use that?
> 
> Did you use some howto or come up with it on your own?
> 
> I'm pretty familiar with Samba but LDAP is sort of new to me (I can 
> query an LDAP database for information I need, but to actually construct 
> an LDAP schema ground up is a different story).

You always use the samba schema that is distributed with the version of
Samba you have installed. Creating an ldap schema or extending it is not
necessary at all.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Implementation Question

2005-12-18 Thread Dennis B. Hopp 

Graham Leggett wrote:


Craig White wrote:


LDAP is what would make sense - scales well, replicates, portable,
combines UNIX/Samba users into one object.



I have an LDAP directory which backs a Samba PDC, and offers single 
signon for email, and LDAP backed Linux user accounts. Works very well.


Regards,
Graham
--


Did you just use the LDAP schema that is included with Samba or did you 
make your own and then make Samba use that?


Did you use some howto or come up with it on your own?

I'm pretty familiar with Samba but LDAP is sort of new to me (I can 
query an LDAP database for information I need, but to actually construct 
an LDAP schema ground up is a different story).


--Dennis
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Implementation Question

2005-12-18 Thread Graham Leggett 

Craig White wrote:


LDAP is what would make sense - scales well, replicates, portable,
combines UNIX/Samba users into one object.


I have an LDAP directory which backs a Samba PDC, and offers single 
signon for email, and LDAP backed Linux user accounts. Works very well.


Regards,
Graham
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[SAMBA] getpeername failed

2005-12-18 Thread Franck Y 
Fellows,
I need some help regarding this thing!1!
I get tons of messages like this ?
Can anyone help me with resolving this problem ?

Dec 18 13:52:42 constellation smbd[8063]: [2005/12/18 13:52:42, 0]
lib/util_sock.c:send_smb(647)
Dec 18 13:52:42 constellation smbd[8063]:   Error writing 4 bytes to
client. -1. (Connection reset by peer)
Dec 18 14:00:01 constellation crond(pam_unix)[8126]: session opened
for user root by (uid=0)
Dec 18 14:00:04 constellation syslogd 1.4.1: restart.
Dec 18 14:00:04 constellation crond(pam_unix)[8126]: session closed
for user root
Dec 18 14:01:01 constellation crond(pam_unix)[8136]: session opened
for user root by (uid=0)
Dec 18 14:01:02 constellation crond(pam_unix)[8136]: session closed
for user root
Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0]
lib/util_sock.c:get_peer_addr(1150)
Dec 18 14:24:55 constellation smbd[8333]:   getpeername failed. Error
was Transport endpoint is not connected
Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0]
lib/util_sock.c:write_socket_data(430)
Dec 18 14:24:55 constellation smbd[8333]:   write_socket_data: write
failure. Error = Connection reset by peer
Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0]
lib/util_sock.c:write_socket(455)
Dec 18 14:24:55 constellation smbd[8333]:   write_socket: Error
writing 4 bytes to socket 24: ERRNO = Connection reset by peer


Thanks !
--
Franck
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] getpeername failed

2005-12-18 Thread Franck Y 
Fellows,
I need some help regarding this thing!1!
I get tons of messages like this ?
Can anyone help me with resolving this problem ?

Dec 18 13:52:42 constellation smbd[8063]: [2005/12/18 13:52:42, 0]
lib/util_sock.c:send_smb(647)
Dec 18 13:52:42 constellation smbd[8063]:   Error writing 4 bytes to
client. -1. (Connection reset by peer)
Dec 18 14:00:01 constellation crond(pam_unix)[8126]: session opened
for user root by (uid=0)
Dec 18 14:00:04 constellation syslogd 1.4.1: restart.
Dec 18 14:00:04 constellation crond(pam_unix)[8126]: session closed
for user root
Dec 18 14:01:01 constellation crond(pam_unix)[8136]: session opened
for user root by (uid=0)
Dec 18 14:01:02 constellation crond(pam_unix)[8136]: session closed
for user root
Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0]
lib/util_sock.c:get_peer_addr(1150)
Dec 18 14:24:55 constellation smbd[8333]:   getpeername failed. Error
was Transport endpoint is not connected
Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0]
lib/util_sock.c:write_socket_data(430)
Dec 18 14:24:55 constellation smbd[8333]:   write_socket_data: write
failure. Error = Connection reset by peer
Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0]
lib/util_sock.c:write_socket(455)
Dec 18 14:24:55 constellation smbd[8333]:   write_socket: Error
writing 4 bytes to socket 24: ERRNO = Connection reset by peer


Thanks !
--
Franck
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Lessons learned

2005-12-18 Thread Vijay Avarachen 
Hello,
 I would like to share few things I have learned over time in my attempt
to integrate all my Linux clients to an existing corporate Windows 2000
Active Directory (AD).  I am a Linux admin for a small division in a large
company and do not posses any special rights as far as AD goes.  I ONLY have
privileges on my division part of the tree in AD.

Goals:
- Integrate all Linux client to existing AD so the AD Dynamic DNS will
register hostnames
- Enable AD users to logon to Linux clients.  No users should be maintained
in local passwd files.
- Seem less samba share access from Windows.

I have accomplished all the goals listed above and here are a few things
that I learned:

- Distro
After much trial and error, I learned that the version of Samba shipped with
RHEL 3.0 is not very reliable when it comes to handling sites with large
amount of users.  Regardless of the idmap back end, winbind will die.  I
have standardized on RHEL 4.0 for workstations, Gentoo for back end servers.

- IDMAP
My initial attempts to achieve above listed golas used local tdb files for
keeping track of idmaps.  As our Linux environment grew from two
workstations to 13, and users started to move files around, all sort of
permission issues started to appear.  This happens because if you use local
tdb files for idmapping, the user might not get assigned the same UID, GID
on all the Linux hosts.  Even if you have a small userbase in AD, I highly
recomment using LDAP for idmap backend.

- IPTABLES
In RHEL place the following rules to enable Samba related activity
(/etc/sysconfig/iptables).  You might want to consider tightening the rules
further using -s (source).
#Winbindd
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j
ACCEPT

- TESTPARM
/usr/bin/testparm (RHEL) is your friend.  Every time you make changes to
smb.conf, use it to verify your changes.  Also smb.conf man
pagesare
crucial.

- RPMS
You will need the following RPM's:
#Samba base
>= samba-3.0.10-1.4E.2
>= samba-client-3.0.10-1.4E.2
>= samba-common-3.0.10-1.4E.2
# OpenLDAP for idmap backend
>= openldap-2.2.13-4
>= nss_ldap-226-10
>= openldap-clients-2.2.13-4
# Kerberos
krb5-libs-1.3.4-17

- Kerberos
/etc/krb5.conf is the key.  Without getting this file right you will not be
able to get a kerberos ticket from your AD.  The configuration of this file
really depends on your particular site.  You will know you got the contents
of this file right when you do kinit [EMAIL PROTECTED] and after
entering the password you get no errors.  Also doing klist should show you
the tickets and the expiration time 7 date.

- smb.conf Log Level
log level = 1 ads:10 auth:10 sam:10 rpc:10 winbind:5
Tail the log files and watch for errors.  (tail -f /var/log/samba/{smbd.log,
winbind.log,nmbd.log}

- AD Binding
Our corporate team does not allow anonymous binding to AD.  One easy was for
you to test this is to use either a command line utility like ldapsearch
(*nix) or Softerra LDAP browser (free).  Try connecting to your AD LDAP
anonymously, if you cannot then you need to use a non-privileged service
account with winbind for LDAP lookups. You might want to set this users
account to "Password never expires", or write a simple script that updates
settings on all Linux clients when the password changes.
wbinfo --set-auth-user=nonpriv.user%good.password

-OpenLDAP Privileged User
For OpenLDAP to serve as IDMAP backend, you must store a privileged users
credentials in secrets.tdb file.
In smb.conf I have:
ldap admin dn = cn=priv_ldap.user,o=company
ldap idmap suffix = ou=Idmap
ldap suffix = o=company
idmap backend = ldap:ldaps://ldapserver.company.com
#Keep the following consistant across all linux clients
idmap uid = 15-55
idmap gid = 15-55

To store the password for priv_ldap.user in secrets.tdb do:
smbpasswd -w good.password

priv_ldap.user is used to populate the idmap ou.  This user has no
relationship with AD LDAP lookup user.  One exists in AD ldap
(nonpriv.user) and the other in OpenLDAP (priv_ldap.user).  The user
only needs write
access to idmap ou.  So rather than using the ldap admin user, try setting
permissions in your slapd.conf file for a normal user with only write access
to idmap ou.

- NTP
Kerberos heavily depends on time.  Make sure your Linux clients synchronize
to the same time server as your AD Domain Controller (ADDC).  If not, you
will see error messages similar to "clock skew too great".

- Check List
[1] Ensure smb, winbind, nscd are not running.

[2] Delete/move all old tdb files.
/etc/samba/secrets.tdb
/var/cache/samba/*.tdb

[3] Add OpenLDAP server and AD Domain controller entries to /etc/hosts.
This is in case there is a DNS fal

Re: [Samba] Implementation Question

2005-12-18 Thread Craig White 
On Sun, 2005-12-18 at 13:25 -0600, Dennis B. Hopp wrote:
> I'm setting up a small network and I would like to have centralized 
> authentication.  I have no need for active directory so samba makes sense.
> 
> The desktops will be running Windows XP but there are a few other 
> servers (a linux mail server, web server and file server) that I would 
> like to be able to use the centralized authentication with.
> 
> So my question is, is it better to configure samba as a PDC for the 
> windows clients and then use NIS for the other linux servers, or just 
> use samba for all authentication (i.e. the mail server and web server 
> will be member servers in the samba domain)?

LDAP is what would make sense - scales well, replicates, portable,
combines UNIX/Samba users into one object.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Implementation Question

2005-12-18 Thread Dennis B. Hopp 
I'm setting up a small network and I would like to have centralized 
authentication.  I have no need for active directory so samba makes sense.


The desktops will be running Windows XP but there are a few other 
servers (a linux mail server, web server and file server) that I would 
like to be able to use the centralized authentication with.


So my question is, is it better to configure samba as a PDC for the 
windows clients and then use NIS for the other linux servers, or just 
use samba for all authentication (i.e. the mail server and web server 
will be member servers in the samba domain)?


--Dennis
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Basic samba/swat setup prob

2005-12-18 Thread dave s 
On Sunday 18 Dec 2005 17:32, Eric Hines wrote:
> At 12/18/05 10:58, dave s wrote:
> >On Sunday 18 December 2005 16:47, Eric Hines wrote:
> > > At 12/18/05 09:49, Mathew D. Watson wrote:
> > > >dave wrote:
> > > >>I am running kubuntu, samba 3.0.14a, my smb.conf file is ...
> > > >>[global]
> > > >> workgroup = METRAN
> > > >> encrypt passwords = yes
> > > >>[test]
> > > >> comment = For testing only, please
> > > >> path = /etc/samba/tmp
> > > >> read only = no
> > > >> guest ok = yes
> > > >>I have a /etc/samba/tmp directory,
> > > >>I am user dave on the system so I ...
> > > >>smbpasswd -a dave
> > > >>I gave it a password of 'testing', it complained that a file did not
> > > >>exist then created it for me ... all looked AOK
> > > >>I pointed my browser to http://localhost:901, an authentication
> > > >> dialogue popped up, I entered 'dave', 'testing' hopeing for the swat
> > > >> screen but all I get is authentication failed, retry.
> > > >
> > > >This is a guess, but try adding
> > > >
> > > >security = user
> > > >
> > > >to the [global] section.
> > > >
> > > >You might also try, as I did, using the /etc/samba/smb.conf file that
> > > > came with the samba package. Then run swat, and use it to make your
> > > > changes.
> > > >
> > > >Mat
> > >
> > > There are a couple of other things you might want to try: since you've
> > > gotten to the authentication dialog, it appears you have a proper swat
> > > config file (you might, though, compare yours to the one that's on pg
> > > 53 of Ts, et al.'s _Using Samba_ (O'Reilly pub), just to be sure.  The
> > > biggie, though, is that, unless you explicitly set up swat to do
> > > otherwise, you need to log in as root to get it to run (don't forget to
> > > assign the same password for smbpasswd as you have for your root access
> > > for your kubuntu machine...).
> >
> >Thank you SO MUCH :) I have been wrestling with this problem for 2-3
> >weeks. It
> >was complicated because kubuntu does not have a root password by default.
> >Having setup a root password then smbpasswd -a and all is well :)
>
> !?  I'm minded of Hamlet's injunction, "Get thee to a nunnery,
> go."  (Although "nunnery" was a rude slang term when Shakespeare was
> writing.)  Generate a root user, promptly.  Which you have done.  I
> strongly urge you to go through the hassle of logging in as root (or su to
> root) whenever you want to make a system change of any sort.  It's too easy
> to make system changes as an ordinary user that screw up the system,
> sometimes catastrophically.  If you force yourself to do these as root
> only, you won't be proofed against those catastrophic errors, but you will
> be encouraged to make your changes only after prior thought, so the
> likelihood of those errors is minimized.

I am with you on that one. kubuntu (& ubuntu) disable the root account by 
default and users are encouraged to sudo everything or sudo -i for a root 
shell. Can get confusing but I have a root password now !

Cheers

Dave


>
> >One question, why does the smbpasswd have to be the same as the root
> >password,
> >apart from it therefore being easy to remember ?
>
> A more expert *NIX user can chime in here, but I suspect it has to do with
> you only getting one user called root, with those privileges.  One password
> for both passwd and smbpasswd prevents password conflicts.
>
> >Cheers
> >
> >Dave
>
> Eric Hines
>
> There is no nonsense so errant that it cannot be made the creed of the vast
> majority by adequate governmental action.
>  --Bertrand Russell
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Basic samba/swat setup prob

2005-12-18 Thread Eric Hines 

At 12/18/05 10:58, dave s wrote:

On Sunday 18 December 2005 16:47, Eric Hines wrote:
> At 12/18/05 09:49, Mathew D. Watson wrote:
> >dave wrote:
> >>I am running kubuntu, samba 3.0.14a, my smb.conf file is ...
> >>[global]
> >> workgroup = METRAN
> >> encrypt passwords = yes
> >>[test]
> >> comment = For testing only, please
> >> path = /etc/samba/tmp
> >> read only = no
> >> guest ok = yes
> >>I have a /etc/samba/tmp directory,
> >>I am user dave on the system so I ...
> >>smbpasswd -a dave
> >>I gave it a password of 'testing', it complained that a file did not
> >>exist then created it for me ... all looked AOK
> >>I pointed my browser to http://localhost:901, an authentication dialogue
> >>popped up, I entered 'dave', 'testing' hopeing for the swat screen but
> >>all I get is authentication failed, retry.
> >
> >This is a guess, but try adding
> >
> >security = user
> >
> >to the [global] section.
> >
> >You might also try, as I did, using the /etc/samba/smb.conf file that came
> >with the samba package. Then run swat, and use it to make your changes.
> >
> >Mat
>
> There are a couple of other things you might want to try: since you've
> gotten to the authentication dialog, it appears you have a proper swat
> config file (you might, though, compare yours to the one that's on pg 53 of
> Ts, et al.'s _Using Samba_ (O'Reilly pub), just to be sure.  The biggie,
> though, is that, unless you explicitly set up swat to do otherwise, you
> need to log in as root to get it to run (don't forget to assign the same
> password for smbpasswd as you have for your root access for your kubuntu
> machine...).

Thank you SO MUCH :) I have been wrestling with this problem for 2-3 
weeks. It

was complicated because kubuntu does not have a root password by default.
Having setup a root password then smbpasswd -a and all is well :)


!?  I'm minded of Hamlet's injunction, "Get thee to a nunnery, 
go."  (Although "nunnery" was a rude slang term when Shakespeare was 
writing.)  Generate a root user, promptly.  Which you have done.  I 
strongly urge you to go through the hassle of logging in as root (or su to 
root) whenever you want to make a system change of any sort.  It's too easy 
to make system changes as an ordinary user that screw up the system, 
sometimes catastrophically.  If you force yourself to do these as root 
only, you won't be proofed against those catastrophic errors, but you will 
be encouraged to make your changes only after prior thought, so the 
likelihood of those errors is minimized.



One question, why does the smbpasswd have to be the same as the root 
password,

apart from it therefore being easy to remember ?


A more expert *NIX user can chime in here, but I suspect it has to do with 
you only getting one user called root, with those privileges.  One password 
for both passwd and smbpasswd prevents password conflicts.




Cheers

Dave


Eric Hines

There is no nonsense so errant that it cannot be made the creed of the vast 
majority by adequate governmental action.

--Bertrand Russell

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Basic samba/swat setup prob

2005-12-18 Thread dave s 
On Sunday 18 December 2005 16:47, Eric Hines wrote:
> At 12/18/05 09:49, Mathew D. Watson wrote:
> >dave wrote:
> >>I am running kubuntu, samba 3.0.14a, my smb.conf file is ...
> >>[global]
> >> workgroup = METRAN
> >> encrypt passwords = yes
> >>[test]
> >> comment = For testing only, please
> >> path = /etc/samba/tmp
> >> read only = no
> >> guest ok = yes
> >>I have a /etc/samba/tmp directory,
> >>I am user dave on the system so I ...
> >>smbpasswd -a dave
> >>I gave it a password of 'testing', it complained that a file did not
> >>exist then created it for me ... all looked AOK
> >>I pointed my browser to http://localhost:901, an authentication dialogue
> >>popped up, I entered 'dave', 'testing' hopeing for the swat screen but
> >>all I get is authentication failed, retry.
> >
> >This is a guess, but try adding
> >
> >security = user
> >
> >to the [global] section.
> >
> >You might also try, as I did, using the /etc/samba/smb.conf file that came
> >with the samba package. Then run swat, and use it to make your changes.
> >
> >Mat
>
> There are a couple of other things you might want to try: since you've
> gotten to the authentication dialog, it appears you have a proper swat
> config file (you might, though, compare yours to the one that's on pg 53 of
> Ts, et al.'s _Using Samba_ (O'Reilly pub), just to be sure.  The biggie,
> though, is that, unless you explicitly set up swat to do otherwise, you
> need to log in as root to get it to run (don't forget to assign the same
> password for smbpasswd as you have for your root access for your kubuntu
> machine...). 

Thank you SO MUCH :) I have been wrestling with this problem for 2-3 weeks. It 
was complicated because kubuntu does not have a root password by default. 
Having setup a root password then smbpasswd -a and all is well :)

One question, why does the smbpasswd have to be the same as the root password, 
apart from it therefore being easy to remember ?

Cheers

Dave


> Anyone using swat can mess with your samba con fig file, and 
> you don't want that--you should limit access to root, and that's the
> default access level for swat.
>
> Eric Hines
>
>
> There is no nonsense so errant that it cannot be made the creed of the vast
> majority by adequate governmental action.
>  --Bertrand Russell
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Basic samba/swat setup prob

2005-12-18 Thread dave s 
On Sunday 18 December 2005 15:49, Mathew D. Watson wrote:
> dave wrote:
> > I am running kubuntu, samba 3.0.14a, my smb.conf file is ...
> >
> > [global]
> > workgroup = METRAN
> > encrypt passwords = yes
> > [test]
> > comment = For testing only, please
> > path = /etc/samba/tmp
> > read only = no
> > guest ok = yes
> >
> > I have a /etc/samba/tmp directory,
> >
> > I am user dave on the system so I ...
> >
> > smbpasswd -a dave
> >
> > I gave it a password of 'testing', it complained that a file did not
> > exist then created it for me ... all looked AOK
> >
> > I pointed my browser to http://localhost:901, an authentication dialogue
> > popped up, I entered 'dave', 'testing' hopeing for the swat screen but
> > all I get is authentication failed, retry.
>
> This is a guess, but try adding
>
> security = user

Tried it but no go , did a /etc/init.d/samba restart, authentication still 
failed

>
> to the [global] section.
>
> You might also try, as I did, using the /etc/samba/smb.conf file that
> came with the samba package. Then run swat, and use it to make your
> changes.

Tried using the default config as well, authentication still failed. But 
thanks for the suggestions.


>
> Mat


mmm

Can anyone tell me where the smb passwords are kept, they are not 
in /etc/samba/... if I can find the file I can verify if dave really exists 
in it.

Cheers

Dave
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Basic samba/swat setup prob

2005-12-18 Thread Eric Hines 

At 12/18/05 09:49, Mathew D. Watson wrote:

dave wrote:

I am running kubuntu, samba 3.0.14a, my smb.conf file is ...
[global]
workgroup = METRAN
encrypt passwords = yes
[test]
comment = For testing only, please
path = /etc/samba/tmp
read only = no
guest ok = yes
I have a /etc/samba/tmp directory,
I am user dave on the system so I ...
smbpasswd -a dave
I gave it a password of 'testing', it complained that a file did not 
exist then created it for me ... all looked AOK
I pointed my browser to http://localhost:901, an authentication dialogue 
popped up, I entered 'dave', 'testing' hopeing for the swat screen but 
all I get is authentication failed, retry.


This is a guess, but try adding

security = user

to the [global] section.

You might also try, as I did, using the /etc/samba/smb.conf file that came 
with the samba package. Then run swat, and use it to make your changes.


Mat


There are a couple of other things you might want to try: since you've 
gotten to the authentication dialog, it appears you have a proper swat 
config file (you might, though, compare yours to the one that's on pg 53 of 
Ts, et al.'s _Using Samba_ (O'Reilly pub), just to be sure.  The biggie, 
though, is that, unless you explicitly set up swat to do otherwise, you 
need to log in as root to get it to run (don't forget to assign the same 
password for smbpasswd as you have for your root access for your kubuntu 
machine...).  Anyone using swat can mess with your samba con fig file, and 
you don't want that--you should limit access to root, and that's the 
default access level for swat.


Eric Hines


There is no nonsense so errant that it cannot be made the creed of the vast 
majority by adequate governmental action.

--Bertrand Russell

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Error Message Question - Bugzilla 2214

2005-12-18 Thread L. Mark Stone 
Running VMware Workstation 5.5 on SuSE SLES9 with Samba 3.20b installed
from SuSE Projects tree.

A share on the SLES9 box is used to transfer data between the SLES9 box
and a Windows 2000 vm running in VMware--all on the same physical box.

On firing up the vm, I see the following in /var/log/messages on the
SLES9 box:

Dec 18 10:44:44 pinot smbd[27958]: [2005/12/18 10:44:44, 0]
smbd/nttrans.c:call_nt_transact_ioctl(2338)
Dec 18 10:44:44 pinot smbd[27958]:   call_nt_transact_ioctl(0x90073):
Currently not implemented.

I see there is a bugzilla report 2214, but the report gives no indication
as to whether the error is benign or not.

Since some of the data being used across this share includes accounting
files, I would be grateful to learn if I nee to be concerned about this
error, please.

Thanks!
Mark

-- 
_
A Message From...  L. Mark Stone

Reliable Networks of Maine, LLC

"We manage your network so you can manage your business"

477 Congress Street
Portland, ME 04101
Tel: (207) 772-5678
Web: http://www.rnome.com

This email was sent from Reliable Networks of Maine LLC.
It may contain information that is privileged and confidential.
If you suspect that you were not intended to receive it, please
delete it and notify us as soon as possible. Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Basic samba/swat setup prob

2005-12-18 Thread Mathew D. Watson 

dave wrote:


I am running kubuntu, samba 3.0.14a, my smb.conf file is ...

[global]
workgroup = METRAN
encrypt passwords = yes
[test]
comment = For testing only, please
path = /etc/samba/tmp
read only = no
guest ok = yes

I have a /etc/samba/tmp directory,

I am user dave on the system so I ...

smbpasswd -a dave

I gave it a password of 'testing', it complained that a file did not exist 
then created it for me ... all looked AOK


I pointed my browser to http://localhost:901, an authentication dialogue 
popped up, I entered 'dave', 'testing' hopeing for the swat screen but all I 
get is authentication failed, retry.


This is a guess, but try adding

security = user

to the [global] section.

You might also try, as I did, using the /etc/samba/smb.conf file that 
came with the samba package. Then run swat, and use it to make your changes.


Mat


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using smbmount in a script - no return value

2005-12-18 Thread Mathew D. Watson 
Thanks Michael! Yup. If files in the system can't be accessed, it's a 
good bet the mount didn't work.


Mat

Michael Barnes wrote:
For some of us simple minded types, like me, perhaps you could have a 
permanent file in the share and test for it after mounting.  Create the 
file NonsenseShare/iamhere


#!/bin/bash
smbmount //NonsenseShare /bad/mnt/point
if test -f /bad/mnt/point/iamhere ; then
printf "The mount worked!\n"
else printf "Rats, it didn't work!\n"
fi

If you can't get a return value from one command, use another command :-)

HTH,
Michael

Mathew D. Watson told me on 12/17/2005 11:53:

I'm trying to periodically mount an XP share on my linux box, and I've 
noticed that smbmount doesn't return a value so I can't test for 
success in my shell script:


#!/bin/bash
smbmount //NonsenseShare /bad/mnt/point || echo "error with smbmount"

In this case smbmount silently fails.

I searched the archives and found a couple of messages about smbmount 
demonizing before leaving a return value. Is there a good way to test 
for the success or failure of smbmount?


Mat








--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Recommended LDAP access settings for a Samba admin DN

2005-12-18 Thread Marek Szuba 
Hello again,

At the moment everything works fine, but I'd like Samba to use a
dedicated LDAP access DN instead of the global directory admin one.
Could you give me any recommendations as to how access rules should be
set for this DN so that it  both can work without problems and have no
unnecessary privileges?

Regards,
-- 
MS
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3: "restrict anonymous = 2" breaks domain joining

2005-12-18 Thread Marek Szuba 
Hello,

Despite not having received any input on my last problem, I managed to
work it out and now I've finally got a working Linux PDC with ldapsam
and non-root domain admin. As it turned out, the problems were caused
by a combination of Samba settings, too tight security on Windows boxes
and, in case of XP x64, a need for some patches against Samba source
code; here I would like to ask a question about the former.

As it turned out, the setting which made me unable to join the domain
from the Linux box itself by calling "net -U domadm join DOMAIN" was
"restrict anonymous = 2". When it is set, executing the command fails
after a few seconds' delay even though the machine account gets added
to LDAP; when I change the number to 0 or 1, the command succeeds
immediately despite still showing the "no results from AD" warning I
mentioned in my previous message.

Considering what I'm trying to do here is talk to a Samba PDC (which
does support this setting) using Samba's native tool (which, logic
dictates, should support it too), this is kind of weird - especially
taking into account that one of my shares is set to "guest ok = yes"
ATM and that is said to nullify the effect of "restrict anonymous = 2".

What is the catch here?

Regards,
-- 
MS
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] windows env variable for USERDOMAIN is wrong

2005-12-18 Thread Doug VanLeuven 

Greg Fischer wrote:

Hi all,

I just setup my Samba PDC.  Mostly everything works, but I am wondering why
on some clients, they have the wrong USERDOMAIN environment variable.  (when
you run 'set' in win xp cmd)

The domain name is MEIDLING, and the user and computer are joined ok.  But
in set, it shows USERDOMAIN as the Server name. Which is MAIN.

How do I change that?


As far as I know, when the environment variable USERDOMAIN is set to the machine
name, it means you have logged in locally to the machine instead of on the 
domain.

Not a samba problem.

Regards, Doug
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] User Must Change Password On Next Logon

2005-12-18 Thread Simo Sorce 
On Fri, 2005-12-16 at 17:20 +0100, Emanuele wrote:
> Hello,
> you can write this:
> 
> pdbedit --pwd-must-change-time=1134732000 'username'
> 
> 
> P.S.:   1134732000 is the time (sec) starting at 01/01/1970, in this
> case, the user 'username' must change his password after the
> 16/12/2005 12:20.


Do you know you can use a readable time format too ?

pdbedit --time-format="%Y/%m/%d" --pwd-must-change-time="2005/12/18" "username"


Simo.

-- 
Simo Sorce-  [EMAIL PROTECTED]
Samba Team-  http://www.samba.org
Italian Site  -  http://samba.xsec.it

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Basic samba/swat setup prob

2005-12-18 Thread dave 
Good Morning,

I am trying to setup a basic samba config by first starting up swat. I have 
followed the guide http://us2.samba.org/samba/docs/using_samba/ch02.html but 
have problems.

I am running kubuntu, samba 3.0.14a, my smb.conf file is ...

[global]
workgroup = METRAN
encrypt passwords = yes
[test]
comment = For testing only, please
path = /etc/samba/tmp
read only = no
guest ok = yes

I have a /etc/samba/tmp directory,

I am user dave on the system so I ...

smbpasswd -a dave

I gave it a password of 'testing', it complained that a file did not exist 
then created it for me ... all looked AOK

I pointed my browser to http://localhost:901, an authentication dialogue 
popped up, I entered 'dave', 'testing' hopeing for the swat screen but all I 
get is authentication failed, retry.

I have tried everything I can think of, including re-booting the machine, 
Having mailed the kubuntu mailing list all I managed to get was a reply from 
a fellow samba newbe having the same problem :)

Can anyone tell me where I am going wrong or is there a problem with the 
kubuntu setup in which case I will file a bug report.

Cheers

Dave
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba