Re: [Samba] winbind crashes after clean build of 3.0.22

[Volker Lendecke]

On Tue, May 16, 2006 at 06:34:53PM -0400, Paul Hoehne wrote:
> [2006/05/16 18:22:23, 0] lib/util.c:smb_panic2(1554)
> 
>   PANIC: Could not fetch our SID - did we join?

It would be interesting to see the answer to the question
winbind is asking you here. Did you successfully do a net
join?

Volker


pgpWPE9uFFCri.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba problems

[Gabriel Rosca]

Hi guys. I have a problem. Here is the smb.conf.

 

 

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#=== Global Settings
=
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
  workgroup = WORKGROUP

# server string is the equivalent of the NT Description field
  server string = FILES Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
  hosts allow = 192.168.38. 10.9.0. 127.

# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
  printcap name = /etc/printcap
  load printers = yes

# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
;   printing = cups

# This option tells cups that the data has already been rasterized
  cups options = raw

# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
  log file = /var/log/samba/%m.log
# all log information in one file
#   log file = /var/log/samba/smbd.log

# Put a capping on the size of the log files (in Kb).
  max log size = 50

# Security mode. Most people will want user level security. See
# security_level.txt for details.
; security = user
# Use password server option only with security = server
;   password server = 

# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
;  password level = 8
;  username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
;  encrypt passwords = yes
;  smb passwd file = /etc/samba/smbpasswd

# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#the encrypted SMB passwords. They allow the Unix password
#to be kept in sync with the SMB password.
;  unix password sync = Yes
;  passwd program = /usr/bin/passwd %u
;  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*

# Unix users can map to different SMB User names
;  username map = /etc/samba/smbusers

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /etc/samba/smb.conf.%m

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
  interfaces = 192.168.38.0/24 10.9.0.0/24

# Configure remote browse list synchronisation here
#  request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
;   remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
;   remote announce = 192.168.1.255 192.168.2.44

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
  domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it 

Re: [Samba] Log of file delete/create/open/close operations

[taso]

ashok cvs wrote:



you can turn on vfs objects = audit or extd_audit in the share , so u can
log file open/close/create/delete



"extd_audit" logs what I want, among other things. "audit" doesn't appear to
produce much. "vfs objects" doesn't seem to be all that well documented in
smb.conf(5).


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] I need your help about Microsoft pleaseeeee

[William Tran]

Dear JimCould you please help me out with a couple questions here ? 1. Which 
Administrative tool would you use to manage a user account in Active Directory 
? 2. Define roaming profile and its advantages ?3. With administrator rights , 
how can you access a user's hard drive from your workstation without the use of 
shared folders ?  Thanks alot in advance. Best Regards, W Tran
_
Because e-mail on your cell phone should be easy:  Try Windows Live Mail for 
Mobile beta
http://www2.imagine-msn.com/minisites/mail/Default.aspx?locale=en-us--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] USRMGR Not adding users properly

[Phil Maynard]

Was a solution ever found to this problem?

I too am experiencing this and desperately need a solution.

Many thanks

Phil
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Write access doesn't grant delete access?!

[Adam Nielsen]

> is the file set "read-only" in windows properties view?

Nope, none of the main attributes are ticked - but like I say, on the
Advanced settings on the Security tab, none of the users have Delete
access to the file (but some of them do have write access, which does
explain how I can modify the file.)

Cheers,
Adam.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.0.22 and OS/2 connectivity

[Guenter Kukkukk]

Hi Peter,

 cut some stuff
...
> >> Needless to say whatever I have done to the samba configuration does not
> >> seem to upset Windows2000 - I can startup my VPC w2k installation and
> >> have no problems at all accessing the nslu2 shares for reading and
> >> writing...
> >>
> >> I am now starting to wonder if there is something a little flaky as
> >> regards samba 3.0.22 and OS/2 connectivity? - or is there some secret
> >> parameter I've missed in the smb.conf file?
> >>
> >> Any/All help appreciated.
> >>
> >> Pete
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> > latest samba 3.0.22 does a pretty good job regarding OS/2 connectivity - 
> > but,
> > as often, there are some pitfalls - additional thougths and checks apply.
> > The most basic difference of OS/2 is its usage of 'extended attributes' 
> > (EAs).
> > Samba can handle EAs pretty well - but _only_, if the used *nix kernel and
> > the used file system can handle EAs, too.
> > In *nix terms, EAs are called 'xattr'.
> > Sorry, the Linksys NSLU2 is new to me - so I had a short look into the 
> > specs.
> > The specs claim, that 'FAT32', 'NTFS' or 'ext3' can be used...
> >
> > To _really_ work properly (in all cases), OS/2 needs an EA space of 64KB!
> > Even if xattr support is compiled into the kernel - and 'ext3' is enabled 
> > (in fstab)
> > for xattr usage:
> > /dev/hdb6/ext3ext3   acl,user_xattr
> > 1 2
> > xattr limitations of 'ext3' would count. 'ext3' is only able to store about 
> > 3.9KB EAs!
> >
> > reiserfs, JFS and XFS are file systems, which support 64KB EAs.
>
>
> Sadly ext3 is the filesystem used by the NSLU2 and must be used on the
> 1st partition of any disk that the NSLU2 is "Unslung" to.
>
> Alternative filesystems do not seem to include jfs (a more natural
> choice for an OS/2 user) or xfs - in fact we are talking fat, fat32 and
> ntfs as alternatives according to this doc
> http://www.nslu2-linux.org/wiki/Unslung/R63DiskBehaviour
>
>
> >
> > So, if you _really_ don't need EAs to be stored onto the Linksys samba 
> > server, some
> > entries in your smb.conf should be checked.
> > Think twice - the OS/2 workplace shell is using EAs heavily - so you won't 
> > be
> > able to use that GUI stuff anyway! (The WPS flags nearly _any_ EA error).
>
>
> Maybe I got too used to the fact that the samba 2.?.?? used in the
> Linksys firmware v23r29 worked fine?
>
>
> >
> > Samba3 has some minor glitches, when the used file system does _not_ support
> > EAs - but you told it to use EAs in smb.conf.
> > (Directories - which are told to contain EAs - might be created, and short 
> > lateron an
> > error EAS_NOT_SUPPORTED is returned... so then you have that subdir
> > created ... but OS/2 got confused...)
> >
> > Peter, a 1st try to get better results should be
> >ea support = no
> > in smb.conf
>
>
> Extremely Bad move - End of graphical access to the samba shares from an
> OS/2 based system.
>
> That is Not acceptable.
>
> I may be able to cope with command line access but I do not expect other
> users here to be able to cope. Access using the network gui is a necessity.
>
> Based on the above advice I must reconsider whether "Unslinging" the
> NSLU2 has been a good move. No doubt it brings many improvements - and
> fixes - over the Linksys standard firmware but it also introduces
> problems as regards samba.
>
> Interestingly I have discussed this problem before when querying the
> behaviour of samba 3.0.11
>
> The response was:
>
> "I probably fixed all these issues concerning File services with Jeremy
> about release 3.0.16.
> So 3.0.20a shold work fine."
>
>
> Looks like the problems have resurfaced in 3.0.22  :-(
>
>
> > xcopy should behave much more as expected. (still sending expected EA 
> > warnings)
> > Please post your smb.conf!
>
>
> Must admint that there is more than a good possibility that I've got
> something wrong in that file - especially as I now find that I cannot
> open the smb.conf file from my OS/2 system; "access denied".
>
> That is behaviour that has changed since yesterday when I did try some
> "fine tuning" but I do not see what is causing the access denied as I am
> logged on using an Administrator login.
>
>
> The below is copied from the "Full View" using SWAT - and seems to
> include a lot that is not actually in the smb.conf that I last edited
> using a text editor...

...cut your smb.conf
...
>
> Thanks
>
> Pete

Believe me, samba 3.0.22 _is_ doing a really good job regarding os/2 
connectivity. :-)
(And I know, what I talk about ... did hundreds of tests in the past...)

My intention was, to do a step by step approach to solve your needs.
The suggestion to do a 1st try with
ea support = no
in smb.conf was related to your 'xcopy' anomalies, you described before.

Are your xcopy anomalies gone, when you change that in smb.conf?

My guess is, that your 

[Samba] winbind crashes after clean build of 3.0.22

[Paul Hoehne]

Using the latest source for samba (3.0.22) on RHEL4 (32-bit X86), the build
appears to run smoothly.  SMBD and NMBD start and seem to run without
problem.  However, the following happens when WINBIND is started the
following happens:

 



 

[2006/05/16 18:22:23, 0] lib/util.c:smb_panic2(1554)

  PANIC: Could not fetch our SID - did we join?

 

[2006/05/16 18:22:23, 0] lib/util.c:smb_panic2(1562)

  BACKTRACE: 6 stack frames:

   #0 /opt/samba/sbin/winbindd(smb_panic2+0x1ce) [0xd6bfa3]

   #1 /opt/samba/sbin/winbindd(smb_panic+0x1d) [0xd6bdd0]

   #2 /opt/samba/sbin/winbindd(init_domain_list+0x7f) [0xd074d1]

   #3 /opt/samba/sbin/winbindd(main+0x53c) [0xd012b2]

   #4 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x1a1e23]

   #5 /opt/samba/sbin/winbindd [0xcff3c9]

 

Winbind has died at this point.  Any thoughts on the configuration?  The
ldap libraries are openldap-2.2.13 and  MIT Kerberos 1.3.4.  The same also
happens when I upgrade to openldap 2.3.20 libs and hiemdal Kerberos 0.7.2.
Any thoughts?

 

Build options:

./configure --with-winbind --with-acl-support --with-libsmbclient
--with-smbmount --with-krb5=/usr --with-ldap=/usr --with-ads
--prefix=/opt/samba

 

I set the ld.so.config file to first include /opt/samba/lib

 

I replaced the /lib/libnss_winbind.so and /lib/libnss_wins.so libraries with
the new ones from $(SAMBA_SROUCE)/source/nsswitch.

 

Below is configuration information, this was a running system under 3.0.10
as shipped with RHEL4

 

Smb.conf (sanitized)

[global]

interfaces = xxx.xxx.xxx.xxx/24 lo

bind interfaces only = yes

workgroup = MY-DOMAIN

netbios name = MY-HOSTNAME

server string = MY-HOSTNAME

log file = /var/log/samba/smbd.log

max log size = 50

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

security = ADS

realm = MY-REALM

password server = *

domain master = no

preferred master = no

dns proxy = no

encrypt passwords = yes

 

#add user script = /usr/sbin/useradd -g users -s /bin/bash %u

 

idmap uid = 15000-2

idmap gid = 15000-2

winbind use default domain = no

winbind separator = +

template shell = /bin/bash

winbind enum groups = yes

winbind enum users = yes

template homedir = /home/%D/%U

[homes]

comment = Home Directories

browseable = yes

writeable = yes

 

krb5.conf (sanitized)

[libdefaults]

 default_realm = MY-REALM

 

[realms]

  MY-REALM = {

kdc = my-pdc.my-domain.com

  }

  

[domain_realm]

  .harttech.com = HARTTECH.COM

  harttech.com = HARTTECH.COM

 

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: How to handle special characters in filenames

[Michael B Allen]

On Tue, 16 May 2006 10:19:01 +0200
Henrik Zagerholm <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> I'm using samba 3.0.21 on a FC 4 box.
> I'm connecting to Win XP pro clients.
> 
> Using smbclient I can get and put files which contain '%' in file names.
> 
> Using libsmbclient smbc_open this is not possible. I get 'No such  
> file or directory Errno::ENOENT' error.
> 
> Any ideas how to solve this.
> I guess it has to do with escaping special characters in smb urls but  
> I haven't found the correct way of doing this.

Try standard url escapes %. For example if you have '%' in your
path like "p%th" then 0x25 the hexcode so you need "p%25th".

Mike
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] hp officejet 9130 and samba

[Gerard Veneman \(VANDEBOUW\)]

Dear samba.org,

 

In your archives I found the the following thread.

 


==

 

Gerald (Jerry) Carter
 jerry at samba.org 
Fri Oct 7 11:51:43 GMT 2005 

 
kurt weiss wrote:
| we're using an hp officejet 9130 (all in one printer/scanner), wich has
| the possibility to store scans on a network share (smb).
|
| path, username and password are checked on a workstation and are ok.
| the printer has full access to the network.
|
| unfortunally samba denies access:
| 
| [2005/10/06 14:46:22, 0] smbd/negprot.c:reply_negprot(557)
|   No protocol supported !
| 
|
| in smb.conf we'd defined the max protocol as LANMAN2
| on the printer we've tested following options:
| LM/NTLM
| NTLM
| NTLM2
| allways the same message.
 
Can you send me an ethereal trace of the failure?
 
cheers, jerry
 

==

 

After this, the thread dies.

 

Now I'm having almost the same problem. In log.smbd I get:

 

smbd/service.c:make_connection(731)

make_connection: refusing to connect with no session setup

 

Although I created a machine account in my samba PDC for the officejet, I
suspect it doesn't authenticate this way (Domain security).

 

Do you have any ideas how I can get the 'scan to folder'-feature of the
officejet to work with samba as PDC?

 

Kind regards,

Gerard Veneman

 

 

 

VANDEBOUW

techniek & management

 

 

Elzensteeg 4

Postbus 73

3100 AB  SCHIEDAM

 

T:  010-2732002

F:  010-2731999

M: 06-51 969 172

E:  [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]> 

 

=
De informatie verzonden met dit E-mail bericht is uitsluitend
bestemd voor de geadresseerde. Gebruik van deze informatie door
anderen dan de geadresseerde is verboden. Dit bericht is
gecontroleerd op computervirussen door een geautomatiseerd systeem.
=
The information contained within this communication is confidential
and may be legally privileged. It is intended solely for the use of
the individual or entity to whom it is addressed and others
authorised to receive it. This message has been checked for computer
viruses by an automated computer system.
=

 

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba: Unrecognized service.

[Ning Liao]

Hi,

I installed CentOS 4.3 on my machine which comes with Samba
3.0.10pre-installed. I want to use the latest Samba
3.0.22, so I uninstalled Samba package (rpm -e samba, rpm -e samba-client,
samba-common can not be removed due to the package dependency). I then
downloaded Samba 3.0.22 and installed it on my machine. However, when I try
to start samba service and got a "Unrecognized Samba service" error message.

Does anyone know how to solve this problem?

Thanks,

Liang
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd and /etc/samba/smbusers

[Felipe Alfaro Solana]

You add root and not administrator.  This is by design.
When in security = user, think of the username map as
simply an alias file used for authentication requests.
smbpasswd and pdbedit work below that layer.


You were completely right. I was screwed. Adding "root" via smbpasswd
allows me to authenticate using "smbclient" as "Administrator".

Thanks a lot, Jerry.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Performance samba?

[intel Man]

Hello to all:

I have a problem apparently of performance, I have a software called 
picaview, viewer of images, I make right click to a file. jpg and in the 
samba server this it shows delays in showing the image.


Procedure:

- PC Win98 right Click .jpgNormal
- Samba 3.0.21b right Click . jpg   Delay

Right click--- ESC right Click--- ESC right Click--- ESC several times to 
prove



Can somebody reproduce this problem?

Thank you

My linux is:   Red Hat 7.2

[EMAIL PROTECTED] samba]# uname -a
Linux mail.copiservice.com.pe 2.4.9-34enterprise #1 SMP Sat Jun 1 06:05:54 
EDT 2002 i686 unknown



My smb.conf:

[global]
   workgroup = USI
   netbios name = COPISERVICE
   server string = Servidor Samba %v
   smb passwd file = /etc/samba/smbpasswd
   log file = /var/log/samba/%m.log
   max log size = 20
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 
SO_SNDBUF=8192

   printcap name = /etc/printcap
   dns proxy = No
   kernel oplocks = No
   lock spin count = 100
   lock spin time = 30
   ldap ssl = no
   message command = winpopup
   printing = lprng
   lppause command = lpc hold '%p' %j
   lpresume command = lpc release '%p' %j
   queuepause command = lpc stop '%p'
   queueresume command = lpc start '%p'
   oplocks = No
   level2 oplocks = No
   strict locking = No
[imdata]
   path = /data/img
   force directory mode = 777
   create mode = 777
   writeable = yes
   force create mode = 777
   directory mode = 777
   valid users = mgutierrez,marketing,admin



P.D.:

www.copiservice.com.pe/pica/

picaview.exe software  PicaView
_1SS11KKDD_03.jpgimage test


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd and /etc/samba/smbusers

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Felipe Alfaro Solana wrote:
> Hi,
> 
> I've been Googling around trying to found why I can't make SAMBA
> (concretely smbpasswd and pdbedit) make good use of the information
> held in the file /etc/samba/smbusers. I have done a clean install of
> Red Hat Enterprise Linux ES 4.1 Update 3 (both x86_64 and IA32) and
> Fedora Core 5. In all cases, running the following command fails:
> 
> # smbpasswd -a Administrator
> New SMB password:
> Retype new SMB password:
> Failed to initialise SAM_ACCOUNT for user Administrator. Does this
> user exist in the UNIX password database ?
> Failed to modify password entry for user Administrator
> 
> Even though /etc/samba/smbusers look like this:
> 
> root = Administrator admin

You add root and not administrator.  This is by design.
When in security = user, think of the username map as
simply an alias file used for authentication requests.
smbpasswd and pdbedit work below that layer.




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEajOgIR7qMdg1EfYRAhm/AJ44cwoQlFfpjQEfCv11OKFkDE2TjQCg08U9
BVhWLnVshEaIzsPImaG6du0=
=plQc
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd and /etc/samba/smbusers

[Felipe Alfaro Solana]

Hi,

I've been Googling around trying to found why I can't make SAMBA
(concretely smbpasswd and pdbedit) make good use of the information
held in the file /etc/samba/smbusers. I have done a clean install of
Red Hat Enterprise Linux ES 4.1 Update 3 (both x86_64 and IA32) and
Fedora Core 5. In all cases, running the following command fails:

# smbpasswd -a Administrator
New SMB password:
Retype new SMB password:
Failed to initialise SAM_ACCOUNT for user Administrator. Does this
user exist in the UNIX password database ?
Failed to modify password entry for user Administrator

Even though /etc/samba/smbusers look like this:

root = Administrator admin
guest = nobody


Running:

# smbpasswd -a root

Works fine, however.

I don't understand why both smbpasswd and pdbedit ignore the user
mapping defined in /etc/samba/smbusers.

Any ideas? Am I wrong?
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] how to setup file sharing access rights

[dont know]

Hi,
   
  I am new to LINUX and SAMBA, so please help me.  We have a file share server 
set up in our office .  Therefore everyone in the office can access the 
Projects directory  on the LINUX server /home/project/ from their Window PCs. 
The projects section of the smb.conf file looks like this 
   
  #
  [projects]
   comment = projects
   path = /home/project/
   browsable = yes
   writable = yes
   valid users = root, user1, user2, user3.. user10
   force user = samba
   force group = samba
   guest ok = no
   
  ##
   
  Now there is a drawings folder under the projects directory
  /home/project/project1/drawings 
  and we want to let only user1 and user2 to be able to read, write and modify 
files in the drawings folder.  And we want that other users should only be able 
to read the contents of the drawings folder.
   
  I would really appreciate if you can help me to set this up.
  Thanks for your time and help.
  yes
   
   

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] eliminate version information

[KMANNING]

Thanks

>>> "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> 5/16/2006 1:34 PM >>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

KMANNING wrote:
>  I want to eliminate the Samba version information that appears when
> mapping a share on a samba server from windows explorer (winxp).  As an
> example after mapping a drive in windows, say drive t:, explorer shows
> drive t: mapped as:  'homes on 'Samba 3.0.20b-3.4-SUSE (servername)'
> How can I eliminate the samba version info, 'Samba 3.0.20b-3.4-SUSE'
> from windows explorer.
> I have tried changing the server string parameter but to no avail.  How
> can I remove the version info and just leave the name?

Change the function smbd/server.c:add_signature()




cheers, jerry
=
Samba--- http://www.samba.org 
Centeris ---  http://www.centeris.com 
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org 

iD8DBQFEag0WIR7qMdg1EfYRAmxgAJ9fPA0RsPHFgT0Vc80MXOSbiTGZSgCguPqt
D2Q3CDQAvyUAUhhMfhdly7c=
=kFSQ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] eliminate version information

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

KMANNING wrote:
>  I want to eliminate the Samba version information that appears when
> mapping a share on a samba server from windows explorer (winxp).  As an
> example after mapping a drive in windows, say drive t:, explorer shows
> drive t: mapped as:  'homes on 'Samba 3.0.20b-3.4-SUSE (servername)'
> How can I eliminate the samba version info, 'Samba 3.0.20b-3.4-SUSE'
> from windows explorer.
> I have tried changing the server string parameter but to no avail.  How
> can I remove the version info and just leave the name?

Change the function smbd/server.c:add_signature()




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEag0WIR7qMdg1EfYRAmxgAJ9fPA0RsPHFgT0Vc80MXOSbiTGZSgCguPqt
D2Q3CDQAvyUAUhhMfhdly7c=
=kFSQ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] eliminate version information

[KMANNING]

 I want to eliminate the Samba version information that appears when
mapping a share on a samba server from windows explorer (winxp).  As an
example after mapping a drive in windows, say drive t:, explorer shows
drive t: mapped as:  'homes on 'Samba 3.0.20b-3.4-SUSE (servername)'
How can I eliminate the samba version info, 'Samba 3.0.20b-3.4-SUSE'
from windows explorer.
I have tried changing the server string parameter but to no avail.  How
can I remove the version info and just leave the name?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] allowing windows xp local service with systems accounts rights to access samba share

[Urs Rau]

I am trying to use 'wpkg' omn win xp sp2 machine, a windows package
installer service, to access shares on my domain server.

'Wpkg' is running as a local service on a windows xp box that is joined
to a domain, and I would like this local 'wpkg' service that is running
with local systems rights to access files on a samba domain share.

I have played with a number of options including allowing guest access
but none of it seems successfull. It seems to either not accept the
username and password pair, although they are valid, or else complained
about not it not allowing multiple user connections to the same server.

What would I have to add in the share definition on the samba primary
domain server that would allow all windows xp sp2 workstations in the
domain that are running this service access to the share (if possible -
concurrently to a limited user account actually running the network
login script)

Thanks for any hints with this.

-- 
Urs Rau 
Head of Operations  
Operation Mobilisation  
UK National Office  Tel: +44-1691-773388
The Quinta, Weston Rhyn Fax: +44-1691-778378
Oswestry, Shropshire, SY10 7LT  E-mail: [EMAIL PROTECTED]
United Kingdom  http://www.uk.om.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Performance issue on AIX when deleting files inadirectory with a large number of files

[William Jojo]

- Original Message - 
From: "Jeremy Allison" <[EMAIL PROTECTED]>
To: "Jeremy Allison" <[EMAIL PROTECTED]>
Cc: ; "William Jojo" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Friday, May 12, 2006 7:06 PM
Subject: Re: [Samba] Performance issue on AIX when deleting files
inadirectory with a large number of files


> On Thu, May 11, 2006 at 04:06:37PM -0700, Jeremy Allison wrote:
> > On Thu, May 11, 2006 at 03:54:17PM -0700, Jeremy Allison wrote:
> > >
> > > Do you see the change notify replies happening followed by the
> > > change notify setups ? I bet I know what it is
> > >
> > > Because AIX doesn't have kernel change notify when the change
> > > notify setup comes (which happens after every delete) it causes a
> > > directory rescan at that point - after *each* delete !
> >
> > I think I can code around this. The key is to ensure that
> > setting "change notify timeout" to zero turns off change
> > notify except for renames and deletes. Also make it a per-share
> > parameter so it can be set to zero for "large" directories...
> >
> > Give me a day or so on this.
>
> Ok - here is the patch. Bill - if you could test this on
> AIX by setting the (now per-share) parameter :
>
> "change notify timeout = 0"
>
> on the share definition that holds a large number of files,
> you might find a speed up. I can see the effect it has here
> when I disable the kernel and FAM based change notify.
>

Looks good here, Jeremy. The response time is exactly like my tests in FC3.
Thanks a lot!


Cheers,

Bill

> Jeremy.
>






> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbind authenticating its default domain but not trusted domains

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas Munn wrote:

> What Works:
> 
> I have two 'realms' here.com and corp.here.com, which 
> correspond to the domains of 'here' and 'corp',
> respectively.  Corp trusts 'here'.
> 
> If the linux box is a member of 'corp' people from 
> the corp domain can login fine.
> 
> What Doesn't work
> 
> But people in the 'trusted' domain 'here' cannot login.  
> The system reports the user as not existing.

We do not at this time support one way trusts but it on
my radar in the next month or so.






cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEaefDIR7qMdg1EfYRAtnbAKDjxSMcnPiVAWuS6noILdV8P4DnrgCfS9m+
glLiUyL1dLvt59FaOn/ohNI=
=SLvS
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind authenticating its default domain but not trusted domains

[Thomas Munn]

Dear Samba Team/Readers:

I have been reading the mailing lists looking for a solution to a particular
problem that I am having:

The Setup:

centos 4.3 (redhat enterprise server clone) running kerberos, samba Version
3.0.10-1.4E.2, 32 bit system.  Running stock kernel 2.6.9-22.  I am
authenticating to a windows 2003 server, standard edition, with all service
packs and patches applied.  I am using winbind and AD integration to allow
linux workstations to authenticate to our NT domains.

What Works:

I have two 'realms' here.com and corp.here.com, which correspond to the
domains of 'here' and 'corp', respectively.  Corp trusts 'here'.

If the linux box is a member of 'corp' people from the corp domain can login
fine.

What Doesn't work

But people in the 'trusted' domain 'here' cannot login.  The system reports
the user as not existing.

I tried changing the smb.conf and the krb5.conf files to use 'here' domain,
e.g. here.com while logging into corp.here.com domain controller.  It worked
miserably, nothing worked.  I also listed my 'trusted domains' using the
wbinfo command, and it lists corp as being trusted.  I also have the allow
trusted domains = yes and the use default domains = yes (tried no on this
with NO luck!).

I have looked at the list, and I saw a recent flame war in which an
individual seemed to be trying to do what I am, and he was told politely
that he 'should seek help  elsewhere'.  I am not sure exactly if my problem
corresponds to his,  but I list it to prove that I have at least tried
reading the list.  I haven't included all of .conf files, for brevity, but
will include relevant parts of files:

---

nsswitch.conf is setup to use winbind

passwd: files winbind
shadow: files winbind
group:  files winbind
hosts:  files dns
protocols:  files winbind
services:   files winbind
netgroup:   files winbind
automount:  files winbind

-

My krb5.conf file

[libdefaults]
default_realm = CORP.HERE.COM
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
CORP.HERE.COM = {
 kdc = server1.corp.here.com:88
 admin.server = server1.corp.here.com:749
 default_domain = corp.here.com
}

[domain_realm]
.corp.here.com = CORP.HERE.COM
corp.here.com = CORP.HERE.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false
}



Finally, the [global] section of my smb.conf file:[global]

  workgroup = CORP
  netbios name=MYCOMPUTER
  server string = Samba Server
  printcap name = /etc/printcap
  load printers = yes
  cups options = raw
  log file = /var/log/samba/%m.log
  max log size = 50
  security = ads
  realm=CORP.HERE.COM
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  allow trusted domains = Yes
  unix password sync = Yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
  pam password change = yes
  obey pam restrictions = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  dns proxy = no
  idmap uid = 16777216-33554431
  idmap gid = 16777216-33554431
  winbind use default domain = yes
  winbind separator = #
  winbind enum users = yes
  winbind enum groups = yes
  template shell=/bin/bash
  template homedir = /home/%U

-

Lastly, My system-auth file from my /etc/pam.d directory

authrequired  /lib/security/$ISA/pam_env.so
authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok
authsufficient/lib/security/$ISA/pam_krb5.so use_first_pass
authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass
authrequired  /lib/security/$ISA/pam_deny.so

account required  /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient/lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_krb5.so
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_winbind.so
account required  /lib/security/$ISA/pam_permit.so
passwordrequisite /lib/security/$ISA/pam_cracklib.so retry=3
passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok
md5 shadow
passwordsufficient/lib/security/$ISA/pam_krb5.so use_authtok
passwordsufficient/lib/security/$ISA/pam_winbind.so use_authtok
passwordrequired  /lib/security/$ISA/pam_deny.so
session required  /lib/security/$ISA/pam_limits.so
session required  /lib/security/$ISA/pam_unix.so
session optional  /lib/security/$ISA/pam_mkhomedir.so skel=etc/skel/
umask=0027
session optional  /lib/security/$ISA/pam_krb5.so


I thank you for your time and patience.

Sincerely,

Thomas J. Munn
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://li

Re: [Samba] Can one set limits on new core dump?

[James Peach]

On Tue, 16 May 2006 08:27 am, James Peach wrote:
[snip]
> I could certainly add a "enable core files" knob to smb.conf. I'd prefer
> it to be on by default.

something like this 

-- 
James Peach | [EMAIL PROTECTED] | SGI Australian Software Group
I don't speak for SGI.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] configure a small local network

[Ivan Ricotti]

Hi to all,

I'm a newbie installing and configuring samba/ldap and so on... I'm looking for
help! :)

I have a small network:

° hosts:
- melo2 (WinXP Home)
- melo3 (WinXP Professional)
- melo4 (Debian)

° on melo4 I created 4 users using "smbldap-useradd":
- alice, bob, charles, dana
- I alse created a group "office" using "smbldap-groupadd" and added those users
to the gruop.

° on melo4 I have:
/home/office
  /blabla
  /etcetc

° On Windows clients:
- melo2 (WinXP-pro) is configured into the Domain Controller "MELOGRANO" so I
can login with all my users.
- melo3 (WinXP-home) replicate charles and dana users and partecipate to
"MELOGRANO" workgroup;

But...

1) I cannot share the folder: "/home/office":

drwxrwx---   5 root 513 4,0K 2006-05-15 15:23 office

I see the resource from windows clients but I cannot access to it! Windows
claims I don't have the right permission...
Asking:

melo4:/home# smbldap-groupshow office

I have:

dn: cn=office,ou=Groups,dc=MELOGRANO,dc=net
objectClass: posixGroup
cn: office
gidNumber: 2002
memberUid: alice,bob,charles,dana

but if I ask:

melo4:/home# smbldap-usershow alice

I have:

dn: uid=alice,ou=Users,dc=MELOGRANO,dc=net
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
cn: alice
sn: alice
uid: alice
uidNumber: 2011
gidNumber: 513
homeDirectory: /home/alice

-

2) I cannot enter to charles and dana home on Server from the windows XP home
clients.

How can I see the home folders? When, on the windows clients, I try to add a
network resource I don't see the home in the list of melo4's shared.

This is my smb.conf:


# Global parameters
[global]
dos charset = 850
unix charset = ISO8859-1
workgroup = MELOGRANO
server string = %h server (Samba %v)
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1/
enable privileges = Yes
pam password change = Yes
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -a -B1 -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=MELOGRANO,dc=net
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=MELOGRANO,dc=net
ldap user suffix = ou=Users
panic action = /usr/share/samba/panic-action %d
invalid users = root
printer admin = "@Print Operators"
create mask = 0640
directory mask = 0750
printing = cups
print command =
lpq command = %p
lprm command =
case sensitive = No
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

[homes]
comment = Home Directories
valid users = %U
read only = No
create mask = 0644
directory mask = 0775
browseable = No

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
browseable = No

[profiles]
path = /home/samba/profiles
valid users = %U, "@Domain Admins"
force user = %U
read only = No
create mask = 0600
directory mask = 0700
guest ok = Yes
profile acls = Yes
browseable = No
csc policy = disable

[printers]
comment = All Printers
path = /tmp
create mask = 0700
printable = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
include = /etc/samba/shares/office.conf

[office]
comment = Melograno Shared Documents
path = /home/office
valid users = @office
force group = @office
read only = No
profile acls = Yes


Thank you very much!
Ivan

-- 
Ivan Ricotti
--- 
eLabor sc - via G. Garibaldi 33, 56127 Pisa
tel: +39 050970363 - fax +39 0503137878
email: [EMAIL PROTECTED]
GnuPG KeyID: DFD581C5 - 13/11/2003
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba ADS problem

[Fabio Bucciarelli]

Hi Jasmine.

For chown, if you don't use the 

winbind use default domain = Yes 

in smb.conf file, you must specify the name of windows domain:

chown SE\\username /home/jselvaraj

I can't help you about the "account locked out" error.

Fabio

On Fri, 2006-05-12 at 14:30 -0700, jasmine mary wrote:
> Hi 
> 
> I am working with the implementation of Samba(3.0.7) against AD. I compliled
> Samba after compiling LDAP, kerberos.I can execute the following commands
> successfully.
> 
> wbinfo -u, -g -t
> netads info, testjoin
> getent passwd group
> 
> But i cant use chown to use the owner as AD user, even after shutting down
> the nscd daemon.
> 
> I am giving the my smb.conf file
> 
> [global]
> workgroup = SE
> realm = SE.JASMINE.ORG
> security = ADS
> password server = SE.JASMINE.ORG
> log level = 3
> log file = /var/log/samba/%m
> wins server = ackdc02-coa.jasmine.org
> idmap uid = 1-2
> idmap gid = 1-2
> 
> [jmj]
> path = /home/jselvaraj
> 
> When i try to get the jmj share, i am getting the error that "The referenced
> account is currently locked out and may not be logged in". Even i am not
> specifying the valid users attribute for the jmj share, i am getting this
> error. If i set the valid user as "selara", the account is locked at the
> windows while i am accessing the share. Is it the problem with WINDOWS AD
> side or My Samba Server side?
> 
> Please help me out of this problem.
> 
> Jasmine
> 
> 
> 
> 
> 
> 
> 
> 
> --
> View this message in context: 
> http://www.nabble.com/Samba-ADS-problem-t1610406.html#a4365961
> Sent from the Samba - General forum at Nabble.com.
> 
-- 
Fabio Bucciarelli
Servizio Sviluppo telematica regionale e gestione delle infrastrutture
informatiche(st.4.23) 
DIREZIONE GENERALE ORGANIZZAZIONE, SISTEMI INFORMATIVI E TELEMATICA 
Regione Emilia-Romagna Viale Aldo Moro, 52 - 40127 Bologna 
Telefono ++39 051 6395658
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Log of file delete/create/open/close operations

[ashok cvs]

Hi

you can turn on vfs objects = audit or extd_audit in the share , so u can
log file open/close/create/delete

Regards
niranjan


On 5/15/06, taso <[EMAIL PROTECTED]> wrote:


Is it possible to log file open/close/create/delete operations without
turning on level 10 debug?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Domain login Problem.

[Gary Dale]

Your problem is that you are trying to join a domain. net join is used 
to add machines, not people, to a domain. Presumably, only your root 
user has authority to do that, which is why the other net join fails.


If you already have your users added to the domain, you just need to 
give the users access to your local XP workstations. You can do that 
from XP.



Roberto Salvatierra wrote:


Hi i setted up a samba server on debian sarge using samba version 3.0.14.

my configuration file is as follows:

 BOF ---

[global]
guest account = smbguest
security = user
workgroup = SMSERVER
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096

max log size = 1000
log level = 1
log file = /var/log/samba/000log.%m

encrypt passwords = yes
wins support = yes

os level = 99
domain master = yes
local master = yes
preferred master = yes
domain logons = yes


add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel -r '%u'

add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
set primary group script = /usr/sbin/usermod -g '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u'

logon path = 
\\SMSERVER\samba\profiles\%U

logon drive = z:
logon home = \\SMSERVER\home\samba\%U 
#logon script = logon.bat

name resolve order = lmhosts host wins bcast
dns proxy = no

[netlogon]
   path = /home/netlogon
   writeable = no
   guest ok = no

[profiles]
   create mask = 0600
   browseable = no
   directory mask = 0700
   comment = Profile Share
   writable = yes
   path = /home/samba/profiles
   profile acls = yes


[homes]
#   path = /home/U%
  read only = no
  browseable = yes

 EOF
---

now almost everything works fine. I can add workstations to the Domain =
SMSERVER, they work fine, I can see the shares ( I had shares before 
), and

mout them as any user, root, user1,user2 etc.

now when i try to log as a user other than root, to a XP client, it 
does not

allows me, it recognizes the user, but I'm not allowed to log on.

i can only login as root, even on the linux machine. how can I allow the
other non root users to log in ?

here is the problem:

 Login in as root: ---

smserver:/etc/samba# net join -U root
root's password:
[2006/05/15 19:00:26, 0] utils/net_ads.c:ads_startup(191)
 ads_connect: No results returned
Joined domain SMSERVER.
---



--- Login in as another user:

smserver:/etc/samba# net join -U chuby
chuby's password:
[2006/05/15 19:01:19, 0] utils/net_ads.c:ads_startup(191)
 ads_connect: No results returned
[2006/05/15 19:01:19, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(279)
 error setting trust account password: NT_STATUS_ACCESS_DENIED
Unable to join domain SMSERVER.


that unable to join domain, has given me headaches for 2 days now !,  
Thanks

for any help !



R. Salvatierra



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Write access doesn't grant delete access?!

[Michael Gasch]

is the file set "read-only" in windows properties view?

greez

Adam Nielsen wrote:

Hi all,

I've got these permissions set on a folder:

$ getfacl htdocs

# file: htdocs
# owner: root
# group: users
user::rwx
group::rwx
group:DOMAIN\134htdocs_access:rwx
mask::rwx
other::r-x

The idea being that any users in the "htdocs_access" group in Active
Directory will have full access to this "htdocs" folder, without
interfering with the real owner/group of the folder (which the web
server uses.)

This seems to work fine, except that any files I create through Windows
Explorer I can't delete again (I can edit them and create more files,
but I can't delete anything.)  Viewing properties on the file indicates
that the DOMAIN\htdocs_access group doesn't have Delete permission (the
Delete checkbox is unticked) but the other permissions seem fine.

I didn't realise that Samba treated Delete access separately to Write
access - how do I grant Delete access on a folder?

Thanks,
Adam.


--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
   49 (0)341 - 3550 374

Fax:   49 (0)341 - 3550 399

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind and AD password updates

[Pierre Ossman]

Guenther Deschner wrote:

On Mon, May 15, 2006 at 03:49:06PM +0200, Pierre Ossman wrote:
More funkyness. Somewhere in pam_winbind (or something it calls), 
exit_group(101) gets called, killing of my application. Known issue?


No, there is no such call in winbindd or pam_winbind.



Doing some gdb:ing, I got this backtrace:

#0  0x4005d146 in exit () from /lib/tls/libc.so.6
#1  0x080488f9 in ?? ()
#2  0x0065 in ?? ()
#3  0x08048c23 in _IO_stdin_used ()
#4  0x0804e180 in ?? ()
#5  0x0804e180 in ?? ()
#6  0x0804e245 in ?? ()
#7  0x0003 in ?? ()
#8  0x0003 in ?? ()
#9  0x4002b8df in pam_get_item () from /lib/libpam.so.0
#10 0x400202d4 in _get_ntstatus_error_string ()
   from /lib/security/pam_winbind.so
#11 0x40020329 in _get_ntstatus_error_string ()
   from /lib/security/pam_winbind.so
#12 0x400203ac in _get_ntstatus_error_string ()
   from /lib/security/pam_winbind.so
#13 0x4002247a in pam_sm_chauthtok () from /lib/security/pam_winbind.so
#14 0x4002cf1a in _pam_dispatch () from /lib/libpam.so.0
#15 0x4002f2a3 in pam_chauthtok () from /lib/libpam.so.0
#16 0x08048aa3 in ?? ()

As libpam is the last offender, I probably should throw the ball their 
way. But could you have a quick look to make sure you're in the clear 
with regard to the samba functions in the backtrace?


--
Pierre OssmanTelephone: +46-13-21 46 00
Cendio ABWeb: http://www.cendio.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem: changing groups

[Dr.Peer-Joachim Koch]

Hi,

we are running a samba sever 3.0.20 (SuSE SLES9) for file services.
We have still a NT4 domain (for auth) and ldap for unix (user+groups).

The linux is using our LDAP server to get all user & group informations.
However under samba it is not possible to change the group
of a file or folder. None of the groups are shown ...

On the shell id etc. shows everything corrently.

Do I have to add the ldap paramter as well to the config ?

[global]
workgroup = BGC
server string = DVA. BGC New SNFS Fileserver(Minerva)
netbios name = MINERVA
netbios aliases = GAIA MINERVA
interfaces = eth0
security = domain
password server =  *
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
printer admin = @ntadmin, root, administrator
map to guest = Bad User
log file = /var/log/samba/%m.log
read only = no
max disk size = 4194300

# begin BPR



--
Bye,
Peer
_
Max-Planck-Institut fuer Biogeochemie
Dr. Peer-Joachim Koch
Hans-Knöll Str.10Telefon: ++49 3641 57-6705
D-07745 Jena Telefax: ++49 3641 57-7705
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] How to handle special characters in filenames

[Henrik Zagerholm]

Hi,

I'm using samba 3.0.21 on a FC 4 box.
I'm connecting to Win XP pro clients.

Using smbclient I can get and put files which contain '%' in file names.

Using libsmbclient smbc_open this is not possible. I get 'No such  
file or directory Errno::ENOENT' error.


Any ideas how to solve this.
I guess it has to do with escaping special characters in smb urls but  
I haven't found the correct way of doing this.


Any help would be greatly appreciated.

Regards,
Henrik


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can one set limits on new core dump?

[Doug VanLeuven]

James Peach wrote:

On Mon, 15 May 2006 09:40 pm, Doug VanLeuven wrote:

James Peach wrote:

On Sat, 13 May 2006 12:16 am, Gerald (Jerry) Carter wrote:

James,

This was your change right ?

Yup. It's deliberately not configurable so that we can always get
*something* that might help with fault diagnosis.


Is there a chance for some kind of compromise?


Of course.


winbindd cranked out hundreds of core dumps in less time than
it took to get a cup of coffee.


Do you have some core-naming facility that renames the core files
something other than "core"? I'm trying to understand why you ended up
with more that one core file 


I running FC4, I didn't invoke any core naming facility, but
sometimes Fedora adds functionality I'm not aware of.
The samba core dumps for winbindd ended up core.

Partial list
[EMAIL PROTECTED] var]# l cores/winbindd
total 18076
-rw---  1 root root 1069056 May 12 03:22 core.19692
-rw---  1 root root 1028096 May 12 03:22 core.19693
-rw---  1 root root 1044480 May 12 03:22 core.19696
-rw---  1 root root 1028096 May 12 03:22 core.19697
-rw---  1 root root 1044480 May 12 03:23 core.19703
-rw---  1 root root 1028096 May 12 03:23 core.19704
-rw---  1 root root 1044480 May 12 03:23 core.19710
-rw---  1 root root 1028096 May 12 03:23 core.19711
-rw---  1 root root 1175552 May 12 03:24 core.19714
-rw---  1 root root 1163264 May 12 03:24 core.19715
-rw---  1 root root 1122304 May 12 02:03 core.6081
-rw---  1 root root 1081344 May 12 02:03 core.6082
-rw---  1 root root 1097728 May 12 02:04 core.6090
-rw---  1 root root 1081344 May 12 02:04 core.6091
-rw---  1 root root 1097728 May 12 02:04 core.6101
-rw---  1 root root 1081344 May 12 02:04 core.6102
-rw---  1 root root 1224704 May 12 02:04 core.6111


log.winbindd-idmap:
[2006/05/12 03:22:12, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 19692 (3.0.23pre2-SVN-build-15162)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/05/12 03:22:12, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/05/12 03:22:12, 0] lib/fault.c:fault_report(45)
  ===
[2006/05/12 03:22:12, 0] lib/util.c:smb_panic(1592)
  PANIC (pid 19692): internal error
[2006/05/12 03:22:12, 0] lib/util.c:log_stack_trace(1699)
  BACKTRACE: 24 stack frames:
   #0 /usr/local/samba3/sbin/winbindd(log_stack_trace+0x26) [0x837b1a]
   #1 /usr/local/samba3/sbin/winbindd(smb_panic+0x5e) [0x8379e2]
   #2 /usr/local/samba3/sbin/winbindd [0x826420]
   #3 /usr/local/samba3/sbin/winbindd [0x82642e]
   #4 [0x110420]
   #5 /usr/local/samba3/sbin/winbindd(sid_binstring+0x1d) [0x8325a5]
   #6 /usr/local/samba3/lib/idmap/ad.so [0xb684f3]
   #7 /usr/local/samba3/sbin/winbindd(idmap_set_mapping+0x26c) [0x9044c9]
   #8 /usr/local/samba3/sbin/winbindd(winbindd_dual_idmapset+0xb0) [0x7e86c2]
   #9 /usr/local/samba3/sbin/winbindd [0x7e7155]
   #10 /usr/local/samba3/sbin/winbindd [0x7e8135]
   #11 /usr/local/samba3/sbin/winbindd [0x7e6db8]
   #12 /usr/local/samba3/sbin/winbindd(async_request+0x14e) [0x7e6a22]
   #13 /usr/local/samba3/sbin/winbindd [0x7e8373]
   #14 /usr/local/samba3/sbin/winbindd(idmap_sid2gid_async+0xd1) [0x7e8f0b]
   #15 /usr/local/samba3/sbin/winbindd [0x7eb780]
   #16 /usr/local/samba3/sbin/winbindd [0x7e96b4]
   #17 /usr/local/samba3/sbin/winbindd [0x7e8277]
   #18 /usr/local/samba3/sbin/winbindd [0x7e6d73]
   #19 /usr/local/samba3/sbin/winbindd [0x7c6988]
   #20 /usr/local/samba3/sbin/winbindd [0x7c7560]
   #21 /usr/local/samba3/sbin/winbindd(main+0x641) [0x7c7eac]
   #22 /lib/libc.so.6(__libc_start_main+0xdf) [0x1c1d7f]
   #23 /usr/local/samba3/sbin/winbindd [0x7c6125]
[2006/05/12 03:22:12, 0] lib/fault.c:dump_core(164)
  dumping core in /usr/local/samba3/var/cores/winbindd
[2006/05/12 03:22:13, 0] lib/fault.c:fault_report(41)




My vmware machines all died for lack of temporary file space.
Ultimately, it required a reboot to get back to normal
because a lot of daemons require var space.

If it's repeatable, the common process is to re-enable core
dumps and run a monitored test.


Unfortunately not all  problems are easily repeatable, and not all


I was going to say "If a problem doesn't repeat, was it really
a problem?" but I noticed you said easily.
Look, I just bought a 1984 Corvette.  Bright red. I love that car.
Needs some TLC, but I'm going to love fixing it.
I'm having a real hard time being serious here.


sites have people with the time and expertise to be able to do this
sort of testing.


Barring a compromise, I'll have to investigate and probably
recommend hard limits be inherited in the startup files.
Otherwise, run the risk of having samba take down the entire
machine for the benefit of the developers on a Murphey.
The way I've done it for 30 years is limit core dumps for
normal day to day, re-enable it during problem determination.


I could certainly add