Re: [Samba] Unable to add computer to domain

2006-07-18 Thread Ulrich Ferenc 

Try this option in the smb.conf:

add machine script = /usr/sbin/smbldap-useradd -w -i "%u"

that should work. The -i tells smbldap-useradd to add a workstation trust 
account.


Ferenc Ulrich


- Original Message - 
From: "Logan Shaw" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, July 18, 2006 11:33 PM
Subject: Re: [Samba] Unable to add computer to domain



On Tue, 18 Jul 2006, User 1 wrote:
Pls help, I am in the progress implementing Samba as LDAP as PDC on FC5, 
I

followed the instruction of  "samba3-ldap-howto", now I am unable to add
computer to domain..

Tried to check /var/log/samba and found the following:

[2006/07/18 14:55:44, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
 _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"nb02$"'
gave 9


Hmm...

$ grep -c 'exit.*9' smbldap-useradd
1

Seems like since there is only one way for smbldap-useradd to
exit with code 9, maybe that's something you should look into.

  - Logan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re[2]: [Samba] How to get login name of logged user?

2006-07-18 Thread [EMAIL PROTECTED] 
Hello, Huck.

I'm sorry I was not clear enough. I don't need login names of users
connecting to my shares, I want to get windows account login name of
user logged to remote machine. I need this for integration with squid
for transparent authentication.


You wrote 18 july 2006 , 18:19:00:

> smbstatus does this for me.

> Samba version 3.0.10-1.4E.6
> PID Username  Group Machine
> ---
> 24250   dpatchin  staff staff10  (192.168.0.104)
> 24279   jlovenguthstaff staff03  (192.168.0.120)
> 24307   bgosney   officefrontoffice03 (192.168.0.161)
> 24201   dhuckaby  dhuckaby  dyno (192.168.0.80)
> 23994   hfowler   hfowler   staff01  (192.168.0.163)


> That's what the output looks like.


> [EMAIL PROTECTED] wrote:
>> Hello list.
>> Is there any way to get login name of a currently logged user on remote 
>> machine using samba?
>> I can get the list of all users with command smbclient -L host, but how do I 
>> know who of them logged now?
>> Thanks in advance.
>> Roman Gorohov.
>> 


Roman Gorohov.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] can't save 0 size file in samba 2.0.7

2006-07-18 Thread liu jack 

I think that samba 2.0.7 is also useful for embeded system.
Because smbd ,nmbd files in samba 3 are too big for embeded system.
I'm tracking down the bug now,but can you give me some ways?
My way is to grab the package by sniffer,find the bug point, and fix it.

anyone who is interesting in samba on embeded system,can contact with me.

Thanks
Jack


From: Adam Nielsen <[EMAIL PROTECTED]>
To: "liu jack" <[EMAIL PROTECTED]>
CC: samba@lists.samba.org
Subject: Re: [Samba] can't save 0 size file in samba 2.0.7
Date: Wed, 19 Jul 2006 09:14:50 +1000

> Anyone didn't encountered  the problem?
> and someone have suggestion for me ?

Well the problem is it works fine with the latest version of Samba (I
tested with 3.0.21rc2) so I doubt anyone is interested in fixing a
version that nobody should be using any more.

It looks like you'll need to track down the bug and fix it yourself if
you don't want to upgrade!

Cheers,
Adam.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] archive flag in samba?

2006-07-18 Thread Douglas D Germann Sr 
Hi--

My previous install of Samba was on a RedHat 9.0 box which just died.

I am used to running a backup of the server to a WinXP Pro box, using a batch
file with a bunch of xcopy commands to copy just the files which have changed
since the last backup.

When the old server died, I replaced it with a new Ubuntu 6.06 box. Now when I
run this batch file, it copies every one of the files, whether the file was
changed or not.

Is there a way to get this kind of functionality under the newer version
(3.0.22) of samba? 

(Yes, I do have other backups, this one is just a redundant one.)

Thanks!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Speeding up samba

2006-07-18 Thread Douglas D Germann Sr 
Hi--

My old samba server, running on a RedHat 9.0 eMachines box, ran well. It died
this weekend.

So I took a new Ubuntu 6.06 box and restored the data files here and turned it
into a samba server. My other two Ubuntu boxes (which mount cifs) and my two Win
boxes (one XP Pro, one Win95) are all slow on this network now.

Are there any tricks for speeding up samba generally?

Thanks!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbd panic on security = ADS

2006-07-18 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Brian Milco wrote:

> I've tried to down grade back to 3.0.14a with no luck, 
> It looks like it might be samba's interaction with libldap
> and or libnss_mdns, both of which I've tried to downgrade
> as well.

This is not our bug. You'll have to contact the
/lib/libnss_mdns.so.2 maintainers.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEvXfjIR7qMdg1EfYRAt30AKCe2od4W+YCXmBijfdu5efT1FVE3gCgqG2e
WKFpgSs4yMvM7zb8AttsbEs=
=9MgN
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] New Server: need to transfer PDC to new server

2006-07-18 Thread adrian sender 

Kevin,

You need to provide the list with more information, what backend database 
are you using - have you read the documentation available on the samba site?


In any case you need to set the sid to be the same on the bdc as the pdc; 
net getlocalsid, then net setlocalsid sidnumberhere.


If you are using ldap database, slapcat -v -l database.txt, go to your new 
server and add the database.txt with slapadd -v -l database.txt.


Adrian Sender.

From: Kevin Kallsen <[EMAIL PROTECTED]>
To: 
Subject: [Samba] New Server: need to transfer PDC to new server
Sent: Tuesday, 18 July 2006 6:17:12 AM
I have Samba 3.0.22 running as a PDC on a server.  We recently bought a new
server and I want to transfers the PDC settings to the new server and turn
off the old server.  What do I need to do?



Thanks



Kevin Kallsen


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch

2006-07-18 Thread Don Meyer 
Yes, I'm pretty sure Jerry Carter does.  ([EMAIL PROTECTED])   He's 
posted that he expects a patch for this to be included in the 3.0.23a 
release -- due sometime real soon now... ;-)


Cheers,
-D

At 12:03 PM 7/18/2006, Howard Wilkinson wrote:

you are a genius, this fixed it! Anybody know why?

Howard.

Don Meyer wrote:
Well, I didn't see the last bit you describe, but I don't run 
RFC2307 (yet).  We we bit by very similar behavior when moving from 
3.0.22 to the 3.0.23 RC's.  Turns out that the use-default-domain 
option is not being universally applied to groups in 3.0.23.   As 
soon as I changed my "valid users = +group" statements to the 
format "= +domain\group", then this problem was fixed for 
us.   Maybe it will do the trick for you...


Don Meyer   <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

  "They that can give up essential liberty to obtain a little 
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] can't save 0 size file in samba 2.0.7

2006-07-18 Thread Adam Nielsen 
> Anyone didn't encountered  the problem?  
> and someone have suggestion for me ?

Well the problem is it works fine with the latest version of Samba (I
tested with 3.0.21rc2) so I doubt anyone is interested in fixing a
version that nobody should be using any more.

It looks like you'll need to track down the bug and fix it yourself if
you don't want to upgrade!

Cheers,
Adam.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] subfolder permission

2006-07-18 Thread Julien de Luca {Integrated Systems Ltd} 
Hi,

Can Anyone help me out with subfolder permissions?.. Searched
everywhere for tips on how to setup a system with a main folder shared and
subfolders shared to X, Y and Z groups…. It’s been a very £”$^* task and am
running out of options… We need to separate 2 departments having access to
the same folder…

Eg:-

Company

Accounts

Human Resources

 

Each group should have full access to it’s group and no access
to the other.

 

I’ve tried multiple versions of SMB.conf… Even tried playing
with linux file permission but too much of a novice to get the thing running
professionally and smoothly. My Superiors are seriously thinking of moving
back to ‘the competition’ 

 

PLEASE HELP!>>

 

Julien de Luca

Integrated Systems Ltd

http://integratedsystemsmru.com/



http://www.bitdefender.com  

-

secure your every bit

-

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to add computer to domain

2006-07-18 Thread Logan Shaw 

On Tue, 18 Jul 2006, User 1 wrote:

Pls help, I am in the progress implementing Samba as LDAP as PDC on FC5, I
followed the instruction of  "samba3-ldap-howto", now I am unable to add
computer to domain..

Tried to check /var/log/samba and found the following:

[2006/07/18 14:55:44, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
 _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"nb02$"'
gave 9


Hmm...

$ grep -c 'exit.*9' smbldap-useradd
1

Seems like since there is only one way for smbldap-useradd to
exit with code 9, maybe that's something you should look into.

  - Logan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE:[Samba] scripting smbpasswd not working..

2006-07-18 Thread Max Kipness 
>Hello all,
>
>I'm sure I can't be the only person with this question.. but I just didn't
>see it answered..
>
>how do you script smbpasswd?
>
>I've tried
>
>echo password | smbpasswd -sa name
>smbpasswd -sa name password
>
>echo password | smbpasswd -D5sa name
>(this gets me the ability to add a password by hand..)

Funny, I was just researching this myself. Found out that this is the
correct syntax, and it seems to work fine:

(echo $pass;echo $pass)|smbpasswd -s -a $user

Thanks,
Max
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Weird statup probems TLS & SSL openldap and samba 3.0.23

2006-07-18 Thread Jose Gilberto Torres 

Hello,
I am kind of confused with this situation.  I am attempting to build a 
PDC using TLS/SSL with the following version of software.


Samba 3.0.23
OpenLDAP 2.3.19
Fedora Core 5

When I startup the Samba server via the "service" command (service smb 
start) I get the following errors in my logs.


Using SSL:

Jul 13 09:52:34 prism smbd[23161]:   smbldap_search_suffix: Problem 
during the LDAP search: error:14094410:SSL 
routines:SSL3_READ_BYTES:sslv3 alert handshake failure (Time limit exceeded)
Jul 13 09:52:34 prism smbd[23161]: [2006/07/13 09:52:34, 0] 
lib/smbldap.c:smb_ldap_start_tls(546)
Jul 13 09:52:34 prism smbd[23161]:   Failed to issue the StartTLS 
instruction: Can't contact LDAP server


Using TLS

Jul 18 10:32:09 prism smbd[7441]: [2006/07/18 10:32:09, 0] 
lib/smbldap.c:smb_ldap_start_tls(612)
Jul 18 10:32:09 prism smbd[7441]:   Failed to issue the StartTLS 
instruction: Connect error


But when I start up Samba issuing this command "/etc/init.d/smb start", 
it works.  This this a bug in the "service" command.  Did I 
mis-configured something?  Is there any thing I can try to debug this 
problem?  I've included the configuration files for samba and ldap.  
I've hid the actual hostname and DIT.  Thanks!


/etc/openldap/ldap.conf
**
URI ldaps://.com <-
BASE dc=,dc=,dc=com
TLS_REQCERT demand
TLS_CACERT /etc/openldap/ca.crt
TLS_CERT /etc/openldap/server.crt
TLS_KEY  /etc/openldap/server.key

/etc/openldap/slap.conf
**
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args

databasebdb
suffix  dc=,dc=,dc=com
rootdn  "cn=Manager,dc=,dc=,dc=com"
rootpw  {SSHA}xxx
directory /var/lib/ldap

index cn  pres,sub,eq
index sn  pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber   eq
index gidNumber   eq
index objectClass  eq
index memberUid   eq,subinitial
index mail eq,subinitial
index givenname   eq,subinitial
index   sambaSID  eq
index   sambaPrimaryGroupSID  eq
index   sambaDomainName   eq
index   default   sub

#Access to read the root DSE (DSA [Directory System Agent] Specific Entry)
access to dn.base=""
  by self write
  by * auth
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
   by self write
  by anonymous auth
  by * none
access to *
  by * read
  by anonymous auth

security tls=1
TLSCACertificateFile /etc/openldap/ca.crt
TLSCertificateFile /etc/openldap/server.crt
TLSCertificateKeyFile /etc/openldap/server.key
TLSVerifyClient demand

/etc/ldap.conf
***
uri ldap://.com
host .com
port 389
ssl start_tls
tls_reqcert demand
tls_checkpeer yes
tls_cert /etc/openldap/server.crt
tls_key /etc/openldap/server.key
tls_cacertfile /etc/openldap/ca.crt
base dc=,dc=,dc=com
binddn cn=Manager,dc=,dc=,dc=com
bindpw T
nss_base_passwd   ou=Users,dc=,dc=,dc=com?one
nss_base_passwd   ou=Computers,dc=,dc=,dc=com?one
nss_base_shadow   ou=Users,dc=,dc=,dc=com?one
nss_base_groupou=Groups,dc=,dc=,dc=com?one
nss_base_hostsou=Hosts,dc=,dc=,dc=com?one
pam_password md5

/etc/samba/smb.conf   - Just the global portion.
***
[global]
   # Your Workgroup Name
   workgroup = TEST-PURPLE
   # Server name
   netbios name = TEST-PURPLE
   passdb backend = ldapsam:ldap://.com
   username map = /etc/samba/smbusers
   printcap name = cups
   add user script = /usr/local/sbin/smbldap-useradd -m '%u'
   delete user script = /usr/local/sbin/smbldap-userdel %u
   add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
   delete group script = /usr/local/sbin/smbldap-groupdel '%g'
   add user to group script = /usr/local/sbin/smbldap-groupmod -m 
'%u' '%g'
   delete user from group script = /usr/local/sbin/smbldap-groupmod 
-x '%u' '%g'
   set primary group script = /usr/local/sbin/smbldap-usermod -g 
'%g' '%u'

   add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
   enable privileges = yes
#Domain Controller setup
   domain logons = Yes
   os level = 44
   preferred master = Yes
   domain master = Yes
   show add printer wizard = Yes
#OpenLdap
   ldap suffix = dc=,dc=,dc=com
   ldap machine suffix = ou=Computers
   ldap user suffix = ou=Users
   ldap group suffix = ou=Groups
   ldap idmap suffix = ou=Idmap
   ldap admin dn = cn=Manager,dc=,dc=,dc=com
   ldap p

Re: [Samba] Kerberos Keytab Code Update in 3.0.23

2006-07-18 Thread Doug VanLeuven 

Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Doug,

File a bug report if you believe this to be true.  I'm 
not at 3.0.23 right now and don't have the time to try it

here.  I wouldn't want to lose this. I did see a mention
they dropped support of joins from machines where
the domain differs from the realm, but haven't had 
time to check this. There has been a rewrite of the

ads join code since 3.0.22.


Doug,

You should probably review my comments to Scott. Keytab
support is being rewritten, not dropped.

I was saying dns domain not equal realm dropped
and rewrite ads join code



Just that windows doesn't guarantee case in names.

For example, on my login, the current tickets show up as
HOST/[EMAIL PROTECTED]
host/[EMAIL PROTECTED]
HOST/[EMAIL PROTECTED]
HOST/[EMAIL PROTECTED]


Your tickets where?  From kerbtray.exe?  Or on a Unix box?

kerbtray & klist


I just an not seeing this case permutation you claim.

NT40 sidhistory migration to 2000 AD
then standard 2000 AD upgraded to 2003 standard AD
then 2003 standard upgraded to 2003 enterprise.


What is the list of SPNs for that Samba account in AD?

samba 3.0.23, created account in AD
SPN's
CIFS/stor
CIFS/stor.nt.ldxnet.com
HOST/STOR
HOST/stor.nt.ldxnet.com

klist on 2003 server
   Server: cifs/[EMAIL PROTECTED]
  KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
  End Time: 7/18/2006 18:53:02
  Renew Time: 7/25/2006 8:53:02



Can you tell what applications are generating these requests
so I can reproduce it?

Domain controller browsing to stor's shares.


PS: I asked out Apache guy (at Centeris) who is working
with mod_auth_kerb and he claims that krb5 authentication
to http://SerVer.ExaMple.COM still gets a ticket for
HTTP/server.example.com which supports my theory about
tickets based on SPN values.

Yes, it works with rc4-hmac.  But it's been coming back to me.
It didn't work with des-cbc-md5 until the permutations were
added.  How soon we forget.  It's really difficult to test
des-only now.  Have to join with rc4, then hand edit with
adsi.exe in the AD, then remove the rc4 from krb5.conf
and reboot the machine to purge the caches, because samba
set's the des-only on a compile time flag.

For information, here's the list of tickets on the domain
controller after browsing an older, running samba server
joined years ago, and a win2000 workstation:
Cached Tickets: (6)

   Server: krbtgt/[EMAIL PROTECTED]
  KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
  End Time: 7/18/2006 18:53:02
  Renew Time: 7/25/2006 8:53:02


(win2000 workstation)
   Server: cifs/[EMAIL PROTECTED]
  KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
  End Time: 7/18/2006 18:53:02
  Renew Time: 7/25/2006 8:53:02


(FC3 - krb5 1.3.6)
   Server: cifs/[EMAIL PROTECTED]
  KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
  End Time: 7/18/2006 18:53:02
  Renew Time: 7/25/2006 8:53:02


(Domain controller)
   Server: ldap/ranger1.nt.ldxnet.com/[EMAIL PROTECTED]
  KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
  End Time: 7/18/2006 18:53:02
  Renew Time: 7/25/2006 8:53:02

(FC4 - long running samba currently at 3.0.23pre2-SVN-build-15985)
   Server: cifs/[EMAIL PROTECTED]
  KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
  End Time: 7/18/2006 18:53:02
  Renew Time: 7/25/2006 8:53:02

(Domain controller)
   Server: host/[EMAIL PROTECTED]
  KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
  End Time: 7/18/2006 18:53:02
  Renew Time: 7/25/2006 8:53:02



Regards, Doug
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind periodically does 44 extraneous lookups, causing 10-15 second lag

2006-07-18 Thread Jonathan C. Detert 
* James Zuelow <[EMAIL PROTECTED]> [060718 11:22]:
> 
> 
> > winbind enum groups = yes
> 
> > 
> > Does anyone know why this is happening, and what I could do
> > to remove or
> > minimize the initial large delay?
> 
> I see a similar behavior with the Debian 3.0.14a and 3.0.22 packages.
> My guess is that you won't see this if you don't enumerate groups.
> 
> See http://samba.org/samba/docs/man/Samba3-HOWTO/idmapper.html
> 
> If I understand winbind correctly, your setup is asking winbind to
> refresh all of the groups, not just ask which groups the user may be a
> member of.

You are correct - after setting 'winbind enum groups = no', I no longer
see the initial large delay.  Thanks!

The other change I notice is that now 'groups username' doesn't show all
groups the user belongs to.  To know that, I must be logged in as
'username', and simple type 'groups'.

Can anyone give a few examples of other programs which depend on getgrent ?
I.e. what are the other ramifications of turning off group enum in winbind?
-- 
Happy Landings,

Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbd panic on security = ADS

2006-07-18 Thread Brian Milco 

I have a samba server that was updated to samba v3.0.22 and is not working.

It is a fileserver for the network, it's a member of the ADS and it was 
working perfectly up until saturday.


It doesn't panic when I change security = ADS to security = server, 
unfortunately I need ADS auth.


I've tried to down grade back to 3.0.14a with no luck, It looks like it 
might be samba's interaction with libldap and or libnss_mdns, both of which 
I've tried to downgrade as well.


Thanks for any help,

Brian

smbd.log:
[2006/07/18 09:22:53, 0] lib/fault.c:fault_report(36)
 ===
[2006/07/18 09:22:53, 0] lib/fault.c:fault_report(37)
 INTERNAL ERROR: Signal 11 in pid 15071 (3.0.22)
 Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/07/18 09:22:53, 0] lib/fault.c:fault_report(39)

 From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/07/18 09:22:53, 0] lib/fault.c:fault_report(40)
 ===
[2006/07/18 09:22:53, 0] lib/util.c:smb_panic2(1554)
 PANIC: internal error
[2006/07/18 09:22:53, 0] lib/util.c:smb_panic2(1562)
 BACKTRACE: 25 stack frames:
  #0 /usr/sbin/smbd(smb_panic2+0x78) [0x81ffea8]
  #1 /usr/sbin/smbd(smb_panic+0x19) [0x82000a5]
  #2 /usr/sbin/smbd [0x81ee1b5]
  #3 [0xe420]
  #4 /lib/libnss_mdns.so.2 [0xb77826d3]
  #5 /lib/libnss_mdns.so.2 [0xb7782941]
  #6 /lib/libnss_mdns.so.2(mdns_query_ipv4+0xa7) [0xb7782a24]
  #7 /lib/libnss_mdns.so.2(_nss_mdns_gethostbyaddr_r+0x134) [0xb77840c0]
  #8 /lib/tls/i686/cmov/libc.so.6(gethostbyaddr_r+0x156) [0xb7cdb1f6]
  #9 /lib/tls/i686/cmov/libc.so.6(getnameinfo+0x41c) [0xb7ce328c]
  #10 /usr/lib/libldap_r.so.2(ldap_pvt_get_hname+0x5a) [0xb7f3af24]
  #11 /usr/lib/libldap_r.so.2(ldap_host_connected_to+0x132) [0xb7f36bc9]
  #12 /usr/lib/libldap_r.so.2(ldap_int_open_connection+0x1bb) [0xb7f232a5]
  #13 /usr/lib/libldap_r.so.2(ldap_new_connection+0x7d) [0xb7f34544]
  #14 /usr/lib/libldap_r.so.2(ldap_open_defconn+0x3d) [0xb7f22c71]
  #15 /usr/lib/libldap_r.so.2(ldap_open+0x43) [0xb7f22fa0]
  #16 /usr/sbin/smbd(ldap_open_with_timeout+0x42) [0x8267e51]
  #17 /usr/sbin/smbd(ads_try_connect+0x44) [0x8267f8a]
  #18 /usr/sbin/smbd(ads_connect+0x53d) [0x826dbdf]
  #19 /usr/sbin/smbd(check_published_printers+0xb2) [0x822918c]
  #20 /usr/sbin/smbd(nt_printing_init+0x2e0) [0x822960b]
  #21 /usr/sbin/smbd(print_backend_init+0x148) [0x8218821]
  #22 /usr/sbin/smbd(main+0x3b4) [0x828afc7]
  #23 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xd2) [0xb7c11ea2]
  #24 /usr/sbin/smbd [0x807ebb1]


(I've sanitized the smb.conf file but it worked perfectly for the last 6 
months to a year as-is.)


[global]
   workgroup = DOMAINGROUP
   realm = DOMAIN.LOCAL
   server string =
   security = ADS
   password server = 192.168.1.10
   log file = /var/log/samba/%m.log
   max log size = 50
   server signing = auto
   socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
   printcap name = /etc/printcap
   preferred master = No
   domain master = No
   dns proxy = No
   ldap ssl = no
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   cups options = raw

[Documents]
   comment = Documents
   path = /home/Documents
   valid users = "@DOMAIN\domain users", "@DOMAIN\domain admins"
   admin users = "@DOMAIN\domain admins"
   write list = "@DOMAIN\domain users", "@DOMAIN\domain admins"
   read only = No
   create mask = 0770
   directory mask = 0770
   case sensitive = No
   msdfs proxy = no


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch

2006-07-18 Thread Howard Wilkinson 

Don,

you are a genius, this fixed it! Anybody know why?

Howard.

Don Meyer wrote:

Well, I didn't see the last bit you describe, but I don't run RFC2307 
(yet).  We we bit by very similar behavior when moving from 3.0.22 to 
the 3.0.23 RC's.  Turns out that the use-default-domain option is not 
being universally applied to groups in 3.0.23.   As soon as I changed 
my "valid users = +group" statements to the format "= +domain\group", 
then this problem was fixed for us.   Maybe it will do the trick for 
you...


Cheers,
-D


At 07:41 AM 7/18/2006, Howard Wilkinson wrote:

I have managed to isolate where the problem is, now I need to work 
out what the problem is?


I have a group

cohtech:*:16777225:lesley,howard,ecbull

in which I am a member - howard.

I have a

valid users = +cohtech

entry in smb.conf for the share I am trying to connect to, I get the 
following reported in the machine.log file -


zebra.log:  string_to_sid: Sid +cohtech does not start with 'S-'.

and the users get rejected. If I declare the user directly then 
access is allowed.


This server gets its group database from the AD controllers via RFC2307.

Anybody know why group expansion may be broken in 3.0.23?



Don Meyer   <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

  "They that can give up essential liberty to obtain a little 
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 
1759



--

Howard Wilkinson



Phone:



+44(20)76907075

Coherent Technology Limited



Fax:





23 Northampton Square,



Mobile:



+44(7980)639379

London, United Kingdom, EC1V 0HL



Email:



[EMAIL PROTECTED]



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] profile question

2006-07-18 Thread éric le hénaff 

hello,
i have a profile question
here under is my profile definition. it's nothing more than the one from 
the idealx samba howto.

profiles just work fine on my box BUT i want more ...
i want a manager to have read/write acces on every users' profile 
subdirectory for troubleshooting from his windows workstation with 
invoking \\server\profiles. he's in the domain admins.

How to do that
Thank you for any help, i tried different scenarios (samba tweaking, 
acls inheritance and so on) for an afternoon and didnt find one working.

ELH

[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"

--
Éric LE HÉNAFF
École normale supérieure - Centre de ressources informatiques
Informaticien, Ingénieur développements et systèmes auprès des bibliothèques de 
l'ENS

Préférez firefox! http://www.mozilla-europe.org/fr/

SVP, évitez de m'envoyer des attachements au format Word, Excel ou PowerPoint.
Préférez les formats rtf, csv, html ou pdf au lieu des formats word et excel.
Voir http://www.gnu.org/philosophy/no-word-attachments.fr.html pour plus
d'explications.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] winbind periodically does 44 extraneous lookups, causing 10-15 second lag

2006-07-18 Thread James Zuelow 


> winbind enum groups = yes

> 
> Does anyone know why this is happening, and what I could do
> to remove or
> minimize the initial large delay?

I see a similar behavior with the Debian 3.0.14a and 3.0.22 packages.
My guess is that you won't see this if you don't enumerate groups.

See http://samba.org/samba/docs/man/Samba3-HOWTO/idmapper.html

If I understand winbind correctly, your setup is asking winbind to
refresh all of the groups, not just ask which groups the user may be a
member of.

James ZuelowCBJ MIS (907)586-0236
Network Specialist...Registered Linux User No. 186591
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba-3.0.22 -> samba-3.0.23 pam_winbind issue(s)

2006-07-18 Thread Rex Dieter 
Rex Dieter wrote:

> Rex Dieter wrote:
> 
>> Dietrich Streifert wrote:
>> 
>>> I found a bug in nsswitch/pam_winbind.c which I reported to
>>> https://bugzilla.samba.org/show_bug.cgi?id=3916
>>> I submitted shortly a patch which solves the issue.
>> 
>> I can confirm that patch works as advertised, and fixes the issue for me.
>> Many thanks Dietrich.
> 
> I take it back, after further testing, I'm still seeing wierd winbind/pam
> behavior.  On my first test machine, all seemed well.
> 
> On another box, with *exactly* same smb.conf (that was working previously
> with samba-3.0.22), things aren't so rosy:
> 
> Using
> log level = 1 winbind:8
> 
> authentication/login attempts fail with these filling /var/log/messages:
> # Jul 18 10:47:59 foo pam_winbind[27236]: read from socket failed!
> Jul 18 10:47:59 foo pam_winbind[27236]: internal module error (retval = 3,
> user = `bar1')
> 
> Hmm... and
> $ net ads ...
> commands hang too... with periodic log entries saying:
> 
> Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0]
> lib/util_sock.c:write_data(564)
> Jul 18 10:48:30 foo winbindd[27214]:   write_data: write failure. Error =
> Broken pipe
> Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0]
> nsswitch/winbindd_dual.c:fork_domain_child(825)
> Jul 18 10:48:30 foo winbindd[27214]:   Could not write result
> Jul 18 10:49:43 foo winbindd[27228]: [2006/07/18 10:49:43, 0]
> nsswitch/winbindd_dual.c:child_read_request(49)
> Jul 18 10:49:43 foo winbindd[27228]:   Got invalid request length: 0
> 
> Wierd, I'll keep looking...

OK, this one looks like .tdb table upgrade problems.

To get my working samba-3.0.22 box working with samba-3.0.23, I needed to:
1) stop winbind
2) delete everything from /var/cache/samba/, which includes:
gencache.tdb  messages.tdb  netsamlogon_cache.tdb  winbindd_cache.tdb 
winbindd_idmap.tdb  winbindd_privileged/
3) (re)join domain via 'net ads join'
4) (re)start winbind

Just tried upgrading yet another working samba-3.0.22 box to 3.0.23,
and, [EMAIL PROTECTED], that one worked mostly, except, now local accounts 
aren't
working... (this *is* an ancient rh7 box, so that may have something to do
with it).

-- Rex

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 4 Test deployment with SWAT

2006-07-18 Thread Rainer Shiz 

Hi,

  We are testing out Samba 4 TP2 release. We have configured Samba4 on an
i386 running Linux 2.6.12.6.

We are trying to get the SWAT GUI functional in this system,
but it refuses login with the message

*Login failed: Undetermined error - please try again
*
Trying as 'root' and root password on the local machine or
trying as any another user  fails too with this same error message.

After configure, make and make install successfully Samba 4 in
/usr/local/samba4
we ran the provision command as below and the output is as below.

./setup/provision  --adminpass=testpass --domain=testdomain --realm=testrealm
Provisioning for testdomain in realm testrealm
Using administrator password: testpass
Setting up smb.conf
Setting up secrets.ldb
Setting up keytabs
Setting up hklm.ldb
Setting up sam.ldb attributes
Setting up sam.ldb schema
Setting up display specifiers
Setting up sam.ldb templates
Setting up sam.ldb data
Setting up sam.ldb users and groups
Setting up DNS zone: testrealm
Please install the zone located in
/usr/local/samba4/private/testrealm.zone into your DNS server
All OK


Here the testrealm, testdomain are not present in the environment.
ie. We dont have a domain setup in this environment. (#dnsdomainname returns
(none))

We have had success in running Samba 3.0.2 successfully in the same
environment.
(Linux 2.6.12.6 in a different system)

So what else need to be done to enable login thro' SWAT GUI.

Is SWAT bundled along with 'smbd' in Samba 4 ?
Is 'smbpasswd' utility in Samba 3.0.2 removed in Samba 4 or again brought
into 'smbd' itself?
Is 'nmbd' also now (Samba 4) part of 'smbd' itself?

Please let us know what changes have to be effected to login
thro' SWAT GUI.

Thanks
Rainer.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Setting security = server with differents domains

2006-07-18 Thread Kalil de A. Carvalho 

Hello people.
Can I have one machine with parameter security = server and the 
workgroup different of password server??

Ex:
My PDC:
[global]
netbios name = serv1
wokgroup = dom1
security = user
...
...
..

My DMS
{global]
netbios name = serv2
workgroup = dom2
security = server
password server = serv1
...
...
...

This setting can work??
Thanks

--

Kalil de A. Carvalho.
Setor de Redes.
+55-84-3215-1236/8845-9998
Associação Potiguar de Educação e Cultura - APEC
Universidade Potiguar - UnP
Natal/RN

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba-3.0.22 -> samba-3.0.23 pam_winbind issue(s)

2006-07-18 Thread Rex Dieter 
Rex Dieter wrote:

> Dietrich Streifert wrote:
> 
>> I found a bug in nsswitch/pam_winbind.c which I reported to
>> https://bugzilla.samba.org/show_bug.cgi?id=3916
>> I submitted shortly a patch which solves the issue.
> 
> I can confirm that patch works as advertised, and fixes the issue for me.
> Many thanks Dietrich.

I take it back, after further testing, I'm still seeing wierd winbind/pam
behavior.  On my first test machine, all seemed well.

On another box, with *exactly* same smb.conf (that was working previously
with samba-3.0.22), things aren't so rosy:

Using
log level = 1 winbind:8

authentication/login attempts fail with these filling /var/log/messages:
# Jul 18 10:47:59 foo pam_winbind[27236]: read from socket failed!
Jul 18 10:47:59 foo pam_winbind[27236]: internal module error (retval = 3,
user = `bar1')

Hmm... and 
$ net ads ...
commands hang too... with periodic log entries saying:

Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0]
lib/util_sock.c:write_data(564)
Jul 18 10:48:30 foo winbindd[27214]:   write_data: write failure. Error =
Broken pipe
Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0]
nsswitch/winbindd_dual.c:fork_domain_child(825)
Jul 18 10:48:30 foo winbindd[27214]:   Could not write result
Jul 18 10:49:43 foo winbindd[27228]: [2006/07/18 10:49:43, 0]
nsswitch/winbindd_dual.c:child_read_request(49)
Jul 18 10:49:43 foo winbindd[27228]:   Got invalid request length: 0

Wierd, I'll keep looking...

-- Rex

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch

2006-07-18 Thread Don Meyer 
Well, I didn't see the last bit you describe, but I don't run RFC2307 
(yet).  We we bit by very similar behavior when moving from 3.0.22 to 
the 3.0.23 RC's.  Turns out that the use-default-domain option is not 
being universally applied to groups in 3.0.23.   As soon as I changed 
my "valid users = +group" statements to the format "= +domain\group", 
then this problem was fixed for us.   Maybe it will do the trick for you...


Cheers,
-D


At 07:41 AM 7/18/2006, Howard Wilkinson wrote:
I have managed to isolate where the problem is, now I need to work 
out what the problem is?


I have a group

cohtech:*:16777225:lesley,howard,ecbull

in which I am a member - howard.

I have a

valid users = +cohtech

entry in smb.conf for the share I am trying to connect to, I get the 
following reported in the machine.log file -


zebra.log:  string_to_sid: Sid +cohtech does not start with 'S-'.

and the users get rejected. If I declare the user directly then 
access is allowed.


This server gets its group database from the AD controllers via RFC2307.

Anybody know why group expansion may be broken in 3.0.23?


Don Meyer   <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

  "They that can give up essential liberty to obtain a little 
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbind periodically does 44 extraneous lookups, causing 10-15 second lag

2006-07-18 Thread Jonathan C. Detert 
The setting is Debian with winbind v3.0.22.  The pertinent bit of
winbind configuration is as follows:

winbind nss info = sfu
idmap backend = ad
winbind enum groups = yes
winbind cache time = 1800

The problem is that once in a while, typically when either:

a) an ls command is given for the 1st time in a login shell
   session

or

b) a groups command is given for a username for the 1st time
   in a login shell session

there is a 10 to 15 second delay before the ls(1) or groups(1) command yields
any output.  If the same command is given again, it returns normally,
with no delay.

I captured the output of strace -f -T on two such groups(1) commands, the
first with the large delay, and the 2nd with no abnormal delay.  From
the output, the delay seems to be coming from read()'s from a winbind
pipe, for 44 different groups.

Here is an example snippet from the strace output:

22191 mmap2(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 
0) = 0x55749000 <0.05>
22191 select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) <0.05>
22191 read(4, "frei-group\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 
134046) = 134046 <0.000212>
22191 munmap(0x55749000, 135168)= 0 <0.14>

you can see the rather large time spent in the read() call.

It should be pointed out that the 44 groups that take a long time, are
all for groups to which the username used in the groups command
does not belong.  In other words, there is no apparent reason why the
lookup is being done for those groups : the username I ran the groups
command for does not belong to these 44 groups.

Does anyone know why this is happening, and what I could do to remove or
minimize the initial large delay?
-- 
Happy Landings,

Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Fw: [Samba] Compiling 3.0.23

2006-07-18 Thread Jack Gostl 
I didn't get any answers on this last week. I'm hoping that someone has some 
thoughts on it.


I'm on AIX 5.3 using gcc 4.0.0 and I'm trying to compile samba 3.0.23. I 
get

the following error:

smbd/server.c: In function 'main':
smbd/server.c:748: error: 'POPT_ARG_VAL' undeclared (first use in this
function)
smbd/server.c:748: error: (Each undeclared identifier is reported only 
once

smbd/server.c:748: error: for each function it appears in.)
smbd/server.c:766: warning: passing argument 3 of 'poptGetContext' from
incompat
ible pointer type
make: 1254-004 The error code from the last command is 1.

Any suggestions on how to proceed?




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Setting up samba in a mutil-subnet environment

2006-07-18 Thread David 
I have a large fileserver located in the server room
for our university.  Its subnet is different from
where the majority of our computers are located, and
so the client machines will not be able to see the
broadcasts.

I'm realativly new to using samba, but my idea is to
move our current PDC(using ldap) and put it on the
fileserver, and put a domain member local(on same
subnet) to our computer lab.  I've done this before
when the lab next door required that their machines be
isolated from the internet.  The domain member machine
was also a gateway+firewall.

Is this idea sound? Currently our PDC is local the our
machines and uses autofs to mount the homes, which has
caused some problems.

Running samba ver 3.0.22 on both RHEL v4 local server
and Solaris 10 fileserver.

Physics is like sex: sure, it may give some practical results, but that's not 
why we do it. ~ Richard Feynman

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] How to get login name of logged user?

2006-07-18 Thread [EMAIL PROTECTED] 
Hello list.
Is there any way to get login name of a currently logged user on remote machine 
using samba?
I can get the list of all users with command smbclient -L host, but how do I 
know who of them logged now?
Thanks in advance.
Roman Gorohov.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Windows XP No Longer Connects to Samba Server

2006-07-18 Thread Geoff Calvert 
Fedora Core 4 and Fedora Core 5 (same problem on both machines).

Issue has arisen since yum update to upgrade Samba from 3.0.22 to 3.0.23 -
i.e. I have made no configuration changes to what was a fully working samba
setup, problem appeared immediately following the update.

Client PCs running Windows XP fail to connect to the samba share.
Persistently prompt for a username /password.

I know this isn't much to go on, but I can provide debug logs and more
detail if required. From looking at the Fedora forum, this seems to be
affecting other users apart from just myself so there may have been other
reports aside from this one, or already be a known issue.


Geoff Calvert
IT Officer
Oxford University Centre for the Environment



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch

2006-07-18 Thread Dietrich Streifert 
Maybe it's because some default values for winbind settings have 
changed. The relaesenotes say:


   winbind enum users   Changed default   No
   winbind enum groups  Changed default   No
   winbind nested groupsChanged default   Yes



Howard Wilkinson schrieb:
I have managed to isolate where the problem is, now I need to work out 
what the problem is?


I have a group

cohtech:*:16777225:lesley,howard,ecbull

in which I am a member - howard.

I have a

valid users = +cohtech

entry in smb.conf for the share I am trying to connect to, I get the 
following reported in the machine.log file -


zebra.log:  string_to_sid: Sid +cohtech does not start with 'S-'.

and the users get rejected. If I declare the user directly then access 
is allowed.


This server gets its group database from the AD controllers via RFC2307.

Anybody know why group expansion may be broken in 3.0.23?

Howard Wilkinson wrote:


No I already had this turned on!

Gautier, B (Bob) wrote:




 


-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]
  


] On Behalf Of Howard Wilkinson
 


Sent: 18 July 2006 11:50
To: samba@lists.samba.org
Subject: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with 
rfc2307 patch


I have upgraded one of my servers from a 3.0.22 implementation 
using the
rfc2307 patch I supplied some months ago to the 3.0.23 release. I 
am now getting some unexplaned failures and would like some 
pointers as to where to start looking.
  



The rfc2307 schema compatibility in the 'official' 3.0.23 version 
has to

be turned on in smb.conf with

winbind nss info = rfc2307

-- that might be something your older code did automatically.

Bob G

_

This email (including any attachments to it) is confidential, 
legally privileged, subject to copyright and is sent for the 
personal attention of the intended recipient only. If you have 
received this email in error, please advise us immediately and 
delete it. You are notified that disclosing, copying, distributing 
or taking any action in reliance on the contents of this information 
is strictly prohibited. Although we have taken reasonable 
precautions to ensure no viruses are present in this email, we 
cannot accept responsibility for any loss or damage arising from the 
viruses in this email or attachments. We exclude any liability for 
the content of this email, or for the consequences of any actions 
taken on the basis of the information provided in this email or its 
attachments, unless that information is subsequently confirmed in 
writing. If this email contains an offer, that should be considered 
as an invitation to treat.

_
 







--
Mit freundlichen Grüßen
Dietrich Streifert
Visionet GmbH

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch

2006-07-18 Thread Howard Wilkinson 
I have managed to isolate where the problem is, now I need to work out 
what the problem is?


I have a group

cohtech:*:16777225:lesley,howard,ecbull

in which I am a member - howard.

I have a

valid users = +cohtech

entry in smb.conf for the share I am trying to connect to, I get the 
following reported in the machine.log file -


zebra.log:  string_to_sid: Sid +cohtech does not start with 'S-'.

and the users get rejected. If I declare the user directly then access 
is allowed.


This server gets its group database from the AD controllers via RFC2307.

Anybody know why group expansion may be broken in 3.0.23?

Howard Wilkinson wrote:


No I already had this turned on!

Gautier, B (Bob) wrote:




 


-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]
  


] On Behalf Of Howard Wilkinson
 


Sent: 18 July 2006 11:50
To: samba@lists.samba.org
Subject: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with 
rfc2307 patch


I have upgraded one of my servers from a 3.0.22 implementation using 
the
rfc2307 patch I supplied some months ago to the 3.0.23 release. I am 
now getting some unexplaned failures and would like some pointers as 
to where to start looking.
  



The rfc2307 schema compatibility in the 'official' 3.0.23 version has to
be turned on in smb.conf with

winbind nss info = rfc2307

-- that might be something your older code did automatically.

Bob G

_

This email (including any attachments to it) is confidential, legally 
privileged, subject to copyright and is sent for the personal 
attention of the intended recipient only. If you have received this 
email in error, please advise us immediately and delete it. You are 
notified that disclosing, copying, distributing or taking any action 
in reliance on the contents of this information is strictly 
prohibited. Although we have taken reasonable precautions to ensure 
no viruses are present in this email, we cannot accept responsibility 
for any loss or damage arising from the viruses in this email or 
attachments. We exclude any liability for the content of this email, 
or for the consequences of any actions taken on the basis of the 
information provided in this email or its attachments, unless that 
information is subsequently confirmed in writing. If this email 
contains an offer, that should be considered as an invitation to treat.

_
 





--

Howard Wilkinson



Phone:



+44(20)76907075

Coherent Technology Limited



Fax:





23 Northampton Square,



Mobile:



+44(7980)639379

London, United Kingdom, EC1V 0HL



Email:



[EMAIL PROTECTED]



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re:Re:Re...Failed to verify incoming ticket!

2006-07-18 Thread Linefeed Feed 


Hi Jerry,

I wrote in my last message that I could connect  to Samba Server with 
different netbios name,not same as the hostname ..

Bu now I can't.
While I was working on it I saw such a thing . But I don't now how it 
occured.

My problem is still same as before.

This problem stays on my way as a huge rock :(

From: Linefeed Feed <[EMAIL PROTECTED]>> ATo: [EMAIL PROTECTED] Cc: 
samba@lists.samba.org Subject: Re: [Samba] Failed to verify incoming 
ticket! Sent: Monday, July 17, 2006 1:43 PM Hi Gerald,


That I want to know, what causes that problem. Because when I connect from 
Start\Run with IP Address of the Samba box  I don't have any problem, but 
with netbios name I do. Another thing (as I send to samba list) if I change 
the parameter,netbios name = Diferent_from_SambaHostName, I can connect to 
Samba Server with netbios name without any problem.


What is the wrong? Misconfigured smb.conf,krb5.conf or other.

Thanks for your response,,





Linefeed Feed wrote:

Hi all,


I have configured Samba 3.0.10 to act as a file server(RHEL4) in Windows 
2000 AD domain. I have also configured Kerberos

1.3.4 for authentication between W2K PDC and Samba box.
wbinfo -u and -g works fine. My problem is that I cannot
connect Samba Server via Windows Browser, Network Neighborhood,
Windows Explorer etc. When I try to connect I prompted
User/Password dialog box which says "Incorrect password
or unknown username for: \\SambaFileServer




Failed to verify incoming ticket!


There is some krb5 failure, but you don't give enough information
to know what.

If I go to Start/Run and write Samba Server's IP adress I can connect to 
shares on that without any problem.


The client is falling back to NTLM authentication in
this case.






cheers, jerry

_
Sohbet ve eglence, web kamera ve sesli sohbet Messenger'de. 
http://messenger.msn.com/?mkt=tr&DI=3490&XAPID=2584


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch

2006-07-18 Thread Howard Wilkinson 

No I already had this turned on!

Gautier, B (Bob) wrote:




 


-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]
   


] On Behalf Of Howard Wilkinson
 


Sent: 18 July 2006 11:50
To: samba@lists.samba.org
Subject: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with 
rfc2307 patch


I have upgraded one of my servers from a 3.0.22 
implementation using the
rfc2307 patch I supplied some months ago to the 3.0.23 
release. I am now getting some unexplaned failures and would 
like some pointers as to where to start looking.
   



The rfc2307 schema compatibility in the 'official' 3.0.23 version has to
be turned on in smb.conf with

winbind nss info = rfc2307

-- that might be something your older code did automatically.

Bob G

_

This email (including any attachments to it) is confidential, legally 
privileged, subject to copyright and is sent for the personal attention of the 
intended recipient only. If you have received this email in error, please 
advise us immediately and delete it. You are notified that disclosing, copying, 
distributing or taking any action in reliance on the contents of this 
information is strictly prohibited. Although we have taken reasonable 
precautions to ensure no viruses are present in this email, we cannot accept 
responsibility for any loss or damage arising from the viruses in this email or 
attachments. We exclude any liability for the content of this email, or for the 
consequences of any actions taken on the basis of the information provided in 
this email or its attachments, unless that information is subsequently 
confirmed in writing. If this email contains an offer, that should be 
considered as an invitation to treat.
_
 



--

Howard Wilkinson



Phone:



+44(20)76907075

Coherent Technology Limited



Fax:





23 Northampton Square,



Mobile:



+44(7980)639379

London, United Kingdom, EC1V 0HL



Email:



[EMAIL PROTECTED]



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 24

2006-07-18 Thread Ben Stewart 
Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Unable to add computer to domain

2006-07-18 Thread Jamrock 
"User 1" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> This is the last progress:
>
> When trying to join to domain (I am using Win 2000 Pro SP4 and use "root")
> .. I met the following:
>
> "The user name could not be found" ..
>
> Please help ..
>
> Thanks & Regards
> Winanjaya

Make sure that your workstations can authenticate against ldap.

When you type getent passwd and getent group do you see the entries from the
ldap directory?  See Samba by Example for more information.  See the chapter
on "Making users happy"



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch

2006-07-18 Thread Gautier, B \(Bob\) 
 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]
] On Behalf Of Howard Wilkinson
> Sent: 18 July 2006 11:50
> To: samba@lists.samba.org
> Subject: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with 
> rfc2307 patch
> 
> I have upgraded one of my servers from a 3.0.22 
> implementation using the
> rfc2307 patch I supplied some months ago to the 3.0.23 
> release. I am now getting some unexplaned failures and would 
> like some pointers as to where to start looking.

The rfc2307 schema compatibility in the 'official' 3.0.23 version has to
be turned on in smb.conf with

winbind nss info = rfc2307

-- that might be something your older code did automatically.

Bob G
 
_

This email (including any attachments to it) is confidential, legally 
privileged, subject to copyright and is sent for the personal attention of the 
intended recipient only. If you have received this email in error, please 
advise us immediately and delete it. You are notified that disclosing, copying, 
distributing or taking any action in reliance on the contents of this 
information is strictly prohibited. Although we have taken reasonable 
precautions to ensure no viruses are present in this email, we cannot accept 
responsibility for any loss or damage arising from the viruses in this email or 
attachments. We exclude any liability for the content of this email, or for the 
consequences of any actions taken on the basis of the information provided in 
this email or its attachments, unless that information is subsequently 
confirmed in writing. If this email contains an offer, that should be 
considered as an invitation to treat.
_
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbindd... PANIC: could not fetch our SID, did we join?

2006-07-18 Thread samantha.thompson 
Hi,

I have installed samba on my freebsd machine which is connected to my router 
and I am trying to access the harddrive of the freebsd machine with this winxp 
machine, which is also connected to the router (by wireless connection). 
I also have swat enabled and I can initiate nmbd and smbd, however winbindd 
will not run.
When I try to run winbindd from the freebsd command line like so:
winbindd -d 2 -i
It ends after outputing the line:
'PANIC: Could not fetch our SID - did we join?

When I try net getlocalsid it produces the SID number, so I'm not sure where 
the problem is.
Thanks for reading.

ST

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch

2006-07-18 Thread Howard Wilkinson 
I have upgraded one of my servers from a 3.0.22 implementation using the 
rfc2307 patch I supplied some months ago to the 3.0.23 release. I am now 
getting some unexplaned failures and would like some pointers as to 
where to start looking.


I am getting the following logged in the samba logs when trying to start 
the servers.


zebra.log:  Sid S-1-5-32-544 -> BUILTIN\Administrators(4)
zebra.log:  create_local_nt_token: Failed to create 
BUILTIN\Administrators group!


I am also getting the following in the log.winbindd-idmap file.

[2006/07/18 11:41:33, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(314)  
ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute 
'gidNumber'


I have gidNumber defined for all Unix users and all of their groups and 
this has been working fine until now. I can access the user homedrive 
OK, but this failure is occuring when I try to access a share protected 
by the group access declaration ... e.g.


[CoherentWebsites]
   comment = Coherent Technology Website Data
   valid users = @cohtech
   writeable = yes
   path = /var/www/coherent/websites

Anybody able to suggest where I should start looking or any additional 
log information that might help diagnose.


--

Howard Wilkinson



Phone:



+44(20)76907075

Coherent Technology Limited



Fax:





23 Northampton Square,



Mobile:



+44(7980)639379

London, United Kingdom, EC1V 0HL



Email:



[EMAIL PROTECTED]



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] scripting smbpasswd not working..

2006-07-18 Thread Brian 
Hello all,

I'm sure I can't be the only person with this question.. but I just didn't
see it answered..

how do you script smbpasswd?

I've tried

echo password | smbpasswd -sa name
smbpasswd -sa name password

echo password | smbpasswd -D5sa name
(this gets me the ability to add a password by hand..)

# echo password | smbpasswd -D5sa name
Netbios name list:-
my_netbios_names[0]="SNAP"
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to find an passdb backend to match smbpasswd (smbpasswd)
Found pdb backend smbpasswd
pdb backend smbpasswd has a valid init
New SMB password:
Retype new SMB password:
getsmbfilepwent: end of file reached.
Failed to find entry for user name.
Failed to modify password entry for user name

and name does exist.. (not that it needs to but) /nonexistent exists in
/etc/shells as well.

name:*:1001:1001User &:/home/name:/nonexistent

and smb passwd file = /usr/local/private/smbpasswd is default setting for me.

not sure what I need to do.. but the man page for smbpasswd says this can
be done.. this is samba 3.0.23.  Shiny brand new install.

Thanks in advance

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to add computer to domain

2006-07-18 Thread User 1 

This is the last progress:

When trying to join to domain (I am using Win 2000 Pro SP4 and use "root")
.. I met the following:

"The user name could not be found" ..

Please help ..

Thanks & Regards
Winanjaya

- Original Message -
From: "User 1" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, July 18, 2006 3:19 PM
Subject: [Samba] Unable to add computer to domain


>
>
> Dear Expert,
>
> Pls help, I am in the progress implementing Samba as LDAP as PDC on FC5, I
> followed the instruction of  "samba3-ldap-howto", now I am unable to add
> computer to domain..
>
> Tried to check /var/log/samba and found the following:
>
> [2006/07/18 14:55:44, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> "nb02$"'
> gave 9
> [2006/07/18 14:56:01, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> "nb02$"'
> gave 9
> [2006/07/18 14:56:33, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> "nb02$"'
> gave 9
> [2006/07/18 14:59:43, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> "nb02$"'
> gave 9
> [2006/07/18 15:20:36, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> "nb02$"'
> gave 9
> [2006/07/18 15:21:30, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> "nb02$"'
> gave 9
>
>
>
> Thanks a lot in advance
>
> Regards
> Winanjaya
>
>
> ***
> Our outgoing mail has been scanned by MSS.
> ***-***
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
> ***
> Your mail has been scanned by MSS.
> ***-***
>
>


***
Our outgoing mail has been scanned by MSS.
***-***

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unable to add computer to domain

2006-07-18 Thread User 1 

Dear Expert,

Pls help, I am in the progress implementing Samba as LDAP as PDC on FC5, I
followed the instruction of  "samba3-ldap-howto", now I am unable to add
computer to domain..

Tried to check /var/log/samba and found the following:

[2006/07/18 14:55:44, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"nb02$"'
gave 9
[2006/07/18 14:56:01, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"nb02$"'
gave 9
[2006/07/18 14:56:33, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"nb02$"'
gave 9
[2006/07/18 14:59:43, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"nb02$"'
gave 9
[2006/07/18 15:20:36, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"nb02$"'
gave 9
[2006/07/18 15:21:30, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"nb02$"'
gave 9



Thanks a lot in advance

Regards
Winanjaya


***
Our outgoing mail has been scanned by MSS.
***-***

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba