[Samba] Winbind with one-way trusts?

[Ian Masterson]

Winbind works very well for most of the domains with which we have trusts. 
But for one domain, 'groups DOMAIN\user' returns only gid 0, and I see 
kerberos errors in winbind logs:


[2008/01/31 13:51:12, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602) ads_krb5_mk_req: 
krb5_get_credentials failed for [EMAIL PROTECTED] (Server  not found in 
Kerberos database)
[2008/01/31 13:51:12, 1] nsswitch/winbindd_ads.c:ads_cached_connection(128)  
ads_connect for domain THEIRDOMAIN failed: Server not found in Kerberos database
[2008/01/31 13:51:12, 1] nsswitch/winbindd_user.c:winbindd_dual_userinfo(152)  
error getting user info for sid S-1-[...]

Don McCall appears to have had the same problem:

http://lists.samba.org/archive/samba-technical/2007-February/051678.html

Jerry confirmed that a two-way trust is required between the domain that 
the winbind host belongs to and any trusted domains. Is there any 
workaround to this at all?


Is it perhaps possible have winbind use credentials from the trusted 
domain to bind to the DC for looking up user information?


Thank you,

Ian Masterson
University of Washington Libraries




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbfs enabled rpms for fedora core 8

[Deepak Kumar]

Hi

I just installed FC8 on a desktop machine and have been trying to
connect to a Windows 2000 server using the following (as root):

mount -t cifs /// /mnt/ -o
username=*

However, after asking for password, it gave me the following error:

mount error 20 = Not a directory
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

A friend in the office who is running arch linux got the same error
while trying to mount the server. However when he replaced cifs with
smbfs, he was able to mount the server. The following worked for him:

mount -t smbfs /// /mnt/ -o
username=*

Thus, somehow Windows 2000 server is unable to communicate via cifs. I
can think of 2 ways to resolve this:

1. Modifying the settings on the Windows 2000 server to allow cifs (I am
sssuming it is not allowed). Does anyone know how to do it?

2. Enable smbfs on my FC8 desktop. For this, I have been looking at the
following links:
http://www-user.tu-chemnitz.de/~tott/FC5-smbfs-HOWTO.html
http://menkou.homelinux.net/serendipity/index.php?/archives/11-Install-smbfs-kernel-module-in-Fedora-Core-5.html

I think the easiest way for me (I am a relative newbie to linux) will be
to get the pre-built smbfs-enabled RPM. Does anyone have it for FC8. I
am running the following distro: 2.6.23.14-107.fc8

Thanks
Deepak



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] require_membership_of being ignored?

[Peter Capazzi]

I'm running into the same issue that Mike posted about.
 
I've got authentication working as well as the auto creation of home
directories. The problem is anybody that has a valid domain account can
come in regardless of group. 
 
I'm running SuSE
The require_membership_of parameter supposed to be in the auth section
right? 
 
The common-auth file I have is:
authrequiredpam_env.so
authsufficient  pam_unix2.so
authrequiredpam_winbind.so use_first_pass
require_membership_of=DOMAINNAME\groupname
 
I've tried with an account that is explicitly outside of the group and
that users account is allowed in. 
 
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba and Windows Terminal Server problems

[Carlos Lorenzo Matés]

Hi to all.

firs of all sorry if you already have read my last two posts.

Erroneously i have posted both as answers to others threads instead of 
oppening a new one (btw i have clicked on the mailing list address to create 
a new mail, but the mail client has used the same thread identifier)

Now here is the real content of this post.



Have anyone in the list users form a samba domain login in to a Windows 
terminal server with the samba domain account?

can you put here the results of the set command in the cmd.exe?

have you the HOMEPATH defined?

Thanks




-- 
Un saludo.

Carlos Lorenzo Matés.
clmates AT mundo-r DOT com


signature.asc
Description: This is a digitally signed message part.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Trusted domain user login

[Carlos Lorenzo Matés]

Hi.



El Jueves, 31 de Enero de 2008, Carlos Lorenzo Matés escribió:
> Hi.
>
> El Miércoles, 30 de Enero de 2008, Thorkil Olesen escribió:
> > Carlos Lorenzo Matés  mundo-r.com> writes:
> > > > Maybe you should try:
> > > >
> > > > wbinfo -a NTDOMAIN\\clorenzo%myrealpassword
> > >
> > > This was my first try and it says exactly the same.
> >
> > Well, that should work.
> >
> > > We have the very same users groups and passwords in the
> > > NT Domain and in the
> > > samba Domain, our samba domain uses ldap for storage.
> >
> > It doesn't make sense to have same users in both domains.
>
> We make this because we are migrating the NT domain to a samba domain and
> this was the best option to make this transparent for users
>
> > >From samba's point of view users in different domains are
> >
> > not the same even though they have same username and
> > password. They will still have different SIDs.
> >
> > > Here is our nsswitch.conf
> >
> > (...)
> >
> > > passwd: files ldap
> > > group:  files ldap
> >
> > (...)
> >
> > > passwd_compat:  ldap winbind
> > > group_compat:   ldap winbind
> >
> > (...)
> >
> > Why do you put winbind at 'passwd_compat' instead of 'passwd'?
>
> I don't know I'm going to revise this, thanks


Well, teste with the winbind added behind passwd and group and now getent 
returns the NT Domain users and groups also, as you said.

getent shadow only returns the ldap shadows 


btw the wbinfo -a was not working because i was only seting an \ betwen the 
domain name and the user name, and must be \\. Now is working regardless the 
nsswitch setup

but the trust still does not work fine

Thanks again


-- 
Un saludo.

Carlos Lorenzo Matés.
clmates AT mundo-r DOT com


signature.asc
Description: This is a digitally signed message part.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Connection problems, laptop to server

[Jeremy Allison]

On Thu, Jan 31, 2008 at 01:04:21PM +, Anne Wilson wrote:
> I'm having problems connecting from my laptop, and the logs show
> 
>  lib/util_sock.c:send_smb(769)  Error writing 116 bytes to client. -1. 
> (Broken 
> pipe) : 1 Time(s)
>  lib/util_sock.c:write_data(562)  write_data: write failure in writing to 
> client 192.168.0.91. Error Broken pipe : 1 Time(s)
>  libsmb/smb_signing.c:srv_check_incoming_message(737)  
> srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of : 6 
> Time(s)
>  libsmb/smb_signing.c:srv_check_incoming_message(741)  
> srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of : 6 Time(s)
> 
> Could someone please give me some idea of where to look for the problem?  
> smb.conf looks fine, and users and groups are identical by name and ID. 

What version of Samba are you using ?

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PANIC on 6 of my client servers .Please Help

[Scott Lovenberg]

Brad Horrocks [Secure Office Services] wrote:
Res, 
(I use openwebmail, I'll use the CR for you).


I'm using FC6 and the servers have all been upgraded from FC2 and FC4. 
The upgrade was completed before I took them over so I don't know what samba version

 was in use with those versions of Fedora.

The idea was to standardise on a particular version to simplify maintenance and 
it
seems to have caused more problems than it cured.

I didn't do the original upgrade to read the history, however... 
I have completely removed samba and all associated files (tdb's et) from 
one of  the servers and then tried to re-install using fresh Fedora RPM's. 


The same problem persists..

Regards
Brad Horrocks

--
Secure Office Services 
ABN 75 196 364 531

19 Burrendong Road
COOMBABAH QLD 4216
Ph. +61 7 5537 4955
Fx. +61 7 5537 4966
Mob.+61 (0)404142690
web: http://www.secureoffice.com.au

-- Original Message ---
From: Res <[EMAIL PROTECTED]>
To: "Brad Horrocks [Secure Office Services]" <[EMAIL PROTECTED]>
Cc: samba@lists.samba.org
Sent: Thu, 31 Jan 2008 17:08:01 +1000 (EST)
Subject: Re: [Samba] PANIC on 6 of my client servers .Please Help

  
*Top Posting*" I dont know what client you used, but the format exceeds 75 
chars per line in Pine so my comments will be out of wack if I reply 
inline...


You have said 3.0.24, have you tried 3.0.28 which current?
The version you moved "to" 3.0.24 is a year old.
What version did you upgrade from?
Have you read the history changes for subsequent releases from your old to 
current?

What OS/version are at least one of these on?

Res

On Thu, 31 Jan 2008, Brad Horrocks [Secure Office Services] wrote:



Hi everybody
I have six samba servers working in various client locations all of which 
exhibit the
same problem.

+
Jan 31 09:37:58 sos02sp smbd[1454]: [2008/01/31 09:37:58, 0]
  

lib/util_sec.c:assert_uid(101)
  

Jan 31 09:37:58 sos02sp smbd[1454]:   Failed to set uid privileges to (-1,533) 
now set
to (0,0)
Jan 31 09:37:58 sos02sp smbd[1454]: [2008/01/31 09:37:58, 0] 
lib/util.c:smb_panic(1621)
Jan 31 09:37:58 sos02sp smbd[1454]:   PANIC (pid 1454): failed to set uid
+

Followed by a backtrace dump.

Some of these servers have been running for several years without any major 
issues and
this problem seems to have after a version upgrade to 3.0.24. Having six 
servers with
the same problem tends to indicate to myself that I have a common configuration 
issue. I
have tried everything including complete fresh installs and don't seem to be 
able to
resolve the issue.  Having done significant research on the Web, this panic 
issue does
not appear to be endemic nor common.

To save space I has included all my logs and configurations at the following Web
  

address.
  

All logs and config information can be found at:-
http://www.secureoffice.com.au/samba/


Any help (or constructive criticism) would be greatly appreciated


Regards
Brad Horrocks

--
Secure Office Services
ABN 75 196 364 531
19 Burrendong Road
COOMBABAH QLD 4216
Ph. +61 7 5537 4955
Fx. +61 7 5537 4966
Mob.+61 (0)404142690
web: http://www.secureoffice.com.au


  

--
Cheers
Res

mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';


--- End of Original Message ---

  
Do you have a line something to the effect of "MSDFS=no" in your 
smb.conf?  I had this happen

on a CentOS-4 box on upgrading.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PDC Multiple users

[Scott Lovenberg]

Harol Hunter wrote:

2008/1/28, Scott Lovenberg <[EMAIL PROTECTED]>:
  

On Jan 28, 2008 1:39 PM, Harol Hunter <[EMAIL PROTECTED]> wrote:


As you can see I still alive (I don't know for how long but ... ;-)
Well let me tell you all my users have a SID and a UID in her/his
accounts entries in LDAP I'll attach you my full smb.conf hoping you
can help me, thanks a lot pal

[global]


  

#


#   NETBIOS OPTIONS #

  

#


netbios name = intranet

workgroup = icic

server string = Servidor Intranet

#disable netbios = yes


  

#


#   SERVER OPTIONS  #

  

#


interfaces = eth0 lo

bind interfaces only = yes

socket address = 10.0.0.1

hosts allow = 10.0.0. 127.

hosts deny = 0.0.0.0/0


  

#


#   DOMAIN OPTIONS  #

  

#


security = user

preferred master = yes

domain master = yes

local master = yes

os level = 64

admin users = @"Domain Admins"

enable privileges = yes

allow trusted domains = no


  




#   PASSWORDS OPTIONS  #

  




passdb backend = ldapsam:ldap://127.0.0.1/

encrypt passwords = true

#passwd chat = Cambiando contrasena de \nNueva Contrasena %n\n Retype
new password %n\n

passwd program = /usr/sbin/smbldap-passwd -u '%u'

obey pam restrictions = No


  




#   USERS & GROUPS SCRIPTS #

  




#min passwd length = 6

add user script = /usr/sbin/smbldap-useradd -a -m '%u'

delete user script = /usr/sbin/smbldap-userdel '%u'

add group script = /usr/sbin/smbldap-groupadd -p '%g'

delete group script = /usr/sbin/smbldap-groupdel '%g'

add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'

delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'

set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

add machine script = /usr/sbin/smbldap-useradd -w '%u'


  




#LOGONS OPTIONS#

  




domain logons = yes

logon path = \\intranet\profiles\%u

logon home = \\%L\%u\.profiles

logon drive = H

logon script = logon.cmd


  

###


#   LDAP OPTIONS  #

  

###


ldap suffix = dc=my,dc=domain,dc=com

ldap admin dn = cn=admin,dc=my,dc=domain,dc=com

ldap machine suffix = ou=Computers

ldap user suffix = ou=Users

ldap group suffix = ou=Groups

ldap idmap suffix = ou=Idmap

#ldap filter = ((uid=%u)&(objectclass=sambaSamAccount))

#ldap ssl = start_tls

ldap passwd sync = Yes

ldap delete dn = yes

#ldapsam:trusted = no


  

###


#   WINBIND OPTIONS   #

  

###


idmap backend = ldap://127.0.0.1/

#idmap uid = 1-2

#idmap gid = 1-2

#winbind separator = '\'

winbind trusted domains only = yes

winbind use default domain = yes



  

###


#   LOGS OPTIONS  #

  

###


log file = /var/log/samba/smb.%m

#log level = 1

log level = 10 auth:10 nmbd:10

#max log size = 5000

syslog = 0


  

###


#   MISC. OPTIONS #

  

###


wins support = yes

time server = yes

socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192

max xmit = 8192

#getwd cache = yes

name resolve order 

Re: [Samba] Get number of current logged on users

[Adam Tauno Williams]

> >> I'm looking for a simple way to get the number of current logged on
> >> users (with established sessions) to measure the use frequency of our
> >> student labs. I don't need to identify the users.
> > sardine:~ # expr `smbstatus -b | cut -c35-45 | sort | uniq | wc -l` - 3
> > 151
> I've tried it and it seems the columns are slightly wrong...
> serverlinux backup # smbd --version
> Version 3.0.24
> The cut parameters should be:
> cut -c36-49

Yep, it is rather squishy, and a generally crappy solution but it is the
only one I've found.  Maybe someday the Samba4/Python stuff or MMC
support will provide a "real" solution.

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Get number of current logged on users

[Go Wow]

You can also try webmin, it has a feature to see all the clients
logged in your server.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] secrets.tbd and ldap - migrating from one samba domain to another

[Andrew Richey]

Hey there,

I am using LDAP (without winbind, couldn't get it to work correctly for 
whatever reason...) to store both local users as well as the samba users 
for my Samba domain.  I'm curious, what is necessary to migrate from one 
samba domain to another seamlessly... ie, so people don't log in to 
their computer and all of a sudden have new user profiles.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problems Joining an ADS domain

[Dalton Calford]

I have tried the following distributions

Xandros 3
Xandros 4
Suse 10
Fedora 7
Ubuntu 7.10

I have tried with the latest versions of Samba.

To reiterate the situation.

I have linux machines that log onto the Win2003 ADS domain and use the
domain to authenticate users from the domain.

I can not add any new linux boxes to the domain, but those that have
already joined, work fine.

Even if I take a working box, remove it from the domain, do a net ads
join command, it stops working and can not rejoin the domain, even
though no settings have been changed.

I do not administrate the domain so I do not control what patches have
been applied to the domain, but I need to know what settings need to be
applied on the 2003 domain in order to have it work with samba.

Please help as this is getting to the point where I will have to pull
all linux boxes off of our networks as they do not meet company security
policies.


best regards

Dalton


On Wed, 2008-01-23 at 12:14 -0500, Dalton Calford wrote:
> As a followup to this issue,
> 
> 
> net ads join -U [EMAIL PROTECTED] yields   ads_join_realm: Operations
> error
> 
>   wbinfo -t yields   checking the trust secret via RPC calls failed
> error code was NT_STATUS_ACCESS_DENIED (0xc022)
> Could not check secret
> 
> net ads testjoin   [2008/01/23 11:08:13, 0]
> libads/kerberos.c:ads_kinit_password(146)
>   kerberos_kinit_password "machinename"@DOMAIN failed: Preauthentication
> failed
> [2008/01/23 11:08:14, 0] libads/kerberos.c:ads_kinit_password(146)
>   kerberos_kinit_password "machinename"@DOMAIN failed: Preauthentication
> failed
> [2008/01/23 11:08:14, 0] utils/net_ads.c:ads_startup(191)
>   ads_connect: Preauthentication failed
> Join to domain is not valid
> 
> however kinit [EMAIL PROTECTED] works   wbinfo -u error looking up domain
> users   wbinfo -g BUILTIN+system operators
> BUILTIN+replicators
> BUILTIN+guests
> BUILTIN+power users
> BUILTIN+print operators
> BUILTIN+administrators
> BUILTIN+account operators
> BUILTIN+backup operators
> BUILTIN+users
> 
> none of which are from domain
> 
> We have another machine, that is identical to the failing machine in all
> accounts except for it's machine name.  This other machine works well.
> The only difference between the machines is that the working machine
> joined the domain months ago when it was first set up and has worked
> perfectly ever since.
> 
> In the meantime, the unix services where patched and we can now no
> longer add any new linux machines to the domain, even when they have the
> identical configuration.
> 
> Is this a known issue?  What can I try next?
> 
> best regards
> 
> Dalton
> 
> 
> 
> 
> 
> 
> 
> On Tue, 2008-01-22 at 14:53 -0500, Dalton Calford wrote:
> > We are having problems joining onto our 2003 server domain.  This is
> > strange in that other linux clients on our network are NOT having
> > problems.
> > 
> > It appears that the domain will not allow new linux machines to join the
> > domain, even when allowing existing machines that have the exact same
> > configuration, to authenticate from the domain.
> > 
> > In order to test this I have taken a stripped down debian box and
> > performed a new install.
> > 
> > I have installed samba 3.0.28 with winbind and krb5
> > I have configured the boxes but when I attempt to perform a kinit, I get
> > the following response
> > 
> > kinit(v5): KDC reply did not match expectations while getting initial
> > credentials
> > 
> > Has anyone else encountered this?
> > 
> > best regards
> > 
> > Dalton
> > 
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbind problem

[YC]

Hi everyone,

I recently bought a qnap TS-209Pro [www.qnap.com].
This embeds samba 3.0.23d.I configured it to connect to our Active
Directory, but as soon as I set winbind enum users and winbind enum groups
to "yes" in the /etc/smb.conf file, winbindd uses 100% of CPU. I've googled
the problem and found a lot of problems, less solutions... Does anybody have
a clue on this ?

I have to admit, I don't really know what I could install and how I could
update the embedded OS. I tried a beta version of the fofficial firmware,
provided by the manufacturer, but the problem is still there... Any help
appreciated.

Thanks in advance :)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Fwd: [Samba] mount read/write ntfs via samba

[mashtin . bakir]

-- Forwarded message --
From: Michael Heydon <[EMAIL PROTECTED]>
Date: Jan 28, 2008 7:42 PM
Subject: Re: [Samba] mount read/write ntfs via samba
To: [EMAIL PROTECTED]
Cc: samba@lists.samba.org


 Michael Heydon wrote:
> [EMAIL PROTECTED] wrote:
>> ... Now we'd like to go the other way
>> ie mount
>> on the linux side our PC files. Using
>>
>> mount -t smbfs -username=administrator //pc-server/users /PCuser
>>
>> works but all files appear to be owned by root so users can't  write to
>> their own files.
>>
>> ...
>
> Assuming that you have matching UID's across the servers (infact even
> if you don't) you should use CIFS. With CIFS you will be able to make
> use of the unix extensions so files will have the same owner and
> permissions on the client as they do on the server (this is where the
> matching UIDs comes in). SMB is pretty much depreciated so even if you
> can't or won't use the unix extensions, you should still use CIFS.
>
> *Michael Heydon - IT Administrator *
> [EMAIL PROTECTED] 
>
Sorry, I might try that again since I just realised it is a Windows
server you are talking about mounting. You should still use CIFS, but
you won't get the unix extensions.

I believe you have to mount a share rather than a directory inside a
share (//pc-server/user as opposed to //pc-server/user/smith).

I think there is a PAM module you can use to auto mount things at logon.

*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 

Thanks. That got me going. I wrote a wrapper script on linux that takes
$LOGNAME and $HOME, tests for existance of a mount point in the
users homedir, creates it if it doesn't exist then runs mount.cifs with
sec=lanman,rw.  So now our users can mount the windows fileset
themselves, have rw access to their files but not anyone elses.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Secondary groups and Posix ACL

[Derek Harkness]

I've got a very odd situation occurring.  I recently upgraded to Samba  
2.0.26a and now secondary group membership doesn't work.


On the filesystem I have this layout

/derek
/derek/Folder 1
/derek/Folder 2

derek has these ACLs
# file: derek
# owner: root
# group: root
user::rwx
group::r-x
other:r-x

Folder 1 has these ACLs
# file: Folder 1
# owner: root
# group: g1
user::rwx
group:rwx
other: ---
default:user::rwx
default:group::rwx
default:group:g1:rwx
default:mask:rwx
default:other:---

Folder 2 has these ACLs
# file: Folder 2
# owner: root
# group: g2
user::rwx
group:rwx
other: ---
default:user::rwx
default:group::rwx
default:group:g2:rwx
default:mask:rwx
default:other:---

Here is the share block from the smb.conf
[derek]
comment = Posix ACL test
path = /derek
guest ok = no
browseable = no
writeable = yes

Now my user testuser1's primary group is g1 and testuser1 is also a  
member of g2.  From the shell testuser1 can access both directories  
and all is good.  Through samba testuser1 get an access denied or  
network path not found when accessing Folder 2.  If I add g1 to the  
acl on Folder 2 then samba will let testuser1 in.  Am I missing  
something?


Derek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Connection problems, laptop to server

[Anne Wilson]

I'm having problems connecting from my laptop, and the logs show

 lib/util_sock.c:send_smb(769)  Error writing 116 bytes to client. -1. (Broken 
pipe) : 1 Time(s)
 lib/util_sock.c:write_data(562)  write_data: write failure in writing to 
client 192.168.0.91. Error Broken pipe : 1 Time(s)
 libsmb/smb_signing.c:srv_check_incoming_message(737)  
srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of : 6 
Time(s)
 libsmb/smb_signing.c:srv_check_incoming_message(741)  
srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of : 6 Time(s)

Could someone please give me some idea of where to look for the problem?  
smb.conf looks fine, and users and groups are identical by name and ID. 

Thanks

Anne
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Somebody HELP (wrong uid in lock database)

[Doug VanLeuven]

Marcel Mulder wrote:

Hi,

 


Two weeks (18-01-2008) ago I posted a message with uid problems in the
lock database, but none seems to care or understand

I truly can't understand that I am the only one in the whole world with
this problem

 


I have a "standard" setup of my server running Ubuntu gutsy 7.10 on the
amd64 platform using winbind (ADS) for authentication

My feeling is that it has to do with the amd64 version of samba but I am
not sure.
  
Nope.  I'm running Suse 10.3-64 on an amd.  By the way, I love this 
system.   45watt BE-2350, low power 1 Terabyte drive,  running 2 Vmware 
machines and all the energy consumed is 49watts using powernow-k8 and 
ondemand frequency control with 80+ power supply and it yields 40MB/s 
samba file transfers on Gigabyte eth.

Can someone tell me what is needed or what I have to do to get some
answers or hints.
  
This may not be it.  But I found nagging little inconsistencies until I 
got the new idmap syntax down perfect for my environment.  This started 
in 3.0.25 according to the docs.  Your smb.conf relies on the defaults 
which would translate out this way, again according to the docs - I use 
a different idmap backend.


[global]

idmap domains = MICROKEY
idmap config MICROKEY:default = yes
idmap config MICROKEY:backend = tdb
idmap config MICROKEY:range   = 1 - 2

idmap alloc backend = tdb
idmap alloc config:range = 1 - 2

I also didn't see any "add user" script.  So if all your users are added 
ahead of time, maybe you should consider using a different backend, like 
idmap_rid or idmap_nss.  I use the idmap_ad backend myself.


Learn something every day.  I didn't know one could use valid users = 
realm\\user syntax, but it works.


Regards, Doug

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind and Nested Groups

[Oscar Mas]

Hi to all:

I'm using Debian Etch with Samba + LDAP PDC.

I like to create users in GroupA and add GroupA to another group,  ex: 
GroupB. In Windows, with Active Directory I can create a Local  Group 
and add it to a Domain Group.


I readed that  Windbind support this feature and it's called Nested 
Groups, but I don't know if I need a Domain Controler of Windows to 
support this feature.


Can I use nested groups whitout  a Domain Controler on my linux ?

Thanks in advance.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Samba Administrator account for XP

[Michael Lueck]

satish patel wrote:

Dear thanx for cordinate wid me

I send my  example files what i going to tell when i 
configure samba without LDAP then i am able to login in XP machine with 
root with full privileges at that time my root user group of Domain 
Admin Group ok.


When you configure Samba without LDAP, then I think group mappings would end up 
referring to file:
/var/lib/samba/group_mapping.tdb

While configured as LDAP as the back end, it is necessary to map domain groups 
to local workstation groups, which can be done via:
net groupmap add ...
commands as illustrated on page 8 of the presentation I referred to. Otherwise 
you will only have the default information pre-populated when you prep the LDAP 
server for use with Samba.

Thus I can understand why you get different results when you change database 
back-ends.

Have you yet checked "ifmember.exe /list" and have it show what groups your 
test ID is actually a member of?

--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smart card logon

[Asier Baranguán]

Douglas E. Engert escribió:


The OpenSC and many other smart card pam logins only log you into the
the local machine, not the domain.


Good to know PAM_KRB5 exists and can log into Samba.


I have not tried this. In theory it should. I have tried earlier of 
pam_krb5

with Heimdal clients and OpenSC smart cards to AD.


So there's no option to make it "the easy way". Well, we'll wait for Samba4.

Thanks

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba cluster on multi tiered storage / hierarchial storage management

[Francis Galiegue]

Le jeudi 31 janvier 2008, Volker Lendecke a écrit :
> On Wed, Jan 30, 2008 at 09:00:08PM +0100, Olivier Sessink wrote:
> > Some of the data is used frequently, and some of the data is not used
> > frequently. A policy driven hierarchial storage management solution for
> > the samba ctdb cluster would be great. Keeping often-used blocks on a
> > SAN with fast storage, and using cheaper storage for data that hasn't
> > been used recently.
> > 
> > What are good solutions in combination with samba, or should we look at
> > something completely different ?
> 
> You might seriously look at GPFS. It has really extensive
> data management capabilities, and te ctdb development is
> mainly done on GPFS these days.
> 

You can go the "hardware" route too. Compellent, for instance, has aging 
policies which do what you want. Samba doesn't even need to be aware of data 
ageing with such hardware.

-- 
Francis Galiegue, One2team - [EMAIL PROTECTED]
[ATTENTION : CHANGEMENT DE COORDONNÉES !]
+33178945552, +33683877875, http://www.one2team.com
40 avenue Raymond Poincaré - 75116 PARIS
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Somebody HELP (wrong uid in lock database)

[Gary Dale]

Try setting the samba log level to 10 and restarting Samba to see what 
is happening.


Also, when posting here, give a clear description of the problem, your 
setup, and any other relevant information - including exactly what you 
expected to see, what you actually got and if you can reproduce the 
problem. People who answer posts don't like asking for additional 
information just to figure out what the problem really is.


If this had been a repost of the original message, you may have gotten 
some extra advice, but I don't think people are going to track down your 
post from two weeks ago. Remember, no one is getting paid to respond to 
requests here. People respond when they think they can help out. If 
they're not sure what the problem is or how to solve it, they won't answer.


Good luck!

Marcel Mulder wrote:

Hi,

 


Two weeks (18-01-2008) ago I posted a message with uid problems in the
lock database, but none seems to care or understand

I truly can't understand that I am the only one in the whole world with
this problem

 


I have a "standard" setup of my server running Ubuntu gutsy 7.10 on the
amd64 platform using winbind (ADS) for authentication

My feeling is that it has to do with the amd64 version of samba but I am
not sure.

 


Can someone tell me what is needed or what I have to do to get some
answers or hints.

 


Marcel

  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba cluster on multi tiered storage / hierarchial storage management

[Volker Lendecke]

On Wed, Jan 30, 2008 at 09:00:08PM +0100, Olivier Sessink wrote:
> Some of the data is used frequently, and some of the data is not used
> frequently. A policy driven hierarchial storage management solution for
> the samba ctdb cluster would be great. Keeping often-used blocks on a
> SAN with fast storage, and using cheaper storage for data that hasn't
> been used recently.
> 
> What are good solutions in combination with samba, or should we look at
> something completely different ?

You might seriously look at GPFS. It has really extensive
data management capabilities, and te ctdb development is
mainly done on GPFS these days.

Volker


pgpQiqqGK0j5f.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Somebody HELP (wrong uid in lock database)

[Marcel Mulder]

Hi,

 

Two weeks (18-01-2008) ago I posted a message with uid problems in the
lock database, but none seems to care or understand

I truly can't understand that I am the only one in the whole world with
this problem

 

I have a "standard" setup of my server running Ubuntu gutsy 7.10 on the
amd64 platform using winbind (ADS) for authentication

My feeling is that it has to do with the amd64 version of samba but I am
not sure.

 

Can someone tell me what is needed or what I have to do to get some
answers or hints.

 

Marcel

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] On-line administration for accounts

[Cybionet]

Salut Frederic,

If you use Samba + LDAP I suggest you to use phpLDAPadmin. You can also 
restrict access to your web site with htpasswd file or LDAP 
authentication too.


Regard

Robert

Hi,

I need to "create" a web-interface for the administration of my 
samba's accounts and i don't want to let an access for "simple users" 
to the "unix users"...


I looked for an installation based on mysql but i can't compil it (too 
much bugs)...


(my experience of this install is on this forum ==> 
http://forum.ovh.net/showthread.php?t=29726)


So...

Is there any other solution for my project (without using unix 
account) ? Or can everybody help me to compil this pdb_mysql ?


Thanks a lot and have a good day !


FreD.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Log out and logs

[Valerio Daelli]

Hi

we use samba 3.0.28 and we would like to get from a script the timelenght
of the login of the users. We would like to calculate how much time
do the users spend connected to our resources.
For the login we do not have any problem, we just get this string from the logs:

[2008/01/31 11:30:21, 3] auth/auth.c:check_ntlm_password(270)
  check_ntlm_password: sam authentication for user [vdaelli] succeeded

and we extract the timestamp.
But what about the logout? Do we have any string in the logs that
means 'this user disconnected
from the resource'?
We use loglevel=3.
Thanks

Valerio Daelli
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] On-line administration for accounts

[Frederic Notet]

Hi,

I need to "create" a web-interface for the administration of my  
samba's accounts and i don't want to let an access for "simple users"  
to the "unix users"...


I looked for an installation based on mysql but i can't compil it (too  
much bugs)...


(my experience of this install is on this forum ==> 
http://forum.ovh.net/showthread.php?t=29726)

So...

Is there any other solution for my project (without using unix  
account) ? Or can everybody help me to compil this pdb_mysql ?


Thanks a lot and have a good day !


FreD.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PANIC on 6 of my client servers .Please Help

[Brad Horrocks [Secure Office Services]]

Res, 
(I use openwebmail, I'll use the CR for you).

I'm using FC6 and the servers have all been upgraded from FC2 and FC4. 
The upgrade was completed before I took them over so I don't know what samba 
version
 was in use with those versions of Fedora.

The idea was to standardise on a particular version to simplify maintenance and 
it
seems to have caused more problems than it cured.

I didn't do the original upgrade to read the history, however... 
I have completely removed samba and all associated files (tdb's et) from 
one of  the servers and then tried to re-install using fresh Fedora RPM's. 

The same problem persists..

Regards
Brad Horrocks

--
Secure Office Services 
ABN 75 196 364 531
19 Burrendong Road
COOMBABAH QLD 4216
Ph. +61 7 5537 4955
Fx. +61 7 5537 4966
Mob.+61 (0)404142690
web: http://www.secureoffice.com.au

-- Original Message ---
From: Res <[EMAIL PROTECTED]>
To: "Brad Horrocks [Secure Office Services]" <[EMAIL PROTECTED]>
Cc: samba@lists.samba.org
Sent: Thu, 31 Jan 2008 17:08:01 +1000 (EST)
Subject: Re: [Samba] PANIC on 6 of my client servers .Please Help

> *Top Posting*" I dont know what client you used, but the format exceeds 75 
> chars per line in Pine so my comments will be out of wack if I reply 
> inline...
> 
> You have said 3.0.24, have you tried 3.0.28 which current?
> The version you moved "to" 3.0.24 is a year old.
> What version did you upgrade from?
> Have you read the history changes for subsequent releases from your old to 
> current?
> What OS/version are at least one of these on?
> 
> Res
> 
> On Thu, 31 Jan 2008, Brad Horrocks [Secure Office Services] wrote:
> 
> > Hi everybody
> > I have six samba servers working in various client locations all of which 
> > exhibit the
> > same problem.
> >
> > +
> > Jan 31 09:37:58 sos02sp smbd[1454]: [2008/01/31 09:37:58, 0]
lib/util_sec.c:assert_uid(101)
> > Jan 31 09:37:58 sos02sp smbd[1454]:   Failed to set uid privileges to 
> > (-1,533) now set
> > to (0,0)
> > Jan 31 09:37:58 sos02sp smbd[1454]: [2008/01/31 09:37:58, 0] 
> > lib/util.c:smb_panic(1621)
> > Jan 31 09:37:58 sos02sp smbd[1454]:   PANIC (pid 1454): failed to set uid
> > +
> >
> > Followed by a backtrace dump.
> >
> > Some of these servers have been running for several years without any major 
> > issues and
> > this problem seems to have after a version upgrade to 3.0.24. Having six 
> > servers with
> > the same problem tends to indicate to myself that I have a common 
> > configuration issue. I
> > have tried everything including complete fresh installs and don't seem to 
> > be able to
> > resolve the issue.  Having done significant research on the Web, this panic 
> > issue does
> > not appear to be endemic nor common.
> >
> > To save space I has included all my logs and configurations at the 
> > following Web
address.
> >
> >
> > All logs and config information can be found at:-
> > http://www.secureoffice.com.au/samba/
> >
> >
> > Any help (or constructive criticism) would be greatly appreciated
> >
> >
> > Regards
> > Brad Horrocks
> >
> > --
> > Secure Office Services
> > ABN 75 196 364 531
> > 19 Burrendong Road
> > COOMBABAH QLD 4216
> > Ph. +61 7 5537 4955
> > Fx. +61 7 5537 4966
> > Mob.+61 (0)404142690
> > web: http://www.secureoffice.com.au
> >
> >
> 
> -- 
> Cheers
> Res
> 
> mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';
--- End of Original Message ---

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba