Re: [Samba] Samba 4 Packages Available for Download
There seems to be a problem with the sernet-samba-ad init script, at least on CentOS. Samba fails to start. The log file shows the following: [2013/05/15 20:48:37, 0] ../source4/smbd/server.c:369(binary_smbd_main) samba version 4.0.5-SerNet-RedHat-1.el6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 [2013/05/15 20:48:38, 0] ../source4/smbd/server.c:475(binary_smbd_main) samba: using 'standard' process model [2013/05/15 20:48:38, 0] ../file_server/file_server.c:47(file_server_smbd_done) file_server smbd daemon exited normally [2013/05/15 20:48:38, 0] ../source4/smbd/service_task.c:35(task_server_terminate) task_server_terminate: [smbd child process exited] [2013/05/15 20:48:38, 0] ../source4/smbd/server.c:210(samba_terminate) samba_terminate: smbd child process exited It looks like smbd starts and immediately exits. Under /var/run/samba, a process file samba.pid remains but not a smbd.pid file. Although samba is not running, the pidfile is left there. As a consequence, on further attempts to start samba using the script, it complains that a pidfile already exists. When samba is called by other means (/usr/sbin/samba or alternative init scripts) it starts and runs correctly. I am running 64bit CentOS 6.4. Thank you for your work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RPM building tools for Samba 4.0.3 on RHEL 6 published bye me on Github
Regarding your latest samba.spec for version 4.0.4-0.1
If with_dc is activated, the build still fails with:
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/lib64/samba/ldb/ildap.so
As I reported before, there is an entry for ldbsamba_extensions.so
under # ldb libraries built with DC activated but not for ildap.so.
The file gets built but not packaged.
Also, the installation of the samba-libs package fails with:
error: Failed dependencies:
libdfs_server_ad.so()(64bit) is needed by
samba-libs-0:4.0.4-0.1.el6.x86_64
libdfs_server_ad.so(SAMBA_4.0.4)(64bit) is needed by
samba-libs-0:4.0.4-0.1.el6.x86_64
The query rpm --query --requires -p
samba-libs-4.0.4-0.1.el6.x86_64.rpm gives libdfs_server_ad.so as a
requirement.
Is there any reason why my previous suggestion to package
libdfs_server_ad.so in samba-libs instead of samba-dc-libs was not
accepted?
If you do that, under the condition %if %with_dc, the error
disappears. Please note that samba-libs must always be installed
before samba-dc-libs, so that the samba-dc-libs requirement at
install has already been satisfied by samba-libs.
As also reported before, the same happens with libposix_eadb.so. It is
required by samba. I suggested that it be moved to the same section as
libdfs_server_ad.so, i.e. in samba-libs under %if %with_dc.
If these two steps are taken, both build and install complete flawlessly
and you get a working AD DC installation.
If this is accepted, as a final touch and for the sake of consistency,
the %exclude for /libdfs_server_ad.so should go into LIBS, under
%if %with_dc:
%else
# formerly excluded in files dc
%exclude %{_libdir}/samba/libdfs_server_ad.so
%endif # with_dc
and the %exclude for /ildap.so and ldbsamba_extensions.so should
go into DC-LIBS, also under %if %with_dc
%else
%doc packaging/RHEL-rpms/README.dc-libs
# formerly excluded in files dc
%exclude %{_libdir}/samba/ldb/ildap.so
%exclude %{_libdir}/samba/ldb/ldbsamba_extensions.so
%endif # with_dc
Best regards
Miguel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RPM building tools for Samba 4.0.3 on RHEL 6 published bye me on Github
I tested the .spec file you posted today. There's still a glitch remaining. If built with the file as it is (%global with_dc 0) the packages build cleanly. However, if %global with_dc 1 is used, the build fails with the following error: RPM build errors: Installed (but unpackaged) file(s) found: /usr/lib64/samba/ldb/ildap.so I can see that this file is excluded in the packging list pertaining to DC-LIBS, if with_dc is disabled but it is not one of the # ldb libraries built with DC activated, contrary to the other file always excluded in the Fedora .spec (ldbsamba_extensions.so), which is listed in your file. When I do a rpm query for --whatrequires both files, the answer is that no package requires either file. As such, they should probably be always excluded, as happens with the Fedora .spec file. One more thing: since Samba 4.0.4 is out now, maybe you should update your files to match? This is just a security release that presents no problem whatsoever when built with the same specs as 4.0.3. I did it and all went well. I have an experimental AD domain controller working correctly it it. Thank you again -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RPM building tools for Samba 4.0.3 on RHEL 6 published bye me on Github
I forgot something.
%{_libdir}/samba/libdfs_server_ad.so
%{_libdir}/samba/libposix_eadb.so
As I said before, those two entries MUST be within ### LIBS, under
%if %with_dc. Otherwise, the build completes cleanly but the install
process of samba-libs and samba fails with the following:
error: Failed dependencies:
libdfs_server_ad.so()(64bit) is needed by
samba-libs-0:4.0.4-1.el6.x86_64
libdfs_server_ad.so(SAMBA_4.0.4)(64bit) is needed by
samba-libs-0:4.0.4-1.el6.x86_64
error: Failed dependencies:
libposix_eadb.so()(64bit) is needed by samba-0:4.0.3-0.6.el6.x86_64
libposix_eadb.so(SAMBA_4.0.3)(64bit) is needed by
samba-0:4.0.3-0.6.el6.x86_64
I suggest doing the described inclusions and, for the sake of
consistency, moving the correspondent exclusion to the same section:
### LIBS
%if %with_dc
%{_libdir}/samba/libdfs_server_ad.so
%{_libdir}/samba/libposix_eadb.so
%else
# formerly excluded in files dc
%exclude %{_libdir}/samba/libdfs_server_ad.so
%endif # with_dc
If these steps are taken, everything builds and installs correctly,
whether AD DC is activated or not.
The Fedora .spec file excludes samba/libdfs_server_ad.so from the
build process altogether because Fedora is not using the AD DC component
of Samba 4 due to lack of support with MIT Kerberos.
---
On the matter of the release of Samba 4.0.4, shouldn't the Obsoletes
statement now include the form Obsoletes: samba %{samba_depver}
instead of only Obsoletes: samba4 %{samba_depver}? You now need to
Obsolete all versions of Samba 4 prior to 4.0.4, both release and
pre-release.
Also, I think that the form you are still using for Provides (for
example Provides: samba4-common = %{samba_depver}) is no longer
correct. According to the Samba team conventions, after the release of
Samba 4 the form should now be Provides: samba-common = %{samba_depver}.
In a previous mail to you, I suggested:
Provides: samba = %{samba_depver}
Conflicts: samba4 %{samba_depver}
Obsoletes: samba %{samba_depver}
I used Conflicts for samba4 because there are significant
differences between the pre-release and the release versions.
Or maybe we could use two Obsoletes statements instead...
Best regards
Miguel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Compile Error
Definitely update to RHEL 6.4, if possible, and consider working from
my samba-4.0.3 backports at: https://github.com/nkadel/samba4repo This
is designed to check out all the other needed dependencies, and work
from there to build up a local yum repository with all the necessary
libtdb, libldb, iniparser, and other dependencies.
I just had a look at the latest changes you did. I am glad that you
included a samba.init file.
It was a nice touch.
I used your latest samba.spec to build the packages and I found that
there are still a few issues to be solved:
If %global with_dc 0 is used, the build fails with the following result:
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/lib64/samba/ldb/ildap.so
/usr/lib64/samba/ldb/ldbsamba_extensions.so
/usr/lib64/samba/libdfs_server_ad.so
I used the following additions:
### DC-LIBS
%if %with_dc
# ldb libraries built with DC activated
%{_libdir}/samba/ldb/ildap.so
%{_libdir}/samba/ldb/ldbsamba_extensions.so
%else
%exclude %{_libdir}/samba/ldb/ildap.so
%exclude %{_libdir}/samba/ldb/ldbsamba_extensions.so
%endif
If %global with_dc 1 is used, the installation of the RPMS in the
required order gives the following errors:
rpm -Uvh samba-libs-4.0.3-0.6.el6.x86_64.rp
error: Failed dependencies:
libdfs_server_ad.so()(64bit) is needed by
samba-libs-0:4.0.3-0.6.el6.x86_64
libdfs_server_ad.so(SAMBA_4.0.3)(64bit) is needed by
samba-libs-0:4.0.3-0.6.el6.x86_64
rpm -Uvh samba-4.0.3-0.6.el6.x86_64.rpm
error: Failed dependencies:
libposix_eadb.so()(64bit) is needed by samba-0:4.0.3-0.6.el6.x86_64
libposix_eadb.so(SAMBA_4.0.3)(64bit) is needed by
samba-0:4.0.3-0.6.el6.x86_64
To avoid a dependence nightmare, samba-libsand samba must be
installed before samba-dc-libs and samba-dc.
As such, the former two cannot depend on the later to satisfy their
requirements. Maybe the following should be included
under LIBS?
### LIBS
%if %with_dc
%{_libdir}/samba/libdfs_server_ad.so
%{_libdir}/samba/libposix_eadb.so
%else
%exclude %{_libdir}/samba/libdfs_server_ad.so
%endif # with_dc
I don't really know if some the above files are in fact needed even when
DC is off, so I did the above configuration experimentally for my own
use and everything built and installed correctly.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] permission problems (ACL)
if i move a file from the first folder to the second folder by cutting it out in windows (the share is mounted there) and inserting it in the 2nd folder the 2nd group (sharepub) has no access to it. So basicly the first folder keeps it's permissions. i thought that the parent dir permissions are set to sub folders/files. oh and i enabled honor existing acls and enable permission inheritence, which i think should be correct. anyone got an idea whats wrong? Nothing is wrong. This is the default behavior of Windows itself. When you move a file, it keeps its permissions, as it should. When you copy a file, it acquires the permissions of the destination folder. With Windows 7 there has been some modification to this default behavior. Please consult the Microsoft technical pages about this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] permission problems (ACL)
Good to know that it's a OS problem and not a samba problem. I finnally know what to look for. It is not a problem, it's a feature! If you think about it carefully, you will see that this is a correct way to behave. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Two attempts required to join domain (SOLVED)
add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u Shouldn't that be -W (uppercase W)? From smbldap-useradd: -wis a Windows Workstation (otherwise, Posix stuff only) -Wis a Windows Workstation, with Samba atributes (otherwise, Posix stuff only) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Need secure version of samba for RHEL5 server.
But now I can't locate one that is a 3.6 with the security issue fixed. I want to do a clean install, not a patch. ftp://ftp.sernet.de/pub/samba/3.6/centos/5/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
Folder Redirection will always (I think - or maybe Samba has a way to disable this, but I don't think it would be a good idea at all) store local cached copy of those folders on the local computer... what it accomplishes is it saves all of the copying back and forth when logging in/out. NO, IT DOESN'T! What you describe is the behavior of normal *roaming profiles*. Folder redirection *does not* move files back and forth. The files in redirected folders will always reside on the server. I know this not only from theory but *from experience*. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
Isn't there a way with group policies to have the client delete the roaming profile after the user logs out. I think that would solve the OP''s problem. Yes, there's a way to do that. But it doesn't solve the problem of having to transfer maybe hundreds of megabytes or even worse each time you log in to the domain. Back when the idea of roaming profiles was first put to practice (Windows 2000), user profiles were MUCH smaller than they are today. So, the use of roaming profiles with folder redirection seems to me the most appropriate way to deal with this. Please note that the Local Settings component of the profile should not be redirected. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
NO, IT DOESN'T! Microsoft disagrees - see below. You are introducing a new theme altogether: Offline Files. On a local and *reliable* network, you can use folder redirection *without* Offline Files. I did it and it works. What you describe is the behavior of normal *roaming profiles*. No... you can use a combination of roaming profiles and redirected folders for the best result, which is what I do. That's precisely what I was advocating. Please read my posts. The stuff in t he roaming profiles (very little) is copied back/forth at login/out, the stuff in t he redirected folders is *synchronized* at all times using the Offline Files technology that has long existed in Microsofts products. Maybe you were not very clear in your first post. You said the following: Folder Redirection will always (...) store local cached copy of those folders on the local computer... what it accomplishes is it saves all of the copying back and forth when logging in/out. which is not true. Even with Offline Files, only the files you are working with will be synchronized back and forth. The redirected folders themselves and the files previously stored therein will not be transferred to the client machine. This makes a big difference because we may be talking about Gigabytes of data. A roaming profile without folder redirection does transfer the whole profile, which might have been a good idea a decade ago but is not feasible with the amounts of data we work with today. Yes, but they will *also* reside on the *local computer*. As I said before, only the files you are modifying will have a local instance, which will be synchronized to the server at logout. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
This is also worth reading: http://technet.microsoft.com/en-us/library/ff183315%28WS.10%29.aspx This is important: « Exclusion List The Exclusion List feature reduces synchronization overhead and disk space usage on the server, and speeds up backup and restore operations, by excluding files of certain types from replication across all Folder Redirection clients. Prior to Windows 7, all files in an Offline Files folder were replicated to the server. This often meant that a users’ personal files or large files not relevant to the enterprise were replicated to one or more servers, thereby consuming disk space and slowing backup and restore times. On Windows 7, administrators can use the Offline Files Exclusion List feature to prevent files of certain types (for example, MP3 files) from being synchronized. The list of file types is configured by the IT administrator by using Group Policy. » -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
2. Is it correct that the profile files are not synced until the user logs off? That is the correct working of roaming profiles. If you want the files only on the server, you should look into Folder redirection. The Samba docs contain good info on that. You can use roaming profiles only, folder redirection only, or a combination of both, which I usually consider the more appropriate option. Samba-3 by Example -- Configuration of Default Profile with Folder Redirection http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#redirfold There's another good web page about this issue (Windows System Management: Real Men Don't Click) but it seems unavailable now. I have it in my archives and I will send it to your email address as a .mht file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap
I'm trying to combine samba + ldap, I was successful in another attempt what motivated me to create one. deb package that would make the whole process, I installed this package, the ldap dit was created successfully but when I try to insert a Windows machine in the Domain I get the message that the Referred Domain does not exist or can not be contacted. The system log does not log connections slapd in compensation log.nmbd the reports that my domain is ok, since I thought that might be the fact that before I used samba compiladod manually - with-ldap, now thank you. Are you trying to join a Windows 7 machine to the domain? If so, please see this page: http://wiki.samba.org/index.php/Windows7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP issues
To follow up and finalize, this is now SOLVED. Thank you for your feedback on how you solved your issue. Without feedback, we wouldn't be able to learn all that we can learn and we wouldn't fully benefit from the experience of others. First of all, I am using the IDEALX scripts (renamed now to smbldap-tools, but the IDEALX names sticks for backwards compatibility, apparently; they're located at http://sourceforge.net/projects/smbldap-tools/). As indicated on the page you just quoted, the new home of the smbldap-tools project is now: https://gna.org/projects/smbldap-tools/ The most recent packages, smbldap-tools-0.9.7-1, date from 26-Sep-2011. Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.1 losing browser elections to WinXP
2) How can I force a browser election without restarting the daemons? smbd doesn't seem to respond to a SIGHUP. A command line would be nice. Look at the smbcontrol command. os level = 65 Did you try to increase os level ? Also, read the man page for the domain master parameter. From smb.conf man page: preferred master (G) This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup. If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. *It is recommended that this parameter is used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master.* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Incorrect domain SID when creating new users
I created a new user on our Samba domain master yesterday but the user was unable to login from WinXP to the domain. I think they got an error that a device connected to the system wasn't working. The user was created using smbldap-useradd. (...) The question is where do I set the domain SID? I remember doing it at some stage when I set-up the samba domain but I have forgotten. The SID number is configured in /etc/smbldap-tools/smbldap.conf smbldap-tools comes with a script to assist in the basic configuration of the tools. It's called configure.pl in most versions but the name was recently changed to smbldap-config.pl At least in RedHat-alike distros, the script resides in /usr/share/doc/smbldap-tools-x.x.x, where x.x.x is your particular version. Current version is 0.9.7-1. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP issues
I didn't go too deeply on your issue, but it seems to me that since you have: ldap user suffix = ou=People You cannot simply have: dn: uid=testu...@mydomain.com,ou=mydomain,o=ndtc But should have instead: dn: uid=testu...@mydomain.com,ou=People,ou=mydomain,o=ndtc Am I wrong? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP issues
I didn't go too deeply on your issue, but it seems to me that since you have: ldap user suffix = ou=People You cannot simply have: dn: uid=testu...@mydomain.com,ou=mydomain,o=ndtc But should have instead: dn: uid=testu...@mydomain.com,ou=People,ou=mydomain,o=ndtc Am I wrong? Nope. You're right. I have removed the ou=People line. Still no joy. I suppose that you cannot simply remove it. You have to tell Samba where the user's container resides. Judging from your LDIF, your users seem to reside directly on ou=mydomain? Maybe you should look at the whole ldap arrangement... The structure just doesn't seem right... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Advantages to using CUPS printing on a PDC
I'd like to know the advantages out there in the field, using CUPS to print from the PDC. To me it sounds like just adding another single point of failure in the network, perhaps I am being blinded by windows printing issues to see the advantage in running all the prints via a PDC box? Centralized management of printers? Print job accounting? Network printing to printers without a network interface? These examples can be important in some environments. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
User Search failed! There's something seriously wrong with your LDAP configuration. Are you sure that the OUs exist and are in the proper place? Can you use some LDAP client (LAM,phpldapadmin, LDAPAdmin, Apache Directory Studio, etc) ro inspect the LDAP database? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
objectClass: inetOrgPerson objectClass: posixAccount objectClass: hostObject objectClass: top Your user entries do not contain Samba attributes. They MUST include the following: objectClass: sambaSamAccount Are you sure that you enabled the samba.schema in /etc/openldap/slapd.conf? include/etc/openldap/schema/samba3.schema (In some systems it will be samba.schema instead of samba3.schema) How did you create your users in the LDAP database? Did you use smbldap-tools? It seems to me that you would benefit greatly by reading this: http://www.samba.org/samba/docs/man/Samba-Guide/happy.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
passdb backend = ldapsam:ldaps://ldap1.example.com/ ldap ssl = no You have ldap ssl = no and yet you are trying to connect to ldaps? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
ldap user suffix = ou=people,dc=example,dc=com ldap group suffix = ou=groups,dc=example,dc=com ldap suffix = dc=example,dc=com Since your suffix is already in ldap suffix, the other entries should be: ldap user suffix = ou=people ldap group suffix = ou=groups Don't you need the entry ldap machine suffix? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
[2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 13:48:38, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] - [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 13:48:38, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=65534)) Are you sure that the LDAP database is correct? Are the user and group names in the correct places? What is the output of pdbedit -L ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/LDAP/Win7 Domain Admins could not log in
The Samba wiki page related to the use of Windows 7 with Samba contains the following statements: « There are currently two registry settings required to be added on the Windows 7 client prior to joining a Samba Domain. These are: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 » AND: « Do *not* edit any other registry parameters (NETLOGON) that have been seen in the wild. If you have already modified your Windows 7 registry, please make sure to reset the keys to their default values. If you have changed the NETLOGON Parameters, make sure and turn them back to '1' as shown below: » The quoted page resides here: http://wiki.samba.org/index.php/Windows7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 client not mounting 'HOME' share.
Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. I met the same problem more than once and I found that I have to remove the corresponding entries from the LDAP database (sambaHomePath and sambaHomeDrive attributes). If these attributes are set, the user does not connect to his home service. The homedir needs to be only in smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 client not mounting 'HOME' share.
On 2011-07-26 19:31, Miguel Medalha wrote: Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. I met the same problem more than once and I found that I have to remove the corresponding entries from the LDAP database (sambaHomePath and sambaHomeDrive attributes). If these attributes are set, the user does not connect to his home service. The homedir needs to be only in smb.conf. I must add that, according to documentation, the home directory LDAP attributes need only to be set for a particular user if they differ from the general setting. Quoting from The Official Samba 3.5 HOWTO: « 11.4.4.8 LDAP Special Attributes for sambaSamAccounts The sambaSamAccount ObjectClass is composed of the attributes shown in next tables: Part A, and Part B. The majority of these parameters are only used when Samba is acting as a PDC of a domain (refer to Domain Control, for details on how to configure Samba as a PDC). The following four attributes are only stored with the sambaSamAccount entry if the values are non-default values: • sambaHomePath • sambaLogonScript • sambaProfilePath • sambaHomeDrive These attributes are only stored with the sambaSamAccount entry if the values are non-default values. For example, assume MORIA has now been configured as a PDC and that logon home = \\%L\%u was defined in its smb.conf file. When a user named ‘becky’ logs on to the domain, the logon home string is expanded to \\MORIA\becky. If the smbHome attribute exists in the entry ‘uid=becky,ou=People,dc=samba,dc=org’, this value is used. However, if this attribute does not exist, then the value of the logon home parameter is used in its place. Samba will only write the attribute value to the directory entry if the value is something other than the default (e.g., \\MOBY\becky). » -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] MDB Files
I have a problem with Ms Access *.MDB files. Are you using Access 2007? Of course you are aware that Access 2007 files have the .accdb extension? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Different permissions displayed in security tab andadvanced tab
As for diffs on Security and Advanced tab -- see MS. (It's a feature...they don't show the exact same info...but close)... Yes. They are often referred to as molecular and atomic permissions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Different permissions displayed in security tab andadvanced tab
As for diffs on Security and Advanced tab -- see MS. (It's a feature...they don't show the exact same info...but close)... Atomic vs Molecular permissions Quoting from http://blog.emagined.com/2009/12/08/windows-security-part-7/ « (...) Although the exact permissions available depend on the particular version of Windows, these systems have two types of permissions, Molecular and Atomic. Molecular permissions, which are more high-level in nature, generally include ones such as the following: - Full Control - Modify - Read-Execute - Read - Write - Special Permissions (e.g., Take Ownership) In contrast, Atomic (or Advanced) permissions are very granular in nature. They generally include the following types of access rights: - Full Control - Traverse Folder / Execute File - List Folder / Read Data - Read Attributes - Read Extended Attributes - Create Files/ Write Data - Create Folders / Append Data - Write Attributes - Delete - Read Permissions - Change Permissions - Take Ownership (...) » -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Strange problem with my new PDC
We currently run an older version (3.0.26a) of samba as PDC . You version of Samba does not support Windows 7. You must use version 3.2.15 at least. Look at this page: http://wiki.samba.org/index.php/Windows7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Strange problem with my new PDC
You version of Samba does not support Windows 7. You must use version 3.2.15 at least. Ooops! The minimum version is in fact 3.2.12. Sorry. To be precise, I quote from http://wiki.samba.org/index.php/Windows7 Support for Windows 7 and Windows 2008 using Samba Domain Controllers has been added to the following versions: * Samba 3.4 or later * Samba 3.3.5 or later * Samba 3.3.2, 3.3.3 and 3.3.4 (with NOTES) * Samba 3.2.12 or later -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba with SSSD+LDAP
I recently became interested in SSSD (System Security Services Daemon). I am thinking about doing some experiments with it before going into production servers. Does anyone here have some experience with that combination and have some comments about it? Any information would be much appreciated. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Inherit ACL does not work properly
we are using ACLs (GPFS filesystem) - configured by default ACLs. When a file is copied from another share, ACLs are set correct. When a file is moved(!) from another folder / share the file keeps the ACLs from the source location. But we want to set the ACLs as needed on the destination share. How can we do that? That is the behavior of Windows and as such it is the correct behavior of Samba. ACLs are kept and a file is moved, ACLs are set to those of the destination when a file is copied. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Inherit ACL does not work properly
really? when I try this on a windows system (on local drives) the permissions are set / inherited correct. You can confirm this anywhere on the net: when a file is moved, it keeps the original permissions; when a file is copied, it acquires the permissions of the destination. It seems to me that you are mixing different issues. You say you observed a different behavior. Can you give me an example of what you observed? Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Inherit ACL does not work properly
really? when I try this on a windows system (on local drives) the permissions are set / inherited correct. Well, I just did that on a Windows XP system, local drive, and the behavior is the one I described. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Inherit ACL does not work properly
This is an article by Microsoft: How permissions are handled when you copy and move files and folders http://support.microsoft.com/kb/310316 It seems that this behavior was modified in Vista, though. The default behavior used to be modifiable by a registry setting. With Windows 7, I recently saw what seemed aberrant permissions behavior. I am not too familiar with the system to be sure, though. And, to be honest, I don't have a strong will to be familiar with it... That smashing amount of eye candy and intended friendliness confuses me somewhat. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Inherit ACL does not work properly
Did you investigate the map acl inherit parameter? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Inherit ACL does not work properly
Something indeed changed with Windows 7. Look at this discussion on a Microsoft site: http://social.technet.microsoft.com/Forums/en/winservergen/thread/b6bf1c70-1a29-450a-b8c9-cf93502e5b44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] MSDFS - Can you hide folders with no access
i got a msdfs share running and now i want to hide folders from users who got no access to them anyway In smb.conf: hide unreadable =yes Maybe this does what you need. Consult the man page for smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.7 release date is...
On the Samba wiki page Samba3 Release Planning, the following is stated: Thursday, February 2011 - Planned release date for Samba 3.5.7 Which of the February Thursdays will it be? 10, 17 or 24? The quoted page resides here: http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.5 Thank you! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Root Access forWindows Domain Admins
To put it simple id like to give our Domain Admins the same access to Samba shares that the root user has and havent had much luck doing this. Whenever I look this up I find that people are doing this different ways but none seem to work. The only other thing that ive seen people doing is adding a domain user to the sudoers list but that means the domain user has to be logged into the linux server and then elevate their privileges. You may in fact be talking about different things, but the main ones I can remember now are: Admin rights at share level (can also be used as a global parameter) In smb.conf: admin users = @[yourdoamin]\Domain Admins If you are talking about privileges: net rpc rights list net rpc rights grant The possible privileges are: SeMachineAccountPrivilegeAdd machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares SeSecurityPrivilege Manage auditing and security log For example: net rpc rights grant Domain Admins SeMachineAccountPrivilege -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools-0.9.6 released
I was not looking for the rpm and did not check all links. It is possible to download the same tar.gz file from the sources directory: http://download.gna.org/smbldap-tools/sources/0.9.6/ Anyway, I already notified the developers. Regards Miguel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbldap-tools-0.9.6 released
Version 0.9.6 of the very useful smbldap-tools is now available from the project's page: https://gna.org/projects/smbldap-tools/ A big thanks to the developer, Jerome Tournier. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba doesn't create user profiles on the fly
comment = Home Directory of '%u' valid users = @Domain Group browseable = no writable = yes create mask = 0600 directory mask = 0700 I suppose it should be: valid users = %S Otherwise, you will be granting access to a whole group instead of only to the directory owner. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NMDB ports 137 and 138
Entering port 138 on Google immediately gave me the following: Port 138 Name: netbios-dgm Purpose: NETBIOS Datagram Service Description: UDP NetBIOS datagrams packets are exchanged over this port, usually with Windows machines but also with any other system running Samba (SMB). These UDP NetBIOS datagrams support non-connection oriented file sharing activities. Related Ports: 137, 139, 445 Try it for yourself. It works and you will get plenty of information :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba as PDC, win 2003 as bdc
is it possible to add a wind 2003 machine as BDC to a samba domain. The Samba3-HOWTO, Chapter 5, contains the following: « Samba-3 cannot participate in true SAM replication and is therefore not able to employ precisely the same protocols used by MS Windows NT4. A Samba-3 BDC will not create SAM update delta files. It will not interoperate with a PDC (NT4 or Samba) to synchronize the SAM from delta files that are held by BDCs. Samba-3 cannot function as a BDC to an MS Windows NT4 PDC, and Samba-3 cannot function correctly as a PDC to an MS Windows NT4 BDC. Both Samba-3 and MS Windows NT4 can function as a BDC to its own type of PDC. » Is documentation documentation available ? Yes. You can start with: The Official Samba 3.5.x HOWTO and Reference Guide Samba3 By Example Both come with the Samba packages, in HTML and PDF formats, or can be viewed online at www.samba.org. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Server Configuration GUI
Did you try Webmin? www.webmin.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Server Configuration GUI
it's a text file, even a text editor rewrites the file when you save it. it's how it has to be done. if you care what the file looks like, why are you using a gui? or are you saying it rewrites part of it wrong? file a bug report? You didn't understand what the OP meant. SWAT rewrites the file in the sense that it reorders entries and discards all custom comments the file may have. Often sysadmins need the comments to later understand why some entries are there or why they are configured in that particular way. So, if you have a carefully customized smb.conf and you use SWAT to change some optiin from yes to no, all of the file entries are reordered and all comments discarded. Not very nice, is it? The problem is acknowledged by the Samba team and they are talking about the need for a SWAT2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Server Configuration GUI
I personally don't like swat either, and I don't run graphical desktops on my servers, so gave up on a gui editor long, long ago. For adhoc workstation shares, the user share stuff in nautilus (or is it just ubuntu?) seems to work well enough. For hand it off to a non-techie, I use a NAS appliance like openfiler or freenas. You don't need to run a graphical desktop on your server in order to use a graphical interface to Samba. You can use a web service such as Webmin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] vfs_acl_xattr issue
I am also under the impression that inheritance still does not work properly, even after applying the acl jumbo patch to samba 3.5.6. I don't want to be alarmist, though, so I am still testing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
I have been able to get the unpatched versions to compile from git successfully, though not with the patch implemented. I just reproduced all your steps and it went well, without any glitch. I am on CentOS 5.5. All the patches were applied correctly. Maybe you have a path problem here? 6. sudo git am -3 ../samba_patches/samba-3-5-x-acl-jumbo-patch/*.patch I adapted your line to my own path (without the /samba_patches part) and all went well... 10. sudo make [The build failed on the error 'cli_krb5_get_ticket', in the function 'spnego_gen_negTokenTarg'. Make: *** [libsmb/clispnego.o] Error 1] Maybe you have some missing dependency here, related to kerberos... rpm -qa | grep krb5 gives me the following: pam_krb5-2.2.14-15.x86_64 krb5-libs-1.6.1-36.el5_5.5.x86_64 krb5-workstation-1.6.1-36.el5_5.5.x86_64 krb5-auth-dialog-0.7-1.x86_64 krb5-devel-1.6.1-36.el5_5.5.x86_64 krb5-server-1.6.1-36.el5_5.5.x86_64 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with ACL jumbo patch
I still cannot get a successful build with either the original set of patch files or the diff file. Although I can compile samba without the patch, could I this be dependency problem or an out of date git version? It worked for me in both cases. I did it from the sources for 3.5.6 available from the Samba site: www.samba.org The only problems I found were some glitches in the RPM spec file when building RPMs for RHEL/CentOS, but those were easily corrected. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
I have joined the Linux server (Suse 11.2) to the Windows domain (win2003) and users can login to the server using their window's domain credentials. Also can view all of the domain groups using 'wbinfo -g', however when I try to set the acls on a local dir' I get the follow error; #setfacl -m g:DOMAIN\\groupname:r /tmp/testacl setfacl: Option -m: Invalid argument near character 3 The setfacl tool knows nothing about Windos domains, hence the error you see. You can also use the user or group number as given by getent passwd and getent group. In this case, setfacl does work. You can also try smbcacls which comes with Samba or set the ACLs from a Windows client. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
The setfacl tool knows nothing about Windos domains, hence the error you see. Well it does if you're using winbindd to map DOMAIN\\groupname to a group on the box :-). I never used Samba with AD authentication, so I don't have direct experience with that. But immediately *after* I pressed the Send button I thought Well, maybe it does through winbind... My bad. Please excuse me, all who read that. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
By the way, does the Samba team have the intention to produce a command line tool that can use the acl_xattr module to manipulate ACLs, providing them to the OS? That would be very nice! Maybe I'm wrong, but I see a big future there. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
Not sure what you mean by providing them to the OS ? The store in acl_xattr is a Samba-specific one. If you want the OS to use them that means kernel changes. Yes. A kernel module maybe, and a utility to manipulate the ACLs on xattr. I really like your vfs_acl_xattr idea. Often I need to set ACLs on the server side for Windows clients, for example when connected to the servers via a SSH shell. I have been doing this with the Linux ACLs together with getfacl/setfacl. I would like to increasingly use the vfs module from now on, but then I can only set the ACLs from Windows, and I dislike the idea. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
I just noticed that my question has two aspects to it. Leaving aside, for now, the kernel connection, it would be very nice to have a command line tool to manipulate the ACLs stored by the vfs_acl_xattr module, even if it's only for Samba. There must be a way, some utility to read and write the information stored on the security.NTACL Extended Attribute in a form that humans can understand. Maybe I am not expressing myself in the best of ways... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
What I meant was: the vfs_acl_xattr is a very good idea. Is there some other way to get/set the ACLs it stores other than using the Windows graphic interface on a Windows client machine? If not, that's what I find uncomfortable with this solution. That's why I asked for a command line tool to get/set the ACLs from the *nix server side. There is the smbcacls tool that already ships with Samba. It works via smbd, not directly on the xattr's, but I think that's probably the right way to do it. Ok, we're on the right track now. Do you mean that smbcacls is compatible with the use of the vfs_acl_xattr module? Will the ACLs set with that tool be passed to the module and stored in Extended Attributes? I find smbcacls a very unfriendly utility... I couldn't find a way to read the ACLs when using the vfs module. My fault probably, I never really tried hard... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getting error with setfacl
Ok, we're on the right track now. Do you mean that smbcacls is compatible with the use of the vfs_acl_xattr module? Will the ACLs set with that tool be passed to the module and stored in Extended Attributes? I just made some quick tests and indeed smbcacls does show the ACLs stored by the vfs module. I suppose the problem here was the lack of documentation. There's always this gap between programmers and end users... Still, I think that both pdbedit and smbcacls need some attention from developers. Thank you for your answers and your work in general. I applied the ACL jumbo patch to Samba 3.5.6 and will be testing the coming days. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Building Samba RPM packages for RHEL/CentOS 5 - Needed corrections to the .spec file
I just built from source the Samba 3.5.6 RPM packages for CentOS
5.x/RHEL5.x.
I found some glitches in the included samba.spec file and I thought
someone else might benefit from my recent experience. The spec file for
RHEL/CentOS resides, on the sources tree, under
samba-3.5.6\packaging\RHEL\.
1 - The process initially fails due to a dependency problem: missing
keyutils-devel. Change the respective entry on line 31
(BuildRequires:) to keyutils-libs-devel (yum install this file from
the repositories if needed).
2 - Although it is called by the packaging process, the umount.cifs
file is not compiled and therefore cannot be found in sources3/bin at
the moment of packaging. Therefore, the RPM build process fails. Either
comment the references to the file from lines 237, 396 and 414, if you
don't need this function, or add the following to the ./configure
command, starting on line 137:
--with-cifsumount
The default for this parameter is no, and therefore it is not included
in the configure process as is.
3 - The RPM build process finally fails because some files, which were
compiled and copied to the temporary tree, are not called by the
packaging process. The following lines must be included on the spec
file, under Files section:
/usr/share/locale/de/LC_MESSAGES/net.mo
%{_includedir}/wbc_async.h
%{_mandir}/man5/pam_winbind.conf.5.gz
I suggest you include them close to related lines (same paths) for the
sake of clarity.
After these corrections the build of the RPM packages went on with no
errors and was successful. All the packages installed correctly afterward.
I hope these tips will be useful to someone.
PS - The sources for Samba 3.5.6 are here:
http://www.samba.org/
Before building, you might be interested in patching the sources with
the patch provided by Volker Lendecke to improve compliance with Windows
ACLs. The patch is here, thanks to Volker:
http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz
patch -b -p1 jumbo-patch-3-5-6.diff
After applying the patch and modifying the .spec file you can proceed to
the building process. cd to
/usr/src/redhat/SOURCES/samba-3.5.6/packaging/RHEL and execute the
makerpms.sh script there.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
Dear Jeremy Here you go :-). Download the jumbo patch for 3.5.6 here: http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz Please test and give me feedback ! Thank you for caring about this. I successfully patched the source code. Unfortunately, when I tried to compile it, I hit some obstacles. I solved some of them until one came that I am unable to surmount, because my skills are not up to what's needed. I am a sysadmin, not a programmer... A former compilation succeeded but it had no LDAP and no Kerberos. After installing some packages, LDAP passed but compilation failed with this error: cifs.upcall.c:(.text+0x360): undefined reference to `smb_krb5_principal_get_realm' cifs.upcall.c:(.text+0x3d3): undefined reference to `smb_krb5_unparse_name' collect2: ld returned 1 exit status make: *** [bin/cifs.upcall] Error 1 So, for me the best bet is this: are you willing to include these patches in the next release of Samba (3.5.7 ?)? Nevertheless, I thank you for your commitment. I am sure that others will greatly benefit from this work right now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
So, for me the best bet is this: are you willing to include these patches in the next release of Samba (3.5.7 ?)? Yes, so long as all testing passes. Ok, I managed to compile everything. I will start testing soon. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Bug in pdbedit?
I came across this some time ago and I finally decided to report it: When I input pdbedit -Lv root I get: Primary Group SID:S-1-5-21-XX-XX-XX-513 But if I use smbldap-usershow root i get: Primary Group SID:S-1-5-21-XX-XX-XX-512 If I inspect the LDAP database with any other tool, the stored value is 512 (Domain Admins). So, where is pdbedit reading the 513 (Domain Users) from? I thought that, since I have a LDAP backend, it should be reading it from the LDAP database... This has happened both in Samba 3.2.x and all of the 3.5.x releases. I didn't try 3.3.x and 3.4.x. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows seven
Is there really no way to make work samba 3.2.5 (as domain controller)with windows 7. No If not, what is the best way? use backport, compile the last samba version (wich version) or wait for the next debian version Very good quality, pre-compiled Enterprise Samba versions for several OSs, including Debian: ftp://ftp.sernet.de/pub/samba/ http://ftp.sernet.de/pub/samba/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Move preserve ACL
I as a network administrator know that this is a normal behavior but our users don't get it :( So i need a solution. I heard that there is the possibility to bypass this with a VFS module As a network administrator, your best solution is to inform your users instead of going along with bad practices and laziness. It's not difficult, just plain binary alternative: move - keep permissions copy - acquire permissions of destination -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
I had not realized that the ACL module would store both sets of information. Please note that I *didn't* state that. What I said is that you can use Extended Attributes to *also* store ACL information. ACL information will be stored under a different attribute, which in this case is called security.NTACL. Most Samba VFS modules are stackable. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
While testing my Samba configuration, I found that permissions are being set to 'special' for directories being copied from Windows instead of the ACL being fully populated. Does Samba 3.6 fully implement ACLS, or are there further configuration steps for storing the ACL information for directories Of course you are aware that the normal Windows behavior, which Samba emulates, is to keep ACLs when files are *moved* and modify them according to those of the destination when files are *copied*? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
FYI. I've just committed a jumbo ACL patch for v3-6-test (and am currently looking at backporting this to 3.5.x) which I hope will fix several issues with storing ACLs in xattrs and getting full Windows ACL compatibility. That would be *very* nice, especially the backporting to 3.5.x part! Thank you! (By the way: is there some tool that can manage the ACLs stored in Extended Attributes from the Linux command line? That would give us the best of both worlds: Windows compatibility and ACL setting from the server side. I know it is possible to use getfattr/setfattr but this is not very friendly, is it? Also, a module providing those ACLs to Linux so that, for example, SSH or FTP could use them, would be very interesting. Am I asking too much or is this in some way irrelevant?) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Procedure number out of range
It seems that Samba in this version is sensitive to local characters in passwd or tdb files (swedish in this case). In Samba 3.2.5 this wasn't an issue AFAIK. Do you have the appropriate charset parameters for Swedish? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
Note, I have used a TDB for ACLs since I have extended attributes enabled on the file system level to store timestamp information. As Michael Wood pointed out in a reply to you, the tdb is to be used when your filesystem does NOT support extended attributes. You can use Extended Attributes to store your timestamp information *and* ACLs, using the ACL_XATTR vfs module. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] vfs_acl_xattr - moving files/folders
We've been using samba 3.3.9 with vfs_acl_xattr for some time now, and we do have one issue - when someone moves a file from one place to another (in Windows), it keeps the old ACLs instead of inheriting the new ones. I understand why this is happening (moving as opposed to copying, which actually makes a new file, and thus attains new ACLs as well), so I would just like to know if this has already been resolved in latest versions of samba. btw, I see it is still marked as experimental in 3.5.x - can we get some more info on the progress of this module? Apart from the above-mentioned issue we had absolutely no problems with vfs_acl_xattr, and it really simplifies the handling of ACLs on Windows clients. This is not an issue to be resolved. This is the normal (and correct) behavior of Windows, which of course Samba replicates. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Creating a PDC on a LAN with standalone boxes and PDC-enabled boxes
Now, I have a few issues: - profiles on the fileserver are created in $HOME/profile instead of what I expected, /var/samba/profiles/) . From the smb.conf man page: logon path (G) This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are stored. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Machine account reject - additional troubleshooting
(My last suspision is, that win7 is doing the machine authentication in a different [encryption)] way as the XP machine are doing that as XP machines do not have that problem) Maybe this is related to your problem: At work we have a couple of Oki C5550MFP multifunction printers that scan directly to CIFS network folders. We recently found that this function no longer worked on some new computers with Windows 7. We looked on Oki's Web site and found the solution there, which seems indeed to be related to a new way of doing authentication on Windows 7. On each Windows 7 computer, we had to change two settings in Local Security Policy - Local Policies - Security Options. Those settings were: Network Security: Do not store LAN Manager hash value on next password change from Enabled to Disabled Network Security: LAN Manager authentication level change from Not Defined to Send LM NTLM responses Each Windows 7 user having a scanning share then had to change their passwords, after which the correct behavior was restored. The procedure is described on this Oki page: http://www.oki.pt/support/printer/troubleshooting/detail.aspx?id=tcm:104-108998-16prodid=tcm:104-4459 http://www.oki.pt/support/printer/troubleshooting/detail.aspx?id=tcm:104-108998-16prodid=tcm:104-4459 I hope this helps somewhat. Regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain admin privileges: a strange bug in Samba?
I was in the process of setting up a new Samba 3.5.4 PDC with LDAP backend, over CentOS 5.5, when I came across a very strange behavior. After executing the smbladp-populate script, I was trying to grant the needed privileges to the group Domain Admins in order no to use root to manage the Windows domain. After successfully granting rights to the Admin user, there was no way to make this user benefit from them. Even the command net rpc rights list, if executed by -U Admin, always failed with the following result: net rpc rights list Admin -U Admin Enter Admin's password: (I enter Admin's password here) Receiving SMB: Server stopped responding Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_END_OF_FILE This was followed by a smb core dump. The log then presents the following: [2010/08/24 11:27:00.143535, 0] lib/fault.c:46(fault_report) === [2010/08/24 11:27:00.143824, 0] lib/fault.c:47(fault_report) INTERNAL ERROR: Signal 11 in pid 19667 (3.5.4) Please read the Trouble-Shooting section of the Samba3-HOWTO [2010/08/24 11:27:00.143927, 0] lib/fault.c:49(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2010/08/24 11:27:00.144021, 0] lib/fault.c:50(fault_report) === [2010/08/24 11:27:00.144100, 0] lib/util.c:1465(smb_panic) PANIC (pid 19667): internal error [2010/08/24 11:27:00.151658, 0] lib/util.c:1569(log_stack_trace) BACKTRACE: 26 stack frames: #0 smbd(log_stack_trace+0x1a) [0x2ae9fd7622c5] #1 smbd(smb_panic+0x55) [0x2ae9fd7623c9] #2 smbd [0x2ae9fd753101] #3 /lib64/libc.so.6 [0x2aea005cf2d0] #4 smbd(sid_compare+0x22) [0x2ae9fd75db54] #5 smbd(add_sid_to_array_unique+0x39) [0x2ae9fd75e189] #6 smbd(create_token_from_username+0xd37) [0x2ae9fd7b1eeb] #7 smbd(create_local_token+0x4e) [0x2ae9fd7b231e] #8 smbd [0x2ae9fd7b550d] #9 smbd [0x2ae9fd5b8097] #10 smbd(ntlmssp_update+0x270) [0x2ae9fd5b7c86] #11 smbd(auth_ntlmssp_update+0x17) [0x2ae9fd7b5215] #12 smbd [0x2ae9fd52be5e] #13 smbd(reply_sesssetup_and_X+0x191) [0x2ae9fd52c18f] #14 smbd [0x2ae9fd560eb1] #15 smbd [0x2ae9fd563b4e] #16 smbd [0x2ae9fd564341] #17 smbd(run_events+0x1d6) [0x2ae9fd7711f8] #18 smbd(smbd_process+0x97c) [0x2ae9fd56337d] #19 smbd [0x2ae9fda6f4ca] #20 smbd(run_events+0x1d6) [0x2ae9fd7711f8] #21 smbd [0x2ae9fd771467] #22 smbd(_tevent_loop_once+0x84) [0x2ae9fd7717e9] #23 smbd(main+0xf83) [0x2ae9fda6f1ff] #24 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2aea005bc994] #25 smbd [0x2ae9fd4ea5a9] [2010/08/24 11:27:00.159996, 0] lib/fault.c:326(dump_core) dumping core in /var/log/samba/cores/smbd Only root could obtain a successful answer, even if I gave Admin the same password that root has. After many efforts I was stuck. I even downgraded to Samba 3.4.8 with the same result. I then raised the log level to 2. Suddenly, the results came: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege I consulted the Samba logs and noticed the following: [2010/08/24 11:00:23.397276, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [Admin] - [root] - [root] succeeded [2010/08/24 11:00:23.397973, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: root So, user Admin was being mapped to root, and this only worked if Admin had the same password as root, as expected. Since username map = /etc/samba/smbusers is the Samba default, I commented all the lines in /etc/samba/smbusers. Now, the correct behavior was restored. What is most strange here is that *the success of the connection depends on the log level being 2 or higher*. Everything less causes the connection to fail with the result: Receiving SMB: Server stopped responding Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_END_OF_FILE With all the lines commented out in /etc/samba/smbusers, privileges work as expected. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain admin privileges: a strange bug in Samba?
This raises the following question: With the privileges system in place, isn't the use of the username map = /etc/samba/smbusers somewhat of a historical relic? Perhaps the username map default should be changed to no value. It could then be used if needed by some users but the current default wouldn't upset the normal operation of other, more needed functions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 connect to FreeBSD samba
I'm having trouble connecting my windows 7 machine to my Samba server that i set up on a FreeBSD VM. The FreeBSD version is 7.2 and the samba version is 3. You need at least version 3.3 of Samba. There's useful information here: http://wiki.samba.org/index.php/Windows7 hosts allow = 192.168.1 192.168.2 127. \\192.168.198.137\Pushkin-PC$ You are aware that the hosts allow parameter lists two subnets that do not correspond to the address of your server, aren't you? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.3 with LDAP - How To change passwor from WIndows
I got my samba PDC / LDAP system to the point, that users can login. But they can't change there password from the windows pc. Can somewone tell me which settings may I check? Or can point me to a how to? The posix password should be changed to. I use ldap passwd sync = yes in smb.conf. It all works. The Windows XP users just press Ctrl+Alt+Del and can change their password from there. Please read the smb.conf man page. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaLogonScript problem [SOLVED]
Miguel tip worked for me. In my smb.conf i't specified that users should run %G.bat, so i removed this attribute ( smbldap-usermod -E user ) and WORKED. This is something that is documented somewhere and i missed? I suspected that this would be the problem because I had already banged my head against it when I installed my first Samba PDC a couple of years ago :-) If I remember well, what gave me some hint to the solution was the following entry on The Official Samba 3.5.x HOWTO and Reference Guide: Current PDF version, paragraph 11.4.4.8: LDAP Special Attributes for sambaSamAccounts « • sambaHomePath • sambaLogonScript • sambaProfilePath • sambaHomeDrive These attributes are only stored with the sambaSamAccount entry if the values are non-default values. » Or online here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2593073 Hence, I removed the entry from the LDAP database and it magically started working. It seems to me that it was on version 3.1x at the time and also on version 3.2x. I cannot confirm it with any other version because I never had a specific use for that attribute and therefore I never tried it. I am glad that you solved the problem. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaLogonScript [another] problem
But it happens that when i create a new user, the sambaLogonScript entry in the ldap database is set to %G.bat, exactly the entry i MUST NOT have to load the script. Since i'm expanding my network and tons of new users are coming, i trying to keep things very organized. I'll need to change this entry for every new user or there is a smarter way to do this? I don't quite understand your problem here. From one of your previous posts, I understand that you are using smbldap-tools. So, upon creating a new user, why don't you add the parameter -E to smbldap-useradd? See man smbldap-useradd for all parameters. Either way, there are good web front ends to LDAP available, such as: LAM - LDAP Account Manager http://www.ldap-account-manager.org/ phpLDAPadmin http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page And two programs: LDAP Admin (a Windows program) http://ldapadmin.sourceforge.net/index.html Apache Directory Studio (very complete, runs on several platforms) http://directory.apache.org/studio/ All of them are worth a try. I use all of them, to different purposes and on different occasions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaLogonScript problem
All my users are set with %G.bat in the ldap backend, but the vast majority of the users are not running the scripts, or running partially. I also have my logon scripts set to %G.bat and they run perfectly. Are your scripts in DOS format? They must be, because they are read by the Windows side. Use the command unix2dos to make sure that all lines end with CR+LF, as used by standard text files under DOS/Windows. One thing I once noticed was that the Samba account attribute sambaLogonScript must ONLY be set for a user if it DIFFERS from what is specified in smb.conf. Otherwise, the script wouldn't run. I found this with the Samba 3.1x family, I don't know if that still applies. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaLogonScript problem
One more thing: are your permissions correct? The users must have Read access to the logon script files. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools
Maybe you should upgrade your smbldap-tools? I am using both 0.9.5-1 and 0.9.6-pre1 and both create the entries you describe in your first post. I used the -a switch only and all the attributes you quote are filled. With the versions I use it is also possible to specify custom LDAP attributes on the command line. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools
is there a current site that is maintaining smbldap-tools? https://gna.org/projects/smbldap-tools/ where is 0.9.6? At the maintainer's site: http://www.iallanis.info/ It is currently unavailable but it happened before and it always came back. Maybe it will one again. Search for a package smbldap-tools-0.9.6-pre1.noarch.rpm. If you don't find it I can send it to you by e-mail. If you are on RHEL/CentOS 5.x, the EPEL repository contains specific version 0.9.5.1 packages for that distro: smbldap-tools-0.9.5-1.el5.rf.noarch As I wrote in my post, this version correctly fills the attributes you quoted. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools
Which version of smbldap-tools are you using? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb/cifs share network speed testing
Is there any piece of software that I can use to run between a client and a linux or windows server with a smb/cifs share that will test network speed, latency, sustained read/writes, multiple file create, read, write, close, etc.. etc.. over X period time? iperf http://dast.nlanr.net/Projects/Iperf/Iperf is a commonly used network testing tool that can create TCP and UDP data streams and measure the throughput of a network that is carrying them. http://en.wikipedia.org/wiki/Iperf Iperf is a tool to measure the bandwidth and the quality of a network link. http://openmaniak.com/iperf.php -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] non-windows behavior of samba
That should really work. I have several Samba servers with Windows XP clients and with all of them client-made changes are immediately reflected in Windows Explorer. Apparently the smb.conf setting fam change notify = yes represents the default value fam change notify? From version 3.0.025 on, that parameter was removed. The parameters I have here are the ones documented in the smb.conf man page: //|kernel change notify|/ = |yes| ///|change notify|/ = |yes| /Yes is the default for both of them. Nevertheless, I vaguely remember having met that problem once upon a time... Did you try to recreate the share? // -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What is the preferred way to inherit permission on a pdc?
ACLs? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] error in 3.5.2 compilation
I compiled and installed samba 3.5.2 on centos 5.4. Everything installed successfully but starting smbd shows following error ./sbin/smbd: error while loading shared libraries: libwbclient.so.0: cannot open shared object file: No such file or directory Do you have some particular reason not to use one of the precompiled packages from Sernet? There are specific packages for CentOS 5.x here: ftp://ftp.sernet.de/pub/samba/3.5/centos/5/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 and samba 3.0.28
May be this question asked earlier in list but i didn't able to search exact . I have samba+ldap domain setup on RHEL 5.1 and samba version is 3.0.28. Today i got a windows 7 system , but i am not able to join that system in our samba+ldap domain. Do i need to do any registry tweaking. I can't upgrade own samba version beyond 3.0.33 because this maximum version i get if i update my system to RHEL 5.5. With the version you have you won't make it work. You can use a more recent Sernet package for CentOS 5: http://ftp.sernet.de/pub/samba/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 and samba 3.0.28
On 2010-04-16 12:20, Miguel Medalha wrote: May be this question asked earlier in list but i didn't able to search exact . I have samba+ldap domain setup on RHEL 5.1 and samba version is 3.0.28. Today i got a windows 7 system , but i am not able to join that system in our samba+ldap domain. Do i need to do any registry tweaking. I can't upgrade own samba version beyond 3.0.33 because this maximum version i get if i update my system to RHEL 5.5. With the version you have you won't make it work. You can use a more recent Sernet package for CentOS 5: http://ftp.sernet.de/pub/samba/ Ooops! I wrongly assumed you were on CentOS. You will find the Red Hat packages at the same Sernet address. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr via rsync
From some time I am testing extended ACLs (acl_xattr and acl_tdb). Could someone tell me why when I am syncing files over rsync the extended acls are not moved Are you using the appropriate rsync switch to copy Extended Attributes? From rsync man page: -X, --xattrs This option causes rsync to update the remote extended attributes to be the same as the local ones.This will work only if the remote machine’srsync supports this option also. This is a non-standardoption. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
A small test gives me total other numbers :-( . xfs can store 21 to 26 ACEs. It depends on the size of gidnumber. ext3 may store 503 to 513 ACEs, also depending on the size of gidnumber. The test bed: fresh created /home partitions with: mkfs.xfs -f /dev/hda6 for xfs, and mkfs.ext3 /dev/hda6 for ext3. only one directory: rmdir /home/dir/ ;mkdir /home/dir/ and a small shell script, which add ACEs: /root/acl-test.sh: #!/bin/sh -ex G=22 #G=10 while : do G=$(( $G + 1 )) setfacl -m g:$G:rwx /home/dir done OS is Debian Lenny: debian:/# cat /etc/debian_version 5.0.4 debian:/# uname -r 2.6.26-2-amd64 getfacl setfacl has version: 2.2.47 Other extended attributes may reduce the number of avaiable ACEs. Conclusion: ext3 is a better choice then xfs, at least for Debian Lenny. I have not tested any special tuning options for ext3 or xfs. Thank you very much for that information! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
Shall I call you god now? :-) No me. Err, wikipedia: Why invoke wikipedia when man attr is at hand? Quote: This document describes the attr command, which is mostly compatible with the IRIX command of the same name. It is thus aimed specifically at users of the XFS filesystem - for filesystem independent extended attribute manipulation, consult the getfattr(1) and setfattr(1) docu- mentation. In the XFS filesystem, the names can be up to 256 bytes in length, ter- minated by the first 0 byte. The intent is that they be printable ASCII (or other character set) names for the attribute. The values can be up to 64KB of arbitrary binary data. Attributes can be attached to all types of XFS inodes: regular files, directories, symbolic links, device nodes, etc. XFS uses 2 disjoint attribute name spaces associated with every filesystem object. They are the root and user address spaces. The root address space is accessable only to the superuser, and then only by specifying a flag argument to the function call. Other users will not see or be able to modify attributes in the root address space. The user address space is protected by the normal file permissions mecha- nism, so the owner of the file can decide who is able to see and/or modify the value of attributes on any particular file. The question still stands in what concerns ext3/ext4. About a year ago I posted the following to this Samba list: I am now experimenting with samba 3.3.0 and acl_xattr. I can see that there is another method of storing Windows ACLs: acl_tdb. Can someone here tell me something about the relative merits and demerits of those two methods? I am using CentOS with an ext3 filesystem. The (only) answer I got was the following: xattrs have size limitations on most file systems, so you won't be able to store truly large ACLs. Don't know the numbers for ext3. The tdb one is there for file systems without xattrs or with too severe limitations for them, but it has issues with native unix backup/restore (acls are indexed by inode). And that was all. Hence my comment about the secrets of the gods. Samba comes with several methods of storing ACLs. Is it too much to ask for just a little information about them so that the users can make a decision, even if those users are not experts on the inwards of filesystem development? Than you to all who posted answers my question. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
Does anyone know how many ACLs can be stored on file system (xfs) using acl_xattr module and in file file_ntacls.tdb? There's something I would really like to know! But somehow it seems to be a secret of the gods that us mere mortals are not allowed to penetrate... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
If I remember correctly XFS used to have a size limit of 64KiB per xattr. What about ext3 ext4? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP Account Manager 3.0.0 released
LDAP Account Manager (LAM) 3.0.0 - March 24th, 2010 === LAM is a web frontend for managing accounts stored in an LDAP directory. I just installed this new version on a CentOS machine and I immediately got the following error: Your PCRE library has no complete Unicode support. Please upgrade libpcre or compile with --enable-unicode-properties. I suppose it comes from the use of Unicode for multilingual support. Under Red Hat/CentOS, PCRE needs to be recompiled with Unicode support for this to work. Instructions on how to recompile are here: http://gaarai.com/2009/01/31/unicode-support-on-centos-52-with-php-and-pcre/ Compiled versions are here: 64bit - http://gaarai.com/wp-content/uploads/2009/01/pcre-66-27x86_64.rpm 32bit - http://gaarai.com/wp-content/uploads/2009/01/pcre-6.6-2.7.i386.rpm Thank you to all! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 Windows 95/98 logon problem
we have just upgraded one of our very old Linux/Samba servers to version 3.4.2. After the upgrade, the Windows 95/98 clients cannot login to the server anymore. In the log I see 'NT_STATUS_ACCESS_DENIED' messages for these clients. The key word here is very old. Meanwhile, some Samba defaults changed. The default for client lanman auth is now No. If you have Windows 9x clients, you should have the following in your smb.conf file: client lanman auth = Yes From the smb.conf (5) man page: --- client lanman auth (G) This parameter determines whether or not smbclient(8) and other samba client tools will attempt to authenticate itself to servers using the weaker LANMAN password hash. If disabled, only server which support NT password hashes (e.g. Windows NT/2000, Samba, etc... but not Windows 95/98) will be able to be connected from the Samba client. The LANMAN encrypted response is easily broken, due to its case-insensitive nature, and the choice of algorithm. Clients without Windows 95/98 servers are advised to disable this option. Disabling this option will also disable the client plaintext auth option. Likewise, if the client ntlmv2 auth parameter is enabled, then only NTLMv2 logins will be attempted. Default: client lanman auth = no --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
