Re: [Samba] pdb_init_sam errors on upgrade to Samba 3
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Brodbelt wrote: | make_server_info_info3: pdb_init_sam failed! | | It may be pertinent that this user has a different | unix username from Windows one, and I'm using the | username map in samba to point to a file with | the mappings. Better read the release notes for the 3.0.8 (IIRC) release about the changes to username map semantics when dealing with domain users. Thank for the pointer - I found them some time after posting the original question, and have now got it working again. Thanks, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pdb_init_sam errors on upgrade to Samba 3
Hi, I have been running Samba 2.2 on a server without any problems until recently. We're currently in the process of upgrading our aging NT workstations, and replacing them with new machines running XP Pro. Yesterday I was bitten by a printing problem, which I think is bug 1147 in the bug database. In order to fix this, I have upgraded the server to Samba 3.0.14. It's running Debian Woody, so I've used packages from backports.org for this. Since this upgrade, I'm having a problem with at least 1 user account. Whenever this user tries to connect to a share, Samba prompts for authentication, and authetication always fails. I get the following error in the log file:- [2005/06/28 08:36:26, 0] auth/auth_util.c:make_server_info_info3(1195) make_server_info_info3: pdb_init_sam failed! It may be pertinent that this user has a different unix username from Windows one, and I'm using the username map in samba to point to a file with the mappings. The Samba server is a domain member server, running with security=domain and authenticating against an NT4 PDC (due to be replaced with Samba/LDAP in due course). Any help would be appreciated, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to force XP to use an unqualified username?
Hi, I'm trying to map a share to a samba server from an XP workstation. The Samba server is a domain member, and the share in question is set up for guest access. From a linux box, I can run smbclient -W DOMAIN \\server\share, and it prompts for a password. I hit enter, and it logs in as anonymous. Looking at a packet trace I see it try to log in as DOMAIN\username (where username is just my login to the Linux machine) which fails, then anonymous, which works fine. From an XP box, logged on as *local* Administrator, but joined to the DOMAIN, I do:- net use k: \\server\share /user:anonymous This fails, and a packet trace shows the damn thing insists on trying to connect as MACHINE\anonymous. Any idea how I can force it to connect without the netbios name of the machine stuck on the front? Mike. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating PPTP users against Samba/LDAP
Andrew Bartlett wrote: On Wed, 2004-10-20 at 00:44, Mike Brodbelt wrote: The pppd patch (one for 2.4.2, one for current CVS) is here: http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd The documentation is: http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf Note that the patch changed a little since the report was written, use the instructions in the README for configuration. That's exactly what I was looking for - thanks very much indeed. Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticating PPTP users against Samba/LDAP
Hi, I have a few remote user who use a PPTP based VPN. The server is running PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC for (some) added security. Currently, users authentication information is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to put users into LDAP, and have ppp authenticate either directly against LDAP, or against Samba (with an LDAP backend). Any ideas on how I might go about this? Most of the docs I've seen suggest that you can't use PAM for authentication with CHAP, so it seems not to be as simple as I might have hoped. Disclaimer - I haven't actually tried any of this yet, I'm just trying to get it clear in my head before I start... Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: NT domain migration to LDAP/SAMBA (password migration)
Kang Sun wrote: Previous question was regarding the passwords was not migrated ... Well, I find one error, at least that was what happened to me. In the smb.conf file, I had add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m %u while it should have been add user script = /var/lib/samba/sbin/smbldap-useradd.pl -m %u The add user script only suppose to add a posix account. The windows account is migrated and mapped to that posix account. with -a option on, a windows account is also created together with the Posix account. The migration failed because a windows account, with all the default atrributes from smbldap.conf, already exists. A - the light dawns. I've not had time to test this yet, but it certainly sounds like you've spotted the problem. Will test in due course. Thanks, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: NT domain migration to LDAP/SAMBA
Kang Sun wrote:
Hello Mike,
I did similar things and have similar problems.
I looked at the ldap database, the migration did nothing but get all
the names of users and machines.
If the smbldap-* scripts are the only things vampire process is
calling, I don't see how would it would get anything else.
Agreed, although when migrating with a tdbsam backend, the vampire
process will populate the tdbsam with NT passwords and suchlike, but
also runs the useradd scripts to add the posix users, so I thought that
there may be some other data that Samba puts into LDAP directly, not via
invoking the scripts.
The documentation from John Terpstra's book (available online at
http://de.samba.org/samba/docs/man/Samba-Guide/migration.html#id2549828)
suggests that the process should work with an LDAP backend, but I'm
currently at a loss to see howm and I'm unable to replicate this, even
on a test network, with various versions of the Idealx smbldap-tools. It
doesn't appear to work as advertised at the moment.
After vampiring,
1. All the computer accounts and user accounts (posixAccount as well)
Kang Sun wrote:
Hello Mike,
I did similar things and have similar problems.
I looked at the ldap database, the migration did nothing but get all the
names of users and machines.
If the smbldap-* scripts are the only things vampire process is
calling, I
don't see how would it would get anything else.
Agreed, although when migrating with a tdbsam backend, the vampire
process will populate the tdbsam with NT passwords and suchlike, but
also runs the useradd scripts to add the posix users, so I thought that
there may be some other data that Samba puts into LDAP directly, not via
invoking the scripts.
The documentation from John Terpstra's book (available online at
http://de.samba.org/samba/docs/man/Samba-Guide/migration.html#id2549828)
suggests that the process should work with an LDAP backend, but I'm
currently at a loss to see howm and I'm unable to replicate this, even
on a test network, with various versions of the Idealx smbldap-tools. It
doesn't appear to work as advertised at the moment.
After vampiring,
1. All the computer accounts and user accounts (posixAccount as well)
are created just like being created by by smbldap-useradd, with the
default parameters as defined in the smbldap.conf or
smbldap_config.pm, eg, profiles, logon scripts, etc, user name, etc.
Yes, this seems to work when run from the command line. Vampiring seems
to throw up some errors that I've not tracked down yet though.
2. Users lost its domain membership. Every user accounts are now
belonging to Domain Users group. No one in Domain Admins group
except Administrator.
The migration process must have done more than just calling these
smbldap-tools scripts, but I just don't see the effect.
What do you see if you do
smbldap-usershow userid or machinename$ ?
# smbldap-usershow detritus
dn: uid=rwind,ou=People,dc=acu,dc=ac,dc=uk
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount
cn: rwind
sn: rwind
uid: rwind
uidNumber: 1006
gidNumber: 513
homeDirectory: /home/rwind
loginShell: /bin/bash
gecos: System User
description: System User
userPassword: {crypt}x
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: System User
sambaAcctFlags: [UX]
sambaSID: S-1-5-21-2704678572-2069052080-1039482078-3012
sambaLMPassword: XXX
sambaPrimaryGroupSID: S-1-5-21-2704678572-2069052080-1039482078-513
sambaProfilePath: \\TALITHA\profiles\rwind
sambaHomePath: \\TALITHA\home\rwind
sambaHomeDrive: M:
sambaNTPassword: XXX
# smbldap-usershow quirm$
dn: uid=quirm$,ou=Computers,dc=acu,dc=ac,dc=uk
objectClass: top,inetOrgPerson,posixAccount
cn: quirm$
sn: quirm$
uid: quirm$
uidNumber: 1013
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
or smbldap-groupshow groupid ?
# smbldap-groupshow Domain Admins
dn: cn=Domain Admins,ou=Groups,dc=acu,dc=ac,dc=uk
objectClass: posixGroup,sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: Administrator
description: Netbios Domain Administrators
sambaSID: S-1-5-21-2704678572-2069052080-1039482078-512
sambaGroupType: 2
displayName: Domain Admins
So all that seems to have worked. It's just that some of the information
hasn't migrated across, and in the context of a transparent migration
off the NT4 server, the information that hasn't propagated is a
showstopper. Despite reading all the docs I can lay hands on, I still
can't see why, and the vampire process is not transparent to me - the
docs just assume it'll work completely or not at all - there's nothing
to tell one how to try and troubleshoot it if it half works, which is
what's happening for me.
Mike.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT domain migration to LDAP/SAMBA
Hi, I'm attempting to migrate an NT4 domain to Samba3, and getting quite frustrated with stuff that seems not to work as advertised. I'd appreciate any help. I've set up an OpenLDAP server, and Samba 3, configured it as a BDC, and tried running net rpc vampire. This all works, and Samba does the appropriate stuff to try and populate the LDAP database. The scripts I've got configured are:- add user script = /usr/local/sbin/smbldap-useradd -a -m '%u' delete user script = /usr/local/sbin/smbldap-userdel '%u' add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -w '%u' All the scripts are from the IdealX tools, version 0.8.5. I've set up the directory, and run smbldap-populate against it first, to check all is OK. When I symlink all the smbldap scripts to a test rig that just prints how it was called to a log file, and then run vampire, I get this:- Command line: /usr/local/sbin/smbldap-groupadd.pl -p Domain Admins Command line: /usr/local/sbin/smbldap-groupadd.pl -p Domain Users Command line: /usr/local/sbin/smbldap-groupadd.pl -p Domain Guests Command line: /usr/local/sbin/smbldap-groupadd.pl -p Wizards Command line: /usr/local/sbin/smbldap-groupadd.pl -p Watchmen Command line: /usr/local/sbin/smbldap-useradd.pl -a -m Administrator Command line: /usr/local/sbin/smbldap-useradd.pl -a -m Guest Command line: /usr/local/sbin/smbldap-useradd.pl -w WYRMBERG$ Command line: /usr/local/sbin/smbldap-useradd.pl -a -m rwind Command line: /usr/local/sbin/smbldap-useradd.pl -a -m nogg Command line: /usr/local/sbin/smbldap-useradd.pl -a -m gwax Command line: /usr/local/sbin/smbldap-useradd.pl -a -m carrott Command line: /usr/local/sbin/smbldap-useradd.pl -a -m detritus Command line: /usr/local/sbin/smbldap-useradd.pl -a -m tfairy Command line: /usr/local/sbin/smbldap-useradd.pl -w UBERWALD$ Command line: /usr/local/sbin/smbldap-useradd.pl -w quirm$ Command line: /usr/local/sbin/smbldap-useradd.pl -w TALITHA$ Command line: /usr/local/sbin/smbldap-groupadd.pl -p Account Operators Command line: /usr/local/sbin/smbldap-groupadd.pl -p Administrators Command line: /usr/local/sbin/smbldap-groupadd.pl -p Backup Operators Command line: /usr/local/sbin/smbldap-groupadd.pl -p Guests Command line: /usr/local/sbin/smbldap-groupadd.pl -p Print Operators Command line: /usr/local/sbin/smbldap-groupadd.pl -p Replicator Command line: /usr/local/sbin/smbldap-groupadd.pl -p Server Operators Command line: /usr/local/sbin/smbldap-groupadd.pl -p Users This is all being done on a test domain, with fake users at the moment, before I try a real environment. From the command line, I can add users and groups using the commands above, and all seems to work. Yet, when I actually try the vampire with the real scripts in place, I get errors like this:- Creating unix group: 'Wizards' Creating unix group: 'Watchmen' Creating account: Administrator /usr/local/sbin/smbldap-useradd: user Administrator exists Could not create posix account info for 'Administrator' Creating account: Guest Could not create posix account info for 'Guest' Creating account: WYRMBERG$ Could not create posix account info for 'WYRMBERG$' Creating account: rwind Could not create posix account info for 'rwind' Why do I get this Could not create posix account info message, and what does it mean? Also, running pdbedit -Lw after vampiring generates:- Administrator:4294967295:::[U ]:LCT-: nobody:65534:NO PASSWORDX:NO PASSWORDX:[NU ]:LCT-: Guest:4294967295:::[UX ]:LCT-: rwind:4294967295:::[UX ]:LCT-: nogg:4294967295:::[UX ]:LCT-: gwax:4294967295:::[UX ]:LCT-: carrott:4294967295:::[UX ]:LCT-: detritus:4294967295:::[UX ]:LCT-: tfairy:4294967295:::[UX ]:LCT-: For some reason, all the NT password information completely fails to migrate. Why? I've installed the Crypt::SmbHash module so perl can find it, which is what I thought the tools used. Is anyone else having these problems? I've been through every piece of documentation that I can find thus far, and
[Samba] Samba - printing fails with Canon ir5000i
Hi, I've got an interesting problem with the Samba spoolss support. We've recently received a new networked printer/copier - a Canon ir5000i. The machine comes with a CD that provides various drivers, including ones for NT4, which is our dekstop OS. I have set this up via TCP/IP printing support on an NT machine, and all works fine. When the driver is hosted on a Samba (2.2.8) box, the generated PCL is corrupt. My Samba setup goes like this:- User on NT4 WS - Samba 2.2.8 server on Debian - LPRng - printer. This works fine for all the printers in the building, except this one. I can print to the ir5000i from an NT machine with locally installed drivers and MS TCP/IP printing without any trouble. If I use the above method, but print to file, take the resulting file, and then print it from my Linux machine with lpr, it works perfectly. If I print to the ir5000i using identical printer drivers installed on the Samba server, I get a line of garbage characters across the top of the page, and nothing else. Printing to file, and then attempting to print the file via lpr generates the same result. Has anyone got any ideas? It's looking to me like a bug in the Samba spoolss code, but I've no clue where to go from here. Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OT: Why are so many using Samba to authenticate as PDC??
Jonathan Johnson wrote: We all know about cost. Are there any TECHNICAL reasons for running Samba? Have you found it to be superior to Windows NT or 2000 Server in some way? Are you using it for the challenge of *something different*? Are you hoping to 'advance the state of the art'? Just a few questions to get your brain cells moving, that's all. Personally, some things I like about Samba: * Remote administration is far easier, especially from non-M$ platforms (web interfaces, command line config file editing, no stinkin' registry with undocumented values * Share-level options that are only global in Windows * Provides *nix filesystem access to Windows clients * Ability to have multiple SMB servers in one machine * Ability to rename your PDC (Although this may screw things up!) * Ability to do clever stuff like set up a printer that converts a document to PDF and mails it back to the user. * Ability to use an LDAP backend and make Samba part of a single sign on environment. * Security * Lower hardware requirements than MS platform, as you don't get forced to run a GUI, whether you like it or not. * Stability Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win(yuck)NT
Steve_Lyle/[EMAIL PROTECTED] wrote: In migrating to Samba on FreeBSD from Win(yuck)NT, I?ve run into this hitch. Let us say I have 9 users named User1, User2, User3, ? User9 User1 is a member of group wheel User2 User3 have the administrative task (add/change/delete) of managing the content of the directory Dirc1 and all subordinate objects (files and directories). Dirc1 is the directory /usr/Shared/Dirc1. Only User1 will need to delete Dirc1, but if it helps then User2 User3 can also delete Dirc1. All users can read anything in Dirc1 and all subordinate objects as well. All users can contribute (add/change/delete) anything in the Everyone directory which is /usr/Shared/Dirc1/Everyone Shared is a Samba service. As User2 User3 add new objects subordinate to Dirc1 they are to retain the permissions necessary to add/change/delete all current and new objects in Dirc1. All users can add/change/delete anything anywhere else in Shared All end-user efforts are performed from Windows NT workstations. (This is essentially what I have on an NT file system and would like to maintain this structure to prevent confusion.) Finally, Samba ACL support is not compiled into Samba because that option is broken between this version of FreeBSD and this version of Samba. 1) How do I configure the Shared, Dirc1 Everyone directories in terms of the Unix file permissions and ownerships to support this? Create an admin group, and an everyone group - I've used smbadmin and everyone. Then make /usr/Shared group owned by everyone, and group writable and *SGID*.Make /usr/Shared/Dirc1/Everyone group owned by everyone, group writable, and SGID. Make /usr/Shared/Dirc1/ group owned by smbadmin, and SGID. 2) How do I configure the Shared service in Samba to support this? Something like this:- [dirc1] comment = Dirc1 general file share path = /usr/Shared/ valid users = @everyone admin users = @smbadmin writeable = Yes create mask = 0755 force create mode = 020 directory mask = 02775 force directory mode = 02070 map system = Yes map hidden = Yes 3) How do I configure the User2 User3? Make them members of smbadmin. 4) What else will be necessary? That should be about it, if I've understood what you're after correctly. The SGOD bit governs file creation semantics, so this will work on an empty directory tree. If you copy a load of files across from NT, you'll have to go through all the directories recursively, setting the SGID bit as necessary. HTH, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Help with spoolss printing
Hi, I've got a network with an NT4 PDC and a Samba file/print server, running Samba 2.2.3 as packaged with Debian Woody. The machine has been working quite happily for ages (started life with Samba 1.9.18 a long time ago), and the printer sharing has always been done as Lan Manager printers. Having finally found some spare time, I decided to switch to spoolss printing. I created a print$ share as in the docs, and then installed the appropriate drivers. All seemed OK, the drivers were successfully copied to the server, and the printer shares worked as expected. I restarted Samba a couple of times, and suddenly, for no obvious reason, the Printers share on the server emptied itself entirely. Running the rpcclient enumdrivers command returns no output. Inspection of the logfiles shows:- [2003/03/04 12:58:30, 0] rpc_server/srv_lsa_hnd.c:create_policy_hnd(98) create_policy_hnd: ERROR: too many handles (1025) on this pipe. [2003/03/04 12:58:30, 0] lib/fault.c:fault_report(38) === [2003/03/04 12:58:30, 0] lib/fault.c:fault_report(39) INTERNAL ERROR: Signal 11 in pid 21915 (2.2.3a-12 for Debian) Please read the file BUGS.txt in the distribution [2003/03/04 12:58:30, 0] lib/fault.c:fault_report(41) === [2003/03/04 12:58:30, 0] lib/util.c:smb_panic(1064) PANIC: internal error [2003/03/04 12:59:12, 0] rpc_client/cli_pipe.c:rpc_api_pipe(359) cli_pipe: return critical error. Error was NT_STATUS_PIPE_DISCONNECTED The last message is repeated many times. Is this a known bug? Is there anything I can do about it? Any help gratufully received Mike.
Re: Help with spoolss printing
Gerald (Jerry) Carter wrote: Please retest against 2.2.8pre2. OK - I'll need to build my own packages, which I was hoping to avoid, so testing against the new version will probably take me a day or so. Running the rpcclient enumdrivers command returns no output. Inspection of the logfiles shows:- [2003/03/04 12:58:30, 0] rpc_server/srv_lsa_hnd.c:create_policy_hnd(98) create_policy_hnd: ERROR: too many handles (1025) on this pipe. Can you describe your configuration a little more? Are you using a WIN2k TSE box by chance? No, nothing like that. Config is very simple really, PDC is running NT4 server, and does domain control and nothing else (will get retired when Samba 3 arrives). The main file/print server is an x86 box running Debian Woody, with security=domain. All the users on on boxes running NT 4.0 workstation service pack 6a. Mike.
Re: Help with spoolss printing
Mike Brodbelt wrote: Gerald (Jerry) Carter wrote: Please retest against 2.2.8pre2. OK - I'll need to build my own packages, which I was hoping to avoid, so testing against the new version will probably take me a day or so. Having tried this, 2.2.8 doesn't compile for me. Found the files in packaging/Debian (very nice, make this *lots* easier), but no go:- Compiling lib/util.c lib/util.c: In function `state_path': lib/util.c:1876: `STATEDIR' undeclared (first use in this function) lib/util.c:1876: (Each undeclared identifier is reported only once lib/util.c:1876: for each function it appears in.) lib/util.c: In function `cache_path': lib/util.c:1896: `CACHEDIR' undeclared (first use in this function) make[1]: *** [lib/util.o] Error 1 make[1]: Leaving directory `/usr/local/local_pkg/samba/samba-2.2.8pre2/source' make: *** [build-stamp] Error 2 I know more or less why this is happening, but can't see the easy way to fix it. The build script for a Debianised package applies a patch to the source (packaging/Debian/debian/patches/fhs.patch) which adds two functions to util.c that make use of STATEDIR and CACHEDIR. From what I can see, the patch should define these if FHS_COMPATIBLE is defined, which should be set, as configure gets passed --with-fhs. I could remove the patch, or just build outside the Debian package setup, but I've got a strong preference for keeping the Debian paths, as this will end up on a live server, and I *really* don't want to break the packaging system. Is there a quick fix? Thanks, Mike.
Re: Help with spoolss printing
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 4 Mar 2003, Steve Langasek wrote: Have you tried the backported 2.2.7a packages available at http://people.debian.org/~peloy/samba/? Jerry, have there been more printing fixes since then that he'll need in order to get this working? I don't think so. The only post 2.2.7 printing fix was for big-endian boxes. I've installed the 2.2.7 woody backports now, and they do seem to have cured it. Thanks for the help. Mike.
Re: [Samba] MRTG + Samba
Ryan Beisner wrote: Hi all Just wondering if anyone has pointers for graphing data from Samba using MRTG. I already have MRTG graphing things like signal strength (cisco aironet pci), total kbps in/out each interface, mem and disk i/o usage. I'd like to graph, for example, average number connections over time; or maybe logins per hour or failed logins per hour. I know MRTG's requirements for input formatting -- it's getting the first two of these four numbers that gets me hung up: You'll probably have to do some scripting. You can get the current number of service connection by parsing the output of smbstatus -S, and the current number of connected clients with smbstatus -b. For failed logins, you'd probably have to parse the logfile, but you could have syslog write to a pipe, and sit a script on the end of the pipe. I haven't really done anything with mrtg except point it at a router, so how you get that into it is another matter. Personally, I'd probably cron a perl script, which would periodically get data from smbstatus, and use the perl bindings for rrdtool to stick it directly in an RRD, and then build your graphs from that. YMMV. HTH, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem changing settings on printer driver
Hi, I've run a Samba server happily for some time now, and all my users are printing via it. The printing works like so:- User prints from application on an NT4 workstation to a Samba printer Samba picks up job and hands it off to LPRng LPRng directs job to the appropriate network printer. The printer drivers are installed on the local machines, and automagical driver download is *not* being used - this was all setup with Samba 2.0 originally, and I've never got around to updating the configuration to take advantage of the new spoolss code. Some time ago, we upgraded from 2.0.7 to 2.2, and have since had problems with some users. In particular, for new users, it seems to be impossible to change the printer driver properties on the workstation. Users set up on the 2.0 system are fine, but I cannot go into the printer settings for an HP 8100 on a newly installed machine in order to tell the driver the printer has a duplex unit - the option is premanently greyed out. Nothing about this setup has changed except the version of Samba, so I'm assuming it must be something to do with that, but I've no clue what. I've tried logging in as different users on the basis that it might be permission based, but both NT Administrative and Samba root equivalent users can't change this. Any ideas would be much appreciated, as this is starting to become a problem. Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error when list a directory
Joan Sanchez wrote: After mount a winnt folder on my linux box, if I try to list someone directory inside this mount point, my linux box show the error message Segmention Fault. snip Oct 29 12:46:57 box kernel: Unable to handle kernel paging request at virtual address d000 The kernel has crashed - this is not good... 0010:[usbcore:usb_devfs_handle+56157141/95257279]Tainted: P Do you have a binary only USB driver loaded. If so, the first step is to remove it, and see whether that prevents the crash. If not, you should upgrade to the latest kernel, and if the problem persists, and you're certain it's not a hardware problem, you could send the oops to the approrpriate maintainer or to the kernel mailing list. Don't bother doing this with the binary only module loaded though - no-one is interested in debugging problems in closed code. Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth to two diff PDCs? (success, sort of)
Collins, Kevin wrote: Hi All: Excuse me for butting in here, but I'm planning a migration from WinNT 4 to Samba in the near future and this thread has caused me to worry a little. Take the case that I'm planning: 3 Domains each to its own LAN (connected via 128k Frame Relay lines to form a WAN) Each domain currently has a NT 4 PDC and each domain trusts each other. How do I accomplish these trusts only using Samba PDCs? With difficulty. There are a number of ways to hack round the problem which you'll find if you search, but it's not supported functionality ATM. Meaning: If I rip out the NT Domains, replace the PDCs with Samba PDCs and rebuild new domains (new Domain Names, new NetBIOS names for the PDCs, etc.) How do I get the three domains to once again trust each other? Is there a Samba command to do this? Not at present. The current release branch of Samba (2.2.x) does not support trust relationships between domains. Samba 3.x will support this functionality, and I believe the code is already in CVS to do it. You could get an alpha of Samba 3.x, or a CVS checkout, and try to make it work with that. If I were you, I think I'd try this, but run 2 copies of Samba on each server, 3.x alpha for the PDC aspect, and 2.2.x for the actual file/print serving. You can bind two IP's to the NIC in your machines, and run 3.x on one IP, and 2.2 on the other. Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth to two diff PDCs? (success, sort of)
Collins, Kevin wrote: Hi All: Excuse me for butting in here, but I'm planning a migration from WinNT 4 to Samba in the near future and this thread has caused me to worry a little. Take the case that I'm planning: 3 Domains each to its own LAN (connected via 128k Frame Relay lines to form a WAN) Each domain currently has a NT 4 PDC and each domain trusts each other. How do I accomplish these trusts only using Samba PDCs? With difficulty. There are a number of ways to hack round the problem which you'll find if you search, but it's not supported functionality ATM. Meaning: If I rip out the NT Domains, replace the PDCs with Samba PDCs and rebuild new domains (new Domain Names, new NetBIOS names for the PDCs, etc.) How do I get the three domains to once again trust each other? Is there a Samba command to do this? Not at present. The current release branch of Samba (2.2.x) does not support trust relationships between domains. Samba 3.x will support this functionality, and I believe the code is already in CVS to do it. You could get an alpha of Samba 3.x, or a CVS checkout, and try to make it work with that. If I were you, I think I'd try this, but run 2 copies of Samba on each server, 3.x alpha for the PDC aspect, and 2.2.x for the actual file/print serving. You can bind two IP's to the NIC in your machines, and run 3.x on one IP, and 2.2 on the other. Mike.
Re: [Samba] Samba versus Dreamweaver
Keller Nicolas wrote: Hi! I hope someone can help me with this one: We're using Macromedia Dreamweaver 3 to publish local files from a NT4 Server to our internet server running Redhat 7.3 / Samba 2.2.3a. Life could be so sweet but we're facing a strange problem: Users can't _overwrite_ files edited by other users. Everytime someone tries to overwrite such a file the message An error occurred - cannot put file.xxx. Access is denied. pops up. But they can delete them and this only happens inside Dreamweaver 3, overwriting a file with the normal Windows Explorer isn't a problem. I guess my Samba configuration below is right and Dreamweaver does some strange things. It sounds like your problem is the Unix filesystem semantics not Samba. To delete a file requires only write access to the *directory* that contains that file - no permissions on the file itself are required. To overwrite a file would require changing the data in the file, and so needs write permission on the *file*. Windows explorer is, I'd guess, actually deleting/recreating when you overwrite. The normal way around this is to set the group ownership of the directory to a group that contains all the users you want to have access. Then set the SGID bit on the directory. From that point on, all files created in that directory will inherit the group ownership of the parent directory. Subdirectories will inherit both the group ownership of the parent, and the SGID bit. Then you need to ensure that the umask is set so that files are created group writeable. You'll (obviously) also need to chage the group/permissions on the files that were created before you set the SGID bit on the directory. HTH, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to switch from NT to Samba transparently?
the valid users to Everyone. Configuring Samba as a PDC == After the above steps have been taken, it is possible to transfer control of the domain over to the Samba server. Shut down Samba, and edit the smb.conf file, making the following changes:- Add os level = 64 preferred master = yes domain master = yes local master = yes domain logons = yes logon path = \\%N\profiles\%u logon drive = M: logon home = \\%N\home logon script = logon.cmd Ensure that password encryption is set to on, and that security is changed from domain to user. The logon path, logon drive and logon home should be changed appropraitely for your setup. Add a share called netlogon, as shown:- [netlogon] path = /usr/local/filestore/netlogon writeable = no write list = ntadmin, admin1 Make backup copies of, and then delete the secrets.tdb file (probably in /usr/local/private) that was created when you joined the NT domain, and the MACHINE.SID file from the same directory. Replace the MACHINE.SID file with one containing the domain SID that was extracted from the Windows PDC. Use the output from pwdump as your smbpasswd file - store this in the private directory along with the MACHINE.SID. Ensure that all the accounts present in the smbpasswd file are present in /etc/passwd, both machine trust accounts (all end with a $), and user accounts. It is also important that the UID in /etc/passwd is the same as that in smbpasswd for each account. If Samba was configured with PAM support, ensure that an appropriate /etc/pam.d/samba file exists. Finally, shutdown the Windows PDC, and restart the Samba daemons from the new configuration file. You should now be able to log on to the Samba PDC from any of the Windows workstations that are members of the domain. Replacing your NT BDC = PDC to BDC replication is not supported in the current releases of Samba 2.2, so setting up a BDC directly is not possible. It is, however, possible to provide the redundancy offered by a BDC fairly simply. --- Some documentation on using rsync to maintain SAM/account details on two machines, and provide failover in the event of one going down needed. --- Troubleshooting === - need lists of what can go wrong. - Miscellaneous Authentication and Single Sign on Using pam_smb Using pam_ntdom Using winbind Caveats/outstanding questions Machine name length - if netbios name longer than 8 characters, will the machine account die? #!/usr/bin/perl # # Author: Mike Brodbelt # Creation date: 21/11/01 # Last updated: 03/12/01 # # Small script to read the contents of system account files, and an smbpasswd file, and # create new /etc/passwd and /etc/group files suitable for basing a Samba controlled # NT domain on. Also, generate scripts to change file ownership appropriately, where # a users UID changes. # Set a few global variables to influence the script's operation our $unix_pwd_field = x; # New Unix accounts will have their password field set to this. our $unix_shell = /bin/bash; # New Unix accounts will have their shell set to this. our $system_account_base = 105; # Accounts in passwd file with UID = this will be preserved our $system_group_base = 249; # Accounts in group file with GID = this will be preserved our $output_passwd_file = new_passwd; # Name of new passwd file for output our $output_group_file = new_group; # Name of new group file for output our $output_smbpasswd_file = new_smbpasswd; # Name of new smbpasswd file for output our $output_shadow_file = new_shadow; # Name of new shadow file for output our $shell_script = ownership.sh; # Name of shell script to change file ownerships (ARGV == 4) || die Usage: pdc_conv.pl unix_passwd_file unix_group_file smbpasswd_file shadow_file\n; ($passwd, $group, $smbpasswd, $shadow) = ARGV; # Parse the supplied passwd, group, and smbpasswd files, building # tables for them in memory. $user_hashref = hash_unix_users(); $group_hashref = hash_unix_groups(); $smbpasswd_hashref = hash_smbpasswd(); $shadow_hashref = hash_shadow_file(); # Now, we need to create a new Unix /etc/passwd file. We go through the existing accounts # that have been pulled from the passwd file, and leave any that fall below the base UID # untouched - this preserves system accounts without any changes. $newuser_hashref = add_reserved_accounts($user_hashref); # For accounts present in the smbpasswd file, we need to add a Unix system account. Where there is no # corresponding UID in the Unix passwd file, we simply create the account, using the appropriate # account information. Where there is an existing UID
