[Samba] Red Hat samba 2.2.5 to 2.2.7a Kablooey
Hi, I need some help. Something rather disturbing had happened during an upgrade to 2.2.7a. It seems that the upgrade messed my current samba services, and placed files in other directories, yet the "path" was not updated. I would type "smbstatus" and get the older version, plus my "locks" directory was lost. The 2.2.7a upgraded installed yet left the older version 2.2.5 in command/control, if that makes sense? I want to do a fresh install, yet I do not want to "make revert" as something also messed up there too. Is it possible for me to remove everything manually (directory by directory) and then do a clean install? I don't want to have to reinstall the entire Red Hat system. Regards, Matt *Matt RockMaintenance Computer Technician e-mail: [EMAIL PROTECTED]web: http://ddo.astro.utoronto.ca David Dunlap Observatory, U of TP.O. Box 360, 123 Hillsview DriveRichmond Hill, Ontario L4C 4Y6Tel: (905) 884-9562 x236Fax: (905) 884-2672
[Samba] Problems with WIN2K accessing Samba 3.0.1 as PDC
Hello. I am almost at the end of my rope right now. Here is the deal. I initially installed Redhat 7.1 with the version of Samba server is came with (2.0.7 or something) I setup everything fine, but when it came to setting the machine up as a PDC, I recieved an error that could be fixed by a patch. Instead, I decide to re-install RH 7.1 without Samba, and get the latest distro. I download 3.0.1 and install. Once again P2P networking works fine, but when I get to PDC again... This time, All I get is Login Error: Username is invalid and or bad password. I have all of the required files with /usr/local/samba/lib/smpasswd, /etc/passwd with all of the right information including a Machine account for the WIN2K PC. It is all formatted properly. The error in the NMBD log repeats itself like 12 times with a code 0x12 whenever I try to login. I have literally gone through EVERY HOWTO - Samba PDC on the internet, and can't get it figured out! When I punch in root and type the wrong password, it gives me the error right away, yet when I key in the right password, the drive lights on both machines start and about 10 seconds later is gives me the error. To add fuel to the fire, I have tried this with RedHat 7.1 Slackware 9.1 Debian 3.0 Rev2 Mandrake (newest release) Same error. So it ain't my Linux. Anyone... please? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] DC 2003's users in Samba DC
Hi list.. a theorical question In this scenario banch office #1 Samba DC 3.0.7 Proxy and SQL Users, authenticate through samba ^ local users#1 banch office #2 Win 2003 DC ^local users#2 Can samba use winbind to allow users from 2003 DC access to resources in the Samba DC?? can \2003DC\userXX access a share?? Can I map those users/groups to a Samba DC Users/groups?? Thanks a lot MRB http://www.lionix.com Linux -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A device attached to the system is not functioning
Hi, doesn't seems to be a samba related problem. did you check the logs?? anything there?? increase log level ?? check the XP event viewer regards MRB www.lionix.com Linux Hiu Yen Onn wrote: hi, i have a samba-ldap pdc. from the windows xp client. i hardly logon to the network. the windows popup a box stating A device attached to the system is not functioning. .but however, i tested the account from windows 98. it worked perfectly. can someone give me some pointers? thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [samba] create account that can join machines but not admin access on domain
Hi Daniel... this is from the Samba Docs... will help One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him root access. How can we do this? Users who are members of the Domain Admins group can add machines to the Domain. This group is mapped to the UNIX group account called root (or equivalent on wheel on some UNIX systems) that has a GID of 0. This must be the primary GID of the account of the user who is a member of the Windows Domain Admins account. MRB http://www.lionix.com Linux Daniel Wilson wrote: hi list, im using samba 3.0.8 with LDAP, To add a machine to the domain i currently use the administrator account (which has uidNumber=0), which means this account has automatic root on all of the shares (my shares arnt using samba, im using NetApps Filers, which have been configured to authenticate via samba), when we roll this project out accross the university (approx 50,000 users) we want the technicians in each school to be able to add machines to the domain but not get root/admin access to all the shares. So my question is, Can you create an account that can add machines to the domain but doesnt get root/admin priveldges on all the shares/domain (as the would conflict with human rights issues etc...) Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [samba] create account that can join machines but not admin access on domain
daniel, increase the log level and check if the information provided give any help MRB http://www.lionix.com Linux Daniel Wilson wrote: MaTT wrote: Hi Daniel... this is from the Samba Docs... will help One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him root access. How can we do this? Users who are members of the Domain Admins group can add machines to the Domain. This group is mapped to the UNIX group account called root (or equivalent on wheel on some UNIX systems) that has a GID of 0. This must be the primary GID of the account of the user who is a member of the Windows Domain Admins account. MRB http://www.lionix.com Linux Daniel Wilson wrote: hi list, im using samba 3.0.8 with LDAP, To add a machine to the domain i currently use the administrator account (which has uidNumber=0), which means this account has automatic root on all of the shares (my shares arnt using samba, im using NetApps Filers, which have been configured to authenticate via samba), when we roll this project out accross the university (approx 50,000 users) we want the technicians in each school to be able to add machines to the domain but not get root/admin access to all the shares. So my question is, Can you create an account that can add machines to the domain but doesnt get root/admin priveldges on all the shares/domain (as the would conflict with human rights issues etc...) Regards ive tried to set GID to 0 to an account, but i get unkwon username or password error when i try to add it, if i use administrtor adding is successful! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with shares accessible for not logged users - how?
Tomek, did you checked if using force user, and setting read only=no, and having a machine account in the samba for the machine where the program runs, work? just guessing! MRB http://www.lionix.com Linux Tomasz Chmielewski wrote: Hello, Is it possible to create a share on a Samba PDC, which would be accessible for everybody, evyn for users who didn't join / log into the domain? I have a program which starts as a service, and keeps its settings on a central server (for all machines); but the authors of that program didn't think that some servers are password-protected (or are domains)... Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Swat not working
I recently decided to set up a Linux machine with the intent to run samba on it. I am running Mandrake 10 and I have installed the latest version of samba from the website. But I can't seem to get samba and swat to work. Because when I go to http://localhost:901 http://localhost:901/ I receive an error, informing me that it cannot be reached. This is what I have done so far. Edit the services file Edit the xinetd Created and edited the smb.conf From what I can tell I should be able to access swat now, but it just does not seem to be working. Any help would be appreciated. Thanks for your time. `Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Swat not working
I have used the commands /usr/sbin/smbd -D and /usr/sbin/nmbd -D And killall -HUP smbd and killall -HUP nmbd and killall -HUP xinetd all of which have produced no results. From what I have been able to tell I am supposed to create a file in the xinetd.d directory with the swat information. Was I also supposed to edit the xinetd.conf file? Thanks for your time `Matt -Original Message- From: Jeff Saxton [mailto:[EMAIL PROTECTED] Sent: Monday, January 03, 2005 2:35 PM To: 'Matt'; samba@lists.samba.org Subject: RE: [Samba] Swat not working Did you hup xinetd? Jeff Saxton Sr. Support Engineer SenSage, Inc. ( Formerly Addamark Technologies, Inc. ) http://www.sensage.com mailto:[EMAIL PROTECTED] OFFICE: +1 415-281-1900x128 CELL: +1 415-640-6392 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 03, 2005 12:29 PM To: samba@lists.samba.org Subject: [Samba] Swat not working I recently decided to set up a Linux machine with the intent to run samba on it. I am running Mandrake 10 and I have installed the latest version of samba from the website. But I can't seem to get samba and swat to work. Because when I go to http://localhost:901 http://localhost:901/ I receive an error, informing me that it cannot be reached. This is what I have done so far. Edit the services file Edit the xinetd Created and edited the smb.conf From what I can tell I should be able to access swat now, but it just does not seem to be working. Any help would be appreciated. Thanks for your time. `Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP Home Edition
- Original Message - From: Mark Cooke [EMAIL PROTECTED] To: John H Terpstra [EMAIL PROTECTED] Cc: Samba [EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 11:15 PM Subject: Re: [Samba] Windows XP Home Edition On Tue, 2003-09-23 at 23:04, John H Terpstra wrote: On Tue, 23 Sep 2003, Eric Treu wrote: I understand that Microsoft, in their wisdom, has a share timeout after 15 minutes of inactivity. Yes. Correct. Can anybody help me. I have come to the conclusion that the one XP Professional box that I have does not have this problem. I don't want to upgrade, buy, or install XP Professional on all the boxes. Sorry. MS have you snookered. Try finding a program that can use the share every 10 minutes to prevent it going idle... Eg, Write a cmd/bat file that copies a file over, sleeps for 10 minutes, and repeats ? I currently have a batch file in every user's startup folder on the xp home machine that does this: net use \\server1 password /user:domain\user (You can use * if you don't want to specify a pasword on command line - server1 is the name of my samba server) This seems to log them on to the server and allow them to use resources - printer and home folder. I haven't noticed it timing out but that may just be me not noticing. I think my account is invincible as its still set up to autologon or something as a hangover from my experiments with X-teq. But even a batch file to log you on every 10 minutes would do the job, no need to copy a file *I think*. matt A horrid cludge, but should stop the share going inactive, and work around your problem. Mark -- Mark Cooke [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.520 / Virus Database: 318 - Release Date: 18/09/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 'PointnPrint' Only works for one printer
Hi - I've read carefully Kurt Pfeifle's document on Printing Support in Samba 3.0. (Otherwise known as samba-cups HOWTO??). I had a go at adding driver download/cups postscript driver support. After making the necessary alterations to smb.conf, downloading the drivers and running cupsaddsmb, both my printers showed up on the server from a winxp home machine. The first, canon, connects and sets itself up fine. The other one (then called usblp0) went through all the motions, but when you try to view properties, it says The usblp0 driver for this printer is not installed - some properties may not be available unless you install the driver? Install driver now? It then brings up the usual add printer driver box. If I add a driver, it again goes through the motions, but still it doesn't print. Asking for properties gives the same message about no driver - so you are stuck in a loop. The pointnprint system does support more than one printer doesn't it? There were no error messages in the verbose output of cupsaddsmb and both printers were added successfully. I don't know where I'm going wrong... My samba version is 2.2.7a and cups is 1.1.17 thanks, matt --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.520 / Virus Database: 318 - Release Date: 18/09/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windbind requirements and settings
I posted this to comp.protocols.smb, but I'll give it a shot here too... Background : We have an existing Win2k domain, 2 Win2k domain controllers, all working just fine. I've been using Samba 2.2.x for quite a while to provide access to specific folders on *nix machines using Domain security...So I'm reasonably familiar with how file/print sharing works. But what I'm interested in now is providing shell access to *nix machines, without having to manually create accounts on each box. Therefore, windbind 1st, if using windbind, and all I want to do is not have to manually create users on the *nix box, do I need to configure ldap in client mode on the *nix box ? Or does windbind take care of looking up the user/password info without needing ldap info ? I guess what I mean is, do I need to worry about ldap ( or kerberos for that matter ) ? We're not currently using it for any of our *nix machines... 2nd, is it possible to have *only* users in a specified AD group be granted shell access, and therefore be authenticated ? IE, I don't want *all* valid users in our domain to be granted access, I want to be able to say that only users in AD group X can loin via the shell on the specific *nix box... If this is possible, does this require ldap configuration on the *nix side ? Finally, does using windbind require that the application/daemon support, or be compiled to support PAM ? Some of our machines are AIX, and PAM support isn't standard until 5.2, and has only recently been back-ported to 5.1...We have 5.1, but also 4.3.3. Or is there a good source of information on AIX's LAM and how it may work ( if at all ) with Samba/windbind ? I've read, and re-read all the information I've been able to find on windbind, and am still a bit unclear on these things. Thanks for any info or pointers... -- - Matt - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] question about ADS sync
Hi, I have a question about Samba's capability. I couldn't find answer from web searches so want to try it here. We use samba as file server in a mixed mode w2k active directory domain. The problem is that each time a user changes his/her windows password, admins have to update samba password manually. We want to avoid this, and want Samba to automatically sync the user password with the directory server. I checked winbind, but it seems to give all domain users access to the samba server. We would like to limit the samba account to only a few selected windows users. We want them to deal only with the windows account without having to ask admins to update the smbpasswd. From web searches, there's no clear picture of what the possibilities are. It appears if I use 'encrypt passwords' option, I have to keep a local copy of smbpasswd, and automatic sync is impossible. (We don't want to use plaintext passwords.) My question is, does anyone know a way to let Samba do automatic sync with windows passwords? Another alternative... - set up as security = domain. - Then add the samba machine to your domain/AD via smbpasswd ( or net if using 3.x )...This creates a machine account in AD for your machine. - Next...You still need Unix accounts on the box that match your NT/2000 logins...The username has to match, not the password. Or you can use entries in username map option. Set up as needed. - Use file permissions and Unix groups to control access to resorces, just like always. - Configure shares to grant access based on Unix login/group membership as before. This way, there's no need for an smbpasswd file. As long as the user authenticates against the domain, Samba will grant access ( based on share config/file permissions). It never looks for a password, just if the user is authenticated to the domain, and if the user should be granted access to the resource. This works in 2.2.x as well as 3.x AFAIK, windbind is more for not needing to manually create the Unix users in the first place. Well, that's a generalized statement...There's more to windbind than that But it does sound like security = domain is what you needWorks here. -- - Matt - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] CUPS/Printing
RH Linux 9 on AMD k6-2 500 Using HP deskjet 930c on USB Samba version: 2.2.7a cups version: 1.1.18 Hello - I have had a good look on this newsgroup - and what I've picked up I think is allowing me to ask these questions more intelligently. I've also had a good look at the CUPS documentation aswell as the Samba documentation. 1. Am I correct is assuming that CUPS only likes postscript, and to print to a non postscript printer you have to use filters? 2. I have set up my HP deskjet 930c on RedHat 9 with cups. It prints just fine. However I cannot use the share from Windows machines using a 930c driver. I get this error in the cups error log: E [14/Aug/2003:00:20:24 +0100] print_job: Unsupported format 'application/octet-stream'! I [14/Aug/2003:00:20:24 +0100] Hint: Do you have the raw file printing rules enabled? So, is enabling raw printing a good idea, and if so - how do I do it (for ALL jobs) Using a lower driver such as deskjet 560c or digital turboserver 20 (a postscript driver) works fine (but for obvious reasons this is not ideal). Selecting print directly to the printer(raw) in windows gives the same error (I didnt expect that to work) 3. I've read a lot about people enabling autodownload of drivers and the many problems they are having. I'm afraid I don't properly understand the concept. Are these just normal Windows drivers? If so what would be the point for me as the 930c drivers don't work. OR Are there special CUPS windows drivers that know how to send something that is 930c ish but not an octet stream. I've read references to installing special drivers in windows but I haven't understood what is going on. Apologies if these questions sound stupid - I have included below the top bit of my deskjet.ppd file that I think Red Hat has generated. This (apparently) provides lots of info on the ppd in use and printer languages and so on. Any help would be very very much appreciated matt -- *FormatVersion: 4.3 *FileVersion: 1.1 *LanguageVersion: English *LanguageEncoding: ISOLatin1 *PCFileName:HPIJS.PPD *Manufacturer: HEWLETT-PACKARD *Product: DESKJET 930C *cupsVersion: 1.0 *cupsManualCopies: True *cupsModelNumber: 2 *cupsFilter:application/vnd.cups-postscript 0 cupsomatic *ModelName: HP DeskJet 930C, Foomatic + hpijs *NickName: HP DeskJet 930C, Foomatic + hpijs *ShortNickName: HP DeskJet 930C *PSVersion: (3010.000) 550 *PSVersion: (3010.000) 651 *PSVersion: (3010.000) 652 *PSVersion: (3010.000) 653 *PSVersion: (3010.000) 704 *PSVersion: (3010.000) 705 *LanguageLevel: 3 *ColorDevice: True *DefaultColorSpace: RGB *FileSystem:False *Throughput:1 *LandscapeOrientation: Plus90 *VariablePaperSize: False *TTRasterizer: Type42 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.510 / Virus Database: 307 - Release Date: 14/08/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: CUPS/Printing
- Original Message - From: Dragan Krnic [EMAIL PROTECTED] Sent: Saturday, August 16, 2003 8:02 PM | RH Linux 9 on AMD k6-2 500 | Using HP deskjet 930c on USB | Samba version: 2.2.7a | cups version: 1.1.18 | cut If you look up the files mime.convs and mime.types in /etc/cups, you'll find out that the lines beginning w/ #application/octet-stream ... have to be uncommented so that you don't need to specify -oraw in the print command. I cannot thank you enough - and I'm not surprised it was so simple. cut You haven't read Kurt Pfeifle's excellent HOWTO on CUPS, Samba and Windows, have you? Google it up. No - I did look for such a thing - all I had gathered was that it was forthcoming - is it listed in the list of HOWTOs on linux.org? I will google it as you suggest cut There's only a small rub that since about 2.2.6 there are 2 nasty little bugs in rpcclient utility which make it impossible in most cases to use the automagic way. There is a fix but it was only checked into 3.betas so you need to apply the fix to sources and build samba if you want to use samba as printer server. You can find the patch file as attachment #62 to bug #82 at the following URL: https://bugzilla.samba.org/show_bug.cgi?id=82 I will bear that in mind - I think for the moment I will stick to a manual install of drivers - we only have 5 clients (incl win98, winXP and wfw3.11) and I'm used to doing manual installations of drivers when they all used to print to the XP machine. again, thank you lots, and apologies for not consulting the HOWTO first... matt Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.510 / Virus Database: 307 - Release Date: 14/08/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] HELP Samba suddenly stopped working
can some one help me We are running samba on a mandrake v10 machine and suddenly we can't access the samba shares. it is in an ADS with MS sbs2003 as the PDC the error in the samba logs is Aug 28 08:50:06 hermes smbd[27096]: [2005/08/28 08:50:06, 0] auth/auth_domain.c:connect_to_domain_password_server(123) Aug 28 08:50:06 hermes smbd[27096]: connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine SBS2003. Error was : NT_STATUS_ACCESS_DENIED. It has been running fine for 8 months and suddenly stopped on the 28th of ug nothing has been changed on either machine as I have been away from work for the past 2 weeks and no one else has permissions. it is urgent that we get this fixed but i can't work out what is wrong. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP clients cannot find profile after logout when re-login
I'm facing a problem with logins on XP (only used by now) clients when a user has logged out first. The user starts his PC, he is able to login to the domain and igets his profile in a proper way. Now the user wants to logout, he get's the login screen again, he tries to login again and the message appears that windows was not able to find the profile. Please contact your sysadmin or check your network. It seems that all connections to the PDC are closed/removed after the user logs out. When the user restarts his PC, he is able to login again. It's known that a Client needs to have some connection to the PDC to actually check the login details and get the profile, this part seems to be closed when the user logsoff. I'm lost in finding a solution for this as most Can't find profile errors are based on usernames or whatever don't exist on Linux, but this is all good and works. What I have changed in the config is that all Paths that you can redirect to the userhome using a NTConfig.pol are set to the server and after this, this problem started. I hope someone can help out. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] XP clients cannot find profile after logout when re-login
I have double-checked this and it still occures: $ls -lna total 12 drwxr-xr-x 300 4096 2010-03-13 01:03 . drwxr-xr-x 400 4096 2010-03-13 00:59 .. drwx-- 21 1001 1001 4096 2010-03-18 09:38 username Are there other options that I can check ? I have the profiles and remapped paths in seperate folders. So in my remapped folder for the user there are only: -Desktop -Local Settings -My Documents Where the userfolder for these redirects has the following rights: ls -lna total 12 drwxr-xr-x 300 4096 2010-03-13 01:03 . drwxr-xr-x 400 4096 2010-03-13 00:59 .. drwx-- 21 1001 1001 4096 2010-03-18 09:38 username I can't follow this issue. Adam schreef: check the perms of /var/lib/samba/profiles/username set to atleast 700 and owned by that user? Matt wrote: I'm facing a problem with logins on XP (only used by now) clients when a user has logged out first. The user starts his PC, he is able to login to the domain and igets his profile in a proper way. Now the user wants to logout, he get's the login screen again, he tries to login again and the message appears that windows was not able to find the profile. Please contact your sysadmin or check your network. It seems that all connections to the PDC are closed/removed after the user logs out. When the user restarts his PC, he is able to login again. It's known that a Client needs to have some connection to the PDC to actually check the login details and get the profile, this part seems to be closed when the user logsoff. I'm lost in finding a solution for this as most Can't find profile errors are based on usernames or whatever don't exist on Linux, but this is all good and works. What I have changed in the config is that all Paths that you can redirect to the userhome using a NTConfig.pol are set to the server and after this, this problem started. I hope someone can help out. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Unable to set/authenticate to correct domain...
Matt Anderson sokkerstud_11 at hotmail.com writes: Updated to be readable... Dear Help, I am running Samba 3.0.25 on AIX 5.3 (installed from the binaries available on samba.org including the base install -- openldap, etc.) and have set it up to authenticate to LDAP directories on two different servers (one of them set up as a samba PDC and the other as a samba BDC) in the usual way: [global] workgroup = mydomain domain master = no ... passdb backend = ldapsam:ldaps://... security = domain netbios name = p505 ... And I have a share set up like the following: [shared] comment = shared files path = /tmp/shares/testshare valid users = test read only = no write list = test browseable = Yes (It will be good to note that user 'test' belongs to group 'testers'. Both 'test' and 'testers' are in the LDAP directory)The problem I am having is that I get an Access is denied error when I try to connect as user test. However, if I change the share to the following: [shared] comment = shared files path = /tmp/shares/testshare valid users = +testers read only = no write list = +testers browseable = Yes I can log in as user 'test' just fine. So, naturally, I went digging into the log file and found the following issues: 1) It is successfully authenticating user 'test' and getting the correct SID values for the user and group 'testers', but they don't have any privileges: ... get_privileges: No privileges assigned to SID [insert-test-SID-here] ... get_privileges: No privileges assigned to SID [insert-testers-SID-here] ... User test with invalid SID [insert-test-SID-here] in passdb ... user 'test' (from session setup_ not permitted to access this share (shared) ... NT_STATUS_ACCESS_DENIED So, I then went on to run the smbd process in interactive mode (with the -i option) to see what was going on there and discovered following: ... smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=P505))] ... I think that this is where the problem is. For some reason it is searching for sambaDomainName P505 (which is the host name of the machine, and specified as netbios name in smb.conf) instead of sambaDomainName mydomain (which is the domain that the machine belongs to, and is specified as the workgroup name in smb.conf).Is there a way to set what domain it is searching for? If so, where and when does that happen? On a side note, when I start smbd, it is currently creating a P505 domain object in the LDAP directory if it doesn't already exist. So, if I delete it, it just keeps recreating it. My guess is that if I can get this samba installation to look at the mydomain object instead, things will start working.Any thoughts, help, wisdom or insight would be greatly appreciated. Thanks! -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to set/authenticate to correct domain...
Matt sokkerstud_11 at hotmail.com writes: However, if I change the share to the following: [shared] comment = shared files path = /tmp/shares/testshare valid users = +testers read only = no write list = +testers browseable = Yes I can log in as user 'test' just fine. UPDATE: I was able to do this the other day... but this is not true anymore. However, if change it to have the SID of 'test' instead of the name like the following: [shared] comment = shared files path = /tmp/shares/testshare valid users = SID-OF-TEST read only = no browseable = Yes It works okay. So, two things: 1) How do I change th domain it's searching for (as noted in the previous post) 2) How do I configure whatever service is needed to fix the access problem. Thanks! -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to set/authenticate to correct domain...
Matt sokkerstud_11 at hotmail.com writes: Matt sokkerstud_11 at hotmail.com writes: However, if I change the share to the following: [shared] comment = shared files path = /tmp/shares/testshare valid users = +testers read only = no write list = +testers browseable = Yes I can log in as user 'test' just fine. UPDATE: I was able to do this the other day... but this is not true anymore. However, if change it to have the SID of 'test' instead of the name like the following: [shared] comment = shared files path = /tmp/shares/testshare valid users = SID-OF-TEST read only = no browseable = Yes It works okay. So, two things: 1) How do I change th domain it's searching for (as noted in the previous post) 2) How do I configure whatever service is needed to fix the access problem. Thanks! -Matt For anyone following along, I figured out what the problem was. If you're specifying domain users (at least in my case) you have to include the domain name when defining access rights: example: [shared] comment = shared files path = /tmp/shares/testshare valid users = mydomain\test, +mydomain\testers read only = no browseable = Yes This is the first time I've used Samba and authenticated against domain users... but I don't remember reading this anywhere, so I thought I'd spread the info. Have a great day! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Trouble adding to domain
My problem seems to have been related to how the ldap records were set up. Just so everyone knows the computer entry based off my config file should look like: # SIRGUAIN$, computer, igb.uiuc.edu dn: uid=SIRGUAIN$,ou=computer,dc=igb,dc=uiuc,dc=edu uid: SIRGUAIN$ sambaSID: S-none-of-yo-bidness-1000 objectClass: sambaSamAccount objectClass: account displayName: SIRGUAIN$ sambaAcctFlags: [W ] sambaPwdMustChange: 9223372036854775807 sambaPwdCanChange: 1181057492 sambaNTPassword: noneyobidnesseither sambaPwdLastSet: 1181057492 Instead of: # lancelot1$, computer, igb.uiuc.edu dn: uid=lancelot1$,ou=computer,dc=igb,dc=uiuc,dc=edu objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: lancelot1$ sn: lancelot1$ uid: lancelot1$ uidNumber: 1009 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer However smbldap-useradd created the latter. What am I doing wrong that does this? thanks, Dan Hi Dan, Are you able to add computers correctly strictly from the command line? (Instead of trying from the remote machine itself)? If not there are a couple things I can think of: 1) It may be a dumb question, but did you extended the schema of your LDAP database to include Samba schema? 2) There may be an issue with the smbldap-useradd script you are using. I found that I had to modify a few of the scripts manually to get them to work just right. I don't think I have the exact same version as you, but you may want to throw some echo statements (for running it from the command line) around the lines that are supposed to add it including the sambaSAMAccount object class to make sure it's doing what you think it should be. Hopefully that will at least give you something to try. -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to set/authenticate to correct domain...
For anyone following along, I figured out what the problem was. I have another update on this issue. It turns out that the root of the problem is that it's searching for the domain object specifically associated with the netbios name field in smb.conf, instead of the workgroup field. Is it supposed to do that?? In any case, if I change the netbios name field to mydomain instead of p505 (the name of the machine) it correctly associates the domain search with the right object in the LDAP tree. Also, once I did this, I no longer needed to include the domain name before the user name in the access definitions... Any thoughts on why it's looking at the netbios name field? -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to set/authenticate to correct domain...
Any thoughts on why it's looking at the netbios name field? -Matt When I set both the workgroup and netbios name fields to mydomain, usernames worked without the domain name in front of them, but I have now discovered that group names don't work either way. Instead, I get an error along the lines of +testers does not start with S- -- so it looks like it's looking for an SID again, instead of resolving the group name. Any help would be most appreciated. Thanks! -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Join Linux client to Samba PDC domain
Now I want the same thing in a different environment CentOS Samba PDC in domain mode and LDAP Windows XP and Vista clients joined to the Samba domain Linux File Server (which I don't know how to configure) So I want all the Windows clients to be able to access the shares on my LInux File Server but I want my CentOS Samba PDC to handle the authentication with Singel-Sign-On style. How would I configure my Linux Files server? security = domain, server, or? Thanks, Henrik Hi Henrik, I just did a similar thing setting up an AIX file server with a Linux-based Samba PDC. I'm pretty sure you want to set the Linux file server up as a domain member server: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html You're right on with security=domain. Then you just have to add the LDAP admin stuff to the samba config and secrets database (i.e. smbpasswd -w [LDAP admin passwd goes here], net rpc getsid [domain name here], net rpc join -Uroot%[password goes here]) and a few other config steps outlined in the link I put above... Hopefully that gets you started int he right direction. -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FreeBSD 6.1 ACL support
Hello, I have FreeBSD 6.1 and I know I have installed the development libraries for ACL support. However, the samba configure script does not seem to be able to find the acl.h. In fact, I even explicity enable acl support with ./configure --enable-acl-support and still no luck. Has anyone else experienced this and if so, what was done to correct the issue? Thank you, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
standby mode
samba 2.3.3a redhat 7.3 i have three other computers connected with the redhat 7.3 on a network. two windows xp and one windows 98. the windows computers will go to standby fine if not used. the linux computer will not go to standby, something accesses the hard drive about every ten minutes. if i unplug the ethernet cable, the computer goes into standby after a while; when i plug it back, the computer wakes with in ten minutes. then i unchecked the smb daemon from the start up and the computer goes into standby. how do fix this to let the computer go into standby? matt
[Samba] Samba and VPN Road Warrior setup
Hi, I have setup a Linux + FreeS/WAN VPN firewall/gateway to provide Out-of-Office access. I have used DHCP to provide a small subnet block of Internal IPs for use by the external VPN Road Warriors, (All running XP with SSH Sentinel), on their Virtual network interfaces, and the VPN gateway performs ARP proxy on the internal interface so packets go to the right place. No NAT is performed on this traffic. Perhaps some ASCII art also helps, (any excuse): ++ || 192.168.0.192 (Virtual) | VPN #1 | | client |===+ || | ++ - ++ ARP Proxy || Internet |===| VPN GW |---| Office network 192.168.0.0/24 || ++ - ++ || | | VPN #n |===+ | client | || 192.168.0.223 (Virtual) ++ This works great so far in that most network traffic, (access to intranet web servers, etc.), functions correctly, but one of the main uses of this VPN is to provide access to the various Samba servers on the network. Currently however, the WINS/Master browser component on the network is provided by an NT box, and has it's IP passed by the DHCP server. Currently, I cannot get the remote clients to successfully browse the workgroup, but direct connections to the shares on the Samba servers can be established and work with no discernable problems, I just cannot navigate to them. I have checked the iptables firewall rules, and I'm letting all 137/138/139 traffic through. I don't have the inclination or desire to debug the NT box, but prior to this problem, I was thinking about retiring the NT box anyway in preference of using one of the Samba servers, (I can't think why the NT box is used solely for this purpose anyway, Samba can easily handle this role). I'm thinking regardless of software, that part of the problem is that UDP broadcast traffic cannot reach the Office network from the VPN clients, and vice versa, by virtue of the topology, so browse lists can't be propagated correctly. Would putting something along the lines of: remote announce = 192.168.0.192 192.168.0.193 ... 192.168.0.223 into the WINS/Browse Master Samba machines smb.conf solve this problem? Or if anyone has any useful advice for getting Samba working over this kind of network topology, I would be very grateful. TIA Matt -- Doctor Fact is knocking at the door. Someone -- please -- let the man in! msg12131/pgp0.pgp Description: PGP signature
[Samba] user/group issues
hello, I have a RH 7.1 box running samba-2.2.4-2 acting as a PDC to our LAN. For the most part all our clients are 95/98 and NT 4. The problem I am experiencing is that when I want to add a Domain User to a local group on a Win2k box it gives me the error: unable to lookup user names for display. Now, I can add myself (the one logged in) to the group on the Win2k box, but any other user I try to add gets that error message. My user is a super user that is automatically given admin rights on the machine and it seems I should be able to add more users than just me to the group just like on NT 4. If I slide over to an NT 4 box and try the same thing... adding a Domain user to the local Power Users group other than my user it works just fine. I can add as many as I please. On the Win2k box if I have the Domain user log in one time and logoff I can then log in to the Domain as my superuser and add them to the group. It seems to like the fact that they have logged into the workstation before I can add them. On a side note... I have upgraded to samba-2.2.7 on a clone of that server and still have the same problems. I would think if its not a problem doing it with NT 4 then you should be able to do the same in 2K. Of course, thats not the case right now with my setup. My question to anyone who can help me... is this this normal for 2K at the present time? Or is there something else wrong that I need to fix? Thanks Smb.conf output: # Global parameters [global] workgroup = XXX netbios name = server string = Samba PDC Server v.2.2.4 encrypt passwords = Yes update encrypted = Yes min passwd length = 6 passwd chat = *New*password* %n\n *Retype*new*password* %n\n *modifying* username map = /etc/samba/smbusers password level = 4 unix password sync = Yes log file = /var/log/samba/log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = @ntadm add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon script = %U.bat logon drive = H: logon home = \\%N\%U\%u logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes hide local users = Yes admin users = administrator printer admin = @ntadm [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon invalid users = bin adm daemon lp sync shutdown halt mail news uucp operator games gopher ftp gdm postgres vacation named rebound guest ok = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Adding Domain users to local Win2k Groups
hello, I have a RH 7.1 box running samba-2.2.4-2 acting as a PDC to our LAN. For the most part all our clients are 95/98 and NT 4. The problem I am experiencing is that when I want to add a Domain User to a local group on a Win2k box it gives me the error: unable to lookup user names for display. Now, I can add myself (the one logged in) to the group on the Win2k box, but any other user I try to add gets that error message. My user is a super user that is automatically given admin rights on the machine and it seems I should be able to add more users than just me to the group just like on NT 4. If I slide over to an NT 4 box and try the same thing... adding a Domain user to the local Power Users group other than my user it works just fine. I can add as many as I please. On the Win2k box if I have the Domain user log in one time and logoff I can then log in to the Domain as my superuser and add them to the group. It seems to like the fact that they have logged into the workstation before I can add them. On a side note... I have upgraded to samba-2.2.7 on a clone of that server and still have the same problems. I would think if its not a problem doing it with NT 4 then you should be able to do the same in 2K. Of course, thats not the case right now with my setup. My question to anyone who can help me... is this this normal for 2K at the present time? Or is there something else wrong that I need to fix? Thanks Smb.conf output: # Global parameters [global] workgroup = XXX netbios name = server string = Samba PDC Server v.2.2.4 encrypt passwords = Yes update encrypted = Yes min passwd length = 6 passwd chat = *New*password* %n\n *Retype*new*password* %n\n *modifying* username map = /etc/samba/smbusers password level = 4 unix password sync = Yes log file = /var/log/samba/log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = @ntadm add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon script = %U.bat logon drive = H: logon home = \\%N\%U\%u logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes hide local users = Yes admin users = administrator printer admin = @ntadm [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon invalid users = bin adm daemon lp sync shutdown halt mail news uucp operator games gopher ftp gdm postgres vacation named rebound guest ok = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing to Windows XP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have an Epson Stylus Photo 785 connected to a workstation running Windows XP Professional. I would like to print to this printer using CUPS on a Debian (sid) box. I have Samba-2.99 alpha3.0 installed. On the Windows XP box, I have the Guest account enabled and the printer is shared. My other Windows box can print just fine to it. When I add the printer using the CUPS webadmin system, it says that SAMBA cannot connect to the print server. Furthur investigation using smbspool from the command line yields the following message: The command I issued was: server:~# smbspool smb://Wallace/dave-winxp/dave_inkjet a b c d e test (The manpage for smbspool indicated the options were not used, thus the a b c d e. test is a text file. Wallace is the workgroup of the computer, dave-winxp is the computer name): The response was: failed tcon_X with NT_STATUS_OK ERROR: Connection failed with error NT_STATUS_ACCESS_DENIED ERROR: Unable to connect to SAMBA host, will retry in 60 seconds...: Success I'm not if there is another way I should be testing this, but any suggestions would be greatly appreciated. Please CC me directly, I am not subscribed to this list. Thanks, Matt Wallace - -- This message is cryptographically signed using the GNU Privacy Guard. The authenticity of this message can be verified using either the GNU Privacy Guard or any PGP implementation. To do this you will need my public key, available at: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xA89181C9 If you recieve mail from me that is not signed in this manner, please be suspect of its authenticity. For more information on cryptographic message signing, see: http://www.gnupg.org/(en)/documentation/faqs.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+LveGVn6yj6iRgckRApJCAJ4udo6prcKo1wgbOf4qna4sL3n99ACgh7ev 4vChjN3zezFU7ZoVG8anM/E= =LzXb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] - adding domain users to local windows 2000 groups
Hello, I am having a problem with adding domain users to a local windows 2000 group like Power Users. It keeps giving me the error unable to lookup user names for display. We have RH 7.1 running and Samba 2.2.4 installed as a PDC. I used to be able to login as an administrator of the domain in 2K and add as many users as I wanted to a group. Now I have to actually have the person I want to add login to the computer before I can add them. I'm just wondering if anyone else has experienced this before or seen that error and could help. If anyone can help I'd appreciate it. Thanks, Matt Lung -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2K local groups
Problem: I have a Redhat 7.1 box with Samba 2.2.5 acting as PDC. I need to add some of my domain users to a local Windows 2K group (the power users group). I open up my local group administration and select the user from my domain and attempt to add them and get an error message similar to the following: A member could not be added to or removed from the local group because the member does not exist. I know this is possible because I have added domain users to a Windows 2K local group in the past. There are actually still users in this group from the last time I added users. Since I have added users nothing has changed in my Samba config file. I am still looking at this problem and was wondering if anyone else has experience this. If you have or can offer an advice on how to fix this issue please contact me. Thanks for any help! Matt - Smb.conf # Global parameters [global] workgroup = NEW netbios name = PDC server string = Samba PDC Server v.2.2.4 encrypt passwords = Yes update encrypted = Yes min passwd length = 6 passwd chat = *New*password* %n\n *Retype*new*password* %n\n *modifying* username map = /etc/samba/smbusers password level = 4 unix password sync = Yes log file = /var/log/samba/log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = @ntadm add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon script = %U.bat logon drive = H: logon home = \\%N\%U\%u logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes hide local users = Yes admin users = administrator printer admin = @ntadm log level = 0 [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon invalid users = bin adm daemon lp sync shutdown halt mail news uucp operator games gopher ftp gdm postgres vacation named rebound guest ok = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba in a High Availability Configuration
Hello, I'm sorry to post High availability oriented questions to this list, but I was wondering about some samba configuration parameters and what options are available. I am using heartbeat, and to make a long story short, i have a floating IP alias between 2 servers. (192.168.1.1 for example). When one server is serving the data, it 'has' this ip. if the server fails over, the other machine takes over the IP alias address, and starts samba. In order to make this work correctly, i have to use the 'interfaces' smb.conf option, which sets smbd to listen to only certain ip addresses. I also have bind interfaces only option on, which is required to prevent two simultaneous smbd processes from binding to the same interface IP. What I am interested in, is seamless failover, completely hidden from the client in the middle of a copy.. Hopefully, they would only see a stall in the copy.. Currently though, I get failed file operations because of the bind interfaces only option. the Bind interfaces only option requires that the 'interface' ip be 'UP' in order for samba to start correctly. This causes problems because to bring the IP address 'UP' before starting the samba server means that the client sees that there is no server processing requests on the ip for a small amount of time, which results in a failed operation. I wonder if there is a way to have samba bind only to certain IP addresses, but not require those addresses to be live at startup. Thanks for all your work in the Open Source community, -- Matt Schillinger [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba in a High Availability Configuration
The results I get now (on a Windows NT4 machine) is: 1. start a copy from a local drive to a samba served drive. 2. failover the samba server to the secondary. 3. the copy seems to stall. 4. As the secondary server comes online (or the IP comes online), the copy issues an error. I don't know if the error is due to server state, or that the IP comes up for a second with no samba server bound to the interface. This is why i am interested in seeing if bind interfaces only option can be accomplished without actually having the IP aliases bound, so that the samba server can already be listening for the interfaces when the aliases come up. 5. Immediately starting the copy over (from the secondary server serving data) works fine.. no reconnects required. Matt Schillinger [EMAIL PROTECTED] On Tue, 2003-02-18 at 19:06, Martin Pool wrote: On 18 Feb 2003, Matt Schillinger [EMAIL PROTECTED] wrote: I'm sorry to post High availability oriented questions to this list, but I was wondering about some samba configuration parameters and what options are available. You're welcome, this is on-topic here. What I am interested in, is seamless failover, completely hidden from the client in the middle of a copy.. Hopefully, they would only see a stall in the copy.. My understanding is that this is very hard (or impossible) to do at the moment. There is a lot of complicated statefulness in the CIFS protocol (unlike, say, NFS) and so switching to another server in the middle of an operation would, at the least, require a great deal of new development work in Samba. There would need to be some kind of shared storage between the two machines holding everything the server needs to know about active connections. This would be much deeper than just what's in the tdbs. Perhaps somebody more experienced can give more details. The best you can do is allow that connection to fail and then for the client to reconnect. -- Martin -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP auth with nis.schema
Is it possible to get samba to act as a PDC with encrypt passwords = no ?? Matt Schillinger [EMAIL PROTECTED] On Sat, 2003-02-22 at 12:12, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 20 Feb 2003, Odd Rune Dahle wrote: I'm wondering if it's possible to get samba to auth against LDAP without saving multiple hashes in the directory? I'd like to keep it to the hash that we use to auth unix-systems today, without cluttering the directory with other hashes that need to be synchronized etc. not if you want to use encrypt passwords = yes cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+V72MIR7qMdg1EfYRAqGpAJ9T9g2B/at5KnQUrg7wIfmvawV5WwCgk3x+ +thtqjn9iR95ioYanAyLt1U= =Zuy7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba using Virtual Servers (load balancing)
I believe that others are correct (look at linuxvirtualserver.org for documentation and discussions on Samba in a clustered mode) in that CIFS' peer to peer concept is very stateful.. On the other hand, samba can be made 'Highly available' without alot of trouble. I have a High Available File server (NFS and Samba) configuration with 2 nodes, in an active-active configuration. If one of the servers is hung up, or requires maintenance, its services (including samba) will failover to the other node. If a client is in the middle of a samba served file operation, they will see an error, but an immediate retry of the file operation will work fine from the failover server. Because of CIFS' handling of files, it is very safe, because if you are performing a file move, the original file is not deleted until after a 'copy' is completed. So, if there's a failure, all you need to do is restart the procedure. Matt Schillinger [EMAIL PROTECTED] On Tue, 2003-02-25 at 03:21, Leroy van Logchem wrote: Hello fellow samba users, Our company uses samba for all fileshares/printing/PDC on two SUN E3500's. We like to replace these with about 10 Linux 19 XEON (pizza)boxes. The question: Are there any implementation out there using a loadbalancing cluster doing samba? A simple diagram of the setup I have in mind: Users (+/- 500) ||| Headnode(Director 1) - Headnode (Director 2) | Worknode - Worknode - Worknode ... | Large RAID5 NAS boxes (NFS only) Thanks for any information/pointers in the right direction. (all directions are open: lvs,mosix,???) Regards, | | Leroy(dot)vanLogchem (at) wldelft(dot)nl | Systems Group | WL | Delft Hydraulics - http://www.wldelft.nl | -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba using Virtual Servers (load balancing)
I may stand corrected. Did a quick search and found this site.. Perhaps it can guide you to a load balanced solution. I haven't read all the relevant posts in depth, but they look promising. http://www.faqchest.com/linux/samba-l/smb-02/smb-0208/smb-020825/ Matt Schillinger On Tue, 2003-02-25 at 03:46, Simon Hobson wrote: Leroy van Logchem wrote: A simple diagram of the setup I have in mind: Users (+/- 500) ||| Headnode(Director 1) - Headnode (Director 2) | Worknode - Worknode - Worknode ... | Large RAID5 NAS boxes (NFS only) Thanks for any information/pointers in the right direction. (all directions are open: lvs,mosix,???) I can't answer the question, but I would have thought file locking would be incredibly difficult ! Simon -- Simon Hobson, Technical Services Engineer Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba spanning subnets
First off, it sounds like what you have is a WINS issue, not a PDC issue. All you have to do is have a server designated as the 'WINS Server' aside from other configuration items, smb.conf should have 'wins server = yes' on the other 2 subnets, have 1 machine / subnet act as a wins proxy wins proxy = ip address of main WINS SERVER Then they will forward their subnet's netbios info to the primary WINS Server. From there, all you have to do is have all of your clients point their wins server to IP Addres of main WINS Server There is another solution that is a little easier, yet requires you to have a setup so that 1 machine can connect to all three subnets (3 nic cards).. In this case, just setup 'wins server = yes', and point all your clients to the appropriate ip address (you can point clients to a local subnet interface, or just point to one of the interfaces), and you will have a browseable network. Matt Schillinger [EMAIL PROTECTED] On Tue, 2003-02-25 at 14:20, Ben Hall wrote: Hello, I am in the process of trying to get a large network (300+ systems) spanning 3 subnets to be able to display all windows machines in the Network Neighborhood. After reading through copious amounts of documentation, using Samba as a domain controller and then having systems on each subnet seemed to be the best approach. I set one of the machines to be the domain controller for what was my workgroup, and while all of my systems are visible to everyone on the network, the browse lists for the rest of the network are still limited to whatever subnet the client machine is on. At this point it looks as though I would have to set up a domain controller for each of the 20+ workgroups. Of course this is infeasible. Am I missing something? A few machines are set up to use and proxy WINS, one of my systems is acting as the WINS server, this has had no noticeable effect on the network. Just to make things interesting, my network consists of just about every version of Windows since 95, MacOS from version 7 to 10.2, Sun Solaris 8 and the odd Linux machine. Any help would be very much appreciated. Cheers, Ben -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind usernames without DOMAIN prefix
(I apologize if this is not the right list for this question, this seemed the closest thing to a winbind list that I could find) Is it possible to have winbind return usernames simply as 'username' and not 'domain+username'? The linux box I am setting this up for will basically not have any local accounts, so collisions are not a problem, and it will only be accessing one domain so there is no need to differentiate users based on their domain. It would be nice to have the NT and Linux usernames be the same. Thanks for any help. -- .o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o. | Matt Kunze Sometimes there's a point.| | Build Master Fooly Fool This is not one of those | | 970.484.0841 x 2205 times.| = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind usernames without DOMAIN prefix
Herb Lewis wrote: winbind use default domain = yes This is for 3.0 samba and may partially work in 2.2.x Thanks, this works perfectly. Now I'm wondering if it is possible to not have the shell be the same for every account. For instance, have it be /bin/false by default but /bin/bash for a couple of users who need shell access. I tried adding an NIS-style, +username::/bin/bash line to /etc/password but this does not seem to work. -- .o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o. | Matt Kunze Sometimes there's a point.| | Build Master Fooly Fool This is not one of those | | 970.484.0841 x 2205 times.| = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Plain Password Patch
I cannot seem to find the plain password patch for the registry for NT4 or 2000. Is there one patch that works for both? Can you point me to where I can download the patch? Matt Lester AISG Government Systems Network/System's Engineer (407) 581-2929 ext. 218 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind usernames without DOMAIN prefix
Collins, Kevin wrote: Matt Kunze wrote: Do you mind me asking what version of Samba you're using? I would like to add this feature too, but I'm using 2.2.7 and I can't test it readily. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. I'm using 2.2.7a on Gentoo Linux 1.4_rc3 It does not look like the package does anything special to compile samba with winbind so I imagine I have everything working with the default configuration. -- .o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o. | Matt Kunze Sometimes there's a point.| | Build Master Fooly Fool This is not one of those | | 970.484.0841 x 2205 times.| = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba backup software
It is costly, but Veritas has products that run on linux.. We use Veritas Datacenter, which runs on a linux server, and backs up 6TB of data. We are working on migrating up from ait2 technology, and are deciding on whether to go to ait3, or SuperDLT.. We had to upgrade beyond amanda because it wasn't performing well enough. (but it was on DLT technology, so slower). i think we pay around $200 per client license, for about 30-40 clients. that does not include the actual datacenter server license. I can check on the datacenter license, but it will probably come down to speaking to a rep.. I can get you contact info if interested. Datacenter lets you do full and Incremental backups, restore single files, search clients/servers for files, and see different versions (based on backup date) of the file if needed. you can do archives for permanent (unexpired) tapes, or setup tape expiration policies for incrementals and fulls. You also have the ability to do restores to machines/directories OTHER than the original machine/directory (which is handy if the original disk that the data came from is now full and has no space for the restore.) Matt Schillinger [EMAIL PROTECTED] On Thu, 2003-03-06 at 16:23, Rick Segeberg wrote: I'm curious to what people are using for backing up their samba servers. Here's are some specs to consider: - 1TB (yes, that's terabyte) of data - multiple servers backup to one tape drive connected to a server (preferably a linux system) - using an autoloader (in this case, an HP 1/9 LTO system) - need to be able to backup daily changes and/or changes since last full backup Currently I'm using Backup Exec from NetWare. The *nix client has no support to do anything but a full. The archive bit obviously won't work, and backing up based on date doesn't seem to work either (it still does a full). I'm interested in finding a native linux solution since I don't see a lot of point in having to use a Windows server with a *nix client when I'm trying to get away from Windows. If you have suggestions or are using something you are happy with, please respond. Currently, I'm evaluating Novastor's Novanet 8.5. I know there are others that I can eval, I'm just interested in finding out what others are using and happy with. Thanks. Rick Segeberg Provo Site Manager, IT Department The Waterford Institute [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * This email may contain privileged or confidential material intended for the named recipient only. If you are not the named recipient, delete this message and all attachments. Any review, copying, printing, disclosure or other use is prohibited. We reserve the right to monitor email sent through our network. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: problems compiling Samba 2.2.8 on Solaris 2.8
Check your smb.conf and the log file variable. Greg Petras [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi - I am trying to compile and install 2.2.8 to /opt/samba, but I keep getting the following errors after I 'make install' and try to start smbd using '/opt/samba/sbin/smbd -d 2 -D -s /opt/samba/lib/smb.conf': Unable to open new log file /usr/local/samba/var/log.smbd: No such file or directory [2003/03/25 10:21:56, 0] lib/debug.c:reopen_logs(348) Unable to open new log file /usr/local/samba/var/log.smbd: No such file or directory [2003/03/25 10:21:56, 2] lib/interface.c:add_interface(81) added interface ip=172.26.38.51 bcast=255.255.255.255 nmask=0.0.0.0 [2003/03/25 10:21:56, 0] passdb/secrets.c:secrets_init(44) Failed to open /usr/local/samba/etc/private/secrets.tdb [2003/03/25 10:21:56, 0] passdb/machine_sid.c:pdb_generate_sam_sid(163) pdb_generate_sam_sid: Failed to store generated machine SID. [2003/03/25 10:21:56, 0] smbd/server.c:main(877) ERROR: Samba cannot create a SAM SID. The weird thing is these errors appear in /opt/samba/var, but it is still complaining about /usr/local/samba. When I ran the ./configure script I used the following options: # ./configure --prefix=/opt/samba \ --with-privatedir=/opt/samba/private --with-lockdir=/opt/samba/var/locks \ --with-piddir=/opt/samba/var/locks --with-swatdir=/opt/samba/swat \ --with-configdir=/opt/samba/lib --with-logfilebase=/opt/samba/var \ --with-logfilebase=/opt/samba/var --with-automount So I did properly set my logfile base to /opt/samba/var but samba still seems to think it should be /usr/local/samba. Did I forget something? Any help is much appreciated as I am fairly new to Samba. Thanks, Greg -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot see any files in samba shares
I have installed Samba 2.2.8 on a Solaris 8 machine. My compile options were as follows: ./configure --with-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-smbwrapper --with-syslog My smb.conf is as follows: [global] workgroup = Our NT Domain netbios name = MOJO server string = Samba Server v. 2.2.8 security = DOMAIN encrypt passwords = Yes password server = * log level = 2 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE preferred master = No local master = No domain master = No dns proxy = No wins server = 10.40.5.1 hide dot files = No [tmp] comment = Temporary Files path = /tmp The server runs, I have run everything in DIAGNOSTIC.txt with no problems except that running smbclient //mojo/tmp gets me connected to the server, but there are no files through Samba (there are files in this directory). Using a Windows 2000 box, I can open \\mojo\tmp, it asks for a username and password, and it connects. However, there are no files listed. I am able to create files in this directory via windows, but can't see them. Any help would be much appreciated. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Cannot see any files in samba shares
I have now tried version 2.2.7a, as well as 2.2.8 on a different Solaris 8 machine. They both have the same problems. What am I doing wrong? I have searched everywhere for an answer. I have seen several posts about this problem, but no one has had an answer yet. Permissions are 777 at this time on this folder, and still it does not work. Please help! Matt Yahna [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have installed Samba 2.2.8 on a Solaris 8 machine. My compile options were as follows: ./configure --with-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-smbwrapper --with-syslog My smb.conf is as follows: [global] workgroup = Our NT Domain netbios name = MOJO server string = Samba Server v. 2.2.8 security = DOMAIN encrypt passwords = Yes password server = * log level = 2 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE preferred master = No local master = No domain master = No dns proxy = No wins server = 10.40.5.1 hide dot files = No [tmp] comment = Temporary Files path = /tmp The server runs, I have run everything in DIAGNOSTIC.txt with no problems except that running smbclient //mojo/tmp gets me connected to the server, but there are no files through Samba (there are files in this directory). Using a Windows 2000 box, I can open \\mojo\tmp, it asks for a username and password, and it connects. However, there are no files listed. I am able to create files in this directory via windows, but can't see them. Any help would be much appreciated. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Cannot see any files in samba shares
Does anyone have any idea why this is happening? I have tried version 2.2.8, version 2.2.7a, I have installed it on 2 different systems running Solaris 8. Same problem on both. Any help would be much appreciated. Matt Yahna [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have installed Samba 2.2.8 on a Solaris 8 machine. My compile options were as follows: ./configure --with-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-smbwrapper --with-syslog My smb.conf is as follows: [global] workgroup = Our NT Domain netbios name = MOJO server string = Samba Server v. 2.2.8 security = DOMAIN encrypt passwords = Yes password server = * log level = 2 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE preferred master = No local master = No domain master = No dns proxy = No wins server = 10.40.5.1 hide dot files = No [tmp] comment = Temporary Files path = /tmp The server runs, I have run everything in DIAGNOSTIC.txt with no problems except that running smbclient //mojo/tmp gets me connected to the server, but there are no files through Samba (there are files in this directory). Using a Windows 2000 box, I can open \\mojo\tmp, it asks for a username and password, and it connects. However, there are no files listed. I am able to create files in this directory via windows, but can't see them. Any help would be much appreciated. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] authentication handlers usable from Win2K client?
Hello, I'm looking for the answer to a SAMBA authentication question. Regarding authentication with SAMBA from Windows 2000, is it possible to use Kerberos 5 as the authentication handler? NTLM? anything else? Thankyou, Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Retry: RedHat, XFS, and ACL Support
Hi, I've been trying to do this compile as well (but on Debian) however it seems that some of the acl functions have been moved from the acl libs to attr. I can get Samba to compile by adding -lattr to the places in configure where -lacl occur. Regards, Matt PS. I haven't actually got samba 3 to recoginse my acl's on the drive once it's compiled, not sure what's wrong but it's compiled and the ACL's work on the disk as samba 2.2.x sees them. On Thursday 05 June 2003 13:41, Dragan Krnic wrote: make sure you have the devel packages for ACL and EA (acl-devel and attr-devel) Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] User Manager for Domains
Hi, Now ACL's work I'm up against another hurdle, I've got UMFD connected to my Samba 3 PDC. I have the following lines in my smb.conf. The adding user's works perfectly. add user script = /usr/sbin/useradd -m -g 100 -s /bin/bash %u add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false %u delete user script = /usr/sbin/userdel %u When I ask UMFD to delete a user I get: [2003/06/05 16:22:28, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2513) Returning domain sid for domain HOME - S-1-5-21-906874104-2335227451-3449403371 [2003/06/05 16:22:28, 0] rpc_server/srv_samr_nt.c:_samr_unknown_2d(4211) _samr_unknown_2d: Not yet implemented. So it looks like the delete function isn't implemented, but I could have sworn I've used it before?? Regards, matt -- Quantum canis ille in fenestra est? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba+CUPS+Driver autodownload
Hi, I'm trying to get Samba to offer the Adobe driver automatically for the two printers I have set up with CUPS. I have all of the necessary files plucked out of the Adobe Postscript Windows driver package, but I'm hitting the problem when I come to run cupsaddsmb -v ... that the rpcclient adddrivers command always fails with NT_STATUS_UNSUCCESSFUL. The drivers are being copied to the [print$] directories correctly, just the driver registration fails. I found the posts relating to this error in 2.2.8a, so I've actually downloaded the current CVS SAMBA_2_2 branch as of yesterday, and I'm still getting the same problem, which I assumed would be fixed in the source now. I have run rpcclient -d 100 ... but it's quite big so if anyone would like to see that, please let me know. Anyone have this fixed and working? Cheers Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba+CUPS+Driver autodownload
Hi, The version of CUPS and cupsaddsmb is currently 1.1.18, (due to be upgraded to 1.1.19 soon-ish). Here's the output of running cupsaddsmb -v ...: # /usr/sbin/cupsaddsmb -v -U root oki7200 Password for root required to access localhost via SAMBA: Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir W32X86;put /var/spool/cups/tmp/3ed6034d677c4 W32X86/oki7200.PPD;put /usr/share/cups/drivers/ADOBEPS5.DLL W32X86/ADOBEPS5.DLL;put /usr/share/cups/drivers/ADOBEPSU.DLL W32X86/ADOBEPSU.DLL;put /usr/share/cups/drivers/ADOBEPSU.HLP W32X86/ADOBEPSU.HLP' added interface ip=192.168.50.129 bcast=192.168.50.255 nmask=255.255.255.128 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Domain=[XREFER] OS=[Unix] Server=[Samba 2.2.9pre1] NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86 putting file /var/spool/cups/tmp/3ed6034d677c4 as \W32X86/oki7200.PPD (16523.1 kb/s) (average 16523.4 kb/s) putting file /usr/share/cups/drivers/ADOBEPS5.DLL as \W32X86/ADOBEPS5.DLL (23519.6 kb/s) (average 22062.2 kb/s) putting file /usr/share/cups/drivers/ADOBEPSU.DLL as \W32X86/ADOBEPSU.DLL (22083.0 kb/s) (average 22066.4 kb/s) putting file /usr/share/cups/drivers/ADOBEPSU.HLP as \W32X86/ADOBEPSU.HLP (18016.8 kb/s) (average 21935.8 kb/s) Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver Windows NT x86 oki7200:ADOBEPS5.DLL:oki7200.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL' cmd = adddriver Windows NT x86 oki7200:ADOBEPS5.DLL:oki7200.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL result was NT_STATUS_UNSUCCESSFUL Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir WIN40;put /var/spool/cups/tmp/3ed6034d677c4 WIN40/oki7200.PPD;put /usr/share/cups/drivers/ADFONTS.MFM WIN40/ADFONTS.MFM;put /usr/share/cups/drivers/ADOBEPS4.DRV WIN40/ADOBEPS4.DRV;put /usr/share/cups/drivers/ADOBEPS4.HLP WIN40/ADOBEPS4.HLP;put /usr/share/cups/drivers/DEFPRTR2.PPD WIN40/DEFPRTR2.PPD;put /usr/share/cups/drivers/ICONLIB.DLL WIN40/ICONLIB.DLL;put /usr/share/cups/drivers/PSMON.DLL WIN40/PSMON.DLL;' added interface ip=192.168.50.129 bcast=192.168.50.255 nmask=255.255.255.128 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Domain=[XREFER] OS=[Unix] Server=[Samba 2.2.9pre1] NT_STATUS_OBJECT_NAME_COLLISION making remote directory \WIN40 putting file /var/spool/cups/tmp/3ed6034d677c4 as \WIN40/oki7200.PPD (20653.8 kb/s) (average 20654.3 kb/s) putting file /usr/share/cups/drivers/ADFONTS.MFM as \WIN40/ADFONTS.MFM (23420.0 kb/s) (average 23025.0 kb/s) putting file /usr/share/cups/drivers/ADOBEPS4.DRV as \WIN40/ADOBEPS4.DRV (23434.6 kb/s) (average 23294.7 kb/s) putting file /usr/share/cups/drivers/ADOBEPS4.HLP as \WIN40/ADOBEPS4.HLP (23981.6 kb/s) (average 23355.8 kb/s) putting file /usr/share/cups/drivers/DEFPRTR2.PPD as \WIN40/DEFPRTR2.PPD (13174.5 kb/s) (average 23244.0 kb/s) putting file /usr/share/cups/drivers/ICONLIB.DLL as \WIN40/ICONLIB.DLL (23071.4 kb/s) (average 23235.0 kb/s) putting file /usr/share/cups/drivers/PSMON.DLL as \WIN40/PSMON.DLL (18666.1 kb/s) (average 23096.6 kb/s) Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver Windows 4.0 oki7200:ADOBEPS4.DRV:oki7200.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADOBEPS4.DRV,oki7200.PPD,ADOBEPS4.HLP,PSMON.DLL,ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL' cmd = adddriver Windows 4.0 oki7200:ADOBEPS4.DRV:oki7200.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADOBEPS4.DRV,oki7200.PPD,ADOBEPS4.HLP,PSMON.DLL,ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL result was NT_STATUS_UNSUCCESSFUL Running command: rpcclient localhost -N -U'root%secret' -c 'setdriver oki7200 oki7200' cmd = setdriver oki7200 oki7200 Succesfully set oki7200 to driver oki7200. I've also tried running the enum{printers,drivers} commands. enumprinters [12] both give output, but enumprinters 3 gives me the same NT_STATUS_UNSUCCESSFUL. enumdrivers [123] runs without an error message, but displays nothing apart from the cmd = Cheers Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Older Mac to SAMBA copy
I've built a new samba server to replace an aging Apple 9500 running 8.6 that is acting as a 'file server'. The other macs run 9.2 and 10.2, which are the computers that will be served (I HOPE!) by the samba server. I have installed DAVE in order to be able to copy the files over to the new server. However, as the files copy, they disappear on the samba server. Someone said it is because of the data and resource forks in the old mac os, and to tell DAVE to, as I believe he said, merge the two forks. However, I see no such option in the DAVE setup. Am I missing something, or is there another way to do this? Also, will I have a problem with files name preservation of the mac files on the new server? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Older Mac to SAMBA copy
At 08:00 AM 10/26/2002 -0500, you wrote: I've built a new samba server to replace an aging Apple 9500 running 8.6 that is acting as a 'file server'. The other macs run 9.2 and 10.2, which are the computers that will be served (I HOPE!) by the samba server. I have installed DAVE in order to be able to copy the files over to the new server. However, as the files copy, they disappear on the samba server. Someone said it is because of the data and resource forks in the old mac os, and to tell DAVE to, as I believe he said, merge the two forks. However, I see no such option in the DAVE setup. Am I missing something, or is there another way to do this? Also, will I have a problem with files name preservation of the mac files on the new server? Thanks, Matt Following up to myself while I await someone else's insight I just found that if I copy the files via my win2k workstation, the files stay put. What? -- Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows cannot see Samba Server
Hello Listers! I have a small problem... All of my windows machines, XP Pro and 98 cannot see my samba server running on RH 7.3 i can do a smbclient -Llocalhost and see all my computers on the network, also windows is telling me that it is unable to browse the network, but if i unplug the samba server from the router the windows machines can see each other fine.. any help is appreciated. Thanks! Matt Gilliam -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Older Mac to SAMBA copy
I was planning to use (and that is what is installed now), DAVE by Thursby inc. That allows SMB usage on a Mac. Its the file corruption that is occurring on a mac to samba copy, that doesn't occur on a mac to samba VIA windows 2k wkstn that has me stumped. Any ideas folks? *pleading* -- Matt At 10:05 AM 10/29/2002 +1100, you wrote: On Mon, Oct 28, 2002 at 02:13:17PM -0600, Matt Nelson wrote: Since I posted this over the weekend, I thought I'd throw it out one more time to see if anyone else might see it and has any ideas on this. I didn't know samba could serve macs. Does the mac speak SMB? (Long time since I used macs) If you're only serving macs, you could use CAP or netatalk instead. Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Older Mac to SAMBA copy
I did that, still no luck. Files just dissappear. If I run netatalk, can the pc clients still work with the files as well? I don't understand why a direct copy fails, and a copy VIA a windows workstation works. That makes *no* sense. -- Matt At 03:44 PM 10/29/2002 -0500, you wrote: Matt, I am not sure what the problem is but in the smb.conf file on the Samba server the following lines should be set to preserve file name case for Macintosh applications: preserve case = yes short preserve case = yes I have run Samba servers on Solaris and Linux machines with no problems connecting and transferring files to and fro from Mac OS 8.6, 9.2, and 10.1.5 all running Dave. You should run at least Dave 3.1. You can use netatalk. I have used it on Linux but you have configure that in Samba when you compile if you want them to work together. Or you can just use netatalk. I prefer Dave because it is actually easier to setup. You are also not adding another protocol to worry about. Don Werder [EMAIL PROTECTED] Subject: Re: [Samba] Older Mac to SAMBA copy From: Bradley W. Langhorst [EMAIL PROTECTED] To: Matt Nelson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Date: 29 Oct 2002 11:53:23 -0500 On Tue, 2002-10-29 at 10:41, Matt Nelson wrote: I was planning to use (and that is what is installed now), DAVE by Thursby inc. That allows SMB usage on a Mac. Its the file corruption that is occurring on a mac to samba copy, that doesn't occur on a mac to samba VIA windows 2k wkstn that has me stumped. this is probably a bug in DAVE - i've had lots of problems with it before. Any ideas folks? *pleading* then listen to to the people who have told you this (including me) Sorry to repeat myself but you don't seem to get it. Unless I misunderstand something about your situation samba is not the right choice for your application. You should be using netatalk. really - not kidding - use netatalk brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error joining Win2K domain: ads_connect: DSA is unavailable
I'm running 3.0alpha (both current CVS pull and alpha20 from dist) and trying to have my samba server join our already in place Win2K ADS domain. I am able to 'kinit userDOMAIN' and auth successfully, but upon attempting 'net ads join', I get the following: # net ads join -Uadministrator administrator password: [2002/10/31 05:11:19, 1] libsmb/clikrb5.c:krb5_mk_req2(63) krb5_get_credentials failed for mnu-server$MNU.EDU (No credentials found with supported encryption types) [2002/10/31 05:11:19, 1] utils/net_ads.c:ads_startup(148) ads_connect: DSA is unavailable Any suggestions? -Matt MNU Internet System Administrator MNU Network Security Administrator -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error joining Win2K domain: ads_connect: DSA is unavailable
I had changed my administrator password on the Win2K server prior to doing the net ads join. 'kinit [EMAIL PROTECTED]' is successful. I went ahead and pulled down the krb5-current snapshot from MIT, and samba3.0alpha wont build with it. 30 some lines of errors when 'Linking bin/smbd', if anyone is interested. Looks like brokenness in krb5 though. Is there a snapshot out there known to work with samba+win2k kdc? Or any other idea? Is there no one running samba as a member in a Active directory? :) -Matt MNU Internet System Administrator MNU Network Security Administrator --- Original Message Below --- From: Andrew Bartlett [EMAIL PROTECTED] To: Matt Sapp [EMAIL PROTECTED] Subject: Re: [Samba] Error joining Win2K domain: ads_connect: DSA is unavailable Date: Thu, 31 Oct 2002 11:57:22 + On Thu, Oct 31, 2002 at 05:14:19AM -0500, Matt Sapp wrote: I'm running 3.0alpha (both current CVS pull and alpha20 from dist) and trying to have my samba server join our already in place Win2K ADS domain. I am able to 'kinit user@DOMAIN' and auth successfully, but upon attempting 'net ads join', I get the following: # net ads join -Uadministrator administrator password: [2002/10/31 05:11:19, 1] libsmb/clikrb5.c:krb5_mk_req2(63) krb5_get_credentials failed for mnu-server$@MNU.EDU (No credentials found with supported encryption types) [2002/10/31 05:11:19, 1] utils/net_ads.c:ads_startup(148) ads_connect: DSA is unavailable You have not got the latest MIT kerberos (you need a snapshot, the releases don't seem to support it) and your Administrator password has not been changed since you upgraded to ADS. As such the only password is the MD4 based password from pre-ads, which MIT can't use. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Not allowed from station.
Trying to get w2k to connect to unix box and receive the following error Account not authorized to login from this station. Even though it was able to before rebuild. Is there a file that needs to be in place for 2000 to connect? Please Advise Matt Larson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RH8 Packages
The samba 3.0.1 RPM for RH 8.0 seems to require two different openssl packages. It requires libssl.so.4 and libcrypto.so.2. The first is in openssl 0.9.7 and the second in openssl 0.9.6. Am I missing something? Which versions of those shared libs are actually required? -- Matt McParland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] krb5_get_credentials failed
Using Samba 3.0.1 packages from samba.org on RH 8.0 kernel 2.4.20. I'm trying to get winbindd configured so that we can do single-sign on across Win2k file servers and Samba file servers with ADS. I've configured Samba to do shares but it prompts for username/password unless the user/pass exists in smbpassword. 'net ads join' was successful and secrets.tdb was modified. The computer account shows up in ADS. There is a unix account created for the computer accont (computer-name$). Unfortunately, I only had temporary access to create computer accounts. To remove and add the computer account again (running net ads join again) would require many phone calls. I'm not sure if that part of the process is failing. It appears not, since the command executes with no error output and secrets.tdb is modified. I'm able to get kerberos tickets from the command line with kinit, but winbind seems to have trouble connecting to ADS and 'wbinfo -u' doesn't work. I've included configuration files and what I thought was the relevant part of the log. smb.conf: [global] workgroup = DOMAIN realm = REALM server string = fileserver security = ADS password server = pdc log level = 1 log file = /var/log/samba/%m.log max log size = 0 preferred master = No local master = No domain master = No enhanced browsing = No dns proxy = No idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind use default domain = Yes krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = REALM [realms] REALM = { kdc = pdc } [domain_realm] .pdc = REALM Relevant parts of winbindd.log: [2003/12/17 14:37:30, 5] nsswitch/winbindd_cm.c:cm_open_connection(178) connecting to pdc from fileserver with kerberos principal [EMAIL PROTECTED] [2003/12/17 14:37:30, 2] libsmb/cliconnect.c:cli_session_setup_spnego(665) Doing spnego session setup (blob length=106) [2003/12/17 14:37:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(690) got OID=1 2 840 48018 1 2 2 [2003/12/17 14:37:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(690) got OID=1 2 840 113554 1 2 2 [2003/12/17 14:37:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(690) got OID=1 2 840 113554 1 2 2 3 [2003/12/17 14:37:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(690) got OID=1 3 6 1 4 1 311 2 2 10 [2003/12/17 14:37:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(697) got [EMAIL PROTECTED] [2003/12/17 14:37:30, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(509) Doing kerberos session setup [2003/12/17 14:37:30, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276) krb5_get_credentials failed for [EMAIL PROTECTED] (Ticket expired) [2003/12/17 14:37:30, 4] nsswitch/winbindd_cm.c:cm_open_connection(185) failed kerberos session setup with NT_STATUS_UNSUCCESSFUL [2003/12/17 14:37:30, 5] nsswitch/winbindd_cm.c:cm_open_connection(219) anonymous connection attempt to pdc from fileserver -- Matt McParland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and Winbind ... Can't access with Samba host name ...
I saw the same symptoms using Samba 3.0.1 and a Win2k ADS. Entering the IP address in Start - Run works, but browsing NN or entering the FQDN would not. That brings up the shares on the Samba server but still can't access any of those shares. It has taken a LONG time just to get to this point. On Fri, 19 Dec 2003, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lee, please file a bug for me and we'll work on getting this resolved. This is the 3rd report of the same symptoms. Thanks. cheers, jerry C.Lee Taylor wrote: | Greetings ... | |It seems I have really got myself confused ... | |I have a Win2K3 ADS domain, I have two FedoraCore systems, one with | Samba 3.0.0 and the other with Samba 3.0.1. Both give me the same problem. | |If I try access the Samba shares from Win2K3 using the host number, I | get prompted for a username and password, and no matter what I type in, | I can't get in. | |If I use the Samba server IP address, I am able to get into shares | without been prompted for user details, but Point'nPrint don't work, it | too requests user details. | |I do seem to be getting two errors in my logs ... First in smbd.log | | [2003/12/18 13:50:19, 0] lib/util_sock.c:get_peer_addr(948) | getpeername failed. Error was Transport endpoint is not connected | [2003/12/18 16:18:07, 0] lib/util_sock.c:get_peer_addr(948) | getpeername failed. Error was Transport endpoint is not connected | |And the other in the machine log with the IP address eg ... |10.1.1.20.log | [2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) | Failed to verify incoming ticket! | [2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) | Failed to verify incoming ticket! | |But in the machine log with the hostname, I am getting normal | messages ... | |I have tried to make changes in /etc/krb5.conf, but I don't get any | further ... | |I have tried a few status checks with net, all hosts work fine ... | | [EMAIL PROTECTED] samba]# net lookup ldap | 10.1.1.16:389 | 10.1.1.17:389 | | [EMAIL PROTECTED] samba]# net lookup dc | 10.1.1.16 | 10.1.1.17 | |But net lookup kdc, master domain don't return any thing, so I don't | know what else to look for ... | | Thanks | Mailed | Lee | | - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/4pbCIR7qMdg1EfYRAuOxAJ9BHqjtY7mVCO4JSi57j1e999e1JQCfX5yg 72ROuACLvNWcSmZbLpF2gdQ= =+J2Y -END PGP SIGNATURE- -- Matt McParland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo looking for hostname as domain
On Thu, 15 Jan 2004, Andrew Bartlett wrote: Anyone know why it would be looking for the hostname as the domain instead of the domain I joined it to? This was fixed shortly after the release of 3.0.2pre1. Does that mean another release is coming? :) Does the CVS version typically compile or does it too bleeding edge? -- Matt McParland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and Winbind ... Can't access with Samba host name ...
On Fri, 16 Jan 2004, Gerald (Jerry) Carter wrote: Matt McParland wrote: | I saw the same symptoms using Samba 3.0.1 and a | Win2k ADS. | | Entering the IP address in Start - Run works, but | browsing NN or entering the FQDN would not. That brings | up the shares on the Samba server but still can't | access any of those shares. | | It has taken a LONG time just to get to this point. Ironically I'm working on this right now. Apparently entering the IP address causes the win2k client to use encapsulated NTLMSSP rather than a kerberos ticket to connect. With the latest 3.0.2pre binary release I'm actually able to browse the shares and do everything you'd expect. NN works, and so does Start - Run \\hostname. If 3.0.2pre is broken, it's not totally broken because my fileserver seems to work. -- Matt McParland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo -g works, -u fails
Sorry for the delay in re-asking: answers to the previous questions: -ncsd is not running on my box. -nsswitch.conf appears correct. I still cannot 'wbinfo -u' and get my domain users, although I am able to get the domain groups via -g. Anyone have insight? -Matt --- Hamish [EMAIL PROTECTED] wrote: May sound stupid, but have you checked your nsswitch.conf? I made the mistake of forgetting to add winbind for group and had similar problems, also make sure nscd is not running Matt R wrote: Attempting to get Winbind to authenticate against a Windows 2000 Domain, I am having one odd issue. Running: wbinfo -t returns a successful secret wbinfo -g returns the builtin groups wbinfo -u returns Error looking up domain users None of the documentation I've found points to anything where only -g or -u fails--its always both. Anyone have any ideas? Thanks in advance -Matt __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind success BUT blank root password
I have just gotten my samba machine, a SuSE 9.1 install, to work completely with my Win2k domain (in my test network, anyway.) However, after rebooting, I was unable to log into my root account on the SuSE box. In disgust, I tried to login as root with no password. Imagine my shock when it worked. Now, no matter how many times I reset my root password, using passwd or SuSE's GUI tools, I can only log into my root account with a blank password. I'm guessing PAM is to blame, but I don't even know where to start on this one. Does anyone had any ideas? -Matt __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + (LDAP + Kerberos V)
So like at least a handful of people before me I have begun the valiant stugle to unify logins at my place of business. I have setup a test LDAP + Kerberos V cluster. And I have Setup a test Samba 3 PDC. What I would like to do is get Samba to handle kerberos ticket granting and authentication to the (LDAP + Kerberos V) Directory. Such that Windows is completely unaware of the existence of Kerberos. And, also such that I don't have to keep samba domain passwords in ldap and sync them to kerberos in some sort of bizarre otherworldly failure in authentication unification. (Pardon my attempts at prose I am working on 3 hours of sleep) The question is really one of what you might suggest in terms of a design, particularly if you have tried and/or done this in the past. I have heard at least with samba 2 what I am trying is impossible. Not sure with Samba 3. I am wondering if the Active Directory support can be employed to my benefit in this manner. Now, assuming the worst and samba is incapable of handling kerberos tickets, and assuming i manage to handle tickets in ldap itself I can authenticate LDAP Sambe users of Kerberos without having to keep a synced password db correct? -Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Compiling Samba-3.0.7 on FreeBSD 5.2.1
I was wondering if anyone has tried compiling Samba-3.0.7 on FreeBSD 5.2.1. When running the configure script I get a warning that ldap.h could not be found when I know I have openldap installed. The openldap.h file is located in my /usr/local/include. When I copy that file to /usr/include, I get the same error message. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Compiling Samba 3.0.7 on FreeBSD 5.2.1
I am desperately seeking help. I get an error related to not being able to find ldap.h when I know that it is there. It is located in my /usr/local/include directory. I have built and installed openldap from the source. When I use ./configure -with-readline=/usr/local, I get an error that libldap cannot be found. How do I compile from the source on samba 3.0.7? What mandatory pre-reqs are there? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configuration with Windows clients
Try this [Shared_pcs] path = /Common/Shared_pcs guest ok = yes create mask = 0777 browseable = yes write list = user1, user2, etc. On Thu, 2004-11-04 at 11:13, Albert HERVO wrote: I try to configure a Samba Server to give access to a shared directory and subdirectories : - Read access to everyboby WITHOUT need to give a login (User/password): to all PCs on my network (workgroup) - Write access to only some Users , or some PC ( authorized by their @IP) I have this in the smb.conf (on the linux Server): [Shared_pcs] path = /Common/Shared_pcs guest only = No public = Yes writable = Yes create mask = 0777 browseable = Yes Whith this , all users can read but nobody can write in the directory Shared_pcs -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Allow access to a share to all members of a container?
This script will add all of the users in an OU to a Group. Copy it and save it with a .vbs extension. Begin Script ' The OU that contains the users you want to add. Set oContainer = GetObject (LDAP://OU=Test,DC=domain,DC=com;) ' The group you want to add them too. GroupAdd = New Group ' Old style Domain Name DomainName = DOMAIN Set GroupObj = GetObject(WinNT:// DomainName / GroupAdd) ModifyUsers oContainer Sub ModifyUsers(oObject) Dim oUser oObject.Filter = Array(User) For Each oUser in oObject If oUser.Class = user Then ' Comment in the next line in for testing. ' WScript.Echo ouser.samAccountName ' The next line adds the users to the group. GroupObj.Add (WinNT:// DomainName / _ oUser.samAccountName) End If Next End Sub End Script On Thu, 2004-11-04 at 14:52, Tom Dickson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 They are in a 2000 ADS OU. - -Tom Matt Perkins wrote: | Do the users exist in an OPENLDAP database or Windows Active Directory? | | On Thu, 2004-11-04 at 10:47, Tom Dickson wrote: | | I have 104,000 users, some of which are in the OU: | | ad.network.local\AD\People\IFAS\Hort | | Is there an easy way to find all the users in this OU and grant them | access to a share? | | Or do I have to list each user individually? | | And if so, can I use net user to list the users in an OU? | | -Tom | . -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBipZ72dxAfYNwANIRAjU0AJ9f2izoSLin4WcDIc3ikiirzXDRpACff/kg SomENjyM72ClkA2hz+BaJuc= =zeTr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] GID-to-SID mapping fails
Name-to-SID works: [EMAIL PROTECTED] mpmCx]# wbinfo -n QA4\\DnsUpdateProxy S-1-5-21-3152226350-2923503207-3337354198-1105 Domain Group (2) SID-to-Name works [EMAIL PROTECTED] mpmCx]# wbinfo -s S-1-5-21-3152226350-2923503207-3337354198-1105 QA4\DnsUpdateProxy 2 SID-to-GID works: [EMAIL PROTECTED] mpmCx]# wbinfo -Y S-1-5-21-3152226350-2923503207-3337354198-1105 10010 GID-to-SID fails: [EMAIL PROTECTED] mpmCx]# wbinfo -G 10010 Could not convert gid 10010 to sid Any suggestions? Additional info: [EMAIL PROTECTED] mpmCx]# wbinfo --version Version 3.0.7-1.3E [EMAIL PROTECTED] mpmCx]# wbinfo -g BUILTIN\System Operators BUILTIN\Replicators BUILTIN\Guests BUILTIN\Power Users BUILTIN\Print Operators BUILTIN\Administrators BUILTIN\Account Operators BUILTIN\Backup Operators BUILTIN\Users QA4\Domain Computers QA4\Domain Controllers QA4\Schema Admins QA4\Enterprise Admins QA4\Domain Admins QA4\Domain Users QA4\Domain Guests QA4\Group Policy Creator Owners QA4\DnsUpdateProxy [EMAIL PROTECTED] mpmCx]# getent group | grep 10010 QA4\DnsUpdateProxy:x:10010: -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net ads joing fails using Red Hat samba 3.0.7-1.3E.1 (Re: Samba 3 as domain member of w2k realm)
R.B. wrote: i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain: [EMAIL PROTECTED] squid]# net ads join -U myuser myuser's password: [2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183) ads_connect: Program lacks support for encryption type This appears to be a bug in Red Hat's version of Samba. See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139668 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: share names longer than 12 characters
Kristof Van Landschoot wrote: The problem is this: using smbclient -L, the shares are just not listed. This is a known limitation, but there is a workaround. See: https://bugzilla.samba.org/show_bug.cgi?id=1629 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind: authenticating UNIX user before Win Domain user
Luke Mewburn wrote: I have the same requirement; except samba can't currently do this. See: http://lists.samba.org/archive/samba/2004-October/094981.html I implemented a trim default domain option and provided a patch in: http://www.dragoninc.on.ca/mail-archives/samba-technical/2004-10/0342.html What about the following scenario? 1. User1 is not in NIS. 2. DOMAIN\User1 logs into Samba 3. Winbind creates UID for User1 4. NIS administrator then adds User1 to NIS It appears you could end up with conflicting UIDs for User1, unless Winbind automatically added the user to NIS at the same time. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: net ads join fails using Red Hat samba 3.0.7-1.3E.1 (Re: Samba 3 as domain member of w2k realm)
Resending with corrected subject line Matt Seitz wrote: R.B. wrote: i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain: [EMAIL PROTECTED] squid]# net ads join -U myuser myuser's password: [2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183) ads_connect: Program lacks support for encryption type This appears to be a bug in Red Hat's version of Samba. See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139668 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Filesystem Corruption
Since upgrading to RedHat 9 and Samba 2.2.8 to Fedora Core 2 and Samba 3, I have had filesystem corruption which may or not be related to Samba. Our current configuration is FC2, Samba 3.0.7-2.FC2, Kernel 2.6.8-1.521smp. The filesystem is LVM and ext3. When a file becomes corrupt, the uid, gid and file size are huge and any attempt to work with the file fails. Here is an example: ll 18889452.IMG -rwxrw-rw- 1 1516382365 2303928080 24576 Dec 31 1969 1889452.IMG The corruption occurs for different file types on different volumes and I have not been able to find any similarities among the files. Any tips would be greatly appreciated. -- Matt Perkins RHCE, MCSE Lattimore Black Morgan Cain, P.C. 5250 Virginia Way Brentwood, TN 37024-1869 e-mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] General Question
In the upcoming Samba4, are there plans to make working with LDAP databases easier? I have just given up on an ldap backend due to time constraints. I simply cannot get it to work. My guess is that net rpc vampire will not work for account synchronization between PDC and BDC. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbd reads entire directory when creating files?
Apologies if this is a FAQ. We are saddled with some directories full of production image files that number in the hundreds of thousands to the millions. (Yes, I know this is bad.) They reside on a couple of Win 2003 boxes that are flaky and unreliable. I was hoping to copy them over to a Linux box running samba but it is taking forever. A strace on the smbd process receiving the files from the windows box (it is mapped as a share on the 2k3 server) reveals that smbd is looking up the entire directory (with getdents64) every time it writes a file. Several times, in fact. So as the number of files grows, it churns more and more. I'm sure most of it is in cache but the data still has to be moved around in memory. I know this is not necessary for writing/copying files with unix semantics, but I wonder if the case-fiddling or any other Windows imitative behavior is making this getdents64 orgy necessary. Is there any way to disable it? I was going to post a bit of the strace output but it is extremely long and (to my eyes, anyway) not very interesting. I can supply it to anyone who is interested in seeing it. Any suggestions appreciated. I also note that while using smbclient instead of mapping the drive from the Windows box might help with this copy, it will not help if we were to try to use this setup to replace the 2k3 servers (the eventual goal). So any pointers in that direction, while perhaps interesting for comparison, are not especially relevant. greenville:~# smbd -V Version 3.0.7-Debian smb.conf is attached. Not much interesting in there, it is pretty much stock. vfs_ownerwrite is a small VFS module I hacked up to do an extra chown on a file that is written to the share (used in a common PDC/Unix environment on some shared directories.) I am using the deadwood_ftp share in this case, so the module is not involved. -m # Samba configuration file for media servers. # - # # $Id: smb.conf,v 1.2.4.6 2002/03/13 18:56:16 peloy Exp $ # # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options most of which # are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentary and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command # testparm to check that you have not many any basic syntactic # errors. # #=== Global Settings === [global] # can this be turned back on? use sendfile = no # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d # Change this for the workgroup/NT-domain name your Samba server will part of workgroup = VP # server string is the equivalent of the NT Description field server string = %h server (Samba %v) # If you want to automatically load your printer list rather # than setting them up individually then you'll need this ; load printers = yes # You may wish to override the location of the printcap file ; printcap name = /etc/printcap # 'printing = cups' works nicely ; printing = bsd ; guest account = nobody invalid users = root # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 1000 # If you want Samba to log though syslog only then set the following # parameter to 'yes'. Please note that logging through syslog in # Samba is still experimental. ; syslog only = no # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smb,nmb} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # security = user is always a good idea. This will require a Unix account # in this server for every user accessing the server. See # security_level.txt for details. security = domain # You may wish to use password encryption. Please read ENCRYPTION.txt, # Win95.txt and WinNT.txt in the Samba documentation. Do not enable this # option unless you have read those documents encrypt passwords = true passdb backend = tdbsam guest # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /home/samba/etc/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY # --- Browser Control Options --- # Please _read_ BROWSING.txt and set the
Re: [Samba] smbd reads entire directory when creating files?
Jeremy Allison wrote: On Tue, Dec 07, 2004 at 02:08:56PM -0600, Matt Mitchell wrote: A strace on the smbd process receiving the files from the windows box (it is mapped as a share on the 2k3 server) reveals that smbd is looking up the entire directory (with getdents64) every time it writes a file. Several times, in fact. So as the number of files grows, it churns more and more. I'm sure most of it is in cache but the data still has to be moved around in memory. I know this is not necessary for writing/copying files with unix semantics, but I wonder if the case-fiddling or any other Windows imitative behavior is making this getdents64 orgy necessary. Is there any way to disable it? Not currently. This is something I'm working on - would you be willing to test some prototype code once I'm done ? I'd love to. This file count also exposes some brokenness in the 'tar' functionality of smbclient, perhaps in smbclient itself (my next workaround attempt). I'll try to gather more info on that for whoever might be interested, or patch it myself if possible. -m -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd reads entire directory when creating files?
Jeremy Allison wrote: A strace on the smbd process receiving the files from the windows box (it is mapped as a share on the 2k3 server) reveals that smbd is looking up the entire directory (with getdents64) every time it writes a file. Several times, in fact. So as the number of files grows, it churns more and more. I'm sure most of it is in cache but the data still has to be moved around in memory. I know this is not necessary for writing/copying files with unix semantics, but I wonder if the case-fiddling or any other Windows imitative behavior is making this getdents64 orgy necessary. Is there any way to disable it? I was also looking at the case sensitivity options, but alas they don't seem to be able to prevent the readdir bonanza. I'm guessing the unix_convert routine is responsible for at least one set of traversals. In this case I don't care at all about converting these paths and there are no wildcards. It seems that, in that particular case, the contract of the routine could be satisfied by checking to see if we are in case sensitive mode and if so we don't bother doing the scan_directory (filename.c:284), since the SMB_VFS_STAT will tell us if the file really exists or not. Granted, it's an optimization. I realize that in the presence of wildcards (of which case-insensitivity is a variety) you have to do that scan_directory call. Of course, ideally, you would cache that resulting directory list as long as you possibly can. Name mangling also complicates this, but it's another feature I'm not using at all in this application. Obviously such a special case would make the code ugly...but I might try patching it just for my own testing to see if it makes any difference. Any pointers you can offer? -m -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd reads entire directory when creating files?
Jeremy Allison wrote: On Wed, Dec 08, 2004 at 01:37:23PM -0600, Matt Mitchell wrote: Obviously such a special case would make the code ugly...but I might try patching it just for my own testing to see if it makes any difference. Any pointers you can offer? That's exactly the case I was intending to add :-). I'm have to work on the malloc issue at the moment - you seem to have quickly identified the neccessary optimization without my help :-) - well done ! Don't give me too much credit just yet :-) So it appears that unix_convert behaves reasonably well if conn-case_sensitive is true (and mangling is not in effect, which I would guess is true in probably 95% of cases today). There is already an escape in there which is triggered if the user is not so dumb as to assume that he is using the share he thinks he is (with case sensitive = yes) as opposed to one without. filename.c:186 in my sources. That takes care of one readdir. The other is happening as a result of either xcopy or Windows checking to see if the file exists before copying it. i.e. it's doing a call_trans2findfirst, which calls OpenDir eventually, reading in the whole directory before deciding that the file isn't already there. This one is more subtle, and I don't know enough about the SMB semantics to really know what a valid approach would be. The same logic for optimization would seem to apply whenever conn-case_sensitive is in effect and we are not asked for a wildcard string, but I have no idea about implications for other areas of the protocol that might depend on that dirptr actually being populated. As I have time today I will keep digging. Any insight appreciated. Should this be moved to samba-technical? -m -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Choosing hardware for a Samba based home media server
I am considering obtaining a PC to host Samba as a home media server. The server will hold: * music files (about 6000, mostly mp3) * images (about 4000, mostly jpg) * the odd video (about 15, mostly music videos) It will be used to stream media to no more than 5 PCs (i.e. one in the living room to handle 'My Picture' slideshows, and playing music files, etc). Most of the client machines will have no hard drive and will boot from a Compact Flash card. My questions are: 1. Is Samba the right choice of software for this type of application? 2. What hardware would I need for this machine? (Obviously, plenty of disk storage (scsi/raid?), but what about processor and memory?) Thanks... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind usernames
Hi, I'm successfully using winbind to authenticate a debian sarge workstation against an nt4 server. Works a treat. However, I have an odd situation where a user logs in for the first time as John Smith and gets created a John Smith directory in /home. *Then*, if they log in as john smith, they get a second directory created as john smith in /home! (yes, our nt4 usernames have whitespace in them, and yes, it's a headache - but that's another story) This is for a network of 600 pupils and teachers, who cannot remember if they logged in lowercase, uppercase or both. How can I either (i) enforce lowercase only, or (ii) have winbind treat John and john the same? Thanks -- Matt ___ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind usernames
--- Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Johnson wrote: | Hi, | | I'm successfully using winbind to authenticate a | debian sarge workstation against an nt4 server. | | Works a treat. | | However, I have an odd situation where a user logs in | for the first time as John Smith and gets created a | John Smith directory in /home. *Then*, if they log | in as john smith, they get a second directory | created as john smith in /home! | | (yes, our nt4 usernames have whitespace in them, and | yes, it's a headache - but that's another story) | | This is for a network of 600 pupils and teachers, who | cannot remember if they logged in lowercase, uppercase | or both. | | How can I either (i) enforce lowercase only, or (ii) | have winbind treat John and john the same? This was fixed in a more recent release (3.0.9 ? maybe check the WHATSNEW) by internally converting all winbindd usernames and groups to lowercase regardless of what the user typed in. *Much* obliged. Thanks. I did google, but didn't come up with the search phrase that pays. Thank you for this. -- Matt ___ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: winbind usernames
How can I either (i) enforce lowercase only, or (ii) have winbind treat John and john the same? You're running mixed versions of Samba 3, I presume? Check the WHATSNEW.txt -- there was a change a few versions back to down-case all username automatically. Thanks - but what does mixed versions of Samba 3 mean? (I'm running whatever came with Sarge about 3 months ago on the workstation... I'll check tomorrow at work what version it's running. Sarge *now* has 3.0.10, so I can upgrade very simply). Thanks for this folks -- Matt ___ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind causing authentication to hang on solaris apps (HELIOS ETHERSHARE)
Hello All, I'm running solaris8 and samba3 with winbind configured with ads authentication. Now samba and winbind work just great on their own and for the most part we have no problems with it. However for some reason other solaris applications seem to be consulting winbind for authentication even when it is not part of nsswitch.conf. This one application in particular named helios ethershare whenever attempting to login to the admin server simply hangs when winbind is running even if its not in nsswitch. When we stop winbind you can login when we have winbind running it hangs and never responds. I'm s confused. If anyone can help please do, I'll send any info you need eg logs, configs whatever you need. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.20 Solaris questions PLEASE HELP!
Hello, I have samba 3.20 running in test on Solaris 8 and 9 beautifully it is curently configured as a Domain Client it authenticates using winbind and nsswitch libraries using ADS with windows 2003 server. I have krb5 and ldap working just fine but I now find myself with a mess of bugs and questions and I could really use some of your expertise in the matters so here they go, Thank you s much in advance to anyone who has some answers for me. Questions 1 - Does PAM have to be configured when using winbind and samba 3 in an ADS environment? Everything is currently working and I've done nothing to configure PAM, yet all online documetation states this is a necissary step? 2 - Can samba 3 still use ads and winbind without adding winbind to nsswitch.conf? If not is there anyway to force winbind to leave all applications with the exception of samba out of its control eg helios admsrv, afpserv or anything else installed on the system that may consult nsswitch that knows nothing about domains or winbind? 3 - Why does wbinfo -u fail to return entries from the domain controler periodically? Is this normal behavior or did I mess up configuration someplace? 4 - wbinfo -u seems to work 80% of the time but when it takes a long time to query the domain controller access to any service on the sun server is slow? PLEASE HELP GUYS ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.20 Solaris questions PLEASE HELP!
OMG Jerry YOU ARE A GOD! Enum users and enum groups did the trick I turned them off and I can now login to admsrv dude thank you s much I've been trying to figure that out for 2 weeks I OWE U BEER or wine whatever you want ! On 10/3/05, Matt Marcus [EMAIL PROTECTED] wrote: Jerry, Thank you sooo much for your answers to my questions I was beggining to lose hope :) As for your answer below, do you have any online resources that may go over how to configure a chroot environment, I'm not familure with it at all? The application we're using on this box requires Solaris 8 so an upgrade to solaris 10 is not currently possible. Samba has to have a uid/gid for each user/group in the Windows domain. If you don't want to use the global /etc/nsswitch.conf, you could use a chroot environment or a Solaris 10 zone. I will attempt the changes you suggested today. Basically I'm having a problem with this product named Helios Ethershare its an old school legacy OPI and appletalk filesharing system. There is an administration service named admsrv that allows you to configure the ethershare application via a client gui. It is this app thats causing all the issues with winbind. The app should essentially consult nsswitch.conf, find the root user, if the root user does not exist it will consult its own passwd database for root, if it can't find an account there it will consult nsswitch for some other means of auth. Unfortuently when winbind is running the app doesn't see root in /etc/passwd or in its own passwd database and then begins to consult winbind. However the app hangs while logging in for 30 minutes but stopping winbind allows you to login instantly. I'm attaching my smb.conf as well as 3 text files named (TrussAdmSrvFailed.out, TrussAdmsrvSuccess.out, and TrussWinbindFailedAuth.out) The first two are truss outputs of the application admsrv in both a successful state without winbind and an unsucessful state with winbind. The last is a truss of winbind while a failed login is in progress. I hope this is enough to help let me know if there is something else that may help with debugging this. # Samba config file created using SWAT # from 170.165.228.218 http://170.165.228.218/ ( 170.165.228.218http://170.165.228.218/ ) # Date: 2005/09/29 16:51:36 # Global parameters [global] workgroup = NDMSNET realm = NEWSDAY.AD.TRB netbios name = NDCCS server string = Consolidated Content Server interfaces = 170.165.195.177 http://170.165.195.177/ bind interfaces only = Yes security = ADS map to guest = Bad User lanman auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No getwd cache = No wins server = 170.165.228.9 http://170.165.228.9/ ldap ssl = no idmap uid = 1-3 idmap gid = 1-3 winbind separator = + winbind use default domain = Yes admin users = root, NDMSNET+marcusm wide links = No [Laser] comment = Laser Print Queue Share path = /opi_laser read only = No [Imagers] comment = Image Setter Queue Share path = /opi_imagers read only = No [XML] comment = XML Share For Order Entry path = /app/samba/Mounts read only = No [ToPlate] comment = PDF To Plate Share path = /psfiles/To_Plate read only = No [RipCheck] comment = Rip Validation Share path = /app/samba/PagMounts [MattsHome] comment = Home Dir path = /usr/users/mmarcus read only = No create mask = 0664 directory mask = 0775 browseable = No [HammerThis] comment = Samba3 Stress Test path = /vol11 admin users = NDMSNET+marcusm, NDMSNET+benzej read only = No guest ok = Yes On 10/3/05, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Marcus wrote: | 1 - Does PAM have to be configured when using winbind | and samba 3 in an ADS environment? Everything is currently | working and I've done nothing to configure PAM, yet | all online documetation states this is a necissary step? No. You only need PAM if you want to use pam (or build pam_winbindd.so) | 2 - Can samba 3 still use ads and winbind without | adding winbind to nsswitch.conf? If not is there anyway | to force winbind to leave all applications with the | exception of samba out of its control eg helios | admsrv, afpserv or anything else installed on the | system that may consult nsswitch that knows | nothing about domains or winbind? Samba has to have a uid/gid for each user/group in the Windows domain. If you don't want to use the global /etc/nsswitch.conf, you could use a chroot environment or a Solaris 10 zone. | 3 - Why does wbinfo -u fail to return entries from | the domain controler periodically? Is this normal | behavior or did I mess up configuration someplace? No. wbinfo -u should consistently return all users. | 4 - wbinfo -u seems to work 80% of the time but | when it takes a long time to query the domain | controller access to any
[Samba] Multiple domain controllers
I have setup two samba domain controllers, both have basicly the same configs and use the same ldap database backend. The question is, is there anything else I really need to do to make this work correctly? I can generally join the domain fine, and browse / access the shares on both servers. Sometimes there are login issues, trying to log in multiple times works. So I am wondering if I missed something, like something I need to add to the config so the two servers know they are both DC's? The goal is to be able to at least log in with only one of the two up. And suggested reading on this subject? any ideas? Thanks :) -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] backup LDAP
does winbind have the capability to have a backup idmap backend via ldap? ie: idmap_backend = ldap://primary idmap_backend = ldap://secondary I know this syntax is not allowed but I'm wondering if anybody sees this as a usable feature. I apologize ahead of time if this is not the catalyst of a relevant discussion. Thanks all -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unrecognized pam_winbind/gdm error.
Hello all, I have successfully setup winbind with clients pointing to a central ldap server, and have had great results for ssh service logins, however i get wierd problems with gdm login attempts after winbind has been running for a while. Oct 10 14:45:26 ctilinux6 pam_winbind[2398]: request failed, but PAM error 0! Oct 10 14:45:26 ctilinux6 pam_winbind[2398]: internal module error (retval = 3, user = `mahmed') Oct 10 14:45:29 ctilinux6 gdm-binary[2398]: Couldn't authenticate user This error can be resolved by restarting winbind, thus allowing users to login again. Ive setup a cron job to do this every few hours but I want to find the root of the problem... many thanks to to developers and supporters of the samba project, im documenting all my setup notes / issues and am going to post them to a website soon -matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unrecognized pam_winbind/gdm error.
sorry gentlemen... Samba 3.0.20 on all machines using binares from samba.org http://samba.organd fully updated FC4 systems. Oct 12 17:38:21 ctilinux6 pam_winbind[4085]: Verify user `msellers' Oct 12 17:38:21 ctilinux6 pam_winbind[4085]: request failed, but PAM error 0! Oct 12 17:38:21 ctilinux6 pam_winbind[4085]: internal module error (retval = 3, user = `msellers') then I restarted winbind Oct 12 17:38:57 ctilinux6 winbindd[4100]: [2005/10/12 17:38:57, 0] lib/debug.c:debug_lookup_classname(352) Oct 12 17:38:57 ctilinux6 winbindd[4100]: debug_lookup_classname(ads): Unknown class Oct 12 17:38:57 ctilinux6 winbindd[4100]: [2005/10/12 17:38:57, 0] lib/debug.c:debug_lookup_classname(352) Oct 12 17:38:57 ctilinux6 winbindd[4100]: debug_lookup_classname(rpc): Unknown class Oct 12 17:39:37 ctilinux6 pam_winbind[4111]: Verify user `msellers' Oct 12 17:39:37 ctilinux6 pam_winbind[4111]: user 'msellers' granted access Oct 12 17:39:37 ctilinux6 pam_winbind[4111]: user 'msellers' granted access Oct 12 17:39:38 ctilinux6 sshd(pam_unix)[4113]: session opened for user msellers by (uid=0) Any clues :-) Thanks all! -matt On 10/11/05, Andrew Bartlett [EMAIL PROTECTED] wrote: On Mon, 2005-10-10 at 15:47 -0700, Jeremy Allison wrote: On Mon, Oct 10, 2005 at 02:56:21PM -0500, Matt Sellers wrote: Hello all, I have successfully setup winbind with clients pointing to a central ldap server, and have had great results for ssh service logins, however i get wierd problems with gdm login attempts after winbind has been running for a while. Oct 10 14:45:26 ctilinux6 pam_winbind[2398]: request failed, but PAM error 0! Oct 10 14:45:26 ctilinux6 pam_winbind[2398]: internal module error (retval = 3, user = `mahmed') Oct 10 14:45:29 ctilinux6 gdm-binary[2398]: Couldn't authenticate user This error can be resolved by restarting winbind, thus allowing users to login again. Ive setup a cron job to do this every few hours but I want to find the root of the problem... many thanks to to developers and supporters of the samba project, im documenting all my setup notes / issues and am going to post them to a website soon What version of Samba ? That would help with narrowing down any winbindd issues. This rather smells like pam_winbind/winbindd version mismatch to me. Just an idea, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQBDS5Caz4A8Wyi0NrsRAn4gAJ95vVdkHvM0CaCH09ORpEHJ25FGIgCdGmH/ YyndDwZRUX1WlQKIezHZOVQ= =gC1p -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain cannot be contacted
I have setup two samba domain controllers, both have basicly the same configs and use the same ldap database backend. Often however when logging in users will get a domain cannot be contacted error, attempting to login multiple times will eventually get them in and it will work fine from then on. The question is, is there anything else I really need to do to make this work correctly? Why would this error be occuring only some of the time? I can generally join the domain fine, and browse / access the shares on both servers. So I am wondering if I missed something, like something I need to add to the config so the two servers know they are both DC's? The goal is to be able to at least log in with only one of the two up. And suggested reading on this subject? any ideas? Thanks :) -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] idealx dual head patch?
i have two domain controllers, both have openldap, server1 can write to the ldap database and pushes that to server2 which can only read. In the smbldap.conf file it reads... # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Ex: slaveLDAP=127.0.0.1 slaveLDAP=127.0.0.1 slavePort=389 # Master LDAP : needed for write operations # Ex: masterLDAP=127.0.0.1 masterLDAP=172.16.0.1 masterPort=389 So my question is, in the newest versions of samba has this patch that they talk about already been added? or not? I cant find this dual head patch anywhere on idealx's site either. -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20b in ADS mode with MIT realm trust problems
PROTECTED] [2005/10/31 11:18:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/10/31 11:18:40, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/10/31 11:18:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/10/31 11:18:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/31 11:18:40, 3] libads/ldap.c:ads_connect(285) Connected to LDAP server 146.169.x.x [2005/10/31 11:18:40, 3] libads/ldap.c:ads_server_info(2514) got ldap server name [EMAIL PROTECTED], using bind path: dc=WIN,dc=DOC,dc=IC,dc=AC,dc=UK [2005/10/31 11:18:40, 3] libsmb/cliconnect.c:cli_start_connection(1407) Connecting to host=DC [2005/10/31 11:18:40, 3] lib/util_sock.c:open_socket_out(867) Connecting to 146.169.x.x at port 445 [2005/10/31 11:18:40, 0] auth/auth_domain.c:domain_client_validate(199) domain_client_validate: unable to validate password for user mwj in domain WIN to Domain controller \\DC. Error was NT_STATUS_WRONG_PASSWORD. [2005/10/31 11:18:40, 2] auth/auth.c:check_ntlm_password(317) check_ntlm_password: Authentication for user [mwj] - [mwj] FAILED with error NT_STATUS_WRONG_PASSWORD When it works, it realizes that there is a foreign realm involved and authenticates fine. 2005/10/31 11:00:56, 3] smbd/negprot.c:reply_nt1(337) using SPNEGO [2005/10/31 11:00:56, 3] smbd/negprot.c:reply_negprot(559) Selected protocol NT LM 0.12 [2005/10/31 11:00:56, 3] smbd/process.c:process_smb(1114) Transaction 2 of length 1568 [2005/10/31 11:00:56, 3] smbd/process.c:switch_message(900) switch message SMBsesssetupX (pid 22782) conn 0x0 [2005/10/31 11:00:56, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/31 11:00:56, 3] smbd/sesssetup.c:reply_sesssetup_and_X(751) wct=12 flg2=0xc807 [2005/10/31 11:00:56, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(588) Doing spnego session setup [2005/10/31 11:00:56, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(619) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/10/31 11:00:56, 3] smbd/sesssetup.c:reply_spnego_negotiate(480) Got OID 1 2 840 48018 1 2 2 [2005/10/31 11:00:56, 3] smbd/sesssetup.c:reply_spnego_negotiate(480) Got OID 1 2 840 113554 1 2 2 [2005/10/31 11:00:56, 3] smbd/sesssetup.c:reply_spnego_negotiate(480) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/10/31 11:00:56, 3] smbd/sesssetup.c:reply_spnego_negotiate(483) Got secblob of size 1337 [2005/10/31 11:00:57, 3] smbd/sesssetup.c:reply_spnego_kerberos(179) Ticket name is [EMAIL PROTECTED] [2005/10/31 11:00:57, 3] smbd/sesssetup.c:reply_spnego_kerberos(192) Ticket for foreign realm [EMAIL PROTECTED] The clocks on all machines involved are synchronized to a single source. Has anyone heard of this type of problem and/or has a solution? Equally, does anyone need more information to debug the problem? Thanks, Matt -- Matt Johnson [EMAIL PROTECTED] Junior Systems Programmer Computing Support Group Computers are the most intelligent idiots there are. - Norman Teller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba domains with ldap
I've been following the Samba 3 by Example book by John Terpstra and having problems getting things to work properly. Right now when I try to add a computer to the domain I get the attached in the log files. And Windows returns the error message: The following error occured attempting to join the domain DEATH: The user name could not be found.The system name, isdept88 in this case, get's added to the ldap, but the system doesn't attach to the domain. :S Also attached are some of my config files. I'm using Samba 3.0.12-5, Openldap2-2.2.23-6, smbldap-tools 0.8.4. Thanks in advance for any ideas. [2005/11/01 09:29:53, 2] lib/interface.c:add_interface(81) added interface ip=192.168.200.1 bcast=192.168.200.255 nmask=255.255.255.0 [2005/11/01 09:29:53, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/11/01 09:29:53, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/11/01 09:29:53, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [administrator] - [root] - [root] succeeded [2005/11/01 09:29:53, 2] lib/access.c:check_access(324) Allowed connection from (192.168.200.25) [2005/11/01 09:29:53, 2] lib/interface.c:add_interface(81) added interface ip=192.168.200.1 bcast=192.168.200.255 nmask=255.255.255.0 [2005/11/01 09:29:53, 2] smbd/reply.c:reply_special(236) netbios connect: name1=PDC name2=ISDEPT88 [2005/11/01 09:29:53, 2] smbd/reply.c:reply_special(243) netbios connect: local=pdc remote=isdept88, name type = 0 [2005/11/01 09:29:53, 2] smbd/server.c:exit_server(609) Closing connections [2005/11/01 09:29:54, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain DEATH - S-1-5-21-932451236-683595512-1290266429 [2005/11/01 09:29:55, 2] smbd/server.c:exit_server(609) Closing connections -- Matt Ingram Intermediate Unix Administrator, IS Canadian Bank Note Company, Limited \m/ # Credential Configuration # # Notes: you can specify two differents configuration if you use a # master ldap for writing access and a slave ldap server for reading access # By default, we will use the same DN (so it will work for standard Samba # release) slaveDN=cn=Manager,dc=hell,dc=com slavePw=secret masterDN=cn=Manager,dc=hell,dc=com masterPw=secret host192.168.200.2 basedc=hell,dc=com ldap_version3 binddn cn=Manager,dc=hell,dc=com bindpw secret rootbinddn cn=Manager,dc=hell,dc=com pam_password exop ssl no nss_map_attribute uniqueMember member pam_filter objectclass=posixAccount nss_base_passwd ou=Users,dc=hell,dc=com nss_base_shadow ou=Users,dc=hell,dc=com nss_base_group ou=Groups,dc=hell,dc=com passwd: files ldap shadow: files ldap group: files ldap hosts: files dns wins networks: files dns services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files nis aliases:files [global] unix charset = LOCALE workgroup = DEATH netbios name = PDC passdb backend = ldapsam:ldap://bdc.hell username map = /etc/samba/smbusers log level = 2 syslog = 0 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS show add printer wizard = No add user script = /var/lib/samba/sbin/smbldap-useradd -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd -w '%u' shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = scripts\logon.bat logon path = \\%L\%U logon drive = P: logon home = \\%L\%U domain logons = Yes preferred master = Yes wins support = Yes ldap suffix = dc=hell,dc=com ldap machine suffix = ou=Users ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=hell,dc=com idmap backend = ldap://bdc.hell.com idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes printing = cups printer admin = Administrator [IPC$] path = /tmp
[Samba] Two DC's + ldap, some general questions
I have two samba dc's, same subnet, the goal is to have them both be able to answer domain login requests and therefore if one goes down we still have the ability to login to the domain. Can this be done with samba? if so could you just tell me generally the procedure for this? heres what I have right now. server1, openldap master, samba points to loopback for ldap server2, openldap replica, samba points to loopback, but to server1 for writes I figured that would about do it, however then I see in the smbldap.conf for the idealx scripts it says # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. I am using the latest stable of samba, is that patch included? is that something i have to worry about? I searched all over the net, and I found several asking the question but found no answers. Lastly I think my sid's are messed up a bit. My understanding is that all dc's should have the same local sid, and that the local sid as entered by net setlocalsid, will be the domain's sid. Correct? Regardless I think I have an issue here, have a look... on server1: [EMAIL PROTECTED] samba]# net getlocalsid server1 SID for domain SERVER1 is: S-1-5-21-1624854736-2567889874-1153258394 [EMAIL PROTECTED] samba]# net getlocalsid server2 [2005/11/02 00:16:17, 0] utils/net.c:net_getlocalsid(494) Can't fetch domain SID for name: server2 on server2: [EMAIL PROTECTED] samba]# net getlocalsid server1 SID for domain server1 is: S-1-5-21-3030423605-2090081018-3134100962 [EMAIL PROTECTED] samba]# net getlocalsid server2 SID for domain server2 is: S-1-5-21-1624854736-2567889874-1153258394 so why is it that I can not query the localsid for server2 from server1, and that it reports some other sid on the other box for server1? I should mention that server2 is the wins server, and server1 has a wins server = ipofserver2 in its config. Domain logins work fine when workstations authenticate to server2, they dont seem to work at all when going to 1. They used to, but something got jacked up and several things I don't think were ever quite right. Thanks, I hope you guys can straighten me out a bit. -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba