[Samba] 1st winbind 2nd vampire
Hi I set up a samba server as domain memeber. I used winbind for user/ groupmapping. Now the samba server should replace the NT 4.0 PDC. I want to use net vampire to store the account database on the samba server. Will net vampire obey idmap mapping ot will the uid/gid number change? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PRoblem with ntlm_auth
Hi I use suse 10.0. I want to use ntlm_auth to authenticated users in squid. Unfortunatly when I try to test the helper I get this error: proxy:~ # /usr/local/sbin/ntlm_auth --helper-protocol=squid-2.5-basic --debuglevel=3 tilo *password* [2005/10/14 18:10:58, 3] utils/ntlm_auth.c:check_plaintext_auth(292) NT_STATUS_INVALID_HANDLE: Invalid handle (0xc008) ERR I have googled a bit but I didn't found a hint what this error means. Other logfiles, e.g. log.smbd on the server doesn't change anything This is the smb.conf: [global] workgroup = WMS-NET netbios name = proxy username map = /etc/samba/smbusers map to guest = Bad User include = /etc/samba/dhcp.conf security = domain password server = home wins server = 192.168.0.7 encrypt passwords = yes idmap uid = 9-10 idmap gid = 9-10 winbind use default domain = yes Any ideas what is wrong? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ntlm_auth
Hi > Tilo Lutz schrieb: > | I use suse 10.0 and have problems to set up ntlm_auth for squid. > | It uses samba 3.0.20 and squid 2.5.stable10 Am Samstag 15 Oktober 2005 09:46 schrieb Robert Schetterer: > perhaps you should change to 3.0.20b latest version of samba > cause of winbind errors suse 10 rpms are for download at ftp.suse.com or > samba mirrors I have installed the latest rpm and now it seems to work. Any idea why those patches not reported by "you"? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with ntlm_auth
Hi I use suse 10.0 and have problems to set up ntlm_auth for squid. It uses samba 3.0.20 and squid 2.5.stable10 I have set up winbind and everyhting seems to work. I've changes groupownerchip of /var/lib/samba/winbindd_privileged to squid. squid runs as group squid. Everyhting is working fine for several minutes. After a while it doesn't work anymore proxy:/var/log/samba # /usr/local/sbin/ntlm_auth --helper-protocol=squid-2.5-basic --debuglevel=3 tilo *secret* [2005/10/15 09:25:11, 3] utils/ntlm_auth.c:check_plaintext_auth(292) NT_STATUS_INVALID_HANDLE: Invalid handle (0xc008) ERR After restarting winbindd it works again: proxy:/var/log/samba # /usr/local/sbin/ntlm_auth --helper-protocol=squid-2.5-basic --debuglevel=3 tilo *secret* [2005/10/15 09:26:49, 3] utils/ntlm_auth.c:check_plaintext_auth(292) NT_STATUS_OK: Success (0x0) OK log.winbindd (log level=3) doesn't show anything interessting: [2005/10/15 09:31:12, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [0]: request interface version [2005/10/15 09:31:12, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [0]: request location of privileged pipe [2005/10/15 09:31:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(202) [0]: pam auth tilo Any idea how to keep it running? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change machine password
Hi > Tilo Lutz schrieb: > > I use some programs to clone a windows workstation and > > duplicate it's image on other workstations. > > After cloning I change the workstation name and add a > > machine account on the samba pdc. > > Now I want to create a new password for the workstation > > account and store it. > > > > I use Suse Linux 9.3 as samba pdc. samba version is 3.0.13. > > How can I set the password for a workstation? Am Sonntag, 3. Juli 2005 17:24 schrieben Sie: > It is set automatically when you join the domain. > Just leave the domain and join it again, your problem will be solved. I don't want to rejoin the domain. This would require interaction from the administrator after cloning. I want a solution which works fully without interaction. Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change machine password
>>Tilo Lutz schrieb: >>>I use some programs to clone a windows workstation and >>>duplicate it's image on other workstations. >>>After cloning I change the workstation name and add a >>>machine account on the samba pdc. >>>Now I want to create a new password for the workstation >>>account and store it. >>>>Notebook:/etc/samba # smbpasswd -m test >>>>Failed to set password for user test$. >>>>Failed to modify password entry for user test$ > Am Sonntag, 3. Juli 2005 14:55 schrieb Martin Petersen: > >>As far as I know You need to set a system account. smbpasswd gives this >>error because of the missing user entry for test$ in /etc/passwd. > So the system machine account exits but smbpasswd will not allow to > create the samba user account for this machine? > After I've read Your first post again: Maybe the machine account doesn't > even need a password but You only need to to add the account with > smbpasswd -a -m test$? No, everything is fine. I can add and remove workstations without problems. But as soon as I try to change the workstations password with smbpasswd -m -w workstation or (echo pass;echo pass) | smbpasswd -s -m -e workstation I get the above error. Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change machine password
Am Sonntag, 3. Juli 2005 15:07 schrieb Tilo Lutz: > > Tilo Lutz schrieb: > > > I use some programs to clone a windows workstation and > > > duplicate it's image on other workstations. > > > After cloning I change the workstation name and add a > > > machine account on the samba pdc. > > > Now I want to create a new password for the workstation > > > account and store it. > > > > > >>Notebook:/etc/samba # smbpasswd -m test > > >>Failed to set password for user test$. > > >>Failed to modify password entry for user test$ > > Am Sonntag, 3. Juli 2005 14:55 schrieb Martin Petersen: > > As far as I know You need to set a system account. smbpasswd gives this > > error because of the missing user entry for test$ in /etc/passwd. > > No. The account exists: > > Notebook:/home/tilo # smbpasswd -a -m test > > Added user test$. > > Notebook:/home/tilo # I forgot: Of course I've called smbpasswd -x test first before smbpasswd -a -m test, smbpasswd -a -s -m test doesn't work too. Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change machine password
> Tilo Lutz schrieb: > > I use some programs to clone a windows workstation and > > duplicate it's image on other workstations. > > After cloning I change the workstation name and add a > > machine account on the samba pdc. > > Now I want to create a new password for the workstation > > account and store it. > > > >>Notebook:/etc/samba # smbpasswd -m test > >>Failed to set password for user test$. > >>Failed to modify password entry for user test$ Am Sonntag, 3. Juli 2005 14:55 schrieb Martin Petersen: > As far as I know You need to set a system account. smbpasswd gives this > error because of the missing user entry for test$ in /etc/passwd. No. The account exists: > Notebook:/home/tilo # smbpasswd -a -m test > Added user test$. > Notebook:/home/tilo # Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] change machine password
Hi I use some programs to clone a windows workstation and duplicate it's image on other workstations. After cloning I change the workstation name and add a machine account on the samba pdc. Now I want to create a new password for the workstation account and store it. I use Suse Linux 9.3 as samba pdc. samba version is 3.0.13. How can I set the password for a workstation? > Notebook:/etc/samba # smbpasswd -m test > Failed to set password for user test$. > Failed to modify password entry for user test$ I tried smbpasswd to change the password but this doesn't seem to work. Is there any other way to change the password? I know I can modify the file smbpasswd directly or change the password in ldap. But I want a clean solution working with every password backend. Best regards, Tilo Lutz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] privileges in 3.11?
Hi > > I try to assing privileges in 3.11 and get error. > > > > If I try to do this from root: > > > > net -S dm -U root rpc rights grant 'TEST\mail' > SeMachineAccountPrivilege > > Password: > > Failed to grant privileges for TEST\dm (NT_STATUS_ACCESS_DENIED) > > > I use tdbsam... > I got the same problem. I use the ldap backend. Here's the debug output: home:/usr/local/sbin # net rpc rights grant tilo SeMachineAccountPrivilege -d 3 [2005/02/03 12:22:36, 3] param/loadparm.c:lp_load(3915) lp_load: refreshing parameters [2005/02/03 12:22:36, 3] param/loadparm.c:init_globals(1314) Initialising global parameters [2005/02/03 12:22:36, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2005/02/03 12:22:36, 3] param/loadparm.c:do_section(3408) Processing section "[global]" [2005/02/03 12:22:36, 2] lib/interface.c:add_interface(79) added interface ip=192.168.0.7 bcast=192.168.255.255 nmask=255.255.0.0 [2005/02/03 12:22:36, 2] lib/interface.c:add_interface(79) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Password: [2005/02/03 12:22:39, 3] libsmb/cliconnect.c:cli_start_connection(1389) Connecting to host=127.0.0.1 [2005/02/03 12:22:39, 3] lib/util_sock.c:open_socket_out(752) Connecting to 127.0.0.1 at port 445 [2005/02/03 12:22:39, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=58) [2005/02/03 12:22:39, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2005/02/03 12:22:39, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got principal=NONE [2005/02/03 12:22:39, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878) Got challenge flags: [2005/02/03 12:22:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60890215 [2005/02/03 12:22:39, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900) NTLMSSP: Set final flags: [2005/02/03 12:22:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/02/03 12:22:39, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/02/03 12:22:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/02/03 12:22:39, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2005/02/03 12:22:39, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 Failed to grant privileges for tilo (NT_STATUS_ACCESS_DENIED) [2005/02/03 12:22:39, 1] utils/net_rpc.c:run_rpc_command(138) rpc command function failed! (NT_STATUS_ACCESS_DENIED) [2005/02/03 12:22:39, 2] utils/net.c:main(859) return code = 1 home:/usr/local/sbin # Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] privileges in 3.11?
Hi > I try to assing privileges in 3.11 and get error. > > If I try to do this from root: > > net -S dm -U root rpc rights grant 'TEST\mail' SeMachineAccountPrivilege > Password: > Failed to grant privileges for TEST\dm (NT_STATUS_ACCESS_DENIED) > I use tdbsam... I got the same problem. I use the ldap backend. Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problem running kde
Hi > On Wed, Nov 17, 2004 at 11:40:19AM +0100, Tilo Lutz wrote: > > I've tried out the registry patch. I'm now able to run kde > > applications like konqueror. But I can't start the kde display-manager > > via startx oder kdm. Startup still hangs. Jeremy wrote: > If you're pointing it at a Samba server then get a debug level 10 log > with timestamps so you can tell what is going on on the wire. > > It might be easier for test purposes to set up a loopback mount onto > the same machine to ensure time sync. Thank you for aour support. It's not directly a samba problem but how can I debug the cifs kernel module and kde itself? Is there any way to start an application, kde in my case, with another programm wich logs every filesystem access? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problem running kde
Hi > We use the exact same setup as you. We found NFS too insecure for our > tastes aswell. > Here are our experiences with it: > http://lists.samba.org/archive/linux-cifs-client/2004-November/000477.html > ( http://tinyurl.com/55ofl ) > and: > http://lists.samba.org/archive/linux-cifs-client/2004-November/000485.html > ( http://tinyurl.com/6wfc5 ) > > I haven't gotten gotten around to testing the kernel-patch yet but my > buddy said kde works properly now. I've tried out the registry patch. I'm now able to run kde applications like konqueror. But I can't start the kde display-manager via startx oder kdm. Startup still hangs. I don't get any error messages in the console I typed startx. How can I find the problem? Is there any way to log every fileoperation kde is doing in linux? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem running kde
Hi > Tilo Lutz [EMAIL PROTECTED] wrote: > > Ups, I'm sorry, I mean root_squash. I looked in the wrong line > > Although as local root it's possible to get access to data > > with "su $user" because with su the user id is not 0 and > > access will be granted. > > It is always possible - as long as your "pam.conf", "login.conf" or > whatever allows for it. and there is no way to prevent this with an untrustable root on client side. > It has nothing to do with NFS. If you don't want it (and still let > people know each other password) - simple take shell access away from > them. This won't be a solution because as I told you I can't trust root on the clients. Students have to be root for educational reasons on the client. The problem with NFS is it trusts remote uid numbers and ip numbers wich in not very secure in both cases. Why should people know each other password? > All this can be described as "Basic Unix administration" and has > nothing to do with Samba ... I aggreee with you. Paul Gienger wrote I should use NFS and I wrote I can't use it because it is too insecure for my usage. NFS can only be used in a closed trusted network. It's always possible to get all data from an NFSv3 server with faked IPs and uidNumbers. This is not possible with samba because the password is always required. So back to my first question: Why doesn't kde run with a homedir mounted via cifs? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem running kde
Hi > Tilo Lutz [EMAIL PROTECTED] wrote: > > Sure it is true. > > Example: I export /home on a server with no_root_squash > > and mount it as /home on the client. > > Say what ? Export with no_root_squash ? What do you think it is > suposed to do ? Ups, I'm sorry, I mean root_squash. I looked in the wrong line Although as local root it's possible to get access to data with "su $user" because with su the user id is not 0 and access will be granted. Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem running kde
Hi > Tilo Lutz [EMAIL PROTECTED] wrote: > > NFS is too insecure because it trusts remote id numbers and there > > is no way of authentication. Everone able to be root on a client > > can read all data on my server. Michael Kurowski wrote: > Sorry, that's rubbish. Read the docs. Sure it is true. Example: I export /home on a server with no_root_squash and mount it as /home on the client. Being root someone has just type su $user cd ~ to get into the users homedir. I haven't found any way to prevent a client root from getting access to users data with su. The next problem is NFS trusts IPs. Anyone with a laptop can plug it into the network, connect to the share and change uid numbers on the client with su so every file can be accessed. I read a lot about nfs but I didn't find any secure solution. Thats one reason nfs is called "no file security". If you know how I can get nfs run in a secure way I would be glad when you're shareing your secret with me. Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem running kde
Hi > > mount -t cifs -o username=test //127.0.0.1/test2 /home/test > Not to completely dodge the question, but are you intending to always > mount back to localhost or another unix machine for your automount > sources? You may want to look at nfs for unix-unix remote fs tasks. > Samba is fantastic for it's purpose, but you're doing a double > conversion here. That being a posix filesystem which samba makes look > like cifs on the server, then the samba client takes cifs and makes it > look like a posix filesystem. NFS is too insecure because it trusts remote id numbers and there is no way of authentication. Everone able to be root on a client can read all data on my server. NFSv4 does have authentication but I haven't found a usable server and client for linux. AFS is no option because it's too big and not easy to understand. Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem running kde
Hi I use linux 2.6.8, kde 3.3 and samba 3.0.7 on server and clients. I use ldap to store user accounts. On client side I want to use pam_automount to mount homedirs with pam. For testing i use a singele pc as server and client 1. I've created a user test. 2. I've mounted test's homedir with: mount -t cifs -o username=test //127.0.0.1/test2 /home/test 3. Mounting works correct. I had a problem with a symlink used by kde because the link fiename contains a ":" with will be mangeled. after turning mangle case of this link is also ok 4. When I nw start kde it will hang. I was happy because recent versions of samba are supportings symlinks but kde stilldoesn't work Does anyone of you have an idea why? Anyone gt an idea to find the reason kde won't start? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Groups not displayed
Hi I got a little problem with group mapping I've used a longer string, "ITG, Klassenlehrer: Alfred Hein" as displayName attribute in ldap. When I run "net groupmap list" everthing is fine but when I try to list all groups on a windows client only groups above this string are displayed. All other groups are missing. Is this a bug? I use samba 3.0.7 Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Groupmapping doesn't work
Hi > > > I got a problem with groupmapping. It doesn't work correct: > > > > > > Wilma2:/home/root # net groupmap list | grep 512 > > > Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> > domadm > > > > > > ldapsearch -x cn=domadm: > On Tuesday 12 October 2004 05:05, jamrock wrote: > > I could never get group mapping to work. After reading Samba 3 by > > example, I realized that I needed to migrate the relevant groups > > from /etc/group to LDAP. As you can see group domadm is stored in ldap. I got only standard Linux system groups in /etc/group. I also tried to use set the primary group of "tilo" to domadm but it still doesn't help. Any ideas? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Groupmapping doesn't work
Hi > > I got a problem with groupmapping. It doesn't work correct: > > > > Wilma2:/home/root # net groupmap list | grep 512 > > Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> domadm > > > > ldapsearch -x cn=domadm: > > # domadm, groups, wms-hn.de > > dn: cn=domadm,ou=groups,dc=my-domain > > objectClass: posixGroup > > objectClass: sambaGroupMapping > > cn: domadm > > gidNumber: 65669 > > memberUid: tilo > > sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512 > > sambaGroupType: 2 > > displayName: Domain Admins > > description: Domain Admins > > > > > > The problem is "tilo" doesn't have any administrator rights. > > > > Any idea whats wrong? I use samba 3.0.7 > What 'getent group domadm' returns you? I suspect that it does not have > tilo as a member. If you have the same posixGroup defined both in > /etc/group and in LDAP and what to have definition wormhole:/var/log # getent group | grep domadm domadm:x:65669:tilo It has "tilo" as member. The group is only define in ldap, not in /etc/group Cheers Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Groupmapping doesn't work
Hi I got a problem with groupmapping. It doesn't work correct: Wilma2:/home/root # net groupmap list | grep 512 Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> domadm ldapsearch -x cn=domadm: # domadm, groups, wms-hn.de dn: cn=domadm,ou=groups,dc=my-domain objectClass: posixGroup objectClass: sambaGroupMapping cn: domadm gidNumber: 65669 memberUid: tilo sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512 sambaGroupType: 2 displayName: Domain Admins description: Domain Admins The problem is "tilo" doesn't have any administrator rights. Any idea whats wrong? I use samba 3.0.7 Cheers Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Accounts are getting disabled
> > On Sat, 3 Jul 2004, Tilo Lutz wrote: > > > None of my acounts in ldap have set sambaPwdLastSet, even those > > > acounts which became disabled. If I have understand you right, > > > samba should not disable account if the attribute sambaPwdLastSet > > > is not defined in ldap? > On Mon, 2004-07-05 at 06:56, Gerald (Jerry) Carter wrote: > > If the attribute is not defined smbd gives it an implicit value of 0. > Andrew Bartlet wrote: > If that's what caused the issue, then there is a bug (which I'm happy to > look into and fix). > > /* only reset a password if the last set time has been > explicitly been set to zero. A default last set time > is ignored */ > > if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT) > && (pdb_get_pass_last_set_time(pass) == 0) ) > { > > The intention of the logic was that if the value was undefined in LDAP, > the flags would be set to PDB_DEFAULT and it would not be treated as > 'defined as zero' for this test. I take a closer look at my users: Heres a ldap record (without password hashes) of saturday: dn: uid=alexander-cristea,ou=kl-1g3,ou=people,dc=wms-hn,dc=de userPassword:: e0NSWVBUfTE3NnUxQzA0ZDhCbG8= shadowLastChange: 11947 sambaPwdLastSet: 1 objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person objectClass: organizationalPerson objectClass: top objectClass: sambaSamAccount cn: alexander-cristea sn: alexander-cristea uid: alexander-cristea homeDirectory: /home/kl-1g3/alexander-cristea gecos: "kl-1g3" loginShell: /bin/sh shadowMin: 1 shadowMax: 9 shadowWarning: 14 sambaPwdMustChange: 18 gidNumber: 112 sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1225 uidNumber: 5248 sambaSID: S-1-5-21-3371203057-3264423045-2392767973-11496 sambaProfilePath: \\WILMA2\profile sambaAcctFlags: [UX] The same user monday morning: # alexander-cristea, kl-1g3, people, wms-hn.de dn: uid=alexander-cristea,ou=kl-1g3,ou=people,dc=wms-hn,dc=de objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person objectClass: organizationalPerson objectClass: top objectClass: sambaSamAccount cn: alexander-cristea sn: alexander-cristea uid: alexander-cristea homeDirectory: /home/kl-1g3/alexander-cristea gecos: "kl-1g3" loginShell: /bin/sh shadowMin: 1 shadowMax: 9 shadowWarning: 14 sambaPwdMustChange: 18 gidNumber: 112 sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1225 uidNumber: 5248 sambaSID: S-1-5-21-3371203057-3264423045-2392767973-11496 sambaProfilePath: \\WILMA2\profile sambaAcctFlags: [DUX] Again there's no logentrie in log.smbd (loglevel 2). As you can see the account was disabled and sambaPwdLastSet was removed. Anything I can do to find the problem? Which loglevel should I use? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Accounts are getting dsiabled
Hi > > > TL> I have a problem with samba 3.0.5pre1. > > > TL> Many of my users are disabled by samba > > > TL> and I can't find the reason why. > > > Hmm, not shure, did you look at the eventlog from your win box ?? > > > i had something alike, (before 304) and the win log showed that > > > the password change was corrupt (was a bug before 304).. > On Sat, 2004-07-03 at 18:15, Tilo Lutz wrote: > > The problem is still there with samba 3.0.5pre1. > > Samba disbales some accounts by setting the AcctFlag to "D". > > It is also _deleting_ sambaNTPassword and sambaLMPassword in > > my ldap database!. > > in log.smbd (loglevel 2) I can only find some messages the > > password of the disbaled users are wrong, not the password > > is disabled. > > I can't find any messages why samba has disbaled the accounts > > itself. Andrew Bartlett wrote: > This is by design. As per the Samba 3.0.2a release notes: > > *** Attention! Achtung! Kree! * > > Beginning with Samba 3.0.2, passwords for accounts with a last > change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in > ldapsam, etc...) of zero (0) will be regarded as uninitialized > strings. This will cause authentication to fail for such > accounts. If you have valid passwords that meet this criteria, > you must update the last change time to a non-zero value. If you > do not, then 'pdbedit --force-initialized-passwords' will disable > these accounts and reset the password hashes to a string of X's. > > *** Attention! Achtung! Kree! * > > So, either remove the 'last set time' from the record, or make it > accurate. (Your users did not last set their password in 1970). None of my acounts in ldap have set sambaPwdLastSet, even those acounts which became disabled. If I have understand you right, samba should not disable account if the attribute sambaPwdLastSet is not defined in ldap? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Accounts are getting dsiabled
Hi > TL> I have a problem with samba 3.0.5pre1. > TL> Many of my users are disabled by samba > TL> and I can't find the reason why. > Hmm, not shure, did you look at the eventlog from your win box ?? > i had something alike, (before 304) and the win log showed that > the password change was corrupt (was a bug before 304).. The problem is still there with samba 3.0.5pre1. Samba disbales some accounts by setting the AcctFlag to "D". It is also _deleting_ sambaNTPassword and sambaLMPassword in my ldap database!. in log.smbd (loglevel 2) I can only find some messages the password of the disbaled users are wrong, not the password is disabled. I can't find any messages why samba has disbaled the accounts itself. Any idea how I can track the problem? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Accounts are getting dsiabled
Hi I have a problem with samba 3.0.5pre1. Many of my users are disabled by samba and I can't find the reason why. Here is an example of an user disbled by samba: Unix username:christ NT username: christ Account Flags:[DU ] User SID: S-1-5-21-3371203057-3264423045-2392767973-4030 Primary Group SID:S-1-5-21-3371203057-3264423045-2392767973-1213 Full Name:Lehrer Karlo Christ Home Directory: "\{}\{}wilma2\{}christ\{}profile" HomeDir Drive:Z: Logon Script: 0.0.0.0.bat Profile Path: \\WILMA2\profile Domain: WMS-NET Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Fre, 13 Dez 1901 21:45:51 GMT Kickoff time: Fre, 13 Dez 1901 21:45:51 GMT Password last set:Mit, 16 Jun 2004 14:31:37 GMT Password can change: Mit, 01 Jan 2003 00:00:01 GMT Password must change: Fre, 15 Jan 2027 00:00:09 GMT Last bad password : 0 Bad password count : 0 In log-files I can only find a massage the account is disabled when the user tries to login. (LogLevel 2). I also found two messages with a wrong password before. Can anybody help my why samba is disabling many of my users? Regards, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Add Hosts as Domain Admin
> As an alternative, if you set up a UNIX user 'Administrator' group and > have them properly configured for your domain you can give THAT out with > a different password. Give them a UID of 0 and an invalid shell and you > should be good. Of course there are a fair amount of holes that the > user could jump through with that, but at least you're not entirely > giving out 'root' on the server. > > If you are using LDAP and the idealx scripts this is set up for you with > the populate script. Otherwise, make sure the SID of the user is domain SID>-512 for them to be a proper administrator as far as windows > is concerned. > > Tilo Lutz wrote: > > >Hi > > > >I found a patch for Samba 3.0.2 allowing to add hosts as > >member of the domain admin group. > >(http://marc.theaimsgroup.com/?l=samba&m=107938779530259&w=2) > > > >Has anybody seen a patch for Samba 3.0.3? It took a look at > >srv_samr_nt.c but I don't think the old patch will fit. > > > >Why doesn't samba allow domain admins to add hosts to a > >domain? > >I don't want to give the root password to everyone who should > >be able to add hosts. > >Why I have to be root when adding hosts? Even beeing member of > >group root should be enough. > > > >Tilo > > > > > > > > -- > Paul Gienger Office: 701-281-1884 > Applied Engineering Inc. Cell:701-306-6254 > Information Systems Consultant Fax: 701-281-1322 > URL: www.ae-solutions.commailto:[EMAIL PROTECTED] > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba quotas
Hi > >> Hi guys, we need to update our samba service from 2.2.8a > >> to samba 3.0.x (so that we can upgrade our AD from Win2k > >> to Win2k3). The problem I am having is with the quotas. > > I was never able to use the quota functions of samba. I use > > Suse 8.2 with Samba 3.0.3 and XFS. Even the latest samba > > version doesn't recognize quotas correctly. For me quota > > code is broken since beginning in samba. > I didn't know it was broken. What's broken? It works fine > for me. I don't know if quotas are broken in general but I was never able to get them work. I tried both compile options, --with-quotas and --with-sys-quotas > I don't limit users. I limit projects (groups). I only use user quotas. Samba take care of quota restrictions. Users can't write more data than allowed by quotas. But clients don't show used space and free space correctly. It shows complete disk usage and complete free space instead of space used by user and max. space allowed by quotas > By the way, I think your script is broken. Thank you for your tip. I don't know much about shell programming with tail, cat, awk, I set soft and hard quota to the same value. > But I digress. What did you think was wrong with quotas in samba? Thats the reason I've written it seems broken for me and not in general. I don't know why it's exactly not working. I don't know why they don't work for me. I use Suse 8.2 standard installtion with all updates. filesystem is XFS. Samba is 3.0.3, self compiled. Quotas are working fine but not in samba. I've atached quota relevant parts of config.log. I would be glad if you find an error in my configuration. Regards, Tilo config.log: configure:27602: checking whether to try disk-quotas support configure:27640: result: no configure:27645: checking whether to try the new lib/sysquotas.c interface configure:27653: result: yes [...] configure:27851: checking sys/fs/vx_quota.h usability configure:27860: gcc -c -O -I/usr/include/heimdal -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/include/heimdal conftest.c >&5 configure:27888:29: sys/fs/vx_quota.h: No such file or directory configure:27863: $? = 1 [...] #include configure:27878: result: no configure:27882: checking sys/fs/vx_quota.h presence configure:27889: gcc -E -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/include/heimdal conftest.c configure:27885:29: sys/fs/vx_quota.h: No such file or directory configure:27895: $? = 1 configure: failed program was: #line 27884 "configure" #include "confdefs.h" #include configure:27913: result: no configure:27931: checking for sys/fs/vx_quota.h configure:27938: result: no configure:27967: checking sys/quota.h usability configure:27976: gcc -c -O -I/usr/include/heimdal -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/include/heimdal conftest.c >&5 configure:27979: $? = 0 configure:27982: test -s conftest.o configure:27985: $? = 0 configure:27994: result: yes configure:27998: checking sys/quota.h presence configure:28005: gcc -E -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/include/heimdal conftest.c configure:28011: $? = 0 configure:28029: result: yes configure:28047: checking for sys/quota.h configure:28054: result: yes configure:28070: checking for XFS QUOTA in configure:28104: gcc -c -O -I/usr/include/heimdal -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/include/heimdal conftest.c >&5 configure: In function `main': configure:28096: error: `Q_XGETQUOTA' undeclared (first use in this function) configure:28096: error: (Each undeclared identifier is reported only once configure:28096: error: for each function it appears in.) configure:28107: $? = 1 configure: failed program was: #line 28076 "configure" #include "confdefs.h" [...] configure:28827: checking whether the sys_quota interface works configure:28861: gcc -c -O -I/usr/include/heimdal -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/include/heimdal -I./ -I. -I./include -I. /ubiqx -I./popt -I./smbwrapper -I./nsswitch conftest.c >&5 In file included from configure:28842: lib/sysquotas.c: In function `command_get_quota': lib/sysquotas.c:185: warning: assignment makes pointer from integer without a cast lib/sysquotas.c:213: warning: assignment makes pointer from integer without a cast In file included from configure:28842: lib/sysquotas.c: In function `command_set_quota': lib/sysquotas.c:306: warning: assignment makes pointer from integer without a cast lib/sysquotas.c:349: warning: assignment makes pointer from integer without a cast configure:28864: $? = 0 configure:28867: test -s conftest.o configure:28870: $? = 0 configure:28882: result: yes configure:28885: checking whether to use the new lib/sysquotas.c interface configure:28899: result: yes configure:28977: checking whether the old quota support works configure:29009: gcc -c -O -I/usr/include/heimdal -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/i
Re: [Samba] samba quotas
Hi > Hi guys, we need to update our samba service from 2.2.8a to samba 3.0.x > (so that we > can upgrade our AD from Win2k to Win2k3). The problem I am having is > with the quotas. I was never able to use the quota functions of samba. I use Suse 8.2 with Samba 3.0.3 and XFS. Even the latest samba version doesn't recognize quotas correctly. For me quota code is broken since beginning in samba. To get them displayed I use a dirty hack. In smb.conf I've added the following line: dfree command = "/etc/script.sh %U" script.sh: #!/bin/sh used_space=`/usr/bin/quota -u $1 | tail -1 | awk '{print $2}'` quota_space=`/usr/bin/quota -u $1 | tail -1 | awk '{print $4}'` used_files=`/usr/bin/quota -u $1 | tail -1 | awk '{print $5}'` quota_files=`/usr/bin/quota -u $1 | tail -1 | awk '{print $7}'` if [ "$used_files" == "$quota_files" ]; then used_space=$quota_space fi free_space=`expr $quota_space - $used_space` echo "$quota_space $free_space" Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Add Hosts as Domain Admin
Hi I found a patch for Samba 3.0.2 allowing to add hosts as member of the domain admin group. (http://marc.theaimsgroup.com/?l=samba&m=107938779530259&w=2) Has anybody seen a patch for Samba 3.0.3? It took a look at srv_samr_nt.c but I don't think the old patch will fit. Why doesn't samba allow domain admins to add hosts to a domain? I don't want to give the root password to everyone who should be able to add hosts. Why I have to be root when adding hosts? Even beeing member of group root should be enough. Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba disbales accounts
Hi > Tilo Lutz wrote: > | I'm using Samba 3.03 and LDAP-backend. > | If a user enters a wrong password the account > | will be disabled immediately. > | > | I read it's possible to disable accounts after X wrong > | passwords. > | Where can I set X? > | > | Is it possible to disable that new feature? Jerry wrote: > please file a bug report is the default action is to disable > the account after one bad password attempt. Thanks. I found a possible problem in may setup. I've installed samba but didn't included the new samba ldap schema which include new attriutes, e.g. sambaBadPasswordCount. I think the error is gone after I've installed the new schema. I think samba has tried to do some ldap actions with new attributes but had some trouble with them because the new attributes didn't exists in ldap schema. I think thats the reason samba has disabled the account. Can anybody confirm this behavior? Should I fill out a bug report althought it is possible my fault? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba disbales accounts
Hi I'm using Samba 3.03 and LDAP-backend. If a user enters a wrong password the account will be disabled immediately. I read it's possible to disable accounts after X wrong passwords. Where can I set X? Is it possible to disable that new feature? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Strange problems with profiles
Hi I use 2 samba servers (3.0.2rc1). One as PDC the other as BDC. Both are using ldap (sambaSamAccount) as backend. If I set profile path only in smb.conf every user gets an error message when loading a profile: Wrong path syntax. The clients did a connection to the server. If I set sambaProfilePath Attribute to the same value as profile path in smb.conf for a user this user is able to log in and load the profile most times. Most times it work bit not everytime. Path and settings for the profile share are still the same. I have this problem since 3.0.0 with different servers at different locations. Maybe I'm using wrong permission. Here's the relevant part of my smb.conf. Regards Tilo os level = 200 local master = yes bind interfaces only = true security = user encrypt passwords = yes null passwords = yes min password length = 0 domain logons = yes preferred master = yes domain master = yes logon script = %I.bat logon drive = h: logon home = "\\server\%U" logon path = "\\server\profile" time server = yes dead time = 15 kernel oplocks = yes mangle case = yes case sensitive = no default case = lower preserve case = yes short preserve case = yes name resolve order = wins bcast host lmhosts printing = cups load printers = yes username map = /etc/samba/smbusers nt acl support = yes log level = 1 max log size = 10 use sendfile = no large readwrite = yes socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192 utmp = yes passdb backend = ldapsam:ldap://localhost guest algorithmic rid base = 1000 printing = cups printcap name = cups load printers = yes unix charset = ISO-8859-15 unicode = yes display charset = UTF8 dos charset = ISO-8859-15 unix extensions = yes ldap admin dn = uid=wilma2,dc=my-domain ldap suffix = dc=my-domain ldap machine suffix = ou=machines ldap group suffix = ou=groups ldap idmap suffix = ldap user suffix= ou=people ldap passwd sync = yes idmap gid = 3-4 idmap uid = 3-4 [netlogon] comment = The domain logon service veto files = // path = /samba/netlogon create mode = 0600 directory mode = 0700 public = no writeable = no browseable = no root preexec = /samba/netlogon/findgroup %I %u %L root postexec = /etc/samba/quota_warn.sh %U %m oplocks = no level2 oplocks = no use sendfile = no [profile] comment = Hier wird das Benutzerprofil gespeichert path = /home/%g/%u/profile writeable = yes browseable = no create mask = 0711 directory mask = 0711 dos filemode = no force security mode = 00 hide files = /desktop.ini/Desktop.ini/ map system = Yes map hidden = Yes profile acls = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Allow symlinks outside of mointpoint
Hi I have several linux-clients. The homedrive is mounted with pam_mount. I use cifs instead of smbfs. Everything is working exepct kde. kde creates a symlink from $HOME/filename to /tmp/filename2. Unforutanly the created symlink shows to $HOME/filename2 instead of /tmp/filename2. Where can I change this behavoir to get kde working? Tilo -- +++ GMX - die erste Adresse für Mail, Message, More +++ Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about groups in ldap
Am Fr, 2003-12-12 um 15.29 schrieb Gerald (Jerry) Carter: > Tilo Lutz wrote: > | In Samba-Developers-Guide.pdf included with samba 3.0 > | page 72f. In the document well known groups have > | special names starting with DOMAIN_. Can Windows clients > | recognize these names and translate them into localized > | groupnames, like "user" or "power users" in english and > | "Benutzer" and "Hauptbenutzer" in german? > > That reference in the PDF file is a #define for > the well known rids. You can setup a group > mapping entry using whatever name you wish. How does MS handle this? If I have an english server with the well known group "users" and a german client. Will the groupname translated into "Benutzer"? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Question about groups in ldap
Hi I have serveral questions about groups in ldap. Is it possible to use different groups with the same well known SID or is a well known SID only allowed once? Is it allowed to uses spaces in groupnames, e.g. "domain admins"? Afaik groups with spaces are not posix conform. In Samba-Developers-Guide.pdf included with samba 3.0 page 72f. In the document well known groups have special names starting with DOMAIN_. Can Windows clients recognize these names and translate them into localized groupnames, like "user" or "power users" in english and "Benutzer" and "Hauptbenutzer" in german? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] N-Flag gone?
Hi Is the N-flag gone in samba 3.0.1? I wasn't able to get any information about it. Although accounts set to no password weren't able to log in when the N-flag wasn't set. Were can I get some information about the new H- and S-flag Regards, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with winbind and pam
Am Mo, 2003-11-10 um 11.02 schrieb Tilo Lutz: > I've set up winbind with Suse 9.0 and Samba 3.0.1 > Everything i working fine exepct pam configuration > How can I use pam_winbind and pam_unix2 ? > > > auth sufficient pam_winbind.so > > auth required pam_unix2.souse_first_pass null_ok > unix-users can login with correct password. NT-users can > login with any password, even wrong passwords! I've found the problem. The NT-user I used for testing had an linux-account. I removed only the entry from passwd and not from shadow. In shadow was no password set. Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with winbind and pam
Hi I'Ve set up winbind with Suse 9.0 and Samba 3.0.1 Everything i working fine exepct pam configuration How can I use pam_winbind and pam_unix2 ? > auth sufficient pam_winbind.so > auth required pam_unix2.souse_first_pass null_ok unix-users can login with correct password. NT-users can login with any password, even wrong passwords! > auth required pam_winbind.so > auth required pam_unix2.souse_first_pass null_ok unix-users can't login anymore The example in samba howto us using "sufficient" but in my case passwords aren't checked. What is the correct setup to allow both, samba and unix users? I think I noeed something like a x-or to link both lines together but I don't have any idea how to do this. Has anybody a hint fpr me? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Account Manager Beta1 released
LDAP Account Manager (LAM) 0.4 - October 29th, 2003 === A web frontend for managing accounts stored in an openLDAP server. Announcement The LDAP Account Manager team is pleased to release the first beta version of LAM. LAM is a set of PHP-scripts to administrate entries of a LDAP server. User, group and Samba accounts can be displayed, searched, filtered, added, removed and edited over an easy to use web interface. Even the configuration options are embedded in the interface. This is a beta version, do not use it in a productive environment! Features: - - management of Unix user and group accounts (posixAccount/posixGroup) - management of Samba 2.x/3 user and host accounts (sambaAccount/sambaSamAccount) - profiles for account creation - editor for organizational units (OU) - account creation via file upload - automatic creation/deletion of home directories - setting quotas - support for LDAP+SSL - multi-language support (English, German) - multiple configuration files - PDF output for user/group/host accounts - supports multiple password hashes Availability: - This software is available under the GNU General Public License V2.0. You can get the newest version at http://lam.sf.net. File formats: RPM, DEB, tar.gz There is also a FreeBSD port. Support: As this is a beta release of LAM there will be some bugs in our code. If you find one please file a bug report. For questions or implementing new features please use the forum and feature request tracker at our Sourceforge homepage http://www.sf.net/projects/lam. Author & Copyright: --- Copyright (C) 2003: Michael Duergner <[EMAIL PROTECTED]> Roland Gruber <[EMAIL PROTECTED]> Tilo Lutz <[EMAIL PROTECTED]> Leonhard Walchshäusl <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Some Users not shown and profiles won't work
Hi As written in my mail from sunday, some users are not recognized correctly. The can login to samba but windows doesn't show them in domain user list. Heres an error I've found in my setup. What does this error mean? I use Samba 3.0.1 and ldap-backend. Samba-domain object is saved in ldap, too. [2003/10/27 15:23:59, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user [WMS-NET]\[hein] from workstation [B112-PC2] [2003/10/27 15:23:59, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/27 15:23:59, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/27 15:23:59, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/27 15:23:59, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/27 15:23:59, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/27 15:23:59, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(299) secrets_fetch failed! [2003/10/27 15:23:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/27 15:23:59, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172) no entry for trusted domain WMS-NET found. [2003/10/27 15:23:59, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for hein (hein) [2003/10/27 15:23:59, 5] auth/auth_util.c:make_user_info(142) making strings for hein's user_info struct [2003/10/27 15:23:59, 5] auth/auth_util.c:make_user_info(184) making blobs for hein's user_info struct [2003/10/27 15:23:59, 3] auth/auth.c:check_ntlm_password(216) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2003/10/27 15:23:59, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: mapped user is: [EMAIL PROTECTED] What does the error: [2003/10/27 15:23:59, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(299) secrets_fetch failed! mean? I copied the complete user ldap-entry to a new DN, delted to old, copied to the old DN and delted the new DN. Now the user is listed when I run net rpc user. But Why? All attributes are the same. Regards, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Some Users not shown and profiles won't work
Hi I'm running samba 3.0 with ldap backand and Suse 8.2. If I want to edit ACLs from windows an a samba-share not all users are shown. "holger" i shown but "hein" isn't shown. Andy idea why? It's very strange because both can login the domain. I had to set attribute sambaProfilePath for user "hein" to the sambe value defined in smb.conf. I won't add it windows will shown a profile path syntax error, when trying to load profile. I think these problems are related to each other. Regards, Tilo dn: uid=hein,ou=lehrer,ou=people,dc=wms-hn,dc=de objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person objectClass: organizationalPerson objectClass: top objectClass: sambaSamAccount cn: hein uid: hein gidNumber: 106 homeDirectory: /home/lehrer/hein uidNumber: 1508 gecos: Alfred Hein, Lehrer, IST loginShell: /bin/bash shadowMin: 0 shadowMax: 9 sambaProfilePath: \\wilma2\profile displayName: Alfred Hein, Lehrer, IST sambaHomeDrive: H: givenName: Alfred sn: Hein shadowExpire: 21915 sambaPwdCanChange: 1041375601 sambaPwdMustChange: 1799967609 sambaAcctFlags: [UX ] sambaDomainName: WMS-NET sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1213 sambaSID: S-1-5-21-3371203057-3264423045-2392767973-4016 dn: uid=holger,ou=sonder,ou=people,dc=wms-hn,dc=de objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person objectClass: organizationalPerson objectClass: top objectClass: sambaSamAccount cn: holger uid: holger homeDirectory: /home/lehrer/holger uidNumber: 5064 loginShell: /bin/sh shadowMin: 0 shadowMax: 9 sambaSID: S-1-5-21-3371203057-3264423045-2392767973-10128 sambaHomeDrive: D: sambaDomainName: WMS-NET displayName:: IGhvbGdlcg== gecos:: IGhvbGdlcg== description:: IGhvbGdlcg== shadowExpire: 21915 givenName: holger sn: hein gidNumber: 127 sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1255 sambaPwdCanChange: 1041375601 sambaPwdMustChange: 1799967609 sambaAcctFlags: [U ] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with roaming profiles
Am Son, 2003-09-07 um 15.23 schrieb Tilo Lutz: > Hi > > After changing from samba 2.2.7 to 3.0.rc2 I can't get roaming profiles > work. Clients Are W2K and XP. > I've also switched from smbpasswd backend to ldap. Logon path is only > set in smb.conf, not in ldap. > Storing of profiles is working but it takes very long. > I've tried logon path = \\wilma2\profile\Win2K and \\wilma2\profile. > But the clients are always storing profile in \\wilma2\profile\Win2K. > Is it possible windows is caching home path anywere? If I set attribute sambaProfilePath in ldap profiles are working Why isn't the global parameter logon path = "\\WILMA2\profile\Win2K" in smb.conf used? Setting sambaProfilePath = "\\WILMA2\profile has worked, but why? The correct setting would be \\wilma2\profile\Win2K Any idea? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with roaming profiles
Hi After changing from samba 2.2.7 to 3.0.rc2 I can't get roaming profiles work. Clients Are W2K and XP. I've also switched from smbpasswd backend to ldap. Logon path is only set in smb.conf, not in ldap. Storing of profiles is working but it takes very long. I've tried logon path = \\wilma2\profile\Win2K and \\wilma2\profile. But the clients are always storing profile in \\wilma2\profile\Win2K. Is it possible windows is caching home path anywere? Loading of profiles dowsn't work I get the old "security permission" error, but I've set use profile acls in profile share. I've also set to option on client side not to check security settings on above folders. I'Ve attached relevant parts of smb.conf, log.smbd and ldif of user. I hope anybody can help me. relevant part of log.smbd [2003/09/06 11:18:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(460) Entry found for user: tilo [2003/09/06 11:18:36, 2] [2003/09/06 11:18:36, 2] auth/auth.c:check_ntlm_password(302) check_ntlm_password: authentication for user [tilo] -> [tilo] -> [tilo] succeeded b111-pc16 (192.168.83.16) connect to service profile initially as user tilo (uid=1546, gid=106) (pid 17106) [2003/09/06 11:18:36, 2] smbd/open.c:open_file(250) tilo opened file Win2K/NTUSER.DAT read=Yes write=No (numopen=1) [2003/09/06 11:18:36, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[(&(sambaSID=S-1-5-21-3371203057-3264423045-2392767973-3092)(objectclass=sambaSamAccou nt))] [2003/09/06 11:18:36, 2] smbd/open.c:open_file(250) tilo opened file Win2K/NTUSER.INI read=Yes write=No (numopen=2) [2003/09/06 11:18:46, 2] smbd/close.c:close_normal_file(228) tilo closed file Win2K/NTUSER.INI (numopen=1) [2003/09/06 11:19:52, 0] lib/util_sock.c:read_socket_data(342) read_socket_data: recv failure for 4. Error = Die Verbindung wurde vom Kommunikationspartner zurückgesetzt [2003/09/06 11:19:52, 2] smbd/server.c:exit_server(558) Closing connections [2003/09/06 11:19:52, 1] smbd/service.c:close_cnum(874) b111-pc16 (192.168.83.16) closed connection to service profile [2003/09/06 11:19:52, 2] smbd/close.c:close_normal_file(228) tilo closed file Win2K/NTUSER.DAT (numopen=0) [2003/09/06 11:19:52, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_domain_info(1297) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WMS-NET))] [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WMS-NET))] [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_open_connection(625) smbldap_open_connection: connection opened [2003/09/06 11:20:21, 2] smbd/reply.c:reply_special(93) netbios connect: name1=WILMA2 name2=B111-PC16 [2003/09/06 11:20:21, 2] smbd/reply.c:reply_special(100) netbios connect: local=wilma2 remote=b111-pc16, name type = 0 [2003/09/06 11:20:21, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/09/06 11:20:21, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[(&(sambaSID=S-1-5-21-3371203057-3264423045-2392767973-501)(objectclass=sambaSamAccoun t))] relevant part of smb.conf: [global] # Globale Einstellungen netbios name = Wilma2 workgroup = WMS-NET os level = 255 local master = yes bind interfaces only = true interfaces = 192.168.0.7/16 127.0.0.1 security = user encrypt passwords = yes domain logons = yes preferred master = yes domain master = yes logon script = %I.bat logon drive = h: #logon path = "\\WILMA2\profile\Win2K" logon path = "\\192.168.0.7\profile" wins support = yes time server = yes dead time = 15 kernel oplocks = yes mangle case = yes case sensitive = no default case = lower preserve case = yes short preserve case = yes name resolve order = wins bcast host lmhosts #veto files = /.*/ printing = cups load printers = yes username map = /etc/samba/smbusers nt acl support = yes log level = 2 max log size = 10 use sendfile = yes large readwrite = yes socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192 utmp = yes passdb backend = ldapsam:ldap://localhost guest algorithmic rid base = 1000 printing = cups printcap name = cups load printers = yes unix charset = UTF8 unicode = yes display charset = UTF8 dos charset = ASCII unix extensions = yes ldap admin dn = uid=wilma2,dc=wms-hn,dc=de ldap suffix = dc=wms-hn,dc=de ldap machine suffix = ou=machines ldap group su
[Samba] Problem with profiles
Hi I use samba 3.0rc1 and openldap. Don't know if it's really rc1, downloaded it from ftp.suse.com. Users can only get profiles if the profile is defined as attribute profilePath in ldap. If profilePath isn't set I get a very strange error, telling me something about directory permissions are wrong. Shouldn't "logon path" from smb.conf be used if no profilePath attribute is set in ldap? How can I check the value from smb.conf will be used? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Account Manager
Hi We'Ve just released an alpha-version of lam, LDAP-Account-Manager. It's a webfrontend written in php to manager users, hosts and groups stored in openldap It should fully sopprt samba. It can also manage quotas and add/rem homedirs unlinke many other ldap programms. It's still an alpha version and must not used in production environment but all main functions should work Please take a look at http://lam.sourceforge.net and report any bugs or suggestions. Regards, Tilo Lutz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba