Re: [Samba] Mounting Share at Boot
I've got the following in my /etc/fstab file //abinidi/common/abinidi/common smbfs uid=500,gid=500,credentials=/etc/smbmount_passwd 0 0 //abinidi/homes /abinidi/home smbfs uid=500,gid=500,credentials=/etc/smbmount_passwd,rw 0 0 //abinidi/networking/abinidi/networking smbfs uid=500,gid=500,credentials=/etc/smbmount_passwd,rw 0 0 /d 500 is my user id /etc.smbmount_passwd is a root rw file with the following content username = steves password = x Of course /abinidi/... are local directories Hope that helps On Tue, 1 Oct 2002 04:17, Barry Skidmore wrote: This is an excellent idea. In investigating this, however, I have found that I can not even do the following: mount -t smbfs -o username=skidmore,password=xxx //sheltie/linux /root/mnt/sheltie/linux execvp of smbmnt failed. Error was No such file or directory.smbmnt failed: 1 - I can assure you that /root/mnt/sheltie/linux exists, and if I do the following with 'smbclient', I can connect. (I can also mount '//sheltie/linux' using the GUI 'xSMBrowser') -- [root@mail skidmore]# smbclient //sheltie/linux -U skidmore%xxx added interface ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx nmask=xxx.xxx.xxx.xxx Got a positive name query response from xxx.xxx.xxx.xxx ( xxx.xxx.xxx.xxx ) smb: \ ls . D0 Tue Sep 10 12:33:52 2002 .. D0 Tue Sep 10 12:33:52 2002 Nutritional Needs of Dogs With Cancer.txt5665 Mon Mar 8 15:32:52 1999 38152 blocks of size 1048576. 28567 blocks available smb: \ - Any thoughts? Thanks, Barry Have you tried smbmount client machine\\dir '/home/barry' -o username=xxx password=xxx in your rc.local file for boot and the unmount in the halt file.? -- Steve Simeonidis Network Engineer, Spherion Education Spherion Group Ltd 1st Floor, 493 St. Kilda Rd, Melbourne VIC 3004, Australia Phone: +61 3 9243 2382Fax:+61 3 9820 2010 Email: [EMAIL PROTECTED] The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Autoreply to samba digest, Vol 1 #1675 - 8 msgs
Vielen Dank für Ihre e-mail. Da ich vom 30.09.-06.10 in Urlaub bin, kann ich sie leider erst danach bearbeiten bzw. beantworten. In dringenden Fällen, können Sie sich gerne an meinen Kollegen Herrn Lamotte wenden. Er hat die email-Adresse [EMAIL PROTECTED] und ist telefonisch unter 07142/596-152 zu erreichen. Mit freundlichen Grüßen Michael Müller G. Umbreit GmbH Co.KG -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: help with Samba and WinXp Pro
I also found out that if I reboot the WinXP PC machine or the samba server at the linuxbox, I need use nbtstat -A (IP of linuxbox) at WinXP PC and nmblookup -A ( IP of WinXP) to be able to connect the two machines together. Any thoughts on this? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ENABLING QUOTAS
Le mar 01/10/2002 à 02:56, Servie Platon a écrit : Hi everyone, Is there a way to enable and allocate quota manually on each user's home folder as per on a user to user basis? student2 5 MB /home/student2 If so, what is the syntax for this. Thanks in advance. rpm quota?*.rpm man quota man edquota -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem saving word documents
At 23:21 11/09/2002 +1000, Andrew Bartlett wrote: Johan Coenen wrote: Sep 10 16:14:55 ls-aiv-03 smbd[15088]: [2002/09/10 16:14:55, 0] lib/util_sec.c:assert_gid(111) Sep 10 16:14:55 ls-aiv-03 smbd[15088]: Failed to set gid privileges to (-1,7999) now set to (0,0) uid=(0,0) Find out what's got that -1 gid. That is your issue, I think. Or it might be that your set regid doesn't like that large a group. Either way, chase this down before you play silly games with irrelevent paramaters (strict sync etc are not relevent to your issue) Well, Spent the last couple of weeks trying a few things. On our servers, we're running RedHat 7.1 Linux version 2.4.3-SGI_XFS_1.0.1 Samba 2.2.5 Upgraded the kernel on some of our servers, and did a rebuild of Samba: RedHat 7.1 Linux version 2.4.9-31SGI_XFS_1.1 Samba 2.2.5 Problem still occurred. After changing all our gid's to lower values (1) everything seems to work normal. Users aren't having any problems with saving word-documents anymore. And no panic messages in the log files. Am I right here to conclude that our problem with large gid's is due to a bug in Samba? Cause we tried different kernels, and the problem only occurred with Word and Excel documents. And with word, it was very strange: saving as txt-document: no problem, saving as rtf-document: no problem saving as doc-document: no way. Saving a doc-document in wordpad: no problem. Johan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] W9x print driver download problems with Samba2.2.3a and CUPS
Le lun 30/09/2002 à 15:07, Kurt Pfeifle a écrit : David Morel wrote: Le lun 30/09/2002 à 12:53, Kurt Pfeifle a écrit : Glasgall wrote on samba-digest: Message: 3 Date: Sun, 29 Sep 2002 14:09:19 -0400 From: Adam Glasgall [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] W9x print driver download problems with Samba 2.2.3a and CUPS --JgQwtEuHJzHdouWu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I've set up Samba and CUPS on our testing server here, and used smbcupsadd to upload the Adobe PS drivers to the server as directed in the HOWTO (The CUPS and Samba HOWTOs differ on this point, by the way - the latter claims that PSMON.DLL is needed in addition to the eight other files. would it be related to : http://bugs.samba.org/cgi-bin/samba-bugs/incoming?id=25090 by any chance ? I guess so. You mean the *wrong* command rpcclient localhost -N -U'root%pass' -c 'adddriver Windows 4.0 printer_name:ADOBEPS4.DRV:printer_name.PPD: NULL:ADOBEPS4.HLP:PSMON.DLL:RAW: ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL is sent for you instead of the *right* one rpcclient localhost -N -U'root%pass' -c 'adddriver Windows 4.0 printer_name:ADOBEPS4.DRV:printer_name.PPD: NULL:ADOBEPS4.HLP:PSMON.DLL:RAW: ADOBEPS4.DRV: ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL But this looks not like a Samba bug; it is rather cupsaddsmb duing the wrong thing. cupsaddsmb is basing itself on rpcclient and the sole responsible source for issuing the parameters which are handed to rpcclient. Anyway, I am *not* seeing this with my last few versions of cupsaddsmb. Likely, this is fixed *long* ago. not that long : versions where samba 2.2.5 and cups 1.1.15 Which version of CUPS are you using (and which platform?) if you see this? Could you post this to the CUPS mailing list at www.cups.org, please, if it still prevails after upgrading CUPS (or ripping off a cupsaddsmb binary from a more current CUPS installation)? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Semaphore timeout
Hi Im getting a semaphore timeout period has expired error trying to connect a WinXP desktop to out linuxbox. (Redhat 7.1 / samba-2.0.7-36) I cant seem to find help about this in the documentation. Has anyone had any experience with this? Thanks Stuart
Re: [Samba] problem saving word documents
Johan Coenen wrote: At 23:21 11/09/2002 +1000, Andrew Bartlett wrote: Johan Coenen wrote: Sep 10 16:14:55 ls-aiv-03 smbd[15088]: [2002/09/10 16:14:55, 0] lib/util_sec.c:assert_gid(111) Sep 10 16:14:55 ls-aiv-03 smbd[15088]: Failed to set gid privileges to (-1,7999) now set to (0,0) uid=(0,0) Find out what's got that -1 gid. That is your issue, I think. Or it might be that your set regid doesn't like that large a group. Either way, chase this down before you play silly games with irrelevent paramaters (strict sync etc are not relevent to your issue) Well, Spent the last couple of weeks trying a few things. On our servers, we're running RedHat 7.1 Linux version 2.4.3-SGI_XFS_1.0.1 Samba 2.2.5 Upgraded the kernel on some of our servers, and did a rebuild of Samba: RedHat 7.1 Linux version 2.4.9-31SGI_XFS_1.1 Samba 2.2.5 Problem still occurred. After changing all our gid's to lower values (1) everything seems to work normal. Users aren't having any problems with saving word-documents anymore. And no panic messages in the log files. Am I right here to conclude that our problem with large gid's is due to a bug in Samba? More likaly a bug in your system libs/kernel or the interation between the two. Samba is making a call to change effective GID, and your system didn't do that (acording to geteuid). This is what assert_gid() is about - given the range of platforms that Samba runs on, we take the performance hit to ensure we don't get nasty security bugs (like this could have been). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] W9x print driver download problems with Samba2.2.3a and CUPS
of CUPS are you using (and which platform?) if you see this? Could you post this to the CUPS mailing list at www.cups.org, please, if it still prevails after upgrading CUPS (or ripping off a cupsaddsmb binary from a more current CUPS installation)? checked the cups ng, it says it'll be fixed for 1.1.16 David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Semaphore timeout
Hi I'm getting a semaphore timeout period has expired error trying to connect a WinXP desktop to out linuxbox. (Redhat 7.1 / samba-2.0.7-36) I can't seem to find help about this in the documentation. Has anyone had any experience with this? I would upgrade to a current release of Samba. Some older versions were liable to get 'stuck', causing this kind of message. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Swat Samba-3.0alpha20
Clay Kinney wrote: I have compiled samba with the defaults on a Slackware8.1 box. Everything is running fine as far as samba and windows sharing but I get these errors when trying to access swat 401 Bad Authorization username or password incorrect Any clues...I noticed some issues with earlier versions of samba and certain things to change before compling, but I was unsure if those issues stilled applied to this release... Try current HEAD, if you were having problems with shadow passwords. (We just fixed some bugs a day or so ago) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 2.2.5 and quotas (Linux SuSE 7.3)
Hello Group, I tried this one at the newsgroup linux.samba but got no response. Now I hope the somebody here can help me. What I want is simple (IMHO ;-) - working quotas with SAMBA What have I done: - compiled SAMBA with qouta. - set user level security (made smbpasswd for my users) - applied SuSE's quota (tools) update - set up user quotas for an ext2fs file system. - turned quota on. results in: accessible resources from Windows boxes but: [NT4 SP6] - quota limit is correct reported as disk size. - if I am over the soft limit, in Windows there appears a box saying that there is not enough space available at the filesystem, but I am able to continue. I can write the file and up to the hard limit everything is O.K., - if I am over the hard limit the same box appeas, I can continue too, the reported size fits (the content of course not). - a 'df' within the filesystem shows no growing beyond the hard limit. - but an ls -l shows a correct value for the size - and I can write and write and write. - repqouta shows an incresing inode count, the block count remains at hard limit. [Win XP] - behaves just like NT [W98 SE] - correct behavior (message box, cant write beyond limit) - for files smaller 2kB I get an network error (not O.K. but O.K.;-) [Linux itself] - from the shell everything is fine, I am not able to write over the limit. does anybody know something how to solve this or where the problem is? thanks Thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2.5 and DOS file transfers
Hi All, I looked for this in the archive, couldn't immediately find it so apologies if this has been asked before. I have some dos machines access samba shares, copying files to/from them on a regular basis. For some reason, the transfer rate is very slow, and I can't track down why. The dos machines are actually win95/98 in dos mode, using msclient. All machines transferred great when the fileserver was windows-based. I don't know enough about the guts of samba to know what to tweak...any ideas? Thanks, Michael
[Samba] SAMBA WIN XP Sp1
Hello, With Win XP I can Connect to Samba. But after I had Installed Win XP SP1 I coudn´t connect to my PDC. It comes an Error Message that my Profile coudn´t load. Can anyone help me ?. Jörg Nissen
[Samba] Won't see entire space on hard drive
Good Morning, I have a Mandrake 9.0 machine with a shared folder configured for public LAN access, with no special permissions on the folder. It is on a RAID 5 array, and I have 36+ GB available on the disks. The folder is located in the /usr partition. I am only able to see 4 GB max space with this folder. Is there a space limitation with the /usr partition, and if so, is this true of the other partitions as well? Thank you in advance. - Robert Dempsey Atlantic Dominion Solutions -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Swat Samba-3.0alpha20
Same problem. Sure, password has correct. v2.2.6pre2 Everything is running fine as far as samba and windows sharing but I getthese errors when trying to access swat401 Bad Authorizationusername or password incorrectAny clues...I noticed some issues with earlier versions of samba and certainthings to change before compling, but I was unsure if those issues stilledapplied to this release...Thanks in advance for any helpClay
[Samba] (no subject)
I am new inSamba. I installRed hat 7.2 and smb server and I can start smbd and nmbd services but there are many problems to authentication when I want to connect to Samba serverover a MS client. How doI go about configuring Samba? Mina
Re: [Samba] (no subject)
http://samba.mirror.ac.uk/samba/docs/Samba-HOWTO-Collection.html http://hr.uoregon.edu/davidrl/samba.html ftp://ftp.stratus.com/pub/vos/customers/samba/ http://asia.cnet.com/itmanager/netadmin/0,39006400,39050042,00.htm http://www.sin.khk.be/~dj/ http://fre-ks.greatplains.net/samba/winbind.html http://ranger.dnsalias.com/mandrake/muo/connect/csamba5.html#winbind HTH Shaolin - IT Systems WB Ltd. - Original Message - From: Mina Jafarijoo To: [EMAIL PROTECTED] Sent: Tuesday, October 01, 2002 11:41 AM Subject: [Samba] (no subject) I am new in Samba. I install Red hat 7.2 and smb server and I can start smbd and nmbd services but there are many problems to authentication when I want to connect to Samba server over a MS client. How do I go about configuring Samba? Mina -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ACL support
Anybody got the latest version of ACL from acl.bestbit.at to work? I've compiled the packages, then installed them from the RPM but I had no luck at all. I compiled a kernel with ACL support but when I try to set a new permission it says permission not supported or something like that. I currently have a box with ACL working but it's the libacl.so.0 lib and the new version is libacl.so.1 but I can't get that to work at all. Is there something I missed somewhere? Jean-Rene Cormier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming profiles and Win2K
I've been all through the Samba in 24 hours book as well as the How-To-Collection.pdf file and several other resources. I've got samba doing file sharing and authentication as a PDC for a couple of Win2K boxes (95/98 to come later). The machines can authenticate just fine. Problem is that when they log off, I get the following error: Windows cannot update your roaming profile. Contact your network administrator. If anyone has an example config that works with Win2k machines, I'd appreciate it if they'd throw this dog a bone. Thanks Keith -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 2.2.5 and NIS question
thanks for your answer the point is - we don't have an ms-domain - and i don't want to set it up we have some citrix metaframe (single) servers that actually connect to Novell Netware 3.20 (!) the commercial applications run on AIX (via telnet) the plan is to move the Novell structure directly to an linux box using samba Each user has a login/password on the AIX (NIS-based) I just want to use this (very fine working) system to authenticate the users of the samba on the linux box any help is appreciated best regards Udo E. Foth - Systemingenieur - REIFF - Management- + Service- GmbH Tuebinger Str. 2 - 6 D-72762 Reutlingen Tel.07121/323-283 Mobil 0179/2670262 Fax 07121/323-6283 Mail[EMAIL PROTECTED] Web http://www.reiff-rms.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL support
Jean-Rene Cormier wrote: Anybody got the latest version of ACL from acl.bestbit.at to work? I've compiled the packages, then installed them from the RPM but I had no luck at all. I compiled a kernel with ACL support but when I try to set a new permission it says permission not supported or something like that. I currently have a box with ACL working but it's the libacl.so.0 lib and the new version is libacl.so.1 but I can't get that to work at all. Is there something I missed somewhere? Did you mount your fs with -o acl ? Lates version of the kernel patch requires it... Jean-Rene Cormier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind trouble under load?
Samba Samba /pers wrote: We have a large W2K domain with numerous terminalservers at the local sites. Those sites also have a linux-2.2.20 server with samba-2.2.5. The samba is used to store the profiles for both the terminalservers and for the windows 2000/xp clients. I use winbind and have joined the server to the domain without problem. I can set rights on directories and so on. However from time to time when the users login to the W2K terminalserver they get a popup-message: Windows cant locate your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be propagated to the server. DETAIL - The specified network password is not correct. However since the user can login there is nothing wrong with their password. One of my teories is that there is something wrong when samba tries to auth the user to the W2K domain. Either it has lost the connection (and can't reconnect automatically) or there is some other error. The user does get a logon but are of course missing their profiles and such. Since this is a school environment the users login much at the same time and another idea I have is that the problem seems to show up when many users login at the same time. Yes, well Samba can do nasty things to a DC when it has to hit it like that. That's one connection to the DC per authenticaion. :-( I have tried both samba-2.2.5 and currently samba-2.2.6cvs (020926). The problem still persists. This is leading me to the maillist in search for an answer. I have disable the winbind enum user/groups since if I enable them winbind goes into a nonresponsive state, probably due to that we have 10K users and more. Yes, that would be 'a good idea' :-). Im also testing to let samba create the users profile directory but that didn't effect the problem. Samba also seems to loose the ability to lookup the users name in the domain and display the as this: drwx--4 10283 SKOLA\Do 4096 Aug 22 23:30 dla0826 instead of: drwx--4 SKOLA\dla0826 SKOLA\Do 4096 Aug 22 23:30 dla0826 This would happen when winbind get's itself stuck. I have enclosed all my logs and the configuration. This is turning into a major problem with the users and if I cant get this fixed then my only other option is to move the profiles back to the windows2000 fileservers. However that option would leave me with needing to transfer the profiles over the WAN to the users site. smb.conf (from testparm) testparm now (2.2.6pre2) has an option to only display non-default values. That makes it easier to figure out what you have actually changed... I would avoid the exec on open, just becouse I see Win2k doing a *lot* of tree connects/disconnects. I would instead suggest using pam_mkhomdir (or a modified varient) becouse they occour per session, not per tree. - /usr/local/bin/crehome.sh #!/bin/sh # 1.0.1 (2002-09-23) SMBUSER=$1 if [ ! -d /samba/profiler/$SMBUSER ]; then echo creating $SMBUSER /tmp/crehome.txt mkdir /samba/profiler/$SMBUSER /tmp/crehome.txt mkdir /samba/profiler/$SMBUSER/nt /tmp/crehome.txt mkdir /samba/profiler/$SMBUSER/ts /tmp/crehome.txt chgrp -R SKOLA\Domain Users /samba/profiler/$SMBUSER /tmp/crehome.txt chmod 700 /samba/profiler/$SMBUSER /tmp/crehome.txt echo - /tmp/crehome.txt fi - Error on terminalserver: Event Type: Error Event Source: Userenv Event Category: None Event ID: 1000 Date: 2002-10-01 Time: 09:26:03 User: SKOLA\llu0731 Computer: KA-WTS01 Description: Windows cannot locate your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be propagated to the server. DETAIL - The specified network password is not correct. Event Type: Error Event Source: Userenv Event Category: None Event ID: 1000 Date: 2002-10-01 Time: 09:26:04 User: NT AUTHORITY\SYSTEM Computer: KA-WTS01 Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. The specified network password is not correct is however bullshit. Well, that very much depends on what Samba told Win2k. --- Error on W2K DC Event Type: Error Event Source: Srv Event Category: None Event ID: 2006 Date: 2002-09-30 Time: 12:28:58 User: N/A Computer: DC01 Description: The server received an incorrectly formatted request from \\193.180.x.y Data: : 00 00 34 00 02 00 7c 00 ..4...|. 0008: 00 00 00 00 d6 07 00 c0 Ö..À 0010: 00 00 00 00 01 20 98 c0 . ?À 0018: 00 00 00 00 00 00 00 00 0020: 00 00 00 00 00 00 00 00 0028: b3 06 00 00 ff 53
[Samba] Autoreply to samba digest, Vol 1 #1676 - 26 msgs
Vielen Dank für Ihre e-mail. Da ich vom 30.09.-06.10 in Urlaub bin, kann ich sie leider erst danach bearbeiten bzw. beantworten. In dringenden Fällen, können Sie sich gerne an meinen Kollegen Herrn Lamotte wenden. Er hat die email-Adresse [EMAIL PROTECTED] und ist telefonisch unter 07142/596-152 zu erreichen. Mit freundlichen Grüßen Michael Müller G. Umbreit GmbH Co.KG -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] W9x print driver download problems with Samba 2.2.3a and CUPS
On Sun, 29 Sep 2002 14:09:19 -0400, Adam Glasgall [EMAIL PROTECTED] wrote: I've set up Samba and CUPS on our testing server here, and used smbcupsadd to upload the Adobe PS drivers to the server as directed in Win9x is another story altogether. It's clearly trying to get the drivers from the server, but at the beginning of the process, it pops up run cupsaddsmb with -v. You'll probably see that it mistakenly uses smbclient in place of rpcclient when setting up win9x drivers and fails. You can do it by hand seeing what's trying to do or wait for release of cups-1.1.16 which solves this. -- [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ACL support
Title: RE: [Samba] ACL support A few things you may try. First, make sure your ACL utilities and samba are compiled against the equivalent version of the libaries; make sure your versions line up as best as possible. Second, make sure you've mounted the filesystem with the acl option set. user_xattrs may also be useful. Scott F. Crosby -Original Message- From: Jean-Rene Cormier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 01, 2002 8:08 AM To: Samba List Subject: [Samba] ACL support Anybody got the latest version of ACL from acl.bestbit.at to work? I've compiled the packages, then installed them from the RPM but I had no luck at all. I compiled a kernel with ACL support but when I try to set a new permission it says permission not supported or something like that. I currently have a box with ACL working but it's the libacl.so.0 lib and the new version is libacl.so.1 but I can't get that to work at all. Is there something I missed somewhere? Jean-Rene Cormier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PAM - Winbind help needed.
Thanks to all the info I've gathered that people have posted here I've got a lot further and can now login to the local machine using a Domain account :) I'm still having problems with PAM though, no pam.d/samba file was created on installation, I did install with-pam and the login part of pam works with pam_winbind.so, but when I change the obey pam restrictions to yes I get prompted when trying to access even Public and Temp shares. I am trying to get this to work so I can utilise the pam_mkhomedir.so to autocreate the home directories for users. Without the pam option enabled I can access things fine and login through SSH using DOMAIN+user. I have tried a couple of different pam.d/samba files including these: # /etc/pam.d/samba #%PAM-1.0 auth required pam_nologin.so authrequired pam_stack.so service=system-auth accountrequired pam_stack.so service=system-auth sessionrequired pam_mkhomedir.so skel=/etc/sambaskel umask=0022 # /etc/sambaskel is a dir I made specific for homedirs for domain users sessionrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth And auth required pam_winbind.so auth required pam_pwdb.so nullok shadow account required pam_winbind.so account required pam_pwdb.so I'm probably doing something really basic wrong, but I'm so close to getting this right now. I'm using Debian 3.0 and Samba 2.2.5. Any ideas are appreciated. Shaolin - IT Systems WB Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] ACL support
That must be it, I didn't see that mentioned anywhere. Thanks a lot Jean-Rene Cormier -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De la part de Yura Pismerov Envoyé : 1 octobre, 2002 10:32 À : Jean-Rene Cormier; [EMAIL PROTECTED] Objet : Re: [Samba] ACL support Jean-Rene Cormier wrote: Anybody got the latest version of ACL from acl.bestbit.at to work? I've compiled the packages, then installed them from the RPM but I had no luck at all. I compiled a kernel with ACL support but when I try to set a new permission it says permission not supported or something like that. I currently have a box with ACL working but it's the libacl.so.0 lib and the new version is libacl.so.1 but I can't get that to work at all. Is there something I missed somewhere? Did you mount your fs with -o acl ? Lates version of the kernel patch requires it... Jean-Rene Cormier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] binaries corrupted when transferred
I have searched around quite a bit for help regarding this issue, but it seems that when I transfer a binary from Windows to a UNIX share, that binary is corrupted. I have installed samba-2.2.6.p2_1 through FreeBSD 4.6-STABLEs Ports Collection because the error existed with the version prior to that. I have uninstalled, reinstalled, reconfigured, etc., but whenever I transfer a binary it gets corrupted. When I read binary files from the FreeBSD share, such as an MP3, the file plays fine. When moving an MP3 of other binary file to the FreeBSD share, and then listening to it through samba, the file is distorted. I most often find myself transferring binaries through FTP or sFTP because they are corrupted when I transfer using SMB. Id like to say that the binary files are being transferred as ASCII files, but Im not certain. When I transfer ASCII files, they are fine and are not corrupted or altered as binary files are. Where can I find documentation regarding the subject or how can I fix the problem? Thanks, Taylor --- Taylor Basilio ([EMAIL PROTECTED]) _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] ACL support
Yes everything is compiled against the latest version of the libraries, since all utilities came from acl.bestbit.at, also I was getting errors while I was trying to set an acl manually so Samba wasn't the problem. So to add the acl option I just add acl in the option field in fstab right? Also what does user_xattrs will do? And are there other options that I can put with ACL? Jean-Rene Cormier -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De la part de Crosby, Scott F. Envoyé : 1 octobre, 2002 11:23 À : 'Jean-Rene Cormier'; Samba List Objet : RE: [Samba] ACL support A few things you may try. First, make sure your ACL utilities and samba are compiled against the equivalent version of the libaries; make sure your versions line up as best as possible. Second, make sure you've mounted the filesystem with the acl option set. user_xattrs may also be useful. Scott F. Crosby -Original Message- From: Jean-Rene Cormier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 01, 2002 8:08 AM To: Samba List Subject: [Samba] ACL support Anybody got the latest version of ACL from acl.bestbit.at to work? I've compiled the packages, then installed them from the RPM but I had no luck at all. I compiled a kernel with ACL support but when I try to set a new permission it says permission not supported or something like that. I currently have a box with ACL working but it's the libacl.so.0 lib and the new version is libacl.so.1 but I can't get that to work at all. Is there something I missed somewhere? Jean-Rene Cormier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris, winbind and console login
Hi, I 'm running : bash-2.03# uname -a SunOS kdejenssamfs 5.8 Generic_108528-15 sun4u sparc SUNW,Sun-Fire-280R and Samba 2.2.5 with winbind and PAM module. I do not need local domain users anymoure as expected. But I have two remaining problems: 1. console logins are no longer possible. I get the follwoing error in /var/adm/messages: ... Oct 1 16:41:07 kdejenssamfs pam_winbind[817]: [ID 507189 auth.error] request failed, PAM error was 13, NT error was NT_STATUS_NO_SUCH_USER .. 2. ftp doesn't work even if telnet works. My /etc/pam.conf is: # #ident (#)pam.conf 1.1601/01/24 SMI # # Copyright (c) 1996-2000 by Sun Microsystems, Inc. # All rights reserved. # # PAM configuration # # Authentication management # login auth required /usr/lib/security/pam_winbind.so.1 debug login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 # rlogin auth sufficient /usr/lib/security/pam_winbind.so.1 rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1 rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass # dtlogin auth sufficient /usr/lib/security/pam_winbind.so.1 dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass # rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1 other auth sufficient /usr/lib/security/pam_winbind.so.1 debug other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass # # Account management # login account sufficient /usr/lib/security/pam_winbind.so.1 debug login account requisite /usr/lib/security/$ISA/pam_roles.so.1 login account required/usr/lib/security/$ISA/pam_projects.so.1 login account required/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass # dtlogin account sufficient /usr/lib/security/pam_winbind.so.1 dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1 dtlogin account required/usr/lib/security/$ISA/pam_projects.so.1 dtlogin account required/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass # other account sufficient /usr/lib/security/pam_winbind.so.1 debug other account requisite /usr/lib/security/$ISA/pam_roles.so.1 other account required/usr/lib/security/$ISA/pam_projects.so.1 other account required/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass # # Session management # other session required/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass # # Password management # other password required /usr/lib/security/$ISA/pam_unix.so.1 dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1 smb.conf is: workgroup = KRZ netbios name = kdejenssamfs #netbios aliases = proxy2 djian server string = Samba %v %h interfaces = 10.2.39.204/23 bind interfaces only = true socket address = 10.2.39.204/23 map to guest = Bad user log level = 1 syslog = 0 log file = /usr/local/samba/var/log.%m max log size = 10 deadtime = 5 os level = 31 domain master = no local master = no wins server = 10.2.39.67 name resolve order = lmhosts wins hosts bcast # make sure you 've domain account for samba server to NT domain # and typed smbpasswd -j DOM -r DOMPDC before security = domain password server = kdejenskrzads1.krz.ads kdejenskrzads2.krz.ads encrypt passwords = true username map = /usr/local/samba/private/users.map winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /export/home/%D/%U template shell = /bin/bash ... Any help is appreciated. Best regards Uwe walther -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA WIN XP Sp1
DON'T, I mean literally uninstall SP1 from your computer immediately. It's bugged very bad and causes many computers to crash. My XP completely crashed and couldn't EVEN BOOT. Thank god, my backups rescued me. Formatted it and reinstall everyting but SP1. MS forums going crazy, just take a look at it, you'll understand better what I mean. Serhan. -- Original Message -- From: Jörg Nissen [EMAIL PROTECTED] Date: Tue, 1 Oct 2002 10:18:48 +0200 Hello, With Win XP I can Connect to Samba. But after I had Installed Win XP SP1 I coudn´t connect to my PDC. It comes an Error Message that my Profile coudn´t load. Can anyone help me ?. Jörg Nissen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind trouble under load?
I forgot to mention that I connect winbind to the W2K DC not as an anonymous account but with a normal user account. I use the wbinfo -A user%password [EMAIL PROTECTED] skriver: testparm now (2.2.6pre2) has an option to only display non-default values. That makes it easier to figure out what you have actually changed... [global] workgroup = SKOLA server string = Trustix Samba Server interfaces = br0 security = DOMAIN encrypt passwords = Yes password server = * log level = 0 log file = /var/log/samba/log.%I name resolve order = wins host lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 32 preferred master = True domain master = False wins server = 193.180.x.y winbind uid = 1-4 winbind gid = 1-4 template homedir = /dev/null winbind enum users = No winbind enum groups = No printer admin = @SKOLA\Support,@SKOLA\Administrators I would avoid the exec on open, just becouse I see Win2k doing a *lot* of tree connects/disconnects. I would instead suggest using pam_mkhomdir (or a modified varient) becouse they occour per session, not per tree. It is only for testing so I don't give much about speed now, on to get it working. I'll look into the pam_mkhomedir later. --- Error on W2K DC Event Type: Error Event Source: Srv Event Category: None Event ID: 2006 Date: 2002-09-30 Time: 12:28:58 User: N/A Computer: DC01 Description: The server received an incorrectly formatted request from \\193.180.x.y Data: : 00 00 34 00 02 00 7c 00 ..4...|. 0008: 00 00 00 00 d6 07 00 c0 Ö..À 0010: 00 00 00 00 01 20 98 c0 . ?À 0018: 00 00 00 00 00 00 00 00 0020: 00 00 00 00 00 00 00 00 0028: b3 06 00 00 ff 53 4d 42 ³...ÿSMB 0030: 25 00 00 00 00 08 01 c0 %..À 0038: 00 00 00 00 00 00 00 00 0040: 00 00 00 00 00 d0 6d 38 .Ðm8 0048: 02 50 01 00 10 00 00 48 .P.H 0050: 00 00 00 48 00 00 00 00 ...H 0058: 00 00 00 00 Now *this* is interesting. I've only heard of it once, and it was not reproducable. Can you reproduce this error, and try to get a packet sniff of it? I would be interested to see what it actually is. Can't reproduce it. I have a few of these every week in my log files, both from this server (2.2.6cvs) and the other samba servers (2.2.5). I'll examine the logs and see if I can find anything that happend at the same time. [2002/10/01 13:21:50, 0] smbd/sec_ctx.c:initialise_groups(244) Unable to initgroups. Error was Input/output error The logs are full of those message. However I think the are due to the fact that I have winbind enum groups = no in /etc/samba/smb.conf That should not be. That error is probably somthing else... Yes, could it be this: [print$] path = /samba/printers write list = @SKOLA\Support @SKOLA\Administrators guest ok = Yes root@xx-proxy /var/log/samba# testparm | grep guest map to guest = Never domain guest group = guest account = nobody guest only = No guest ok = No guest ok = Yes When the computer/user tries to connect to the share as a guest it fails since the guest account (nobody) is not allowed to use samba? OR could the fact that im using a normal account to connect to w2k account for the errors? (wbinfo -A user%pass) In any case, one course of action might be (assuming you are running an Active Directory setup) to move to Samba 3.0. If the Win2k clients get kerberos credentials, then Samba doesn't need to contact the DC at all for authenticaion. (It might need to contact it for other things however, but these can be cached too) Also, Samba 3.0 uses an LDAP client on AD, which I suspect will cope much better with 1 users. Samba 3.0 also has a 'dual deamon' mode where it can opearate out of it's cache while waiting for new answers from the DC, which might help avoid a blocking winbind call backloging the entire system. Finally, Samba 3.0 has *much* better error reporting, so you might get a meaningful error message too! But isn't samba 3.0 in alpha or beta? Is it really recommended/safe to run it in production? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA WIN XP Sp1
I nearly missed your message since you replied to an unrelated message... (my mail reader threads according to message id) you need to make a change on the client in the gpedit.msc program set computer configuration-administrative templates-system-user profiles- do not check for user ownership of roaming profile folders to enabled Iff your pdc and your profile server share the same SID another possibility is to modify your server's profiles share to have nt acl support = yes brad On Tue, 2002-10-01 at 04:18, Jörg Nissen wrote: Hello, With Win XP I can Connect to Samba. But after I had Installed Win XP SP1 I coudn´t connect to my PDC. It comes an Error Message that my Profile coudn´t load. Can anyone help me ?. Jörg Nissen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles and Win2K
On Tue, 2002-10-01 at 09:06, Keith Dickinson wrote: I've been all through the Samba in 24 hours book as well as the How-To-Collection.pdf file and several other resources. I've got samba doing file sharing and authentication as a PDC for a couple of Win2K boxes (95/98 to come later). The machines can authenticate just fine. Problem is that when they log off, I get the following error: Windows cannot update your roaming profile. Contact your network administrator. are you sure you've got the permissions correct on the profile share? what do your logs say? my config works with win2k machines ... here are the relevant excerpts domain logons = Yes os level = 64 preferred master = True domain master = True note i have an external wins server - you'll probably want to set up your own. [netlogon] path = /etc/samba/netlogon write list = root [profiles] path = /home/xp_profiles read only = No create mask = 0600 directory mask = 0700 csc policy = disable share modes = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] config.pol
Hi Fernando, I'm sorry. I forgot to mention all the workstations are Win98. Fortunatly, there are only 10. I have already changed the selection to All users of this computer use the same preferences and desktop settings. in Passwords Properties/User Profiles. Thanks Your english is so good I didn't even hear an accent. ;^) Fernando Casas ([EMAIL PROTECTED]) wrote*: Hi BOB. This solution is tedius, but works. I´m sure there is a better one out there. =) You must go to each workstation, logon as Administrator, or a user with Administrator privileges. Righ-click on MyComputer icon. Click on Properties. Then go to the User Profiles tab. Select the user that you want to change de profile type. Then click on the CHANGE TYPE button. Select LOCAL PROFILE. Then click on OK. Click on OK again. And thats all. Then logoff, and logon again. The user profile will be local type instead of roaming. If this doesn´t work for you, let me know. Greetings. Fernando PD: excuse my terrible english. =( - Original Message - From: Bob Crandell [EMAIL PROTECTED] To: Samba List [EMAIL PROTECTED] Sent: Tuesday, October 01, 2002 12:20 PM Subject: [Samba] config.pol Hi, I just installed a new Samba server to replace an old dying Novell box for a client. It works well and they are happy. The one problem I'm having is when any user logs in, they get a message saying it can't find \\master\netlogon\config.pol. This is coming from a messed up roaming profiles configuration on the Novell box, which is off. I don't have any experience with roaming profiles and I don't want any. My question is can you either 1) tell me how to turn it off on each workstation or 2) send and empty/do nothing config.pol? This would be a great product if it wasn't for Windoze. :^/ Thanks -- Bob Crandell Assured Computing When you need to be sure. Voice 541-689-9159 FAX 240-371-7237 [EMAIL PROTECTED] www.assuredcomp.com Eugene, Or. 97402 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Autoreply to samba digest, Vol 1 #1677 - 17 msgs
Vielen Dank für Ihre e-mail. Da ich vom 30.09.-06.10 in Urlaub bin, kann ich sie leider erst danach bearbeiten bzw. beantworten. In dringenden Fällen, können Sie sich gerne an meinen Kollegen Herrn Lamotte wenden. Er hat die email-Adresse [EMAIL PROTECTED] und ist telefonisch unter 07142/596-152 zu erreichen. Mit freundlichen Grüßen Michael Müller G. Umbreit GmbH Co.KG -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] ACL support
Jean-Rene Cormier wrote: That must be it, I didn't see that mentioned anywhere. It is right here in red (almost) colour :) http://acl.bestbits.at/download.html#Kernel Thanks a lot Jean-Rene Cormier -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De la part de Yura Pismerov Envoyé : 1 octobre, 2002 10:32 À : Jean-Rene Cormier; [EMAIL PROTECTED] Objet : Re: [Samba] ACL support Jean-Rene Cormier wrote: Anybody got the latest version of ACL from acl.bestbit.at to work? I've compiled the packages, then installed them from the RPM but I had no luck at all. I compiled a kernel with ACL support but when I try to set a new permission it says permission not supported or something like that. I currently have a box with ACL working but it's the libacl.so.0 lib and the new version is libacl.so.1 but I can't get that to work at all. Is there something I missed somewhere? Did you mount your fs with -o acl ? Lates version of the kernel patch requires it... Jean-Rene Cormier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA WIN XP Sp1
On Tue, 2002-10-01 at 11:09, Serhan Sevim wrote: DON'T, I mean literally uninstall SP1 from your computer immediately. It's bugged very bad and causes many computers to crash. My XP completely crashed and couldn't EVEN BOOT. Thank god, my backups rescued me. Formatted it and reinstall everyting but SP1. MS forums going crazy, just take a look at it, you'll understand better what I mean. Serhan. I've applied SP1 and, aside from the samba problem, I've not been able to detect any problems... Keep in mind that I applied SP1 to a clean system image and i distribute a sysprepped version of XPSP1+apps to the clients so it's probably not the usual case... brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] XP Pro and Samba 3.0-alpha1.9
Hi everybody, I set up Samba 3.0alpha1.9 on a RH7.2 and I want to configure it as a Primary Domain Controller. Below , my smb.conf: # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/10/01 09:04:58 # Global parameters [global] ;Nom du domaine workgroup = MOMODOM ;Nom netBios de la machine netbios name = SRV2000 ;Commentaires qui sera affiche dans le vouisinage réseau server string = Samba Server Beta Test 3.0 encrypt passwords = Yes password server = bin/passwd passwd program = /usr/bin/passwd %u unix password sync = No log file = /var/log/samba/SMB%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = root@SRV2000 ; add user script = /usr/sbin/useradd -d /dev/null -g 502 -s /bin/false -M %u logon script = logon.cmd logon path = \\%N\%u\profiles logon drive = H: logon home = \\SRV\%U domain logons = Yes domain admin group = admin os level = 64 preferred master = True domain master = True dns proxy = No wins server = 172.25.4.12 default service = export\samba\test printing = lprng [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No writable = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [export\samba\test] comment = Partage de test path = /tmp guest ok = Yes browsable = Yes writeable = Yes [netlogon] comment = Network Logon Services path = /home/netlogon writeable = no browseable = no write list = root And I create a Machine Trust Account, like this; #useradd -g admin -d /dev/null -c Samba Test Machine -s /bin/false SRV2000$ #passwd -l SRV2000$ #smbpasswd -a -m SRV2000$ (I found some docs with $ to put here and other without, What do I put) For me, my Machine trust account is OK. To create a samba manager #smbpasswd -a root and I use it to join the domain. But when I try to join the Domain MOMODOM , it is refused because user unknown or incorrect password And in the samba log file : rpc_server/srv_netlog_nt.c:get_md4pw(154) get_md4pw: Workstation SRV2000$: no account in domain Someone has an Idea? Thanks in advance, Mo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication problem
Hello, we have only a problem with samba in our Solaris 8 server and it is with IIS 5 in Windows 2000. We want to use a shared samba folder to put our html pages in, to use IIS how our web server and to use that shared samba folder how our web document root in IIS. But it doesn´t work, there is always a "Netlogon failure" in the web broser when I'm trying to access http://localhost in the web server. We can use that shared folder in Windows and we can use "net use t:\\solarisserver\sharedfolder" and all working fine, but when I use a web browser there is a authentication problem. What's the problem??? Thank you very much, Carlos Ufano González
RE : RE : [Samba] ACL support
Maybe they should put it in a brighter red ;) But thanks now it works! Jean-Rene Cormier -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De la part de Yura Pismerov Envoyé : 1 octobre, 2002 13:03 À : Jean-Rene Cormier Cc : [EMAIL PROTECTED] Objet : Re: RE : [Samba] ACL support Jean-Rene Cormier wrote: That must be it, I didn't see that mentioned anywhere. It is right here in red (almost) colour :) http://acl.bestbits.at/download.html#Kernel Thanks a lot Jean-Rene Cormier -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De la part de Yura Pismerov EnvoyИ : 1 octobre, 2002 10:32 ю : Jean-Rene Cormier; [EMAIL PROTECTED] Objet : Re: [Samba] ACL support Jean-Rene Cormier wrote: Anybody got the latest version of ACL from acl.bestbit.at to work? I've compiled the packages, then installed them from the RPM but I had no luck at all. I compiled a kernel with ACL support but when I try to set a new permission it says permission not supported or something like that. I currently have a box with ACL working but it's the libacl.so.0 lib and the new version is libacl.so.1 but I can't get that to work at all. Is there something I missed somewhere? Did you mount your fs with -o acl ? Lates version of the kernel patch requires it... Jean-Rene Cormier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Pro and Samba 3.0-alpha1.9
On Tue, 2002-10-01 at 12:37, Kalkoul Morad wrote: Hi everybody, I set up Samba 3.0alpha1.9 on a RH7.2 and I want to configure it as a Primary Domain Controller. Below , my smb.conf: # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/10/01 09:04:58 # Global parameters [global] ;Nom du domaine workgroup = MOMODOM ;Nom netBios de la machine netbios name = SRV2000 ;Commentaires qui sera affiche dans le vouisinage réseau server string = Samba Server Beta Test 3.0 encrypt passwords = Yes password server = bin/passwd nope - this should be the name of the machine - probably just leave it out... passwd program = /usr/bin/passwd %u unix password sync = No log file = /var/log/samba/SMB%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = root@SRV2000 you don't need this (and i don't know if it works in samba3) instead you should use the group mapping tool smbgroupedit to set up a mapping between Domain Admins and the unix group root ; add user script = /usr/sbin/useradd -d /dev/null -g 502 -s /bin/false -M %u logon script = logon.cmd logon path = \\%N\%u\profiles logon drive = H: logon home = \\SRV\%U domain logons = Yes domain admin group = admin you certainly shouldn't have two of these... os level = 64 preferred master = True domain master = True dns proxy = No wins server = 172.25.4.12 default service = export\samba\test what are you trying to do with this... it's not needed for a PDC printing = lprng [homes] comment = Home Directories valid users = %S you don't need this line... read only = No create mask = 0664 directory mask = 0775 browseable = No writable = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [export\samba\test] comment = Partage de test path = /tmp guest ok = Yes browsable = Yes writeable = Yes [netlogon] comment = Network Logon Services path = /home/netlogon writeable = no browseable = no write list = root And I create a Machine Trust Account, like this; #useradd -g admin -d /dev/null -c Samba Test Machine -s /bin/false SRV2000$ #passwd -l SRV2000$ #smbpasswd -a -m SRV2000$ (I found some docs with $ to put here and other without, What do I put) the $ sign needs to be there in the files. I think some versions of smbpasswd add the $ sign automatically just make sure that the files look right.. best wishes! brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file quotas
I solved the problem. Apparently Linux quotacheck creates new format of quota files. quotacheck -F vfsold did the trick. Yura Pismerov wrote: Hi all, I've compiled samba --with-quotas, turned on user and group quotas on ext3, assigned quotas, BUT it does not seem to be working. Windows client always shows all available space instead of showing the quota. Do I miss something ? P.S. I run Debian with 2.4.19 kernel patched for ext3 ACL support (from acl.bestbits.at). -- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file permission problem
I have Samba 2.2.1a installed on RedHat 7.2, using RedHat's rev 4 RPMs (samba-common, samba-client, samba, and samba-swat 2.2.1a-4). I have the PDC part working. But there is one file share giving me problems. I have a folder, /export0, which I want all the domain users to be able to use. I have a group, unboundtech, which all the domain users are a member of. The /export0 is owned by root:unboundtech, with mode 775. The folders under this one which they can write to are the same (group is unboundtech, mode is 775). Users can create files/folders, but they can't change the permissions on them (for example, to let other people modify them). In some cases, I also want to have folders in /export0 which are owned by another group which is a subset of the domain users. I'm having the same problems here. I create a folder owned by the group in question, and group writeable. Members of the group can write folders to it (I haven't checked if non-group members can), but they can't change the permissions. Can services be subpaths of existing services? like [/some/folder] . [/some/folder/beneath] . That way I could maybe force a particular group ownership for different sub trees. -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) # Samba config file created using SWAT # from localhost.localdomain (127.0.0.1) # Date: 2002/10/01 10:04:25 # Global parameters [global] workgroup = UNBOUNDTECH netbios name = MOLEHILL server string = Domain controller interfaces = eth1 192.168.1.0/24 localhost bind interfaces only = Yes encrypt passwords = Yes passwd program = /usr/bin/passwd unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = root sysadm domainadmin add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon path = \\%N\profiles\%U logon drive = Z: domain logons = Yes os level = 33 preferred master = True domain master = True wins support = Yes [profiles] comment = Windows Home Directories path = /home/profiles read only = No create mask = 0775 [export0] path = /export0 write list = unboundtech read only = No create mask = 0775 directory mask = 0775 [netlogon] path = /usr/share/samba/netlogon write list = administrator browseable = No
Re: [Samba] W9x print driver download problems with Samba 2.2.3a and CUPS
Found the thread on the CUPS ng, applied the patch at http://www.cups.org/newsgroups.php?s1+gcups.bugs+v3. Now 9x errors out with 'No more files (error #12)' while copying the ppd. Oddly, it seems to get to the end of the list of files while copying. I think this is the last stumbling block before everything works, any ideas? David Morel ([EMAIL PROTECTED]) wrote: of CUPS are you using (and which platform?) if you see this? Could you post this to the CUPS mailing list at www.cups.org, please, if it still prevails after upgrading CUPS (or ripping off a cupsaddsmb binary from a more current CUPS installation)? checked the cups ng, it says it'll be fixed for 1.1.16 David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Adam Glasgall Disobedience was Man's Original Virtue msg05345/pgp0.pgp Description: PGP signature
RE: [Samba] XP Pro and Samba 3.0-alpha1.9
I think you need to add the add machine script command in your smb.conf. check man smb.conf for more info. Hope this helps. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kalkoul Morad Sent: Tuesday, October 01, 2002 12:37 PM To: [EMAIL PROTECTED] Subject: [Samba] XP Pro and Samba 3.0-alpha1.9 Hi everybody, I set up Samba 3.0alpha1.9 on a RH7.2 and I want to configure it as a Primary Domain Controller. Below , my smb.conf: # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/10/01 09:04:58 # Global parameters [global] ;Nom du domaine workgroup = MOMODOM ;Nom netBios de la machine netbios name = SRV2000 ;Commentaires qui sera affiche dans le vouisinage réseau server string = Samba Server Beta Test 3.0 encrypt passwords = Yes password server = bin/passwd passwd program = /usr/bin/passwd %u unix password sync = No log file = /var/log/samba/SMB%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = root@SRV2000 ; add user script = /usr/sbin/useradd -d /dev/null -g 502 -s /bin/false -M %u logon script = logon.cmd logon path = \\%N\%u\profiles logon drive = H: logon home = \\SRV\%U domain logons = Yes domain admin group = @admin os level = 64 preferred master = True domain master = True dns proxy = No wins server = 172.25.4.12 default service = export\samba\test printing = lprng [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No writable = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [export\samba\test] comment = Partage de test path = /tmp guest ok = Yes browsable = Yes writeable = Yes [netlogon] comment = Network Logon Services path = /home/netlogon writeable = no browseable = no write list = root And I create a Machine Trust Account, like this; #useradd -g admin -d /dev/null -c Samba Test Machine -s /bin/false SRV2000$ #passwd -l SRV2000$ #smbpasswd -a -m SRV2000$ (I found some docs with $ to put here and other without, What do I put) For me, my Machine trust account is OK. To create a samba manager #smbpasswd -a root and I use it to join the domain. But when I try to join the Domain MOMODOM , it is refused because user unknown or incorrect password And in the samba log file : rpc_server/srv_netlog_nt.c:get_md4pw(154) get_md4pw: Workstation SRV2000$: no account in domain Someone has an Idea? Thanks in advance, Mo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Drop down slowness on mapped drives
Hello, We have a Windows 2000 Network with a few FreeBSD boxes running Samba. We have a share on one box specifically that we map to everyones workstations. Ever since this day the file drop down box in applications such as word or excel goes incredibly slow. If we remove the drive mapping, the speed returns to normal. Ive searched and browsed newsgroups and mailing lists and havent found a clear cut answer, but if I missed it I apologize. I do have the tcp_nodelay option uncommented in the config file. If anyone has any ideas, Id appreciate some help. Thanks! -James
[Samba] W9x print driver download problems with Samba 2.2.5 and CUPS 1.1.15
Greetings, Similar to the other CUPS thread, but not the same. Samba 2.2.5 built on a Sparc Solaris 9 box with Cups 1.1.5. I've set up Samba to print with Cups as outlined in the docs. I am able to download the generic Adobe print driver to my Windows 2000 clients but the Windows 98 clients are asking for a local driver to be installed. Looking at verbose output from cupsaddsmb, that looks as if it ran correctly (I did not see smbclient being used where rpcclient should be). Logs generated for the client while trying to add the printer include the following: --- ... [2002/10/01 13:53:16, 3] smbd/lanman.c:api_reply(3344) Got API command 70 of form zWrLh WN (tdscnt=0,tpscnt=30,mdrcnt=1024,mprcnt=6) [2002/10/01 13:53:16, 3] smbd/lanman.c:api_reply(3348) Doing DosPrintQGetInfo [2002/10/01 13:53:16, 3] smbd/lanman.c:api_DosPrintQGetInfo(884) api_DosPrintQGetInfo: uLevel=52 name=UR26 [2002/10/01 13:53:16, 3] smbd/lanman.c:get_printerdrivernumber(836) Can't determine number of printer driver files [2002/10/01 13:53:16, 3] smbd/lanman.c:api_DosPrintQGetInfo(918) api_DosPrintQGetInfo: Driver files count: 0 [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(656) printerdriver:ur26: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(657) Driver:ADOBEPS4.DRV: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(658) Data File:ur26.PPD: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(659) Language Monitor:PSMON.DLL: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(661) lp_driverlocation:\\TECHOPS\print$\WIN40\0: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(664) Data Type:RAW: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(665) Help File:ADOBEPS4.HLP: [2002/10/01 13:53:16, 3] smbd/lanman.c:fill_printq_info_52(679) fill_printq_info on ur26 gave 0 entries ... I'm wondering about the Can't determine number of printer driver files and the fill_printq_info on ur26 gave 0 entries messages - sounds like something is NOT set up correctly. Any ideas on what it might be? Thanks, Bob Martel ** Speaking only for myself - CSU pays better people than me to speak for them. Bob Martel - System Administrator | I met someone who looks Maxine Goodman Levin College of Urban Affairs |a lot like you Cleveland State University | She does the things you do (216) 687-2214 |But she is an IBM [EMAIL PROTECTED] | -Jeff Lynne ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] default for 'writeable ='
Hi all, 'Using Samba' (and it's companion 'Pocket Reference') both say that the default for the 'writable' option in smb.conf is 'YES'. But, http://ie.samba.org/samba/docs/man/smb.conf.5.html says the default is 'no'. Which is right? Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641000 x285 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password and case sensitivity
We are using samba as our fileserver. And we have a Windows 2000 PDC in place here as well. The PDC is our password server. we have these directives: password server = ip_address_of_win_PDC encrypt passwords = yes And when we use pam_smb to authenticate it is not case sensitive. if I have a password of dOpTog6, doptog6 is just fine. How can I make samba more strict. I tried password level = 24. and that didnt seem to do anything. Thanks, Joe Kezar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] passwords and case sensitivity
We are using samba as our fileserver. And we have a Windows 2000 PDC in place here as well. The PDC is our password server. we have these directives: password server = ip_address_of_win_PDC encrypt passwords = yes And when we use pam_smb to authenticate it is not case sensitive. if I have a password of dOpTog6, doptog6 is just fine. How can I make samba more strict. I tried password level = 24. and that didnt seem to do anything. Thanks, Joe Kezar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: using samba over AT@T broadband (Barry deFreese)
ATT Broadband blocks ports 137,138, and 139. They want to protect those Windows users that install File and Print Sharing from viruses and attacks. Mason Kidd Message: 2 Reply-To: [EMAIL PROTECTED] From: Barry deFreese [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [Samba] using samba over AT@T broadband Date: Mon, 30 Sep 2002 21:05:05 -0700 This is a multi-part message in MIME format. --=_NextPart_000_0036_01C268C5.0D575B30 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit James, You do realize what a security hole this is correct? Barry deFreese Newbie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of James T Prejsnar Sent: Monday, September 30, 2002 8:42 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Samba] using samba over AT@T broadband Hello. I'm a Graduate Student, and I'm trying to set up Samba on my Solaris 2.8 box so that my team members can network map their home accounts from my Solaris box onto their PC. Everything works great within my home. (i.e. I have a home network, and all my PC's can mount my UNIX home directory.) My problem: I can't network map my Home Directory outside my local subnet. (i.e. I get the following Windows error message: Can't find location or something in effect that it can't find my Solaris box) I can ping and telnet to my Solaris box outside ATT's subnet, but I can't use samba. There are no logs created in /usr/local/samba/var for the PC connecting. I even tried to create a lmhosts file on the PC outside my subnet, but that didn't help I've been reading the samba news-groups and using google.com, but nothing is helping me. I just want to map my home directory by doing the following within the map network drive dialog: \\65.96.xxx.xxx\username outside my subnet. Information: 1.. Samba Version: 2.2.2 2.. OS: Solaris 2.8 with all the recommended OS patch from SUN - SunOS unknown 5.8 Generic_108528-15 sun4u sparc SUNW,Ultra-1 3.. /etc/services file contains: netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp # NETBIOS Name Service netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp # NETBIOS Datagram Service netbios-ssn 139/tcp # NETBIOS Session Service netbios-ssn 139/udp # NETBIOS Session Service -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] setting a printer driver problem.
I am having a problem setting a printer driver for and existing printer on a windows client. I have a cups (1.1.15-6) server running on a redhat 7.2 machine. I added a printer with the web admin tool. I set up samba (2.2.5) on this server as well. These are how my shares are set up: [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes [print$] comment = Printer Drivers path = /etc/samba/drivers browseable = yes guest ok = yes read only = yes write list = $ntadmin,root /etc/samba/drivers/W32X36 exists and is completely open. When I log onto a WindowsNT client and browse to \\samba-server and go into the printers folder I can see the printer that I set up with cups. I enter the properties and choose New Driver to upload the driver to the samba server. When I choose the correct driver from the list it start to copy but errors out because it is looking for a somthing.DLL file. I do a search for it and find it in c:\winnt\system32. I click ok and this file copys fine but the next file is where I am having a problem. The next file it wants to copy is PSCRIPT.DL_. I do a search for this file and find it in c:\ntw32k\i386. When I choose this it says that it cant perform the copy because the file is not in that location. But I know that it is. Is this even the right way to do what I am trying to do (trying to set a windows driver for a cups printer)? Does anybody have any ideas. I have used cupsadsmb, which added the drivers fine, but the printers still errored out trying to print. So I'm trying to add the drivers without using cupsaddsmb. Thanks for your time. -Ben -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] MS-Access Application very slow (Solved ?)
Hi, I have got the solution: I upgraded hardware: P4 - 2.4GHz RAM 1 GB LVD-SCSI Seagate 18GB - about 10,000 rpm and now it works nearly as good as the winpc 5% slower still, o.k. - but therefor the ? after solved - what else could I do ? The whole lock-things I tried already, they do not have much inflence on speed, as far as I tested. Thanks Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Prevent NULL Session
I have a couple of Samba (2.0.7 2.2.0) servers I scanned with Nessus and they reported a security hole of Possible to login to the remote host using a NULL session I have a couple of NT servers I disabled with a registry edit. Is there a way to prevent this on the Samba servers or is it evan a valid issue? Thanks Mike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Please help to add a machine to a domain
Hello, could you please help me to solve the following problem: When I try to add a machine to a domain from winNT, I get the following error: Unable to add or change accounts on the domain. The account information entered does not grant sufficient privilage to create or change accounts. The whole process create an unix account (machinename$ in /etc/passwd) as well as samba account (machinename$ in /etc/samba/smbpasswd) but samba accont has password NO PASSWORD. Do you have some idea where is a problem or how to get around it? Thank you. Pavel Stulik -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] default for 'writeable ='
Mac wrote: Hi all, 'Using Samba' (and it's companion 'Pocket Reference') both say that the default for the 'writable' option in smb.conf is 'YES'. But, http://ie.samba.org/samba/docs/man/smb.conf.5.html says the default is 'no'. Which is right? You can run the following command to find the defaults. testparm -s /dev/null writable is actually a misspelled synonym for writeable which in turn is an inverted synonym for read only (the man page says that read only is the synonym and writeable is the actual parameter but this is wrong). The default for read only is yes which makes the default for writable no. testparm -s /dev/null | grep read only read only = Yes -- == Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 [EMAIL PROTECTED] Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer settings problem 2.2.6pre2
On Wed, 25 Sep 2002, Philip T Burrow wrote: I am trying to apply some settings to a printer shared by Samba, including installing the drivers. I notice that I must be in printer admin or be root in order to do this, and I am. The logs say that I'm logged in as admin user (root privileges) which I assume is correct. an admin user is different from actually connecting as root or as a printer admin cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org SAMS Teach Yourself Samba in 24 Hours 2ed. ISBN 0-672-32269-2 --I never saved anything for the swim back. Ethan Hawk in Gattaca-- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ÖÐ-¹ú-Æó-Òµ-Ãû-¼
×îÐÂÊý¾Ý¿âÃû¼£º ÆóÒµÃû¼¹âÅÌ£º ÖйúÆóÒµÃû¼¹âÅÌ£¬ÏêϸµÄ˵Ã÷ÁË¡°µ¥Î»Ãû³Æ¡¢·¨ÈË´ú±í»ò¸ºÔðÈË¡¢¸ºÔðÈËְλ¡¢ ͨѶµØÖ·¡¢µç»°¡¢µç»°·Ö»ú¡¢´«Õæ¡¢ÓÊÕþ±àÂë¡¢¾¼ÃÐÔÖÊ¡¢ÐÐÒµÐÔÖÊ¡±¡£ÆóÒµÃû¼ ¹âÅÌΪһ¸öAccessµÄÊý¾Ý¿âÎļþ£¬¹²4,390,659¸öÆóÒµ£¬°üº¬100¶à¸öÐÐÒµ¡£ ±¨¼Û£ºÕûÌ×2000ÔªÈËÃñ±Ò °´ÐÐÒµ³öÊÛ£ºÃ¿¸öÐÐÒµ£º100ÔªÈËÃñ±Ò °´µØÇø³öÊÛ£ºÃ¿¸ö³ÇÊÐ100Ôª£¬Ã¿¸öÊ¡·Ý300Ôª£¬Ã¿¸öֱϽÊÐ200Ôª¡£ ÎÒÃǵÄÍøÕ¾½éÉܸü¶àµÄÆóÒµ·þÎñÏîÄ¿£¬ÏêϸÇë²é¿´£ºhttp://www.e137.com Ò»ÈýÆßÍøÂç·þÎñÓÐÏÞ¹«Ë¾ ÒµÎñÁªÏµ£º[EMAIL PROTECTED] ÁªÏµµç»°£º0592-8834438 ¶ÏÈÉú ÍøÖ·£ºhttp://www.e137.com http://www.e137.net Èç¹û´ËÓʼþ¸øÄú´øÀ´²»±ã£¬±íʾǸÒ⣡ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Is this a DOS behavior, or a bug?
I have a parent directory /foo with permission as 0777, which is a samba share. As root on Unix, I created a sub-directory /foo/bar, and a file /foo/bar2, both with permission as 0400. Now login to samba as Unix user nobody, I can delete the directory bar but not the file bar2. Is this a bug, or an expected behavior? Chere -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer settings problem 2.2.6pre2
On Wed, 25 Sep 2002, Philip T Burrow wrote: I am trying to apply some settings to a printer shared by Samba, including installing the drivers. I notice that I must be in printer admin or be root in order to do this, and I am. The logs say that I'm logged in as admin user (root privileges) which I assume is correct. an admin user is different from actually connecting as root or as a printer admin Regardless, I was in both in smb.conf when I experienced the problem. P. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Autoreply to samba digest, Vol 1 #1678 - 28 msgs
Vielen Dank für Ihre e-mail. Da ich vom 30.09.-06.10 in Urlaub bin, kann ich sie leider erst danach bearbeiten bzw. beantworten. In dringenden Fällen, können Sie sich gerne an meinen Kollegen Herrn Lamotte wenden. Er hat die email-Adresse [EMAIL PROTECTED] und ist telefonisch unter 07142/596-152 zu erreichen. Mit freundlichen Grüßen Michael Müller G. Umbreit GmbH Co.KG -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] quick question about the wins database.
Version 2.2.5 on 2.4.18-6mdk ive got the following in my smb.conf [global] add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u workgroup = ARCHANGEL netbios aliases = CYBERCENTER PARISHCENTER netbios name = PENGUIN server string = Samba Server %v security = SERVER guest account = nobody map to guest = bad user #security = user os level = 33 domain master = No domain logons = No encrypt passwords = Yes password server = 10.10.10.99 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat dns proxy = No wins support = Yes hosts allow = hosts allow = 10.10.10.0/255.255.255.0 printing = cups print command = /usr/bin/lp -d%p -oraw %s; rm %s lpq command = /usr/bin/lpstat -o%p lprm command = /usr/bin/cancel %p-%j queuepause command = /usr/bin/disable %p queueresume command = /usr/bin/enable %p my question is, ive got wins turned on, smbd and nmbd are running, but there is no wins.dat in /usr/local/samba/var/locks I know there is something simple im missing, but what? Jason -- | Jason Welsh [EMAIL PROTECTED] | |http://monsterjam.org | -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] printers + windows XP
I have samba set up on slackware linux. I have a printer set up on the same machine. It shows up on the windows XP machine and even lets me install and everything. It keeps saying access denied though. I have tried all sorts of stuff to get it to work with the XP machine but I keep gettting the same error. This is my smb.conf: [global] printing = bsd printcap name = /etc/printcap load printers = yes log file = /var/log/samba-log.%m lock directory = /var/lock/samba encrypt passwords = yes security = user null passwords = yes [printers] comment = All Printers path = /var/spool/lpd/Lexmark browseable = no printable = yes public = yes writable = no inherit permissions = yes create mode = 0700 guest ok = yes [homes] comment = home directory browseable = no read only = no create mode = 0750 [tmp] comment = Temporary file space path = /tmp read only = no public = yes any suggestions will be greatly appreciated Robin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba error log
Hi, Are there any tools which can separate between error and information logs? I need for any tools that can view only error logs of samba. Thank you.Get a bigger mailbox -- choose a size that fits your needs.
[Samba] Acceso a sus datos.
Recibe este mensaje porque su dirección figura suscrita en este momento a una de las listas de correo gratuitas alojadas en pc-portatil.com. Su e-mail está suscrito a la siguiente lista: PC-PORTATIL3 En previsión del Proyecto de Ley de Servicios de la Sociedad de la Información y de Comercio Electrónico (la LSSI-CE) recientemente aprobado por el parlamento español (http://www.setsi.mcyt.es/lssi/lssi_txtproyecto.htm) y de la vigente Ley Orgánica 15 13/12/1999 de Protección de Datos española, estamos obligados a comunicarle que su dirección de correo figura en este momento suscrita a una de las listas de correo gratuitas alojadas en www.pc-portatil.com, formando parte de un fichero automatizado al objeto de continuar ofreciendole dichos servicios, así como comunicarle su opción de cancelación o modificación de estos datos, siendo este el principal motivo de este comunicado. En virtud de las Leyes antes mencionadas, usted tiene derecho de oposición, acceso, rectificación y cancelación de sus datos. Es por ello que le comunicamos el mecanismo que ponemos a su alcance para ejercer sus derechos: Como el único dato que guardamos es el e-mail, solamente caben dos acciones a realizar sobre este dato: eliminarlo de nuestra base de datos o modificarlo. * Para ELIMINAR su e-mail de nuestra base de datos solamente tiene que pinchar, hacer click en el link que va a continuación: http://www.pc-portatil.com/cgi-bin/mojo/mojo.cgi?f=ul=pcportatil%33[EMAIL PROTECTED]p=4410 - Si no puede pinchar el link en su cliente de correo, cópielo y péguelo en su navegador web. - Si no puede ver el link o no funciona por cualquier motivo, mándenos un e-mail a [EMAIL PROTECTED] y lo eliminaremos nosotros manualmente. * Para CAMBIAR su e-mail debe dar de baja su e-mail actual y acto seguido dar de alta su nuevo e-mail, para hacerlo puede suscribirse directamente en nuestra página web http://www.pc-portatil.com * Si por cualquier motivo se decide por NO HACER NADA, su dirección de correo electrónico continuará suscrita a la lista mas arriba mencionada. PC-PORTATIL.COM URL: http://www.pc-portatil.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Profiles
Hi. I'm new to the list and I hope I'm not boring anyone with old news. I did grep through the archives and I came up dry. I have two problems that I'm trying to solve. The first problem is that some of my users have My Documents folders that are measured in tonnage. How can I make Windows not save this directory? I believe that the fault is with windows because whenever I change anything to prevent it from saving, windows barks a warning. I don't want these files on my server, and my laptop users are crying because it takes so long to shut down. The second problem is thumbs.db desktop.ini. I believe these are produced by windows explorer and are usually hidden/system files or something. Well, when they're copied back to the workstation from the profile it seems that they lose their magical properties. I'd like to get these to work properly. Everyone keeps complaining about desktop icons averywhere and the art director always has to select thumbnail view on every directory. Again, I apologize if this is covered ground, but I did search though the archives, and Samba Unleashed isn't being very forthcoming. Thanks - Mark _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Password Expiry
Hi guys... I setup samba 2.2.5 as a PDC ... I have w2k clients. It seems that now I am prompted to change my password because it is going to expire Could you guys tell me how and where to disable password expiry? cheers` -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password and case sensitivity
Joseph Kezar wrote: We are using samba as our fileserver. And we have a Windows 2000 PDC in place here as well. The PDC is our password server. we have these directives: password server = ip_address_of_win_PDC encrypt passwords = yes And when we use pam_smb to authenticate it is not case sensitive. if I have a password of dOpTog6, doptog6 is just fine. How can I make samba more strict. I tried password level = 24. and that didnt seem to do anything. pam_smb uses lanman passwords, which are not case sensitive. Install winbind and use pam_winbind instead. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Prevent NULL Session
M Maki wrote: I have a couple of Samba (2.0.7 2.2.0) servers I scanned with Nessus and they reported a security hole of Possible to login to the remote host using a NULL session I have a couple of NT servers I disabled with a registry edit. Is there a way to prevent this on the Samba servers or is it evan a valid issue? Samba HEAD starts to add some of this, but the manpage is compleatly inaccurate... Set 'restrict anonymous = 1' should get you the start. I'm looking into how to best implement 'restrict anonymous = 2'. In the meantime, if you set 'auth methods = sam' (for standalone servers) then it will skip the 'guest' module, and deny all anonymous connections. However, this will break browsing and other services. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Fw: Question for Samba list
- Original Message - From: Betty Johnson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 01, 2002 10:41 PM Subject: Question for Samba list The version of Samba that is with Mandrake 9 is 2.2.6pre2 or something like that. It does a much better job of recognizing ntfs partitions and it automatically mounts my ntfs half on the laptop. Really nice. What I would like to find out, if possible, is if anyone has had any problems connecting Mac OS X (10.2 or Jaguar) to a Samba server, what sort of problems, what version of Samba they were running, and what did they do to fix it. Thanks! -- The real art of conversation is not only to say the right thing in the right place, but also to leave unsaid the wrong thing at the tempting moment. Betty Johnson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba Installation
Titus: If you are using Redhat, it would be much easier to install there latest rpm. However if you want the latest Samba, when you unzip the one you have, there will be instructions. It is usually in a file called INSTALL or something similar. Hope that helps. Stu.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Titus Syengo Sent: October 1, 2002 10:30 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba Installation I am a newbie in Linux and I wish to install Samba but Red hat looks so different from MS products that I have no idea how applications can be installed in Linux. i have downloaded the .tar.gz samba file but now I am stuck. How do i go about installing Samba? Titus, -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[PATCH] sam backend parameter
Hi Jelmer,
here's a patch witch changes the syntax of the sam backend parameter:
now it's plugin[|DOMAIN][:options] ... I think it nicer:-)
If you didn't accept that patch please move the 'strchr' to 'strrchr', (but
there're also a few other bugs, in the parsing sam_backend_string in
make_backend_entry()), because as it is now it didn't work with:
plugin[:options][|DOMAIN] :-(
plugin:/usr/lib/samba/sam_passdb.so:test|test2:test3|test4|MX.BASE
breaks it...
metze
-
Stefan metze Metzmacher [EMAIL PROTECTED]
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#*
HEAD/source/sam/interface.c HEAD-fix/source/sam/interface.c
--- HEAD/source/sam/interface.c Mon Sep 30 07:29:04 2002
+++ HEAD-fix/source/sam/interface.c Tue Oct 1 09:35:27 2002
@@ -136,23 +136,22 @@ static NTSTATUS make_backend_entry(SAM_B
SAM_ASSERT(sam_backend_string backend_entry);
- backend_entry-module_name = sam_backend_string;
-
- DEBUG(5,(makeing backend_entry for %s\n, backend_entry-module_name));
-
+ DEBUG(5,(makeing backend_entry for %s\n, sam_backend_string));
+
+ if ((tmp = strchr(tmp_string, ':')) != NULL) {
+ *tmp = 0;
+ backend_entry-module_params = smb_xstrdup(tmp + 1);
+ DEBUG(20,(options for the backend:
+%s\n,backend_entry-module_params));
+ }
+
if ((tmp = strchr(tmp_string, '|')) != NULL) {
- DEBUGADD(20,(a domain name has been specified\n));
*tmp = 0;
backend_entry-domain_name = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
+ DEBUGADD(20,(the domain name is: %s\n,backend_entry-domain_name));
}
- if ((tmp = strchr(tmp_string, ':')) != NULL) {
- DEBUG(20,(options for the backend have been specified\n));
- *tmp = 0;
- backend_entry-module_params = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
+ backend_entry-module_name = smb_xstrdup(tmp_string);
+ DEBUGADD(20,(module name is: %s\n, backend_entry-module_name));
if (backend_entry-domain_name == NULL) {
DEBUG(10,(make_backend_entry: no domain was specified for sam module
%s. Using default domain %s\n,
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#*
HEAD/source/torture/cmd_sam.c HEAD-fix/source/torture/cmd_sam.c
--- HEAD/source/torture/cmd_sam.c Mon Sep 30 07:29:04 2002
+++ HEAD-fix/source/torture/cmd_sam.c Tue Oct 1 09:26:32 2002
@@ -61,7 +61,7 @@ static NTSTATUS cmd_load_module(struct s
}
if (argc == 3)
- asprintf(plugin_arg[0], plugin:%s|%s, argv[1], argv[2]);
+ asprintf(plugin_arg[0], plugin|%s:%s, argv[2], argv[1]);
else
asprintf(plugin_arg[0], plugin:%s, argv[1]);
implementing a new smbd vfs
hi all, i currently work on an academic project of parallel storage that uses one server to cache the directories and file information while the files themselves are stored somewhere in the net. i thought that an smb front-end will be a good idea so i over-loaded the function vfs_opendir, vfs_readdir, vfs_stat (all of them) and vfs_open in the vfswrap.c while that works great for single file operation, it's fails when i try (from a win2000 client) to copy a directory or to copy multiple files. what do i need to implement/change in order to support multiple file operation ? rafi.
Re: implementing a new smbd vfs
At 08:44 01.10.2002 +, Rafi Yanai wrote: hi all, i currently work on an academic project of parallel storage that uses one server to cache the directories and file information while the files themselves are stored somewhere in the net. i thought that an smb front-end will be a good idea so i over-loaded the function vfs_opendir, vfs_readdir, vfs_stat (all of them) and vfs_open in the vfswrap.c while that works great for single file operation, it's fails when i try (from a win2000 client) to copy a directory or to copy multiple files. what do i need to implement/change in order to support multiple file operation ? sounds nice. I was also thought about writing such a module today.:-) Can you send code then it's easier to help. metze - Stefan metze Metzmacher [EMAIL PROTECTED]
[PATCH] add -D ... to winbindd
Hi all,
here's a patch witch adds a -D option and -V option to winbindd.
I think smbd, nmbd and wrepld have also this options and so it would be
nice to keep them in sync.
I also update the docu for this change.
metze
-
Stefan metze Metzmacher [EMAIL PROTECTED]
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#*
HEAD/source/nsswitch/winbindd.c HEAD-fix/source/nsswitch/winbindd.c
--- HEAD/source/nsswitch/winbindd.c Wed Sep 18 09:44:23 2002
+++ HEAD-fix/source/nsswitch/winbindd.c Tue Oct 1 10:48:19 2002
@@ -742,12 +742,14 @@ struct winbindd_state server_state; /*
static void usage(void)
{
printf(Usage: winbindd [options]\n);
+ printf(\t-Ddaemon mode(default)\n);
printf(\t-iinteractive mode\n);
printf(\t-Bdual daemon mode\n);
printf(\t-ndisable cacheing\n);
printf(\t-d level set debug level\n);
printf(\t-s configfile choose smb.conf location\n);
printf(\t-hshow this help message\n);
+ printf(\t-VPrint version\n);
}
int main(int argc, char **argv)
@@ -758,6 +760,7 @@ static void usage(void)
extern BOOL append_log;
pstring logfile;
int accept_sock;
+ BOOL is_daemon = False;
BOOL interactive = False;
int opt;
@@ -788,11 +791,24 @@ static void usage(void)
/* Initialise samba/rpc client stuff */
- while ((opt = getopt(argc, argv, id:s:nhB)) != EOF) {
+ while ((opt = getopt(argc, argv, id:s:DnhBV)) != EOF) {
switch (opt) {
+ /* Become a deamon(default) */
+ case 'D':
+ if (interactive) {
+ printf(Option %c can't be used with option -i\n,
+(char)opt);;
+ exit(1);
+ }
+ is_daemon = True;
+ break;
+
/* Don't become a daemon */
case 'i':
+ if (is_daemon) {
+ printf(Option %c can't be used with option -D\n,
+(char)opt);;
+ exit(1);
+ }
interactive = True;
break;
@@ -820,13 +836,24 @@ static void usage(void)
case 'h':
usage();
exit(0);
-
+ break;
+
+ case 'V':
+ printf(Version %s\n,VERSION);
+ exit(0);
+ break;
+
default:
printf(Unknown option %c\n, (char)opt);
exit(1);
}
}
+ /* use daemon mode as default */
+ if (!interactive) {
+ is_daemon = True;
+ }
+
snprintf(logfile, sizeof(logfile), %s/log.winbindd, dyn_LOGFILEBASE);
lp_set_logfile(logfile);
setup_logging(winbindd, interactive);
@@ -853,7 +880,7 @@ static void usage(void)
fstrcpy(global_myworkgroup, lp_workgroup());
- if (!interactive) {
+ if (is_daemon) {
become_daemon();
pidfile_create(winbindd);
}
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#*
HEAD/docs/docbook/manpages/smbd.8.sgml HEAD-fix/docs/docbook/manpages/smbd.8.sgml
--- HEAD/docs/docbook/manpages/smbd.8.sgml Wed May 8 17:34:58 2002
+++ HEAD-fix/docs/docbook/manpages/smbd.8.sgml Tue Oct 1 10:44:48 2002
@@ -197,7 +197,7 @@
term-p lt;port numbergt;/term
listitemparareplaceableport number/replaceable is a positive
integer
value. The default value if this parameter is not
- specified is 139./para
+ specified is 139 and 445./para
paraThis number is the port number that will be
used when making connections to the server from client
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#*
HEAD/docs/docbook/manpages/winbindd.8.sgml
HEAD-fix/docs/docbook/manpages/winbindd.8.sgml
--- HEAD/docs/docbook/manpages/winbindd.8.sgml Fri Sep 27 23:05:24 2002
+++ HEAD-fix/docs/docbook/manpages/winbindd.8.sgml Tue Oct 1 10:49:17 2002
@@ -16,9 +16,13 @@
refsynopsisdiv
cmdsynopsis
commandwinbindd/command
- arg choice=opt-i/arg
+ arg choice=opt-D|-i/arg
+ arg choice=opt-B/arg
+ arg choice=opt-n/arg
arg choice=opt-d lt;debug levelgt;/arg
arg choice=opt-s lt;smb config filegt;/arg
+ arg
Re: [PATCH] add -D ... to winbindd
At 11:42 01.10.2002 +0200, Stefan (metze) Metzmacher wrote: Hi all, here's a patch witch adds a -D option and -V option to winbindd. I think smbd, nmbd and wrepld have also this options and so it would be nice to keep them in sync. I also update the docu for this change. metze - Stefan metze Metzmacher [EMAIL PROTECTED] diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/docs/docbook/manpages/smbd.8.sgml HEAD-fix/docs/docbook/manpages/smbd.8.sgml --- HEAD/docs/docbook/manpages/smbd.8.sgml Wed May 8 17:34:58 2002 +++ HEAD-fix/docs/docbook/manpages/smbd.8.sgml Tue Oct 1 10:44:48 2002 @@ -197,7 +197,7 @@ term-p lt;port numbergt;/term listitemparareplaceableport number/replaceable is a positive integer value. The default value if this parameter is not - specified is 139./para + specified is 139 and 445./para please ignore this part of the patch( this should go into an other patch...) paraThis number is the port number that will be used when making connections to the server from client metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Samba 3.0 and swat.
Hi, In my smb.conf the next fields are all filled in properly: ldap suffix = dc=elton-intra,dc=net ldap machine suffix = ou=Computers,dc=elton-intra,dc=net ldap user suffix = ou=Users,dc=elton-intra,dc=net ldap admin dn = cn=Manager,dc=elton-intra,dc=net ldap ssl = no However, on the Swat global page the fields all are blank. Also, the advanced and developer view doesn't seem to work on this page. There is no button to change the view. Has anyone else noticed this? Eddie.
[PATCH] sam backend parameter
Well, I'm starting to think our syntax is just getting too complex. All the 'solutions' for putting 'domain' in there just look ugly! Some poor admin has to construct this line, and even if they don't use multidomain stuff (and that's almost everybody), then have to read the doco that attempts to explain it. I think we should remove the DOMAIN bit compleatly, and allow backends to store both their own SID and thier domain name. If they don't 'know' it, then they can either chose the default, or use a 'parametric option' to specify it. What about using the WORKGROUP parameter as the default domain vallue? And an extra parameter like multiple domain support = False|DOMAIN1,DOMAIN2,etc? It's just an idea, I am not a developper myself tough. Eddie.
[PATCH] net_ads_user/group with selectable container
hi,
attached is a patch for the net-tool that makes the default
dn-component cn=Users selectable with a -c|--container-switch
upon creation of groups and users in ADS.
the patch applies to HEAD and 3_0.
bye,
guenther
--
Guenther Deschner [EMAIL PROTECTED]
SuSE Linux AGGnuPG: 8EE11688
Berliner Str. 27 phone: +49 (0) 30 / 430944778
D-13507 Berlin fax: +49 (0) 30 / 43732804
diff -Nur source/utils/net.c source/utils/net.c
--- source/utils/net.c Fri Sep 27 09:42:34 2002
+++ source/utils/net.c Tue Oct 1 12:22:00 2002
@@ -68,6 +68,7 @@
int opt_port = 0;
int opt_maxusers = -1;
char *opt_comment = ;
+char *opt_container = cn=Users;
int opt_flags = -1;
int opt_jobid = 0;
int opt_timeout = 0;
@@ -459,6 +460,7 @@
{myname, 'n', POPT_ARG_STRING, opt_requester_name},
{conf,'s', POPT_ARG_STRING, servicesf},
{server, 'S', POPT_ARG_STRING, opt_host},
+ {container, 'c', POPT_ARG_STRING, opt_container},
{comment, 'C', POPT_ARG_STRING, opt_comment},
{maxusers,'M', POPT_ARG_INT,opt_maxusers},
{flags, 'F', POPT_ARG_INT,opt_flags},
diff -Nur source/utils/net.h source/utils/net.h
--- source/utils/net.h Tue Jun 25 04:29:09 2002
+++ source/utils/net.h Tue Oct 1 12:19:51 2002
@@ -38,10 +38,8 @@
extern int opt_maxusers;
extern char *opt_comment;
+extern char *opt_container;
extern int opt_flags;
-
-extern char *opt_comment;
-
extern char *opt_target_workgroup;
extern int opt_long_list_entries;
extern int opt_reboot;
diff -Nur source/utils/net_ads.c source/utils/net_ads.c
--- source/utils/net_ads.c Tue Sep 17 14:15:52 2002
+++ source/utils/net_ads.c Tue Oct 1 12:33:44 2002
@@ -255,7 +255,7 @@
goto done;
}
- status = ads_add_user_acct(ads, argv[0], opt_comment);
+ status = ads_add_user_acct(ads, argv[0], opt_container, opt_comment);
if (!ADS_ERR_OK(status)) {
d_printf(Could not add user %s: %s\n, argv[0],
@@ -431,7 +431,7 @@
goto done;
}
- status = ads_add_group_acct(ads, argv[0], opt_comment);
+ status = ads_add_group_acct(ads, argv[0], opt_container, opt_comment);
if (ADS_ERR_OK(status)) {
d_printf(Group %s added\n, argv[0]);
diff -Nur source/utils/net_help.c source/utils/net_help.c
--- source/utils/net_help.c Tue Sep 24 20:10:30 2002
+++ source/utils/net_help.c Tue Oct 1 13:01:50 2002
@@ -69,13 +69,13 @@
\n\tDelete specified user\n);
d_printf(\nnet method user INFO name [misc. options] [targets]\
\n\tList the domain groups of the specified user\n);
- d_printf(\nnet method user ADD name [password] [-F user flags] [misc.
options]\
+ d_printf(\nnet method user ADD name [password] [-F user flags] [-c
+container] [misc. options]\
[targets]\n\tAdd specified user\n);
net_common_methods_usage(argc, argv);
net_common_flags_usage(argc, argv);
- d_printf(
-\t-C or --comment=comment\tdescriptive comment (for add only)\n);
+ d_printf(\t-C or --comment=comment\tdescriptive comment (for add only)\n);
+ d_printf(\t-c or --container=container\tLDAP container, defaults to
+cn=Users (for add in ADS only)\n);
return -1;
}
@@ -85,12 +85,12 @@
\n\tList user groups\n\n);
d_printf(net method group DELETE name [misc. options] [targets]\
\n\tDelete specified group\n);
- d_printf(\nnet method group ADD name [-C comment]\
+ d_printf(\nnet method group ADD name [-C comment] [-c container]\
[misc. options] [targets]\n\tCreate specified group\n);
net_common_methods_usage(argc, argv);
net_common_flags_usage(argc, argv);
- d_printf(
-\t-C or --comment=comment\tdescriptive comment (for add only)\n);
+ d_printf(\t-C or --comment=comment\tdescriptive comment (for add only)\n);
+ d_printf(\t-c or --container=container\tLDAP container, defaults to
+cn=Users (for add in ADS only)\n);
return -1;
}
diff -Nur source/libads/ldap_user.c source/libads/ldap_user.c
--- source/libads/ldap_user.c Wed Aug 7 12:33:22 2002
+++ source/libads/ldap_user.c Tue Oct 1 12:46:08 2002
@@ -38,7 +38,7 @@
}
ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
-const char *fullname)
+const char *container, const char *fullname)
{
TALLOC_CTX *ctx;
ADS_MODLIST mods;
@@ -57,7 +60,7 @@
if (!(upn = talloc_asprintf(ctx, %s@%s, user, ads-config.realm)))
goto done;
- if (!(new_dn = talloc_asprintf(ctx, cn=%s,cn=Users,%s, name,
+ if (!(new_dn = talloc_asprintf(ctx,
register_message_flags: tdb_fetch failed
Does somebody knows what is causing this problem?
[2002/10/01 09:32:28, 1, effective(500, 500), real(0, 0)]
smbd/ipc.c:api_fd_reply(284)
api_fd_reply: INVALID PIPE HANDLE: 76e3
[2002/10/01 09:32:30, 1, effective(500, 500), real(0, 0)]
smbd/service.c:make_connection_snum(681)
192.168.168.35 (192.168.168.35) connect to service eddie initially as user
eddie (uid=500, gid=500) (pid 30099)
[2002/10/01 09:32:44, 1, effective(0, 0), real(0, 0)]
smbd/service.c:close_cnum(852)
192.168.168.35 (192.168.168.35) closed connection to service eddie
[2002/10/01 09:39:29, 0, effective(0, 0), real(0, 0)]
lib/util_sock.c:read_socket_data(418)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2002/10/01 09:39:54, 0, effective(0, 0), real(0, 0)]
smbd/service.c:make_connection(830)
192.168.168.35 (192.168.168.35) couldn't find service c
[2002/10/01 09:40:17, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 09:40:17, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 09:40:17, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 09:40:47, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 09:41:57, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 09:41:57, 0, effective(0, 0), real(0, 0)]
smbd/service.c:make_connection(830)
192.168.168.35 (192.168.168.35) couldn't find service
::{2227a280-3aea-1069-a2de-08002b30309d}
[2002/10/01 09:41:59, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 09:42:01, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 09:42:01, 0, effective(0, 0), real(0, 0)]
smbd/service.c:make_connection(830)
192.168.168.35 (192.168.168.35) couldn't find service
::{2227a280-3aea-1069-a2de-08002b30309d}
[2002/10/01 09:42:29, 1, effective(500, 500), real(0, 0)]
smbd/service.c:make_connection_snum(681)
192.168.168.35 (192.168.168.35) connect to service eddie initially as user
eddie (uid=500, gid=500) (pid 30146)
[2002/10/01 09:42:39, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 09:43:18, 1, effective(0, 0), real(0, 0)]
smbd/service.c:close_cnum(852)
192.168.168.35 (192.168.168.35) closed connection to service eddie
[2002/10/01 13:33:17, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 13:33:17, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 13:33:17, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 13:34:16, 0, effective(500, 500), real(0, 0)]
smbd/connection.c:register_message_flags(212)
register_message_flags: tdb_fetch failed
[2002/10/01 15:25:10, 1, effective(500, 500), real(0, 0)]
smbd/ipc.c:api_fd_reply(284)
api_fd_reply: INVALID PIPE HANDLE: 74f2
[2002/10/01 15:25:12, 1, effective(500, 500), real(0, 0)]
smbd/service.c:make_connection_snum(681)
192.168.168.35 (192.168.168.35) connect to service eddie initially as user
eddie (uid=500, gid=500) (pid 31898)
[2002/10/01 15:25:20, 1, effective(0, 0), real(0, 0)]
smbd/service.c:close_cnum(852)
192.168.168.35 (192.168.168.35) closed connection to service eddie
Eddie.
16 users
I am using samba 2.2.2 and have the, max smbd processes=0, and max connections=0 which I thought meant unlimited but am still limited to 16 samba users. any ideas on what I did wrong? help Kevin
RE: 16 users
I am using samba 2.2.2 and have the, max smbd processes=0, and max connections=0 which I thought meant unlimited but am still limited to 16 samba users. any ideas on what I did wrong? help Kevin I am running samba on HPUX 10.20 with windows 2000 clients
Re: [PATCH] sam backend parameter
Eddie Lania wrote: Well, I'm starting to think our syntax is just getting too complex. All the 'solutions' for putting 'domain' in there just look ugly! Some poor admin has to construct this line, and even if they don't use multidomain stuff (and that's almost everybody), then have to read the doco that attempts to explain it. I think we should remove the DOMAIN bit compleatly, and allow backends to store both their own SID and thier domain name. If they don't 'know' it, then they can either chose the default, or use a 'parametric option' to specify it. What about using the WORKGROUP parameter as the default domain vallue? And an extra parameter like multiple domain support = False|DOMAIN1,DOMAIN2,etc? It's just an idea, I am not a developper myself tough. Eddie. I don't think the WORKGROUP parameter is the right one. winbindd has the same problem when you specify use default domain = yes. It chooses the WORKGROUP but that is not always what is wanted. Many people have a setup where all user accounts are in an authentication domain and all machines go into different resource domains with trust relationships set up between the domains. In this case it would be nice for winbindd to use the default authentication domain not the resource domain listed in WORKGROUP for the user/group mapping. Unfortunately I think we need another parameter other than WORKGROUP to specify the default domain to give us the flexibility for cases like this.
Re: Heimdal and 3.0
There was a fair bit of patching of the code. I can make some diffs but if someone has made a clean diff against Heimdal to add the necessary MIT functionality maybe it would be better to use that. -- luke From: Steve Shockley [EMAIL PROTECTED] Subject: Re: Heimdal and 3.0 To: [EMAIL PROTECTED] Date: Tue, 1 Oct 2002 09:29:44 -0400 I managed to convince the HEAD to compile with Heimdal with a little work, using the keytab rather than SAMBA's LSA secret repository. Haven't tested it yet, but I'm getting around to it. Thanks for the info. Did you solve it by patching the code, or was it just tweaking compile-time options? -- Luke Howard | PADL Software Pty Ltd | www.padl.com
Re: [PATCH] sam backend parameter
On Tue, Oct 01, 2002 at 12:59:47PM +0200, Eddie Lania wrote: Well, I'm starting to think our syntax is just getting too complex. All the 'solutions' for putting 'domain' in there just look ugly! Some poor admin has to construct this line, and even if they don't use multidomain stuff (and that's almost everybody), then have to read the doco that attempts to explain it. I think we should remove the DOMAIN bit compleatly, and allow backends to store both their own SID and thier domain name. If they don't 'know' it, then they can either chose the default, or use a 'parametric option' to specify it. What about using the WORKGROUP parameter as the default domain vallue? And an extra parameter like multiple domain support = False|DOMAIN1,DOMAIN2,etc? It's just an idea, I am not a developper myself tough. What domainname/domainsid would belong to what sam backend then...? Jelmer
Re: [PATCH] sam backend parameter
Well, I'm starting to think our syntax is just getting too complex. All the 'solutions' for putting 'domain' in there just look ugly! Some poor admin has to construct this line, and even if they don't use multidomain stuff (and that's almost everybody), then have to read the doco that attempts to explain it. I think we should remove the DOMAIN bit compleatly, and allow backends to store both their own SID and thier domain name. If they don't 'know' it, then they can either chose the default, or use a 'parametric option' to specify it. What about using the WORKGROUP parameter as the default domain vallue? And an extra parameter like multiple domain support = False|DOMAIN1,DOMAIN2,etc? It's just an idea, I am not a developper myself tough. What domainname/domainsid would belong to what sam backend then...? Like I've said, I'm not a developer, but maybe the multiple domain support parameter could be extended with the backend method? Like this: multiple domain support = DOMA:backendA, DOMB:backendB, etc But I guess this will be to long too. That is actually the way 'sam backends' is at the moment... Jelmer
Re: [PATCH] sam backend parameter
On Tue, Oct 01, 2002 at 09:48:34AM +0200, Stefan (metze) Metzmacher wrote about '[PATCH] sam backend parameter': Hi Jelmer, here's a patch witch changes the syntax of the sam backend parameter: now it's plugin[|DOMAIN][:options] ... I think it nicer:-) If you didn't accept that patch please move the 'strchr' to 'strrchr', (but there're also a few other bugs, in the parsing sam_backend_string in make_backend_entry()), because as it is now it didn't work with: plugin[:options][|DOMAIN] :-( plugin:/usr/lib/samba/sam_passdb.so:test|test2:test3|test4|MX.BASE breaks it... This would be fixed by changing strchr to strrchr... Your patch would break backwards compatibility, and that's where this format was aimed at initially.. Secondly, having the backend and the backend parameters seperated is not very logicial, especially for plugin. Jelmer
Re: Developer docs
On Mon, 30 Sep 2002, Gerald Carter wrote: Thanks to Jelmer we mow have a good framework for adding Developer specific documentation. See http://www.samba.org/samba/ftp/docs/Samba-Developer-Guide.[pdf|html] Should be http://www.samba.org/samba/docs/Samba-Developers-Guide.[pdf|html] Sorry. cheers, jerry
Re: Simplifying the multiple password backend code in HEAD and 3.0.
[EMAIL PROTECTED] wrote: Spurred on by some complaints in IRC :-) I took a look at the passdb backend code in HEAD and 3.0. So I see... Must remember never to sleep... It looks nice, but it's horribly complex for what it needs to do (IMHO). Is there any real reason to have multiple possible backends simultaneously in a cascaded interface ? The cascaded stuff was added because I felt it could be useful - and ctrlsoft wrote a patch the used the existing code to maximal advantage. Then, I took this work further and used it to help keep the issue of 'unix accounts not in the sam' (and their matching rids) at bay. Personally, I like the idea of abstraction, where this special case is dealt with in a module, rather than in the interface. This appears to be contrary to the fundamental design philosophies of others :-( I can see the benefits of a plug-in architecture to allow different backends to be tested, but what we need is to do *one* good backend implementation (my vote would be for an LDAP one) and then use that to implement others - modfying the interfaces as needed to support any idiosyncracies that come out of the different backends. I'm not sure what you mean here, but it sounds like a really bad idea... I much prefer a relatively sane (yes, it has it's problems) interface that all backends can implement without difficulty. If someone wants to change from one backend to another a decent export_all/import_all interface method is all we need (probably using the enumerate methods). Changing backends is a major thing to do (IMHO) as it means moving data between different databases, and I'm worried that the existing code makes it look as though you can just change a parameter and have it happen automatically. Well, how do you propose to make it 'harder'. It really is just export and change an option, and I think that is a good thing. Comments welcome. but I do want to start cutting out some of this code soon. Yes, well while the current design has it's problems, I do think that it provides a solid base to move into 3.0. (vl has a patch for it that I think does some nice stuff too, without pulling it apart too far). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: Explaining the new SAM
Gerald Carter wrote: On Wed, 2 Oct 2002, Andrew Bartlett wrote: The access checking is done by the SAM module. The reason it is not done 'above' the interface is to ensure a 'choke point'. I put a lot of effort into the auth subsystem to ensure we never 'accidentally' forgot to check for null passwords, missed a restriction etc. I intend the SAM to be written with the same caution. This seems like a lot of duplication of code and can lead to There's a bug in SAM1 but not SAM2. If the access checks will always be the same, why push them into the SAM module and force each write to cut-n-paste security descriptor code. Yes, I am worried about that a bit. The main issue is that I would like a single read from LDAP - so we don't get a race there. But we could do it 'after the fact', and get each module to pass up the security descriptor to the SAM interface layer. The reason the access checking is not handled by the interface itself is due to the different implementations it make take on. For example, on ADS, you cannot set a password over a non-SSL connection. Other backends may have similar requirements - we need to leave this policy up to the modules. They will naturally have access to 'helper' procedures and good examples to avoid mishaps. This still doesn't make sense. The SSL requirement is separate from the security descriptor check (if that is really what you are talking of using). Push the sec_desc check above the SAM and just let the SAM module fail if it has extra requirements. Group common code together. Yes, it could well belong in the interface layer. (Furthermore, some backends my actually chose to push the whole ACL issue to the remote server, and - assuming ldap for this example - bind as the user directly) I see this but I think it tends to muddy the water a little. What exactly are you calling a SAM? Each returned handle has an internal 'access permitted', which allows the 'get' and 'set' routines to return 'ACCESS_DENIED' for things that were not able to be retrieved from the backend. This removes the need to specify the NT_TOKEN on every operation, and allows for 'object not present' to be easily distinguished from 'access denied'. When you 'set' an object (calling sam_update_account) the internal details are again used. Each change that has been made to the object has been flagged, so as to avoid race conditions (on unmodified components) and to avoid violating any extra ACL requirements on the actual data store (like the LDAP server). Finally, we have generic get_sec_desc() and set_sec_desc() routines to allow external ACL manipulation. These do lookups based on SID. So a SAM is a passdb with ACL's. What else? Groups and policies thown in, but it's not really meant to be that massive. One step at a time and such things. Also a move to NTTIME in the interfaces, and an attempt to cope with a wider scope of problems. Mostly it's a rework so we could move further forward then passdb could reasonably be streached. It sounds big, but it really isn't... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: implementing a new smbd vfs
Hi Rafi, to touch the code in source/smbd is bad ! Try to make a vfs module! take a look at examples/VFS a vfs module can be load at run time and can be specify for each share. the functions of the module are overloading the default vfs functions. I have not really take a look at what your code does, I'm a bit busy :-( But I will the next days. metze At 19:57 01.10.2002 +0200, Rafi Yanai wrote: hi Stefan, I packed the file I changed in source/smbd. the code is not documented (yet) so here is a few notes: 1) you can use the cdcatalog.c to create a binary that will catalog a given directory to a file named cd.index. 2) the file contains all the file and directory information for that location and it should be copied into a sub directory (this directory name must be a number) in the server cache directory that is defined in CHANGER_PATH 4) you must share CHANGER_PATH in your smb.conf file 3) in the vfswrap.c functions there is a check if the file belong to the CHANGER_PATH, and if true than the function from vfs-changer.c is called. 4) the function basically bring the cached information from the cd.index file except vfs_open which uses a very simple API that must be implemented by the files provider: i) get_file() copy the requested file to the cache ii) file_accessed() notify the cache (ours is using the LRU algorithm) that a file was accessed. the code is in pre-alpha stage and the data-structures needs to be re-written. it's very simple but it works for single files operations. I need help with multiple file operation. I can't find the where I the smbd code those operation are taking place. metze - Stefan metze Metzmacher [EMAIL PROTECTED]
SAM Layers
A bit of an explanation of where things fit in the 'new SAM' code: We have 3 layers: Application === This is where smbd, samtest and whatever end-user replacement we have for pdbedit sits. They use only the SAM interface, and do not get 'special knowledge' of what is below them. SAM Interface = This level 'owns' the various handle structures, the get/set routines on those structures and provides the public interface. The application layer may initialize a 'context' to be passed to all interface routines, else a default, self-initialising context will be supplied. This layser finds the appropriate backend module for the task, and tries very hard not to need to much 'knowledge'. It should just provide the required abstraction to the modules below, and arrange for their initial loading. We could possibly add ACL checking at this layer, to avoid discrepancies in implementation modules. SAM Modules === These do not communicate with the application directly, only by setting values in the handles, and receiving requests from the interface. These modules are responsible for translating values from the handle's .private into (say) an LDAP modification list. The module is expected to 'know' things like it's own domain SID, domain name, and any other state attached to the SAM. Simpler modules may call back to some helper routine. Special Module: sam_passdb --- In order for there to be a smooth transition, kai is writing a module that reads existing passdb backends, and translates them into SAM replies. (Also pulling data from the account policy DB etc). We also intend to write a module that does the reverse - gives the SAM a passdb interface. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Explaining the new SAM
It seems the 'new SAM' is suffering a bit on the PR front... I'm hoping this is mainly a matter of communication, because we (tried!) to put a lot of thought into the interface. Security in the 'new SAM' = One of the biggest problems with passdb is it's implementation of 'security'. Access control is on a 'are you root at the moment' basis, and it has no concept of NT ACLs. Things like ldapsam had to add 'magic' 'are you root' checks. We took this very seriously when we started work, and the new structure is designed with this in mind, from the ground up. Each call to the SAM has a NT_TOKEN and (if relevant) an 'access desired'. This is either provided as a parameter, or implicitly supplied by the object being accessed. For example, when you call NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account) The context can be NULL (and is used to allow import/export by setting up 2 contexts, and allowing calls on both simultaneously) The access token *must* be specified. Normally the user's token out of current_user, this can also be a global 'system' context. The access desired is as per the ACL, for passing to the seaccess stuff. The domain/username are standard. Even if we only have one domain, keeping this ensures that we don't get 'unqualified' usernames (same problem as we had with unqualified SIDs). We return a 'handle'. This is opaque to the rest of Samba, but is operated on by get/set routines, all of which return NTSTATUS. The access checking is done by the SAM module. The reason it is not done 'above' the interface is to ensure a 'choke point'. I put a lot of effort into the auth subsystem to ensure we never 'accidentally' forgot to check for null passwords, missed a restriction etc. I intend the SAM to be written with the same caution. The reason the access checking is not handled by the interface itself is due to the different implementations it make take on. For example, on ADS, you cannot set a password over a non-SSL connection. Other backends may have similar requirements - we need to leave this policy up to the modules. They will naturally have access to 'helper' procedures and good examples to avoid mishaps. (Furthermore, some backends my actually chose to push the whole ACL issue to the remote server, and - assuming ldap for this example - bind as the user directly) Each returned handle has an internal 'access permitted', which allows the 'get' and 'set' routines to return 'ACCESS_DENIED' for things that were not able to be retrieved from the backend. This removes the need to specify the NT_TOKEN on every operation, and allows for 'object not present' to be easily distinguished from 'access denied'. When you 'set' an object (calling sam_update_account) the internal details are again used. Each change that has been made to the object has been flagged, so as to avoid race conditions (on unmodified components) and to avoid violating any extra ACL requirements on the actual data store (like the LDAP server). Finally, we have generic get_sec_desc() and set_sec_desc() routines to allow external ACL manipulation. These do lookups based on SID. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Memory Management in the 'new SAM'
Hmm, some more random jottings: (I intend to collect all of these, and get them into some kind of development doc) Memory Management = The 'new SAM' development effort also concerned itself with getting a sane implementation of memory management. It was decided that we would be (as much as possible) talloc based, using an 'internal talloc context' on many objects. That is, the creation of an object would initiate it's own internal talloc context, and this would be used for all operations on that object. Much of this is already implemented in passdb. Also, like passdb, it will be possible to specify that some object actually be created on a specified context. Memory management is important here because the APIs in the 'new SAM' do not use 'pdb_init()' or an equivalent. They always allocate new objects. Enumeration's are slightly different, and occur on a supplied context that 'owns' the entire list, rather than per-element. (the enumeration functions return an array of all elements - not full handles just basic (and public) info) Likewise for things that fill in a char **. For example: NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type) Takes a context to allocate the 'name' on, while: NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account) Allocates a handle and stores the allocation context on that handle. I think that the following: NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts) Should have a TALLOC_CTX, but I'll chase it up. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
CVS update: samba/source/include
Date: Tue Oct 1 06:50:38 2002 Author: jra Update of /data/cvs/samba/source/include In directory dp.samba.org:/tmp/cvs-serv1552/include Modified Files: Tag: SAMBA_3_0 client.h smb.h Log Message: Cope with rw errors and timeout to peer. Jeremy. Revisions: client.h1.46.2.3 = 1.46.2.4 http://www.samba.org/cgi-bin/cvsweb/samba/source/include/client.h?r1=1.46.2.3r2=1.46.2.4 smb.h 1.424.2.3 = 1.424.2.4 http://www.samba.org/cgi-bin/cvsweb/samba/source/include/smb.h?r1=1.424.2.3r2=1.424.2.4
CVS update: samba/source/libads
Date: Tue Oct 1 13:10:55 2002 Author: abartlet Update of /home/cvs/samba/source/libads In directory dp.samba.org:/tmp/cvs-serv2728/libads Modified Files: Tag: SAMBA_3_0 kerberos.c Log Message: Updates from Samba HEAD: - Fix segfaults in the 'net ads' commands when no password is provided - Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the old options, but the actual code is available on all ldap systems. - Fix shadow passwords (as per work with vl) - Fix sending plaintext passwords to unicode servers (again vl) - Add a bit of const to secrets.c functions - Fix some spelling and grammer by vance. - Document the -r option in smbgroupedit. There are more changes in HEAD, I'm only merging the changes I've been involved with. Andrew Bartlett Revisions: kerberos.c 1.12.2.3 = 1.12.2.4 http://www.samba.org/cgi-bin/cvsweb/samba/source/libads/kerberos.c?r1=1.12.2.3r2=1.12.2.4
CVS update: samba/source/param
Date: Tue Oct 1 13:10:57 2002 Author: abartlet Update of /home/cvs/samba/source/param In directory dp.samba.org:/tmp/cvs-serv2728/param Modified Files: Tag: SAMBA_3_0 loadparm.c Log Message: Updates from Samba HEAD: - Fix segfaults in the 'net ads' commands when no password is provided - Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the old options, but the actual code is available on all ldap systems. - Fix shadow passwords (as per work with vl) - Fix sending plaintext passwords to unicode servers (again vl) - Add a bit of const to secrets.c functions - Fix some spelling and grammer by vance. - Document the -r option in smbgroupedit. There are more changes in HEAD, I'm only merging the changes I've been involved with. Andrew Bartlett Revisions: loadparm.c 1.397.2.4 = 1.397.2.5 http://www.samba.org/cgi-bin/cvsweb/samba/source/param/loadparm.c?r1=1.397.2.4r2=1.397.2.5
CVS update: samba/docs/manpages
Date: Tue Oct 1 17:02:36 2002 Author: jerry Update of /data/cvs/samba/docs/manpages In directory dp.samba.org:/tmp/cvs-serv24986/manpages Modified Files: findsmb.1 lmhosts.5 make_smbcodepage.1 make_unicodemap.1 net.8 nmbd.8 nmblookup.1 pdbedit.8 rpcclient.1 samba.7 smb.conf.5 smbcacls.1 smbclient.1 smbcontrol.1 smbd.8 smbgroupedit.8 smbmnt.8 smbmount.8 smbpasswd.5 smbpasswd.8 smbsh.1 smbspool.8 smbstatus.1 smbtar.1 smbumount.8 swat.8 testparm.1 testprns.1 vfstest.1 wbinfo.1 winbindd.8 Log Message: * fixed typos in SGML source * regenerated man pages Revisions: findsmb.1 1.9 = 1.10 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/findsmb.1?r1=1.9r2=1.10 lmhosts.5 1.13 = 1.14 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/lmhosts.5?r1=1.13r2=1.14 make_smbcodepage.1 1.35 = 1.36 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/make_smbcodepage.1?r1=1.35r2=1.36 make_unicodemap.1 1.8 = 1.9 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/make_unicodemap.1?r1=1.8r2=1.9 net.8 1.2 = 1.3 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/net.8?r1=1.2r2=1.3 nmbd.8 1.50 = 1.51 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/nmbd.8?r1=1.50r2=1.51 nmblookup.1 1.16 = 1.17 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/nmblookup.1?r1=1.16r2=1.17 pdbedit.8 1.6 = 1.7 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/pdbedit.8?r1=1.6r2=1.7 rpcclient.1 1.15 = 1.16 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/rpcclient.1?r1=1.15r2=1.16 samba.7 1.46 = 1.47 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/samba.7?r1=1.46r2=1.47 smb.conf.5 1.127 = 1.128 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smb.conf.5?r1=1.127r2=1.128 smbcacls.1 1.11 = 1.12 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbcacls.1?r1=1.11r2=1.12 smbclient.1 1.50 = 1.51 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbclient.1?r1=1.50r2=1.51 smbcontrol.11.15 = 1.16 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbcontrol.1?r1=1.15r2=1.16 smbd.8 1.49 = 1.50 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbd.8?r1=1.49r2=1.50 smbgroupedit.8 1.3 = 1.4 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbgroupedit.8?r1=1.3r2=1.4 smbmnt.81.19 = 1.20 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbmnt.8?r1=1.19r2=1.20 smbmount.8 1.21 = 1.22 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbmount.8?r1=1.21r2=1.22 smbpasswd.5 1.12 = 1.13 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbpasswd.5?r1=1.12r2=1.13 smbpasswd.8 1.38 = 1.39 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbpasswd.8?r1=1.38r2=1.39 smbsh.1 1.11 = 1.12 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbsh.1?r1=1.11r2=1.12 smbspool.8 1.11 = 1.12 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbspool.8?r1=1.11r2=1.12 smbstatus.1 1.42 = 1.43 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbstatus.1?r1=1.42r2=1.43 smbtar.11.39 = 1.40 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbtar.1?r1=1.39r2=1.40 smbumount.8 1.18 = 1.19 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/smbumount.8?r1=1.18r2=1.19 swat.8 1.14 = 1.15 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/swat.8?r1=1.14r2=1.15 testparm.1 1.43 = 1.44 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/testparm.1?r1=1.43r2=1.44 testprns.1 1.39 = 1.40 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/testprns.1?r1=1.39r2=1.40 vfstest.1 1.1 = 1.2 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/vfstest.1?r1=1.1r2=1.2 wbinfo.11.12 = 1.13 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/wbinfo.1?r1=1.12r2=1.13 winbindd.8 1.18 = 1.19 http://www.samba.org/cgi-bin/cvsweb/samba/docs/manpages/winbindd.8?r1=1.18r2=1.19
