[Samba] Damnit audit

[Eugene M. Zheganin]

Hi, all.

It seems like everybody ignore my letters about audit in samba.

I wanna ask one simple question-

have anyone working audit in samba ?


 WBR
-- 
Origin:...and your cities will become your tombs(2:5054/63@Fidonet)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Trusted domains with samba3.0

[Paul Taka]

*** Please, even if you have not an answer to my question, just tell me
where can I find more log files or a forum where I could find gurus,
Thanks ***

Hello,

I am testing Samba3.0alpha21 using trusted domains. On my network, I
have:
domain STLO-ADMIN (nt4 server)
domain STLO-SMB (mandrake8.1 - samba3.0alpha21 server)

I want to make a relationship between these 2 domains. So, on my
NT4server, I add STLO-SMB in trusting domains and on my samba server,
I type:

net rpc trustdom establish STLO-ADMIN
root samba password

- then it says:

[2003/01/14 09:19:52, 1] libsmb/cliconnect.c:cli_full_connection(1250)
 failed session setup with NT_STATUS_LOGON_FAILURE
[2003/01/14 09:19:52, 1] utils/net.c:connect_to_ipc(128)
 Cannot connect to server.  Error was NT_STATUS_LOGON_FAILURE
The username or password was not correct.
[2003/01/14 09:19:52, 0] utils/net_rpc.c:rpc_trustdom_establish(1688)
 Couldn't verify trusting domain account. Error was
NT_STATUS_LOGON_FAILURE

I have the same errors if I use net command with -I ip addr nt4
server -U administrateur with nt4 administrator password.

It seems Samba can't see my NT4 domain. Then, if I type:

net rap domain
root samba password

- I have:

Enumerating domains:
   Domain name  Server name of Browse Master
   -
   STLO-SMB  HONFLEUR

But if I type

net rap domain -I ip addr nt4 server -U administrateur
nt4 administrator password

- I have:

[2003/01/14 09:18:46, 1] libsmb/cliconnect.c:cli_full_connection(1218)
 session request to 192.168.25.25 failed (Called name not present)
Enumerating domains:
   Domain name  Server name of Browse Master
   -
   STLO-ADMINGRANVILLE
   STLO-SMB  HONFLEUR

In this case, I can see my 2 domains.


Global section of my smb.conf is:
[global]
   netbios name = honfleur
   workgroup = STLO-SMB

   domain logons = yes
   security = user
   os level = 34
   local master = yes
   preferred master = yes
   domain master = yes
   encrypt passwords = yes

   invalid users = bin daemon adm sync shutdown halt mail \
   news uucp operator gopher

   # domain admin group = root paul // Plus dispo sous samba3

   allow trusted domains = yes

   add user script = /usr/sbin/useradd -g 10001 -d /dev/null \
	-s /bin/false -M %u


Thanks by advance for your help !

Paul




_
MSN Messenger : discutez en direct avec vos amis !  
http://www.msn.fr/msger/default.asp

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] winbind withoutt PAM

[bgforum2002]

As I understood from Samba documentation winbind can run without PAM 
installed; PAM is needed only if I need interactive login in the Unix 
box of NT domain users. Am I correct?

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Changing from Domain security to User authentication - How To ?

[Alan Bradley - CPX WC]

Hi All,

I am new to SAMBA so please be patient!

I currently have SAMBA installed with the following specified in the
smb.conf

workgroup is specified as XX
security is specified as DOMAIN
encrypt passwords is set to YES
password server is set to SOMESERVER
WINS server is specified as: 1.2.3.4

Everything is working well.

The NT people are going to be upgrading to Active Directory over the next
while.  While this is on the go we will have multiple domains , so what I
would like to do is to change the user authentication from DOMAIN to rather
be such that a user has a password that they must enter when conecting to
Samba (or it will connect if the network and Samba passwords are in sync).

Can someone please tell me the following:

A) How I can go about doing this?  What changes I need to make to the
smb.conf and also how do I specify passwords for the users or will it keep
the ones they currently have specified, etc?

B) What version of Samba do I need to be running to achieve this?

I am currently running Samba version 2.0.7

Regards,
Alan.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ghost jobs through samba

[Enriko Groen]

Hi,

I run Samba 2.2.7a on a FreeBSD 4.7 server. Samba is installed WITHOUT
CUPS support.

Recently I shared a printer on a Windows XP machine which is on the
network. Since that moment the ghost print jobs keep appearing at
random. The printer spool identifies them as Low-level documents. All
they are is binary rubbish.

I think this has to do with Samba.

Here's a piece of a logfile:
Jan 22 07:16:57 megatron smbd[9312]: [2003/01/22 07:16:57, 0]
smbd/service.c:make_connection(252)
Jan 22 07:16:57 megatron smbd[9312]:   optimus (192.168.10.2) couldn't
find service $c

(Don't make fun of my hostnames :)

I'm not sure but that could be about the time that the job appeared. Any
ways to prevent this?

--
[ [EMAIL PROTECTED] ] - [ http://www.xhuman.net ]

Never underestimate the stupidity of the general public.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Security question on Domain admins in Samba PDC

[Eirik Thorsnes]

Is there some documentation on the access level of domain admins and the
root user in a Samba PDC?

More to the point: What is the potential damage one can expect with the
loss of a domain admin password and a samba root password (not identical
to the unix root password) respectively? Is it possible to get files
outside of the exported shares (e.g. passwd, smbpasswd) ?

The reason I'm asking is that I recently read a report of a compromise
of a Windows PDC (all passwords extracted / compromised) that was due to
the loss of a domain admin account.

Eirik Thorsnes

-- 
The story so far:
In the beginning the Universe was created. This has made a lot of
people very angry and has been widely regarded as a bad move.
--- Douglas Adams The Hitchhikers Guide to the Galaxy

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Simple Share Question

[Joern . Karthaus]

Hello List

I'm using Samba 2.2.1a in a NT Network as a Domain Member.
Everything works fine. But the size of Share Names from Samba is limited to
12 Charakters.

How can I use long Sharenames ???

Thanks for Answers

Joern Karthaus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba PDC+LDAP on FreeBSD

[Long-Sheng Kuo]

Hello,
  I am trying to use Samba (2.2.7a)+ LDAP (2.0.25) as PDC on FreeBSD 4.7. 
But it turned out that LDAP is not easy-going!!!

  Without LDAP, things seems fine. I can join the Win2000 machine accounts 
and the shares are all right. However, when configurating samba with ldap 
support, then smbpasswd couldn't work anymore.  I can only use
# smbpasswd -w secretpassword

to add the password for rootdn. Nothing else.

  I read some articles online but very few are especially for FreeBSD. In 
addition, a lot of articles about samba+LDAP didn't detail about the CA 
certificate. I am wondering if there is anyone could help me out this 
problems. I think I need to know:

1. What packages/ports do I need to install? Because most papers of LDAP 
online I could find mentioned little about Openssl. However, as I know, 
it's necessary for the option ldap ssl = start_tls in Samba . Also, I 
didn't find any ports of nss_ldap, but nss_ldap was mentioned by all 
samba+LDAP combination. What's wrong with that? nss_ladp didn't support 
FreeBSD? Without nss_ladp, can I still achieve my goal: Samba+ LDAP as PDC?

2. Individual configuration/setting for every package.

3. How to start every service?

Any response would be appreciated.

Long-Sheng   Jan. 22, 03

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC+LDAP on FreeBSD

[Ronan Waide]

On January 22, [EMAIL PROTECTED] said:
 1. What packages/ports do I need to install? Because most papers of LDAP 
 online I could find mentioned little about Openssl. However, as I know, 
 it's necessary for the option ldap ssl = start_tls in Samba . Also, I 
 didn't find any ports of nss_ldap, but nss_ldap was mentioned by all 
 samba+LDAP combination. What's wrong with that? nss_ladp didn't support 
 FreeBSD? Without nss_ladp, can I still achieve my goal: Samba+ LDAP as PDC?

FreeBSD doesn't support NSS, as I understand it. What the nss_*
modules do is act as lookup sources when the system needs to identify
a user, host, password, group, etc. So on a Linux system, for example,
you can instruct the system to first look in files (/etc/passwd, etc)
then try LDAP, and so on until a match is found or the sources are
exhausted.

In the case of Samba, this facility is not strictly necessary; Samba's
requirement for working NSS support is solely so it can look up a Unix
account or Group to match the SMB account or group information. You
can get around this by either creating Unix accounts for all your
Samba users, or using one of the non-unix account backends (ldap_nua,
in your case). Note, as far as I know the _nua backends are only
available in Samba 3.
 
 2. Individual configuration/setting for every package.

Tall order. Do you have a working LDAP setup already? You seem to have
a working Samba setup, so what you want is to migrate the information
in that into LDAP. I can't help you with that, since I've not done
it. I'd suggest browsing the mailing list archives.

 3. How to start every service?

Again, a tall order. I'm not a FreeBSD user, so I can't really help
you on this.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

buzzard says, If you are willing to put aside your kneejerk human speciesism,
the AIs are perfectly sympathetically 'no worse' than humans. matrix
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Subject: Re: [Samba] Samba 3.0 + AD + OpenLDAP

[Chris Nolan]

Hi all,

It's a bit off topic, but apparently JCal's calendar format is properly 
digested by Outlook clients. Could this be the solution to the problem?

Chris

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba-to-samba migration

[Chris Nolan]

Hi all,

I have a Samba box (Mandrake 8.1, Samba 2.2.2). I have another hard disc 
that has Mandrake 9.0 + Samba 2.2.7 on it. I am looking to install this 
other hard disc into the Mandrake 8.1 box and migrate everything over. 
Do I need to do anything other than copy the contents of /etc/samba 
(smb.conf, secrets.tdb etc) over to the new hard disc to ensure that our 
Windows 2000 Pro workstations are still members of the Samba-controlled 
domain?

Additionally, does anyone have any experience in setting up an entirely 
Samba-driven solution for fail-over? This place has two servers, and I 
was hoping to be able to setup Samba on both so that if the main one 
blows up/dies/gets stolen, everyone can still logon to the domain and 
see all their files (everyone saves all their stuff to the Samba box via 
drives mapped to their home directories and other places). All advice 
gratefully received. All amusing flames cheefully printed and stuck on 
the wall at the premises of subject.

Chris


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] No domainserver found

[Bendt V Rasmussen]

I am trying to configure Samba 2.2.7 as a PDC on a Mandrake 9.0 box,
mainly 
serving Win ME clients.
Every time I try to logon to my domain, I get something in the line 
of(Translated from danish): No domainserver found. Windows cannot blah
blah 
blah...
However, once logged in to Windows, I can access my home and shares, and
the 
server shows up in the Network neighbourhood.
Both the user and the client-box is registered as samba-users.

WHY CAN'T WINDOWS FIND THE DANM DOMAINSERVER??

My smb.conf goes:

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2003/01/22 11:51:20

# Global parameters
[global]
workgroup = ES-NET
netbios name = ES-SERVER
server string = Ejstrupholm skoles sambaserver
encrypt passwords = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = lpstat
logon home = \\ES-SERVER\%u
domain logons = Yes
os level = 34
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
default service = global
hosts allow = localhost, all
printing = cups

[homes]
comment = Home Directories
path = %H
valid users = %S
read only = No
create mask = 0600
directory mask = 0700
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p -o raw %s -r   # using client side 
printer 
drivers.
browseable = No

[print$]
path = /var/lib/samba/printers
write list = @adm root

[pdf-generator]
comment = PDF Generator (only valid users)
path = /var/tmp
printable = Yes
print command = /usr/share/samba/scripts/print-pdf %s ~%u 
%L%u %m 
%I 

[Fdrev]
comment = F-drev på ES-sambaserveren
path = /F-drev
read only = No
guest ok = Yes

[cdimages]
comment = All shared CD images
path = /mnt/iso
guest ok = Yes

[netlogon]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC+LDAP on FreeBSD

[Ronan Waide]

On January 22, [EMAIL PROTECTED] said:
 i made some minor changes to the migrationtools to work properly. (some
 atrribute types are spelled wrong)

What changes? Seems like it might be worthwhile telling the people on
this list, if not the people at padl, about the errors.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

If at first you DO succeed, try not to look surprised - someone @ mot.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with roaming profiles..

[Michele Santucci]

I'm using samba 2.2.7 used as pdc.
After long time I finally managed it two work mostly but I still have two
problems pending:
1) if i put on a desktop of a user profile (I'm using roaming profiles)
a link to a net resource I'm unable to open again this profile (the system
tell me it's unable to use the remote profile etc.)
2) the Administrator user (that's mapped on root I hope) act as if it's
been mappend on guest...


bye by(t)e[S]...TuX!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind withoutt PAM

[dj]

On Wed, 22 Jan 2003 [EMAIL PROTECTED] wrote:

 As I understood from Samba documentation winbind can run without PAM
 installed; PAM is needed only if I need interactive login in the Unix
 box of NT domain users. Am I correct?

Correct, but you do need NSS.

Kind regards,
Tim Verhoeven

-- 
===
Tim Verhoeven
Linux  Open Source Specialist
GSM : 0496 / 693 453  + e-business solutions
Email : [EMAIL PROTECTED]   + consulting
URL : www.sin.khk.be/~dj/ + Server consolidation
===

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] pwdMustChange Problem (PANIC: failed to set gid)

[Georg Glas]

Hi Folks .. 

Running samba-2.2.7 in Daemon Mode with LDAP; When the user tries to logon and 
he is forced to change password (via pwdMustChange==0) i get 1727: RPC Call 
failed on a Windows XP Machine (de); In the logs i can see that i get an 
smb_panic(1094) while the child tries to set gid to 65534 (nogroup); well wy 
does it try to force a chgid to 65534, when changing password ?  I guess the 
problem is somewhere around [2003/01/22 12:00:44, 3] 
smbd/sec_ctx.c:get_current_groups(172) where the result of get gid == -1 ? 
wich looks very strange to me .. 

is i ask nss what gid belongs to this user i get:
glas@intern:/var/log/samba$ id
uid=1087(glas) gid=100(users) groups=100(users),200(Domain Admins)
which is correct .. 

If the user profile is copied (roaming profiles) and the logon script is run, 
the user can changes its password using crtl-alt-del it works perfect .. 

if i try to change the password via smbpasswd -r logon-grz -U glas it works to 
.. the problem seems only to occure before the profile is written to the 
client .. 

even as Domain Admin or via Uid 0 (yust for testing purposes) it does not work 
.. ;-( .. 

-- SNIP --
2003/01/22 12:00:29, 3] rpc_server/srv_util.c:get_domain_user_groups(192)
  domain admin group access  512/7  granted
[2003/01/22 12:00:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(444)
  free_pipe_context: destroying talloc pool of size 4792
[2003/01/22 12:00:29, 3] smbd/pipes.c:reply_pipe_write_and_X(198)
  writeX-IPC pnum=70a1 nwritten=282
[2003/01/22 12:00:29, 3] smbd/process.c:process_smb(878)
  Transaction 4975 of length 63
[2003/01/22 12:00:29, 3] smbd/process.c:switch_message(685)
  switch message SMBreadX (pid 10502)
[2003/01/22 12:00:29, 3] smbd/pipes.c:reply_pipe_read_and_X(239)
  readX-IPC pnum=70a1 min=1024 max=1024 nread=588
[2003/01/22 12:00:43, 3] smbd/process.c:process_smb(878)
  Transaction 4976 of length 93
[2003/01/22 12:00:43, 3] smbd/process.c:switch_message(685)
  switch message SMBntcreateX (pid 10502)
[2003/01/22 12:00:43, 3] smbd/nttrans.c:nt_open_pipe(559)
  nt_open_pipe: Known pipe samr opening.
[2003/01/22 12:00:43, 3] smbd/process.c:process_smb(878)
  Transaction 4977 of length 198
[2003/01/22 12:00:43, 3] smbd/process.c:switch_message(685)
  switch message SMBwriteX (pid 10502)
[2003/01/22 12:00:43, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(751)
  api_pipe_bind_req: \PIPE\samr - \PIPE\lsass
[2003/01/22 12:00:43, 3] smbd/pipes.c:reply_pipe_write_and_X(198)
  writeX-IPC pnum=70a3 nwritten=130
[2003/01/22 12:00:43, 3] smbd/process.c:process_smb(878)
  Transaction 4978 of length 63
[2003/01/22 12:00:43, 3] smbd/process.c:switch_message(685)
  switch message SMBreadX (pid 10502)
[2003/01/22 12:00:43, 3] smbd/pipes.c:reply_pipe_read_and_X(239)
  readX-IPC pnum=70a3 min=1024 max=1024 nread=116
[2003/01/22 12:00:43, 3] smbd/process.c:process_smb(878)
  Transaction 4979 of length 169
[2003/01/22 12:00:43, 3] smbd/process.c:switch_message(685)
  switch message SMBwriteX (pid 10502)
[2003/01/22 12:00:43, 3] smbd/sec_ctx.c:push_sec_ctx(297)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2003/01/22 12:00:43, 3] smbd/uid.c:push_conn_ctx(286)
  push_conn_ctx(104) : conn_ctx_stack_ndx = 0
[2003/01/22 12:00:43, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/01/22 12:00:44, 3] smbd/sec_ctx.c:get_current_groups(172)
  get_current_groups: user is in 2 groups: -1, 202
[2003/01/22 12:00:44, 3] smbd/sec_ctx.c:pop_sec_ctx(436)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2003/01/22 12:00:44, 0] lib/util_sec.c:assert_gid(114)
  Failed to set gid privileges to (0,65534) now set to (0,-1) uid=(0,65534)
[2003/01/22 12:00:44, 0] lib/util.c:smb_panic(1094)
  PANIC: failed to set gid
-- SNIP --

mfg.
Georg Glas
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC+LDAP on FreeBSD

[[EMAIL PROTECTED]]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 22 Jan 2003, Ronan Waide wrote:

 On January 22, [EMAIL PROTECTED] said:
  i made some minor changes to the migrationtools to work properly. (some
  atrribute types are spelled wrong)

 What changes? Seems like it might be worthwhile telling the people on
 this list, if not the people at padl, about the errors.


if you set EXTENDED_SCHEMA=1 in migrate_common.ph
you will get some attribute conflicts and some missed attributes..

okay, here is a short diff of the affected file:

- --
- --- MigrationTools-44/migrate_passwd.pl Sat Jul  6 23:06:45 2002
+++ MigrationTools-44_mod/migrate_passwd.pl Tue Dec 17 17:47:12 2002
@@ -122,19 +122,20 @@
if ($DEFAULT_MAIL_HOST) {
print $HANDLE mailRoutingAddress:
$user\@$DEFAULT_MAIL_HOST\n;
print $HANDLE mailHost: $DEFAULT_MAIL_HOST\n;
- -   print $HANDLE objectClass: mailRecipient\n;
+#  print $HANDLE objectClass: mailRecipient\n;
}
print $HANDLE objectClass: person\n;
print $HANDLE objectClass: organizationalPerson\n;
print $HANDLE objectClass: inetOrgPerson\n;
}

- -   print $HANDLE objectClass: account\n;
+#  print $HANDLE objectClass: account\n;
+   print $HANDLE objectClass: inetLocalMailRecipient\n;
print $HANDLE objectClass: posixAccount\n;
print $HANDLE objectClass: top\n;

if ($DEFAULT_REALM) {
- -   print $HANDLE objectClass: kerberosSecurityObject\n;
+   print $HANDLE objectClass: krb5Principal\n;
}

if ($shadowUsers{$user} ne ) {
@@ -144,7 +145,7 @@
}

if ($DEFAULT_REALM) {
- -   print $HANDLE krbName: $user\@$DEFAULT_REALM\n;
+   print $HANDLE krb5PrincipalName:
$user\@$DEFAULT_REALM\n;
}

if ($shell) {
--

this works perfect for me, but i think it is only necessary if you want to
use EXTENDED_SCHEMA=1 (for integrating mail and kerberos information in
yous ldap-tree)

i will try to explain shortly whats wrong in the original.
hope i will remeber right..

1. you need 'objectClass: inetLocalMailRecipient' to use 'mailHost: ' and
'mailRoutingAddress: ' but this conflicts with 'objectClass: account' so
you must disable/comment out this line.

2. i searched the whole net for a schema file with 'objectClass:
kerberosSecurityObject' and 'krb5PrincipalName: ' in it, but i've found
exactly nothing!!
so decided to replace it with the krb5 stuff from krb5-kdc.schema.
you can see it in the diff above.

here is an example user-account out of my ldap-tree:
- --
dn: uid=tuser,ou=People,dc=xxx,dc=yy
cn: Test User
telephoneNumber: +22(22)222-2
roomNumber: Test User Room
givenName: Test
sn: User
mail: [EMAIL PROTECTED]
mailRoutingAddress: [EMAIL PROTECTED]
mailHost: smtp.xxx.yy
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: inetLocalMailRecipient
objectClass: posixAccount
objectClass: top
objectClass: krb5Principal
objectClass: sambaAccount
userPassword: {crypt}XxXxXxXxXx
krb5PrincipalName: [EMAIL PROTECTED]
loginShell: /bin/csh
uidNumber: 12345
gidNumber: 1234
homeDirectory: /home/tuser
gecos: Test User for LDAP
uid: tuser
pwdLastSet: 9
logonTime: 0
logoffTime: 9
kickoffTime: 9
pwdCanChange: 0
pwdMustChange: 9
rid: 12345
primaryGroupID: 1234
homeDrive: H:
smbHome: \\SAMBA_SERVER\tuser
profilePath: \\SAMBA_SERVER\profiles\tuser
scriptPath: logon.bat
description: Test User
displayName: Test User
lmPassword: 
ntPassword: 
acctFlags: [U  ]
--

hope that helps a litlle bit.

joerg

btw. i used the Migrationtools version 44. i don't know if there is a
later version wich is already corrected.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+LpxgSPOsGF+KA+MRAoO1AJ40g3Y1O4gCtM7jjiwlmpPK/+i1swCdEoHW
eoGC9vsvxiSHUX2maRv/8hY=
=d+jm
-END PGP SIGNATURE-


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba-to-samba migration

[Marian Mlcoch, Ing]

Try read help on samba swat home page on your 2.2.7 swat www or howto htmls.
***How To Configure Samba as a Backup Domain Controller for a Samba PDC***
But this is only for login good choice, for storing files is problem with
change home directories to another server when PDC dies...

For first Q about migration i must say that is not simply. Best setup is
teoretical downgrade samba on new 9.0 to eq version 2.2.2 then copy all
config and db files and then upgrade to 2.2.7a.
You can try without this but not copy tdb files only overwrite smb.conf and
smbpasswd plus recreate acounts from passwd 8.1. Plus transfer SIDs of
machine and domain as is write in uplisted howto.

Thats all folks.

- Original Message -
From: Chris Nolan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 22, 2003 12:40 PM
Subject: [Samba] Samba-to-samba migration


 Hi all,

 I have a Samba box (Mandrake 8.1, Samba 2.2.2). I have another hard disc
 that has Mandrake 9.0 + Samba 2.2.7 on it. I am looking to install this
 other hard disc into the Mandrake 8.1 box and migrate everything over.
 Do I need to do anything other than copy the contents of /etc/samba
 (smb.conf, secrets.tdb etc) over to the new hard disc to ensure that our
 Windows 2000 Pro workstations are still members of the Samba-controlled
 domain?

 Additionally, does anyone have any experience in setting up an entirely
 Samba-driven solution for fail-over? This place has two servers, and I
 was hoping to be able to setup Samba on both so that if the main one
 blows up/dies/gets stolen, everyone can still logon to the domain and
 see all their files (everyone saves all their stuff to the Samba box via
 drives mapped to their home directories and other places). All advice
 gratefully received. All amusing flames cheefully printed and stuck on
 the wall at the premises of subject.

 Chris


 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] problem starting samba 3.0

[D J]

I installed samba3.0 with kerberos .
How do I start samba3.0 . I am not finding usual
smbd anywhere.

Please help.

-DJ





_
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
http://join.msn.com/?page=features/virus

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Known problems with profiles in home directories?

[Bradley W. Langhorst]

On Wed, 2003-01-22 at 06:35, Chris Nolan wrote:
 Hi all,
 
 I was doing some reading of the digests I get sent and noticed someone 
 asked the question (by way of trying to get more info about a problem 
 someone else was having), Are profiles stored in home directories?
 
 I have this type of setup in place at a client's premises and we do have 
 problems with people logging on - profiles do not download without error 
 messages on the first login but subsequent logins throught the day are 
 problem-free.
profiles must be kept in their own share... see the howto collection

brad

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] WARNING : no network interfaces found.

[Paul Yeager]

Joel:

192.168.1.225 is a broadcast address?



Joel Hammer wrote:


You are using the ip that is used for broadcasts as the ip number of
your server. That doesn't sound good.

Joel
On Tue, Jan 21, 2003 at 05:19:57PM +0530, akshaysalkar wrote:
 

i get the following error 

WARNING : no network interfaces found.

when i run smbclient or nmblookup etc.

the following is the settings in my computer.

workgroup = TRIDENTMUMBAI
security = domain
password server = 10.160.128.152
netbios name = smbsys
interfaces = 192.168.1.225
encrypt passwords = yes
   


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] brian.casey@mscsoftware.com - Out of office

[Paul Yeager]

I sure *hope* so!

Perhaps if folks who inflicted such things on the list were just 
suspended until they requested reinstatement, folks might get a hint!

Is there anything in the mail header that might identify automatic 
replies as such, and could be used to filter them?

Not that I'm perfect. my posts occasionally get bounced for being in 
HTML format.

Paul

Kristyan Osborne wrote:

Is it possible to suspend this user from getting mail for a week otherwise we are going to get loads of out of office reports???

Cheers


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 13:34
To: [EMAIL PROTECTED]
Subject: [Samba] I am out of the office.


I will be out of the office starting  01/21/2003 and will not return until
01/28/2003.

I will respond to your message when I return.  If you have questions
regarding product licensing, please contact Natalie Rezek, at 323-259-4910;
for any other issues requiring immediate attention, please contact Kevin
Kilroy at 714-445-5623.



 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] No domainserver found

[Bradley W. Langhorst]

are the clients all pointing at the samba server for wins?

 wins support = Yes

brad

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with roaming profiles..

[Bradley W. Langhorst]

On Wed, 2003-01-22 at 08:13, Michele Santucci wrote:
 I'm using samba 2.2.7 used as pdc.
 After long time I finally managed it two work mostly but I still have two
 problems pending:
 1) if i put on a desktop of a user profile (I'm using roaming profiles)
 a link to a net resource I'm unable to open again this profile (the system
 tell me it's unable to use the remote profile etc.)
does the user own the link?
they should
 2) the Administrator user (that's mapped on root I hope) act as if it's
 been mappend on guest...
how did you map it to root?
with /etc/smbusers?

brad

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] WARNING : no network interfaces found.

[Ken Schneider]

On Wed, 2003-01-22 at 08:46, Paul Yeager wrote:
 Joel:
 
 192.168.1.225 is a broadcast address?

This is NOT a broadcast address:

192.168.1.255 is the broadcast address.

 
 
 
 Joel Hammer wrote:
 
 You are using the ip that is used for broadcasts as the ip number of
 your server. That doesn't sound good.
 
 Joel
 On Tue, Jan 21, 2003 at 05:19:57PM +0530, akshaysalkar wrote:
   
 
 i get the following error 
 
 WARNING : no network interfaces found.
 
 when i run smbclient or nmblookup etc.
 
 the following is the settings in my computer.
 
 workgroup = TRIDENTMUMBAI
 security = domain
 password server = 10.160.128.152
 netbios name = smbsys
 interfaces = 192.168.1.225
 encrypt passwords = yes
 
 
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
Ken Schneider
Senior UNIX Administrator
Network Administrator
21st Century Oncology, Inc.
239-931-7350 (help desk)
239-931-7383 (fax)
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ghost jobs through samba

[Enriko Groen]

On Jan 22, Vladimir Karavelov wrote:

VK Hi,
VK There was a virus doing somethings like this 
VK Are you shure that your network is clean...

If you have a virus name that would be nice, although I not 100% sure I
think I am clean.

I don't think this is the problem, these problems started at the moment
that I started sharing the printer.


--
[ [EMAIL PROTECTED] ] - [ http://www.xhuman.net ]

I wish there was a knob on the TV to turn up the intelligence.
 There's one called brightness, but it doesn't work.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 2.2.3a and w2k connection problems

[Ale Golob]

Hi

I have a Debian Linux server with samba 2.2.3a
When I try to connect to it from a Windows 2000
machine I get an error message saying:

System error 1240 has occurred.

The account is not authorized to log in from this station.

The samba server is configured with encrypt passwords = yes
The server uses domain authentication and the whole setup worked fine
until I reinstalled the server and copied the config files
into the fresh install.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mounting a Windows share in AIX

[Jim McDonough]

On Tue, 2003-01-21 at 17:45, Miller, Jason A. wrote:
 What I would like to do is mount a windows share in AIX.  I need to see this as a 
standard file system from AIX.  Any idea how I can achieve this?
  
 Jason
I'm not aware of an SMB filesystem for AIX.  You should contact the AIX FastConnect 
folks to see if they support it.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] brian.casey@mscsoftware.com - Out of office

[Greg]

Well, first off, lets put the old kibosh on HTML mail.

The equivalent is hitting Organize  then making a rule to put any email
with brain's email address into the Delete folder.

So.  I guess it is the delete folder, though you have to set it up to really
delete and not just hang around.

dunno about DOS - I just need it to play some old games.

Greg Canter

btw, any relation to Chuck Yeager, pilot extraordinaire ?


-Original Message-
From: Paul Yeager [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 22, 2003 10:03 AM
To: Greg
Cc: Kristyan Osborne; Samba (E-mail)
Subject: Re: [Samba] [EMAIL PROTECTED] - Out of office


What IS the M$ equivalent of /dev/null??  In the DOS world, I thnk there
used to be a device called NUL or NULL.

What is it now?  Their support phone?  ;^)

Greg wrote:

Why don't we ALL call Natalie Rezek AND Kevin Kilroy !

in lieu of that I am now confining all emails from brain, errr ... I mean
brian to the M$ equivalent of /dev/null

Greg Canter


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Kristyan Osborne
Sent: Wednesday, January 22, 2003 8:39 AM
To: Samba (E-mail)
Subject: [Samba] [EMAIL PROTECTED] - Out of office


Is it possible to suspend this user from getting mail for a week
otherwise we are going to get loads of out of office reports???

Cheers


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 13:34
To: [EMAIL PROTECTED]
Subject: [Samba] I am out of the office.


I will be out of the office starting  01/21/2003 and will not return until
01/28/2003.

I will respond to your message when I return.  If you have questions
regarding product licensing, please contact Natalie Rezek, at
323-259-4910;
for any other issues requiring immediate attention, please contact Kevin
Kilroy at 714-445-5623.



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


-
Kristyan Osborne IT Technician
Longhill High School
01273 391672

--
Computers are like airconditioners: They stop working properly if
you open windows.
Win95:   A 32-bit patch for a 16-bit GUI shell running on top of an
 8-bit operating system written for a 4-bit processor by a
 2-bit company who cannot stand 1 bit of competition.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] O Samba Bin Baden--samba is losing it's mind or maybe it's just m e

[Airhart, Derrick]

I have run samba 2.0.4 for several years on sun ultra2 with 2.6 os...I am
using security=domain and join an upstream pdc for password
authentication...all has been well until recentlymost remote users in a
different account domain that previously had no access problems are getting
weird screen reflections such as no pcnfs service available, the local
device name is already in use, or the user/password window which means no
accesschecking the log files i see a denial by the upstream server for
their nt account namesthe nt admin guru's swear nothing has
changed.also i'm getting a looping error for the udp, but i don't think
this is a big deal...any suggestions besides prozac with a whiskey chaser?

Derrick Airhart
719.567.3217

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Two MS Access questions (compact database Access XP)

[Sam Hart]

We're in the process of replacing an ailing NT box with a Linux one 
running Samba (Red Hat 7.3 w/ kernel 2.4.18-18.7.xsmp [from Red Hat] and 
samba version 2.2.7, with a variety of Win2k boxes connecting to it) and I 
have a couple of quick MS Access questions (in the hopes someone out there 
has had any experience with these things):

1) We have one rather large (700MB+) Access database on the Samba server 
which is only in use by one user (no filelocking issues). This user 
regularily uses the 'Compact Database' option from within MS Access on the 
client computer (Tools-Database Utilities-Compact Database). Since we 
have switched to Samba, everytime the user chooses this option, it crashes 
her machine (completely, as in the system suddenly reboots). I have been 
able to duplicate this on my test machine as well. Has anyone else ever 
seen this before? If so, anyone know how to fix it?

2) One of our offices (which has a rather extensive Access database used 
by multiple people at the same time) will be needing to upgrade to Office 
XP in Feb. or Mar. Does anyone know off-hand of any troubles running Samba 
with Office XP (specifically Access XP) from Win2k boxes?

BTW, for those interested, here is appropriate sections from smb.conf for 
the share in the first question:

[acsup]
path = /export/acsup
read only = No
browseable = No
oplocks = No
level2oplocks = No
writable = yes
browsable = yes
only user = no

and everything else seems to work fine.

-- 
Sam Hart
University/Work addr. [EMAIL PROTECTED]
Personal addr. [EMAIL PROTECTED]
end


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Printer Drivers

[Kenny Mann]

Is it possible to have samba share the drivers for Win9X/2K/XP on a
printer share?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: xp doesnt log out

[Jon Niehof]

'%u' is samba specific. Although you would probably be able to use 
'\\server\%username%' (This would use the windows username).
That is, \\server\%%username%
or, in a batch file, \\server\%%%username%
Tricky buggers, those %'s :)

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba 3.0 + AD + OpenLDAP

[Bradley W. Langhorst]

On Wed, 2003-01-22 at 10:42, William Enestvedt wrote:
 Bradley W. Langhorst wrote:
  
  bottom line on the AD front..
  samba3 can participate as a member server of an AD domain but
  cannot be the domain controller.
  
  You'd have to move all your users to the AD domain controller and join
  the samba3 server to the domain or use winbind.
  
Forgive me for being dense, but shouldn't I be able to configure a Samba 3.x 
server (on Solaris 8) to authenticate against an Active Directory server -- if all 
the users already exists in AD -- _without_ creating them on the Sun box, and without 
adding the posix user field to the AD record?
Sorry if this is in the docs -- I'm still a little at sea.
yes you can do that (i think) - using winbind


brad
-- 
Bradley W. Langhorst [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba 3.0 + AD + OpenLDAP

[Barry, Christopher]

look at www.samsungcontact.com for a great Exchange replacement.

--
Christopher Barry
Manager of Information Systems
InfiniCon Systems
http://www.infiniconsys.com
office:610.233.ISIS (4747)
direct:610.233.4870
cell:267.879.8321


-Original Message-
From: Bradley W. Langhorst [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 22, 2003 12:03 AM
To: Ron McKown
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Samba 3.0 + AD + OpenLDAP


On Tue, 2003-01-21 at 23:46, Ron McKown wrote:
   I would like to install Exchange2000 on a windows2000 machine so our
   windows users can do calendaring (sendmail already handles all of our
   email needs).  
  I don't know how exchange works but i'm pretty sure you can join the w2k
  machine to the samba controlled domain in NT4 mode.  I would guess that
  exchange will use that userdb ...
 
 i'm not entirely sure about this.  windows products seem fairly set on
 doing one particular thing and not deviating much from it...
i've never used exchange before so I can't be of much help to you...

bottom line on the AD front..
samba3 can participate as a member server of an AD domain but
cannot be the domain controller.

You'd have to move all your users to the AD domain controller and join
the samba3 server to the domain or use winbind.

If you can avoid using AD do so - it'll just suck you further into the
microsoft stuff (which i assume you are trying to avoid with samba)
Hopefully you can run exchange on a non AD domain... (in which case you
can stick to released versions of samba)

brad

-- 
Bradley W. Langhorst [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] User account unable to be updated

[Robert Adkins]

Hello All,

I have recently needed to add two new mounted network drives to a client   
workstation running Windows 2000 Professional. This machine is joined to   
the Samba 2.2.5-10 running PDC and has access to all of the network   
shares, with proper permissions that it was configured with when the PDC   
was brought online roughly one and a half months ago.

The user now requires permanent access to two additional network shares   
and those have been added to the user account logon .bat file, the   
account has been added to the groups that have access to those shares and   
it has been confirmed that the shares is configured to allow all members   
of those groups access the share.

Now, when the user logs onto the workstation, those new shares pause the   
logon .bat window and ask for a password. When the user account password   
is entered, the bat file continues and ends, without mounting up the new   
shares.

So, I went into the My Network Places icon and attempted to manually   
mount those shares. This popped up a Username/Password window and it   
refused to mount up the share when the user account and password was   
entered. I also used the username/password combination of all the users   
that have access to those shares and not a single username/password   
combination functioned. (Although with using other username/passwords an   
error message about the credentials being used elsewhere popped up on the   
screen.)

I have read some remarks on this list regarding machine passwords and   
how those are typically automatically updated by Windows 2000 machines   
across a Windows Domain. Could that be causing the problems that I am   
experiencing with this user account?

If so, how does one go about fixing this issue?

Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] brian.casey@mscsoftware.com

[Robert Adkins]

Everyone could setup an auto-responder to send replies to his E-mail   
address that contains instructions on how to properly setup his mail   
filters to skip the auto reply to this and any other mailing lists he is   
associated with.

Perhaps when his company sees the incredible slow-down on their mail   
server and investigates the issue. They could unplug his machine from   
their network, freeing us all of the scourge his auto responder is   
providing us.

Of course, he might also feel quite mortified to find out that his inbox   
is filled with some 100,000 E-mails that have directions to keep him from   
being viewed as a techno-illiterate in the future. (Can you imagine how   
long it would take to delete those E-mails using Outlook?)

Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


 -Original Message-
From: Paul Yeager [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 22, 2003 9:21 AM
To: [EMAIL PROTECTED]; Kristyan Osborne; Robert Adkins
Cc: Samba (E-mail)
Subject: Re: [Samba] [EMAIL PROTECTED] - Out of office

   

I sure *hope* so!

Perhaps if folks who inflicted such things on the list were just
suspended until they requested reinstatement, folks might get a hint!

Is there anything in the mail header that might identify automatic
replies as such, and could be used to filter them?

Not that I'm perfect. my posts occasionally get bounced for being in
HTML format.

Paul

Kristyan Osborne wrote:

Is it possible to suspend this user from getting mail for a week   
otherwise we are going to get loads of out of office reports???

Cheers


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 13:34
To: [EMAIL PROTECTED]
Subject: [Samba] I am out of the office.


I will be out of the office starting  01/21/2003 and will not return   
until
01/28/2003.

I will respond to your message when I return.  If you have questions
regarding product licensing, please contact Natalie Rezek, at   
323-259-4910;
for any other issues requiring immediate attention, please contact Kevin
Kilroy at 714-445-5623.






 --
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Can't add Machine account ( LDAP ) ... (solved)

[Buchan Milne]

 Message: 1
 Date: Tue, 21 Jan 2003 19:08:07 +0200
 From: C.Lee Taylor [EMAIL PROTECTED]
 Organization: LeeNX
 To: [EMAIL PROTECTED]
 Subject: [Samba] Re: Can't add Machine account ( LDAP ) ...
 
  Just got bitten in the ass by not been able to join the domain with 
 2.2.7a
 
  Correct me if I am wrong, Jerry did give me a quick explaination.  It
 has to do with usernames and what allowable characters  in it for security.
 

It was basically dismissing the weird entry as a security mechanism in
the logging/DEBUG code, it shouln't have affected the script.

  Now, I need to fix this, does anybody have a patch/fix or tell me where
 to look in the source to try and fix this.
  Finally was able to find the freaking message ... but I think that 
 this might be something else ...
 

OK, I am looking at this now ...

Hmmm, after a bit of debugging work, I found that I could not join as a
domain admin, but could join as root, and that was due to wrong perms on
the smbldap-tools, essentially a non-root domain admin did not have
permission to run the 'add user script' (due to a new setup where we
hadn't fixed the perms).

It seems to work now ...

 
  I really need domain joining, or at least a work around for it ... 
 Please help me!!!


If you have the smbldap tools setup, then you should be able to
pre-create machine accounts. On Mandrake, we have them in
/usr/share/samba/scripts, so I would run something like this:

# /usr/share/samba/scripts/smbldap-useradd.pl -w -c Samba Machine
Account' -s /bin/false -d /dev/null -g machines machine$

(the equivalent of the script you would have as a 'add user script' in
smb.conf, just replacing the macros).

Then you should be able to join with any domain admin account.

Now, if the user you are going to join as can run the script (requires
rx perms on the scripts:
[root@hercules bgmilne]# ll /usr/share/samba/scripts/
total 112
-rwx--1 root domadm   1720 Jan 14 02:29 export_smbpasswd.pl*
-rwx--1 root domadm   3498 Jan 14 02:29 import_smbpasswd.pl*
-rwxr-xr-x1 root domadm   1703 Jan 14 02:29 print-pdf*
lrwxrwxrwx1 root domadm 26 Jan 17 16:24 smbldap_conf.pm
- /etc/samba/smbldap_conf.pm
-rwxr-x---1 root domadm   2389 Jan 14 02:29 smbldap-groupadd.pl*
-rwxr-x---1 root domadm   2369 Jan 14 02:29 smbldap-groupdel.pl*
-rwxr-x---1 root domadm   5362 Jan 14 02:29 smbldap-groupmod.pl*
-rwxr-x---1 root domadm   1821 Jan 14 02:29
smbldap-groupshow.pl*
-rwxr-x---1 root domadm   6923 Jan 14 02:29
smbldap-migrate-accounts.pl*
-rwxr-x---1 root domadm   4874 Jan 14 02:29
smbldap-migrate-groups.pl*
-rwxr-x---1 root domadm   4994 Jan 14 02:29 smbldap-passwd.pl*
-rwxr-x---1 root domadm   7147 Jan 14 02:29 smbldap-populate.pl*
-rw-r--r--1 root domadm  11685 Jan 14 02:29 smbldap_tools.pm
-rwxr-x---1 root domadm  13439 Jan 14 02:29 smbldap-useradd.pl*
-rwxr-x---1 root domadm   2913 Jan 14 02:29 smbldap-userdel.pl*
-rwxr-x---1 root domadm  10697 Jan 14 02:29 smbldap-usermod.pl*
-rwxr-x---1 root domadm   1762 Jan 14 02:29 smbldap-usershow.pl*


And something like this on the config file:
[root@hercules bgmilne]# ll /etc/samba/smbldap_conf.pm
-rw-r-1 root domadm   6947 Jan 17 22:02
/etc/samba/smbldap_conf.pm


Then any member of domadm (assuming @domadm is in the 'domain admin
users' list in smb.conf) you should be able to join a machine.

OK, this means I just need to verify some issues (like testing password
changes on referrals, which I may be able to do tomorrow or Friday) and
we will have new samba packages for Mandrake ... hopefully by the
weekend at the latest.

If anyone has a setup to test large file support (smbtar, smbclient,
files  4GB) on Mandrake 8.0, 8.2 or 9.0, please contact me and I will
get you a set of RPMs that have the two fixes applied.

FYI:
[root@hercules bgmilne]# rpm -q samba-server-ldap
samba-server-ldap-2.2.7a-3mdk

Sorry for the false alarm Jerry ...

Buchan

-- 
|--Another happy Mandrake Club member--|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] PDC and BDC

[Sascha Bieler]

Hi @ all,

can someone tell me please if I have to synchronise the samba-password-file 
when I have a PDC and a BDC running?

Situation:

All machines have trustee accounts on the pdc and like to log on the bdc. Does 
the bdc know about the users from pdc when I set up the 'password 
server'-parameter?

Thanks for help

Sascha

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbfs + large UID's

[Marco Walther]

[ I'm not on this list, so please include me on the replies! ]

Hi,

I've discovered (at least for me and some colleagues;-) the following
problem on Linux@x86 (2.4.*):

When we try to mount FS's via smbfs with the option uid=my_uid this
uid can only be 16bits wide:-(  But we have uid's larger than 65536
which than end up beeing interpreted as %2^16 -- not allowing user-level
access to the files.

Is there any work in progress to fix that problem? I'm running Linux
2.4.20 and SuSE 8.1 installed samba 2.2.5 but I've also played with
samba-2.2-cvs as of today.

Thanks,
-- Marco

-- 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] User account unable to be up

[Robert Adkins]

SORRY!

I solved the issue. It was nothing major.

Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


 -Original Message-
From: Robert Adkins
Sent: Wednesday, January 22, 2003 10:36 AM
To: [EMAIL PROTECTED]; Robert Adkins
Subject: [Samba] User account unable to be updated

   

Hello All,

I have recently needed to add two new mounted network drives to a client   


workstation running Windows 2000 Professional. This machine is joined to   


the Samba 2.2.5-10 running PDC and has access to all of the network
shares, with proper permissions that it was configured with when the PDC   


was brought online roughly one and a half months ago.

The user now requires permanent access to two additional network shares   


and those have been added to the user account logon .bat file, the
account has been added to the groups that have access to those shares and   


it has been confirmed that the shares is configured to allow all members   


of those groups access the share.

Now, when the user logs onto the workstation, those new shares pause the   


logon .bat window and ask for a password. When the user account password   


is entered, the bat file continues and ends, without mounting up the new   


shares.

So, I went into the My Network Places icon and attempted to manually
mount those shares. This popped up a Username/Password window and it
refused to mount up the share when the user account and password was
entered. I also used the username/password combination of all the users   


that have access to those shares and not a single username/password
combination functioned. (Although with using other username/passwords an   


error message about the credentials being used elsewhere popped up on the   


screen.)

I have read some remarks on this list regarding machine passwords and
how those are typically automatically updated by Windows 2000 machines
across a Windows Domain. Could that be causing the problems that I am
experiencing with this user account?

If so, how does one go about fixing this issue?

Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


 --
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: xp doesnt log out

[Jonathan Dean]

The postexec tag allows code to be executed on the samba server not on
the workstation.
The best idea would be to use a logoff script on the windows machine, but
I think with xp this requires the use of group policies.
You could always include the 'net use' command as the first command in a
logon script.
smb.conf allows you to specify a logon script. See,
http://samba.mirror.ac.uk/samba/docs/man/smb.conf.5.html#LOGONSCRIPT
Hope that helps,
Jon.
At 17:19 22/01/2003 +0100, Sebastian Schinzel wrote:
 Just another thought - You
could try running 'net use * /d' before log off.
Is it possible to do this with samba on the server and e.g. the postexec
tag?
Thanks for your answers Jon! 
-- 
Sebastian Schinzel

-- 
Jonathan Dean
[EMAIL PROTECTED]www.jondean.com
Dept. Computer Science, University of Exeter, UK.
[EMAIL PROTECTED]www.dcs.ex.ac.uk
Network Manager, Dean UK Networks.
[EMAIL PROTECTED]www.deanuk.net

RE: [Samba] libpopt.so.0 Issue - RESOLUTION

[Kevin Lange]

Thanks to help from Christopher Barry, I found the solution.

It turns out that this missing library, and many others, can be found on the
Solaris Freeware Site (http://www.sunfreeware.com/) .  I installed the POPT
package and all works well. 


Thanks

-Original Message-
From: Kevin Lange [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 20, 2003 12:13 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Samba] libpopt.so.0 Issue


Evening;
  Does anyone happen to have any info on this issue ??  Still unable to find
the libpopt.so.0 file anyplace.  It did not seem to be required in the older
versions of Samba.

Kevin

-Original Message-
From: Kevin Lange [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 11:34 AM
To: '[EMAIL PROTECTED]'
Subject: [Samba] libpopt.so.0 Issue


Evening;
  Just installed Samba on my solaris 9 server at home and am having
difficulties.  

  When I try to check out the option file using testparm, it always brings
back the message :

ld.so.1: ./testparm: fatal: libpopt.so.0: open failed: 


I can't find the library libpopt.so.0 anywhere on the system.

Apparently , I forgot to load something.

Can anyone help me in finding where I can obtain this library for Sun
Solaris 9 ??

Thanks

Kevin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Printing to Windows XP

[Matt Wallace]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I have an Epson Stylus Photo 785 connected to a workstation running Windows XP 
Professional.  I would like to print to this printer using CUPS on a Debian 
(sid) box.  I have Samba-2.99 alpha3.0 installed.  On the Windows XP box, I 
have the Guest account enabled and the printer is shared.  My other Windows 
box can print just fine to it.  When I add the printer using the CUPS 
webadmin system, it says that SAMBA cannot connect to the print server.  
Furthur investigation using smbspool from the command line yields the 
following message:

The command I issued was:
server:~# smbspool smb://Wallace/dave-winxp/dave_inkjet a b c d e test

 (The manpage for smbspool indicated the options were not used, thus the a b c 
d e. test is a text file.  Wallace is the workgroup of the computer, 
dave-winxp is the computer name):

The response was:
failed tcon_X with NT_STATUS_OK
ERROR:  Connection failed with error NT_STATUS_ACCESS_DENIED
ERROR: Unable to connect to SAMBA host, will retry in 60 seconds...: Success

I'm not if there is another way I should be testing this, but any suggestions 
would be greatly appreciated.  Please CC me directly, I am not subscribed to 
this list.

Thanks,

Matt Wallace

- -- 
This message is cryptographically signed using the GNU Privacy Guard.  The 
authenticity of this message can be verified using either the GNU Privacy 
Guard or any PGP implementation.  To do this you will need my public key, 
available at:  http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xA89181C9

If you recieve mail from me that is not signed in this manner, please be 
suspect of its authenticity.  For more information on cryptographic message 
signing, see:  http://www.gnupg.org/(en)/documentation/faqs.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE+LveGVn6yj6iRgckRApJCAJ4udo6prcKo1wgbOf4qna4sL3n99ACgh7ev
4vChjN3zezFU7ZoVG8anM/E=
=LzXb
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbfs + large UID's

[Ronan Waide]

On January 22, [EMAIL PROTECTED] said:
 Is there any work in progress to fix that problem? I'm running Linux
 2.4.20 and SuSE 8.1 installed samba 2.2.5 but I've also played with
 samba-2.2-cvs as of today.

http://www.hojdpunkten.ac.se/054/samba/

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

The interior decorating site is something to behold. Preferably with
 welders glasses. - AjD
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] No domainserver found

[Bendt V Rasmussen]

Currently, I am just trying to set up one client, and this client points
to the samba server as wins-server.
As far as I have understood, the samba server must be a wins server, if no
other wins-servers are avaliable.
Does it corrupt the system if other clients point elsewhere?
No other computers on my network are designated wins-servers, but - since
the network is in a school - the network is a part of a larger, public(as
in owned and driven by the local township) network, I am not shure what
the hell is out there??

Bendt Rasmussen

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Data Conversion

[Mike_Sullivan]

If I copy a file locally from a samba mount and download the same file via
FTP the file sizes are different.  The FTP file is correct where as the
copied file is an incorrect format.  Although I can't see a physical
difference, after writing to tape you can see that each record is shifted a
space.  Is there any setting to control the data conversion across a samba
mount?

Mike

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0 + AD + OpenLDAP

[Gareth Davies]

- Original Message -
From: Barry, Christopher [EMAIL PROTECTED]
To: Bradley W. Langhorst [EMAIL PROTECTED]; Ron McKown
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, January 22, 2003 4:21 PM
Subject: RE: [Samba] Samba 3.0 + AD + OpenLDAP


 look at www.samsungcontact.com for a great Exchange replacement.

 --
 Christopher Barry
 Manager of Information Systems
 InfiniCon Systems
 http://www.infiniconsys.com
 office:610.233.ISIS (4747)
 direct:610.233.4870
 cell:267.879.8321

Do you sell it by any chance?

I tried it out and thought it was crap :)

I found Gordano much better and even Byrani.

Other options are also Kroupware, RH-EMS and a few others.

This is off topic though and has been discussed before on this list.

Regards

Shaolin



*
This email has been checked by the altohiway e-Sweeper Service
*

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Data Conversion

[Rashkae]

Samba doesn't do data conversion of any kind.. Ftp, however,might be
converting from Unix text format to Dos text format if it's in text mode
instead of binary mode.  Is this a text file created in Unix that you are
trying to open in a Windows program?  Or a file you uploaded to the Unix
server via ftp and thereby converting it?


Jan 22  3:26pm


They hang the man and flog the woman
That steal the goose from off the common,
But let the greater villain loose
That steals the common from the goose.
  --English folk poem, circa 1764








On Wed, 22 Jan 2003 [EMAIL PROTECTED] wrote:

If I copy a file locally from a samba mount and download the same file via
FTP the file sizes are different.  The FTP file is correct where as the
copied file is an incorrect format.  Although I can't see a physical
difference, after writing to tape you can see that each record is shifted a
space.  Is there any setting to control the data conversion across a samba
mount?

Mike

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Initial Samba setup

[Steve]

My WinXP pro box is seeing the Samba server but I get the following
error when try to access the server.

\\Linux is not accessible.  Might not have permission to use this
network resource.  Contact the administrator to find out if you have
access permission.s

The network path was not found.

I have done a testparm on the smb.conf and all is OK.  I do have a unix,
samba and a windows user/password that are identical.  I can do a
smbclient on the xp box and see the shares at that end.

I currently have the following shares setup on Linux box.

Share Name  PathSecurity

homes   All Home DirectoriesRead/write to all known users
printersAll PrintersPrintable to everyone
public  /home/samba/public  Read/write to everyone
Steve   /home/steve Read/write to all known users

Being new to Linux let alone Samba I hope I've over looked something
really simple!

Help me please!

Steve

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba installation on a HP-UX box.

[twilson]

Hello All, 
Ihave an HP9000K420 box running HP-UX v10.20 and 
need to use Samba.
I did a swinstall on 
a pre-compiled version (2.2.5 - no 
winbind)and it installed (using the default settings/paths) with no 
errors. However, when I start it up (/sbin/inet.d/samba start) I get an 
errorthat says a library file is missing. The file is '/usr/lib/libc.2'. 
Would you know why it's not there or where I could go to download the 
library.
Thanks for your 
time,

Tim Wilson
Systems Engineer
STL Chicago
(708) 534-5200 

Re: [Samba] I am out of the office.

[Adam Smith]

This is getting a bit tiresome.  Can someone unsubscribe him or something?

By [EMAIL PROTECTED], on Tue, Jan 21, 2003 at 09:15:58PM -0800:

 I will be out of the office starting  01/21/2003 and will not return until
 01/28/2003.
 
 I will respond to your message when I return.  If you have questions
 regarding product licensing, please contact Natalie Rezek, at 323-259-4910;
 for any other issues requiring immediate attention, please contact Kevin
 Kilroy at 714-445-5623.


Adam
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] RE: samba digest, Vol 1 #2098 - 22 msgs

[CHENEY,JOHN (HP-Australia,ex3)]

Tim

Looks like you got a binary compiled for HP-UX 11.x, as that version of
HP-UX introduced libc.2.  It doesn't exist in HP-UX 10.20.  I checked the
samba.org site and don't see any 2.2.X versions pre-compiled for 10.20, so
my recommendation would be to download the source of 2.2.X and compile your
own for 10.20.

I checked to see if we had any old archive copies of Samba 2.0.X for 
HP-UX 10.20 and could not find any.  Sorry.

Regards
John.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] RE: samba digest, Vol 1 #2098 - 22 msgs

[Kerns, Mike]

If you go to 

http://hpux.cs.utah.edu/hppd/hpux/Networking/Misc/samba-2.2.3a/

you can at least get the precompiled version of 2.2.3a for 10.20 if that will work for 
you.  Otherwise roll your own.

Thanks,

Mike

-Original Message-
From: CHENEY,JOHN (HP-Australia,ex3) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 22, 2003 2:44 PM
To: '[EMAIL PROTECTED]'
Cc: '[EMAIL PROTECTED]'
Subject: [Samba] RE: samba digest, Vol 1 #2098 - 22 msgs


Tim

Looks like you got a binary compiled for HP-UX 11.x, as that version of
HP-UX introduced libc.2.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] password server is not connected

[David Bear]

I have installed samba 2.2.7a on FreeBSD from the ports collection.  I
have used an existing samba config file which worked with samba 2.0.x.

I am using security = server

Yesterday, a user attempting to use a print share started getting
rejected with the message:

[2003/01/22 13:52:21, 1] smbd/password.c:server_validate(1101)
  password server  is not connected
[2003/01/22 13:52:21, 1] smbd/password.c:pass_check_smb(545)
Couldn't find user 'joeuser' in passdb.
[2003/01/22 13:52:21, 1] smbd/password.c:pass_check_smb(545)
Couldn't find user 'joeuser' in passdb.
[2003/01/22 13:52:21, 1]
   smbd/reply.c:reply_sesssetup_and_X(1001) 
   Rejecting user 'joeuser': authentication failed
[2003/01/22 13:52:21, 1] smbd/password.c:server_validate(1101)
password server  is not connected
  
The very strange thing is yesterday, I stopped and restarted samba
thinking it may have some wierd/old instance running.  That fixed it.
However, today, the problem is back.  Any attempt to print to the
share fails.

The password server is UP and running because other samba server
authenticate users to it... These are samba 2.0.x servers.  The
password server is a win2k box.

-- 
David Bear
College of Public Programs/ASU
Mail Code 0803
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PDC and BDC

[Bradley W. Langhorst]

On Wed, 2003-01-22 at 14:33, Sascha Bieler wrote:
 Hi @ all,
 
 can someone tell me please if I have to synchronise the samba-password-file 
 when I have a PDC and a BDC running?
 
yes you do.
or you could use ldap and replication...

 Situation:
 
 All machines have trustee accounts on the pdc and like to log on the bdc. Does 
 the bdc know about the users from pdc when I set up the 'password 
 server'-parameter?
it can use the pdc to authenticate users but then what's the point of a
bdc?

brad
-- 
Bradley W. Langhorst [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Locating the MACHINE.SID file...

[Robert Adkins]

Hello,

I am setting up our backup Linux server to act a BDC to our Linux PDC.   
In the directions that are available within the Swat Online Help... There   
is a section that states that the private/MACHINE.SID file must be copied   
over exactly as is to the Samba BDC in order for that machine to act as a   
Samba BDC to a Samba PDC.

For the life of me, I have been unable to locate that file. I have   
updated by locatedb and have searched for it using a variety of strings   
and options...

Does anyone know where that file is?

Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Locating the MACHINE.SID fil

[Robert Adkins]

Additional Info...

I am beginning to think that a file called 'secrets.tdb' might be what I   
am looking for. Inside that file is something mentioning SID. Of course,   
it also mentions the name of the PDC.

If that is the file I am supposed to copy over. Then it is done.   
However, I still need a little more input for setting up a Samba BDC.

With a Samba BDC, should I leave the server Netbios the same as the PDC   
or change that to the name of the BDC? If the latter is the case, do I   
then need to change the server name in the 'secrets.tdb' file to match   
the server name in the smb.conf file?

Everything else in the BDC directions makes perfect sense and is   
currently done. I just need answers to these final questions before   
bringing the Samba service up live on that server.



Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


 -Original Message-
From: Robert Adkins
Sent: Wednesday, January 22, 2003 7:14 PM
To: [EMAIL PROTECTED]; Robert Adkins
Subject: [Samba] Locating the MACHINE.SID file...

   

Hello,

I am setting up our backup Linux server to act a BDC to our Linux PDC.   


In the directions that are available within the Swat Online Help... There   


is a section that states that the private/MACHINE.SID file must be copied   


over exactly as is to the Samba BDC in order for that machine to act as a   


Samba BDC to a Samba PDC.

For the life of me, I have been unable to locate that file. I have
updated by locatedb and have searched for it using a variety of strings   


and options...

Does anyone know where that file is?

Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


 --
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] A-TEEN 5265

[Mike Lenin]

  

  

  


  


  Try 
to recollect, how it happened with you for the first time.
Shure, you do remember your first sensations and bright impressions 
still warms your body by sexual light.
Here you'll see a REAL VIRGIN A-TEEN PORNO of any KIND and WAYS!!! 
It will really remind you your youngness and fresheness of fucking.
HERE you can try a little free tour.

  FREE TOUR JOIN 
  US 


  

  



N‹§²æìr¸›yúèšØb²X¬¶
-¢Ø^~‰e£§DKjwky§m…觲ÚîrبžÈm¶Ÿÿ–+-²Æ¦mª+ƒùšŠYšŸùb²Ø§~ìjfÚ

Re: Re: [Samba] WARNING : no network interfaces found.

[Joel Hammer]

Yes, I think I misread your ip address.
Sorry.
Joel

On Wed, Jan 22, 2003 at 12:08:12PM +0530, akshaysalkar wrote:
 i thought 255 is a broadcast...
 
 
 
 Joel Hammer wrote:
 
 
 
 You are using the ip that is used for broadcasts as the ip number of
 your server. That doesn't sound good.
 
 Joel
 On Tue, Jan 21, 2003 at 05:19:57PM +0530, akshaysalkar wrote:
 gt; i get the following error 
 gt; 
 gt; WARNING : no network interfaces found.
 gt; 
 gt; when i run smbclient or nmblookup etc.
 gt; 
 gt; the following is the settings in my computer.
 gt; 
 gt; workgroup = TRIDENTMUMBAI
 gt; security = domain
 gt; password server = 10.160.128.152
 gt; netbios name = smbsys
 gt; interfaces = 192.168.1.225
 gt; encrypt passwords = yes
 
 
 
 Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
 
  Buy the best in Movies at http://www.videos.indiatimes.com
 
 Now bid just 7 Days in Advance and get Huge Discounts on Indian Airlines Flights. So 
log on to http://indianairlines.indiatimes.com and Bid Now!
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Locating the MACHINE.SID fil

[Greg J. Zartman]

Robert,

Have a look at the following, section 7.5

http://us2.samba.org/samba/ftp/cvs_current/docs/htmldocs/samba-bdc.html

--
Greg J. Zartman, P.E.
Vice-President

Logging Engineering International, Inc.
1243 West 7th Avenue
Eugene, Oregon 97402
541-683-8383   541-683-8144
www.leiinc.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] FW: Microsoft Security Bulletin MS02-070: Flaw in SMB Signing Could Enable Group Policy to be Modified (309376)

[Barry, Christopher]

All,
Could this patch in any way cause problems with samba?

Thanks,

--
Christopher Barry
Manager of Information Systems
InfiniCon Systems
http://www.infiniconsys.com
office:610.233.ISIS (4747)
direct:610.233.4870
cell:267.879.8321


-Original Message-
From: Microsoft
[mailto:[EMAIL PROTECTED]
osoft.com]
Sent: Wednesday, January 22, 2003 4:29 PM
To: Barry, Christopher
Subject: Microsoft Security Bulletin MS02-070: Flaw in SMB Signing Could
Enable Group Policy to be Modified (309376)


-BEGIN PGP SIGNED MESSAGE-

- --
Title:  Flaw in SMB Signing Could Enable Group Policy to be
Modified (309376)
Released:   11 December 2002
Revised:22 January 2003 (version 2.0)
Software:   Microsoft Windows 2000 
Microsoft Windows XP
Impact: Modify group policy.
Max Risk:   Moderate 

Bulletin:   MS02-070

Microsoft encourages customers to review the Security Bulletin at: 
http://www.microsoft.com/technet/security/bulletin/MS02-070.asp.
- --

Reason for Revision:

Subsequent to releasing this bulletin it was determined that the
fix was not included in Microsoft Windows XP Service Pack 1. The
bulletin has been updated to reflect this, and the patch had been 
updated so that it installs on Windows XP Service Pack 1 systems.
Customers who are currently running XP Service Pack 1 should apply 
the patch.

Issue:
==
Server Message Block (SMB) is a protocol natively supported by all
versions of Windows. Although nominally a file-sharing protocol, it
is used for other purposes as well, the most important of which is
disseminating group policy information from domain controllers to
newly logged on systems. Beginning with Windows 2000, it is possible
to improve the integrity of SMB sessions by digitally signing all
packets in a session. Windows 2000 and Windows XP can be configured
to always sign, never sign, or sign only if the other party requires
it. 

A flaw in the implementation of SMB Signing in Windows 2000 and
Windows XP could enable an attacker to silently downgrade the SMB
Signing settings on an affected system. To do this, the attacker
would need access to the session negotiation data as it was exchanged
between a client and server, and would need to modify the data in a
way that exploits the flaw. This would cause either or both systems
to send unsigned data regardless of the signing policy the
administrator had set. After having downgraded the signing setting,
the attacker could continue to monitor the session and change data
within it; the lack of signing would prevent the communicants from
detecting the changes. 

Although this vulnerability could be exploited to expose any SMB
session to tampering, the most serious case would involve changing
group policy information as it was being disseminated from a Windows
2000 domain controller to a newly logged-on network client. By doing
this, the attacker could take actions such as adding users to the
local Administrators group or installing and running code of his or
her choice on the system.

Mitigating Factors:

 - Exploiting the vulnerability would require the attacker to have
   significant network access already. In most cases, the attacker
   would need to be located on the same network segment as one of
   the two participants in the SMB session. 
 - The attacker would need to exploit the vulnerability separately
   for each SMB session he or she wanted to interfere with. 
 - The vulnerability would not enable the attacker to change group
   policy on the domain controller, only to change it as it flowed
   to the client. 
 - SMB Signing is disabled by default on Windows 2000 and Windows
   XP because of the performance penalty it exacts. On networks
   where SMB Signing has not been enabled, the vulnerability would
   pose no additional risk - because SMB data would already be
   vulnerable to modification.

Risk Rating:

 - Windows 2000: Moderate 
 - Windows XP: Low

Patch Availability:
===
 - A patch is available to fix this vulnerability. Please read the 
   Security Bulletin at
   http://www.microsoft.com/technet/security/bulletin/ms02-070.asp
   for information on obtaining this patch.

- -

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
AS IS 
WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES,
EITHER EXPRESS 
OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A 
PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
SUPPLIERS BE 
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, 
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT 
CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF
SUCH 
DAMAGES. 

[Samba] Samba goes catatonic...?

[Ryan Beisner]

Guten Tag!

I have Samba 225 on a network of 75-100 daily users.

System has (4) SCSI drives:  (2) 18GB (RAID-1)  and   (2) 36GB (RAID-1)
on two different SCSI channels.  

The system is running Red Hat 7.3 with updated and recompiled Samba 2.25
package.  

After one day of operation, the SMBD process is listed in ps -A ten to
fifteen times, and some client PCs cannot connect.  There is no rhyme or
reason as to which clients cannot connect ... some are 98, 98SE, 2000,
XP, and XP SP1.

The thing that kills me is that while some cannot access it via network
neighborhood, those same clients can open a DOS shell, and run ping
bigserver and get 100% replies at 1 to 2ms;  whilst other clients
haven't noticed any problems via nethood at all.

OK?  So something is eating up the system.  Turns out that when theses
symptoms surface (daily), LOGROTATE is consuming around 90% CPU in
top.  Killing all top processes and issuing service smb restart
resolves the problem of not being able to connect (from only random
workstations).

This machine is running as PDC to two NT 4 SP6a boxes.  When the Samba
server goes funky, and I reboot one of those NT servers, it gives a
message about not seeing any PDC and that it is about to use info out of
cache (as can be expected with no PDC).

I've set the DEBUG LEVEL to 1 (was at 3), and we still see these
problems.  The SAMBA log folder (/var/log/samba) would reach 22MB in one
day at level 3.

Looking through those logs doesn't tell me anything in particular:  it
lists failed authentications by some users, as expected, files that
weren't found, as expected.  Nothing alarming (I think) is listed here.


QUESTIONS:

--- Is it normal to see several SMBD processes in a ps -A command?
--- What else can help indicate what may cause this Samba server to go
catatonic?



All help and advice is greatly appreciated.  Thanks in advance!

-Ryan Beisner














*/ The source is indeed with me. */

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Damnit audit

[Jim]

Hey, as the song says, Don't worry, be happy.  You'll give yourself 
hypertension going about like that. :-)

I understand your frustration, however I gently remind you, sir, that 
some may be to busy to answer, some may not like your 'tude, some may 
not understand your problem, some might be more lost than you are, some 
might not have ever used audit or even know what it is (like me) and 
that the sum of these some's (as well as many not listed here) can often 
account for all.  Consequently it does not follow that list members are 
willfully ignoreing anyone.

I can't speak for anyone else but... shrug If I could help, I would.
If I werent willing to trade assistance, I would not be here.


Eugene M. Zheganin wrote:
Hi, all.
It seems like everybody ignore my letters about audit in samba.
I wanna ask one simple question-
have anyone working audit in samba ?
 WBR



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Data Conversion

[Jim]

Also it is my understanding that M$ filesize reporting is inaccurate.

[EMAIL PROTECTED] wrote:

If I copy a file locally from a samba mount and download the same file via
FTP the file sizes are different.  The FTP file is correct where as the
copied file is an incorrect format.  Although I can't see a physical
difference, after writing to tape you can see that each record is shifted a
space.  Is there any setting to control the data conversion across a samba
mount?

Mike




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: smbfs + large UID's

[Jim]

I'm probably talkin' out my hat here (or brainstorming?) and I don't 
know if this is possible but maybe if you used hex numbers or a base X 
number system for uids?

If you use all 24 letters upper *and* lowercase *and* 0-9, that is a 
base 58 number system which fits HUGE numbers in small strings.  :-)
If samba deals with the numbers as if they were strings you could in 
theory do this by changeing the samba.schema definition of uidNumber and 
manageing the uids by script.

Marco Walther wrote:
[ I'm not on this list, so please include me on the replies! ]

Hi,

I've discovered (at least for me and some colleagues;-) the following
problem on Linux@x86 (2.4.*):

When we try to mount FS's via smbfs with the option uid=my_uid this
uid can only be 16bits wide:-(  But we have uid's larger than 65536
which than end up beeing interpreted as %2^16 -- not allowing user-level
access to the files.

Is there any work in progress to fix that problem? I'm running Linux
2.4.20 and SuSE 8.1 installed samba 2.2.5 but I've also played with
samba-2.2-cvs as of today.

Thanks,
-- Marco




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SWAT port change

[Eric]

Hi Folks,

I have a conflict on port 901 which is the default for SWAT.  I tried to
reassign it to port 902 in /etc/services and this did not work.  Does any
one know how to re-assign the port number for SWAT?  (We use AIX)

Thanks



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Data Conversion

[Rashkae]

Umm, no, M$ file size reporting is to the byte and perfect accurate.


Jan 22  9:27pm


They hang the man and flog the woman
That steal the goose from off the common,
But let the greater villain loose
That steals the common from the goose.
  --English folk poem, circa 1764








On Wed, 22 Jan 2003, Jim wrote:

Also it is my understanding that M$ filesize reporting is inaccurate.

[EMAIL PROTECTED] wrote:
 If I copy a file locally from a samba mount and download the same file via
 FTP the file sizes are different.  The FTP file is correct where as the
 copied file is an incorrect format.  Although I can't see a physical
 difference, after writing to tape you can see that each record is shifted a
 space.  Is there any setting to control the data conversion across a samba
 mount?

 Mike



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Initial Samba setup

[naugaranch]

Sounds like a common problem --- What is your firewall settings?  Try
dropping the firewall or stopping IPCHAINS and IPTABLES.

Tom Winfield

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Steve
Sent: Wednesday, January 22, 2003 3:17 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Initial Samba setup


My WinXP pro box is seeing the Samba server but I get the following
error when try to access the server.

\\Linux is not accessible.  Might not have permission to use this
network resource.  Contact the administrator to find out if you have
access permission.s

The network path was not found.

I have done a testparm on the smb.conf and all is OK.  I do have a unix,
samba and a windows user/password that are identical.  I can do a
smbclient on the xp box and see the shares at that end.

I currently have the following shares setup on Linux box.

Share Name  PathSecurity

homes   All Home DirectoriesRead/write to all known users
printersAll PrintersPrintable to everyone
public  /home/samba/public  Read/write to everyone
Steve   /home/steve Read/write to all known users

Being new to Linux let alone Samba I hope I've over looked something
really simple!

Help me please!

Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Data Conversion

[Jim C]

hmmm... Well I do remember once uploading a file to my Linux server 
(without samba) and seeing a change in the file size.  Downloading the 
file back onto the Windows box put the file size right back where it 
was, so you can see how one might believe this.  Needless to say I was 
completley baffled.  I could still use the file and there seemed no 
other changes other than that on this box it was one size and another 
size on that box.  I also remember consulting a professional about it 
and what I was told was that Windoze does rounding.  Of course it could 
be the difference between Windoz 95 / 98 /98 2nd Ed  / 2K / XP as I do 
not remember the exact OS and truthfully the Professional I consulted 
was... well... a Linux extremist a.k.a. Penguin Nazi. ;-)

I leave it to the reader to draw further conclusions in regards to the 
file size issue.

Rashkae wrote:
Umm, no, M$ file size reporting is to the byte and perfect accurate.


Jan 22  9:27pm


They hang the man and flog the woman
That steal the goose from off the common,
But let the greater villain loose
That steals the common from the goose.
  --English folk poem, circa 1764








On Wed, 22 Jan 2003, Jim wrote:

Also it is my understanding that M$ filesize reporting is inaccurate.

[EMAIL PROTECTED] wrote:


If I copy a file locally from a samba mount and download the same file via
FTP the file sizes are different.  The FTP file is correct where as the
copied file is an incorrect format.  Although I can't see a physical
difference, after writing to tape you can see that each record is shifted a
space.  Is there any setting to control the data conversion across a samba
mount?

Mike









--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] litle help

[Hristo Georgiev]

Hi all. I running FreeBSD 4.6 and Samba ... use 
Win2K for password server, but now i want to use passwd file on BSD  have 
some problem .. security = user but doesn't work . If possible post me some 
working samba conf file (smb.conf).
  


   10x in 
advance

Re: [Samba] Re: Data Conversion

[Rashkae]

How were you examing the file size?  If you look at the properties of a
file in Explorer, you see a file size (in Brackets) as well as a confusing
number of bytes used.  The bytes used will depend on the block size, as
it is supposed to report the bytes of hard drive storage used to store the
file, and will probably be innacurate when reporting the amount of space
used on the samba share.  The number of bytes in the brackets, however,
should not change, and is not rounded.


On Wed, 22 Jan 2003, Jim C wrote:

hmmm... Well I do remember once uploading a file to my Linux server
(without samba) and seeing a change in the file size.  Downloading the
file back onto the Windows box put the file size right back where it
was, so you can see how one might believe this.  Needless to say I was
completley baffled.  I could still use the file and there seemed no
other changes other than that on this box it was one size and another
size on that box.  I also remember consulting a professional about it
and what I was told was that Windoze does rounding.  Of course it could
be the difference between Windoz 95 / 98 /98 2nd Ed  / 2K / XP as I do
not remember the exact OS and truthfully the Professional I consulted
was... well... a Linux extremist a.k.a. Penguin Nazi. ;-)

I leave it to the reader to draw further conclusions in regards to the
file size issue.

Rashkae wrote:
 Umm, no, M$ file size reporting is to the byte and perfect accurate.

 
 Jan 22  9:27pm


 They hang the man and flog the woman
 That steal the goose from off the common,
 But let the greater villain loose
 That steals the common from the goose.
   --English folk poem, circa 1764








 On Wed, 22 Jan 2003, Jim wrote:

 Also it is my understanding that M$ filesize reporting is inaccurate.

 [EMAIL PROTECTED] wrote:

If I copy a file locally from a samba mount and download the same file via
FTP the file sizes are different.  The FTP file is correct where as the
copied file is an incorrect format.  Although I can't see a physical
difference, after writing to tape you can see that each record is shifted a
space.  Is there any setting to control the data conversion across a samba
mount?

Mike







-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SWAT port change

[Chris Travers]

Please correct me if I am wrong, but doesn't SWAT run via Inetd?  If so,
wouldn't you have to reconfigure Inetd (or its equivalent?

Best Wishes,
Chris Travers

Eric [EMAIL PROTECTED] wrote in message
news:b0ngvl$sgu$[EMAIL PROTECTED]...
 Hi Folks,
 
 I have a conflict on port 901 which is the default for SWAT.  I tried 
 to reassign it to port 902 in /etc/services and this did not work.  
 Does any one know how to re-assign the port number for SWAT?  (We use 
 AIX)
 
 Thanks
 
 
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] [iddwb@urbansrv1.pp.asu.edu: ]

[David Bear]

This is very frustrating.  I have a number of print shares defined in
smb.conf.  Some of the printer shares open from the windows interface
and display the correct status.  Other open with the message access
denied but printing continues to work.  I spent an hour going over
the latest smb.conf man page and found two possible solutions: 
1) using dissable spoolss = yes
2) and use client driver = no

I've implemented these and, no more mixed messages on the windows
printer object.  The question is Why did I have mixed results opening
these printer objects where some worked and others didn't.  I'd like
to use the new rpc methods for printing but it was way to confusing to
the users to show this bogus messages.

#=== Global Settings =
[global]
   netbios name = URBANSRV1 
   workgroup = CUI 
   server string = Center for Urban Studies ASU Ag Building
   announce as = NT
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the loopback interface. For more examples of the syntax see
# the smb.conf man page
   hosts allow = 129.219. 127.
   load printers = no 
   printcap name = /etc/printcap
   printing = LPRng
   print command = /usr/local/bin/lpr -P%p -r %s
   lpq command = /usr/local/bin/lpq -P%p
   lprm command = /usr/local/bin/lprm -P%p %j
   use client driver = no
# user client driver should be no by default, but ?
   disable spoolss = yes
   log file = /var/log/samba.d/smb.%m
   max log size = 50
   log level = 2
   security = server 
   password server = ASURITE1 
   password level = 8
   username level = 8
   encrypt passwords = yes
   guest account = urban
   ; map to guest = yes
   socket options = TCP_NODELAY 
   remote browse sync = 129.219.120.191 129.219.100.13
   remote announce = 129.219.120.191 129.219.100.63
   local master = yes
   os level = 34
   domain master = yes 
   preferred master = yes
   name resolve order = wins lmhosts bcast
   wins support = no
   wins server = 129.219.13.105 
   dns proxy = no 
;  preserve case = no
;  short preserve case = no
;  default case = lower
;  case sensitive = no
   message command = /usr/bin/logger %s: 
   time server = yes

# Share Definitions ==

[print$]
   ; see samba 2.2 howto for info on this
   path = /home/printers/printdefs
   guest ok = yes
   browseable = yes
   read only = yes
   write list = @smbadmin,dbacopp

[iddwb]
   path = /home/iddwb
   valid users = iddwb
   writeable = yes
   create mask = 0750
   browseable = yes

; [printers]
;   comment = All Printers
;   browseable = no
;   guest ok = yes
;   writable = no
;   printable = yes

[marvelm]
   path=/home/marvelm
   valid users = marvelm
   writeable = yes
   create mask = 0750
   browseable = no

[iccec]
   path=/home/iccec
   valid users = iccec
   writeable = yes
   create mask = 0750
   browseable = no

[urbanhp1]
   path = /home/printers/urbanhp1
   comment = Urban Inquiry HP4050 AG312
   printable = yes
   printer name = urbanhp1
   valid users = @samba 
   guest ok = yes
   browseable = yes

[apashp]
   path = /home/printers/apashp1
   comment = Asian Pacific HP400 AG???
   printable = yes
   printer name = apashp
   valid users = @samba
   guest ok = no
   browseable = yes

[apashp2]
   path = /home/printers/apashp2
   comment = Asian Pacific HP400 AG???
   printable = yes
   printer name = apashp2
   valid users = @samba
   guest ok = no
   browseable = yes

[aishp]
   path = /home/printers/aishp1
   comment = American Indian HP AG372
   printable = yes
   printer name = aishp
   valid users = @samba
   guest ok = no
   browseable = yes

[aishp45]
   path = /home/printers/aishp45
   comment = American Indian HP400 AG372
   printable = yes
   printer name = aishp45
   valid users = @samba
   guest ok = no
   browseable = yes

[rmthp2]
   path = /home/printers/rmthp2
   comment = RecMgt Ag printer ag???
   printable = yes
   printer name = rmthp2
   valid users = @samba
   guest ok = no
   browseable = yes

- End forwarded message -

-- 
David Bear
College of Public Programs/ASU
Mail Code 0803
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Locating the MACHINE.SID file...

[Bradley W. Langhorst]

On Wed, 2003-01-22 at 19:14, Robert Adkins wrote:
 Hello,
 
   I am setting up our backup Linux server to act a BDC to our Linux PDC.   
 In the directions that are available within the Swat Online Help... There   
 is a section that states that the private/MACHINE.SID file must be copied   
 over exactly as is to the Samba BDC in order for that machine to act as a   
 Samba BDC to a Samba PDC.
 
   For the life of me, I have been unable to locate that file. I have   
 updated by locatedb and have searched for it using a variety of strings   
 and options...
 
   Does anyone know where that file is?
it doesn't exist anymore in the latest sambas.
the  howto collection covers this...

use smbpasswd -S to set up the BDC...

brad
-- 
Bradley W. Langhorst [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba goes catatonic...?

[Bradley W. Langhorst]

On Wed, 2003-01-22 at 21:01, Ryan Beisner wrote:

 
 QUESTIONS:
 
 --- Is it normal to see several SMBD processes in a ps -A command?
yes - 1 per user connection
 --- What else can help indicate what may cause this Samba server to go
 catatonic?
are you using wins for browsing? you should be with that many clients.

You should upgrade to 2.2.7a many bugs have been fixed since 2.2.5
I think I recall one that had the nmbd freaking out (which would explain
your symptoms)

brad
-- 
Bradley W. Langhorst [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] $BL$>5Bz9-9p"(3J0B$N%W%l%9%j%j(B$B!<%9Be9T!&1D6H%a!<%kBe9T$N$4(B$B0FFb(B

[$B3t<02q<R%l%C%I%9%?!<(B]

$B!R;v6H$7$J$$>l9g$N08@h%a!<%k%"%I%l%9(B [EMAIL PROTECTED]
$B:#8e%@%$%l%/%H%a!<%k$5$l$J$$>l9g$O!"$3$N$^$^JV?.$$$?$@$-!"(B
$B%a!<%kK\J8$N9TF,$K!"H>3QBgJ8;z$G(B
(BREFUSE
$B$H!"(B$B$r4^$`J8;zNs!J(BREFUSE$B$@$1$G$O=hM}$7$^$;$s!#G0$N0Y!#7oL>5Z$SK\(B
$BJ8(BREFUSE$B0J2<$O2?$G$b7k9=$G$9!#!K$r$45-F~$$$?$@$1$l$P!"%G!<%?%Y!<(B
$B%9$+$i%a!<%k%"%I%l%9$r<+F0=hM}$K$F!":#8eAw?.$7$J$$$h$&$K$$$?$7$^$9!#(B
$B!>@n@/M5$r4'$7!"(B
$B2HEENLHNE9!"%Q%=%3%s%7%g%C%W!"3Z4oE98~$11D6HBe9T!%3hF0!&27Gd!"(B
$B2;3Z2;6A5!4o!&%G%8%?%k(BAV$B2HEE$N>%5!<%S%94k2h!"M"F~R2p$7$F$b$i$&%W%l%9%j%j!<%9Be9T$+$i!"(B
$B6HJmHNGd!"(B
$B>.GdE9$X$N%Y%?$J1D6HK,Ld3hF0$^$G!"8f>!!@n!!@/!!M5!!BeI=e$,$j$N7P:Q@.D9$N;~Be$O(B
$B2a$.5n$j$^$7$?!#NI$$@=IJ!"JXMx$J%5!<%S%9$r:n$l$PL[$C$F$$$F$bB(:B(B
$B$KGd$l$k;~Be$G$O$"$j$^$;$s!#Bg(B
$BEY$r%P%M$K$J$s$H$+$J$k$G$7$g$&$,!"2f!9Cf>.4k6H$O!"e$G$9!#1D6H$"$k$N$_$G$9!#<+e5,LO$G$9!#$H$K$+$/$b6/NO$K1D6H$7$^$7$g$&!#;W$$$D$$$?(B
$B$3$H$Oo$K?75,8\5R$rlE$j5a$a$k$N$G$9!#(B
$B$3$l$^$GF|K\?M$O%S%8%M%9!">$rJN$`798~$,$"$j$^$7$?!#3N$+$KC/$b(B
$B$,@E$+$K>o<1E*$K>$G$-$l$P$=$l$K1[$7$?$3$H$O$"$j$^$;$s!#$7$+$7!"(B
$B:#$N;~Be!"$=$s$J$3$H$G@8$-;D$l$^$9$+!)@83h$7$F$$$1$^$9$+!)JD$8$+(B
$B$1$?%5%$%U$OL5M}$d$j$3$83+$1$M$P$J$j$^$;$s!#Nc$($P!"8wDL?.$5$s$O(B
$BHs>o<1$J7c$7$$1D6Ho<1(B
$B$r;}$A9~$a$k$N$O!"Bg4k6H$H=>6H0w$@$1$G$9!#FC$KCf>.4k6H7P1Do(B
$B<1E*$G$O$$$1$^$;$s!#5.J}$,:$$C$F$$$k;~$K0lBNC/$,=u$1$F$/$l$k$H$$(B
$B$&$N$G$9$+!)$"$$$D$O5$$,68$C$F$k$s$8$c$J$$$+$H8@$o$l$k$/$i$$$N68(B
$B5$$H?.G0$,I,MW$G$9!#(B
$B$"$J$?$N$=$N685$$H?.G0$r2f!9$K$*e$2$F$b$i$&$?$a$K>p(B
$BJs$rDs6!$9$k$b$N$G$9!#JsF;4X788e$+$iLd$$9g$o$;;~$7!"$b$N$9$4$/(B
$B!!%S%C%/%j$7$^$7$?!#(B
$B!!CO85$N%F%l%S?@F`@n$+$i$be$2(B

[Samba] Re: Data Conversion

[Jim]

To be frank I don't remember the specifics.  A simple test should 
suffice to prove the point one way or the other.  Get a file say ~5.0 mb 
in size and write down it's size and then send it to the server.  Check 
the size again and then download it and check the size a third time.

Rashkae wrote:
How were you examing the file size?  If you look at the properties of a

...

should not change, and is not rounded.




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba-to-samba migration

[Marian Mlcoch, Ing]

Yes Buchan have right best choice is upgrade on old 8.1 to samba 2.2.7 and
then transfer all to preinstaled 9.0.

- Original Message -
From: Buchan Milne [EMAIL PROTECTED]
To: Marian Mlcoch, Ing [EMAIL PROTECTED]
Cc: Chris Nolan [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, January 22, 2003 6:33 PM
Subject: Re: [Samba] Samba-to-samba migration


  Message: 1
  From: Marian Mlcoch, Ing [EMAIL PROTECTED]
  To: Chris Nolan [EMAIL PROTECTED],
  [EMAIL PROTECTED]
  Subject: Re: [Samba] Samba-to-samba migration
  Date: Wed, 22 Jan 2003 14:30:44 +0100
  Organization: =?iso-8859-1?Q?TSMP=2C_a.s._Presov?=
 
  Try read help on samba swat home page on your 2.2.7 swat www or howto
htmls.
  ***How To Configure Samba as a Backup Domain Controller for a Samba
PDC***
  But this is only for login good choice, for storing files is problem
with
  change home directories to another server when PDC dies...
 
  For first Q about migration i must say that is not simply. Best setup is
  teoretical downgrade samba on new 9.0 to eq version 2.2.2 then copy all
  config and db files and then upgrade to 2.2.7a.

 May be better (since there are 2.2.7 RPMs for 8.1 on the samba ftp
 mirrors) to upgrade the 8.1 box to 2.2.7 first, and ensure that's
 working fine, then migrate it to 9.0 while keeping the samba version the
 same.

  You can try without this but not copy tdb files only overwrite smb.conf
and
  smbpasswd plus recreate acounts from passwd 8.1. Plus transfer SIDs of
  machine and domain as is write in uplisted howto.
 

 Well, 2.2.7 stores the domain SID in secrets.tdb, so it would be
 essential to take the secrets.tdb. Of course, you should still have a
 .SID file for 2.2.2 which you should backup, and 2.2.7 is supposed to be
 able to import a .SID file if it finds one ...

 But, if you want to run 2.2.2 on Mandrake 9.0 you're on your own ...

 Buchan

 --
 |--Another happy Mandrake Club member--|
 Buchan MilneMechanical Engineer, Network Manager
 Cellphone * Work+27 82 472 2231 * +27 21 8828820x121
 Stellenbosch Automotive Engineering http://www.cae.co.za
 GPG Key   http://ranger.dnsalias.com/bgmilne.asc
 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 12 Charakter Sharename

[Joern . Karthaus]

I'm using Samba 2.2.1a in a NT Network as a Domain Member.
Everything works fine. But the size of Share Names from Samba is limited to
12 Charakters.

Why can´t use longer Sharenames ???

Thanks for Answers



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ghost jobs through samba

[Enriko Groen]

On Wed, 22 Jan 2003 18:28:10 +0200, Vladimir Karavelov wrote:
I think it was Klez.h. Go to www.avp.ch and there was free cleaner
called
clrav. It diagnoses very fast. You must check all of your PCs
connected to
your network.

The scanner found an infection with the Tanatos virus. That was probably
it. It does spread itself thropugh network shares. Think I'll have to
slap my wife again for this infection. ;)

--
[ [EMAIL PROTECTED] ] - [ http://www.xhuman.net ]



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] automatic print queue update on client machine

[Christoph Becker]

Hi list,I used to have a novell print server; at the moment we consider tomigrate to a samba (2.2.5-124) controlled printserver using cups(1.1.15-69) on Suse 8.1.Problem is: Using Novell the print queue you see on the (win-) client isautomatically updated every few seconds.Using Samba it is not updated; means you have to click on refresh toget the actual queue.Is this a client (redmont-wincrap) or a server (samba/cups) problem?Does anybody have the same problem?Is there a fix?thanx in advancechris

[Samba] samba account question

[ni]

In our ldap, we have people who are in the following objectclasses

top
person
inetOrgPerson
posixAccount
shadowAccount
customObjectClass:  


by doing a comparison of the exported .ldif files from a (test) person's 
entry before and after using 'smbpasswd -a' on a machine that is 
configured to make those changes back into the directory (instead of in 
the smbpasswd file) i discover that


in addition to
objectclass:  sambaAccount

i also have the following attributes

rid:
displayName:
logonTime: 0
primaryGroupID: 1201
objectClass: sambaAccount
acctFlags: [UX ]
logoffTime: 2147483647
kickoffTime: 2147483647
pwdLastSet: 1043292599
pwdCanChange: 0
pwdMustChange: 2147483647


I'm trying to build a php page that will promote a user to objectclass: 
sambaAccount -- my question is:  Can I just populate those attributes 
with the above default values?  DisplayName can be generated from cn or 
gecos.   Do i need to use a specific algorithm for generating an rid? 
Or can I just pick from a range of available numbers?

   thank you very much in advance for your time,
   ~c


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: Auth question.

[Ken Cross]

I'm pretty sure that Kerberos uses port 88, but that's just for
authentication.  Port 445 is used for connecting to shares.

We've been running tests blocking ports.  With ports 137 - 139 and 445
blocked for UDP and TCP, the join fails but the computer name is still
entered in the AD.  With just ports 137 - 139 blocked (445 enabled), the
join succeeds and all client share operations seem to function correctly
as long as there is no NetBIOS name resolution involved.

Hope this helps.

Ken


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Christopher
R. Hertel
Sent: Wednesday, January 22, 2003 1:42 AM
To: Andrew Bartlett
Cc: [EMAIL PROTECTED]
Subject: Re: Auth question.


On Wed, Jan 22, 2003 at 05:30:45AM +, Andrew Bartlett wrote:
 On Tue, Jan 21, 2003 at 09:13:38PM -0600, Christopher R. Hertel wrote:
  I *think* it's a rule that Kerberos authentication is always used 
  with
  SMB over TCP (port 445) and that Kerberos is *not* used with SMB
over NBT 
  (port 139).
  
  Am I wrong?
 
 I think you are wrong.  As far as I know there is no per-port stuff.

Quite possibly.  That's why I asked.  :)

...but which clients would actually do this, and under what conditions?

Of the Windows clients and servers, only W2K and XP-pro know how to work
with Kerberos (does /Me handled Kerberos auth?).  I *imagine* that those
systems use port 445 instead of 139 whenever they can.  If both client
and server know how to handle Kerberos then they likely also know how to
use port 445.

So, unless I'm totally insane, the likelihood of Kerberos auth being
used 
over port 139 is low.

Totally Insane -)-

-- 
Samba Team -- http://www.samba.org/ -)-   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-   ubiqx development,
uninq.
ubiqx Team -- http://www.ubiqx.org/ -)-   [EMAIL PROTECTED]
OnLineBook -- http://ubiqx.org/cifs/-)-   [EMAIL PROTECTED]

Bug in nmbd_become_dmb.c (CVS 1.7 3.somehting) [patch]

[Damjan \Zobo\ Cvetko]

I dont know if this is the rigth list for this..
I'm using the latest samba 3.x. from CVS.. (because of the wins replication)
I have it set up as master browser, but it wont register itself (to the WINS
server running in the same nmbd) as DMB (WROKGROUP#1b..)

I played arround the code a bit and filay did this:


Index: nmbd_become_dmb.c
===
RCS file: /cvsroot/samba/source/nmbd/nmbd_become_dmb.c,v
retrieving revision 1.17
diff -u -r1.17 nmbd_become_dmb.c
--- nmbd_become_dmb.c   12 Nov 2002 23:15:49 -  1.17
+++ nmbd_become_dmb.c   22 Jan 2003 11:00:56 -
@@ -375,7 +375,7 @@
 add_logon_names();

   /* Do the domain master names. */
-  if(lp_server_role() == ROLE_DOMAIN_PDC)
+  if (lp_domain_master() == True)
   {
 if(we_are_a_wins_client())
 {


Now it works..
I have no idea if this is the right wayto do it, but ROLE_DOMAIN_PDC is set
only if the config says it so (and I dont wat it)..
Plus 'lp_domain_master()' answers True if nmbd should be PDC.. so no
functionalyty should be lost..

q:)

-Zobo

Re: Bug in nmbd_become_dmb.c (CVS 1.7 3.somehting) [patch]

[Damjan \Zobo\ Cvetko]

I looked at the log of this file and found:

revision 1.12
date: 2001/08/24 19:21:40;  author: tpot;  state: Exp;  lines: +1 -1
Only register the #1b name if we are ROLE_DOMAIN_PDC rather than
lp_domain_master()
..
Guess I dont know some things, or somebody made a mistake..
-Z

Re: Auth question.

[Andrew Bartlett]

On Wed, Jan 22, 2003 at 12:41:34AM -0600, Christopher R. Hertel wrote:
 On Wed, Jan 22, 2003 at 05:30:45AM +, Andrew Bartlett wrote:
  On Tue, Jan 21, 2003 at 09:13:38PM -0600, Christopher R. Hertel wrote:
   I *think* it's a rule that Kerberos authentication is always used with 
   SMB over TCP (port 445) and that Kerberos is *not* used with SMB over NBT 
   (port 139).
   
   Am I wrong?
  
  I think you are wrong.  As far as I know there is no per-port stuff.
 
 Quite possibly.  That's why I asked.  :)
 
 ...but which clients would actually do this, and under what conditions?
 
 Of the Windows clients and servers, only W2K and XP-pro know how to work
 with Kerberos (does /Me handled Kerberos auth?).  I *imagine* that those
 systems use port 445 instead of 139 whenever they can.  If both client and
 server know how to handle Kerberos then they likely also know how to use
 port 445.
 
 So, unless I'm totally insane, the likelihood of Kerberos auth being used 
 over port 139 is low.

Samba 3.0 listening on 139 only.  This can and does happen.  Firewall rules,
or anything else that makes the 445 connect fail.  I would not attempt to
draw this genralisation in a published work ;-)

Andrew Bartlett

FW: [Ethereal-dev] New Features: SMB RTT statistics and TopTalkers

[Esh, Andrew]

New feature added to Ethereal, available via their CVS. SMB Round Trip Time
calculation. It will be in the next release after 0.9.9.

(Screen shot attached. MUST SEE!)


-Original Message-
From: Ronnie Sahlberg [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 21, 2003 8:31 PM
To: [EMAIL PROTECTED]
Subject: [Ethereal-dev] New Features: SMB RTT statistics and TopTalkers


Due to popular demand, I have checked in two new features:


SMB RTT statistics similar to the ones already in ethereal for ONC-RPC
Calculates Min/Max/Average response times for SMB packets
with a breakout for Transaction2 and NT-Transaction subcommands
Supported both for tethereal and ethereal

try tethereal ...  -z smb,rtt


TopTalkers: IO-Users
Calculates number of frames/bytes in each direction and total number of
bytes/frames
for all conversations and presents it as a list sorted by total number of
frames.
Supports Ethernet/IP/TokenRing
Only implemented for tethereal right now.

See manpage for tethereal  or try
   tethereal ...  -z io,users,ip

___
Ethereal-dev mailing list
[EMAIL PROTECTED]
http://www.ethereal.com/mailman/listinfo/ethereal-dev




smbrtt.png
Description: Binary data

Trash can patch

[Joseph Turner]

Hi,
I found a trash can patch quite some time ago on the Internet and managed to get
it to work with the latest Samba source.

Got a friend who runs a fairly large network and is interested in using such a 
patch. I'm a little worried about it getting used because it hasn't been tested 
thoroughly. 

I figure the best way to get it working better is to let people know where they 
can get it if they want to try it.

http://leederville.net/samba/

Please note, I'm not the original author of it, I can't find who it was. So if 
the original author could contact me, that'd be great.


Cheers

Joe

Re: DOS mode bits missing from Folders

[Pagani Jr, Ronald]

Why not store DOS bit modes in an accompanying dot file?  (The DOS 
modes then read by smbd if it (the dot file) exists)

Ron ;)


On Monday, January 20, 2003, at 10:04 AM, Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 14 Jan 2003, Esh, Andrew wrote:


I have a question about the following piece of code in HEAD 
smbd/dosmode.c,
at line 139:

	if (S_ISDIR(sbuf-st_mode))
		result = aDIR | (result  aRONLY);

This causes the DOS mode HSA Hidden, System, and Archive bits to be
stripped off if a folder is being processed. This makes it impossible 
to
store these bits on a Samba server. Windows allows them to be stored 
for
folders, except for the S System bit.

Why are these bits being stripped off folders?

Shouldn't it be:

	if (S_ISDIR(sbuf-st_mode))
		result |= aDIR;

When I made that change, folders began to retain DOS bits like the 
ones
stored on Windows do.

The e(X)exute bits are special on folders.  For example, if you remove 
the
archive (user 'x' bit) from a directory, you will not be able to 
change to
that directory.

The DOS mode bit stuff really needs a better solution.



cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed
 You can never go home again, Oatman, but I guess you can shop there.
--John Cusack - Grosse Point Blank (1997)


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+LDpKIR7qMdg1EfYRAvkiAJ9cA8Gm9t9iPSBeYudtluJxJRuZ6ACfT3k7
ExM1uo7m6Eaf5RGXO6Y8wLQ=
=WSgs
-END PGP SIGNATURE-

[PATCH] parameter 'passwd chat timeout'

[Jeff McElroy]

   The 'passwd chat' script currently has a hard coded 2 second timeout 
that it uses when waiting for a response.  This is too small for us 
since we propogate the  password to a corporate meta-directory via java, 
soap and ssl (which takes 10 seconds on a clear day).  

   Is there any performance/usability reason why this timeout has been 
kept small ?  

   Attached is a patch for 2.2.7a and HEAD for the parameter 'passwd 
chat timeout' that allows this timeout to be adjusted.  The default 
value for this parameter is kept at 2 seconds.

Jeff McElroy


Index: source/param/loadparm.c
===
RCS file: /cvsroot/samba/source/param/loadparm.c,v
retrieving revision 1.475
diff -u -r1.475 loadparm.c
--- source/param/loadparm.c 13 Jan 2003 13:03:24 -  1.475
+++ source/param/loadparm.c 22 Jan 2003 17:31:34 -
@@ -279,6 +279,7 @@
int restrict_anonymous;
int name_cache_timeout;
param_opt_struct *param_opt;
+   int passwd_chat_timeout;
 }
 global;
 
@@ -1110,6 +,7 @@
{winbind enum users, P_BOOL, P_GLOBAL, Globals.bWinbindEnumUsers, NULL, 
NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{winbind enum groups, P_BOOL, P_GLOBAL, Globals.bWinbindEnumGroups, NULL, 
NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{winbind use default domain, P_BOOL, P_GLOBAL, 
Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+   {passwd chat timeout, P_INTEGER, P_GLOBAL, Globals.passwd_chat_timeout, 
+NULL, NULL, FLAG_BASIC},
 
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
 };
@@ -1453,6 +1455,8 @@
Globals.bUseSpnego = True;
 
string_set(Globals.smb_ports, SMB_PORTS);
+
+   Globals.passwd_chat_timeout=2000; /* In milliseconds */
 }
 
 static TALLOC_CTX *lp_talloc;
@@ -1827,6 +1831,7 @@
 FN_GLOBAL_BOOL(lp_hide_local_users, Globals.bHideLocalUsers)
 FN_GLOBAL_BOOL(lp_algorithmic_rid_base, Globals.bAlgorithmicRidBase)
 FN_GLOBAL_INTEGER(lp_name_cache_timeout, Globals.name_cache_timeout)
+FN_GLOBAL_INTEGER(lp_passwd_chat_timeout, Globals.passwd_chat_timeout)
 
 /* local prototypes */
 
Index: source/smbd/chgpasswd.c
===
RCS file: /cvsroot/samba/source/smbd/chgpasswd.c,v
retrieving revision 1.100
diff -u -r1.100 chgpasswd.c
--- source/smbd/chgpasswd.c 15 Jan 2003 22:15:07 -  1.100
+++ source/smbd/chgpasswd.c 22 Jan 2003 17:31:37 -
@@ -245,7 +245,9 @@
if (strequal(expected, .))
return True;
 
-   timeout = 2000;
+   timeout=lp_passwd_chat_timeout();
+   DEBUG(100, (expect: passwd_chat_timeout=%d\n, timeout));
+
nread = 0;
buffer[nread] = 0;
 

diff -uwrB samba-2.2.7a.dist/source/param/loadparm.c 
samba-2.2.7a/source/param/loadparm.c
--- samba-2.2.7a.dist/source/param/loadparm.c   Tue Dec 10 14:58:15 2002
+++ samba-2.2.7a/source/param/loadparm.cTue Jan 21 20:18:53 2003
@@ -286,6 +286,7 @@
BOOL bUseMmap;
BOOL bUnixExtensions;
int name_cache_timeout;
+   int passwd_chat_timeout;
 }
 global;
 
@@ -1118,6 +1119,7 @@
{winbind enum users, P_BOOL, P_GLOBAL, Globals.bWinbindEnumUsers, NULL, 
NULL, 0},
{winbind enum groups, P_BOOL, P_GLOBAL, Globals.bWinbindEnumGroups, NULL, 
NULL, 0},
{winbind use default domain, P_BOOL, P_GLOBAL, 
Globals.bWinbindUseDefaultDomain, NULL, NULL, 0},
+   {passwd chat timeout, P_INTEGER, P_GLOBAL, Globals.passwd_chat_timeout, 
+NULL, NULL, FLAG_BASIC},
 
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
 };
@@ -1467,6 +1469,8 @@
 */
 
interpret_coding_system(KANJI);
+
+   Globals.passwd_chat_timeout=2000;
 }
 
 static TALLOC_CTX *lp_talloc;
@@ -1822,6 +1826,7 @@
 FN_LOCAL_CHAR(lp_magicchar, magic_char)
 FN_GLOBAL_INTEGER(lp_winbind_cache_time, Globals.winbind_cache_time)
 FN_GLOBAL_BOOL(lp_hide_local_users, Globals.bHideLocalUsers)
+FN_GLOBAL_INTEGER(lp_passwd_chat_timeout, Globals.passwd_chat_timeout)
 
 /* local prototypes */
 
diff -uwrB samba-2.2.7a.dist/source/smbd/chgpasswd.c 
samba-2.2.7a/source/smbd/chgpasswd.c
--- samba-2.2.7a.dist/source/smbd/chgpasswd.c   Tue Jan 21 19:32:42 2003
+++ samba-2.2.7a/source/smbd/chgpasswd.cTue Jan 21 23:36:13 2003
@@ -239,7 +239,8 @@
if (strequal(expected, .))
return True;
 
-   timeout = 2000;
+   timeout=lp_passwd_chat_timeout();
+   DEBUG(100, (expect: passwd_chat_timeout=%d\n, timeout));
nread = 0;
buffer[nread] = 0;
 

Re: Auth question.

[Christopher R. Hertel]

On Wed, Jan 22, 2003 at 06:14:49AM -0500, Ken Cross wrote:
 I'm pretty sure that Kerberos uses port 88, but that's just for
 authentication.  Port 445 is used for connecting to shares.
 
 We've been running tests blocking ports.  With ports 137 - 139 and 445
 blocked for UDP and TCP, the join fails but the computer name is still
 entered in the AD.  With just ports 137 - 139 blocked (445 enabled), the
 join succeeds and all client share operations seem to function correctly
 as long as there is no NetBIOS name resolution involved.
 
 Hope this helps.

Thanks, Ken, but it's not really what I'm trying to figure out.  The 
problem, though, is in my presentation of the question.

More...

On Wed, Jan 22, 2003 at 02:26:43PM +, Andrew Bartlett wrote:
 On Wed, Jan 22, 2003 at 12:41:34AM -0600, Christopher R. Hertel wrote:
  So, unless I'm totally insane, the likelihood of Kerberos auth being 
  used over port 139 is low.

 Samba 3.0 listening on 139 only.  This can and does happen.  Firewall
 rules, or anything else that makes the 445 connect fail.  I would not
 attempt to draw this genralisation in a published work ;-)

What I am trying to do is understand the relationship between the 
different authentication types and the different transports.  It's not the 
ports, per. se., that I'm interested in (139 vs. 445), but the 
relationship between the different implementations and the different auth 
types.

From a Windows perspective, Kerberos Auth is tied in with Active
Directory.  I suspect, then, that only W2K and WXP.pro can cope with
Kerberos auth.  I would also suspect that other Windows systems can't. (I
don't know about /Me or /XP.home). XP.pro and W2K are also the only
Windows systems of which I'm aware that can do SMB over naked TCP
transport on port 445.

So, from a simple perspective, there is a relationship between SMB over
naked TCP and Kerberos Auth.  That relationship is that the Windows 
systems that can handle the former can handle the latter.

Anyway, I'm just trying to gain a better sense of that relationship and 
its limits.

This helps.  Thanks!

Chris -)-

-- 
Samba Team -- http://www.samba.org/ -)-   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)-   [EMAIL PROTECTED]
OnLineBook -- http://ubiqx.org/cifs/-)-   [EMAIL PROTECTED]

[PATCH] Winbind IDMAP Backend rearchitecture

[Jim McDonough]

Ok, I'm posting this on Anthony's behalf.  Corporate legal blabla blabla
blablaladl )U@#)#

Yes, we're working on getting him approval to post code directly :-|


Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA

[EMAIL PROTECTED]
[EMAIL PROTECTED]

Phone: (207) 885-5565
IBM tie-line: 776-9984

- Forwarded by Jim McDonough/Portland/IBM on 01/22/2003 04:59 PM -
   

  Anthony Liguori  

   To:   Jim 
McDonough/Portland/IBM@IBMUS, Steven French/Austin/IBM@IBMUS  
  01/22/2003 04:25 cc: 

  PM   From: Anthony 
Liguori/Austin/IBM@IBMUS  
   Subject:  [PATCH] Winbind IDMAP Backend 
rearchitecture  
   

   




Jim,

This patch adds the architecture for an IDMAP backend system including a
new smb.conf parameter winbind backend.  Right now, the only valid value
is tdb but I'm currently working on an LDAP backend (I guess we should
eventually do an ads backend too).

Untar this in the top-level Samba repository (it adds the file
source/nsswitch/winbindd_idmap_tdb.c) and apply the patch with -p0.

(See attached file: wb_idmap_backend.tar)

Anthony Liguori
Linux/Active Directory Interoperability
Linux Technology Center (LTC) - IBM Austin
E-mail: [EMAIL PROTECTED]
Phone: (512) 838-1208
Tie Line: 678-1208


wb_idmap_backend.tar
Description: Binary data

Payment Due, order 31977

[Lloyd V.]

dgnPlease block future notices. rel

CVS update: samba/source/libsmb

[jerry]

Date:   Wed Jan 22 14:33:15 2003
Author: jerry

Update of /data/cvs/samba/source/libsmb
In directory dp.samba.org:/tmp/cvs-serv26267/libsmb

Modified Files:
  Tag: APPLIANCE_HEAD
nterr.c 
Log Message:
fix for CR 1603; provide description of NT_STATUS_PIPE_NOT_AVAILABLE

Revisions:
nterr.c 1.12.2.5 = 1.12.2.6

http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/nterr.c?r1=1.12.2.5r2=1.12.2.6

CVS update: samba/source/libsmb

[jerry]

Date:   Wed Jan 22 14:34:00 2003
Author: jerry

Update of /data/cvs/samba/source/libsmb
In directory dp.samba.org:/tmp/cvs-serv26324/libsmb

Modified Files:
  Tag: SAMBA_3_0
nterr.c 
Log Message:
fix for CR 1603; provide description of NT_STATUS_PIPE_NOT_AVAILABLE

Revisions:
nterr.c 1.23.2.8 = 1.23.2.9

http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/nterr.c?r1=1.23.2.8r2=1.23.2.9

CVS update: samba/source/libsmb

[jerry]

Date:   Wed Jan 22 14:37:50 2003
Author: jerry

Update of /data/cvs/samba/source/libsmb
In directory dp.samba.org:/tmp/cvs-serv27083/libsmb

Modified Files:
nterr.c 
Log Message:
fix for CR 1603; provide description of NT_STATUS_PIPE_NOT_AVAILABLE

Revisions:
nterr.c 1.31 = 1.32
http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/nterr.c?r1=1.31r2=1.32

CVS update: samba/source

[tpot]

Date:   Wed Jan 22 23:31:04 2003
Author: tpot

Update of /data/cvs/samba/source
In directory dp.samba.org:/tmp/cvs-serv15205

Modified Files:
  Tag: SAMBA_3_0
Makefile.in 
Log Message:
Merge: Make torture tools in everything target.


Revisions:
Makefile.in 1.468.2.33 = 1.468.2.34

http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in?r1=1.468.2.33r2=1.468.2.34

CVS update: samba/source/libads

[tpot]

Date:   Wed Jan 22 23:32:33 2003
Author: tpot

Update of /data/cvs/samba/source/libads
In directory dp.samba.org:/tmp/cvs-serv15454/libads

Modified Files:
  Tag: SAMBA_3_0
kerberos_verify.c 
Log Message:
Merge of kerberos changes to make this branch build again!


Revisions:
kerberos_verify.c   1.1.2.4 = 1.1.2.5

http://www.samba.org/cgi-bin/cvsweb/samba/source/libads/kerberos_verify.c?r1=1.1.2.4r2=1.1.2.5

CVS update: samba/source/lib

[tpot]

Date:   Wed Jan 22 23:32:03 2003
Author: tpot

Update of /data/cvs/samba/source/lib
In directory dp.samba.org:/tmp/cvs-serv15363/lib

Modified Files:
  Tag: SAMBA_3_0
wins_srv.c 
Log Message:
Merge of wins server dead list into gencache.tdb


Revisions:
wins_srv.c  1.7.2.3 = 1.7.2.4

http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/wins_srv.c?r1=1.7.2.3r2=1.7.2.4