Re: [Samba] Swat configuration problem
Have you found a way to hide information about Status and Configuration of samba, to users at Swat pages? What is the diferece between Server Password Management and Client Server Password Management? What means Remote Machine box at Client Server Password Management section? regards guanche El Mar 11 Feb 2003 22:35, Michael G. Noble escribió: I have all my users using the swat interface which is simpler for most PC users than having to login to a UNIX/LINUX machine. Since they login to swat as themselves, there is very little they can do to the system. Mike On Tue, 2003-02-11 at 12:45, James Kosin wrote: Dear Jorge Videgain Marquez, The easiest way to have users change their passwords is to: a)Login to the Linux/Unix box via TELNET. b)Have the user use smbpasswd to change their password. This is the simplest method. SWAT is usually reserved for configuring samba and not user management. Thanks, James Kosin - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 11, 2003 12:59 PM Subject: samba Digest, Vol 2, Issue 37 | Date: Tue, 11 Feb 2003 12:59:39 +0100 | From: Jorge Videgain Marquez [EMAIL PROTECTED] | To: [EMAIL PROTECTED] | Subject: [Samba] Swat configuration problem | Message-ID: [EMAIL PROTECTED] | Content-Type: text/plain; | charset=us-ascii | MIME-Version: 1.0 | Content-Transfer-Encoding: quoted-printable | Precedence: list | Message: 1 | | I would like my terminals computer be allowed to change their passwords | u= sing=20 | Swat web page, but i would not like they could see configuration, smb | fil= e,=20 | status or any other infromation about the net. | | How can i grant access to they could use Swat? when i try to conect | with = a=20 | local samba or linux user diferent than root it says Permision Denied | at = my=20 | browser. | | How can i filter information sent to them so they only could change | their= =20 | passwords? | | Does Swat work fine to do this? any other idea to allow them to chage | the= ir =20 | passwords? | | Regards | | guanche -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Regards guanche -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] pdc win2k sp3 clients/samba 2.27a/redhat 8.0 got itworking now !
OK guys, After beating my head I got it to work !! I setup a new test machine with redhat 8.0 and used the stock samba in it 2.25-10 build. This seems to work like a charm and I was able to go through with it with out a problem. Go figure why the compiled version 2.27a just didn't want to work? Anyways I found a doc off of the Linuxtoday.com site that some girl named Carla put together. I will take her text and make a new step by step manual for everyone based on my experience. Thanks for everyones help. Raj -Original Message- From: mark [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 12:51 AM To: Raj Saxena; [EMAIL PROTECTED] Subject: Re: [Samba] pdc help needed with win2k sp3 clients/samba 2.27a/redhat 8.0 On Tuesday 11 February 2003 07:52, Raj Saxena wrote: Does anyone have any good docs as to what clients work and with what service pack? I know some guys have had luck with debian, and win2ksp3. We have 17 clients in one building and then I would need to bring up two bdc (samba servers) if possible for the remote locations. It sounds like you've done your homework, but this is quite a good document in case you haven't seen it. http://hr.uoregon.edu/davidrl/samba/samba-pdc.html#pdc I know it's possible to connect a w2k machine to a samba pdc as I've done it. Which is not to say anything about you, but just to confirm that it is actually possible. Good luck, mark --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access Denied when connect to samba box
Denis I. Morozov schrieb: Hi! I have MS domain, based on MS Windows 2000 Server. I successfully joined my samba box (Linux 2.5.53, Samba 2.2.4) to domain via smbpasswd -j DOMAIN -r DC -Uuser%pwd. i don't know this line... is here an -a missing? is -Uuser%pass ok? did u check with smbclient on localhost, if u have access to your server? snip Where is error? smbpasswd not ok, wrong userrights in linux/unix firewall ... there are many reasons, give us a little more info... Thanks for help. Best regards, Den PS: Also I cant connect to Win'9x boxes from Win'2000,XP. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access Denied when connect to samba box
Kurt Weiss wrote: I have MS domain, based on MS Windows 2000 Server. I successfully joined my samba box (Linux 2.5.53, Samba 2.2.4) to domain via smbpasswd -j DOMAIN -r DC -Uuser%pwd. i don't know this line... is here an -a missing? is -Uuser%pass ok? Yes -a is missing, username and password right (I use it for logon to Windows boxes). [frozer@linuxbox frozer]$ smbclient -L \\localhost added interface ip=192.168.1.28 bcast=192.168.1.255 nmask=255.255.255.0 Password: blank Anonymous login successful Domain=[DOMAIN] OS=[Unix] Server=[Samba 2.2.4] Sharename Type Comment - --- public Disk For testing only, please musicmovies Disk MP3 Music and Movies IPC$ IPC IPC Service (Samba server) ADMIN$ Disk IPC Service (Samba server) Server Comment ---- DC DARKSTAR Samba server WorkgroupMaster ---- DOMAIN DC did u check with smbclient on localhost, if u have access to your server? Yes, but seems something wrong, when I use password in password prompt: [frozer@darkstar frozer]$ smbclient -L \\localhost added interface ip=192.168.1.28 bcast=192.168.1.255 nmask=255.255.255.0 Password:bla-bla session setup failed: NT_STATUS_LOGON_FAILURE ? Seems, W2k DC cant to authorize my linuxbox. firewall no any firewall in this Class C network. Thanks for help. Best regards, Den -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 2, Issue 40
Date: Sun, 09 Feb 2003 02:20:26 +0100 From: Michael Paarmann [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] fine grain perms Message-ID: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed MIME-Version: 1.0 Precedence: list Message: 4 Hi! What I mean is; dir /a/b/c/d condition; 1) dir abc cannot be deleted 2) dir d can be deleted 3) files in dir ab cannot be deleted but can be created 4) files in dir cd can be deleted As a work around I've created an empty tree structure (a sort of template) and have just renamed the dirs while maintaning the custom perms. Would be nice if it were dynamic. I have nearly the same problem. But, sorry, i don't have real solution for this. I try to set the permissions with the unix rights. In addition to create mask and directory mask i use the sticky bits to realize my permission structure. It's sad to say, but i think, that this to a real big disadvantage of Samba. If you try to set a complex permission structure, it's very difficult work. With Windows or especially Novell it's much more easier, i think. *LOL* Have you heard of samba with ACL? Cheers, Peter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] subscription
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access Denied when connect to samba box
Kurt Weiss wrote: [frozer@linuxbox frozer]$ smbclient -L \\localhost is frozer a legal domain user? (sorry, i did not check first, that your passwordserver is *not* your linux box...) yes, frozer is legal domain name. And password server is Windows 2000 Server. But seems I resolve problem: in group policy for Domain Computers I found some unresolved names as users who has rightes to access to this computer from network or sounds like this, so I removed this unresolved names, after changes in Group Policy I restart DC. Then I remove computer account from domain, join linuxbox to domain again and manually create computer account. After that open Network Neighbornhood and browse shares on LINUXBOX - and it work! Thanks for your help, Kurt! Best regards, Denis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = domain
On Tue, Feb 11, 2003 at 03:36:28PM +0100, Pierrick Brossin wrote: If I have to enter the 60 people that are working here on my freebsd server it's gonna take long and it's static. Everytime a new guy start here I'll have to add it to the freebsd server... You can/should use winbind(*) to avoid this. With winbind, the user magically starts to exist on the bsd machine the instant he/she is created in the NT box. You can also use samba's support for scripts to create a home directory on-the-fly. (*): actually I have no clue if winbind runs on freebsd, I just use linux, but I would assume it does work on bsd. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 AD usage problems
On Wed, Feb 12, 2003 at 07:28:55PM +0800, Catherine Shen wrote: And #kadmin -p administrator fails with the error message: kadmin: Database error! Requeired KADM5 principal missing while initializing kadm in interface kadmin? Don't you mean kinit? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] summary: printing to Win95 local printer
Ron, We've got almost the same problem as you had, and its driving us crazy ! We're trying to migrate a Windows Me network over to Rh 8.0 and just can't print from a Linux box to a Windows printer. Would you be able to give us any pointers to succeeding with this, please ? I can't say we're finding the CUPS docs too useful in this area - maybe we haven't got all the doc that you've seen. Anything you can say about the critical points of configuring Samba and CUPS would be really appreciated - an example of how you achieved this, or pointers/links to the right bit of documentation likewise. Apologies for replying direct, but my posts to the samba list don't always seem to make it. Thanks in advance for any help you can offer. Kevin Lawton. Project Manager. Portmanteau Software Limited. - Original Message - From: Ron Bramblett [EMAIL PROTECTED] To: samba list [EMAIL PROTECTED] Sent: Wednesday, February 05, 2003 9:51 PM Subject: [Samba] summary: printing to Win95 local printer I tried to setup samba to print to a win95 box and I was using lpd from RH7.3 After trying everything I found Cups and looked at the docs and it prints great to the win95 Local Printer. Thanks for your help -- Ron Bramblett Sys Admin Fuller Brush Company -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP printer status, samba and cups
Hi all, I am trying to get decent printer status without timeouts in windows xp (no sp1 installed). When I installed the printer it gave access denied, unable to connect but it printed the test page fine. I rebooted, logged in as normal user and tried to access the printer configuration folder. It took a long while but in the end it gave an ok status on the particular printer, when opening the spool it said that it was still initiasing but I could print ok. Then I logged in as root again, same thing. I am using samba as sole server in the domain, access rights are all ok, I can login to the domain as domain user, I am using cups, tried the lprng setting in smb.conf as well with no change to the status problem. I am using normal windows pcl printer drivers. I can print when logged into the linux box and I can ask for printqueue status as normal non-priviliged linux user. I have played around with chmod 777 and the /var/spool/cups and /var/spool/samba without having a resolution to my problem. Could it have something to do with the following error? [2003/02/12 10:26:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(1721) call_trans2qfilepathinfo: vfs_stat of shell32.dll failed (No such file or directory) [2003/02/12 10:26:20, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2003/02/12 10:26:20, 3] smbd/error.c:error_packet(113) error packet at smbd/trans2.c(1723) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND It's the only one I get in the samba logs and they are multiple between the spoolss rpc's. Cups is not giving any error messages. Here are the printer settings in my smb.conf: printcap name = cups printer admin = @Domain Admins printing = cups [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No If someone can point me my problem and/or a solution please do. Thanks in advance. Regards, Bas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, PDC, logon, logoff
Hello! I have Linux Mandrake (2.2.15) with Samba 2.2.5 as PDC. I want to start certain script when NT-client logoff from my domain. How can I do it? Thanks, Lev mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Joining PDC w/LDAP Question
Buchan, I really appreciate the help as this has pointed me in the right direction. The getent passwd asa$ does not show anything unless I add the machine manually. Should I be putting the following directive in my nsswitch.conf file to be able to perform host lookups from LDAP properly?: hosts: files ldap dns I've noticed that some people do this and some do not in their configurations. I would think that after a Computer record is inserted in my LDAP directory by Samba that NSS needs this directive to actually lookup the computer. When I try this it gives me a Segmentation Fault. Any additional thoughts or suggestions for me at this point? Regards, John -Original Message- From: Buchan Milne [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Tuesday, February 11, 2003 3:26 PM To: Peak, John Cc: [EMAIL PROTECTED] Subject:Re: [Samba] Joining PDC w/LDAP Question Date: Tue, 11 Feb 2003 08:58:22 -0500 From: Samba Newsgroups [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Joining PDC w/LDAP Question Message-ID: b2b7nk$5g4$[EMAIL PROTECTED] Precedence: list Message: 15 Should I be required to add the machine to my passwd file even if I am using LDAP when joining a W2K domain domain? No, an LDAP account is enough, as long as your box is setup to retrieve user information from ldap (ie via nss_ldap). The only way I can get a machine to join my Samba PDC is via the following commands. # /usr/sbin/useradd -g 100 -d /dev/null -c asa -s /bin/false asa$ # smbpasswd -a -m asa Does 'getent passwd machinename$' return a valid entry on your DC? It needs to at present (samba-2.2.x). I thought that using ldapsam would lookup all machine information from LDAP without having to deal with passwd. Any comments would be appreciated. Thanks. Mandrake packages have this example: # Script for domain controller with LDAP backend for adding machines (please # configure in /etc/samba/smbldap_conf.pm first): ; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u Where we provide the smbldap-tools (in examples/LDAP in the souce) in /usr/share/samba/scripts Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] acces to shared directory
I see noone file, the shared directory (in w95) has read permission for all I have RH8 with samba 2.2.5 En w95 machine exists a shared folder pepe, when tray to access from rh8- konqueror, i see the shared directory but don't files . There is a bug o is my mistake ? What are the permissions and ownership of the shared directory? Who are the ownership and permissions of the files that you can not see? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] nmblookup can't resolve IPs (but SMB-names)
Hi there, i have Samba 2.2.7a running on FreeBSD-STABLE 4.7. I set up a few things and smbd and nmbd start up at boot, i can browse the net. However, nmblookup can only find IPs by SMB-names, but not SMB-names by IPs. Here is an example output of the failed lookup: %nmblookup -d 3 210.104.1.133 Initialising global parameters params.c:pm_process() - Processing configuration file /usr/local/etc/smb.conf Processing section [global] added interface ip=210.104.1.133 bcast=210.104.1.255 nmask=255.255.255.0 bind succeeded on port 0 Socket opened. querying 210.104.1.133 on 210.104.1.255 name_query failed to find name 210.104.1.133 Why is it not working? We do not have a WINS in our network and it uses default lmhosts host wins bcast name resolve order. I get the same output for any IP in our network. Other ppl can see and browse my PC. Thanx. PS: here is the log of the working lookup: %nmblookup -d 3 KATWS_PG Initialising global parameters params.c:pm_process() - Processing configuration file /usr/local/etc/smb.conf Processing section [global] added interface ip=210.104.1.133 bcast=210.104.1.255 nmask=255.255.255.0 bind succeeded on port 0 Socket opened. querying KATWS_PG on 210.104.1.255 Got a positive name query response from 210.104.1.133 ( 210.104.1.133 ) 210.104.1.133 KATWS_PG00 -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to know what users i have added with smbpasswd program?
How could i get a list of the users already aded to samba with smbpasswd? -- Regards guanche -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to know what users i have added with smbpasswdprogram?
hi, smbpasswd doesnt support listing users i think. you have to use the net command instead. net user this will give you a list of users in you domain christoph On Mit, Feb 12, 2003 at 03:22:58 +0100, Jorge Videgain Marquez wrote: How could i get a list of the users already aded to samba with smbpasswd? -- Regards guanche -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 printing to public printer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10 Feb 2003, Etienne Tourigny wrote: Hmmm. found the solution myself. The best solution is to add the following line to the [printer] section in smb.conf: use client driver = yes This forces the Windows 2000 (and XP?) to properly treat the printer as a remote device and not locally attached. I found this on http://www2.sis.pitt.edu/~josephm/tips.html and later in the smb.conf man page... RTFM Nope. use client driver is a severe hack to be used **only** when you want to install the drivers locally on the client for a given printer. Generally disable spoolss is cleaner, but that is a global setting. The use client driver parameter allows drivers to be made available on the server for some printers and not others. Never enable it for a printer that will provide drivers on the server. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+SmlEIR7qMdg1EfYRAsePAJ4v/tARyYA2giIQmqTyDqHptuNZnwCdGM6/ kthtIDcjoRU8//MOrltAmlM= =J+mV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to know what users i have added withsmbpasswdprogram?
If you are not using a domain and have added the users directly with the smbpasswd utility, you can just cat the smbpasswd file. Typically, it's found in /usr/local/samba/private directory. If it's long, you might want to use more (or less). Rick Segeberg Provo Site Manager, IT Department The Waterford Institute [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 8:28 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] How to know what users i have added with smbpasswdprogram? hi, smbpasswd doesnt support listing users i think. you have to use the net command instead. net user this will give you a list of users in you domain christoph On Mit, Feb 12, 2003 at 03:22:58 +0100, Jorge Videgain Marquez wrote: How could i get a list of the users already aded to samba with smbpasswd? -- Regards guanche -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba * This email may contain privileged or confidential material intended for the named recipient only. If you are not the named recipient, delete this message and all attachments. Any review, copying, printing, disclosure or other use is prohibited. We reserve the right to monitor email sent through our network. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help, problem with new passwords
Hi everybody Now I have a big problem, the NT Team decide to change all the user's passwords, I have a UNIX Box with samba with security = user, almost all the users make a connect to the samba box, before the passwords were changed they were able to connect it but now they aren't able to connect. I changed the passwords with smbpasswd user but it doesn't work Any idea??? Thank you!!! - configuration file --- [global] workgroup = mydomain netbios name = server netbios aliases = Ser_samba security = share log file = /usr/local/samba/var/log.%m log level = 2 max log size = 3076 encrypt passwords = no password level = 8 username level = 8 hosts allow = IP List interfaces = IP unix password sync = no [coldnet] comment = coldnet path = /export/ecnet/coldnet valid users = @coldnet public = no writable = yes printable = no browseable = yes case sensitive = no follow symlinks = yes create mode = 0640 directory mode = 0750 force user = coldnet force group = coldnet -- Aldo Damian Ambriz Martinez Depto Sistemas Operativos El Palacio de Hierro S.A. de C.V 52295401 ext 1118 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba vs IPP printing
Not including cases of unsupported clients for IPP printing (such as Windows NT) are there any reasons/caveats for installations running CUPS to not move over to IPP printing? Are there any features or benefits to Windows/Samba printing for Windows clients that make it superior compared to IPP? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining PDC w/LDAP Question
Peak, John wrote: Buchan, I really appreciate the help as this has pointed me in the right direction. The getent passwd asa$ does not show anything unless I add the machine manually. Should I be putting the following directive in my nsswitch.conf file to be able to perform host lookups from LDAP properly?: hosts: files ldap dns No, samba currently needs a user account for the machine (since it uses the uid to generate an rid and ensure the rid's don't conflict, since we assume the uid's don't). So, you need at least: passwd: files ldap A common error is to set nss_base_passwd ou=People,basedn in /etc/ldap.conf, and then have the machine accounts in something like ou=Computers,basedn, where (if you have machines in seperate OUs) at least on the DC you need to have something like: nss_base_passwd basedn?sub (on non-DCs, you can leave it with ou=People, to prevent computers showing on client machines, which is what we do). I've noticed that some people do this and some do not in their configurations. I would think that after a Computer record is inserted in my LDAP directory by Samba that NSS needs this directive to actually lookup the computer. When I try this it gives me a Segmentation Fault. Any additional thoughts or suggestions for me at this point? It might be useful posting the ldap record for an example machine here (sans lmpassword and ntpassword attributes of course ...) so we can see if you have the correct object classes (sambaAccount and posixAccount IIRC). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help, problem with new passwords
If the users do not need UNIX/Linux access then you can have samba do domain authorization. This way the user passwords are received from the NT PDC/BDC. All you need to do is have a dummy account for each user in the password file so that they would have a UID and GID and be able to be added to groups. The passwd entry field would be disabled, the home would be /dev/null and the shell would be /bin/false. I have done this a other companies for users who only needed PC access to the shares and it worked great. Mike On Wed, 2003-02-12 at 07:53, Aldo Damian Ambriz Martinez -- Unix SysAdmin wrote: Hi everybody Now I have a big problem, the NT Team decide to change all the user's passwords, I have a UNIX Box with samba with security = user, almost all the users make a connect to the samba box, before the passwords were changed they were able to connect it but now they aren't able to connect. I changed the passwords with smbpasswd user but it doesn't work Any idea??? Thank you!!! - configuration file --- [global] workgroup = mydomain netbios name = server netbios aliases = Ser_samba security = share log file = /usr/local/samba/var/log.%m log level = 2 max log size = 3076 encrypt passwords = no password level = 8 username level = 8 hosts allow = IP List interfaces = IP unix password sync = no [coldnet] comment = coldnet path = /export/ecnet/coldnet valid users = @coldnet public = no writable = yes printable = no browseable = yes case sensitive = no follow symlinks = yes create mode = 0640 directory mode = 0750 force user = coldnet force group = coldnet -- Aldo Damian Ambriz Martinez Depto Sistemas Operativos El Palacio de Hierro S.A. de C.V 52295401 ext 1118 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Michael G. NobleRF Magic, Inc. Senior System Administrator 10182 Telesis Ct., 4th Floor San Diego, CA. 92121 email: [EMAIL PROTECTED] voice: (858) 546-2401 x207 fax: (858) 546-2402 -- There is Sanity in my Madness! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Locking between GNU/Linux and Microsoft Windows
Hi, I'm having some trouble with locking between GNU/Linux and Microsoft Windows. I wrote some Clipper code that run's on GNU/Linux and Microsoft Windows (compiled to different binaries ofcourse) that tries to lock a file on a Samba share. Between Microsoft Windows clients there is no problem. The locking works as expected. If one client does an EXCLUSIVE lock, the other's can't lock the file anymore. The same thing happens on multiple GNU/Linux clients. No problem at all. The problem is that if a GNU/Linux client locks the file, a Microsoft Windows client can still lock the file. It looks to me that the locking does not work across the different platforms. I do not know much about locking, but from the documentation it looks to me that kernel oplocks should be my friend. But unfortunately I doesn't seem to work. Does anybody have a hint to where I should look? The GNU/Linux client is a Red Hat 7.2 (kernel 2.4.7-10smp) running Samba version 2.2.1a-4 and the Microsoft Windows clients runs Microsoft Windows 2000 Server. $ testparm|grep locks kernel oplocks = Yes blocking locks = Yes fake oplocks = No oplocks = Yes level2 oplocks = Yes $ -- $ cat ~/.signature Freddy Spierenburg [EMAIL PROTECTED] http://snarl.nl/~freddy/ GnuPG: 0x7941D1E1=C948 5851 26D2 FA5C 39F1 E588 6F17 FD5D 7941 D1E1 $ msg14185/pgp0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 printing to public printer
Humm.. I see. In the smb.conf man page it explains that the Access Denied; Unable to connect error occurs when the printer is considered a local one (because of local drivers) and the user trying to access the printer has Administrative rights. This happens even if a user belongs to the Users group in Windows 2000 (locally). But if the drivers are on the server there should be no problem. Am I right to say that if one uses a print$ section (even if there are no drivers per say on the server) then administrative users will not get the Access Denied; Unable to connect error, since Windows 2000 considers it a Network printer? Final point I just realized, is that even if you get this error you can still print on the samba printer, but you won't be able to see it's status. Thanks, Etienne On Wed, 2003-02-12 at 10:33, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10 Feb 2003, Etienne Tourigny wrote: Hmmm. found the solution myself. The best solution is to add the following line to the [printer] section in smb.conf: use client driver = yes This forces the Windows 2000 (and XP?) to properly treat the printer as a remote device and not locally attached. I found this on http://www2.sis.pitt.edu/~josephm/tips.html and later in the smb.conf man page... RTFM Nope. use client driver is a severe hack to be used **only** when you want to install the drivers locally on the client for a given printer. Generally disable spoolss is cleaner, but that is a global setting. The use client driver parameter allows drivers to be made available on the server for some printers and not others. Never enable it for a printer that will provide drivers on the server. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+SmlEIR7qMdg1EfYRAsePAJ4v/tARyYA2giIQmqTyDqHptuNZnwCdGM6/ kthtIDcjoRU8//MOrltAmlM= =J+mV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to know what users i have added with smbpasswdprogram?
look at samba-path/private/smbpasswd but don't change it it's cryptic, but u see all users in there Jorge Videgain Marquez schrieb: How could i get a list of the users already aded to samba with smbpasswd? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to know what users i have added with smbpasswdprogram?
net user this will give you a list of users in you domain this only gives the local users - only if u have an win-DC - there it's for the domain. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to see linux files on windows using Samba[systemerror 53]
Hi Joel, Thanks for informing me about the DIAGNOSIS.txt I failed at step 8: When I did a net view, this is what I come up with \\VAMLINUX.VMOMEN ... whereas the server running samba is RedHat8.0 named vamlinux and the windows workgroup name is vmomentum All the previous steps were successful. The error I get when I try C:\net view \\vamlinux System error 53 has occurred. The network path was not found. I did a search for this error on the internet and edited my lmhosts file, still the problem exists. Please help! TIA, Prem --- Joel Hammer [EMAIL PROTECTED] wrote: Walk throught DIAGNOSIS.txt in the source documents. Joel On Tue, Feb 11, 2003 at 10:57:51AM -0800, Premkumar Stephen wrote: Hi, I installed Samba on the only linux server that we have on our network. On the Linux server, I was able to mount various shared directories from various windows machines ( we use windows 2000 ) So, seeing windows files on linux is not a problem. We also wanted to go the other way( seeing linux files on windows ) I searched on google but to no avail. I set the lmhosts file and still nothing works. On the windows network list, my linux server shows up as linuxserver.vnetwo where linuxserver is the name of the server and vnetwork is the name of the network. Now, the windows machine on which I would like to see my linux files is not the primary domain controller. Nor do I want to make my linux box the primary domain controller. Please let me know what steps I need to take? TIA, Prem __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Does samba really need /etc/passwd when using LDAP ?
Hello all I'm building a Samba+LDAP server as a NT4 PDC, and I have seen everywhere on the web that every time an account is created, it is created both in the LDAP directory _and_ in the /etc/passwd file Am I right ? If I am, why is it necessary to fill the passwd file with redundant information ? François Beretti -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0 alpha22 strange running
Hello all I've just installed samba 3.0 alpha from cvs, on a red hat 8.0 linux station, and I have some strange behavior when I start the samba daemons : First there is no success / failure indication [root@linux-integ francois]# /etc/rc.d/init.d/smb start Starting SMB services: Starting NMB services: But the daemons seem to be running : [root@linux-integ francois]# netstat -a ... tcp0 0 *:netbios-ssn *:* LISTEN tcp0 0 *:sunrpc*:* LISTEN tcp0 0 *:microsoft-ds *:* LISTEN tcp0 0 linux-integ:812 linux-integ:sunrpc TIME_WAIT ... udp0 0 10.10.50.1:netbios-ns *:* udp0 0 *:netbios-ns*:* udp0 0 10.10.50.1:netbios-dgm *:* udp0 0 *:netbios-dgm *:* when I list the processes, there is no name for the deamons, only their path !! [root@linux-integ francois]# ps aux | grep samba root 5111 0.0 1.2 5756 1628 ?S14:11 0:00 /usr/local/samba/ root 5113 0.0 1.1 4376 1492 ?S14:11 0:00 /usr/local/samba/ root 5115 0.0 0.8 4320 1076 ?S14:11 0:00 /usr/local/samba/ root 5130 0.0 0.5 3372 672 pts/2S14:14 0:00 grep samba [root@linux-integ francois]# ps aux | grep smb root 5149 0.0 0.5 3372 672 pts/2S14:33 0:00 grep smb Is it normal ? thx for your help, I would like to know if there is some problem François Beretti ENATEL http://www.enatel.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba / OpenLDAP and groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 11 Feb 2003, Gregory Chagnon wrote: I'm using Samba with OpenLDAP and was wondering how to add a user to multiple groups, for instance 'Domain Users' and 'Marketing'. Is this stored in the gid field? Do I just add more than one gid filed for each entry? Thanks! -Greg SAMBA_3_0 ? or a Samba 2.2 release? jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+SoAsIR7qMdg1EfYRAsS8AKDrsOlw7+o/2vhdMnP5vAA9z8/zpQCgltFy z5Ap34HNHklfYfiaJvczOao= =N0LB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Constant pings from a WIndows to Linux Samba Server Question?
I've been searching the archives, but I've not seen anything addressing the questions I have below: First, we run several Samba Servers on various Linux systems on our network. All the Samba Servers are working just fine and we are really happy with them. We have been trying to track down some errant pings (icmp) traffic on our network, and we've noticed that the machines running the Samba Servers are the ones getting hit constantly with icmp packets from all of the Windows machines (We run from WIndows 95 to Windows XP) on our network. We've noticed that when we turn off the Samba Server on a machine, then the Windows machines quit sending icmp packets to the Samba Server. I've looked around for Windows virus advisories that might explain this, but I have found nothing. Those Windows machines also run various Antivirus software and the antivirus checkers have also found no signs of virus infection. So, my question isIs this normal behavior for the Windows Machines to constantly send icmp traffic to the Samba Servers on the Linux Machines? Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] general questions about samba 302alpha
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 10 Feb 2003, Pouchoulon Jean-Marc wrote: I have the same question with smbgroupedit. Group_mapping.tdb must be the same on the two PDC ? fyi...We are working on being able to store this information in LDAP as well. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+SoHeIR7qMdg1EfYRAujEAKCps7jH5W+p7P3Jf6Cmkmny1AGRcQCgk8mh v3WWjjxfHgy2aPFgPZy9ulQ= =aF14 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] rpcclient enumdrivers 3 times out on NT drivers
This is puzzling me (and hampering some work, slightly): NT4SP6 + full updates server, with some printers attached. rpcclient -U admin%pass enumdrivers 2 server gives me a list of stuff like this: [Windows 4.0] Printer Driver Info 2: Version: [0] Driver Name: [HP LaserJet 5Si PCL 5e] Architecture: [Windows 4.0] Driver Path: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV] Datafile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.PPD] Configfile: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV] ... ... ... [Windows NT x86] Printer Driver Info 2: Version: [2] Driver Name: [Lexmark Optra R Plus Series] Architecture: [Windows NT x86] Driver Path: [\\SERVER\print$\W32X86\2\RASDD.DLL] Datafile: [\\SERVER\print$\W32X86\2\OPTRA.DLL] Configfile: [\\SERVER\print$\W32X86\2\RASDDUI.DLL] rpcclient -U admin%pass enumdrivers 3 server, however, zips through the Windows 4.0 stuff and then sits there before eventually giving this: [Windows 4.0] Printer Driver Info 3: Version: [0] Driver Name: [HP LaserJet 5Si PCL 5e] Architecture: [Windows 4.0] Driver Path: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV] Datafile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.PPD] Configfile: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV] Helpfile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.HLP] Dependentfiles: [\\SERVER\print$\WIN40\0\hplj5si2.ppd] Dependentfiles: [\\SERVER\print$\WIN40\0\hplj5si2.hlp] Dependentfiles: [\\SERVER\print$\WIN40\0\adobeps4.drv] Dependentfiles: [\\SERVER\print$\WIN40\0\pscript.ini] Dependentfiles: [\\SERVER\print$\WIN40\0\psmon.dll] Dependentfiles: [\\SERVER\print$\WIN40\0\iconlib.dll] Dependentfiles: [\\SERVER\print$\WIN40\0\fonts.mfm] Monitorname: [PostScript Language Monitor] Defaultdatatype: [] cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds result was NT_STATUS_UNSUCCESSFUL I'm trying to hack up a printer cloning script that grabs all the driver files and bits for a printer using enumdrivers and sticks them onto another server using adddriver, addprinter, etc. Obviously the above failure hampers that notion somewhat. Is this a flaw in rpcclient or in the Windows box? Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. caitlin says, climbing satisfies 2 apparent needs of mind: bashing my knees and shoe fetishism -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WIN Servers: Primary and Secondary
Quick question: I have a server (HANNIBAL) running Samba and acting as a WINS server. I have a second server (WOOKIE) also running Samba and acting as a WINS server - this one is in another building. How do I send a copy of the WINS data from HANNIBAL (primary WINS server) to WOOKIE (seconday WINS server)? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Locking between GNU/Linux and Microsoft Windows
On Wed, Feb 12, 2003 at 05:05:21PM +0100, Freddy Spierenburg wrote: Hi, I'm having some trouble with locking between GNU/Linux and Microsoft Windows. I wrote some Clipper code that run's on GNU/Linux and Microsoft Windows (compiled to different binaries ofcourse) that tries to lock a file on a Samba share. Between Microsoft Windows clients there is no problem. The locking works as expected. If one client does an EXCLUSIVE lock, the other's can't lock the file anymore. The same thing happens on multiple GNU/Linux clients. No problem at all. The problem is that if a GNU/Linux client locks the file, a Microsoft Windows client can still lock the file. It looks to me that the locking does not work across the different platforms. I do not know much about locking, but from the documentation it looks to me that kernel oplocks should be my friend. But unfortunately I doesn't seem to work. Does anybody have a hint to where I should look? The GNU/Linux client is a Red Hat 7.2 (kernel 2.4.7-10smp) running Samba version 2.2.1a-4 and the Microsoft Windows clients runs Microsoft Windows 2000 Server. How does Clipper on Linux do locking ? Remember, doing EXCLUSIVE in Windows Clipper code may use share modes to lock a file, not byte ranges. The Linux kernel has no such concept as share modes, and so will probably use byte ranges instead. Try doing an strace to see what happens when your Linux Clipper code does an exclusive open. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba config help please
I'm trying to use samba shares on a RedHat 8 server for storage on my network with an NT box as PDC. OK, the join domain commands: [root@localhost samba]# smbpasswd -j INFOWARE -r 192.168.1.180 -U Administrator Password: Error connecting to 192.168.1.180 Unable to join domain INFOWARE. [root@localhost samba]# smbpasswd -j INFOWARE -r 192.168.1.180 cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME cli_nt_setup_creds: request challenge failed modify_trust_password: unable to setup the PDC credentials to machine 192.168.1.180. Error was : NT_STATUS_UNSUCCESSFUL. 2003/02/12 13:38:36 : change_trust_account_password: Failed to change password for domain INFOWARE. Unable to join domain INFOWARE. so I manually added the box to the domain on the NT box. The windows boxes can see the server but not the shares with security = DOMAIN set. With security = SERVER the windows boxes can see the server and the shares as well as mapping the public share, but you can't do anything with the mapped share. The home directory is visable and windows tries to map, but authentication fails. Yes, everyone can ping everyone else... any ideas??? Dave smb.conf: # Samba config file created using SWAT # from localhost.localdomain (127.0.0.1) # Date: 2003/02/12 13:04:26 # Global parameters [global] workgroup = INFOWARE netbios name = REDHAT1 server string = Samba Server %v interfaces = 192.168.1.2/24 security = DOMAIN encrypt passwords = Yes obey pam restrictions = Yes password server = 192.168.1.180 pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*al l*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = False local master = No domain master = False dns proxy = No wins server = 192.168.1.180 hosts allow = 192.168.1. 127. printing = lprng [homes] comment = Home Directories path = /home/ valid users = %S read only = No create mask = 0664 directory mask = 0775 only user = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [Data] path = /home/Data/ guest account = ftp read only = No guest ok = Yes [public] comment = Samba Share path = /usr/share/public/ read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nmblookup can't resolve IPs (but SMB-names)
When using an IP address you need the -A option nmblookup -d 3 -A 210.104.1.133 Pascal Giannakakis wrote: Hi there, i have Samba 2.2.7a running on FreeBSD-STABLE 4.7. I set up a few things and smbd and nmbd start up at boot, i can browse the net. However, nmblookup can only find IPs by SMB-names, but not SMB-names by IPs. Here is an example output of the failed lookup: %nmblookup -d 3 210.104.1.133 Initialising global parameters params.c:pm_process() - Processing configuration file /usr/local/etc/smb.conf Processing section [global] added interface ip=210.104.1.133 bcast=210.104.1.255 nmask=255.255.255.0 bind succeeded on port 0 Socket opened. querying 210.104.1.133 on 210.104.1.255 name_query failed to find name 210.104.1.133 Why is it not working? We do not have a WINS in our network and it uses default lmhosts host wins bcast name resolve order. I get the same output for any IP in our network. Other ppl can see and browse my PC. Thanx. PS: here is the log of the working lookup: %nmblookup -d 3 KATWS_PG Initialising global parameters params.c:pm_process() - Processing configuration file /usr/local/etc/smb.conf Processing section [global] added interface ip=210.104.1.133 bcast=210.104.1.255 nmask=255.255.255.0 bind succeeded on port 0 Socket opened. querying KATWS_PG on 210.104.1.255 Got a positive name query response from 210.104.1.133 ( 210.104.1.133 ) 210.104.1.133 KATWS_PG00 -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- == Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 [EMAIL PROTECTED] Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 PGP Key: 0x8408D65D == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Please include Samba release or CVS branch name in posting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Couple of comments that might help things run smoother on the list. * Please post the Samba release or CVS branch runngin on your server where reporting an issue (or asking a question). This removes the first round trip of email. * I've posted some mailing etiquette rules (provided by Jonathan Johnson) on http://www.samba.org/samba/ml-etiquette.html. Just in case you missed the original posting. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+SoLGIR7qMdg1EfYRApdOAKC5wBnKfrXx2D/pTsaCUeCIuGx6cgCg2ltA 2L/YY5p1og3n3/1Mr9O9m2E= =3sYK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba / OpenLDAP and groups
Am Die, 2003-02-11 um 22.35 schrieb Gregory Chagnon: Hi- I'm using Samba with OpenLDAP and was wondering how to add a user to multiple groups, for instance 'Domain Users' and 'Marketing'. Is this stored in the gid field? Do I just add more than one gid filed for each No, 'gidNumber' attribute defines the primaray group. If you want to add a user to secondary groups, you have to add those to the specific group in LDAP. E.g. if you want to add User1 to Group1 you have to add an attribute memberUid with the value User1 into cn=Group1,ou=Groups, dc=abc,dc=org. It behaves just the same way Unix passwd/group files do. regards Dariush -- PGP Fingerprint: 0x886C99A1 signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Failed to parse ACL smbcacls
I'm trying to set up a Samba server with ACLS. Versions: - xfs in kernel-2.4.20. - samba-2.2.7a compiled with ACL support I'm trying first with smbcacls. But I can't manage to guess the syntax of the ACL command. I want the user frankie could RWX a file owned by javi #smbcacls //localhost/public te1st.txt -A ACL:frankie:0/0/RWX -U javi Failed to parse ACL ACL:frankie I read carefully the smbcacls man page and searched for examples in the archives and the web unsuccessfully. I tried many different things in the SID field with the same results: DOPAN//frankie ( DOPAN is the DOMAIN ) DOPAN/frankie DOPAN\\frankie DOPANfrankie DOPAN\\frankie and so on ... with the same results. Anyway I tried to connect to the share from a W2000. I can add security options to the file, but won't work. I tried to set a file read only but I can remove it. Any hint or link would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rpcclient enumdrivers 3 times out on NT drivers
On February 12, [EMAIL PROTECTED] said: This is puzzling me (and hampering some work, slightly): NT4SP6 + full updates server, with some printers attached. Woopsy, forgot to mention: Samba HEAD. Administrative user, joined to the domain, in printer admins group, etc. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It's a horrible thing to watch, almost like watching an infant tottering toward a porcupine. - Kyle Jones on MIS people writing C -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rpcclient enumdrivers 3 times out on NT drivers
--- Ronan Waide [EMAIL PROTECTED] wrote: On February 12, [EMAIL PROTECTED] said: This is puzzling me (and hampering some work, slightly): NT4SP6 + full updates server, with some printers attached. Woopsy, forgot to mention: Samba HEAD. Administrative user, joined to the domain, in printer admins group, etc. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It's a horrible thing to watch, almost like watching an infant tottering toward a porcupine. - Kyle Jones on MIS people writing C -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Machine Domain Registration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 7 Feb 2003, Triebwasser, Mark wrote: Both the PDC and BDC are not listening on port 445 so when I do a: smbpasswd -D 100 -r PDC -j DOMAIN it fails to connect. It should fail back to port 139. Does it not? cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+SqvsIR7qMdg1EfYRAqmRAKCu3tkKcdLgHbkK3rTBAYMLQishrACgifLW nh1PjCerL1yLIFPdLzuMrXI= =6IeI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange username map behaviour with security=user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 6 Feb 2003, Vladimir Yumashev wrote: I use Samba 2.2.0 on small network. I use security = user and username map to map some Win-users to unix users. I have simple testing file with username mapping: root = vlad It is supposed that when I connect to samba as user Vlad with vlad's password I get the root's rigths to shares. Right? But when I try to connect to samba as vlad it tries to authorize me as samba user root and tries to find user root in passdb. Why? username mapping takes place before authentication. This is by design. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+Sq1kIR7qMdg1EfYRAlzhAKCMyjr+qUKx/ps/e1Ip94TNq+cKzgCgw1Ha CTRyLpqiG2zvEfQsm7WG/tM= =f0yg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba acl's
I have been playing with samba for a short time. I am not a programmer but a I have some questions on if acls within samba are possible, regardless of acl's in the file system or kernel. In samba now, you can have read list or write list and say this user and/or group has write and/or this user and/or group has read only. This is a scaled down version of an acl. What if they created a folder called acl's and had one file called no access, one file called read, write, change, and full. An entry inside these files could look similar to: /data = @domain admin, john, steve /data/accounting = @domain admin, @accounting, bob if these entries were in the change file then samba would restrict him accordingly. I have been trying to get acl's to work and it has been difficult to work. I have been thinking that maybe samba could do this for us without having to count on other pieces of software. I am only asking so please dont take this the wrong way. If it is possible I would like to help make it happen. I am not sure how I can help because I am not a programmer, but if there is anything I will be willing to pitch in. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Act! 2000 WinXP RedHat 8.0 configuration problem
Hello, I have 3 Windows XP SP1 desktops that need access to an ACT! 2000 database on a Red Hat 8.0 server through Samba. The problem I'm having is that only one person can access the database at a time. All users are defined on the Linux system. Can you please tell me what configuration is required to have all of my users access and modify the ACT database at once? [ACT] comment = ACT! database files path = /data/act valid users = joe tim sam public = no writable = yes printable = no force create mode = 0777 oplocks = False level2oplocks = False Thanks Pat -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to parse ACL smbcacls
It looks like the documentation is slightly off. If you use a number for the type field (after last colon) you need to use a number for the permissions field. If you want to use RWX for the permissions try ALLOWED or DENIED for the type #smbcacls //localhost/public te1st.txt -A ACL:frankie:ALLOWED/0/RWX -U javi Francesc Guasch Ortiz wrote: I'm trying to set up a Samba server with ACLS. Versions: - xfs in kernel-2.4.20. - samba-2.2.7a compiled with ACL support I'm trying first with smbcacls. But I can't manage to guess the syntax of the ACL command. I want the user frankie could RWX a file owned by javi #smbcacls //localhost/public te1st.txt -A ACL:frankie:0/0/RWX -U javi Failed to parse ACL ACL:frankie I read carefully the smbcacls man page and searched for examples in the archives and the web unsuccessfully. I tried many different things in the SID field with the same results: DOPAN//frankie ( DOPAN is the DOMAIN ) DOPAN/frankie DOPAN\\frankie DOPANfrankie DOPAN\\frankie and so on ... with the same results. Anyway I tried to connect to the share from a W2000. I can add security options to the file, but won't work. I tried to set a file read only but I can remove it. Any hint or link would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- == Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 [EMAIL PROTECTED] Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 PGP Key: 0x8408D65D == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba acl's
--- [EMAIL PROTECTED] wrote: In samba now, you can have read list or write list and say this user and/or group has write and/or this user and/or group has read only. This is a scaled down version of an acl. What if they created a folder called acl's and had one file called no access, one file called read, write, change, and full. An entry inside these files could look similar to: /data = @domain admin, john, steve /data/accounting = @domain admin, @accounting, bob if these entries were in the change file then samba would restrict him accordingly. I have been trying to get acl's to work and it has been difficult to work. I have been thinking that maybe samba could do this for us without having to count on other pieces of software. Hi David, I'm just a system engineer/admin, not a programmer either, but from what I've seen, Samba uses User Group Other permissions, which map to normal UGO Unix permissions stored in the file on the filesystem. These basic permissions are sufficient for many uses, as you can put many users in a group to access a directory or file. Unix basically uses this everywhere, as it's quite flexible. When you're using the acl patches for EXT2/3 (from acl.bestbits.at) or you use a filesystem with native ACL support like XFS, and you compile Samba --with-acl-support, you get full NT ACL support, where you'll see several groups accessing a file with different permissions. We're using this on several servers. You must remember to remount your filesystems with the acl option, and put it in your fstab. Either way, Samba relies on the file system to store these settings. This is exactly the same as in the NT world. You might have a FAT partition share where the only permissions are share-level permissions (similar to read/write lists in smb.conf). If you have an NTFS share, file permissions are stored on the file system and combine with share-level permissions. For more instructions on adding POSIX ACL support, search marc.theaimsgroup.com for similar instructions I'd given about this to other Samba users. I learned most of what I know now from Teach Yourself Samba in 24 Hours, a Sam's book, but I just found out there's a new O'Reilly Using Samba out this month which should contain more current and perhaps more thorough information. Also, check out acl.bestbits.at. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba acl's
These basic permissions are sufficient for many uses, Except mine ofcourse :) ACL support like XFS, and you compile Samba --with-acl-support, you get full NT ACL support, Before I recompile as I've SGI_XFS running on my RH servers, I'd like to make sure that the granular perms are as fine as NTs. Are yours indeed like those where 1 would have read/write/exe but not del, etc...? If so, this is what I need to do. Bri- __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Failed to parse ACL smbcacls
--- Francesc Guasch Ortiz [EMAIL PROTECTED] wrote: I'm trying to set up a Samba server with ACLS. Versions: - xfs in kernel-2.4.20. - samba-2.2.7a compiled with ACL support I'm trying first with smbcacls. But I can't manage to guess the syntax of the ACL command. It's done with get/setfacls; smbcacls is for setting ACLs from a Unix client on NT servers. Get those programs from the XFS site or acl.bestbits.at. Also you need to remount your partition with acl support. Man mount/mount.xfs/mount_xfs/read their website for details. You also could do well to take a look at the help documents on acl.bestbits.at, Samba.org, or my favorite, crack a book. I learned all about ACLs in Teach Yourself Samba in 24 Hours, a Sam's book, but I learned that an O'Reilly Using Samba just came out. O'Reilly's are usually outstanding and it's likely to be current, detailed, and have all the information you need. Also, search this mailing list at marc.theaimsgroup.com... I'd answered ACL questions probably 5 times in the last month, and you'll no doubt find some answers there from other people, too. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba acl's
--- [EMAIL PROTECTED] wrote: These basic permissions are sufficient for many uses, Except mine ofcourse :) ACL support like XFS, and you compile Samba --with-acl-support, you get full NT ACL support, Before I recompile as I've SGI_XFS running on my RH servers, I'd like to make sure that the granular perms are as fine as NTs. Are yours indeed like those where 1 would have read/write/exe but not del, etc...? If so, this is what I need to do. No, it still uses Read/Write/Exec but it allows multiple groups/users to have different permissions, which is nice. To do delete inhibit and stuff like that, you need to compromise e.g. use read-only on files instead. Before recompiling, check that you have acl support turned on: mount | grep acl If you don't see your partition, man mount/mount.xfs/mount_xfs/read their website. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] multiple domains with samba
Hi guys, I have Samba server on a Solaris 2.6 platform with one domain. I was asked if is possible to create the second domain. I am new to this stuff, can somebody help, please. Regards, Ilie Mihut System Administrator, Unix Technical Support Mid Range Technical Services - Sun Commercial IBM Global Services Australia Work : 02-892-52681 Home: 02-92124469 Mobile: 0410551657 e-mail:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How do you mount an NT share from a solaris machine running Samba 2.2?
To whom it may concern: I am current running Samba 2.2 on a Solaris 8 machine. I would like to find out how I would go about mounting a NT server server share from my solaris machine? Any help would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba server in a failover environment
Hello, Samba Gurus . I have a Samba server running on a pair of SUN servers (server-a and server-b). The samba shares are NFS mounted from a third SUN server (server-c). I installed Samba 2.2.7a on the paired SUN servers under /usr/local/samba (Samba 2.2.7a is locally installed on server-a and server-b, since /usr/local/samba is local on the rootdisk.) The failover environment works like this: . I manually start up Samba daemons (smbd and nmbd) on server-a . Users are able to map Samba shares to their PCs, and they can read and write . While users have their files open, I manually stop all Samba daemons on server-a . Then, I manually start up Samba daemons (smbd and nmbd) on server-b (note that server-a and server-b have the same smb.conf file under /usr/local/samba/lib) a) We tested this failover environment, it didn't work. Those open files are not accessible after we failed over Samba daemons to server-b. b) I manually changed the startup script so that server-b will explicitly join the NT domain, then everything works fine. c) Then, I manually stop Samba daemons on server-b, and start Samba daemons on server-a and explicitly join the NT domain, and everything still works. d) I can manually fail over Samba daemons between server-a and server-b. Everything works as long as I explicitly join the NT domain. Our UNIX SAs and NT SAs told me that it is not required to explicitly join the NT domain after failover.But my experiment shows that I MUST explicitly join the NT domain in order for everything to work. I cannot find anything which can help me understand how to properly failover Samba daemons between two UNIX (SUN) servers. Cheng Hsu - This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please delete it and all copies from your system, destroy any hard copies and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Nomura Holding America Inc., Nomura Securities International, Inc, and their respective subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state the views of such entity. Unless otherwise stated, any pricing information in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba vs IPP printing
On Thu, 2003-02-13 at 02:57, Chris Smith wrote: Not including cases of unsupported clients for IPP printing (such as Windows NT) are there any reasons/caveats for installations running CUPS to not move over to IPP printing? Are there any features or benefits to Windows/Samba printing for Windows clients that make it superior compared to IPP? Probably the most notable one is the printer driver download stuff, and the fact that it looks and behaves like any other NT print server. I'm not convinced that the optional IPP client from MS is really that well tested, and from reports it doesn't handle authentication etc at all. For many organizations, the need to install an optional client on each computer kills things off pretty quickly. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WinXP connecting to SAMBA 2.0.2
When I use network neighbourhood to browse a SAMBA machine - I can see it - but cannot connect to it when I double-click it. The message I get is, you may not have permission to access the server - the remote procedure call failed and did not execute. I can map a drive to a share on the samba machine but cannot unc to a shared printer. Thanks H -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2 or 3.0 ?
I'm experimenting setting up a Samba/LDAP box which will act like a Windows AD PDC/BDC. Which Samba is my best bet? 3.0 from CVS or should I stick to 2.2 ? Thanks Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HP Deskjet drivers, Samba and Cups
Thanks John - it works! I actually did not have etc/cups/mime.conf. I had two files etc/cups/mine.types and etc/cups/mime.convs but I did the same to both files (uncomment the lines) and this worked fine! The line was already uncommented in etc/mime.types. Thanks once again! Nick - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: Nick Gale [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, February 11, 2003 8:54 AM Subject: Re: [Samba] HP Deskjet drivers, Samba and Cups On Tue, 11 Feb 2003, Nick Gale wrote: Thanks for this, unfortunately I've tried this and it makes no difference. Below is from Cups error log, message is the same whether printer is RAW or set up as a Deskjet. Please note that the same problem occurs when I configure the printers via LPRng or Webmin. Again it doesn't matter whether its RAW or not. Any other clues? Yep! Read the CUPS Printing HOWTO! I have attached it for your reference. From it you will find the need to change two files: /etc/cups/mime.types and /etc/cups/mime.convs. In both you need to uncomment the lines that have: application/octet-stream in them. In the case of my system: In /etc/mime.types: # # Raw print file support... # # Uncomment the following type and the application/octet-stream # filter line in mime.convs to allow raw file printing without the # -oraw option. # application/octet-stream And in /etc/cups/mime.conv: # # Raw filter... # # Uncomment the following filter and the application/octet-stream type # in mime.types to allow printing of arbitrary files without the -oraw # option. # application/octet-streamapplication/vnd.cups-raw0 - That should do it for you. - John T. Thanks Nick Gale I [11/Feb/2003:08:50:02 +] Started /usr/lib/cups/cgi-bin/printers.cgi (pid=1778) I [11/Feb/2003:08:50:07 +] Started /usr/lib/cups/cgi-bin/printers.cgi (pid=1784) E [11/Feb/2003:08:50:13 +] print_job: Unsupported format 'application/octet-stream'! I [11/Feb/2003:08:50:13 +] Hint: Do you have the raw file printing rules enabled? - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: Nick Gale [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, February 11, 2003 12:00 AM Subject: Re: [Samba] HP Deskjet drivers, Samba and Cups On Mon, 10 Feb 2003, Nick Gale wrote: I have Samba 2.2.7 running on Redhat 8 (fully updated). I have two printers set up - a laser and a Deskjet 920C both connected to the Redhat server via USB cables. Printing is managed using CUPS although I get the same problem with LPR and Webmin configured printers. The laser works fine, the deskjet doesn't. The deskjet works with a generic windows HP Deskjet or HP Deskjet plus driver in black and white but if I use the actual 920C driver (Or any other DJ ***C driver for that matter) the print jobs appear to spool but never arrive at the printer. You see a file being generated in the Samba and Cups spool directory but in the Cups spool directory thay appear briefly and then vanish, for jobs that do make it to the printer the file is present for longer as the printer loads the file. I can only assume this is a problem with Samba or Cups with HP desklet drivers? Has anyone else seen this? Any Idea? Configure a RAW CUPS printer for the HP9x0C if you install the HP9x0C driver on Windows. If you want to install the printer in CUPS with the CUPS driver for the HP9xC, then install you Windows printers as Postscript printers and let CUPS convert from postscript to HP DJ format. Both the above work for me. I have set up several sites with HP940C printers and my own network has HP PhotoSmart P1000. All work find from both Linux and Windows. For Windows I prefer to print to a RAW CUPS printer and use the HP940C driver on each MS Windwos machine. Your mileage may bary! Best advice is to read the CUPS Printing HOWTO that will be in Samba-3.0.0. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] re Samba on IRIX
Hello, Any one there ??? Is this the place to submit a Samba installation question ? I'll put it in anyway and hope for the best. Trying to decipher the Samba documentation on smb.conf etc. sends me to sleep. I have just installed Samba 7a on IRIX 6.5Seems to work ok and I can get to the IRIS server from my NT network. One problem however; When I mount a network drive ( from NT box ) on the IRIX file system coinciding with a user account, eg. \\IRIS\r1 and giving the requested r1 user account password, I can then mount any part of the IRIX file system from \\root down, without needing to offer a password. This is obviously not desirable. What is desirable is to have various parts of the IRIX file system available only via a password protected mount. eg \\IRIS\fred, \\IRIS\max, or even \\IRIS\root. etc. Can anybody suggest how to configure smb.conf to do this ? Thanks Paul Ryder [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] security = server vs domain
Hi, We covered this, but an interesting problem; I have a Samba PDC with smbpasswd file My Samba file server has no smbpasswd file and is set as; security = server password server = foo (netbios name) I notice that with this config, I've many smbd running because each authentication keeps the channel open until its finished with the resource as was stated earlier this week. To avoid this, I set the Samba file server as; security = domain password server = FOO (domain name) Access to the file server pyooks! Itt was mentioned earlier that I need an smbpasswd file on the Samba server if I have a Windows PDC, but is it true if I have a Samba PDC? If so, why as this defeats the purpose of centralized file management if I have to dist the smbpaswd file from the Samba PDC to each and every Samba file server. I am finding Samba unpleasent to say the least ie; POS! Bri- __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Duplicate winbind uid/gid
We've encountered the following problem on our Redhat 7.2/XFS box running samba 2.2.3 with winbind and acl support. This week, some local accounts were created on the samba box for the installation of djb's dnscache. In addition, some NT domain accounts were also created on the NT4 PDC. The samba box is configured to use the NT4 domain for authentication; none of the local accounts are used for samba. In checking, I can see that one of the local accounts I created was assigned the same uid as that assigned by winbind for one of the new domain accounts! I have the following in smb.conf, which I thought was meant to avoid such collisions, but it appears that adduser used what it thought was the next available uid, as did winbindd... [global] winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes Adding local accounts is not something done very often, but I would like to prevent this occurrence in the future, and fix the collision I now have. Here is the acct in /etc/passwd: Gdnscache:x:11079:11079::/etc/dnscache:/bin/nologin Here's the account from winbindd, using getent passwd: SHAWNIGAN+MCHAUDHU:x:11079:10001:(S -Gr.10) Mallika Chaudhuri:/home/student/mchaudhu:/bin/false Also, what I expect is an unrelated issue, I am seeing the occasional message like this in the winbindd logs, for a domain user that *does* exist: user 'glinn' does not exist [2003/02/11 15:00:11, 1] nsswitch/winbindd_user.c:winbindd_getpwnam_from_user(142) Any ideas what could cause this? Shawn Wright, I.T. Manager Shawnigan Lake School [EMAIL PROTECTED] http://Zuiko.sls.bc.ca/swright http://www.sls.bc.ca -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = server vs domain
If you change to domain security, the password server should be the name of the PDC (or *) not the domain name. You will also need to join the domain. See the docs. [EMAIL PROTECTED] wrote: Hi, We covered this, but an interesting problem; I have a Samba PDC with smbpasswd file My Samba file server has no smbpasswd file and is set as; security = server password server = foo (netbios name) I notice that with this config, I've many smbd running because each authentication keeps the channel open until its finished with the resource as was stated earlier this week. To avoid this, I set the Samba file server as; security = domain password server = FOO (domain name) Access to the file server pyooks! Itt was mentioned earlier that I need an smbpasswd file on the Samba server if I have a Windows PDC, but is it true if I have a Samba PDC? If so, why as this defeats the purpose of centralized file management if I have to dist the smbpaswd file from the Samba PDC to each and every Samba file server. I am finding Samba unpleasent to say the least ie; POS! Bri- __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- == Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 [EMAIL PROTECTED] Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 PGP Key: 0x8408D65D == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] adding machine to Samba2.2/LDAP domain ?
I've setup an Samba2.2/OpenLDAP-2.1.5 PDC as described very well here: http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html I've created a machine account, and a local user account. Using a Win2k box (signandseal=0) I can browse my domain and see the SambaPDC. I can login to the PDC shares using the local user account I created. My problem is the machine won't add to the domain. I presume I use the Administrator account for this ? so I've set a password on this account using ldappasswd -x -D 'cn=root,o=smb,dc=my,dc=com' -w mysecret -S 'uid=Administrator,o=smb,dc=my,dc=com' ? Yet whenever I try to add the test machine to the test domain as Administrator I get: Unknown Username or Bad Password. Any ideas what I've missed? Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Storing mangled names
Hi, Does Samba stores somewhere mangled file names and long file names pairs? If does, where is it (I mean file, not runtime cache data)? -- Ivan Gustin -- Ovaj mail provjeren je antivirusnim programom ESET NOD32 prilikom prolaska kroz mail server. This mail has been scanned by antivirus software ESET NOD32 during passing through mail server. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba server in a failover environment
On Wed, 12 Feb 2003, Hsu, Cheng (Consultant) wrote: The failover environment works like this: . I manually start up Samba daemons (smbd and nmbd) on server-a . Users are able to map Samba shares to their PCs, and they can read and write . While users have their files open, I manually stop all Samba daemons on server-a . Then, I manually start up Samba daemons (smbd and nmbd) on server-b (note that server-a and server-b have the same smb.conf file under /usr/local/samba/lib) Our UNIX SAs and NT SAs told me that it is not required to explicitly join the NT domain after failover.But my experiment shows that I MUST explicitly join the NT domain in order for everything to work. Just a guess: Make sure that the server do not only have the same smb.conf, but also the same SID (MACHINE.SID or whatever setup of samba you use) __ Oktay Akbal -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Storing mangled names
On Thu, 13 Feb 2003, Ivan Gustin wrote: Hi, Does Samba stores somewhere mangled file names and long file names pairs? If does, where is it (I mean file, not runtime cache data)? Nope. Derived (calculated) at directory entry - see: ~samba/source/smbd/mangl*.c - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Problem with nt acl support when saving Excel or Word Files
Michael Steffens wrote: On the other hand, in debug level 10, create_canon_ace_lists() always logs that clients attempt to apply the corresponding allow ACEs. This part does work correctly for W2k clients, however. Should probably add, that I can only pretend reading level 10 logs. :) It's rather peeking around whether something looks remotely familiar, and most probably (for sure) I have missed the relevant parts...
winbindd losing trust relationship once in a while (Samba 3.0)
Scenario: Fresh compile of Samba 3.0, both a20 and a21. Attempt to use attached smb.conf. EXANET-QA is a part of the EXANET-IL domain (e.g - EXANET-IL is the parent domain). EXANET-QA is supposedly set in compatibility mode. Under certain combinations winbindd seems to be losing it's capability to contact the parent DC. Samba 3.0a20 works, spordically, unless you do some things (wbinfo -m, see below). Samba 3.0a21 doesn't work at all for me. Attached are level 10 logs. On the same matter, is Samba 3.0a22 on it's way out? Could this be already fixed? In the case it isn't obvious - Samba 2.2.x works perfectly in this mode. Samba 3.0a20: * I had some problems when load_interfaces was called twice in some situations, but now I can't seem to reproduce it... * When using wbinfo -m winbindd seems to lose all trust information, see follow sequence: [root@plat1 bin]# !./win ./winbindd -s /cluster/config/samba/smb.conf [root@plat1 bin]# !getent getent passwd | grep nirs nirs:x:5125:625::/users4/nirs:/bin/bash EXANET-IL+nirs:x:10088:10001:Nir Soffer:/home/EXANET-IL/nirs:/bin/false [root@plat1 bin]# ./wbinfo -t checking the trust secret via RPC calls succeeded [root@plat1 bin]# ./wbinfo -m [root@plat1 bin]# !getent getent passwd | grep nirs nirs:x:5125:625::/users4/nirs:/bin/bash [root@plat1 bin]# ./wbinfo -t checking the trust secret via RPC calls succeeded As you can see, EXANET-IL+nirs is no longer there. Attached log is log.winbindd.wbinfo Samba 3.0a21: Doesn't work at all. See log.winbindda21 If there is anything I can do to help, I seem to be able to reproduce this at will. I'll be more than glad to attempt whatever you throw at me. Thanks, Nir. -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- The poor little kittens; They lost their mittens; And now you all must die. Mew, Mew, Mew, Mew, And now you all must die. www.sluggy.com, 24/10/02 -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- The poor little kittens; They lost their mittens; And now you all must die. Mew, Mew, Mew, Mew, And now you all must die. www.sluggy.com, 24/10/02 log.winbindd.wbinfo.bz2 Description: log.winbindd.wbinfo.bz2 log.winbindda21.bz2 Description: log.winbindda21.bz2 smb.conf Description: smb.conf
Re: Samba 3.0: vfs_netatalk.c
Have you checked we do not have a replacement function? Generally we do such function sys_something when we found system missing a needed function. Simo. On Tue, 2003-02-11 at 22:00, Anthony Liguori wrote: One catch is that there is a difference between BSD and System V implementations, but that's something that should be handle-able with ./configure. It seems to me that in either case the data could be sorted using the binary tree stuff or by qsort(). This should be fairly do-able. On some systems, scandir() doesn't even exist. I think the only reason why there's been any discussion as to whether this is a problem is because of the fact that it's a module. I think the general sentiment has been that even modules need to be concerned about portability unless there's good reason. Anthony Liguori Linux/Active Directory Interoperability Linux Technology Center (LTC) - IBM Austin E-mail: [EMAIL PROTECTED] Phone: (512) 838-1208 Tie Line: 678-1208 Christopher R. Hertel [EMAIL PROTECTED] Sent by: To: [EMAIL PROTECTED] samba-technical-bounces+aliguor=us.ibm.com@listcc: s.samba.org Subject: Re: Samba 3.0: vfs_netatalk.c 02/11/2003 02:52 PM Paul Green wrote: Anthony Liguori [mailto:aliguor at us.ibm.com] wrote: scandir() (and it's [alpha|version]sort() brethren) is a BSD/Linux-ism and therefore isn't very portable. Since this is in a VFS module (and therefore only optional) I guess this is ok. then Herb Lewis [mailto:herb at sgi.com] found this info: IRIX: scandir, scandir64, alphasort, alphasort64 BSD: scandir, alphasort I just checked and neither scandir* nor alphasort* are in POSIX-1996 or POSIX-2001. I'm not trying to build vfs_netatalk here on VOS, but if I was, it looks like I'd be writing some code first. I don't consider these functions portable either. My vote is for sticking with functions in POSIX if at all possible. PG I have not been following this thread closely, but it occurs to me that we have tools that would make this easy to implement by hand. If I understand the docs, the goal is to create an array of pointers to directory entry structures (the latter allocated via malloc()). One catch is that there is a difference between BSD and System V implementations, but that's something that should be handle-able with ./configure. It seems to me that in either case the data could be sorted using the binary tree stuff or by qsort(). This should be fairly do-able. Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED] -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: winbindd losing trust relationship once in a while (Samba 3.0)
On Wed, Feb 12, 2003 at 10:47:38AM +0200, Nir Soffer wrote: Scenario: Fresh compile of Samba 3.0, both a20 and a21. Attempt to use attached smb.conf. EXANET-QA is a part of the EXANET-IL domain (e.g - EXANET-IL is the parent domain). EXANET-QA is supposedly set in compatibility mode. Under certain combinations winbindd seems to be losing it's capability to contact the parent DC. Samba 3.0a20 works, spordically, unless you do some things (wbinfo -m, see below). Samba 3.0a21 doesn't work at all for me. Attached are level 10 logs. I wonder whether the trusted domains patch that went by today fixes this as well? Would you mind trying it? http://lists.samba.org/pipermail/samba-technical/2003-February/042367.html Tim.
adding w2k to 3.0 domain
Hello! I can't automatically add w2k machine to 3.0 (CVS from about a week ago) to w2k domain (I'm doing this as root). From log: [2003/02/12 14:56:55, 0] passdb/pdb_smbpasswd.c:add_smbfilepwd_entry(597) add_smbfilepwd_entry: cannot add account dm-w2ks$ without unix identity [2003/02/12 14:56:55, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(2312) could not add user/computer dm-w2ks$ to passdb. Check permissions? Script is: add user script = /usr/sbin/adduser -n -c Machine -g 5 -d /dev/null -s /bin/false %m$ It works fine when I call it as root from command line. Any ideas?
Re: [PATCH] ADS changes for joining accounts w/o full Administratorrights
Ühel kenal päeval (kolmapäev, 12. veebruar 2003 00:16) kirjutas Andrew Bartlett: I think we need to do a few things here: - We should record the principal name we joined with, and only ever send that to our clients. That's a good idea. I'll look into it hopefully sometime during this week. should add a typedef from krb5_error to somthing harmless, or better still look into our ADS_ERROR stuff (partly created for exactly this kind of thing). Returning an ADS_ERROR would probably be the best solution here. Nope, that's not possible. The function is passed to krb5_get_init_creds_password as a pointer to function and the prototype is therefore dictated by kerberos libs. This could be overriden by some clever use of typecasts but this would be an ugly hack in my opinion. Well, I don't think this is sufficient reason not to do this properly. Duplicated code *will* break as two slightly different versions emerge. Well I do agree. Now that I have an official permission to hack the build system I'll happily do it ;) However a thought came to me last night that maybe this function is not needed after all. It's there as a workaround to a bug/feature (go figure ;) in kerberos libs but I think I know an easier way to solve it. I just have to test if it works. -- Antti Andreimann Using Linux since 1993 Member of ELUG since 29.01.2000
Re: [PATCH] ADS changes for joining accounts w/o full Administratorrights
On Wed, 2003-02-12 at 22:16, Antti Andreimann wrote: Ühel kenal päeval (kolmapäev, 12. veebruar 2003 00:16) kirjutas Andrew Bartlett: I think we need to do a few things here: - We should record the principal name we joined with, and only ever send that to our clients. That's a good idea. I'll look into it hopefully sometime during this week. should add a typedef from krb5_error to somthing harmless, or better still look into our ADS_ERROR stuff (partly created for exactly this kind of thing). Returning an ADS_ERROR would probably be the best solution here. Nope, that's not possible. The function is passed to krb5_get_init_creds_password as a pointer to function and the prototype is therefore dictated by kerberos libs. This could be overriden by some clever use of typecasts but this would be an ugly hack in my opinion. In that case, then the usual course of action is to manually prototype the particular function, so that it only appears when WITH_KRB5 is set. But looking at the patch again, I don't see why you can't just call kerberos_kinit_password() directly. Well, I don't think this is sufficient reason not to do this properly. Duplicated code *will* break as two slightly different versions emerge. Well I do agree. Now that I have an official permission to hack the build system I'll happily do it ;) However a thought came to me last night that maybe this function is not needed after all. It's there as a workaround to a bug/feature (go figure ;) in kerberos libs but I think I know an easier way to solve it. I just have to test if it works. I look forward to it :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
RE: winbindd losing trust relationship once in a while (Samba 3.0)
That patch (or the one that Tim is submitting) should fix it. Without it, the wbinfo -m action clears the trusted domain list, but it get restored within 5 minutes. Note that the patch is to the cvs version -- it may need tweaking for a20 or a21. Ken -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tim Potter Sent: Wednesday, February 12, 2003 5:55 AM To: Nir Soffer Cc: [EMAIL PROTECTED] Subject: Re: winbindd losing trust relationship once in a while (Samba 3.0) On Wed, Feb 12, 2003 at 10:47:38AM +0200, Nir Soffer wrote: Scenario: Fresh compile of Samba 3.0, both a20 and a21. Attempt to use attached smb.conf. EXANET-QA is a part of the EXANET-IL domain (e.g - EXANET-IL is the parent domain). EXANET-QA is supposedly set in compatibility mode. Under certain combinations winbindd seems to be losing it's capability to contact the parent DC. Samba 3.0a20 works, spordically, unless you do some things (wbinfo -m, see below). Samba 3.0a21 doesn't work at all for me. Attached are level 10 logs. I wonder whether the trusted domains patch that went by today fixes this as well? Would you mind trying it? http://lists.samba.org/pipermail/samba-technical/2003-February/042367.ht ml Tim.
Re: Samba 3.0alpha21, Windows XP SP1 and Kerberos authentication
On Sat, 1 Feb 2003, Andrew Bartlett wrote: The interesting thing is this - my Win2k servers don't seem to share this property. I can't even get a CIFS/ ticket, and they don't have those names. So, we need to do some more digging - what is it that makes Samba look different to Win2k in this regard? Do some comparative traces, look at what names your Win2k servers have registered etc. It would be interesting to track this down. Hello, I promised to get back on this after I could get some tests done on a Win2k workstation. To put it short: indeed, Win2k with SP3 does not look for a CIFS/server.example.com ticket. Win2k clients will look for the service principal HOST/server.example.com, which is there by default. Still, my XP clients will insist on trying to get a ticket for the service principal CIFS/server.example.com, and will not work without one. The really interesting thing is this. My Windows 2000 Server fileservers do *not* have a servicePrincipalName of CIFS/server.example.com. Here is an LDAP dump of a W2k fileserver: -- # FILESERVER01, OUfile, OUmemberserver, OUroot, win, hut, fi dn: CN=FILESERVER01,OU=OUfile,OU=OUmemberserver,OU=OUroot,DC=win,DC=hut,DC=fi accountExpires: 9223372036854775807 badPasswordTime: 0 badPwdCount: 0 codePage: 0 cn: CCFILE01 countryCode: 0 displayName: FILESERVER01$ dNSHostName: fileserver01.win.hut.fi (..snip..) distinguishedName: CN=FILESERVER01,OU=OUfile,OU=OUmemberserver,OU=OUroot,DC=win,DC=hut,DC=fi objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=win,DC=hut,DC=fi objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer objectGUID:: Ww2Hq27cj0Si6AB3eQk1qQ== objectSid:: AQUAAAUVfOskDVdm4mJ1uXVUXAQAAA== operatingSystem: Windows 2000 Server operatingSystemServicePack: Service Pack 3 operatingSystemVersion: 5.0 (2195) primaryGroupID: 515 pwdLastSet: 126891621025546875 name: FILESERVER01 sAMAccountName: FILESERVER01$ sAMAccountType: 805306369 servicePrincipalName: NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/fileserver01.win. hut.fi servicePrincipalName: HOST/FILESERVER01 servicePrincipalName: HOST/fileserver01.win.hut.fi userAccountControl: 4096 uSNChanged: 13142668 uSNCreated: 3385 whenChanged: 20030208071502.0Z whenCreated: 2809081657.0Z -- *BUT*, when I access fileserver01.win.hut.fi with my XP clients, they somehow manage to get a ticket for the service principal CIFS/fileserver01.win.hut.fi, even though it is not listed here (I verified this with 'klist tickets'). In Linux, when I attempt to get a service ticket for CIFS/fileserver01.win.hut.fi with 'kinit -S CIFS/fileserver01.win.hut.fi', it fails and reports that the server was not found in the database. For my Samba server, I am able to get a service ticket for CIFS/sambaserver.win.hut.fi with 'kinit -s', because I have added it manually. This sounds really weird to me.. And, if it has any information value, we have under testing a NetApp fileserver which is able to join a domain and talk to SMB clients authenticating them with Kerberos. It will also add a SPN named CIFS/netappserver.win.hut.fi when joining the domain. Any comments? Regards, Antti Tikkanen
Does 3.0 have the same problem? (Re: Problem with nt acl supportwhen saving Excel or Word Files)
What I would be very curious about: Does 3.0 exhibit the same problem? http://lists.samba.org/pipermail/samba-technical/2003-January/041748.html http://lists.samba.org/pipermail/samba-technical/2003-February/042392.html Maybe someone already running 3.0 could try? Cheers! Michael
RE: Does 3.0 have the same problem? (Re: Problem with nt aclsupport when saving Excel or Word Files)
I'm quite sure it does. Our solution was to create a default ACL on the directory which set the appropriate ACL on files created in that directory. This may or may not work depending on the file system implementation of ACLs. Ken -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael Steffens Sent: Wednesday, February 12, 2003 7:35 AM To: Michael Steffens Cc: [EMAIL PROTECTED] Subject: Does 3.0 have the same problem? (Re: Problem with nt acl support when saving Excel or Word Files) What I would be very curious about: Does 3.0 exhibit the same problem? http://lists.samba.org/pipermail/samba-technical/2003-January/041748.htm l http://lists.samba.org/pipermail/samba-technical/2003-February/042392.ht ml Maybe someone already running 3.0 could try? Cheers! Michael
RE: winbindd losing trust relationship once in a while (Samba 3.0)
[snip] I wonder whether the trusted domains patch that went by today fixes this as well? Would you mind trying it? Since the patch doesn't apply to a20, and I couldn't be bothered to check why properly - I downloaded the CVS version, for the hell of it. The patch didn't apply to that either, so I did it manually. Both before and after the patch, not only did the trusted domains not work, but I couldn't do a wbinfo -u that worked. This snippet probably explains why: [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414) client_read: read 1312 bytes. Need 0 more for a full request. [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:process_request(297) process_request: request fn LIST_USERS [2003/02/12 15:14:42, 3] nsswitch/winbindd_user.c:winbindd_list_users(533) [21233]: list users [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:client_write(460) client_write: wrote 1300 bytes. [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414) client_read: read 0 bytes. Need 1312 more for a full request. [2003/02/12 15:14:42, 5] nsswitch/winbindd.c:winbind_client_read(419) read failed on sock 12, pid 21233: EOF So, sorry, but that doesn't seem to work. Alpha 20 was the last version that actually worked for me... -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- The poor little kittens; They lost their mittens; And now you all must die. Mew, Mew, Mew, Mew, And now you all must die. www.sluggy.com, 24/10/02
Re: background updates of print queues via a dedicated process
Gerald (Jerry) Carter wrote: ... It might be good for there to also be a way for the spooler to notify Samba when something has happened, so as to avoid polling. CUPS might support this. I dunno. or it could be added to lpd of course. ... CUPS 1.2 will support IPP notifications and the ippget notification scheme, so it will be possible for SAMBA to request notifications whenever printer or job states change. For CUPS 1.1.x and other legacy printing systems, polling is the only method that is available. I think LPRng has some mechanisms for asynchronous notifications - you'd have to ask Patrick about that... -- __ Michael Sweet, Easy Software Products mike at easysw dot com Printing Software for UNIX http://www.easysw.com
Re: background updates of print queues via a dedicated process
Tim Potter wrote: ... My idea which I've probably told a couple of you is to use kernel dnotify stuff to work out when jobs are spooled or removed. So a daemon would get a signal when a spool file is created and add that to printing.tdb. When the file completes spooling lpd deletes it and the daemon gets another signal saying that file has deleted. ... However, this is highly spooler specific and depends on a publicly accessible spool directory (something that any self-respecting spooler does not do these days to avoid common security issues... -- __ Michael Sweet, Easy Software Products mike at easysw dot com Printing Software for UNIX http://www.easysw.com
RE: winbindd losing trust relationship once in a while (Samba 3.0)
The patch works on SAMBA_3_0 as of 5 minutes ago. How did you patch it manually? The messages you see below are normal and don't indicate any real problems. Ken -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nir Soffer Sent: Wednesday, February 12, 2003 8:15 AM To: Tim Potter; [EMAIL PROTECTED] Subject: RE: winbindd losing trust relationship once in a while (Samba 3.0) [snip] I wonder whether the trusted domains patch that went by today fixes this as well? Would you mind trying it? Since the patch doesn't apply to a20, and I couldn't be bothered to check why properly - I downloaded the CVS version, for the hell of it. The patch didn't apply to that either, so I did it manually. Both before and after the patch, not only did the trusted domains not work, but I couldn't do a wbinfo -u that worked. This snippet probably explains why: [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414) client_read: read 1312 bytes. Need 0 more for a full request. [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:process_request(297) process_request: request fn LIST_USERS [2003/02/12 15:14:42, 3] nsswitch/winbindd_user.c:winbindd_list_users(533) [21233]: list users [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:client_write(460) client_write: wrote 1300 bytes. [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414) client_read: read 0 bytes. Need 1312 more for a full request. [2003/02/12 15:14:42, 5] nsswitch/winbindd.c:winbind_client_read(419) read failed on sock 12, pid 21233: EOF So, sorry, but that doesn't seem to work. Alpha 20 was the last version that actually worked for me... -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- The poor little kittens; They lost their mittens; And now you all must die. Mew, Mew, Mew, Mew, And now you all must die. www.sluggy.com, 24/10/02
Winbindd limited by select
Samba-folk: I've run into a problem with winbindd in both 2.2.x and 3.0 where it just locks up after a while on large, busy networks. We finally tracked down the problem to the fact that the C library select function is limited by default to 256 file descriptors in NetBSD (1024 in FreeBSD, 2048 in Linux). So once 256 (or whatever) smbd processes connected to winbindd, it broke pretty badly and was very hard to kill. This is set at compile-time, not run-time. This line: #define FD_SETSIZE 2048 /* Max # of winbindd connections */ must occur before the first invocation of sys/types. This could be a build option, but it might be much simpler to hard-code it in local.h, which is what I did to fix it. Can somebody check the implications of this on Solaris, HPUX, etc.? Thanks, Ken Cross Network Storage Solutions
Re: 3.0Alpha21 and W2K AD 'dorking' Samba machine acct?
On Thu, 30 Jan 2003, Andrew Bartlett wrote: On Thu, 2003-01-30 at 23:32, Nik Conwell wrote: Anybody seeing a scenario like this? net ads join adds our machine entry to AD just fine. The machine entry object in the AD database has: OperatingSystemSamba OperatingSystemVersion post3.0-HEAD dnsHostnameourhost Some time later something happened, and AD now has: OperatingSystemWindows OperatingSystemVersion NT 4 dnsHostnameis empty. and then authentication to ourhost fails. Something is doing a NT4 password change. This can occur if 'security=domain' is set, rather than 'security=ads'. Or if 'net rpc changetrustpw' is run. Interesting - security=ads is set in the config, and neither of the two of us who have privs to do the net cmds have run changetrustpw (or knew what it was before you wrote about it ;-)) I have an unverified pet theory that under some circumstances the smbd may think it's running as security=domain (unable to read the config file due to it being unmounted - it's on NFS disk - or since the file doesn't have o=r). I'll put some DEBUG logging statements near change_trust_account_password() to see if we're somehow getting there. Thanks for your help. -nik
RE: Winbindd limited by select
On HP-UX 11.x, the default is 2048 for FD_SETSIZE. You can also (according to man page for select()) handle this dynamically, if you are concerned for memory footprint for your application. An example from the man page: The user can also allocate the space for fd_set structure dynamically, depending upon the number of file descriptors to be tested. The following code segment illustrates the basic concepts. int num_of_fds,s; struct fd_set *f; /* * Set num_of_fds to the required value. * User can set it to the maximum possible value the kernel is * configured for, by using sysconf(_SC_OPEN_MAX). * Note that, if you are not using these many files, you are * wasting too much space. */ num_of_fds = sysconf(_SC_OPEN_MAX); s = sizeof(long); /* * howmany is a macro defined in sys/types.h */ f = (struct fd_set *)malloc(s*howmany(num_of_fds, s*8); /* * Use f wherever struct fd_set * is used. * It can be used to test num_of_fds file descriptors. */ So, might be a couple of ways to skin this cat :-) (I don't mean literally, for all you cat lovers out there!) Don -Original Message- From: Ken Cross [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 7:36 To: 'Multiple recipients of list SAMBA-TECHNICAL' Subject: Winbindd limited by select Samba-folk: I've run into a problem with winbindd in both 2.2.x and 3.0 where it just locks up after a while on large, busy networks. We finally tracked down the problem to the fact that the C library select function is limited by default to 256 file descriptors in NetBSD (1024 in FreeBSD, 2048 in Linux). So once 256 (or whatever) smbd processes connected to winbindd, it broke pretty badly and was very hard to kill. This is set at compile-time, not run-time. This line: #define FD_SETSIZE 2048 /* Max # of winbindd connections */ must occur before the first invocation of sys/types. This could be a build option, but it might be much simpler to hard-code it in local.h, which is what I did to fix it. Can somebody check the implications of this on Solaris, HPUX, etc.? Thanks, Ken Cross Network Storage Solutions
Re: background updates of print queues via a dedicated process
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 12 Feb 2003, Martin Pool wrote: I was thinking of the way smbd needs to notify waiting clients when the print queue changes. I guess the notification doesn't need to happen straight away. I think we may need to revisit how the print notify is implemented. The semanics are correct but it seems to break down under load. We need to handle that load more gracefully. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+SmALIR7qMdg1EfYRAja/AJ9f1fzPoNNxD3xvPhoYLdXB4hTMMgCg8qxt fMn6WSa0k0a/BAXrI2Ys2go= =8GlW -END PGP SIGNATURE-
Re: Winbindd limited by select
Hi Ken, Ken Cross wrote: I've run into a problem with winbindd in both 2.2.x and 3.0 where it just locks up after a while on large, busy networks. We finally tracked down the problem to the fact that the C library select function is limited by default to 256 file descriptors in NetBSD (1024 in FreeBSD, 2048 in Linux). So once 256 (or whatever) smbd processes connected to winbindd, it broke pretty badly and was very hard to kill. This is set at compile-time, not run-time. This line: #define FD_SETSIZE 2048 /* Max # of winbindd connections */ must occur before the first invocation of sys/types. This could be a build option, but it might be much simpler to hard-code it in local.h, which is what I did to fix it. Can somebody check the implications of this on Solaris, HPUX, etc.? This will hardly do on HP-UX, because there is a kernel parameter maxfiles controlling the per-process max number of filedescriptors. It's 60 by default after installation, but is tunable (with reboot). I would not recommend to set it too high, since it's also a fuse against single user processes eating up all available file descriptors (controlled by nfiles). We have hit the limit *very* quickly on our Winbind production box, of course, and I have increased maxfiles to 300. Still quite low when expecting a couple of hundret smbd to become winbind clients. Each of them consuming two FDs. The solution (and this should also work on other platforms) was to have winbindd housekeep its client connections by shutting down idle connections, and have clients reconnect when required: http://lists.samba.org/pipermail/samba-technical/2003-February/042210.html The threshold was chosen to be 100 active connections, which keeps winbindd well below 300 FDs. Below 140, actually, including network sockets and open database and log files. This only works out well if clients don't connect too frequently, however, and http://lists.samba.org/pipermail/samba-technical/2003-February/042170.html helped achieving this. I'm tracking winbindd shutting down sockets for about a week now, and have extended the DEBUG line in remove_idle_client() to also print idle time of removal candidates. With about 100 concurrent smbds (i.e. ~200 client pipes) it almost always finds connections idle for more than an hour. I would assume forcing these to reconnect should have no measurable impact, and the solution should scale to a multitude of its current load. It can't be applied directly to 3.0, however. I'm assuming that identifying idle connections is more complicated there, as both read and write buffers can be empty while waiting for a request to complete. But it should nevertheless be possible. Cheers! Michael
RE: winbindd losing trust relationship once in a while (Samba 3.0)
-Original Message- From: Ken Cross [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 3:41 PM To: Nir Soffer; 'Tim Potter'; [EMAIL PROTECTED] Subject: RE: winbindd losing trust relationship once in a while (Samba 3.0) The patch works on SAMBA_3_0 as of 5 minutes ago. How did you patch it manually? Well, I looked at the patch saw that it moves the static variable last_scan outside of the function and inserted the last_scan = 0 wherever it should be. The messages you see below are normal and don't indicate any real problems. Except the fact that wbinfo -u didn't work. Downloading the CVS again, this is what I got when I ran wbinfo -u (without any patch) 2003/02/12 18:15:37, 6] rpc_parse/parse_prs.c:prs_debug(81) 18 smb_io_pol_hnd domain_pol [2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_uint32(592) 0018 data1: [2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_uint32(592) 001c data2: [2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_uint16(563) 0020 data3: [2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_uint16(563) 0022 data4: [2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_uint8s(679) 0024 data5: 00 00 00 00 00 00 00 00 [2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(621) 002c status: NT_STATUS_INVALID_PARAMETER [2003/02/12 18:15:37, 10] nsswitch/winbindd.c:client_write(460) client_write: wrote 1300 bytes. [2003/02/12 18:15:37, 10] nsswitch/winbindd.c:winbind_client_read(414) client_read: read 0 bytes. Need 1312 more for a full request. [2003/02/12 18:15:37, 5] nsswitch/winbindd.c:winbind_client_read(419) read failed on sock 12, pid 6200: EOF Ken -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- The poor little kittens; They lost their mittens; And now you all must die. Mew, Mew, Mew, Mew, And now you all must die. www.sluggy.com, 24/10/02 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] amba.org] On Behalf Of Nir Soffer Sent: Wednesday, February 12, 2003 8:15 AM To: Tim Potter; [EMAIL PROTECTED] Subject: RE: winbindd losing trust relationship once in a while (Samba 3.0) [snip] I wonder whether the trusted domains patch that went by today fixes this as well? Would you mind trying it? Since the patch doesn't apply to a20, and I couldn't be bothered to check why properly - I downloaded the CVS version, for the hell of it. The patch didn't apply to that either, so I did it manually. Both before and after the patch, not only did the trusted domains not work, but I couldn't do a wbinfo -u that worked. This snippet probably explains why: [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414) client_read: read 1312 bytes. Need 0 more for a full request. [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:process_request(297) process_request: request fn LIST_USERS [2003/02/12 15:14:42, 3] nsswitch/winbindd_user.c:winbindd_list_users(533) [21233]: list users [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:client_write(460) client_write: wrote 1300 bytes. [2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414) client_read: read 0 bytes. Need 1312 more for a full request. [2003/02/12 15:14:42, 5] nsswitch/winbindd.c:winbind_client_read(419) read failed on sock 12, pid 21233: EOF So, sorry, but that doesn't seem to work. Alpha 20 was the last version that actually worked for me... -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- The poor little kittens; They lost their mittens; And now you all must die. Mew, Mew, Mew, Mew, And now you all must die. www.sluggy.com, 24/10/02
rpcclient adddriver: core dump
Samba HEAD Looks like it's triggered by not closing quotes: [root@workst1 root]# rpcclient -U admin%passwd -W GROUP workst1 -d2 added interface ip=192.168.168.250 bcast=192.168.168.255 nmask=255.255.255.0 rpcclient $ adddriver Windows 4.0 HP CL 8500 - PCL:HPCPCLA.DLL:HP_LJ85.PPD:HPCPCLA1.DLL:H Segmentation fault (the second param to addriver is incomplete due to a cut-and-paste mishap; hitting return on it produces the segv.) Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It never ceases to amaze me how a 50% pay rise, overtime and low mileage can make you swallow your pride so easily. - Alan Weadick
Re: Winbindd limited by select
On Wed, Feb 12, 2003 at 07:36:19AM -0500, Ken Cross wrote: Samba-folk: I've run into a problem with winbindd in both 2.2.x and 3.0 where it just locks up after a while on large, busy networks. We finally tracked down the problem to the fact that the C library select function is limited by default to 256 file descriptors in NetBSD (1024 in FreeBSD, 2048 in Linux). So once 256 (or whatever) smbd processes connected to winbindd, it broke pretty badly and was very hard to kill. This is set at compile-time, not run-time. This line: #define FD_SETSIZE 2048 /* Max # of winbindd connections */ must occur before the first invocation of sys/types. This could be a build option, but it might be much simpler to hard-code it in local.h, which is what I did to fix it. Can somebody check the implications of this on Solaris, HPUX, etc.? Great catch ! I'll fix this asap ! Jeremy.
Re: CVS update: samba/source/printing
On Wed, Feb 12, 2003 at 09:03:44AM -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 12 Feb 2003 [EMAIL PROTECTED] wrote: Date: Wed Feb 12 06:38:18 2003 Author: abartlet Update of /data/cvs/samba/source/printing In directory dp.samba.org:/tmp/cvs-serv1930/printing Modified Files: notify.c Log Message: Prevent NULL-pointer induced segfaults. Is tdb_pack in appliance_head different for some reason? apparently so. $ cvs log -r1.9.2.14 tdb/tdbutil.c revision 1.9.2.14 date: 2002/11/27 01:51:43; author: jra; state: Exp; lines: +21 -25 SMBencrypt needs dos codepage also. Change tdb_pack/unpack to take a function pointer applied to all strings if it exists. Jeremy. Sorry about that. I'll watch for these nasty differences more closely in future. Jeremy.
one more rpclient buglet
Added a driver using: (B adddriver "Windows 4.0" "PR2:NULL:NULL:NULL:NULL:NULL:NULL:NULL" (B (BNow I get funny characters in the enumdrivers output: (B[root@workst1 root]# rpcclient -U user%pass -c "enumdrivers 2" workst1 (B (B[Windows 4.0] (BPrinter Driver Info 2: (BVersion: [0] (BDriver Name: [PR2] (BArchitecture: [Windows 4.0] (BDriver Path: [%/1iso8859-15,A0(B`] (BDatafile: [t] (BConfigfile: [%/1iso8859-15,A7Pa?(B] (B (BAlso (B adddriver "Windows NT x86" "PR2:NULL:NULL:NULL:NULL:NULL:NULL:NULL" (B (Bfails, but I'm not yet sure why. (B (BCheers, (BWaider. (B-- ([EMAIL PROTECTED] / Yes, it /is/ very personal of me. (B"So, while thinking about all this, I realized that my job could be (B defined as systematically, judiciously, deliberately forgetting (B things." - smarry
init_unistr2 length calculation
Hi, In init_unistr2, the string length for the UNISTR2 structure seems to be set equal to the number of bytes occupied by the string when encoded in the Unix charset (i.e. the value returned by strlen()). This is not necessarily the number of characters in the string (given UTF-8 and other variable-byte charsets). Shouldn't this actually be set to half the number of bytes occupied by the string after encoding it in UCS2? Here's a patch that does this. Thanks, Shirish Index: rpc_parse/parse_misc.c === RCS file: /cvsroot/samba/source/rpc_parse/parse_misc.c,v retrieving revision 1.94.2.8 diff -u -r1.94.2.8 parse_misc.c --- rpc_parse/parse_misc.c 28 Jan 2003 21:09:56 - 1.94.2.8 +++ rpc_parse/parse_misc.c 11 Feb 2003 19:52:32 - @@ -889,10 +889,6 @@ { ZERO_STRUCTP(str); - /* set up string lengths. */ - str-uni_max_len = (uint32)len; - str-undoc = 0; - str-uni_str_len = (uint32)len; if (len MAX_UNISTRLEN) len = MAX_UNISTRLEN; @@ -912,7 +908,13 @@ if (buf==NULL) return; - rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE); + len = rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE); + len /= 2; + /* set up string lengths. */ + str-uni_max_len = (uint32)len; + str-undoc = 0; + str-uni_str_len = (uint32)len; + } /**
joining machine to domain with ldapsam backend
Title: joining machine to domain with ldapsam backend Bradley, Did you ever resolve or find a workaround for this? This is exactly the problem I am having with the current HEAD. Thanks, John From: Bradley W. Langhorst [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: joining machine to domain with ldapsam backend Date: 23 Apr 2002 20:35:22 -0400 Message-id: 1019608522.25957.2528.camel@unheq1 I'm assuming that talk about samba3 belongs here, please let me know if i should take it to samba@ I'm trying to join a machine to today's head here is the what I get in the log file - how should we assign an RID to a machine account? do I need to add a special script in the add machine script parameter to make this work? how should we assign an RID to a machine account? [2002/04/23 20:32:53, 2] smbd/reply.c:reply_special(77) netbios connect: name1=BITC name2=TESTPC [2002/04/23 20:32:53, 2] smbd/reply.c:reply_special(96) netbios connect: local=bitc remote=testpc [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:53, 2] auth/auth.c:check_ntlm_password(256) check_password: authenticaion for user [root] - [root] - [root] suceeded [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:54, 2] lib/access.c:check_access(309) Allowed connection from (132.177.45.90) [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:54, 2] smbd/server.c:exit_server(498) Closing connections [2002/04/23 20:32:54, 2] lib/access.c:check_access(309) Allowed connection from (132.177.45.90) [2002/04/23 20:32:54, 2] smbd/reply.c:reply_special(77) netbios connect: name1=BITC name2=TESTPC [2002/04/23 20:32:54, 2] smbd/reply.c:reply_special(96) netbios connect: local=bitc remote=testpc [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:55, 2] auth/auth.c:check_ntlm_password(256) check_password: authenticaion for user [root] - [root] - [root] suceeded [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:55, 2] lib/access.c:check_access(309) Allowed connection from (132.177.45.90) [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:55, 2]
RE: init_unistr2 length calculation
The patch assumes that UCS2 characters are 2-bytes each. It does not make any assumptions about the widths of the Unix charset. Thanks, Shirish On Wed, 12 Feb 2003, Ken Cross wrote: I'm not sure that 2 is a valid assumption. We're using UTF-8 for the Unix charset, and a multi-byte character can be as much as 6 bytes. Ken Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shirish Kalele Sent: Wednesday, February 12, 2003 1:08 PM To: [EMAIL PROTECTED] Subject: init_unistr2 length calculation Hi, In init_unistr2, the string length for the UNISTR2 structure seems to be set equal to the number of bytes occupied by the string when encoded in the Unix charset (i.e. the value returned by strlen()). This is not necessarily the number of characters in the string (given UTF-8 and other variable-byte charsets). Shouldn't this actually be set to half the number of bytes occupied by the string after encoding it in UCS2? Here's a patch that does this. Thanks, Shirish Index: rpc_parse/parse_misc.c === RCS file: /cvsroot/samba/source/rpc_parse/parse_misc.c,v retrieving revision 1.94.2.8 diff -u -r1.94.2.8 parse_misc.c --- rpc_parse/parse_misc.c 28 Jan 2003 21:09:56 - 1.94.2.8 +++ rpc_parse/parse_misc.c 11 Feb 2003 19:52:32 - @@ -889,10 +889,6 @@ { ZERO_STRUCTP(str); - /* set up string lengths. */ - str-uni_max_len = (uint32)len; - str-undoc = 0; - str-uni_str_len = (uint32)len; if (len MAX_UNISTRLEN) len = MAX_UNISTRLEN; @@ -912,7 +908,13 @@ if (buf==NULL) return; - rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE); + len = rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE); len + /= 2; + /* set up string lengths. */ + str-uni_max_len = (uint32)len; + str-undoc = 0; + str-uni_str_len = (uint32)len; + } /**
Re: init_unistr2 length calculation
On Wed, Feb 12, 2003 at 01:18:00PM -0500, Ken Cross wrote: I'm not sure that 2 is a valid assumption. We're using UTF-8 for the Unix charset, and a multi-byte character can be as much as 6 bytes. _after_ reencoding to UCS2 the length of string in characters will be (bytes length)/2. -- / Alexander Bokovoy --- Wanna buy a duck?
Re: Dual winbind daemons - fix to winbindd_dual.c
On Tue, Feb 11, 2003 at 09:46:44PM -0500, Ken Cross wrote: Samba-folk: The dual winbindd daemon hasn't been working (at least not on NetBSD). It always bombs out with [2003/02/11 10:03:23, 2] tdb/tdbutil.c:tdb_log(582) tdb(unnamed): tdb_open_ex: /var/samba/locks/winbindd_idmap.tdb (0,162792) is already open in this process [2003/02/11 10:03:23, 0] nsswitch/winbindd_idmap.c:winbindd_idmap_init(438) winbindd_idmap_init: Unable to open idmap database and then becomes a zombie. The one-line fix below closes idmap before calling winbind_setup_common. BTW, I haven't really had a chance to test it -- does the dual daemon thing work well? We're using it with success on the HP PSA, but that uses the APPLIANCE_HEAD branch. I'll look at this... Jeremy.
RE: init_unistr2 length calculation
You're right -- sorry. (Going in the wrong direction.) Ken Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shirish Kalele Sent: Wednesday, February 12, 2003 1:23 PM To: Ken Cross Cc: [EMAIL PROTECTED] Subject: RE: init_unistr2 length calculation The patch assumes that UCS2 characters are 2-bytes each. It does not make any assumptions about the widths of the Unix charset. Thanks, Shirish On Wed, 12 Feb 2003, Ken Cross wrote: I'm not sure that 2 is a valid assumption. We're using UTF-8 for the Unix charset, and a multi-byte character can be as much as 6 bytes. Ken Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shirish Kalele Sent: Wednesday, February 12, 2003 1:08 PM To: [EMAIL PROTECTED] Subject: init_unistr2 length calculation Hi, In init_unistr2, the string length for the UNISTR2 structure seems to be set equal to the number of bytes occupied by the string when encoded in the Unix charset (i.e. the value returned by strlen()). This is not necessarily the number of characters in the string (given UTF-8 and other variable-byte charsets). Shouldn't this actually be set to half the number of bytes occupied by the string after encoding it in UCS2? Here's a patch that does this. Thanks, Shirish Index: rpc_parse/parse_misc.c === RCS file: /cvsroot/samba/source/rpc_parse/parse_misc.c,v retrieving revision 1.94.2.8 diff -u -r1.94.2.8 parse_misc.c --- rpc_parse/parse_misc.c 28 Jan 2003 21:09:56 - 1.94.2.8 +++ rpc_parse/parse_misc.c 11 Feb 2003 19:52:32 - @@ -889,10 +889,6 @@ { ZERO_STRUCTP(str); - /* set up string lengths. */ - str-uni_max_len = (uint32)len; - str-undoc = 0; - str-uni_str_len = (uint32)len; if (len MAX_UNISTRLEN) len = MAX_UNISTRLEN; @@ -912,7 +908,13 @@ if (buf==NULL) return; - rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE); + len = rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE); len + /= 2; + /* set up string lengths. */ + str-uni_max_len = (uint32)len; + str-undoc = 0; + str-uni_str_len = (uint32)len; + } /**
Re: Winbindd limited by select
On Wed, 12 Feb 2003 07:36:19 -0500 Ken Cross [EMAIL PROTECTED] wrote: I've run into a problem with winbindd in both 2.2.x and 3.0 where it just locks up after a while on large, busy networks. We finally tracked down the problem to the fact that the C library select function is limited by default to 256 file descriptors in NetBSD (1024 in FreeBSD, 2048 in Linux). So once 256 (or whatever) smbd processes connected to winbindd, it broke pretty badly and was very hard to kill. This is set at compile-time, not run-time. This line: #define FD_SETSIZE 2048 /* Max # of winbindd connections */ must occur before the first invocation of sys/types. This could be a build option, but it might be much simpler to hard-code it in local.h, which is what I did to fix it. Better still add a check to see if the limit has been reached and return an error. Mike -- A program should be written to model the concepts of the task it performs rather than the physical world or a process because this maximizes the potential for it to be applied to tasks that are conceptually similar and, more important, to tasks that have not yet been conceived.
Re: password quality script aka --with-cracklib replacement
On 12 Feb 2003, Andrew Bartlett [EMAIL PROTECTED] wrote: Because we don't have the old password, doing this via PAM doesn't work. The pam_cracklib module doesn't apply the test if it's run as root, and won't run without the old password as a normal user. I know it won't work with the existing pam_cracklib module. What I was asking was whether it is possible to write a new module that connects using PAM and which does provide the right checks, rather than inventing a new plugin interface. The PAM module might store previous passwords in a database (e.g. tdb) that it maintains. Every time a password is set, it gets put in there, with any other appropriate information (date?). When a new password-setting attempt is made, it checks against the history, plus other strength checks. I know PAM's configuration method is a bit gross, but standard is better than better. Since libraries can't be setuid it would need to be invoked by smbd as root, but that probably make sense anyhow as you say. Personally I would use something like a tdbpacked string, which avoids worries about strange characters or string parsing, and is easy to handle in C, Perl, and Python. This is an interesting idea - but how available is the interface for our particular custom string format? There is a Python library to decode them. Writing one for Perl would be quite trivial: perhaps 100 lines and half an hour. NT_STATUS_OK # New password accepted NT_STATUS_ACCESS_DENIED # Error occured in the script NT_STATUS_PASSWORD_RESTRICTION # Too short, weak, etc. I suggested the string - I don't think sending the hex value adds much, and makes it less self-documenting. Parsing the string is trivial, as we already have the lookup routines (I use it for a custom-hack auth module). We could certainly allow both - which would allow a new NTSTATUS code to be used in the unlikely event a useful one appears in this context. You can perhaps imagine a script that wants to be a proxy to some other service that returns arbitrary error codes, so translating to and from strings would be a waste of time and effort. So we ought to at least allow numeric values, as you say. Why make it optional, though? There's already space for a human-readable description string. Presumably the script will use symbolic names for all the values, so the code will be self-documenting which is the most important part. All these protocols send numeric values, so it's better to be consistent. (For example, wbinfo prints out hex ntstatus values.) -- Martin