Re: [Samba] Swat configuration problem

[Jorge Videgain Marquez]

Have you found a way to hide information about Status and Configuration of 
samba, to users at Swat pages?

What is the diferece between Server Password Management and Client Server 
Password Management?

What means Remote Machine box at Client Server Password Management section?

regards 

guanche


El Mar 11 Feb 2003 22:35, Michael G. Noble escribió:
 I have all my users using the swat interface which is simpler for most
 PC users than having to login to a UNIX/LINUX machine.  Since they
 login to swat as themselves, there is very little they can do to the
 system.

 Mike

 On Tue, 2003-02-11 at 12:45, James Kosin wrote:
  Dear Jorge Videgain Marquez,
 
  The easiest way to have users change their passwords is to:
  a)Login to the Linux/Unix box via TELNET.
  b)Have the user use smbpasswd to change their password.
 
  This is the simplest method.  SWAT is usually reserved for configuring
  samba and not user management.
 
  Thanks,
  James Kosin
 
  - Original Message -
  From: [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Tuesday, February 11, 2003 12:59 PM
  Subject: samba Digest, Vol 2, Issue 37
 
  | Date: Tue, 11 Feb 2003 12:59:39 +0100
  | From: Jorge Videgain Marquez [EMAIL PROTECTED]
  | To: [EMAIL PROTECTED]
  | Subject: [Samba] Swat configuration problem
  | Message-ID: [EMAIL PROTECTED]
  | Content-Type: text/plain;
  |   charset=us-ascii
  | MIME-Version: 1.0
  | Content-Transfer-Encoding: quoted-printable
  | Precedence: list
  | Message: 1
  |
  | I would like my terminals computer be allowed to change their passwords
  | u= sing=20
  | Swat web page, but i would not like they could see configuration, smb
  | fil= e,=20
  | status or any other infromation about the net.
  |
  | How can i grant access to they could use Swat? when i try to conect
  | with = a=20
  | local samba or linux user diferent than root it says Permision Denied
  | at = my=20
  | browser.
  |
  | How can i filter information sent to them so they only could change
  | their= =20
  | passwords?
  |
  | Does Swat work fine to do this? any other idea to allow them to chage
  | the= ir =20
  | passwords?
  |
  | Regards
  |
  | guanche
 
  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 

Regards

guanche
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] pdc win2k sp3 clients/samba 2.27a/redhat 8.0 got itworking now !

[Raj Saxena]

OK guys,
After beating my head I got it to work !!

I setup a new test machine with redhat 8.0 and used the stock samba in it
2.25-10 build.

This seems to work like a charm and I was able to go through with it with
out a problem.

Go figure why the compiled version 2.27a just didn't want to work?

Anyways I found a doc off of the Linuxtoday.com site that some girl named
Carla put together. I will take her text and make a new step by step manual
for everyone based on my experience.

Thanks for everyones help.

Raj





-Original Message-
From: mark [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 11, 2003 12:51 AM
To: Raj Saxena; [EMAIL PROTECTED]
Subject: Re: [Samba] pdc help needed with win2k sp3 clients/samba
2.27a/redhat 8.0


On Tuesday 11 February 2003 07:52, Raj Saxena wrote:

 Does anyone have any good docs as to what clients work and with what
 service pack? I know some guys have had luck with debian, and win2ksp3. We
 have 17 clients in one building and then I would need to bring up two bdc
 (samba servers) if possible for the remote locations.


It sounds like you've done your homework, but this is quite a good document
in
case you haven't seen it.

http://hr.uoregon.edu/davidrl/samba/samba-pdc.html#pdc

I know it's possible to connect a w2k machine to a samba pdc as I've done
it.
Which is not to say anything about you, but just to confirm that it is
actually possible.

Good luck,
mark


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Access Denied when connect to samba box

[Kurt Weiss]

Denis I. Morozov schrieb:

Hi!

I have MS domain, based on MS Windows 2000 Server. I successfully joined 
my samba box (Linux 2.5.53, Samba 2.2.4) to domain via smbpasswd -j 
DOMAIN -r DC -Uuser%pwd.

i don't know this line...
is here an -a missing? is -Uuser%pass ok?
did u check with smbclient on localhost, if u have access to your server?

snip


Where is error?


smbpasswd not ok,
wrong userrights in linux/unix
firewall
...

there are many reasons,
give us a little more info...




Thanks for help.
Best regards, Den

PS: Also I cant connect to Win'9x boxes from Win'2000,XP.




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Access Denied when connect to samba box

[Denis I. Morozov]

Kurt Weiss wrote:

I have MS domain, based on MS Windows 2000 Server. I successfully 
joined my samba box (Linux 2.5.53, Samba 2.2.4) to domain via 
smbpasswd -j DOMAIN -r DC -Uuser%pwd.


i don't know this line...
is here an -a missing? is -Uuser%pass ok?

Yes -a is missing, username and password right (I use it for logon to 
Windows boxes).

[frozer@linuxbox frozer]$ smbclient -L \\localhost
added interface ip=192.168.1.28 bcast=192.168.1.255 nmask=255.255.255.0
Password: blank
Anonymous login successful
Domain=[DOMAIN] OS=[Unix] Server=[Samba 2.2.4]

Sharename  Type  Comment
-    ---
public Disk  For testing only, please
musicmovies   Disk  MP3 Music and Movies
IPC$   IPC   IPC Service (Samba server)
ADMIN$ Disk  IPC Service (Samba server)

Server   Comment
----
DC
DARKSTAR Samba server

WorkgroupMaster
----
DOMAIN DC

did u check with smbclient on localhost, if u have access to your server?

Yes, but seems something wrong, when I use password in password prompt:

[frozer@darkstar frozer]$ smbclient -L \\localhost
added interface ip=192.168.1.28 bcast=192.168.1.255 nmask=255.255.255.0
Password:bla-bla
session setup failed: NT_STATUS_LOGON_FAILURE

?
Seems, W2k DC cant to authorize my linuxbox.

firewall

no any firewall in this Class C network.


Thanks for help.
Best regards, Den


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 2, Issue 40

[peter grotz]

Date: Sun, 09 Feb 2003 02:20:26 +0100
From: Michael Paarmann [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] fine grain perms
Message-ID: [EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]
References: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii; format=flowed
MIME-Version: 1.0
Precedence: list
Message: 4

Hi!




What I mean is;

dir /a/b/c/d

condition;
1) dir abc cannot be deleted
2) dir d can be deleted
3) files in dir ab cannot be deleted
but can be created
4) files in dir cd can be deleted

As a work around I've created an empty tree structure
(a sort of template) and have just renamed the dirs
while maintaning the custom perms.

Would be nice if it were dynamic.



I have nearly the same problem. But, sorry, i don't have real solution for 
this. I try to set the permissions with the unix rights. In addition to 
create mask and directory mask i use the sticky bits to realize my 
permission structure. It's sad to say, but i think, that this to a real big 
disadvantage of Samba. If you try to set a complex permission structure, 
it's very difficult work. With Windows or especially Novell it's much more 
easier, i think.
*LOL*
Have you heard of samba with ACL?

Cheers,
Peter

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] subscription

[mario wilson garcia]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Access Denied when connect to samba box

[Denis I. Morozov]

Kurt Weiss wrote:

[frozer@linuxbox frozer]$ smbclient -L \\localhost



is frozer a legal domain user?
(sorry, i did not check first, that your passwordserver is *not* your 
linux box...)
yes, frozer is legal domain name. And password server is Windows 2000 
Server.
But seems I resolve problem: in group policy for Domain Computers I 
found some unresolved names as users who has rightes to access to this 
computer from network or sounds like this, so I removed this unresolved 
names, after changes in Group Policy I restart DC. Then I remove 
computer account from domain, join linuxbox to domain again and manually 
create computer account. After that open Network Neighbornhood and 
browse shares on LINUXBOX - and it work!

Thanks for your help, Kurt!

Best regards, Denis

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] security = domain

[Andreas]

On Tue, Feb 11, 2003 at 03:36:28PM +0100, Pierrick Brossin wrote:
 If I have to enter the 60 people that are working here on my freebsd server
 it's gonna take long and it's static. Everytime a new guy start here I'll
 have to add it to the freebsd server...

You can/should use winbind(*) to avoid this. With winbind, the user magically
starts to exist on the bsd machine the instant he/she is created in the
NT box. You can also use samba's support for scripts to create a home
directory on-the-fly.


(*): actually I have no clue if winbind runs on freebsd, I just use linux, but
I would assume it does work on bsd.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0 AD usage problems

[Andreas]

On Wed, Feb 12, 2003 at 07:28:55PM +0800, Catherine Shen wrote:
 And #kadmin -p administrator fails with the error message:
 kadmin: Database error! Requeired KADM5 principal missing while
 initializing kadm in interface

kadmin? Don't you mean kinit?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] summary: printing to Win95 local printer

[Kevin Lawton]

Ron,
We've got almost the same problem as you had, and its driving us crazy !
We're trying to migrate a Windows Me network over to Rh 8.0 and just can't
print from a Linux box to a Windows printer.
Would you be able to give us any pointers to succeeding with this, please ?
I can't say we're finding the CUPS docs too useful in this area - maybe we
haven't got all the doc that you've seen. Anything you can say about the
critical points of configuring Samba and CUPS would be really appreciated -
an example of how you achieved this, or pointers/links to the right bit of
documentation likewise.
Apologies for replying direct, but my posts to the samba list don't always
seem to make it.
Thanks in advance for any help you can offer.
Kevin Lawton.
Project Manager.
Portmanteau Software Limited.

- Original Message -
From: Ron Bramblett [EMAIL PROTECTED]
To: samba list [EMAIL PROTECTED]
Sent: Wednesday, February 05, 2003 9:51 PM
Subject: [Samba] summary: printing to Win95 local printer


 I tried to setup samba to print to a win95 box and I was using lpd from
 RH7.3

 After trying everything I found Cups and looked at the docs and it
 prints great to the win95 Local Printer.

 Thanks for your help

 --
 Ron Bramblett
 Sys Admin
 Fuller Brush Company


 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Windows XP printer status, samba and cups

[Bas Goes]

Hi all,

I am trying to get decent printer status without timeouts in windows xp
(no sp1 installed). When I installed the printer it gave access denied,
unable to connect but it printed the test page fine. I rebooted, logged
in as normal user and tried to access the printer configuration folder.
It took a long while but in the end it gave an ok status on the
particular printer, when opening the spool it said that it was still
initiasing but I could print ok. Then I logged in as root again, same
thing.
I am using samba as sole server in the domain, access rights are all ok,
I can login to the domain as domain user, I am using cups, tried the
lprng setting in smb.conf as well with no change to the status problem.
I am using normal windows pcl printer drivers. I can print when logged
into the linux box and I can ask for printqueue status as normal
non-priviliged linux user. I have played around with chmod 777 and the
/var/spool/cups and /var/spool/samba without having a resolution to my
problem.

Could it have something to do with the following error?
[2003/02/12 10:26:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(1721)
  call_trans2qfilepathinfo: vfs_stat of shell32.dll failed (No such file
or directory)
[2003/02/12 10:26:20, 3] smbd/error.c:error_packet(94)
  error string = No such file or directory
[2003/02/12 10:26:20, 3] smbd/error.c:error_packet(113)
  error packet at smbd/trans2.c(1723) cmd=50 (SMBtrans2)
NT_STATUS_OBJECT_NAME_NOT_FOUND

It's the only one I get in the samba logs and they are multiple between
the spoolss rpc's.
Cups is not giving any error messages.
Here are the printer settings in my smb.conf:
printcap name = cups
printer admin =  @Domain Admins 
printing = cups
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

If someone can point me my problem and/or a solution please do.
Thanks in advance.
Regards,
Bas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba, PDC, logon, logoff

[Lev Klimin]

Hello!

I have Linux Mandrake (2.2.15) with Samba 2.2.5 as PDC.
I want to start certain script when NT-client logoff from my domain. How
can I do it?

Thanks, Lev mailto:[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Joining PDC w/LDAP Question

[Peak, John]

Buchan, 

I really appreciate the help as this has pointed me in the right
direction.  The getent passwd asa$ does not show anything unless I add
the machine manually.  Should I be putting the following directive in my
nsswitch.conf file to be able to perform host lookups from LDAP
properly?:

hosts:  files ldap dns 

I've noticed that some people do this and some do not in their
configurations.  I would think that after a Computer record is inserted
in my LDAP directory by Samba that NSS needs this directive to actually
lookup the computer.  When I try this it gives me a Segmentation
Fault.  Any additional thoughts or suggestions for me at this point?

Regards, 
John 


 -Original Message- 
From:   Buchan Milne [ mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] ] 
Sent:   Tuesday, February 11, 2003 3:26 PM 
To: Peak, John 
Cc: [EMAIL PROTECTED] 
Subject:Re: [Samba] Joining PDC w/LDAP Question 

 Date: Tue, 11 Feb 2003 08:58:22 -0500 
 From: Samba Newsgroups [EMAIL PROTECTED] 
 To: [EMAIL PROTECTED] 
 Subject: [Samba] Joining PDC w/LDAP Question 
 Message-ID: b2b7nk$5g4$[EMAIL PROTECTED] 
 Precedence: list 
 Message: 15 
 
 Should I be required to add the machine to my passwd file even if I am
using 
 LDAP when joining a W2K domain domain? 

No, an LDAP account is enough, as long as your box is setup to retrieve 
user information from ldap (ie via nss_ldap). 

 The only way I can get a machine to 
 join my Samba PDC is via the following commands. 
 
 # /usr/sbin/useradd -g 100 -d /dev/null -c asa -s /bin/false asa$ 
 # smbpasswd -a -m asa 

Does 'getent passwd machinename$' return a valid entry on your DC? It 
needs to at present (samba-2.2.x). 

 
 I thought that using ldapsam would lookup all machine information from
LDAP 
 without having to deal with passwd.  Any comments would be
appreciated. 
 Thanks. 

Mandrake packages have this example: 
# Script for domain controller with LDAP backend for adding machines
(please 
# configure in /etc/samba/smbldap_conf.pm first): 
; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d

/dev/null -g machines -c 'Machine Account' -s /bin/false %u 

Where we provide the smbldap-tools (in examples/LDAP in the souce) in 
/usr/share/samba/scripts 

Buchan 

-- 
|--Another happy Mandrake Club member--| 
Buchan MilneMechanical Engineer, Network Manager 
Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 
Stellenbosch Automotive Engineering http://www.cae.co.za
http://www.cae.co.za  
GPG Key   http://ranger.dnsalias.com/bgmilne.asc
http://ranger.dnsalias.com/bgmilne.asc  
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] acces to shared directory

[Fernando Rodriguez]

I see noone file, the shared directory (in w95) has read permission for all

I have RH8  with samba 2.2.5
En w95 machine  exists a shared folder  pepe, when tray to access from
rh8- konqueror, i see the shared directory  but  don't files .
There is a bug  o is my mistake ?




What are the permissions and ownership of the shared directory?

Who are the ownership and permissions of the files that you can not see?


- John T.
-- John H Terpstra Email: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] nmblookup can't resolve IPs (but SMB-names)

[Pascal Giannakakis]

Hi there, 
 
i have Samba 2.2.7a running on FreeBSD-STABLE 4.7. I set up a few things and
smbd and 
nmbd start up at boot, i can browse the net. 
 
However, nmblookup can only find IPs by SMB-names, but not SMB-names by IPs.
Here is 
an example output of the failed lookup: 
 
%nmblookup -d 3 210.104.1.133 
Initialising global parameters 
params.c:pm_process() - Processing configuration file
/usr/local/etc/smb.conf 
Processing section [global] 
added interface ip=210.104.1.133 bcast=210.104.1.255 nmask=255.255.255.0 
bind succeeded on port 0 
Socket opened. 
querying 210.104.1.133 on 210.104.1.255 
name_query failed to find name 210.104.1.133 
 
Why is it not working? We do not have a WINS in our network and it uses
default 
lmhosts host wins bcast name resolve order. I get the same output for any
IP in our 
network. Other ppl can see and browse my PC. 
 
Thanx. 
 
 
 
PS: here is the log of the working lookup: 
 
%nmblookup -d 3 KATWS_PG 
Initialising global parameters 
params.c:pm_process() - Processing configuration file
/usr/local/etc/smb.conf 
Processing section [global] 
added interface ip=210.104.1.133 bcast=210.104.1.255 nmask=255.255.255.0 
bind succeeded on port 0 
Socket opened. 
querying KATWS_PG on 210.104.1.255 
Got a positive name query response from 210.104.1.133 ( 210.104.1.133 ) 
210.104.1.133 KATWS_PG00 
 

-- 
+++ GMX - Mail, Messaging  more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] How to know what users i have added with smbpasswd program?

[Jorge Videgain Marquez]

How could i get a list of the users already aded to samba with smbpasswd?

-- 

Regards

guanche
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to know what users i have added with smbpasswdprogram?

[c . wegener]

hi,

smbpasswd doesnt support listing users i think. you have to use the
net command instead.

net user

this will give you a list of users in you domain

christoph

On Mit, Feb 12, 2003 at 03:22:58 +0100, Jorge Videgain Marquez wrote:
 How could i get a list of the users already aded to samba with smbpasswd?
 
 -- 
 
 Regards
 
 guanche
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows 2000 printing to public printer

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10 Feb 2003, Etienne Tourigny wrote:

 Hmmm. found the solution myself.
 
 The best solution is to add the following line to the [printer] section
 in smb.conf:
 
use client driver = yes
 
 This forces the Windows 2000 (and XP?) to properly treat the printer as
 a remote device and not locally attached.  I found this on
 http://www2.sis.pitt.edu/~josephm/tips.html and later in the smb.conf
 man page...   RTFM

Nope.  use client driver is a severe hack to be used **only** when you 
want to install the drivers locally on the client for a given printer.
Generally disable spoolss is cleaner, but that is a global setting.
The use client driver parameter allows drivers to be made available on the 
server for some printers and not others.  Never enable it for a printer 
that will provide drivers on the server.


cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 You can never go home again, Oatman, but I guess you can shop there.  
--John Cusack - Grosse Point Blank (1997)


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+SmlEIR7qMdg1EfYRAsePAJ4v/tARyYA2giIQmqTyDqHptuNZnwCdGM6/
kthtIDcjoRU8//MOrltAmlM=
=J+mV
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] How to know what users i have added withsmbpasswdprogram?

[Rick Segeberg]

If you are not using a domain and have added the users directly with the
smbpasswd utility, you can just cat the smbpasswd file.  Typically, it's
found in /usr/local/samba/private directory.  If it's long, you might
want to use more (or less).

 
Rick Segeberg
Provo Site Manager, IT Department
The Waterford Institute
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, February 12, 2003 8:28 AM
To: [EMAIL PROTECTED]
Subject: Re: [Samba] How to know what users i have added with
smbpasswdprogram?


hi,

smbpasswd doesnt support listing users i think. you have to use the
net command instead.

net user

this will give you a list of users in you domain

christoph

On Mit, Feb 12, 2003 at 03:22:58 +0100, Jorge Videgain Marquez wrote:
 How could i get a list of the users already aded to samba with
smbpasswd?
 
 -- 
 
 Regards
 
 guanche
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


*

This email may contain privileged or confidential material intended for the named 
recipient only.
If you are not the named recipient, delete this message and all attachments.  
Any review, copying, printing, disclosure or other use is prohibited.
We reserve the right to monitor email sent through our network.

*

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Help, problem with new passwords

[Aldo Damian Ambriz Martinez -- Unix SysAdmin]

Hi everybody

Now I have a big problem, the NT Team decide to change all the user's
passwords, I have a UNIX Box with samba with security = user, almost all
the users make a connect to the samba box, before the passwords were
changed they were able to connect it but now they aren't able to
connect. I changed the passwords with smbpasswd user but it doesn't work

Any idea???

Thank you!!!

- configuration file ---
[global]
  workgroup = mydomain
  netbios name = server
  netbios aliases = Ser_samba
  security = share
  log file = /usr/local/samba/var/log.%m
  log level = 2
  max log size = 3076
  encrypt passwords = no
  password level = 8
  username level = 8
  hosts allow = IP List
  interfaces = IP
  unix password sync = no

[coldnet]
   comment = coldnet
   path = /export/ecnet/coldnet
   valid users = @coldnet
   public = no
   writable = yes
   printable = no
   browseable = yes
   case sensitive = no
   follow symlinks = yes
   create mode = 0640
   directory mode = 0750
   force user = coldnet
   force group = coldnet

-- 

  Aldo Damian Ambriz Martinez
   Depto Sistemas Operativos
El Palacio de Hierro S.A. de C.V
  52295401 ext 1118


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba vs IPP printing

[Chris Smith]

Not including cases of unsupported clients for IPP printing (such as
Windows NT) are there any reasons/caveats for installations running CUPS
to not move over to IPP printing?
Are there any features or benefits to Windows/Samba printing for Windows
clients that make it superior compared to IPP?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Joining PDC w/LDAP Question

[Buchan Milne]

Peak, John wrote:
 Buchan,
 
 I really appreciate the help as this has pointed me in the right
 direction.  The getent passwd asa$ does not show anything unless I add
 the machine manually.  Should I be putting the following directive in my
 nsswitch.conf file to be able to perform host lookups from LDAP properly?:
 
 hosts:  files ldap dns

No, samba currently needs a user account for the machine (since it uses
the uid to generate an rid and ensure the rid's don't conflict, since we
assume the uid's don't).

So, you need at least:

passwd: files ldap

A common error is to set
nss_base_passwd  ou=People,basedn
in /etc/ldap.conf, and then have the machine accounts in something like
ou=Computers,basedn, where (if you have machines in seperate OUs) at
least on the DC you need to have something like:
nss_base_passwd  basedn?sub

(on non-DCs, you can leave it with ou=People, to prevent computers
showing on client machines, which is what we do).

 
 I've noticed that some people do this and some do not in their
 configurations.  I would think that after a Computer record is inserted
 in my LDAP directory by Samba that NSS needs this directive to actually
 lookup the computer.  When I try this it gives me a Segmentation
 Fault.  Any additional thoughts or suggestions for me at this point?
 

It might be useful posting the ldap record for an example machine here
(sans lmpassword and ntpassword attributes of course ...) so we can see
if you have the correct object classes (sambaAccount and posixAccount IIRC).

Buchan

-- 
|--Another happy Mandrake Club member--|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Help, problem with new passwords

[Michael G. Noble]

If the users do not need UNIX/Linux access then you can have samba do 
domain authorization.  This way the user passwords are received from
the NT PDC/BDC.  All you need to do is have a dummy account for each
user in the password file so that they would have a UID and GID and be 
able to be added to groups.  The passwd entry field would be disabled,
the home would be /dev/null and the shell would be /bin/false.
I have done this a other companies for users who only needed PC 
access to the shares and it worked great.

Mike

On Wed, 2003-02-12 at 07:53, Aldo Damian Ambriz Martinez -- Unix
SysAdmin wrote:
 Hi everybody
 
 Now I have a big problem, the NT Team decide to change all the user's
 passwords, I have a UNIX Box with samba with security = user, almost all
 the users make a connect to the samba box, before the passwords were
 changed they were able to connect it but now they aren't able to
 connect. I changed the passwords with smbpasswd user but it doesn't work
 
 Any idea???
 
 Thank you!!!
 
 - configuration file ---
 [global]
   workgroup = mydomain
   netbios name = server
   netbios aliases = Ser_samba
   security = share
   log file = /usr/local/samba/var/log.%m
   log level = 2
   max log size = 3076
   encrypt passwords = no
   password level = 8
   username level = 8
   hosts allow = IP List
   interfaces = IP
   unix password sync = no
 
 [coldnet]
comment = coldnet
path = /export/ecnet/coldnet
valid users = @coldnet
public = no
writable = yes
printable = no
browseable = yes
case sensitive = no
follow symlinks = yes
create mode = 0640
directory mode = 0750
force user = coldnet
force group = coldnet
 
 -- 
 
   Aldo Damian Ambriz Martinez
Depto Sistemas Operativos
 El Palacio de Hierro S.A. de C.V
   52295401 ext 1118
 
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
Michael G. NobleRF Magic, Inc.
Senior System Administrator 10182 Telesis Ct., 4th Floor
San Diego, CA.   92121
email: [EMAIL PROTECTED]   voice: (858) 546-2401 x207
fax:   (858) 546-2402
--
There is Sanity in my Madness!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Locking between GNU/Linux and Microsoft Windows

[Freddy Spierenburg]

Hi,

I'm having some trouble with locking between GNU/Linux and
Microsoft Windows. I wrote some Clipper code that run's on
GNU/Linux and Microsoft Windows (compiled to different binaries
ofcourse) that tries to lock a file on a Samba share.

Between Microsoft Windows clients there is no problem. The
locking works as expected. If one client does an EXCLUSIVE lock,
the other's can't lock the file anymore. The same thing happens
on multiple GNU/Linux clients. No problem at all.

The problem is that if a GNU/Linux client locks the file, a
Microsoft Windows client can still lock the file. It looks to me
that the locking does not work across the different platforms.

I do not know much about locking, but from the documentation it
looks to me that kernel oplocks should be my friend. But
unfortunately I doesn't seem to work. Does anybody have a hint to
where I should look?

The GNU/Linux client is a Red Hat 7.2 (kernel 2.4.7-10smp)
running Samba version 2.2.1a-4 and the Microsoft Windows clients
runs Microsoft Windows 2000 Server.

$ testparm|grep locks

kernel oplocks = Yes
blocking locks = Yes
fake oplocks = No
oplocks = Yes
level2 oplocks = Yes
$

-- 
$ cat ~/.signature
Freddy Spierenburg [EMAIL PROTECTED] http://snarl.nl/~freddy/
GnuPG: 0x7941D1E1=C948 5851 26D2 FA5C 39F1  E588 6F17 FD5D 7941 D1E1
$ 



msg14185/pgp0.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows 2000 printing to public printer

[Etienne Tourigny]

Humm.. I see.  In the smb.conf man page it explains that the Access
Denied; Unable to connect error occurs when the printer is considered a
local one (because of local drivers) and the user trying to access the
printer has Administrative rights.  This happens even if a user belongs
to the Users group in Windows 2000 (locally).  But if the drivers are
on the server there should be no problem.  

Am I right to say that if one uses a print$ section (even if there are
no drivers per say on the server) then administrative users will not get
the Access Denied; Unable to connect error, since Windows 2000
considers it a Network printer?

Final point I just realized, is that even if you get this error you can
still print on the samba printer, but you won't be able to see it's
status.


Thanks,
Etienne


On Wed, 2003-02-12 at 10:33, Gerald (Jerry) Carter wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On 10 Feb 2003, Etienne Tourigny wrote:
 
  Hmmm. found the solution myself.
  
  The best solution is to add the following line to the [printer] section
  in smb.conf:
  
 use client driver = yes
  
  This forces the Windows 2000 (and XP?) to properly treat the printer as
  a remote device and not locally attached.  I found this on
  http://www2.sis.pitt.edu/~josephm/tips.html and later in the smb.conf
  man page...   RTFM
 
 Nope.  use client driver is a severe hack to be used **only** when you 
 want to install the drivers locally on the client for a given printer.
 Generally disable spoolss is cleaner, but that is a global setting.
 The use client driver parameter allows drivers to be made available on the 
 server for some printers and not others.  Never enable it for a printer 
 that will provide drivers on the server.
 
 
 cheers, jerry
  --
  Hewlett-Packard- http://www.hp.com
  SAMBA Team -- http://www.samba.org
  GnuPG Key   http://www.plainjoe.org/gpg_public.asc
  You can never go home again, Oatman, but I guess you can shop there.  
 --John Cusack - Grosse Point Blank (1997)
 
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.2.0 (GNU/Linux)
 Comment: For info see http://quantumlab.net/pine_privacy_guard/
 
 iD8DBQE+SmlEIR7qMdg1EfYRAsePAJ4v/tARyYA2giIQmqTyDqHptuNZnwCdGM6/
 kthtIDcjoRU8//MOrltAmlM=
 =J+mV
 -END PGP SIGNATURE-
 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to know what users i have added with smbpasswdprogram?

[Kurt Weiss]

look at samba-path/private/smbpasswd but don't change it
it's cryptic, but u see all users in there

Jorge Videgain Marquez schrieb:

How could i get a list of the users already aded to samba with smbpasswd?




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to know what users i have added with smbpasswdprogram?

[Kurt Weiss]

net user

this will give you a list of users in you domain



this only gives the local users - only if u have an win-DC - there it's 
for the domain.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to see linux files on windows using Samba[systemerror 53]

[Premkumar Stephen]

Hi Joel,

Thanks for informing me about the DIAGNOSIS.txt

I failed at step 8:

When I did a net view, this is what I come up with


\\VAMLINUX.VMOMEN
...

whereas the server running samba is RedHat8.0 named vamlinux
and the windows workgroup name is vmomentum

All the previous steps were successful.

The error I get when I try 
C:\net view \\vamlinux
System error 53 has occurred.

The network path was not found.


I did a search for this error on the internet and edited my lmhosts file,
still the problem exists.

Please help!

TIA,
Prem



--- Joel Hammer [EMAIL PROTECTED] wrote:
 Walk throught DIAGNOSIS.txt in the source documents.
 Joel
 
 On Tue, Feb 11, 2003 at 10:57:51AM -0800, Premkumar Stephen wrote:
  Hi,
  
  I installed Samba on the only linux server that
  we have on our network.
  
  On the Linux server, I was able to mount various shared
  directories from various windows machines ( we use windows 2000 )
  So, seeing windows files on linux is not a problem.
  
  We also wanted to go the other way( seeing linux files on windows )
  I searched on google but to no avail. I set the lmhosts file and
  still nothing works.
  
  On the windows network list, my linux server shows up as
  linuxserver.vnetwo where linuxserver is the name of the server
  and vnetwork is the name of the network.
  
  Now, the windows machine on which I would like to see my linux files
  is not the primary domain controller. Nor do I want to make my
  linux box the primary domain controller.
  
  Please let me know what steps I need to take?
  
  TIA,
  Prem
  


__
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Does samba really need /etc/passwd when using LDAP ?

[Francois Beretti]

Hello all

I'm building a Samba+LDAP server as a NT4 PDC, and I have seen
everywhere on the web that every time an account is created, it is
created both in the LDAP directory _and_ in the /etc/passwd file

Am I right ?

If I am, why is it necessary to fill the passwd file with redundant
information ?

François Beretti




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0 alpha22 strange running

[Francois Beretti]

Hello all

I've just installed samba 3.0 alpha from cvs,
on a red hat 8.0 linux station, and I have
some strange behavior when I start the samba daemons :

First there is no success / failure indication

[root@linux-integ francois]# /etc/rc.d/init.d/smb start
Starting SMB services:
Starting NMB services:

But the daemons seem to be running :

[root@linux-integ francois]# netstat -a
...
tcp0  0 *:netbios-ssn   *:*
LISTEN
tcp0  0 *:sunrpc*:*
LISTEN
tcp0  0 *:microsoft-ds  *:*
LISTEN
tcp0  0 linux-integ:812 linux-integ:sunrpc 
TIME_WAIT
...
udp0  0 10.10.50.1:netbios-ns   *:*
udp0  0 *:netbios-ns*:*
udp0  0 10.10.50.1:netbios-dgm  *:*
udp0  0 *:netbios-dgm   *:*

when I list the processes, there is no name for the deamons, only their
path !!

[root@linux-integ francois]# ps aux | grep samba
root  5111  0.0  1.2  5756 1628 ?S14:11   0:00
/usr/local/samba/
root  5113  0.0  1.1  4376 1492 ?S14:11   0:00
/usr/local/samba/
root  5115  0.0  0.8  4320 1076 ?S14:11   0:00
/usr/local/samba/
root  5130  0.0  0.5  3372  672 pts/2S14:14   0:00 grep
samba


[root@linux-integ francois]# ps aux | grep smb
root  5149  0.0  0.5  3372  672 pts/2S14:33   0:00 grep smb

Is it normal ?

thx for your help, I would like to know if there is some problem


François Beretti
ENATEL
http://www.enatel.com



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba / OpenLDAP and groups

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 11 Feb 2003, Gregory Chagnon wrote:

 I'm using Samba with OpenLDAP and was wondering how to add a user to
 multiple groups, for instance 'Domain Users' and 'Marketing'.  Is this
 stored in the gid field?  Do I just add more than one gid filed for each
 entry?  Thanks! -Greg

SAMBA_3_0 ?  or a Samba 2.2 release?




jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 You can never go home again, Oatman, but I guess you can shop there.  
--John Cusack - Grosse Point Blank (1997)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+SoAsIR7qMdg1EfYRAsS8AKDrsOlw7+o/2vhdMnP5vAA9z8/zpQCgltFy
z5Ap34HNHklfYfiaJvczOao=
=N0LB
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Constant pings from a WIndows to Linux Samba Server Question?

[James Rasmussen]

I've been searching the archives, but I've not seen anything addressing
the questions I have below:

First, we run several Samba Servers on various Linux systems on our
network.  All the Samba Servers are working just fine and we are really
happy with them.

We have been trying to track down some errant pings (icmp) traffic on our
network, and we've noticed that the machines running the Samba Servers are
the ones getting hit constantly with icmp packets from all of the Windows
machines (We run from WIndows 95 to Windows XP) on our network.  We've
noticed that when we turn off the Samba Server on a machine, then the
Windows machines quit sending icmp packets to the Samba Server. I've
looked around for Windows virus advisories that might explain this, but I
have found nothing. Those Windows machines also run various Antivirus
software and the antivirus checkers have also found no signs of virus
infection.

So, my question isIs this normal behavior for the Windows Machines to
constantly send icmp traffic to the Samba Servers on the Linux Machines?

Thanks in advance.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] general questions about samba 302alpha

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, 10 Feb 2003, Pouchoulon Jean-Marc wrote:

 I have the same question with smbgroupedit. Group_mapping.tdb must be 
 the same  on the two PDC ?

fyi...We are working on being able to store this information in LDAP as 
well.




cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 You can never go home again, Oatman, but I guess you can shop there.  
--John Cusack - Grosse Point Blank (1997)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+SoHeIR7qMdg1EfYRAujEAKCps7jH5W+p7P3Jf6Cmkmny1AGRcQCgk8mh
v3WWjjxfHgy2aPFgPZy9ulQ=
=aF14
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] rpcclient enumdrivers 3 times out on NT drivers

[Ronan Waide]

This is puzzling me (and hampering some work, slightly):

NT4SP6 + full updates server, with some printers attached.

rpcclient -U admin%pass enumdrivers 2 server gives me a list of stuff
like this:

[Windows 4.0]
Printer Driver Info 2:
Version: [0]
Driver Name: [HP LaserJet 5Si PCL 5e]
Architecture: [Windows 4.0]
Driver Path: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV]
Datafile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.PPD]
Configfile: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV]
...
...
...
[Windows NT x86]
Printer Driver Info 2:
Version: [2]
Driver Name: [Lexmark Optra R Plus Series]
Architecture: [Windows NT x86]
Driver Path: [\\SERVER\print$\W32X86\2\RASDD.DLL]
Datafile: [\\SERVER\print$\W32X86\2\OPTRA.DLL]
Configfile: [\\SERVER\print$\W32X86\2\RASDDUI.DLL]


rpcclient -U admin%pass enumdrivers 3 server, however, zips through
the Windows 4.0 stuff and then sits there before eventually giving
this:
[Windows 4.0]
Printer Driver Info 3:
Version: [0]
Driver Name: [HP LaserJet 5Si PCL 5e]
Architecture: [Windows 4.0]
Driver Path: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV]
Datafile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.PPD]
Configfile: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV]
Helpfile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.HLP]

Dependentfiles: [\\SERVER\print$\WIN40\0\hplj5si2.ppd]
Dependentfiles: [\\SERVER\print$\WIN40\0\hplj5si2.hlp]
Dependentfiles: [\\SERVER\print$\WIN40\0\adobeps4.drv]
Dependentfiles: [\\SERVER\print$\WIN40\0\pscript.ini]
Dependentfiles: [\\SERVER\print$\WIN40\0\psmon.dll]
Dependentfiles: [\\SERVER\print$\WIN40\0\iconlib.dll]
Dependentfiles: [\\SERVER\print$\WIN40\0\fonts.mfm]

Monitorname: [PostScript Language Monitor]
Defaultdatatype: []

cli_pipe: return critical error. Error was Call timed out: server did not respond 
after 1 milliseconds
cli_pipe: return critical error. Error was Call timed out: server did not respond 
after 1 milliseconds
cli_pipe: return critical error. Error was Call timed out: server did not respond 
after 1 milliseconds
cli_pipe: return critical error. Error was Call timed out: server did not respond 
after 1 milliseconds
result was NT_STATUS_UNSUCCESSFUL

I'm trying to hack up a printer cloning script that grabs all the
driver files and bits for a printer using enumdrivers and sticks them
onto another server using adddriver, addprinter, etc. Obviously the
above failure hampers that notion somewhat. Is this a flaw in
rpcclient or in the Windows box?

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

caitlin says, climbing satisfies 2 apparent needs of mind: bashing my knees
and shoe fetishism
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] WIN Servers: Primary and Secondary

[Mike Babnick]

Quick question:

I have a server (HANNIBAL) running Samba and acting as a WINS server.

I have a second server (WOOKIE) also running Samba and acting as a WINS
server - this one is in another building. 

How do I send a copy of the WINS data from HANNIBAL (primary WINS
server) to WOOKIE (seconday WINS server)?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Locking between GNU/Linux and Microsoft Windows

[jra]

On Wed, Feb 12, 2003 at 05:05:21PM +0100, Freddy Spierenburg wrote:
 Hi,
 
 I'm having some trouble with locking between GNU/Linux and
 Microsoft Windows. I wrote some Clipper code that run's on
 GNU/Linux and Microsoft Windows (compiled to different binaries
 ofcourse) that tries to lock a file on a Samba share.
 
 Between Microsoft Windows clients there is no problem. The
 locking works as expected. If one client does an EXCLUSIVE lock,
 the other's can't lock the file anymore. The same thing happens
 on multiple GNU/Linux clients. No problem at all.
 
 The problem is that if a GNU/Linux client locks the file, a
 Microsoft Windows client can still lock the file. It looks to me
 that the locking does not work across the different platforms.
 
 I do not know much about locking, but from the documentation it
 looks to me that kernel oplocks should be my friend. But
 unfortunately I doesn't seem to work. Does anybody have a hint to
 where I should look?
 
 The GNU/Linux client is a Red Hat 7.2 (kernel 2.4.7-10smp)
 running Samba version 2.2.1a-4 and the Microsoft Windows clients
 runs Microsoft Windows 2000 Server.

How does Clipper on Linux do locking ? Remember, doing EXCLUSIVE
in Windows Clipper code may use share modes to lock a file, not
byte ranges. The Linux kernel has no such concept as share modes,
and so will probably use byte ranges instead.

Try doing an strace to see what happens when your Linux Clipper code
does an exclusive open.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba config help please

[Dave Bateman]

I'm trying to use samba shares on a RedHat 8 server for storage on my
network with an NT box as PDC.

OK, the join domain commands:

[root@localhost samba]# smbpasswd -j INFOWARE -r 192.168.1.180 -U
Administrator
Password:
Error connecting to 192.168.1.180
Unable to join domain INFOWARE.
[root@localhost samba]# smbpasswd -j INFOWARE -r 192.168.1.180
cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME
cli_nt_setup_creds: request challenge failed
modify_trust_password: unable to setup the PDC credentials to machine
192.168.1.180. Error was : NT_STATUS_UNSUCCESSFUL.
2003/02/12 13:38:36 : change_trust_account_password: Failed to change
password for domain INFOWARE.
Unable to join domain INFOWARE.

so I manually added the box to the domain on the NT box. The windows boxes
can see the server but not the shares with security = DOMAIN set. With
security = SERVER the windows boxes can see the server and the shares as
well as mapping the public share, but you can't do anything with the mapped
share. The home directory is visable and windows tries to map, but
authentication fails.

Yes, everyone can ping everyone else...

any ideas???

Dave

smb.conf:

# Samba config file created using SWAT
# from localhost.localdomain (127.0.0.1)
# Date: 2003/02/12 13:04:26

# Global parameters
[global]
workgroup = INFOWARE
netbios name = REDHAT1
server string = Samba Server %v
interfaces = 192.168.1.2/24
security = DOMAIN
encrypt passwords = Yes
obey pam restrictions = Yes
password server = 192.168.1.180
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*al
l*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = False
local master = No
domain master = False
dns proxy = No
wins server = 192.168.1.180
hosts allow = 192.168.1. 127.
printing = lprng

[homes]
comment = Home Directories
path = /home/
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
only user = Yes
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[Data]
path = /home/Data/
guest account = ftp
read only = No
guest ok = Yes

[public]
comment = Samba Share
path = /usr/share/public/
read only = No
guest ok = Yes

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] nmblookup can't resolve IPs (but SMB-names)

[Herb Lewis]

When using an IP address you need the -A option 

nmblookup -d 3 -A 210.104.1.133

Pascal Giannakakis wrote:
 
 Hi there,
 
 i have Samba 2.2.7a running on FreeBSD-STABLE 4.7. I set up a few things and
 smbd and
 nmbd start up at boot, i can browse the net.
 
 However, nmblookup can only find IPs by SMB-names, but not SMB-names by IPs.
 Here is
 an example output of the failed lookup:
 
 %nmblookup -d 3 210.104.1.133
 Initialising global parameters
 params.c:pm_process() - Processing configuration file
 /usr/local/etc/smb.conf
 Processing section [global]
 added interface ip=210.104.1.133 bcast=210.104.1.255 nmask=255.255.255.0
 bind succeeded on port 0
 Socket opened.
 querying 210.104.1.133 on 210.104.1.255
 name_query failed to find name 210.104.1.133
 
 Why is it not working? We do not have a WINS in our network and it uses
 default
 lmhosts host wins bcast name resolve order. I get the same output for any
 IP in our
 network. Other ppl can see and browse my PC.
 
 Thanx.
 
 
 
 PS: here is the log of the working lookup:
 
 %nmblookup -d 3 KATWS_PG
 Initialising global parameters
 params.c:pm_process() - Processing configuration file
 /usr/local/etc/smb.conf
 Processing section [global]
 added interface ip=210.104.1.133 bcast=210.104.1.255 nmask=255.255.255.0
 bind succeeded on port 0
 Socket opened.
 querying KATWS_PG on 210.104.1.255
 Got a positive name query response from 210.104.1.133 ( 210.104.1.133 )
 210.104.1.133 KATWS_PG00
 
 
 --
 +++ GMX - Mail, Messaging  more  http://www.gmx.net +++
 Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
==
Herb Lewis   Silicon Graphics 
Networking Engineer  1600 Amphitheatre Pkwy MS-510
Strategic Software Organization  Mountain View, CA  94043-1351
[EMAIL PROTECTED] Tel: 650-933-2177
http://www.sgi.com   Fax: 650-932-2177  
PGP Key: 0x8408D65D
==
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Please include Samba release or CVS branch name in posting

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Couple of comments that might help things run smoother on the
list.

* Please post the Samba release or CVS branch runngin on your
  server where reporting an issue (or asking a question).
  This removes the first round trip of email.

* I've posted some mailing etiquette rules (provided by 
  Jonathan Johnson) on http://www.samba.org/samba/ml-etiquette.html.
  Just in case you missed the original posting.



cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 You can never go home again, Oatman, but I guess you can shop there.  
--John Cusack - Grosse Point Blank (1997)


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+SoLGIR7qMdg1EfYRApdOAKC5wBnKfrXx2D/pTsaCUeCIuGx6cgCg2ltA
2L/YY5p1og3n3/1Mr9O9m2E=
=3sYK
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba / OpenLDAP and groups

[Dariush Forouher]

Am Die, 2003-02-11 um 22.35 schrieb Gregory Chagnon:
 Hi-
 I'm using Samba with OpenLDAP and was wondering how to add a user to 
 multiple groups, for instance 'Domain Users' and 'Marketing'.  Is this 
 stored in the gid field?  Do I just add more than one gid filed for each 

No, 'gidNumber' attribute defines the primaray group. If you want to add
a user to secondary groups, you have to add those to the specific group
in LDAP.
E.g. if you want to add User1 to Group1 you have to add an attribute
memberUid with the value User1 into cn=Group1,ou=Groups,
dc=abc,dc=org. It behaves just the same way Unix passwd/group files do.

regards
Dariush
-- 
PGP Fingerprint: 0x886C99A1



signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Failed to parse ACL smbcacls

[Francesc Guasch Ortiz]

I'm trying to set up a Samba server with ACLS.
Versions:
	- xfs in kernel-2.4.20.
	- samba-2.2.7a compiled with ACL support

I'm trying first with smbcacls. But I can't manage to
guess the syntax of the ACL command.

I want the user frankie could RWX a file owned by javi

#smbcacls //localhost/public te1st.txt -A ACL:frankie:0/0/RWX -U javi

Failed to parse ACL ACL:frankie

I read carefully the smbcacls man page and searched for
examples in the archives and the web unsuccessfully.

I tried many different things in the SID field with the same results:

DOPAN//frankie   ( DOPAN is the DOMAIN )
DOPAN/frankie
DOPAN\\frankie
DOPANfrankie
DOPAN\\frankie

and so on ... with the same results.


Anyway I tried to connect to the share from a W2000.
I can add security options to the file, but won't work.
I tried to set a file read only but I can remove it.

Any hint or link would be appreciated.


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] rpcclient enumdrivers 3 times out on NT drivers

[Ronan Waide]

On February 12, [EMAIL PROTECTED] said:
 This is puzzling me (and hampering some work, slightly):
 
 NT4SP6 + full updates server, with some printers attached.

Woopsy, forgot to mention:
Samba HEAD. Administrative user, joined to the domain, in printer
admins group, etc.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

It's a horrible thing to watch, almost like watching an infant tottering
 toward a porcupine. - Kyle Jones on MIS people writing C
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] rpcclient enumdrivers 3 times out on NT drivers

[bkrusic]

--- Ronan Waide [EMAIL PROTECTED] wrote:
 On February 12, [EMAIL PROTECTED] said:
  This is puzzling me (and hampering some work,
 slightly):
  
  NT4SP6 + full updates server, with some printers
 attached.
 
 Woopsy, forgot to mention:
 Samba HEAD. Administrative user, joined to the
 domain, in printer
 admins group, etc.
 
 Cheers,
 Waider.
 -- 
 [EMAIL PROTECTED] / Yes, it /is/ very personal of me.
 
 It's a horrible thing to watch, almost like
 watching an infant tottering
  toward a porcupine. - Kyle Jones on MIS people
 writing C
 -- 
 To unsubscribe from this list go to the following
 URL and read the
 instructions: 
http://lists.samba.org/mailman/listinfo/samba


__
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Machine Domain Registration

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 7 Feb 2003, Triebwasser, Mark wrote:

 Both the PDC and BDC are not listening on port 445 so when I do a:
   smbpasswd -D 100 -r PDC -j DOMAIN
 it fails to connect.

It should fail back to port 139.  Does it not?




cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 You can never go home again, Oatman, but I guess you can shop there.  
--John Cusack - Grosse Point Blank (1997)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+SqvsIR7qMdg1EfYRAqmRAKCu3tkKcdLgHbkK3rTBAYMLQishrACgifLW
nh1PjCerL1yLIFPdLzuMrXI=
=6IeI
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange username map behaviour with security=user

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 6 Feb 2003, Vladimir Yumashev wrote:

 I use Samba 2.2.0 on small network.  I use security = user and
 username map to map some Win-users to unix users. I have simple
 testing file with username mapping:
 root = vlad 
 It is supposed that when I connect to samba as user
 Vlad with vlad's password I get the root's rigths to shares.  Right?
 But when I try to connect to samba as vlad it tries to authorize me as
 samba user root and tries to find user root in passdb.  Why?

username mapping takes place before authentication.
This is by design.



cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 You can never go home again, Oatman, but I guess you can shop there.  
--John Cusack - Grosse Point Blank (1997)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+Sq1kIR7qMdg1EfYRAlzhAKCMyjr+qUKx/ps/e1Ip94TNq+cKzgCgw1Ha
CTRyLpqiG2zvEfQsm7WG/tM=
=f0yg
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba acl's

[David . Grudek]

I have been playing with samba for a short time.  I am not a programmer 
but a I have some questions on if acls within samba are possible, 
regardless of acl's in the file system or kernel.  In samba now, you can 
have read list or write list and say this user and/or group has write 
and/or this user and/or group has read only.  This is a scaled down 
version of an acl.  What if they created a folder called acl's and had one 
file called no access, one file called read, write, change, and full.  An 
entry inside these files could look similar to:
 /data = @domain admin, john, steve
/data/accounting = @domain admin, @accounting, bob

if these entries were in the change file then samba would restrict him 
accordingly.  I have been trying to get acl's to work and it has been 
difficult to work.  I have been thinking that maybe samba could do this 
for us without having to count on other pieces of software.  I am only 
asking so please dont take this the wrong way.  If it is possible I would 
like to help make it happen.  I am not sure how I can help because I am 
not a programmer, but if there is anything I will be willing to pitch in.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Act! 2000 WinXP RedHat 8.0 configuration problem

[P Hardy Tech, Inc.]

Hello,

I have 3 Windows XP SP1 desktops that need access to an ACT! 
2000 database on a Red Hat 8.0 server through Samba. The 
problem I'm having is that only one person can access the database 
at a time. 

All users are defined on the Linux system.

Can you please tell me what configuration is required to have all of 
my users access and modify the ACT database at once?

[ACT]
comment = ACT! database files
   path = /data/act
   valid users = joe tim sam
   public = no
   writable = yes
   printable = no
   force create mode = 0777
   oplocks = False
   level2oplocks = False


Thanks

Pat


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Failed to parse ACL smbcacls

[Herb Lewis]

It looks like the documentation is slightly off. If you use
a number for the type field (after last colon) you need to 
use a number for the permissions field. If you want to use
RWX for the permissions try ALLOWED or DENIED for the type

#smbcacls //localhost/public te1st.txt -A ACL:frankie:ALLOWED/0/RWX -U
javi

Francesc Guasch Ortiz wrote:
 
 I'm trying to set up a Samba server with ACLS.
 Versions:
 - xfs in kernel-2.4.20.
 - samba-2.2.7a compiled with ACL support
 
 I'm trying first with smbcacls. But I can't manage to
 guess the syntax of the ACL command.
 
 I want the user frankie could RWX a file owned by javi
 
 #smbcacls //localhost/public te1st.txt -A ACL:frankie:0/0/RWX -U javi
 
 Failed to parse ACL ACL:frankie
 
 I read carefully the smbcacls man page and searched for
 examples in the archives and the web unsuccessfully.
 
 I tried many different things in the SID field with the same results:
 
 DOPAN//frankie   ( DOPAN is the DOMAIN )
 DOPAN/frankie
 DOPAN\\frankie
 DOPANfrankie
 DOPAN\\frankie
 
 and so on ... with the same results.
 
 Anyway I tried to connect to the share from a W2000.
 I can add security options to the file, but won't work.
 I tried to set a file read only but I can remove it.
 
 Any hint or link would be appreciated.
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
==
Herb Lewis   Silicon Graphics 
Networking Engineer  1600 Amphitheatre Pkwy MS-510
Strategic Software Organization  Mountain View, CA  94043-1351
[EMAIL PROTECTED] Tel: 650-933-2177
http://www.sgi.com   Fax: 650-932-2177  
PGP Key: 0x8408D65D
==
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba acl's

[Chris de Vidal]

--- [EMAIL PROTECTED] wrote:
 In samba now, you can 
 have read list or write list and say this user
 and/or group has write 
 and/or this user and/or group has read only.  This
 is a scaled down 
 version of an acl.  What if they created a folder
 called acl's and had one 
 file called no access, one file called read, write,
 change, and full.  An 
 entry inside these files could look similar to:
  /data = @domain admin, john, steve
 /data/accounting = @domain admin, @accounting, bob
 
 if these entries were in the change file then samba
 would restrict him 
 accordingly.  I have been trying to get acl's to
 work and it has been 
 difficult to work.  I have been thinking that maybe
 samba could do this 
 for us without having to count on other pieces of
 software.

Hi David, I'm just a system engineer/admin, not a
programmer either, but from what I've seen, Samba uses
User Group Other permissions, which map to normal UGO
Unix permissions stored in the file on the filesystem.
 These basic permissions are sufficient for many uses,
as you can put many users in a group to access a
directory or file.  Unix basically uses this
everywhere, as it's quite flexible.

When you're using the acl patches for EXT2/3 (from
acl.bestbits.at) or you use a filesystem with native
ACL support like XFS, and you compile Samba
--with-acl-support, you get full NT ACL support, where
you'll see several groups accessing a file with
different permissions.  We're using this on several
servers.  You must remember to remount your
filesystems with the acl option, and put it in your
fstab.

Either way, Samba relies on the file system to store
these settings.  This is exactly the same as in the NT
world.  You might have a FAT partition share where the
only permissions are share-level permissions (similar
to read/write lists in smb.conf).  If you have an NTFS
share, file permissions are stored on the file system
and combine with share-level permissions.

For more instructions on adding POSIX ACL support,
search marc.theaimsgroup.com for similar instructions
I'd given about this to other Samba users.  I learned
most of what I know now from Teach Yourself Samba in
24 Hours, a Sam's book, but I just found out there's
a new O'Reilly Using Samba out this month which
should contain more current and perhaps more thorough
information.  Also, check out acl.bestbits.at.

Good luck,
/dev/idal

__
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: samba acl's

[bkrusic]

  These basic permissions are sufficient for many
 uses,
Except mine ofcourse :)

 ACL support like XFS, and you compile Samba
 --with-acl-support, you get full NT ACL support,
Before I recompile as I've SGI_XFS running on my RH
servers, I'd like to make sure that the granular perms
are as fine as NTs.  Are yours indeed like those where
1 would have read/write/exe but not del, etc...?

If so, this is what I need to do.
Bri-

__
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Failed to parse ACL smbcacls

[Chris de Vidal]

--- Francesc Guasch Ortiz [EMAIL PROTECTED]
wrote:
 I'm trying to set up a Samba server with ACLS.
 Versions:
   - xfs in kernel-2.4.20.
   - samba-2.2.7a compiled with ACL support
 
 I'm trying first with smbcacls. But I can't manage
 to
 guess the syntax of the ACL command.

It's done with get/setfacls; smbcacls is for setting
ACLs from a Unix client on NT servers.  Get those
programs from the XFS site or acl.bestbits.at.

Also you need to remount your partition with acl
support.  Man mount/mount.xfs/mount_xfs/read their
website for details.

You also could do well to take a look at the help
documents on acl.bestbits.at, Samba.org, or my
favorite, crack a book.  I learned all about ACLs in
Teach Yourself Samba in 24 Hours, a Sam's book, but
I learned that an O'Reilly Using Samba just came
out.  O'Reilly's are usually outstanding and it's
likely to be current, detailed, and have all the
information you need.

Also, search this mailing list at
marc.theaimsgroup.com... I'd answered ACL questions
probably 5 times in the last month, and you'll no
doubt find some answers there from other people, too.

Good luck,
/dev/idal

__
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba acl's

[Chris de Vidal]

--- [EMAIL PROTECTED] wrote:
   These basic permissions are sufficient for many
  uses,
 Except mine ofcourse :)
 
  ACL support like XFS, and you compile Samba
  --with-acl-support, you get full NT ACL support,
 Before I recompile as I've SGI_XFS running on my RH
 servers, I'd like to make sure that the granular
 perms
 are as fine as NTs.  Are yours indeed like those
 where
 1 would have read/write/exe but not del, etc...?
 
 If so, this is what I need to do.

No, it still uses Read/Write/Exec but it allows
multiple groups/users to have different permissions,
which is nice.  To do delete inhibit and stuff like
that, you need to compromise e.g. use read-only on
files instead.

Before recompiling, check that you have acl support
turned on:
mount | grep acl
If you don't see your partition, man
mount/mount.xfs/mount_xfs/read their website.

Good luck,
/dev/idal

__
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] multiple domains with samba

[Ilie Mihut]

Hi guys,

I have Samba server on a Solaris 2.6 platform with one domain. I was asked
if is possible to create the second domain.
I am new to this stuff, can somebody help, please.

Regards,

Ilie Mihut
System Administrator, Unix Technical Support
Mid Range Technical Services - Sun Commercial
IBM Global Services Australia
Work : 02-892-52681
Home: 02-92124469
Mobile: 0410551657
e-mail:[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] How do you mount an NT share from a solaris machine running Samba 2.2?

[Josh Topolski]

To whom it may concern:

I am current running Samba 2.2 on a Solaris 8 machine.  I would like to find
out how I would go about mounting a NT server server share from my solaris
machine?

Any help would be appreciated.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba server in a failover environment

[Hsu, Cheng (Consultant)]

Hello, Samba Gurus .

I have a Samba server running on a pair of SUN servers (server-a  and
server-b).
The samba shares are NFS mounted from a third SUN server (server-c).
I installed Samba 2.2.7a on the paired SUN servers under /usr/local/samba
(Samba 2.2.7a is locally installed on server-a and server-b, since
/usr/local/samba
is local on the rootdisk.)

The failover environment works like this:
.  I manually start up Samba daemons (smbd and nmbd) on server-a
.  Users are able to map Samba shares to their PCs, and they can read and
write
.  While users have their files open, I manually stop all Samba daemons on
server-a
.  Then, I manually start up Samba daemons (smbd and nmbd) on server-b
(note that server-a and server-b have the same smb.conf file under
/usr/local/samba/lib)

a)  We tested this failover environment, it didn't work.  Those open files
are not accessible
after we failed over Samba daemons to server-b.

b)  I manually changed the startup script so that server-b will explicitly
join
 the NT domain, then everything works fine.

c) Then, I manually stop Samba daemons on server-b, and start Samba daemons
on
server-a and explicitly join the NT domain, and everything still works.

d) I can manually fail over Samba daemons between server-a and server-b.
Everything
works as long as I explicitly join the NT domain.

Our UNIX SAs and NT SAs told me that it is not required to explicitly join
the NT domain
after failover.But my experiment shows that I MUST explicitly join the
NT domain
in order for everything to work.

I cannot find anything which can help me understand how to properly failover

Samba daemons between two UNIX (SUN) servers.

Cheng Hsu
-  This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please delete it and all copies from your
system, destroy any hard copies and notify the sender. You must not,
directly or indirectly, use, disclose, distribute, print, or copy any part
of this message if you are not the intended recipient. Nomura Holding
America Inc., Nomura Securities International, Inc, and their respective
subsidiaries each reserve the right to monitor all e-mail communications
through its networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the sender
is authorized to state the views of such entity. Unless otherwise stated,
any pricing information in this message is indicative only, is subject to
change and does not constitute an offer to deal at any price quoted. Any
reference to the terms of executed transactions should be treated as
preliminary only and subject to our formal written confirmation.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba vs IPP printing

[Andrew Bartlett]

On Thu, 2003-02-13 at 02:57, Chris Smith wrote:
 Not including cases of unsupported clients for IPP printing (such as
 Windows NT) are there any reasons/caveats for installations running CUPS
 to not move over to IPP printing?
 Are there any features or benefits to Windows/Samba printing for Windows
 clients that make it superior compared to IPP?

Probably the most notable one is the printer driver download stuff, and
the fact that it looks and behaves like any other NT print server.  I'm
not convinced that the optional IPP client from MS is really that well
tested, and from reports it doesn't handle authentication etc at all.

For many organizations, the need to install an optional client on each
computer kills things off pretty quickly.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] WinXP connecting to SAMBA 2.0.2

[hpendle]

When I use network neighbourhood to browse a SAMBA machine - I can see it - but cannot 
connect to it when I double-click it. The message I get is, you may not have 
permission to access the server - the remote procedure call failed and did not 
execute. I can map a drive to a share on the samba machine but cannot unc to a shared 
printer. Thanks H

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 2.2 or 3.0 ?

[[EMAIL PROTECTED]]

I'm experimenting setting up a Samba/LDAP box which will act like a
Windows AD PDC/BDC. Which Samba is my best bet? 3.0 from CVS or should
I stick to 2.2  ?

Thanks
Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] HP Deskjet drivers, Samba and Cups

[Nick Gale]

Thanks John - it works!

I actually did not have etc/cups/mime.conf. I had two files
etc/cups/mine.types and etc/cups/mime.convs but I did the same to both files
(uncomment the lines) and this worked fine!

The line was already uncommented in etc/mime.types.

Thanks once again!

Nick

- Original Message -
From: John H Terpstra [EMAIL PROTECTED]
To: Nick Gale [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, February 11, 2003 8:54 AM
Subject: Re: [Samba] HP Deskjet drivers, Samba and Cups


 On Tue, 11 Feb 2003, Nick Gale wrote:

  Thanks for this, unfortunately I've tried this and it makes no
difference.
 
  Below is from Cups error log, message is the same whether printer is RAW
or
  set up as a Deskjet. Please note that the same problem occurs when I
  configure the printers via LPRng or Webmin. Again it doesn't matter
whether
  its RAW or not.
 
  Any other clues?

 Yep! Read the CUPS Printing HOWTO! I have attached it for your reference.

 From it you will find the need to change two files:

 /etc/cups/mime.types and /etc/cups/mime.convs. In both you need to
 uncomment the lines that have:

 application/octet-stream

 in them.

 In the case of my system:

 In /etc/mime.types:

 
 #
 # Raw print file support...
 #
 # Uncomment the following type and the application/octet-stream
 # filter line in mime.convs to allow raw file printing without the
 # -oraw option.
 #

 application/octet-stream



 And in /etc/cups/mime.conv:

 
 #
 # Raw filter...
 #
 # Uncomment the following filter and the application/octet-stream type
 # in mime.types to allow printing of arbitrary files without the -oraw
 # option.
 #

 application/octet-streamapplication/vnd.cups-raw0   -


 That should do it for you.

 - John T.



 
  Thanks
 
  Nick Gale
 
  I [11/Feb/2003:08:50:02 +] Started
/usr/lib/cups/cgi-bin/printers.cgi
  (pid=1778)
  I [11/Feb/2003:08:50:07 +] Started
/usr/lib/cups/cgi-bin/printers.cgi
  (pid=1784)
  E [11/Feb/2003:08:50:13 +] print_job: Unsupported format
  'application/octet-stream'!
  I [11/Feb/2003:08:50:13 +] Hint: Do you have the raw file printing
rules
  enabled?
 
 
  - Original Message -
  From: John H Terpstra [EMAIL PROTECTED]
  To: Nick Gale [EMAIL PROTECTED]
  Cc: [EMAIL PROTECTED]
  Sent: Tuesday, February 11, 2003 12:00 AM
  Subject: Re: [Samba] HP Deskjet drivers, Samba and Cups
 
 
   On Mon, 10 Feb 2003, Nick Gale wrote:
  
I have Samba 2.2.7 running on Redhat 8 (fully updated). I have two
  printers
set up - a laser and a Deskjet 920C both connected to the Redhat
server
  via
USB cables. Printing is managed using CUPS although I get the same
  problem
with LPR and Webmin configured printers. The laser works fine, the
  deskjet
doesn't. The deskjet works with a generic windows HP Deskjet or HP
  Deskjet
plus driver in black and white but if I use the actual 920C driver
(Or
  any
other DJ ***C driver for that matter) the print jobs appear to spool
but
never arrive at the printer. You see a file being generated in the
Samba
  and
Cups spool directory but in the Cups spool directory thay appear
briefly
  and
then vanish, for jobs that do make it to the printer the file is
present
  for
longer as the printer loads the file.
   
I can only assume this is a problem with Samba or Cups with HP
desklet
drivers? Has anyone else seen this? Any Idea?
  
   Configure a RAW CUPS printer for the HP9x0C if you install the HP9x0C
   driver on Windows.
  
   If you want to install the printer in CUPS with the CUPS driver for
the
   HP9xC, then install you Windows printers as Postscript printers and
let
   CUPS convert from postscript to HP DJ format.
  
   Both the above work for me. I have set up several sites with HP940C
   printers and my own network has HP PhotoSmart P1000. All work find
from
   both Linux and Windows. For Windows I prefer to print to a RAW CUPS
   printer and use the HP940C driver on each MS Windwos machine. Your
mileage
   may bary!
  
   Best advice is to read the CUPS Printing HOWTO that will be in
   Samba-3.0.0.
  
   - John T.
   --
   John H Terpstra
   Email: [EMAIL PROTECTED]
 

 --
 John H Terpstra
 Email: [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] re Samba on IRIX

[pr on ryders]

Hello, Any one there ???

Is this the place to submit a Samba installation question ?  I'll put it in anyway and 
hope for the best.  Trying to decipher the Samba documentation on smb.conf etc. sends 
me to sleep.

I have just installed Samba 7a on IRIX 6.5Seems to work ok and I can get to 
the IRIS server from my NT network.  One problem however;

When I mount a network drive ( from NT box ) on the IRIX file system coinciding with a 
user account, eg. \\IRIS\r1 and giving the requested r1 user account password, I can 
then mount any part of the IRIX file system from \\root down, without needing to offer 
a password.   This is obviously not desirable.  What is desirable is to have various 
parts of the IRIX file system available only via a password protected mount. eg 
\\IRIS\fred, \\IRIS\max, or even \\IRIS\root. etc.

Can anybody suggest how to configure smb.conf to do this ?

Thanks
Paul Ryder   [EMAIL PROTECTED]


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] security = server vs domain

[bkrusic]

Hi,

We covered this, but an interesting problem;

I have a Samba PDC with smbpasswd file

My Samba file server has no smbpasswd file and is set
as;

security = server
password server = foo (netbios name)

I notice that with this config, I've many smbd running
because each authentication keeps the channel open
until its finished with the resource as was stated
earlier this week.

To avoid this, I set the Samba file server as;
 security = domain
password server = FOO (domain name)

Access to the file server pyooks!  Itt was mentioned
earlier that I need an smbpasswd file on the Samba
server if I have a Windows PDC, but is it true if I
have a Samba PDC?

If so, why as this defeats the purpose of centralized
file management if I have to dist the smbpaswd file
from the Samba PDC to each and every Samba file
server.

I am finding Samba unpleasent to say the least ie;
POS!
Bri-

__
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Duplicate winbind uid/gid

[Shawn Wright]

We've encountered the following problem on our Redhat 7.2/XFS box 
running samba 2.2.3 with winbind and acl support. This week, some local 
accounts were created on the samba box for the installation of djb's 
dnscache. In addition, some NT domain accounts were also created on 
the NT4 PDC. The samba box is configured to use the NT4 domain for 
authentication; none of the local accounts are used for samba. In 
checking, I can see that one of the local accounts I created was assigned 
the same uid as that assigned by winbind for one of the new domain 
accounts!

I have the following in smb.conf, which I thought was meant to avoid such 
collisions, but it appears that adduser used what it thought was the next 
available uid, as did winbindd...

[global]
winbind separator = +
winbind uid = 1-2
winbind gid = 1-2
winbind enum users = yes
winbind enum groups = yes

Adding local accounts is not something done very often, but I would like to 
prevent this occurrence in the future, and fix the collision I now have. 

Here is the acct in /etc/passwd:

Gdnscache:x:11079:11079::/etc/dnscache:/bin/nologin

Here's the account from winbindd, using getent passwd:

SHAWNIGAN+MCHAUDHU:x:11079:10001:(S -Gr.10) Mallika 
Chaudhuri:/home/student/mchaudhu:/bin/false

Also, what I expect is an unrelated issue, I am seeing the occasional 
message like this in the winbindd logs, for a domain user that *does* exist:

user 'glinn' does not exist
[2003/02/11 15:00:11, 1] 
nsswitch/winbindd_user.c:winbindd_getpwnam_from_user(142)

Any ideas what could cause this?
Shawn Wright, I.T. Manager
Shawnigan Lake School
[EMAIL PROTECTED]
http://Zuiko.sls.bc.ca/swright
http://www.sls.bc.ca

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] security = server vs domain

[Herb Lewis]

If you change to domain security, the password server should
be the name of the PDC (or *) not the domain name.

You will also need to join the domain. See the docs.


[EMAIL PROTECTED] wrote:
 
 Hi,
 
 We covered this, but an interesting problem;
 
 I have a Samba PDC with smbpasswd file
 
 My Samba file server has no smbpasswd file and is set
 as;
 
 security = server
 password server = foo (netbios name)
 
 I notice that with this config, I've many smbd running
 because each authentication keeps the channel open
 until its finished with the resource as was stated
 earlier this week.
 
 To avoid this, I set the Samba file server as;
  security = domain
 password server = FOO (domain name)
 
 Access to the file server pyooks!  Itt was mentioned
 earlier that I need an smbpasswd file on the Samba
 server if I have a Windows PDC, but is it true if I
 have a Samba PDC?
 
 If so, why as this defeats the purpose of centralized
 file management if I have to dist the smbpaswd file
 from the Samba PDC to each and every Samba file
 server.
 
 I am finding Samba unpleasent to say the least ie;
 POS!
 Bri-
 
 __
 Do you Yahoo!?
 Yahoo! Shopping - Send Flowers for Valentine's Day
 http://shopping.yahoo.com
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
==
Herb Lewis   Silicon Graphics 
Networking Engineer  1600 Amphitheatre Pkwy MS-510
Strategic Software Organization  Mountain View, CA  94043-1351
[EMAIL PROTECTED] Tel: 650-933-2177
http://www.sgi.com   Fax: 650-932-2177  
PGP Key: 0x8408D65D
==
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] adding machine to Samba2.2/LDAP domain ?

[[EMAIL PROTECTED]]

I've setup an Samba2.2/OpenLDAP-2.1.5 PDC as described very well
here:

http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html

I've created a machine account, and a local user account.
Using a Win2k box (signandseal=0) I can browse my domain
and see the SambaPDC. I can login to the PDC shares using
the local user account I created. My problem is the machine
won't add to the domain. I presume I use the Administrator
account for this ? so I've set a password on this account using
ldappasswd -x -D 'cn=root,o=smb,dc=my,dc=com' -w mysecret -S
'uid=Administrator,o=smb,dc=my,dc=com' ? Yet whenever I try to
add the test machine to the test domain as Administrator I get:

Unknown Username or Bad Password.

Any ideas what I've missed?
Paul


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Storing mangled names

[Ivan Gustin]

Hi,

Does Samba stores somewhere mangled file names and long file names pairs? If
does, where is it (I mean file, not runtime cache data)?

--
Ivan Gustin


-- 
Ovaj mail provjeren je antivirusnim programom ESET NOD32
prilikom prolaska kroz mail server.
This mail has been scanned by antivirus software ESET NOD32
during passing through mail server.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba server in a failover environment

[Oktay Akbal]

On Wed, 12 Feb 2003, Hsu, Cheng (Consultant) wrote:

 The failover environment works like this:
 .  I manually start up Samba daemons (smbd and nmbd) on server-a
 .  Users are able to map Samba shares to their PCs, and they can read and
 write
 .  While users have their files open, I manually stop all Samba daemons on
 server-a
 .  Then, I manually start up Samba daemons (smbd and nmbd) on server-b
 (note that server-a and server-b have the same smb.conf file under
 /usr/local/samba/lib)

 Our UNIX SAs and NT SAs told me that it is not required to explicitly join
 the NT domain
 after failover.But my experiment shows that I MUST explicitly join the
 NT domain
 in order for everything to work.

Just a guess: Make sure that the server do not only have the same
smb.conf, but also the same SID (MACHINE.SID or whatever setup of samba
you use)

__
Oktay Akbal

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Storing mangled names

[John H Terpstra]

On Thu, 13 Feb 2003, Ivan Gustin wrote:

 Hi,

 Does Samba stores somewhere mangled file names and long file names pairs? If
 does, where is it (I mean file, not runtime cache data)?

Nope. Derived (calculated) at directory entry - see:
~samba/source/smbd/mangl*.c

- John T.
-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Problem with nt acl support when saving Excel or Word Files

[Michael Steffens]

Michael Steffens wrote:

On the other hand, in debug level 10, create_canon_ace_lists() always logs
that clients attempt to apply the corresponding allow ACEs. This part does
work correctly for W2k clients, however.


Should probably add, that I can only pretend reading level 10 logs. :)

It's rather peeking around whether something looks remotely familiar,
and most probably (for sure) I have missed the relevant parts...

winbindd losing trust relationship once in a while (Samba 3.0)

[Nir Soffer]

Scenario: Fresh compile of Samba 3.0, both a20 and a21. Attempt to use attached 
smb.conf.

EXANET-QA is a part of the EXANET-IL domain (e.g - EXANET-IL is the parent domain). 
EXANET-QA is supposedly set in compatibility mode.

Under certain combinations winbindd seems to be losing it's capability to contact the 
parent DC.

Samba 3.0a20 works, spordically, unless you do some things (wbinfo -m, see below).
Samba 3.0a21 doesn't work at all for me.

Attached are level 10 logs.

On the same matter, is Samba 3.0a22 on it's way out? Could this be already fixed?

In the case it isn't obvious - Samba 2.2.x works perfectly in this mode.


Samba 3.0a20:
* I had some problems when load_interfaces was called twice in some situations, but 
now I can't seem to reproduce it... 
* When using wbinfo -m winbindd seems to lose all trust information, see follow 
sequence:
[root@plat1 bin]# !./win
./winbindd -s /cluster/config/samba/smb.conf 
[root@plat1 bin]# !getent
getent passwd | grep nirs
nirs:x:5125:625::/users4/nirs:/bin/bash
EXANET-IL+nirs:x:10088:10001:Nir Soffer:/home/EXANET-IL/nirs:/bin/false
[root@plat1 bin]# ./wbinfo -t
checking the trust secret via RPC calls succeeded
[root@plat1 bin]# ./wbinfo -m
[root@plat1 bin]# !getent
getent passwd | grep nirs
nirs:x:5125:625::/users4/nirs:/bin/bash
[root@plat1 bin]# ./wbinfo -t
checking the trust secret via RPC calls succeeded

As you can see, EXANET-IL+nirs is no longer there.
Attached log is log.winbindd.wbinfo

Samba 3.0a21:
Doesn't work at all.
See log.winbindda21


If there is anything I can do to help, I seem to be able to reproduce this at will. 
I'll be more than glad to attempt whatever you throw at me.

Thanks,
Nir.

--
Nir Soffer -=- Software Engineer, Exanet Inc. -=-
The poor little kittens; They lost their mittens;
 And now you all must die. Mew, Mew, Mew, Mew, 
 And now you all must die. www.sluggy.com, 24/10/02

--
Nir Soffer -=- Software Engineer, Exanet Inc. -=-
The poor little kittens; They lost their mittens;
 And now you all must die. Mew, Mew, Mew, Mew, 
 And now you all must die. www.sluggy.com, 24/10/02



log.winbindd.wbinfo.bz2
Description: log.winbindd.wbinfo.bz2


log.winbindda21.bz2
Description: log.winbindda21.bz2


smb.conf
Description: smb.conf

Re: Samba 3.0: vfs_netatalk.c

[Simo Sorce]

Have you checked we do not have a replacement function?

Generally we do such function sys_something when we found system missing
a needed function.

Simo.

On Tue, 2003-02-11 at 22:00, Anthony Liguori wrote:
 
 
  One catch is that there is a difference between BSD and System V
  implementations, but that's something that should be handle-able with
  ./configure.  It seems to me that in either case the data could be sorted
  using the binary tree stuff or by qsort().  This should be fairly
 do-able.
 
 On some systems, scandir() doesn't even exist.  I think the only reason why
 there's been any discussion as to whether this is a problem is because of
 the fact that it's a module.  I think the general sentiment has been that
 even modules need to be concerned about portability unless there's good
 reason.
 
 Anthony Liguori
 Linux/Active Directory Interoperability
 Linux Technology Center (LTC) - IBM Austin
 E-mail: [EMAIL PROTECTED]
 Phone: (512) 838-1208
 Tie Line: 678-1208
 
 
  

   Christopher R. Hertel [EMAIL PROTECTED] 

   Sent by:   To: 
  [EMAIL PROTECTED] 
   samba-technical-bounces+aliguor=us.ibm.com@listcc: 

   s.samba.org
Subject:  Re: Samba 3.0: vfs_netatalk.c 
  

  

   02/11/2003 02:52 PM

  

  

 
 
 
 Paul Green wrote:
  Anthony Liguori [mailto:aliguor at us.ibm.com] wrote:
  
   scandir() (and it's [alpha|version]sort() brethren) is a BSD/Linux-ism
   and therefore isn't very portable.  Since this is in a VFS module (and
   therefore only optional) I guess this is ok.
 
  then Herb Lewis [mailto:herb at sgi.com] found this info:
   IRIX: scandir, scandir64, alphasort, alphasort64
   BSD: scandir, alphasort
 
  I just checked and neither scandir* nor alphasort* are in POSIX-1996 or
  POSIX-2001.  I'm not trying to build vfs_netatalk here on VOS, but if I
  was, it looks like I'd be writing some code first. I don't consider
  these functions portable either.  My vote is for sticking with functions
  in POSIX if at all possible.
 
  PG
 
 I have not been following this thread closely, but it occurs to me that we
 have tools that would make this easy to implement by hand.  If I
 understand the docs, the goal is to create an array of pointers to
 directory entry structures (the latter allocated via malloc()).
 
 One catch is that there is a difference between BSD and System V
 implementations, but that's something that should be handle-able with
 ./configure.  It seems to me that in either case the data could be sorted
 using the binary tree stuff or by qsort().  This should be fairly do-able.
 
 Chris -)-
 
 --
 Samba Team -- http://www.samba.org/ -)-   Christopher R. Hertel
 jCIFS Team -- http://jcifs.samba.org/   -)-   ubiqx development, uninq.
 ubiqx Team -- http://www.ubiqx.org/ -)-   [EMAIL PROTECTED]
 OnLineBook -- http://ubiqx.org/cifs/-)-   [EMAIL PROTECTED]
-- 
Simo Sorce - [EMAIL PROTECTED]
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399



signature.asc
Description: This is a digitally signed message part

Re: winbindd losing trust relationship once in a while (Samba 3.0)

[Tim Potter]

On Wed, Feb 12, 2003 at 10:47:38AM +0200, Nir Soffer wrote:

 Scenario: Fresh compile of Samba 3.0, both a20 and a21. Attempt to use attached 
smb.conf.
 
 EXANET-QA is a part of the EXANET-IL domain (e.g - EXANET-IL is the parent domain). 
EXANET-QA is supposedly set in compatibility mode.
 
 Under certain combinations winbindd seems to be losing it's capability to contact 
the parent DC.
 
 Samba 3.0a20 works, spordically, unless you do some things (wbinfo -m, see below).
 Samba 3.0a21 doesn't work at all for me.
 
 Attached are level 10 logs.

I wonder whether the trusted domains patch that went by today fixes this
as well?  Would you mind trying it?

http://lists.samba.org/pipermail/samba-technical/2003-February/042367.html


Tim.

adding w2k to 3.0 domain

[Dmitry Melekhov]

Hello!

I can't automatically add  w2k machine to 3.0 (CVS from about a week 
ago) to w2k domain
(I'm doing this as root).

From log:

[2003/02/12 14:56:55, 0] passdb/pdb_smbpasswd.c:add_smbfilepwd_entry(597)
  add_smbfilepwd_entry: cannot add account dm-w2ks$ without unix identity
[2003/02/12 14:56:55, 0] 
rpc_server/srv_samr_nt.c:_api_samr_create_user(2312)
  could not add user/computer dm-w2ks$ to passdb.  Check permissions?


Script is:

  add user script = /usr/sbin/adduser -n -c Machine -g 5 -d 
/dev/null -s /bin/false %m$


It works fine when I call it as root from command line.
Any ideas?

Re: [PATCH] ADS changes for joining accounts w/o full Administratorrights

[Antti Andreimann]

Ühel kenal päeval (kolmapäev, 12. veebruar 2003 00:16) kirjutas Andrew 
Bartlett:
 I think we need to do a few things here:
  - We should record the principal name we joined with, and only ever
 send that to our clients.

That's a good idea. I'll look into it hopefully sometime during this week.

 should add a typedef from krb5_error to somthing harmless, or better
 still look into our ADS_ERROR stuff (partly created for exactly this
 kind of thing).  Returning an ADS_ERROR would probably be the best
 solution here.

Nope, that's not possible. The function is passed to 
krb5_get_init_creds_password as a pointer to function and the prototype is 
therefore dictated by kerberos libs. This could be overriden by some clever 
use of typecasts but this would be an ugly hack in my opinion.

 Well, I don't think this is sufficient reason not to do this properly.
 Duplicated code *will* break as two slightly different versions emerge.

Well I do agree. Now that I have an official permission to hack the build 
system I'll happily do it ;)
However a thought came to me last night that maybe this function is not needed 
after all. It's there as a workaround to a bug/feature (go figure ;) in 
kerberos libs but I think I know an easier way to solve it. I just have to 
test if it works.

-- 
 Antti Andreimann
  Using Linux since 1993
  Member of ELUG since 29.01.2000

Re: [PATCH] ADS changes for joining accounts w/o full Administratorrights

[Andrew Bartlett]

On Wed, 2003-02-12 at 22:16, Antti Andreimann wrote:
 Ühel kenal päeval (kolmapäev, 12. veebruar 2003 00:16) kirjutas Andrew 
 Bartlett:
  I think we need to do a few things here:
   - We should record the principal name we joined with, and only ever
  send that to our clients.
 
 That's a good idea. I'll look into it hopefully sometime during this week.
 
  should add a typedef from krb5_error to somthing harmless, or better
  still look into our ADS_ERROR stuff (partly created for exactly this
  kind of thing).  Returning an ADS_ERROR would probably be the best
  solution here.
 
 Nope, that's not possible. The function is passed to 
 krb5_get_init_creds_password as a pointer to function and the prototype is 
 therefore dictated by kerberos libs. This could be overriden by some clever 
 use of typecasts but this would be an ugly hack in my opinion.

In that case, then the usual course of action is to manually prototype
the particular function, so that it only appears when WITH_KRB5 is set. 
But looking at the patch again, I don't see why you can't just call
kerberos_kinit_password() directly.

  Well, I don't think this is sufficient reason not to do this properly.
  Duplicated code *will* break as two slightly different versions emerge.
 
 Well I do agree. Now that I have an official permission to hack the build 
 system I'll happily do it ;)
 However a thought came to me last night that maybe this function is not needed 
 after all. It's there as a workaround to a bug/feature (go figure ;) in 
 kerberos libs but I think I know an easier way to solve it. I just have to 
 test if it works.

I look forward to it :-)

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net



signature.asc
Description: This is a digitally signed message part

RE: winbindd losing trust relationship once in a while (Samba 3.0)

[Ken Cross]

That patch (or the one that Tim is submitting) should fix it.  Without
it, the wbinfo -m action clears the trusted domain list, but it get
restored within 5 minutes.

Note that the patch is to the cvs version -- it may need tweaking for
a20 or a21.

Ken


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Tim Potter
Sent: Wednesday, February 12, 2003 5:55 AM
To: Nir Soffer
Cc: [EMAIL PROTECTED]
Subject: Re: winbindd losing trust relationship once in a while (Samba
3.0)


On Wed, Feb 12, 2003 at 10:47:38AM +0200, Nir Soffer wrote:

 Scenario: Fresh compile of Samba 3.0, both a20 and a21. Attempt to use

 attached smb.conf.
 
 EXANET-QA is a part of the EXANET-IL domain (e.g - EXANET-IL is the 
 parent domain). EXANET-QA is supposedly set in compatibility mode.
 
 Under certain combinations winbindd seems to be losing it's capability

 to contact the parent DC.
 
 Samba 3.0a20 works, spordically, unless you do some things (wbinfo -m,

 see below). Samba 3.0a21 doesn't work at all for me.
 
 Attached are level 10 logs.

I wonder whether the trusted domains patch that went by today fixes this
as well?  Would you mind trying it?

http://lists.samba.org/pipermail/samba-technical/2003-February/042367.ht
ml


Tim.

Re: Samba 3.0alpha21, Windows XP SP1 and Kerberos authentication

[Antti Tikkanen]

On Sat, 1 Feb 2003, Andrew Bartlett wrote:

 The interesting thing is this - my Win2k servers don't seem to share
 this property.  I can't even get a CIFS/ ticket, and they don't have
 those names.  So, we need to do some more digging - what is it that
 makes Samba look different to Win2k in this regard?

 Do some comparative traces, look at what names your Win2k servers have
 registered etc.  It would be interesting to track this down.

Hello,

I promised to get back on this after I could get some tests done on a
Win2k workstation.

To put it short: indeed, Win2k with SP3 does not look for a
CIFS/server.example.com ticket. Win2k clients will look for the service
principal HOST/server.example.com, which is there by default.

Still, my XP clients will insist on trying to get a ticket for the
service principal CIFS/server.example.com, and will not work without one.

The really interesting thing is this. My Windows 2000 Server fileservers
do *not* have a servicePrincipalName of CIFS/server.example.com. Here is
an LDAP dump of a W2k fileserver:

--

# FILESERVER01, OUfile, OUmemberserver, OUroot, win, hut, fi
dn: CN=FILESERVER01,OU=OUfile,OU=OUmemberserver,OU=OUroot,DC=win,DC=hut,DC=fi
accountExpires: 9223372036854775807
badPasswordTime: 0
badPwdCount: 0
codePage: 0
cn: CCFILE01
countryCode: 0
displayName: FILESERVER01$
dNSHostName: fileserver01.win.hut.fi
(..snip..)
distinguishedName:
CN=FILESERVER01,OU=OUfile,OU=OUmemberserver,OU=OUroot,DC=win,DC=hut,DC=fi
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=win,DC=hut,DC=fi
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
objectGUID:: Ww2Hq27cj0Si6AB3eQk1qQ==
objectSid:: AQUAAAUVfOskDVdm4mJ1uXVUXAQAAA==
operatingSystem: Windows 2000 Server
operatingSystemServicePack: Service Pack 3
operatingSystemVersion: 5.0 (2195)
primaryGroupID: 515
pwdLastSet: 126891621025546875
name: FILESERVER01
sAMAccountName: FILESERVER01$
sAMAccountType: 805306369
servicePrincipalName:
NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/fileserver01.win.
 hut.fi
servicePrincipalName: HOST/FILESERVER01
servicePrincipalName: HOST/fileserver01.win.hut.fi
userAccountControl: 4096
uSNChanged: 13142668
uSNCreated: 3385
whenChanged: 20030208071502.0Z
whenCreated: 2809081657.0Z

--

*BUT*, when I access fileserver01.win.hut.fi with my XP clients, they
somehow manage to get a ticket for the service principal
CIFS/fileserver01.win.hut.fi, even though it is not listed here (I
verified this with 'klist tickets').

In Linux, when I attempt to get a service ticket for
CIFS/fileserver01.win.hut.fi with 'kinit -S CIFS/fileserver01.win.hut.fi',
it fails and reports that the server was not found in the database.

For my Samba server, I am able to get a service ticket for
CIFS/sambaserver.win.hut.fi with 'kinit -s', because I have added it manually.

This sounds really weird to me..

And, if it has any information value, we have under testing a NetApp
fileserver which is able to join a domain and talk to SMB clients authenticating
them with Kerberos. It will also add a SPN named CIFS/netappserver.win.hut.fi
when joining the domain.

Any comments?


Regards,
Antti Tikkanen

Does 3.0 have the same problem? (Re: Problem with nt acl supportwhen saving Excel or Word Files)

[Michael Steffens]

What I would be very curious about: Does 3.0 exhibit the same problem?

 http://lists.samba.org/pipermail/samba-technical/2003-January/041748.html
 http://lists.samba.org/pipermail/samba-technical/2003-February/042392.html

Maybe someone already running 3.0 could try?

Cheers!
Michael

RE: Does 3.0 have the same problem? (Re: Problem with nt aclsupport when saving Excel or Word Files)

[Ken Cross]

I'm quite sure it does.  

Our solution was to create a default ACL on the directory which set the
appropriate ACL on files created in that directory.  This may or may not
work depending on the file system implementation of ACLs.

Ken


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Michael Steffens
Sent: Wednesday, February 12, 2003 7:35 AM
To: Michael Steffens
Cc: [EMAIL PROTECTED]
Subject: Does 3.0 have the same problem? (Re: Problem with nt acl
support when saving Excel or Word Files)


What I would be very curious about: Does 3.0 exhibit the same problem?

 
http://lists.samba.org/pipermail/samba-technical/2003-January/041748.htm
l
 
http://lists.samba.org/pipermail/samba-technical/2003-February/042392.ht
ml

Maybe someone already running 3.0 could try?

Cheers!
Michael

RE: winbindd losing trust relationship once in a while (Samba 3.0)

[Nir Soffer]

[snip]
 
 I wonder whether the trusted domains patch that went by today 
 fixes this
 as well?  Would you mind trying it?

Since the patch doesn't apply to a20, and I couldn't be bothered to check why properly 
- I downloaded the CVS version, for the hell of it. The patch didn't apply to that 
either, so I did it manually.

Both before and after the patch, not only did the trusted domains not work, but I 
couldn't do a wbinfo -u that worked.

This snippet probably explains why:

[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414)
  client_read: read 1312 bytes. Need 0 more for a full request.
[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:process_request(297)
  process_request: request fn LIST_USERS
[2003/02/12 15:14:42, 3] nsswitch/winbindd_user.c:winbindd_list_users(533)
  [21233]: list users
[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:client_write(460)
  client_write: wrote 1300 bytes.
[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414)
  client_read: read 0 bytes. Need 1312 more for a full request.
[2003/02/12 15:14:42, 5] nsswitch/winbindd.c:winbind_client_read(419)
  read failed on sock 12, pid 21233: EOF


So, sorry, but that doesn't seem to work.

Alpha 20 was the last version that actually worked for me...




-- 
Nir Soffer -=- Software Engineer, Exanet Inc. -=-
The poor little kittens; They lost their mittens;
 And now you all must die. Mew, Mew, Mew, Mew, 
 And now you all must die. www.sluggy.com, 24/10/02 

Re: background updates of print queues via a dedicated process

[Michael Sweet]

Gerald (Jerry) Carter wrote:

...

It might be good for there to also be a way for the spooler to
notify Samba when something has happened, so as to avoid polling.


CUPS might support this.  I dunno.  or it could be added to lpd of
course.

 ...

CUPS 1.2 will support IPP notifications and the ippget notification
scheme, so it will be possible for SAMBA to request notifications
whenever printer or job states change.

For CUPS 1.1.x and other legacy printing systems, polling is the
only method that is available.  I think LPRng has some mechanisms
for asynchronous notifications - you'd have to ask Patrick about
that...

--
__
Michael Sweet, Easy Software Products   mike at easysw dot com
Printing Software for UNIX   http://www.easysw.com

Re: background updates of print queues via a dedicated process

[Michael Sweet]

Tim Potter wrote:

...
My idea which I've probably told a couple of you is to use kernel 
dnotify stuff to work out when jobs are spooled or removed.  So a 
daemon would get a signal when a spool file is created and add that
to printing.tdb.  When the file completes spooling lpd deletes it and
the daemon gets another signal saying that file has deleted.
 ...

However, this is highly spooler specific and depends on a publicly
accessible spool directory (something that any self-respecting
spooler does not do these days to avoid common security issues...

--
__
Michael Sweet, Easy Software Products   mike at easysw dot com
Printing Software for UNIX   http://www.easysw.com

RE: winbindd losing trust relationship once in a while (Samba 3.0)

[Ken Cross]

The patch works on SAMBA_3_0 as of 5 minutes ago.  How did you patch it
manually?

The messages you see below are normal and don't indicate any real
problems.

Ken


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Nir Soffer
Sent: Wednesday, February 12, 2003 8:15 AM
To: Tim Potter; [EMAIL PROTECTED]
Subject: RE: winbindd losing trust relationship once in a while (Samba
3.0)


[snip]
 
 I wonder whether the trusted domains patch that went by today
 fixes this
 as well?  Would you mind trying it?

Since the patch doesn't apply to a20, and I couldn't be bothered to
check why properly - I downloaded the CVS version, for the hell of it.
The patch didn't apply to that either, so I did it manually.

Both before and after the patch, not only did the trusted domains not
work, but I couldn't do a wbinfo -u that worked.

This snippet probably explains why:

[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414)
  client_read: read 1312 bytes. Need 0 more for a full request.
[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:process_request(297)
  process_request: request fn LIST_USERS
[2003/02/12 15:14:42, 3]
nsswitch/winbindd_user.c:winbindd_list_users(533)
  [21233]: list users
[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:client_write(460)
  client_write: wrote 1300 bytes.
[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414)
  client_read: read 0 bytes. Need 1312 more for a full request.
[2003/02/12 15:14:42, 5] nsswitch/winbindd.c:winbind_client_read(419)
  read failed on sock 12, pid 21233: EOF


So, sorry, but that doesn't seem to work.

Alpha 20 was the last version that actually worked for me...




-- 
Nir Soffer -=- Software Engineer, Exanet Inc. -=-
The poor little kittens; They lost their mittens;
 And now you all must die. Mew, Mew, Mew, Mew, 
 And now you all must die. www.sluggy.com, 24/10/02 

Winbindd limited by select

[Ken Cross]

Samba-folk:

I've run into a problem with winbindd in both 2.2.x and 3.0 where it
just locks up after a while on large, busy networks.

We finally tracked down the problem to the fact that the C library
select function is limited by default to 256 file descriptors in
NetBSD (1024 in FreeBSD, 2048 in Linux).  So once 256 (or whatever) smbd
processes connected to winbindd, it broke pretty badly and was very hard
to kill.

This is set at compile-time, not run-time.  This line:

 #define FD_SETSIZE 2048  /* Max # of winbindd connections */

must occur before the first invocation of sys/types.

This could be a build option, but it might be much simpler to hard-code
it in local.h, which is what I did to fix it.

Can somebody check the implications of this on Solaris, HPUX, etc.?

Thanks,
Ken Cross
Network Storage Solutions

Re: 3.0Alpha21 and W2K AD 'dorking' Samba machine acct?

[Nik Conwell]

On Thu, 30 Jan 2003, Andrew Bartlett wrote:


 On Thu, 2003-01-30 at 23:32, Nik Conwell wrote:
 
  Anybody seeing a scenario like this?
 
  net ads join adds our machine entry to AD just fine.
 
The machine entry object in the AD database has:
 
 OperatingSystemSamba
 OperatingSystemVersion post3.0-HEAD
 dnsHostnameourhost
 
  Some time later something happened, and AD now has:
 
 OperatingSystemWindows
 OperatingSystemVersion NT 4
 dnsHostnameis empty.
 
  and then authentication to ourhost fails.

 Something is doing a NT4 password change.  This can occur if
 'security=domain' is set, rather than 'security=ads'.

 Or if 'net rpc changetrustpw' is run.

Interesting - security=ads is set in the config, and neither of the two of us
who have privs to do the net cmds have run changetrustpw (or knew what it was
before you wrote about it ;-))

I have an unverified pet theory that under some circumstances the smbd may think
it's running as security=domain (unable to read the config file due to it being
unmounted - it's on NFS disk - or since the file doesn't have o=r).  I'll put
some DEBUG logging statements near change_trust_account_password() to see if
we're somehow getting there.

Thanks for your help.
-nik

RE: Winbindd limited by select

[MCCALL,DON (HP-USA,ex1)]

On HP-UX 11.x, the default is 2048 for FD_SETSIZE.  You can also (according
to man page
for select()) handle this dynamically, if you are concerned for memory
footprint for 
your application.  An example from the man page:
 
  The user can also allocate the space for fd_set structure dynamically,
  depending upon the number of file descriptors to be tested. The
  following code segment illustrates the basic concepts.

int num_of_fds,s;
struct fd_set *f;

/*
 * Set num_of_fds to the required value.
 * User can set it to the maximum possible value the kernel
is
 * configured for, by using sysconf(_SC_OPEN_MAX).
 * Note that, if you are not using these many files, you are
 * wasting too much space.
 */
num_of_fds = sysconf(_SC_OPEN_MAX);
s = sizeof(long);
/*
 * howmany is a macro defined in sys/types.h
 */
f = (struct fd_set *)malloc(s*howmany(num_of_fds, s*8);
/*
 * Use f wherever struct fd_set * is used.
 * It can be used to test num_of_fds file descriptors.
*/

So, might be a couple of ways to skin this cat :-)  (I don't mean literally,
for 
all you cat lovers out there!)
Don

 -Original Message-
 From: Ken Cross [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 12, 2003 7:36
 To: 'Multiple recipients of list SAMBA-TECHNICAL'
 Subject: Winbindd limited by select
 
 
 Samba-folk:
 
 I've run into a problem with winbindd in both 2.2.x and 3.0 where it
 just locks up after a while on large, busy networks.
 
 We finally tracked down the problem to the fact that the C library
 select function is limited by default to 256 file descriptors in
 NetBSD (1024 in FreeBSD, 2048 in Linux).  So once 256 (or 
 whatever) smbd
 processes connected to winbindd, it broke pretty badly and 
 was very hard
 to kill.
 
 This is set at compile-time, not run-time.  This line:
 
  #define FD_SETSIZE 2048  /* Max # of winbindd connections */
 
 must occur before the first invocation of sys/types.
 
 This could be a build option, but it might be much simpler to 
 hard-code
 it in local.h, which is what I did to fix it.
 
 Can somebody check the implications of this on Solaris, HPUX, etc.?
 
 Thanks,
 Ken Cross
 Network Storage Solutions
 

Re: background updates of print queues via a dedicated process

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 12 Feb 2003, Martin Pool wrote:

 I was thinking of the way smbd needs to notify waiting clients when the
 print queue changes.  I guess the notification doesn't need to happen
 straight away.

I think we may need to revisit how the print notify is implemented.
The semanics are correct but it seems to break down under load.
We need to handle that load more gracefully.







cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 You can never go home again, Oatman, but I guess you can shop there.  
--John Cusack - Grosse Point Blank (1997)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+SmALIR7qMdg1EfYRAja/AJ9f1fzPoNNxD3xvPhoYLdXB4hTMMgCg8qxt
fMn6WSa0k0a/BAXrI2Ys2go=
=8GlW
-END PGP SIGNATURE-

Re: Winbindd limited by select

[Michael Steffens]

Hi Ken,

Ken Cross wrote:

I've run into a problem with winbindd in both 2.2.x and 3.0 where it
just locks up after a while on large, busy networks.

We finally tracked down the problem to the fact that the C library
select function is limited by default to 256 file descriptors in
NetBSD (1024 in FreeBSD, 2048 in Linux).  So once 256 (or whatever) smbd
processes connected to winbindd, it broke pretty badly and was very hard
to kill.

This is set at compile-time, not run-time.  This line:

 #define FD_SETSIZE 2048  /* Max # of winbindd connections */

must occur before the first invocation of sys/types.

This could be a build option, but it might be much simpler to hard-code
it in local.h, which is what I did to fix it.

Can somebody check the implications of this on Solaris, HPUX, etc.?


This will hardly do on HP-UX, because there is a kernel parameter
maxfiles controlling the per-process max number of filedescriptors.

It's 60 by default after installation, but is tunable (with reboot).
I would not recommend to set it too high, since it's also a fuse against
single user processes eating up all available file descriptors (controlled
by nfiles).

We have hit the limit *very* quickly on our Winbind production box,
of course, and I have increased maxfiles to 300. Still quite low
when expecting a couple of hundret smbd to become winbind clients.
Each of them consuming two FDs.

The solution (and this should also work on other platforms) was to
have winbindd housekeep its client connections by shutting down
idle connections, and have clients reconnect when required:

  http://lists.samba.org/pipermail/samba-technical/2003-February/042210.html

The threshold was chosen to be 100 active connections, which keeps
winbindd well below 300 FDs. Below 140, actually, including network
sockets and open database and log files.

This only works out well if clients don't connect too frequently,
however, and

  http://lists.samba.org/pipermail/samba-technical/2003-February/042170.html

helped achieving this.

I'm tracking winbindd shutting down sockets for about a week now,
and have extended the DEBUG line in remove_idle_client() to also print
idle time of removal candidates.

With about 100 concurrent smbds (i.e. ~200 client pipes) it
almost always finds connections idle for more than an hour.
I would assume forcing these to reconnect should have no measurable
impact, and the solution should scale to a multitude of its
current load.

It can't be applied directly to 3.0, however. I'm assuming that identifying
idle connections is more complicated there, as both read and write buffers
can be empty while waiting for a request to complete. But it should
nevertheless be possible.

Cheers!
Michael

RE: winbindd losing trust relationship once in a while (Samba 3.0)

[Nir Soffer]

 -Original Message-
 From: Ken Cross [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 12, 2003 3:41 PM
 To: Nir Soffer; 'Tim Potter'; [EMAIL PROTECTED]
 Subject: RE: winbindd losing trust relationship once in a 
 while (Samba 3.0)
 
 
 The patch works on SAMBA_3_0 as of 5 minutes ago.  How did 
 you patch it
 manually?

Well, I looked at the patch saw that it moves the static variable last_scan outside of 
the function and inserted the last_scan = 0 wherever it should be.

 The messages you see below are normal and don't indicate any real
 problems.

Except the fact that wbinfo -u didn't work.

Downloading the CVS again, this is what I got when I ran wbinfo -u (without any patch)

2003/02/12 18:15:37, 6] rpc_parse/parse_prs.c:prs_debug(81)
  18 smb_io_pol_hnd domain_pol
[2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_uint32(592)
  0018 data1: 
[2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_uint32(592)
  001c data2: 
[2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_uint16(563)
  0020 data3: 
[2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_uint16(563)
  0022 data4: 
[2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_uint8s(679)
  0024 data5: 00 00 00 00 00 00 00 00 
[2003/02/12 18:15:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(621)
  002c status: NT_STATUS_INVALID_PARAMETER
[2003/02/12 18:15:37, 10] nsswitch/winbindd.c:client_write(460)
  client_write: wrote 1300 bytes.
[2003/02/12 18:15:37, 10] nsswitch/winbindd.c:winbind_client_read(414)
  client_read: read 0 bytes. Need 1312 more for a full request.
[2003/02/12 18:15:37, 5] nsswitch/winbindd.c:winbind_client_read(419)
  read failed on sock 12, pid 6200: EOF

 Ken



--
Nir Soffer -=- Software Engineer, Exanet Inc. -=-
The poor little kittens; They lost their mittens;
 And now you all must die. Mew, Mew, Mew, Mew, 
 And now you all must die. www.sluggy.com, 24/10/02 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]
amba.org]
On Behalf Of Nir Soffer
Sent: Wednesday, February 12, 2003 8:15 AM
To: Tim Potter; [EMAIL PROTECTED]
Subject: RE: winbindd losing trust relationship once in a while (Samba
3.0)


[snip]
 
 I wonder whether the trusted domains patch that went by today
 fixes this
 as well?  Would you mind trying it?

Since the patch doesn't apply to a20, and I couldn't be bothered to
check why properly - I downloaded the CVS version, for the hell of it.
The patch didn't apply to that either, so I did it manually.

Both before and after the patch, not only did the trusted domains not
work, but I couldn't do a wbinfo -u that worked.

This snippet probably explains why:

[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414)
  client_read: read 1312 bytes. Need 0 more for a full request.
[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:process_request(297)
  process_request: request fn LIST_USERS
[2003/02/12 15:14:42, 3]
nsswitch/winbindd_user.c:winbindd_list_users(533)
  [21233]: list users
[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:client_write(460)
  client_write: wrote 1300 bytes.
[2003/02/12 15:14:42, 10] nsswitch/winbindd.c:winbind_client_read(414)
  client_read: read 0 bytes. Need 1312 more for a full request.
[2003/02/12 15:14:42, 5] nsswitch/winbindd.c:winbind_client_read(419)
  read failed on sock 12, pid 21233: EOF


So, sorry, but that doesn't seem to work.

Alpha 20 was the last version that actually worked for me...




-- 
Nir Soffer -=- Software Engineer, Exanet Inc. -=-
The poor little kittens; They lost their mittens;
 And now you all must die. Mew, Mew, Mew, Mew, 
 And now you all must die. www.sluggy.com, 24/10/02 

rpcclient adddriver: core dump

[Ronan Waide]

Samba HEAD

Looks like it's triggered by not closing quotes:

[root@workst1 root]# rpcclient -U admin%passwd -W GROUP workst1 -d2
added interface ip=192.168.168.250 bcast=192.168.168.255 nmask=255.255.255.0
rpcclient $ adddriver Windows 4.0 HP CL 8500 - 
PCL:HPCPCLA.DLL:HP_LJ85.PPD:HPCPCLA1.DLL:H
Segmentation fault

(the second param to addriver is incomplete due to a cut-and-paste
mishap; hitting return on it produces the segv.)

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

It never ceases to amaze me how a 50% pay rise, overtime and low mileage can
 make you swallow your pride so easily. - Alan Weadick

Re: Winbindd limited by select

[jra]

On Wed, Feb 12, 2003 at 07:36:19AM -0500, Ken Cross wrote:
 Samba-folk:
 
 I've run into a problem with winbindd in both 2.2.x and 3.0 where it
 just locks up after a while on large, busy networks.
 
 We finally tracked down the problem to the fact that the C library
 select function is limited by default to 256 file descriptors in
 NetBSD (1024 in FreeBSD, 2048 in Linux).  So once 256 (or whatever) smbd
 processes connected to winbindd, it broke pretty badly and was very hard
 to kill.
 
 This is set at compile-time, not run-time.  This line:
 
  #define FD_SETSIZE 2048  /* Max # of winbindd connections */
 
 must occur before the first invocation of sys/types.
 
 This could be a build option, but it might be much simpler to hard-code
 it in local.h, which is what I did to fix it.
 
 Can somebody check the implications of this on Solaris, HPUX, etc.?

Great catch ! I'll fix this asap !

Jeremy.

Re: CVS update: samba/source/printing

[jra]

On Wed, Feb 12, 2003 at 09:03:44AM -0600, Gerald (Jerry) Carter wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On Wed, 12 Feb 2003 [EMAIL PROTECTED] wrote:
 
  
  Date:   Wed Feb 12 06:38:18 2003
  Author: abartlet
  
  Update of /data/cvs/samba/source/printing
  In directory dp.samba.org:/tmp/cvs-serv1930/printing
  
  Modified Files:
  notify.c 
  Log Message:
  Prevent NULL-pointer induced segfaults.
  
  Is tdb_pack in appliance_head different for some reason?  
 
 apparently so.
 
 $ cvs log -r1.9.2.14 tdb/tdbutil.c
 
 revision 1.9.2.14
 date: 2002/11/27 01:51:43;  author: jra;  state: Exp;  lines: +21 -25
 SMBencrypt needs dos codepage also. Change tdb_pack/unpack to take a 
 function pointer applied to all strings if it exists.   Jeremy.

Sorry about that. I'll watch for these nasty differences more closely
in future.

Jeremy.

one more rpclient buglet

[Ronan Waide]

Added a driver using:
(B  adddriver "Windows 4.0" "PR2:NULL:NULL:NULL:NULL:NULL:NULL:NULL"
(B
(BNow I get funny characters in the enumdrivers output:
(B[root@workst1 root]# rpcclient -U user%pass -c "enumdrivers 2" workst1  
(B
(B[Windows 4.0]
(BPrinter Driver Info 2:
(BVersion: [0]
(BDriver Name: [PR2]
(BArchitecture: [Windows 4.0]
(BDriver Path: [%/1€Œiso8859-15,A0(B`]
(BDatafile: [t]
(BConfigfile: [%/1€iso8859-15,A7Pa?(B]
(B
(BAlso
(B  adddriver "Windows NT x86" "PR2:NULL:NULL:NULL:NULL:NULL:NULL:NULL"
(B
(Bfails, but I'm not yet sure why.
(B
(BCheers,
(BWaider.
(B-- 
([EMAIL PROTECTED] / Yes, it /is/ very personal of me.
(B"So, while thinking about all this, I realized that my job could be
(B defined as systematically, judiciously, deliberately forgetting
(B things." - smarry

init_unistr2 length calculation

[Shirish Kalele]

Hi,

In init_unistr2, the string length for the UNISTR2 structure seems to be set
equal to the number of bytes occupied by the string when encoded in the Unix
charset (i.e. the value returned by strlen()). This is not necessarily the
number of characters in the string (given UTF-8 and other variable-byte
charsets).

Shouldn't this actually be set to half the number of bytes occupied by the
string after encoding it in UCS2? Here's a patch that does this.

Thanks,
Shirish

Index: rpc_parse/parse_misc.c
===
RCS file: /cvsroot/samba/source/rpc_parse/parse_misc.c,v
retrieving revision 1.94.2.8
diff -u -r1.94.2.8 parse_misc.c
--- rpc_parse/parse_misc.c 28 Jan 2003 21:09:56 - 1.94.2.8
+++ rpc_parse/parse_misc.c 11 Feb 2003 19:52:32 -
@@ -889,10 +889,6 @@
 {
  ZERO_STRUCTP(str);

- /* set up string lengths. */
- str-uni_max_len = (uint32)len;
- str-undoc   = 0;
- str-uni_str_len = (uint32)len;

  if (len  MAX_UNISTRLEN)
   len = MAX_UNISTRLEN;
@@ -912,7 +908,13 @@
  if (buf==NULL)
   return;

- rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE);
+ len = rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE);
+ len /= 2;
+ /* set up string lengths. */
+ str-uni_max_len = (uint32)len;
+ str-undoc   = 0;
+ str-uni_str_len = (uint32)len;
+
 }

 /**

joining machine to domain with ldapsam backend

[Peak, John]

Title: joining machine to domain with ldapsam backend 





Bradley,

Did you ever resolve or find a workaround for this? This is exactly the problem I am having with the current HEAD.

Thanks,

John


 From: Bradley W. Langhorst [EMAIL PROTECTED] 

 To: [EMAIL PROTECTED] 

 Subject: joining machine to domain with ldapsam backend 

 Date: 23 Apr 2002 20:35:22 -0400 

 Message-id: 1019608522.25957.2528.camel@unheq1 

 

 

 I'm assuming that talk about samba3 belongs here,

 please let me know if i should take it to samba@

 

 I'm trying to join a machine to 

 today's head

 

 here is the what I get in the log file - 

 how should we assign an RID to a machine account?

 

 do I need to add a special script in the add machine script parameter to

 make this work?

 

 

 how should we assign an RID to a machine account?

 

 [2002/04/23 20:32:53, 2] smbd/reply.c:reply_special(77)

 netbios connect: name1=BITC name2=TESTPC

 [2002/04/23 20:32:53, 2] smbd/reply.c:reply_special(96)

 netbios connect: local=bitc remote=testpc

 [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)

 ldap_open_connection: connection opened

 [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)

 ldap_connect_system: successful connection to the LDAP server

 [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)

 ldapsam_search_one_user: searching

 for:[((uid=root)(objectclass=sambaAccount))]

 [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)

 Entry found for user: root

 [2002/04/23 20:32:53, 2] auth/auth.c:check_ntlm_password(256)

 check_password: authenticaion for user [root] - [root] - [root]

 suceeded

 [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)

 ldap_open_connection: connection opened

 [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)

 ldap_connect_system: successful connection to the LDAP server

 [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)

 ldapsam_search_one_user: searching

 for:[((uid=root)(objectclass=sambaAccount))]

 [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)

 Entry found for user: root

 [2002/04/23 20:32:54, 2] lib/access.c:check_access(309)

 Allowed connection from (132.177.45.90)

 [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)

 ldap_open_connection: connection opened

 [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)

 ldap_connect_system: successful connection to the LDAP server

 [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)

 ldapsam_search_one_user: searching

 for:[((uid=root)(objectclass=sambaAccount))]

 [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)

 Entry found for user: root

 [2002/04/23 20:32:54, 2] smbd/server.c:exit_server(498)

 Closing connections

 [2002/04/23 20:32:54, 2] lib/access.c:check_access(309)

 Allowed connection from (132.177.45.90)

 [2002/04/23 20:32:54, 2] smbd/reply.c:reply_special(77)

 netbios connect: name1=BITC name2=TESTPC

 [2002/04/23 20:32:54, 2] smbd/reply.c:reply_special(96)

 netbios connect: local=bitc remote=testpc

 [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)

 ldap_open_connection: connection opened

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)

 ldap_connect_system: successful connection to the LDAP server

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)

 ldapsam_search_one_user: searching

 for:[((uid=root)(objectclass=sambaAccount))]

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)

 Entry found for user: root

 [2002/04/23 20:32:55, 2] auth/auth.c:check_ntlm_password(256)

 check_password: authenticaion for user [root] - [root] - [root]

 suceeded

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)

 ldap_open_connection: connection opened

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)

 ldap_connect_system: successful connection to the LDAP server

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)

 ldapsam_search_one_user: searching

 for:[((uid=root)(objectclass=sambaAccount))]

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)

 Entry found for user: root

 [2002/04/23 20:32:55, 2] lib/access.c:check_access(309)

 Allowed connection from (132.177.45.90)

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206)

 ldap_open_connection: connection opened

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240)

 ldap_connect_system: successful connection to the LDAP server

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252)

 ldapsam_search_one_user: searching

 for:[((uid=root)(objectclass=sambaAccount))]

 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498)

 Entry found for user: root

 [2002/04/23 20:32:55, 2]

 

RE: init_unistr2 length calculation

[Shirish Kalele]

The patch assumes that UCS2 characters are 2-bytes each. It does not make
any assumptions about the widths of the Unix charset.

Thanks,
Shirish

On Wed, 12 Feb 2003, Ken Cross wrote:

I'm not sure that 2 is a valid assumption.  We're using UTF-8 for the
Unix charset, and a multi-byte character can be as much as 6 bytes.

Ken


Ken Cross

Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Shirish Kalele
Sent: Wednesday, February 12, 2003 1:08 PM
To: [EMAIL PROTECTED]
Subject: init_unistr2 length calculation


Hi,

In init_unistr2, the string length for the UNISTR2 structure seems to be
set equal to the number of bytes occupied by the string when encoded in
the Unix charset (i.e. the value returned by strlen()). This is not
necessarily the number of characters in the string (given UTF-8 and
other variable-byte charsets).

Shouldn't this actually be set to half the number of bytes occupied by
the string after encoding it in UCS2? Here's a patch that does this.

Thanks,
Shirish

Index: rpc_parse/parse_misc.c
===
RCS file: /cvsroot/samba/source/rpc_parse/parse_misc.c,v
retrieving revision 1.94.2.8
diff -u -r1.94.2.8 parse_misc.c
--- rpc_parse/parse_misc.c 28 Jan 2003 21:09:56 - 1.94.2.8
+++ rpc_parse/parse_misc.c 11 Feb 2003 19:52:32 -
@@ -889,10 +889,6 @@
 {
  ZERO_STRUCTP(str);

- /* set up string lengths. */
- str-uni_max_len = (uint32)len;
- str-undoc   = 0;
- str-uni_str_len = (uint32)len;

  if (len  MAX_UNISTRLEN)
   len = MAX_UNISTRLEN;
@@ -912,7 +908,13 @@
  if (buf==NULL)
   return;

- rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE);
+ len = rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE); len
+ /= 2;
+ /* set up string lengths. */
+ str-uni_max_len = (uint32)len;
+ str-undoc   = 0;
+ str-uni_str_len = (uint32)len;
+
 }

 /**

Re: init_unistr2 length calculation

[Alexander Bokovoy]

On Wed, Feb 12, 2003 at 01:18:00PM -0500, Ken Cross wrote:
 I'm not sure that 2 is a valid assumption.  We're using UTF-8 for the
 Unix charset, and a multi-byte character can be as much as 6 bytes.
_after_ reencoding to UCS2 the length of string in characters will be
(bytes length)/2.

-- 
/ Alexander Bokovoy
---
Wanna buy a duck?

Re: Dual winbind daemons - fix to winbindd_dual.c

[jra]

On Tue, Feb 11, 2003 at 09:46:44PM -0500, Ken Cross wrote:
 Samba-folk:
 
 The dual winbindd daemon hasn't been working (at least not on NetBSD).
 It always bombs out with
 
  [2003/02/11 10:03:23, 2] tdb/tdbutil.c:tdb_log(582)
tdb(unnamed): tdb_open_ex: /var/samba/locks/winbindd_idmap.tdb
 (0,162792) is already open in this process
  [2003/02/11 10:03:23, 0]
 nsswitch/winbindd_idmap.c:winbindd_idmap_init(438)
winbindd_idmap_init: Unable to open idmap database
 
 and then becomes a zombie.  The one-line fix below closes idmap before
 calling winbind_setup_common.
 
 BTW, I haven't really had a chance to test it -- does the dual daemon
 thing work well?

We're using it with success on the HP PSA, but that uses the
APPLIANCE_HEAD branch. I'll look at this...

Jeremy.

RE: init_unistr2 length calculation

[Ken Cross]

You're right -- sorry.  (Going in the wrong direction.)

Ken


Ken Cross

Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED] 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Shirish Kalele
Sent: Wednesday, February 12, 2003 1:23 PM
To: Ken Cross
Cc: [EMAIL PROTECTED]
Subject: RE: init_unistr2 length calculation


The patch assumes that UCS2 characters are 2-bytes each. It does not
make any assumptions about the widths of the Unix charset.

Thanks,
Shirish

On Wed, 12 Feb 2003, Ken Cross wrote:

I'm not sure that 2 is a valid assumption.  We're using UTF-8 for the 
Unix charset, and a multi-byte character can be as much as 6 bytes.

Ken


Ken Cross

Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Shirish Kalele
Sent: Wednesday, February 12, 2003 1:08 PM
To: [EMAIL PROTECTED]
Subject: init_unistr2 length calculation


Hi,

In init_unistr2, the string length for the UNISTR2 structure seems to 
be set equal to the number of bytes occupied by the string when encoded

in the Unix charset (i.e. the value returned by strlen()). This is not 
necessarily the number of characters in the string (given UTF-8 and 
other variable-byte charsets).

Shouldn't this actually be set to half the number of bytes occupied by 
the string after encoding it in UCS2? Here's a patch that does this.

Thanks,
Shirish

Index: rpc_parse/parse_misc.c 
===
RCS file: /cvsroot/samba/source/rpc_parse/parse_misc.c,v
retrieving revision 1.94.2.8
diff -u -r1.94.2.8 parse_misc.c
--- rpc_parse/parse_misc.c 28 Jan 2003 21:09:56 - 1.94.2.8
+++ rpc_parse/parse_misc.c 11 Feb 2003 19:52:32 -
@@ -889,10 +889,6 @@
 {
  ZERO_STRUCTP(str);

- /* set up string lengths. */
- str-uni_max_len = (uint32)len;
- str-undoc   = 0;
- str-uni_str_len = (uint32)len;

  if (len  MAX_UNISTRLEN)
   len = MAX_UNISTRLEN;
@@ -912,7 +908,13 @@
  if (buf==NULL)
   return;

- rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE);
+ len = rpcstr_push((char *)str-buffer, buf, len, STR_TERMINATE); len 
+ /= 2;
+ /* set up string lengths. */
+ str-uni_max_len = (uint32)len;
+ str-undoc   = 0;
+ str-uni_str_len = (uint32)len;
+
 }

 /**

Re: Winbindd limited by select

[Michael B. Allen]

On Wed, 12 Feb 2003 07:36:19 -0500
Ken Cross [EMAIL PROTECTED] wrote:

 I've run into a problem with winbindd in both 2.2.x and 3.0 where it
 just locks up after a while on large, busy networks.
 
 We finally tracked down the problem to the fact that the C library
 select function is limited by default to 256 file descriptors in
 NetBSD (1024 in FreeBSD, 2048 in Linux).  So once 256 (or whatever) smbd
 processes connected to winbindd, it broke pretty badly and was very hard
 to kill.
 
 This is set at compile-time, not run-time.  This line:
 
  #define FD_SETSIZE 2048  /* Max # of winbindd connections */
 
 must occur before the first invocation of sys/types.
 
 This could be a build option, but it might be much simpler to hard-code
 it in local.h, which is what I did to fix it.

Better still add a check to see if the limit has been reached and return
an error.

Mike

-- 
A  program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes  the  potential  for it to be applied to tasks that are
conceptually  similar and, more important, to tasks that have not
yet been conceived. 

Re: password quality script aka --with-cracklib replacement

[Martin Pool]

On 12 Feb 2003, Andrew Bartlett [EMAIL PROTECTED] wrote:

 Because we don't have the old password, doing this via PAM doesn't
 work.  The pam_cracklib module doesn't apply the test if it's run as
 root, and won't run without the old password as a normal user.

I know it won't work with the existing pam_cracklib module.  What I was
asking was whether it is possible to write a new module that connects
using PAM and which does provide the right checks, rather than
inventing a new plugin interface.

The PAM module might store previous passwords in a database (e.g. tdb)
that it maintains.  Every time a password is set, it gets put in
there, with any other appropriate information (date?).  When a new
password-setting attempt is made, it checks against the history, plus
other strength checks.

I know PAM's configuration method is a bit gross, but standard is
better than better.

Since libraries can't be setuid it would need to be invoked by smbd as
root, but that probably make sense anyhow as you say.

  Personally I would use something like a tdbpacked string, which avoids
  worries about strange characters or string parsing, and is easy to
  handle in C, Perl, and Python.
 
 This is an interesting idea - but how available is the interface for our
 particular custom string format?

There is a Python library to decode them.  Writing one for Perl would
be quite trivial: perhaps 100 lines and half an hour.

 NT_STATUS_OK # New password accepted
   
 NT_STATUS_ACCESS_DENIED # Error occured in the script
   
 NT_STATUS_PASSWORD_RESTRICTION # Too short,  weak, etc.
 
 I suggested the string - I don't think sending the hex value adds much,
 and makes it less self-documenting.  Parsing the string is trivial, as
 we already have the lookup routines (I use it for a custom-hack auth
 module).  We could certainly allow both - which would allow a new
 NTSTATUS code to be used in the unlikely event a useful one appears in
 this context.

You can perhaps imagine a script that wants to be a proxy to some
other service that returns arbitrary error codes,  so translating to
and from strings would be a waste of time and effort.  So we ought to
at least allow numeric values, as you say.

Why make it optional, though?  There's already space for a
human-readable description string.  Presumably the script will use
symbolic names for all the values, so the code will be
self-documenting which is the most important part.

All these protocols send numeric values, so it's better to be
consistent.  (For example, wbinfo prints out hex ntstatus values.)

-- 
Martin