Re: AW: [Samba] Samba server in a failover environment
On Thu, 13 Feb 2003, Alexander Skwar wrote: Oktay Akbal wrote: shared-storage or nfs (however this is made redundant in his case). Both servers would then have the same tdbs. Hm, this would mean he'd need to introduce a third server which holds the shared storage. And to have this server be secured, he should have a fourth server which is a clone of the third server. I don't think this is a good idea... If I remember the original posting right, he already uses samba-failover to re-export nfs from a third-server. In his case this should not be wrong. But generally you are right. But I don't see, why you should sync the tdbs, when you do not have redundant storage. Making Samba HA without the data on the shares is a bit mysterious to me. Oktay Akbal -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problem with printer hp930c
I have a problem with a hp930c install on a linux redhat7.3 In linux the printing is fine there are no problem. The problem are when printing from win98 or other windows machines via samba ! Is printing PCL code. that's a lot of garbage. What are the settings for the driver in order to stop printing this and print the actual document ? I did something to that driver and began printing ok but only quarter of inch and then eject the paper and stop as I'm Done. If a let it by default it is writing garbage. I've tried in the windows machine to put the printer both on EMF and RAW, direct to printer and first spooling but there is no use. Thanks a lot Andrei -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to join a linux machine to a pure ActiveDirectoryDomain using Samba 3.0alpha21?
What should this tell me? As far as I understood your link, it's about making Win XP Home Edition join a Domain. I don't have XP Home, just XP mission impossible! windows XP home does not support domains!! Pro and some Windows 2000 Pro boxes. Alexander Skwar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
OT: suggestion! (was Re: [Samba] !!ATTENTION NEWBIES!!)
wow / i did newer see such a response to a theme as in this case! :-O here's a suggestion: i did send (in a view cases) a short message to this 'NEWBEES' with important internet links, such as: (e.g.) http://www.samba.org/samba/ml-etiquette.html http://hr.uoregon.edu/davidrl/samba/ http://at.samba.org/samba/docs/ or such a stuff. i did this 'OFF LIST' - so that nobody is bothered. this costs really less time and prevents from multiple posts. *and* i got mostly positive response. i think this a way to minimize time and saves nerves. all in all *everybody* should 'have a lot of fun' and we where all *newbies* a long time ago... == but here's somethig i did want to say all the time: a *very* big THX to Jerry Carter Co. for having so much patience with all of us. ( mr. carter: *when* do you work? ;-) ) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't access remote workstations without MASQUERADE
Could this be related to ip forwarding being disabled? Do you have a firewall? ---Original Message--- From: Rodrigo Gruppelli Date: 14 februarie 2003 08:12:23 To: [EMAIL PROTECTED] Subject: [Samba] Can't access remote workstations without MASQUERADE Hi everyone! I have a little problem here. First let explain my network topology I have a 192.168.0.0/24 network, with win98 workstations, a NT serving domain and another NT as a WINS server. 192.168.0.3 - NT / WINS 192.168.0.6 - NT / DOMAIN 192.168.0.1 - Internet gateway 192.168.0.2 - Wireless AP 200 that connects to a linux gw ==--==-=-=-==-= AIR :) -- --- == --==--=-- =-=- 192.168.0.4 - IP of the wireless iface of a linux gw on the remote side 192.168.1.1 - IP of the ethernet interface of the linux gw (this samba is acting as a local master browser for the 192.168.1.0/24 network and is serving some files) 192.168.1.0/24 - remote side network. All of this machines are configured to use WINS at 192.168.0.3, all NT servers, samba server, win98 machines, of both sides. I already setup all the routing stuff. I can ping any machine FROM any machine of both sides. I can browse the network neighborhood, all machines appear on it. The gateway of all 192.168.0.0/24 machine is 192.168.0.1 The gateway of all 192.168.1.0/24 machine is 192.168.1.1 On 192.168.0.1 I setup a route telling that 192.168.1.0/24 network is reachable by the 192.168.0.2 (AP 200). The Ap200 then bridges the traffic to the other side 192.168.0.4 pcmcia wireless interface, and then it enter the 192.168.1.0/24 network. The problem is that, from a 192.168.1.0/24 win98 machine, I can browse the network neighborhood, I can see all machines of 192.168.0.0/24 side, but when I try to access a machine, it says that the machine isn't accessable. If I insert a rule on linux gw 192.168.1.1 telling to masquerade all 192.168.1.0/24 traffic (iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE), then everything works normally. But WHY this masquerade? I don't want to use masquerade. I mean, the cleaner my network topology is, better it will be. Why can't it work with just trivial routing? Anyone knows? As I said, without masquerade, I can do everything. Ping, resolve netbios names, browse on the network neighborhood. Everything but access the shares. With masquerade, I access the share. thanks in advance Rodrigo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] !!ATTENTION NEWBIES!!
The way I see the use of this mailing list is that everybody that uses the knowledge gathered here also has the responsibility to contribute at his own level. By this I mean that I, having some Samba experience, try to answer those questions that correspond to my level of skills. I will explain how to join a win2k client to a samba hosted domain. I don't mind repeating myself every two weeks. That way questions about bugs and other more advanced things will be left for the real Gods of Samba out here. I believe in open source and I believe that despite my language barrier and my humble knowledge I can contribute my share. And as in time my knowledge will advance, I will, thanks to all the people out here, be able to contribute more and even perhaps help with the development of open source software. ---Original Message--- From: [EMAIL PROTECTED] Date: 14 februarie 2003 08:12:46 To: Martin Pool; Pierrick Brossin Cc: [EMAIL PROTECTED] Subject: Re: [Samba] !!ATTENTION NEWBIES!! --- Martin Pool [EMAIL PROTECTED] wrote: I think all Chris was asking for was a little respect on both sides: please do your homework before asking a question, and please treat nicely people who do ask. In essense, yes, I was saying those very things, and offered ways I've used to answer my own Samba questions. I WAS trying to help, not cause more yelling. It's hard to inflect in email (: If you were to subscribe to my LUG's mailing list, you'd see me taking great pains to answer newbie questions. But that's a different type of channel. In here, I've asked good questions and had to repeat them a few times to be heard. There's just too many simple questions. No doubt you developers are just burnt out from the volume, and I'd much rather you debug Samba than answer How do I join a domain? for the 15th time. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] win2000 and linux 7.2 trouble using samba
I have tried recently to link up two computers over the network using my machine which is win2000 and our Redhat Linux server 7.2 using samba v 2.2. When I browse the network I can see the approprate workgroup which I have named 'Linux' but the workgroup appears to have nothing available inside it. That is no icon, basically no contents. I am at a dead end, can anyone help me out? Here is what I have: [global] coding system = client code page = 850 code page directory = /usr/share/samba/codepages workgroup = LINUX netbios name = netbios aliases = netbios scope = server string = Samba Server interfaces = bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No log level = 2 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 0 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 total print jobs = 0 load printers = Yes printcap name = /etc/printcap enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No character set = mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = Auto local master = Yes domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = Yes wins server = wins support = Yes wins hook = kernel oplocks = Yes oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/cache/samba default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 comment = path = alternate permissions = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 inherit permissions = No guest only = No
Re: [Samba] Adding Printer driver with cupsaddsmb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kurt Pfeifle wrote: I still have a problem adding a driver to samba 2.2.7a-0.1 with cupsaddsmb. You tell the version of Samba -- yet you don't tell the version of the other important component: CUPS. Which is it? Currently I'm running cups 1.1.14 which comes with debian stable... The adddprinter call used to be there in older versions of cupsaddsmb. Recent version use the setdriver command instead. My advice is to upgrade CUPS and then try again. ... and I'm trying to build my own 1.1.18 package for stable... *arg* Cheers and thanks a lot to all who replied, I will the result when I upgraded my cups, Nicki - -- Linksystem Muenchen GmbH [EMAIL PROTECTED] Schloerstrasse 10 http://www.link-m.de 80634 Muenchen Tel. 089 / 890 518-0 We make the Net work. Fax 089 / 890 518-77 -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com Comment: Get my key at: https://www.link-m.de/pgp/n.messerschmidt.asc iQA/AwUBPky2Kes1nPm17iBDEQJWVgCeL/zG/XKye2n/F41IPPSmEwdMDi4AoL3/ 41vo3x4DVX8sB9cZU0WNue0M =i5Qh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain users in local groups with Winbind/Samba/Redhat
Hi, I am running a Samba 2.2.7a on Redhat 7.3 in a NT domain. For authentication I am using the domainusers.This is done by Winbind 2.2.7a which verifies the existens of the users on the PDC. So I dont't have to create local users (/etc/passwd) for users who want to connect to the shares in the smb.conf. I authorise them by adding valid users = domain+domainuser to the smb.conf. This works very well. Now my problem: By writing valid users = @localgroup or +localgroup I can authorise local groups (/etc/group) to connect to the shares. Now I want to add the domainusers to some local groups.Putting the domainusers in groups should save much time because otherwise I have to add each domainuser for every share seperatly. E.g. valid users = domain1+domainuser domain2+domainuser2 I have tried it with: usermod -g localgroup domain+domainuser which ends in this message: usermod: domain+domainuser not found /etc/passwd I know this is message is right because there is no domainuser in /etc/passwd. But how can I assort the domainusers? Is there a way to use groups of domainusers who are verified by winbind in the smb.conf? Thank you for your efforts. Greetings Matthias -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WinNT Password Change Prompt
Dear Group, I'm using samba as PDC and all works fine but i want to do a thing that it is not explained in any samba manual i could found in Internet. Under WinNT when you create a new user there is the checkbox that allows the new user to change the password at the first login presenting an automatic prompt to do so. Is any string available to put in smb.conf to do that or some other stuff to make this thing possible? Thank You Very Much, Lorenzo Allori The Medici Archive Project System Administrator [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS code list ?
On Fri, 2003-02-14 at 01:27, David Morel wrote: Hi, I'm trying to automate a server connection to various shares on my network (so as to back them up). I use smbmount which works fine, except on one machine running winXp: i shared a directory on that machine, using a locally created windows user with read-only rights as the only one allowed to access this share. When i tried to mount it (kernel 2.4.20) with smbfs, smbmount hanged, and there was no way i could unmount the share, so i had to reboot. Sounds nasty - you might want to try and get the smbfs maintainer's attention, or try the new CIFS VFS. In fact, the username and pass i used were wrong, i realized that when i used smbclient on that share and double-checked my setup. The strange thing is i could do a smbclient //machine/share -c ls even with the wrong username and password, the answer being 'NT_STATUS_ACCESS_DENIED listing \*'. It gave me an answer about smbfs sending all these (approx. from memory) 'smb_proc_readdir_long read=\* err=5'. So i know now where the trouble is. The funny thing is that the xp machine even when denying access still prints the disk free space :-) Yes, Win2k allows you to connect to a share you don't have the right to read the files in - you just cannot perform any operations on it... Interesting point on the free space however :-) What i want to do know is prior to mounting the shares, try to smbclient them, and depending on the answer decide to mount the share or not. The range of answers i got so far was NT_STATUS_UNSUCCESSFUL, NT_STATUS_LOGON_FAILURE and NT_STATUS_WRONG_PASSWORD; all of which are reasons for me not to mount the given share. I would like to know what other messages of the same kind are sent back by smbclient, so i can really put that automation stuff together. I tried to browse the source code of course but... It is huge and i have very little clue about it all. Why would you attempt to mount the share if you had any error at all? The full list is in include/nterr.h, but I don't think it will actually help you. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] win2000 and linux 7.2 trouble using samba
Duncan Turner schrieb: I have tried recently to link up two computers over the network using my machine which is win2000 and our Redhat Linux server 7.2 using samba v 2.2. When I browse the network I can see the approprate workgroup which I have named 'Linux' but the workgroup appears to have nothing available inside it. That is no icon, basically no contents. I am at a dead end, can anyone help me out? Here is what I have: [global] coding system = client code page = 850 code page directory = /usr/share/samba/codepages workgroup = LINUX netbios name = did u give *no* netbios name or did u delete it for the list? in case 1) please remove all empty lines (as interface = ) and give your linux an netbios name... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Found MS-Word 97 Samba bug : diagnostic found!
Hi all, I have a bug with Version 2.2.3a-12 for Debian GNU/Linux (custom 2.4.20 kernel with aacraid support (DELL PowerEdge 1650 with RAID mirror, etc)): Some users have, SOMETIMES, a READ ONLY set on files, where no one except them use this files. I'm in oplocks=false because of MS-Excel 97 issues, and, no need of fast performances at the moment (10 users). I put a /home/public with nobody.nogroup rights. Each users is in nogroup group too. force user=nobody on this share set force create mask=0664 on this share And, here what I have!!! : First file has NO PROBLEM, second one HAS READ ONLY ERROR, (but not if the file is REOPEN again): -rw-rw-r--1 nobody nogroup 37888 Feb 14 11:46 test_file_1.doc -rwxr--r--1 nobody nogroup 37376 Feb 14 2003 test_file_2.doc Look at date Feb 14 2003: erkk!! this is not a standard date!!! If I touch the file, as root, the date is now ok: -rw-rw-r--1 nobody nogroup 37888 Feb 14 11:46 test_file_1.doc -rwxr--r--1 nobody nogroup 37376 Feb 14 11:59 test_file_2.doc Then, the user can access the file, with READ/WRITE permissions Please consider too that -rwxr--r-- has nothing to do with 664 permissions!! :-/ I think there is a mess with Samba and Word 97 .. I found that Samba 2.0.4 has a fix for Word 97 issues. Seems there's still one lurking around? Or did I configured badly?? Thanks a lot for answering *--- Here datas on my config: *--- KERNEL: Linux master 2.4.20 #5 SMP Fri Feb 7 10:06:37 CET 2003 i686 unknown UPTIME/LOAD: 12:21:56 up 6 days, 22:37, 3 users, load average: 0.01, 0.00, 0.00 SAMBA: Version 2.2.3a-12 for Debian = (I know it's old but it's still the version in the debian/stable) *--- /etc/samba/smb.conf *--- [global] netbios name=MASTER workgroup=PACK security=user encrypt passwords=Yes domain logons=yes logon script=logon.bat os level=64 domain master=yes local master=yes preferred master=yes wins support = yes name resolve order = wins hosts lmhosts bcast oplocks=no hosts allow=192.168.0. 192.168.1. log level=1 printer driver file=/home/public/driver/printers.def server string=PACK DOMAIN CONTROLER [netlogon] path=/var/samba/netlogon read only=yes public=no [profiles] path=/var/samba/profiles read only=no create mask = 0600 directory mask = 0700 [homes] browseable=No writeable=Yes guest ok=no comment=HOME create mask = 0600 directory mask = 0700 valid users = %S [public] path=/home/public browseable=Yes writeable=Yes guest ok=yes read only=no force user=nobody comment=PUBLIC set force create mask = 0664 [pdf] path=/tmp printable=yes guest ok=yes print command=/usr/bin/printpdf %s lpq command= lprm command= printer driver=HP C LaserJet 4500-PS printer driver location=\\%h\printer$ [printer$] path=/home/public/driver guest ok=yes read only=yes -- Really hope this report has all data you need to answer my question! Ask me more info you'd need. -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Found MS-Word 97 Samba bug : diagnostic found!
On February 14, [EMAIL PROTECTED] said: And, here what I have!!! : First file has NO PROBLEM, second one HAS READ ONLY ERROR, (but not if the file is REOPEN again): -rw-rw-r--1 nobody nogroup 37888 Feb 14 11:46 test_file_1.doc -rwxr--r--1 nobody nogroup 37376 Feb 14 2003 test_file_2.doc Look at date Feb 14 2003: erkk!! this is not a standard date!!! I presume that's output from ls -l. I would hazard a guess that your server and client clocks are not in sync. If you're on linux, try ls --full-time Cheers, Waider. -- We are experiencing MVS processor spin loops, the programs are running while holding a disabled CPU. This is causing XCF communication delays to the point where we are losing VTAM RTP routing, are suffering OSPF adjacency failures on TCP/IP dynamic routing and MIM VCF failures. - Reported via Slashdot -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Found MS-Word 97 Samba bug : diagnostic found!
I presume that's output from ls -l. I would hazard a guess that your server and client clocks are not in sync. If you're on linux, try ls --full-time Yes! It's ls -l output I've posted. And yes again, client and server are not in sync. Do you mean that way I've to install ntpd and sync date/hour mechanism between samba server and clients? Why? Is there any paragraph on this in the samba howto collection? Thanks a lot!! -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Found MS-Word 97 Samba bug : diagnostic found!
On February 14, [EMAIL PROTECTED] said: I presume that's output from ls -l. I would hazard a guess that your server and client clocks are not in sync. If you're on linux, try ls --full-time Yes! It's ls -l output I've posted. And yes again, client and server are not in sync. Do you mean that way I've to install ntpd and sync date/hour mechanism between samba server and clients? You don't have to, but it's probably a good idea. Note that you can run net time \\sambaserver /set on the clients to sync them up with the server. Why? Is there any paragraph on this in the samba howto collection? Dunno. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It's a kludge to stop some old systems from breaking, as far as I know. Much like the rest of Unix, really. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Found MS-Word 97 Samba bug : diagnostic found!
Do you mean that way I've to install ntpd and sync date/hour mechanism between samba server and clients? It's always a good idea to have the workstations in sync. Type this in a .bat file, that loads at start: NET TIME \\SERVER /SET /YES -- frankie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding Printer driver with cupsaddsmb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, after build some new packages for Debian Woody of the 1.1.18 release of samba and fiddling with user permissions I successfully added the printer drivers to my samba box. But I was not satisfied with the results which the adboe postscript drivers gave me because the printer did, what it wanted to do and so I changed the printer driver to apple's laserwriter II which is much better, because it is the most stupid driver I found. If someone is interested in the new cups packages I can provide an url to them. Thanks a lot to all who helped me, Nicki Messerschmidt - -- Linksystem Muenchen GmbH [EMAIL PROTECTED] Schloerstrasse 10 http://www.link-m.de 80634 Muenchen Tel. 089 / 890 518-0 We make the Net work. Fax 089 / 890 518-77 -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com Comment: Get my key at: https://www.link-m.de/pgp/n.messerschmidt.asc iQA/AwUBPkzLOus1nPm17iBDEQLqpwCfZswZ5EHdDbrl4o8Veqwbm6GBj30AoMUB /TgVcGcO8+EELDPZIgAhYBAa =X2bQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba Digest, Vol 2, Issue 51
O email [EMAIL PROTECTED] foi alterado para [EMAIL PROTECTED], entretanto a sua mensagem foi redirecionada para o novo email. Atenciosamente, American BankNote Ltda -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 AD usage problems
On Fri, Feb 14, 2003 at 10:45:38AM +0800, Catherine Shen wrote: You mean the authentication or the changing password part?? I mean I didn't try that specific test you were talking about, the one mapping a network drive from the command prompt. Are they not supported at all?? I assumed that a Samba 3.0 server joining Win2K domain means that it can authenticate a Win2k domain user. It can. On the network-neighbourhood-thing, click on the samba machine, and samba will authenticate you against the win2k server. Thus the user can map a network share folder which locates in the Samba 3.0 server. Changing user passwords via the Samba 3.0 server is just a minor thing compared to the authenticating part.. On the samba server I can change passwords via kpasswd, for example. Haven't tried it on another machine yet. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problems with win 2k
Hi, I'm runnig a red hat 8 with a samba 2.2.5 and my client computer is configured in our network with dhcp. But the problem is I can see my computer from a NT4 system with sp6 and from a win 2k I can not see him. I put in the smb.conf file encrypted passwords = yes. What else should I do? Thank you! Cristi S -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to join a linux machine to a pure ActiveDirectoryDomain using Samba 3.0alpha21?
Kurt Weiss schrieb: mission impossible! windows XP home does not support domains!! Well, as pointed out in the link, that's not true. But as I said, how did this link help with my problem? Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (en) Homepage: http://www.iso-top.biz | Jabber: [EMAIL PROTECTED] iso-top.biz - Die günstige Art an Linux Distributionen zu kommen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain users in local groups with Winbind/Samba/Redhat
Date: Fri, 14 Feb 2003 11:37:53 +0100 (MET) From: Matthias Rutzki [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] domain users in local groups with Winbind/Samba/Redhat Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Message: 8 Hi, I am running a Samba 2.2.7a on Redhat 7.3 in a NT domain. For authentication I am using the domainusers.This is done by Winbind 2.2.7a which verifies the existens of the users on the PDC. So I dont't have to create local users (/etc/passwd) for users who want to connect to the shares in the smb.conf. I authorise them by adding valid users = domain+domainuser to the smb.conf. This works very well. Now my problem: By writing valid users = @localgroup or +localgroup I can authorise local groups (/etc/group) to connect to the shares. Now I want to add the domainusers to some local groups.Putting the domainusers in groups should save much time because otherwise I have to add each domainuser for every share seperatly. E.g. valid users = domain1+domainuser domain2+domainuser2 I have tried it with: usermod -g localgroup domain+domainuser which ends in this message: usermod: domain+domainuser not found /etc/passwd I know this is message is right because there is no domainuser in /etc/passwd. But how can I assort the domainusers? Is there a way to use groups of domainusers who are verified by winbind in the smb.conf? valid users = @localgroup @'Domain1+group1' -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba in Samba
Thanks a lot, The problem was in smb.conf location. In Debian package it is /etc/smb.conf, not /usr/local/samba/lib/smb.conf as was more familiar for me. I also rebuilt 2.2.7a from source as I need NIS+ support. Cyril. Chris de Vidal wrote: --- Cyril Y. Nickonorov [EMAIL PROTECTED] wrote: I have a Samba PDC installed to authorize my windows network clients. And it is running on Solaris. I want to install a one another Samba file server and I want it to authorize windows clients by consulting the PDC. This second server must also paricipate in the domain the PDC is responsible for. How can I do this? Use security = domain and password server = hostname of the PDC in smb.conf. Add the Windows users on the *nix box without a password, or set up Winbind. Man smb.conf, get a good book (O'Reilly's Using Samba 2 is out this month!), check out the docs in /usr/share/doc or on Samba.org for details, or search this mailing list on marc.theaimsgroup.com for help. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: problems with win 2k (Cristi S)
Hi, I'm runnig a red hat 8 with a samba 2.2.5 and my client computer is = configured in our network with dhcp. But the problem is I can see my = computer from a NT4 system with sp6 and from a win 2k I can not see him. = I put in the smb.conf file encrypted passwords =3D yes. What else should I do? Thank you! Cristi S Two things to try early on. 1. Make sure you can ping the redhat machine from the W2K system. This way you know you have connectivity to the box. 2. From start-run execute: \\nameOfRedhatsystem This will attempt to open an explorer window to the RH system. If this works, your problem is likely with the machines being in the same workgroup or some other WINS problem. W2K machines can use WINS in addition to Active Directory, but I am not sure if it something you have to turn on. If it does not work, check the Samba logs to see if there are errors reported. The HTML in the using_samba directory contains the book Using Samba which I found to be very useful. It has a section with a step by step to track down this type of problem. I happened to read the dead tree version of the book first, but cd'ing into the directory and doing a grep makes finding things pretty easy. -- Robert E. Styma Principal Engineer AG Communication Systems, Phoenix - A subsidiary of Lucent Email: [EMAIL PROTECTED] Phone: 623-582-7323 FAX: 623-581-4884 Company: http://www.agcs.com Personal: http://www.swlink.net/~styma -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Stopping Net Access without proper login.
I as wondering how I can stop a user from accessing the net if they just Cancel out of the logon. I know I can use the poledit, but I prefer to do it from samba. Id Imagine it has something to do with mapping to a guest user who has no access. Can someone clarify this for me? Ty Kev -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: OT: suggestion! (was Re: [Samba] !!ATTENTION NEWBIES!!)
--- Kurt Weiss [EMAIL PROTECTED] wrote: wow / i did newer see such a response to a theme as in this case! :-O Yeah, it actually had the opposite effect of what I was begging people to do :-P here's a suggestion: i did send (in a view cases) a short message to this 'NEWBEES' with important internet links, such as: (e.g.) http://www.samba.org/samba/ml-etiquette.html http://hr.uoregon.edu/davidrl/samba/ http://at.samba.org/samba/docs/ As did I. The message I wanted to get across was, Help yourself, this is why... This is how I help myself; here are ALL of the resources I've used! It just was misunderstood, I believe. I thought I was doing a service, but as I read it again, it looked like an angry slam, not what I hoped. Why can't we all get video email so inflections can be easier seen? (-: I actually spend more time with my email client helping newbies with greatly detailed letters than any other thing. A slam wasn't intended, and I'm sorry I was misunderstood. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to join a linux machine to a pure ActiveDirectoryDomain using Samba 3.0alpha21?
On Fri, 14 Feb 2003 14:00:08 +0100, Alexander Skwar [EMAIL PROTECTED] wrote: Kurt Weiss schrieb: mission impossible! windows XP home does not support domains!! Well, as pointed out in the link, that's not true. But as I said, how did this link help with my problem? This is from Microsoft's web site: http://microsoft.com/windowsxp/home/evaluation/overviews/xpindomain.asp Both Windows XP Home Edition and Windows XP Professional allow you to connect to resources in a domain, either on the local network, or via a Remote Access Services (RAS) or virtual private network (VPN) connection. But Windows XP Professional is the only version of Windows XP that allows users to join and be managed by the domain (e.g., by logon scripts or group policies). So it would appear that Kurt was correct JA -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Attention newbies, an apology.. I WASN'T slamming you.
I'm sorry I gave the appearance I was slamming you. The tone was supposed to be Please, help yourself first, here's why... here's ALL of the resources I use to help myself. I've successfully been able to keep questions about Samba to this list down to a minimum by first consulting all of my sources and perhaps you can, too. As I read it again, it had the appearance of hatred and anger, and I really didn't want that. I actually spend ALOT of time answering simple questions in our LUG mailing list, in person, over the phone, and in the class we put on. Newbies are important, and I haven't forgotten where I came from. The first time I used Linux, the help command didn't help, info didn't give me info, and dir didn't even work. I haven't forgotten that. I just want you to learn how to help yourself. So if you were offended, please accept my apology, understand my point, and look at the original email again; there's good information in it how to help yourself: http://marc.theaimsgroup.com/?l=sambam=104516703506897w=2 Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: OT: suggestion! (was Re: [Samba] !!ATTENTION NEWBIES!!)
Chris, I have read a few more of your responses. It appears that you believe wholeheartedly that your more advanced questions are going unanswered simply because of the volume of lower skilled questions. Well, how do you know that there are enough people on the mailing list that have experienced the more advanced issues you are experiencing? Then, out of those people, how many of those do you believe will take their time to answer your questions? It is likely that the number is quite low. While I don't consider myself an expert with Samba, I can answer a few advanced questions and a glut of basic questions. When I was in the midst of configuring the domain controllers we are using, I read and answered dozens upon dozens of questions, newbie and otherwise. However, since I now have my issues resolved, I answer far fewer questions then I did previously. I believe that is very common amongst users that move beyond the basics of Samba and most other services. Once they have the majority of their issues resolved, they move one. So, it is likely that if all the Newbs started researching from the get go and rarely ever posted to the Samba list with their basic questions, you would still find your more advanced questions go unanswered. That's just the way things go. I would like to apologize for the feather ruffling that I have done regarding this issue. I didn't have all the information behind your issue until I read a few of your posts after the flames I started fanning. I wish you the best with finding the answers to your more advanced questions. I know that many of mine go unanswered and that is just the way it goes. Regards, Robert Adkins II IT Manager/Buyer Impel Industries, Inc. 586-254-5800 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chris de Vidal Sent: Friday, February 14, 2003 9:16 AM To: Kurt Weiss Cc: [EMAIL PROTECTED] Subject: Re: OT: suggestion! (was Re: [Samba] !!ATTENTION NEWBIES!!) --- Kurt Weiss [EMAIL PROTECTED] wrote: wow / i did newer see such a response to a theme as in this case! :-O Yeah, it actually had the opposite effect of what I was begging people to do :-P here's a suggestion: i did send (in a view cases) a short message to this 'NEWBEES' with important internet links, such as: (e.g.) http://www.samba.org/samba/ml-etiquette.html http://hr.uoregon.edu/davidrl/samba/ http://at.samba.org/samba/docs/ As did I. The message I wanted to get across was, Help yourself, this is why... This is how I help myself; here are ALL of the resources I've used! It just was misunderstood, I believe. I thought I was doing a service, but as I read it again, it looked like an angry slam, not what I hoped. Why can't we all get video email so inflections can be easier seen? (-: I actually spend more time with my email client helping newbies with greatly detailed letters than any other thing. A slam wasn't intended, and I'm sorry I was misunderstood. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: asking smart/polite questions (was Re: [Samba] !!ATTENTIONNEWBIES!!)
Martin Pool wrote: On 13 Feb 2003, Neal Lawson [EMAIL PROTECTED] wrote: Well, i dont , feel that the newbies comment was in the spirit of the open source, This list is here to help people, and if sombody is asking a question, its part of the opensource comunity's responsibilty to try to help I don't know where you get this responsibility idea. I don't remember seeing your name on my paycheque. If you perceive a responsibility, you should answer questions or write documentation yourself. I'm a nice guy. I like helping people. But it really shits me that some people think that I'm *obliged* to help random people on the Internet, and that they're allowed to make rude and illiterate demands of free software developers. Not being fluent in English or being new to Linux is absolutely fine. Acting like an ass is not. I'm saying this in a constructive spirit: it is a demonstrable fact that well-formed, polite, thoughtful questions get answers and other ones get deleted. I feel as computer professionals we are OBLIGED to help, it is the responsible thing to do, especially with opensoure, for any sucess of opensourse software we cant't affored to a** holes ... just my two cents worth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: OT: suggestion! (was Re: [Samba] !!ATTENTION NEWBIES!!)
--- Robert Adkins II [EMAIL PROTECTED] wrote: I have read a few more of your responses. It appears that you believe wholeheartedly that your more advanced questions are going unanswered simply because of the volume of lower skilled questions. That was but one of the 5 points I was making. The other four: 1. Newbies, your questions will often go unanswered 2. Help yourself, here's how 3. Developers are likely to be overwhelmed by the volume of simple questions. I'd much rather have them improve Samba than answer how do I mount an NT share for the 20th time. 4. It's just disrespectful when they went to alot of work writing documents. Well, how do you know that there are enough people on the mailing list that have experienced the more advanced issues you are experiencing? Then, out of those people, how many of those do you believe will take their time to answer your questions? It is likely that the number is quite low. You really must know what questions I'd asked to say that. Please don't assume. I would like to apologize for the feather ruffling that I have done regarding this issue. I didn't have all the information behind your issue until I read a few of your posts after the flames I started fanning. Thanks, Robert! Apology accepted. Please accept my apology for being arrogant at your responses. I _really_did_ want to help, not bash. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as WinNT Password Change Prompt HELP ME!!!
Dear Group, it is not possible that nobody encountered my problem: I'm using samba as PDC and all works fine but i want to do a thing that it is not explained in any samba manual i could found in Internet. Under WinNT when you create a new user there is the checkbox that allows the new user to change the password at the first login presenting an automatic prompt to do so. Is any string available to put in smb.conf to do that or some other stuff to make this thing possible? Thank You Very Much, Lorenzo Allori The Medici Archive Project System Administrator [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind login names
I'm a bit of a samba newbie, but I've googled all morning for an answer before posing this question. I'm using winbind to authenticate telnet user logins against my PDC. (Yes, I know - I'll be switching to ssh shortly :-) Anyways, I was wondering if there is a way to eliminate the need to enter the domain as part of the user name when logging in. We only have one domain, and I'd like users to be able to type the exact username / password. Currently, a user has to type DOMAIN-USERNAME when logging in. Is there somewhere I can define the domain as some kind of default value as it relates to login names? Thanks! Chris Merkel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Winbind: login cannot find name for group ID XXXXXONLY RedHat 8
Well I finally had time to look at this and I think I found the problem. When glibc passes a buffer to winbind to hold the group membership the buffer is too small. fill_grent() in libnss_winbind rightfully returns NSS_TRYAGAIN and sets errno to ERANGE. This *should* make glibc realloc the buffer and try again, but it looks like it never does. Short version: I think it's a problem with RedHat 8's glibc and not Samba. I've submitted a report to Bugzilla as I'm not tinkering with glibc on a server! :) Dave On Tuesday 28 January 2003 12:00 pm, Rene Brask Soerensen wrote: David Boynton [EMAIL PROTECTED] writes: Sigh... I also have the same problem. Unfortunately I was distracted last week while I was looking into it. It seems that the communication between the nsswitch module and winbindd is broken. On my box Winbind sees all the groups fine, but the function getpwent() seems broken (somewhere). I think I'm going to try rebuilding from source and seeing if that fixes the problem. Has anyone else experienced this? If so, do you hold the same contempt for RedHat 8.0 that I do? :) Same problem here, also on RedHat 8.0 If you solve it will you then post the solution ;) Thanks Regards Rene -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind login names
I think if you add - 'winbind use default domain = Yes' - that should do the trick. Thank you Jenn Fountain -Original Message- From: Chris Merkel [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: [Samba] Winbind login names I'm a bit of a samba newbie, but I've googled all morning for an answer before posing this question. I'm using winbind to authenticate telnet user logins against my PDC. (Yes, I know - I'll be switching to ssh shortly :-) Anyways, I was wondering if there is a way to eliminate the need to enter the domain as part of the user name when logging in. We only have one domain, and I'd like users to be able to type the exact username / password. Currently, a user has to type DOMAIN-USERNAME when logging in. Is there somewhere I can define the domain as some kind of default value as it relates to login names? Thanks! Chris Merkel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind: login cannot find name for group ID XXXXX ONLY RedHat 8
--- David Boynton [EMAIL PROTECTED] wrote: Short version: I think it's a problem with RedHat 8's glibc and not Samba. I've submitted a report to Bugzilla as I'm not tinkering with glibc on a server! :) And I don't know enough about glibc to tinker, either. I had a hunch it was a RedHat library problem but wasn't sure. Seems like there's alot of weird things in RH8. It's still usable, just weird little things like this all over. I'm hoping 8.1 is better. Thanks Dave, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinNT Password Change Prompt
On Fri, 14 Feb 2003, Allori Lorenzo wrote: Dear Group, I'm using samba as PDC and all works fine but i want to do a thing that it is not explained in any samba manual i could found in Internet. Under WinNT when you create a new user there is the checkbox that allows the new user to change the password at the first login presenting an automatic prompt to do so. Is any string available to put in smb.conf to do that or some other stuff to make this thing possible? This is not possible with samba 2.2.x but we are working on facilities that may provide this sometime during the life of samba-3.0.x. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] About SRC
Hi, I need one copy of one src samba package. I try with samba-2.2.7, download from Samba site, but it not work. Somebody cant tell something about. Amilkar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain users in local groups with Winbind/Samba/Redhat
Am 14 Feb 2003 um 15:52 hat Buchan Milne geschrieben: Date: Fri, 14 Feb 2003 11:37:53 +0100 (MET) From: Matthias Rutzki [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] domain users in local groups with Winbind/Samba/Redhat Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Message: 8 Hi, I am running a Samba 2.2.7a on Redhat 7.3 in a NT domain. For authentication I am using the domainusers.This is done by Winbind 2.2.7a which verifies the existens of the users on the PDC. So I dont't have to create local users (/etc/passwd) for users who want to connect to the shares in the smb.conf. I authorise them by adding valid users = domain+domainuser to the smb.conf. This works very well. Now my problem: By writing valid users = @localgroup or +localgroup I can authorise local groups (/etc/group) to connect to the shares. Now I want to add the domainusers to some local groups.Putting the domainusers in groups should save much time because otherwise I have to add each domainuser for every share seperatly. E.g. valid users = domain1+domainuser domain2+domainuser2 I have tried it with: usermod -g localgroup domain+domainuser which ends in this message: usermod: domain+domainuser not found /etc/passwd I know this is message is right because there is no domainuser in /etc/passwd. But how can I assort the domainusers? Is there a way to use groups of domainusers who are verified by winbind in the smb.conf? valid users = @localgroup @'Domain1+group1' My experiences with Samba in domains are not very big. So, what does 'Domain1+group1' mean? Domain1 = any Domain in my Network or the Domain which Samba has joined? group1= any group that exists in Domain1? But thank you for your answer.It seems that this kind problem is poorly documented... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Stange output when sid to name
Has anyone seen this? When I run ./wbinfo -s $sid (insert actual sid), I get domain+domain users 2. Every group has a '2' after it. I cannot find why this is happening anywhere??? I am running samba 2.2.7a on hpux11. Thank you Jenn Fountain -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] About SRC
Amilkar -- I'm not sure what you are asking for. The samba source package is a little to big for email. Try this link: http://us1.samba.org/samba/ftp/samba-latest.tar.gz Is that what you were asking? Amilkar Sanz Lara wrote: Hi, I need one copy of one src samba package. I try with samba-2.2.7, download from Samba site, but it not work. Somebody cant tell something about. Amilkar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba Digest, Vol 2, Issue 52
O email [EMAIL PROTECTED] foi alterado para [EMAIL PROTECTED], entretanto a sua mensagem foi redirecionada para o novo email. Atenciosamente, American BankNote Ltda -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain users in local groups with Winbind/Samba/Redhat
[EMAIL PROTECTED] wrote: Am 14 Feb 2003 um 15:52 hat Buchan Milne geschrieben: valid users = @localgroup @'Domain1+group1' My experiences with Samba in domains are not very big. So, what does 'Domain1+group1' mean? Domain1 = any Domain in my Network or the Domain which Samba has joined? group1= any group that exists in Domain1? Remember that there is not really a distinction between domain groups and local grops on unix. With winbind (assuming you had used + as the domain seperator), winbind will return groups to the system as DOMAIN+username for any domain trusted by the domain winbind is a member of. The use of the quotes protects the string from being mangled by samba (especially where there are spaces in the group name). But thank you for your answer.It seems that this kind problem is poorly documented... I have not run winbind in a mutli-domain setup before, but this is supposed to work. You should try some experiments with $ getent passwd $ getent group $ wbinfo -g $ wbinfo -u to see more. Note that getent is a generic command on unix, and will show any entries that are accessible (from local files, NIS, ldap, winbind etc). wbinfo is specific to winbind. Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain users in local groups with Winbind/Samba/Redhat
Well, I got this to work once by manually editing the /etc/group file, like adding the line: localgroup:x:gid: domain+user1,domain+user2,etc I don't know if this is a safe thing to do, however. :) Dave On Friday 14 February 2003 03:37 am, Matthias Rutzki wrote: Hi, I am running a Samba 2.2.7a on Redhat 7.3 in a NT domain. For authentication I am using the domainusers.This is done by Winbind 2.2.7a which verifies the existens of the users on the PDC. So I dont't have to create local users (/etc/passwd) for users who want to connect to the shares in the smb.conf. I authorise them by adding valid users = domain+domainuser to the smb.conf. This works very well. Now my problem: By writing valid users = @localgroup or +localgroup I can authorise local groups (/etc/group) to connect to the shares. Now I want to add the domainusers to some local groups.Putting the domainusers in groups should save much time because otherwise I have to add each domainuser for every share seperatly. E.g. valid users = domain1+domainuser domain2+domainuser2 I have tried it with: usermod -g localgroup domain+domainuser which ends in this message: usermod: domain+domainuser not found /etc/passwd I know this is message is right because there is no domainuser in /etc/passwd. But how can I assort the domainusers? Is there a way to use groups of domainusers who are verified by winbind in the smb.conf? Thank you for your efforts. Greetings Matthias -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to join a linux machine to a pure Active DirectoryDomain using Samba 3.0alpha21?
Date: Fri, 14 Feb 2003 09:25:01 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] How to join a linux machine to a pure Active DirectoryDomain using Samba 3.0alpha21? Message-ID: [EMAIL PROTECTED] References: 20030214130008$[EMAIL PROTECTED] 20030214130008$[EMAIL PROTECTED] 20030214130008$[EMAIL PROTECTED] 20030214130008$[EMAIL PROTECTED] Message: 9 On Fri, 14 Feb 2003 14:00:08 +0100, Alexander Skwar [EMAIL PROTECTED] wrote: Kurt Weiss schrieb: mission impossible! windows XP home does not support domains!! Well, as pointed out in the link, that's not true. But as I said, how did this link help with my problem? So it would appear that Kurt was correct JA Who cares ##@$@! This has nothing to do with Alexanders original question or the subject, so please stay on topic for the thread and do not use your post to hijack the thread. If you want to debate the capabilities of windows XP home, please at least start your own thread, or even better, move it to a different list. I still want to follow the AD-part of this thread, and have no interest in the Windows XP bit (I deal with Windows XP more than I want to as it is). Buchan -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: domain users in local groups with Winbind/Samba/Redhat
--- David Boynton [EMAIL PROTECTED] wrote: Well, I got this to work once by manually editing the /etc/group file, like adding the line: localgroup:x:gid: domain+user1,domain+user2,etc I don't know if this is a safe thing to do, however. :) I don't believe you can safely manually edit this file, as you would probably also have to edit /etc/gshadow to match. Unix/Linux has a tool called gpasswd that will do this for you: gpasswd -a user group It lets you add users to a group without them existing in /etc/passwd (they don't even have to exist at all). Combine this with winbind use default domain = yes in smb.conf and you're ready to go. For example, in the domain ABC for the user john, do this to add him to a 'local' Unix group called smbusers: gpasswd -a john smbusers With winbind use default domain = yes you don't need to prefix it with your domain. Slick, huh? (: Good luck, /dev/idal On Friday 14 February 2003 03:37 am, Matthias Rutzki wrote: Hi, I am running a Samba 2.2.7a on Redhat 7.3 in a NT domain. For authentication I am using the domainusers.This is done by Winbind 2.2.7a which verifies the existens of the users on the PDC. So I dont't have to create local users (/etc/passwd) for users who want to connect to the shares in the smb.conf. I authorise them by adding valid users = domain+domainuser to the smb.conf. This works very well. Now my problem: By writing valid users = @localgroup or +localgroup I can authorise local groups (/etc/group) to connect to the shares. Now I want to add the domainusers to some local groups.Putting the domainusers in groups should save much time because otherwise I have to add each domainuser for every share seperatly. E.g. valid users = domain1+domainuser domain2+domainuser2 I have tried it with: usermod -g localgroup domain+domainuser which ends in this message: usermod: domain+domainuser not found /etc/passwd I know this is message is right because there is no domainuser in /etc/passwd. But how can I assort the domainusers? Is there a way to use groups of domainusers who are verified by winbind in the smb.conf? __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] linux newbie classes taught by Chris de Vidal
In one of your replies to the attention newbies... series, you mentioned you teach a linux newbie class. I'm interested (seriously, or sarcasm) in checking out one of your seminars. Where do I get information? Brad Peters [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain users in local groups
Can I actually create a Domain Users group on my samba server and add users to it like I did with the Domain Admins group? That would be easier than adding each user individually on each folder that they need to access... (It's always easier to add DOMAIN\Domain Users instead of DOMAIN\User1 DOMAIN\User2...etc) Or just add Domain Users to the local Power Users group. Jim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain users in local groups
According to the docs of v2.2.7, domain groups are not supported at this time. What I've done and my env btw is; Samba PDC Samba file servers XP/2K/Linux/MacOSX clients Created some groups in /etc/group and assigned users in /etc/passwd to the appropriate groups. Then in my smb.conf file I have; under [share] force dir mode = ### force create mode = ### and the according group/user ownership on the dir of the file server (some shell scripting to further modify the perms as needed for finer garnular perms). Make sure your /etc/{passwd,group} files are in snyc. I will play with windbind and ACLs in the future but the above was a simple implementation. Bri- __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Microsoft Access file locking woes
Hello, I'm trying to open an Access application on two NT workstations with the result that one of them fails to open with the following error message: Could not lock file smbstatus reports the file like this (on both machines) 13769 DENY_NONE 0x2019f RDWR NONE /storage/Ucall/Phone Cards DB/CustSer.mdb Fri Feb 14 14:39:42 2003 and (respectivly) 13769 DENY_NONE 0x2019f RDWR NONE /storage/Ucall/Phone Cards DB/CustSer.ldb Fri Feb 14 14:39:42 2003 Any suggestions? Thanks! Regards, Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Hoping to use FoxPro with Samba
On Fri, 14 Feb 2003, lrnobs wrote: John, I posted the following to the Samba list with no replies yet. Can you point me in the right direction? Larry, I noticed your posting but am very pushed to get some presentations ready so have have had to watch my time carefully. Samba does not do resource/load distribution. If you look at what happens, every MS Windows client connection will spawn it's own instance of smbd. How much CPU time each process gets is determined by the OS. This means that if you want to alter the time sharing control over each smbd then you will need to tune your kernel. This may recompilation of your OS kernel with custom time slice and process prioritization settings. You might care to look at the Linux kernel file ~linux/kernel/sched.c as it documents itself quite well. - John T. Thanks, Larry Nobs -- I want to put a Samba server online under RedHat 7.3 to replace an old Novell server. Oplocks is turned off. I ran a test last night with Visual FoxPro code like this: ** do while not flock()request a file lock try again endo get the date and time insert a record into a shared table unlock start over again *** I ran this on seven windows pcs simultaneously. 1. The record insertions would allow one pc to insert multiple records, for example 10 in a row before another computer had a chance to do an insertion. The same test on the Novell server would allow one or two records before it gave another computer a chance for an insertion. 2. After several thousand insertions I had only one pc consuming the time viewable with the top command. I killed that process but the other pcs still were not doing insertions. I killed the process on a second pc and then the rest were free to insert records. How can I make the Samba server distribute time more evenly? I suspect that allowing one pc so much record insertion time to the exclusion of others created my lock up. Thanks, Larry Nobs -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Microsoft Access file locking woes
I would look at oplocks and turning it off on certain files or dirs. Run testparm on your smb.conf to see how Samba is configured. Bri- __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] limits question
what do the following values in local.h do with respect to a single smbd or are they absolute limits? please explain... #define MAX_DIRECTORY_HANDLES 2048 #define MAX_OPEN_DIRECTORIES 256 #define MAX_OPEN_PIPES 2048 Thank you! Bill -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba on Solaris9
Samba-Persons, Could someone help me with the location of a specific 'how-to' to get samba up and running on Solaris 9 (64bit). Or any other info on the subject. _:-) Paul Ketelaar, Assoc. Dip. Eng. (Elec) Paul Ketelaar - ITT and WWW Design Consultants ABN: 54 704 496 833 SuSE Linux Solution Provider [EMAIL PROTECTED] Ph: 0407 037548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: linux newbie classes taught by Chris de Vidal
--- Brad Peters [EMAIL PROTECTED] wrote: In one of your replies to the attention newbies... series, you mentioned you teach a linux newbie class. I'm interested (seriously, or sarcasm) in checking out one of your seminars. Where do I get information? A few other JaxLUG members and I are puting it on (free) at a community college in Jacksonville, FL. If you live nearby, shoot me an email. If not, I can provide notes from the class. Check http://www.JaxLUG.org for details (not updated right now but perhaps soon). /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[PATCH] Re: [Samba] 2.2.7a panic with VFS Audit when writing file(reading is ok)
I got this working with the following patch. I'm not sure if this is the cleanest possible fix, but it works for me. -hal --- samba-2.2.7a-dist/examples/VFS/audit.c Tue Dec 10 09:57:59 2002 +++ samba-2.2.7a/examples/VFS/audit.c Fri Feb 14 10:50:18 2003 @@ -288,36 +288,48 @@ int audit_chmod_acl(struct connection_struct *conn, const char *path, mode_t mode) { - int result = default_vfs_ops.chmod_acl(conn, path, mode); - - syslog(SYSLOG_PRIORITY, chmod_acl %s mode 0x%x %s%s\n, - path, mode, - (result 0) ? failed: : , - (result 0) ? strerror(errno) : ); - - return result; + int result; + + if (!default_vfs_ops.fchmod_acl) { + return 0; + } else { + result = default_vfs_ops.chmod_acl(conn, path, mode); + + syslog(SYSLOG_PRIORITY, chmod_acl %s mode 0x%x %s%s\n, + path, mode, + (result 0) ? failed: : , + (result 0) ? strerror(errno) : ); + + return result; + } } int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode) { int result = default_vfs_ops.fchmod(fsp, fd, mode); - + syslog(SYSLOG_PRIORITY, fchmod %s mode 0x%x %s%s\n, fsp-fsp_name, mode, (result 0) ? failed: : , (result 0) ? strerror(errno) : ); - + return result; } int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode) { - int result = default_vfs_ops.fchmod_acl(fsp, fd, mode); - - syslog(SYSLOG_PRIORITY, fchmod_acl %s mode 0x%x %s%s\n, - fsp-fsp_name, mode, - (result 0) ? failed: : , - (result 0) ? strerror(errno) : ); - - return result; + int result; + + if (!default_vfs_ops.fchmod_acl) { + return 0; + } else { + result = default_vfs_ops.fchmod_acl(fsp, fd, mode); + + syslog(SYSLOG_PRIORITY, fchmod_acl %s mode 0x%x %s%s\n, + fsp-fsp_name, mode, + (result 0) ? failed: : , + (result 0) ? strerror(errno) : ); + + return result; + } } Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 11 Feb 2003, Chris Shenton wrote: === [2003/02/11 10:19:47, 0] lib/fault.c:fault_report(39) INTERNAL ERROR: Signal 11 in pid 6357 (2.2.7a) Please read the file BUGS.txt in the distribution [2003/02/11 10:19:47, 0] lib/fault.c:fault_report(41) === already reported. We'll get this fixed for 2.2.8 thanks, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+S9pjIR7qMdg1EfYRAjhlAKCEp+8umQYRaNU6QdSTZY//Gcu6IgCgr5jQ W1WWnw027E1OJ7TV0gT8/Ww= =U+PS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 3.0 with active directory
i have installed samba 3.0 with kerberos and openldap library , in my smb.conf i put realm=DOMAIN.COM security=ads .. but when i try to authenticate with acitve directoey server i have in my log samba NT status wrong password excuse me for my english and thank you ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain group map
Does the param domain group map still exist? if not, what has replaced it? I ran a testparm on my smb.conf it and says that it is an unrecognized parameter. Jim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain group map
I ran a testparm on my smb.conf testparm is a good tool. If certain options are incorrect or depreciated then this is the best way to find out. I'd do a google search as thats how I fixed most of my probs. Bri- __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba permissions problem
Here is the situation. I have setup a samba server to authenticate against Active Directory. I have created a group under my Linux server and created all the accounts that need to access the share and placed them in the Linux group on the samba server. I gave the group full rights to the samba share, but when a user from the group adds to the samba share a file or directory he or she now owns the file or new directory, and if another user tries to add to the file or create a file or another directory under the new created file or directory the user gets permission denied and I have to re-apply the permissions from the root of the samba share so the group owns everything again and not individual users. How can I setup the share so only the group owns it no matter what user in the group adds to the share. Thank you, Juan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] permission issues
Here is the situation. I have setup a samba server to authenticate against Active Directory. I have created a group under my Linux server and created all the accounts that need to access the share and placed them in the Linux group on the samba server. I gave the group full rights to the samba share, but when a user from the group adds to the samba share a file or directory he or she now owns the file or new directory, and if another user tries to add to the file or create a file or another directory under the new created file or directory the user gets permission denied and I have to re-apply the permissions from the root of the samba share so the group owns everything again and not individual users. How can I setup the share so only the group owns it no matter what user in the group adds to the share the group maintains the permissions and not the individual users. Thank you, Juan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba permissions problem
Here is the situation. I have setup a samba server to authenticate against Active Directory. I have created a group under my Linux server and created all the accounts that need to access the share and placed them in the Linux group on the samba server. I gave the group full rights to the samba share, but when a user from the group adds to the samba share a file or directory he or she now owns the file or new directory, and if another user tries to add to the file or create a file or another directory under the new created file or directory the user gets permission denied and I have to re-apply the permissions from the root of the samba share so the group owns everything again and not individual users. How can I setup the share so only the group owns it no matter what user in the group adds to the share. Thank you, Juan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba permissions problem
Here is the situation. I have setup a samba server to authenticate against Active Directory. I have created a group under my linux server and created all the accounts that need to access the share on the samba server. I gave the group the rights to the samba share, but when a user adds to the share a file or directory and I view the permissions under linux the owner of that new file, or directory is not the group anymore, its the creator. which creates a big problem because the group needs total access to any directory under the share and needs to have full access which I setup intially but when a user in the group creates a file he or she own it and other users can write to that directory. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] permission issues
How can I setup the share so only the group owns it no matter what user in the group adds to the share the group maintains the permissions under shares do; force group = Bri- __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdb-mysql HOWTO
On Thu, Feb 13, 2003 at 05:04:20PM +0100, Kenni wrote about '[Samba] pdb-mysql HOWTO': Hi, Does anyone know where I can find a tutorial about pdb-mysql ? I always checked http://us2.samba.org/samba/ftp/cvs_current/docs/htmldocs/pdb-mysql.html, but It seems to be a little bit complicated for me... I created a table called user, but I don't know how to fill it... Check out the contents of the directory examples/pdb/mysql/ in CVS HEAD. Jelmer -- Jelmer Vernooij [EMAIL PROTECTED] - http://nl.linux.org/~jelmer/ 01:43:35 up 3 days, 9:18, 13 users, load average: 1.20, 0.93, 0.48 msg14364/pgp0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba permissions problem
--- juan [EMAIL PROTECTED] wrote: Here is the situation. I have setup a samba server to authenticate against Active Directory. I have created a group under my linux server and created all the accounts that need to access the share on the samba server. I gave the group the rights to the samba share, but when a user adds to the share a file or directory and I view the permissions under linux the owner of that new file, or directory is not the group anymore, its the creator. which creates a big problem because the group needs total access to any directory under the share and needs to have full access which I setup intially but when a user in the group creates a file he or she own it and other users can write to that directory. This involves a basic but obscure feature of Unix security I didn't learn about until recently: Set Group ID (sgid) on directories. New files and directories created inside it inherit the group ID, and anyone in that group will automatically share permissions. You first chmod all directories (NOT files) in your share: find /path/to/share -type d -print0 | xargs -0 chmod g+s Explanation: find = the find command, which finds files matching criteria /path/to/share = any directory where you want to apply inheritence -type d = Directories -print0 = Print with no newlines, for xargs to read | = run this command on the output xargs = run a command on each line input -0 = data comes in with no newlines chmod = change mode g+rwxs = read, write, execute (browse), and set group id Then you chgrp all files: chgrp -R /path/to/share Explanation: chgrp = change group of the files/folders -R = Recursive Finally, add members to your group: gpasswd -a user group Explanation: gpasswd = the group password command, but we're not setting a password here -a = Add Have the users log out and back in again to take effect. From then on, all files created in that directory will be in the same group. The user doesn't truly matter, as long as you have at least ---r-x--- for group read-only directories, ---rwx--- for group writeable directories, ---r- for group readable files, ---rw for group writeable files. At least those permissions. You could then safely remove other permissions to prevent a breech in security, as everyone should be in that group to have access. This is also useful with Winbind and winbind use default domain = yes in smb.conf. I can create a group: groupadd smbwrite Add some users from my NT domain into it: for USER in chris steve mike; do gpasswd -a $USER smbwrite done Set my permissions: find /share/mis -type d -print0 | xargs -0 chmod g+s And then set the group ID: chgrp -R smbwrite /share/mis Also, sgid is the 2 bit in the first number of octal permissions (e.g. chmod 2770 some_directory). Don't forget to have your users log out before trying, and good luck. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: permission issues
--- [EMAIL PROTECTED] wrote: How can I setup the share so only the group owns it no matter what user in the group adds to the share the group maintains the permissions under shares do; force group = I forgot about that.. it works well, too (: Sgid is more flexible and works in the underlying filesystem, which is also more secure, especially if you allow local logins or have other services accessing the same files. We have NetAtalk and Samba, and this was the only way to go. Good catch, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinNT Password Change Prompt
On Sat, 2003-02-15 at 03:58, John H Terpstra wrote: On Fri, 14 Feb 2003, Allori Lorenzo wrote: Dear Group, I'm using samba as PDC and all works fine but i want to do a thing that it is not explained in any samba manual i could found in Internet. Under WinNT when you create a new user there is the checkbox that allows the new user to change the password at the first login presenting an automatic prompt to do so. Is any string available to put in smb.conf to do that or some other stuff to make this thing possible? This is not possible with samba 2.2.x but we are working on facilities that may provide this sometime during the life of samba-3.0.x. Such facilities are fully operational and have been very useful in my Samba 3.0alpha based production environment. I use our pdb_ldap to administer the system. The flag for this behavior is setting the 'pwdMustChange' LDAP attribute to 0. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba Digest, Vol 2, Issue 53
O email [EMAIL PROTECTED] foi alterado para [EMAIL PROTECTED], entretanto a sua mensagem foi redirecionada para o novo email. Atenciosamente, American BankNote Ltda -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Machine Account Passwords are changed on the WRONG server!!
Brian M Hoy wrote: Summary The second point happens, because the PC will _occasionally_ use a different DC to authenticate against (it's secure channel partner in MS parlance). If it just so happens to change its machine account password with this SCP, then the machine's domain membership is broken next time it uses its normal SCP. My Workaround I have a written a Perl script which fetches the machine account details from every LDAP server on our network and then figures out which one has the most recent machine account password, and then submits the change to the LDAP master so that it is replicated everywhere, thereby getting around these problems. It works, but is not ideal A quick look at the Samba source suggests that it would not handle LDAP referrals. Am I right here? If it did, then LDAP could be configured to give a referral to the LDAP master for changes, solving the problem (at least for LDAP users). samba 2.2.8 may help: 16) Fixes for --with-ldapsam * Default to port 389 when ldap ssl != on * add support for rebinding to the master directory server for password changes when ldap server points to a read-only slave -- Ignacio Coupeau, Ph.D. [EMAIL PROTECTED] CTI, Director [EMAIL PROTECTED] University of Navarra [EMAIL PROTECTED] Pamplona, SPAINhttp://www.unav.es/cti/
Re: Fw: About passwd changin
On Mon, Dec 30, 2002 at 10:56:19AM +0800, David wrote: Hi, Thanks for your kindly reply. So, you mean I should add a guest account to my unix system? Such as: pcguest? You probably already have one. It is called 'guest' or 'nobody' in Linux distributions. Commonly, leaving 'guest account' parameter unset is enough to get things working. cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Urgent! XP SP1 Profiles troubles
Help, please I have a several WinXP (w/o any SP, Russian) in Samba domain. Trouble: WinXP cann't load roaming profile. Workaround: add current user to local group Administrators. Working fine. Yesterday several WinXP SP1 Eng was installed. Trouble: WinXP cann't load roaming profile. Message: Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator. After that: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Unsuccessful loading profile due any operations with profile storage directory, managing permissions, adding user in local group, rejoining domain, full deleting profile, etc. Are there known troubles with SP1 ? I need change all XP Rus to Eng+SP1 due licensing change - several my machines are stalled until any workaround. Help!!! Sergey Zhukov. PS Sorry for my English. --- ___
Re: Samba 3.0alpha21, Windows XP SP1 and Kerberos authentication
Check the sPNMappings attribute: looks like the Windows 2000 KDC maps a number of things to HOST: dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=xad-0,d c=padl,dc=com sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicat or,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,i as,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstora ge,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclog on,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,ww w,http,w3svc,iisadmin -- Luke -- Luke Howard | PADL Software Pty Ltd | www.padl.com
Re: Samba 3.0alpha21, Windows XP SP1 and Kerberos authentication
On Fri, 14 Feb 2003, Luke Howard wrote: Check the sPNMappings attribute: looks like the Windows 2000 KDC maps a number of things to HOST: dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=xad-0,d c=padl,dc=com sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicat or,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,i as,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstora ge,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclog on,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,ww w,http,w3svc,iisadmin Hi, Good note, this is probably the cause. The only question is, if I do not add a CIFS/sambaserver.example.com SPN explicitly for my Samba server computer account, why do things fail? That is, why does this mapping not apply then? For normal Windows 2000 Servers this seems to work. Antti -- [EMAIL PROTECTED] Helsinki University of Technology Computing Centre
Re: LDAP machine accounts
On Fri, 2003-02-14 at 01:24, Stefan (metze) Metzmacher wrote: witch samba version are you using? 2.2.7a BTW: there are no files attached to your mail... They were attached, I will attach them again metze - Stefan metze Metzmacher [EMAIL PROTECTED] -- --- Daniel T. Gynn RHCE #806200978201621 Essential Systems, Inc. 412-931-5403 ext. 1 fax: 412-931-5425 [EMAIL PROTECTED] GnuPG Key http://www.essensys.com/~dan/gpgring.asc Fingerprint: 1341 3132 FDAC C415 8F5F 03D7 FD4E 166B FA90 58E1
Re: LDAP machine accounts
Daniel T. Gynn wrote: On Fri, 2003-02-14 at 01:24, Stefan (metze) Metzmacher wrote: BTW: there are no files attached to your mail... They were attached, I will attach them again Nope. None again. But looking in the headers: X-Content-Filtered-By: Mailman/MimeDel 2.1 The mailing list stripped the attachments (as it should, IMHO!). Can't you send diff patches for the changes you made? -- Illtud Daniel [EMAIL PROTECTED] Uwch Ddadansoddwr Systemau Senior Systems Analyst Llyfrgell Genedlaethol Cymru National Library of Wales Yn siarad drosof fy hun, nid LlGC - Speaking personally, not for NLW
Re: LDAP machine accounts
On Fri, 2003-02-14 at 10:37, Illtud Daniel wrote: Nope. None again. But looking in the headers: X-Content-Filtered-By: Mailman/MimeDel 2.1 The mailing list stripped the attachments (as it should, IMHO!). Can't you send diff patches for the changes you made? The diff for pdb_ldap.c is: --- samba-2.2.7a/source/passdb/pdb_ldap.c 2002-12-10 09:58:15.0 -0500 +++ ../samba-2.2.7a/source/passdb/pdb_ldap.c2003-02-13 15:49:18.0 -0500 @@ -2,6 +2,7 @@ Unix SMB/Netbios implementation. Version 2.9. LDAP protocol helper functions for SAMBA + Copyright (C) Daniel T Gynn 2003 Copyright (C) Gerald Carter 2001 Copyright (C) Shahms King 2001 Copyright (C) Jean Fran�is Micouleau 1998 @@ -590,8 +591,12 @@ */ sys_user = sys_getpwnam(username); if (sys_user == NULL) { - DEBUG (2,(init_sam_from_ldap: User [%s] does not ave a uid!\n, username)); - return False; + DEBUG (2,(init_sam_from_ldap: User [%s] does not have a uid!\n, username)); + + /* If we aren't looking for a machine then return false +*/ + if ( username[strlen(username) - 1] != '$' ) + return False; } @@ -625,8 +630,10 @@ pdb_set_hours_len(sampass, hours_len); pdb_set_logon_divs(sampass, logon_divs); - pdb_set_uid(sampass, sys_user-pw_uid); - pdb_set_gid(sampass, sys_user-pw_gid); + if (sys_user != NULL) { + pdb_set_uid(sampass, sys_user-pw_uid); + pdb_set_gid(sampass, sys_user-pw_gid); + } pdb_set_user_rid(sampass, user_rid); pdb_set_group_rid(sampass, group_rid); @@ -641,10 +648,12 @@ pdb_set_workstations(sampass, workstations); pdb_set_munged_dial(sampass, munged_dial); - if (!pdb_set_nt_passwd(sampass, smbntpwd)) - return False; - if (!pdb_set_lanman_passwd(sampass, smblmpwd)) - return False; + if (!pdb_set_nt_passwd(sampass, smbntpwd)) { + return False; + } + if (!pdb_set_lanman_passwd(sampass, smblmpwd)) { + return False; + } /* pdb_set_unknown_3(sampass, unknown3); */ /* pdb_set_unknown_5(sampass, unknown5); */ @@ -839,6 +848,7 @@ if (!ldap_open_connection(ldap_struct)) return False; + if (!ldap_connect_system(ldap_struct)) { ldap_unbind(ldap_struct); @@ -877,6 +887,16 @@ } /** +DTG. Get SAM_ACCOUNT entry from LDAP by username + Added to make sure get_md4pw in src_netlog_nt.c calls + the correct function +*/ +BOOL pdb_getldapsampwnam(SAM_ACCOUNT * user, char *sname) +{ + return pdb_getsampwnam ( user, sname ) ; +} + +/** Get SAM_ACCOUNT entry from LDAP by rid */ BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid) The diff for srv_netlog_nt.c: --- samba-2.2.7a/source/rpc_server/srv_netlog_nt.c 2002-05-18 09:40:44.0 -0400 +++ ../samba-2.2.7a/source/rpc_server/srv_netlog_nt.c 2003-02-13 15:45:52.0 -0500 @@ -7,6 +7,7 @@ * Copyright (C) Paul Ashton 1997. * Copyright (C) Jeremy Allison 1998-2001. * Copyirht (C) Andrew Bartlett 2001. + * Copyright (C) Daniel T Gynn 2003. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -173,7 +174,7 @@ unbecome_root(); if (ret==False) { - DEBUG(0,(get_md4pw: Workstation %s: no account in domain\n, mach_acct)); + DEBUG(0,(get_md4pw: Workstation %s: no account in domain via pdb_getsampwnam()\n, mach_acct)); pdb_free_sam(sampass); return False; } @@ -185,8 +186,32 @@ return True; } - DEBUG(0,(get_md4pw: Workstation %s: no account in domain\n, mach_acct)); - pdb_free_sam(sampass); + /* DTG. Added to check if workstation is in LDAP since it + isn't in the passwd file +*/ + DEBUG(1,(get_md4pw: Checking if workstation %s exists in LDAP\n, mach_acct)); + become_root(); + /* DTG. This just calls the pdb_getsampwnam in pdb_ldap.c + instead of the other functions with the same name +*/ + ret=pdb_getldapsampwnam(sampass, mach_acct); + unbecome_root(); + + if (ret==False) { + DEBUG(0,(get_md4pw: Workstation %s: no account in domain via pdb_getsampwnam()\n, mach_acct)); + pdb_free_sam(sampass); + return False; + } + + if
Re: LDAP machine accounts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13 Feb 2003, Daniel T. Gynn wrote: Hi all. I have been implementing a Windows Domain using Samba and LDAP and noticed that when validating a workstation, Samba would only check the /etc/passwd file and not LDAP. I changed the pdb_ldap.c and srv_netlog_nt.c code so that if a workstation isn't in the /etc/passwd file, it will check LDAP. I am attaching the two files. Please respond to my email address with any comments, as I haven't subscribed to this mailing list. This should be done via the nss_ldap layer in 2.2. What server OS are you using? People have already commented on 3.0 so i'll leave it at that. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+TS+oIR7qMdg1EfYRAqwwAJ47x5sVnaLQZ3QtOstqWokvLjI4uQCg6u1e vNogZ6jilejs0loT7FMgsk8= =H7S2 -END PGP SIGNATURE-
Re: Machine Account Passwords are changed on the WRONG server!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14 Feb 2003, Brian M Hoy wrote: If you believe the MS document, then the Samba BDC should pass the machine account password change request to the PDC. That would be nice! If you are using read-only replicas for Samba BDCs then the password change should be passed onto the master LDAP server via a referral. Did you say you were using samba 2.2? This is one fix that will be in 2.2.8 (was already in HEAD/SAMBA_3_0) cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+TTAqIR7qMdg1EfYRAvPKAKDV9MejCUe/+snpESKVgpgZ3n0h+wCgxJq4 H/+DjNJdM7EY/y5YXPVHVLU= =tbMS -END PGP SIGNATURE-
limits question
what do the following values in local.h do with respect to a single smbd or are they absolute limits? please explain... #define MAX_DIRECTORY_HANDLES 2048 #define MAX_OPEN_DIRECTORIES 256 #define MAX_OPEN_PIPES 2048 Thank you! Bill
Re: [PATCH] file change notification
Hello Hal, thanks for coding this patch, unfortunately it doesn't work for me. Checking the generated network packets with ethereal shows that the NT_NOTIFY packet I receive on the Windwows side is invalid. The packet (frame size as shown in ethereal) is much too short, it's size is 93 bytes, it should be 162. Below is the hex dump of a defect packet: 00 04 e2 1c 6f c0 00 04 e2 1c 6f 55 08 00 45 10 ..â.oÀ.. â.oU..E. 0010 00 4f 18 e6 40 00 40 06 a0 56 c0 a8 00 04 c0 a8 .O.æ@.@. VÀ¨..À¨ 0020 00 08 00 8b 04 c8 0e 6a 4a aa d4 2d f3 f9 50 18 .È.j JªÔ-óùP. 0030 16 d0 01 12 00 00 00 00 00 23 ff 53 4d 42 a0 00 .Ð.. .#ÿSMB . 0040 00 00 00 88 01 00 00 00 00 00 00 00 00 00 00 00 0050 00 00 01 00 9c 05 64 00 c0 6f 40 20 00..d. Ào@ . This is what a W2K generated packet looks like: 00 04 e2 1c 6f c0 00 50 56 4b 85 6f 08 00 45 10 ..â.oÀ.P VK.o..E. 0010 00 94 da 29 40 00 40 06 de bf c0 a8 00 12 c0 a8 ..Ú)@.@. Þ¿À¨..À¨ 0020 00 08 00 8b 04 ba 92 f9 13 50 b8 db b8 fd 50 18 .º.ù .P¸Û¸ýP. 0030 2e 10 9a 20 00 00 00 00 00 68 ff 53 4d 42 a0 00 ... .hÿSMB . 0040 00 00 00 88 01 00 00 00 00 00 00 00 00 00 00 00 0050 00 00 01 00 c0 03 64 00 c1 ac 12 00 00 00 1e 00 À.d. Á¬.. 0060 00 00 00 00 00 00 1e 00 00 00 48 00 00 00 00 00 ..H. 0070 00 00 00 00 00 00 68 00 00 00 00 00 00 00 00 21 ..h. ...! 0080 00 00 00 00 00 00 03 00 00 00 12 00 00 00 66 00 ..f. 0090 69 00 6c 00 65 00 32 00 2e 00 74 00 78 00 74 00 i.l.e.2. ..t.x.t. 00a0 00 00 .. I attached my own hack which creates a reply packet identical to Windows (see the change_notify_reply_packet function). It only replies one single file name per reply packet, because you don't get more than one file change per signal using dnotify. Another thing I noticed is that you don't return an unicode filename, you simply return the filename with the unix charset and pad it with zeroes. Please convert the filename to Unicode when you assemble the packet. ...Juergen --- smbd/notify_kernel.orig 2003-01-14 21:57:16.0 +0100 +++ smbd/notify_kernel.c2003-02-02 00:01:24.0 +0100 @@ -37,7 +37,6 @@ #define DN_MULTISHOT0x8000 /* Don't remove notifier */ #endif - #ifndef RT_SIGNAL_NOTIFY #define RT_SIGNAL_NOTIFY 34 #endif @@ -50,6 +49,14 @@ #define F_NOTIFY 1026 #endif +#define F_NOTIFY_FN1027 + +/* this gets returned from the kernel */ +struct dnotify_info_struct { + unsigned long event; + char filename[NAME_MAX+1]; +}; + / This is the structure to keep the information needed to determine if a directory has changed. @@ -57,6 +64,8 @@ struct change_data { int directory_handle; +// uint32 Action; + struct dnotify_info_struct fi; }; / @@ -95,9 +104,10 @@ BlockSignals(True, RT_SIGNAL_NOTIFY); for (i = 0; i signals_received; i++) { if (data-directory_handle == (int)fd_pending_array[i]) { - DEBUG(3,(kernel_check_notify: kernel change notify on %s fd[%d]=%d (signals_received=%d)\n, - path, i, (int)fd_pending_array[i], (int)signals_received )); - + data-fi.event=0; + fcntl((int)fd_pending_array[i],F_NOTIFY_FN,(data-fi.event)); + DEBUG(0,(kernel_check_notify: kernel change notify on %s in +file %s, event %d, fd[%d]=%d (signals_received=%d)\n, + path, +data-fi.filename,data-fi.event, i, (int)fd_pending_array[i], (int)signals_received +)); close((int)fd_pending_array[i]); fd_pending_array[i] = (SIG_ATOMIC_T)-1; if (signals_received - i - 1) { @@ -166,7 +176,7 @@ return NULL; } - kernel_flags = DN_CREATE|DN_DELETE|DN_RENAME; /* creation/deletion changes everything! */ + kernel_flags = DN_CREATE|DN_DELETE|DN_RENAME|DN_MULTISHOT; /* +creation/deletion changes everything! */ if (flags FILE_NOTIFY_CHANGE_FILE)kernel_flags |= DN_MODIFY; if (flags FILE_NOTIFY_CHANGE_DIR_NAME)kernel_flags |= DN_RENAME|DN_DELETE; if (flags FILE_NOTIFY_CHANGE_ATTRIBUTES) kernel_flags |= DN_ATTRIB; --- smbd/notify.orig2003-01-14 21:57:29.0 +0100 +++ smbd/notify.c 2003-02-02 00:40:54.0 +0100 @@ -45,20 +45,54 @@ / Setup the common parts of the return packet and send it. */ -static void
Re: 3.0Alpha21 and W2K AD 'dorking' Samba machine acct?
On Thu, 2003-02-13 at 01:30, Nik Conwell wrote: On Thu, 30 Jan 2003, Andrew Bartlett wrote: On Thu, 2003-01-30 at 23:32, Nik Conwell wrote: Anybody seeing a scenario like this? net ads join adds our machine entry to AD just fine. The machine entry object in the AD database has: OperatingSystemSamba OperatingSystemVersion post3.0-HEAD dnsHostnameourhost Some time later something happened, and AD now has: OperatingSystemWindows OperatingSystemVersion NT 4 dnsHostnameis empty. and then authentication to ourhost fails. Something is doing a NT4 password change. This can occur if 'security=domain' is set, rather than 'security=ads'. Or if 'net rpc changetrustpw' is run. Interesting - security=ads is set in the config, and neither of the two of us who have privs to do the net cmds have run changetrustpw (or knew what it was before you wrote about it ;-)) I have an unverified pet theory that under some circumstances the smbd may think it's running as security=domain (unable to read the config file due to it being unmounted - it's on NFS disk - or since the file doesn't have o=r). I'll put some DEBUG logging statements near change_trust_account_password() to see if we're somehow getting there. Thanks for your help. -nik I since looked into this myself - and it's werid! If you make even a single connection to the NETLOGON pipe, to verify an NTLM password with the PDC, your OS gets reset! This occurs during the credentials setup for that pipe - the interesting thing will be to see what Win2k does for that pipe, and to see if we can emulate it. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Pushing Samba functions into the kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Feb 2003, Richard Sharpe wrote: On Thu, 13 Feb 2003 [EMAIL PROTECTED] wrote: Ok, my feelings on Samba in the kernel are the following. 1). We need to be able to de-multiplex incoming SMB's at the kernel level to get over the W2K Terminal Server problem. OK, I am not familiar with this problem. Can you say more please. Win2k TSE uses a single TCP session to the file server and multiplexes all of the SMB sessions over that. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+TTB4IR7qMdg1EfYRAuv8AJ0W6QB1YHZCGvGRL/7CynmLMB0tNACgi3yQ troxuc585ZsbywGxNz36N/E= =/umr -END PGP SIGNATURE-
Re: init_unistr2 length calculation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Feb 2003, Shirish Kalele wrote: In init_unistr2, the string length for the UNISTR2 structure seems to be set equal to the number of bytes occupied by the string when encoded in the Unix charset (i.e. the value returned by strlen()). This is not necessarily the number of characters in the string (given UTF-8 and other variable-byte charsets). Shouldn't this actually be set to half the number of bytes occupied by the string after encoding it in UCS2? Here's a patch that does this. I think you might get into trouble here due to difference in the MS unicode marshalling flexibility. I don't understand. Could you elaborate? i guess if (length_of_bytes_in_orig_string != num_character_in_string) then we would have a problem. Had to think though this a bit. I think I misunderstood you to start with. I thought we were talking about UNISTR2 length == num_characters. My point was that sometimes this is actually == num_characters*2 (as you mentioned). Ignore me. My memory deteriates as I get older. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+TTZMIR7qMdg1EfYRAgOwAKC4fw6AgaMBIQNKO8HgfPDhYG31nACfToeG DhQ+TtLtswfK/U2Th0X5XK4= =8I/J -END PGP SIGNATURE-
Re: init_unistr2 length calculation
Thanks for clearing that up. I took a look at the log for the file and saw that tridge expected the 'len' argument to init_unistr2() to be the character length, not the byte length of the string. So it appears the callers will have to be fixed, not the function as I thought. Would be good to have a function that calculated the character length after conversion to UCS2 since it's much more efficient to calculate (/2) than that of a multi-byte charset. Maybe there is.. need to take a look. Thanks, Shirish On Fri, 14 Feb 2003, Gerald (Jerry) Carter wrote: On Thu, 13 Feb 2003, Shirish Kalele wrote: In init_unistr2, the string length for the UNISTR2 structure seems to be set equal to the number of bytes occupied by the string when encoded in the Unix charset (i.e. the value returned by strlen()). This is not necessarily the number of characters in the string (given UTF-8 and other variable-byte charsets). Shouldn't this actually be set to half the number of bytes occupied by the string after encoding it in UCS2? Here's a patch that does this. I think you might get into trouble here due to difference in the MS unicode marshalling flexibility. I don't understand. Could you elaborate? i guess if (length_of_bytes_in_orig_string != num_character_in_string) then we would have a problem. Had to think though this a bit. I think I misunderstood you to start with. I thought we were talking about UNISTR2 length == num_characters. My point was that sometimes this is actually == num_characters*2 (as you mentioned).
Re: [PATCH] file change notification
Hi Tim, Am Freitag, 14. Februar 2003 21:52 schrieb Tim Potter: On Fri, Feb 14, 2003 at 08:28:55PM +0100, Juergen Hasch wrote: Hello Hal, thanks for coding this patch, unfortunately it doesn't work for me. Checking the generated network packets with ethereal shows that the NT_NOTIFY packet I receive on the Windwows side is invalid. The packet (frame size as shown in ethereal) is much too short, it's size is 93 bytes, it should be 162. How well does ethereal handle SMB change notify? I can honestly say that I've never seen it happen. (-: actually it looks quite good :-) Attached is a capture from two W2K machines talking to each other. Packet No. 19 shows the NT NOTIFY response packet. This capture was made using the Windows version of ethereal, the Linux version crashes on my machine when opening the capture file. Maybe you can fix that ;-) If you send me a bunch of captures I can fix any misdissections or any other problems with ethereal in this regard. Tim. ...Juergen
Question about smbtorture
When I run OPLOCK2 smbtorture test against a CIFS server, I don't see smbtorture responding to oplock break request from CIFS server, any idea about this problem? Sri
Re: Question about smbtorture
On Fri, 14 Feb 2003, Srikanta Shivanna wrote: When I run OPLOCK2 smbtorture test against a CIFS server, I don't see smbtorture responding to oplock break request from CIFS server, any idea about this problem? So, are you observing this on the wire? Which version of smbtorture are you using? The one in Samba head has code to ack oplocks if they are enabled, and also allows smbtorture to install its own oplock handler when it needs to. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: cross compiling samba-2.2.7a
On Fri, 2003-02-14 at 02:22, Vincent Sanders wrote: Hi I have recently had cause to cross compile samba 2.2.7a from x86 to arm uclibc linux. During the make i have come across a problem with the int32 macro definition in /include/includes.h (line 459) the check works out everything to do with getting a int32 defined then defines *u*int32 Thought you might like to know It was already fine in HEAD, but I've fixed it in 2.2. Thanks! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [PATCH] file change notification
On Fri, Feb 14, 2003 at 10:21:04PM +0100, Juergen Hasch wrote: actually it looks quite good :-) That's good to hear! Attached is a capture from two W2K machines talking to each other. Packet No. 19 shows the NT NOTIFY response packet. This capture was made using the Windows version of ethereal, the Linux version crashes on my machine when opening the capture file. Maybe you can fix that ;-) OK that's definitely something worth doing. Thanks, Tim.
Error in libsmb/clispnego.c
Hi, In libsmb/clispnego.c, in spnego_gen_krb5_wrap, there is the following piece of code: asn1_push_tag(data, ASN1_APPLICATION(0)); asn1_write_OID(data, OID_KERBEROS5); asn1_write_BOOLEAN(data, 0); asn1_write(data, ticket.data, ticket.length); asn1_pop_tag(data); The asn1_write_BOOLEAN is wrong. According to RFC1964, the two-byte field that the asn1_write_BOOLEAN writes is actually a token-id, which can have the values: #define KRB_TOKEN_AP_REQ0x0001 #define KRB_TOKEN_AP_REP0x0002 #define KRB_TOKEN_AP_ERR0x0003 #define KRB_TOKEN_GETMIC0x0101 #define KRB_TOKEN_WRAP 0x0102 #define KRB_TOKEN_DELETE_SEC_CONTEXT0x0201 A similar mistake is made in the spnego_parse_krb5_wrap. We should fix it, but that involves returning error codes from parse if it is not what we expect, and handing an extra parameter to the gen routine. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Link of samba-2.2.7a on VAX/VMS-7.1
[EMAIL PROTECTED] wrote: Hello, I'm trying to link the JYC version samba-2.2.7a on a VAX/VMS-7.1 without any C compiler. The link script gives me the following error messages : $ @link_vax smbd Linking SMBD %LINK-W-NUDFSYMS, 1 undefined symbol: %LINK-I-UDFSYM, DECC$FCNTL %LINK-W-USEUNDEF, undefined symbol DECC$FCNTL referenced in psect $CODE offset %X018B in module SYSTEM file DKA300:[GBERT.TMP.SOURCE.BIN]SAMBA.OLB;5 %LINK-W-USEUNDEF, undefined symbol DECC$FCNTL referenced in psect $CODE offset %X01BF in module SYSTEM file DKA300:[GBERT.TMP.SOURCE.BIN]SAMBA.OLB;5 The libraries available in the sys$library directory are those following : Not relevant. The .OLB files are not used normally when building programs, unless you have a special reason for using them instead of the more efficient shared images. I have not been able to find elsewhere neither a decc$fcntl function nor a replacement one. If someone has an idea on how to get around this problem, ... Thank you in advance, Georges This may or may not be able to solve your problem. On the OpenVMS Freeware 5.0 CD-ROM there is a FRONTPORT directory. See HTTP://www.openvms.compaq.com/ for a download. In that kit there is a fake fcntl() function that simulates most of the functionality of the later fcntl() that is built into the later OpenVMS versions. However neither the fake fcntl() or the build in fcntl() in the later OpenVMS versions provide real locking. The fport__fcntl() routine does support RMS locks for RMS files, but you should read the Frontport documentation before using the fport__fcntl(). You are obviously in uncharted teritory, so there may be other issues, and you will probably need a C compiler to make changes. -John [EMAIL PROTECTED] Personal Opinion Only
Please be careful with out-of-office responders
Please make sure that your out of office responders on your e-mail are not responding to mail that arrives from mailing lists. I just received several of these from my last post. Thanks, -John [EMAIL PROTECTED] Personal Opinion Only
CVS update: samba/source/libsmb
Date: Fri Feb 14 10:47:07 2003 Author: abartlet Update of /data/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv13692/libsmb Modified Files: cliconnect.c smbencrypt.c Log Message: Further extract our NTLMv2 code into smbencrypt.c, prior to merge into our NTLMSSP client code. Andrew Bartlett Revisions: cliconnect.c1.122 = 1.123 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/cliconnect.c?r1=1.122r2=1.123 smbencrypt.c1.86 = 1.87 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/smbencrypt.c?r1=1.86r2=1.87
Re: CVS update: samba/source/locking
That's what I fear as it is easy to misunderstand the code and introduce errors later, anyway, it was just a question, nothing to lose too much time on. Simo. On Thu, 2003-02-13 at 20:06, [EMAIL PROTECTED] wrote: On Thu, Feb 13, 2003 at 10:58:19AM +0100, Simo wrote: Jeremy why did you used an AND NOT something to check a boundary and not MAJOR THAN something ? Hmmm. It makes sense as we're treating the offsets/counts as bitmasks at this point. Jeremy. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it
CVS update: sambaweb
Date: Fri Feb 14 13:23:36 2003 Author: mimir Update of /home/cvs/sambaweb In directory dp.samba.org:/tmp/cvs-serv30160 Modified Files: team.html Log Message: Updated team members contact with one address. Rafal Revisions: team.html 1.29 = 1.30 http://www.samba.org/cgi-bin/cvsweb/sambaweb/team.html?r1=1.29r2=1.30
CVS update: samba/source
Date: Fri Feb 14 19:42:54 2003 Author: jmcd Update of /home/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv5584 Modified Files: Tag: SAMBA_3_0 configure.in Log Message: Bring in line with HEAD version...mostly formatting changes to clean up diffs. Revisions: configure.in1.300.2.43 = 1.300.2.44 http://www.samba.org/cgi-bin/cvsweb/samba/source/configure.in?r1=1.300.2.43r2=1.300.2.44
CVS update: samba/source
Date: Fri Feb 14 20:10:43 2003 Author: jmcd Update of /home/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv8163 Modified Files: Makefile.in Log Message: Put dynrpc modules as part of make all, when specified in configure. Revisions: Makefile.in 1.612 = 1.613 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in?r1=1.612r2=1.613
CVS update: samba/source
Date: Fri Feb 14 20:19:50 2003 Author: jmcd Update of /home/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv8813 Modified Files: Tag: SAMBA_3_0 Makefile.in Log Message: Put dynrpc modules as part of make all, when specified in configure. Revisions: Makefile.in 1.468.2.41 = 1.468.2.42 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in?r1=1.468.2.41r2=1.468.2.42