[Samba] Samba 302 alpha 2 PDC- set sid for the second server - smbgroupedit- net setlocalsid command
Hi, I had two logon server on Samba 302alpha on a domain DOM to provide failover environment. With smbgroupedit I can map domain group but I must using net setlocalsid MY-SID-DOMAIN on the second server to map the same domains groups with domain SID on the two server. On the other hands I can see net rpc getsid command that fetch the domain sid into the local secrets.tdb. If I set a localSID, different from domainSID i have: smbgroupedit -s pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc. Is there is a problem to have identical local sid on two differents server ? Does I use the good way to provide failover? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] add/delete/remame/move logging ?
is there any logging of add/delete/remame/move of files/directories on the samba server ? i've looked in the samba.log file (set at log, level 3) and found a LOT of logging but nothing about add/delete etc... any suggestions ? -z -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Groups with Samba domain controler or domain member
chgrp 'Domain Admins' some_file.txt I tried that; it works with Domain Admins and every custom created group, but not with the built-in groups like Domain Users. What could be the reason? __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add/delete/remame/move logging ?
samba server ? i've looked in the samba.log file (set at log, level 3) and found a LOT of logging but nothing about add/delete etc... so, if u did not read my last answer, i'll post it again: use a higher log level! - there will be all open/close incl. username and file logged. - but this produces much data. samba does not write add/delete/... but u can find it out over looking at open/close a.s.o. - this will be good enough to observe your users. with one or two tests u'll find out in which order the keywords effect which action. man smb.conf - looking for log level... any suggestions ? -z -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Groups with Samba domain controler or domain member
Besides how to overcome the issue with permissions using group names with spaces, what other kind of information do you need to know about groups? Well, is it possible to map some NT group to Unix (except Domain Admins and Guests)? I need at least the Domain Users group, since I had set up a lot of permissions on users workstations using that group to make some programs work as ordinary user (One example is Word 97 on Windows 2000 - it behaves quite badly if you don't play with some regystry permissions). Should I wait for the next release of Samba or there is some workaround to make this working with the current stable release? __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Samba and CUPS
James Nallen wrote on Samba-Digest: Date: Mon, 17 Feb 2003 09:23:10 + From: James Nallen James.Nallen at may.ie To: samba at lists.samba.org Subject: [Samba] Samba and CUPS Message-ID: 5.1.0.14.0.20030216144228.00a66318 at ailm.may.ie Content-Type: text/plain; charset=us-ascii; format=flowed MIME-Version: 1.0 Precedence: list Message: 20 I have Samba version 2.2.7a and CUPS version 1.1.15. Hi, James! - Hi Kurt, - Thanks for your response. I have been unable to successfully use the 'cupsaddsmb' utility. Any time I execute this utility, I get the following error: Warning - No PPD file found for 'printer_name'! So -- *is* there a PPD associated to the printer-in-question? It should be in /etc/cups/ppd/printer-in-question.ppd... The printer is question has been configured in CUPS and it is visible when browsing from a Windows client. Where is it looking for these PPD files? Is it /etc/cups/ppd? Yes. But then, in a second step, cupsaddsmb is retrieving a copy of it (using an IPP call) from there and temporarily storing it in the CUPS spool directory, sub directory tmp under a weird name: /var/spool/cups/tmp/3cd1cc66376c0 Do you have a tmp in /var/spool/cups/ (or whatever is dafined to be the CUPS spool dir -- see the TempDir directive in cupsd.conf) ? What are the access rights? - I do have a TempDir of /var/spool/cups/tmp. It's access rights are: - - [root@x tmp]# pwd - /var/spool/cups/tmp - [root@x tmp]# ls -al - total 348 - drwx-T2 lp sys 4096 Feb 17 18:14 . - drwx--3 lp sys 4096 Feb 14 09:33 .. - -The directory /etc/cups/ppd contains the following: - - drwxr-xr-x2 lp sys 4096 Feb 14 09:33 . - drwxr-xr-x5 lp sys 4096 Feb 14 09:33 .. - -rw-r--r--1 lp sys 36606 Feb 14 09:33 ccsys4100.ppd - -rw-r--r--1 lp sys 36606 Feb 14 09:23 HP4100.ppd - -rw-r--r--1 lp sys 44495 Feb 6 11:10 libsys8500.ppd If cupsaddsmb can't store the PPD in the TempDir, it could lead to the error message you are seeing... After the PPD is in cupsd's TempDir, cupsaddsmb makes a smbclient connection to the Samba server's [print$] share to put it there (alongside the rest of the needed PostScript driver files). Cheers, Kurt Could it be that it does not recognize the PPD files for some reason? Also, could someone further develop Any suggestions are welcome. Thank you. Regards, James Nallen, Systems Progrmmer, NUI Maynooth, Maynooth, Co. Kildare, Ireland. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help in connecting to a smbfs (nt4 server) directory.
Hi all I need some help in connecting to a nt4 server shared directory from a RH8 using samba 2.27. i've tried using the following, mount -t smbfs //data-bu/hands-bu /mnt/hands-bu I would like to connect to 'hands-bu' directory on server 'data-bu' to back up all the home directories. there is no pwd required. is there something missing any help would be appriecated. thx Bill -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help in connecting to a smbfs (nt4 server) directory.
On 2003.02.18 11:22 bluelynx wrote: Hi all I need some help in connecting to a nt4 server shared directory from a RH8 using samba 2.27. i've tried using the following, mount -t smbfs //data-bu/hands-bu /mnt/hands-bu I would like to connect to 'hands-bu' directory on server 'data-bu' to back up all the home directories. there is no pwd required. is there something missing any help would be appriecated. thx Bill What exactly happens when you run the mount command? Does it just ask for a password? Need just a little more info about what actually happens. ;) mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2 Probs: Mangled Case Briefcase
Hi, I have a Samba 2.2.3a-6 server running on top of Debian Woody. There are two things I still have problems with. Number one is case mangling. I have set mangle case = Yes in [global] and left all other options related to case at their default and it works to some extent. But for example I cannot rename whatever.txt to WhatEver.txt. The way it works is to use an intermediary step SomeOtherName.txt. Since I am new to Samba I am not sure whether this is a bug in Samba or whether I have not read the documentation carefully enough. I'd appreciate a comment from the Pros on whether I should file this as a bug. Another problem with case mangling (and a bug as well, I suppose) is that whenever I do a File - New - Text Document on a Samba share from a Windows client, the file has all upper case whereas when I do the same thing on the local hard drive it is mixed case. The second area where I sometimes experience unexpected results is with the briefcase from the client machines. I have a directory on the server which is mirrored locally via the briefcase. Sometimes I locally put new files into that directory which are then copied to the server using the Update all function of the briefcase. This works as expected. The strange thing is that when I do Update All again next time, these files show up as modified on the server although I know for sure that nobody has touched them. I guess that Samba for some reason or another might have touched them, possibly as a part of the name/case mangling. Can anybody verify this behaviour? Another issue I have with the briefcase is that of merging files. The clients here use Excel 2000. Whenever both the Excel file on the server and in the briefcase have changed, an update will suggest to merge the files. Upon accepting, I get the error that the file will not be updated because its merge handler cannot be loaded. With almighty Google's help ;-) I found http://support.microsoft.com/default.aspx?scid=kb;EN-US;q174658 but the suggested fix with the registry did not do much good. All it does now is instead of trying to merge the files is to suggest skippage since both files have changed. Has anybody gotten Excel file merges to work with Samba? I'd be curious to learn how. Thank you for your comments. Regards Rolf -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo --sequence DISCONNECTED
Hello list, i want to auth. squid against a win2000 AD group to get internetaccess using winbind. First i had installed samba.2.2.5 I configured smb.conf: [global] workgroup = CAMPUS server string = Samba Server hosts allow = 149.250. 212.68. 192.168. 127. security = domain password server = ATHENA encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 remote browse sync = 212.68.102.255 212.68.255.255 149.250.255.255 domain controller = 212.68.119.1 wins server = 212.68.102.9 dns proxy = no winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = yes everything worked fine I started nmdb and winbindd I joined the domain with: smbpasswd -j campus -r 212.68.119.1 -U username wbinfo -t gives me secret is good wbinfo --sequence gives me GEN-MASTER : 17698 (winnt trusted domain) CAMPUS : DISCONNECTED (win2000 AD) wbinfo -g gives me only the groups from the trusted domain What im doing wrong? Could this be a auth. Problem to getting the browsinginformation (anonymously) Where can i turn something? Thanks a lot cat log.winbindd--- [2003/02/18 11:07:27, 6] nsswitch/winbindd.c:new_connection(336) accepted socket 14 [2003/02/18 11:07:27, 3] nsswitch/winbindd_misc.c:winbindd_show_sequence(144) [10654]: show sequence [2003/02/18 11:07:27, 3] libsmb/namequery.c:resolve_lmhosts(768) resolve_lmhosts: Attempting lmhosts lookup for name GEN-MASTER0x1b [2003/02/18 11:07:27, 4] libsmb/namequery.c:startlmhosts(474) startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory [2003/02/18 11:07:27, 3] libsmb/namequery.c:resolve_wins(709) resolve_wins: Attempting wins lookup for name GEN-MASTER0x1b [2003/02/18 11:07:27, 3] libsmb/namequery.c:resolve_wins(727) resolve_wins: WINS server == 212.68.102.9 . . [2003/02/18 11:07:27, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(163) cm_get_dc_name: Returning DC ALLIANCE (149.250.2.97) for domain GEN-MASTER [2003/02/18 11:07:27, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(194) IPC$ connections done anonymously [2003/02/18 11:07:27, 5] nsswitch/winbindd_cm.c:cm_open_connection(315) connecting to ALLIANCE from alkippe with username []\[] [2003/02/18 11:07:27, 3] libsmb/cliconnect.c:cli_full_connection(974) 002c status: NT_STATUS_OK . . .--and now the AD- . [2003/02/18 11:07:27, 3] libsmb/namequery.c:resolve_lmhosts(768) resolve_lmhosts: Attempting lmhosts lookup for name ATHENA0x20 [2003/02/18 11:07:27, 4] libsmb/namequery.c:startlmhosts(474) startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory [2003/02/18 11:07:27, 3] libsmb/namequery.c:resolve_hosts(808) resolve_hosts: Attempting host lookup for name ATHENA0x20 [2003/02/18 11:07:27, 3] libsmb/namequery.c:resolve_wins(709) resolve_wins: Attempting wins lookup for name ATHENA0x20 [2003/02/18 11:07:27, 3] libsmb/namequery.c:resolve_wins(727) resolve_wins: WINS server == 212.68.102.9 [2003/02/18 11:07:27, 3] lib/util_sock.c:open_socket_in(813) bind succeeded on port 0 [2003/02/18 11:07:27, 5] libsmb/nmblib.c:send_udp(741) Sending a packet of len 50 to (212.68.102.9) on port 137 [2003/02/18 11:07:27, 5] libsmb/nmblib.c:read_packet(719) Received a packet of len 62 from (212.68.102.9) port 137 [2003/02/18 11:07:27, 4] libsmb/nmblib.c:debug_nmb_packet(107) nmb packet from 212.68.102.9(137) header: id=18463 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=ATHENA20 rr_type=32 rr_class=1 ttl=0 answers 0 char `..Dw. hex 6000D4447701 [2003/02/18 11:07:27, 2] libsmb/namequery.c:name_query(421) Got a positive name query response from 212.68.102.9 ( 212.68.119.1 ) [2003/02/18 11:07:27, 3] lib/util_sock.c:open_socket_in(813) bind succeeded on port 0 [2003/02/18 11:07:27, 5] libsmb/nmblib.c:send_udp(741) Sending a packet of len 50 to (212.68.119.1) on port 137 [2003/02/18 11:07:27, 5] libsmb/nmblib.c:read_packet(719) Received a packet of len 319 from (212.68.119.1) port 137 [2003/02/18 11:07:27, 4] libsmb/nmblib.c:debug_nmb_packet(107) nmb packet from 212.68.119.1(137) header: id=5807 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=CAMPUS1c rr_type=33 rr_class=1 ttl=0 answers 0 char .ATHENAhex 0B415448454E41202020202020202020 answers 10 char .D.ATHENA hex 004400415448454E4120202020202020 answers 20 charD.CAMPUShex 202020440043414D5055532020202020 answers 30 char ...CAMPUS hex 2020202000C40043414D505553202020 answers 40 char
[Samba] Files copied from windows box set owner to nobody;[homes] problem
Hello, I am using Samba 2.2.7 running on Solaris 8. I have also configured pam_smb 1.1.6 to authenticate my user against my NT domain. I have a few problems though: 1) Every time I copy a file from my NT box to one of my Samba shares the owner is set to nobody, the only way I can change this is by logging in as root on the UNIX box and using 'chown'. What am I missing? My smb.conf looks like this: #Global parameters workgroup=mydomain security=share hosts allow=localhost, unixmachine, 192.168.1. hosts deny=All [share] path=/share comment=Solaris Share guest ok=Yes read only=No I thought this might be down to the fact that I didn't have a [homes] section in my smb.conf file, which leads me onto my second problem... 2) If I add a [homes] section like this: [homes] guest account= valid users=%S read only =No create mask=0664 directory mask=0775 browseable=Yes Every time I try to access the [homes] share steve I am prompted for my username and password which are not accepted. I have tried setting security=user and security=server in the global but to no avail, the same prompt appears. I can log into the UNIX box fine by telnetting and the dt login prompt using my username and NT password so I know pam_smb is working ok. I am sure I am missing something obvious. Thanks Steve _ MSN Messenger - fast, easy and FREE! http://messenger.msn.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE:Help setting up on AIX 4.3.3
You say that I have tried to setup Samba version 2.2.5.0 on my RS6000 server. First I downloaded the new version from samba.org and it said that gcc -O failed. If gcc failed then the binaries may not have been built. Did it build /usr/local/bin/smbd ? The on-site documentation is excellent Try http://hr.uoregon.edu/davidrl/samba/ Columb Healy ORS Unix Support Siemens Business Services Tel - 01253 793792 Mob - 07776 225 976 Fax - 01253 793924 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Pdc
Hi all i have a samba pdc server with win 2000 connecting to it it was working but now when you log on the win machines get they grey screen and i get this error in the log.%m file [2003/02/18 14:13:02, 0] lib/util_str.c:string_sub(1219) ERROR: string overflow by 0 in string_sub(%u, 7) any ideas thanks ryan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Samba and CUPS
James Nallen wrote on Samba-Digest: Date: Tue, 18 Feb 2003 11:07:09 + From: James Nallen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] RE: Samba and CUPS Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed MIME-Version: 1.0 Precedence: list Message: 4 James Nallen wrote on Samba-Digest:Date: Tue, 18 Feb 2003 11:07:09 + From: James Nallen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] RE: Samba and CUPS Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii; format=flowed MIME-Version: 1.0 Precedence: list Message: 4 James Nallen wrote on Samba-Digest: Date: Mon, 17 Feb 2003 09:23:10 + From: James Nallen James.Nallen at may.ie To: samba at lists.samba.org Subject: [Samba] Samba and CUPS Message-ID: 5.1.0.14.0.20030216144228.00a66318 at ailm.may.ie Content-Type: text/plain; charset=us-ascii; format=flowed MIME-Version: 1.0 Precedence: list Message: 20 I have Samba version 2.2.7a and CUPS version 1.1.15. Hi, James! - Hi Kurt, - Thanks for your response. I have been unable to successfully use the 'cupsaddsmb' utility. Any time I execute this utility, I get the following error: Warning - No PPD file found for 'printer_name'! What was the exact cupsaddsmb you were using? From the Warning message quoted I would guess you used cupsaddsmb -v printer_name or cupsaddsmb -v -a Either you don't have a printer with the name 'printer_name' at all, or this printer (named via the -a for all paramenter) is a raw printer and thusly doesn't have a PPD associated with it. So -- *is* there a PPD associated to the printer-in-question? It should be in /etc/cups/ppd/printer-in-question.ppd... The printer is question has been configured in CUPS and it is visible when browsing from a Windows client. Where is it looking for these PPD files? Is it /etc/cups/ppd? - Yes. But then, in a second step, cupsaddsmb is retrieving a copy of it (using an IPP call) from there and temporarily storing it in the CUPS spool directory, sub directory tmp under a weird name: /var/spool/cups/tmp/3cd1cc66376c0 Do you have a tmp in /var/spool/cups/ (or whatever is dafined to be the CUPS spool dir -- see the TempDir directive in cupsd.conf) ? What are the access rights? - I do have a TempDir of /var/spool/cups/tmp. It's access rights are: - - [root@x tmp]# pwd - /var/spool/cups/tmp - [root@x tmp]# ls -al - total 348 - drwx-T2 lp sys 4096 Feb 17 18:14 . - drwx--3 lp sys 4096 Feb 14 09:33 .. - - The directory /etc/cups/ppd contains the following: - - drwxr-xr-x2 lp sys 4096 Feb 14 09:33 . - drwxr-xr-x5 lp sys 4096 Feb 14 09:33 .. - -rw-r--r--1 lp sys 36606 Feb 14 09:33 ccsys4100.ppd - -rw-r--r--1 lp sys 36606 Feb 14 09:23 HP4100.ppd - -rw-r--r--1 lp sys 44495 Feb 6 11:10 libsys8500.ppd OK -- this means that your printer 'printer_name' is a raw printer (if it exists at all). What result do you get with cupsaddsmb -v ccsys4100 ??? If cupsaddsmb can't store the PPD in the TempDir, it could lead to the error message you are seeing... After the PPD is in cupsd's TempDir, cupsaddsmb makes a smbclient connection to the Samba server's [print$] share to put it there (alongside the rest of the needed PostScript driver files). Cheers, Kurt Could it be that it does not recognize the PPD files for some reason? Also, could someone further develop Any suggestions are welcome. Thank you. Regards, James Nallen, Systems Progrmmer, NUI Maynooth, Maynooth, Co. Kildare, Ireland. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Samba and CUPS
What was the exact cupsaddsmb you were using? From the Warning message quoted I would guess you used cupsaddsmb -v printer_name or cupsaddsmb -v -a i didnt follow the whole discussion, so i dunno if he's using samba as a PDC. in case he uses the PDC functionality, the domain has to be added to the command: cupsaddsmb -U DOMAIN\\root -v PRINTERNAME had quite a few problems with my samba/cups config until i found out how to use the cupsaddsmb utility for a samba PDC... best regards, Marco -- PAION GmbH Forschungszentrum Berlin Marco Horstmann - IT Systems Administrator Tegeler Weg 33 - 10589 Berlin, Germany Tel. +49 30 34358715 - Fax +49 30 34358733 [EMAIL PROTECTED] - http://www.paion.de -- NOTE: The contents of this communication are not intended to create any legally binding obligation or contract whatsoever. This e-mail is for the use of the person/company named only. Its contents are confidential and may be privileged information. If you have received this email in error, please contact us immediately, delete the email and ensure its contents are not disclosed or used. Thank you. -- -- Von der Wiege bis zur Bahre, Formulare, Formulare. -Erich Kästner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] logon scripts, shares, and permissions
Hi, RedHat 8 and Samba 2.2.7 I'm a little confused on setting user/group/other permissions on my RedHat box to allow logon scripts to execute, and files to be created/deleted and even listed/read from their shares. In Windows, it was easy to make all shares fully accessible and set permissions using NTFS. What is the best way to set permissions to file system and shares using Linux/Samba? For now, I ran 'chmod 777 -Rf *' on my netlogon folder to solve a problem of certain users not executing their logon scripts, and this solved it. But I think this is overkill... what should be the proper permissions? Thanks, Demian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd vs. ADS
Does anyone have links on making LDAP/Kerberos working with Samba 3? I have been fighting this for days and seem to have tapped out what few resources I could find on the net about it. I have Kerberos configured and working, but the SMBD daemon keeps complaining about tickets, like this: [2003/02/18 06:58:12, 1] smbd/sesssetup.c:reply_spnego_kerberos(134) Failed to verify incoming ticket! Config... [global] realm = FIGGLEBUTT.COM ADS server = dc.figglebutt.com netbios aliases = thismachinename security = ADS ldap ssl = no [apps$] path = /apps valid users = foobar The goal is to integrate Micro$oft. I'm not sure what I'm missing and have yet to find any great documentation, or I'm just being dumb. Probably the latter. Thanks, Thomas Paine ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) University of Wisconsin - Eau Claire Computing Networking Services Technical Services -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] more roaming profile issues
Gladly and with the help of this list, I have solved my previous problem with Samba as a PDC. My new and improved problem is with the ntusers.ini file. Which seems to be overwritten at each and every login. This creates a problem in that that file lists directories to be excluded and THAT list includes the Local Settings directory. In someone's infinite wisdom, they decided to also keep outlook pst files in there and now my users have a working outlook setup in one station, but if they move to another the profile actually refuses to load that. The on kind of solution I have found is to chattr the ntusers.ini file. But that prevents any profile updates and isn't particularly acceptable. Any help on this one would be super welcome. Once again, please CC me if replying to the list as I am not subbed. Following is my smb.conf. Thanks again. --Gabe [global] workgroup = UNCC server string = UNCC File Server netbios name = FISH log file = /var/log/samba/log.%m log level = 1 syslog = 0 security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY SO_KEEPALIVE wins support = yes time server = yes add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /dev/null -M %u local master = yes os level = 64 domain master = yes preferred master = yes domain logons = yes logon path = \\%L\%U\.profile logon drive = Q: logon script = scripts\%U.bat logon home = \\%L\%U utmp = yes hide unreadable = no dns proxy = no unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . obey pam restrictions = yes preserve case = yes short preserve case = yes domain admin group = @uncc admin users = @uncc #=== Share Definitions === [netlogon] comment = Network Logon Service path = /databank/home/samba/netlogon writable = no write list = gabe browseable = yes [profiles] path = /databank/home/%U/ writable = yes create mask = 0666 directory mask = 0700 browseable = no profile acls = yes [homes] comment = Home Directories browseable = no writable = yes create mask = 0600 directory mask = 0700 profile acls = yes [working] comment = UNCC Working Directory path = /databank/working valid users = @uncc read only = No browseable = Yes [stuff] comment = UNCC's Misc Stuff path = /databank/stuff valid users = @uncc read only = No browseable = No [uncc] comment = UNCC Data path = /databank/uncc valid users = @uncc read only = Yes browseable = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT Domain BDC
On Sun, Feb 16, 2003 at 08:50:36AM +0100, Kurt Weiss wrote: Ihave NT domain more than 30 sites in each site ihave BDC can i use samba as BDC instat of NT BDC for authentication and control share please reply me as u can use samba as BDC and PDC in a domain. - no problem Huh? How? Can samba get the SAM database from the PDC just as an NT4 can? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] User Manager for Domains
I have a Samba 2.2.4 (Slack 8.1) configured as a PDC dor NT9x machines. I have tried using User Manager for Domains (I've run it on a Windows NT Workstation) in order to set user permisions for different workstations (such as log on to the WKST, acces the WKST from network, change sistem time, etc) but the I get the message The parameter is incorrect whenever I touch the User rights button in order to set user rights. Is this possible with Samba(the official docuentation does not say whethere it can do so or not) ? If it can be done, what version of Samba, 'cause I'd prefer to uprade my Samba for the benefit of centralized management of my workstations ? Thanks ! Emil. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA and root entry
hi all, I am trying to add an entry for root using samba-2.2.7 and Directory Server for LDAP. I use the command smbpasswd -a root and I get this error: [root@sysad2 root]# smbpasswd -a root New SMB password: Retype new SMB password: LDAP search ((uid=root)(objectclass=sambaAccount)) returned 0 entries. failed to modify user with uid = root with: Object class violation Failed to add entry for user root. Failed to modify password entry for user root [root@sysad2 root]# I have verified that I have a good connection to the LDAP server. Any ideas? -- Regards, Richard Canada Assistant Computer Systems Manager Medical Research Laboratories International, USA 2 Tesseneer Drive Highland Heights, Kentucky 41076 Phone: (859) 781-8877 x266 Fax: (859) 781-9310 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] __ This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Access to Samba server across subnets
Hello all, I'm using samba 2.2.7a with winbind on a RedHat 7.3 (pre-installed by Dell) server, with an NT PDC/BDC, with the NT PDC acting as the WINS server. Everything works fine on the local subnet 192.168.0.xxx, but we also have an IPSec VPN set up with our western call centre, and users on the western office subnet 192.168.10.xxx can't login to the samba shares. They can login to the NT shares fine, and the login script on our local (192.168.0.) subnet PDC runs fine when users login over the VPN; they can ping the samba server; but when they try to connect to the UNC address \\samba_server\sharename the are asked for a username/password and can't get past that. The remote workstns are Win98. No errors are reported by testparm. here are the relevant bits of smb.conf: _ hosts allow = 192.168.0. 192.168.10. localhost security = server # Use password server option only with security = server # NT PDC and BDC: password server = EKOSSRV2 EKOSSRV1 encrypt passwords = yes update encrypted = yes unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* pam password change = yes obey pam restrictions = yes # Cause this host to announce itself to local subnets here remote announce = 192.168.0. 192.168.10. local master = no domain master = no wins server = 192.168.0.2 dns proxy = no winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes # Share Definitions == # this is the share for the edmonton call centre. [edmonto$] path = /files/edmonton public = yes only guest = no create mode = 0660 directory mode = 0770 writable = yes printable = no # this is the share for the Readonly drive share. [readonly] path = /files/readonly public = yes only guest = no create mode = 0664 directory mode = 0775 writable = yes printable = no __ A previous poster (see below) has an almost identical problem (he is using security = domain, I am using security = server) but I can find no responses to his post. I've also seen some other posts indicating problems with jumping subnets, without posted solutions . . . . As this seems not to be an entirely unique problem, I'll be sure to document and post any solutions/results back to the list. Thank you, -Ken _ Ken Innes Chief Information Officer EKOS Research Associates Inc. 99 Metcalfe St., Suite 1100 Ottawa, Ontario K1P 6L7 www.ekos.com ___ Previous similar post: From [EMAIL PROTECTED] Sat Jan 11 00:49:20 2003 From: Mikko Rautiainen [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Subject: [Samba] Problem to access sambaserver from another subnet. Date: Sat Jan 11 00:50:01 2003 Hi, I have a network that has a NT4 PDC and 2 NT4 BDC plus one linux samba server. Then there is a VPNsubnet routed over ADSL to the main network. The problem is that I can't connect to the samba sever from the VPN with either W98 or W2k I can log on to the domain, can ping the servers, can see the server in the network neighbourhood. But I can't login, it says that wrong password or user name. The samba server is in security = domain mode and uses winbind to authenticate from the NT4 PDC. And it works fine in the local network. The network doesn't have a WINS server set up, can that be the problem? Can it be some kind of NT4 permission srewup? Thanks Mikko -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Swat shows smbd as not running when it is and had worked finethe day before.
What have I done wrong? Swat consistently shows the smbd daemon as not running (when it indeed is). It shows the nmbd daemon as running and everything else is working fine. What setting, where, have I messed up. I turned off all firewalling to see if that was the problem and still have the same response. I can supply an smb.conf if needed. I have searched the web and all of the archives I know of and only found one unanswered newsgroup message that had the same problem. I could truly use some help as I've spent about 6 (work) hours looking for the answer to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem printing long files
Hi, I have Samba 2.2.5 installed on a 1.5.3 NetBSD. A HP LaserJet 4000 is connected to this box. Printing works fine for most files, but long files only have the first 15 pages or so printed. I don't think it's a problem with the client program since this appends with both Word and Acrobat. JL -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] is trust relationship working/implemented?
Does anybody know if domain trust relationships are implemented and/or working with samba 2.2.x or samba 3.x? Specifically, what about: samba-samba, samba-NT and samba-win2k? Any pointers to some documentation? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Swat shows smbd as not running when it is and had workedfinethe day before.
I've answered my own question, I had changed the interfaces line in the Globals section to include a comma between the separate interfaces as is shown in some of the How-To's and/or documentation available. I replaced the comma with a space and now it is working fine. Ed Asbury [EMAIL PROTECTED] wrote in message b2thu5$h28$[EMAIL PROTECTED]">news:b2thu5$h28$[EMAIL PROTECTED]... What have I done wrong? Swat consistently shows the smbd daemon as not running (when it indeed is). It shows the nmbd daemon as running and everything else is working fine. What setting, where, have I messed up. I turned off all firewalling to see if that was the problem and still have the same response. I can supply an smb.conf if needed. I have searched the web and all of the archives I know of and only found one unanswered newsgroup message that had the same problem. I could truly use some help as I've spent about 6 (work) hours looking for the answer to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind joining domain problem
Over the past Month or so I've been having a hellaciously annoying problem with Samba and Winbind. I could joing a domin. wbinfo -t would tell me I had a good secret but when I did wbinfo -u it would only give me users from a trusted domain. From my own domain I'd just get some hex code. --- after looking up the hex code it turns out it stood for NT_STATUS_DOMAIN_NOT_FOUND or something like that. After looking through the list I found a number of suggestions. wbinfo -A username%password among them. I think that fix is only good for trying to get to an AD when you can't get user lists anonymously. I could get user names anonymously and I'm hooking up to an NT 4.0 domain. And the really annoying this is that I could see all the users from a trusted domain but not MY domain. I cannot stress just how annoying that was. So I decided to try differant versions on Samba. I tried 2.2.7, 2.2.8 and 3.0ng All of them had the exact same problem. Then I said perhaps it's the PDC. A logical though 'cause one domain works and the other doesn't. With great trepidation I restarted the PDC. This did not fix the problem. Finally I tried the samba 2.2.3 on debain - mainly because it was so easy to do that with apt-get and it gave me an excuse to learn how to use packages from differant versions of Debian. And it worked. WTF. Then I put 2.2.3 for RH 7.3 on a RH 8.0 machine and that worked too. (the print server is running RH 8.0) Finally I put it on the print server and now everything is working again. I suppose I should try building it from SRPMS but to be honest (and this is embaressing to admit) I've never actually done that so it'd be a hassel and I have a horrible feeling I'd get the same error. OK, except I don't think that deal where you can login with just a useranme instead of domain/username is implemented and samba isn't putting on the actual name of the print job just the samba name. But who cares. Anyway, I'm just writing this in case somebody is pulling their hair out like I was. 'Cause God knows I feel sorry for that person. Also, Is this a known bug? Or has something really changed in how you setup the smb.conf file so that it'd work in 2.2.3 but not in 2.2.7. I'd really like to go to a newer version but I need domain logins. Conor O'Reilly -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Worksatation Logon restriction
Marco A R Henriques schrieb: Hi ALL, I'm trying to implement a workstation logon restriction policy (where I say that a user only logon on my domain from a specific station) through Samba if u want a user specific logon restriction, u can implement with samba. if u want a machine specific restriction (ip-adress) u can implement this with samba or iptables (firewall) if u want to restrict one user to one workstation, i can't tell u, if it's possible. - i only can imagine, that u do not use domain logon, and create only one user on this client. - so u can only login with this user from this workstation. with Win 9X client machines, like Windows NT/2000 Servers. Is it possible ?!? I found on some lists diff files to implement Time logon restriction, where I say what time my user can logon on my network, but nothing about workstation time restriction. this will be possible (ip-adress) over iptables(firewall) and cron. Thanks in advance, Marco ___ Busca Yahoo! O serviço de busca mais completo da Internet. O que você pensar o Yahoo! encontra. http://br.busca.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as printserver for XP clients
I've got samba 2.27 on a RH8 system Running as windows print server and doing the print spooling for clients I've got a corrupted driver installed on the server but cannot remove it using the following: Rpcclient $deldriver driver name I get the following error: error 0xbb9! Phillip M. Bryant ITT Industries, Advanced Engineering and Sciences Network Administrator Albuquerque, NM 87120 Ph 505-889-7016 Cell 505-203-0846 MCSE 2000, NT 4.0 MCP+I If this email is not intended for you, or you are not responsible for the delivery of this message to the addressee, please note that this message may contain ITT Privileged/Proprietary Information. In such a case, you may not copy or deliver this message to anyone. You should destroy this message and kindly notify the sender by reply email. Information contained in this message that does not relate to the business of ITT is neither endorsed by nor attributable to ITT. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: So SAMBA no longer supports print driver downloads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 17 Feb 2003, Christopher Odenbach wrote: Have you already found any time to look into this? Any efforts? I think there are quite a lot of people waiting for this. I'm working on it today. compiling SAMBA_2_2 as i write. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+UnFbIR7qMdg1EfYRAh0ZAJ43q3FgJ5s/VIttT9TI7ty0fqW9MACgvsaX AN476+/KsM2hloNgpEfcIeM= =7JRX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[samba] windows client use Linux printer
Hi, Well, my previous attempt to get info on that matter was lame and therefore no one replied. Here is a second attempt. I need info about how to configure samba server and the windows (2000) client to use a printer on the samba server machine. I read the article: http://de.samba.org/samba/ftp/docs/htmldocs/Samba-HOWTO-Collection.html#AEN833 but all I got from it was confusion. I need a simple step by step explanation. By the way, you can review details of my attempt on the message I posted a few days ago to this same list titled: [samba] Help request setting w2000 to use Lexmark z25 printer on Linux RH7.3 running samba. -- Thanks for your effort and good will. David Harel, == Home office +972 4 6921986 Fax:+972 4 6921986 Cellular: +972 54 534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] mapping printers from 2K and XP
Hi, I've got my Samba 2.2.7 PDC configured on RedHat 8. Everything is working as expected. Well, almost... The only problem I'm having right now is that windows 2K and xp clients always display the Samba printer with status = error. Even so, they print correctly. Any clues? Thanks, Demian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba]
TEXTAREA NAME=Signature ROWS=4 COLS=60TEXTAREA NAME=Signature ROWS=4 COLS=60 I am trying to figure out how to set up a directory on samba to be wide open for any one to use. I have it so people have to access to the share by there user name or just type in public as a user with no password. But I want it so they don't get a user name and password prompt when trying to access it form windows. So all they have to is click on the share and they can get in to it. Any ideas would be much appreciated Thanks David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba]
David, Look in the man page for smb.conf for these options: public guest ok guest account guest only read their descriptions, and see if they work for you. Good luck, Troy David Sexton [EMAIL PROTECTED] 02/18/03 02:20PM I am trying to figure out how to set up a directory on samba to be wide open for any one to use. I have it so people have to access to the share by there user name or just type in public as a user with no password. But I want it so they don't get a user name and password prompt when trying to access it form windows. So all they have to is click on the share and they can get in to it. Any ideas would be much appreciated -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] The Big Plunge
Hola folks, After a few years of slowly phasing in various Linux and BSD platforms, the company I work for is willing to take a hard look at replacing its existing Windows NT domain controllers with a Linux/Samba combination. We only have about sixty people in our main office, but most of my experience is with smaller deployments. I'm not looking for step-by-step instructions, that's obviously my responsibility to figure out. ;) I'm looking for success stories - those of you who have successfully migrated a Windows NT domain to Samba, and how you've benefitted from the move. General questions I do have: 1. Will a Samba PDC establish trust relationships with NT PDCs? 2. What anti-virus software exists for Windows clients which will automatically grab signature updates from an internal server? 3. Do you mostly use scripts to manage users, or a GUI? 4. Is it LDAP/Samba integration possible? Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba in a High Availability Configuration
Hello, I'm sorry to post High availability oriented questions to this list, but I was wondering about some samba configuration parameters and what options are available. I am using heartbeat, and to make a long story short, i have a floating IP alias between 2 servers. (192.168.1.1 for example). When one server is serving the data, it 'has' this ip. if the server fails over, the other machine takes over the IP alias address, and starts samba. In order to make this work correctly, i have to use the 'interfaces' smb.conf option, which sets smbd to listen to only certain ip addresses. I also have bind interfaces only option on, which is required to prevent two simultaneous smbd processes from binding to the same interface IP. What I am interested in, is seamless failover, completely hidden from the client in the middle of a copy.. Hopefully, they would only see a stall in the copy.. Currently though, I get failed file operations because of the bind interfaces only option. the Bind interfaces only option requires that the 'interface' ip be 'UP' in order for samba to start correctly. This causes problems because to bring the IP address 'UP' before starting the samba server means that the client sees that there is no server processing requests on the ip for a small amount of time, which results in a failed operation. I wonder if there is a way to have samba bind only to certain IP addresses, but not require those addresses to be live at startup. Thanks for all your work in the Open Source community, -- Matt Schillinger [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Users/Machines Unable to Logon to Samba PDC
I have Samba 2.2.7 running on RedHat Linux 7.3 (kernel 2.4.18)... the system has been running just fine since the initial install four plus months ago. All of a sudden, starting this mid-morning, users are unable to logon to their Windows 2000 machines. They receive the following message: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. These same users were able to logon just fine yesterday... and some were able to logon just fine this morning... but now nobody can logon. Thinking that the computer account had gone bad for some reason, I changed the workstation from being a member of a domain to a member of a workgroup, then I deleted the account from Samba (using smbpasswd -x computer$), then from Linux (using userdel computer$). I then had the computer join the domain, and was welcomed to the domain. After reboot, the same error message. If I logon locally to the computer, I am able to map drives (using net use x: \\server\share /user:username password). I am also able to perform a net use on the server. What can I do and/or test to further determine what the problem is? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [samba] windows client use Linux printer
This is always a tricky situation. There is nothing simple about printing. It may look simple, but it is not. So, to get it done, I keep it as simple as possible. Basics: The windows client transfers the job, prefiltered, to the spool directory listed in the samba print share. Then, the command you have supplied in the samba print share is invoked to print that file. The file name is %s. Now, things are hard to follow when you get fancy and use (perhaps unknowingly) a bunch of default settings which may not be what you need. Attempting to load the drivers onto you samba server to allow easy configuration on the windows clients is also another source of error. Now, a basic question is this: Can you print from the samba server directly to your printer? lexmark does provide some nice drivers for their printers for linux, but other drivers might be available. Anyway, if you have a driver for your lexmark printer that works in linux, that means you can convert postscript files to a format your printer understands. If so, you can just use a generic postscript driver on your windows client. HP Laserjet III + works fine for me. Then, direct your printjobs to the queue that does all your other printing on the linux server, and the problem is solved. Here is what I have in my set up: This is /etc/printcap ps|z53:\ sh:sd=/var/spool/lpd/z53:mx#0:\ :lp=/dev/lp0:\ :if=/usr/local/lexmark/z53/z53.sh :mc#1 :sh: lp|LP|z53-outfiles:\ :sd=/var/spool/lpd/lp:\ :mx#0:\ :lp=/dev/lp0:\ :sh:rw: The first handles postscript jobs, the second handles jobs that are already filtered for this printer, ie, a raw queue. This raw queue is there to print test pages from the linux server, too. If you filter your jobs on your clients with the lexmark driver, you would use queue #2 (lp). If you send postscript jobs, you would use #1 (ps). Notice there is no if parameter in the raw queue. Here is my printer share definitions. I don't use the special printer share, because I don't have dozens of printer to service, and I want to be sure I know what samba is really trying to do. smb.conf: [lp] comment = Raw Printer for Z53 path = /tmp create mask = 0700 guest ok = yes hosts allow = 192.168. printable = Yes printing = lprng print command = echo %J %p %s/tmp/junkJ;\ a=`echo '%J' | sed s/^.*- //` ;\ echo This is truncated $a /tmp/junkJ;\ /usr/bin/lpr -Plp -J$a %s;\ rm %s lpq command = /usr/bin/lpq -Plp lprm command = /usr/bin/lprm -Plp %j lppause command = /usr/sbin/lpc hold -Plp %j lpresume command = /usr/sbin/lpc release -Plp %j printer name = lp share modes = No [ps] comment = Filtered for Z53 path = /tmp read only = No create mask = 0700 guest ok = yes hosts allow = 192.168. printable = Yes printing = lprng print command = echo %J %p %s/tmp/junkJ;\ a=`echo '%J' | sed s/^.*- //` ;\ echo This is truncated $a /tmp/junkJ;\ /usr/bin/lpr -Pps -J$a %s;\ rm %s lpq command = /usr/bin/lpq -Pps lprm command = /usr/bin/lprm -Pps %j lppause command = /usr/sbin/lpc hold ps %j lpresume command = /usr/sbin/lpc release ps %j share modes = No use client driver = yes Notice I state the printing system in each share, and explicitly state all commands which might be encountered. (Samba uses BSD as the default.) Actually, samba understands a few more commands than this. strings `which smbd` | grep command is interesting. When you realize that you can customize each of these commands, things start getting interesting. My print command is a bear, but it simply captures the banner page title, which is the file name in windows, and removes unnecessary garbage so your queue name looks nice (lpq) and is meaningful. Assuming that the ps queue can handle postscript files, if you just configure the ps share here on your windows client with the HP postscript driver, all should go well. Joel On Tue, Feb 18, 2003 at 08:38:49PM +0200, David Harel wrote: Hi, Well, my previous attempt to get info on that matter was lame and therefore no one replied. Here is a second attempt. I need info about how to configure samba server and the windows (2000) client to use a printer on the samba server machine. I read the article: http://de.samba.org/samba/ftp/docs/htmldocs/Samba-HOWTO-Collection.html#AEN833 but all I got from it was confusion. I need a simple step by step explanation. By the way, you can review details of my attempt on the message I posted a few days ago to this same list titled: [samba] Help request setting w2000 to use Lexmark z25
Re: [Samba]
You may need security = share in smb.conf,too. Dunno for sure. On Tue, Feb 18, 2003 at 02:40:59PM -0600, Troy.A Johnson wrote: David, Look in the man page for smb.conf for these options: public guest ok guest account guest only read their descriptions, and see if they work for you. Good luck, Troy David Sexton [EMAIL PROTECTED] 02/18/03 02:20PM I am trying to figure out how to set up a directory on samba to be wide open for any one to use. I have it so people have to access to the share by there user name or just type in public as a user with no password. But I want it so they don't get a user name and password prompt when trying to access it form windows. So all they have to is click on the share and they can get in to it. Any ideas would be much appreciated -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Winbind: login cannot find name for group ID XXXXXONLY RedHat 8
We were right. I posted the bug on Bugzilla and RedHat's solution was to upgrade glibc to the one distributed with rawhide. Version 2.3.1-46. This fixed the problem. Dave On Friday 14 February 2003 09:20 am, Chris de Vidal wrote: --- David Boynton [EMAIL PROTECTED] wrote: Short version: I think it's a problem with RedHat 8's glibc and not Samba. I've submitted a report to Bugzilla as I'm not tinkering with glibc on a server! :) And I don't know enough about glibc to tinker, either. I had a hunch it was a RedHat library problem but wasn't sure. Seems like there's alot of weird things in RH8. It's still usable, just weird little things like this all over. I'm hoping 8.1 is better. Thanks Dave, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT 4 PDC -- Linux RH 8 Samba PDC
I am looking for a way to convert all of the NT 4 domain users and account information into Samba/Linux Users and groups so that I can remove the NT 4 PDC from the system. I am replacing a few NT 4 servers with Linux servers. I have been working with getting Winbind working along with the other samba tools, however I have not found the way to move the users/groups over to Linux for full-time use. Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Users/Machines Unable to Logon to Samba PDC
Never mind... I found the problem. Actually, I caused the problem. I was removing some obsolete user IDs when I removed the guest account. Not knowing how closely tied it was to Samba. Once the ID was re-established, users (machines) were once again able to logon. So, as an FYI... the guest account is very important for machines to be able to authenticate to a Samba PDC server. - Original Message - From: Support [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 18, 2003 3:07 PM Subject: [Samba] Users/Machines Unable to Logon to Samba PDC I have Samba 2.2.7 running on RedHat Linux 7.3 (kernel 2.4.18)... the system has been running just fine since the initial install four plus months ago. All of a sudden, starting this mid-morning, users are unable to logon to their Windows 2000 machines. They receive the following message: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. These same users were able to logon just fine yesterday... and some were able to logon just fine this morning... but now nobody can logon. Thinking that the computer account had gone bad for some reason, I changed the workstation from being a member of a domain to a member of a workgroup, then I deleted the account from Samba (using smbpasswd -x computer$), then from Linux (using userdel computer$). I then had the computer join the domain, and was welcomed to the domain. After reboot, the same error message. If I logon locally to the computer, I am able to map drives (using net use x: \\server\share /user:username password). I am also able to perform a net use on the server. What can I do and/or test to further determine what the problem is? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] nmbd daemon
I wonder if anyone has any thoughts on why my nmbd daemon stops running. I checked the logs and there is nothing showing in there as to why this daemon stops. SMBD is running there just fine, but not NMBD ?? Any thoguhts? --- Ted Gervais, Coldbrook, Nova Scotia, Canada -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba in a High Availability Configuration
On 18 Feb 2003, Matt Schillinger [EMAIL PROTECTED] wrote: I'm sorry to post High availability oriented questions to this list, but I was wondering about some samba configuration parameters and what options are available. You're welcome, this is on-topic here. What I am interested in, is seamless failover, completely hidden from the client in the middle of a copy.. Hopefully, they would only see a stall in the copy.. My understanding is that this is very hard (or impossible) to do at the moment. There is a lot of complicated statefulness in the CIFS protocol (unlike, say, NFS) and so switching to another server in the middle of an operation would, at the least, require a great deal of new development work in Samba. There would need to be some kind of shared storage between the two machines holding everything the server needs to know about active connections. This would be much deeper than just what's in the tdbs. Perhaps somebody more experienced can give more details. The best you can do is allow that connection to fail and then for the client to reconnect. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem printing long files
Assuming this is a postscript printer and that your clients send postscript jobs to your server: Edit your printing command to be a nothing, sorta like: printing command = echo job %s done /tmp/jobname Then, try to read the job with gv or whatever. If the file is complete it would suggest that your printing software is acting up, not samba. Joel On Tue, Feb 18, 2003 at 08:24:05AM -0500, Jean-Luc Wasmer wrote: Hi, I have Samba 2.2.5 installed on a 1.5.3 NetBSD. A HP LaserJet 4000 is connected to this box. Printing works fine for most files, but long files only have the first 15 pages or so printed. I don't think it's a problem with the client program since this appends with both Word and Acrobat. JL -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nmbd daemon
No idea why it is stopping. I would read about nmbd (man nmbd) and up the logging level and send all the logging information to a separate file. Hmmm You aren't starting nmbd with xinetd or inetd are you? Joel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Files copied from windows box set owner to nobody;[homes] problem
Well, as I read this, you have guest ok=Yes and security=share. That means, I believe, that when a user logs onto that share, without asking a password the user is assigned the guest account, which I suppose defaults to nobody. I think you have to read about passwords and samba, about which I know almost nothing. Joel On Tue, Feb 18, 2003 at 11:47:28AM +, steve king wrote: Hello, I am using Samba 2.2.7 running on Solaris 8. I have also configured pam_smb 1.1.6 to authenticate my user against my NT domain. I have a few problems though: 1) Every time I copy a file from my NT box to one of my Samba shares the owner is set to nobody, the only way I can change this is by logging in as root on the UNIX box and using 'chown'. What am I missing? My smb.conf looks like this: #Global parameters workgroup=mydomain security=share hosts allow=localhost, unixmachine, 192.168.1. hosts deny=All [share] path=/share comment=Solaris Share guest ok=Yes read only=No I thought this might be down to the fact that I didn't have a [homes] section in my smb.conf file, which leads me onto my second problem... 2) If I add a [homes] section like this: [homes] guest account= valid users=%S read only =No create mask=0664 directory mask=0775 browseable=Yes Every time I try to access the [homes] share steve I am prompted for my username and password which are not accepted. I have tried setting security=user and security=server in the global but to no avail, the same prompt appears. I can log into the UNIX box fine by telnetting and the dt login prompt using my username and NT password so I know pam_smb is working ok. I am sure I am missing something obvious. Thanks Steve _ MSN Messenger - fast, easy and FREE! http://messenger.msn.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, rsync and a newbie sorting it out...
All, I'd like to use rsync as a way to back up Windows devices on a network, pulling data off of the Windows boxes and putting it onto a Samba share. Is this even possible? I suspect I either need some sort of rsync implementation on Windows (ha!) or I need to have Samba know to reach into the boxes and get the info for rsync-ing. Doable? A fool's errand? The setup: * In-home LAN consisting of 3-4 PCs running W2K and WXP; one FreeBSD server running SAMBA. * No PDC; everyone is on the same workgroup and everyone has equal and unfettered (no login/password and all can overwrite) access to /storage on the BSD box via Samba. Ideal situation: Designated directories on the windows boxes are rsync'd 2-3 times a day during times of low use. Alternate: The whole Windows drive is rsync'd onto a Samba share on the BSD box, once a day. Many, many thanks in advance! QK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Networking linux machines in windows environment
HI, I am a new user to this group. Presently I am doing networking linux machines in my windows network environment. I am able to access linux server from windows machines but I am not able to access linux server from linux workstation. Is samba server is enough for doing this task? Or some thing else is needed? Reply soon, Regards, Rajesh.K -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Networking linux machines in windows environment
On 19 Feb 2003, raj rajesh kalagarla [EMAIL PROTECTED] wrote: HI, I am a new user to this group. Presently I am doing networking linux machines in my windows network environment. I am able to access linux server from windows machines but I am not able to access linux server from linux workstation. Is samba server is enough for doing this task? Or some thing else is needed? You can use Samba and smbmount for this, but you might be better off using a native unix-unix protocol like NFS: http://nfs.sourceforge.net/nfs-howto/intro.html#WHAT -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] nmbd daemon
Hello, start /usr/local/samba/bin/nmdb -s /where/your/smb.confis -d 7 and post the output in /usr/local/samba/var/log.nmbd here. Mit freundlichen Gru?en Kaiser Michael -Original Message- From: Ted Gervais [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 12:57 AM To: [EMAIL PROTECTED] Subject: [Samba] nmbd daemon I wonder if anyone has any thoughts on why my nmbd daemon stops running. I checked the logs and there is nothing showing in there as to why this daemon stops. SMBD is running there just fine, but not NMBD ?? Any thoguhts? --- Ted Gervais, Coldbrook, Nova Scotia, Canada -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] home directories
Hi, I want to implement home directories for all my users on my linux box using only [homes] share. I dont want to create 1 shares for my 1 users if I have 1 users. When my users log on to his Windows and use network neighborhood to browse network I want samba to create a share which is that user's home directory on linux on the fly. Please help me with what should I put in my [homes] share and linux file system permission I should set for their home directory on linux. I aslo want to do like I usually do on W$. I have one folder called users. I share it and in users folder there are home directories for all users. I only share users directory. Any users can open users directory and see all other users' home directory but he/she cant open other users' home directories. He/She can only open his/her directory. Can I do like this on Samba? Please give me the example if possible? One more thing, there seem to be fewer Access Control options than Windows, I call it ACL in W$. Is it possible to implement ACL for any shares like ACL in W$? Thanks, Stand __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The Big Plunge
1. Will a Samba PDC establish trust relationships with NT PDCs? Yes. But I a really reccomend you have all PDCs under Samba, since my feeling is they are much stable an easier to manage than real M$ ones :-) It's an advice, you can keep your PDC under NT if you want. 2. What anti-virus software exists for Windows clients which will automatically grab signature updates from an internal server? Dunno. All users here are under W2K with Norton Anti-virus auto-update mode on... This works nicely and const about $60 USD -max price, you can get cheaper with bundle licenses. I'm thinking about replacing this costly solution and potentially risky (I need to trust Norton...) with a centralized anti-virus software on samba shares... 3. Do you mostly use scripts to manage users, or a GUI? AFAIK, there are many GUI for you convenience (SWAT or SWAT module for webmin...). I personaly prefer scripts. 4. Is it LDAP/Samba integration possible? Sure. This works really well, look at samba-ldap-tools. My 2 cents. -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] home directories
On Tue, 18 Feb 2003, Stand H wrote: Hi, I want to implement home directories for all my users on my linux box using only [homes] share. I dont want to create 1 shares for my 1 users if I have 1 users. When my users log on to his Windows and use network neighborhood to browse network I want samba to create a share which is that user's home directory on linux on the fly. Please help me with what should I put in my [homes] share and linux file system permission I should set for their home directory on linux. You need to use the pam module pam_mkhomedir.so. You will need to read your distribution's documentation on that - or do a google search. I aslo want to do like I usually do on W$. I have one folder called users. I share it and in users folder there are home directories for all users. I only share users directory. Any users can open users directory and see all other users' home directory but he/she cant open other users' home directories. He/She can only open his/her directory. Can I do like this on Samba? Please give me the example if possible? Samba is one better here, the [homes] meta-service provides just the users's home directory. One more thing, there seem to be fewer Access Control options than Windows, I call it ACL in W$. Is it possible to implement ACL for any shares like ACL in W$? Yes, if your kernel and file system have ACLs and samba has been compiled with ACL support. - John T. Thanks, Stand __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Samba processes
On Tue, 18 Feb 2003, Javid Abdul-AJAVID1 wrote: Abdul, We saw your first posting. Please be patient. Both smbd and nmbd run as root. All user interaction with the file system is done as the user who initiated the process. Please refer to the source code to see what happens. Samba has to ba able to perform a number of tasks that can be done only as root. -Original Message- From: Javid Abdul-AJAVID1 [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 18, 2003 11:18 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Samba processes Hi Am noticing smbd processes are running as root and occassionally I see a child process as userid Yep. Just curios under what circumstances the smbd runs as user id process ( unix id ) and running as root is a security risk? Please explain where the security risks are. We would appreciate your patches. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba processes
Hi Am noticing smbd processes are running as root and occassionally I see a child process as userid Just curios under what circumstances the smbd runs as user id process ( unix id ) and running as root is a security risk? Thanks in advance -Abdul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Samba processes
-Original Message- From: Javid Abdul-AJAVID1 [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 18, 2003 11:18 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Samba processes Hi Am noticing smbd processes are running as root and occassionally I see a child process as userid Just curios under what circumstances the smbd runs as user id process ( unix id ) and running as root is a security risk? Thanks in advance -Abdul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: interesting fact about StrCaseCmp
On Tue, Feb 18, 2003 at 06:23:41PM +1100, Martin Pool wrote: One little malloc() could hardly make it any worse, although I will do a test tomorrow to check. One little malloc() - I'll remind you of that quote later :-). But please do the test, that's the only way we can really be sure if it's a speedup or not. Jeremy.
XP can't enumerate user info.
Hi all, I have installed Samba 3.0 alpha 21 on my FreeBSD for a long time. I enable ACL and it works fine when I connect from Win2k client. I can add and delete acl entry. Recently, I use WinXP to connect to my server. When I try to add new ACL entry, I get a popup message to ask username/password pair. After I type it, I get nothing. No server user and group list on text box, only those default entries. I use Ethereal to get some packets and find that WinXP doesn't send any samr request to my server. Why? Best regards, Vic Hsu [EMAIL PROTECTED] 886-2-25521814 ext. 827 Synology Inc.
Re: ideas for optimizations with large groups
I've just compiled the CVS version of 2.2.x and it seems to have fixed the
problem. I'd been merrily patching each new version of Samba as it came out
;-)
Thanks,
Chris
On Tue, 18 Feb 2003 06:10:42 + [EMAIL PROTECTED] wrote:
On Wed, Mar 06, 2002 at 11:24:23AM +, Chris Wakelin wrote:
We had big problems with an upgrade to Samba 2.2.3a on Solaris 8 due
to this groups change. Samba 2.2.2 was fine, but had occassional
oplock problems (hence the desire to upgrade). We have a large number
(~1000) of (sometimes large) NIS groups.
I've patched our version of Samba 2.2.3a in lib/util_getent.c
get_users_in_group() commenting out the line :-
if (strchr(gname,*lp_winbind_separator())) {
(and the lines following the if statement) so that the old
getgrnam() calls are used instead (as they are for winbindd).
This fixes the problem for us, but I'd like strongly to support
David's suggestion that the change to using getgrent() be made a
compile-time option for Tru64 only.
It took some time, but I finally got to this, sorry :-).
Jeremy.
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--
Christopher Wakelin,[EMAIL PROTECTED]
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 6630
Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
Re: interesting fact about StrCaseCmp
Look at other parts in the code, a nice idea is to compare character by
character until the string is an ASCII one, as soon as we detect a non
ascii character we revert to the standard method and re-compare the
strings, Tridge has gained very good optimizations with this twchnique.
Simo.
On Tue, 2003-02-18 at 01:35, Martin Pool wrote:
On 18 Feb 2003, Andrew Bartlett [EMAIL PROTECTED] wrote:
Possibly only for long strings? But then that is probably
micro-optimization.
If we really cared about optimizing this function, then we would
compare character-by-character rather than converting both strings to
uppercase first. This is a bit hard for some wierd encodings I know,
but it ought to be possible to do it in charcnv.c.
The case where we compare, for example, a thousand-character string to
the empty string is ridiculously slow at the moment.
I don't know if this is a problem for Samba overall or not, so I'm not
touching it at the moment.
int StrCaseCmp(const char *s, const char *t)
{
pstring buf1, buf2;
unix_strupper(s, strlen(s)+1, buf1, sizeof(buf1));
unix_strupper(t, strlen(t)+1, buf2, sizeof(buf2));
return strcmp(buf1,buf2);
}
--
Simo Sorce - [EMAIL PROTECTED]
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
signature.asc
Description: This is a digitally signed message part
W2K, krb5 and samba-3.0alpha21
Hi,
I run a MIT KRB5 KDC and succesfully can authenticate my W2K Clients
and users against the KDC. User- and machine-data are stored in a
OpenLDAP directory server, but no passwords, as I want to make use of
Kerberos. Although I compiled samba-3.0alpha21 --with-krb5 created
a cifs/machine.domain principal and added a realm directive to
smb.conf , samba still does not obtain a ticket and therefore can't
login to my workgroup and my shares. Howe can I make samba MIT KRB5 aware and beeing
able to obtain TGT's ?
Following an excerpt from my krb5kdc log
-.-.-.-..-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 192.168.100.31(88): ISSUE: authtime
1044633988, etypes {rep=1 tkt=16 ses=1}, [EMAIL PROTECTED] for [EMAIL PROTECTED]
Feb 07 17:06:46 marin krb5kdc[999](info): AS_REQ (7 etypes {23 -133 -128 3 1 24 -135})
192.168.100.31(88): ISSUE: authtime 1044634006, etypes {rep=3 tkt=16 ses=1},
[EMAIL PROTECTED] for [EMAIL PROTECTED]
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
host/cyan.l4b.de is my W2K workstation.
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: [EMAIL PROTECTED]
http://www.schevolution.com/tour
Patches for winbindd over TCP and a failover port option
Our product uses Samba as a component. In our product we were forced to modify certain parts of Samba, namely: Winbindd running over TCP (to a remote host) Smbd listening to an additional failover port. Allow listening on non-broadcast interfaces. All these changes are very minimal. In order to comply with the GPL and provide the community with what little code we've modified, attached is the patch file between this version and Samba 3.0a20. I'm afraid we've never merged it with later versions, since they never seemed to work. I sincerely hope this helps people, Regards, Nir. -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- The poor little kittens; They lost their mittens; And now you all must die. Mew, Mew, Mew, Mew, And now you all must die. www.sluggy.com, 24/10/02
Re: Patches for winbindd over TCP and a failover port option
hi, On Tue, Feb 18, 2003 at 05:57:55PM +0200, Nir Soffer wrote: Our product uses Samba as a component. In our product we were forced to modify certain parts of Samba, namely: Winbindd running over TCP (to a remote host) this sounds very interesting. Smbd listening to an additional failover port. Allow listening on non-broadcast interfaces. All these changes are very minimal. In order to comply with the GPL and provide the community with what little code we've modified, attached is the patch file between this version and Samba 3.0a20. you have forgotten to add that patchfile :) thanks, guenther -- Guenther Deschner [EMAIL PROTECTED] SuSE Linux AGGnuPG: 8EE11688 Berliner Str. 27 phone: +49 (0) 30 / 430944778 D-13507 Berlin fax: +49 (0) 30 / 43732804 msg06182/pgp0.pgp Description: PGP signature
Re: Patches for winbindd over TCP and a failover port option
On Tue, 18 Feb 2003, Guenther Deschner wrote: you have forgotten to add that patchfile :) Note that since last month the Samba listserver has started filtering message attachments: http://lists.samba.org/pipermail/samba-technical/2003-January/041954.html Inline your patches in the message body, or make sure that your mail program flags them as content-type text/plain. Regards, -- Neil Hoggarth Departmental Computer Officer [EMAIL PROTECTED] Laboratory of Physiology http://www.physiol.ox.ac.uk/~njh/ University of Oxford, UK
REPOST: Patches for winbindd over TCP and a failover port option
Very well then - but this might seriously screw up wrapping:
Our product uses Samba as a component. In our product we were forced to modify certain
parts of Samba, namely:
Winbindd running over TCP (to a remote host)
Smbd listening to an additional failover port.
Allow listening on non-broadcast interfaces.
All these changes are very minimal.
In order to comply with the GPL and provide the community with what little code we've
modified, attached is the patch file between this version and Samba 3.0a20. I'm afraid
we've never merged it with later versions, since they never seemed to work.
There may be some other changes thrown here and there, they may or may not work.
Naturally, the usual disclaimer applies - I don't gurantee this code will work. It
might even burn your computer. Use at your own risk.
I sincerely hope this helps people,
Regards,
Nir.
=== patch ===
diff -r -u /users4/nirs/tmp/samba-3.0alpha20/source/configure.developer
./configure.developer
--- /users4/nirs/tmp/samba-3.0alpha20/source/configure.developerTue Sep 25
07:08:05 2001
+++ ./configure.developer Mon Jan 6 20:39:03 2003
@@ -1,2 +1,3 @@
#!/bin/sh
+export CFLAGS=-DWITH_FO_PORT -DWITH_WINBIND_CFG
`dirname $0`/configure --enable-developer $*
Only in ./: configure.exanet
diff -r -u /users4/nirs/tmp/samba-3.0alpha20/source/install-sh ./install-sh
--- /users4/nirs/tmp/samba-3.0alpha20/source/install-sh Wed Jul 29 06:06:48 1998
+++ ./install-shThu Feb 28 17:25:58 2002
@@ -184,7 +184,7 @@
if [ x$chowncmd != x ]; then $doit $chowncmd $dst; else true ; fi
if [ x$chgrpcmd != x ]; then $doit $chgrpcmd $dst; else true ; fi
if [ x$stripcmd != x ]; then $doit $stripcmd $dst; else true ; fi
- if [ x$chmodcmd != x ]; then $doit $chmodcmd $dst; else true ; fi
+ if [ x$chmodcmd != x ]; then $doit $chmodcmd $dst; true; else true ; fi
else
# If we're going to rename the final executable, determine the name now.
diff -r -u /users4/nirs/tmp/samba-3.0alpha20/source/lib/interface.c ./lib/interface.c
--- /users4/nirs/tmp/samba-3.0alpha20/source/lib/interface.cMon Jul 15 18:10:42
2002
+++ ./lib/interface.c Mon Jan 6 20:31:29 2003
@@ -61,8 +61,8 @@
}
if (ip_equal(nmask, allones_ip)) {
- DEBUG(3,(not adding non-broadcast interface %s\n,inet_ntoa(ip)));
- return;
+ DEBUG(3,(adding non-broadcast interface %s\n,inet_ntoa(ip)));
+ //return;
}
iface = (struct interface *)malloc(sizeof(*iface));
diff -r -u /users4/nirs/tmp/samba-3.0alpha20/source/nsswitch/wb_common.c
./nsswitch/wb_common.c
--- /users4/nirs/tmp/samba-3.0alpha20/source/nsswitch/wb_common.c Thu Sep 26
22:38:34 2002
+++ ./nsswitch/wb_common.c Mon Jan 6 20:39:03 2003
@@ -27,6 +27,15 @@
#include winbind_nss_config.h
#include winbindd_nss.h
+#ifdef WITH_WINBIND_CFG
+#include sys/types.h
+#include sys/socket.h
+#include arpa/inet.h
+#include fcntl.h
+
+#define WINBIND_CFG /etc/winbind.cfg
+#endif /* WITH_WINBIND_CFG */
+
/* Global variables. These are effectively the client state information */
int winbindd_fd = -1; /* fd for winbindd socket */
@@ -146,6 +155,60 @@
/* Connect to winbindd socket */
+#ifdef WITH_WINBIND_CFG
+int winbind_open_tcp_sock(int tcpport, char *ip)
+{
+struct sockaddr_in servaddr;
+
+if (winbindd_fd != -1) {
+return winbindd_fd;
+}
+
+bzero(servaddr, sizeof(servaddr));
+servaddr.sin_port = htons(tcpport);
+servaddr.sin_family = AF_INET;
+
+if ((winbindd_fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
+ perror(socket);
+return -1;
+ }
+
+inet_pton(AF_INET, ip, servaddr.sin_addr);
+free(ip);
+
+if (connect (winbindd_fd, (struct sockaddr *) servaddr, sizeof(servaddr)) !=0 ) {
+close_sock();
+return -1;
+}
+
+ /* Return socket */
+ return winbindd_fd;
+}
+
+int read_wb_config(int *portnum, char **ip)
+{
+int fd;
+int port;
+char s[300];
+char p[50];
+
+
+if ((fd = open(WINBIND_CFG, O_RDONLY)) 0)
+ return 0;
+
+read(fd, s, 300);
+
+sscanf(s, %s %d, p, port);
+
+*portnum = port;
+
+*ip = malloc(strlen(p) + 1);
+strcpy(*ip, p);
+
+return 1;
+}
+#endif /* (ifdef WITH_WINBIND_CFG) */
+
int winbind_open_pipe_sock(void)
{
#ifdef HAVE_UNIXSOCKET
@@ -232,15 +295,23 @@
int write_sock(void *buffer, int count)
{
int result, nwritten;
-
+ int portnum;
+ char *ip;
+
/* Open connection to winbind daemon */
- restart:
+restart:
+#ifdef WITH_WINBIND_CFG
+ if (read_wb_config(portnum, ip)) {
+ if (winbind_open_tcp_sock(portnum, ip) == -1 ) {
+ return -1;
+ }
+ } else
+#endif /* WITH_WINBIND_CFG */
if (winbind_open_pipe_sock() == -1) {
return
Re: Patches for winbindd over TCP and a failover port option
On Tue, 18 Feb 2003, Guenther Deschner wrote: hi, On Tue, Feb 18, 2003 at 05:57:55PM +0200, Nir Soffer wrote: Our product uses Samba as a component. In our product we were forced to modify certain parts of Samba, namely: Winbindd running over TCP (to a remote host) This, of course, can be dangerous unless your internal network is totally separate from the outside world. I would imagine that it is in the configuration that you guys are using. Looks like Exanet is about ready to release a product :-) this sounds very interesting. Smbd listening to an additional failover port. Allow listening on non-broadcast interfaces. All these changes are very minimal. In order to comply with the GPL and provide the community with what little code we've modified, attached is the patch file between this version and Samba 3.0a20. you have forgotten to add that patchfile :) thanks, guenther -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
password quality script - pre-release
Hi,
I first want to thank *everyone* who participated in the previous
thread and when needed, took the time to add their valuable
comments.
I attached password-quality.c (it's just this part) -- I hope I
got this right -- if not let me know what to change and I'll do it.
At the end of the file, there are functions that could be move
in other files (.../source/lib/???). If you want to move anything,
let me know what to move and the destination file.
For the next few days, here's my TODO list prior to post a
release candidate patch:
- documentation: update smb.5.sgml
- Doxygen comments
- finish the simple external script I started (add change uid/gid code)
- change DEBUG() code to appropriate log level
- apply changes from your comments
- create a patch againts HEAD (it's a start!). I'll do the 2_2 / 3_0
once it's in HEAD, well I hope we will add this feature in the 2_2?
Question:
Do we want the external script to return its version number?
(Version: xyz\n)? If we ever expect a new field from the
child -- it will log bad communication.
Should the PWQUAL_PROTOCOL_VERSION be general? We could move it
later if we want?
That's about it for now, I guess!
Regards,
Pierre B.
/*
* TODO:
*
* Doxygen documentation
* change DEBUG() code to appropriate log level
*
*/
/*
Unix SMB/CIFS implementation.
Samba utility functions
Password Quality: Help users not to choose a weak password.
Copyright (C) Andrew Bartlett 2003
Copyright (C) Pierre Belanger 2003 ([EMAIL PROTECTED])
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include includes.h
/* Increment when making changes in the communication protocol */
#define PWQUAL_PROTOCOL_VERSION 1
static void gotalarm_sig(void);
static uint32 ascii2hex(char ascii);
static int ZEROxStr2uint32(char *strx, uint32 *hex32);
static NTSTATUS password_quality_script(SAM_ACCOUNT *hnd, char *new_passwd);
static BOOL strhasctrl(const char *str);
static NTSTATUS pre_chk(const char *username,const char *fullname,char *new_pw);
static int gotalarm;
/***
Signal function to tell us we timed out.
/
static void gotalarm_sig(void)
{
gotalarm = 1;
}
/**
Main function to catch weak new passwords
**/
NTSTATUS password_quality(SAM_ACCOUNT *hnd, char *new_password)
{
NTSTATUS ntstatusresult;
ntstatusresult = password_quality_script(hnd, new_password);
if (!NT_STATUS_IS_OK(ntstatusresult)) {
DEBUG(0,(user %s could not change password NTSTATUS=0x%0.8x\n,
pdb_get_username(hnd), ntstatusresult.v));
return ntstatusresult;
}
/* Add other supports here if needed */
DEBUG(0,(user %s changed password\n, pdb_get_username(hnd)));
return(ntstatusresult);
}
/**
Run the password quality script
**/
static NTSTATUS password_quality_script(SAM_ACCOUNT *hnd, char *new_passwd)
{
int fd1[2], fd2[2];
char *cmdname;
const char *username, *fullname;
pid_t child_pid;
NTSTATUS ntprerun;
/* check if command is configured */
cmdname = lp_password_quality_script();
if (!cmdname || (*cmdname == '\0'))
return NT_STATUS_OK;
username = pdb_get_username(hnd);
fullname = pdb_get_fullname(hnd);
/* pre-run security check */
ntprerun = pre_chk(username, fullname, new_passwd);
if (! NT_STATUS_EQUAL(ntprerun, NT_STATUS_OK)) {
return ntprerun;
}
if (pipe(fd1) || pipe(fd2)) {
DEBUG(0,(could not create pipes\n));
return NT_STATUS_ACCESS_DENIED;
}
CatchChildLeaveStatus();
child_pid = sys_fork();
if (child_pid 0) {
CatchChild();
close(fd1[0]); close(fd1[1]);
close(fd2[0]); close(fd2[1]);
DEBUG(0,(could not fork\n));
return NT_STATUS_ACCESS_DENIED;
Re: password quality script - pre-release
Shot me -- I added one line just before sending my previous mail. If you intend to compile it on your own, change prresult to presult line #261. I'm actually thinking to leave that line there, with a higher log level. Voila. Pierre B.
RE: Annoying Minor Bug In Winbind 2.2.x
It's probably a line count thing. The head of the patch contains a certain
range of lines that the patch should apply to. If you truncated the patch at
the bottom, the header could be telling patch it needs to add, for example,
30 lines, while the patch text only contains 28.
Go back to the email and copy/paste lines from the email into your patch
file at the bottom, down to but not including the two dashes above Martin's
signature, and see if that helps. That line of stars is part of the patch,
and maybe a few blank lines below it. Make the part of the patch at the
bottom, below the lines with the plus signs, match what is already in the
target file.
-Original Message-
From: Boyce, Nick [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 18, 2003 2:58 PM
To: [EMAIL PROTECTED]
Cc: 'Martin Pool'
Subject: RE: Annoying Minor Bug In Winbind 2.2.x
On 18 Feb 2003, Martin Pool wrote :
Jeremy already committed my patch to SAMBA_2_2 CVS.
Here's the patch.
Index: util_sock.c
===
RCS file: /data/cvs/samba/source/lib/util_sock.c,v
retrieving revision 1.16.4.36
retrieving revision 1.16.4.37
diff -u -u -p -r1.16.4.36 -r1.16.4.37
[snip]
I'm sorry - I'm probably doing something dumb, but I still
get failures even
with this patch - first, if I save the patch as it appeared
in my Outlook
window, then line 25 consists of a single left brace char,
which results in
:
MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c
patch-util_sock-20030218
patching file util_sock.c
patch: malformed patch at line 25: {
So assuming line-wrap did something Bad to that line, I
edited the patch
file to stick that line onto the end of line 24, resulting in :
MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c
patch-util_sock-20030218
patching file util_sock.c
Hunk #1 FAILED at 1021.
1 out of 1 hunk FAILED -- saving rejects to file util_sock.c.rej
and I don't know enough about what I'm looking at to figure it out.
In general the best thing to do now is leave the main diff
alone, and
only work on the rejected parts in the .rej file.
Basically you need
to work out why patch thinks the 2.2 source file doesn't
look like the
before version of the rejected patch.
OK - hang on ... right, it seems the real original 2.2.7a
util_sock.c really
*does* have the { on line 25 all by itself - but since that gave me
malformed patch, I assume the patch needs a rediff ???
Here goes :
MYBOX:/usr/local/src/samba-2.2.7a/source/lib# rediff
patch-util_sock-20030218.orig patch-util_sock-20030218
Index: util_sock.c
===
RCS file: /data/cvs/samba/source/lib/util_sock.c,v
retrieving revision 1.16.4.36
retrieving revision 1.16.4.37
diff -u -u -p -r1.16.4.36 -r1.16.4.37
rediff: Not supported: -{
OK - I give up for now ... hlp :(
[sorry .. for all this trouble over such a minor thing]
Nick Boyce
EDS Southwest Solution Centre, Bristol, UK
-Original Message-
From: 'Martin Pool' [mailto:[EMAIL PROTECTED]]
Sent: 17 February 2003 23:08
To: Boyce, Nick
Cc: [EMAIL PROTECTED]
Subject: Re: Annoying Minor Bug In Winbind 2.2.x
Oh, Jeremy already committed my patch to SAMBA_2_2 CVS. Here's the
patch.
Index: util_sock.c
===
RCS file: /data/cvs/samba/source/lib/util_sock.c,v
retrieving revision 1.16.4.36
retrieving revision 1.16.4.37
diff -u -u -p -r1.16.4.36 -r1.16.4.37
--- util_sock.c 26 Aug 2002 20:07:13 - 1.16.4.36
+++ util_sock.c 7 Feb 2003 22:04:37 - 1.16.4.37
@@ -1021,102 +1021,97 @@ char *get_socket_addr(int fd)
/***
Create protected unix domain socket.
- some unixen cannot set permissions on a ux-dom-sock, so we
+ Some unixes cannot set permissions on a ux-dom-sock, so we
have to make sure that the directory contains the protection
- permissions, instead.
+ permissions instead.
**/
+
int create_pipe_sock(const char *socket_dir,
- const char *socket_name,
- mode_t dir_perms)
+ const char *socket_name,
+ mode_t dir_perms)
{
-struct sockaddr_un sunaddr;
-struct stat st;
-int sock;
-mode_t old_umask;
-pstring path;
-
-/* Create the socket directory or reuse the existing one */
-
-if (lstat(socket_dir, st) == -1) {
-
-if (errno == ENOENT) {
-
-/* Create directory
Re: interesting fact about StrCaseCmp
In the embedded/real time world, malloc() and friends are strongly deprecated as you can't predict how long they will take. They have to go through a linked list of unknown length and may even start a garbage collection. If StrCaseCmp() is really that sensitive w.r.t. processor cycles, you better keep the malloc()ed buffers between the calls and increase their size (by calling free() and malloc(), not realloc()) if the strings to be compared do not fit. (well, if the string lengths are really not limited, this may turn out as a memory leak...) Ludolf On 18 Feb 2003 at 8:04, [EMAIL PROTECTED] wrote: On Tue, Feb 18, 2003 at 06:23:41PM +1100, Martin Pool wrote: One little malloc() could hardly make it any worse, although I will do a test tomorrow to check. One little malloc() - I'll remind you of that quote later :-). But please do the test, that's the only way we can really be sure if it's a speedup or not. Jeremy. --- Ludolf Holzheid Tel:+49 621 339960 Bihl+Wiedemann GmbH Fax:+49 621 3392239 Flosswoerthstrasse 41 e-mail: [EMAIL PROTECTED] D-68199 Mannheim, Germany ---
Re: interesting fact about StrCaseCmp
On Tue, Feb 18, 2003 at 10:49:28PM +0100, Ludolf Holzheid wrote: In the embedded/real time world, malloc() and friends are strongly deprecated as you can't predict how long they will take. They have to go through a linked list of unknown length and may even start a garbage collection. Indeed. That's why I made the One little malloc() joke :-). Jeremy.
net ads join core dump in ldap_get_values_len
Hello, I am using 3.0a21. If I use kinit user@DOMAIN with a user that does not have privilege to join a machine into the domain, I get core dump using net ads join. This happens when the computer account does not exist in the domain. If the computer account exists in the domain, I get the following which is perfectly fine: [2003/02/18 13:51:59, 0] libads/ldap.c:ads_join_realm(1325) Host account for chere-2 already exists - deleting old account [2003/02/18 13:51:59, 0] libads/ldap.c:ads_join_realm(1329) Failed to delete host 'chere-2' from the 'ZHOU.COM' realm. ads_join_realm: Insufficient access The net ads join core dump shows: Assertion failed: (entry != NULL), function ldap_get_values_len, file getvalues.c, line 93. Abort (core dumped) A gdb back trace is: #0 0x28455cff in kill () from /usr/lib/libc.so.5 #1 0x284a7e32 in abort () from /usr/lib/libc.so.5 #2 0x2848600f in __assert () from /usr/lib/libc.so.5 #3 0x28252de1 in ldap_get_values_len () from /usr/local/lib/libldap.so.2 #4 0x814b9d3 in ads_pull_sid (ads=0x8249380, msg=0x0, field=0x819b0a1 objectSid, sid=0xbfbff518) at libads/ldap.c:1598 #5 0x814b542 in ads_set_machine_sd (ads=0x8249380, hostname=0x81b9b90 chere-2, dn=0x81f0440 cn=chere-2,cn=Computers,dc=ZHOU,dc=COM) at libads/ldap.c:1431 #6 0x814a7ec in ads_add_machine_acct (ads=0x8249380, hostname=0x81b9b90 chere-2, org_unit=0x8165ca8 Computers) at libads/ldap.c:1085 #7 0x814b015 in ads_join_realm (ads=0x8249380, hostname=0x81b9a30 CHERE-2, org_unit=0x8165ca8 Computers) at libads/ldap.c:1334 #8 0x806d945 in net_ads_join (argc=0, argv=0x81b906c) at utils/net_ads.c:648 #9 0x806b196 in net_run_function (argc=1, argv=0x81b9068, table=0xbfbff7e0, usage_fn=0x806c1f0 net_ads_usage) at utils/net.c:97 #10 0x806e6dc in net_ads (argc=1, argv=0x81b9068) at utils/net_ads.c:1040 #11 0x806b196 in net_run_function (argc=2, argv=0x81b9064, table=0x819ee94, usage_fn=0x806f3fc net_help) at utils/net.c:97 #12 0x806c17b in main (argc=3, argv=0xbfbffb5c) at utils/net.c:555 #13 0x806b035 in _start () I have some problems building cvs version on my platform. So I want to know if this is fixed in cvs. fixed means it returns a meaningful message instead of core dump. If yes, please point me to the place I should look at. Thanks a lot ! Chere
Hi.
(i also sent this mail to samba-bugs (address posted in README) Hi. I recently downloaded samba-3.0alpha21, because I had an integration with windows 2003 Active Directory project. I am trying to use smbclient to authenticate to the Active Directory schema via Kerberos. I am able to log in and create a computer account on the PDC, but when I try to connect to a share with smbclient via the -k switch, i first recieve NT_STATUS_ACCESS_DENIED. I then rebooted the PDC and tried again. The next error I recieved was: NT_STATUS_MORE_PROCESSING_REQUIRED . That is where it is stuck. It adds the interface, spnego session gets setup, and kerberos session starts up with OS version of PDC, but then gets halted at the aorementioned error. If you can and have the time, can you please write me back and let me know if you have any possible suggestions or workarounds. Thanks :) P.S. By the way, Samba has revolutionized file and print services for linux. I and the rest of the Linux community commends you for the package :) Prashant. [EMAIL PROTECTED]
Re: Annoying Minor Bug In Winbind 2.2.x
On 18 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: I'm sorry - I'm probably doing something dumb, but I still get failures even with this patch - first, if I save the patch as it appeared in my Outlook window, then line 25 consists of a single left brace char, which results in : You can also download the patch from here http://pserver.samba.org/cgi-bin/cvsweb/samba/source/lib/util_sock.c.diff?r1=1.16.4.36r2=1.16.4.37 In general you can try using view source to get a version that's not folded/spindled/mutilated by Outlook, or the very cool unwrapdiff to try to fix the line wrapping. Thanks for persisting. -- Martin
SMB_QUERY_FILE_ALL_INFO not correct in SNIA spec?
Good evening ladies and gents, The SNIA definition of the data required for SMB_QUERY_FILE_ALL_INFO does not appear to be correct. Furthermore, Ethereal's interpretation does not seem right, either. Here's what SNIA says: TIME CreationTime; TIME LastAccessTime; TIME LastWriteTime; TIME ChangeTime; ULONG Attributes; // SNIA says USHORT; Ethereal says ULONG LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; ULONG NumberOfLinks; UCHAR DeletePending; UCHAR Directory; LARGE_INTEGER IndexNumber; ULONG EaSize; ULONG AccessFlags; LARGE_INTEGER IndexNumber1; // mistake in SNIA spec? LARGE_INTEGER CurrentByteOffset; ULONG Mode; ULONG AlignmentRequirement; ULONG FileNameLength; STRING FileName[]; After poking around with a sniffer, here is what I think it looks like: TIMECreationTime; TIMELastAccessTime; TIMELastWriteTime; TIMEChangeTime; ULONG Attributes; ULONG Pad1; // assumed LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; ULONG NumberOfLinks; UCHAR DeletePending; UCHAR Directory; USHORT Pad2; // assumed ULONG EaSize; ULONG FileNameLength; STRING FileName[]; This is simply the concatenation of Basic Info, Standard Info (plus padding, Pad2, which is not in the SNIA spec), EA Info, and File Name Info. There is no sign of the rest of the information (internal file system index numbers, open-file information) being present. In my test I used a Win 2000 client, a Win 2000 server, and used SMB_COM_QUERY_FILE_INFORMATION (by fid, not by path). My questions: 1) Can anyone else confirm my interpretation? 2) Are there server-dependent variations on the format? thanks all for your time and best regards, Joey.
Re: SMB_QUERY_FILE_ALL_INFO not correct in SNIA spec?
On Tue, 18 Feb 2003, Joey Collins wrote: The SNIA definition of the data required for SMB_QUERY_FILE_ALL_INFO does not appear to be correct. Furthermore, Ethereal's interpretation does not seem right, either. That is quite possible. We often rely on the SNIA doc, and then change things if they don't look quite right. I recall messing with one of the QUERY_FILE info levels because the attributes displayed were clearly wrong. Here's what SNIA says: TIME CreationTime; TIME LastAccessTime; TIME LastWriteTime; TIME ChangeTime; ULONG Attributes; // SNIA says USHORT; Ethereal says ULONG LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; ULONG NumberOfLinks; UCHAR DeletePending; UCHAR Directory; LARGE_INTEGER IndexNumber; ULONG EaSize; ULONG AccessFlags; LARGE_INTEGER IndexNumber1; // mistake in SNIA spec? LARGE_INTEGER CurrentByteOffset; ULONG Mode; ULONG AlignmentRequirement; ULONG FileNameLength; STRING FileName[]; After poking around with a sniffer, here is what I think it looks like: TIMECreationTime; TIMELastAccessTime; TIMELastWriteTime; TIMEChangeTime; ULONG Attributes; ULONG Pad1; // assumed LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; ULONG NumberOfLinks; UCHAR DeletePending; UCHAR Directory; USHORT Pad2; // assumed ULONG EaSize; ULONG FileNameLength; STRING FileName[]; One wonders why they needed a ULONG Pad in there. Perhaps it is just something we don't understand as yet. This is simply the concatenation of Basic Info, Standard Info (plus padding, Pad2, which is not in the SNIA spec), EA Info, and File Name Info. There is no sign of the rest of the information (internal file system index numbers, open-file information) being present. In my test I used a Win 2000 client, a Win 2000 server, and used SMB_COM_QUERY_FILE_INFORMATION (by fid, not by path). My questions: 1) Can anyone else confirm my interpretation? If you can send us a capture, we can look at it to see if we agree with your interpretation, and perhaps modify Ethereal as well. 2) Are there server-dependent variations on the format? There should not be any server-dependent variations that cannot be determined by looking at WordCount or Protocol Dialect. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: SMB_QUERY_FILE_ALL_INFO not correct in SNIA spec?
Richard Sharpe wrote: On Tue, 18 Feb 2003, Joey Collins wrote: : My questions: 1) Can anyone else confirm my interpretation? If you can send us a capture, we can look at it to see if we agree with your interpretation, and perhaps modify Ethereal as well. Before modifying Ethereal there will likely be more testing done... 2) Are there server-dependent variations on the format? There should not be any server-dependent variations that cannot be determined by looking at WordCount or Protocol Dialect. ...but this is CIFS we're talking about. There are bugs introduced by different implementations. Mike Allen was able to show that W2K's WINS implementation returns invalid packets in several instances. If you are careful, you can interpret them correctly, but it really helps to know that some servers have specific quirks. Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
RE: Samba and PPP
Hello!
Could anyone of you tell me, how to configure my Samba
server to work with
PPP interfaces?
I have an Amiga machine running Samba v2.0.7. And a Windoze95 PC
connected to it via null-modem cable.
The problem is: Samba ignores all non-broadcast interfaces.
So smbd and
nmbd just do not sit on ppp0 interface, so PC can't connect
to Samba. Also
smbclient can't find my PC by name (i have to specify an -I
option), because
it ignores ppp0 too.
After examining a source code, i found the following procedure:
--- cut ---
static void add_interface(struct in_addr ip, struct in_addr nmask)
{
struct interface *iface;
if (iface_find(ip)) {
DEBUG(3,(not adding duplicate interface
%s\n,inet_ntoa(ip)));
return;
}
if (ip_equal(nmask, allones_ip)) {
DEBUG(3,(not adding non-broadcast interface
%s\n,inet_ntoa(ip)));
return;
}
iface = (struct interface *)malloc(sizeof(*iface));
if (!iface) return;
ZERO_STRUCTPN(iface);
iface-ip = ip;
iface-nmask = nmask;
iface-bcast.s_addr = MKBCADDR(iface-ip.s_addr,
iface-nmask.s_addr);
DLIST_ADD(local_interfaces, iface);
DEBUG(2,(added interface ip=%s ,inet_ntoa(iface-ip)));
DEBUG(2,(bcast=%s ,inet_ntoa(iface-bcast)));
DEBUG(2,(nmask=%s\n,inet_ntoa(iface-nmask)));
}
--- cut ---
My interfaces are:
--- cut ---
16.System: ifconfig
lo0: flags=C9UP,LOOPBACK,RUNNING,NOARP MTU=1536
inet 127.0.0.1 netmask FF00
Hardware type: Loopback
eth0:
flags=4863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,SANA MTU=1500
inet 10.4.20.98 netmask FFFC broadcast 10.4.20.99
Hardware type: Ethernet, address: 0:80:ad:c6:be:75
ppp0:
flags=40F1UP,POINTOPOINT,NOTRAILERS,RUNNING,NOARP,SANA MTU=1500
inet 192.168.255.254 -- 192.168.255.253 netmask
Hardware type: PPP
Use ifconfig -h for usage.
16.System:
--- cut ---
PC has IP 192.168.255.253.
When i try to specify a 255.255.255.252 (FFFC) netmask
for ppp0, Samba
adds ppp0 to the list of interfaces, but the interface just
does not pass
broadcasts.
What's wrong? How to solve my problem?
Pavel,
I had this running on my A1200 some years ago.
I think you could solve this problem with simple stuff as adding an
lmhost file spesifying all host in your lan.
Broadcast are not in theory needed for operation.
There is also further mechanisms such an WINS that might help you with this issue.
Using IP based resolution should also work.
Are you sure your nmbd is running fine.
The old versions (on aminet) have some issues.
Try get the newest gcc based ports by Olaf (2.2.5 available also), nmbd is more stable
here.
Best of luck Pavel.
--
Ulf
Re: SMB_QUERY_FILE_ALL_INFO not correct in SNIA spec?
On Tue, 18 Feb 2003 22:30:44 -0800 (PST) Richard Sharpe [EMAIL PROTECTED] wrote: On Tue, 18 Feb 2003, Joey Collins wrote: The SNIA definition of the data required for SMB_QUERY_FILE_ALL_INFO does not appear to be correct. Furthermore, Ethereal's interpretation does not seem right, either. That is quite possible. We often rely on the SNIA doc, and then change things if they don't look quite right. I recall messing with one of the QUERY_FILE info levels because the attributes displayed were clearly wrong. When I tried this it caused delayed blue screen in NT 4 w/ Unicode. I remember it well because I was running the client from Linux via exceed on the NT machine I was killing and it took me a couple times to realize what was happening. More evidence that if you see NT avoids an otherwise useful command (e.g. SMB_COM_COPY) it probably doesn't work. Mike -- A program should be written to model the concepts of the task it performs rather than the physical world or a process because this maximizes the potential for it to be applied to tasks that are conceptually similar and, more important, to tasks that have not yet been conceived.
Re: [Samba] RE: Samba processes
On Tue, 18 Feb 2003, Javid Abdul-AJAVID1 wrote: Abdul, We saw your first posting. Please be patient. Both smbd and nmbd run as root. All user interaction with the file system is done as the user who initiated the process. Please refer to the source code to see what happens. Samba has to ba able to perform a number of tasks that can be done only as root. -Original Message- From: Javid Abdul-AJAVID1 [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 18, 2003 11:18 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Samba processes Hi Am noticing smbd processes are running as root and occassionally I see a child process as userid Yep. Just curios under what circumstances the smbd runs as user id process ( unix id ) and running as root is a security risk? Please explain where the security risks are. We would appreciate your patches. - John T. -- John H Terpstra Email: [EMAIL PROTECTED]
Samba processes
Hi Am noticing smbd processes are running as root and occassionally I see a child process as userid Just curios under what circumstances the smbd runs as user id process ( unix id ) and running as root is a security risk? Thanks in advance -Abdul
RE: Samba processes
-Original Message- From: Javid Abdul-AJAVID1 [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 18, 2003 11:18 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Samba processes Hi Am noticing smbd processes are running as root and occassionally I see a child process as userid Just curios under what circumstances the smbd runs as user id process ( unix id ) and running as root is a security risk? Thanks in advance -Abdul
RE: [Samba] RE: Samba processes
Thanks John Wondering y some smbd client connections show up as userid though parent is root not all client connections are show up as root. Is there a way to know when a client connection from windows side will shoup as root or user id. Thanks again -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 18, 2003 1:49 PM To: Javid Abdul-AJAVID1 Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] RE: Samba processes On Tue, 18 Feb 2003, Javid Abdul-AJAVID1 wrote: Abdul, We saw your first posting. Please be patient. Both smbd and nmbd run as root. All user interaction with the file system is done as the user who initiated the process. Please refer to the source code to see what happens. Samba has to ba able to perform a number of tasks that can be done only as root. -Original Message- From: Javid Abdul-AJAVID1 [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 18, 2003 11:18 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Samba processes Hi Am noticing smbd processes are running as root and occassionally I see a child process as userid Yep. Just curios under what circumstances the smbd runs as user id process ( unix id ) and running as root is a security risk? Please explain where the security risks are. We would appreciate your patches. - John T. -- John H Terpstra Email: [EMAIL PROTECTED]
Re: Forgot how to install Samba
No need to ask for forgiveness, I asked same questions when linking SAMBA 2.0.6. Don't know about your SYS$INPUT problem, but .exe_axp extension files are indeed executables, as OpenVMS doesn't need .exe extension for the executable files. Also are you linking SAMBA 2.0.6, or later. Frontport is not required for newer versions 2.2.4 or later. Kindly try to give at least version of your SAMBA in questions, it helps. Regards, Naveed - Original Message - From: J M [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 18, 2003 3:04 AM Subject: Forgot how to install Samba I have installed frontport and when I @LINK_SAMBA_VMS.com it builds all the files with the .exe_axp extension. Please forgive my ignorance (it has been over a year), what do I do next? I could not find it in the documentation. I believe this may be why I get: Error opening primary input file SYS$INPUT File not found Thank you and forgive me. __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
installing samba
I believe it is 2.0.6. I have copied the linked files to bin.alpha. Do I need to do anything else (my logicals are present)? No need to ask for forgiveness, I asked same questions when linking SAMBA 2.0.6. Don't know about your SYS$INPUT problem, but .exe_axp extension files are indeed executables, as OpenVMS doesn't need .exe extension for the executable files. Also are you linking SAMBA 2.0.6, or later. Frontport is not required for newer versions 2.2.4 or later. Kindly try to give at least version of your SAMBA in questions, it helps. Regards, Naveed - Original Message - From: J M [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 18, 2003 3:04 AM Subject: Forgot how to install Samba I have installed frontport and when I @LINK_SAMBA_VMS.com it builds all the files with the .exe_axp extension. Please forgive my ignorance (it has been over a year), what do I do next? I could not find it in the documentation. I believe this may be why I get: Error opening primary input file SYS$INPUT File not found __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
How do I join a windows 2000 domain?
I remember in Windows NT I just went to the server manager. But how to I join Windows 2000. Then I believe I can simply run @samba_startup.com and when nmbd starts it will create the machine.sid, etc. Is this wrong? Samba version indicates it is nmbd 2.0.6 with sh system/process=nmbd* Thanks. __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
CVS update: sambaweb
Date: Tue Feb 18 11:52:17 2003 Author: mimir Update of /home/cvs/sambaweb In directory dp.samba.org:/tmp/cvs-serv1436 Modified Files: samba.html Log Message: Date formatting fix with blessing from ab :) Rafal Revisions: samba.html 1.178 = 1.179 http://www.samba.org/cgi-bin/cvsweb/sambaweb/samba.html?r1=1.178r2=1.179
CVS update: samba/source/libads
Date: Tue Feb 18 14:59:21 2003 Author: mimir Update of /home/cvs/samba/source/libads In directory dp.samba.org:/tmp/cvs-serv16320 Modified Files: ldap_printer.c Log Message: Fix of two warnings. pull_ucs2_talloc function takes char** pointer, not (here explicitly casted) void** one. Rafal Revisions: ldap_printer.c 1.15 = 1.16 http://www.samba.org/cgi-bin/cvsweb/samba/source/libads/ldap_printer.c?r1=1.15r2=1.16
CVS update: samba/source/rpc_server
Date: Tue Feb 18 18:34:48 2003 Author: jelmer Update of /home/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv22305/rpc_server Modified Files: srv_dfs.c srv_lsa.c srv_netlog.c srv_pipe.c srv_reg.c srv_samr.c srv_spoolss.c srv_srvsvc.c srv_wkssvc.c Log Message: Use the new modules stuff to load dynrpc modules. Basically this means: - calling the initialization function in the module init_module() instead of rpc_pipe_init() - calling smb_load_module() to do the dlopen(), dlsym() and init_module() calls I'll merge this to 3.0, together with the smb_load_module() function. Discussed with Anthony. Revisions: srv_dfs.c 1.11 = 1.12 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_dfs.c?r1=1.11r2=1.12 srv_lsa.c 1.85 = 1.86 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_lsa.c?r1=1.85r2=1.86 srv_netlog.c1.83 = 1.84 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_netlog.c?r1=1.83r2=1.84 srv_pipe.c 1.103 = 1.104 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_pipe.c?r1=1.103r2=1.104 srv_reg.c 1.41 = 1.42 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_reg.c?r1=1.41r2=1.42 srv_samr.c 1.142 = 1.143 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_samr.c?r1=1.142r2=1.143 srv_spoolss.c 1.76 = 1.77 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_spoolss.c?r1=1.76r2=1.77 srv_srvsvc.c1.41 = 1.42 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_srvsvc.c?r1=1.41r2=1.42 srv_wkssvc.c1.22 = 1.23 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_wkssvc.c?r1=1.22r2=1.23
CVS update: samba/source
Date: Tue Feb 18 18:43:59 2003 Author: jelmer Update of /home/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv24620 Modified Files: Makefile.in Log Message: Add -V option (to print out version) to utilities where possible (pdbedit already has a -V option..) Revisions: Makefile.in 1.619 = 1.620 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in?r1=1.619r2=1.620
CVS update: samba/source/nsswitch
Date: Tue Feb 18 18:43:59 2003 Author: jelmer Update of /home/cvs/samba/source/nsswitch In directory dp.samba.org:/tmp/cvs-serv24620/nsswitch Modified Files: wbinfo.c Log Message: Add -V option (to print out version) to utilities where possible (pdbedit already has a -V option..) Revisions: wbinfo.c1.57 = 1.58 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/wbinfo.c?r1=1.57r2=1.58
CVS update: samba/source/rpcclient
Date: Tue Feb 18 18:43:59 2003 Author: jelmer Update of /home/cvs/samba/source/rpcclient In directory dp.samba.org:/tmp/cvs-serv24620/rpcclient Modified Files: rpcclient.c samsync.c Log Message: Add -V option (to print out version) to utilities where possible (pdbedit already has a -V option..) Revisions: rpcclient.c 1.206 = 1.207 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpcclient/rpcclient.c?r1=1.206r2=1.207 samsync.c 1.30 = 1.31 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpcclient/samsync.c?r1=1.30r2=1.31
CVS update: samba/source/utils
Date: Tue Feb 18 18:43:59 2003 Author: jelmer Update of /home/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv24620/utils Modified Files: net.c ntlm_auth.c status.c Log Message: Add -V option (to print out version) to utilities where possible (pdbedit already has a -V option..) Revisions: net.c 1.69 = 1.70 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net.c?r1=1.69r2=1.70 ntlm_auth.c 1.6 = 1.7 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/ntlm_auth.c?r1=1.6r2=1.7 status.c1.81 = 1.82 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/status.c?r1=1.81r2=1.82
CVS update: samba/source/torture
Date: Tue Feb 18 18:43:59 2003 Author: jelmer Update of /home/cvs/samba/source/torture In directory dp.samba.org:/tmp/cvs-serv24620/torture Modified Files: samtest.c vfstest.c Log Message: Add -V option (to print out version) to utilities where possible (pdbedit already has a -V option..) Revisions: samtest.c 1.13 = 1.14 http://www.samba.org/cgi-bin/cvsweb/samba/source/torture/samtest.c?r1=1.13r2=1.14 vfstest.c 1.12 = 1.13 http://www.samba.org/cgi-bin/cvsweb/samba/source/torture/vfstest.c?r1=1.12r2=1.13
CVS update: samba/docs/docbook/projdoc
Date: Tue Feb 18 20:12:20 2003 Author: jelmer Update of /home/cvs/samba/docs/docbook/projdoc In directory dp.samba.org:/tmp/cvs-serv10995 Modified Files: passdb.sgml Log Message: Update introduction Revisions: passdb.sgml 1.2 = 1.3 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/passdb.sgml?r1=1.2r2=1.3
CVS update: samba/source/libsmb
Date: Tue Feb 18 20:57:29 2003 Author: jmcd Update of /home/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv23167/libsmb Modified Files: Tag: SAMBA_3_0 clikrb5.c Log Message: Sync w/HEAD - add DES_CBC_CRC encryption type Revisions: clikrb5.c 1.15.2.15 = 1.15.2.16 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/clikrb5.c?r1=1.15.2.15r2=1.15.2.16
CVS update: samba/docs/docbook/projdoc
Date: Tue Feb 18 21:12:28 2003 Author: jelmer Update of /home/cvs/samba/docs/docbook/projdoc In directory dp.samba.org:/tmp/cvs-serv25384 Modified Files: samba-doc.sgml Removed Files: ENCRYPTION.sgml Samba-LDAP-HOWTO.sgml pdb_mysql.sgml pdb_xml.sgml Log Message: Move all password database stuff to one document - hope this makes it somewhat more understandable for the user. Comments are welcome! Revisions: samba-doc.sgml 1.21 = 1.22 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/samba-doc.sgml?r1=1.21r2=1.22 ENCRYPTION.sgml 1.4 = NONE http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/ENCRYPTION.sgml?rev=1.4 Samba-LDAP-HOWTO.sgml 1.8 = NONE http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml?rev=1.8 pdb_mysql.sgml 1.4 = NONE http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/pdb_mysql.sgml?rev=1.4 pdb_xml.sgml1.2 = NONE http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/pdb_xml.sgml?rev=1.2
CVS update: samba/docs/docbook/projdoc
Date: Tue Feb 18 21:32:26 2003 Author: jelmer Update of /home/cvs/samba/docs/docbook/projdoc In directory dp.samba.org:/tmp/cvs-serv27536 Modified Files: passdb.sgml Log Message: Use sgml syntax for warnings Revisions: passdb.sgml 1.3 = 1.4 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/passdb.sgml?r1=1.3r2=1.4
CVS update: samba/docs/docbook/projdoc
Date: Tue Feb 18 21:44:34 2003 Author: jelmer Update of /home/cvs/samba/docs/docbook/projdoc In directory dp.samba.org:/tmp/cvs-serv28455 Modified Files: CVS-Access.sgml NT_Security.sgml Samba-PDC-HOWTO.sgml samba-doc.sgml Log Message: Few small cosmetic changes Revisions: CVS-Access.sgml 1.3 = 1.4 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/CVS-Access.sgml?r1=1.3r2=1.4 NT_Security.sgml1.4 = 1.5 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/NT_Security.sgml?r1=1.4r2=1.5 Samba-PDC-HOWTO.sgml1.9 = 1.10 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml?r1=1.9r2=1.10 samba-doc.sgml 1.22 = 1.23 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/samba-doc.sgml?r1=1.22r2=1.23
