[Samba] problems with logging in with w95/nt4.0: solution?
i did read in last days more and more postings with cannot login with windows 95/nt40 to samba after updating samba access denied... now one of my technican had the same problem: *) the user can login with w2k/xp/w98 *) but he cannot login with w95: access denied the reason was following: *) the user used UPPERCASE letters in the password. *) w95 did send the password as lowercase... maybe somebody helps this... gk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help needed
all exact ports arel listed in /etc/services. the ports u need where postet a view days ago in this list. please somebody correct, if i'm wrong: netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp # NETBIOS Name Service netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp # NETBIOS Datagram Service netbios-ssn 139/tcp # NETBIOS Session Service netbios-ssn 139/udp # NETBIOS Session Service and,if u need: swat901/tcp # XXX Samba Web Adminisration dharanesh dharanesh schrieb: hello i am new to Samba protocol please help. Our Client software used samba protocol If there is no firewall case , this protocol work properly from remote site. All of firwall configuration open ( this mean is all of port open ). Samba work very well, but if some constrain put in, it doesn't work. My client want to set exact port number for firewall, because he don't want to open all of port for security isseu. please give info how to configure samba on firewal. regards Dharanish _ Cricket World Cup 2003- News, Views and Match Reports. http://server1.msn.co.in/msnspecials/worldcup03/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] configure options
Hi, I have Linux Slackware 8.1 distribution. How can I determinate configure options of standard Samba installation in this distribution? Martin Swiech -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure options
I'm sorry for my wrong formulation. I mean this configuration: ./configure --with-PACKAGE --enable-FEATURE Martin Swiech On 5 Mar 2003 at 9:49, Kurt Weiss wrote: a) testparm find / -name smb.conf then vi path to smb.conf/smb.conf description: man smb.conf gk Martin Swiech schrieb: Hi, I have Linux Slackware 8.1 distribution. How can I determinate configure options of standard Samba installation in this distribution? Martin Swiech -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-LDAP PDC not calling 'add user script'
I'm on 2.2.7a It turned out to be an ACL problem. Dang, those things are touchy. ;-) Jim C. Andrew Furey wrote: add user script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g Machines -s /bin/false %u interval For some reason I cannot fathom, Samba isn't calling the script. Can anyone tell me what kinds of things might cause Samba to behave this way? Anyone know a way around it? I asked about this a few months ago, from memory. One of the developers got back to me and said the code seemed to have disappeared for some bizarre reason. I think he was going to reimplement it in a better way or something... (I ended up using winbind+nss instead, but I wasn't a PDC (or LDAP) so that probably doesn't help you...) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SCO OpenServer 5.0.6a and missing libncurses.so.4
Try going to ftp://ftp2.caldera.com/pub/skunkware/osr5/vols/, ncurses-4.2-VOLS.tar has the libs you need. - Original Message - From: Simon Hobson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 10:54 AM Subject: [Samba] SCO OpenServer 5.0.6a and missing libncurses.so.4 I've downloaded Samba 2.2.6 (binaries) from SCOs Skunkware site, but when I try and run smbclient I get a message : dynamic linker : smbclient : error opening /usr/local/lib/libncurses.so.4 Killed I've checked and there is no libncurses.so.4 (or libncurses.anything for that matter) on the system. I've also failed to find anything relevant in either the list archive or SCOs site. Could someone point me in the direction of the missing file (ie where I can get it from), and, is this specific to the OS, or would the same library from (for example) a Linux system do ? Simon -- Simon Hobson, Technical Services Engineer Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure options
On Wed, 5 Mar 2003 10:03:10 +0100 Martin Swiech [EMAIL PROTECTED] wrote: I'm sorry for my wrong formulation. I mean this configuration: ./configure --with-PACKAGE --enable-FEATURE Martin Swiech You can look in the sources for slackware. For example, using the mirror site http://www.mirror.ac.uk you can go to http://www.mirror.ac.uk/sites/ftp.slackware.com/pub/slackware/slackware-8.1/source/n/samba/samba.build and you will see the options that are given to configure when your package is built. If you have upgraded your package with the later package you can go to http://www.mirror.ac.uk/sites/ftp.slackware.com/pub/slackware/slackware-8.1/patches/source/samba/samba.build and see what is used there. Which is kind of handy. mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure options
Thans On 5 Mar 2003 at 9:31, mark wrote: On Wed, 5 Mar 2003 10:03:10 +0100 Martin Swiech [EMAIL PROTECTED] wrote: I'm sorry for my wrong formulation. I mean this configuration: ./configure --with-PACKAGE --enable-FEATURE Martin Swiech You can look in the sources for slackware. For example, using the mirror site http://www.mirror.ac.uk you can go to http://www.mirror.ac.uk/sites/ftp.slackware.com/pub/slackware/slackwar e-8.1/source/n/samba/samba.build and you will see the options that are given to configure when your package is built. If you have upgraded your package with the later package you can go to http://www.mirror.ac.uk/sites/ftp.slackware.com/pub/slackware/slackwar e-8.1/patches/source/samba/samba.build and see what is used there. Which is kind of handy. mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Ldap Samba and problems compiling
Hi, I got 2 problems :- 1. I was compiling samba-2.2.7-4.src.rpm on Redhat 8.0 system and with the option --with-pam_smbpass. It always fail when I am doing a rpmbuild -ba samba.specs. The error is similar to the person who posted on http://lists.samba.org/pipermail/samba-technical/2002-September/039415.html but no one answered him. I was also compiling with the following extra options:- --with-msdfs --with-profile --disable-static --with-ldapsam When I compile it without --with-pam_smbpass, it compiles perfectly. Any idea how I can compile pam_smbpass separately? Please give me the steps and the download site if any thanks. Or anyone can give me the solution to this? 2. My scenario is as follows:- I got 1 Netware 6.0 server running ldap. I have successfully used pam_ldap and nss_ldap on my Redhat box to query the netware server and have configured login and ssh to authenticate with the Netware 6.0. Now I have included Samba into the server. And I want the samba users to authenticate with the Netware 6.0 ldap server. I know that I have to extend the schema for the netware ldap server for samba entries but I cannot import smbpasswd into the netware 6.0 server. So this option is out. And I don't know how to input the ldap data into the netware server. Win2k machines uses different hashing for the password compared with the posixAccount password in the Netware 6.0 server. Is there any way that I can do some unhashing on the samba server when it gets the password from the login user(hidden work) and then compare that password with my netware 6.0 password? Basically I want samba users to authenticate to Netware 6.0 server. Can pam_smbpass do the job? From what I read it cannot. Please justify if it can help me. Any person out there who have successfully did it with a Netware 6.0 ldap server? Please give some solutions/ideas if you have. Samba newbie adrian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 and non-AD KDC
Hi, We've been testing Samba 3 for some time now, and we had absolutely no problems connecting it to Windows 2000 KDC, etc... Now, we're trying to push it further and have it authenticate against a non-windows KDC, and I have to admit that I am nowhere near to it. I've seen a few discussions in this list regarding exactly this issue, but I still don't get it ;-)) I have my KDC set up and it is working (I can authenticate linux users with it). I compiled Samba 3 using --with-pam_krb5 and --with-krb5 It compiles and installs correctly, no problem. My problem now is: what options can I use in smb.conf to enable this? I've used realm = MYREALM.COM, password server = mykdc.myrealm.com, I even played around with the security = ADS, which of course is not of much use if you don't have AD. And nothing I do seems to kick off kerberization of samba, it will never try to get a ticket for any user. I've tested with both XP and 2K clients. Any clues, pointers, tips are very very welcome. Thanks in advance, Nuno PS - Thanks for the great job you've been doing so far with Samba PPS - Googling for my answers is no help - whenever you search for samba kerberos or samba KDC you will always get links to the Active-Directory integration. What we want is to eliminate AD completely and have our windows boxes using our own KDC and LDAP directory. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 and non-AD KDC
On Wed, 2003-03-05 at 21:53, Nuno Pereira wrote: Hi, We've been testing Samba 3 for some time now, and we had absolutely no problems connecting it to Windows 2000 KDC, etc... Now, we're trying to push it further and have it authenticate against a non-windows KDC, and I have to admit that I am nowhere near to it. I've seen a few discussions in this list regarding exactly this issue, but I still don't get it ;-)) This is not supported at this time. We need to add some code to allow you to 'set' the member server's password, rather than doing an LDAP or RPC join, and setting it in both places. This would then require that you manually create the account in the KDC. How you then get windows machines to get the tickets etc is up to you :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot Copy File: Access is Denied, the source filemay be in use?
Jon, Check a # chmod 666 /path/file Regard's Tiago Cruz Em Sex, 2003-02-28 às 16:38, Jon Robertson escreveu: Using Samba 2.25 with Webmin interface.when copying a file from local machine (windows 2000 pro) to a mapped network drive/share on Samba. I get the error message Cannot copy filename: Access is denied. The source file may be in use. In the globals section, all users are given write permission as they are also on the individual share thanks jr -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OpenLDAP + Samba on AIX
Hi, is there anybody out ther who has experience with the above mentioned components on AIX? I want to do directory- and file-services for 350 Win-clients. I thought about doing this with Linux or Linux on pSeries, but at the moment i wonder why I should introduce a new plattform just for the above mentioned services and why not run them directly under the pSeries that´s avaiable here. Are there any experiences with that? Is it better to use Linux for that? Thank in advance. -- Regards Thorsten -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Password
Using this settings everybody that has a valid login can change their passwords. How can I allow the password change just to a few users? unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] group access
Hi, I have: -u1 belong to group1(primary group) and groupAll. -u2 belong to group2(primary group) and groupAll. -a folder called groupAll which has its permission bit to 770. Owner bit is root, Group bit is groupAll. u1 and u2 have full read and write access but can't delete other owners' files in groupAll, mean that if u1 create a file then u2 can read and write but cant delete u1's file. here is my share [groupAll] path=/groupAll valid users = @groupAll force group = groupAll .. .. Due to no delete permission on Linux how can I specify value for create mask and directory mask. All users in groupAll still can delete file or folder though I set create mask and directory mask to 700. I think users get permission from parent directory which is groupAll that why they can delete sub foler even they has no permission. Please give me suggesstion or help me to create this kind of share. thanks, Stand __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems switching from a samba 2.2.2 pdc to 2.2.7 pdc
Hi folks, today I tried to switch from a samba 2.2.2 PDC to a samba 2.2.7 PDC. Everything semed to be working fine with smbclient. Windows user couldn't log on, but with following differences: * users belonging to the domain admin group could log on from Win2k boxes * normal users couldn't log on from win2k boxes, with the usual check if you didn't mis-type username/pass error * users belonging to the domain admin group couldn't log on from NT4.0 boxes * normal users couldn't log on from NT4.0 boxes. The last two tries gave a cryptic error message, just telling that logging on didn't succed and a hint to bug you sysop. (I'm not giving the exact text, it's a german system with german errors anyway) The log.smbd file has the following lines: [2003/03/05 14:09:44, 0] smbd/server.c:main(707) smbd version 2.2.7 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2003/03/05 14:10:11, 0] lib/util_sock.c:get_socket_addr(1012) getpeername failed. Error was Transport endpoint is not connected [2003/03/05 14:10:11, 0] lib/util_sock.c:write_socket_data(499) write_socket_data: write failure. Error = Connection reset by peer [2003/03/05 14:10:11, 0] lib/util_sock.c:write_socket(524) write_socket: Error writing 4 bytes to socket 12: ERRNO = Connection reset by peer [2003/03/05 14:10:11, 0] lib/util_sock.c:send_smb(704) Error writing 4 bytes to client. -1. (Connection reset by peer) To prepare the switch, I copied over /etc/passwd, /etc/group, /etc/shadow, the smbpasswd file, smb.conf and I got the MACHINE.SID with smbpasswd -S Anybody with any idea what I missed? Cheers, Kai Blin -- Kai BlinLinux system administrator Tel: Ring-86592 Allgemeine ChirurgieUniversitaetsklinikum Tuebingen He was a fiddler, and consequently a rogue. -- Jonathan Swift -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with logging in with w95/nt4.0: solution?
On Wed, 5 Mar 2003, Kurt Weiss wrote: i did read in last days more and more postings with cannot login with windows 95/nt40 to samba after updating samba access denied... now one of my technican had the same problem: *) the user can login with w2k/xp/w98 *) but he cannot login with w95: access denied the reason was following: *) the user used UPPERCASE letters in the password. *) w95 did send the password as lowercase... maybe somebody helps this... This is a known issue. That is what the username level and password level parameters are for. This allows us to to skip around the limitations of Microsoft clients. You should also be aware that this may vary with the service pack that is installed on the Windwos client. Out of curiosity are you running plain-text or encrypted passwords? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Connection refused, access denied (Windows XP trying toconnect on samba's shared printer)
Hi, my problem is to access a shared printer with samba on my WindowsXP workstation When I browse thru my network with Explorer, I can see the shared printer. When I double-clic on the printer, Windows XP ask me if I want to install it. I choose the right driver and click OK. The installation begin and there is no error in the installation. After the installation Windows XP open the printer's printing queue to show the printer's status, but in the window's title there is this notice: Access denied, Cannot connect to printer I would like to know how I can get rid of this problem please. This work really well in Windows 98 but not on XP. Here is my smb.conf , let me know if you find something to find this problem Note: 2.2.4 is the version of samba I use Jonny [EMAIL PROTECTED] # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not many any basic syntactic errors. # #=== Global Settings = [global] # protocol protocol = NT1 # workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2 workgroup = FAXNET # server string is the equivalent of the NT Description field server string = Serveur FaxNet # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used guest account = anonyme # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. NOTE: To get the behaviour of # Samba-1.9.18, you'll need to use security = share. security = share # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents ; encrypt passwords = yes # Where to find the SSL certificates: ssl CA certDir = /etc/ssl/certs # Unix users can map to different SMB User names username map = /etc/samba/smbusers # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = # Share Definitions == [homes] comment = Home Directories browseable = no create mode = 0755 writable = yes oplocks = false [Documents] comment = Documents guest ok = yes create mask = force create mode = 0777 directory mask = force directory mode = 0777 writable = yes oplocks = false path = /u/GNIDOC [Forms] comment = Forms guest ok = yes create mask = force create mode = 0777 directory mask = force directory mode = 0777 writable = yes oplocks = false path = /u/SYS/FORMS/fondlsr/FAX [Communs] comment = Historiques communes guest ok = yes oplocks = false path = /u/histo_fax/communs [Rejets] comment = Historiques rejets browseable = no oplocks = false path = /u/histo_fax/global/rejets/no_job [Succes] comment = Historiques succes browseable = no oplocks = false path = /u/histo_fax/global/succes/no_job [Recus] comment = Recus browseable = no oplocks = false path = /u/histo_fax/global/recus/no_job [printers] comment = All Printers path = /u/spool/lpd/samba browseable = no guest ok = yes printable = yes print command = lpr -r -s -l -P%p %s -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem of access samba from rh8
Good morning Patrick, I followed your suggestions and got the same response. There was no information in the log files. I fired up ethereal and did some poking around. Here's what I found. When I enter my username and password, these packets get sent/received. SMB Negotiate Protocol Request SMB Negotiate Protocol Response SMB Session Setup AndX Request, User: My Workgroup/My User Name SMB Session Setup AndX Response SMB Tree Connect AndX Request, Path: \\My PDC\IPC$ SMB Tree Connect AndX Response LANMAN NetShareEnum Request LANMAN NetShareEnum Response Looks OK so far... TCP 33114 netbios-ssn [FIN, ACK] blah, blah TCP netbios-ssn 33114 [FIN, ACK] blah, blah TCP 33114 netbias-ssn [ACK] blah Next comes several DNS requests with the response of No such name (Why are these requests ging out to the internet?) NBNSName query NB My PDC20 NBNSName query response NB MY PDC IP address NBNSName query NBSTAT *00 NBNSName query response NBSTAT TCP 33115 netbios-ssn [SYN] blah... TCP netbias-ssn 33115 [SYN, ACK] blah... TCP 33115 netbios-ssn [ACK] blah... NBSSSession request to My PDC20 from My Linux box00 NBSSPositive session response TCP 33115 netbios-ssn [ACK] blah... SMB Negotiate protocol request SMB Negotiate protocol response *** And here is the problem *** SMB Session Setup andX Request, User: My Workgroup/GUEST OK, so how did my user name change from what I typed in and what shows up correctly above to GUEST which explains why I get the message about not having privilege to browse any shares? On 2003.03.05 06:34 Patrick Kwan wrote: HI Seteve: Are you using winbind? I havn't using it before, I have no idea about it. Or you can try to find out which part cause the problem. According your description you are access to the NT PDC box from a redhat8 box with samba and winbind running, right? Please shutdown the samba and winbind in the redhat 8 then try the following: -connect the NT PDC again, -connect the another windows client And see what happen in the %m.log file. Good luck! Patrick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2gb file size limit
On Tue, Mar 04, 2003 at 11:02:39PM -, Kristyan Osborne wrote: I think this was fixed in 2.2.7a. You will need to upgrade Thanks ! This fixes everything except for smbfs... Urban's patches for 2.4.18 seemed not to help on 2.4.20. Any way to get smbfs to support LFS ? Thanks again to everyone for your help. -- Josh Litherland ([EMAIL PROTECTED]) pgp0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password aging
Still no luck. I set 'obey pam restrictions = yes' and 'pam password change yes', I already had the 'unix password sync = yes'. I can see entries in the log like this : Mar 4 13:13:42 servername samba(pam_unix)[12225]: session opened for user username by (uid=0) Mar 4 13:14:37 servername samba(pam_unix)[12225]: session closed for users username So I'm assuming samba is working with pam. I have also successfully changed my user password via the client. I have edited /etc/shadow to expire my password in 1 day. when I log into the machine via ssh I get the messages saying my password is about to expire, but when I log onto the PC (which has joined the domain) I don't get the popup message. If my password does expire on linux/samba, I get locked out of the domain without receiving any message on the PC. (This happened to me when my password expired yesterday). I have samba and pam implemented, do I need to implement something else? Should I try implementing OpenLDAP? I don't want to implement an alpha version of samba 3.0 since this is a production environment and I can't risk having users locked out. Is there somewhere else I can look to get documentation about this? Thank you, Joseph Morin Dominion Diagnostics Andrew Bartlett [EMAIL PROTECTED] rgTo [EMAIL PROTECTED] 02/19/2003 06:12 cc PM[EMAIL PROTECTED] Subject Re: [Samba] password aging On Thu, 2003-02-20 at 07:11, [EMAIL PROTECTED] wrote: What are my options for implementing password aging using samba as my PDC ? I can set the users Linux password to expire, but it doesn't seem to propagate to their samba passwords. I absolutely need this functionality. Is OpenLDAP the answer? If you set 'obey pam restrictions = yes' and setup the correct PAM configuration files, then Samba will also honer this. You should also set 'unix password sync = yes' and 'pam password change yes' so that the password changes update the PAM backend too. Or move to Samba 3.0 (currently alpha) and use the pdb_ldap backend to store your passwords, which fully supports password expiry, based on our own 'pwdMustChange' attribute. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net (See attached file: signature.asc)-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3.0alpha22 available on samba.org mirrors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We've just posted another snapshot of the SAMBA_3_0 cvs tree for download. This is a non-production release provided for testing only. The source code can be downloaded from : http://download.samba.org/samba/ftp/alpha/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at http://download.samba.org/samba/ftp/samba-pubkey.asc Binary packages for RedHat have been released and can be found at http://download.samba.org/samba/ftp/Binary_Packages/ Others will be available as they are submitted by volunteers. A simplified version of the CVS log of updates since 3.0alpha21 can be found in the the download directory under the name ChangeLog-3.0alpha21-alpha22. The release notes follow. As always, all bugs are our responsibility. --Enjoy The Samba Team - WHATS NEW IN Samba 3.0 alpha22 4th March 2003 == This is a pre-release of Samba 3.0. This is NOT a stable release. Use at your own risk. The purpose of this alpha release is to get wider testing of the major new pieces of code in the current Samba 3.0 development tree. We have officially ceased development on the 2.2.x release of Samba and are concentrating on Samba 3.0. To reduce the time before the final Samba 3.0 release we need as many people as possible to start testing these alpha releases, and hopefully giving us some high quality feedback on what needs fixing. Note that Samba 3.0 is not feature complete yet. There is a more coding we have planned, but unless we get what we have done already more widely tested we will have a hard time doing a stable release in a reasonable time frame. Major new features: - --- - - Active Directory support. This release is able to join a ADS realm as a member server and authenticate users using LDAP/kerberos. - - Unicode support. Samba will now negotiate UNICODE on the wire and internally there is now a much better infrastructure for multi-byte and UNICODE character sets. - - New authentication system. The internal authentication system has been almost completely rewritten. Most of the changes are internal, but the new auth system is also very configurable. - - new filename mangling system. The filename mangling system has been completely rewritten. An internal database now stores mangling maps persistently. This needs lots of testing. - - new net command. A new net command has been added. It is somewhat similar to the net command in windows. Eventually we plan to replace a bunch of other utilities (such as smbpasswd) with subcommands in net, at the moment only a few things are implemented. - - Samba now negotiates NT-style status32 codes on the wire. This improves error handling a lot. - - better w2k printing support including publishing printer attributes in active directory - - new loadable RPC modules - - new dual-daemon winbindd support for better performance - - support for migrating from a Windows NT 4.0 domain - - support for establishing trust relationships with Windows NT 4.0 domain controllers Plus lots of other changes! Reporting bugs Development Discussion - --- Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. Changes in alpha22: - --- Added Parameters * client NTLMv2 auth * client lanman auth * client signing * client use spnego * max reported print jobs * msdfs proxy See cvs log for SAMBA_3_0 for complete details. There are many smaller numerous changes that would clutter the release notes. 1) remove the global_myname string and replace with wrapper function global_myname() 2) create vfs/ and pdb/ subdirectories for library installs 3) Fixup of ordered cleanup of get_dc_list() 4) Added more autoconf tests for Stratus VOS 5) Fixed nasty bug where file writes with start offsets in the range 0x8000 - 0x would fail as they were being cast from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed* types). The sign extension would cause the offset to be treated as negative. 6) Add support to automatically retrieve the dns host name and domain name of an AD server 7) Add support for PRINTER_INFO_7 and publishing printer attributes in active directory 8) Fix for 64 bit issues with oplocks and allocation size 9) Remove assert(count ==1) for multi-homed PDCs when resolving DOMAIN0x1b 10) Ensure that
[Samba] Cannot access SWAT on Redhat 8.0
Hello, I would like to use Swat to configure Samba. I installed the Redhat Samba package from samba.org and entered swat into my /etc/services file. I am frankly a little confused. I am reading O'Reily's Red Hat Linux it says to issue commands chkconfig xinetd on, chkconfig swat on, and finally xinetd reload. On the third command fails. When I try and point my browser to localhost:901 it says cannot connect. Can anyone give me some tips? Laura -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2.2.8pre2 changelog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 1 Mar 2003, Derkjan de Haan wrote: Hi, I read the changelog, and couldn't help noticing this: Changes since 2.2.8pre1 --- 8) Always use safe_strcpy not pstrcpy for malloc()'d strings 25) Merge from HEAD. Use pstrcpy not safe_strcpy. Did this change get reverted intentionally ? No. Different files. 8) was in locking.c and 25) was in msdfs.c. Just unclear in the release notes. Sorry. See http://samba.org/samba/ftp/pre/ChangeLog-2.2.8pre1-2.2.8pre2 For a file by file listing of changes. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+ZiGbIR7qMdg1EfYRAmOlAKCsuYB4v1S7fPgVPh3uMCP+oXJkYQCg1mOj lr6mNb+6AIuwniz5gXvsc8M= =r/MI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Thanks to John !
Hello List, A special thanks to Mr John Terpstra for helping me get back on the straight and narrow with an install of Samba 2.2.5 on RH8 . 1)I needed to remember the installation is linux centric, do the permission's based on linux 2)I needed authorization to access the files, if you set permission's to ''share,make share the viable choice in globals .. 3)don't create smbpasswd as a directory dooohhh 4)smbpasswd -a linux user on the command line 5) don;t do an old version! 6) read morebefore starting a hasty fix,,, 7)make sure DNS is updated- not necessarily for Samba I realize that 99% of you have done this successfully, and sorry to bend the bandwidth with redundancy. So drink a beer; Tiago, you drink a cerveza and all have a good day/night. Oh and someone should hire John, he really knows what he is doing. Adios, ciao, cheers, Regards-- Kevin McCarty CCNP CCNA #CSCO10448370 Computer Sciences Corporation Defense Sector Obstacles are those annoying little bumps that occur when you take your eyes off your goals Henry Ford -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] So what to do with oplocks?
So what is the rule of thumb on oplocks? What types of situations should the oplocks be setup how? What are possible problems that could occur? Brent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot access SWAT on Redhat 8.0
Hi Laura! I had problem the same, please I look at this link: http://www.linuxquestions.org/questions/showthread.php?s=threadid=46181highlight=swat+rh8 I wait to have been useful :-) Brazilian Regard's Tiago Cruz Em Qua, 2003-03-05 às 14:05, Laura West escreveu: Hello, I would like to use Swat to configure Samba. I installed the Redhat Samba package from samba.org and entered swat into my /etc/services file. I am frankly a little confused. I am reading O'Reily's Red Hat Linux it says to issue commands chkconfig xinetd on, chkconfig swat on, and finally xinetd reload. On the third command fails. When I try and point my browser to localhost:901 it says cannot connect. Can anyone give me some tips? Laura -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2gb file size limit
On Wed, Mar 05, 2003 at 11:55:03AM -0500, [EMAIL PROTECTED] wrote: Thanks ! This fixes everything except for smbfs... Urban's patches for 2.4.18 seemed not to help on 2.4.20. Any way to get smbfs to support LFS ? Belay that, I hadn't patched smbmount. If only I'd found this site earlier: http://www.ps.uni-sb.de/~errror/smbfs-lfs.html Thanks everyone ! -- Josh Litherland ([EMAIL PROTECTED]) pgp0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba BDC in a subnet of a Windows NT4.0 domain?
Hi, I've been playing with samba/the idea of Samba as a server for a remote location on our network. How we're setup right now is this: Windows NT 4.0 PDC/BDC/Member Server (hosting Exchange server). The PDC has file sharing for our projects directory and needs to be accessible by employees everywhere. the BDC has SQL server for accounting purposes and also needs to be accessible from everywhere. The local LAN is a 10.100.100.xxx address (the PDC being 10.100.100.1) we have a remote location on 10.100.102.xxx (an office in a different city, about a 1000 km's away) They're connected by VPN (hardware firewall) with IPSEC the remote workstations include 2 winXP machines, and 2 Win98 SE machines. right now, they login to our local PDC through the VPN, work on files remotely, etc. it's a bit slow and I'd like to help speed up what I can! Would Samba be able to function as an authentication server for the remote location as a BDC in our existing Domain- using the PDC's user/password list? And what exactly would be the most effective configuration for this in terms of samba install options/encryption/authentication modules/synchronization? (assuming Redhat distribution, probably 8.0 unless it's got some flaws that wouldn't allow for this) I'm not asking for a big walk through on every little step to configure samba, i'm asking which modules/files would best fill the role. Samba 2.2.7a --with PAM? Should LDAP be used? etc. also, i stumbled across this on microsofts site by accident (hahaha!) http://support.microsoft.com/default.aspx?scid=kb;en-us;324542 http://support.microsoft.com/default.aspx?scid=kb;en-us;324542 - is this something that could work/should be used? Thanks for any thoughts/opinions/info. If you know of a good cookbook howto to get me started for configuring this specific type of machine, that would be great, although I have made some headway on my own someone always knows something you don't! I find the existing samba documentation somewhat confusing to navigate, it makes me jump from file to file/module to module and my head starts spinning. Do i need this? do i need that? etc But it IS educational! Thanks in advance for any assistance! Jason Sheldon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Thanks Samba Community!!!
Jerry, Sincerely I do not know, but I know that in other distributions (Mandrake, SuSE, Coneciva...) this was not necessary :-) Relaxing with a beer for suggestion of the Kevin ;-) After all, still it is carnival here Brazilian Regards Tiago Cruz Em Sex, 2003-02-28 às 11:16, Gerald (Jerry) Carter escreveu: ummm...but a proxy setting in not really RedHat's fault is it? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] printer configuration issue
My thanks to everyone for their suggestions. I can summarize recent developments as follows: 1) after adding use client driver = yes (as Daniel suggests below), the access denied message went away, but printing from a remote Windows client still failed. 2) printing to the same device (\\penguin\lp) from the same remote client succeeds from a DOS window if I first set up a local print device via the command net use lpt1: \\penguin\lp and then printed a simple test file from the command line. 3) printing to the \\penguin\lp device from the local client (penguin) via smbclient succeeds, as does printing locally using lpr. Being fairly close to throwing in the towel, I've copied my smb.conf file to http://www.lowplaces.net/samba and invite examination. Also in this directory I have the debug log output from a successful local printout (samba.log.LOCAL), a successful remote printout from the DOS command line (samba.log.PRINT), an unsucessful invocation of print from Notepad (samba.log.NOTEPAD) and an unsuccessful print test page from the Windows control panel (samba.log.TEST). Any insights would be deeply appreciated. Paul David Mena [EMAIL PROTECTED] On Mon, 3 Mar 2003 [EMAIL PROTECTED] wrote: I've installed Samba 2.2.7a on my SuSE 8.1 system in an effort to persuade it to act as a print server on my LAN, which consists of it and 6 Windows desktops of various flavors. Right away it seemed to allow file sharing and printing from DOS and became browsable from the Network Neighborhood, but I can't get it to print from Windows. I keep getting a Status of Access denied, unable to connect, even when simply trying to print a test page. A perusal of the Samba logs has been inconclusive as has a poring through both Samba and SuSE documentation. I'm guessing that it's a stupid permission or authentication configuration I've overlooked, but it's making me crazy! Does it really fail to print, or just show that error message (yet print ok)? If those various flavors are NT/2000/XP, and you can still print, this happens when: 1. Your users are local admins of their machines 2. They have installed the drivers locally (rather than from the print$ share). 3. spools has not been disabled for that share with use client driver = yes (or globally with disable spoolss = yes). Best thing to do is fix #2. Doing the use client driver = yes thing will suffice if your users need to be local admins, but it's an ugly hack. Check out use client driver in man smb.conf ~ Daniel = Paul David Mena Haiku in Low Places, Ltd. Email: [EMAIL PROTECTED] Webpage: http://www.lowplaces.net = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Profiles and home directory - Samba PDC
OK Guys many thanks for pointing out the most obvious.. Yes I am embarrased to show my head in public again.. And yes I did look at that conf file and no matter how many times I looked I still didn't notice the typo. So yes please do keep on stating the obvious and a lesson for us all - always check the most basic things first! Nick Marco De Vitis [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Tue, 4 Mar 2003 10:55:28 -, Nick Gale wrote: I have sucessfully got a windows 2K machine to join the domain but I can not get it to run a logon script, map the drive letter to the home directory or create a roaming profile. All my smb.conf setting look correct as per the Try giving a look at this IBM tutorial, I used it and found it simple and effective, and it covers what you are asking for: http://www-1.ibm.com/servers/esdd/tutorials/samba.html Please note that the short registration required is free. -- Ciao, Marco. ...1978 gli dèi se ne vanno, gli arrabbiati restano!, Area 1978 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Expire Password - Which is half the most easy one?
Hello lists... forgives to be insisting on this subject... :-( I would like to know which I am half the most easy one to obtain to expire the passwords of the users of samba... :-) If you set 'obey pam restrictions = yes' and setup the correct PAM configuration files, then Samba will also honer this. You should also set 'unix password sync = yes' and 'pam password change yes' so that the password changes update the PAM backend too. (...) Your two options are to use PAM, or to use Samba 3.0alpha and pdb_ldap. In pdb_ldap, you want to set the 'pwdMustChange' attribute to 0. (Andrew Bartlett) Good people, would like that they thought which is the way most easy to make this for a person who understands of SAMBA but she does not understand of LDAP and nor of PAM... My net is small simple e (~60 machines) and will only use RH 8,0 for server of archives (ok), PDC (ok) and PostgreSQL (ok) in the place of a W2K... Very obliged for the attention [ ]'s Tiago Cruz Org. King de Contab. S/C Ltda. www.linuxrapido.kit.net Linux User #282636 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Thank you Shane,Tiago, and Kevin
Thank you Tiago and Kevin, Turns out I needed to turn the samba service on!..After restart, I was able to get into SWAT no problem. Hopefully, things will go smoothly from here. :-) Bye the way Shane, I guess I didn't download the right Samba package, hence the error. The Redhat Samba rpm installed without any problems. Thank you Shane for your help. If I have any other configuration problems, you will be sure to hear from me! Laura -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2K/XP Profile/Homedir replication issue?
K. Hawkes wrote: Hey there, Just a question for you Samba 2.2.x gurus out there :) We have a contingent (a steadily increasing contingent) of Win2K and WinXP workstations. Does anyone here know how to stop the profiles from replicating? If we create a file in the profile dir, say \\PDC\UserHome\profile.doc. It will replicate that to the profile directory, while one file or two files are not a problem, we use classroom based logins, so they all login at once and it's transferring the whole \\PDC\UserHome dir around everywhere it goes, it does it when you login and logout, so if everyone saves work there, as you can imagine, login/logout times take a long long time. Anyone got a work-around for this or is it just us who are having this problem? I have not addressed the issue of leftover profiles myself - though I probably should - but these may be of use to you: http://www.jsifaq.com/suba/tip0100/rh0106.htm http://www.jsifaq.com/suba/tip0300/rh0368.htm IMO it is a design flaw on Microsoft's part with regards to how they designed their system of user profiles. Even in an all-windows network, unless you deal with this the users still have the problem of sucking down huge profile folders because they have a bunch of crap in My Documents or wherever. Microsoft's solution to this is to do this thing called Folder Redirection which is implemented in Group Policy: http://www.jsifaq.com/sube/tip2200/rh2206.htm This sucks because the registry keys for folder redirection can apparently only be applied at login time, so they have to come in as a policy, you can't just regedit them in. Here's what I think you need to do. Create a policy file with a custom policy template in the NT System Policy Editor and use this to push the keys relating to folder redirection. I just redirect My Documents to Z: which is where the user's home folder is mapped to on our systems. Get the policy editor with NT SP6a, download the self extracting .EXE version. It's 35 MB, but all you need out of this is POLEDIT.EXE and the two .ADM files. http://www.microsoft.com/ntserver/nts/downloads/recommended/SP6/128bitX86/default.asp Here is a custom policy template I've used. Cut it out and call it custom.adm. Load it with the two stock ones in the NT policy editor. Create and save a policy called NTCONFIG.POL in your netlogon share. Let me know if this works for you. Morgan Toal --- cut here --- CLASS USER CATEGORY (Custom) W2K Folder Redirection KEYNAME Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders POLICY Redirect Application Data PART Application Data EDITTEXT VALUENAME AppData END PART END POLICY POLICY Redirect Desktop PART Desktop EDITTEXT VALUENAME Desktop END PART END POLICY POLICY Redirect My Documents PART My Documents EDITTEXT VALUENAME Personal END PART END POLICY POLICY Redirect My Pictures PART My Pictures EDITTEXT VALUENAME My Pictures END PART END POLICY POLICY Redirect Start Menu PART Start Menu EDITTEXT VALUENAME Start Menu END PART END POLICY END CATEGORY --- cut here --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Backups of local shares
Vernon A. Fort wrote: I use rsync to backup my linux samba shares to a remote tape backup server. Users periodically have open/locked files within their shares. Other than telling the users to logout ( this doesn't always work - go figure), how can I ensure the files listed in the smbstatus -L are successfully backed up? Are there any other samba related tools to assist with automated backups? BRU and BRU-Pro are supposed to be able to do this. www.tolisgroup.com I do not sell the product, just a happy customer. mtoal -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba-3.0alpha22 available on samba.org mirrors . . .installation problems(?)
Hello, I upgraded from 3.0alpha21 to alpha22 using rpm -Uvh samba-3.0alpha22*.i386.rpm and can no longer attach to any share. During the install I saw the message: Moving tdb files in /var/lock/samba/*.tdb to /var/cache/samba/*.tdb, which is odd, since there is no /var/lock/samba directory to move anything from! Now, the smbstatus command produces the message: /var/cache/samba/connections.tdb not initialised This is normal if an SMB client has never connected to your server. Failed to open byte range locking database ERROR: Failed to initialise locking database Can't initialise locking module - exiting There is no 'connections.tdb' file in /var/cache/samba, and, since attempts to browse to the public shares from a pc produce a '\\sambaserver is not accessible The network path was not found' error, presumably no client ever will. Is there some way to initialise the connections.tdb file, or something else I'm failing to do? OS is RedHat 7.3, security=server, no changes to smb.conf since alpha21, which was working fine! -Ken _ Ken Innes Chief Information Officer EKOS Research Associates Inc. 99 Metcalfe St., Suite 1100 Ottawa, Ontario K1P 6L7 www.ekos.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gerald (Jerry) Carter Sent: Wednesday, March 05, 2003 10:32 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Samba] Samba-3.0alpha22 available on samba.org mirrors -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We've just posted another snapshot of the SAMBA_3_0 cvs tree for download. This is a non-production release provided for testing only. The source code can be downloaded from : http://download.samba.org/samba/ftp/alpha/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at http://download.samba.org/samba/ftp/samba-pubkey.asc Binary packages for RedHat have been released and can be found at http://download.samba.org/samba/ftp/Binary_Packages/ Others will be available as they are submitted by volunteers. A simplified version of the CVS log of updates since 3.0alpha21 can be found in the the download directory under the name ChangeLog-3.0alpha21-alpha22. The release notes follow. As always, all bugs are our responsibility. --Enjoy The Samba Team - WHATS NEW IN Samba 3.0 alpha22 4th March 2003 == This is a pre-release of Samba 3.0. This is NOT a stable release. Use at your own risk. The purpose of this alpha release is to get wider testing of the major new pieces of code in the current Samba 3.0 development tree. We have officially ceased development on the 2.2.x release of Samba and are concentrating on Samba 3.0. To reduce the time before the final Samba 3.0 release we need as many people as possible to start testing these alpha releases, and hopefully giving us some high quality feedback on what needs fixing. Note that Samba 3.0 is not feature complete yet. There is a more coding we have planned, but unless we get what we have done already more widely tested we will have a hard time doing a stable release in a reasonable time frame. Major new features: - --- - - Active Directory support. This release is able to join a ADS realm as a member server and authenticate users using LDAP/kerberos. - - Unicode support. Samba will now negotiate UNICODE on the wire and internally there is now a much better infrastructure for multi-byte and UNICODE character sets. - - New authentication system. The internal authentication system has been almost completely rewritten. Most of the changes are internal, but the new auth system is also very configurable. - - new filename mangling system. The filename mangling system has been completely rewritten. An internal database now stores mangling maps persistently. This needs lots of testing. - - new net command. A new net command has been added. It is somewhat similar to the net command in windows. Eventually we plan to replace a bunch of other utilities (such as smbpasswd) with subcommands in net, at the moment only a few things are implemented. - - Samba now negotiates NT-style status32 codes on the wire. This improves error handling a lot. - - better w2k printing support including publishing printer attributes in active directory - - new loadable RPC modules - - new dual-daemon winbindd support for better performance - - support for migrating from a Windows NT 4.0 domain - - support for establishing trust relationships with Windows NT 4.0 domain controllers Plus lots of other changes! Reporting bugs Development Discussion -
[Samba] installing printerdriver without being admin under NT
hi i have NT and Windows 2000 Client served by a Samba PDC. This PDC is also CUPS-Printingserver. Now i up loaded the windows printing driver to the Samba-server into the print$ share. Under Windows 2000 i can download/install the driver with every PDC-account by clicking on the printershare, under Windows NT i need to be in the local administration group. Is there any possiblity to it under NT , which will give me the same opportunity like win2000 ? ( = download/install the driver with every PDC-account without being in the local admin group ???) Greets Jesko Schneider Thank a lot for answering :-))) -- Jesko Schneider Consulting und Training Schirmerweg 14 81245 München Tel: 0170/5500109 email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with samba_3.0alpha21 and W2k-Server
Hi everyone. I have a problem at my company where i want a linux box to authenticate at our companies W2k-Server and offer some user home direcories as shares to the windows-network. Authentication works well using winbind so every user known to the W2k-Server can log into the machine. I have modified the necesary files in pam.d for this. Unfortunately when the winbind daemon is running the shares are not accessible from the windows network. When stoping the winbind daemon the shares are visible and the users homedirectories are usable. So there seems to be some destructive interference between samba and winbind, both taken from a precompiled samba-3.0alpha21 rpm for SuSE 8.1 that i found in the people directory tree on suses ftp-server. So as you already have guessed the linux-Box is a SuSE 8.1-System. Any ideas on this? I can give some more information if the problem is not obvious, but let's try it this way first. Regards Jens Nie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba 3.0 - domain groups: SOLVED in 3.0alpha22
FYI, I've just installed v3.0alpha22, and wbinfo -g and wbinfo -u now return the groups and users from the NT domain, as they should. -Ken _ Ken Innes Chief Information Officer EKOS Research Associates Inc. 99 Metcalfe St., Suite 1100 Ottawa, Ontario K1P 6L7 www.ekos.com -Original Message- From: ukasz Tomaszewski [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 11:57 AM To: Ken Innes; Kristyan Osborne; Samba Users Subject: Re: [Samba] smaba 3.0 - domain groups i use 'truss' to trace the system calls (nmbd proccess) after 'wbinfo -g' request. it returns ioctl(14,SIOCGIFFLAGS,0xbfbfcdc0) = 0 (0x0) ioctl(14,SIOCGIFNETMASK,0xbfbfcdc0) = 0 (0x0) ioctl(14,SIOCGIFADDR,0xbfbfcde0) ERR#49 'Can't assign requested address' ioctl(14,SIOCGIFADDR,0xbfbfce28) ERR#49 'Can't assign requested address' ioctl(14,SIOCGIFADDR,0xbfbfce70) ERR#49 'Can't assign requested address' close(14) = 0 (0x0) gettimeofday(0xbfbff838,0x0)= 0 (0x0) sigprocmask(0x2,0xbfbff760,0x0)= 0 (0x0) i'm going to check samba logs after 'debug level' change (higher than 2) in smb.conf . anyway. i was thinking that maybe its OS problem. i use FreeBSD 4.7. regards Uki - Original Message - From: Ken Innes [EMAIL PROTECTED] To: Kristyan Osborne [EMAIL PROTECTED]; Lukasz Tomaszewski [EMAIL PROTECTED]; Samba Users [EMAIL PROTECTED] Sent: Monday, March 03, 2003 6:07 PM Subject: RE: [Samba] smaba 3.0 - domain groups I have this problem too with Samba 3.0. I've tried security = domain and security = server (using an NT PDC) and still get the 'Error looking up domain groups.' error. My 2.2.7a Samba server does provide the groups. Anyone have any ideas about this? Its clearly not an entirely isolated problem! -Ken _ Ken Innes Chief Information Officer EKOS Research Associates Inc. 99 Metcalfe St., Suite 1100 Ottawa, Ontario K1P 6L7 www.ekos.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kristyan Osborne Sent: Monday, March 03, 2003 10:42 AM To: Lukasz Tomaszewski; Samba Users Subject: RE: [Samba] smaba 3.0 - domain groups Hi, I've had exactly the same problem since august 2002, after several emails it was not resolved so i gave up and i thought i would leave it until someone else (like u) had the same problem. Maybe then it might be answered - Kristyan Osborne IT Technician Longhill High School 01273 391672 -Original Message- From: Lukasz Tomaszewski [mailto:[EMAIL PROTECTED] Sent: 02 March 2003 19:17 To: Samba Users Subject: [Samba] smaba 3.0 - domain groups few day ago, i've asked about mapping unix-windows groups under samba 2.2.7a. now, i know that it is impossible. so i've changed samba on my PDC to 3.0 version (smbgroupedit). but still i've got problems with groups. before - from another machine when i've used 'wbinfo -g'i've got response from my PDC: Domain Admins Domain Users after change to samaba 3.0 with the same config file 'wbinfo -g' returns: Error looking up domain groups. any suggestions? regards Uki -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Strange smbclient-messages
Hi, Samba-Users, this morning I found some strange-looking lines in my report-emails. At one of my customers I have an installation of Amanda running fine. Yesterday I decided to add a Windows-share to the systems to be backed up. This morning I looked at the logs and there was stuff like this: [snip] ? SUCCESS - 0 opening remote file \GKKDFU\Eldawin.hlp (\GKKDFU\) ? SUCCESS - 0 opening remote file \GKKDFU\eldawin.log (\GKKDFU\) ? SUCCESS - 0 listing \GKKDFU\empfange\* ? SUCCESS - 0 opening remote file \GKKDFU\ew.log (\GKKDFU\) ? SUCCESS - 0 opening remote file \GKKDFU\SackOpts_nt4.zlp (\GKKDFU\) ? SUCCESS - 0 listing \GKKDFU\senden\* ? SUCCESS - 0 opening remote file \GKKDFU\sendenvm08 (\GKKDFU\) ? SUCCESS - 0 listing \GKKDFU\TapiUpdate\* ? SUCCESS - 0 opening remote file \GKKDFU\trjour.dat (\GKKDFU\) ? SUCCESS - 0 opening remote file \GKKDFU\UNWISE.EXE (\GKKDFU\) ? SUCCESS - 0 opening remote file \GKKDFU\UNWISE.INI (\GKKDFU\) [snip] ( No, not only the directory \GKKDFU ) I searched the mailing list archives of both amanda-users and samba. I only found some mails with the same topic, but no satisfying answer. Can anybody tell me what it is about ? sw used: Kernel 2.4.18-4GB Amanda 2.4.2p2 I don´t know the version of Samba right now, the machine is some kilometers away ... It has Suse Linux 8.0 on it, no samba-update so far, as I remember. Thanx for your help, Stefan. mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Final problems in the samba
In a domain PDC Samba the following problems exist: 1-The script of netlogon is not loaded with login (exactly configured and its respctivas folders and archives they exist and they are with permission 777, view smb.conf) scripts is being loaded manually.Anybody know why? 2-After the user if to login in, when it try acess any folder in the server the Samba asks user and password again, (the same ones of login) Exists way to prevent this? 3-Sometimes when need access some folders of the server (any one), returns the following message: the net way was not found after some minutes it (changes) comes back to the normal.Anybody know why? 4-Some folders is delayed to open and others (the same size) do not. Anybody know why? Sorry about my English Ufa! Connectiva 8,0 Samba 2,2,7 W2k Stations incapacitated criptografia. It follows below smb.conf: [global] workgroup = MEDITEc server string = Meditec Server %v hosts allow = 192.168.0. 127. printcap name = /etc/printcap load printers = yes printing = lprng ;guest account = root log file = /var/log/samba/log-%U.%m max log size = 5000 debug level = 1 security = user ;password server = password level = 8 username level = 8 encrypt passwords = no smb passwd file = /etc/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/smbusers ;include = /etc/smb.conf.%m socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ;interfaces = 192.168.12.2/24 192.168.13.2/24 ;remote browse sync = 192.168.3.25 192.168.5.255 ;remote announce = 192.168.1.255 192.168.2.44 local master = yes os level = 99 domain master = yes preferred master = yes ;domain controller = domain logons = yes logon script = %U.bat logon path = logon home = \\%L\homes name resolve order = wins lmhosts bcast wins support = yes ;wins server = w.x.y.z ;wins proxy = yes dns proxy = no ;unix password sync = yes netbios name = SERVER keepalive = 20 ;preserve case = no ;short preserve case = no ;default case = lower ;case sensitive = no ;admin users = root, osni ;valid users = osni, teste, andrea, administrador, root logon drive = T: ;remote browse sync = 192.168.0.255 ;remote announce = 192.168.0.255 create mask = 0777 ;time server = yes ;domain admin group = root oplock = false # Share Definitions == [homes] comment = Home Directories browseable = yes writable = yes available = yes public = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = yes browseable = no [meditec] comment = meditec path = /files/med public = yes writable = yes browseable = no [tox] comment = tox path = /files/tox copy = meditec [rs] comment = rs path = /files/rs public = yes writable = yes browseable = no [lukra] comment = lukra path = /files/lukra public = yes writable = yes browseable = no [publico] comment = publico path = /files/pub public = yes writable = yes browseable = no [catalog] comment = catalogos path = /files/cat public = yes writable = yes browseable = no -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] win2k groups
Hi all! I use samba-3.0alpha21-1 as a domain member only. I want to share some dirs with windows users, authenticated in a win2k DC. I use winbind. If I share a dir like the one below, everything is fine if the valid users are users. What if I want to use a group name (e.g. PORTO~Domain Admins)? How can I do this? Of course the groups exist only in the DC. [ruisdir] comment = Rui Directory path = /tmp/apagar valid users = PORTO~user1 PORTO~user2 PORTO~user3 read only = No guest ok = Yes Thanks guys. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Accessing WinNT disk share from UNIX
This is probably simple but I can't put my finger on it. I need a disk share provided by a NT server so that my UNIX users can copy files from the UNIX systems and then put them on the NT Server. Is this possible?? How do I do it?? My UNIX are Tru64 and AIX. -- Ron Bramblett Sys Admin Fuller Brush Company -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WinXP Profe...
when i trie to log in the domain, the pc says the local directives in this system dont allow to start an interactiv session i follow all the step in all the reading that i could find, but nothing works out for me. any help will be useful, thx -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password aging
On Wed, 2003-03-05 at 06:12, [EMAIL PROTECTED] wrote: Still no luck. I set 'obey pam restrictions = yes' and 'pam password change yes', I already had the 'unix password sync = yes'. I can see entries in the log like this : Mar 4 13:13:42 servername samba(pam_unix)[12225]: session opened for user username by (uid=0) Mar 4 13:14:37 servername samba(pam_unix)[12225]: session closed for users username So I'm assuming samba is working with pam. I have also successfully changed my user password via the client. I have edited /etc/shadow to expire my password in 1 day. when I log into the machine via ssh I get the messages saying my password is about to expire, but when I log onto the PC (which has joined the domain) I don't get the popup message. If my password does expire on linux/samba, I get locked out of the domain without receiving any message on the PC. (This happened to me when my password expired yesterday). I have samba and pam implemented, do I need to implement something else? Don't use Win9X as a 'domain' client. Samba 2.2. does not support sensible error codes to Win9X for this behavior. Samba 3.0 does, however (due to a complete auth rewrite). Should I try implementing OpenLDAP? I don't want to implement an alpha version of samba 3.0 since this is a production environment and I can't risk having users locked out. Is there somewhere else I can look to get documentation about this? Thank you, Joseph Morin Dominion Diagnostics Andrew Bartlett [EMAIL PROTECTED] rgTo [EMAIL PROTECTED] 02/19/2003 06:12 cc PM[EMAIL PROTECTED] Subject Re: [Samba] password aging On Thu, 2003-02-20 at 07:11, [EMAIL PROTECTED] wrote: What are my options for implementing password aging using samba as my PDC ? I can set the users Linux password to expire, but it doesn't seem to propagate to their samba passwords. I absolutely need this functionality. Is OpenLDAP the answer? If you set 'obey pam restrictions = yes' and setup the correct PAM configuration files, then Samba will also honer this. You should also set 'unix password sync = yes' and 'pam password change yes' so that the password changes update the PAM backend too. Or move to Samba 3.0 (currently alpha) and use the pdb_ldap backend to store your passwords, which fully supports password expiry, based on our own 'pwdMustChange' attribute. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net (See attached file: signature.asc) -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Expire Password - Which is half the most easy one?
On Thu, 2003-03-06 at 03:40, Tiago Cruz wrote: Hello lists... forgives to be insisting on this subject... :-( I would like to know which I am half the most easy one to obtain to expire the passwords of the users of samba... :-) If you set 'obey pam restrictions = yes' and setup the correct PAM configuration files, then Samba will also honer this. You should also set 'unix password sync = yes' and 'pam password change yes' so that the password changes update the PAM backend too. (...) Your two options are to use PAM, or to use Samba 3.0alpha and pdb_ldap. In pdb_ldap, you want to set the 'pwdMustChange' attribute to 0. (Andrew Bartlett) Good people, would like that they thought which is the way most easy to make this for a person who understands of SAMBA but she does not understand of LDAP and nor of PAM... My net is small simple e (~60 machines) and will only use RH 8,0 for server of archives (ok), PDC (ok) and PostgreSQL (ok) in the place of a W2K... It really does come down to 'are you running Samba 3.0 alpha'. If you are, then setting things up in LDAP is relatively sane. If you are running Samba 2.2, or are using 'unix password sync' anyway, then doing it via PAM will enforce it for all user logins, not just Samba. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot access Samba files
Hi, I am running Samba 2.2.3a as a workstation connecting to CNS-NT domain. I can see Samba server in the domain. When I tried to connect to Samba, \\bigred is not accessible, you might not have permission to use this network resouce. Thank you for all your help. This is the third time I post this. Below is my smb.conf [Global] netbios name= bigred workgroup= cns-nt password server= cnsnt02 oc-bdc log level= 2 log file = /usr/local/samba/var/samba.log security = domain encrypt password = yes samb passwd file = /etc/smbpasswd load printers = yes printing = bsd guest account = pc guest host allow 192.168.0.0/255.255.255.0 [Pub] path = /home/public public = yes browseable = yes guest ok = yes read only = no [Home] path = /root public = yes writeable = root phong guest ok = yes read only = no [Printers] comment = All printers path = /tmp create mask = 0700 print ok = yes browseable = no [Printers] path = /usr/share/foomatic/db/source/printer public = yes writeable = no browseable = no Thanks, Paul Hong -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as master browsre and WINS server ???
Hi! I have a RedHat 7.3 box running Samba 2.2.7. What are the necessary settings in [global] section which make Samba Master browser and a WINS server for a workgroup on my subnet? There are Windows 98 and XP computers on my net. I have put the following settings in [global] section. local master = Yes preferred master = Yes os level = 65 name resolve order = wins lmhosts bcast host dns proxy = No wins proxy = Yes wins support = Yes When nmbd starts it won the forced election to be a local master browser for WORKGROUP. After some time a Windows 98 or XP computer becomes the MASTER browser. In this case users can be able to browse the network using Network Neighborhood. The address of WINS server (samba) is provided a DHCP server running a seperate linux on the subnet. Any help would be appreciated. Thanx Zoltan Sutto -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password aging
Sorry for the confusion, I'm using Win2k clients, not Win9X. Joseph Morin Dominion Diagnostics Andrew Bartlett [EMAIL PROTECTED] rgTo [EMAIL PROTECTED] 03/05/2003 04:59 cc PMAndrew Bartlett [EMAIL PROTECTED], [EMAIL PROTECTED] Subject Re: [Samba] password aging On Wed, 2003-03-05 at 06:12, [EMAIL PROTECTED] wrote: Still no luck. I set 'obey pam restrictions = yes' and 'pam password change yes', I already had the 'unix password sync = yes'. I can see entries in the log like this : Mar 4 13:13:42 servername samba(pam_unix)[12225]: session opened for user username by (uid=0) Mar 4 13:14:37 servername samba(pam_unix)[12225]: session closed for users username So I'm assuming samba is working with pam. I have also successfully changed my user password via the client. I have edited /etc/shadow to expire my password in 1 day. when I log into the machine via ssh I get the messages saying my password is about to expire, but when I log onto the PC (which has joined the domain) I don't get the popup message. If my password does expire on linux/samba, I get locked out of the domain without receiving any message on the PC. (This happened to me when my password expired yesterday). I have samba and pam implemented, do I need to implement something else? Don't use Win9X as a 'domain' client. Samba 2.2. does not support sensible error codes to Win9X for this behavior. Samba 3.0 does, however (due to a complete auth rewrite). Should I try implementing OpenLDAP? I don't want to implement an alpha version of samba 3.0 since this is a production environment and I can't risk having users locked out. Is there somewhere else I can look to get documentation about this? Thank you, Joseph Morin Dominion Diagnostics Andrew Bartlett [EMAIL PROTECTED] rg To [EMAIL PROTECTED] 02/19/2003 06:12 cc PM[EMAIL PROTECTED] Subject Re: [Samba] password aging On Thu, 2003-02-20 at 07:11, [EMAIL PROTECTED] wrote: What are my options for implementing password aging using samba as my PDC ? I can set the users Linux password to expire, but it doesn't seem to propagate to their samba passwords. I absolutely need this functionality. Is OpenLDAP the answer? If you set 'obey pam restrictions = yes' and setup the correct PAM configuration files, then Samba will also honer this. You should also set 'unix password sync = yes' and 'pam password change yes' so that the password changes update the PAM backend too. Or move to Samba 3.0 (currently alpha) and use the pdb_ldap backend to store your passwords, which fully supports password expiry, based on our own 'pwdMustChange' attribute. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net (See attached file: signature.asc) -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net (See attached file: signature.asc)-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd
On Wed, 5 Mar 2003, Frank Liu wrote: samba-2.2.7a and user security. [EMAIL PROTECTED] private]# grep fliu /etc/passwd fliu:x:504:14::/export/home/fliu:/bin/bash [EMAIL PROTECTED] private]# grep fliu /usr/local/samba/private/users.map fliu = liuf [EMAIL PROTECTED] private]# grep users.map /usr/local/samba/lib/smb.conf username map = /usr/local/samba/private/users.map [EMAIL PROTECTED] private]# /usr/local/samba/bin/smbpasswd -a liuf New SMB password: Retype new SMB password: User liuf does not exist in system password file (usually /etc/passwd). Cannot add account without a valid local system user. Failed to modify password entry for user liuf any ideas why the error? Yes, of course! I'll bet that: smbpasswd -a fliu will work just fine. And after you have done this, the user 'liuf' will be able to access the system from Windows jsut fine also. smbpasswd is adding the user from /etc/passwd. users.map will only translate from Windows-land to Unix-land. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] login as a service to win2k domain user manager
Hello Samba Administrators, I'm currently running a Samba PDC ver 2.2.7. I have a couple of issues that I'm trying to find some resolution on. First, I need to be able to have a domain user be able to login to my Win2k clients as a service. I can do this by going to each client and configuring the Local Security Policy on EACH and EVERY client machine. This is obviously not a good solution. On a Win2k server I could use the User Manager for Domains tool, but that tool does not work yet in full with samba. Secondly, how can I add a Domain User to the Local Win2k client computer's Power Users Group??? Again, I see how to do that at each machine locally. Is there a way to implement this network-wide? Thanks in advance -- Jason Norred [EMAIL PROTECTED] The Staff Professionals, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication error on weekends
Hi I have a Linux (RH 7.0), and I'he configured on smb server one share to only one NT user. This user is a tool used for file-transfer from MVS to Windows using UNC file name convention. How I don't know the user's password, I using SERVER security on smb.conf to validate the user. The server that validate the user is the same where file-transfer tool runs. During the workdays, it works fine, validating the user and tranfering the files correctly, but on saturday, after 1:00PM, the server try to connect to Linux, but the user is not validated, aborting the process. On SAMBA log, I found these lines every weekend: 2003/03/01 13:14:02, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) uname to open passdb database. It's the first message after 01:00PM, and persists until the STOP/START of smb services. Any ideia about is happening?? Thanks Antonio Kovalski -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Drive mappings disappearing
What kind of clients are they (win3.x, winxp, ...)? I haven't found the reconnect on logon options to be very reliable, so I usually reconnect the shares I want with a login script of some kind. Do your clients login to the Samba server on boot? Sutto Zoltan [EMAIL PROTECTED] 03/05/03 04:27PM I have another problem related to samba (2.2.7 on RedHat 7.3). Some users reported me that drive mappings are disappearing. I have enabled Reconnect at Log-On option every time when a Drive mapping was created. Any idea, suggestion? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] More LDAP samba 2.2.7a problems
Hey guys. I have been trying to get samba and LDAP with win2k SP3 clients to work together and have just not be able to get it to work. I followed the suggestion of adding a guest user to LDAP with an rid of 501, but it hasn't help. Here is what happens. If a user logs in and they don't have a profile the computer will save one to the server when they log out without any problems. However, when they log back in windows will hang for about a minute a then report that it cannot load the profile. I can't seem to get it working. If someone out there has gotten this working, could you post your smb.conf file so that I might get a clue. Also, could you provide some info about what you have in the LDAP database and what it in your smbusers file. My config is attached below so maybe someone could also see if anything is wrong. # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made any basic syntactic errors. # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = SOCORRO-DOMAIN netbios name = fs-socorro # server string is the equivalent of the NT Description field server string = Fileserver for Socorro # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this ; printcap name = /etc/printcap ; load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = lprng # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects #log file = /var/log/samba/%m.log # This controls how much information samba will put in the log file log level = 64 # Put a capping on the size of the log files (in Kb). max log size = 8192 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; password server = NT-Server-Name # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd # The following is needed to keep smbclient from spouting spurious errors # when Samba is built with support for SSL. ; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only #the encrypted SMB passwords. They allow the Unix password #to be kept in sync with the SMB password. unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # You can use PAM's password change control flag for Samba. If # enabled, then PAM will be used for password changes when requested # by an SMB client instead of the program listed in passwd program. # It should be possible to enable this without changing your passwd # chat parameter for most setups. pam password change = yes # Unix users can map to different SMB User names username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the
Re: [Samba] Drive mappings disappearing
strange you should mention thatabout 1 in every 100+ logins, the H: drive disappears from students in the labs. we're using 2.2.7a and winxp-sp1. it without any rhyme or reason. H: is their logon drive, so their profile is also written there. funny thing is their profile will get written back no problem when they log off...if they log back on, it's there and will stay there if when it happens you look at net use, it will be goneif you try to net use it back in line, it says the drive is already connected, but my computer and explorer proper cannot see it. this never happens in 2000 with any of our samba servers, so I'm attributing it to some strange behaviour of XP... Bill On Wed, 5 Mar 2003, Sutto Zoltan wrote: Hi to all! I have another problem related to samba (2.2.7 on RedHat 7.3). Some users reported me that drive mappings are disappearing. I have enabled Reconnect at Log-On option every time when a Drive mapping was created. Any idea, suggestion? Thanx Zoltan Sutto -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 98 cannot access Samba
Hi, Works fine with Win2K or XP, but when I go to a Win98 system. You must supply a password to make this connection: Resource: \\bigred\ipc$ password: i put in all the password, but none of them work. Any advice would be greatly appreciated. -Paul Hong -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind usernames without DOMAIN prefix
(I apologize if this is not the right list for this question, this seemed the closest thing to a winbind list that I could find) Is it possible to have winbind return usernames simply as 'username' and not 'domain+username'? The linux box I am setting this up for will basically not have any local accounts, so collisions are not a problem, and it will only be accessing one domain so there is no need to differentiate users based on their domain. It would be nice to have the NT and Linux usernames be the same. Thanks for any help. -- .o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o. | Matt Kunze Sometimes there's a point.| | Build Master Fooly Fool This is not one of those | | 970.484.0841 x 2205 times.| = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP profiles
when the client logoff it can't save his profile, the reason i got it's not suficient securtity rights. any help? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WinXP Profe...
when i trie to log in the domain, the pc says the local directives in this system dont allow to start an interactiv session i follow all the step in all the reading that i could find, but nothing works out for me. any help will be useful, thx -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 98 cannot access Samba
Could this be an encrypted/unencrypted password problem? Joel On Wed, Mar 05, 2003 at 03:27:14PM -0800, Paul Hong wrote: Hi, Works fine with Win2K or XP, but when I go to a Win98 system. You must supply a password to make this connection: Resource: \\bigred\ipc$ password: i put in all the password, but none of them work. Any advice would be greatly appreciated. -Paul Hong -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Virtual servers for 2 workgroup
Hi My config: Samba 2.2.3 Linux Debian Testing kernel 2.4.20 There are two network cards on my pc : -one links to the network R1 (138.231.121.12) -one links to the network R2 (192.168.0.1) I would like to open two shares: -the first one on R1 in the workgroup wkgrp1 -the second one on R2 in the workgroup wkgrp2 I read that, thanks to the directives netbios aliases and include, it is possible to run 2 servers on 1 machine. Here is what I have done: Extract from smb.conf: [global] #Configuration for the 'reel' server on R2 (a local network) workgroup = wkgrp2 interfaces = 192.168.0.1/255.255.255.0 bind interfaces only = yes hosts allow = localhost 192.168.0. local master = yes os level = 33 domain master = yes preferred master = yes # Run the virtual server netbios aliases = titus include = /etc/samba/smb.conf.%L ... Extract from smb.conf.titus: workgroup = wkgrp1 interfaces = 138.231.121.12/255.255.255.0 bind interfaces only = yes hosts allow = localhost 138.231.121. #On this network there is already a master local master = no os level = 16 domain master = no preferred master = no [images] path = /home/rezo/images comment = Qq images browseable = yes writable = no guest ok = yes Unfortunately it doesn't work. The two servers appear in the same workgroup: wkgrp1. It seems that all the global directives in the smb.conf.titus are ignored. What is the pbm? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind usernames without DOMAIN prefix
winbind use default domain = yes This is for 3.0 samba and may partially work in 2.2.x Matt Kunze wrote: (I apologize if this is not the right list for this question, this seemed the closest thing to a winbind list that I could find) Is it possible to have winbind return usernames simply as 'username' and not 'domain+username'? The linux box I am setting this up for will basically not have any local accounts, so collisions are not a problem, and it will only be accessing one domain so there is no need to differentiate users based on their domain. It would be nice to have the NT and Linux usernames be the same. Thanks for any help. -- .o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o.__.o0O0o. | Matt Kunze Sometimes there's a point.| | Build Master Fooly Fool This is not one of those | | 970.484.0841 x 2205 times.| = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] login as a service to win2k domain user manager
On Wed, 5 Mar 2003, Jason Norred wrote: Hello Samba Administrators, I'm currently running a Samba PDC ver 2.2.7. I have a couple of issues that I'm trying to find some resolution on. First, I need to be able to have a domain user be able to login to my Win2k clients as a service. I can do this by going to each client and configuring the Local Security Policy on EACH and EVERY client machine. This is obviously not a good solution. On a Win2k server I could use the User Manager for Domains tool, but that tool does not work yet in full with samba. Please help us to understand precisely what you are trying to achieve here. More importantly, please give us a step by step explanation of how you currently do this in a pure Microsoft world. Secondly, how can I add a Domain User to the Local Win2k client computer's Power Users Group??? Again, I see how to do that at each machine locally. Is there a way to implement this network-wide? How do you do this now? Your answer here might help use to find a solution for you. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authentication error on weekends
On Wed, 5 Mar 2003, Antonio Kovalski wrote: Hi I have a Linux (RH 7.0), and I'he configured on smb server one share to only one NT user. This user is a tool used for file-transfer from MVS to Windows using UNC file name convention. How I don't know the user's password, I using SERVER security on smb.conf to validate the user. The server that validate the user is the same where file-transfer tool runs. During the workdays, it works fine, validating the user and tranfering the files correctly, but on saturday, after 1:00PM, the server try to connect to Linux, but the user is not validated, aborting the process. On SAMBA log, I found these lines every weekend: 2003/03/01 13:14:02, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) uname to open passdb database. It's the first message after 01:00PM, and persists until the STOP/START of smb services. Any ideia about is happening?? What are the security settings on this users' account on the daomain controller? Are login restrictions enabled in any way? Does this user have day and time based lock-out settings undet NT/2K? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Drive mappings disappearing
On Wed, 5 Mar 2003, William Jojo wrote: strange you should mention thatabout 1 in every 100+ logins, the H: drive disappears from students in the labs. we're using 2.2.7a and winxp-sp1. it without any rhyme or reason. H: is their logon drive, so their profile is also written there. funny thing is their profile will get written back no problem when they log off...if they log back on, it's there and will stay there if when it happens you look at net use, it will be goneif you try to net use it back in line, it says the drive is already connected, but my computer and explorer proper cannot see it. this never happens in 2000 with any of our samba servers, so I'm attributing it to some strange behaviour of XP... I dealt with a site that had this with NT4 Workstation. I know it is a long shot, but we finally traced the problem to poor power stability. There was a medical lab just down the road from them, if someone logged on just as the Xray machine was being started the power surge would cause such a glitch. PS: This was discovered by monitoring of the power quality. Since they put every PC on a UPS filtered supply the problem is gone. - John T. Bill On Wed, 5 Mar 2003, Sutto Zoltan wrote: Hi to all! I have another problem related to samba (2.2.7 on RedHat 7.3). Some users reported me that drive mappings are disappearing. I have enabled Reconnect at Log-On option every time when a Drive mapping was created. Any idea, suggestion? Thanx Zoltan Sutto -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Password Expiration
To make a password expire on my Samba PDC I just need to edit the /etc/shadow or use the comand chage -M days_before_expire user? Thanx Rodrigo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 98 cannot access Samba
On Wed, 5 Mar 2003, Paul Hong wrote: Hi, Works fine with Win2K or XP, but when I go to a Win98 system. You must supply a password to make this connection: Resource: \\bigred\ipc$ password: i put in all the password, but none of them work. Any advice would be greatly appreciated. On the Samba server does the following work: smbclient -L localhost -U% If not then you possibly do not have a guest account enabled. On most unix system the guest account maps to 'nobody' or it's equivalent. On some systems this has uid 65534, which is a bad thing. If that is the case on your system, then create a separate system account called 'pcguest' and then in your smb.conf [globals] put: guest account = pcguest That should solve this problem. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP profiles
On Wed, 5 Mar 2003, Patricio Bruna wrote: when the client logoff it can't save his profile, the reason i got it's not suficient securtity rights. any help? And what does the smbd log file say? Your smbd logs can be under: /usr/local/samba/var/logs or /var/logs/samba or something like it. To make it easier to track you should add to your smb.conf [globals] log file = /var/log/samba/%m This causes each Windows client to have it's own log file. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP Profe...
On Wed, 5 Mar 2003, Patricio Bruna wrote: when i trie to log in the domain, the pc says the local directives in this system dont allow to start an interactiv session i follow all the step in all the reading that i could find, but nothing works out for me. any help will be useful, What output do you get from: testparm and from: smblcient -L localhost -U% - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password Expiration
On Wed, 5 Mar 2003, [iso-8859-1] Rodrigo Schmidt Nürmberg wrote: To make a password expire on my Samba PDC I just need to edit the /etc/shadow or use the comand chage -M days_before_expire user? If you are using PAM that may work. How is your PAM configured? ie: /etc/pam.d/samba - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] login as a service to win2k domain user manager
Under NT, you could do it through User Manager for Domains. You would select the user and pull down the Policy menu and select User Rights. Then after checking view advanced privleges, you could add Logon as batch Job ...very useful for Oracle and other overnight import/export jobs. In Windows 2000, logon as batch job is assigned from the 'Local Security Policy' folder. Open the Control Panel from the Start menu Open 'Administrative Tools' Open 'Local Security Policy' Open 'Local Policies' Open 'User Rights Assignment' Right-click 'Log on as batch job' from the list. Click the 'Add' button; select the User who is to be granted this privilege. Click Add and click OK. I have never tried this with Samba, but I've had to mess with this feature a lot lately... Oracle requires it for import/export. Jim - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: Jason Norred [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 7:58 PM Subject: Re: [Samba] login as a service to win2k domain user manager On Wed, 5 Mar 2003, Jason Norred wrote: Hello Samba Administrators, I'm currently running a Samba PDC ver 2.2.7. I have a couple of issues that I'm trying to find some resolution on. First, I need to be able to have a domain user be able to login to my Win2k clients as a service. I can do this by going to each client and configuring the Local Security Policy on EACH and EVERY client machine. This is obviously not a good solution. On a Win2k server I could use the User Manager for Domains tool, but that tool does not work yet in full with samba. Please help us to understand precisely what you are trying to achieve here. More importantly, please give us a step by step explanation of how you currently do this in a pure Microsoft world. Secondly, how can I add a Domain User to the Local Win2k client computer's Power Users Group??? Again, I see how to do that at each machine locally. Is there a way to implement this network-wide? How do you do this now? Your answer here might help use to find a solution for you. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password Expiration
This is the /etc/pam.d/system-auth. Can You send me a ie config file (how it should be). #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/pam_env.so authsufficient/lib/security/pam_unix.so likeauth nullok authrequired /lib/security/pam_deny.so account required /lib/security/pam_unix.so passwordrequired /lib/security/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: Rodrigo Schmidt Nürmberg [EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 10:34 PM Subject: Re: [Samba] Password Expiration yOn Wed, 5 Mar 2003, [iso-8859-1] Rodrigo Schmidt Nürmberg wrote: This is my samba pam configuration #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth accountrequired pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth Is this ok? What more i need to put in smb.conf? So what is in /etc/pam.d/system-auth? - John T. - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: Rodrigo Schmidt Nürmberg [EMAIL PROTECTED] Cc: smb [EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 10:13 PM Subject: Re: [Samba] Password Expiration On Wed, 5 Mar 2003, [iso-8859-1] Rodrigo Schmidt Nürmberg wrote: To make a password expire on my Samba PDC I just need to edit the /etc/shadow or use the comand chage -M days_before_expire user? If you are using PAM that may work. How is your PAM configured? ie: /etc/pam.d/samba - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Automagic creation of user a/c homedir when I create a NTdomai n user (???)
Has anybody got a script that auto-creates a linux user (... hence a Samba home dir) when a user a/c is created on the M$ DC? eg, the way admins expect it to work in a homogenous M$ domain. I expect that the DC uses a form of RPC to create the home dir. This would have to be caught fire off a 'useradd' script. ...but I might be completly wrong... -- Greg Cunningham BAppComp, RHCE ph +61 3 6440 7453 Systems Analyst fx +61 3 6440 6455 Harris Company Pty. Ltd. mo0407 056 788 mailto:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] can connect with smbclient but cannot change the password with smbpasswd
Although I can log in without any error using smbclient, I cannot change the password using smbpasswd. The error message is: machine 127.0.0.1 rejected the tconX on the IPC$ share. Error was: NT_STATUS_WRONG_PASSWORD. Failed to change password for ... What is wrong here ? root was able to insert a new password. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] guest user connects to IPC$
Why can the guest user connect to the IPC$ although the config says guest ok = No ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help to configure samba server
Hello.. I need help .regarding the configuration of samba server to allow windows clients to access the server with regards subin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] please help me it is urgent
Hello i am new to samba protocol Our Client software used samba protocol If there is no firewall case , this protocol work properly from remote site. All of firwall configuration open ( this mean is all of port open ). Samba work very well, but if some constrain put in, it doesn't work. sent port number for samba protocol to my client. They said it doesn't work properly. May be samba used another port, please tell me more as soon as possible. I am so sorry about disturbing you. I sent following port 137,138,139,445 (tcp/udp) 143,161 (tcp) He opened these port, but samba didn't work. Thanks and Regards Dharanish _ Cricket World Cup 2003- News, Views and Match Reports. http://server1.msn.co.in/msnspecials/worldcup03/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: number of groups of NT account causes authenticationproblems
Hi Richard, et al;
Can't speak for Solaris, but HP-UX has a 20 group membership limit
for HP-UX users. From man setgroups: must be no more than NGROUPS_MAX,
as defined in limits.h. Same applies to initgroups.
So Solaris may have some limit as well
Hope this helps,
Don
-Original Message-
From: Richard Sharpe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 22:08
To: Gopal Bhat
Cc: samba; samba-technical
Subject: Re: number of groups of NT account causes authentication
problems
On Tue, 4 Mar 2003, Gopal Bhat wrote:
Hi,
I did more experiments with this problem and found that
'SMBD' fails to
authenticate when the Number of Groups an NT user belongs
grows more
than 14 (i.e. 15 or more).
Thanks,
Gopal
I can't have a look until tomorrow, but I wonder, is it possible that
Solaris 9 has a restriction that the user cannot be in more that 14
groups? I would think not, but will find it difficult to test tonight.
Besides, I can probably only test on Solaris 8.
If that is not the problem, then I would have to look at the
code that
does setgroups and test on our platform.
Gopal Bhat wrote:
I am facing a strange problem related to authentication
of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM
and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test)
with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 14 more groups along with
'TestGroup' (Total
number of TestUser's group = 15)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in
the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser'
belongs from 15
to 8 ('TestGroup' + 7 other groups), the user can access
the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group
memberships 'smbd' can handle. Note: 'wbinfo' returns
all the right
groups of the user without any problems.
Is there anyone out there who is aware of this problem
and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
Regards
-
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] number of groups of NT account causes authenticationproblems
Finally, I found that this problem is due to limitation of Solaris OS.
By default, the kernel parameter NGROUPS_MAX ( # getconf NGROUPS_MAX) is
set to 16 (/usr/include/limits.h), which can be changed to a maximum of
32 by putting a line:
set ngroups_max=32
in /etc/system file and rebooting the server. If you do this, the server
complains about some NFS problems:
# dmesg | grep -i ngroups
Mar 5 17:50:25 chevette unix: [ID 953839 kern.warning] WARNING:
ngroups_max of 32 16, NFS AUTH_SYS will not work properly
But again, the cap is raised to 32 from 16.
To increase the parameter 'ngroups_max' beyond 32, one needs to modify
the files '/usr/include/limits.h, /usr/include/sys/param.h', and rebuild
the kernel. But there is no way to compile the new kernel on solaris by
using this modified files. The 'boot -r' from the boot prom level will
not recompile the kernel, it just loads the existing kernel using
'/etc/system' parameters which are limited by the parameters set by
'/usr/include/sys/param.h' during the original compilation.
-Gopal
Michael G. Noble wrote:
Solaris has a 15 member limit to groups. Since you are under that
limit, it should not be a problem. I have Samba running on an Ultra
60 with Solaris8, samba version 2.2.5. I have users who are members
of at least 14 groups and not having any problems accessing shared
folders.
Mike
On Tue, 2003-03-04 at 13:35, Gopal Bhat wrote:
I am facing a strange problem related to authentication of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test) with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 10 more groups along with 'TestGroup' (Total
number of TestUser's group = 11)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser' belongs from 11 to
8 ('TestGroup' + 7 other groups), the user can access the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group memberships
'smbd' can handle.
Note: 'wbinfo' returns all the right groups of the user without any
problems.
Is there anyone out there who is aware of this problem and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] number of groups of NT account causes authenticationproblems
Be careful. Just rebuilding the kernel with an increased NGROUPS_MAX
probably won't be sufficient.
To accommodate Windows users with lots (40-50) of group memberships, we
had to rebuild NetBSD with NGROUPS_MAX set to 128.
But we also had to rebuild userland, because anything that used
NGROUPS_MAX statically would break. That meant almost everything in
/sbin /usr/sbin and a lot of /bin and /usr/bin, not to mention libc.
It's a pretty Big Deal.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
amba.org] On Behalf Of Gopal Bhat
Sent: Wednesday, March 05, 2003 9:25 PM
To: Michael G. Noble; [EMAIL PROTECTED]
Cc: samba; samba-technical
Subject: Re: [Samba] number of groups of NT account causes
authentication problems
Finally, I found that this problem is due to limitation of
Solaris OS.
By default, the kernel parameter NGROUPS_MAX ( # getconf
NGROUPS_MAX) is
set to 16 (/usr/include/limits.h), which can be changed to a
maximum of
32 by putting a line:
set ngroups_max=32
in /etc/system file and rebooting the server. If you do this,
the server
complains about some NFS problems:
# dmesg | grep -i ngroups
Mar 5 17:50:25 chevette unix: [ID 953839 kern.warning] WARNING:
ngroups_max of 32 16, NFS AUTH_SYS will not work properly
But again, the cap is raised to 32 from 16.
To increase the parameter 'ngroups_max' beyond 32, one needs
to modify
the files '/usr/include/limits.h, /usr/include/sys/param.h',
and rebuild
the kernel. But there is no way to compile the new kernel on
solaris by
using this modified files. The 'boot -r' from the boot prom
level will
not recompile the kernel, it just loads the existing kernel using
'/etc/system' parameters which are limited by the parameters set by
'/usr/include/sys/param.h' during the original compilation.
-Gopal
Michael G. Noble wrote:
Solaris has a 15 member limit to groups. Since you are under that
limit, it should not be a problem. I have Samba running on an Ultra
60 with Solaris8, samba version 2.2.5. I have users who are members
of at least 14 groups and not having any problems accessing shared
folders.
Mike
On Tue, 2003-03-04 at 13:35, Gopal Bhat wrote:
I am facing a strange problem related to authentication of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test)
with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 10 more groups along with
'TestGroup' (Total
number of TestUser's group = 11)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in the
Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser'
belongs from 11
to
8 ('TestGroup' + 7 other groups), the user can access the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group
memberships
'smbd' can handle.
Note: 'wbinfo' returns all the right groups of the user without any
problems.
Is there anyone out there who is aware of this problem and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] number of groups of NT account causes authenticationproblems
Solaris has a 15 member limit to groups. Since you are under that
limit, it should not be a problem. I have Samba running on an Ultra
60 with Solaris8, samba version 2.2.5. I have users who are members
of at least 14 groups and not having any problems accessing shared
folders.
Mike
On Tue, 2003-03-04 at 13:35, Gopal Bhat wrote:
I am facing a strange problem related to authentication of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test) with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 10 more groups along with 'TestGroup' (Total
number of TestUser's group = 11)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser' belongs from 11 to
8 ('TestGroup' + 7 other groups), the user can access the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group memberships
'smbd' can handle.
Note: 'wbinfo' returns all the right groups of the user without any
problems.
Is there anyone out there who is aware of this problem and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] number of groups of NT account causes authenticationproblems
Is there anyway to increase this limit of 15? Using /etc/system or any
other configuration file/parameter?
I will post this question on SUN BigAdmin also, if I am able to find an
answer, it will be great.
Thanks!
Michael G. Noble wrote:
Solaris has a 15 member limit to groups. Since you are under that
limit, it should not be a problem. I have Samba running on an Ultra
60 with Solaris8, samba version 2.2.5. I have users who are members
of at least 14 groups and not having any problems accessing shared
folders.
Mike
On Tue, 2003-03-04 at 13:35, Gopal Bhat wrote:
I am facing a strange problem related to authentication of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test) with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 10 more groups along with 'TestGroup' (Total
number of TestUser's group = 11)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser' belongs from 11 to
8 ('TestGroup' + 7 other groups), the user can access the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group memberships
'smbd' can handle.
Note: 'wbinfo' returns all the right groups of the user without any
problems.
Is there anyone out there who is aware of this problem and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
quota group
I use samba on redhat linux (7.1)
For default in redhat each user has also his own group.
I created a new group for each samba share that I defined so I can control
which users can access to the shares, but if I use the user quota I can't
control the quota on this shares.
Using a group quota I can assign separate quota to each share (the shares
are on the same HD partition):
- each user has a quota on the home share
- each not home share has its own quota
The only problem is that I can't see the quota in windows box. So I
modified the smbd/quotas.c to read the quota group associated to the group
of the file/directory if the user quota result is 0 (zero). I added a
parameter to the function get_smb_linux_* to get an user or a group quota.
I attach the output of the commnad:
diff -u -r samba-2.2.7a/source/smbd/quotas.c
samba-2.2.7amds/source/smbd/quotas.c
--- samba-2.2.7a/source/smbd/quotas.c Wed Dec 11 10:17:40 2002
+++ samba-2.2.7amds/source/smbd/quotas.cTue Mar 4 09:43:05 2003
@@ -66,13 +66,18 @@
Abstract out the XFS Quota Manager quota get call.
/
-static int get_smb_linux_xfs_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp)
+static int get_smb_linux_xfs_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp, char type )
{
int ret = -1;
struct fs_disk_quota D;
ZERO_STRUCT(D);
- if ((ret = quotactl(QCMD(Q_XGETQUOTA,USRQUOTA), path, euser_id,
(caddr_t)D)))
+ if ( type == 'g' ) {
+ ret = quotactl(QCMD(Q_XGETQUOTA,GRPQUOTA), path,
euser_id, (caddr_t)D);
+ } else {
+ ret = quotactl(QCMD(Q_XGETQUOTA,USRQUOTA), path,
euser_id, (caddr_t)D);
+ }
+ if (ret)
return ret;
dp-bsize = (SMB_BIG_UINT)512;
@@ -89,7 +94,7 @@
Abstract out the old and new Linux quota get calls.
/
-static int get_smb_linux_v1_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp)
+static int get_smb_linux_v1_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp, char type )
{
struct v1_kern_dqblk D;
int ret;
@@ -97,7 +102,12 @@
ZERO_STRUCT(D);
dp-bsize = (SMB_BIG_UINT)QUOTABLOCK_SIZE;
- if ((ret = quotactl(QCMD(Q_V1_GETQUOTA,USRQUOTA), path, euser_id,
(caddr_t)D)))
+ if ( type == 'g' ) {
+ ret = quotactl(QCMD(Q_V1_GETQUOTA,GRPQUOTA), path,
euser_id, (caddr_t)D);
+ } else {
+ ret = quotactl(QCMD(Q_V1_GETQUOTA,USRQUOTA), path,
euser_id, (caddr_t)D);
+ }
+if (ret)
return -1;
dp-softlimit = (SMB_BIG_UINT)D.dqb_bsoftlimit;
@@ -110,7 +120,7 @@
return 0;
}
-static int get_smb_linux_v2_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp)
+static int get_smb_linux_v2_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp, char type )
{
struct v2_kern_dqblk D;
int ret;
@@ -118,7 +128,12 @@
ZERO_STRUCT(D);
dp-bsize = (SMB_BIG_UINT)QUOTABLOCK_SIZE;
- if ((ret = quotactl(QCMD(Q_V2_GETQUOTA,USRQUOTA), path, euser_id,
(caddr_t)D)))
+ if ( type == 'g' ) {
+ ret = quotactl(QCMD(Q_V2_GETQUOTA,GRPQUOTA), path,
euser_id, (caddr_t)D);
+ } else {
+ ret = quotactl(QCMD(Q_V2_GETQUOTA,USRQUOTA), path,
euser_id, (caddr_t)D);
+ }
+if (ret)
return -1;
dp-softlimit = (SMB_BIG_UINT)D.dqb_bsoftlimit;
@@ -135,7 +150,7 @@
Brand-new generic quota interface.
/
-static int get_smb_linux_gen_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp)
+static int get_smb_linux_gen_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp, char type )
{
struct if_dqblk D;
int ret;
@@ -143,7 +158,12 @@
ZERO_STRUCT(D);
dp-bsize = (SMB_BIG_UINT)QUOTABLOCK_SIZE;
- if ((ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), path, euser_id,
(caddr_t)D)))
+ if ( type == 'g' ) {
+ ret = quotactl(QCMD(Q_GETQUOTA,GRPQUOTA), path, euser_id,
(caddr_t)D);
+ } else {
+ ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), path, euser_id,
(caddr_t)D);
+ }
+ if (ret)
return -1;
dp-softlimit = (SMB_BIG_UINT)D.dqb_bsoftlimit;
@@ -170,6 +190,7 @@
SMB_DEV_T devno;
int found;
uid_t euser_id;
+ gid_t fgrp_id;
euser_id = geteuid();
@@ -179,6 +200,7 @@
return(False) ;
devno = S.st_dev ;
+ fgrp_id = S.st_gid;
fp = setmntent(MOUNTED,r);
found = False ;
@@ -202,15 +224,31 @@
set_effective_uid(0);
if (strcmp(mnt-mnt_type, xfs)) {
- r=get_smb_linux_gen_quota(mnt-mnt_fsname, euser_id, D);
+
Re: quota group
On Wed, 2003-03-05 at 20:32, Massimo Del Sarto wrote: I use samba on redhat linux (7.1) For default in redhat each user has also his own group. I created a new group for each samba share that I defined so I can control which users can access to the shares, but if I use the user quota I can't control the quota on this shares. Using a group quota I can assign separate quota to each share (the shares are on the same HD partition): - each user has a quota on the home share - each not home share has its own quota The only problem is that I can't see the quota in windows box. So I modified the smbd/quotas.c to read the quota group associated to the group of the file/directory if the user quota result is 0 (zero). I added a parameter to the function get_smb_linux_* to get an user or a group quota. Wouldn't it be better to report the smaller of the two quotas? I attach the output of the commnad: diff -u -r samba-2.2.7a/source/smbd/quotas.c samba-2.2.7amds/source/smbd/quotas.c --- samba-2.2.7a/source/smbd/quotas.c Wed Dec 11 10:17:40 2002 +++ samba-2.2.7amds/source/smbd/quotas.cTue Mar 4 09:43:05 2003 @@ -66,13 +66,18 @@ Abstract out the XFS Quota Manager quota get call. / -static int get_smb_linux_xfs_quota(char *path, uid_t euser_id, LINUX_SMB_DISK_QUOTA *dp) +static int get_smb_linux_xfs_quota(char *path, uid_t euser_id, LINUX_SMB_DISK_QUOTA *dp, char type ) Make this a BOOL for type 'group_quota' or even better an enum with values 'USER_QUOTA, GROUP_QUOTA'. If you can repatch this against HEAD, and check with metze (Stefan (metze) Metzmacher [EMAIL PROTECTED]) on how this might conflict with his work in this area. In particular, it might work out best that metze picks this up into his patch. (He is working on being able to modify the quota from an Windows client!). Either way, this certainly is a very nice idea! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [PATCH] draft: better string overflow checking (was: memorycorruption in SAMBA_3_0)
On Wed, 2003-03-05 at 16:11, Martin Pool wrote:
I was thinking about Andrew's fstring-overflow patch from a few weeks
ago: for developer builds, it touches the last byte of a string buffer
to check that it's as long as it should be.
This should be reasonably helpful in catching string overflows on the
heap, but not so good on the stack, because the program can probably
write arbitrarily far past stack variables without trapping, even
under Valgrind. Writing a \0 in there will damage *something* and
probably make the program crash, but it won't be very obvious. I
think this might have been what Jerry saw the other day.
I think this patch is better: it thoroughly clobbers the contents of
string buffers to make any fstring/pstring/dynamic confusion obvious.
Here is an example that is caught in developer builds with this patch,
but is hard to catch otherwise:
#include includes.h
int main(void)
{
fstring dest;
pstrcpy(dest, hello);
return 0;
}
This fails with an obvious message under gdb:
#0 0xf1f1f1f1 in ?? ()
Cannot access memory at address 0xf1f1f1f1
Please don't apply this yet because I want to see if it catches any
bugs, but I'd love to hear comments.
This will (compared to other checks) slow things down, as we keep
filling out those pstrings, but I think it's a great idea - and will
catch bugs!
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
RE: mount points / free disk space / dfree command
On Tue, 4 Mar 2003, Panko, Kevin wrote: I went and read some of the CIFS spec[1], and it seems to me that the QUERY_FS_INFO trans2 request only includes an identifier for the current connection. Given this information, samba can only attempt to determine the amount of space on the root of the share. This explains why using the dfree command did not give me any different numbers than not using it. I'm not sure I understand exactly what you want. But there is the potential, at least in the future, for doing more than simply a df. Did you see my reply of Feb 24th, which mentioned what samba can already do if quotas are present (and, implicitly, applicable to a filesystem)? And how this might be generalised? (By coincidence, another thread has just started about group quota.) If I really understand what is going on here, then what we would have to do is create a new share for each mounted device. That would be hard because the root that is exported happens to be an automounter directory, which changes. Want simple df-like functionality? Present, as the default. Want to use user quotas? Present, with appropriate compilation and UN*X-host quota configuration. Want to use group quotas? Not yet present; but a recent thread discusses a possibility. Want to call an external program? Present as dfree command. I have never used it. I suspect it cannot do quota-like per-user stuff, nor per-subdirectory stuff. I could well envisage something conceptually similar to dfree command, but more flexible, to allow use of username and current-directory: 1. yet another smb.conf option. Like dfree command (calling external program). This could be hacked up reasonably quickly, but is a dirty solution, expecially in view of current herculean efforts to clean the Samba code. 2. Generalise (and re-implement) the existing stuff (df, dfree command, quota) as VFS modules, allowing sites to write their own modules. This would take longer to do, but would be much cleaner, and aligns well with future development. Summary: What you want may not be there right now. But I think it could be added if designed reasonably carefully, and in context of the bigger picture. Hope that helps (a little, at least!). -- : David LeeI.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/South Road: : Durham: : Phone: +44 191 374 2882 U.K. :
Re: more rpcclient bughunting: PRINTER_ALL_ACCESS vs MAXIMUM_ALLOWED_ACCESS
On March 5, [EMAIL PROTECTED] said:
I've checked in a fix. It's odd that MAXIMUM_ALLOWED_ACCESS doesn't
do what it's supposed to in this case. Are you running the setdriver
against a NT or Samba server?
Running against Samba HEAD, but just one sec...
Right, here's the summary of what I've found:
Samba HEAD - Samba HEAD (rpcclient setdriver)
* Asking for Maximum allowed access doesn't give you printer admin
rights
Samba HEAD - NT4 SP6 (rpcclient setdriver)
* Asking for Maximum allowed access /does/ give you printer admin
rights, even though the printer admin bitfield isn't set.
NT4 SP6 to Samba HEAD (Opening the Printers folder)
* First request is for
Write Owner | Write DAC | Read Control | Delete
Server Enum | Server Admin
* Second request appears to be the same in terms of requested access;
something else might differ, but nothing immediately obvious.
* Third request asks for
Read Control
Server Enum
I set up a Printer Operator account to test this with, and it
succeeded on the first request (Server Admin), as does a Domain
Admin account. Finally, I removed the Printer Operator account from
Printer Operators but left it in printer admins on the samba
server, and it still succeeded at the first request. So I'm not sure
when the Printer Admin bit gets used, but it's not when you open the
Printers folder.
I don't right now have an easy way to test NT-NT /and/ capture the
bits; however, I think it's obvious from the above that Samba should
be responding to a MAXIMUM_ALLOWED_ACCESS request with
PRINTER_ACCESS_ADMINISTER rights. As it stands, it's going to get
punted:
srv_spoolss_nt.c:1577
==
/* Deny any object specific bits that don't apply to print
servers (i.e printer and job specific bits) */
printer_default-access_required = SPECIFIC_RIGHTS_MASK;
if (printer_default-access_required
~(SERVER_ACCESS_ADMINISTER | SERVER_ACCESS_ENUMERATE)) {
DEBUG(3, (access DENIED for non-printserver bits));
close_printer_handle(p, handle);
return WERR_ACCESS_DENIED;
}
==
Cheers,
Waider.
--
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
Your broker is a half-naked blue-and-orange crypto-anarchist?
- Neal Stephenson / The Great Simoleon Caper
Re: quota group
At 21.55 05/03/2003 +1100, Andrew Bartlett wrote: On Wed, 2003-03-05 at 20:32, Massimo Del Sarto wrote: I use samba on redhat linux (7.1) For default in redhat each user has also his own group. I created a new group for each samba share that I defined so I can control which users can access to the shares, but if I use the user quota I can't control the quota on this shares. Using a group quota I can assign separate quota to each share (the shares are on the same HD partition): - each user has a quota on the home share - each not home share has its own quota The only problem is that I can't see the quota in windows box. So I modified the smbd/quotas.c to read the quota group associated to the group of the file/directory if the user quota result is 0 (zero). I added a parameter to the function get_smb_linux_* to get an user or a group quota. Wouldn't it be better to report the smaller of the two quotas? I forgotten: - All user have umask set to 002; - In (not home) share I sgid the directory with chmod 2770 share dir and assign a group at this directory (chgrp share group share dir). - In the smb.conf I use inherit permissions = Yes in the share definition. So each files that are created are forced to have the same group of the parent directory In the home directory the files have the gid equal to the uid. In not home (share) directory the files have the gid equal to the group that i created for this share. The result of user quota is 0 (zero) because the user quota are set to 0 (No limit in the user quota) so I can't report a value of 0. Only the group quota is set to a value 0 My patch is tested only in rehat 7.1 and work only on linux. A lot of work must done to extended my idea to all the O.S. Can Stefan Metzmacher do this work and insert in on own patch? Massimo I attach the output of the commnad: diff -u -r samba-2.2.7a/source/smbd/quotas.c samba-2.2.7amds/source/smbd/quotas.c --- samba-2.2.7a/source/smbd/quotas.c Wed Dec 11 10:17:40 2002 +++ samba-2.2.7amds/source/smbd/quotas.cTue Mar 4 09:43:05 2003 @@ -66,13 +66,18 @@ Abstract out the XFS Quota Manager quota get call. / -static int get_smb_linux_xfs_quota(char *path, uid_t euser_id, LINUX_SMB_DISK_QUOTA *dp) +static int get_smb_linux_xfs_quota(char *path, uid_t euser_id, LINUX_SMB_DISK_QUOTA *dp, char type ) Make this a BOOL for type 'group_quota' or even better an enum with values 'USER_QUOTA, GROUP_QUOTA'. If you can repatch this against HEAD, and check with metze (Stefan (metze) Metzmacher [EMAIL PROTECTED]) on how this might conflict with his work in this area. In particular, it might work out best that metze picks this up into his patch. (He is working on being able to modify the quota from an Windows client!). Either way, this certainly is a very nice idea! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- Ing. Massimo Del Sarto Capo Ufficio CED IRCCS Fondazione Stella Marishttp://www.inpe.unipi.it Tel. +39 050 886268Fax. +39 050 32214 --
Re: quota group
On Wed, 5 Mar 2003, Andrew Bartlett wrote: [...] If you can repatch this against HEAD, and check with metze (Stefan (metze) Metzmacher [EMAIL PROTECTED]) on how this might conflict with his work in this area. In particular, it might work out best that metze picks this up into his patch. (He is working on being able to modify the quota from an Windows client!). Either way, this certainly is a very nice idea! Is this the time to bite the bullet or take the bull by the horns? (Substitute other metaphors to taste...) In the devel/TODO there is a suggested coding project: Rewriting Samba's current filesystem quota support as a VFS module. There has also just been another thread from someone requesting some sort of directory-dependent result from df-like functionality. Is now the time to extract the handling of df (default), quota, dfree command into a generalised VFS structure, reimplementing those mechanisms in such a framework? Or maybe this is already being addressed? We can probably assist with testing and coding Solaris/quota, although we can no longer help with Solaris/Veritas/quota, as we no longer have such a server. -- : David LeeI.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/South Road: : Durham: : Phone: +44 191 374 2882 U.K. :
Samba-3.0alpha22 available on samba.org mirrors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We've just posted another snapshot of the SAMBA_3_0 cvs tree for download. This is a non-production release provided for testing only. The source code can be downloaded from : http://download.samba.org/samba/ftp/alpha/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at http://download.samba.org/samba/ftp/samba-pubkey.asc Binary packages for RedHat have been released and can be found at http://download.samba.org/samba/ftp/Binary_Packages/ Others will be available as they are submitted by volunteers. A simplified version of the CVS log of updates since 3.0alpha21 can be found in the the download directory under the name ChangeLog-3.0alpha21-alpha22. The release notes follow. As always, all bugs are our responsibility. --Enjoy The Samba Team - WHATS NEW IN Samba 3.0 alpha22 4th March 2003 == This is a pre-release of Samba 3.0. This is NOT a stable release. Use at your own risk. The purpose of this alpha release is to get wider testing of the major new pieces of code in the current Samba 3.0 development tree. We have officially ceased development on the 2.2.x release of Samba and are concentrating on Samba 3.0. To reduce the time before the final Samba 3.0 release we need as many people as possible to start testing these alpha releases, and hopefully giving us some high quality feedback on what needs fixing. Note that Samba 3.0 is not feature complete yet. There is a more coding we have planned, but unless we get what we have done already more widely tested we will have a hard time doing a stable release in a reasonable time frame. Major new features: - --- - - Active Directory support. This release is able to join a ADS realm as a member server and authenticate users using LDAP/kerberos. - - Unicode support. Samba will now negotiate UNICODE on the wire and internally there is now a much better infrastructure for multi-byte and UNICODE character sets. - - New authentication system. The internal authentication system has been almost completely rewritten. Most of the changes are internal, but the new auth system is also very configurable. - - new filename mangling system. The filename mangling system has been completely rewritten. An internal database now stores mangling maps persistently. This needs lots of testing. - - new net command. A new net command has been added. It is somewhat similar to the net command in windows. Eventually we plan to replace a bunch of other utilities (such as smbpasswd) with subcommands in net, at the moment only a few things are implemented. - - Samba now negotiates NT-style status32 codes on the wire. This improves error handling a lot. - - better w2k printing support including publishing printer attributes in active directory - - new loadable RPC modules - - new dual-daemon winbindd support for better performance - - support for migrating from a Windows NT 4.0 domain - - support for establishing trust relationships with Windows NT 4.0 domain controllers Plus lots of other changes! Reporting bugs Development Discussion - --- Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. Changes in alpha22: - --- Added Parameters * client NTLMv2 auth * client lanman auth * client signing * client use spnego * max reported print jobs * msdfs proxy See cvs log for SAMBA_3_0 for complete details. There are many smaller numerous changes that would clutter the release notes. 1) remove the global_myname string and replace with wrapper function global_myname() 2) create vfs/ and pdb/ subdirectories for library installs 3) Fixup of ordered cleanup of get_dc_list() 4) Added more autoconf tests for Stratus VOS 5) Fixed nasty bug where file writes with start offsets in the range 0x8000 - 0x would fail as they were being cast from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed* types). The sign extension would cause the offset to be treated as negative. 6) Add support to automatically retrieve the dns host name and domain name of an AD server 7) Add support for PRINTER_INFO_7 and publishing printer attributes in active directory 8) Fix for 64 bit issues with oplocks and allocation size 9) Remove assert(count ==1) for multi-homed PDCs when resolving DOMAIN0x1b 10) Ensure that
Re: [PATCH] draft: better string overflow checking (was: memorycorruption in SAMBA_3_0)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Mar 2003, Martin Pool wrote: I was thinking about Andrew's fstring-overflow patch from a few weeks ago: for developer builds, it touches the last byte of a string buffer to check that it's as long as it should be. This should be reasonably helpful in catching string overflows on the heap, but not so good on the stack, because the program can probably write arbitrarily far past stack variables without trapping, even under Valgrind. Writing a \0 in there will damage *something* and probably make the program crash, but it won't be very obvious. I think this might have been what Jerry saw the other day. This looks good Martin. Would be much easier to catch when we write past the end. You've got my vote. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+ZiIzIR7qMdg1EfYRAs/0AKDJRVt1giqVvWCdEAns40uaDD9bjACg7pxw pkOgMnGRHXrSvqwGsRh5+Ts= =MnXj -END PGP SIGNATURE-
documentation omission: add printer command
The add printer command program can output a single line of text, which Samba will set as the port the new printer is connected to. From my reading of the code, if this line /isn't/ output, Samba won't reload its printer shares. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It doesn't corner well. It doesn't have to. It just warps space until the street is facing the right way. - Blair P. Houghton
VFS related.
Hi, I'm was trying to port my VFS module over *BSD. I had some problems and I want to share the results with you: 1. On OpenBSD 3.1 in dynamic module symbols are mangled with _ in front of name of the function so sym_dlsym(handle, vfs_init) don't work but sym_dlsym(handle, _vfs_init) is ok. I resolved this by forcing the compiler to generate vfs_init instead of _vfs_init: extern struct vfs_ops* rav_vfs_init(int*, struct vfs_ops *) asm (vfs_init); before function definition. I prefer that samba during configuring time to see how the name are mangled and to add '_' in OpenBSD case, or to try dlopen twice: one for symbol_name and if this fails for _symbol_name. 2. On NetBSD 1.6 (GENERIC) because I'm using some functions from smbd (in order to send messages to the client who access an infected file) I've got this error: [2003/03/05 19:39:46, 3] /usr/pkgsrc/net/samba/work/samba-2.2.6/source/smbd/vfs.c:vfs_init_custom(138) Initialising custom vfs hooks from /usr/local/lib/rav/ravsamba.so [2003/03/05 19:39:46, 0] /usr/pkgsrc/net/samba/work/samba-2.2.6/source/smbd/vfs.c:vfs_init_custom(143) Error opening /usr/local/lib/rav/ravsamba.so: /usr/local/lib/rav/ravsamba.so: Undefined PLT symbol dbgtext (reloc type = 7, symnum = 75) [2003/03/05 19:39:46, 0] /usr/pkgsrc/net/samba/work/samba-2.2.6/source/smbd/vfs.c:smbd_vfs_init(188) smbd_vfs_init: vfs_init_custom failed The problem resides in the default configuration of ld.elf_so. You might want to include in your VFS documentation the need to export the environment variable LD_BIND_NOW before starting smbd daemon on NetBSD. Regards, Tudore.
Detecting Windows OS Version through Samba
Hello everyone, I have a samba server and several wannabe clients on a different subnet. Is there a way to determine their windows os version through the network, (without actually asking their owners or trying to physicaly locate the hosts)? if i am not mistaken the info i'm looking for is exposed at least during the browser election proccess, but that is not enough since i am on a different subnet. NetBIOS is open to those machines. Is there a cmd line utility or source code for solaris/bsd/linux or windows that can be used for that purpose? thanx, Agis
Re: Detecting Windows OS Version through Samba
We have a specific exapansion variable that may be used inside smb.conf to be replaced by remote OS signature, I cannot remember how it works out which OS is on the other side or how accurate it is. Look into smb.conf and search for %a Simo. On Wed, 2003-03-05 at 18:52, Agis Andreou wrote: Hello everyone, I have a samba server and several wannabe clients on a different subnet. Is there a way to determine their windows os version through the network, (without actually asking their owners or trying to physicaly locate the hosts)? if i am not mistaken the info i'm looking for is exposed at least during the browser election proccess, but that is not enough since i am on a different subnet. NetBIOS is open to those machines. Is there a cmd line utility or source code for solaris/bsd/linux or windows that can be used for that purpose? thanx, Agis -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: Detecting Windows OS Version through Samba
On Wed, Mar 05, 2003 at 06:57:04PM +0100, Simo Sorce wrote about 'Re: Detecting Windows OS Version through Samba': On Wed, 2003-03-05 at 18:52, Agis Andreou wrote: Hello everyone, I have a samba server and several wannabe clients on a different subnet. Is there a way to determine their windows os version through the network, (without actually asking their owners or trying to physicaly locate the hosts)? if i am not mistaken the info i'm looking for is exposed at least during the browser election proccess, but that is not enough since i am on a different subnet. NetBIOS is open to those machines. Is there a cmd line utility or source code for solaris/bsd/linux or windows that can be used for that purpose? You can also try to use the queso tool. Jelmer -- Jelmer Vernooij [EMAIL PROTECTED] Pending (unfinished) patches http://samba.org/~jelmer/diffs.php
Re: Detecting Windows OS Version through Samba
Thanks, could you please mail it to me, their server http://www.apostols.org/projectz/queso/ seems to be down at the moment. Will it distinguish windows flavours? agis. Jelmer Vernooij wrote: On Wed, Mar 05, 2003 at 06:57:04PM +0100, Simo Sorce wrote about 'Re: Detecting Windows OS Version through Samba': On Wed, 2003-03-05 at 18:52, Agis Andreou wrote: Hello everyone, I have a samba server and several wannabe clients on a different subnet. Is there a way to determine their windows os version through the network, (without actually asking their owners or trying to physicaly locate the hosts)? if i am not mistaken the info i'm looking for is exposed at least during the browser election proccess, but that is not enough since i am on a different subnet. NetBIOS is open to those machines. Is there a cmd line utility or source code for solaris/bsd/linux or windows that can be used for that purpose? You can also try to use the queso tool. Jelmer
Re: 3.0a21 and HEAD: only primary group of a domain user is set onsmbd
Do you mean that I probably will need both your change and Ken's patch? Now I remember that I checked on SAMBA_3_0 but not HEAD, as I thought they should be pretty similar. I will check HEAD out. Thanks A. Bertlett. Chere On Tuesday 04 March 2003 11:52 pm, Andrew Bartlett wrote: On Wed, 2003-03-05 at 14:38, Ken Cross wrote: The behavior you're seeing is because LDAP is being used to get the group membership rather that RPC. Last month I posted a patch to fix this, but to my knowledge it hasn't been incorporated. (I'm not bitching, just explaining...) Your patch fixed a slightly different issue, this issue was fixed in HEAD recently. Andrew Bartlett
Re: Detecting Windows OS Version through Samba
On Wed, Mar 05, 2003 at 08:22:48PM +0200, Agis Andreou wrote about 'Re: Detecting Windows OS Version through Samba': Thanks, could you please mail it to me, Sorry, I don't have the sources here. their server http://www.apostols.org/projectz/queso/ seems to be down at the moment. Will it distinguish windows flavours? I think it's possible - not sure though. Jelmer agis. Jelmer Vernooij wrote: On Wed, Mar 05, 2003 at 06:57:04PM +0100, Simo Sorce wrote about 'Re: Detecting Windows OS Version through Samba': On Wed, 2003-03-05 at 18:52, Agis Andreou wrote: Hello everyone, I have a samba server and several wannabe clients on a different subnet. Is there a way to determine their windows os version through the network, (without actually asking their owners or trying to physicaly locate the hosts)? if i am not mistaken the info i'm looking for is exposed at least during the browser election proccess, but that is not enough since i am on a different subnet. NetBIOS is open to those machines. Is there a cmd line utility or source code for solaris/bsd/linux or windows that can be used for that purpose? You can also try to use the queso tool. Jelmer -- Jelmer Vernooij [EMAIL PROTECTED] - http://nl.linux.org/~jelmer/ 19:40:17 up 7 days, 5:52, 30 users, load average: 0.20, 0.14, 0.10
