Re: How to create a Samba server package?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 6 Mar 2003, Spiro Philopoulos wrote: Hi. I'm new to Samba and I'd like to create a binary Samba package (for LRP), but I'm interested only in the server components of Samba. What files to I have to include is such a package? The list of some files I know I have to include is listed below. If there are any other files I should include please tell me. Thanks in advance. -smbd -nmbd -smbpasswd (executable) -startup rc script -smb.conf -smbusers -smbpasswd -the codepages Looks good to me. I can't think of anything else that would be essential. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+bKG1IR7qMdg1EfYRAqZ3AJoDkDJ2KgfiVD5U4e3gsWW3uqIVDgCgz2uS Q7HLs2ExbNGBt6A9yaDSGeg= =LaiF -END PGP SIGNATURE-
Re: How to create a Samba server package?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -smbd -nmbd -smbpasswd (executable) -startup rc script -smb.conf -smbusers -smbpasswd -the codepages Looks good to me. I can't think of anything else that would be essential. If you have LDAP as a backend (unlikely for LRP though..), you also need pdbedit. Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Key-ID D32186CF, Fingerprint available: phone +49 551 370 iD8DBQE+bKoVOmSXH9Mhhs8RAiBsAJ0W/cYtL7qF3UF7bnQqFoJcqjz1JwCgjQ8J IyYJi2WvGerNDsb1L6hCAIw= =k4JT -END PGP SIGNATURE-
RE: [Samba] Win2k Performance Problems
Change your nic card in your server. That is your bottleneck as that is serving you at about 3-4mb. Rule of thumb on how 10mb cards work effectivley is at about 3-4m of throughput. A 10/100 nic card will do between 20-40 based on nic hub/switch etc. Raj -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tom Smith Sent: Sunday, March 09, 2003 2:07 PM To: Malkit Singh Cc: samba Subject: Re: [Samba] Win2k Performance Problems Server is 10 MB, client is 100 MB. Switch is 10/100 MB. Malkit Singh wrote: What is the speed of your NICs. On Sun, 2003-03-09 at 07:51, Tom Smith wrote: Redhat 8.0 Samba 2.2.7 (See attached smb.conf for Samba config.) I'm having a speed problem copying files to or from the Samba server using a Windows 2000 Pro computer. For example, it takes around 2 minutes to copy a 30 MB file. During this copy, I've only got 2 computer on the network (the Samba server and the Win2k client). I've checked all DNS issues and there are none--both the server and workstation can ping the Samba server by name. The Samba server is advertising all shares and all configured resources are accessible. Are there any settings that can be tuned to speed up file copies for Win2k clients? # Samba config file created using SWAT # from localhost.localdomain (127.0.0.1) # Date: 2003/03/09 00:34:09 # Global parameters [global] workgroup = EXPLORER netbios name = DEATHSTAR server string = Samba Server encrypt passwords = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No printing = lprng [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Locked files that stay open after a PC crash
Hi, How should you deal, as an administrator/root, with locked files that stay open after a PC crash and the user can't access them any more. For example: The PC crashes and the user restart. MS-Outlook complains that it can't open its outlook.pst file, that is on a samba share, with the proper read/write access and the user can't get any mail. As root you do a smbstatus -u and you see that there are 2 smb processen for this user and the old one has the outlook.pst file exclusively. root kill's the old smb process but smbstatus -u still shows the outlook.pst file as open and the user can't get is. What is the proper procedure to resolve this situation? Best regards, Kees -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Locked files that stay open after a PC crash
Hi, How should you deal, as an administrator/root, with locked files that stay open after a PC crash and the user can't access them any more. For example: The PC crashes and the user restart. MS-Outlook complains that it can't open its outlook.pst file, that is on a samba share, with the proper read/write access and the user can't get any mail. As root you do a smbstatus -u and you see that there are 2 smb processen for this user and the old one has the outlook.pst file exclusively. root kill's the old smb process but smbstatus -u still shows the outlook.pst file as open and the user can't get is. What is the proper procedure to resolve this situation? That could depend on the OS You are using. When we used Win95, We encountered the same problem as You describe. Later, we migrated to WinNT, we do not see that problem since that :) Also, that problem may appear in mixed Win9X/NT/XP environments. ... and also you may want to tune registry for proper support of oplocks. Best regards, Kees -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] changing ip
does tcpdump -i eth0 or whatever your net interface is...reveal anything? Richard Coates. On Mon, 2003-03-10 at 03:04, Roland Thompson wrote: First thing I tried when I noticed I had a delay. -Original Message- From: richard [mailto:[EMAIL PROTECTED] Sent: 09 March 2003 03:11 To: [EMAIL PROTECTED] Subject: Re: [Samba] changing ip I see there have been some posts to this already...but seeing as you have Redhat8... Did you remember to update your /etc/hosts file with the new ip? Richard Coates. On Sun, 2003-03-09 at 01:15, Roland Thompson wrote: I require some advice. I've had samba running nicely for a couple of months, however I needed to change the ip addresses for my network. Since changing the ip addresses, whenever I start WinXp and log on it takes about 3-4 mins to log on. Also when I try to browse using windows explorer I sometimes have to wait 3-4mins, then I get the same delay when logging off. If I use dos though and change to the samba drive it works straight away. I'm running Samaba 2.2.7a on RH8. Can anyone point me in the right direction. I've not modified anything else but the ipaddresses (Samba is now on 192.168.0.25, my client is 192.168.0.20) When I finally do manage to be able to browse the drive (share), it seems fine, until I come back maybe 20mins l8r, then I get the delay again. Any help appreciated. Thanks Roland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ACL with Samba 3.22 + xfs with acl
The Regard! Faced a problem distributions acl in SAMBA 3.22. Ispolizetsya ADS+WINBINDD, PDC-Win2000, Samba - Server (xfs+acl). When making the file in share resource are assigned authorities: all - for all domain users - winbindd considers the main by group domain users user - a name of the creator of the file At marks beside all authorities skim! Do the attempt to put(deliver) the marks beside any one of afore-mentioned, appear else two authorities : owner-group and owner-user, for which already it is impossible nothing change. The Question: possible what hide owner-group and owner-user ? Alex. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Locked files that stay open after a PC crash
maybe u should play with keepalive??? Kees Damen schrieb: Hi, How should you deal, as an administrator/root, with locked files that stay open after a PC crash and the user can't access them any more. For example: The PC crashes and the user restart. MS-Outlook complains that it can't open its outlook.pst file, that is on a samba share, with the proper read/write access and the user can't get any mail. As root you do a smbstatus -u and you see that there are 2 smb processen for this user and the old one has the outlook.pst file exclusively. root kill's the old smb process but smbstatus -u still shows the outlook.pst file as open and the user can't get is. What is the proper procedure to resolve this situation? Best regards, Kees -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 Documentation?
Where can i find good documentation on samba 3 and its support for ADS and LDAP? Thanks a lot, Lorenzo Lorenzo Allori Assistant to Network Services Coordinator Office: +390555031355 Mobile: +393398612411 Syracuse University Florence [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 Documentation?
At 11:05 10.03.2003, Allori Lorenzo wrote: Where can i find good documentation on samba 3 and its support for ADS and LDAP? have a look at: http://asia.cnet.com/itmanager/netadmin/0,39006400,39081966,00.htm Thanks a lot, Lorenzo Lorenzo Allori Assistant to Network Services Coordinator Office: +390555031355 Mobile: +393398612411 Syracuse University Florence [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba cu, Carsten e-mail: [EMAIL PROTECTED] www: www.sgcr.net mobil: +49-173-2137083 fax: +49-6403-96187 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win2k, Domain logon, permissions
brock, i did talk with my partner: he had a view issues, in which file access did strange things with file access. - *but on a local installation too*. can u test a clean local installation on a w2k too? autocad opens files across different threats. - maybe one of the arx is to slow with closing or opens the file in a mode, that w2k interpretes as 'exclusive'?. (maybe there's a switch in your options. as far as i see now, u *must* use oplocks. - many threats opens one file at the same time. please try: http://usa.autodesk.com/ support knowledgebase - i've found a view issues, but the best is, to search with the command name and the exact error message. (i did not find this in your posting) try to set temp files to local hdd. if u find something and let me know. but at this time i don't think, that it's a network issue. gk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 1 minute wait on a share / call_trans2qfsinfo takes 60seconds
Hi I have a linux mdk 8.0 w/ custom 2.4.19-16 kernel, acls, quotas etc I have a samba 2.2.7 serving several shares on LVs everything's fine but with one share : whenever a windows client accesses this share his file manager is locked out for exactly one minute. this happens when the client requests the directory listing (or when an automatic refresh takes place) i can't see any reason why this share doesn't behave like other ones here's a bit of a client log file (debug level 6) which shows that smbd/trans2.c:call_trans2qfsinfo(1356) takes just 60 seconds (and everytime it's called for that share) i really need help ! TIA, piece of log file [2003/03/06 20:07:49, 5, pid=1993, effective(10774, 10027), real(0, 0)] lib/util.c:show_msg(291) smb_bcc=5 [2003/03/06 20:07:49, 3, pid=1993, effective(10774, 10027), real(0, 0)] smbd/process.c:switch_message(685) switch message SMBtrans2 (pid 1993) [2003/03/06 20:07:49, 4, pid=1993, effective(10774, 10027), real(0, 0)] smbd/uid.c:change_to_user(119) change_to_user: Skipping user change - already user [2003/03/06 20:07:49, 3, pid=1993, effective(10774, 10027), real(0, 0)] smbd/trans2.c:call_trans2qfsinfo(1356) call_trans2qfsinfo: level = 259 [2003/03/06 20:08:49, 5, pid=1993, effective(10774, 10027), real(0, 0)] smbd/trans2.c:call_trans2qfsinfo(1483) call_trans2qfsinfo : SMB_QUERY_FS_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=15604480, cUnitAva il=15446784 [2003/03/06 20:08:49, 6, pid=1993, effective(10774, 10027), real(0, 0)] lib/util_sock.c:write_socket(518) write_socket(12,84) - * - * - * - * - * - * - Bien sûr que je suis perfectionniste ! Mais ne pourrais-je pas l'être mieux ? Thierry ITTY eMail : [EMAIL PROTECTED] FRANCE -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 3, Issue 16
I will be out of the office until early next week, returning Tuesday, 10 March. If urgent, contact the ATS helpdesk. Thank you, Jarrell Dunson Administrative Computing Coordinator -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does the SWAT tool come with the Red Hat 8.0distribution?
Hei David... The swat package is in the 3th CD of Red Hat 8.0 Instalation problems, see here: http://www.linuxquestions.org/questions/showthread.php?s=threadid=46181highlight=swat+rh8 Brazilian Regards Tiago Cruz Em Dom, 2003-03-09 às 22:27, David Jackson escreveu: Does the SWAT tool come with the Red Hat 8.0 distribution? Where can i find out more about this tool. I think i need a GUI b/c i am not getting any of the SAMBA commands right. Thank you, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't write to a samba share...
Hello Brad! Please, it tries to add this line in its archive /etc/fstab: === //maq_100/drive_f /mnt/server smbfs credentials=/etc/samba/auth.maq_100.TIAGO,fmask=777,dmask=777 1 1 0 === === [EMAIL PROTECTED] root]# cat /etc/samba/auth.maq_100.TIAGO username = TIAGO domain = password = === One remembers that this is an example, adapte it for its necessities Brazilian Regards Tiago Cruz Em Seg, 2003-03-10 às 04:28, Brad escreveu: I have a Red Hat 8.0 PC with a scanner connected and I am scanning images with sane. I would like to store the scanned images on a Red Hat 7.3 file server using Samba, but I am having some difficulty understanding how the file and directory security preferences work. I can attach to the share (called Shared) with: smbmount //server/Shared /mnt/S -o username=username%password and can read the contents with no problems. When I do this as root on the scanner workstation, I can write to it with no problems. However, when I log in on the scanner workstation as a regular user (ie not root), I cannot write to the remote share. If I manually log in to the Server as the username and password, I can write to the shared directory OK. If I do an ls -ls of S from within the /mnt directory, I get: 4 drwxr-xr-x1 root root 4096 Mar 10 2003 S so it is clearly not writable by the user. Here is the server smb.conf settings: [global] workgroup = WORKGROUP server string = Samba Server log level = 2 log file = /var/log/samba/log.%m [Shared] comment = Shared Directories path = /home/Shared valid users = @users writable = true force group = users force directory mode = 770 inherit permissions = yes The workstation username has a valid login on the server and is part of the users group. I have tried to add -o rw to the smbmount command, but it is still the same. I have then added write list = @users to the Shared share settings in the server smb.conf file, but I still can't write to it. I have increased the server smb.conf log level to 4 and then done a touch /mnt/S/test on the scanner workstation and have looked at /var/log/samba/scannerworkstationname on the server and and this is what it says: [2003/03/10 17:18:11, 3] smbd/process.c:process_smb(860) Transaction 40 of length 84 [2003/03/10 17:18:11, 3] smbd/process.c:switch_message(667) switch message SMBtrans2 (pid 13071) [2003/03/10 17:18:11, 4] smbd/uid.c:change_to_user(118) change_to_user: Skipping user change - already user [2003/03/10 17:18:11, 3] smbd/trans2.c:call_trans2qfilepathinfo(1615) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1 [2003/03/10 17:18:11, 3] lib/util.c:unix_clean_name(387) unix_clean_name [/rr] [2003/03/10 17:18:11, 3] lib/util.c:unix_clean_name(387) unix_clean_name [rr] [2003/03/10 17:18:11, 3] smbd/trans2.c:call_trans2qfilepathinfo(1636) call_trans2qfilepathinfo: vfs_stat of rr failed (No such file or directory) [2003/03/10 17:18:11, 3] smbd/error.c:error_packet(91) error string = No such file or directory [2003/03/10 17:18:11, 3] smbd/error.c:error_packet(115) error packet at smbd/trans2.c(1638) cmd=50 (SMBtrans2) eclass=1 ecode=2 Does anyone have any ideas why this is happening? Regards, Brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Cannot sync browser lists
Well, thanks for all your help. interface ctc0 ? Channel to channel, a point-to-point connection without broadcast, one of the interface types that are available with the s/390 architecture. That could be why the tcpdump looked screwy. The server is dual-homed, I'll go ahead and add the eth interface to samba, route to the pdc through that, and see if I have better luck. It'll at least help in diagnosing with tcpdump, probably. what doessmbclient -L winshostname -U validuseronserver I saw the shares on that WINS/PDC and below that, the computers that show up in network neighborhood (and mine wasn't in there :(). Things just got more interesting... I changed the route table so traffic to the pdc goes through the eth0 interface, and added eth0 to my interfaces line in smb.conf. Right after firing up nmbd I got: [2003/03/10 07:10:46, 0] nmbd/nmbd_responserecordsdb.c:find_response_record(235) find_response_record: response packet id 693 received with no matching record. [2003/03/10 07:10:46, 0] nmbd/nmbd_responserecordsdb.c:find_response_record(235) find_response_record: response packet id 694 received with no matching record. but since first start, it hasn't shown up in log.nmdb, and now the wins server sees me, the samba server shows up in network neighborhood. I've read that the find_response_record sometimes occurs with subnets with some versions of win95 on them? I don't know what's on that subnet. Ahh wait a minute...if some things work and not others...I believe wins calls are udp protocol based NOT tcp...even though the port nos are the same. which brings us back to the firewall again Well, using either interface, nmap -sU -p 137 [wins/pdc] says: Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 And using -P0 works over both interfaces, shows 137 udp open. Same deal with tcp 139. Have to -P0 and then it shows it open. Unfortunately users are on now... tomorrow morning I'll try switching back to ctc0 and see if things stop working. Things stopped working the first time over a weekend, and the windows guys said that the pdc/wins server had crashed and burned and needed to be rebooted, and since then I wouldn't show up anymore. Wishful thinking, I know, but maybe connecting over the other interface will get me back in over the interface which used to work and which I should be connecting over, ctc. I guess I'll find out tomorrow. I took a tcpdump over eth0, a lot more chatty (probably because things are working, and it may just be a chattier interface). Any things I should be looking for in it? regards Richard Coates. Thanks for your patience, ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help needed : Error : The specified user does not exist.
Hi Adil Have you had any solutions regarding this issue yet? I have a simular problem: We setup Samba 2.2.7 with SWAT client. We converted the users from Novell to Linux as a file server. What we are having a problem with is that we have to create a samba share for each user and a login script for each indavidual user. So after 15 shares and over 100 users, it becomes confusing. Thus, can you create a share(1) within a share(2) and give list access to the first share(1) and write access to the second share(2)?? Regards Andre -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind error
Have you tried smbpasswd -j DOMAIN -r pdc -U Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to start SWAT in RH8.0 / Samba 3.0
Hi all, I'm migrating my NT4 domains to Samba and I started from scratch installing RedHat8 and the Samba rpm that comes with it, then update to Samba 3.0 which I've recompiled myself. I'm never been able to connect to SWAT, I always get the Bad Password message, I've tried out with and without MD5 and Shadow, and have recompiled with options --with-pam, then --with-pam --with-pam_smbpass, tried adding root password with smbpasswd. Nothing has worked, nor linux root password nor smb password. I'm out of ideas now, please can somebody help me? Many thanks in advance for your support Best regards. Tomás Armán T.S. Fundiciones S.A. Hego Kalea 1 20750 Zumaia Tf.: 943860850 Fax: 943862055 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win2k Performance Problems
To get faster speed you should upgrade your NIC to 100 Mb on the server. Thanks MSingh Quoting Tom Smith [EMAIL PROTECTED]: Server is 10 MB, client is 100 MB. Switch is 10/100 MB. Malkit Singh wrote: What is the speed of your NICs. On Sun, 2003-03-09 at 07:51, Tom Smith wrote: Redhat 8.0 Samba 2.2.7 (See attached smb.conf for Samba config.) I'm having a speed problem copying files to or from the Samba server using a Windows 2000 Pro computer. For example, it takes around 2 minutes to copy a 30 MB file. During this copy, I've only got 2 computer on the network (the Samba server and the Win2k client). I've checked all DNS issues and there are none--both the server and workstation can ping the Samba server by name. The Samba server is advertising all shares and all configured resources are accessible. Are there any settings that can be tuned to speed up file copies for Win2k clients? # Samba config file created using SWAT # from localhost.localdomain (127.0.0.1) # Date: 2003/03/09 00:34:09 # Global parameters [global] workgroup = EXPLORER netbios name = DEATHSTAR server string = Samba Server encrypt passwords = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No printing = lprng [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba - Everyone should have http://www.freedom2surf.net/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OSX as file server in AD domain
Hi all I just installed an OSX server that I joined to an existing Active Directory Domain. It works for the Mac side of OSX, but windows clients can't connect. From wath I understand, it is now time to setup samba to authenticate users of the AD domain. How can I tell samba to use AD for authentification? If you can point me to an How-to on this, it would be greatly appreciated. (PS re-compiling samba to add LDAP support is not much of an option, if there is another way...) Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advanced printers shares
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 8 Mar 2003, Sean Woodlock wrote: When ours users log into a samba server they are confronted with a 100 printers that just make it confusing for them. The plan is to only make local printers viewable to that specific site, But and this is a big but still allow them to make explicit mapping statements to remote printers if they really need to print to another office. I no it would be quite easy to restrict users of one site to a specific local server, which is fine, but I just need to make the other printers not viewable but still operational. Check out the preload parameter in smb.conf(5). That will probably get you what you want. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+bJ6XIR7qMdg1EfYRAiYzAKDZlVb2y2z12E8hnWAAFLbFth/bfwCgvOJN b8N9GLc2vNXG9DFUIwKxe5Q= =SYD3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OSX as file server in AD domain
At 9:14 AM -0500 3/10/03, Christian Raymond wrote: I just installed an OSX server that I joined to an existing Active Directory Domain. It works for the Mac side of OSX, but windows clients can't connect. From wath I understand, it is now time to setup samba to authenticate users of the AD domain. How can I tell samba to use AD for authentification? If you can point me to an How-to on this, it would be greatly appreciated. Check out the security = domain attribute in /etc/smb.conf Also note this: At 6:18 PM +1100 3/5/03, Andrew Bartlett wrote: On Wed, 2003-03-05 at 09:40, Siebert, Aaron wrote: Ver smb 2.2.7a Managers, I am having trouble configuring samba as a domain member authenticating to a win2k domain controller. All other aspects seem to be functioning but samba is generating a log event when attempting to connect to the password server as follows. Machine NDEVDC1 rejected the tconX on the IPC$ share. Error as follows: NT_STATUS_ACCESS_DENIED Any help is appreciated. Your DC may have 'RestrictAnonymous = 2' set (an NT/Win2k registry setting, also accessible as a group policy). This would cause all non-win2k domain members significant problems, as you then cannot access the NETLOGON pipe required for domain authenticaion (among other things). Andrew Bartlett Which bit me and with which Google was no help. -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh [EMAIL PROTECTED] 303.517.0272 Denver, CO The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently. - -- Nietzsche Think Different. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
AW: [Samba] rpcclient setdriver fails: WERR_INVALID_PRINTER_NAME
Hi Kurt, You are absolutely right (as always). After restarting smb, rpcclient setdriver works fine. May be - in the next future release - cupsaddsmb will work. Thank you very much. Bernhard -Ursprüngliche Nachricht- Von: Kurt Pfeifle [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 8. März 2003 12:06 An: [EMAIL PROTECTED] Betreff: [Samba] rpcclient setdriver fails: WERR_INVALID_PRINTER_NAME Werheid Bernhard wrote on Samba-Digest: Date: Fri, 7 Mar 2003 15:25:13 +0200 From: Werheid Bernhard [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [Samba] rpcclient setdriver fails: WERR_INVALID_PRINTER_NAME Message: 2 Hi all, I have a similar problem as Patrik yesterday. So I can copy some lines, = but not all. We have an SuSE 8.1 machine who acts as an printserver. I'm sharing printers via Samba and using CUPS. Samba is 2.2.7a and CUPS 1.1.8. The Microsoft clients (Win9x, Win NT, Win 2k) is downloading the driver from the server. I had no problem to install and upload up to 2 printers but now I am not able to set the driver. I can install more printers, but when cupsaddsmb is running rpcclient -N -U 'root%secret' -c 'setdriver zae zae' I get the result was NT_STATUS_UNSUCCESSFUL messages. What is the result of the rpcclient -U root localhost -c enumprinters command? Is your printer zae appearing in the list of known printers? I suspect the NT_STATUS_UNSUCCESSFUL comes from the fact that Samba does not yet see your zae printer, as it might be freshly installed. In my opinion it is a Samba-2.2.x bug, that you don't see newly installed CUPS printers within Samba (or its Win clients' network neighbourhood), even if they are appearing in /etc/printcap immediately (or to the native CUPS clients), unless you SIGHUP or restart smbd. If my assumption is correct, your rpcclient -N -U 'root%secret' -c 'setdriver zae zae' command at the end of cupsaddsmb should work after re-starting smbd. Please report back. Cheers, Kurt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: The account is not authorized to log in from this station
No, i can't. I have also tried pcguest, guest, admin, and windows 2000 accounts. Question for you: If i want to connect to a windows 2000 shared folder from my Linux box, what command do I type to attach or mount it? Is it simply mount -o smbfs username=win2k_username,password=password //windows_server_name/shared_folder /shared_folder -Original Message- From: Rhodes, Tarvin [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 10:14 AM To: [EMAIL PROTECTED] Subject: The account is not authorized to log in from this station Can you connect with a non-root account? I'm a sorta-newbie but seem to recall that root is blocked in the default configuration. re: WINDOWS 2000 When i try to connect to my SAMBA server from windows 2000 professional i get the following message: This is the windows DOS screen: D:\net use * \\samba\shared /user:root rootpassword System error 1240 has occurred. The account is not authorized to log in from this station. Thanks, Tarvin Rhodes Network Admin Sysco/Charlotte 704.723.6062 IMPORTANT: The author intends that this electronic message is for exclusive use by the individual(s) or entity(s) to which it is addressed. This message may contain information that is confidential or privileged and exempt from disclosure under applicable law. If the reader of this message is not an intended recipient, be aware that any disclosure, dissemination, distribution or copying of this communication, or the use of its contents, is prohibited. If you have received this message in error, please immediately notify the author of your inadvertent receipt and delete this message from all data storage systems. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Backups of local shares
Let me put this another way - how confident can one be if you are backing up open or lock file (listed in the smbstatus -L). How does samba handle the relationship between the open file and the actual stored file? Have I missed the documentation on this - I can't seem to find anything. Andy --- Vernon A. Fort (Andy) Provident Solutions, LLC (615) 427-4016 http://www.provident-solutions.com -Original Message- From: Morgan Toal [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 1:03 PM To: Vernon A. Fort Cc: [EMAIL PROTECTED] Subject:Re: [Samba] Backups of local shares Vernon A. Fort wrote: I use rsync to backup my linux samba shares to a remote tape backup server. Users periodically have open/locked files within their shares. Other than telling the users to logout ( this doesn't always work - go figure), how can I ensure the files listed in the smbstatus -L are successfully backed up? Are there any other samba related tools to assist with automated backups? BRU and BRU-Pro are supposed to be able to do this. www.tolisgroup.com I do not sell the product, just a happy customer. mtoal -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Access denied from nt
Guys, I'm a newbie with samba. I always received the following error when trying accessing a share drive from an NT machine to a Unix machine *** C:\WINNT\system32net view \\tivlab22 System error 5 has occurred. Access is denied. ** The following is what is inside the smb.conf file. # more smb # pwd /opt/samba/bin # cd ../lib # more smb.conf # Samba config file created using SWAT # from 142.182.31.159 (142.182.31.159) # Date: 2003/03/05 09:29:30 # Global parameters [global] workgroup = TIVOLI_NFS netbios name = tivlab22 log level = 2 log file = /opt/samba/var/samba.log [pub] path = /home/public read only = No guest ok = Yes Any idea what can cause this access denied situation? Thanks in advance. Regards Serge Turpin CGI // GIT Services Tivoli Delivery Solutions Centre 4 Place Ville Marie, 3rd floor Montreal, Quebec, Canada H3B-2E7 Office: (514) 878-8700 ext:4732 Fax : (514) 393-0123 Cellular : (514) 233-1073 Pager : (514) 741-0625 U.S. Sept 11th, 2001 ** The Wall Of Hope ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Setdriver fails V3.0-alpha21
Hi everyone, I have a problem for some time and could solve it. So I beg for help. I can't set the printer drivers though enumprint and enumdriver are okay: #rpcclient localhost -N -U'root%jojo' -c 'enumdrivers' [Windows 4.0] Printer Driver Info 1: Driver Name: [OKI10EX] [Windows NT x86] Printer Driver Info 1: Driver Name: [OKI10EX] # rpcclient localhost -N -U'root%jojo' -c 'enumprinters' flags:[0x80] name:[\\sesam\OKI10EX] description:[\\sesam\OKI10EX,,10 S/min,Laser] comment:[10 S/min,Laser] # rpcclient localhost -N -U'root%jojo' -c 'setdriver OKI10EX OKI10EX' SetPrinter call failed! result was NT_STATUS_UNSUCCESSFUL I've got a debian-linux system samba version:3.0.alpha21 Any help is appreciated Peter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.3a on Linux
Hi following situation: SuSE Linux running samba 2.2.3a Notebook running WIN98 PC running WIN98 PC has full access to the notebook and to the Linux/Samba Server Notebook has full access to the PC but NOT to the Linux/Samba Server I'm using DHCP and the adresses (ping) are okay. The WIN98 clients and the Linux/Samba server have different names and the same workgroup. Searching for the hostname (linux) on the PC is working but NOT on the Notebook. Any idea? What is going wrong? kind regards from germany, Volker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] node status request failed
I am not sure this will go through to anywhere, but I'm keeping my fingers crossed. Basically I am trying to figure out why I am getting the following error: Mar 9 18:06:28 Trickyd nmbd[1774]: [2003/03/09 18:06:28, 0] nmbd/nmbd_browsesyn c.c:get_domain_master_name_node_status_fail(509) Mar 9 18:06:28 Trickyd nmbd[1774]: get_domain_master_name_node_status_fail: Mar 9 18:06:28 Trickyd nmbd[1774]: Doing a node status request to the domain master browser at IP 192.168.240.8 failed. Mar 9 18:06:28 Trickyd nmbd[1774]: Cannot get workgroup name 192.168.240.8 is a Win98SE laptop connected via 802.11b. It is NOT a master browser, but I do have both the internal wired and wireless lans using the same workgroup name. Trickyd is my server with 3 NICs (eth0, eth1, wlan0), with eth0 connecting to the internet, eth1 connecting my internal wired lan, and wlan0 connecting my internal wireless lan. System is running Mandrake 9.0 (2.4.19), Samba 2.2.6, bind 9.2. My /etc/smb.conf file is: # Samba config file created using SWAT # from localhost.Engineers (127.0.0.1) # Date: 2003/02/02 20:18:31 # Global parameters [global] workgroup = Engineers server string = Samba Server %v interfaces = 192.168.1.0/24 192.168.240.0/24 security = SHARE encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat os level = 65 preferred master = Yes domain master = Yes local master = Yes dns proxy = No wins support = Yes remote announce = 192.168.1.255 192.168.240.255 printing = cups [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s lpq command = lpstat -o %p lprm command = cancel %p-%j browseable = No Paul Nixon . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Struggling to get SAMBA and Windows working together
Here are some of the things you might want to add to your samba.conf when you have your Samba server join the domain. Security=domain set the security parameter to domain. workgroup= domain name password server = Must list PDC and any BDC encrypt passwords=yes when join domain, must be set to yes Hope this helps. -Paul Hong - Original Message - From: News [EMAIL PROTECTED] To: David Jackson [EMAIL PROTECTED]; Jim Wharton [EMAIL PROTECTED]; [EMAIL PROTECTED]; SAMBA Lists [EMAIL PROTECTED] Cc: SAMBA [EMAIL PROTECTED] Sent: Sunday, March 09, 2003 10:42 PM Subject: Re: [Samba] Struggling to get SAMBA and Windows working together Actually joining the domain You can do this all in one step with the following command: smbpasswd -j DOMAIN -r DOMAIN_CONTROLLER -U DOMAIN_ADMIN Where DOMAIN is the name of your domain (should be the same as the workgroup parameter in your 'smb.conf' file), DOMAIN_CONTROLLER is the name of the Primary Domain Controller of your domain, and DOMAIN_ADMIN is an account on the PDC with Domain Admin privileges. You will be prompted for this users password, so you should ask your windows admin to help you here if necessary. - Original Message - From: David Jackson [EMAIL PROTECTED] To: Jim Wharton [EMAIL PROTECTED]; [EMAIL PROTECTED]; SAMBA Lists [EMAIL PROTECTED] Cc: SAMBA [EMAIL PROTECTED] Sent: Sunday, March 09, 2003 11:40 PM Subject: RE: [Samba] Struggling to get SAMBA and Windows working together there is a windows 2000 domain, but the SAMBA server has not joined. Is there a way to join a Red Hat Linux 8.0 server to the domain? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jim Wharton Sent: Sunday, March 09, 2003 9:22 PM To: [EMAIL PROTECTED]; SAMBA Lists Cc: SAMBA Subject: Re: [Samba] Struggling to get SAMBA and Windows working together Have You joined this machine to the domain? Jim - Original Message - From: David Jackson [EMAIL PROTECTED] To: SAMBA Lists [EMAIL PROTECTED] Cc: SAMBA [EMAIL PROTECTED] Sent: Sunday, March 09, 2003 5:53 PM Subject: [Samba] Struggling to get SAMBA and Windows working together If anyone can help with this, please help. WINDOWS 2000 When i try to connect to my SAMBA server from windows 2000 professional i get the following message: This is the windows DOS screen: D:\net use * \\samba\shared /user:root rootpassword System error 1240 has occurred. The account is not authorized to log in from this station. SAMBA My smb.conf looks like this: [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = seven hosts allow = 192.168.1. 127. [shared] comment = the shared folder path = /shared writable = yes create mode = 0770 directory mode = 2770 browseable = yes And I had mounted the shared folder by typing: mount -t smbfs -o username=root,password=rootpassword //samba/shared /shared THANK YOU EVERYONE! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Win2k, Domain logon, permissions
Hi Kurt, -Original Message- From: Kurt Weiss [mailto:[EMAIL PROTECTED] Sent: March 10, 2003 2:53 AM To: Brock Nanson Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Win2k, Domain logon, permissions brock, i did talk with my partner: he had a view issues, in which file access did strange things with file access. - *but on a local installation too*. This can be the case, for sure! However, I have that all cleaned up. The project works fine except for this single command - which does work properly if the project folders are copied to and run from the local drive. Samba has always been transparent for us... No Word/Excel issues, AutoCAD is fine too - except for this command! can u test a clean local installation on a w2k too? This is a clean install of Land3 (we only just received the install CD's and haven't made the full transition from Land2i yet). I'm going to create a testing samba share to deal with this... Too much data to be playing with on the real server! autocad opens files across different threats. - maybe one of the arx is to slow with closing or opens the file in a mode, that w2k interpretes as 'exclusive'?. (maybe there's a switch in your options. This is along the lines of my thinking. It's like AutoCAD is just misconfigured on this one routine. The options for Land are minimal in this area. I can't find a setting for placement of this temporary file - neither can my supplier. The other temp settings don't seem to apply to this routine. as far as i see now, u *must* use oplocks. - many threats opens one file at the same time. I agree. I removed the setting you suggested earlier once I knew it didn't work. please try: http://usa.autodesk.com/ support knowledgebase - i've found a view issues, but the best is, to search with the command name and the exact error message. (i did not find this in your posting) Been there, done that, got the t-shirt ;-) try to set temp files to local hdd. if u find something and let me know. but at this time i don't think, that it's a network issue. I will keep you apprised. I think there is a hint in the fact that I can kill the samba daemons, immediately restart and the command works properly. But I do get an error when I try to save the drawing! Thanks! Brock -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble transferring a large file (700MBs)
Hi all, Have been using samba with all my Windows XP professional clients for sometime now. All have been worked well until a problem has recently discovered. I was not able to send a large file over the network to my linux server (running samba). The file is an around 700MBs XviD file (size is fairly below 2GB). My samba log returns errors below: smbd[7389]: [2003/03/11 03:03:36, 0] smbd/oplock.c:oplock_break(790) smbd[7389]: oplock_break: end of file from client smbd[7389]: oplock_break failed for file file.avi (dev = 1601, inode = 28097, file_id = 486). smbd[7389]: [2003/03/11 03:03:36, 0] smbd/oplock.c:oplock_break(878) There is no problem transferring small sized files to the samba mount drives. A strange thing is that transferring that file works when destination is home directory (e.g. /home/user, if logged in samba with username, user). Other mount points, it will not work (no matter filesystem type, fat32 partition, linux partition...etc). Haven't had any other files at that size to test but is it possible it's something to do with the file format? Any help would be very much appreciated. Thanks a lot! Johnny -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does the SWAT tool come with the Red Hat 8.0distribution?
On Sun, 9 Mar 2003 [EMAIL PROTECTED] wrote: Hi, The Samba swat tool is included but you must manually install it as its not part of any def install. My advise, forget the tool as it butchers your .conf. You'll learn more typing in everything by hand and reading why. Unix is about typing stuff in a shell. You wan't pictures, get Winblowz. Are you willing to submit patches to SWAT to 'fix' it's brokenness? Please consider doing this. Criticism is fine, wild assertions are not! SWAT does NOT 'butcher' your smb.conf, but it does strip out all comments, it does optimise smb.conf for maximum efficiency. I can not subscribe to wild assertions that SWAT is a destructive tool! Some automation is cool, some ain't. Side note, the DHCP/DNS/ DDNS update agent is another kinda crappy automated subsystem. So what are you doign as an open source consumer to help get this sorted out? You obviously have something to contribute and I would encourage you to do so. Even if it is just to help voice in clearest possible terms how these things ought to work. Again, constructive criticism is MOST welcome. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming Profiles with Samba PDC
I have been working on this problem for quite some time now and have not been able to
find the solution.
I have Samba running on Debian Linux 3.0 (Woody) as a primary domain controller. From
my Windows 2000 desktop I am able to browse that Linux server with Windows Explorer.
My biggest problem is trying to log in to that domain. Under Windows 2000 I am able
to join the domain (sjmlinux) but after I restart the Windows desktop and attempt to
log in to that domain, Windows gives me a message like, cannot create profile
directory \\servername\profiledirectory.pds. It then the proceeds to assign me a
generic profile that cannot be updated.
The profile directory has fairly liberal write access so the Windows machine should
have sufficient rights to create or delete any files or directories it deems
necessary. One, of many, things I do not understand is where the .pds suffix that the
message indicates is coming from. It certainly is not what I have defined for the
profile directory in smb.conf is and it is not something that I have seen before.
I have seen some documents that referred to creating a policy file (*.pol) with the
Windows server policy editor tool. However, I understand profiles to be much more
than a single file and that actually a directory structure that contain everything
desktop colors to your recent files list. Under Windows 2000 this is essentially what
you see in your subdirectory of the Documents and Settings folder.
I am sure that somebody must have seen this issue before as I have seen reference to
it in the archives; I had just never seen what the solution is. Below is a snippet of
my smb.conf file that I believe would contain the pertinent information.
[global]
# Change this for the workgroup/NT-domain name your Samba server will part of
workgroup = sjmlinux
netbios name = sjmpdc
# server string is the equivalent of the NT Description field
server string = %h server (Samba %v)
guest account = nobody
invalid users = root
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 1000
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# security = user is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# security_level.txt for details.
security = user
# You may wish to use password encryption. Please read ENCRYPTION.txt,
# Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
# option unless you have read those documents
encrypt passwords = true
# Support Domain logins
domain logons = true
# Admin group (temp solution)
domain admin group = @staff
# User profile path
logon path = \\%N\home\%u\ntprofile
# Where is the user's home directory and what is the drive
logon drive = H:
logon home = \\%N\home\%u\pchome
# Specify a generic logon script for all users
# this is a relative **DOS** path to the [netlogon] share
logon script = logon.bat
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 64
domain master = yes
preferred master = yes
wins support = yes
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# Name mangling options
preserve case = yes
unix password sync = true
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
winbind uid = 1-2
winbind gid = 1-2
template shell = /bin/bash
#=== Share Definitions ===
[homes]
comment = Home Directories
browseable = yes
# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
writable = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0775
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0775
valid users = %u
guest ok = no
path = /home/%u/pchome
# Un-comment the following and create the netlogon directory for Domain Logons
#
[Samba] Fw: Win95 Win98 - NOT WORKING - NT,2000, XP are ok(reposted)
Hi Peter, i had a long, frunstrating web surfing yesterday night, searching for something that could apply to your case. I didn't find much at all, sorry. The only thing perhaps interesting to you could be this: http://us2.samba.org/samba/ftp/docs/htmldocs/printer_driver2.html This doc contains a section about migrating from 2.0.x to 2.2.x I think the problem lyes in the new way samba manages printing, that is by listening the MS-RPCs (Remote Procedure Call) coming from the winNT and win2000 clients. This is done thanks to spoolss, as i figured out reading here and there across the net. Well they say spoolss supports even win9x driver calls, even if those OSes do not actually make an RPC. They also say that backward compat. is reached through use client driver and spoolss disable. With these options enabled, the samba server should act just like it was a 2.0.x I think you'd need help from the samba guys themselves, so i advice reposting this problem with a more shocking subject line (suggest to use the keyword BUG :)) so you'll be able to capture their attention. Really sorry not to have been useful to you... cheers Maq - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, March 10, 2003 12:02 AM Subject: Win95 Win98 - NOT WORKING - NT,2000, XP are ok (reposted) Date: 07 Mar 2003 00:50:28 +0100 From: maq [EMAIL PROTECTED] To: SambaList [EMAIL PROTECTED] Subject: [Re: [Samba] printing - Win95 Win98 not working - NT,2000, XP are ok.] 1) Do you have a backup copy of your old smb.conf? 2) Try adding public=yes to the printer share definition Thanks for the suggestions but... 1 - yep I am basically using the same old conf file on which printing was working for Win95, 98 with a few necessary modifications. 2 -The printer share has guest ok which is the same as public=yes any other ideas? Opinions contained in this e-mail do not necessarily reflect the opinions of the Queensland Department of Main Roads, Queensland Transport or National Transport Secretariat, or endorsed organisations utilising the same infrastructure. If you have received this electronic mail message in error, please immediately notify the sender and delete the message from your computer. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does the SWAT tool come with the Red Hat 8.0distribution?
SWAT does NOT 'butcher' your smb.conf, but it does strip out all comments, I feel notes are crucial in any config file. Comments in a config file or program are key in both reminding you of what, when and why you did something and letting other readers of your files know the same. it does optimise smb.conf for maximum efficiency. I don't see how eliminating comments would give you any kind of noticable auth or file xfer time. wild assertions that SWAT is a destructive tool! Eliminating comments is destructive. So what are you doign as an open source consumer to help get this sorted out? Post my observations and mods as you've read here in the past. Again, constructive criticism Thats a relative argument. Bri- __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles with Samba PDC
On Mon, 10 Mar 2003, Scott Millhisler wrote:
I have been working on this problem for quite some time now and have not
been able to find the solution.
Please see comments below.
- John T.
I have Samba running on Debian Linux 3.0 (Woody) as a primary domain
controller. From my Windows 2000 desktop I am able to browse that Linux
server with Windows Explorer.
My biggest problem is trying to log in to that domain. Under Windows
2000 I am able to join the domain (sjmlinux) but after I restart the
Windows desktop and attempt to log in to that domain, Windows gives me a
message like, cannot create profile directory
\\servername\profiledirectory.pds. It then the proceeds to assign me a
generic profile that cannot be updated.
The profile directory has fairly liberal write access so the Windows
machine should have sufficient rights to create or delete any files or
directories it deems necessary. One, of many, things I do not
understand is where the .pds suffix that the message indicates is coming
from. It certainly is not what I have defined for the profile directory
in smb.conf is and it is not something that I have seen before.
I have seen some documents that referred to creating a policy file
(*.pol) with the Windows server policy editor tool. However, I
understand profiles to be much more than a single file and that actually
a directory structure that contain everything desktop colors to your
recent files list. Under Windows 2000 this is essentially what you see
in your subdirectory of the Documents and Settings folder.
I am sure that somebody must have seen this issue before as I have seen
reference to it in the archives; I had just never seen what the solution
is. Below is a snippet of my smb.conf file that I believe would contain
the pertinent information.
[global]
# Change this for the workgroup/NT-domain name your Samba server will part of
workgroup = sjmlinux
netbios name = sjmpdc
# server string is the equivalent of the NT Description field
server string = %h server (Samba %v)
guest account = nobody
invalid users = root
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 1000
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# security = user is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# security_level.txt for details.
security = user
# You may wish to use password encryption. Please read ENCRYPTION.txt,
# Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
# option unless you have read those documents
encrypt passwords = true
# Support Domain logins
domain logons = true
# Admin group (temp solution)
domain admin group = @staff
# User profile path
logon path = \\%N\home\%u\ntprofile
Suggest you try:
logon path = \\%L\home\%U\ntprofile
Make absolutely sure that the directory 'ntprofile' exists (and is
writable) - BEFORE - the uyser logs on.
A MUCH better suggestion is to put profiles in a 'profiles' share, that is
the way it is done in MS Windows land. It allows you to set more suitable
smb.conf parameters for profile handling for the shared resource for which
it may be needed.
In this case you would have a share like:
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
and the following to match it:
logon path = \\%L\Profiles\%U
# Where is the user's home directory and what is the drive
logon drive = H:
logon home = \\%N\home\%u\pchome
Suggest you se this to:
logon home = \\%L\home\%U\pchome
Again making sure that the directory 'pchome' exits and is writable.
# Specify a generic logon script for all users
# this is a relative **DOS** path to the [netlogon] share
logon script = logon.bat
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 64
domain master = yes
preferred master = yes
wins support = yes
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# Name mangling options
preserve case = yes
[Samba] WAS: XP home - Samba NOW: Must be other networking issues...
Thank you to all who helped me with this problem. I am now convinced the problem is not just something wrong in the smb.conf file, but must be more of a port deny issue or something. Couple of questions: Do all XP computers (including XP home?) need the 'plain-password-hack' to talk to a Samba server? Remember XP Home is different than XP Pro, XP Home can not join a domain, more like Win95/98. I installed RedHat 8.0 with a custom setup and medium security, anyone know if that would cause this problem of not talking Netbios on the network? Where would I look for blocked ports, I would think /etc/services, but those entries look normal, don't have anything obvious they are blocked. Interesting I added the Samba server's IP/name to my hosts and lmhosts file on my XP Home computer, now I can see it, ping it by name (couldn't before), but I have lost all the other computers in my workgroup, I can still ping them by name, but they don't immediately showup in the workgroup...odd. For our purposes static IP's would be fine, just something to get it to work. I also added a account on the Samba server called Mark, (already had one called mark), I'm guessing Windows would export my username as Mark with a capital M, that's probably what it's setup as. Maybe that helped slightly also. Any help would be appreciated. Thanks, Mark Brodis [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Bug report
Hallo everyone,
I successfully installed and compiled samba version 2.2.7a on a sistem
running AIX v. 4.3.3. ML 10.
I had a problem in order to permit the management of configuration file
(smb.conf) by means of swat, to a group (or a groups on AIX) of users.
The problem was: if I put 'write permission on group of file smb.conf,
swat permit to edit to many users than the specified group. Why ?
Reading the code I saw that swat does not set the supplementary groups
before switch to the autenticated user, so all users of all groups of root
user can modify the file.
In order to permit modification to users of specified group (or groups if
AIX extended ACL is enabled), I changed the code of cgi.c in the following
way (diff -u format):
cgi.c
--- cgi.c.org Tue Dec 10 15:58:17 2002
+++ cgi.c Mon Mar 10 16:32:34 2003
@@ -388,8 +388,18 @@
* We have not authenticated as root,
* become the user *permanently*.
*/
- become_user_permanently(pass-pw_uid, pass-pw_gid);
- }
+
+ /*
+ I inserted initgroups call in order to set
+ the supplementary groups of authenticated user
+ FC (5/2/3)
+ */
+ if (initgroups(pass-pw_name,pass-pw_gid) != 0)
+ {
+ goto err;
+ }
+ }
+ become_user_permanently(pass-pw_uid, pass-pw_gid);
/* Save the users name */
C_user = strdup(user);
I do not know if the described problem is a general problem.
Please note that what I described above is NOT a criticism but is a small
(very small) attempt to contribute to swat code.
Best regards,
Fabio Cecchi
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does the SWAT tool come with the Red Hat 8.0distribution?
To get back to SWAT, how do i get SWAT running on my Red Hat 8 Server? Is the rpm located on one of the CDs or how else do i install it? Thank you Open Source Community David -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 12:26 PM To: [EMAIL PROTECTED] Cc: David Jackson; SAMBA Lists Subject: Re: [Samba] Does the SWAT tool come with the Red Hat 8.0 distribution? On Sun, 9 Mar 2003 [EMAIL PROTECTED] wrote: Hi, The Samba swat tool is included but you must manually install it as its not part of any def install. My advise, forget the tool as it butchers your .conf. You'll learn more typing in everything by hand and reading why. Unix is about typing stuff in a shell. You wan't pictures, get Winblowz. Are you willing to submit patches to SWAT to 'fix' it's brokenness? Please consider doing this. Criticism is fine, wild assertions are not! SWAT does NOT 'butcher' your smb.conf, but it does strip out all comments, it does optimise smb.conf for maximum efficiency. I can not subscribe to wild assertions that SWAT is a destructive tool! Some automation is cool, some ain't. Side note, the DHCP/DNS/ DDNS update agent is another kinda crappy automated subsystem. So what are you doign as an open source consumer to help get this sorted out? You obviously have something to contribute and I would encourage you to do so. Even if it is just to help voice in clearest possible terms how these things ought to work. Again, constructive criticism is MOST welcome. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Transfer domain user name and passwords to Linux
Hi, I have to Samba server setup and joined the NT domain. How do I transfer users and passwords to Samba? Thanks, -Paul Hong -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Userconf
When I upgraded to 7.3 I noticed userconf was gone. I was wondering if there is another textmode user manager, or if one could find it on the 6.X cd and install it from there? I really prefer this to Webmin or any GUI manager. Kev -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: WAS: XP home - Samba NOW: Must be other networkingissues...
Do all XP computers (including XP home?) need the 'plain-password-hack' to talk to a Samba server? Remember XP Home is different than XP Pro, XP Home can not join a domain, more like Win95/98. As far as I know, no XP machines, or 2k or 98 need it for that matter. I haven't used that reg key in quite some time. Definately not with any recent versions of samba, like 2.2.7, the one in RH8. It's a server side requirement, that being that the server you're running defines whether or not you need it. Make sure to turn encrypted passwords on in smb.conf. anyone know if that would cause this problem of not talking Netbios on the network? Most likely, not 100% sure but I'm confidant that this isn't in the 'safe protocol list' Where would I look for blocked ports, I would think /etc/services, but those entries look normal, don't have anything /etc/sysconfig/iptables. This file is cryptic and I believe backwards in the sense you're looking for. That is, everything is blocked unless explicitly allowed. Look for a config applet, I'm sure there is but I write my own firewall rules file so I'm not sure. You can either allow 137/139 or if you're running a router box, just set allow all on the internal interface. -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-799-0952 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] some samba security questions
Hello, I'm running samba on a redhat linux 7.3 server in order to share files to a mixed linux/windows local network without a domain controler, all clients are configured to do local authentication and this usernames/passwords are the same as on the linux server. I'd like to restrict access to some directories inside samba shares for specific users, but changing unix file permissions won't do it. For example, I have a share named stuff which is permited to all members of the staff group, but inside this share I wan't to restrict access to a directory called internal, only one specific user has to be able to read/write inside it. As I said I've tried to change unix permissions to 700 but still group members can read/write inside this directory. Once I solve this, I would like to do something like the veto files directive does. I'd like to restrict access to one user to all directories named internal in whichever share they're in. Another issue is client code-pages. All my clients use spanish characters set, but when windows clients create a file with special characters, linux clients get (invalid unicode) warnings on this filenames, any clue? Anyone can help me in this three issues? My smb.conf [GLOBAL] looks like: smb passwd file = /etc/samba/smbpasswd hosts deny = ALL passwd program = /usr/bin/passwd %u browseable = no pam password change = yes force directory mode = 770 printing = lprng create mode = 770 dns proxy = no force create mode = 770 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 character set = ISO8859-15 printcap name = /etc/printcap max log size = 0 hosts allow = 192.168.0.0/255.255.255.0 127.0.0.1 writable = yes obey pam restrictions = yes passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* directory mode = 770 security = user unix password sync = Yes hide unreadable = yes server string = XXX workgroup = XXX client code page = cp850 log file = /var/log/samba/%m.log netbios name = XX load printers = yes os level = 20 My share looks like: [stuff] path = /home/stuff force group = staff valid users = staff comment = Some Stuff wide links = no revalidate = yes force user = fred hide unreadable = yes -- Marc Balcells Dept. Tcnic Be There Always s.l. Trav. De Grcia 54-56 1 Pl. 08006 - Barcelona Tel:(+34) 932 412 909 Fax:(+34) 933 941 831 Email:[EMAIL PROTECTED] Pgina web: www.btasl.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Was: XP Problem Now: FIXED!!!
Well, turns out there was nothing wrong with any of the Samba stuff afterall, all it was is while doing the install of Red Hat 8.0, I selected custom configuration, and medium security. Well, that medium security setting killed me, it was apparently stopping all necessary traffic. A bright friend of mine had me type in: '/etc/rc.d/init.d/iptables stop', and poof, everything works perfect now, already got my printer shared too. So, if anyone out there is battling issues like I was, with XP Home/Pro, and you have tried smb.conf files which you KNOW came from working computers, try typing that command in, it might solve alot of your problems. A clue (not to me, but to my friend) was that when I typed in '/etc/rc.d/init.d/smb restart', smbd would shutdown correctly, but nmbd would not shutdown, always gave a error that the process wasn't running. So apparently it was trying to run but getting killed? Who knows, anyway, it works and I'm happy. Thanks, Mark Brodis __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Does the SWAT tool come with the Red Hat 8.0distribution?
Don't forget to edit the /etc/xinet.d/swat file too, I believe it's disabled, and also set rather tight. You may want to remove the lines for disable = yes (assuming it comes disabled) and also allow from = 127.0.0.1 to open up access to more than the console. -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-799-0952 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does the SWAT tool come with the Red Hat 8.0distribution?
On Mon, Mar 10, 2003 at 02:10:04PM -0500, David Jackson wrote: To get back to SWAT, how do i get SWAT running on my Red Hat 8 Server? Is the rpm located on one of the CDs or how else do i install it? Thank you Open Source Community It's located in the samba-swat RPM. After you install it, you need to edit /etc/xinetd.d/swat and change disable = yes to disable = no, then have xinetd reload it's config with the command service xinetd reload. I suspect there's a simple gui way to do this, but I don't know it. -- JF -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] some samba security questions
By setting force user = fred in your smb.conf file you make all authenticated users become fred for this share. If fred has write permission then everone who authenticates properly (members of staff group) will be able to write. Marc Balcells wrote: Hello, I'm running samba on a redhat linux 7.3 server in order to share files to a mixed linux/windows local network without a domain controler, all clients are configured to do local authentication and this usernames/passwords are the same as on the linux server. I'd like to restrict access to some directories inside samba shares for specific users, but changing unix file permissions won't do it. For example, I have a share named stuff which is permited to all members of the staff group, but inside this share I wan't to restrict access to a directory called internal, only one specific user has to be able to read/write inside it. As I said I've tried to change unix permissions to 700 but still group members can read/write inside this directory. Once I solve this, I would like to do something like the veto files directive does. I'd like to restrict access to one user to all directories named internal in whichever share they're in. Another issue is client code-pages. All my clients use spanish characters set, but when windows clients create a file with special characters, linux clients get (invalid unicode) warnings on this filenames, any clue? Anyone can help me in this three issues? My smb.conf [GLOBAL] looks like: smb passwd file = /etc/samba/smbpasswd hosts deny = ALL passwd program = /usr/bin/passwd %u browseable = no pam password change = yes force directory mode = 770 printing = lprng create mode = 770 dns proxy = no force create mode = 770 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 character set = ISO8859-15 printcap name = /etc/printcap max log size = 0 hosts allow = 192.168.0.0/255.255.255.0 127.0.0.1 writable = yes obey pam restrictions = yes passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* directory mode = 770 security = user unix password sync = Yes hide unreadable = yes server string = XXX workgroup = XXX client code page = cp850 log file = /var/log/samba/%m.log netbios name = XX load printers = yes os level = 20 My share looks like: [stuff] path = /home/stuff force group = staff valid users = @staff comment = Some Stuff wide links = no revalidate = yes force user = fred hide unreadable = yes -- -- == Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 [EMAIL PROTECTED] Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 PGP Key: 0x8408D65D == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba and /etc/passwd
Hi, Does samba understand both the uid and gid feilds in the /etc/passwd file? When I've an XP process who is logged in under gid 100 and uid 511 try to send a process to a Linux box, the Linux box sees the user as uid 100 rather than its uid of 511. File perms do work howver as I've users and groups tweaked to allow complex file/dir access so I am perplexed. I've /etc/passwd consistant on all of my Unix boxes (PDC and members). Bri- __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: XP logon failure but still logs on -- no roamingprofile
sorry I've deleted your original message... ahh maybe we need to start again. Could I suggest you follow the diagnostic procedure in the docs. From memory its diagnosis.txt ..its very logical and explains things as you go. Then we'll have something to go on. Attached is the original message I posted (including the links to the log file captures I made). From the Diagnosis File (everything looks good to me) ~~ Test1: no errors (one warning about some share names being longer than 8 characters) Test2: Both machines can ping the other (time=0.5ms). Test3: Anonymous login successful (no password). All shares are shown. The client can map and access all drives. Test4: Primary IP address of server is returned. The client sits on a second ethernet card and thus different subnet that the primary address, but this doesn't seem to make any difference. The server has no firewall rules and forwards all packets between interfaces. Test5: The client IP address is returned correctly. Test6: This did a broadcast test on the primary ethernet interface and thus received responses from the two servers (the local machine and one other) instead of a response from the client on the second ethernet subnet. I added a -B 10.0.3.63 (6 bit subnet) and then received a response from the client XP machine. Test7: Connection to tmp works with both anonymous (guest) login and for a real userid. Test8: The net view works when logged in to the XP client as me, but not when logged in as Administrator. It also worked when telnetting in to cygwin as root. Test9: Connection to \\BIGSERVER\TMP worked fine though I was not prompted for a password. I was able to create and delete a file from the mapped directory. Test10: The server was found as the master browser. Again, I had to add -B 10.0.3.63 to get it to look on the secondary ethernet. Test11: The XP client can browse the server and see shares. It sees it under My Network Places/Entire Network/Microsoft Windows Network/precidia but I assmue this is correct. Also at the same level as the precidia domain is workgroup which is the workgroup (not domain) managed by the other server. Clicking on that shows no machines under that workgroup even though the other server knows about many. Brian ( [EMAIL PROTECTED] ) --- Tired of spam? See what you can do to fight it at: http://www.cauce.org/-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba backup software
I'm using NovaNET Alliance to back up our mixed LAN of Windows and Linux servers. Hard to beat the site license price if you have a lot of machines. The only disadvantage I've seen is it doesn't (yet) support Linux ACLs. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind -u and -g error in 2.2.7 on RH 8.0
Prior to upgrading our production servers (2.2.6 on RH 7.3) I've been testing 2.2.7 on a Redhat 8 box. Samba seems to install properly using Redhat's errata RPM's but whenever I try to get a group or user listing I get the following: [EMAIL PROTECTED] root]# wbinfo -t Secret is good [EMAIL PROTECTED] root]# wbinfo -u 0xc017 [EMAIL PROTECTED] root]# wbinfo -g 0xc001 [EMAIL PROTECTED] root]# I'm ready to go back to 2.2.6 if that works any better. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with winbind setup but some glitches
Hello there! After much trial and error, scouring the net and books for samba setups/faqs/resources, etc - I seem to have Samba setup with winbind more or less correctly - There seems to be a couple bugs though. The goal is to have a windows workstation-like Linux box to access the NT 4.0 domain. Logging into the Linux box (physically) with domain user accounts, accessing domain printers, shares, and other windows boxes' shares. I can login to my linux box with a Domain user name using Domain+Username, and password.. but i get a id: cannot find name for group ID 1 though it seems to log me in okay, creates a home share under /home/Domain/Username i can lookup any netbios name on my lan alright, and view the shares, but if i startup X, open konqueror (KDE) and type smb://pc101 (or whatever netbios name) i get a prompt for Username and Password (even though i'm already logged in as a domain user). Fine, i enter the username and password, then konq lists the shares on that machine (correctly!) - i attempt to open a share that i know i have access to with this login name (from normal windows machines) - and it asks again for my username and password..i enter it, the prompt goes away and it just hangs there like it's trying to load the list of files on that share... (the sprocket is turning in the browser, but nuthin's goin on)... Ideas? Also I can't access the public folder on the Linux box from windows machines, but I suspect that has to do with the way that the public share in smb.conf is setup... I can post every single step of my samba/winbind/pam config if needed - I was hoping someone might know off the top of their head where these errors are coming from... Thanks in advance for any wisdom you can offer! Jason Sheldon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Red Hat 8 SAMBA docs esp. those for SAMBA since this a SAMBAlist
Hi David, Thanks for asking. I too am an MCSE, but I don't think i have the patience, experience, or understanding to actually teach the stuff although I am fascinated by everything that is Linux. Hey Linux Community, does that feeling for Linux ever fade? Anyway, on with the story... Unforunately, I am slowly accumulating information about RHat 8.0 linux's SAMBA much too slowly. I only know of the www.samba.org site with its docs and the list that I am posting this email to. Also this link http://www-1.ibm.com/linux/links/index.shtml may be helpful to you. If anyone has any good sites or knows of any excellent books on this subject, please post. So far I have been using the Exam Cram Linux+ Guide and I personally think it is almost worthless (my humble opinion anyway). It is way to general and no SAMBA at all! Okay, the glossary glosses over what SAMBA does, but that is it! So far I have learned some commands like mount -o username=username,password=password,workgroup=workgroup //service /mountpoint smbclinet and some text config files like smb.conf that need lots of tweaking to get them right. I have not gotten it working yet, but my error messages do change which means I am at least making significant changes. David -Original Message- From: Dave Huston [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 5:43 PM To: [EMAIL PROTECTED] Subject: Getting Samba running with Redhat 8.0 Hi David, My name is David too and I saw your post on Samba.org. I am an IT Instructor and a MCSE. I teaching Linux and looking to get my Linux plus and Linux LPI certifications. I have installed Redhat 8.0 on 3 servers and one workstation in my classroom. I am trying to set NFS running and set Samba working with the Windows 2000 servers. I got Samba running once, but I am looking for an easier way of doing it. What sources of help are you getting and maybe we can share some info. I live in Raleigh, NC and right near the Redhat headquarters. Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does the SWAT tool come with the Red Hat 8.0distribution?
I am unable to find this RPM. Which disc would it be on? -Original Message- From: Jay Fenlason [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 2:30 PM To: David Jackson; [EMAIL PROTECTED] Subject: Re: [Samba] Does the SWAT tool come with the Red Hat 8.0 distribution? On Mon, Mar 10, 2003 at 02:10:04PM -0500, David Jackson wrote: To get back to SWAT, how do i get SWAT running on my Red Hat 8 Server? Is the rpm located on one of the CDs or how else do i install it? Thank you Open Source Community It's located in the samba-swat RPM. After you install it, you need to edit /etc/xinetd.d/swat and change disable = yes to disable = no, then have xinetd reload it's config with the command service xinetd reload. I suspect there's a simple gui way to do this, but I don't know it. -- JF -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows LocalSystem Account - Linux Samba Server
I have a Linux Samba server I access from a Win2K system. I want to allow a process started from a Windows service to access a share on the Samba server. The Windows service is set to run as LocalSystem instead of a specific userID. What userID do I need to define on the Samba server to allow LocalSystem to access files on a Samba share? -- Jim Garrison ([EMAIL PROTECTED]) PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does the SWAT tool come with the Red Hat 8.0distribution?
I was going to install SWAT, but am now diverting my attention to iupgrading my version of SAMBA due to the fact that SWAT won't install if you are running version 2.2.5 or less of SAMBA (dependencies). I thought Red Hat 8 came with version 2.2.5 SAMBA? My first question is, how would I check the version of SAMBA already installed? Obviously, no matter what version I have, SWAT wantd me to get the newer one before it will let me install SWAT. I got the samba-2.2.7a.tar.gz file from samba.org's mirror server and unzipped it. I am wondering what step is next? I believe that i now need to run the command sh makerpms.sh (documentation says that this is for Red hat 5.5 which worried me a little). HOwever, when i ran it, i got messages galore saying that certain directories did not exist. Before I do this, should I put the files in any place in particular? Right now I am running the command /shared/samba-2.2.7a/packaging/RedHat/makerpms.sh. I read elsewhere in the file Samba-HOWTO-Collection.pdf in the docs FTP folder on the samba.org website mirror that I need to run ./configure and the other commands to get it installed. Could anyone throw me some hints? Thank you!!! On Mon, 2003-03-10 at 19:19, [EMAIL PROTECTED] wrote: I am unable to find this RPM. Which disc would it be on? Hmm, I thought that I posted this earlier this morning, Its on CD3 and the package is called; samba-swat-2.2.5-10.i386.rpm Bri- __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles with Samba PDC
First of all, I would like to thank you for your prompt reply.
Unfortunately you lost me on a couple of issues and I am hoping that you can clarify
them.
We exchanged:
# User profile path
logon path = \\%N\home\%u\ntprofile
Suggest you try:
logon path = \\%L\home\%U\ntprofile
Make absolutely sure that the directory 'ntprofile' exists (and is
writable) - BEFORE - the uyser logs on.
A MUCH better suggestion is to put profiles in a 'profiles' share, that is
the way it is done in MS Windows land. It allows you to set more suitable
smb.conf parameters for profile handling for the shared resource for which
it may be needed.
In this case you would have a share like:
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
and the following to match it:
logon path = \\%L\Profiles\%U
In this exchange you indicate that it would be better to have a 'profiles' share,
contrasting it to my global definition of logon path. I am not sure if you saw it or
not, but in my original message it was a profiles share defined at the end. It did
differ from yours in that the path pointed to the science have used in the global area.
I created a profiles directory under the samba directory as indicated above. Do I
need to create subdirectories in that profiles directory for all of the users before
they logon or will Windows create the subdirectories as needed during a user's first
logon?
Also, you wrote to set my logon path to \\%L\Profiles\%U to match 'it'. What 'it' are
you referring to? Should this logon path the set in the profiles share definitions or
the global, thus replacing the one I have there now? I currently do not have a
profiles directory off of root, which is where I assume that would be referring to,
but I can certainly create one. Either that, or do I totally misunderstand the usage
of %L?
-- Original Message --
From: John H Terpstra [EMAIL PROTECTED]
Date: Mon, 10 Mar 2003 18:36:31 + (GMT)
On Mon, 10 Mar 2003, Scott Millhisler wrote:
I have been working on this problem for quite some time now and have not
been able to find the solution.
Please see comments below.
- John T.
I have Samba running on Debian Linux 3.0 (Woody) as a primary domain
controller. From my Windows 2000 desktop I am able to browse that Linux
server with Windows Explorer.
My biggest problem is trying to log in to that domain. Under Windows
2000 I am able to join the domain (sjmlinux) but after I restart the
Windows desktop and attempt to log in to that domain, Windows gives me a
message like, cannot create profile directory
\\servername\profiledirectory.pds. It then the proceeds to assign me a
generic profile that cannot be updated.
The profile directory has fairly liberal write access so the Windows
machine should have sufficient rights to create or delete any files or
directories it deems necessary. One, of many, things I do not
understand is where the .pds suffix that the message indicates is coming
from. It certainly is not what I have defined for the profile directory
in smb.conf is and it is not something that I have seen before.
I have seen some documents that referred to creating a policy file
(*.pol) with the Windows server policy editor tool. However, I
understand profiles to be much more than a single file and that actually
a directory structure that contain everything desktop colors to your
recent files list. Under Windows 2000 this is essentially what you see
in your subdirectory of the Documents and Settings folder.
I am sure that somebody must have seen this issue before as I have seen
reference to it in the archives; I had just never seen what the solution
is. Below is a snippet of my smb.conf file that I believe would contain
the pertinent information.
[global]
# Change this for the workgroup/NT-domain name your Samba server will part of
workgroup = sjmlinux
netbios name = sjmpdc
# server string is the equivalent of the NT Description field
server string = %h server (Samba %v)
guest account = nobody
invalid users = root
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 1000
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# security = user is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# security_level.txt for details.
security = user
# You may wish to use password encryption. Please read ENCRYPTION.txt,
# Win95.txt and WinNT.txt in the Samba documentation. Do not
Re: [Samba] Does the SWAT tool come with the Red Hat 8.0distribution?
Perhaps you could post your specific thoughts on what an automated editor I understand that by using a GUI rather than command line will in some cases make things easier. My experiance with Samba is that I had to research, implement and test many hours to get it working (albiet, I have a very highly specialized env, Post produstion, where file security, performance and paths must be the same on all platforms here - MacOSX, Linux, Windows, SGI). If you feel Swat is a value add (it may be), it doesn't seem like it would be hard to not del lines starting with #. I'm not sure what Samba uses to edit the file and generate a new one but why not rely on utils like grep and sed? I'm not trying to be insulting to Samba.org, I'm just hard on technology and when it does something unexpected, I get uncomfortable. Bri- __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RESOLVED!!: [Samba] Struggling to get SAMBA and Windows workingtogether --- RESOLVED!
this did it, joining the Linux Server to the domain and changing the smb.conf to use a password server fixed the problem. now the next thing is to get the permissions to create files in the shared directory (Access is denied when trying to create a directory on the LInux share). anyone know where i can look fo r information on create modes? I feel bad that I ask for lots of information and haven't given back much (YET!) Als could someone tell me where the archives are, as I am sure some readers out there are tired of me already. But already this is so great that it is working, it only took two days, but now that i know I can help others and keep learning more! Thanks SAMBA LINUX COMMUNITY, David jackson -Original Message- From: Paul Hong [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 11:52 AM To: News; David Jackson; Jim Wharton; [EMAIL PROTECTED]; SAMBA Lists Cc: SAMBA Subject: Re: [Samba] Struggling to get SAMBA and Windows working together Here are some of the things you might want to add to your samba.conf when you have your Samba server join the domain. Security=domain set the security parameter to domain. workgroup= domain name password server = Must list PDC and any BDC encrypt passwords=yes when join domain, must be set to yes Hope this helps. -Paul Hong - Original Message - From: News [EMAIL PROTECTED] To: David Jackson [EMAIL PROTECTED]; Jim Wharton [EMAIL PROTECTED]; [EMAIL PROTECTED]; SAMBA Lists [EMAIL PROTECTED] Cc: SAMBA [EMAIL PROTECTED] Sent: Sunday, March 09, 2003 10:42 PM Subject: Re: [Samba] Struggling to get SAMBA and Windows working together Actually joining the domain You can do this all in one step with the following command: smbpasswd -j DOMAIN -r DOMAIN_CONTROLLER -U DOMAIN_ADMIN Where DOMAIN is the name of your domain (should be the same as the workgroup parameter in your 'smb.conf' file), DOMAIN_CONTROLLER is the name of the Primary Domain Controller of your domain, and DOMAIN_ADMIN is an account on the PDC with Domain Admin privileges. You will be prompted for this users password, so you should ask your windows admin to help you here if necessary. - Original Message - From: David Jackson [EMAIL PROTECTED] To: Jim Wharton [EMAIL PROTECTED]; [EMAIL PROTECTED]; SAMBA Lists [EMAIL PROTECTED] Cc: SAMBA [EMAIL PROTECTED] Sent: Sunday, March 09, 2003 11:40 PM Subject: RE: [Samba] Struggling to get SAMBA and Windows working together there is a windows 2000 domain, but the SAMBA server has not joined. Is there a way to join a Red Hat Linux 8.0 server to the domain? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jim Wharton Sent: Sunday, March 09, 2003 9:22 PM To: [EMAIL PROTECTED]; SAMBA Lists Cc: SAMBA Subject: Re: [Samba] Struggling to get SAMBA and Windows working together Have You joined this machine to the domain? Jim - Original Message - From: David Jackson [EMAIL PROTECTED] To: SAMBA Lists [EMAIL PROTECTED] Cc: SAMBA [EMAIL PROTECTED] Sent: Sunday, March 09, 2003 5:53 PM Subject: [Samba] Struggling to get SAMBA and Windows working together If anyone can help with this, please help. WINDOWS 2000 When i try to connect to my SAMBA server from windows 2000 professional i get the following message: This is the windows DOS screen: D:\net use * \\samba\shared /user:root rootpassword System error 1240 has occurred. The account is not authorized to log in from this station. SAMBA My smb.conf looks like this: [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = seven hosts allow = 192.168.1. 127. [shared] comment = the shared folder path = /shared writable = yes create mode = 0770 directory mode = 2770 browseable = yes And I had mounted the shared folder by typing: mount -t smbfs -o username=root,password=rootpassword //samba/shared /shared THANK YOU EVERYONE! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] create mask = 0777
What do the following lines mean in the smb.conf file: create mask = 0777 directory mode = 0775 I would like to know where i can learn more about what those numbers about signify. Also where can i find archives for this list so I don't keep bringing up old topics? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Transferring the printer database
Is there a way to transfer a Samba printer database from one version to another? I tried copying the .tdb files from v2.2.6 to v2.2.8pre1 but it didn't seem to work. Some sort of upgrade path is needed here - it's a lot of work to start over if you've got a lot of printers. Will this do what you want? # printconf-tui --Xexport printers.xml # printconf-tui --Ximport printers.xml Patrick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 3, Issue 17
I will be out of the office until early next week, returning Tuesday, 10 March. If urgent, contact the ATS helpdesk. Thank you, Jarrell Dunson Administrative Computing Coordinator -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba - Active Directory and folder level perm.
I have samba 2.2.7 installed on a Sol8 unix box I have also config'ed Winbind. My aim is to map my samba share to my win2k Active Directory server - and apply folder lever permision ie.. \\samba-server\home-share%username%\ however I am seeing only SIDs Everyone and Administrator in the security tab of my share [sub]folders. It there a way to implement folder level security on Active Directory server of samba mounted shares? I can see my users from wbinfo -u -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does the SWAT tool come with the Red Hat 8.0distribution?
On 10 Mar 2003, [EMAIL PROTECTED] wrote: Perhaps you could post your specific thoughts on what an automated editor I understand that by using a GUI rather than command line will in some cases make things easier. My experiance with Samba is that I had to research, implement and test many hours to get it working (albiet, I have a very highly specialized env, Post produstion, where file security, performance and paths must be the same on all platforms here - MacOSX, Linux, Windows, SGI). If you feel Swat is a value add (it may be), it doesn't seem like it would be hard to not del lines starting with #. Some people seem to like it. A little more consideration of the problem will show that for a program to preserve comments when it is not capable of understanding their contents is quite hard. - Do the comments pertain to the line above or the line below, or to a whole block of lines? - Does the comment contain commented-out inactive code? - If a line is removed, should the comment next to it go too? - If lines are reordered what happens to the comments? I'm not sure what Samba uses to edit the file and generate a new one but why not rely on utils like grep and sed? Regular IO. At least three reasons: - producing gred/sed commands is much harder than just editing the damn thing - that doesn't solve the problem of understanding what the comments *mean* - grep/sed editing will be less reliable than directly writing the file. I'm not trying to be insulting to Samba.org, I'm just hard on technology and when it does something unexpected, I get uncomfortable. The great thing about open source is that you can scratch your own itches. The bad thing is that you have to watch esr scratching his itches in public. ;-) -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS servers and browsing
Morgan, if you use more than one wins server then you will need to synchronise them to resolve remote names. samba does not support this. We use one wins server for many samba-domains effectively. I see you are using remote announce. You should not normally need this with one only wins server. (unless special requirements?) Your pw1 config below is configured as a local master for its workgroup pw ..your config: domain master = no where is its domain master browser? If you wish pw1 to be a dom-master then change the above line to .. domain master = yes . IF these are the only pcs in your network to be affected by this??? then .. pw1 as pw domain-master, local-master, wins-to- ch1 ,(remove remote stuff) ch1 as ch domain-master, local-master, wins-server, (remove remote stuff) hint:for testing I suggest starting win-server first, then other servers. The network will take a little time to stabilize. so with the above config and PROVIDING THERE ARE NO OTHER SERVERS GOING TO BE AFFECTED , and the routing/firewalling is ok... Now if I haven't made any errors? it should all just work!! whew.. regards Richard Coates. On Tue, 2003-03-11 at 02:07, Morgan Toal wrote: Well, I've asked a couple times already but I will ask one more, since I still havent' managed to get any further. We have several sites. Each site has it's own network and domain. We are connected via a WAN. Is the best practice to have one WINS server for each site? Or is a single WINS server for the WAN the way to go? Right now I have a single WINS server for the WAN. I CAN NOT browse between networks correctly. How do I test WINS anyway? Thanks, mtoal Here's some config info: Network 192.168.18.0, CH domain 192.168.18.14 ch1 (rh7.3, CH domain controller, wins server) 192.168.18.15 ch2 (w2k, app server, set ch1 for wins manually) 192.168.18.18 mtoal (w2k, my computer, set ch1 for wins manually) Network 192.168.20.0, PW domain 192.168.20.8 pw1 (rh7.3, samba, PW domain controller) 192.168.20.5 pw2 (w2k, app server, set ch1 for wins manually) 192.168.20.61 streetsmary (w2k, example machine, ch1 for wins via dhcp) ch1 is set up as the WINS server for the whole WAN: netbios name = ch1 workgroup = ch os level = 64 preferred master = yes domain master = yes local master = yes wins support = yes remote announce = 192.168.18.255 192.168.20.255 remote browse sync = 192.168.18.255 192.168.20.255 name resolve order = wins lmhosts pw1 is set up to use ch1 as it's WINS server, and is set up to be the local master browser on its subnet: netbios name = pw1 workgroup = pw domain master = no local master = yes preferred master = yes os level = 64 wins support = no wins server = 192.168.18.14 name resolve order = wins lmhosts -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Hide files in samba share using Window
Hi, The following is done on a samba share:- When I want to hide files in on the Windows interface, I right-click the file and check on the hidden attribute, but the file still appears there. Must I rename the file with a dot in front in order to hide it? Any alternative to allow the use of Windows interface to hide it? Thanks. adrian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RESOLVED!!: [Samba] Struggling to get SAMBA and Windows workingtogether --- RESOLVED!
On 10 Mar 2003, David Jackson [EMAIL PROTECTED] wrote: this did it, joining the Linux Server to the domain and changing the smb.conf to use a password server fixed the problem. Great. now the next thing is to get the permissions to create files in the shared directory (Access is denied when trying to create a directory on the LInux share). anyone know where i can look fo r information on create modes? http://www.google.com/search?q=samba+create+mode http://us1.samba.org/samba/docs/man/smb.conf.5.html#CREATEMASK 62,000 matches. :-) But check ownership of the files is as it should be first. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] profiles name not same
Hi, I used samba+ldap on rh8 as pdc. At w2k client,when I want to delete user1's profile I go to control panel - system - user profiles. But any names in this not same as account name.It appear such as DOMAIN\unix_group.2000 or DOMAIN\unix_user.1006. Can I config anything for this? Thank you. - With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WINBIND
Ola a todos da LISTA Estou tentando connectar o meu winbind e recebo Could not connect to a dc for domain SURSON , qdo dou winbindd -i -d 100 O mais gozado é que qdo dou smbclient //firewall/homes e a senha ele devolve: session setup failed: NT_STATUS_LOGON_FAILURE qdo dou smbclient //firewall/homes -U Administrador e depois a senha ele devolve [EMAIL PROTECTED] init.d]# smbclient //firewall/homes -U Administrator added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 Got a positive name query response from 192.168.1.2 ( 192.168.1.1 ) Password: Domain=[SURSON] OS=[Unix] Server=[Samba 2.2.3a] tree connect failed: NT_STATUS_WRONG_PASSWORD O problema é que //firewall é o BOX LINUX.. se eu der :smbclient //cleo/downloads -U Administrator e a senha eu recebo a resposta correta Got a positive name query response from 192.168.1.2 ( 192.168.1.2 ) Password: Domain=[SURSON] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] smb: \ O mais gozado é que se eu for via EXPLORER DO WIN2K e der \\firewall logado como Administrator tudo ROLA NORMAL e ele entra e lista as diretorios. O QUE SERA QUE TA ROLANDO??? --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 25/2/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hide files in samba share using Window
I don't have show hidden file chosen from Microsoft. After I check the hidden attribute using Windows, I right-click again and the hidden box is still uncheck !!! adrian Michael Noble [EMAIL PROTECTED] 03/11/03 12:20PM take a look at vito files. also make sure that you do not have show hidden file chosen from Microsoft or it will still show hidden files. Mike On Mon, 2003-03-10 at 18:41, Adrian Chow Seng Yien wrote: Hi, The following is done on a samba share:- When I want to hide files in on the Windows interface, I right-click the file and check on the hidden attribute, but the file still appears there. Must I rename the file with a dot in front in order to hide it? Any alternative to allow the use of Windows interface to hide it? Thanks. adrian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Michael G. Noble RF Magic, Inc. Senior System Administrator 10182 Telesis Ct., 4th Floor San Diego, CA. 92121 mailto:[EMAIL PROTECTED] voice: (858) 546-2401 x207 fax: (858) 546-2402 -- There is Sanity in my Madness! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Explaination for file permissions
Hi, I am confused about the file permission set. I have samba compiled with ACL option. Running Redhat 8.0 with ACL compiled and Samba 2.2.7. I have created a read-only share /test/xyz and under write list put userA and userB in it. UserA creates a file (test1) and under Windows I can see that only UserA owns that file and permissions is 660. UserA and UserB are different in groups. But when UserB logins, he can delete that file! Why? If so, how can I set files or directories below the shared directory such that I have different user/group permissions for different file/directories and be sure that unauthorized user cannot just go in and delete the files? **The read-only share directory /test/xyz is having permission 777 cos it is created by root and, UserA UserB does not belong to same group as root. I am deeply confused whether samba share permission overwrites file permissions...but very different from the documentation from o'reilly's. Thanks. adrian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Active Diectory
I have samba 2.2.7 installed on a Sol8 unix box I have also config'ed Winbind. My aim is to map my samba share to my win2k Active Directory server - and apply folder lever permision ie.. \\samba-server\home-share%username%\ however I am seeing only SIDs Everyone and Administrator in the security tab of my share [sub]folders. It there a way to implement folder level security on Active Directory server of samba mounted shares? I can see my users from wbinfo -u - Original Message - From: News [EMAIL PROTECTED] To: Christopher Odenbach [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, March 08, 2003 12:06 AM Subject: Re: [Samba] Samba and Active Diectory any idea: bash-2.03# /usr/local/samba/bin/smbpasswd -j JAMDUNG -r PDC -U Administrator Password: Error connecting to PDC Unable to join domain JAMDUNG. bash-2.03# ./wbinfo -m bash-2.03# ./wbinfo -u 0xc022 bash-2.03# ./wbinfo -u Administartor 0xc022 bash-2.03# - Original Message - From: Christopher Odenbach [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 2:25 AM Subject: Re: [Samba] Samba and Active Diectory Hi, problem: I wish to implement samba on a solaris 8 with authentication from a win2k active directory server. I wish to have user dorectories mounted to AD server via samba and authenticated via AD. Anyone knows an easy/doable way to do this? If you have all the windows users also defined on the solaris box (locally in /etc/passwd, via nis or ldap), then just - set security = domain - join the samba server to the AD domain If you don't want to define the users on solaris, use winbind. Christopher -- == Dipl.-Ing. Christopher Odenbach HNI Rechnerbetrieb [EMAIL PROTECTED] Tel.: +49 5251 60 6215 == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles with Samba PDC
On Mon, 10 Mar 2003, Scott Millhisler wrote: First of all, I would like to thank you for your prompt reply. Unfortunately you lost me on a couple of issues and I am hoping that you can clarify them. We exchanged: # User profile path logon path = \\%N\home\%u\ntprofile Suggest you try: logon path = \\%L\home\%U\ntprofile Make absolutely sure that the directory 'ntprofile' exists (and is writable) - BEFORE - the uyser logs on. A MUCH better suggestion is to put profiles in a 'profiles' share, that is the way it is done in MS Windows land. It allows you to set more suitable smb.conf parameters for profile handling for the shared resource for which it may be needed. In this case you would have a share like: [Profiles] comment = Roaming Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes and the following to match it: logon path = \\%L\Profiles\%U In this exchange you indicate that it would be better to have a 'profiles' share, contrasting it to my global definition of logon path. I am not sure if you saw it or not, but in my original message it was a profiles share defined at the end. It did differ from yours in that the path pointed to the science have used in the global area. Your logon path directs that profiles into the users' home directory into a subdirectory called ntprofile. Your original profiles share will thus not be used at all. I created a profiles directory under the samba directory as indicated above. Do I need to create subdirectories in that profiles directory for all of the users before they logon or will Windows create the subdirectories as needed during a user's first logon? Yes. You need to create those directories so that Samba can store the profiles. In the absence of the proper directory the profile will not be written to your profiles share. Also, you wrote to set my logon path to \\%L\Profiles\%U to match 'it'. What 'it' are you referring to? Should this logon path the set in the profiles share definitions or the global, thus replacing the one I have there now? I currently do not have a profiles directory off of root, which is where I assume that would be referring to, but I can certainly create one. Either that, or do I totally misunderstand the usage of %L? Your logon path settings need to match a storage are within your Samba server file system. The 'it' refers to the Profiles share settings I gave you. In my case I store profiles under /var/lib/samba/profiles/'username' The %U translates to the 'username'. The %L is a macro that translates to the name be which you refer to the samba server. So if your samba server is called 'FRED and logon path = \\%L\Profiles\%U and you access the Samba server by the name FRED then it will map to \\FRED\Profiles\'username'. Thus if your username is 'jbloggs', the full profile path will be: \\FRED\Profiles\jbloggs. Given my path statement in the [Profiles] definition this will result in the files being written to (or read from): /var/lib/samba/profiles/jbloggs Does that clear the air now? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create mask = 0777
On Mon, 10 Mar 2003, David Jackson wrote: What do the following lines mean in the smb.conf file: create mask = 0777 directory mode = 0775 I would like to know where i can learn more about what those numbers about signify. man chmod Also where can i find archives for this list so I don't keep bringing up old topics? Google will find answers for you. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
A few swat comments. was:Re: [Samba] Does the SWAT tool come withthe Red Hat 8.0 distribution?
Since we seem to be discussing the merits of swat, I'll add my two cents. I don't use swat either, but I did try it and the things about it that I think could be improved are: 1. Backup the original smb.conf (if any). While it could be said that that is the users job, I was more than slightly irritated that my original smb.conf was gone after making changes using swat. I wouldn't think that that would be too hard to implement and the advantage is that even if a diff between the original and the new smb.conf weren't recognizable, a diff with the output of testparm from the old and new would be. 2. Don't have swat bind itself to every available IP address by default. That just scares me. I'd much rather have something bind to localhost only to start out with and then let me change it if I needed to. I understand that this would result in quite a few questions like, Why can't I access swat?, but I still think it's better practice. 3. The 901 port just sucks. Pick a cool one like 22 or 25 or 110. Well, 110 isn't so cool, but 25, wowza! mark ps. comment 3. was a joke. I couldn't handle only having two comments. mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINDOWS XP +SAMBA
Alvaro Rosales R. schrieb: Hi. Sorry If I was not clear enough in explaining my problem. I oculd join the domain, I also can map network folders from windows xp. But I can not lo on my server. It seeems that for some reason I cant log in my domain so I cant run my logon script, this is exactly, what i said: w2k/xp does support plain text password, if u want to *access* a server. if u want domain support, u *must* use encrypted password. so if u want to use xp in as a domain client, u must switch to encrypted password and create a machine account. gk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: A few swat comments. was:Re: [Samba] Does the SWAT tool comewith the Red Hat 8.0 distribution?
On Tue, 11 Mar 2003, mark wrote: Since we seem to be discussing the merits of swat, I'll add my two cents. I don't use swat either, but I did try it and the things about it that I think could be improved are: 1. Backup the original smb.conf (if any). While it could be said that that is the users job, I was more than slightly irritated that my original smb.conf was gone after making changes using swat. I wouldn't think that that would be too hard to implement and the advantage is that even if a diff between the original and the new smb.conf weren't recognizable, a diff with the output of testparm from the old and new would be. I like this suggestion. Could you specify your dream wishes more clearly please. ie: I run SWAT and write the back-up file. Now I run it again and overwrite the backup file again? Where is the gain then? Do I only back it up if it does not exist? Then what about subsequent changes I make? Should it back it up to a file with time and date extensions? If so, homw many backups should I keep? Your suggestion perplexees me. I want some consensus on this before I change anything here. 2. Don't have swat bind itself to every available IP address by default. That just scares me. I'd much rather have something bind to localhost only to start out with and then let me change it if I needed to. I understand that this would result in quite a few questions like, Why can't I access swat?, but I still think it's better practice. But by default, it should be blocked by TCP Wrappers from anything except 127.0.0.1. Where is the problem? 3. The 901 port just sucks. Pick a cool one like 22 or 25 or 110. Well, 110 isn't so cool, but 25, wowza! mark ps. comment 3. was a joke. I couldn't handle only having two comments. Now here we agree! Yes! - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
scalability of print_queue_update
I've been testing injection of many jobs (thousands) into a print queue, and am noticing that appliance_head samba seems to spend heaps of time in print_queue_update, trying to reconcile the output of lpq with samba's database. In particular, this is causing smbspool to give warnings because print_job_end is taking a long time to complete. (10s for tiny files.) One approach that was discussed a while ago is to have the lpd notify samba when jobs are completed, deleted, or changed. It could either give all the details sufficient to update the record, or (much simpler) just send an smbcontrol message to rescan the queue. Another approach, which I suppose is really just skirting the issue, would be to never run the update function while a client is waiting, but rather just at intervals when the timer expires. Possibly a separate smbd process might be forked to do this. Alternatively we might say that 40,000 jobs is a silly number to have queued. :-) I think we can also improve the efficiency of the current code without restructuring it; I'll send a patch for that shortly. Any thoughts on how this might be done better in 3.x? -- Martin
Re: Restricting delete on a share?
On Mon, 2003-03-10 at 18:50, Stefan (metze) Metzmacher wrote: At 18:37 10.03.2003 +1100, Andrew Bartlett wrote: On Mon, 2003-03-10 at 18:02, Stefan (metze) Metzmacher wrote: At 00:04 10.03.2003 -0600, Jeremy M. Dolan wrote: Hi all. Management here wants to restrict users from deleting files via Samba. NTFS is able to restrict just delete permissions, but still allow new files to be created and old ones changed. Andrew, read two lines above... :-) I know :-). It's amazing how much effort goes into keeping management happy rather than securing systems... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
bug? non-default hash sizes in tdb
tdb (all branches) has the behaviour that when opening an existing database, if you don't specify the right hash size, the open will fail with EIO. This means for example that tdbtool can't open printing tdbs after jra's change to increase their has size to 5000. Wouldn't it be reasonable to ignore the hash_size parameter to tdb_open_ex when opening an existing tdb, and just use whatever is in the header? -- Martin
Re: Printer driver parameter deprecated - what now?
Hi there. Please read my comments below: On Sun, Mar 09, 2003 at 04:07:57PM +, Ronan Waide wrote: On March 9, [EMAIL PROTECTED] said: snip / Well, I tried that, does not work, I get: SetPrinter call failed! result was NT_STATUS_UNSUCCESSFUL setdriver expects the following setup: * you are a printer admin, or root. I am both defined as a printer admin and am in the write list of the [print$] share in smb.conf. - this is the smb.conf printer admin group, not the Printer Operators group in NT. I've not tried the latter, but I don't believe it will work based on the current code. Uh... How can Samba users be members of NT groups? I did not know Samba supports that... How do you add Unix users to NT groups for Samba? * printer admins has to be defined in [global] Is defined there. * upload the driver files to \\server\print$\w32x86 and win40 as appropriate. DON'T put them in the 0 or 2 subdirectories. Uh. No driver files yet... As I said in the original message, right now I do not want any driver files on the server - I only want the server to specify the name of the driver that the client can use (equivalent to the deprecated 'printer driver' option in smb.conf). * Make sure that the user you're connecting as is able to write to the print$ directories I am. * Use adddriver (with appropriate parameters) to create the driver - note, this will not just update samba's notion of drivers, it will also move the files from the w32x86 and win40 directories to an appropriate subdirectory (based on driver version, I think, but not important enough for me to find out) Again, I do not want to store any drivers on the server right now - only specify their names. * Use setdriver to associate the driver with a printer That's what I tried. The setdriver call will fail if the printer doesn't already exist in samba's view of the world. Either create the printer in cups and restart samba, or create an add printer command (see smb.conf doco) and use RPC calls to create a printer. Uh? What's wrong with just having a printer share defined for it already? NB the add printer command MUST return a single line of text indicating which port the printer was added on. If it doesn't, Samba won't reload the printer definitions. Although samba doesn't really support the notion of ports, suitable add printer command and enumport command settings can allow you pretty good remote control of the samba printer setup. I do not use any 'add printer command'. All printers are added to the smb.conf and installed on the server manually (by me). Hope this helps you somewhat. Well, to be honest, it just confused me a bit more. But I will try to look some of this up and might learn a bit better how this should work, improving my conception of it. Yet, my problem remains unsolved. Thank you, any further help appreciated, -- Tom -- Tom Alsberg - hacker (being the best description fitting this space) Web page: http://www.cs.huji.ac.il/~alsbergt/ DISCLAIMER: The above message does not even necessarily represent what my fingers have typed on the keyboard, save anything further.
Re: Printer driver parameter deprecated - what now?
On March 10, [EMAIL PROTECTED] said: Uh... How can Samba users be members of NT groups? I did not know Samba supports that... How do you add Unix users to NT groups for Samba? I was just clarifying that when I said Printer Admins I wasn't referring to the NT group. Yet, my problem remains unsolved. I guess I misunderstood your problem. The details I gave are for remotely adding a printer with drivers to a Samba box. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Repetition breeds inertia. - Douglas Coupland, _Microserfs_
segv in samba head
background:
I had a stock redhat samba setup using security = share and sharing
out three directories - [homes] and two fixed locations. pretty
trivial setup. I built Samba 3 head (current as of this morning, but
the problem has been happening for at least a week) and tried
connecting to it from a NT4 PDC with a different domain name to the
samba server, and I get a segv. Debug level 10 doesn't give me a whole
lot to go on, so I ran smbd under gdb instead:
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
Program received signal SIGSEGV, Segmentation fault.
0x080952c6 in reply_sesssetup_and_X (conn=0x0, inbuf=0x403b2008 ,
outbuf=0x403d3008 , length=266, bufsize=131072) at smbd/sesssetup.c:721
721 if (server_info-guest) {
stacktrace:
#0 0x080952c6 in reply_sesssetup_and_X (conn=0x0, inbuf=0x403b2008 ,
outbuf=0x403d3008 , length=266, bufsize=131072) at smbd/sesssetup.c:721
#1 0x080ae095 in switch_message (type=115, inbuf=0x403b2008 ,
outbuf=0x403d3008 , size=266, bufsize=131072) at smbd/process.c:758
#2 0x080ae121 in construct_reply (inbuf=0x403b2008 , outbuf=0x403d3008 ,
size=266, bufsize=131072) at smbd/process.c:788
#3 0x080ae431 in process_smb (inbuf=0x403b2008 , outbuf=0x403d3008 )
at smbd/process.c:889
#4 0x080aedfa in smbd_process () at smbd/process.c:1298
#5 0x080731d4 in main (argc=6, argv=0xbfffe044) at smbd/server.c:907
#6 0x401e21c4 in __libc_start_main () from /lib/libc.so.6
Regardless of whether this turns out to be a misconfig on my part, a
panic is the wrong way to go about handling it. Especially since this
is just an upgrade from samba 2 to samba 3.
Cheers,
Waider.
--
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
They posted while drunk, their souls are forfeit.
- Bren, in the dspsrv orientation guide.
rpcclient typo: patch
when doing enumdomusers, rpcclient prints each one preceded by the
word group instead of user
Cheers,
Waider.
Index: rpcclient/cmd_samr.c
===
RCS file: /cvsroot/samba/source/rpcclient/cmd_samr.c,v
retrieving revision 1.157
diff -u -r1.157 cmd_samr.c
--- rpcclient/cmd_samr.c25 Feb 2003 06:24:13 - 1.157
+++ rpcclient/cmd_samr.c10 Mar 2003 13:13:03 -
@@ -684,7 +684,7 @@
NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
for (i = 0; i num_dom_users; i++)
- printf(group:[%s] rid:[0x%x]\n,
+ printf(user:[%s] rid:[0x%x]\n,
dom_users[i], dom_rids[i]);
}
--
We are experiencing MVS processor spin loops, the programs are running while
holding a disabled CPU. This is causing XCF communication delays to the point
where we are losing VTAM RTP routing, are suffering OSPF adjacency failures on
TCP/IP dynamic routing and MIM VCF failures. - Reported via Slashdot
Re: Urgent: Cvs download has changed unexpectedly
Dave Collier-Brown wrote: 1) If I run cvs update -d :pserver:[EMAIL PROTECTED]:/cvsroot -P it returns No CVSROOT specified! Please use the `-d' option, which, you understand, I did (;-)) This also applies if I change the host from [EMAIL PROTECTED] to [EMAIL PROTECTED] --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Urgent: Cvs download has changed unexpectedly
I deleted the whole tree, changed the makefile to the new syntax, and it fails with the identical messages. The good news is that we documented pserver.samba.org in the second edition... the bad news is that I can't get it to work (;-)) --dave Tim Potter wrote: On Sun, Mar 09, 2003 at 02:13:17PM -0500, Dave Collier-Brown wrote: For that last few years, I've been using a makefile to download and build samba, based on the instructions in http://us1.samba.org/samba/cvs.html These are the same instructions that we put in Using Samba, and are unchanged in the second edition. The cvs.html file has probably changed since then, specifically it has been modified to split the anonymous cvs repository to pserver.samba.org and the writable cvs repository staying at cvs.samba.org. According to the CVS logs this split was done in October 2000. Alas, they now only cause diagnostics, at least three of which are bogus! 1) If I run cvs update -d :pserver:[EMAIL PROTECTED]:/cvsroot -P it returns No CVSROOT specified! Please use the `-d' option, which, you understand, I did (;-)) There are instructions for reparenting a cvs repository using some simple unix commands on the new cvs.html page. I'm sorry the new version of your book has the old information in it - that's a real bummer. )-: Tim. -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: scalability of print_queue_update
On Mon, Mar 10, 2003 at 07:10:10PM +1100, Martin Pool wrote: I've been testing injection of many jobs (thousands) into a print queue, and am noticing that appliance_head samba seems to spend heaps of time in print_queue_update, trying to reconcile the output of lpq with samba's database. Yep. I've been working on this in app-head (our 'day' job :-). In particular, this is causing smbspool to give warnings because print_job_end is taking a long time to complete. (10s for tiny files.) Yep. One approach that was discussed a while ago is to have the lpd notify samba when jobs are completed, deleted, or changed. It could either give all the details sufficient to update the record, or (much simpler) just send an smbcontrol message to rescan the queue. That's hard. Modifying all lpd's out there will not be easy. Another approach, which I suppose is really just skirting the issue, would be to never run the update function while a client is waiting, but rather just at intervals when the timer expires. Possibly a separate smbd process might be forked to do this. Alternatively we might say that 40,000 jobs is a silly number to have queued. :-) I think we can also improve the efficiency of the current code without restructuring it; I'll send a patch for that shortly. Ok, what will this patch do ? This is a very irritating comment :-) I have a simple proof for this that unfortunately won't fit in this margin... :-). Please explain :-). Jeremy.
Re: Restricting delete on a share?
Jeremy, the best way you can accomplish this is to build a custom VFS module. It is really easy to build such module and you only need to intercept and discard any unlink operation. regards, Simo. On Mon, 2003-03-10 at 07:04, Jeremy M. Dolan wrote: Hi all. Management here wants to restrict users from deleting files via Samba. NTFS is able to restrict just delete permissions, but still allow new files to be created and old ones changed. But I've come to the conclusion this isn't possible with standard UNIX file permissions, and unfortunately Red Hat does not yet support ACLs on any file systems. In Samba's documentation I don't see any indication that a delete=no type option exists for shares, which surprised me. Am I missing something? If not, is there perhaps a compile-time directive to disallow file deletion? Otherwise, could someone perhaps point me to what I'd want to change in the source to accomplish this? Thanks. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: 3.0a21 and HEAD: only primary group of a domain user is set onsmbd
After managed to compile HEAD on my box, I don't see that my problem is fixed on HEAD. For a user that belongs to 5 groups in an ADS domain, smbd got only the primary group. Here is something from the log: [2003/03/10 13:01:58, 3] smbd/process.c:switch_message(676) switch message SMBntcreateX (pid 11923) [2003/03/10 13:01:58, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (1, 1) - sec_ctx_stack_ndx = 0 [2003/03/10 13:01:58, 5] auth/auth_util.c:debug_nt_user_token(516) NT user token of user S-1-5-21-606747145-117609710-725345543-1005 contains 9 SIDs SID[ 0]: S-1-5-21-606747145-117609710-725345543-1005 SID[ 1]: S-1-5-21-606747145-117609710-725345543-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-606747145-117609710-725345543-3173 SID[ 6]: S-1-5-21-606747145-117609710-725345543-512 SID[ 7]: S-1-5-21-606747145-117609710-725345543-3186 SID[ 8]: S-1-5-21-606747145-117609710-725345543-3187 [2003/03/10 13:01:58, 5] auth/auth_util.c:debug_unix_user_token(530) UNIX token of user 1 Primary group is 1 and contains 2 supplementary groups Group[ 0]: 1 Group[ 1]: 1 [2003/03/10 13:01:58, 5] smbd/uid.c:change_to_user(203) change_to_user uid=(0,1) gid=(0,1) I would expect primary group is 1, and contains 5 or 6 groups, 1, 10001, 10002, 10003 etc. Is this problem familiar to anyone working on Samba 3.0? Chere On Tuesday 04 March 2003 11:48 pm, Andrew Bartlett wrote: On Wed, 2003-03-05 at 12:27, Chere Zhou wrote: Dear list, I know that on 2.2.5, when we get user info from winbindd, we also initialize group information based on the group list got from winbind, and do a setgroups for the process, so that all of the groups the user is a member of is set on the smbd. Now on 3.0a21 and HEAD, I do not see any setgroup operation from winbind, and the smbd process only got the primary group of the Win2k domain user. So it fails when a file permission is checked for other groups the user is a member of. I can see that sec_ctx.c is about the only place that calls sys_setgroups now, when the Unix group info has only the primary group. At the same place the NT token has about 9 groups for my test user. Can somebody explain why we are not doing what 2.2.5 was doing? Is there any design issue related to this? If you update you HEAD checkout, you will find that I have fixed this 'issue'. The problem is that the Win2k server does not report any groups for these users in LDAP, and as such we only use the 'primaryGid' attribute from the Active Directory query. There are however alternative queries that can be made, and I have implemented logic to detect this situation (it occurs mainly in child domains, we think). Unfortunately this change is only in HEAD, not Samba 3.0 at this stage. Andrew Bartlett
Re: Urgent: Cvs download has changed unexpectedly
On Mon, Mar 10, 2003 at 08:11:32AM -0500, David Collier-Brown -- Customer Engineering wrote: Dave Collier-Brown wrote: 1) If I run cvs update -d :pserver:[EMAIL PROTECTED]:/cvsroot -P it returns No CVSROOT specified! Please use the `-d' option, which, you understand, I did (;-)) This also applies if I change the host from [EMAIL PROTECTED] to [EMAIL PROTECTED] I believe the syntax you're looking for is: cvs -d :pserver:[EMAIL PROTECTED]:/cvsroot update -P -- Michael Heironimus
HEAD: PDC or BDC?
I'm curious at why we think a server should be considered a PDC if
security id server, domain or ads.
I think there is something wrong here ..
I think the 'server' or 'domain' security + lp_domain_logons() should
make a BDC, and that 'ads' + lp_domain_logons() should simply give an
error until we are able to make up a compatible AD DC.
Am I wrong? Or is there any futher resoning that make the current code
right?
static void set_server_role(void)
{
server_role = ROLE_STANDALONE;
switch (lp_security()) {
case SEC_SHARE:
if (lp_domain_logons())
DEBUG(0, (Server's Role (logon server)
conflicts with share-level security\n));
break;
case SEC_SERVER:
case SEC_DOMAIN:
case SEC_ADS:
if (lp_domain_logons()) {
server_role = ROLE_DOMAIN_PDC;
break;
}
server_role = ROLE_DOMAIN_MEMBER;
break;
case SEC_USER:
if (lp_domain_logons()) {
if (Globals.bDomainMaster) /* auto or
yes */
server_role = ROLE_DOMAIN_PDC;
else
server_role = ROLE_DOMAIN_BDC;
}
break;
default:
DEBUG(0, (Server's Role undefined due to
unknown security mode\n));
break;
Simo.
--
Simo Sorce - [EMAIL PROTECTED]
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
signature.asc
Description: This is a digitally signed message part
Problem Joining w2k box on domain
Hi all I am using using samba 2.2. I have just made samba as a primary domain controller, configure smb.conf file. Add machine name in to smbpasswd and added root to the smbpasswd file. Now when I try to join domain from Win2k box. Gives me error The procedure range is out of range or The Remote procedure has failed. I can't figure it out what I have done wrong. Is there anyone who knows about anything? Thanks for helping me out in advance. Zub image001.gif
Samba 3.0 Alpha22 + AD Domain, RedHat Kerberos Problems
Hi all, I'm not sure if this is the proper list to send to, but I figure this is it since I'm dealing with the beta software. Anyway, I have compiled Samba 3.0 Alpha 22 and would like to run it as a file server that authenticates AD logins to the W2K Domain Server. I have gotten though all the steps I can think of, and kinit [EMAIL PROTECTED] works properly. However, now is the acid test -- when I go \\LINUXSERVER\ from a domain connected workstation, it keeps rejecting the login and giving me the username/password box. When looking at the log files, I noticed this (could it be a problem with the Kerberos code ?) [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(402) Doing spnego session setup [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(316) Got OID 1 2 840 48018 1 2 2 [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(316) Got OID 1 2 840 113554 1 2 2 [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(316) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(323) Got secblob of size 1466 [2003/03/10 14:49:46, 3] libads/kerberos_verify.c:ads_verify_ticket(124) krb5_rd_req with auth failed (Bad encryption type) [2003/03/10 14:49:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(167) Failed to verify incoming ticket! [2003/03/10 14:49:46, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2003/03/10 14:49:46, 3] smbd/error.c:error_packet(113) error packet at smbd/sesssetup.c(169) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE I have attached 2 logs and a strace file of smbd if that may help. Any suggestions to get this working for domain authentication would be *greatly* appreciated. Thank you. ps. I should be on the mailing list, but could you pelase CC: to my address if you respond. Thanks again. -- ODC [EMAIL PROTECTED] Public E-Mail Drop *Hotpop is known to have unreliable servers, please resend if needed* *Please no more than 500kb per message* logs.tar.bz2 Description: Binary data
Re: Samba 3.0 Alpha22 + AD Domain, RedHat Kerberos Problems
The bad encryption type message happens if you have never changed the administrator password on the PDC and you try to join the domain. Did you successfully join the domain? ODC wrote: Hi all, I'm not sure if this is the proper list to send to, but I figure this is it since I'm dealing with the beta software. Anyway, I have compiled Samba 3.0 Alpha 22 and would like to run it as a file server that authenticates AD logins to the W2K Domain Server. I have gotten though all the steps I can think of, and kinit [EMAIL PROTECTED] works properly. However, now is the acid test -- when I go \\LINUXSERVER\ from a domain connected workstation, it keeps rejecting the login and giving me the username/password box. When looking at the log files, I noticed this (could it be a problem with the Kerberos code ?) [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(402) Doing spnego session setup [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(316) Got OID 1 2 840 48018 1 2 2 [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(316) Got OID 1 2 840 113554 1 2 2 [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(316) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(323) Got secblob of size 1466 [2003/03/10 14:49:46, 3] libads/kerberos_verify.c:ads_verify_ticket(124) krb5_rd_req with auth failed (Bad encryption type) [2003/03/10 14:49:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(167) Failed to verify incoming ticket! [2003/03/10 14:49:46, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2003/03/10 14:49:46, 3] smbd/error.c:error_packet(113) error packet at smbd/sesssetup.c(169) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE I have attached 2 logs and a strace file of smbd if that may help. Any suggestions to get this working for domain authentication would be *greatly* appreciated. Thank you. ps. I should be on the mailing list, but could you pelase CC: to my address if you respond. Thanks again. -- ODC [EMAIL PROTECTED] Public E-Mail Drop *Hotpop is known to have unreliable servers, please resend if needed* *Please no more than 500kb per message* Name: logs.tar.bz2 logs.tar.bz2 Type: unspecified type (application/octet-stream) Encoding: base64 Download Status: Not downloaded with message -- == Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 [EMAIL PROTECTED] Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 PGP Key: 0x8408D65D ==
Re: scalability of print_queue_update
Martin Pool wrote: Alternatively we might say that 40,000 jobs is a silly number to have queued. :-) Probably, but it would be good to know that it would work. What I am curious about is if you have a solution to a question I posed about a year ago. On Windows, the print job number appears to be an unsigned 16 bit number if I remember correctly. On OpenVMS, the print job number is an unsigned 32 bit number. This number range is also shared with batch jobs. Is there any way for SAMBA to accomodate 32 bit print job IDs? -John [EMAIL PROTECTED] Personal Opinion Only
bug or typo in smbd/service.c: make_connection_snum(line 530)?
The block reads:
if (conn-force_user || conn-force_group) {
/* groups stuff added by ih */
conn-ngroups = 0;
conn-groups = NULL;
/* Find all the groups this uid is in and
store them. Used by change_to_user() */
initialise_groups(conn-user, conn-uid, conn-gid);
get_current_groups(conn-gid, conn-ngroups,conn-groups);
conn-nt_user_token = create_nt_token(conn-uid, conn-gid,
conn-ngroups,
conn-groups,
guest);
}
I think the if should be ( ! (conn-force_user || conn-force_group)), since
the force_user and force_group processing should be all done just before this
block of code. Otherwise I don't understand the logic here.
I think this is related to my earlier posting with the subject of 3.0a21 and
HEAD: only primary group of a domain user is set on smbd.
Re: HEAD: PDC or BDC?
I think there is something wrong here .. I think the 'server' or 'domain' security + lp_domain_logons() should make a BDC, and that 'ads' + lp_domain_logons() should simply give an error until we are able to make up a compatible AD DC. Maybe this could remain enabled in HEAD but cause an error in release branches. -- Luke -- Luke Howard | PADL Software Pty Ltd | www.padl.com
Re: scalability of print_queue_update
On Tue, Mar 11, 2003 at 12:18:55PM +1100, Martin Pool wrote: I observed that it spends a large fraction of its time in print_parse_jobid, called from traverse_fn_delete, called from print_queue_update. This function is I think called O(n**2) times, because smbd compares every job in the tdb against every job in the print queue. Parsing the string is not terribly expensive, but doing it so many times is. It would be better to parse the jobids just once, when the lpq output is read, and store them in the print_queue_struct. I was just trying to work out the right time to put them in there. Doh ! Yeah, that's a really good idea. Wish I'd thought of it :-). It would make the stress tests of a certain person in Roseville much harder to destroy Samba :-). Jeremy.
