Re: [Samba] snprintf, vsnprintf

[Andrew Bartlett]

On Thu, 2003-06-26 at 10:23, William Jojo wrote:
> 
> 
> 
> 
> On Wed, 25 Jun 2003, William Jojo wrote:
> 
> > 
> > anyway the bug i'm tracking is a failure to expand the macros SAFE_FREE
> > and VA_COPY. is compiles fine in AIX 5.1. as soon as i figure that one
> > out, i'll forward it.
> > 
> 
> 
> found it. you are penalized in snprintf.c if you have all three of
> HAVE_SNPRINTF, HAVE_VSNPRINTF and HAVE_C99_VSNPRINTF by what i believe is
> an unnecessary else clause. It will include stdio.h, but will not define
> SAFE_FREE and VA_COPY.
> 
> AIX 5.1 does not have vsnprintf so it compiles there.
> 
> I think this is what the change should be - pardon my misuse if diff, i
> would like to know the correct format for submitting patches, but could
> not find it during my short search of the site.

diff -u would make this legible.

Also, what version was this against?  

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] unable to mount W2k shares to Linux box

[Stephen Kuhn]

On Thu, 2003-06-26 at 15:14, Phil Reardon wrote:
> Hello:
> 
> I am unable to mount the C$ share of my W2k box to my Linux box.  I get 
> the error:
> 
> SMB connection failed  3260: tree connect failed:  ERRDOS - ERRnoaccess.

I thought you couldn't mount the "C$" share because you're not trying to
mount it as an administrator to the machine...??

-- 
Thu Jun 26 15:20:00 EST 2003
 15:20:00 up 1 day, 15:06,  3 users,  load average: 0.90, 0.97, 0.99
-
|____  |kuhn media australia|
|   /-oo /| |'-.   |http://kma.0catch.com   |
|  .\__/ || |   |  ||
|   _ /  `._ \|_|_.-'  |stephen kuhn|
|  | /  \__.`=._) (_   | email: [EMAIL PROTECTED] |
-
 linux user #:267497 linux machine #:194239 * MDK 9.1 & RH 7.3  
 Mandrake Linux Kernel 2.4.21-11mdk Cooker for i586
-
 * This message was composed on a 100% Microsoft free computer *

The important things are always simple
-- Murphy's Bush Fire Brigade Laws n24
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbmount, winbind, win 2000 permissions

[Marian Mlcoch, Ing]

Hi
your idea is bad, best choice is create encrypted VPN or simply stunnel
connect from your external client to NAT router.
VPN NAT provide for ext.client internal IP adress and then client simply
connect to W2k or any enabled service on internal network with its permision
for login name and IP addr.

If you try create samba on NAT then your external conection is open for hack
and read passwords and data over trafic...

Bye.

- Original Message - 
From: "Ivan Gyurdiev" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 26, 2003 2:37 AM
Subject: [Samba] smbmount, winbind, win 2000 permissions


> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Is there a way to make smbmount retrieve win 2000 permission information
and
> mount the remote share with identical user, group, and permission access.
> I am already using winbind, which provides the windows users and groups on
the
> linux machine
>
> The specific problem I attempting to solve is exporting a share from the
> windows machine on the internal network as a share on the linux NAT router
> (share of a share), while preserving the original permissions.
>
> The linux machine could be an active directory server if necessary (samba
3),
> but the share in question HAS to stay on the windows machine, which has no
> external address.
>
> Any help will be greatly appreciated.
>
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.2 (GNU/Linux)
>
> iD8DBQE++kA5XQ/AjixQzHcRAl1SAJ0avOLs5SGmiInPtQeHGa5wHG1b4QCfdLqn
> DwxvRcESU9Jb5b9vEpX58e8=
> =B4nZ
> -END PGP SIGNATURE-
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] unable to mount W2k shares to Linux box

[Phil Reardon]

Hello:

I am unable to mount the C$ share of my W2k box to my Linux box.  I get 
the error:

SMB connection failed  3260: tree connect failed:  ERRDOS - ERRnoaccess.

Here is what my smb.conf file looks like:  Please help.  Thanks

Phil Reardon

#=== Global Settings ===
[global]
  workgroup = MDKGROUP
  server string = %h server (Samba %v)
  guest account = nobody
  invalid users = root
  log file = /var/log/samba/log.%m
  max log size = 1000
  syslog = 0
  encrypt passwords = true
  socket options = TCP_NODELAY
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
  message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
  obey pam restrictions = yes
# Share Definitions ===
  
[homes]
  comment = Home Directories
  browseable = no
  valid users =%S
  map to guest = bad user
  writable = no
  create mask = 0700
  directory mask = 0700
  
[printers]
  comment = All Printers
  browseable = no
  path = /tmp
  printable = yes
  public = no
  writable = no
  create mode = 0700
  guest ok = yes
  
[temp]
guest ok = yes



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbmount, winbind, win 2000 permissions

[Ivan Gyurdiev]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Is there a way to make smbmount retrieve win 2000 permission information and 
mount the remote share with identical user, group, and permission access.
I am already using winbind, which provides the windows users and groups on the 
linux machine

The specific problem I attempting to solve is exporting a share from the 
windows machine on the internal network as a share on the linux NAT router 
(share of a share), while preserving the original permissions. 

The linux machine could be an active directory server if necessary (samba 3), 
but the share in question HAS to stay on the windows machine, which has no 
external address. 

Any help will be greatly appreciated.


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE++kA5XQ/AjixQzHcRAl1SAJ0avOLs5SGmiInPtQeHGa5wHG1b4QCfdLqn
DwxvRcESU9Jb5b9vEpX58e8=
=B4nZ
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Security Parameter Question

[Martin Stacey]

I posed this question to the user group a couple of days ago;

I have a Samba server (version 2.2.8) running as a PDC.
I have just setup another Samba server and don't want to setup a smbpasswd
file on this machine.
I simply want all authentication of usernames/passwords to be done on the
PDC.
Do I use security = server or security = domain?

A couple of you respond (thank you) and suggested I used security = domain.

I now have another question;

If I have W98 machines on my network will this setting work with such
machines?

Martin Stacey
IT Support Manager
Safcol Australia Pty Ltd


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba with dual network interfaces

[Kaprino the NetCitizen]

I am having problems with Samba working with dual
network interfaces.  I have 2 interfaces setup
eth1=192.168.0.2 & eth0=192.168.4.14.  I have no
problems mapping  drives to samba from  any machines
from 192.168.4.0 network. But my laptop(IP
192.168.014) cannot map to the Samba shares. With the
laptop I was ablt to map to 192.168.4.13 because I am
IP Forwarding packets from the Samba  server which is
set as the default gateway(192.168.0.2) for the
laptop.  I get
the following error msg when do try mapping from
command line.
  
 net use z: \\192.168.0.2\homes /USER:oracle
/PERSISTENT:NO
 
   Windows System error 5.
 Acces denied  

Anyy help would be appreciated.

Thanks,

Kaprino


my smb.conf settings

[global]
workgroup = TEST
server string =%h
security = user
interfaces = eth1 192.168.0.2/24
#   interfaces = eth0 192.168.4.14/24
username map = /etc/samba/smbusers
smb passwd file = /etc/samba/smbpasswd
encrypt passwords = yes
log file =/var/log/samba/%m_%U.log
log level = 10
syslog = 0
hosts allow =  192.168.0.0/16
lanman auth=no
min protocol=   NT1
lm announce=no

[homes]
comment = Home Directories
valid users = oracle
path=   /home/%S
browseable = No
hide dot files = yes
read only = No
create mask = 0740
directory mask = 0750
hide unreadable = yes

[test]
comment = Test Share
path=   /home
valid users = oracle
guest ok = No
browseable = No
read only = No
directory mask = 0750
create mask = 0740
hide unreadable = yes



__
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Access Databse

[Iwan Davies]

This mail is probably spam.  The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future.  See http://spamassassin.org/tag/ for more details.

Content preview:  Hi, I'm running samba as a file store in our windows
  2000 domain and are having a few problems with MS Access, we have a
  couple of users accessing the same mdb file, but when more than one
  person accesses the same file is says that the file is locked. I'm new
  to samba but feel that I have got everything else working apart from
  these mdb file. Your assistance would be greatly appreciated. Thank You
   Iwan Davies Server Support and
  Development Technician Cyngor Sir Ceredigion County Council IT Section
  Finance [...] 

Content analysis details:   (5.40 points, 5 required)
X_PRIORITY_HIGH(1.9 points)  Sent with 'X-Priority' set to high
FORGED_MUA_OUTLOOK (3.5 points)  Forged mail pretending to be from MS Outlook


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Access Files

[Iwan Davies]

This mail is probably spam.  The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future.  See http://spamassassin.org/tag/ for more details.

Content preview:  Hi, I'm running samba as a file store in our windows
  2000 domain and are having a few problems with MS Access, we have a
  couple of users accessing the same mdb file, but when more than one
  person accesses the same file is says that the file is locked. I'm new
  to samba but feel that I have got everything else working apart from
  these mdb file. Your assistance would be greatly appreciated. [...] 

Content analysis details:   (5.40 points, 5 required)
X_PRIORITY_HIGH(1.9 points)  Sent with 'X-Priority' set to high
FORGED_MUA_OUTLOOK (3.5 points)  Forged mail pretending to be from MS Outlook


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Two winbinds in one machine?

[Andrew Bartlett]

On Thu, 2003-06-26 at 02:21, Fernando del Valle wrote:
> Hi,
> 
> I'm switching between two domains, and I need to make a couple of
> Linux+Samba machines provide the same shares in both domains. I've set up
> two sambas in the same machine, listening on different subinterfaces, but I
> can't make winbind to behave properly. As soon as I start the second
> winbind, the domain accounts provided by the first one become hidden (that
> is, 'getent passwd' only shows the second domain). I found both winbinds use
> the same UNIX socket/pipe. I found no way to choose the socket used, or to
> make winbind share the socket, neither in the configure script nor in the
> daemon options. Does anyone know how to work around this?
> 
> I use samba 2.2.3.

Not really, the path /tmp/.winbind/pipe is encoded in the nss_winbidn
client lib - which does not know how to use both.  A chroot() for both
smbds would be as good as you could get.

You should not be using 2.2.3 anyway, due to *major* security issues in
Samba < 2.2.8a.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Nautilus & 'smb:' is it buggy?

[James Taylor]

I've googled for this and it seems quite a few people can't
access Windows shares as described below. Is Nautilus & the
smb: command buggy?


--- James Taylor <[EMAIL PROTECTED]> wrote:
> Hi,
> 
> New to Samba, RH8. Searched for an answer but without
> joy.
> 
> I have set up a lone Linux machine with Samba on a
> Windows
> 2K network. I can log in from Windows -> Linux. I can
> also
> login into Windows resources from Linux when I use the
> command: smbclient //hostname/sharename -U username
> 
> However, when I use Gnome Nautilus and the 'smb:'
> command,
> I can see the workgroup, enter and see the Windows server
> in the workgroup but when I open the server to locate the
> share I get ¨Couldnt Find \\hosename\sharename please
> check
> the spelling and try again¨
> 
> Any thoughts?
> 
> Another question - are there any better ways of allowing
> a
> user access to a WinNT share than having to allow the
> Windows Guest user browse rights to the share?
> 
> Regards
> James
> 
> __
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
> -- 
> To unsubscribe from this list go to the following URL and
> read the
> instructions: 
http://lists.samba.org/mailman/listinfo/samba


__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] IDMAP usage

[Andrew Bartlett]

On Wed, 2003-06-25 at 21:28, Fabricio Adorno wrote:
> Hi, all
> 
> 
> I have a ldap server where I have defined all of my linux users and groups. 
> I'd like to store the SID<->(UID,GID) mapping there too using idmap, but I 
> don't know how to configure a directory entry to handle idmap storage. I 
> couldn't find how to do it in Samba-Howto-Collection (6th June 2003) and the 
> man pages seems to be incomplete. If someone have done it, I'll be glad to 
> have some help.

Samba 3.0 is designed to do this quite nicely - the schema file is in
examples/LDAP/samba.schema.

You configure it by saying:

idmap backend = ldap:ldap://my.ldap.server

Are you using ldap for Samba accounts too, or just for IDMAP?  

If you are using it for IDMAP/unix only, then things are not as
'pleasant' as they should be in how it's stored - it's on my todo list
to fix.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] snprintf, vsnprintf

[William Jojo]

On Wed, 25 Jun 2003, William Jojo wrote:

> 
> anyway the bug i'm tracking is a failure to expand the macros SAFE_FREE
> and VA_COPY. is compiles fine in AIX 5.1. as soon as i figure that one
> out, i'll forward it.
> 


found it. you are penalized in snprintf.c if you have all three of
HAVE_SNPRINTF, HAVE_VSNPRINTF and HAVE_C99_VSNPRINTF by what i believe is
an unnecessary else clause. It will include stdio.h, but will not define
SAFE_FREE and VA_COPY.

AIX 5.1 does not have vsnprintf so it compiles there.

I think this is what the change should be - pardon my misuse if diff, i
would like to know the correct format for submitting patches, but could
not find it during my short search of the site.



*** snprintf.orig   Wed Jun 25 19:20:54 2003
--- snprintf.c  Wed Jun 25 19:23:31 2003
***
*** 87,89 
!  /* make the compiler happy with an empty file */
!  void dummy_snprintf(void) {}
! #else
--- 87 
! #endif
***
*** 114 
- #endif
--- 111 
***
*** 790 
! #if !defined(HAVE_SNPRINTF) || !defined(HAVE_C99_SNPRINTF)
--- 787 
! #if !defined(HAVE_SNPRINTF) || !defined(HAVE_SNPRINTF_DECL)


Bill


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Accounts randomly clobber on user add (LDAP, XP, Samba PDC)

[Cove Schneider]

Hi folks,

This has been quite a mystery to us; we are in the process of migrating 
over from workgroups to a domain with Samba as the PDC. Every now and 
then when we add a machine to the domain it clobbers a random user's 
account in our LDAP database. I though it might be a problem with the 
smbldap-tools included in the samba dist., but after reviewing the code 
and retooling smbldap-useradd.pl, it still happens. And there is no 
obvious reason as to why it clobbers the accounts that it does...

Using: RedHat 8.0, samba-2.2.8, openldap 2.0.27, the computers are 
Windows XP.

In this example, the machine that was added is called "WP100523", and 
appears as the CN and displayName of the hijacked user account.

BEFORE (GOOD):
dn: uid=rkhan,ou=Employees,dc=wildpackets,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaAccount
uid: rkhan
uidNumber: 1040
gidNumber: 1000
givenName: R
sn: Khan
cn: R Khan
homeDirectory: /home/employees/rkhan
loginShell: /bin/false
gecos: R Khan
shadowMax: 900
shadowWarning: 7
shadowInactive: 2
ou: IT
shadowLastChange: 12101
userPassword:: secret
rid: 3236
smbHome: \\xo\homes
AFTER (BAD):
dn: uid=rkhan,ou=Employees,dc=wildpackets,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaAccount
uidNumber: 1040
gidNumber: 1000
givenName: R
sn: Khan
homeDirectory: /home/employees/rkhan
loginShell: /bin/false
gecos: R Khan
shadowMax: 900
shadowWarning: 7
shadowInactive: 2
ou: IT
shadowLastChange: 12101
uid: rkhan
pwdLastSet: 1056581155
logonTime: 0
logoffTime: 0
kickoffTime: 0
pwdCanChange: 0
pwdMustChange: 0
displayName: WP100523$
cn: WP100523$
smbHome: \\xo\homes
rid: 3080
primaryGroupID: 3001
acctFlags: [W  ]
I can provide some more logs if that would be helpful, they're rather 
long though.

Any help would be greatly appreciated, Thanks,

Cove

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] snprintf, vsnprintf

[Tim Potter]

On Wed, Jun 25, 2003 at 06:53:45PM -0400, William Jojo wrote:

> I'm tracking a compiling issue with 2.2.8a on AIX 5.2-ML01 with IBM C for
> AIX 6.0 and i'm having an issue with lib/snprintf.c
> 
> The first thing i noticed is that "includes.h" is not included which is
> in many other places, but I'm sure there are reaasons.

I'm not sure why either but there probably is a good reason.  (-:

> The other thing is there is a check at the beginning for HAVE_SNPRINTF,
> HAVE_VSNPRINTF and HAVE_C99_VSNPRINTF to include stdio.h - that one i
> get. the one i don't get is at line 790:
> 
> #if !defined(HAVE_SNPRINTF) || !defined(HAVE_C99_SNPRINTF)
> 
> i can't find a HAVE_C99_SNPRINTF anywhere in configure unless it's under
> another name, but it seems to me based on the description given by
> "mbp" in the code that it may need to look like this:

This should be HAVE_C99_VSNPRINTF (it's fixed in Samba 3.0).  You might
get a different error though.  Give it a go and let me know what
happens.


Tim.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbclient problem ? SUCCESS - 0 opening remote file

[sigfried and roy]

has anyone experienced this type of error before?
im using smb to connect to a nt server for backup.  it works sometimes perfectly but 
also gives this error othertimes?


/-- dilga.cbio //cytopia01/users lev 1 STRANGE
sendbackup: start [dilga.cbio.cytopia.com.au://cytopia01/users level 1]
sendbackup: info BACKUP=/usr/bin/smbclient
sendbackup: info RECOVER_CMD=/bin/gzip -dc |/usr/bin/smbclient -f... -
sendbackup: info COMPRESS_SUFFIX=.gz
sendbackup: info end
? SUCCESS - 0 opening remote file \andrew\Apple stuff\ppslides complete.ppt 
(\andrew\Apple stuff\)
? SUCCESS - 0 opening remote file \andrew\Apple stuff\Presentation1.ppt (\andrew\Apple 
stuff\)
? SUCCESS - 0 opening remote file \andrew\Apple stuff\prostate 1.doc (\andrew\Apple 
stuff\)
? SUCCESS - 0 opening remote file \andrew\Apple stuff\prostate 3.doc (\andrew\Apple 
stuff\)
? SUCCESS - 0 opening remote file \andrew\Apple stuff\prostate 4.doc (\andrew\Apple 
stuff\)
? SUCCESS - 0 opening remote file \andrew\Apple stuff\prostate cancer.doc 
(\andrew\Apple stuff\)
? SUCCESS - 0 opening remote file \andrew\Apple stuff\prostate2.doc (\andrew\Apple 
stuff\)
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] XP Pro, Samba-3 authentication consistancy problems

[Justin Kreger]

I'm seeing the same exact thing, Primarly with an XP Home user, and one
XP Pro user.

On Wed, 2003-06-25 at 10:56, Damian Gerow wrote:
> I really don't know where to start on this one...
> 
> We have an XP Pro workstation.  The user on this workstation is, say, 'bob'.
> Earlier this year, bob would log in to his workstation with a different
> password than was on the Samba machine.  I /think/ that's what's causing the
> problems, but I'm not sure.
> 
> Anyhow, we had specifically mapped drives on bob's workstation using his
> samba password.  Lately, bob's been having troubles where he can mount
> drives but can't see the contents.  In fact, trying to view the contents can
> crash his entire computer -- we have to end the explorer task, and re-start
> it.
> 
> So we changed passwords everywhere to be the new password, killed all drive
> mappings, and tried again.  The weird thing is, we'd be able to list the
> contents of the share for a couple of minutes, then we'd lose it again.  The
> samba logs actually showed something like this:
> 
> [2003/06/24 09:57:12, 2] auth/auth.c:check_ntlm_password(288)
>   check_ntlm_password:  authentication for user [bob] -> [bob] -> [bob] suceeded
> [2003/06/24 09:58:47, 2] smbd/server.c:exit_server(558)
>   Closing connections
> [2003/06/24 09:59:35, 2] auth/auth.c:check_ntlm_password(295)
>   check_ntlm_password:  Authentication for user [bob] -> [bob] FAILED with error 
> NT_STATUS_WRONG_PASSWORD
> [2003/06/24 09:59:35, 2] smbd/server.c:exit_server(558)
>   Closing connections
> [2003/06/24 09:59:35, 2] auth/auth.c:check_ntlm_password(295)
>   check_ntlm_password:  Authentication for user [bob] -> [bob] FAILED with error 
> NT_STATUS_WRONG_PASSWORD
> 
> It looks almost like the workstation is trying a /different/ password the
> second time.
> 
> So, we re-mapped all the drives, explicitly specifying the password.  Then
> tried it all again using the /old/ password on both machines.  At this
> specific moment, bob has access to our samba server, but it's hard to say
> for how long.
> 
> I realize this is all a bit erratic, but I haven't been able to find a
> common ground amongst all this.  I'm willing to just blame the workstation,
> just wondering if anyone can give any pointers/eye openers before I do?


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] snprintf, vsnprintf

[William Jojo]

I'm tracking a compiling issue with 2.2.8a on AIX 5.2-ML01 with IBM C for
AIX 6.0 and i'm having an issue with lib/snprintf.c

The first thing i noticed is that "includes.h" is not included which is
in many other places, but I'm sure there are reaasons.

The other thing is there is a check at the beginning for HAVE_SNPRINTF,
HAVE_VSNPRINTF and HAVE_C99_VSNPRINTF to include stdio.h - that one i
get. the one i don't get is at line 790:

#if !defined(HAVE_SNPRINTF) || !defined(HAVE_C99_SNPRINTF)

i can't find a HAVE_C99_SNPRINTF anywhere in configure unless it's under
another name, but it seems to me based on the description given by
"mbp" in the code that it may need to look like this:

#if !defined(HAVE_SNPRINTF) || !defined(HAVE_SNPRINTF_DECL)



anyway the bug i'm tracking is a failure to expand the macros SAFE_FREE
and VA_COPY. is compiles fine in AIX 5.1. as soon as i figure that one
out, i'll forward it.


Bill

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Two winbinds in one machine?

[Alexandru Molodoi]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Fernando del Valle
Sent: 25 iunie 2003 19:22
To: [EMAIL PROTECTED]
Subject: [Samba] Two winbinds in one machine?


Hi,

I'm switching between two domains, and I need to make a couple of
Linux+Samba machines provide the same shares in both domains. I've set
up
two sambas in the same machine, listening on different subinterfaces,
but I
can't make winbind to behave properly. As soon as I start the second
winbind, the domain accounts provided by the first one become hidden
(that
is, 'getent passwd' only shows the second domain). I found both winbinds
use
the same UNIX socket/pipe. I found no way to choose the socket used, or
to
make winbind share the socket, neither in the configure script nor in
the
daemon options. Does anyone know how to work around this?

I use samba 2.2.3.


Why don't you use 2 different Linux boxes each one acting as a domain
controller?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba3.0b1 compliaton error

[Wachdorf, Daniel R]

I have MIT Kerberos 1.2.8 installed.

I get this at the linking stage.  Any ideas?

/usr/local/lib/libkrb5.a(fcc_gennew.o): In function `krb5_fcc_generate_new':
fcc_gennew.o(.text+0x6a): the use of `mktemp' is dangerous, better use
`mkstemp'
/usr/local/lib/libgssapi_krb5.a(accept_sec_context.o): In function
`rd_and_store_for_creds':
accept_sec_context.o(.text+0x72): undefined reference to `krb5_rd_cred'
accept_sec_context.o(.text+0xca): undefined reference to `krb5_rd_cred'
/usr/local/lib/libgssapi_krb5.a(accept_sec_context.o): In function
`krb5_gss_accept_sec_context':
accept_sec_context.o(.text+0x17ab): undefined reference to `krb5_mk_error'
/usr/local/lib/libgssapi_krb5.a(acquire_cred.o): In function
`acquire_accept_cred':
acquire_cred.o(.text+0x5f): undefined reference to `krb5_sname_to_principal'
/usr/local/lib/libgssapi_krb5.a(gssapi_krb5.o): In function
`kg_get_context':
gssapi_krb5.o(.text+0xea): undefined reference to `krb5_ser_context_init'
gssapi_krb5.o(.text+0x10e): undefined reference to
`krb5_ser_auth_context_init'
gssapi_krb5.o(.text+0x132): undefined reference to `krb5_ser_ccache_init'
gssapi_krb5.o(.text+0x152): undefined reference to `krb5_ser_rcache_init'
gssapi_krb5.o(.text+0x192): undefined reference to
`krb5_ser_auth_context_init'
/usr/local/lib/libgssapi_krb5.a(import_name.o): In function
`krb5_gss_import_name':
import_name.o(.text+0x159): undefined reference to `krb5_sname_to_principal'
/usr/local/lib/libgssapi_krb5.a(init_sec_context.o): In function
`make_ap_req_v1':
init_sec_context.o(.text+0x221): undefined reference to `krb5_fwd_tgt_creds'
/usr/local/lib/libgssapi_krb5.a(init_sec_context.o): In function
`krb5_gss_init_sec_context':
init_sec_context.o(.text+0x11ec): undefined reference to
`krb5_free_cksumtypes'
collect2: ld returned 1 exit status
make: *** [bin/smbd] Error 1


--
Daniel Wachdorf
[EMAIL PROTECTED]
Sandia National Laboratories
System Security Research and Integration
505-284-8060



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Join ADS on startup

[Brett Bonner MB 160]

I'm not intentionally deleting secrets.tdb.
--- Andrew Bartlett <[EMAIL PROTECTED]> wrote:
> On Tue, 2003-06-24 at 16:59, Brett Bonner MB 160
> wrote:
> > New to Samba and linux in general -
> > 
> > I can successfully join Active directory but I
> have to
> > rejoin manually after each boot.  How can I join
> ADS
> > when I start smb?
> 
> Are you deleting secrets.tdb on each bootup?
> 
> -- 
> Andrew Bartlett
> [EMAIL PROTECTED]
> Manager, Authentication Subsystems, Samba Team 
> [EMAIL PROTECTED]
> Student Network Administrator, Hawker College  
> [EMAIL PROTECTED]
> http://samba.org http://build.samba.org
> http://hawkerc.net
> 

> ATTACHMENT part 2 application/pgp-signature
name=signature.asc



__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Setting up home directories.

[Chris Shafer]

/*
 * If this did actually make it to the list already Im sincerly sorry. 
 * It appears subject only in the linux.samba group. 
 */


Hello all,

I have a couple of questions about using the user home directories. Is 
it necessary to keep the smbpasswd file in sync with the passwd file. 
When user level security is turned on. From what I have been able to 
figure out is that these files do not auto-magically sync up and that the 
only real way to keep them in sync is to do it manually, unfortunately 
from what I have been able to gather this also requires knowing the 
users password and if the change it using unix these changes will not 
be reflected in the smbpasswd file. Is there away to keep these files in 
sync and I'm just unable to find it in the documentation (I read through 
almost all of the documentation available on the samba.org website).

Or maybe you can provide a better solution to my problem. I'm in the 
process of setting up a Linux file server for my old high schools web 
design and typing class. The way I have it set up so far is that each 
user gets a unix username and a entry added to the smbpasswd file. Using 
a little perl program I hacked together (toad.net/~cshafer/addstudent). 
Is there a better way to do this (ldap maybe?)?

Thanks,
Chris Shafer



pgp0.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] pdc and password expiration

[Diego Alvarez]

hi all,
y have set up a PDC using samba 2.2.7 (which comes with Red Hat Linux Advanced Server 
2.1AS),
it use encripted passwords and store its data into /etc/samba/smbpasswd file.
i know that when using encripted passwords samba ignore PAM, but i did
some test without using encripted passwords and password expiration
did not work either.
the thing is that i want to know if samba support password expiration in
some way. i am asking here because i could not found any recent
information on the web, just some references to samba 2.0.x.

if samba does support password expiration, does it have any isse with some
windows version?

Thanks,
Diego Alvarez.

PS: i am not an english native speaker, so if this mail have some error
please excuse me.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Authentication Scheme for Samba3.0beta

[Tim Jordan, Network Services]

Hello,
I'm trying to configure authentication for my Samba3.0beta box against 
our W2K (mixed-mode), Acitve Directory network. 

Is Windbind still the way to go for login authentication in Samba3.0 
using my Windows domain account?  I want to stay with our Acitve 
Directory PDC authenticating me.

Is there a way to get my Kerberos ticket at login for my Samba box? 

Being able to easily connect to windows machines, from a shell, using 
the Kerberos ticket is very nice!  Can I do that through a broswer such 
as Konqueror?  My current setup still prompts me for authentication to 
each share.

I have enjoyed working with Samba over the past few weeks (I'm very new 
at this!).  Any info. or pointers are very appreciated.

TIA,
Tim




--

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Filename Encoding Issues (umlaut, foreign letters) [Solved]

[Holger Brückner]

Hello,

i finally solved the issue when upgrading a samba 2.x box to 3.0 with
foreign language letters, especially with german umlauts.

problem was that a not specially configured samba2.x box would use cp437
as default encoding, while samba3 uses utf-8.

i wrote a small python script which walks through a directory and does
filename conversion from cp437 to utf-8. if you change parameters you
could convert from any encoding known to python to any other encoding
(if it's possible with unicode).

it's available at http://tinyurl.com/f8ol

WARNING: use at your own risk, and only use it once on a given file !!! 
because the program can't determine the current encoding it will always
convert a filename from cp437 to utf-8, even if it was already in utf-8
encoding, which then results in a unaccessible file again.

thx for the great work on samba

Holger Brueckner
net-labs Systemhaus GmbH






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Two winbinds in one machine?

[Fernando del Valle]

Hi,

I'm switching between two domains, and I need to make a couple of
Linux+Samba machines provide the same shares in both domains. I've set up
two sambas in the same machine, listening on different subinterfaces, but I
can't make winbind to behave properly. As soon as I start the second
winbind, the domain accounts provided by the first one become hidden (that
is, 'getent passwd' only shows the second domain). I found both winbinds use
the same UNIX socket/pipe. I found no way to choose the socket used, or to
make winbind share the socket, neither in the configure script nor in the
daemon options. Does anyone know how to work around this?

I use samba 2.2.3.

netstat -nap | grep winbindd shows this (.200 and .209 are the PDCs):

tcp0  0 192.168.0.242:32918 192.168.0.200:445
ESTABLISHED 24619/winbindd
tcp0  0 192.168.0.242:32917 192.168.0.200:445
ESTABLISHED 24619/winbindd
tcp0  0 192.168.0.242:32925 192.168.0.209:445
ESTABLISHED 24905/winbindd
unix  2  [ ACC ] STREAM LISTENING 114109 24619/winbindd
/tmp/.winbindd/pipe
unix  2  [ ACC ] STREAM LISTENING 120740 24905/winbindd
/tmp/.winbindd/pipe

Yours,

Fernando del Valle



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Printer drivers on a samba 2.2.8a server: how?

[Fabio Muzzi]

I'd  like to set up my samba 2.2.8a server to serve printer drivers to
clients  when needed. I have set up the print$ share, in which I still
have  no  drivers.  Tried adding drivers from a win2000 workstation by
using  "server  properties"  command,  I  can't add anything since all
buttons  are  greyed  out. The user I am using is in the printer admin
group  in  smb.conf.  I  can  provide  snippets of the config files if
needed.

Is  there  some  docs I can read about my specific issue, or generally
about printing with samba 2.2.8 and cups?

Thanks a lot.
  

-- 
Best regards,
 Fabio  mailto:[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Installing samba on Red Hat 8

[Vizitiu, Ciprian]

> I get a msg. like "flie blabla conflicting with file from 
> samba-2.2.7'' or something like that.

How about more details about that "blabla"? :-/

In principle there is a big difference between samba.rpm that you get from
samba.org and samba that comes with RedHat. RedHat splits the samba package
in several parts. Mount the RH CDROMs and see how many sambas you can find.
Most likely Redhat installed only a part of the samba suite like
samba-client or smth; the response in the "blabla" part. OTOH samba from
samba.org is a big gulp it gets you everything. You have to choose which
path you'll go. Oh, and if you're in search of one installed package do a
"rpm -qa | grep package"; rpm -q samba will just ask about samba but if all
you have is samba-client...
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] KDC has no support for encryption type

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 25 Jun 2003, Sergey Smirnov wrote:

> ~  kerberos_kinit_password [EMAIL PROTECTED] failed: KDC has no support
> for encryption type

Change the admin password on the Windows DC once and you'll be set to go.




cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
--John Cusack - "Grosse Point Blank" (1997)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE++cVnIR7qMdg1EfYRAlPFAJ9pd+dXVu8DlH/iEvkzkmWWCrdDvACdHOoQ
vkfzzfzvB+KiiuGVVEcJrmQ=
=Bg3r
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple wins server entries

[Dan Am]

Am Mittwoch, 25. Juni 2003 17:24 schrieb Nejc Skoberne:
> 2. man smb.conf says "password server" must be a NetBIOS name. I have
> IP addresses specified and it works OK anyway. How come?
Might work for some cases, but for instance when you start using winbind you 
run into trouble.

Regards 
Dan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 2.2.8a-1, Raidzone, filesize > ~17.6GB

[Jeremy Allison]

On Wed, Jun 25, 2003 at 10:54:44AM -0400, Eric N. Moyer wrote:
> I am working with a Raidzone tech to solve a problem with our Raidzone 
> NAS.  The tech told me he has not yet posted to any Samba list about this, 
> and gave me permission to do so.
> 
> Using XCOPY from either NT4SP6a or W2KSP3, over varying network paths, a 
> file of 18,490,235K-1 bytes or smaller will copy to the NAS successfully in 
> about 45 minutes, but a file of 18,490,256K-1 bytes or larger will 
> fail.  The failure occurs in about 7 minutes with a message on the Windows 
> computer of either "end of file reached" (on NT) or "network path no longer 
> available" (on W2K.)  When a copy fails, /var/log/samba/log. on 
> the NAS contains messages about "no response to oplock break request".
> 
> During the trials which fail, it seems that no data flows; the lights on 
> the switch show no traffic, the drives on the Windows computer sending the 
> file are not accessed, and the LCD display on the NAS shows only minimal 
> dataflow.
> 
> We could probably narrow the threshold window further, but have not done it 
> yet.
> 
> Setting oplock break wait time = 100 had no perceivable effect.  Disabling 
> oplocks completely resulted in the XCOPY failing with a sharing violation 
> message on the NT box.  (We did not try this variation on W2K.)
> 
> The NAS appears to be running Linux kernel 2.4.18.

Interesting. I always wondered what version of Samba the RAIDZONE
people are running. They haven't asked to be put on our vendors
list to my knowledge. The version of Samba they are running is
far more important. Ask them for the source code to see if any
changes have been made or if it's a standard version and if so
what version it is.

oplock break failures are commonly due to network hardware problems
or sometimes client bugs. All of the known Samba bugs here have
been fixed to my knowledge.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Installing samba on Red Hat 8

[admir]

Yo All,

I am trying to install Samba 3 beta on my RH 8 machine.

At the installation of red hat I chosed not to install samba.
I downloaded beta rpm for Red Hat and when I try insatling it I get a msg.
like "flie blabla conflicting with file from
samba-2.2.7'' or something like that.

Now I try runing comand rpm -q samba end that tels me there is no rpm samba.
Not installed! Right?

Then I try this rpm -i --replacefiles samba-3.0.0beta1-1.i386.rpm

that seems to be working.

Now I look for smbpasswd in /etc/samba and I found it is not there and I
supose some other critical files are missing too or they are not where they
shoud be.

Next think I do is rpm -e samba-3.0.0beta1-1 and that works fine.

then I trye compiling the package my self by downloading tar ball and
running command tar -xvzf to unpack the tarrball.
Evrything gets unpacked.
then I run ./configure and then make, make install. Evrything is installed
but there is no swat file in my xinetd.d.

What do I do now? I am new at Linux and I am out of options. Please Help?

I wil be greatfull for the rest of my life.

Regards,

Admir







-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] help!!

[Dan Am]

Hi,
Am Mittwoch, 25. Juni 2003 06:24 schrieb Saisab Pradhan:
> netbios name = icimodfs
> netbios aliases = icimodfs
Well, this could be the problem. The same name is issued twice.
Check "nmblookup -A "

Hth
Dan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple wins server entries

[Nejc Skoberne]

Hi.

I have 2 questions:

1. Is it possible to specify mutiple "wins servers" in smb.conf file?
man smb.conf doesn't say that, so I don't know. If it is possible how
do I do it? "wins server = IP_1, IP_2"?

2. man smb.conf says "password server" must be a NetBIOS name. I have
IP addresses specified and it works OK anyway. How come?

Thank you in advance,

-- 
Nejc Skoberne
Grajska 5
SI-5220 Tolmin
E-mail: [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] XP Pro, Samba-3 authentication consistancy problems

[Damian Gerow]

I really don't know where to start on this one...

We have an XP Pro workstation.  The user on this workstation is, say, 'bob'.
Earlier this year, bob would log in to his workstation with a different
password than was on the Samba machine.  I /think/ that's what's causing the
problems, but I'm not sure.

Anyhow, we had specifically mapped drives on bob's workstation using his
samba password.  Lately, bob's been having troubles where he can mount
drives but can't see the contents.  In fact, trying to view the contents can
crash his entire computer -- we have to end the explorer task, and re-start
it.

So we changed passwords everywhere to be the new password, killed all drive
mappings, and tried again.  The weird thing is, we'd be able to list the
contents of the share for a couple of minutes, then we'd lose it again.  The
samba logs actually showed something like this:

[2003/06/24 09:57:12, 2] auth/auth.c:check_ntlm_password(288)
  check_ntlm_password:  authentication for user [bob] -> [bob] -> [bob] suceeded
[2003/06/24 09:58:47, 2] smbd/server.c:exit_server(558)
  Closing connections
[2003/06/24 09:59:35, 2] auth/auth.c:check_ntlm_password(295)
  check_ntlm_password:  Authentication for user [bob] -> [bob] FAILED with error 
NT_STATUS_WRONG_PASSWORD
[2003/06/24 09:59:35, 2] smbd/server.c:exit_server(558)
  Closing connections
[2003/06/24 09:59:35, 2] auth/auth.c:check_ntlm_password(295)
  check_ntlm_password:  Authentication for user [bob] -> [bob] FAILED with error 
NT_STATUS_WRONG_PASSWORD

It looks almost like the workstation is trying a /different/ password the
second time.

So, we re-mapped all the drives, explicitly specifying the password.  Then
tried it all again using the /old/ password on both machines.  At this
specific moment, bob has access to our samba server, but it's hard to say
for how long.

I realize this is all a bit erratic, but I haven't been able to find a
common ground amongst all this.  I'm willing to just blame the workstation,
just wondering if anyone can give any pointers/eye openers before I do?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 2.2.8a-1, Raidzone, filesize > ~17.6GB

[Eric N. Moyer]

I am working with a Raidzone tech to solve a problem with our Raidzone 
NAS.  The tech told me he has not yet posted to any Samba list about this, 
and gave me permission to do so.

Using XCOPY from either NT4SP6a or W2KSP3, over varying network paths, a 
file of 18,490,235K-1 bytes or smaller will copy to the NAS successfully in 
about 45 minutes, but a file of 18,490,256K-1 bytes or larger will 
fail.  The failure occurs in about 7 minutes with a message on the Windows 
computer of either "end of file reached" (on NT) or "network path no longer 
available" (on W2K.)  When a copy fails, /var/log/samba/log. on 
the NAS contains messages about "no response to oplock break request".

During the trials which fail, it seems that no data flows; the lights on 
the switch show no traffic, the drives on the Windows computer sending the 
file are not accessed, and the LCD display on the NAS shows only minimal 
dataflow.

We could probably narrow the threshold window further, but have not done it 
yet.

Setting oplock break wait time = 100 had no perceivable effect.  Disabling 
oplocks completely resulted in the XCOPY failing with a sharing violation 
message on the NT box.  (We did not try this variation on W2K.)

The NAS appears to be running Linux kernel 2.4.18.

I found nothing about this in open web searching.  I looked through the 
archives of this list and saw that oplock messages are often attributed to 
network problems, but if that is the case here, then I wonder why there 
seems to be a file size threshold involved.  I also saw that someone 
reported a similar situation with files of ~25GB, but there did not seem to 
be any replies.

I am hoping the file size threshold I have described above may give someone 
an insight about the situation, or that there may be suggestions for 
specific areas for the Raidzone tech and I to investigate.

Finally, I am new to Samba and this list, so I apologize for any ignorance 
on my part.

Thank you.  -Eric



Regards,

Eric Moyer ([EMAIL PROTECTED])
Library Technologies, Inc.
2300 Computer Avenue, Suite D-19
Willow Grove, PA  19090
Phone 215-830-9320, FAX 215-830-9422 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Kerberos PAC information

[Andrew Bartlett]

On Thu, 2003-06-26 at 00:09, Wachdorf, Daniel R wrote:
> Does SAMBA 3.0 use the PAC information available within a Microsoft Kerberos
> ticket?

Not at present (because unix is not structured quite in the same way,
it's harder to use the information 'directly').  However we will be
doing so shortly in order to take advantage of the extra information it
holds (I hope - we have it parsed, so it should be too hard to plug the
information in).  This is Samba 3.0, naturally.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Ghost Create account: procedure number out ofrange inSamba

[Dan Gapinski]

I'm sorry - I meant the Ghost server - is that a member of the Samba domain?
I think that Ghost 7.5 can "walk" across trusted domains, but I am not sure
that is possible in Samba. Anyone else care to comment?

Dan

- Original Message -
From: "werner maes" <[EMAIL PROTECTED]>
To: "Dan Gapinski" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, June 25, 2003 2:51 AM
Subject: Re: [Samba] Ghost Create account: procedure number out ofrange
inSamba


> It is a separate domain logon server, see configuration below (relevant
> entries only).
> Does it have to be a member of a Samba domain? (security = domain?)
>
> [global]
>  security = USER
>  workgroup = DOMAIN
>  netbios name = DOMAINSERVER
>  interfaces = x.y.v.w/24
>  logon script = scripts\%m.bat
>  os level = 110
>  preferred master = Yes
>  local master = Yes
>  domain master = True
>  domain logons = Yes
>  domain admin group = @root
>  ldap server = x.y.v.z
>  ldap port = 389
>  ldap suffix = o=kuleuven,c=be
>  ldap admin dn = cn=master,o=kuleuven,c=be
>
> The ldap server is installed with openldap.
>
> Werner
>
> At 16:42 24/06/2003, Dan Gapinski wrote:
> >Not to ask the annoying ?'s, but the server that you're working from is
> >indeed a member of the Samba domain (& not a separate domain/workgroup)?
> >
> >Dan
> >- Original Message -
> >From: werner maes
> >To: Dan Gapinski
> >Sent: Tuesday, June 24, 2003 10:45 AM
> >Subject: Re: [Samba] Ghost Create account: procedure number out ofrange
> >inSamba
> >
> >Yes, that's right.
> >
> >Werner
> >
> >Dan Gapinski wrote:
> >>
> >>So in your Ghost services properties, then your 'Log on as' entry looks
like
> >>
> >>this:
> >>
> >>domain\root
> >>
> >>?
> >>
> >>Thanks,
> >>
> >>Dan
> >>
> >>- Original Message -
> >>
> >>From: "werner maes"
> >>><[EMAIL PROTECTED]>
> >>
> >>To: "Dan Gapinski"
><[EMAIL PROTECTED]>
> >>
> >>Cc: ><[EMAIL PROTECTED]>
> >>
> >>Sent: Tuesday, June 24, 2003 10:12 AM
> >>
> >>Subject: Re: [Samba] Ghost Create account: procedure number out ofrange
> >>
> >>inSamba
> >>
> >>
> >>
> >>
> >>>
> >>>domain admin group = root (in smb.conf)
> >>>
> >>>I have defined the user 'root' in LDAP. On the client I added the
domain
> >>>
> >>>users to the administrators group. I try to run the services under this
> >>>
> >>>root account on the domain but the services will only run under a local
> >>>
> >>>system account and not under a domain account. That seems to be the
> >>>
> >>>problem. With this user 'root' it is possible to manually join the
client
> >>>
> >>>to the domain and to logon to the domain.
> >>>
> >>>
> >>>I've tried about everything but still no solution
> >>>
> >>>Still hoping though :-)
> >>>
> >>>
> >>>Werner Maes
> >>>
> >>>
> >>>At 09:39 24/06/2003, Dan Gapinski wrote:
> >>>
> >>>
> 
> I see - what type of domain account are you using? Your method is
right
> 
> 
> >>
> >>tho,
> >>
> >>
> 
> setting the services to run under a domain account. I just want you to
be
> 
> absolutely sure that the account is administrator. If this is a test
> 
> environment, you could start by running the service as root, and see
if
> 
> 
> >>
> >>it
> >>
> >>
> 
> works then (though I would not do that in production).
> 
> 
> Dan
> 
> 
> - Original Message -
> 
> From: "werner maes"
> <[EMAIL PROTECTED]>
> 
> To: "Dan Gapinski"
<[EMAIL PROTECTED]>
> 
> Cc: <[EMAIL PROTECTED]>
> 
> Sent: Tuesday, June 24, 2003 4:35 AM
> 
> Subject: Re: [Samba] Ghost Create account: procedure number out
ofrange
> 
> inSamba
> 
> 
> 
> 
> >
> >Sorry to bother you again but in my situation with LDAP
authentication
> >
> >
> >>
> >>it
> >>
> >>
> >
> >doesn't seem to work.
> >
> >
> >I'll explain the configuration in detail.
> >
> >
> >I have a Samba 2.2.8a domain controller which is compiled and
> >
> >
> >>
> >>configured
> >>
> >>
> >
> >with LDAP support.
> >
> >The user and machine accounts are defined in LDAP. I manually added
an
> >
> >Windows XP workstation
> >
> >to the domain (no problems here) using a root account also defined in
> >
> >
> 
> LDAP.
> 
> 
> >
> >Now I would like to clone this machine to other machines using Norton
> >
> >
> 
> Ghost
> 
> 
> >
> >7.5. Therefore I have set up
> >
> >a Ghost Multicast Server. Now when I use to Ghost Console on the
> >
> >
> >>
> >>multicast
> >>
> >>
> >
> >server and try to ad

[Samba] Kerberos PAC information

[Wachdorf, Daniel R]

Does SAMBA 3.0 use the PAC information available within a Microsoft Kerberos
ticket?

Thanks.

-dan

--
Daniel Wachdorf
[EMAIL PROTECTED]
Sandia National Laboratories
System Security Research and Integration
505-284-8060



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba 2.2.8a and DOS .bat script

[Frank Nørvig]

> I'm experiencing a problem while executing DOS .bat scripts that have a
> directory name whose lenght is greater than 8 characters.
> Please see below an example:
> usr/mara/COPIA DI FATTUREVIAINTERNET/OK/SFE.BAT

Try putting a backslash in front of all spaces like this:

usr/mara/COPIA\ DI\ FATTUREVIAINTERNET/OK/SFE.BAT

--- Frank



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] initGrps.sh?

[John H Terpstra]

On Wed, 25 Jun 2003, Thomas Angst wrote:

> Hello John,
>
> I asked you last weekend about the group problem, maybe you remember.
> I was 4 days under heavy pressure, so I couldn't make some more tests.
> Anyway, your answer looks like it is the solution to my question.
> If I understand this correctly, then will a w2k Machine accept users
> from the root group as members of the Administrators group? Is this correct?
>
> net groupmap modify ntgroup="Administrators" unixgroup=root

Oddly enough, Administrators is not able to be used from a Windows client,
only domain groups can be. So that means that if you want to use the
Domain Administrator with root privilidge from MS Windows then you need to
set it to unix group root. ie: change the script below.

- John T.

>
> greetings
> Thomas
>
> John H Terpstra schrieb:
>
> >On Tue, 24 Jun 2003, Yeri Swamy wrote:
> >
> >
> >
> >>Hi
> >>
> >> From NT4 to Samba mimigration the HOWTO documents says do
> >>
> >>#initGrps.sh DOMIANNAME
> >>
> >>
> >>but where is initGrps.sh?? i am unable to locate??
> >>
> >>
> >
> >Here you are my friend. Enjoy.
> >
> >- John T.
> >
> >
> >#!/bin/bash
> > Keep this as a shell script for future re-use
> >
> ># First assign well known groups
> >net groupmap modify ntgroup="Account Operators" unixgroup=root
> >net groupmap modify ntgroup="Administrators" unixgroup=root
> >net groupmap modify ntgroup="Backup Operators" unixgroup=bin
> >net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins
> >net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
> >net groupmap modify ntgroup="Domain Users" unixgroup=users
> >net groupmap modify ntgroup="Guests" unixgroup=nobody
> >net groupmap modify ntgroup="Power Users" unixgroup=sys
> >net groupmap modify ntgroup="Print Operators" unixgroup=lp
> >net groupmap modify ntgroup="Replicators" unixgroup=daemon
> >net groupmap modify ntgroup="System Operators" unixgroup=sys
> >net groupmap modify ntgroup="Users" unixgroup=users
> >
> ># Now for our added Domain Group
> >#net groupmap add ntgroup="Designers" unixgroup=designers type=d rid=3200
> >#net groupmap add ntgroup="Engineers" unixgroup=engineers type=d rid=3210
> >#net groupmap add ntgroup="QA Team"   unixgroup=qateamtype=d rid=3220
> >
> >
> >
> >
> >
>
>

-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] filename conversion from samba 2.x to 3.0beta

[Holger Brückner]

Hello oder auch Hallo ;)

just as a reminder ;) it would be really nice if you could post your
config or better the parameter. 

thx, cya

Holger Brueckner
net-labs Systemhaus GmbH

On Tue, 2003-06-24 at 17:45, [EMAIL PROTECTED] wrote:
> > Hello,
> > 
> > i upgraded a samba 2.x box to 3.0beta1. now users are unable to access
> > filenames which contain german umlauts.
> > 
> > e.g. filename Römer is cut down to R
> > 
> > umlauts work fine when the filename is create by the samba 3.0 box.
> > 
> > does anybody know how to convert old style filenames to the new charset
> > ? i know that there is a "conversion" script in the samba howto, but
> > unfortunately it works with find and find makes Rmer out of Römer :(
> > , so this script doesn't work.
> > 
> > what was the old style default encoding and what is used in samba 3.0 ?
> > 
> > thx
> > 
> > Holger Brueckner
> > net-labs Systemhaus GmbH
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > 
> on suse you have to install a package called glibc locale
> after install you have to setup the right parm in smb.conf
> then it work but sorry i have my conf not here yet, i will post it later
> today
> greetz 
> 
> -- 
> +++ GMX - Mail, Messaging & more  http://www.gmx.net +++
> Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
> 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba x win2000

[Stephen Kuhn]

On Wed, 2003-06-25 at 22:23, HENRIQUE BIERWAGEN wrote:
> hi everybody...i am new here .
> 
> my name is henrique and I have tried for some days to configure a
> smb.conf file of samba in a mandrake 9.1 linux to
> share a printer located at a PC with a Windows NT 2000
> professional
> 
> I can see the remote folder's names but it appears
> empty to me
> 
> I can share files with a PC with a WIN '98... located
> at the same local network.
> 
> Somebody can help me ?
> 
> thank you so much
> 
> henrique

If you've already gotten the actual networking bits going, you should be
able to use Webmin to setup the printer actually very easily. If you
can't do it through the Mandrake Control Centre, and you can't do it
through the CUPS admin web tool, Webmin is your best bet, and easiest of
all to use for this purpose.

-- 
Wed Jun 25 22:35:00 EST 2003
 22:35:00 up 22:21,  2 users,  load average: 0.28, 0.20, 0.12
-
|____  |kuhn media australia|
|   /-oo /| |'-.   |http://kma.0catch.com   |
|  .\__/ || |   |  ||
|   _ /  `._ \|_|_.-'  |stephen kuhn|
|  | /  \__.`=._) (_   | email: [EMAIL PROTECTED] |
-
 linux user #:267497 linux machine #:194239 * MDK 9.1 & RH 7.3  
 Mandrake Linux Kernel 2.4.21-11mdk Cooker for i586
-
 * This message was composed on a 100% Microsoft free computer *

One can never consent to creep when one feels an impulse to soar.
-- Helen Keller
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba x win2000

[HENRIQUE BIERWAGEN]

hi everybody...i am new here .

my name is henrique and I have tried for some days to configure a
smb.conf file of samba in a mandrake 9.1 linux to
share a printer located at a PC with a Windows NT 2000
professional

I can see the remote folder's names but it appears
empty to me

I can share files with a PC with a WIN '98... located
at the same local network.

Somebody can help me ?

thank you so much

henrique



-
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 2.2.8a and DOS .bat script

[Fiorenza Meini]

Hi there!

I'm experiencing a problem while executing DOS .bat scripts that have a
directory name whose lenght is greater than 8 characters.

Please see below an example:

usr/mara/COPIA DI FATTUREVIAINTERNET/OK/SFE.BAT

I receive "access denied" error.

If  I execute the same .bat script from another path, which hasn't directory
name longer than 8 characters, it runs without problem.

Any suggestion?

Thanks

Fiorenza










-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with smbmount

[Veglianetti Fabio]

Hello,

 

I have a problem with a mount with smb client.

 

I have a net compose from a server with win 2000 server, Active
Directory, LDAP authentication and client linux RH 8. The authentication
to domain is right, I have the ticket Kerberos but when I make smbmount
to open a file service on win 2000 srv, the srv ask to me the password (
I use a domain account and the client isn't in domain but it is in
workgroup)

 

I ask if is possible resolve this problem.

 

Regards

 

Fabio Veglianetti

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] static wins

[Dmitry Melekhov]

Hello!

We need to have several statis entries in wins.dat (just because there 
is no wins replication in samba).
All works ok on most hosts.
But on RH 6.2 with samba 2.2.8 static entries (i.e. with lifetime 0) 
disappear after some time.
Any ideas why ?

Thank you!

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] IDMAP usage

[Fabricio Adorno]

Hi, all


I have a ldap server where I have defined all of my linux users and groups. 
I'd like to store the SID<->(UID,GID) mapping there too using idmap, but I 
don't know how to configure a directory entry to handle idmap storage. I 
couldn't find how to do it in Samba-Howto-Collection (6th June 2003) and the 
man pages seems to be incomplete. If someone have done it, I'll be glad to 
have some help.

Thanks in advance.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Call timed out/session request failed Samba 2.2.8a on SVR4System

[Roland Grzyb]

Hi,

we use on an siemens rm400/E70 (Reliant UNIX 5.44) samba 2.0.6. All works 
fine.
Because of recurity reasons we plan to use 2.2.8a.
There were only minor problems compiling the sources, smbclient -L  works well, smbd and nmbd starts with the smb.conf from samba 
2.0.6 without any serious messages

Starting smbclient -L  results in the following 
messages:
added interface ip=172.16.207.7 bcast=172.16.255.255 nmask=255.255.0.0
session request to TCPPS02 failed (Call timed out: server did not respond 
after 2 milliseconds) 
session request to *SMBSERVER failed (Call timed out: server did not 
respond after 2 milliseconds) 

ps shows then 3 smbd processes, smbstatus: no used services, no locked 
files

in the log-file log.smbd (log level=5) these warnings are recorded
[2003/06/25 12:54:10, 5] lib/util_sock.c:print_socket_options(109)
  Could not test socket option SO_SNDTIMEO.
[2003/06/25 12:54:10, 5] lib/util_sock.c:print_socket_options(109)
  Could not test socket option SO_RCVTIMEO.

Any ideas, any hints ?

Thanks
Roland Grzyb

please excuse my bad english
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] initGrps.sh?

[Thomas Angst]

Hello John,

I asked you last weekend about the group problem, maybe you remember.
I was 4 days under heavy pressure, so I couldn't make some more tests.
Anyway, your answer looks like it is the solution to my question.
If I understand this correctly, then will a w2k Machine accept users 
from the root group as members of the Administrators group? Is this correct?

net groupmap modify ntgroup="Administrators" unixgroup=root

greetings
Thomas
John H Terpstra schrieb:

On Tue, 24 Jun 2003, Yeri Swamy wrote:

 

Hi

From NT4 to Samba mimigration the HOWTO documents says do

#initGrps.sh DOMIANNAME

but where is initGrps.sh?? i am unable to locate??
   

Here you are my friend. Enjoy.

- John T.

#!/bin/bash
 Keep this as a shell script for future re-use
# First assign well known groups
net groupmap modify ntgroup="Account Operators" unixgroup=root
net groupmap modify ntgroup="Administrators" unixgroup=root
net groupmap modify ntgroup="Backup Operators" unixgroup=bin
net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
net groupmap modify ntgroup="Domain Users" unixgroup=users
net groupmap modify ntgroup="Guests" unixgroup=nobody
net groupmap modify ntgroup="Power Users" unixgroup=sys
net groupmap modify ntgroup="Print Operators" unixgroup=lp
net groupmap modify ntgroup="Replicators" unixgroup=daemon
net groupmap modify ntgroup="System Operators" unixgroup=sys
net groupmap modify ntgroup="Users" unixgroup=users
# Now for our added Domain Group
#net groupmap add ntgroup="Designers" unixgroup=designers type=d rid=3200
#net groupmap add ntgroup="Engineers" unixgroup=engineers type=d rid=3210
#net groupmap add ntgroup="QA Team"   unixgroup=qateamtype=d rid=3220


 



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SMB connection failed.

[Karl Dall]

Hello,

since I have bought a new computer I am having a strange problem. With my old computer 
I just had to type

smbmount //windowspcname/directory1 directory2/ -o username=username

to connect to my WinXP computer and everything worked. But with the new computer I get 
this (2101 is only the PID):

2101: Connection to mrfreeze failed
SMB connection failed

When I use 

smbmount //windowspcname/directory1 directory2/ -o username=username,ip=123.456.789.012

instead (with the correct ip of course), it works, but the connection is not directly 
but over the internet, reducing the connection speed VERY much.

Can anybody help me to fix this problem? I simply cannot understand why it does not 
work with this computer, since I had just made a clean Madrake 9.1 installation. An it 
worked with the other PC of course.

Thanks, best regards

Karl

Nur bei WEB.DE Testsieger FreeMail testen und damit 1 qm Regenwald
schuetzen. Jetzt anmelden und mithelfen! http://user.web.de/Regenwald

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba3-beta1 as a PDC and using tdbsam as passdb backendit takes the home-directory info from /etc/passwd

[Gémes Géza]

Patrik Gustavsson PS Sweden Senior Technical Consultant írta:

I didn't get any answers so I try again:

I am using tdbsam as passdb backand.

I have added root user with pdbedit.

The machine trust account was added on the fly.

I have added the user with pdbedit.

I have created the user in /etc/passwd.

When the user logs in from a W2k and mounts the home-directory I noticed
that Samba didn't take the home-directory information from tdbsam, it 
took it from /etc/passwd.

Is that correct ?

I assumed it would use the info in tdbsam.

/Patrik

Depends what do you meen by getting home-directory information.
If you would refer to getting the /home/username from /etc/passwd, thats 
correct, this is what happen because of the sambas [homes] share, on the 
other side "rich" SAM databases such as tdbsam provide som NT-ish 
things, like homedrive, profilepath, and logonscript, I'm afraid, that 
you are confusing this two categories.

Best Regards

Geza Gemes

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba questions

[more]

Hi, Samba GRUs,

Does anybody know the issue of Samba 2.2.8a and Win2K + SP3?

1. My Samba server is configured under user mode.
2. Access the share by a valid user
3. When I right click on a file -> Choose Prosperities -> Security -> 
Add, it asks me to input a username and password to browse the 
user/group list, it didn't happen when I use Win2k + SP2?

Has anybody experienced this? Any reasons or solution?

Thank you in advance.
more
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Searching for Doku Samba with LDAP

[Michael Thessel]

I used this doku to set up my SAMBA+LDAP PDC

http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html

Michael

"Robert Einsle" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
news:[EMAIL PROTECTED]
> Hy *
>
> I'm searching for Doku acting as an PDC in an Windows environment.
>
> I was able to set up the Ldap-Directory itself, storing the Users in the
> Directory, this all is working.
>
> But was not able to let the Workstations join the Domain. Here i don't
> find Dokumentation about it.
>
> Can anyone send me links about Dokumentation about LDAP and Samba,
> acting as an PDC.
>
> Thank you very much about your Help.
>
> \Robert
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Share without machineaccuonts

[Dick Svensson]

Hi!

Is it possible to set up a Share without Machineaccounts, on a samba server
using machineaccounts? In other words can you exclude the machineaccount
features on specific shares?

Now I currently uses 2 machines, one logon machine with all Homes, etc..
And another one as a ghostmachine.

/M.V.H Dick Svensson

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] KDC has no support for encryption type

[Sergey Smirnov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm using samba 3.0.0beta1.
When I try join ADS I got error:
# net ADS JOIN  -U Administrator
[2003/06/25 13:03:34, 1] param/loadparm.c:lp_do_parameter(3103)
~  WARNING: The "winbind uid" option is deprecated
[2003/06/25 13:03:34, 1] param/loadparm.c:lp_do_parameter(3103)
~  WARNING: The "winbind gid" option is deprecated
Administrator password:
[2003/06/25 13:03:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267)
~  krb5_cc_get_principal failed (No credentials cache found)
[2003/06/25 13:03:44, 0] libads/ldap.c:ads_join_realm(1352)
~  Host account for cache already exists - deleting old account
[2003/06/25 13:03:44, 1] libads/krb5_setpw.c:do_krb5_kpasswd_request(403)
~  send of chpw failed (Operation not permitted)
ads_set_machine_password: Operation not permitted
#net ads TESTJOIN
[2003/06/25 13:05:26, 1] param/loadparm.c:lp_do_parameter(3103)
~  WARNING: The "winbind uid" option is deprecated
[2003/06/25 13:05:26, 1] param/loadparm.c:lp_do_parameter(3103)
~  WARNING: The "winbind gid" option is deprecated
[2003/06/25 13:05:26, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267)
~  krb5_cc_get_principal failed (No credentials cache found)
[2003/06/25 13:05:26, 0] libads/kerberos.c:ads_kinit_password(133)
~  kerberos_kinit_password [EMAIL PROTECTED] failed: KDC has no support
for encryption type
[2003/06/25 13:05:26, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267)
~  krb5_cc_get_principal failed (No credentials cache found)
[2003/06/25 13:05:26, 0] libads/kerberos.c:ads_kinit_password(133)
~  kerberos_kinit_password [EMAIL PROTECTED] failed: KDC has no support
for encryption type
[2003/06/25 13:05:26, 1] utils/net_ads.c:ads_startup(176)
~  ads_connect: Invalid credentials
Join to domain is not valid
- --
Sergey Smirnov
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE++WfMDeW3DVbXLdcRAv6kAKCyNxtLWmRXvzeS+qqL1ouhGhDdzgCeO9jN
PtzGucGeKNJODpjJSxDlR+w=
=rWxq
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Searching for Doku Samba with LDAP

[Francois Beretti]

Hello

http://www.unav.es/cti/ldap-smb-howto.html

and

http://www.idealx.org/prj/samba/samba-ldap-howto.pdf
(with the perls scripts available on the same website)

Francois

> -Message d'origine-
> De : [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] la
> part de Robert Einsle
> Envoye : mercredi 25 juin 2003 08:32
> A : '[EMAIL PROTECTED]'
> Objet : [Samba] Searching for Doku Samba with LDAP
> 
> 
> Hy *
> 
> I'm searching for Doku acting as an PDC in an Windows environment.
> 
> I was able to set up the Ldap-Directory itself, storing the Users in the 
> Directory, this all is working.
> 
> But was not able to let the Workstations join the Domain. Here i don't 
> find Dokumentation about it.
> 
> Can anyone send me links about Dokumentation about LDAP and Samba, 
> acting as an PDC.
> 
> Thank you very much about your Help.
> 
> \Robert
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Searching for Doku Samba with LDAP

[Markus Amersdorfer]

On Wed, 25 Jun 2003 08:31:53 +0200
Robert Einsle <[EMAIL PROTECTED]> wrote:

Hi!

> Can anyone send me links about Dokumentation about LDAP and Samba, 
> acting as an PDC.

I've found the following documentation to be really great:

 http://www.mandrakesecure.net/en/docs/ldap-auth2.php
 http://www.mandrakesecure.net/en/docs/samba-pdc.php

Just building a Samba/LDAP-server myself currently, I haven't checked
out the second link yet, but AFAICT it covers "machine accounts" too.

Cheers,
Max

-- 
The first time any man's freedom is trodden on, we're all damaged.
   

http://homex.subnet.at/~max/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Searching for Doku Samba with LDAP

[Kurt Pfeifle]

Robert Einsle robert at einsle.de

Wed Jun 25 08:31:53 GMT 2003

Hy *

I'm searching for Doku acting as an PDC in an Windows environment.

I was able to set up the Ldap-Directory itself, storing the Users in the 
Directory, this all is working.

But was not able to let the Workstations join the Domain. Here i don't 
find Dokumentation about it.

Can anyone send me links about Dokumentation about LDAP and Samba, 
acting as an PDC.


Hi, Robert,

have you ever checked out the new HOWTO Collection? It is here:

   http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf

Cheers,
Kurt
Thank you very much about your Help.

\Robert

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Ghost Create account: procedure number out ofrange inSamba

[werner maes]

It is a separate domain logon server, see configuration below (relevant 
entries only).
Does it have to be a member of a Samba domain? (security = domain?)

[global]
security = USER
workgroup = DOMAIN
netbios name = DOMAINSERVER
interfaces = x.y.v.w/24
logon script = scripts\%m.bat
os level = 110
preferred master = Yes
local master = Yes
domain master = True
domain logons = Yes
domain admin group = @root
ldap server = x.y.v.z
ldap port = 389
ldap suffix = o=kuleuven,c=be
ldap admin dn = cn=master,o=kuleuven,c=be
The ldap server is installed with openldap.

Werner

At 16:42 24/06/2003, Dan Gapinski wrote:
Not to ask the annoying ?'s, but the server that you're working from is 
indeed a member of the Samba domain (& not a separate domain/workgroup)?

Dan
- Original Message -
From: werner maes
To: Dan Gapinski
Sent: Tuesday, June 24, 2003 10:45 AM
Subject: Re: [Samba] Ghost Create account: procedure number out ofrange 
inSamba

Yes, that's right.

Werner

Dan Gapinski wrote:
So in your Ghost services properties, then your 'Log on as' entry looks like

this:

domain\root

?

Thanks,

Dan

- Original Message -

From: "werner maes" 
><[EMAIL PROTECTED]>

To: "Dan Gapinski" ><[EMAIL PROTECTED]>

Cc: ><[EMAIL PROTECTED]>

Sent: Tuesday, June 24, 2003 10:12 AM

Subject: Re: [Samba] Ghost Create account: procedure number out ofrange

inSamba




domain admin group = root (in smb.conf)

I have defined the user 'root' in LDAP. On the client I added the domain

users to the administrators group. I try to run the services under this

root account on the domain but the services will only run under a local

system account and not under a domain account. That seems to be the

problem. With this user 'root' it is possible to manually join the client

to the domain and to logon to the domain.

I've tried about everything but still no solution

Still hoping though :-)

Werner Maes

At 09:39 24/06/2003, Dan Gapinski wrote:


I see - what type of domain account are you using? Your method is right


tho,


setting the services to run under a domain account. I just want you to be

absolutely sure that the account is administrator. If this is a test

environment, you could start by running the service as root, and see if


it


works then (though I would not do that in production).

Dan

- Original Message -

From: "werner maes" 
<[EMAIL PROTECTED]>

To: "Dan Gapinski" <[EMAIL PROTECTED]>

Cc: <[EMAIL PROTECTED]>

Sent: Tuesday, June 24, 2003 4:35 AM

Subject: Re: [Samba] Ghost Create account: procedure number out ofrange

inSamba




Sorry to bother you again but in my situation with LDAP authentication


it


doesn't seem to work.

I'll explain the configuration in detail.

I have a Samba 2.2.8a domain controller which is compiled and


configured


with LDAP support.

The user and machine accounts are defined in LDAP. I manually added an

Windows XP workstation

to the domain (no problems here) using a root account also defined in


LDAP.


Now I would like to clone this machine to other machines using Norton


Ghost


7.5. Therefore I have set up

a Ghost Multicast Server. Now when I use to Ghost Console on the


multicast


server and try to add our domain

to the list of supported domains in Ghost I get the error "Procedure


number


out of range".

On the Ghost Multicast Server there is the "ghost configuration


server"


service and on the client machine

there is the "ghost client agent" service. Both of these services only

start with a local system account.

These services do not run under a domain account. If I try to run them

under a domain account I get this

error message: "The service did not respond to the start or control


request


in a timely fashion".

Like I said, manually adding a machine to the domain gives no problems


with


the specified root account

in LDAP (see below, I did not include all attributes off course).

dn: uid=root, ou=xxx, o=xxx, c=xxx

objectClass: sambaAccount

uid: root

rid: 1000

uidNumber: 0

gidNumber: 0

Kind regards,

Werner Maes



At 15:20 23/06/2003, Dan Gapinski wrote:


Yes - sorry. I made a regular account for Ghost (which you could make


with


adduser or useradd or handcoding the passwd file) and added it to a


group


(in the groups file) that I called "admin". In smb.conf, I added a


line


that


went like this:

domain admin group = @admin

So that worked like a charm.

Hope that helps,

Dan

- Original Message -

From: "werner maes" 
<[EMAIL PROTECTED]>

To: "Dan Gapinski" 
<[EMAIL PROTECTED]>

Cc: <[EMAIL PROTECTED]>

Sent: