Re: [Samba] Re: 3.0rc4 + ldap backend (Advice? Suggestions?)
Hi ! On Wed, Sep 24, 2003 at 09:07:53PM +0200, paul k wrote: - Samba(3.0rc4) - Win2k/XP OpenLDAP User Store - - nss_ldap - linux/unix - FreeRadius- Cisco/HP Networking Equip (My apologies if that doesn't look right for anyone) I have a functional ldap database (openldap-2.0.27-8), and I'd very much like to use Samba 3.x (been using Samba for PDC since TNG), but I'm mildly disconcerted by the (possibly undocumented?) changes in the way certain things are handled. What do you mean? The schema changes? At this point I'd just like to ask the community if anyone's successfully done Samba 3.x as PDC with ldap backend and has any advice / suggestions / pointers? I have a test-setup with ldapsam and nss_ldap/pam-ldap (samba3.0.0rc4 with acl-support) and it works good :-) If you like i give you some advices :-) Currently, i'm at home and I don't have access to that test-machine :-) I you are interested in a smb.conf and some advices - send my a mail to [EMAIL PROTECTED] :-)) Best regards Marc Schoechlin -- Gruss / Best regards | LF.net GmbH| fon +49 711 90074-413 Marc Schoechlin | Ruppmannstr. 27| fax +49 711 90074-33 [EMAIL PROTECTED] | D-70565 Stuttgart | http://www.lf.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Smbpasswd + password sync on OS X
I've found that out, much to my annoyance; no rc.d startup, swat is only half useful, restart by a gui app (which resets smb.conf unless you 'chflags' the file before and after editing)... And as you say... integration with 'netinfo' for users and password details, which is a complete pig. I believe smbpasswd does not actually do anything at *all* to the passwords. At least when I've been testing it, changing credentials with it still allows me in with my 'old' details. The only thing it seems to do is create accounts and null the password. The only thing that seems to modify the smb passwords is using Apples 'Accounts' and 'Groups' utilities. Brilliant, just what I want from a server O/S, gui-only configuration. Thanks for pointing it out anyway. John Snowdon - IT Support Specialist -==- Faculty of Medical Sciences Computing Dept School of Medical Education Development University of Newcastle Phone : 0191 245 4230 Email : [EMAIL PROTECTED] -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: 26 September 2003 00:08 To: John Snowdon Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Smbpasswd + password sync on OS X On Thu, 2003-09-25 at 18:13, John Snowdon wrote: Samba 2.2.3a on OS-X 10.2.6 Any ideas if this built in version of Samba is simply borked? Unless it's been patched, at the very least it suffers very serious security holes, and must be upgraded (to 2.2.8a at least). Other than that, apple has played all sorts of fun games with their 'version' of Samba (intergration with their directory backend), so it could be an issue in there. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 'Apple' Samba 2.2.3a on OS X 10.2.6 - Samba 2.2.8a upgrade
Right, well I've just downloaded the source tarball and compiled it all. Turned of Apple samba from 'server settings' and fired up smbd and nmbd by hand... With different log, lock and password directories to Apple samba, btw... /usr/local/samba/bin/smbd -D /usr/local/samba/bin/nmbd -D /usr/local/samba/bin/smbpasswd -a root /usr/local/samba/bin/smbpasswd -a john So far so good. But if I try to change password as john, then I get this error: Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the session setup. Error was : Call returned zero bytes (EOF) . Failed to change password for john If I try to do any queries with smbclient I get session setup failed: Call returned zero bytes (EOF) Looking in the smbd.log, there are lots of messages relating to authentication failures and a new one I haven't seen before: [2003/09/26 10:35:17, 0] lib/util_sec.c:assert_gid(111) Failed to set gid privileges to (0,20) now set to (20,20) uid=(0,0) [2003/09/26 10:35:17, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid Any ideas? Is it actually possible to replace the built in version of Samba with a later 'proper' version that we can just do local, user based security authentication with, or does Apples 'netinfo' system get in the way no matter what? John Snowdon - IT Support Specialist -==- Faculty of Medical Sciences Computing Dept School of Medical Education Development University of Newcastle Phone : 0191 245 4230 Email : [EMAIL PROTECTED] I've found that out, much to my annoyance; no rc.d startup, swat is only half useful, restart by a gui app (which resets smb.conf unless you 'chflags' the file before and after editing)... And as you say... integration with 'netinfo' for users and password details, which is a complete pig. I believe smbpasswd does not actually do anything at *all* to the passwords. At least when I've been testing it, changing credentials with it still allows me in with my 'old' details. The only thing it seems to do is create accounts and null the password. The only thing that seems to modify the smb passwords is using Apples 'Accounts' and 'Groups' utilities. Brilliant, just what I want from a server O/S, gui-only configuration. Thanks for pointing it out anyway. -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: 26 September 2003 00:08 To: John Snowdon Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Smbpasswd + password sync on OS X On Thu, 2003-09-25 at 18:13, John Snowdon wrote: Samba 2.2.3a on OS-X 10.2.6 Any ideas if this built in version of Samba is simply borked? Unless it's been patched, at the very least it suffers very serious security holes, and must be upgraded (to 2.2.8a at least). Other than that, apple has played all sorts of fun games with their 'version' of Samba (intergration with their directory backend), so it could be an issue in there. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0 spec for Suse (UL)?
Hello! May be someone have this? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] Log File Analyzer for Samba?
Can anybody please help me? It's very urgent. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ossie Sent: Friday, September 26, 2003 9:08 AM To: [EMAIL PROTECTED] Subject: [Samba] Log File Analyzer for Samba? Can anyone please tell me a tool which can interpret the Samba log files? Oswald -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0 spec for Suse (UL)?
Hello, You wrote: Hello! May be someone have this? check ftp://ftp.suse.com/pub/people/gd/ (packaged binaries and source-rpms for SuSE-i386: 8.1, 8.2, 9.0, UL1, sles8) -- Ciao, Carsten -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] help to understand log
Did you get any answer, Germano? I am interested too, because I get the same message and I do not understand it. LauZ - Original Message - From: Germano Barreiro [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 2:42 PM Subject: [Samba] help to understand log This was extracted from a Samba acting as a pdc, from the file log.nmbd. What exactly does it mean? This response was from IP 10.7.244.24, reportingan IP address of 10.7.244.24. [2003/09/24 15:26:32, 0] nmbd/nmbd_namequery.c:query_name_response(104) query_name_response: Multiple (2) responses received for a query on subnet 10.7.241.23 for name EPSOFT1d. This response was from IP 10.7.244.24, reportingan IP address of 10.7.244.24. [2003/09/24 15:31:24, 0] nmbd/nmbd_namequery.c:query_name_response(104) query_name_response: Multiple (2) responses received for a query on subnet 10.7.241.23 for name EPSOFT1d. This response was from IP 10.7.244.40, reportingan IP address of 10.7.244.40. [2003/09/24 15:36:30, 0] nmbd/nmbd_namequery.c:query_name_response(104) query_name_response: Multiple (2) responses received for a query on subnet 10.7.241.23 for name EPSOFT1d. This response was from IP 10.7.244.40, reportingan IP address of 10.7.244.40. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mysql probs..
G'day.. I'm trying to compile samba with the expsam=mysql. but it gives back an error: sswitch/wb_common.c: In function winbind_named_pipe_sock': nsswitch/wb_common.c:136: storage size of `sunaddr' isn't known make: *** [nsswitch/wb_common.o] Error 1 mysql is working fine so no probs there.. even without-winbind compilation it keeps rerturning... got a idea ?? Collen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help to understand log
El Viernes, 26 de Septiembre de 2003 13:58, Sistemas escribió: Did you get any answer, Germano? I am interested too, because I get the same message and I do not understand it. LauZ - Original Message - From: Germano Barreiro [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 2:42 PM Subject: [Samba] help to understand log This was extracted from a Samba acting as a pdc, from the file log.nmbd. What exactly does it mean? This response was from IP 10.7.244.24, reportingan IP address of 10.7.244.24. [2003/09/24 15:26:32, 0] nmbd/nmbd_namequery.c:query_name_response(104) query_name_response: Multiple (2) responses received for a query on subnet 10.7.241.23 for name EPSOFT1d. This response was from IP 10.7.244.24, reportingan IP address of 10.7.244.24. [2003/09/24 15:31:24, 0] nmbd/nmbd_namequery.c:query_name_response(104) query_name_response: Multiple (2) responses received for a query on subnet 10.7.241.23 for name EPSOFT1d. This response was from IP 10.7.244.40, reportingan IP address of 10.7.244.40. [2003/09/24 15:36:30, 0] nmbd/nmbd_namequery.c:query_name_response(104) query_name_response: Multiple (2) responses received for a query on subnet 10.7.241.23 for name EPSOFT1d. This response was from IP 10.7.244.40, reportingan IP address of 10.7.244.40. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Sistemas, el log te esta dando la sigueinte informacion: nmbd/nmbd_namequery.c:query_name_response(104) query_name_response: Multiple (2) responses received for a query on subnet 10.7.241.23 for name EPSOFT1d. This response was from IP 10.7.244.24, reportingan IP address of 10.7.244.24. [2003/09/24 15:31:24, 0] el demonio de NMB (nmbd) a traves de nmbd_query.c (que lo encontraras en nmb/nmbd_query.c en los fuentes de samba) esta llamando a la funcion query_name_response. Para mas informacion puedes leer el codigo de nmbd_query.c y buscar la funcion query_name_response No conozco ninguna herramienta de esas que pedis, aprendi a hacer esto un dia que tuve un problema con Winbind y tb me dio un error que no entendia y se me ocurrio hacer algo similar a lo que te he dicho.Si las encontrais avisar! ;) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mysql probs..
On Fri, Sep 26, 2003 at 02:25:36PM +0200, collen blijenberg wrote about '[Samba] Mysql probs..': G'day.. I'm trying to compile samba with the expsam=mysql. but it gives back an error: sswitch/wb_common.c: In function winbind_named_pipe_sock': nsswitch/wb_common.c:136: storage size of `sunaddr' isn't known make: *** [nsswitch/wb_common.o] Error 1 mysql is working fine so no probs there.. even without-winbind compilation it keeps rerturning... Does the compile go fine if you run ./configure without --with-expsam=mysql ? Jelmer -- Jelmer Vernooij [EMAIL PROTECTED] - http://jelmer.vernstok.nl/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Réf. : Re: [Samba] Samba 3.0 + LDAP as PDC
--- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 John H Terpstra [EMAIL PROTECTED] Envoyé par : Pour : Cybr0t McWhulf [EMAIL PROTECTED] [EMAIL PROTECTED]cc :[EMAIL PROTECTED] .samba.org Objet : Re: [Samba] Samba 3.0 + LDAP as PDC 26/09/03 03:12 On Thu, 25 Sep 2003, Cybr0t McWhulf wrote: At the risk of having my inbox flooded with another 10,000 Emails from Microsoft proporting the latest security update.. Now that smb3.0 is out and about, I'd really like to use it for authenticating windows users / PDC (With BDC in the plans) My problem is that there seems to be little to zero up to date documentation on how to integrate Samba and LDAP, the most I found were a couple oddball newsgroup postings and a Samba 2.2.4/LDAP PDC howto which is well over a year old. This howto is for samba 2.2.x, not for 3.0.0. You can use this howto only for UNIX LDAP authentification (howto configure nsswitch.conf, ldap.conf, system-auth.conf), for the LDAP-SAMBA PART, you must read the samba-howto-collection avainlable with the tarball. John : the howto Samba 2.2.4/LDAP PDC howto can be downloaded here : http://www.linuxplusvalue.be/download/samba-ldap-howto.pdf The difference between your system for unix auth and the system proposed by this howto is the source of authentification : your howto say samba-auth (samba-pam), and the other howto say ldap-auth (ldap-pam). Are you understand ? How much homework did you do? Did you read the Samba-HOWTO-Collection.pdf that is part of the Samba-3.0.0 tarball. Its in the ~samba/docs directory and a little hard to miss! Oh, should also say that it has grown up a little since Samba-2.2.x (up from 88 pages to 462 pages). While I'm on the subject, the HOWTO is being published by Prentice Hall as The Official Samba-3 HOWTO and REference Guide, and it is 732 pages. There is a little more in there than in the document that is in the Samba CVS tree. PS: We went to a LOT of trouble to put out half decent information. Please let us know what we might have missed. That way we can get it in for the next major update. I have a working LDAP userstore authenticating linux/unix logons and freeradius. Samba is the last bit in a month-long project for centralized authentication (due mid-next month *eep*) I hope you find what you are looking for. In my latest exploits I got as far as authenticating users for share access, (and ldap password sync, yay!) but I was unable to add machines to the domain, which may be a group mapping issue (What was so bad about domain admin group? :( ) Now you can map any UNIX group you want to an NT Domain Group. Is that worse than domain admin group? I'm really just looking for some decent-recent (nearly idiot proof ;) ) instructions on how to accomplish this. Let me see ... Hmmm. Nah, I'll resist the jest! Let me know if the HOWTO is as hopeless as it could be! After all, I wrote most of it with the lights out. : Thanks alot to anyone able to help, life saver isn't the right term, but it's the first that comes to mind. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 Stable Release - Bug in net rpc vampire ?
hi there after successfully joining an NT domain i tried net rpc vampire -S ntpdc and get: Fetching DOMAIN database SAM_DELTA_DOMAIN_INFO not handled net: decode.c:634: ber_scanf: Assertation `((ber)-ber_opts.lbo_valid==0x2)` failed. Aborted samba compiled perfectly on my suse 8.2 box with rc1 and beta1 i had no problems with net rpc vampire so what's wrong? thx -- Matrix - more than a vision ** Michael Gasch Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
On Friday 26 September 2003 00:15, Hannu Tikka wrote: After upgrading rc2 - rc4 (suse binary packages) line 'valid users = %S' in [homes] section prevents user getting to his homedirectory Same change occured here when upgrading from 2.2.7a to the 3.0.0 release. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba / ldap Can you help me?
-- Hello, Can you help me? I want use Samba 3 with Ldap, but I don't know. - The configuration of samba in PDC without ldap is ok - Ldap is ok I don't know what I write in the smb.conf for use Samba with Ldap authentification. passwd backend ??? passwd program ??? [global] workgroup = SIAL_TEST netbios name = MSNT2 server string = sial_pdc obey pam restrictions = Yes passdb backend = tdbsam, guest, ldap://172.29.143.5:389 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 3 log file = /var/log/samba/log.%m max log size = 1000 logon script = logon.cmd logon path = \\%N\profiles\%u logon home = \\msnt2\%u ### # PDC # ### domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No # LDAP # ldap suffix = dc=in,dc=ac-lille,dc=fr ldap machine suffix = ou=machines,o=sial,dc=in,dc=ac-lille,dc=fr ldap user suffix = ou=utilisateurs,o=sial,dc=in,dc=ac-lille,dc=fr ldap group suffix = dc=in,dc=ac-lille,dc=fr ldap idmap suffix = dc=in,dc=ac-lille,dc=fr ldap admin dn = cn=admin,dc=in,dc=ac-lille,dc=fr ldap ssl = no panic action = /usr/share/samba/panic-action %d invalid users = root admin users = administrateur thank you . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
I see this problem too. I thought that I was going crazy. On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: On Friday 26 September 2003 00:15, Hannu Tikka wrote: After upgrading rc2 - rc4 (suse binary packages) line 'valid users = %S' in [homes] section prevents user getting to his homedirectory Same change occured here when upgrading from 2.2.7a to the 3.0.0 release. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] winbind and getent - fix ...
Thanks for your answer. But it didn't work. There is no ldap request except for user with posix account. ( I can see these users using getent ) I think there is no appeal by libnss library to winbind but I don't understatnd why. Jean-marc -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de C.Lee Taylor Envoyé : vendredi 26 septembre 2003 12:31 À : [EMAIL PROTECTED]; [EMAIL PROTECTED] Objet : [Samba] winbind and getent - fix ... Greetings ... Sorry for cross posting, but I have seen this problem on both lists ... Okay, I am not sure if this is a problem only on RedHat using the rpm, because I tried only with rpm installations ... Install Samba3 from rom on RedHat 9. Configure and join domain, kewl. Test winbind with wbinfo -u and -g, also kewl, but no answer from getent passwd ... put in winbind in nsswitch.conf in the right places. Finally found that the rpm was not installing/creating the sym-link in /lib from libnss_winbind.so to libnss_winbind.so.2 ... after this, I was able to getent passwd ... Hope this helps. Thanks Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [samba] Problem with File Create Time
Still having a problem. Anyone? Corey Hart wrote: When a user copies a file from their desktop to the server, we would like samba to set the creation date on the file on the server to the current date, and not the date when the file was create on the desktop. I hope this makes sense. Is there an option to do this? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
On Friday 26 September 2003 10:26, Derek T. Yarnell wrote: I see this problem too. I thought that I was going crazy. On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: On Friday 26 September 2003 00:15, Hannu Tikka wrote: After upgrading rc2 - rc4 (suse binary packages) line 'valid users = %S' in [homes] section prevents user getting to his homedirectory Same change occured here when upgrading from 2.2.7a to the 3.0.0 release. Not only that but here I also see the homes share exposed twice in browse lists, both as homes and also as the usersname with both shares being the users home directory for that user. This is also different from previous versions. Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with windows clients accessing samba intermittently
I have a problem with samba, whereby once a day (roughly), windows clients cannot connect to the shares, and the only cure seems to be a reboot. Restarting the service does not fix it, but the strange thing is, other samba clients can connect fine ? Anyone seen this or got any idea what the problem is ? Thanks. Chris Ryan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] S3+CUPS+PDF pseudo printer : print command not functional on service
Hi all, I've just set up a Samba 3.0.0 PDC (LDAP+nss) on FreeBSD 5.1, with CUPS as default print stack, which begins to work nicely. I'm configuring a PDF pseudo printer, with the following share : [pdfwriter] comment = Imprimante PDF : génère un fichier PDF printing = bsd path = /var/tmp printable = Yes print command = /usr/local/bin/printpdf -u %U -h %M %s 2/dev/null lpq command = This very same config (except that %u is replaced here by %U) used to work nicely on Samba 2.2.7a, with cups on stock RH9. The print command was used, and CUPS would not see anything concerning 'pdfwriter'. No more on S3, I have in the log : [2003/09/26 15:30:19, 0] printing/print_cups.c:cups_job_submit(756) Unable to print file to pdfwriter - server-error-not-accepting-jobs So I think that S3 does not honor any more the 'print command' when specified in printable share when using CUPS. Can anyone confirm this is a bug, or point me to my error ? Best regards, Jérôme ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. LogicaCMG ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Book: Automating UNIX and Linux Administration
This message is a shameless plug for my new book: Automating UNIX and Linux Administration. I feel this message is appropriate both because many users of this program are interested in automation and the program is discussed within the book. You can buy the book from Amazon here: http://www.amazon.com/exec/obidos/ASIN/1590592123/kaybee-20 You can find the list of chapters and brief summaries here: http://kaybee.org:81/kirk/aua.html All source code from the book will be available from www.apress.com shortly. -- Kirk Bauer [EMAIL PROTECTED] http://linux.kaybee.org | www.autorpm.org | www.logwatch.org -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
Guys, The homes share should be set to be browsable = No. Do NOT set the valid users = %S on the homes share. - John T. On Fri, 26 Sep 2003, Chris Smith wrote: On Friday 26 September 2003 10:26, Derek T. Yarnell wrote: I see this problem too. I thought that I was going crazy. On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: On Friday 26 September 2003 00:15, Hannu Tikka wrote: After upgrading rc2 - rc4 (suse binary packages) line 'valid users = %S' in [homes] section prevents user getting to his homedirectory Same change occured here when upgrading from 2.2.7a to the 3.0.0 release. Not only that but here I also see the homes share exposed twice in browse lists, both as homes and also as the usersname with both shares being the users home directory for that user. This is also different from previous versions. Chris -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] $ in domain name, Samba 2.2.8a
Hi I recently upgraded samba to 2.2.8a on a Solaris 8 server. Previously we were running an older version on Solaris 2.6. I am using domain security to authenticate users to an NT based PDC, and have a username map for matching Windows usernames to Unix usernames. The problem I'm having is that users in the same domain as the Solaris server are authenticating fine, but users in a domain trusted by that domain are not authenticating. For example, if the local domain is DOMB and the trusted domain with the dollar sign is $DOMA, in my smb log I see: domain_client_validate: unable to validate password for user FOO in domain _DOMA to Domain controller *. Error was NT_STATUS_NO_SUCH_USER. It looks to me like the $ in $DOMA is being mapped to an underscore (_DOMA), and I'm guessing that the PDC is being asked to validate a user in a domain _DOMA that it knows nothing about. Or perhaps this is a red herring, and the $ is preserved in the smb communication but just not in my log file. I didn't have this problem under the older samba version I was running (also using domain security and our NT based PDC). Any ideas? Best Regards, Colin Stuckless This email communication is intended as a private communication for the sole use of the primary addressee and those individuals listed for copies in the original message. The information contained in this email is private and confidential and if you are not an intended recipient you are hereby notified that copying, forwarding or other dissemination or distribution of this communication by any means is prohibited. If you are not specifically authorized to receive this email and if you believe that you received it in error please notify the original sender immediately. We honour similar requests relating to the privacy of email communications. Cette communication par courrier électronique est une communication privée à l'usage exclusif du destinataire principal ainsi que des personnes dont les noms figurent en copie. Les renseignements contenus dans ce courriel sont confidentiels et si vous n'êtes pas le destinataire prévu, vous êtes avisé, par les présentes que toute reproduction, tout transfert ou toute autre forme de diffusion de cette communication par quelque moyen que ce soit est interdit. Si vous n'êtes pas spécifiquement autorisé à recevoir ce courriel ou si vous croyez l'avoir reçu par erreur, veuillez en aviser l'expéditeur original immédiatement. Nous respectons les demandes similaires qui touchent la confidentialité des communications par courrier électronique. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] valid users = %S in rc4
The problem I have with this, using 2.2.8a on Solaris is any user can open any other's home if they simply know the name of the other user. logging in as rpetty, I can open NOBODY, ROOT, UUCP etc. I have to be able to limit the ability. What perplexes me is that even when I am not sharing [homes], I can still open the NOBODY share. Since nobody's home directory was / it would open the root directory! In case it matters, I am using Winbind for my security model (security = domain) but am having considerable issues with querying trusted domains. Winbind is being very painful with 7-9 second connection times for each share or files within shares. This only happens when the Winbind timeout time lapses so I've bumped it up to 300 seconds. Not _as_ painful but still too painful for production. -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 10:05 AM To: Chris Smith Cc: [EMAIL PROTECTED] Subject: Re: [Samba] valid users = %S in rc4 Guys, The homes share should be set to be browsable = No. Do NOT set the valid users = %S on the homes share. - John T. On Fri, 26 Sep 2003, Chris Smith wrote: On Friday 26 September 2003 10:26, Derek T. Yarnell wrote: I see this problem too. I thought that I was going crazy. On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: On Friday 26 September 2003 00:15, Hannu Tikka wrote: After upgrading rc2 - rc4 (suse binary packages) line 'valid users = %S' in [homes] section prevents user getting to his homedirectory Same change occured here when upgrading from 2.2.7a to the 3.0.0 release. Not only that but here I also see the homes share exposed twice in browse lists, both as homes and also as the usersname with both shares being the users home directory for that user. This is also different from previous versions. Chris -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] valid users = %S in rc4
On Fri, 26 Sep 2003, Petty, Robert wrote: The problem I have with this, using 2.2.8a on Solaris is any user can open any other's home if they simply know the name of the other user. logging in as rpetty, I can open NOBODY, ROOT, UUCP etc. I have to be able to limit the ability. What perplexes me is that even when I am not sharing [homes], I can still open the NOBODY share. Since nobody's home directory was / it would open the root directory! In case it matters, I am using Winbind for my security model (security = domain) but am having considerable issues with querying trusted domains. Winbind is being very painful with 7-9 second connection times for each share or files within shares. This only happens when the Winbind timeout time lapses so I've bumped it up to 300 seconds. Not _as_ painful but still too painful for production. Directory access is limited by file system access controls. Samba honors these. Why is 'nobody' home set at '/' - why not '/tmp' or some other inocuous path? Have you files a bug report? https://bugzilla.samba.org - John T. -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 10:05 AM To: Chris Smith Cc: [EMAIL PROTECTED] Subject: Re: [Samba] valid users = %S in rc4 Guys, The homes share should be set to be browsable = No. Do NOT set the valid users = %S on the homes share. - John T. On Fri, 26 Sep 2003, Chris Smith wrote: On Friday 26 September 2003 10:26, Derek T. Yarnell wrote: I see this problem too. I thought that I was going crazy. On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: On Friday 26 September 2003 00:15, Hannu Tikka wrote: After upgrading rc2 - rc4 (suse binary packages) line 'valid users = %S' in [homes] section prevents user getting to his homedirectory Same change occured here when upgrading from 2.2.7a to the 3.0.0 release. Not only that but here I also see the homes share exposed twice in browse lists, both as homes and also as the usersname with both shares being the users home directory for that user. This is also different from previous versions. Chris -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] valid users = %S in rc4
No, I haven't filed a bug report... The key part of my message was: Since nobody's home directory was / it would open the root directory I have changed it since I immediately recognized it as a security issue. The initial response to Why is 'nobody' home set at '/' - why not '/tmp' or is that when you install a brand new version of Solaris 9, that's how Sun sets it. Ironically, applying jass didn't change it! Seems to me that jass missed a key issue. anyhow, I'm heading off topic. This will be interesting to see how the %S plays out since we essentially require it to enforce security for home directories Robert -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 10:18 AM To: Petty, Robert Cc: Chris Smith; [EMAIL PROTECTED] Subject: RE: [Samba] valid users = %S in rc4 On Fri, 26 Sep 2003, Petty, Robert wrote: The problem I have with this, using 2.2.8a on Solaris is any user can open any other's home if they simply know the name of the other user. logging in as rpetty, I can open NOBODY, ROOT, UUCP etc. I have to be able to limit the ability. What perplexes me is that even when I am not sharing [homes], I can still open the NOBODY share. Since nobody's home directory was / it would open the root directory! In case it matters, I am using Winbind for my security model (security = domain) but am having considerable issues with querying trusted domains. Winbind is being very painful with 7-9 second connection times for each share or files within shares. This only happens when the Winbind timeout time lapses so I've bumped it up to 300 seconds. Not _as_ painful but still too painful for production. Directory access is limited by file system access controls. Samba honors these. Why is 'nobody' home set at '/' - why not '/tmp' or some other inocuous path? Have you files a bug report? https://bugzilla.samba.org - John T. -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 10:05 AM To: Chris Smith Cc: [EMAIL PROTECTED] Subject: Re: [Samba] valid users = %S in rc4 Guys, The homes share should be set to be browsable = No. Do NOT set the valid users = %S on the homes share. - John T. On Fri, 26 Sep 2003, Chris Smith wrote: On Friday 26 September 2003 10:26, Derek T. Yarnell wrote: I see this problem too. I thought that I was going crazy. On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: On Friday 26 September 2003 00:15, Hannu Tikka wrote: After upgrading rc2 - rc4 (suse binary packages) line 'valid users = %S' in [homes] section prevents user getting to his homedirectory Same change occured here when upgrading from 2.2.7a to the 3.0.0 release. Not only that but here I also see the homes share exposed twice in browse lists, both as homes and also as the usersname with both shares being the users home directory for that user. This is also different from previous versions. Chris -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot compile 3.0.0 @ HP-UX - Errors in libsmb/clikrb5.c ?
Good evening ladies and gentleman! I'm trying to get Samba 3.0.0 to compile on a HP-UX 11.00 system. Well, trying to is the key here... :( I did this do configure the Samba source: #!/usr/local/bin/bash VERSION=3.0.0 PREFIX=/opt/samba-${VERSION} CC=/usr/local/bin/gcc CPP=/usr/local/bin/cpp SHLIB_PATH=$SHLIB_PATH:/usr/local/lib PATH=$PATH:/opt/heimdal-0.6/bin export CC export CPP export SHLIB_PATH export PATH cd samba-${VERSION}/source ./configure \ --prefix=${PREFIX} \ \ --disable-cups \ \ --with-smbwrapper \ --with-ads \ --with-dce-dfs \ --with-automount\ --with-pam \ --with-pam_smbpass \ --with-winbind Then I ran gmake and failed with: Compiling libsmb/clikrb5.c libsmb/clikrb5.c: In function `krb5_locate_kdc': libsmb/clikrb5.c:225: error: dereferencing pointer to incomplete type libsmb/clikrb5.c:226: error: dereferencing pointer to incomplete type libsmb/clikrb5.c: In function `krb5_princ_component': libsmb/clikrb5.c:405: warning: assignment discards qualifiers from pointer target type gmake: *** [libsmb/clikrb5.o] Error 1 Compiler used is gcc 3.3.1 from http://hpux.connect.org.uk/. What do I have to do to get it to compile? Thanks a lot, Alexander Skwar -- printk(Penguin %d is stuck in the bottle.\n, i); 2.0.38 /usr/src/linux/arch/sparc/kernel/smp.c -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
On Friday 26 September 2003 12:04, John H Terpstra wrote: The homes share should be set to be browsable = No. Do NOT set the valid users = %S on the homes share. So this is a purposeful change in behavior then? With 2.2.x one could have browseable = Yes and valid users = %S. Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
On Friday 26 September 2003 12:28, John H Terpstra wrote: On Fri, 26 Sep 2003, Petty, Robert wrote: No, I haven't filed a bug report... The key part of my message was: Since nobody's home directory was / it would open the root directory I have changed it since I immediately recognized it as a security issue. The initial response to Why is 'nobody' home set at '/' - why not '/tmp' or is that when you install a brand new version of Solaris 9, that's how Sun sets it. Ironically, applying jass didn't change it! Seems to me that jass missed a key issue. anyhow, I'm heading off topic. This will be interesting to see how the %S plays out since we essentially require it to enforce security for home directories Does this mean that you operate a UNIX system with lax security on user home directories? ie: Others have permission to read any users' home directory? Hmmm. Not good. From my little understanding it is quite common that read access is granted to all users home directories by default in many Unixes. It is up to the user to chmod if the behavior is not desired. Regardless, local access and MS share access are really two different things and it is perfectly acceptable to want to allow one and not the other. Otherwise we could just dispense with the valid users tag altogether. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba cups point'n print for 3.0.0
I am having trouble getting point n' print working under 3.0.0. I get these [2003/09/26 12:57:32, 0] lib/util_str.c:safe_strcpy_fn(577) ERROR: NULL dest in safe_strcpy [2003/09/26 12:57:32, 0] lib/util_str.c:safe_strcpy_fn(577) ERROR: NULL dest in safe_strcpy [2003/09/26 12:57:32, 0] lib/util_str.c:safe_strcpy_fn(577) ERROR: NULL dest in safe_strcpy On the client side it just requests me to send my password (which it shouldn't because I am using ads security which seems to work for the home directories fine) [EMAIL PROTECTED] samba]# cat /etc/samba/smb.conf [global] workgroup = UMD-CSD-NT server string = printer security = ads realm = PC.CS.UMD.EDU load printers = yes printing = cups printcap name = cups log file = /var/log/samba/log.%m max log size = 500 log level = 2 socket options = TCP_NODELAY local master = no wins server = 128.8.130.59 dns proxy = no [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes printer admin = derek [print$] comment = Printer Drivers path = /etc/samba/drivers browseable = yes guest ok = no read only = no write list = derek cupsaddsmb ran without any problems and the drivers are in place in, /etc/samba/drivers. Any help? -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbfs: sometimes can't read file on windows share
Hello, I have a RedHat 9 system mounting a windows share from a Windows XP Home machine that can't read new files put there sometimes, BUT, it can see them - it just gets permission denied. Here are some data points: 1. I mount the share with smbmount or mount -t smbfs ... and I pass a username and password, but windows always sees me as a guest. I suspect this is normal for XP Home since there doesn't seem to be an auth model. 2. If I manually add a file to the folder on windows, I can see and read it no problem. It only fails when the file gets dropped there by a P2P sharing app I'm using. 3. I checked to see if the P2P app is hanging on to the file using a windows lsof-type utility called handles - the app doesn't seem to have the file handle open. Furthermore, I can open the file on windows as soon as it shows up in the folder. 4. The file appears in the directory on the linux box with the same perms as the other files (755), yet I still can't read it. 5. I can read it if I unshare and then re-share the windows folder from windows explorer. This seems like some type of asynchronous thing within windows that basically caches a list of files that are ok for sharing _when_ the folder is shared. However, the weird thing is that I can drop a file in by hand (image, txt file, doesn't matter) and immediately have read access from Linux. I am testing read access a number of ways, using file, strings, even cat. Again - an ls shows the file. Am I missing something - any ideas? I'm hoping there's a registry entry somewhere that's going to correct this issue. TIA, Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
TR : RE : [Samba] winbind and getent - fix ...
But it didn't work. Was this, to do with winbind and getent passwd? Wbinfo -u -g works( list users's domain), getent passwd don't give me back info on user's domain. ( just local users in /etc/passwd and ldap users with posix account set) There is no ldap request except for user with posix account. ( I can see these users using getent ) I don't think there will be any LDAP requested when doing a getent passwd with winbind, but I could be wrong .. I use ldapbackend for idmap. Maybe I don't understand the whole process. I don't think this was meant for me, but I if it's the problem that I had, on RedHat 9 using the rpm from the Samba.org webpage, then do ... cd /lib ln -s libnss_winbind.so libnss_winbind.so.2 I did without any result And make sure that you have winbind at the end of the line passwd, group and hosts in /etc/nsswitch.conf, ie ... passwd: files winbind group: files winbind I've Done it. I'v got Passwd: files winbind ldap If I delete all except winbind, no users were return by getent passwd. It's certainly not a samba problem, but I don't understand why there is no calls to winbind library. Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in 3.0
Regardless, local access and MS share access are really two different things and it is perfectly acceptable to want to allow one and not the other. Otherwise we could just dispense with the valid users tag altogether. Here here. I've been trying out 3.0.0 a bit yesterday and today and figured out I was having trouble because of what I've always done in the past on the Homes share - valid users = %S denies access altogether for even the correct and authenticated user. I understand that permissions can be set appropriately on a users home directory 700 or what not, but I think Chris's comment above hits the nail right on the head. Can we please have the valid users = %S functionality back? Thankyou, Tom Schaefer Unix Administrator University of Missouri Saint Louis Regardless, local access and MS share access are really two different things and it is perfectly acceptable to want to allow one and not the other. Otherwise we could just dispense with the valid users tag altogether. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
On Fri, Sep 26, 2003 at 04:04:54PM +, John H Terpstra wrote: Guys, The homes share should be set to be browsable = No. Do NOT set the valid users = %S on the homes share. You shouldn't need to do that. If it worked with 2.2.8a it should work the same with 3.0. I'll look into it asap. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
On Fri, Sep 26, 2003 at 10:28:00AM -0600, Petty, Robert wrote: No, I haven't filed a bug report... The key part of my message was: Since nobody's home directory was / it would open the root directory I have changed it since I immediately recognized it as a security issue. The initial response to Why is 'nobody' home set at '/' - why not '/tmp' or is that when you install a brand new version of Solaris 9, that's how Sun sets it. Ironically, applying jass didn't change it! Seems to me that jass missed a key issue. anyhow, I'm heading off topic. This will be interesting to see how the %S plays out since we essentially require it to enforce security for home directories I intend to fix it. Please wait for a patch. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
On Fri, Sep 26, 2003 at 12:47:42PM -0400, Chris Smith wrote: On Friday 26 September 2003 12:04, John H Terpstra wrote: The homes share should be set to be browsable = No. Do NOT set the valid users = %S on the homes share. So this is a purposeful change in behavior then? With 2.2.x one could have browseable = Yes and valid users = %S. No it isn't. It's a bug. I'll fix it asap. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in 3.0
On Fri, Sep 26, 2003 at 12:43:05PM -0500, Tom Schaefer wrote: Regardless, local access and MS share access are really two different things and it is perfectly acceptable to want to allow one and not the other. Otherwise we could just dispense with the valid users tag altogether. Here here. I've been trying out 3.0.0 a bit yesterday and today and figured out I was having trouble because of what I've always done in the past on the Homes share - valid users = %S denies access altogether for even the correct and authenticated user. I understand that permissions can be set appropriately on a users home directory 700 or what not, but I think Chris's comment above hits the nail right on the head. Can we please have the valid users = %S functionality back? Yes :-). I'll look into it today. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem with windows clients accessing samba intermit tently
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Can you provide some more information. Version of samba, smb.conf file, and what error message the clients are getting. Also are there any error messages appearing in the log files for the clients? - -Original Message- From: Chris Ryan [mailto:[EMAIL PROTECTED] Sent: Friday, September 26, 2003 8:30 AM To: [EMAIL PROTECTED] Subject: [Samba] Problem with windows clients accessing samba intermittently I have a problem with samba, whereby once a day (roughly), windows clients cannot connect to the shares, and the only cure seems to be a reboot. Restarting the service does not fix it, but the strange thing is, other samba clients can connect fine ? Anyone seen this or got any idea what the problem is ? Thanks. Chris Ryan - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com iQA/AwUBP3SGPih4imLwvL+vEQJX0wCeMQ5PnpM8YEVKQbPVzcFNjxQnFgcAoPUU da96EGx8EPaosUQS0gvbD1Bc =l2Zt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] nmbd
I am running samba 2.5 and every once in a while the nmbd process seems to hang and no users can access the shares. I fix this just by killing the nmbd process. What are some other things to check? Jerry R. Holschauer [EMAIL PROTECTED] phone: 813.627.3345 cell: 813.918.3197 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: TR : RE : [Samba] winbind and getent - fix ...
On Fri, 26 Sep 2003, Jean-Marc Pouchoulon wrote: But it didn't work. Was this, to do with winbind and getent passwd? Wbinfo -u -g works( list users's domain), getent passwd don't give me back info on user's domain. ( just local users in /etc/passwd and ldap users with posix account set) There is no ldap request except for user with posix account. ( I can see these users using getent ) I don't think there will be any LDAP requested when doing a getent passwd with winbind, but I could be wrong .. I use ldapbackend for idmap. Maybe I don't understand the whole process. I don't think this was meant for me, but I if it's the problem that I had, on RedHat 9 using the rpm from the Samba.org webpage, then do ... cd /lib ln -s libnss_winbind.so libnss_winbind.so.2 I did without any result And make sure that you have winbind at the end of the line passwd, group and hosts in /etc/nsswitch.conf, ie ... passwd: files winbind group: files winbind I've Done it. I'v got Passwd: files winbind ldap If I delete all except winbind, no users were return by getent passwd. It's certainly not a samba problem, but I don't understand why there is no calls to winbind library. JM, Did you install the libnss_winbind.so in /lib/ ?? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] weak password checking for samba 3 ?
I've got a problem with some idiots of my users :=). They always use weak passwords. Does anyone know a way to find out which passwords are easy to crack? I mean usual passwords like god, sex, password, $username, I use tdb as password database. thank you, livius -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Failed to set gid privileges error in Mac OS X 10.1.5
I am trying to log into a share on Mac OS X 10.1.5 running Samba 3.0.0 (ran sudo ./configure and gnumake and sudo gnumake install). I have set up smb.conf through Webmin and SWAT. Windows NT 4.0 sp6a sees the server. I can open the server through Network Neighborhood and see my share (Projects) and the Printers share. However, when I try to open the share WinNT gives an error stating \\BWG3\Projects: An unexpected network error occurred. I have set up a username map since my WinNT login name is different from the Mac login name. I also added a map to root (UNIX=root, Windows=djs), but that doesn't seem to help. I searched Google and the samba archives and found two threads, but both related to Jaguar (10.2). I searched also for Darwin-related topics on this and found something to try (sudo ./configure), but that didn't help. Other strange things I see are that I can't run any of the executables without giving the path to the executables (found in /usr/local/samba/bin and /usr/local/samba/sbin). SWAT says smbd is not running, yet sudo ps -U root shows that it IS running. nmbd is running. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: On Friday 26 September 2003 00:15, Hannu Tikka wrote: After upgrading rc2 - rc4 (suse binary packages) line 'valid users = %S' in [homes] section prevents user getting to his homedirectory Same change occured here when upgrading from 2.2.7a to the 3.0.0 release. Here is the fix. Silly missing cut-n-paste bug. This will be in 3.0.1. Sorry, Jeremy. Index: smbd/password.c === RCS file: /data/cvs/samba/source/smbd/password.c,v retrieving revision 1.248.2.16 diff -u -r1.248.2.16 password.c --- smbd/password.c 5 Sep 2003 05:32:32 - 1.248.2.16 +++ smbd/password.c 26 Sep 2003 19:26:28 - @@ -291,7 +291,9 @@ if (lp_invalid_users(snum)) { str_list_copy(invalid, lp_invalid_users(snum)); if (invalid str_list_substitute(invalid, %S, lp_servicename(snum))) { - ret = !user_in_list(user, (const char **)invalid, groups, n_groups); + if ( invalid str_list_sub_basic(invalid, current_user_info.smb_name) ) { + ret = !user_in_list(user, (const char **)invalid, groups, n_groups); + } } } if (invalid) @@ -299,8 +301,10 @@ if (ret lp_valid_users(snum)) { str_list_copy(valid, lp_valid_users(snum)); - if ( valid str_list_sub_basic(valid, current_user_info.smb_name) ) { - ret = user_in_list(user, (const char **)valid, groups, n_groups); + if ( valid str_list_substitute(valid, %S, lp_servicename(snum)) ) { + if ( valid str_list_sub_basic(valid, current_user_info.smb_name) ) { + ret = user_in_list(user, (const char **)valid, groups, n_groups); + } } } if (valid) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] weak password checking for samba 3 ?
I've got a problem with some idiots of my users :=). Don't we all. They always use weak passwords. Does anyone know a way to find out which passwords are easy to crack? I mean usual passwords like god, sex, password, $username, You can use John the Ripper (free) or (and I hesitate to mention this, because of @stake's recent horrible behavior) LC4 (formerly L0phtcrack) which costs money. (I think l0phtcrack used to be free, if I'm not mistaken.) John the Ripper: http://www.openwall.com/john/ LC4: http://www.atstake.com/research/lc/ Why you should cease business with @stake: http://story.news.yahoo.com/news?tmpl=storycid=1804ncid=1804e=3u=/washpo st/20030926/tc_washpost/a2328_2003sep25 There are other password cracking programs. They're just a google search away. Are you scared yet? --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Removing Hosts from NT
Hi, I made an error of joining a Samba server to the NT domain with host name hostname.domain.com. NT won't allow clients with . in their NetBIOS names, but somehow Samba created this hostname in Server Manager. Now I can't remove it. Even after I killed Samba box, waited 2 days, the name is still there. If I tried to remove it manually from Server Manager, I get The user name or group name parameter is invalid. May I ask is there some way that I can remove it using Samba? Where is the database kept in NT? Regards, Norman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] weak password checking for samba 3 ?
I would also recommend some variety of a strong password requirement when changing passwords, if you haven't already got one -- that way you won't have that problem in the first place. :) _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Fri, 26 Sep 2003, Jason Balicki wrote: I've got a problem with some idiots of my users :=). Don't we all. They always use weak passwords. Does anyone know a way to find out which passwords are easy to crack? I mean usual passwords like god, sex, password, $username, You can use John the Ripper (free) or (and I hesitate to mention this, because of @stake's recent horrible behavior) LC4 (formerly L0phtcrack) which costs money. (I think l0phtcrack used to be free, if I'm not mistaken.) John the Ripper: http://www.openwall.com/john/ LC4: http://www.atstake.com/research/lc/ Why you should cease business with @stake: http://story.news.yahoo.com/news?tmpl=storycid=1804ncid=1804e=3u=/washpo st/20030926/tc_washpost/a2328_2003sep25 There are other password cracking programs. They're just a google search away. Are you scared yet? --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Question on read only behavior in smb.conf
Hi All, I've built Samba v2.2.8a on a RedHat 7.2 system and it seems to work ok. However I cannot understand the read only parameter in the following situation: smb.conf file: --- [global] security=user encrypt passwords=yes [foo] path=/tmp/foo read only=yes The ownermode of /tmp/foo is: -- % ls -ld /tmp/foo drwx-r-xr-x 3 joe joe 1024 Sep 23 13:52 /tmp/foo I've setup a smbpasswd file containing users joe and sue, both with passwords. I can connect to \\mymachine\foo as joe or sue ok from my Windows 2000 PC. I connect it to drive K: and can see all the files in /tmp/foo. However: -when connected via samba as joe I can successfully paste files into /tmp/foo. (not expected) -when connected via samba as sue I cannot paste files into /tmp/foo. (expected) It appears the UNIX file permissions are overriding the Samba configuration. I thought Samba worked the other way around but without allowing more rights than the UNIX permissions provide. In other words, why does joe have write access to a samba service defined as read only in the samba configuration? I also checked the Properties/Security of the share from my Windows 2000 PC and it says: Allow Joe Full Control Allow EveryoneRead Execute If this is how it is supposed to work then life gets difficult in the following circumstance: If I have a directory I want to make mountable from Samba as read only, I need to be careful and check all directory and file permissions to ensure no one connecting via Samba will have a UNIX write permission that overrides the Samba setting of read only. Is this correct behavior for Samba? Is there a way to make a service truely read only no matter who is connected and who ownes the files? I also discovered that if sue's group matches the group ownership of /tmp/foo, then sue has write access IF /tmp/foo is group writeable. Thanks in advance. Samba set up quickly and seems to work great, except for this little bit of strangeness. -Jim James E. Sullivan | Northrop Grumman IT Building 12B| on site at: NIH/CIT/DCSS/SOSB Room 2N207 | Phone:301-451-6372 Bethesda, MD 20892 | Email:[EMAIL PROTECTED] - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [COMMERCIAL] New Linux CD Redistribution Site Launched
Check Out http://www.linuxcdrom.co.nr/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
TR : RE : [Samba] winbind and getent - fix ...
I am wondering if there is some code which prevents libnss_winbind to query the samba database when it is running on a PDC(that is what I am doing and experience the same problem as you) in this way. I have even temperarily remove ldap(which is needed for the unix uid/gid mapping for samba authentication) and try to adduser. Surprisingly, it fails saying user already exists meaning under this situation, libnss_winbind is doing its job. There is some mentioning of local unix user and winbind on PDC in the release note but I don't know what it is really about. However, to echo you, I see the same problem and I have tried everything (symbolink link, moving the file from /lib to /usr/lib and back etc.) but a simple 'getent passwd' command just don't give me the samba users and adding a new user with the same name in the samba name space does bark. So libnss_winbind is not completely ignored, just under some situation. I may need to browse the code to have some clue. Unfortunately, I found no mentioning of turning on logs for libnss_winbind to trace. I have already filed a bug report but haven't receive any acknowledgement yet. On Fri, 26 Sep 2003, Jean-Marc Pouchoulon wrote: But it didn't work. Was this, to do with winbind and getent passwd? Wbinfo -u -g works( list users's domain), getent passwd don't give me back info on user's domain. ( just local users in /etc/passwd and ldap users with posix account set) There is no ldap request except for user with posix account. ( I can see these users using getent ) I don't think there will be any LDAP requested when doing a getent passwd with winbind, but I could be wrong .. I use ldapbackend for idmap. Maybe I don't understand the whole process. I don't think this was meant for me, but I if it's the problem that I had, on RedHat 9 using the rpm from the Samba.org webpage, then do ... cd /lib ln -s libnss_winbind.so libnss_winbind.so.2 I did without any result And make sure that you have winbind at the end of the line passwd, group and hosts in /etc/nsswitch.conf, ie ... passwd: files winbind group: files winbind I've Done it. I'v got Passwd: files winbind ldap If I delete all except winbind, no users were return by getent passwd. It's certainly not a samba problem, but I don't understand why there is no calls to winbind library. __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Static/shared linking woes
Greetings. A straight-out-of-the-cd Slackware 9. A straight-out-of-the-tar Samba 3.0.0. # cd source # ./configure --with-automount --with-smbmount (...configure ran...) # make (...make ran...) # du ... What?? The bin/ directory amounted to over 400 MB! smbd over 24 MB, when the 2.3.x one I have is 1.7 MB? I presumed it erroneously linked all the libraries as static. So I did: # ./configure --with-smbmount --with-automount --enable-shared --with-shared-modules=pdb_smbpasswd,pdb_tdbsam,pdb_guest,(.all modules that I could name...) (...) # make () Linking bin/smbd smbd/uid.o(.text+0xf9): In function `check_user_ok': /root/instalki/samba-3.0.0/source/smbd/uid.c:76: undefined reference to `share_access_check' smbd/process.o(.text+0x1364): In function `timeout_processing': /root/instalki/samba-3.0.0/source/smbd/process.c:1223: undefined reference to `update_monitored_printq_cache' smbd/service.o(.text+0xe69): In function `make_connection_snum': /root/instalki/samba-3.0.0/source/smbd/service.c:563: undefined reference to `share_access_check' smbd/service.o(.text+0xe83):/root/instalki/samba-3.0.0/source/smbd/service.c:566: undefined reference to `share_access_check' rpc_server/srv_pipe.o(.text+0x39ac): In function `get_pipe_fns': /root/instalki/samba-3.0.0/source/rpc_server/srv_pipe.c:1567: undefined reference to `lsa_get_pipe_fns' rpc_server/srv_pipe.o(.text+0x39d4):/root/instalki/samba-3.0.0/source/rpc_server/srv_pipe.c:1570: undefined reference to `lsa_ds_get_pipe_fns' (...and another screenful of other errors followed...) How should I compile/link it, then, to avoid getting either 20-meg binaries, or linking errors?? -- |\ /| \~~~/ \~~~/ WWW: http://none :( | \/ | /\ \~/ E-M: maxxx[at]rpg.pl || /__\ /___\ /_\ /___\ ICQ: 3146019 After you vomit, you rinse your mouse and if you can eat, eat. (Japanese tips) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3.0 final + LDAP - bug in SWAT???
Hallo!!! I use samba 3.0 final with debian unstable. I have configured the smb.conf with swat. ldap suffix: dc=dasralph,dc=home ldap machine suffix: ou=machines ldap user suffix: ou=people ldap group suffix: ou=groups ldap idmap suffix: ou=idmap ldap admin dn: cn=admin,dc=dasralph,dc=home at the next run of swat it has changed as follows: ldap suffix: dc=dasralph,dc=home ldap machine suffix: ou=machines,dc=dasralph,dc=home ldap user suffix: ou=people,dc=dasralph,dc=home ldap group suffix: ou=groups,dc=dasralph,dc=home ldap idmap suffix: ou=idmap,dc=dasralph,dc=home ldap admin dn: cn=admin,dc=dasralph,dc=home at the next run of swat it has changed as follows: ldap suffix: dc=dasralph,dc=home ldap machine suffix: ou=machines,dc=dasralph,dc=home,dc=dasr... ldap user suffix: ou=people,dc=dasralph,dc=home,dc=home,dc=dasr... ldap group suffix: ou=groups,dc=dasralph,dc=home,dc=home,dc=dasr... ldap idmap suffix: ou=idmap,dc=dasralph,dc=home,dc=home,dc=dasr... ldap admin dn: cn=admin,dc=dasralph,dc=home,dc=home,dc=dasr... and so on... but pdbedit will only work with this: ldap suffix: dc=dasralph,dc=home ldap machine suffix: ou=machines ldap user suffix: ou=people ldap group suffix: ou=groups ldap idmap suffix: ou=idmap ldap admin dn: cn=admin,dc=dasralph,dc=home is it a bug??? ralph -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Static/shared linking woes
Hi, This is the ./configure I use to match up the directories to the Slackware way: ./configure --prefix=/usr/bin --exec-prefix=/usr --mandir=/usr/man \ --with-privatedir=/etc/samba/private --with-lockdir=/var/lock/samba \ --with-logfilebase=/var/log --with-swatdir=/etc/samba/swat \ --with-configdir=/etc/samba --enable-cups --with-dce-dfs --with-automount \ --with-smbmount --with-syslog --with-libsmbclient --with-acl-support I hope this helps. MaXxX ([EMAIL PROTECTED]) wrote: Greetings. A straight-out-of-the-cd Slackware 9. A straight-out-of-the-tar Samba 3.0.0. # cd source # ./configure --with-automount --with-smbmount (...configure ran...) # make (...make ran...) # du ... What?? The bin/ directory amounted to over 400 MB! smbd over 24 MB, when the 2.3.x one I have is 1.7 MB? I presumed it erroneously linked all the libraries as static. So I did: # ./configure --with-smbmount --with-automount --enable-shared --with-shared-modules=pdb_smbpasswd,pdb_tdbsam,pdb_guest,(.all modules that I could name...) (...) # make () Linking bin/smbd smbd/uid.o(.text+0xf9): In function `check_user_ok': /root/instalki/samba-3.0.0/source/smbd/uid.c:76: undefined reference to `share_access_check' smbd/process.o(.text+0x1364): In function `timeout_processing': /root/instalki/samba-3.0.0/source/smbd/process.c:1223: undefined reference to `update_monitored_printq_cache' smbd/service.o(.text+0xe69): In function `make_connection_snum': /root/instalki/samba-3.0.0/source/smbd/service.c:563: undefined reference to `share_access_check' smbd/service.o(.text+0xe83):/root/instalki/samba-3.0.0/source/smbd/service.c:566: undefined reference to `share_access_check' rpc_server/srv_pipe.o(.text+0x39ac): In function `get_pipe_fns': /root/instalki/samba-3.0.0/source/rpc_server/srv_pipe.c:1567: undefined reference to `lsa_get_pipe_fns' rpc_server/srv_pipe.o(.text+0x39d4):/root/instalki/samba-3.0.0/source/rpc_server/srv_pipe.c:1570: undefined reference to `lsa_ds_get_pipe_fns' (...and another screenful of other errors followed...) How should I compile/link it, then, to avoid getting either 20-meg binaries, or linking errors?? -- |\ /| \~~~/ \~~~/ WWW: http://none :( | \/ | /\ \~/ E-M: maxxx[at]rpg.pl || /__\ /___\ /_\ /___\ ICQ: 3146019 After you vomit, you rinse your mouse and if you can eat, eat. (Japanese tips) -- Bob Crandell Assured Computing When you need to be sure. [EMAIL PROTECTED] www.assuredcomp.com Voice - 541-689-9159 FAX - 541-463-1627 Eugene, Oregon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Static/shared linking woes
On Sat, Sep 27, 2003 at 02:02:17AM +0200, MaXxX wrote: ... What?? The bin/ directory amounted to over 400 MB! smbd over 24 MB, when the 2.3.x one I have is 1.7 MB? You can get them down to a much more reasonable size by stripping all the binaries. On my Linux system they still seem a little larger than they should be, though. -- Michael Heironimus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] After Upgrading to rc4 (and still with 3.0.0) having Groupmap problems.
Hi, Before Samba 3.0.0 RC4 I was running Samba 3.0.0 beta3, and when I upgraded to RC4, I began having problems with group mappings. I didn't notice at first, because on my laptop I don't normally log on to the domain. I just noticed when I tried to use my desktop and log on to the domain... I don't have Domain Admin privileges. So, I look at 'net groupmap list' ... and it shows the Domain Admins group as mapped to the unix group domadm. Looks good, right? Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) - domadm Next I tried deleting that groupmap by using 'net groupmap delete sid=S-1-5-21-347...' Now the groupmap was deleted and now shows this: Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) - -1 So now I try to re-add it: 'net groupmap add ntgroup=Domain Admins unixgroup=domadm' and list it again. Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) - -1 Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-2161) - domadm Now there are two Domain Admin mappings, one null (-1) and the new one I just created. As far as I know, that new one should have gone to the one with RID of 512. I checked to be sure, but NT/2000 is definitely looking for the old Domain Admins group with RID of 512, and the Samba PDF doc says Domain Admins should have an RID of 512. So, I tried to add a groupmap with that SID specifically. net groupmap add sid=S-1-5-21-3475858016-1413099138-3485012925-512 unixgroup=domadm And I get this response: adding entry for group domadm failed! So then I try: net groupmap add sid=S-1-5-21-3475858016-1413099138-3485012925-512 ntgroup=Domain Admins unixgroup=domadm And get the same: adding entry for group Domain Admins failed! I have run out of ideas for getting my groupmap working, but it is becoming very strange to log on to PC's and not have Domain Admin privileges. Hopefully there is an easy fix for this. Anyone have any ideas? If you need any more information, please ask. Thanks in advance, David van Geyn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question on read only behavior in smb.conf
It should behave as you expect, a read only share is a read only share period no matter what the UNIX permissions are. At least thats been my experience with it and what the man page seems to suggest. I am very surprised at what you are seeing. Tom Schaefer UNIX Administrator University of Missouri Saint Louis On Fri, 26 Sep 2003 17:59:13 -0400 Sullivan, James (NIH/CIT) [EMAIL PROTECTED] wrote: Hi All, I've built Samba v2.2.8a on a RedHat 7.2 system and it seems to work ok. However I cannot understand the read only parameter in the following situation: smb.conf file: --- [global] security=user encrypt passwords=yes [foo] path=/tmp/foo read only=yes The ownermode of /tmp/foo is: -- % ls -ld /tmp/foo drwx-r-xr-x 3 joe joe 1024 Sep 23 13:52 /tmp/foo I've setup a smbpasswd file containing users joe and sue, both with passwords. I can connect to \\mymachine\foo as joe or sue ok from my Windows 2000 PC. I connect it to drive K: and can see all the files in /tmp/foo. However: -when connected via samba as joe I can successfully paste files into /tmp/foo. (not expected) -when connected via samba as sue I cannot paste files into /tmp/foo. (expected) It appears the UNIX file permissions are overriding the Samba configuration. I thought Samba worked the other way around but without allowing more rights than the UNIX permissions provide. In other words, why does joe have write access to a samba service defined as read only in the samba configuration? I also checked the Properties/Security of the share from my Windows 2000 PC and it says: Allow Joe Full Control Allow EveryoneRead Execute If this is how it is supposed to work then life gets difficult in the following circumstance: If I have a directory I want to make mountable from Samba as read only, I need to be careful and check all directory and file permissions to ensure no one connecting via Samba will have a UNIX write permission that overrides the Samba setting of read only. Is this correct behavior for Samba? Is there a way to make a service truely read only no matter who is connected and who ownes the files? I also discovered that if sue's group matches the group ownership of /tmp/foo, then sue has write access IF /tmp/foo is group writeable. Thanks in advance. Samba set up quickly and seems to work great, except for this little bit of strangeness. -Jim James E. Sullivan | Northrop Grumman IT Building 12B| on site at: NIH/CIT/DCSS/SOSB Room 2N207 | Phone:301-451-6372 Bethesda, MD 20892 | Email:[EMAIL PROTECTED] - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: TR : RE : [Samba] winbind and getent - fix ...
gary ng wrote: However, to echo you, I see the same problem and I have tried everything (symbolink link, moving the file from /lib to /usr/lib and back etc.) but a simple 'getent passwd' command just don't give me the samba users and adding a new user with the same name in the samba name space does bark. So libnss_winbind is not completely ignored, just under some situation. I may need to browse the code to have some clue. You may have already known this, but when I set this up I found that it was absolutely mandatory that the name of the libnss_winbind module be (exactly): libnss_winbind.so.2 In my case, I have a symbolic link in /lib with this name pointing to where I have Samba installed (which is under /opt). After running ldconfig with this link in place, everything began working properly. Without the .2 suffix on the link name (or on the library name), libnss_winbind never got called no matter what I did. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] After Upgrading to rc4 (and still with 3.0.0) having Groupmap problems.
On Fri, 26 Sep 2003, David van Geyn wrote: Hi, Before Samba 3.0.0 RC4 I was running Samba 3.0.0 beta3, and when I upgraded to RC4, I began having problems with group mappings. I didn't notice at first, because on my laptop I don't normally log on to the domain. I just noticed when I tried to use my desktop and log on to the domain... I don't have Domain Admin privileges. So, I look at 'net groupmap list' ... and it shows the Domain Admins group as mapped to the unix group domadm. Looks good, right? Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) - domadm Next I tried deleting that groupmap by using 'net groupmap delete sid=S-1-5-21-347...' Now the groupmap was deleted and now shows this: Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) - -1 So now I try to re-add it: 'net groupmap add ntgroup=Domain Admins unixgroup=domadm' and list it again. Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-512) - -1 Domain Admins (S-1-5-21-3475858016-1413099138-3485012925-2161) - domadm Now there are two Domain Admin mappings, one null (-1) and the new one I just created. As far as I know, that new one should have gone to the one with RID of 512. I checked to be sure, but NT/2000 is definitely looking for the old Domain Admins group with RID of 512, and the Samba PDF doc says Domain Admins should have an RID of 512. So, I tried to add a groupmap with that SID specifically. net groupmap add sid=S-1-5-21-3475858016-1413099138-3485012925-512 unixgroup=domadm To change an existing entry: net groupmap modify ntgroup=Domain Admins unixgroup=root To delete the spurious entry: net groupmap delete ntgroup=Domain Admins unixgroup=domadm - John T. And I get this response: adding entry for group domadm failed! So then I try: net groupmap add sid=S-1-5-21-3475858016-1413099138-3485012925-512 ntgroup=Domain Admins unixgroup=domadm And get the same: adding entry for group Domain Admins failed! I have run out of ideas for getting my groupmap working, but it is becoming very strange to log on to PC's and not have Domain Admin privileges. Hopefully there is an easy fix for this. Anyone have any ideas? If you need any more information, please ask. Thanks in advance, David van Geyn -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
CVS update: samba/source/utils
Date: Fri Sep 26 06:35:11 2003 Author: jra Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv13435/utils Modified Files: Tag: SAMBA_3_0 net_ads_cldap.c Log Message: Fix to parse the level-2 strings. From Anthony Liguori [EMAIL PROTECTED] Jeremy. Revisions: net_ads_cldap.c 1.5.2.6 = 1.5.2.7 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net_ads_cldap.c.diff?r1=1.5.2.6r2=1.5.2.7
CVS update: samba
Date: Fri Sep 26 09:54:10 2003 Author: ab Update of /home/cvs/samba In directory dp.samba.org:/tmp/cvs-serv2373 Modified Files: Tag: SAMBA_3_0 WHATSNEW.txt Log Message: Merge latest fixes from the release tree for WHATSNEW.txt Revisions: WHATSNEW.txt1.52.2.43 = 1.52.2.44 http://www.samba.org/cgi-bin/cvsweb/samba/WHATSNEW.txt.diff?r1=1.52.2.43r2=1.52.2.44
CVS update: samba/docs/docbook/projdoc
Date: Fri Sep 26 12:22:04 2003 Author: jelmer Update of /home/cvs/samba/docs/docbook/projdoc In directory dp.samba.org:/tmp/cvs-serv17953/projdoc Modified Files: Tag: SAMBA_3_0 CUPS-printing.xml PolicyMgmt.xml SWAT.xml printer_driver2.xml winbind.xml Log Message: More updates to better conform to the DTD Revisions: CUPS-printing.xml 1.1.2.18 = 1.1.2.19 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/CUPS-printing.xml.diff?r1=1.1.2.18r2=1.1.2.19 PolicyMgmt.xml 1.1.2.11 = 1.1.2.12 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/PolicyMgmt.xml.diff?r1=1.1.2.11r2=1.1.2.12 SWAT.xml1.1.2.8 = 1.1.2.9 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/SWAT.xml.diff?r1=1.1.2.8r2=1.1.2.9 printer_driver2.xml 1.1.2.17 = 1.1.2.18 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/printer_driver2.xml.diff?r1=1.1.2.17r2=1.1.2.18 winbind.xml 1.2.2.12 = 1.2.2.13 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/projdoc/winbind.xml.diff?r1=1.2.2.12r2=1.2.2.13
CVS update: samba/source
Date: Fri Sep 26 14:43:36 2003 Author: jerry Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv3598 Modified Files: Tag: SAMBA_3_0 configure.in Log Message: don't write to static pointers; patch from Anthony Revisions: configure.in1.300.2.168 = 1.300.2.169 http://www.samba.org/cgi-bin/cvsweb/samba/source/configure.in.diff?r1=1.300.2.168r2=1.300.2.169
CVS update: samba/source
Date: Fri Sep 26 14:44:11 2003 Author: jerry Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv3694 Modified Files: configure.in Log Message: don't write to static pointers; patch from Anthony Revisions: configure.in1.479 = 1.480 http://www.samba.org/cgi-bin/cvsweb/samba/source/configure.in.diff?r1=1.479r2=1.480
CVS update: samba/source/smbd
Date: Fri Sep 26 19:28:21 2003 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv4576/smbd Modified Files: Tag: SAMBA_3_0 password.c Log Message: Fix for valid users = %S in homes share. Jeremy. Revisions: password.c 1.248.2.16 = 1.248.2.17 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/password.c.diff?r1=1.248.2.16r2=1.248.2.17
CVS update: samba/source/smbd
Date: Fri Sep 26 21:03:32 2003 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv14941/smbd Modified Files: Tag: SAMBA_3_0 service.c Log Message: Ensure %S gets expanded in read/write lists. Jeremy. Revisions: service.c 1.85.2.29 = 1.85.2.30 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/service.c.diff?r1=1.85.2.29r2=1.85.2.30
CVS update: samba/source/lib
Date: Sat Sep 27 01:29:18 2003 Author: jra Update of /data/cvs/samba/source/lib In directory dp.samba.org:/tmp/cvs-serv7851/lib Modified Files: Tag: SAMBA_3_0 iconv.c Log Message: iconv isn't const safe. Neither should smb_iconv be. Jeremy. Revisions: iconv.c 1.18.2.8 = 1.18.2.9 http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/iconv.c.diff?r1=1.18.2.8r2=1.18.2.9