Majordomo results: Thank you!
Please see the attached file for details. Illegal command! No valid commands processed. Ignoring part of type application/octet-stream.
Annonces Immobilières Vente, Location Location de Vacances dans le Monde
Carlays Immobilier Carlays Vacances Tout l'Immobilier à Vendre ou à Louer dans le Monde http://www.carlays.com/immo http://www.carlays.com/vacances Plus de 500 000 annonces en 2003 ! Vous êtes à la recherche ou propriétaire d'un bien immobilier, à cet effet nous vous invitons à consulter notre portail immobilier : http://www.carlays.com www.carlays.com www.carlays.com/vacances/ www.carlays.com/immobilier/ www.carlays.com/entreprise/ www.carlays.com/credit/ --- Pour ne plus recevoir de message de notre part, vous pouvez demander le retrait définitif de votre adresse email de nos fichiers en cliquant sur le lien suivant: http://www.carlays.com/script/rooter.dll?p=mailing_unsubscribe[EMAIL PROTECTED] ---
[Samba] Re: samba 3.0 vfs module problem
I can't remember for certain, but try using a relative path. (e.g. vscan-mksd.so). I tried relative and non-relative path, with this same effect but you've right because in manual for samba-vscan we can read that in samba 3.0 we should use relative path. I had increase debug level of samba daemon and in my log I have found [2003/12/12 06:38:00, 3] smbd/vfs.c:vfs_init_custom(227) Initialising custom vfs hooks from [vscan-mksd.so] [2003/12/12 06:38:00, 5] lib/module.c:smb_probe_module(102) Probing module 'vscan-mksd.so' [2003/12/12 06:38:00, 5] lib/module.c:smb_probe_module(113) *** Probing module 'vscan-mksd.so': Trying to load from /usr/local/samba/lib/vfs/vscan-mksd.so.so *** after that, I had type: cd /usr/local/samba/lib/vfs ln -s vscan-mksd.so vscan-mksd.so.so and now I see in log from my workstation: [2003/12/12 07:41:34, 3] smbd/vfs.c:vfs_init_default(201) Initialising default vfs hooks [2003/12/12 07:41:34, 3] smbd/vfs.c:vfs_init_custom(227) Initialising custom vfs hooks from [vscan-mksd.so] [2003/12/12 07:41:34, 5] lib/module.c:smb_probe_module(102) Probing module 'vscan-mksd.so' [2003/12/12 07:41:34, 5] lib/module.c:smb_probe_module(113) ** Probing module 'vscan-mksd.so': Trying to load from /usr/local/samba/lib/vfs/v scan-mksd.so.so ** [2003/12/12 07:41:34, 5] smbd/vfs.c:smb_register_vfs(191) Successfully added vfs backend 'vscan-mksd' [2003/12/12 07:41:34, 5] mks/vscan-mksd.c:init_module(510) samba-vscan (vscan-mksd 0.3.4) registered (Samba 3.0), (c) by Rainer Link, Ope nAntiVirus.org [2003/12/12 07:41:34, 2] lib/module.c:do_smb_load_module(64) Module '/usr/local/samba/lib/vfs/vscan-mksd.so.so' loaded [2003/12/12 07:41:34, 0] smbd/vfs.c:vfs_init_custom(254) Can't find a vfs module [vscan-mksd.so] [2003/12/12 07:41:34, 0] smbd/vfs.c:smbd_vfs_init(317) smbd_vfs_init: vfs_init_custom failed for vscan-mksd.so but it's still not-working, and I don't know why, tomorrow I will try do symlink to the other places where samba can search this modules, now my company is working and I can do any test. If anyone have any sugestion I will gracefull regards Mariusz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3/ldap/net groupmap fails
Hi On Thu, Dec 11, 2003 at 06:17:30PM -0500, John Campbell wrote: On Thu, 2003-12-11 at 16:18, Fabien Chevalier wrote: I suppose it must work the same way ... Would you mind trying to add passwd backend = tdbsam ldapsam:ldap://server and try a net groupmap list? i just tried it, and now get the list of domain groups i would expect. now the trouble is the profiles don't load properly on the clients. they got logged in with a temp profile. the samba logs for my test system show: . are you suggesting this may be a problem with samba3? because i've been trying to resolve this issue for several days now, thinking there must be a problem with our ldap setup. somehow, it seems strange that this could be a problem with samba. we thought that perhaps samba didn't like something in our ldap. surely others are able to get the ntgroups to show correctly with ldapsam as the first backendotherwise, no one would have a working samba3/ldap setup. We use samba3+openldap 2.1 correctly. net groupmapping also works correctly. Are your samba.schema is up to date? What is the ldap version? Did you tried omitting the SID value? putting tdpsam as the first backend allows for ntgroups, but since we don't use it, none of our profiles load if we do this. users get stuck with temp profiles. this is driving me bonkers:-) --john -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3/ldap/net groupmap fails
sambaHi: I have just get this a little. Mandrake cooker:samba 3.0.1rc1:openldap 2.1.23just for test. hear is my smb.conf: log level = 1 passdb:10 auth:10 winbind:0 ldap suffix = o=xxx ldap admin dn = cn=root,o=xxx #ldap server = 127.0.0.1 #ldap port = 389 ldap machine suffix = ou=Computer ldap user suffix = ou=People ldap group suffix = ou=Group #ldap idmap suffix = ou=People you also need to do a little ldap log analysis. SLAPDSYSLOGLEVEL=256 in /etc/sysconfig/ldap After i look deep into those log of ldap, i think there MUST exist an nobody(guest) UID GID. In you DEBUG log ,there is a UID of 4G-1, which I think it can't map to a real UID. as for me, user nobody: uidNumber=65534 gidNumber=65534,group nobody: gidNumber=65534 http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html good for refrence -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3/ldap/net groupmap fails
Friday, December 12, 2003, 6:17:30 AM, John wrote: I don't understand why it is like this... Fabien are you suggesting this may be a problem with samba3? because i've been trying to resolve this issue for several days now, thinking there must be a problem with our ldap setup. somehow, it seems strange that this could be a problem with samba. we thought that perhaps samba didn't like something in our ldap. surely others are able to get the ntgroups to show correctly with ldapsam as the first backendotherwise, no one would have a working samba3/ldap setup. putting tdpsam as the first backend allows for ntgroups, but since we don't use it, none of our profiles load if we do this. users get stuck with temp profiles. this is driving me bonkers:-) Hi, 1. you must create group mapping manually. 2. unix group you've assigning to Domain Admins MUST be in ldap (not in /etc/group). ie. root# net groupmap modify rid=512 -d1 ntgroup=Domain Admins unixgroup=domadmin the domadmin group must be stored in ldap, not /etc/group. i found lot of typo or incorrect info in smb howto collection, i've ordering the printable version on amazon, hopefully it has different content than the online version. --john --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] USRMGR.EXE won't add user
_ / | /usr/local/samba/bin/mygroupadd \_ / | #!/bin/bash | | # Add the group using normal system groupadd tool. | groupadd smbtmpgrp00 | | thegid=`cat /etc/group | grep smbtmpgrp00 | cut -d : -f3` | | # Now change the name to what we want for the MS Windows networking end | cp /etc/group /etc/group.bak | cat /etc/group.bak | sed -e s/smbtmpgrp00/$1/g /etc/group | | # Now return the GID as would normally happen. | echo $thegid | exit 0 | \_ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba I hope I'm not imposing, but I was reading your post. I'm setting up my own Domain using Samba 3.0. My Domain was running to my satisfaction using 2.27a. I have since upgraded to 3.0, have been having some problems. Did USRMGR.EXE administration work in 2.27a? that is mygroupdel. I was wondering if you could post it. I noticed I haven't written up any mygroupdel. But now I tried /usr/sbin/groupdel and it works even for strange group names like Live Beef sh-2.05b# /usr/local/samba/bin/mygroupadd Live Beef 414 bash-2.05b# fgrep Live Beef /etc/group Live Beef:x:414: bash-2.05b# /usr/sbin/groupdel Live Beef bash-2.05b# fgrep Live Beef /etc/group bash-2.05b# So I changed my smb.conf line to delete group script = /usr/sbin/groupdel %g Is it possible my problems were caused by not-working group deletion? I doubt USRMGR.EXE would delete any groups on user addition. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: USRMGR.EXE won't add user
long stupid passwd). The user wasn't in the database. Then clicked OK. Never managed to add user this way. CVS head 2003-12-10: Access is denied 3.0.1rc1:Access is denied 3.0.1rc2:Access is denied 3.0.0: Access is denied I'm not sure if this is of any help, but did you map the NT groups to the Unix groups? i.e., net groupmap modify ntgroup=Domain Admins unixgroup=domadm? Yes, this is my script that automatically sets up Samba for tests (I run it after make install.) _ / | copy_samba \_ / | #!/bin/bash | | spt=/usr/local/samba | | cp $spt/my/my* $spt/bin/ | cp $spt/my/smb.conf $spt/lib/ | cp $spt/my/lmhosts $spt/lib/ | pdbedit -m -a -u neptun | net groupmap modify ntgroup=Domain Admins unixgroup=domadm | net groupmap modify ntgroup=Domain Users unixgroup=smbusers | net groupmap modify ntgroup=Domain Guests unixgroup=nobody | /etc/init.d/samba start | echo Enter password for root: | pdbedit -a -u root | echo Enter password for test: | pdbedit -a -u test \_ and from /etc/group: domadm:x:412:admin,root So that root is even a member of Domain Admins - and still I can't add users. What can I do is move users into a group and change their description from Windows. Cl I think that I ran into similar problems when I upgraded from Samba 2.2.8a to 3.0, and it turned out that I hadn't correctly mapped the groups. Eddie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Forcing Users to change passwords.
i totally agree. unfortunatly my user base is mostly 16-18 year olds. getting them to put anything other than thier football team, phone number or boyfriend/girlfriend's name is quite a task in it self. Many Thanks Ross McInnes On Wed, 10 Dec 2003, Todd O'Bryan wrote: What's the latest research on this? I heard it's better to make users pick something secure and stick with it, because if you force people to change, they're likely to pick less secure passwords and do stupid things with them, like write them down or something. Changing every 3 months doesn't seem terrible, but it's still a big pain. Todd O'Bryan On Dec 10, 2003, at 8:28 AM, Ross McInnes (Systems) wrote: Recently we were audited and as part of that they looked at our systems and policies etc and produced a report. As part of that report they mentioned about forcing users to change thier passwords every 90 days or so. They also mentioned about disabling accounts after 3 login attempts. Im pretty sure both can be done on NT, but id rather stick with rh and samba thanks ever so much. Can samba does these things? even if its a tinkering kind of job? Many thanks Ross McInnes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: adding machines to the domain with Samba 3.0.0
Le Thu, Dec 11, 2003 at 10:06:17PM -0600, Andrew Gaffney a ecrit: admin users = @domainadmins This will allow any user in the domainadmins group join machines to the domain. You've got the wrong option. That option allows the specified users to connect as if they were root on that share. It is not the same as the 'domain admin group' option in 2.2.x. This option is not the same of 'domain admin group' in 2.2.X but it allow it's membre to join computer to the domain. -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: access controls on shares
le Thu, 11 Dec 2003 15:03:35 -0300, Leandro Ariel Gomez Chavarria [EMAIL PROTECTED] wrote : I solve this using the option admin users in shares, like that: [Finances] path = /Groups/Finances valid users = @DOMAIN+Finances admin users = @DOMAIN+Domain Admins Everyone who belongs to the Finances group can access the share, but can't modify acls from windows, but, everyone who belongs to the Domain Admins group can modify acls without problem, if you look in the smbstatus the connection is made by root. It don't work for me. Are you talking about share ACLs or ACLs on files and directories? -- busab -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: access controls on shares
le Thu, 11 Dec 2003 11:28:49 -0600, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote : you must create a local Samba account for root. Only root How do you that? With guest account = root? I don't need to modify shares ACLs every day, so having to change smb.conf set permissions is not a problem. (uid == 0) can set share acls. We're working on extending this to use group membership (e.g. Domain Admins) but havne't finished it yet. thanks. -- busab -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tall tale of woe....
Many thanks for your reply gerry, its certainly put some light to all of this. in answer to your questions I'm assuming that you are running version 2.2.x (included with RH8).. Have you tested 3.0 (wait until 3.0.1 if you haven't yet since there are a lot of bug fixes in it). im running 2.2.8a with no imediate plans to upgrade, unless everything else ive tried fails. What is the smbd process doing ? Trying running strace or get a backtrace in gdb to find out where it is spending its time. When and if it happens again i will try and get an strace im assuming its simply strace -p PID does it log the results somewhere? or do i to a log file? was thinking just in case it was a lot of information. Probably fctnl() calls when looking up data in a tdb. Find out which tdb (withe look in /proc/pid/fd to match the file descriptor or us lsof). Also check the network traffic at this point. very useful command that lsof. again when it happens i will definatly have a look. Are you servning printers by chance? If so have you set 'disable spoolss = yes' ? I've seen high CPU utilization cases in relation to this param. yes i am serving printers.. ive just checked the config and i dont have 'disable spoolss = yes' use mii-tool and check the duplex settings. And any hardware can have problem no matter what the price tag says :-) Chgeck you routers. Maybe they are getting overloaded or are dropping packets. Ah, yes network traffic. i ran mii-tool and it reports eth0: negotiated 100baseTx-FD flow-control, link ok However, its a GB card and acording to the switch linked at a GB. im hoping mii-tool is wrong. ive just enabled monitoring on switch and will keep an eye on this... we also run an admin network here, which is on the same equipment. Never during these outages have they complained about it being slow or unusable... however thats not to say that its nothing to do with it, since it could be just that server and the port its on. i'd just like to say i really apriciate your help in this matter. Many Thanks Ross McInnes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] USRMGR.EXE now adds users :)
Was it my fault, of course. passwd program = /bin/passwd was wrong. Right is passwd program = /bin/passwd %u Passwd chat: passwd chat = *ew*password* %n\n *ew*password* %n\n I can add users, add groups, delete users, delete groups,... :) My backend is tdbsam. How did I find it? Was reading through /usr/local/samba/var/log.smbd and saw a complaint that passwd program must contain %u. Why doesn't testparm test this? If it did, it would save me two days of experiments ;-) Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Failure joining W2k Domain [debug info included]
Please help.. I have been searching for two days trying everything that I can find to solve this problem. Let's do the setup. Single ADS Domain, Primary and Backup Domain Controllers Windows 2000 Advanced Server SP4 FreeBSD 4.8 Samba 3 (custom build with (./configure -with-pam -with-winbind --with-winbind-auth-challenge)) smb.conf build with SWAT # Global parameters [global] workgroup = CORP-A netbios name = IOPROB server string = File/Web Server interfaces = 192.168.1.250 security = DOMAIN encrypt passwords = Yes password server = DEVIANT DIABLO log file = /var/log/log.%m max log size = 50 name resolve order = hosts lmhosts wins bcast dns proxy = No wins server = 192.168.1.4 192.168.1.6 winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No Now that all that is stated, I have added the machine computer account on the W2K Server, also added a user root with domain admin privileges. I have change the value of HKLM\SYSTEM\CCS\Services\lanmanserver\parameters\requiresecuritysignature = 0. I have waited for replication of account and computer information for 1 hour, and checked the Event Logs, nothing in regards to failed authentication. I have run the following command many ways including specific DC's, or just letting it select the Primary. The command and debug 10 (smbpasswd -c /usr/local/etc/smb.conf -r deviant.corp-a.standingtrustee.com -j CORP-A -U administrator -D 10) Initialising global parameters params.c:pm_process() - Processing configuration file /usr/local/etc/smb.conf Processing section [global] doing parameter workgroup = CORP-A doing parameter netbios name = IOPROB handle_netbios_name: set global_myname to: IOPROB doing parameter server string = File/Web Server doing parameter interfaces = 192.168.1.250 doing parameter security = DOMAIN doing parameter encrypt passwords = Yes doing parameter password server = DEVIANT DIABLO doing parameter log file = /var/log/log.%m doing parameter max log size = 50 doing parameter name resolve order = hosts lmhosts wins bcast doing parameter dns proxy = No doing parameter wins server = 192.168.1.4 192.168.1.6 wins_srv_load_list(): Building WINS server list: 192.168.1.4, 192.168.1.6, 2 WINS servers listed. doing parameter winbind uid = 1-2 doing parameter winbind gid = 1-2 doing parameter winbind use default domain = Yes pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: ROLE_DOMAIN_MEMBER codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l-u = True) (u-l = True) Adding chars 0xa0 0xb5 (l-u = True) (u-l = True) Adding chars 0x83 0xb6 (l-u = True) (u-l = True) Adding chars 0xc6 0xc7 (l-u = True) (u-l = True) Adding chars 0x84 0x8e (l-u = True) (u-l = True) Adding chars 0x86 0x8f (l-u = True) (u-l = True) Adding chars 0x91 0x92 (l-u = True) (u-l = True) Adding chars 0x87 0x80 (l-u = True) (u-l = True) Adding chars 0x8a 0xd4 (l-u = True) (u-l = True) Adding chars 0x82 0x90 (l-u = True) (u-l = True) Adding chars 0x88 0xd2 (l-u = True) (u-l = True) Adding chars 0x89 0xd3 (l-u = True) (u-l = True) Adding chars 0x8d 0xde (l-u = True) (u-l = True) Adding chars 0xa1 0xd6 (l-u = True) (u-l = True) Adding chars 0x8c 0xd7 (l-u = True) (u-l = True) Adding chars 0x8b 0xd8 (l-u = True) (u-l = True) Adding chars 0xd0 0xd1 (l-u = True) (u-l = True) Adding chars 0xa4 0xa5 (l-u = True) (u-l = True) Adding chars 0x95 0xe3 (l-u = True) (u-l = True) Adding chars 0xa2 0xe0 (l-u = True) (u-l = True) Adding chars 0x93 0xe2 (l-u = True) (u-l = True) Adding chars 0xe4 0xe5 (l-u = True) (u-l = True) Adding chars 0x94 0x99 (l-u = True) (u-l = True) Adding chars 0x9b 0x9d (l-u = True) (u-l = True) Adding chars 0x97 0xeb (l-u = True) (u-l = True) Adding chars 0xa3 0xe9 (l-u = True) (u-l = True) Adding chars 0x96 0xea (l-u = True) (u-l = True) Adding chars 0x81 0x9a (l-u = True) (u-l = True) Adding chars 0xec 0xed (l-u = True) (u-l = True) Adding chars 0xe7 0xe8 (l-u = True) (u-l = True) Adding chars 0x9c 0x0 (l-u = False) (u-l = False) load_dos_unicode_map: 850 load_unicode_map: loading unicode map for codepage 850. load_unix_unicode_map: ISO8859-1 (init_done=0, override=0) load_unicode_map: loading unicode map for codepage ISO8859-1. added interface ip=192.168.1.250 bcast=192.168.1.255 nmask=255.255.255.0 cli_init_creds: user administrator domain CORP-A flgs: 0 ntlmssp_cli_flgs:0 cli_establish_connection: IOPROB00 connecting to DEVIANT.CORP-A.20 (0.0.0.0) - administrator [CORP-A] resolve_hosts:
[Samba] help
hello, in first sorry for my english. I've got some problems to apply some permissions on a directory and the behaviour depend on the windows client version. I create a directory like that : directory toto owner : rwx group : rwx other wx i want that users (other) cant read but can write in the following share i make a share in smb.conf like that [toto] path = /home/toto browsable = no read only = no i make this test with samba 2.2.2 and both windows 98, windows 2000 clients the behaviour is correct with windows 98(the users other cant read the share but can put some files in it) it doesnt work with a windows 2000 client thank you for your answer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] make install: what all databases must be deleted
Hello When copying over one version of Samba 3.* with another, what all databases must be deleted and built again to prevent corruption of them? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows 2000 and krb5 tickets.
From: Mark Hudson [mailto:[EMAIL PROTECTED] I'm also getting the exact same problem. The samba machine can be added into the w2k-controlled ads fine. But when my w2k clients connect to it, they prompt for a username and password. If this is entered, things work fine. The w2k clients also cannot browse the sharelist on the samba server until they have connected to a share with a valid UID/password first. I am seeing the same errors in samba's logs. The samba server is a stock Red Hat Enterprise Linux 3 ES machine. Hello, did you connect to the samba server via Netbios-Name or via IP-Address? Here I can connect to the samba-machine via IP fine, but a connect via Netbios-name asks for username and password. I have no solution up to now for this problem, but I remember, this topic was discussed earlier on this list (maybe 6 weeks ago). I did not find the mails in an archive, because I cannot remember the keywords. Mit freundlichen Grüßen Wolfgang Wagner -- Systemadministration Riwa GmbH, Zwingerstraße 1, 87435 Kempten, +49-831-52 29 63-537 eMail:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Forcing Users to change passwords.
Does anyone know of an add-on you can use with a Windows domain to check the security of the password before it allows a change? With a terminal server system I had, the server complained if the password was too close to a dictionary word, too close to the student login, 7 digits (i.e., looked like a phone number), etc. I'm sure my students (I teach high school, too) have picked really bad passwords, too, but I have no good way to enforce the picking of good ones. Todd On Dec 12, 2003, at 3:30 AM, Ross McInnes (Systems) wrote: i totally agree. unfortunatly my user base is mostly 16-18 year olds. getting them to put anything other than thier football team, phone number or boyfriend/girlfriend's name is quite a task in it self. Many Thanks Ross McInnes On Wed, 10 Dec 2003, Todd O'Bryan wrote: What's the latest research on this? I heard it's better to make users pick something secure and stick with it, because if you force people to change, they're likely to pick less secure passwords and do stupid things with them, like write them down or something. Changing every 3 months doesn't seem terrible, but it's still a big pain. Todd O'Bryan On Dec 10, 2003, at 8:28 AM, Ross McInnes (Systems) wrote: Recently we were audited and as part of that they looked at our systems and policies etc and produced a report. As part of that report they mentioned about forcing users to change thier passwords every 90 days or so. They also mentioned about disabling accounts after 3 login attempts. Im pretty sure both can be done on NT, but id rather stick with rh and samba thanks ever so much. Can samba does these things? even if its a tinkering kind of job? Many thanks Ross McInnes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: S3 domain member shares won't authorize secondary groups, only for W98
Hi list, Last message on the topic is long so I won't reproduce it here. You can still read it at : http://marc.theaimsgroup.com/?l=sambam=107099931908523w=2. I have more news on this front. I made level 10 logs from win98 with samba 3.0.1rc2 and 2.2.8a. It seems that 2.2.8a converts the usename given by win98 to lowercase, which in turn makes unix return all the groups of the unix user : [2003/12/12 10:31:35, 10] smbd/password.c:register_vuid(288) register_vuid: (1000,513) jerome JEROME DOMAIN guest=0 [2003/12/12 10:31:35, 10] smbd/password.c:register_vuid(298) register_vuid: allocated vuid = 100 [2003/12/12 10:31:35, 3] smbd/sec_ctx.c:push_sec_ctx(297) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/12/12 10:31:35, 3] smbd/uid.c:push_conn_ctx(286) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/12/12 10:31:35, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/12/12 10:31:35, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 4 groups: 513, 550, 103, 102 [2003/12/12 10:31:35, 3] smbd/sec_ctx.c:pop_sec_ctx(436) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/12 10:31:35, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 4 groups: 513, 550, 103, 102 [2003/12/12 10:31:35, 10] smbd/uid.c:sid_to_gid(900) sid_to_gid: winbind lookup for sid S-1-5-21-1150874807-1180408084-429402335-513 failed - trying local. [2003/12/12 10:31:35, 10] smbd/uid.c:sid_to_gid(900) sid_to_gid: winbind lookup for sid S-1-5-21-1150874807-1180408084-429402335-550 failed - trying local. [2003/12/12 10:31:35, 10] smbd/uid.c:sid_to_gid(900) sid_to_gid: winbind lookup for sid S-1-5-21-1150874807-1180408084-429402335-1207 failed - trying local. [2003/12/12 10:31:35, 10] smbd/uid.c:sid_to_gid(900) sid_to_gid: winbind lookup for sid S-1-5-21-1150874807-1180408084-429402335-1205 failed - trying local. [2003/12/12 10:31:35, 10] smbd/uid.c:uid_to_sid(758) uid_to_sid: local 1000 - S-1-5-21-889427125-3291125262-439525394-3000 [2003/12/12 10:31:35, 10] smbd/uid.c:gid_to_sid(795) gid_to_sid: local 513 - S-1-5-21-889427125-3291125262-439525394-2027 [2003/12/12 10:31:35, 10] smbd/uid.c:gid_to_sid(795) gid_to_sid: local 550 - S-1-5-21-889427125-3291125262-439525394-2101 [2003/12/12 10:31:35, 10] smbd/uid.c:gid_to_sid(795) gid_to_sid: local 103 - S-1-5-21-889427125-3291125262-439525394-1207 [2003/12/12 10:31:35, 10] smbd/uid.c:gid_to_sid(795) gid_to_sid: local 102 - S-1-5-21-889427125-3291125262-439525394-1205 As you can see, all the lookups are done with a lowercase account name. And thus find all the groups that the user belongs to. But samba 3 keeps the user given by win98 in all uppercase : It starts by the use of username level parameter : [2003/12/12 10:17:05, 5] lib/username.c:Get_Pwnam(288) Finding user DOMAIN\JEROME [2003/12/12 10:17:05, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is domain\jerome [2003/12/12 10:17:05, 5] lib/username.c:Get_Pwnam_internals(230) Trying _Get_Pwnam(), username as given is DOMAIN\JEROME [2003/12/12 10:17:05, 5] lib/username.c:Get_Pwnam_internals(247) Checking combinations of 8 uppercase letters in domain\jerome [2003/12/12 10:17:15, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals didn't find user [DOMAIN\JEROME]! [2003/12/12 10:17:15, 5] lib/username.c:Get_Pwnam(288) Finding user JEROME [2003/12/12 10:17:15, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is jerome [2003/12/12 10:17:15, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals did find user [JEROME]! [2003/12/12 10:17:15, 10] passdb/pdb_get_set.c:pdb_set_username(593) pdb_set_username: setting username jerome, was So one may think that username 'jerome' (all lowercase is used). Then comes the group membership determination : [2003/12/12 10:17:15, 10] lib/system_smbd.c:sys_getgrouplist(113) sys_getgrouplist: user [JEROME] [2003/12/12 10:17:15, 10] lib/system_smbd.c:sys_getgrouplist(122) sys_getgrouplist(): disabled winbindd for group lookup [user == JEROME] [2003/12/12 10:17:15, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/12/12 10:17:15, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/12/12 10:17:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/12/12 10:17:15, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/12/12 10:17:15, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/12/12 10:17:15, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/12 10:17:15, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 1000 Primary group is 513 and contains 2 supplementary groups Group[ 0]: 513 Group[ 1]: 513 As
[Samba] RE: Question on log-in difficulties
Dear Listmembers, apparently my attachement was not distributed via the list, therefore I add it once again to this email; plain text following my question. Many thanks for any suggestion in advance: I am using a SPARC ULTRA 60 / running SuSE sparc linux 7.3 as server for our M$-Network. I recently installed samba-2.2.8a from SuSE (compiled src-rpm), since then I am facing problems when attaching to the server for certain users given specific conditions. When saying reconnect at login, the reconnect at login fails, whereas the connect during normal operation (by using tools- map network drive ) works flawlessly for any user. The only thing that is apparent to me is the fact that checking the password is failing even though the identical password is supplied. Please find attached the logfiles from smbd having adjusted the smbd loglevel to 6. I am using encrypted passwords, please let me know if any additional information would be required (i. e. smb.conf, different loglevel ...). The relevant areas are marked by LOGON START/END FAILURE and LOGON START/END SUCCESS Many many thanks for your efforts in advance, take care Dieter Jurzitza LOGON START --- FAILURE Domain=[HBI] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/12/11 07:38:26, 3] smbd/reply.c:reply_sesssetup_and_X(890) sesssetupX:name=[DJurzitza] [2003/12/11 07:38:26, 6] param/loadparm.c:lp_file_list_changed(2314) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Thu Dec 11 06:52:57 2003 [2003/12/11 07:38:26, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(339) getsmbfilepwent: skipping comment or blank line [2003/12/11 07:38:26, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(339) getsmbfilepwent: skipping comment or blank line [2003/12/11 07:38:26, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(339) getsmbfilepwent: skipping comment or blank line [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user AziziS, uid 501 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user FBaehren, uid 502 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user MBaudisch, uid 503 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user BechtM, uid 504 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user CBenz, uid 505 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user SBeyer, uid 506 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HBreckle, uid 507 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HCarenborn, uid 508 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user DedeckeV, uid 509 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user FedterT, uid 510 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HammP, uid 511 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user AHerden, uid 512 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HessW, uid 513 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user KHuebner, uid 514 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user DJurzitza, uid 515 [2003/12/11 07:38:26, 4] lib/substitute.c:automount_server(183) Home server: oekalux08 [2003/12/11 07:38:26, 4] lib/substitute.c:automount_server(183) Home server: oekalux08 [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(475) smb_password_ok: Checking SMB password for user DJurzitza [2003/12/11 07:38:26, 5] smbd/password.c:smb_password_ok(489) smb_password_ok: challenge received [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(499) smb_password_ok: Checking NT MD4 password [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(504) smb_password_ok: NT MD4 password check failed [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(518) smb_password_ok: Checking LM password [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(523) smb_password_ok: LM password check failed [2003/12/11 07:38:26, 2] smbd/password.c:pass_check_smb(575) pass_check_smb failed - invalid password for user [DJurzitza] [2003/12/11 07:38:26, 2] smbd/reply.c:reply_sesssetup_and_X(997) NT Password did not
[Samba] configure error with --enable-dmalloc
Hi list, I'm trying to compile samba 3.0.1 rc1 with --enable-dmalloc switch because I have been asked to provide more information on a winbindd panic on a Solaris server. However the configure fails with the error shown below, config.status: creating include/config.h Note: The dmalloc debug library will be included. To turn it on use ./configure: command substitution: line 3: syntax error: unexpected end of file ./configure: command substitution: line 3: syntax error: unexpected end of file any ideas? thanks Andy. BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error messages
Hi all! Hi have the following error messages: Connections Denied: lib/util_sock.c:get_socket_addr(919) getpeername failed. Error was Der Socket ist nicht verbunden (0.0.0.0) : 4 Time(s) **Unmatched Entries** lib/access.c:check_access(328) : 4 Time(s) lib/util_sock.c:get_socket_addr(919) getpeername failed. Error was Der Socket ist nicht verbunden : 5 Time(s) lib/util_sock.c:get_socket_addr(919) getpeername failed. Error was Der Socket ist nicht verbunden Connection denied from 0.0.0.0 : 4 Time(s) lib/util_sock.c:read_socket_data(342) read_socket_data: recv failure for 1614. Error = Keine Route zum Zielrechner : 1 Time(s) lib/util_sock.c:read_socket_data(342) read_socket_data: recv failure for 4. Error = Die Verbindung wurde vom Kommunikationspartner zurückgesetzt : 8 Time(s) lib/util_sock.c:read_socket_data(342) read_socket_data: recv failure for 4. Error = Keine Route zum Zielrechner : 8 Time(s) lib/util_sock.c:send_smb(585) Error writing 5 bytes to client. -1. (Die Verbindung wurde vom Kommunikationspartner zurückgesetzt) : 4 Time(s) lib/util_sock.c:write_socket(413) write_socket: Error writing 5 bytes to socket 16: ERRNO = Die Verbindung wurde vom Kommunikationspartner zurückgesetzt : 1 Time(s) lib/util_sock.c:write_socket(413) write_socket: Error writing 5 bytes to socket 5: ERRNO = Die Verbindung wurde vom Kommunikationspartner zurückgesetzt : 3 Time(s) lib/util_sock.c:write_socket_data(388) write_socket_data: write failure. Error = Die Verbindung wurde vom Kommunikationspartner zurückgesetzt : 4 Time(s) What do they mean and have to do something to solve the problems ? mf PAUL -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-ldap-acl
Hi, At this moment I am running samba v2.2.8 with a ldap-back-end as a pdc. It works fine but I am looking for acl-support. My samba has acl-support and my filesystem has acl-support too. Setting acl's on the files works fine. But im wondering if it is possible too set acl's with a windows 2000 client. Setting it with properties security and add and remove it is that possible? Or does it only work with a password server? Greetings, Martijn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3/ldap/net groupmap fails
We use samba3+openldap 2.1 correctly. net groupmapping also works correctly. Are your samba.schema is up to date? What is the ldap version? In my case i use OpenLDAP 2.1.23, with Samba 3.0.0 schemas. 'net groupmapping' works fine except you don't have default mappings when using an ldap backend as first backend, i.e.: with passwd backend = tdbsam ldapsam_compat://... dc-sorral-05:~# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Users (S-1-5-21-50507076-2264231353-679752913-513) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domain Guests (S-1-5-21-50507076-2264231353-679752913-514) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Admins (S-1-5-21-50507076-2264231353-679752913-512) - -1 dc-sorral-05:~# with passwd backend = ldapsam_compat:// tdbsam ... dc-sorral-05:~# net groupmap list Domain Users (S-1-5-21-50507076-2264231353-679752913-513) - utilisateurs Domain Admins (S-1-5-21-50507076-2264231353-679752913-512) - sambaadmin Domain Guests (S-1-5-21-50507076-2264231353-679752913-514) - guests dc-sorral-05:~# But you can still create mappings if you want (provided the unix group is stored in ldap and not int /etc/groups) Regards, Fabien Chevalier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problems with file date/time creation and modification
I have Time precision problem between linux samba shares and M$ files I want to use my tux to save files from my M$ PC's. Of course I want to do incrementals copy based on modification date... I mount my samba shares from my Windows Boxs and use tools on the micro$oft boxs. (Xcopy /D or SyncroniX ) The problem is that the modification date on the samba share and on de source file on the M$ local disk is sometimes different by 1s (newer or older). For example I create a file c:\mytest.txt the file properties says Created modified at 18:30:01 I xcopy it to my samba share window$ properties says Created modified at 18:30:00 which is older! so when I xcopy /D the file is copied again and again. I'm Running samba-2.2.7a-8.9.0 on Redhat 9.0 My M$ boxs are both W2K and XP (on NTFS). I've searched a little around and set : dos filetime resolution = yes 'for the dos 2s resolution time... and : dos filetimes = yes '...for Visual C++... But it didn't change anything. Is it possible to syncronize these filetimes...? Probably not. I believe DOS/Windows packs the time in such a way that they have no notion of odd seconds times. All seconds are even. But that is normally no problem. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Question on log-in difficulties
Dear Listmembers, apparently my attachement was not distributed via the list, therefore I add it once again to this email; plain text following my question. Many thanks for any suggestion in advance: I am using a SPARC ULTRA 60 / running SuSE sparc linux 7.3 as server for our M$-Network. I recently installed samba-2.2.8a from SuSE (compiled src-rpm), since then I am facing problems when attaching to the server for certain users given specific conditions. When saying reconnect at login, the reconnect at login fails, whereas the connect during normal operation (by using tools- map network drive ) works flawlessly for any user. The only thing that is apparent to me is the fact that checking the password is failing even though the identical password is supplied. Please find attached the logfiles from smbd having adjusted the smbd loglevel to 6. I am using encrypted passwords, please let me know if any additional information would be required (i. e. smb.conf, different loglevel ...). The relevant areas are marked by LOGON START/END FAILURE and LOGON START/END SUCCESS Many many thanks for your efforts in advance, take care Dieter Jurzitza LOGON START --- FAILURE Domain=[HBI] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/12/11 07:38:26, 3] smbd/reply.c:reply_sesssetup_and_X(890) sesssetupX:name=[DJurzitza] [2003/12/11 07:38:26, 6] param/loadparm.c:lp_file_list_changed(2314) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Thu Dec 11 06:52:57 2003 [2003/12/11 07:38:26, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(339) getsmbfilepwent: skipping comment or blank line [2003/12/11 07:38:26, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(339) getsmbfilepwent: skipping comment or blank line [2003/12/11 07:38:26, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(339) getsmbfilepwent: skipping comment or blank line [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user AziziS, uid 501 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user FBaehren, uid 502 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user MBaudisch, uid 503 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user BechtM, uid 504 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user CBenz, uid 505 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user SBeyer, uid 506 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HBreckle, uid 507 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HCarenborn, uid 508 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user DedeckeV, uid 509 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user FedterT, uid 510 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HammP, uid 511 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user AHerden, uid 512 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HessW, uid 513 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user KHuebner, uid 514 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user DJurzitza, uid 515 [2003/12/11 07:38:26, 4] lib/substitute.c:automount_server(183) Home server: oekalux08 [2003/12/11 07:38:26, 4] lib/substitute.c:automount_server(183) Home server: oekalux08 [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(475) smb_password_ok: Checking SMB password for user DJurzitza [2003/12/11 07:38:26, 5] smbd/password.c:smb_password_ok(489) smb_password_ok: challenge received [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(499) smb_password_ok: Checking NT MD4 password [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(504) smb_password_ok: NT MD4 password check failed [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(518) smb_password_ok: Checking LM password [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(523) smb_password_ok: LM password check failed [2003/12/11 07:38:26, 2] smbd/password.c:pass_check_smb(575) pass_check_smb failed - invalid password for user [DJurzitza] [2003/12/11 07:38:26, 2] smbd/reply.c:reply_sesssetup_and_X(997) NT Password did not
[Samba] Samba
Dear sir/Madam, I understand that SAMBA is used when converting UNIX systems - Microsoft systems. I am currently studying at university and as part of my module, we were given a hypothetical situation which we were to solve.This hypothetical company are currently using the UNIX operating system and we were wanting to change them to Microsoft. We understand that they could lose their work due to this change. Could you please inform me of the cost of this transversion for one PC and any training that would be required. Yours faithfully Gillian Hay - BT Yahoo! Broadband - Save £80 when you order online today. Hurry! Offer ends 21st December 2003. The way the internet was meant to be. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Question about groups in ldap
Hi I have serveral questions about groups in ldap. Is it possible to use different groups with the same well known SID or is a well known SID only allowed once? Is it allowed to uses spaces in groupnames, e.g. domain admins? Afaik groups with spaces are not posix conform. In Samba-Developers-Guide.pdf included with samba 3.0 page 72f. In the document well known groups have special names starting with DOMAIN_. Can Windows clients recognize these names and translate them into localized groupnames, like user or power users in english and Benutzer and Hauptbenutzer in german? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roamin Profile problem / filedate issue
Guys, I've identified a problem I think Config: Samba 2.2.8a on Linux and Solaris WinXP SP1 and Win2kSP4 workstations We have a problem here, when logging out and using roaming profiles on a samba host take significantly longer than logging out when the profile is stored on a Win2k server. Looking closely I've discovered the following. On each logout, numerous files, that have not changed are still copied up to the server. Looking more closely, I discovered that some of these files are have different last modification dates, where the date on the server is 1 second older than the version on the workstation. This means, that on logout the files are copied up each time, but due to some unknown issue, the date is unable to be set to the correct time. On next logon, the local file has a later date, so the file is not copied down, next logout, the file gets copied back, as the date is still one second to old. (Note: not all files are like this, only a subset, with some common property I have yet to identify) I've played with the dos filetime resolution setting, and it seems to make no difference to the behavior. Has anybody else seen this issue, and are there any suggested solutions I should check out ? Cheers Dave... -- David Schwarz, Desktop - Workgroup Section Leader, Information Technology Services Division Deakin University Geelong Victoria 3217 Australia. Phone: 03 5227 8938 International: +61 3 52278938 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au Deakin University CRICOS Provider Code Important Notice: The contents of this email transmission, including any attachments, are intended solely for the named addressee and are confidential; any unauthorised use, reproduction or storage of the contents and any attachments is expressly prohibited. If you have received this transmission in error, please delete it and any attachments from your system immediately and advise the sender by return email or telephone. Deakin University does not warrant that this email and any attachments are error or virus free. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Sorry ...
Sorry for making noise. My postings did not get through. Please dispose. *** Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und loeschen Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorised copying, disclosure or distribution of the contents in this e-mail is strictly forbidden. *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with logging in ...
Dear Listmembers, apparently my attachement was not distributed via the list, therefore I add it once again to this email; plain text following my question. Many thanks for any suggestion in advance: I am using a SPARC ULTRA 60 / running SuSE sparc linux 7.3 as server for our M$-Network. I recently installed samba-2.2.8a from SuSE (compiled src-rpm), since then I am facing problems when attaching to the server for certain users given specific conditions. When saying reconnect at login, the reconnect at login fails, whereas the connect during normal operation (by using tools- map network drive ) works flawlessly for any user. The only thing that is apparent to me is the fact that checking the password is failing even though the identical password is supplied. Please find attached the logfiles from smbd having adjusted the smbd loglevel to 6. I am using encrypted passwords, please let me know if any additional information would be required (i. e. smb.conf, different loglevel ...). The relevant areas are marked by LOGON START/END FAILURE and LOGON START/END SUCCESS Many many thanks for your efforts in advance, take care Dieter Jurzitza LOGON START --- FAILURE Domain=[HBI] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/12/11 07:38:26, 3] smbd/reply.c:reply_sesssetup_and_X(890) sesssetupX:name=[DJurzitza] [2003/12/11 07:38:26, 6] param/loadparm.c:lp_file_list_changed(2314) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Thu Dec 11 06:52:57 2003 [2003/12/11 07:38:26, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(339) getsmbfilepwent: skipping comment or blank line [2003/12/11 07:38:26, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(339) getsmbfilepwent: skipping comment or blank line [2003/12/11 07:38:26, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(339) getsmbfilepwent: skipping comment or blank line [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user AziziS, uid 501 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user FBaehren, uid 502 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user MBaudisch, uid 503 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user BechtM, uid 504 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user CBenz, uid 505 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user SBeyer, uid 506 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HBreckle, uid 507 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HCarenborn, uid 508 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user DedeckeV, uid 509 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user FedterT, uid 510 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HammP, uid 511 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user AHerden, uid 512 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user HessW, uid 513 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user KHuebner, uid 514 [2003/12/11 07:38:26, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(438) getsmbfilepwent: returning passwd entry for user DJurzitza, uid 515 [2003/12/11 07:38:26, 4] lib/substitute.c:automount_server(183) Home server: oekalux08 [2003/12/11 07:38:26, 4] lib/substitute.c:automount_server(183) Home server: oekalux08 [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(475) smb_password_ok: Checking SMB password for user DJurzitza [2003/12/11 07:38:26, 5] smbd/password.c:smb_password_ok(489) smb_password_ok: challenge received [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(499) smb_password_ok: Checking NT MD4 password [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(504) smb_password_ok: NT MD4 password check failed [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(518) smb_password_ok: Checking LM password [2003/12/11 07:38:26, 4] smbd/password.c:smb_password_ok(523) smb_password_ok: LM password check failed [2003/12/11 07:38:26, 2] smbd/password.c:pass_check_smb(575) pass_check_smb failed - invalid password for user [DJurzitza] [2003/12/11 07:38:26, 2] smbd/reply.c:reply_sesssetup_and_X(997) NT Password did not
[Samba] Re: access controls on shares
yeap, I'm talking about ACLs on files and directories, I'm using ext3 file system with acls and quotas, and works really fine. BuSab [EMAIL PROTECTED] 12/12/03 06:04am le Thu, 11 Dec 2003 15:03:35 -0300, Leandro Ariel Gomez Chavarria [EMAIL PROTECTED] wrote : I solve this using the option admin users in shares, like that: [Finances] path = /Groups/Finances valid users = @DOMAIN+Finances admin users = @DOMAIN+Domain Admins Everyone who belongs to the Finances group can access the share, but can't modify acls from windows, but, everyone who belongs to the Domain Admins group can modify acls without problem, if you look in the smbstatus the connection is made by root. It don't work for me. Are you talking about share ACLs or ACLs on files and directories? -- busab -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: access controls on shares
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 BuSab wrote: | you must create a local Samba account for | root. Only root | | How do you that? With guest account = root? No. That's pretty much the most insecure thing you could ever do. I mean run 'pdbedit -a root' and then connect to the Samba box as root (net use \\server /user:root). - -- ciao, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2crXIR7qMdg1EfYRAmqRAJ4/QKWMpPCp7vB4taZxkAA0WDaqgACfdvYI o0tmS+dq08XpELJu3rBe4HM= =r/lN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tall tale of woe....
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ross McInnes (Systems) wrote: | When and if it happens again i will try and get an strace | im assuming its simply strace -p PID | does it log the results somewhere? or do i to a log file? | was thinking just in case it was a lot of information. It logs to stdout. | Are you servning printers by chance? If so have you | set 'disable spoolss = yes' ? I've seen high CPU utilization | cases in relation to this param. | | yes i am serving printers.. ive just checked the config | and i dont have 'disable spoolss = yes' I think the key will be figuring out which tdb the runaway smbd is reading. | use mii-tool and check the duplex settings. And any | hardware can have problem no matter what the price tag | says :-) Chgeck you routers. Maybe they are getting | overloaded or are dropping packets. | | Ah, yes network traffic. i ran mii-tool and it reports | eth0: negotiated 100baseTx-FD flow-control, link ok | | However, its a GB card and acording to the switch linked at a GB. im | hoping mii-tool is wrong. Probably. Does ifconfig show an abnormal amount of errors? If not, then you are probably ok wrt duplex settings, et. al. And to clarify, when the smbd starts sucking up CPU, check to which client it is connected to and look at the traffic pattern from that client to see if the smbd process is doing real work on behalf of the client. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2czDIR7qMdg1EfYRArbGAJ48JseuqNzY56LSLB95ER63P4NslgCfTd7n YZ5Bg3WeSzn4Z4PFyai8fWk= =8Cd8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Trust on ADS.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gaurang Pandya wrote: | Hi Jerry, | | Here is the output for debug level 10. Though there | are so many things there (ofcourse) I am pasting only | few line which I think will give you clue. If you need | any more of those please tel me. | | rpc_api_pipe: len left: 0 smbtrans read: 48 | rpc_api_pipe: fragment first and last both set | 18 samr_io_r_connect | 18 smb_io_pol_hnd connect_pol | 0018 data1: | 001c data2: | 0020 data3: | 0022 data4: | 0024 data5: 00 00 00 00 00 00 00 00 | 002c status: NT_STATUS_ACCESS_DENIED | refresh_sequence_number: backend returned 0xc022 | refresh_sequence_number: seq number is now -1 | client_write: wrote 1304 bytes. | client_write: need to write 38 extra data bytes. | client_write: wrote 38 bytes. | client_write: client_write: complete response written. | read failed on sock 11, pid 939: EOF Yup. This is the problem. This is a native mode domain right? You need to give winbindd a username/pw pair to connect to the DC since the domain policy has been set to disallow anonymous access to the SAMR pipe. The other option is to upgrade to 3.0 which works around this both in security = domain and security = ads modes but either using cached user information from the net_samlogon() reply or by using the kerberos ticket for the machine account to connect to any 2k trusted DC's. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2c21IR7qMdg1EfYRAqI7AJ0SzzUfBfVIW1bLNGlMWXakrp64KACgnY/X p2R6s+bi4MU8m7U/Mn3NNfY= =2KjU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Trust on ADS.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gaurang Pandya wrote: | By the way I tried configuring samba 3.0.0 with | following options | | --with-smbwrapper --with-ads --with-automount | --with-pam --with-pam_smbpass --with-ldapsam | --with-winbind --with-included-popt | | but got few errors/warnings in between and finally it | stopped like this.. | | configure: error: Active Directory Support requires | LDAP support | | though I have openldap installed. Look at config.log and see why the LDAP tests failed. That's the best place to start. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2c4nIR7qMdg1EfYRAksSAJ9v6HCCJ+iHfEl6RON4kA4Ood9LuQCZAbiX 5o2rxs19B6Urbnamt6cMr5I= =LPMs -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Using Samba to Mount User Shares as Linux Home Dirs?
I'm trying to get a linux machine integrated into an all-Windows network. Following the instructions of the *wonderful* Official Samba-3 HOWTO, I was able to get the machine to authenticate with the ADS. I can also allow domain users to log into the linux machine. What I would like to do now is have a way for the users' network share/home directory in the window environment to be magically available to them on this linux box. What seemed to be a pretty straightforward task has turned out to be very difficult. In the windows environment, the users have a directory below //servername/Users (//servername/Users/swheatley would be my directory). I have read in previous postings that mounting subdirectories is not in the SMB spec and have since resigned myself to having to share individual user directories. If anybody knows of a better way of doing this, I would love to hear it. So now I'm looking for a way to: 1) Create a directory on the linux box if one doesn't exist already (SOLVED: using pam_mkhomedir) 2) Mount the user's windows directory in a subdir called winhome 3) Make symbolic links to key directories (My Documents) in the linux home dir #2 is the stumper here. Is there any way, short of writing my own PAM, to have the user's windows directory automatically mounted to winhome when they log in? Mount complains that it does not have permissions to run that the user must be root. I can't decide what the best parameters in /etc/sudoers should be to allow for this to happen. I guess once that is solved, it should be trivial to add the mount command to a login script. Any help would be greatly appreciated. Thanks, Shawn __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about groups in ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tilo Lutz wrote: | Is it possible to use different groups with the | same well known SID or is a well known SID only | allowed once? Nope. SIDs should appear only once. | Is it allowed to uses spaces in groupnames, e.g. | domain admins? Afaik groups with spaces are | not posix conform. They normally work. Really is OS dependent (libc) I think. | In Samba-Developers-Guide.pdf included with samba 3.0 | page 72f. In the document well known groups have | special names starting with DOMAIN_. Can Windows clients | recognize these names and translate them into localized | groupnames, like user or power users in english and | Benutzer and Hauptbenutzer in german? That reference in the PDF file is a #define for the well known rids. You can setup a group mapping entry using whatever name you wish. - -- cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2dC+IR7qMdg1EfYRAk0PAJ0Vvy0I7paMeVrPg4NWjHoDKVJppgCfZ3cT eKcW8xLX6l9VATea3hvufFI= =3pqe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: access controls on shares
le Fri, 12 Dec 2003 10:12:41 -0300, Leandro Ariel Gomez Chavarria [EMAIL PROTECTED] wrote : yeap, I'm talking about ACLs on files and directories, I'm using ext3 file system with acls and quotas, and works really fine. I've used it, but I need to compil the kernel, and i prefer use the standart kernel from debian, to make the update easier. moreover, shares ACLs are all i need. -- busab -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure error with --enable-dmalloc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ww m-pubsyssamba wrote: | Hi list, | | I'm trying to compile samba 3.0.1 rc1 with --enable-dmalloc | switch because I have been asked to provide more information on | a winbindd panic on a Solaris server. However the configure | fails with the error shown below, | | config.status: creating include/config.h | Note: The dmalloc debug library will be included. To turn it on use | ./configure: command substitution: line 3: syntax error: unexpected end of file | ./configure: command substitution: line 3: syntax error: unexpected end of file Should be ~ Note: The dmalloc debug library will be included. To turn it on use ~ $ eval \DMALLOC_OPTIONS=debug=0x20401c0b ~ export DMALLOC_OPTIONS. I have seen a lot of errors on Solaris lately due to /usr/usb being listed in the $PATH before /bin /usr/bin. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2dLkIR7qMdg1EfYRAvXvAKC4aBPWO+Z4ufw2StYC6AtxXo21JACggLwC tpNg0ZkInqW5An1KWQBFF0A= =/Cc0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: S3 domain member shares won't authorize secondary groups, only for W98
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jérôme Fenal wrote: | Hi list, | | Last message on the topic is long so I won't reproduce it | here. You can still read it at : | http://marc.theaimsgroup.com/?l=sambam=107099931908523w=2. | | I have more news on this front. | | I made level 10 logs from win98 with samba 3.0.1rc2 | and 2.2.8a. It seems that 2.2.8a converts the usename | given by win98 to lowercase, which in turn makes unix return | all the groups of the unix user : ... | Something funnier (but normal as SIDs come from the SMB | wire, and Unix's come from local PAM) : samba get the | secondary group SIDs, but not the Unix ones. Excellent deduction! Really good work. I've opened a bug report at ~ https://bugzilla.samba.org/show_bug.cgi?id=882 We'll work on fixing this, but it will be post 3.0.1 I'm afraid. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2dVsIR7qMdg1EfYRAoASAKDj4w7NSYIPQeqAQkQWe6A9Vo98oQCdEEOL cyvNdchGQ7YNEmb7d3rHKrY= =INa8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] CHMODded group directories don't keep their attributes
I have Samba 2.2.8 on Mandrake 9.2, and have successfully been able to create a folder that grants browse and write permissions to an NT group. But I had to go about it the weird way; after I proved that this user could browse the share (and that a person not in the group couldn't), I noticed that my group member couldn't write to the share. I experimented with different CHMOD things, and eventually settled on 777 (since I proved that no one outside the group could get in, and everyone in the group needs rwx anyway). All is great. Then I had to shut down the computer. I brought it back up, and noticed that my CHMOD setting went away for the aforementioned folder, back to -rwxrw-rw- (IIRC, this was a week ago, and I paid it little attention then). Is this one of those clunky things like when I have to re-add nets to the routing table after restart? I need to know this if I go production with this box. Help is appreciated. Oh, and someone here said your replies were going to me instead of the list, and I should have that corrected. Thanks! Eric Geater Network Administrator MSCO, Inc. 731-935-8538 731-431-3742 egeater at mscoinc dot com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 and krb5 tickets.
Same problem. I have been with it for weeks. I can connect using IP address from the Win2k clients however with the netbios name I get the error. Someone has told me today that this was solved in the new release samba-3.0.1rc2-1 , however I've already tested it and I still have the same problem. Please any more clues. Thanks, Fernando. On Fri, 2003-12-12 at 00:26, Tim Jordan wrote: I'm getting same error about encryption ... I have taken Tom's lead and have provided the output below. Is there a certain version of krb5 that we should be running? [EMAIL PROTECTED] tim]# smbd3 --version Version 3.0.1pre3 [EMAIL PROTECTED] tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND KRB5_BRAND: krb5-1-3-final 1.3 20030708 I'm running Mandrake 9.2 Thank You Samba Team! Tim On Thu, 2003-12-11 at 13:59, Tom Dickson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OK. I've done some more research, and here's what I get. smbd --version Version 3.0.0 strings libkrb5.so.3.2 | grep BRAND KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730 Everything seems to work, but trying to access the Samba server results in: [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) ~ Failed to verify incoming ticket! [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109) ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE This is the same error you get if you're running the wrong KRB5 libs, but I've the right ones. The windows 2000 machine is 5.00.2195 Windows 2000 clients connect to the ADS server fine, and will connect to the Samba server if you enter Username/Password. The 2000 server cannot connect to the Samba machine at all, even with the right username/pass. Is there a magic registry setting I'm missing? I've changed the Administrator password at least once. - -Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO F9F+8BTOPIyoybZBYIlCouU= =94FA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] configure error with --enable-dmalloc
Hi Gerry list, I assume you mean /usr/ucb as I have no /usr/usb directory, however /usr/ucb or /usr/usb are not in my PATH at all and when I tried a configure with /usr/ucb listed at the end of my PATH I still get exactly the same error, thanks Andy. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Posted At: 12 December 2003 14:38 Posted To: Samba Conversation: [Samba] configure error with --enable-dmalloc Subject: Re: [Samba] configure error with --enable-dmalloc -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ww m-pubsyssamba wrote: | Hi list, | | I'm trying to compile samba 3.0.1 rc1 with --enable-dmalloc | switch because I have been asked to provide more information on | a winbindd panic on a Solaris server. However the configure | fails with the error shown below, | | config.status: creating include/config.h | Note: The dmalloc debug library will be included. To turn it on use | ./configure: command substitution: line 3: syntax error: unexpected end of file | ./configure: command substitution: line 3: syntax error: unexpected end of file Should be ~ Note: The dmalloc debug library will be included. To turn it on use ~ $ eval \DMALLOC_OPTIONS=debug=0x20401c0b ~ export DMALLOC_OPTIONS. I have seen a lot of errors on Solaris lately due to /usr/usb being listed in the $PATH before /bin /usr/bin. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2dLkIR7qMdg1EfYRAvXvAKC4aBPWO+Z4ufw2StYC6AtxXo21JACggLwC tpNg0ZkInqW5An1KWQBFF0A= =/Cc0 -END PGP SIGNATURE- BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Looking for patch for Stack-based buffer overflow where?
To All: I need to find the Samba patch for the stack-based buffer overflow. I'm running Samba version 2.2.2. Thanks for your help, Ron -- -- *** Ron Rough Lockheed Martin Technology Services Systems Administrator Department 221 RAIF Dryden Flight Research Center Phone: (661) 276-7513 Fax: (661) 276-2792 *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba
Gillian Hay wrote: Dear sir/Madam, I understand that SAMBA is used when converting UNIX systems - Microsoft systems. I am currently studying at university and as part of my module, we were given a hypothetical situation which we were to solve.This hypothetical company are currently using the UNIX operating system and we were wanting to change them to Microsoft. We understand that they could lose their work due to this change. Even hypothetical, a company that *WANTS* to switch to MSdoes this not make sense to anyone else? ;) Could you please inform me of the cost of this transversion for one PC and any training that would be required. Samba is really used to integrate a UNIX system into an existing MS network. If you are moving to an all MS network, there is no reason for Samba. You could use Samba if you planned a slow transition and wanted to still store your data on UNIX servers and have it accessible by people using Windows workstations. The cost of this transition on one PC would be about $300 for the Windows license ;) As for training, the only people that would need to learn to use Samba are the System Administrators. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] CUPS + SAMBA3 +attempt_nebios_session_request:
Hello everyone, When anyone of my users prints to a CUPS printer shared on a SAMBA 3 I get the following error in the log of the machine creating the printjob. I am running the following software SAMBA-3.0.1rc2 and CUPS-1.1.17-13 with the following config: [global] ... printing = cups . [printers] comment = All Printers path = /var/spool/samba printer admin = @it guest ok = Yes printable = Yes use client driver = Yes browseable = No Cups printers are RAW Printers. [2003/12/12 08:57:32, 0] libsmb/cliconnect.c:attempt_netbios_session_request(1496) attempt_netbios_session_request: AJENSEN rejected the session for name *SMBSERVER with error Called name not present [2003/12/12 08:57:32, 0] rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2595) spoolss_connect_to_client: machine AJENSEN rejected the NetBIOS session request. [2003/12/12 08:57:32, 0] libsmb/cliconnect.c:attempt_netbios_session_request(1496) attempt_netbios_session_request: AJENSEN rejected the session for name *SMBSERVER with error Called name not present [2003/12/12 08:57:32, 0] rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2595) spoolss_connect_to_client: machine AJENSEN rejected the NetBIOS session request. [2003/12/12 08:57:32, 0] libsmb/cliconnect.c:attempt_netbios_session_request(1496) attempt_netbios_session_request: AJENSEN rejected the session for name *SMBSERVER with error Called name not present [2003/12/12 08:57:32, 0] rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2595) spoolss_connect_to_client: machine AJENSEN rejected the NetBIOS session request. [2003/12/12 08:57:32, 0] libsmb/cliconnect.c:attempt_netbios_session_request(1496) attempt_netbios_session_request: AJENSEN rejected the session for name *SMBSERVER with error Called name not present [2003/12/12 08:57:32, 0] rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2595) spoolss_connect_to_client: machine AJENSEN rejected the NetBIOS session request. [2003/12/12 08:57:32, 0] libsmb/cliconnect.c:attempt_netbios_session_request(1496) attempt_netbios_session_request: AJENSEN rejected the session for name *SMBSERVER with error Called name not present [2003/12/12 08:57:32, 0] rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2595) spoolss_connect_to_client: machine AJENSEN rejected the NetBIOS session request. Thanks in advance, Spencer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3/ldap/net groupmap fails
thanks for responding. scroll down for response On Fri, 2003-12-12 at 03:25, Beast wrote: Friday, December 12, 2003, 6:17:30 AM, John wrote: I don't understand why it is like this... Fabien are you suggesting this may be a problem with samba3? because i've been trying to resolve this issue for several days now, thinking there must be a problem with our ldap setup. somehow, it seems strange that this could be a problem with samba. we thought that perhaps samba didn't like something in our ldap. surely others are able to get the ntgroups to show correctly with ldapsam as the first backendotherwise, no one would have a working samba3/ldap setup. putting tdpsam as the first backend allows for ntgroups, but since we don't use it, none of our profiles load if we do this. users get stuck with temp profiles. this is driving me bonkers:-) Hi, 1. you must create group mapping manually. 2. unix group you've assigning to Domain Admins MUST be in ldap (not in /etc/group). the unix group *does* exist in ldap. i've attempted groupmapping with the correct syntax, and always get something like this: 2003/12/12 11:22:01, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1769) ldapsam_getgroup: Did not find group [2003/12/12 11:22:01, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1624) ldapsam_search_one_group: searching for:[((objectClass=posixGroup)(gidNumber=600))] adding entry for group Domain Admins failed! [2003/12/12 11:22:01, 2] utils/net.c:main(758) return code = -1 unfortunately, i'm no further ahead. your suggestion is much appreciated, though. thank you. --john ie. root# net groupmap modify rid=512 -d1 ntgroup=Domain Admins unixgroup=domadmin the domadmin group must be stored in ldap, not /etc/group. i found lot of typo or incorrect info in smb howto collection, i've ordering the printable version on amazon, hopefully it has different content than the online version. --john --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about groups in ldap
Am Fr, 2003-12-12 um 15.29 schrieb Gerald (Jerry) Carter: Tilo Lutz wrote: | In Samba-Developers-Guide.pdf included with samba 3.0 | page 72f. In the document well known groups have | special names starting with DOMAIN_. Can Windows clients | recognize these names and translate them into localized | groupnames, like user or power users in english and | Benutzer and Hauptbenutzer in german? That reference in the PDF file is a #define for the well known rids. You can setup a group mapping entry using whatever name you wish. How does MS handle this? If I have an english server with the well known group users and a german client. Will the groupname translated into Benutzer? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] making file hidden
I'm running Samba 3.0.0. I have some files in a directory that is shared by Samba that I want to appear hidden to Windows. How can I do this from the Linux side? -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Forcing Users to change passwords.
On Fri, 12 Dec 2003, Todd O'Bryan wrote: Does anyone know of an add-on you can use with a Windows domain to check the security of the password before it allows a change? With a terminal server system I had, the server complained if the password was too close to a dictionary word, too close to the student login, 7 digits (i.e., looked like a phone number), etc. I'm sure my students (I teach high school, too) have picked really bad passwords, too, but I have no good way to enforce the picking of good ones. I wouldn't worry about that: My students either forget their passwords automatically after 90 days or they tell them their 15 best friends. The only real security problem are my colleagues: they write them on the cover of their calendars. Better watch out which permissions you give to whom. Regards, Uli. Todd On Dec 12, 2003, at 3:30 AM, Ross McInnes (Systems) wrote: i totally agree. unfortunatly my user base is mostly 16-18 year olds. getting them to put anything other than thier football team, phone number or boyfriend/girlfriend's name is quite a task in it self. Many Thanks Ross McInnes On Wed, 10 Dec 2003, Todd O'Bryan wrote: What's the latest research on this? I heard it's better to make users pick something secure and stick with it, because if you force people to change, they're likely to pick less secure passwords and do stupid things with them, like write them down or something. Changing every 3 months doesn't seem terrible, but it's still a big pain. Todd O'Bryan On Dec 10, 2003, at 8:28 AM, Ross McInnes (Systems) wrote: Recently we were audited and as part of that they looked at our systems and policies etc and produced a report. As part of that report they mentioned about forcing users to change thier passwords every 90 days or so. They also mentioned about disabling accounts after 3 login attempts. Im pretty sure both can be done on NT, but id rather stick with rh and samba thanks ever so much. Can samba does these things? even if its a tinkering kind of job? Many thanks Ross McInnes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure error with --enable-dmalloc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ww m-pubsyssamba wrote: Hi Gerry list, I assume you mean /usr/ucb as I have no /usr/usb Yeah. Sorry. typo. directory, however /usr/ucb or /usr/usb are not in my PATH at all and when I tried a configure with /usr/ucb listed at the end of my PATH I still get exactly the same error, Check for any errors list at the end of config.log.or maybe run sh -x configure other options herer to see what configure is actually exectuting at the end. - -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2egOIR7qMdg1EfYRAuUyAKDOi+RVrzu0H9Am6ZFLPA55phppcQCfeGMQ yq2X4l+6qDiEzyUtNFw/Gp0= =zD1e -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Using Samba to Mount User Shares as Linux Home Dirs?
Shawn Wheatley wrote: 2) Mount the user's windows directory in a subdir called winhome $ sudo mount -t smbfs //Server/users /mnt/allusers $ ln -s /mnt/allusers/me winhome 3) Make symbolic links to key directories (My Documents) in the linux home dir following the above pattern, this answer is just a variation on the theme. HTH Kevin Fries -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS + SAMBA3 +attempt_nebios_session_request:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Spencer wrote: When anyone of my users prints to a CUPS printer shared on a SAMBA 3 I get the following error in the log of the machine creating the printjob. I am running the following software SAMBA-3.0.1rc2 and CUPS-1.1.17-13 with the following config: [global] ... printing = cups . [printers] comment = All Printers path = /var/spool/samba printer admin = @it guest ok = Yes printable = Yes use client driver = Yes browseable = No Cups printers are RAW Printers. rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2595) spoolss_connect_to_client: machine AJENSEN rejected the NetBIOS session request. This is for the print change notify backchannel. Either you have disabled the server service on the clients or perhaps have the XP firewall enabled. - -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2fCQIR7qMdg1EfYRAgNcAKCRf5EIJiAq21wQkGrA8f1p/hS0NwCfSlBK 8254yavHyOCcqqBHG0BV9+M= =J+Oa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba3/ldap/net groupmap fails
Fabien Chevalier wrote: We use samba3+openldap 2.1 correctly. net groupmapping also works correctly. Are your samba.schema is up to date? What is the ldap version? In my case i use OpenLDAP 2.1.23, with Samba 3.0.0 schemas. 'net groupmapping' works fine except you don't have default mappings when using an ldap backend as first backend, i.e.: with passwd backend = tdbsam ldapsam_compat://... Samba 3 schema and ldapsam_compat ?? Are you sure that your directory is used by Samba ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS + SAMBA3 +attempt_nebios_session_request:
use client driver = Yes can cause problems, try again without it for testing - Original Message - From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: Spencer [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 5:45 PM Subject: Re: [Samba] CUPS + SAMBA3 +attempt_nebios_session_request: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Spencer wrote: When anyone of my users prints to a CUPS printer shared on a SAMBA 3 I get the following error in the log of the machine creating the printjob. I am running the following software SAMBA-3.0.1rc2 and CUPS-1.1.17-13 with the following config: [global] ... printing = cups . [printers] comment = All Printers path = /var/spool/samba printer admin = @it guest ok = Yes printable = Yes use client driver = Yes browseable = No Cups printers are RAW Printers. rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2595) spoolss_connect_to_client: machine AJENSEN rejected the NetBIOS session request. This is for the print change notify backchannel. Either you have disabled the server service on the clients or perhaps have the XP firewall enabled. - -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2fCQIR7qMdg1EfYRAgNcAKCRf5EIJiAq21wQkGrA8f1p/hS0NwCfSlBK 8254yavHyOCcqqBHG0BV9+M= =J+Oa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Dual Interface
The big question is, has anyone seen any howtos or documentation on setting a samba server to act as two samba servers, one configured as a PDC and the other configured with only public shares (restricted by IP not UID) I don't see any reason why you couldn't do that, as long as you had two instances of samba running, each with it's own seperate config. The only thing I was concerned about was items such as locking files, semaphores, named pipes, and the such. Some programs do not like to have their core run twice. That is why I got nervous when it was not mentioned in the documents. I would love to hear from someone that has actually run this configuration in production, or failed in attempting it. The only thing I'm not sure about is if you can share the same data, since that might lead to data corruption. Not an issue. The machines right now are logically independent. I am only putting them together on one machine physically so that I can rebuild the PDC during production hours and not have to spend time over night. They would never serve the same data. As a matter of fact, my goal was to place all the data from the old PDC on a removable HD, and then just plug that drive into the dev box. This way, when I go to move the data back, I will simply move the removable, get the service up, then worry about moving it to the faster raid. So, the data served by the PDC instance will never physically reside on the temporary machine. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Setting Installable Options on printers for clients
I'm running Debian GNU/Linux with Samba 3.0 (package from unstable/sid). I've read the documentation and understand there is a difference between the behavior of Printing defaults under the Advanced tab and that of the Device Settings tab when viewing/setting queue properties for clients. Minus one exception, it behaves as documented here: http://samba.org/samba/docs/man/printing.html#id2931215 It states: Do you see any difference in the two settings dialogs? I do not either. However, it is different for me, one example being the HP 8000 PS driver. The settings I can change and have affect clients (such as orientation, and it works fine) do not include Installable Options such as Duplex units and additional trays. Changing such options can only be performed as a print admin and only affect the local settings, not the server. Is there a way to configure all device modes? Using tdbtool/dump I can see these options in ntprinters.tdb, but how to change them? I'm fine if I could use some utility server side to do this even, the MS GUI is not necessary. Currently the only way I've found to change this behavior is to change the default values in the PPD file stored on the server. The obvious downside is that every printer that shares the same PPD file will have the same installed options (duplexer, additional trays, etc.), even though it may not. I'm hoping for a better solution to this. Also, slightly less critical, yet annoying. If I remove a printer from both the printcap and the smb.conf, it is still available but shows an Error status. I cannot remove it, even if I add it back to both the printcap and smb.conf file temporarily. Any insight is appreciated. I've been a UNIX administrator for years and am capable and available to assist with any debugging/fixing of these problem as well. Thanks, Dennis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba3/ldap/net groupmap fails
Beast wrote: Friday, December 12, 2003, 6:17:30 AM, John wrote: I don't understand why it is like this... Fabien are you suggesting this may be a problem with samba3? because i've been trying to resolve this issue for several days now, thinking there must be a problem with our ldap setup. somehow, it seems strange that this could be a problem with samba. we thought that perhaps samba didn't like something in our ldap. surely others are able to get the ntgroups to show correctly with ldapsam as the first backendotherwise, no one would have a working samba3/ldap setup. I'm using LDAP only (S3 schema), and domain groups won't work as expected. Can someone confirm that it works in a pure tdbsam setup? (asking twice never hurts ;-) putting tdpsam as the first backend allows for ntgroups, but since we don't use it, none of our profiles load if we do this. users get stuck with temp profiles. this is driving me bonkers:-) Hi, 1. you must create group mapping manually. 2. unix group you've assigning to Domain Admins MUST be in ldap (not in /etc/group). ie. root# net groupmap modify rid=512 -d1 ntgroup=Domain Admins unixgroup=domadmin the domadmin group must be stored in ldap, not /etc/group. This is also what I've done here, eg. creating a Posix account only in LDAP, then creating with « net groupmap » command the aliasing. I end up with the following LDAP entry : dn: cn=domadmin, ou=Group, dc=domain,dc=com gidNumber: 512 memberUid: jerome,admin-jfenal objectClass: posixGroup,sambaGroupMapping cn: domadmin sambaSID: S-1-5-21-1150874807-1180408084-429402335-512 sambaGroupType: 2 displayName: Domain Admins description: Local Unix group But samba does not look at the RID=512 when needing to give admin rights: [2003/12/12 17:58:53, 10] lib/util_seaccess.c:se_access_check(234) se_access_check: requested access 0x000601bf, for NT token with 9 entries and first sid S-1-5-21-1150874807-1180408084-429402335-3000. [2003/12/12 17:58:53, 3] lib/util_seaccess.c:se_access_check(251) [2003/12/12 17:58:53, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1150874807-1180408084-429402335-3000 se_access_check: also S-1-5-21-1150874807-1180408084-429402335-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1150874807-1180408084-429402335-513 se_access_check: also S-1-5-21-1150874807-1180408084-429402335-550 se_access_check: also S-1-5-21-1150874807-1180408084-429402335-1207 se_access_check: also S-1-5-21-1150874807-1180408084-429402335-1205 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 2035b, current desired = 601bf se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f07ff, current desired = 400a4 se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-548 mask = f07ff, current desired = 400a4 se_access_check: ACE 3: type 0, flags = 0x00, SID = S-1-5-21-1150874807-1180408084-429402335-3000 mask = 20044, current desired = 400a4 [2003/12/12 17:58:53, 5] lib/util_seaccess.c:se_access_check(315) se_access_check: access (601bf) denied. [2003/12/12 17:58:53, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_user: ACCESS DENIED (requested: 0x000601bf) This log excerpt is generated by clicking on an entry in USRMGR.EXE. I still can use USRMGR with an account mapped to root (although with some glitches : I have to navigate through error popups, and insist on things getting done despite errors messages, but the job is mostly done). When I'm at it, in USRMGR, when you change the primary group of a user, only the sambaPrimaryGroupSID is change, not the gidNumber as one would expect. Not to say that I'm trying to do Unix admin with NT tool, but, hey, one can try... ;-) Or maybe I should try lastest IdealX script (I'm using 0.8.1) before saying anything... i found lot of typo or incorrect info in smb howto collection, i've ordering the printable version on amazon, hopefully it has different content than the online version. Yeah, I guess I had to guess many entries. But hopefully it is *as it should be*. Nevertheless, can anybody confirm me that the LDIF in this mail *really* defines the domain admin group ? That the « domain admin » group is defined by rid=512 ? Regards, Jérôme -- Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre Groupe Expert Managed Services - LogicaCMG France http://www.logicacmg.com/fr/ - mailto:jerome.fenal AT logicacmg.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS + SAMBA3 +attempt_nebios_session_request:
That was exactly the problem, in my haste in removing Novell from the users machine I must have removed file and printer sharing as well which provides the server service. Thank You Jerry. I have one more error that only happened when I upgraded to SAMBA-3.0.1rc2. Usually I remember seeing files under /var/cache/samba. There is nothing there now. And I am receiving the following error in my machine logs: [2003/12/12 09:52:58, 0] groupdb/mapping.c:init_group_mapping(139) Failed to open group mapping database [2003/12/12 09:52:58, 0] groupdb/mapping.c:get_group_from_gid(655) failed to initialize group mappingFailed to open group mapping database [2003/12/12 09:52:58, 0] groupdb/mapping.c:get_group_from_gid(655) failed to initialize group mappingFailed to open group mapping database [2003/12/12 09:52:58, 0] groupdb/mapping.c:get_group_from_gid(655) failed to initialize group mappingget_alias_user_groups: gid of user ajensen doesn't exist. Check your /etc/passwd and /etc/group files [2003/12/12 09:53:01, 1] smbd/service.c:make_connection_snum(705) All of my groups are defined in LDAP, including my SAMBA Group Mappings. I am thinking it has something to do with the missing files under /var/cache/samba. Can anyone help me out? Thanks, Spencer Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Spencer wrote: When anyone of my users prints to a CUPS printer shared on a SAMBA 3 I get the following error in the log of the machine creating the printjob. I am running the following software SAMBA-3.0.1rc2 and CUPS-1.1.17-13 with the following config: [global] ... printing = cups . [printers] comment = All Printers path = /var/spool/samba printer admin = @it guest ok = Yes printable = Yes use client driver = Yes browseable = No Cups printers are RAW Printers. rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2595) spoolss_connect_to_client: machine AJENSEN rejected the NetBIOS session request. This is for the print change notify backchannel. Either you have disabled the server service on the clients or perhaps have the XP firewall enabled. - -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2fCQIR7qMdg1EfYRAgNcAKCRf5EIJiAq21wQkGrA8f1p/hS0NwCfSlBK 8254yavHyOCcqqBHG0BV9+M= =J+Oa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Troubles joining a samba 3.0.1rc1 + LDAP domain
I am getting a bad username or password error when I try to logon to the domain from a windows 2000 server. I can't find anything wrong with my config and I'm using a root user that is in the directory with the uid and gid set to 0. The only thing I see in the logs is something about incorrect password length, but I checked that my passwords are encrypted and I can access shares as the root user so I know my password and user is working. Any ideas on this? How can I get samba to give me better logging so I can figure out exactly what is going wrong. Thanks, schu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS + SAMBA3 +attempt_nebios_session_request:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Spencer wrote: All of my groups are defined in LDAP, including my SAMBA Group Mappings. I am thinking it has something to do with the missing files under /var/cache/samba. Can anyone help me out? My fault. I moved the files to /var/lib/samba but left this snippet out of the specfile. Thanks for catching this. # # For 3.0.1 we move the tdb files from /var/cache/samba # to /var/lib/samba # for i in /var/cache/samba/*.tdb do if [ -f $i ]; then newname=`echo $i | sed -e's|var\/lock\/samba|var\/lib\/samba|'` echo Moving $i to $newname mv $i $newname fi done cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2f2vIR7qMdg1EfYRAiwEAKDLY2tTVIs2o9003eOuVG1IrP1CBACgqySx 5lM53OkuPxlJwMwIxfFgdTk= =mYB4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Troubles joining a samba 3.0.1rc1 + LDAP domain
Hi I just posted a message about the exact same problem I have with 3.0.1rc1. I just tested RC2 and it doens't fix the problem. For your information, you can obtain better logging by launching samba with the following options : -d 5 -l /var/log -d is the debugging level. -l /var/log creates a log.smbd file in that directoy, personnaly i track problem by using this command : tail -f /var/log/log.smbd |grep -A 20 -B 20 NT_STATUS_ACCESS hth Charles On Fri, 12 Dec 2003 08:29:59 -0900, Matthew Schumacher wrote I am getting a bad username or password error when I try to logon to the domain from a windows 2000 server. I can't find anything wrong with my config and I'm using a root user that is in the directory with the uid and gid set to 0. The only thing I see in the logs is something about incorrect password length, but I checked that my passwords are encrypted and I can access shares as the root user so I know my password and user is working. Any ideas on this? How can I get samba to give me better logging so I can figure out exactly what is going wrong. Thanks, schu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Open WebMail Project (http://openwebmail.org) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 Printing Problems
Repeatedly getting the following error, any help out there for this? I've dug around the internet for several hours with no luck. [2003/12/11 19:51:34, 2] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(268) find_printer_index_by_hnd: Printer handle not found:_spoolss_writeprinter: Invalid handle (OTHER:1583:10554) Running Debian 3.0r1 Samba 3.0 Been getting the same error on the samba 2 releases as well. # Global parameters [global] workgroup = MAJIQ server string = %h server (Samba %v) security = DOMAIN min passwd length = 8 passdb backend = smbpasswd, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 2 log file = /var/log/samba/log.%m max log size = 1000 server signing = auto load printers = No os level = 65 preferred master = No local master = No domain master = No dns proxy = No wins server = 10.65.1.1 ldap ssl = no panic action = /usr/share/samba/panic-action %d invalid users = root map acl inherit = Yes lpq command = lprm command = [nagiosconfig] path = /etc/nagios force user = nagios force group = nagios read only = No [pdfpickup] path = /tmp/pdfpickup force user = pdf force group = pdf read only = No [pdf] path = /tmp guest ok = Yes max print jobs = 10 printable = Yes print command = /usr/local/bin/printpdf %s use client driver = Yes --- Chris Olson Manager, Information Systems TietoEnator Majiq, Inc. E-Mail: [EMAIL PROTECTED] Phone: +1-425-881-7100 Fax: +1-425-881-5084 --- Please note my email address has changed --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with rpcclient
Hello all, I am having a pretty serious problem with rpcclient ... if I try 'enumprinters' at the prompt, i get back rpcclient $ enumprinters cli_pipe: return critical error. Error was NT_STATUS_INVALID_PARAMETER result was NT_STATUS_UNSUCCESSFUL However, enumdrivers works fine. Addriver does not work either, and just returns NT_STATUS_UNSUCCESSFUL ... which means that cupsaddsmb will never work (and indeed it does not). Does anyone have any idea what is going on? This is samba 2.2.8a, cups 1.1.19 Samba is set up as a domain member, there is no root account in the domain either. I am using a account designated as printadmin to try this. I did try adding root just for kicks, but I get the same thing. Does rpcclient works properly when samba is a domain member (the PDC is W2K)? -- initech {huckster AT r00tserverz.net} _|_|_| _|_|_|_|_|_|_|_| _|_|_| _|_|_| _|_| _|_|_|_| _|_| _| _|_| _|_| _|_| _|_|_| _| _|_| _|_| _|_|_|_|_|_| _|_|_|_|_|_|_| _|_| [ Debian GNU/Linux http://www.debian.org ] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error deleteing files through Samba
Hi! I have a problem with Samba. I have post to the mailing list but have gotten no results. Any help would be appreciated: I have a RedHat Linux box running Samba 2.2.5. I have it setup to be a file server and it is shared on my Win2K client as the S: drive. I have thousands of files in a single directory on the Linux box and when I try to delete those files from the Windows share, SOME of the files get deleted and some of them come back with the error The system cannot find the file specified. On top of that, the deletion procedure is VERY slow. For instance, it could take an hour or so to delete 10,000 files. Anyone know what's going on? Here's my config file: - ---smb.conf--- [global] netbios name = SPIDER workgroup = DEN log level = 2 log file = /var/log/samba.log security = share server string = FTP Server hosts allow = 172.16.80. 127. interfaces = 172.16.80.0/24 encrypt passwords = yes smb passwd file = /etc/smbpasswd mangle case = no case sensitive = no guest account = smbguest default case = lower [public] path = /home browseable = yes guest ok = yes read only = no - ---smb.conf--- Matthew -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 and krb5 tickets.
Perhaps we can work together. Jerry mentioned in previous posts about the encryption options if the krb5.conf. The Official Samba How To states: On a Windows 2000 client, try net use * \\server\share. You should be logged in with Kerberos without needing to know a password. If this fails then run klist tickets. Did you get a tecket for the server? Does it have an encryption type of DES-CBC-MD5? Samba can use both DES-CBC-MD5 encryption as well as ARCFOUR-HMAC-MD5 encoding. I went ahead and added the DES-CBC-MD5 encryption to my krb5.conf as Jerry sugested: /etc/krb5.conf: [EMAIL PROTECTED] samba3]# cat /etc/krb5.conf [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = LABOR.AK default_tgs_enctypes = des-cbc-md5 des-cbc-crc default_tkt_enctypes = des-cbc-md5 des-cbc-crc permitted_enctypes = des-cbc-md5 des-cbc-crc dns_lookup_realm = false dns_lookup_kdc = false kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 forwardable = true proxiable = true [realms] LABOR.AK = { kdc = MY-KDC.LABOR.AK:88 admin_server = MY-KDC.LABOR.AK:749 default_domain = LABOR.AK } [domain_realm] .LABOR.AK = LABOR.AK [kdc] profile = /etc/kerberos/krb5kdc/kdc.conf [pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false [login] krb4_convert = false krb4_get_tickets = fals It did change the encryption ticket I'm getting when kinit as my username. Valid starting ExpiresService principal 12/11/03 16:00:49 12/12/03 02:01:00 krbtgt/[EMAIL PROTECTED] renew until 12/12/03 16:00:49, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode with RSA-MD5 Kerberos 4 ticket cache: /tmp/tkt0 Notice I'm getting DES cbc mode with RSA-MD5. This did not solve the underlying problem of being able to view the samba shares from a w2k or xp client. How would I be able to tell if I'm using MIT or Hemidal kerberos? I did get this working on a Gentoo system, so I know it works. Who knows encryption on the list that can adviseanyone? Tim On Fri, 2003-12-12 at 05:18, Fernando Ruza wrote: Same problem. I have been with it for weeks. I can connect using IP address from the Win2k clients however with the netbios name I get the error. Someone has told me today that this was solved in the new release samba-3.0.1rc2-1 , however I've already tested it and I still have the same problem. Please any more clues. Thanks, Fernando. On Fri, 2003-12-12 at 00:26, Tim Jordan wrote: I'm getting same error about encryption ... I have taken Tom's lead and have provided the output below. Is there a certain version of krb5 that we should be running? [EMAIL PROTECTED] tim]# smbd3 --version Version 3.0.1pre3 [EMAIL PROTECTED] tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND KRB5_BRAND: krb5-1-3-final 1.3 20030708 I'm running Mandrake 9.2 Thank You Samba Team! Tim On Thu, 2003-12-11 at 13:59, Tom Dickson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OK. I've done some more research, and here's what I get. smbd --version Version 3.0.0 strings libkrb5.so.3.2 | grep BRAND KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730 Everything seems to work, but trying to access the Samba server results in: [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) ~ Failed to verify incoming ticket! [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109) ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE This is the same error you get if you're running the wrong KRB5 libs, but I've the right ones. The windows 2000 machine is 5.00.2195 Windows 2000 clients connect to the ADS server fine, and will connect to the Samba server if you enter Username/Password. The 2000 server cannot connect to the Samba machine at all, even with the right username/pass. Is there a magic registry setting I'm missing? I've changed the Administrator password at least once. - -Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO F9F+8BTOPIyoybZBYIlCouU= =94FA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] incorrect password length when joining domain, need help
I fixed my problem, This problem started to appear with 3.0.1rc1 ( maybe pre3 too ). I installed RC2 and it did not fix the problem, 3.0.0 works fine! Charles On Fri, 12 Dec 2003 14:01:51 -0500, Charles Hamel wrote Hi I just re-initiated by ldap sam database using smbldap-populate.pl, modified the Administrator account (uid/gid=0). I can join the domain from a Samba 2.2.7 linux machine, it creates the machine account etc... The problem happens with Windows 2000 SP2, It tells me wrong user/password. Here is the samba error : decode_pw_buffer: incorrect password length (-2118884061). Here is the full log : Attempting administrator password change (level 23) for user workstation$ [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(501) decode_pw_buffer: incorrect password length (-2118884061). [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(502) decode_pw_buffer: check that 'encrypt passwords = yes' [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_debug(82) 00 samr_io_r_set_userinfo [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) status: NT_STATUS_ACCESS_DENIED [2003/12/12 13:25:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549) api_rpcTNP: called samr successfully Here is my smb.conf file [global] ADD SCRIPTS add machine script = /usr/local/samba/share/smbldap-useradd.pl -w %u add user script = /usr/local/samba/share/smbldap-useradd.pl %u delete user script = /usr/local/samba/share/smbldap-userdel.pl %u add group script = /usr/local/samba/share/smbldap-groupadd.pl %g delete group script = /usr/local/samba/share/smbldap-groupdel.pl %g add user to group script = /usr/local/samba/share/smbldap- groupmod.pl -m %u %g delete user from group script = /usr/local/samba/share/smbldap-groupmod.pl -x %u %g set primary group script = /usr/local/samba/share/smbldap-usermod.pl -G %g %u null passwords = yes #unix charset = UTF-8 passdb backend = ldapsam:ldap://localhost/ ldap suffix = o=smb,dc=qc,dc=ca ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=root,o=smb,dc=qc,dc=ca guest account = nobody workgroup = LINUX netbios name = PDC comment = Server security = user encrypt passwords = yes logon script = scripts\%U.bat domain logons = Yes os level = 255 preferred master = Yes domain master = Yes #hosts allow = 192.168.0.0/255.255.255.0 share modes = No wins support = Yes [homes] path=/home/domainusers read only = No create mask = 0700 directory mask = 0700 locking = No oplocks = No [netlogon] path = /usr/local/samba/netlogon locking = no read only = yes [profiles] path = /home/domainusers/profiles read only = no writeable = yes create mask = 0600 directory mask = 0700 Here is the LDIF entry of Administrator : dn: uid=Administrator,ou=Users,o=smb,dc=qc,dc=ca cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount uid: Administrator sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaHomePath: \\PDC\homes sambaHomeDrive: U: sambaProfilePath: \\PDC\profiles\ loginShell: /bin/false gecos: Netbios Domain Administrator sambaSID: S-1-5-21-3655003630-1527190663-3647191254-1000 sambaPrimaryGroupSID: S-1-5-21-3655003630-1527190663-3647191254-1001 uidNumber: 0 gidNumber: 0 homeDirectory: / sambaLMPassword: XX (removed) sambaAcctFlags: [U] sambaNTPassword: XX (removed) sambaPwdLastSet: 1071185436 sambaPwdMustChange: 1075073436 userPassword:: XX (removed) I am running Samba 3.0.1rc1 on Redhat 9.0 Please help me Thank you Charles -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Open WebMail Project (http://openwebmail.org) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with rpcclient
Sorry to post 300 lines of junk to the list, but I set debug=9 in rpcclient before running the adddriver command, this is what I get: rpcclient $ adddriver Windows NT x86 n0216-8000-ps:cupsdrvr.dll:n0216-8000-ps.ppd:cupsui.dll:cups.hlp:NULL:RAW:NULL write_socket(4,96) write_socket(4,96) wrote 96 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=27782 smb_uid=100 smb_mid=1 smt_wct=34 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=23296 (0x5B00) smb_vwv[3]=369 (0x171) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_vwv[15]=0 (0x0) smb_vwv[16]=0 (0x0) smb_vwv[17]=0 (0x0) smb_vwv[18]=0 (0x0) smb_vwv[19]=0 (0x0) smb_vwv[20]=0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]=0 (0x0) smb_vwv[23]=0 (0x0) smb_vwv[24]=0 (0x0) smb_vwv[25]=0 (0x0) smb_vwv[26]=0 (0x0) smb_vwv[27]=0 (0x0) smb_vwv[28]=0 (0x0) smb_vwv[29]=0 (0x0) smb_vwv[30]=0 (0x0) smb_vwv[31]=512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]=5 (0x5) smb_bcc=0 Bind RPC Pipe[715b]: \PIPE\spoolss ..+.H` [010] 02 00 00 00 00 smb_io_rpc_hdr hdr major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 000c call_id : 0007 10 smb_io_rpc_hdr_rb 10 smb_io_rpc_hdr_bba 0010 max_tsize: 1630 0012 max_rsize: 1630 0014 assoc_gid: 0018 num_elements: 0001 001c context_id : 001e num_syntaxes: 01 1f smb_io_rpc_iface 0020 data : 12345678 0024 data : 1234 0026 data : abcd 0028 data : ef 00 01 23 45 67 89 ab 0030 version: 0001 34 smb_io_rpc_iface 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 08 00 2b 10 48 60 0044 version: 0002 rpc_api_pipe: cmd:26 fnum:715b size=146 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=16385 smb_tid=1 smb_pid=27782 smb_uid=100 smb_mid=1 smt_wct=16 smb_vwv[0]=0 (0x0) smb_vwv[1]=72 (0x48) smb_vwv[2]=0 (0x0) smb_vwv[3]=72 (0x48) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=74 (0x4A) smb_vwv[11]=72 (0x48) smb_vwv[12]=74 (0x4A) smb_vwv[13]=2 (0x2) smb_vwv[14]=38 (0x26) smb_vwv[15]=29019 (0x715B) smb_bcc=79 write_socket(4,150) write_socket(4,150) wrote 150 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=27782 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=68 (0x44) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=68 (0x44) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=69 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=27782 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=68 (0x44) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=68 (0x44) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=69 rpc_check_hdr: rdata-data_size = 68 00 smb_io_rpc_hdr rpc_hdr major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 000c call_id : 0007 rpc_api_pipe: len left: 0 smbtrans read: 68 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 10 smb_io_rpc_hdr_ba 10 smb_io_rpc_hdr_bba 0010 max_tsize: 1630 0012 max_rsize: 1630 0014 assoc_gid: 53f0 18 smb_io_rpc_addr_str 0018 len: 000e 001a str: \PIPE\spoolss. 28 smb_io_rpc_results 0028 num_results: 01 002c result : 002e reason : 30 smb_io_rpc_iface 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 08 00 2b 10 48 60 0040 version: 0002 bind_rpc_pipe: server pipe_name found: \PIPE\spoolss bind_rpc_pipe: accepted! make_spoolss_q_addprinterdriver 00 spoolss_io_q_addprinterdriver server_name_ptr: 0001 04 smb_io_unistr2 server_name 0004 uni_max_len: 000c 0008 undoc : 000c uni_str_len: 000c 0010 buffer : \.\.L.O.C.A.L.H.O.S.T... 0028 info_level: 0003 2c spool_io_printer_driver_info_level 002c level: 0003 0030 ptr: 0001 34 spool_io_printer_driver_info_level_3 0034
[Samba] 3.0.0 on RH9, throughoutput problems
Greetings, We're deploying a Samba 3.0.0 server running RedHat 9 and having performance problems. The system specs are as follows: -P4 Xeon 2.4ghz -genuine intel server mobo(SE7501BR2) w/one gigabit, one 100baseT interface. Using the gigabit interface with the kernel's e1000 driver. -1GB/ram -four 10k U320 drives, hardware RAID 5 on a Megaraid 320 w/64MB of built-in cache. The shares are off a 200GB reiserfs partition mounted w/noatime. -latest 2.4.20 SMP redhat kernel built for i686 from Redhat 9 updates -latest glibc RPM for i686 Informal testing has shown local data transfer rates in the 100MB/sec ballpark. Bonnie++ shows write speeds of over 50MB/sec for intelligent writes(getc/putc are much worse, 5MB/sec, not sure what that's about, but my desktop gets similar numbers save topping out at 15MB/sec on the intelligent tests). The network is all switched 100BaseT-FD and mostly Win2k with the occasional WinXP box. The three clients I'm testing with are a Win2k box(latest service packs etc) a Mandrake 9.1 box, and a 1Ghz Powerbook G4. Both PCs are at least P3-500 class systems. I'm getting about 6.5-6.7MB/sec read on both systems when pulling down a several hundred MB, cached file. Write performance, at least from my Powerbook G4, is identical(I've done transfers between two powerbooks over a gigabit crossover at over 30MB/sec, so I know the powerbook can push data). When I did a crossover connection to the server, I saw occasional peaks as high as 20MB/sec read and write, but then radical drops to 1-2MB/sec or so for several seconds; it's very inconsistent. It gets better. Start a copy to the server, and both upload and download drop to about 1.2MB/sec. That reeks of a duplex mismatch, but there isn't any. That's not even close to acceptable performance from such a powerful system. I've seen 10+MB/sec at a previous employer with a Netapp F720 filer. Granted, it had 7-8 FC disks- but in this case, it's moot- the file is cached in ram for the read tests. CPU utilization is not an issue; combined system+user time is barely 4-5% during a copy. Network's fine- there are no errors according to ifconfig on both systems, and the card's media interface is correctly set to 100baseT-FD(switch lights match this). I've double-checked all aspects of the interface's configuration, they are correct. By running the box using a direct crossover link and gigabit ethernet, our network's been all but eliminated as the source of the problem. I have tried all manner of socket options, buffer sizes, etc...including all defaults. There has been little to no effect from changing the params. Any suggestions? I'm running out of time to deploy this system... Thanks all, Brett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 and krb5 tickets.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can try running the strings /usr/lib/libkrb5.so.3.2 | grep BRAND command and looking at what you get. 1-3-1 or something is MIT. Also, I'm wondering if the fact that you can connect by IP and not by name indicates that the 2000 server is looking up the name in, say, DNS only and ignoring WINS. Perhaps my WINS server is misconfigured. Well, I have to run Netbench tests, so I just dropped back to NT4 style auth, which works fine for me. - -Tom Tim Jordan wrote: | Perhaps we can work together. Jerry mentioned in previous posts about | the encryption options if the krb5.conf. | The Official Samba How To states: On a Windows 2000 client, try /net | use * \\server\share/. You should be logged in with Kerberos without | needing to know a password. If this fails then run /klist tickets./ | Did you get a tecket for the server? Does it have an encryption type of | DES-CBC-MD5? | | Samba can use both DES-CBC-MD5 encryption as well as ARCFOUR-HMAC-MD5 | encoding. | | I went ahead and added the DES-CBC-MD5 encryption to my krb5.conf as | Jerry sugested: | | /etc/krb5.conf: | |[EMAIL PROTECTED] samba3]# cat /etc/krb5.conf |[logging] | default = FILE:/var/log/kerberos/krb5libs.log | kdc = FILE:/var/log/kerberos/krb5kdc.log | admin_server = FILE:/var/log/kerberos/kadmind.log | |[libdefaults] | ticket_lifetime = 24000 | default_realm = LABOR.AK | default_tgs_enctypes = des-cbc-md5 des-cbc-crc | default_tkt_enctypes = des-cbc-md5 des-cbc-crc | permitted_enctypes = des-cbc-md5 des-cbc-crc | dns_lookup_realm = false | dns_lookup_kdc = false | kdc_req_checksum_type = 2 | checksum_type = 2 | ccache_type = 1 | forwardable = true | proxiable = true | |[realms] | LABOR.AK = { | kdc = MY-KDC.LABOR.AK:88 | admin_server = MY-KDC.LABOR.AK:749 | default_domain = LABOR.AK | } | |[domain_realm] | .LABOR.AK = LABOR.AK | |[kdc] | profile = /etc/kerberos/krb5kdc/kdc.conf | |[pam] | debug = false | ticket_lifetime = 36000 | renew_lifetime = 36000 | forwardable = true | krb4_convert = false | | [login] | krb4_convert = false | krb4_get_tickets = fals | | It did change the encryption ticket I'm getting when /kinit/ as my username. | |Valid starting ExpiresService principal |12/11/03 16:00:49 12/12/03 02:01:00 krbtgt/[EMAIL PROTECTED] |renew until 12/12/03 16:00:49, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode with RSA-MD5 | | |Kerberos 4 ticket cache: /tmp/tkt0 | | Notice I'm getting DES cbc mode with RSA-MD5. | | This did not solve the underlying problem of being able to view the samba shares from a w2k or xp client. | | How would I be able to tell if I'm using MIT or Hemidal kerberos? | | I did get this working on a Gentoo system, so I know it works. | | Who knows encryption on the list that can adviseanyone? | | Tim | | On Fri, 2003-12-12 at 05:18, Fernando Ruza wrote: | |/Same problem. I have been with it for weeks. I can connect using IP |address from the Win2k clients however with the netbios name I get the |error. | |Someone has told me today that this was solved in the new release |samba-3.0.1rc2-1 , however I've already tested it and I still have the |same problem. | |Please any more clues. | |Thanks, | |Fernando. | | |On Fri, 2003-12-12 at 00:26, Tim Jordan wrote: | I'm getting same error about encryption ... | | I have taken Tom's lead and have provided the output below. Is there a | certain version of krb5 that we should be running? | | | [EMAIL PROTECTED] tim]# smbd3 --version | Version 3.0.1pre3 | | [EMAIL PROTECTED] tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND | KRB5_BRAND: krb5-1-3-final 1.3 20030708 | | I'm running Mandrake 9.2 | | Thank You Samba Team! | Tim | | On Thu, 2003-12-11 at 13:59, Tom Dickson wrote: | | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | OK. I've done some more research, and here's what I get. | | smbd --version | Version 3.0.0 | | strings libkrb5.so.3.2 | grep BRAND | KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730 | | Everything seems to work, but trying to access the Samba server results in: | | [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) | ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt | integrity check failed | [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) | ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) | [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) | ~ Failed to verify incoming ticket! | [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109) | ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) | NT_STATUS_LOGON_FAILURE | | This is the same error you get if you're running the wrong KRB5 libs, | but I've the right ones. The windows 2000 machine is 5.00.2195 | | Windows 2000 clients connect to the ADS server fine, and will connect to | the Samba server if you enter Username/Password. The 2000 server cannot |
[Samba] Samba 2.2.8a performance problem
Dear friends, I am having some problems in transferring large files between a linux box (Samba) and a Windows 2000 Professional workstation. When I copy a file (about 150 Mbytes) from Windows 2000 Professional to Linux Box everything is OK, but when copying the same file from the linux box to the Windows 2000, it takes a very long time (and sometimes an error ocurrs: The network resource may be unavailable). Could you have any idea about this kind of problem? Machines details: Linux box: - Pentium III 700 Mhz; - 256 Mb RAM; - 120 Gb HD IDE; - Realtek 8139 network card chip (kernel module 8139too); - Mandrake 9.2 Linux; - Samba 2.2.8a with Winbind; Windows station: - Pentium 4 2.8 GHz HT; - 512 Mb RAM; - 80 Gb HD IDE; - Realtek 8139 network card chip; - Windows 2000 Professional Service Pack 3; Thanks in advance Kelber HYPERLINK mailto:[EMAIL PROTECTED][EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.551 / Virus Database: 343 - Release Date: 11/12/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Looking for patch for Stack-based buffer overflow where?
To All: I need to find the Samba patch for the stack-based buffer overflow. I'm running Samba version 2.2.2. Thanks for your help, Ron -- *** Ron Rough Lockheed Martin Technology Services Systems Administrator Department 221 RAIF Dryden Flight Research Center Phone: (661) 276-7513 Fax: (661) 276-2792 *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] sysconfdir
I compiled samba 3.0.0 with the following configure options: ./configure --prefix=/usr --sysconfdir=/etc/samba --with-privatedir=/etc/ samba/private --with-ldap --with-ads --with-krb5=/usr --with-smbmount --without-sys-quotas The problem is that it seems to disregard the sysconfdir param and looks for the smb.conf file in /usr/lib/. Any help? Thanks Justin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NetBench testing of Samba machines
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm running some netbench tests, and I have some questions I'd like to ask. First, what is the difference between the dm.tst and ent_dm.tst NetBench suites? Second, what results have people been getting with Samba 3.0.0? I'm seeing a peak at 340.00 for ent_dm.tst and 101.00 for dm.tst on a P4 system with 512 MB RAM. Any information would be appreciated. Thank you, Tom Dickson -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2jTn2dxAfYNwANIRAqL7AJ9kPk9V/gtX/NCQcZNqpA8UDitUowCeKJs3 KPmZnH62AO1tV68Hy2Ujr1U= =/dnA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sysconfdir
On Fri, Dec 12, 2003 at 02:32:46PM -0700, Justin B. Kay wrote: I compiled samba 3.0.0 with the following configure options: ./configure --prefix=/usr --sysconfdir=/etc/samba --with-privatedir=/etc/ samba/private --with-ldap --with-ads --with-krb5=/usr --with-smbmount --without-sys-quotas The problem is that it seems to disregard the sysconfdir param and looks for the smb.conf file in /usr/lib/. Any help? Just use the following flag to smbd and nmbd (and winbindd as well) in your startup scripts: -s/etc/samba/smb.conf -- initech {huckster AT r00tserverz.net} _|_|_| _|_|_|_|_|_|_|_| _|_|_| _|_|_| _|_| _|_|_|_| _|_| _| _|_| _|_| _|_| _|_|_| _| _|_| _|_| _|_|_|_|_|_| _|_|_|_|_|_|_| _|_| [ Debian GNU/Linux http://www.debian.org ] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: sysconfdir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin B. Kay wrote: I compiled samba 3.0.0 with the following configure options: ./configure --prefix=/usr --sysconfdir=/etc/samba --with-privatedir=/etc/ samba/private --with-ldap --with-ads --with-krb5=/usr --with-smbmount --without-sys-quotas The problem is that it seems to disregard the sysconfdir param and looks for the smb.conf file in /usr/lib/. Any help? Yeah. I think its a bug in autoconf (or at least non intuitive option). The problem is that --with-fhs is supplying default (even when you don't sepcify it) and you can't override these. I'll look into it some more. Might just be an ordering thing. In the meantime, drop the sysconfdir directove and try just adding - --with-fhs. I think this will give you what you want. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2j9jIR7qMdg1EfYRAvKvAKC/hbsc5YFtMCdUAapJuJ6IZyRggwCcCwxI czFjajWUAH0afKlsw9tXfgo= =Rvxh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Can't access remote server
2934 ?S 0:04 nmbd -D So nmbd is running. That's what've been guessing. But why is it that it is not responding to remote inquiries? Joel Hammer [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] What does ps ax | grep nmbd show on the box you can't connect to? Sometimes nmbd exits if there is an error of some sort or another. Joel On Thu, Dec 11, 2003 at 01:28:35PM -0600, Kent Wang wrote: I've run iptables -L and iptables -t nat -L and there are no settings. I've setup iptables lots of times before so I'm pretty familiar with it. A few things that are bugging me is that I have a smb entry in my /etc/rc.d/init.d but no nmbd entry. Has this been merged into one entry? It doesn't seem like my nmb functionality is actually broken as nmblookup -B webdev.ic2.org __SAMBA__ runs successfully on the server. However, this command when run from a remote machine fails: [EMAIL PROTECTED] kwang]$ nmblookup -B webdev.ic2.org __SAMBA__ querying __SAMBA__ on 128.83.222.87 name_query failed to find name __SAMBA__ DIAGNOSIS.txt has been pretty helpful, but I'm stuck on Test 8. I'm not sure how to fixup the nmbd installation but I've managed to do all the other recommended solutions with no success. Anyway, thanks for your help so far. Kent Wang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] cross vlan browsing / domain authentication
Greetings! I've been on the list for some time, and have recently deployed a samba 3.0.0 server / LDAP backend in order to provide domain authentication and roaming profiles. One question that I have is, when vlans are used, what is the best way to propagate the server across them? If I turn on WINS and use my dhcp server to give the wins information, all the NetBIOS information will flow freely - however, at a school system, the vlans are in place to keep the students from seeing the teacher machines (The see no evil effect). The other way that I know to do this is the lmhosts import on the client machines, and this works nicely but is another step to repeat 1500 times. MS Spams our DDNS with a lot of AD stuff, _ldap_tcp, _kerebos, etc, but samba does not. So, what's the 'preferred' method for announcing the server and hiding the clients cross-subnet? Can we statically add the Samba server with the _ldap, _kerebos, and other SRV listings into our DNS [and it work], or should the lmhosts be the best solution. I'm open to suggestions and ready to really test this beast out! Cheers, Toby Schaefer Nixa R-II School District -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 and krb5 tickets...SOLVED
Browsing is working from my W2K and XP clients to the samba server using kerberos. Samba Server is joined to Active Directory as a Domain Member server. I commented out the following line of my krb5.conf: #permitted_enctypes = des-cbc-crc des-cbc-md5 Make sure these lines are correct: default_tgs_enctypes = des-cbc-crc des-cbc-md5 efault_tkt_enctypes = des-cbc-crc des-cbc-md5 *Make sure to stop and restart smbd, nmbd, and winbindd. These changes did nothing for me until I restarted at least winbindd. I set this up with Mandrake 9.2 using samba3.0.1-0.pre3.2mdk.i586 rpm's from: http://ranger.dnsalias.com/mandrake/9.2/samba-3.0.1/ I'm working on a final write up of my configuration if anyone is interested in creating an Active Directory member server running Samba 3. Thanks to Jeff Jordan with the State of Alaska, Dept. of Labor for lending his Windows expertise! Tim On Fri, 2003-12-12 at 08:07, Tom Dickson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can try running the strings /usr/lib/libkrb5.so.3.2 | grep BRAND command and looking at what you get. 1-3-1 or something is MIT. Also, I'm wondering if the fact that you can connect by IP and not by name indicates that the 2000 server is looking up the name in, say, DNS only and ignoring WINS. Perhaps my WINS server is misconfigured. Well, I have to run Netbench tests, so I just dropped back to NT4 style auth, which works fine for me. - -Tom Tim Jordan wrote: | Perhaps we can work together. Jerry mentioned in previous posts about | the encryption options if the krb5.conf. | The Official Samba How To states: On a Windows 2000 client, try /net | use * \\server\share/. You should be logged in with Kerberos without | needing to know a password. If this fails then run /klist tickets./ | Did you get a tecket for the server? Does it have an encryption type of | DES-CBC-MD5? | | Samba can use both DES-CBC-MD5 encryption as well as ARCFOUR-HMAC-MD5 | encoding. | | I went ahead and added the DES-CBC-MD5 encryption to my krb5.conf as | Jerry sugested: | | /etc/krb5.conf: | |[EMAIL PROTECTED] samba3]# cat /etc/krb5.conf |[logging] | default = FILE:/var/log/kerberos/krb5libs.log | kdc = FILE:/var/log/kerberos/krb5kdc.log | admin_server = FILE:/var/log/kerberos/kadmind.log | |[libdefaults] | ticket_lifetime = 24000 | default_realm = LABOR.AK | default_tgs_enctypes = des-cbc-md5 des-cbc-crc | default_tkt_enctypes = des-cbc-md5 des-cbc-crc | permitted_enctypes = des-cbc-md5 des-cbc-crc | dns_lookup_realm = false | dns_lookup_kdc = false | kdc_req_checksum_type = 2 | checksum_type = 2 | ccache_type = 1 | forwardable = true | proxiable = true | |[realms] | LABOR.AK = { | kdc = MY-KDC.LABOR.AK:88 | admin_server = MY-KDC.LABOR.AK:749 | default_domain = LABOR.AK | } | |[domain_realm] | .LABOR.AK = LABOR.AK | |[kdc] | profile = /etc/kerberos/krb5kdc/kdc.conf | |[pam] | debug = false | ticket_lifetime = 36000 | renew_lifetime = 36000 | forwardable = true | krb4_convert = false | | [login] | krb4_convert = false | krb4_get_tickets = fals | | It did change the encryption ticket I'm getting when /kinit/ as my username. | |Valid starting ExpiresService principal |12/11/03 16:00:49 12/12/03 02:01:00 krbtgt/[EMAIL PROTECTED] |renew until 12/12/03 16:00:49, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode with RSA-MD5 | | |Kerberos 4 ticket cache: /tmp/tkt0 | | Notice I'm getting DES cbc mode with RSA-MD5. | | This did not solve the underlying problem of being able to view the samba shares from a w2k or xp client. | | How would I be able to tell if I'm using MIT or Hemidal kerberos? | | I did get this working on a Gentoo system, so I know it works. | | Who knows encryption on the list that can adviseanyone? | | Tim | | On Fri, 2003-12-12 at 05:18, Fernando Ruza wrote: | |/Same problem. I have been with it for weeks. I can connect using IP |address from the Win2k clients however with the netbios name I get the |error. | |Someone has told me today that this was solved in the new release |samba-3.0.1rc2-1 , however I've already tested it and I still have the |same problem. | |Please any more clues. | |Thanks, | |Fernando. | | |On Fri, 2003-12-12 at 00:26, Tim Jordan wrote: | I'm getting same error about encryption ... | | I have taken Tom's lead and have provided the output below. Is there a | certain version of krb5 that we should be running? | | | [EMAIL PROTECTED] tim]# smbd3 --version | Version 3.0.1pre3 | | [EMAIL PROTECTED] tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND | KRB5_BRAND: krb5-1-3-final 1.3 20030708 | | I'm running Mandrake 9.2 | | Thank You Samba Team! | Tim | | On Thu, 2003-12-11 at 13:59, Tom Dickson wrote: | | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | OK. I've done some more research, and here's what I
RE: [Samba] Windows 2000 and krb5 tickets...SOLVED
Fantastic! On Monday I'll give it a try! -Original Message- From: Tim Jordan [mailto:[EMAIL PROTECTED] Sent: Fri 12/12/2003 20:56 To: Tom Dickson; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] Windows 2000 and krb5 tickets...SOLVED Browsing is working from my W2K and XP clients to the samba server using kerberos. Samba Server is joined to Active Directory as a Domain Member server. I commented out the following line of my krb5.conf: #permitted_enctypes = des-cbc-crc des-cbc-md5 Make sure these lines are correct: default_tgs_enctypes = des-cbc-crc des-cbc-md5 efault_tkt_enctypes = des-cbc-crc des-cbc-md5 *Make sure to stop and restart smbd, nmbd, and winbindd. These changes did nothing for me until I restarted at least winbindd. I set this up with Mandrake 9.2 using samba3.0.1-0.pre3.2mdk.i586 rpm's from: http://ranger.dnsalias.com/mandrake/9.2/samba-3.0.1/ I'm working on a final write up of my configuration if anyone is interested in creating an Active Directory member server running Samba 3. Thanks to Jeff Jordan with the State of Alaska, Dept. of Labor for lending his Windows expertise! Tim On Fri, 2003-12-12 at 08:07, Tom Dickson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can try running the strings /usr/lib/libkrb5.so.3.2 | grep BRAND command and looking at what you get. 1-3-1 or something is MIT. Also, I'm wondering if the fact that you can connect by IP and not by name indicates that the 2000 server is looking up the name in, say, DNS only and ignoring WINS. Perhaps my WINS server is misconfigured. Well, I have to run Netbench tests, so I just dropped back to NT4 style auth, which works fine for me. - -Tom Tim Jordan wrote: | Perhaps we can work together. Jerry mentioned in previous posts about | the encryption options if the krb5.conf. | The Official Samba How To states: On a Windows 2000 client, try /net | use * \\server\share/. You should be logged in with Kerberos without | needing to know a password. If this fails then run /klist tickets./ | Did you get a tecket for the server? Does it have an encryption type of | DES-CBC-MD5? | | Samba can use both DES-CBC-MD5 encryption as well as ARCFOUR-HMAC-MD5 | encoding. | | I went ahead and added the DES-CBC-MD5 encryption to my krb5.conf as | Jerry sugested: | | /etc/krb5.conf: | |[EMAIL PROTECTED] samba3]# cat /etc/krb5.conf |[logging] | default = FILE:/var/log/kerberos/krb5libs.log | kdc = FILE:/var/log/kerberos/krb5kdc.log | admin_server = FILE:/var/log/kerberos/kadmind.log | |[libdefaults] | ticket_lifetime = 24000 | default_realm = LABOR.AK | default_tgs_enctypes = des-cbc-md5 des-cbc-crc | default_tkt_enctypes = des-cbc-md5 des-cbc-crc | permitted_enctypes = des-cbc-md5 des-cbc-crc | dns_lookup_realm = false | dns_lookup_kdc = false | kdc_req_checksum_type = 2 | checksum_type = 2 | ccache_type = 1 | forwardable = true | proxiable = true | |[realms] | LABOR.AK = { | kdc = MY-KDC.LABOR.AK:88 | admin_server = MY-KDC.LABOR.AK:749 | default_domain = LABOR.AK | } | |[domain_realm] | .LABOR.AK = LABOR.AK | |[kdc] | profile = /etc/kerberos/krb5kdc/kdc.conf | |[pam] | debug = false | ticket_lifetime = 36000 | renew_lifetime = 36000 | forwardable = true | krb4_convert = false | | [login] | krb4_convert = false | krb4_get_tickets = fals |
[Samba] incorrect password length when joining domain, need help
Hi I just re-initiated by ldap sam database using smbldap-populate.pl, modified the Administrator account (uid/gid=0). I can join the domain from a Samba 2.2.7 linux machine, it creates the machine account etc... The problem happens with Windows 2000 SP2, It tells me wrong user/password. Here is the samba error : decode_pw_buffer: incorrect password length (-2118884061). Here is the full log : Attempting administrator password change (level 23) for user workstation$ [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(501) decode_pw_buffer: incorrect password length (-2118884061). [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(502) decode_pw_buffer: check that 'encrypt passwords = yes' [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_debug(82) 00 samr_io_r_set_userinfo [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) status: NT_STATUS_ACCESS_DENIED [2003/12/12 13:25:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549) api_rpcTNP: called samr successfully Here is my smb.conf file [global] ADD SCRIPTS add machine script = /usr/local/samba/share/smbldap-useradd.pl -w %u add user script = /usr/local/samba/share/smbldap-useradd.pl %u delete user script = /usr/local/samba/share/smbldap-userdel.pl %u add group script = /usr/local/samba/share/smbldap-groupadd.pl %g delete group script = /usr/local/samba/share/smbldap-groupdel.pl %g add user to group script = /usr/local/samba/share/smbldap-groupmod.pl -m %u %g delete user from group script = /usr/local/samba/share/smbldap-groupmod.pl -x %u %g set primary group script = /usr/local/samba/share/smbldap-usermod.pl -G %g %u null passwords = yes #unix charset = UTF-8 passdb backend = ldapsam:ldap://localhost/ ldap suffix = o=smb,dc=qc,dc=ca ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=root,o=smb,dc=qc,dc=ca guest account = nobody workgroup = LINUX netbios name = PDC comment = Server security = user encrypt passwords = yes logon script = scripts\%U.bat domain logons = Yes os level = 255 preferred master = Yes domain master = Yes #hosts allow = 192.168.0.0/255.255.255.0 share modes = No wins support = Yes [homes] path=/home/domainusers read only = No create mask = 0700 directory mask = 0700 locking = No oplocks = No [netlogon] path = /usr/local/samba/netlogon locking = no read only = yes [profiles] path = /home/domainusers/profiles read only = no writeable = yes create mask = 0600 directory mask = 0700 Here is the LDIF entry of Administrator : dn: uid=Administrator,ou=Users,o=smb,dc=qc,dc=ca cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount uid: Administrator sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaHomePath: \\PDC\homes sambaHomeDrive: U: sambaProfilePath: \\PDC\profiles\ loginShell: /bin/false gecos: Netbios Domain Administrator sambaSID: S-1-5-21-3655003630-1527190663-3647191254-1000 sambaPrimaryGroupSID: S-1-5-21-3655003630-1527190663-3647191254-1001 uidNumber: 0 gidNumber: 0 homeDirectory: / sambaLMPassword: XX (removed) sambaAcctFlags: [U] sambaNTPassword: XX (removed) sambaPwdLastSet: 1071185436 sambaPwdMustChange: 1075073436 userPassword:: XX (removed) I am running Samba 3.0.1rc1 on Redhat 9.0 Please help me Thank you Charles -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3/ldap/net groupmap fails
Friday, December 12, 2003, 11:25:50 PM, John wrote: 1. you must create group mapping manually. 2. unix group you've assigning to Domain Admins MUST be in ldap (not in /etc/group). the unix group *does* exist in ldap. i've attempted groupmapping with the correct syntax, and always get something like this: what is the output from 'getent group |grep domadm' ? 2003/12/12 11:22:01, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1769) ldapsam_getgroup: Did not find group ^^ paste related smb.conf and ldif entry of domadmin group. samba seems can not find the group to be modified, check the ldap suffix. set loglevel in ldap to 256 and paste log when you do net groupmap add --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
CVS update: samba4/source/librpc/idl
Date: Fri Dec 12 11:49:29 2003 Author: tpot Update of /data/cvs/samba4/source/librpc/idl In directory dp.samba.org:/tmp/cvs-serv6605/librpc/idl Modified Files: winreg.idl Log Message: Small cleanup of test code. Rename enum indexes to be the same name for EnumKey and EnumValue. Revisions: winreg.idl 1.8 = 1.9 http://www.samba.org/cgi-bin/cvsweb/samba4/source/librpc/idl/winreg.idl.diff?r1=1.8r2=1.9
CVS update: samba4/source/torture/rpc
Date: Fri Dec 12 11:49:29 2003 Author: tpot Update of /data/cvs/samba4/source/torture/rpc In directory dp.samba.org:/tmp/cvs-serv6605/torture/rpc Modified Files: winreg.c Log Message: Small cleanup of test code. Rename enum indexes to be the same name for EnumKey and EnumValue. Revisions: winreg.c1.11 = 1.12 http://www.samba.org/cgi-bin/cvsweb/samba4/source/torture/rpc/winreg.c.diff?r1=1.11r2=1.12
CVS update: samba/packaging/RedHat
Date: Fri Dec 12 17:48:19 2003 Author: jerry Update of /data/cvs/samba/packaging/RedHat In directory dp.samba.org:/tmp/cvs-serv20191 Modified Files: Tag: SAMBA_3_0 samba.spec.tmpl Log Message: fixing upgrade bug; fixing PAM config file install bug Revisions: samba.spec.tmpl 1.1.2.20 = 1.1.2.21 http://www.samba.org/cgi-bin/cvsweb/samba/packaging/RedHat/samba.spec.tmpl.diff?r1=1.1.2.20r2=1.1.2.21
CVS update: samba/source
Date: Fri Dec 12 18:25:10 2003 Author: jerry Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv23695 Modified Files: Tag: APPLIANCE_HEAD Makefile.in VERSION configure.in Log Message: more syncs with 3.0 Revisions: Makefile.in 1.223.2.52 = 1.223.2.53 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in.diff?r1=1.223.2.52r2=1.223.2.53 VERSION 1.1.6.3 = 1.1.6.4 http://www.samba.org/cgi-bin/cvsweb/samba/source/VERSION.diff?r1=1.1.6.3r2=1.1.6.4 configure.in1.130.2.25 = 1.130.2.26 http://www.samba.org/cgi-bin/cvsweb/samba/source/configure.in.diff?r1=1.130.2.25r2=1.130.2.26
CVS update: samba/source/auth
Date: Fri Dec 12 18:25:11 2003 Author: jerry Update of /data/cvs/samba/source/auth In directory dp.samba.org:/tmp/cvs-serv23695/auth Modified Files: Tag: APPLIANCE_HEAD auth_util.c Log Message: more syncs with 3.0 Revisions: auth_util.c 1.74.2.2 = 1.74.2.3 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_util.c.diff?r1=1.74.2.2r2=1.74.2.3
CVS update: samba/source/client
Date: Fri Dec 12 18:25:11 2003 Author: jerry Update of /data/cvs/samba/source/client In directory dp.samba.org:/tmp/cvs-serv23695/client Modified Files: Tag: APPLIANCE_HEAD mount.cifs.c Log Message: more syncs with 3.0 Revisions: mount.cifs.c1.4.2.2 = 1.4.2.3 http://www.samba.org/cgi-bin/cvsweb/samba/source/client/mount.cifs.c.diff?r1=1.4.2.2r2=1.4.2.3
CVS update: samba/source/groupdb
Date: Fri Dec 12 18:25:11 2003 Author: jerry Update of /data/cvs/samba/source/groupdb In directory dp.samba.org:/tmp/cvs-serv23695/groupdb Modified Files: Tag: APPLIANCE_HEAD mapping.c Log Message: more syncs with 3.0 Revisions: mapping.c 1.52.2.2 = 1.52.2.3 http://www.samba.org/cgi-bin/cvsweb/samba/source/groupdb/mapping.c.diff?r1=1.52.2.2r2=1.52.2.3
CVS update: samba/source/include
Date: Fri Dec 12 18:25:11 2003 Author: jerry Update of /data/cvs/samba/source/include In directory dp.samba.org:/tmp/cvs-serv23695/include Modified Files: Tag: APPLIANCE_HEAD rpc_misc.h Log Message: more syncs with 3.0 Revisions: rpc_misc.h 1.26.2.5 = 1.26.2.6 http://www.samba.org/cgi-bin/cvsweb/samba/source/include/rpc_misc.h.diff?r1=1.26.2.5r2=1.26.2.6
CVS update: samba/source/libsmb
Date: Fri Dec 12 18:25:12 2003 Author: jerry Update of /data/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv23695/libsmb Modified Files: Tag: APPLIANCE_HEAD cliconnect.c namequery.c Log Message: more syncs with 3.0 Revisions: cliconnect.c1.2.2.24 = 1.2.2.25 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/cliconnect.c.diff?r1=1.2.2.24r2=1.2.2.25 namequery.c 1.48.2.45 = 1.48.2.46 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/namequery.c.diff?r1=1.48.2.45r2=1.48.2.46
CVS update: samba/source/lib
Date: Fri Dec 12 18:25:11 2003 Author: jerry Update of /data/cvs/samba/source/lib In directory dp.samba.org:/tmp/cvs-serv23695/lib Modified Files: Tag: APPLIANCE_HEAD access.c iconv.c substitute.c util.c util_sock.c Log Message: more syncs with 3.0 Revisions: access.c1.19.2.3 = 1.19.2.4 http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/access.c.diff?r1=1.19.2.3r2=1.19.2.4 iconv.c 1.33.4.3 = 1.33.4.4 http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/iconv.c.diff?r1=1.33.4.3r2=1.33.4.4 substitute.c1.7.2.12 = 1.7.2.13 http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/substitute.c.diff?r1=1.7.2.12r2=1.7.2.13 util.c 1.287.2.24 = 1.287.2.25 http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/util.c.diff?r1=1.287.2.24r2=1.287.2.25 util_sock.c 1.16.2.12 = 1.16.2.13 http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/util_sock.c.diff?r1=1.16.2.12r2=1.16.2.13
CVS update: samba/source/modules
Date: Fri Dec 12 18:25:12 2003 Author: jerry Update of /data/cvs/samba/source/modules In directory dp.samba.org:/tmp/cvs-serv23695/modules Added Files: Tag: APPLIANCE_HEAD charset_macosxfs.c Log Message: more syncs with 3.0 Revisions: charset_macosxfs.c NONE = 1.1.6.1 http://www.samba.org/cgi-bin/cvsweb/samba/source/modules/charset_macosxfs.c?rev=1.1.6.1
CVS update: samba/source/nsswitch
Date: Fri Dec 12 18:25:12 2003 Author: jerry Update of /data/cvs/samba/source/nsswitch In directory dp.samba.org:/tmp/cvs-serv23695/nsswitch Modified Files: Tag: APPLIANCE_HEAD winbindd_group.c wins.c Log Message: more syncs with 3.0 Revisions: winbindd_group.c1.3.2.15 = 1.3.2.16 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/winbindd_group.c.diff?r1=1.3.2.15r2=1.3.2.16 wins.c 1.4.2.7 = 1.4.2.8 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/wins.c.diff?r1=1.4.2.7r2=1.4.2.8
CVS update: samba/source/passdb
Date: Fri Dec 12 18:25:13 2003 Author: jerry Update of /data/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv23695/passdb Modified Files: Tag: APPLIANCE_HEAD passdb.c Log Message: more syncs with 3.0 Revisions: passdb.c1.61.2.16 = 1.61.2.17 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/passdb.c.diff?r1=1.61.2.16r2=1.61.2.17
CVS update: samba/source/rpc_parse
Date: Fri Dec 12 18:25:14 2003 Author: jerry Update of /data/cvs/samba/source/rpc_parse In directory dp.samba.org:/tmp/cvs-serv23695/rpc_parse Modified Files: Tag: APPLIANCE_HEAD parse_misc.c parse_net.c Log Message: more syncs with 3.0 Revisions: parse_misc.c1.68.2.18 = 1.68.2.19 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_parse/parse_misc.c.diff?r1=1.68.2.18r2=1.68.2.19 parse_net.c 1.42.2.11 = 1.42.2.12 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_parse/parse_net.c.diff?r1=1.42.2.11r2=1.42.2.12
CVS update: samba/source/rpc_server
Date: Fri Dec 12 18:25:15 2003 Author: jerry Update of /data/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv23695/rpc_server Modified Files: Tag: APPLIANCE_HEAD srv_lsa_nt.c srv_pipe_hnd.c srv_samr_nt.c srv_util.c Log Message: more syncs with 3.0 Revisions: srv_lsa_nt.c1.57.2.7 = 1.57.2.8 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_lsa_nt.c.diff?r1=1.57.2.7r2=1.57.2.8 srv_pipe_hnd.c 1.54.2.12 = 1.54.2.13 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_pipe_hnd.c.diff?r1=1.54.2.12r2=1.54.2.13 srv_samr_nt.c 1.97.2.10 = 1.97.2.11 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_samr_nt.c.diff?r1=1.97.2.10r2=1.97.2.11 srv_util.c 1.48.2.4 = 1.48.2.5 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_util.c.diff?r1=1.48.2.4r2=1.48.2.5
CVS update: samba/source/rpcclient
Date: Fri Dec 12 18:25:15 2003 Author: jerry Update of /data/cvs/samba/source/rpcclient In directory dp.samba.org:/tmp/cvs-serv23695/rpcclient Modified Files: Tag: APPLIANCE_HEAD cmd_spoolss.c Log Message: more syncs with 3.0 Revisions: cmd_spoolss.c 1.29.2.12 = 1.29.2.13 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpcclient/cmd_spoolss.c.diff?r1=1.29.2.12r2=1.29.2.13