RE: [Samba] VLANs and Samba 2.2.8a

[Brian York]

--On irc.Freenode.net #samba someone told me to use remote announcement and
--wins support = yes. When I tried it it still didn't work. 

Correction - remote announce = 172.19.31.255

Brian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] VLANs and Samba 2.2.8a

[Brian York]

I am having trouble connecting to a Slackware 9.1 machine with samba 2.2.8a.
I get a message back that it could not resolve the mount point. I have also
tried to connect with a windows machine. There is no problem on the network
with windows to windows machines so it wouldn't be something messed up on
the network. The problem seems to be something with samba. 

 

On irc.Freenode.net #samba someone told me to use remote announcement and
wins support = yes. When I tried it it still didn't work. 


Does samba 3.0.1 fix this program and is it stable enough to use?

 

Brian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba can sendfile, but why no receivefile?

[jason]

Hi all:

Samba can use sendfile to improve the performance of READ, but it does not
have receivefile to improve the performance of WRITE. What is the reason?

I just find linux kernel function:
int tcp_read_sock(struct sock *sk, read_descriptor_t *desc,
sk_read_actor_t recv_actor)

which suppose is the conterpart of sendfile(). But it seems almost nobody
use it to do something.

Jason



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Quicken backup and Samba 2.2.8a on FreeBSD

[MikeM]

I've run into difficulty getting Quicken 2001 and Quicken 2003 backup to
work with a Samba server.

My smb.conf is relatively simple (below is a slightly editted version with
the important stuff):
=
[global]
workgroup = WORKGROUP
server string = BigBoxNAS
netbios name = bigbox
log file = /var/log/samba/log.%m
;   log level = 3
max log size = 50
security = user

[public]
path = /raid/export
valid users = mgm
writeable = yes
create mask = 0660
directory mask = 0770
read only = no
==

When I try to do a Quicken backup to the Samba drive, Quicken puts up an
error box complaining about lack of write access.  I've spent some time in
google and found an intereting commment in Samba's open.c function, "This
little piece of insanity is inspired by the fact that an NT client can open
a file for O_RDONLY, but set the create disposition to
FILE_EXISTS_TRUNCATE. If the client *can* write to the file, then it
expects to truncate the file, even though it is opening for readonly.
Quicken uses this stupid trick in backup file creation..."

I looked in the log file for the error string corresponding to the "little
bit of insanity".  The longish log file excerpt is at the end of this
message.

My question, if this was fixed, why am I still seeing the problem in
2.2.8a?   Thanks for your help. (I'm running Quicken under Windows 2000,
SP4.)



/var/log/samba/log.notebloat:


[2003/12/15 15:34:21, 10] smbd/mangle_hash.c:is_mangled(317)
  is_mangled: ~test~bk.tst : True
[2003/12/15 15:34:21, 5] smbd/filename.c:unix_convert(319)
  New file ~test~bk.tst
[2003/12/15 15:34:21, 3] smbd/dosmode.c:unix_mode(111)
  unix_mode(~test~bk.tst) returning 0660
[2003/12/15 15:34:21, 5] smbd/files.c:file_new(123)
  allocated file structure 284, fnum = 4380 (1 used)
[2003/12/15 15:34:21, 10] smbd/open.c:open_file_shared1(807)
  open_file_shared: fname = ~test~bk.tst, share_mode = 40, ofun = 12, mode
= 660, oplock request = 3
[2003/12/15 15:34:21, 8] lib/util.c:is_in_path(1145)
  is_in_path: ~test~bk.tst
[2003/12/15 15:34:21, 8] lib/util.c:is_in_path(1150)
  is_in_path: no name list.
[2003/12/15 15:34:21, 3] lib/util.c:unix_clean_name(387)
  unix_clean_name [~test~bk.tst]
[2003/12/15 15:34:21, 4] smbd/open.c:open_file_shared1(973)
  calling open_file with flags=0x0 flags2=0x600 mode=0660
[2003/12/15 15:34:21, 10] smbd/open.c:open_file(146)
  open_file: truncate requested on read-only open for file ~test~bk.tst
[2003/12/15 15:34:21, 10] smbd/open.c:fd_open(53)
  fd_open: name ~test~bk.tst, flags = 01002 mode = 0660, fd = -1.
Permission denied
[2003/12/15 15:34:21, 3] smbd/open.c:open_file(176)
  Error opening file ~test~bk.tst (Permission denied) (local_flags=514)
(flags=1536)
[2003/12/15 15:34:21, 5] smbd/files.c:file_free(346)
  freed files structure 4380 (0 used)
[2003/12/15 15:34:21, 3] smbd/error.c:error_packet(94)
  error string = Permission denied
[2003/12/15 15:34:21, 3] smbd/error.c:error_packet(113)
  error packet at smbd/nttrans.c(889) cmd=162 (SMBntcreateX)
NT_STATUS_ACCESS_DENIED
==



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net rpc vampire problems

[Daniel Kasak]

Yeri Swamy wrote:

Looks like you don;t have group maps done

So execute followinf script for group mapping then do vampire...

#!/bin/bash
 Keep this as a shell script for future re-use


# First assign well known groups
net groupmap modify ntgroup="Account Operators" unixgroup=root
net groupmap modify ntgroup="Administrators" unixgroup=root
net groupmap modify ntgroup="Backup Operators" unixgroup=bin
net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
net groupmap modify ntgroup="Domain Users" unixgroup=users
net groupmap modify ntgroup="Guests" unixgroup=nobody
net groupmap modify ntgroup="Power Users" unixgroup=sys
net groupmap modify ntgroup="Print Operators" unixgroup=lp
net groupmap modify ntgroup="Replicators" unixgroup=daemon
net groupmap modify ntgroup="System Operators" unixgroup=sys
net groupmap modify ntgroup="Users" unixgroup=users
It doesn't make any difference if I run the above script or not. The 
creation of the machine trust account still fails. Interestingly, if I 
run manually:

useradd DKASAK$

I get the error:

useradd: invalid user name 'DKASAK$'

But if I user lowercase, it works. I wasn't aware of a restriction on 
creating uppercase usernames. Is this supposed to happen?
Anyone else know why my machine accounts aren't getting migrated?
Pretty please?

Dan

--
Daniel Kasak
IT Developer
NUS Consulting Group
Level 5, 77 Pacific Highway
North Sydney, NSW, Australia 2060
T: (+61) 2 9922-7676 / F: (+61) 2 9922 7989
email: [EMAIL PROTECTED]
website: http://www.nusconsulting.com.au
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Folder Redirection with NT4 Domains

[John H Terpstra]

On Mon, 15 Dec 2003, Kristyan Osborne wrote:

> Hi John,
>  I'll try and get some documentation written on how to use regedit32 to
> modify the default user profile. This is basically changing the default
> registry every user gets the first time they logon to the network. I'll
> put a bit of background info on the network and how we use shares for
> storing stuff. Another neat trick (which I will also document) is how we
> have changed the default saving/opening location for programs such as
> Word and Excel etc. this has been extremly helpful.
>
> I'll get back to you soon.

You are a gem!

I'd like to save you from wasting your time though, so please check out
the PDF of the book I am currently working on. I must ask you to keep this
confidential as it is being written under contract to Prentice Hall
publishing. Chapter 6 is the magic place in which this stuff is being
documented. I very much appreciate your input and feedback.

My motivation in documenting this is to help make Samba a more deployable
product and to help get users over the installation hurdles.

The URL is:

http://samba.org/~jht/DeBook

Look for the latest version of Samba-Guide-200312xx.pdf.

Thanks again.

Cheers,
John T.


>
> Cheers
> -
> Kristyan Osborne - IT Technician
> Longhill High School
> 01273 391672
>
>
>   -Original Message-
>   From: John H Terpstra [mailto:[EMAIL PROTECTED]
>   Sent: Mon 15/12/2003 00:24
>   To: Kristyan Osborne
>   Cc: [EMAIL PROTECTED]
>   Subject: RE: [Samba] Folder Redirection with NT4 Domains
>
>
>
>   On Mon, 15 Dec 2003, Kristyan Osborne wrote:
>
>   > Hi,
>   >  The changes would be done on the network copy of the Default User
>   > directory under the netlogon share, rather than per machine. This is the
>   > method we have adopted. You could Kixtart to modify the registry on
>   > login for that user.
>
>   Please would you provide a little more information on how you did this for
>   the default user. I'm sure others would value that tidbit.
>
>   How much work have you done with KixStart? What has been your experience?
>
>   Cheers,
>   John T.
>
>   >
>   > Cheers
>   >
>   > -
>   > Kristyan Osborne - IT Technician
>   > Longhill High School
>   > 01273 391672
>   >
>   >
>   >   -Original Message-
>   >   From: John H Terpstra [mailto:[EMAIL PROTECTED]
>   >   Sent: Sun 14/12/2003 16:31
>   >   To: Kristyan Osborne
>   >   Cc: [EMAIL PROTECTED]
>   >   Subject: RE: [Samba] Folder Redirection with NT4 Domains
>   >
>   >
>   >
>   >   On Sun, 14 Dec 2003, Kristyan Osborne wrote:
>   >
>   >   > Hiya,
>   >   >  Redirecting My Documnets isn't a tricky one. Just right click ->
>   >   > properties and change the target location. This is automatically 
> done in
>   >   > our network by changing the location in the default profile. This is
>   >   > then applied to every user when they first logon. Do you mean Local
>   >   > Settings or the Application Data folder. The Applications Data 
> folder is
>   >   > part of the profile anyway. I cant see why you would want to copy the
>   >   > Local Settings directory with your profile.
>   >
>   >   Got that bit. Changing the default profile is the obvious answer but 
> not
>   >   what some admins want. The objection I have run into is that this 
> requires
>   >   per machine changes and for a large shop this is labour intensive.
>   >
>   >   On Win2Kx ADS this can be done through a GPO (group policy object). 
> With
>   >   Samba the technique has to change a little to get around the lack of 
> ADS
>   >   GPO support.
>   >
>   >   Seems that with Win2kx/XPP the use of '.reg' files does not work for 
> other
>   >   than limited local machine changes only. The result is that running 
> from
>   >   the login script:
>   >   regedt32 /S fixup.reg
>   >   where 'fixup.reg' contains the hive changes necessary largely does not
>   >   work for changes other than to HKLM (HIVE_KEY_LOCAL_MACHINE). I am
>   >   searching for insight into how other admins affect profile management
>   >   (particularly for folder redirection) in the absence of GPOs.
>   >
>   >   Cheers,
>   >   John T.
>   >
>   >   >
>   >   > Hope that helps
>   >   >
>   >   > Cheers
>   >   > -
>   >   > Kristyan Osborne - IT Technician
>   >   > Longhill High School
>   >   > 01273 391672
>   >   >
>   >   >   -Original Message-
>   >   >   From: [EMAIL PROTECTED] on behalf of John H Terpstra
>   >   >   Sent: Sun 14/12/2003 00:44
>   

[Samba] Samba 3.0.1 Available for Download

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In an attempt to avoid the holiday rush common to software
releases, the Samba Team is proud to announce the availability
of the first patch release of the Samba 3.0 code base.
This is the latest stable release of Samba and is the
version that all production Samba servers should be running
for all current bug-fixes.  Some of the more common bugs in
3.0.0 addressed  in the release include:
~  * Substitution problems with smb.conf variables.
~  * Errors in return codes which caused some applications
~to fail to open files.
~  * General Protection Faults on Windows 2000/XP clients
~using Samba point-n-print features.
~  * Several miscellaneous crash bugs.
~  * Access problems when enumerating group mappings are
~stored in an LDAP Directory.
~  * Several common SWAT bugs when writing changes to
~smb.conf.
~  * Internal inconsistencies when 'winbind use default
~domain = yes'
The source code can be downloaded from :

~  http://download.samba.org/samba/ftp/

The uncompressed tarball and patch file have been signed
using GnuPG.  The Samba public key is available at
~  http://download.samba.org/samba/ftp/samba-pubkey.asc

Binary packages are available at

~  http://download.samba.org/samba/ftp/Binary_Packages/

A simplified version of the CVS log of updates since
3.0.0 can be found in the the download directory
under the name ChangeLog-3.0.0-3.0.1.  The release
notes are also available on-line at
~  http://www.samba.org/samba/whatsnew/samba-3.0.1.html

As always, all bugs (https://bugzilla.samba.org/) are our
responsibility.
~  --Enjoy
~  The Samba Team


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/3k7jIR7qMdg1EfYRAgswAJ9qET84CZ+bjM4kcbowOmX0FTKxVACffWmC
mwdH9cHN/7XfXB2FIo+q5KA=
=j3/g
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Folder Redirection with NT4 Domains

[Kristyan Osborne]

Hi John,
 
I'll try and get some documentation written on how to use regedit32 to modify the 
default user profile. This is basically changing the default registry every user gets 
the first time they logon to the network. I'll put a bit of background info on the 
network and how we use shares for storing stuff. Another neat trick (which I will also 
document) is how we have changed the default saving/opening location for programs such 
as Word and Excel etc. this has been extremly helpful.
 
I'll get back to you soon.
 
Cheers
-
Kristyan Osborne - IT Technician
Longhill High School
01273 391672


-Original Message- 
From: John H Terpstra [mailto:[EMAIL PROTECTED] 
Sent: Mon 15/12/2003 00:24 
To: Kristyan Osborne 
Cc: [EMAIL PROTECTED] 
Subject: RE: [Samba] Folder Redirection with NT4 Domains



On Mon, 15 Dec 2003, Kristyan Osborne wrote:

> Hi,
>  The changes would be done on the network copy of the Default User
> directory under the netlogon share, rather than per machine. This is the
> method we have adopted. You could Kixtart to modify the registry on
> login for that user.

Please would you provide a little more information on how you did this for
the default user. I'm sure others would value that tidbit.

How much work have you done with KixStart? What has been your experience?

Cheers,
John T.

>
> Cheers
>
> -
> Kristyan Osborne - IT Technician
> Longhill High School
> 01273 391672
>
>
>   -Original Message-
>   From: John H Terpstra [mailto:[EMAIL PROTECTED]
>   Sent: Sun 14/12/2003 16:31
>   To: Kristyan Osborne
>   Cc: [EMAIL PROTECTED]
>   Subject: RE: [Samba] Folder Redirection with NT4 Domains
>
>
>
>   On Sun, 14 Dec 2003, Kristyan Osborne wrote:
>
>   > Hiya,
>   >  Redirecting My Documnets isn't a tricky one. Just right click ->
>   > properties and change the target location. This is automatically 
done in
>   > our network by changing the location in the default profile. This is
>   > then applied to every user when they first logon. Do you mean Local
>   > Settings or the Application Data folder. The Applications Data 
folder is
>   > part of the profile anyway. I cant see why you would want to copy the
>   > Local Settings directory with your profile.
>
>   Got that bit. Changing the default profile is the obvious answer but 
not
>   what some admins want. The objection I have run into is that this 
requires
>   per machine changes and for a large shop this is labour intensive.
>
>   On Win2Kx ADS this can be done through a GPO (group policy object). 
With
>   Samba the technique has to change a little to get around the lack of 
ADS
>   GPO support.
>
>   Seems that with Win2kx/XPP the use of '.reg' files does not work for 
other
>   than limited local machine changes only. The result is that running 
from
>   the login script:
>   regedt32 /S fixup.reg
>   where 'fixup.reg' contains the hive changes necessary largely does not
>   work for changes other than to HKLM (HIVE_KEY_LOCAL_MACHINE). I am
>   searching for insight into how other admins affect profile management
>   (particularly for folder redirection) in the absence of GPOs.
>
>   Cheers,
>   John T.
>
>   >
>   > Hope that helps
>   >
>   > Cheers
>   > -
>   > Kristyan Osborne - IT Technician
>   > Longhill High School
>   > 01273 391672
>   >
>   >   -Original Message-
>   >   From: [EMAIL PROTECTED] on behalf of John H Terpstra
>   >   Sent: Sun 14/12/2003 00:44
>   >   To: [EMAIL PROTECTED]
>   >   Cc:
>   >   Subject: [Samba] Folder Redirection with NT4 Domains
>   >
>   >
>   >
>   >   Hi,
>   >
>   >   I'd like to hear off-list from anyone who is currently 
successfully using
>   >   folder redirection with an NT4 domain controller.
>   >
>   >   If you are doing this, please would help me to understand your 
secret.
>   >   There are two ways I know of that should work, however I have 
received
>   >   feedback from separate s

[Samba] Secondary Groups and Group Mapping

[Klinger, John (N-CSC)]

We are having what appears to be two main issues in our attempt to setup Samba 3.0.0 
compiled from src on Solaris 8. We are using Samba to provide Unix shares on W2K 
clients, and to authenticate against a W2K Active Directory server. OpenLDAP is used 
on the Samba side for the UID/GID to SID mappings.

The first issue deals with the file sharing. Even if a file gives full permission to 
one of a user's secondary groups, that user cannot access the file. The user can only 
access the file (or directory) if the file's group is the user's primary group. I've 
found several references on the web and in https://bugzilla.samba.org, which seem to 
indicate that the bug is fixed. However, we also tried this with 3.0.1rc2 and have the 
same problem; which makes us think it is a configuration error or something we haven't 
found related to nsswitch.

The second issue deals with groupmap. Again, searches haven't turned up anything 
fruitful. When we execute commands similar to the following:

  groupadd elves
  net groupmap add ntuser=LOTR+fairfolk username=elves

We always get the following error:

No rid or sid specified, choosing algorithmic mapping
adding entry for group LOTR+fairfolk failed!

Output from the above groupmap command with debug level of 3 gives:



param/loadparm.c:lp_load(3917)
  lp_load: refreshing parameters
param/loadparm.c:init_globals(1303)
  Initialising global parameters
param/params.c:pm_process(566)
  params.c:pm_process() - Processing configuration file "/h/SMBSVR/cfg/smb.conf"
param/loadparm.c:do_section(3420)
  Processing section "[global]"
lib/interface.c:add_interface(79)
  added interface ip=172.31.4.133 bcast=172.31.4.143 nmask=255.255.255.240
passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
  ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]
lib/smbldap.c:smbldap_open_connection(623)
  smbldap_open_connection: connection opened
lib/smbldap.c:smbldap_connect_system(785)
  ldap_connect_system: succesful connection to the LDAP server
passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
  ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]
passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
  ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))]
<< the above 4 lines repeat 10 more times >>
passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
  ldapsam_search_one_group: searching 
for:[(&(objectClass=posixGroup)(gidNumber=4294967295))]
passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
  ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(gidNumber=201))]
passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=201))]
utils/net.c:main(758)
  return code = -1
No rid or sid specified, choosing algorithmic mapping
adding entry for group LOTR+fairfolk failed!



Other tidbits:



Using the previous example,
"getent group LOTR+fairfolk" returns a group id of 11959.
"getent group elves" returns a group id of 201.
"/usr/bin/id -a LOTR+sampleuser" gives correct user and full group list.
"getent passwd LOTR+sampleuser" and "getent group | grep sampleuser" give user info 
and all groups.
/etc/group contains the elves group with a group id of 201.
"net groupmap list" returns nothing (debug > 2 shows "ldapsam_setsampwent: 0 entries 
in the base!").



Samba compilation performed using the flags: 

--with-ads
--with-ldap
--with-included-popt
--with-winbind
--with-winbind-auth-challenge
--with-pam
--with-ldapsam
--with-acl-support



smb.conf Contains:

ldap admin dn = "cn=smbldapuser,ou=user,dc=lan,dc=subd,dc=dom,dc=com"
ldap server = globalsvr.lan.subd.dom.com
ldap port = 8001
ldap suffix = "ou=idmap,dc=lan,dc=subd,dc=dom,dc=com"
ldap ssl = no
ldap filter = "(&(uid=%u) (objectclass=sambaAccount))"
winbind separator = +
idmap backend = ldap:ldap://globalsvr.lan.subd.dom.com:8001
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /USERS/global/%U
template shell = /bin/ksh
workgroup = LOTR
server string = smbdev
security = ads
encrypt passwords = yes
password server = activedsvr.lan.subd.dom.com
client use spnego = yes
log file = /SMBSVR/var/log.%m
max log size = 5000
realm = LOTR.REF.DOMAIN.COM
socket options = TCP_NODELAY
socket options = TCP_NODELAY
local master = no
dns proxy = yes
inherit permissions = no
create mask = 0774
force create mode = 
security mask = 0774
force security mode = 
directory mask = 0775
force directory mode = 
directory security mask = 0775
force directory security mode = 
[homes]
   comment = Home Directories
   path = /users/%S
   browseable = no
   writable = yes
   only user = yes
[global_data]
   comment = Global Data share
   browseable = yes
   path = /globaldata
   read only = no
   public = yes



ldap.conf contains

host activedsvr.lan.subd

RE: [Samba] Remote Desktop on XP

[Alan Munday]

Not this this is good news for you

But I have a number of customers with Samba servers and the clients have
Remote Desktop enabled. 
These all work fine as I do remote support via VPN to them.

Maybe the problem is elsewhere... E.g. the user changed some of the
workstation permissions without realising it?

HTH

Alan

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Joe Wojnas
Sent: 15 December 2003 23:03
To: [EMAIL PROTECTED]
Subject: [Samba] Remote Desktop on XP


I have client that turned on Remote Desktop on XP (Micro$oft's version of PC
Anywhere built into the OS).  Now those machines cannot log into to the
Samba server.  I tried reinstalling the XP registry patch, no luck.  Any
ideas??

Thanks!

Joe

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Group Mapping problems

[Greg Dickie]

I think a debug level 5 will show you exactly what its looking for. You can do  
"smbcontrol smbd debug 5" to set that.

hth,
Greg

On Monday 15 December 2003 17:27, Robert Rati wrote:
> I'm trying to map my LDAP groups to Windows Groups, but I'm not having
> any luck.  Here is a group I'm trying to map:
>
> dn: cn=dom_admin,ou=Groups,dc=wdselab
> objectClass: sambaGroupMapping
> objectClass: posixGroup
> gidNumber: 1000
> cn: dom_admin
> memberUid: dom_admin
> description: Domain Admininistrators Group
> sambaSID: S-1-5-21-835892245-73647866-3919785651-512
> sambaGroupType: 2
>
> but when I do a net groupmap command, I get this error over and over again:
>
>ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
> invalid DN (Invalid DN syntax)
>
> What DN syntax is being used for this search?  How do I modify it/fix
> this problem?
>
> Rob

-- 
Greg Dickie
just a guy
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Need help in reproducing "Incorrect password length" error

[Greg Dickie]

picky picky ;-) 

tomorrow I'll try replicating the problem again using the same machine that I 
initially had the problem with. Its the accounting guy and he was doing 
payroll so we don't want to interrupt that ;-)

In our case its ldapsam and we are using the smbldap-tools although from what 
Ive seen we could probably just use useradd & co. 

Greg


On Monday 15 December 2003 18:00, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Gerald (Jerry) Carter wrote:
> | We're having some trouble reproducing this error.  If
> | anyone who is seeing this error in the smbd logs when
> | attempting to join a Samba domain:
> |
> | "decode_pw_buffer: incorrect password length"
> |
> | Please send me a level 10 smbd debug log for the entire
> | join attempt.  We're think we know what the problem is
> | but need to confirm it in the logs.  This is the *last*
> | thing holding up 3.0.1.  Any help would be appreciated.
> | Thanks.
>
> Has anyone seen this using tdbsam ?  Or are the only
> people experiencing the problem using an LDAP backend ?  If the
> latter are people only using the smbldap-tools ?
>
> I'm looking for a common thread.  As of yet, I still don't
> have any usable log files from anyone.
>
>
>
> - --
> ciao, jerry
> ~ --
> ~ Hewlett-Packard- http://www.hp.com
> ~ SAMBA Team -- http://www.samba.org
> ~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
> ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/3j0fIR7qMdg1EfYRAj7MAJsGgy7eX8QEGw0+GppuIm1GDJEKnwCfehwt
> IEnuU6th2EbIe2IWmB1p1fs=
> =bods
> -END PGP SIGNATURE-

-- 
--
Greg Dickie
just a guy
Maximum Throughput
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Account Management Tools

[Farkas Levente]

hi,
in the samba collection howto in the Chapter 11. Account Information 
Databases you mention a new tcl/tk tool taht will be in hopefully in 
3.0.1. what is the status of this tool and what is this tool?
thanks.

--
  Levente   "Si vis pacem para bellum!"
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Remote Desktop on XP

[Joe Wojnas]

I have client that turned on Remote Desktop on XP (Micro$oft's version of PC Anywhere 
built into the OS).  Now those machines cannot log into to the Samba server.  I tried 
reinstalling the XP registry patch, no luck.  Any ideas??

Thanks!

Joe

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Need help in reproducing "Incorrect password length" error

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gerald (Jerry) Carter wrote:
| We're having some trouble reproducing this error.  If
| anyone who is seeing this error in the smbd logs when
| attempting to join a Samba domain:
|
| "decode_pw_buffer: incorrect password length"
|
| Please send me a level 10 smbd debug log for the entire
| join attempt.  We're think we know what the problem is
| but need to confirm it in the logs.  This is the *last*
| thing holding up 3.0.1.  Any help would be appreciated.
| Thanks.
Has anyone seen this using tdbsam ?  Or are the only
people experiencing the problem using an LDAP backend ?  If the
latter are people only using the smbldap-tools ?
I'm looking for a common thread.  As of yet, I still don't
have any usable log files from anyone.


- --
ciao, jerry
~ --
~ Hewlett-Packard- http://www.hp.com
~ SAMBA Team -- http://www.samba.org
~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/3j0fIR7qMdg1EfYRAj7MAJsGgy7eX8QEGw0+GppuIm1GDJEKnwCfehwt
IEnuU6th2EbIe2IWmB1p1fs=
=bods
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Upgraded from 2.2.7a to 3.0.0 - funny with roaming profiles

[Rob MacGregor]

Well, I did a test install of 3.0.0 today (different base from the old 
2.2.7a incase it all went wrong).  Everything seems to work (minor glitch 
failing to read the documentation carefully enough), but the roaming 
profiles appear to be broken.

What I'm seeing is that the profile isn't loaded and a vaguely default 
profile is provided instead.  I'm not seeing any error messages though, 
which is odd.  If somebody could run a quick eye over the (snipped) smb.conf 
I'd be grateful.  I'm probably missing something obvious, but it's late and 
I've read the file too many times to spot it:

[global]
<---SNIP--->
logon script = logon.cmd
logon path = \\%N\Profiles\%U
logon drive = H:
logon home = \\archie\%u
domain logons = Yes
[profiles]
path = /disk2/home/profiles
read only = No
create mask = 0600
directory mask = 0700
profile acls = Yes
Incase it matters the client is WindowsXP, SP1 (happily working in the 
domain hosted by 2.2.7a) and samba is running on Mandrake 9.1, stock 
Mandrake 2.4.20 kernel.

TIA

 Please DO NOT send me ANY email directly unless it's a privacy issue.
  Reply-to mangled to assist those who don't read the above.
--
Rob  |  What part of "no" was it you didn't understand?
_
Find a cheaper internet access deal - choose one to suit you. 
http://www.msn.co.uk/internetaccess

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Group Mapping problems

[Robert Rati]

I'm trying to map my LDAP groups to Windows Groups, but I'm not having 
any luck.  Here is a group I'm trying to map:

dn: cn=dom_admin,ou=Groups,dc=wdselab
objectClass: sambaGroupMapping
objectClass: posixGroup
gidNumber: 1000
cn: dom_admin
memberUid: dom_admin
description: Domain Admininistrators Group
sambaSID: S-1-5-21-835892245-73647866-3919785651-512
sambaGroupType: 2
but when I do a net groupmap command, I get this error over and over again:

  ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
invalid DN (Invalid DN syntax)

What DN syntax is being used for this search?  How do I modify it/fix 
this problem?

Rob
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0 and Kerberos 5 initial setup

[Obry, Dean (GBY)]

Hello,

I am setting up Samba 3.0 on a RedHat ES 3.0 machine (Intel h/w).   I want
to try to get
Samba authenticating with Active Directory and am somewhat confused by all
of the 
installation/config doc out there.

I have the Kerb 5 software installed on my machine as well as the LDAP
software that is suggested.
My questions are these:  

   1)Is Kerberos REQUIRED for me to get Samba authenticating in a W2K
domain
 or is it just a good idea from a security standpoint?
 If required, what is a good source for quick-start
installation/config?   I have found a bunch of 
 Kerberos howto doc, but it looks rather involved.   What would be
the quickest way
 to get Kerberos going?

   2)What other steps do I need to get this whole thing authenticating?
(e.g. LDAP?)

  Thanks in advance for any help you can provide.  Dean Obry

Dean Obry
Technical Services Lead 

Georgia-Pacific Corporation
email:  [EMAIL PROTECTED]
phone:  920-438-2662

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.1rc2 LDAP - problems joining domain

[Charles Hamel]

I was running 3.0.1rc1 and 3.0.1rc2, I downgraded to 3.0.1pre3.

Sorry for the confusion.

Charles Hamel

On 03-12-15, at 15:17, Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Charles Hamel wrote:
| You are not the only one have this problem, the samba
| team is working to fix this.
|
| I had the same problem, downgraded to 3.0.1pre3 and
| it works.
3.0.1pre3 ? or 3.0.0 ?



cheers, jerry
~  
--
~ Hewlett-Packard-  
http://www.hp.com
~ SAMBA Team --  
http://www.samba.org
~ GnuPG Key    
http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot  
(2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/3hbkIR7qMdg1EfYRAjXdAKC84daYNnSlRo0d6NK1BYpLkyaBkACaAot0
SPtVPCKlz2VHOqFwLNgr7Qo=
=/4S8
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Need help in reproducing "Incorrect password length" error

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We're having some trouble reproducing this error.  If
anyone who is seeing this error in the smbd logs when
attempting to join a Samba domain:
	"decode_pw_buffer: incorrect password length"

Please send me a level 10 smbd debug log for the entire
join attempt.  We're think we know what the problem is
but need to confirm it in the logs.  This is the *last*
thing holding up 3.0.1.  Any help would be appreciated.
Thanks.


ciao, jerry
~ --
~ Hewlett-Packard- http://www.hp.com
~ SAMBA Team -- http://www.samba.org
~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/3h73IR7qMdg1EfYRAnFJAKCyyYVXG2+ghk/8e5IhaauOLZCeqwCgtyyn
tfTF4mlAD9o+jnLKqh4xyDU=
=JfiJ
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.1rc2 LDAP - problems joining domain

[Greg Dickie]

heh heh

On Monday 15 December 2003 03:10 pm, Adam Williams wrote:
> > Here's the wierd part though. I was just trying to reproduce the problem
> > to get some level 10 logs and now it seems to work (of course just when I
> > want it to screw-up ;-). So its not like its always busted.
>
> Don't ya' hate it when that happens.
>
> Now you've probably jinx'd me, and next time it won't work although it
> always has. :)

-- 
Greg Dickie
just a guy
Maximum Throughput

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.1rc2 LDAP - problems joining domain

[Greg Dickie]

I downgraded all the way to 3.0.0 just because that rpm was already there. do 
you want me to try 1pre3 although I can't seem to reproduce it with 1rc2 
anymore?

Greg

On Monday 15 December 2003 03:17 pm, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Charles Hamel wrote:
> | You are not the only one have this problem, the samba
> | team is working to fix this.
> |
> | I had the same problem, downgraded to 3.0.1pre3 and
> | it works.
>
> 3.0.1pre3 ? or 3.0.0 ?
>
>
>
> cheers, jerry
> ~ --
> ~ Hewlett-Packard- http://www.hp.com
> ~ SAMBA Team -- http://www.samba.org
> ~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
> ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/3hbkIR7qMdg1EfYRAjXdAKC84daYNnSlRo0d6NK1BYpLkyaBkACaAot0
> SPtVPCKlz2VHOqFwLNgr7Qo=
> =/4S8
> -END PGP SIGNATURE-

-- 
Greg Dickie
just a guy
Maximum Throughput

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] multiple ldap servers in bdc/pdc environment

[Thomas Hannan]

Hi all,

I'm setting up a number of samba DC's across several branch offices
using the Samba 3.0.0 release's native LDAP support. I'd like to build
some redundancy into my setup, such as having slave LDAP servers in case
the master is down/unavailable. However, when I have multiple ldapsam
entries in my smb.conf I get duplicate or triplicate users listed when
performing a /usr/local/samba/bin/pdbedit -L, and all 2 or 3 LDAP
servers get queried no matter what. Is there anyway to list multiple
backup LDAP servers instead of just having overlapping SAMs?

Also, there will be some remote offices connected via relatively
high-latency WAN links to the master LDAP server. Will this be a problem
in terms of adding machine accounts or changing passwords (and that data
being replicated to the local slave LDAP server at the branch offices in
a timely manner)? I'd like to only have the remote offices send traffic
over the WAN links when absolutely necessary (such as changing passwords
or receiving replica updates pushed out from the master LDAP server).

Regards,
Thomas

[global]passdb 
backend = ldapsam:ldap://192.168.1.60   
ldapsam:ldap://192.168.1.215 
ldapsam:ldap://192.168.1.98   
ldap suffix = ou=accounts,ou=people,dc=pharm-olam,dc=com 
ldap group suffix = ou=groups  
ldap machine suffix = ou=machines  
ldap user suffix = ou=users 
ldap admin dn = 
  uid=smbldap,ou=accounts,ou=people,dc=pharm-olam,dc=com
ldap ssl = off


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Fedora binaries in multiple RPMS?

[Dan]

The RedHat RPMS were always available as single RPMS why aren't the 
Fedora binaries the same?

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] nscd dies

[Craig Jackson]

Fellow Sambanistas,

Samba using ldapsam is working beautifully. I also have
pam_ldap/nss_ldap working for users and groups. In nsswitch.conf the
attribute is ldap. However, I notice that things can be a little slow
because the ldap server is on another machine. So every lookup results
in a time-consuming network traffic. Hence nscd, to cache those lookups.
However, when I try to start nscd it simply dies with this message in
log:

8381: handle_request: request received (Version = 2)
8381:   GETPWBYUID (0)
8381: Haven't found "0" in password cache!

The system is Debian:Sid.

I realize this is question more for the Debian or pamldap lists but I
written to those with no response. Also I can find very little on this
subject on Google.

Any help appreciated,
Thanks,
Craig Jackson



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba freezing network

[Stefan G. Weichinger]

Hello, [EMAIL PROTECTED],

Montag, 15. Dezember 2003, 20:45 you wrote:

DGac> I have testing debian with samba and while the linux server is on the
DGac> network the other systems on the network lock up and freeze for several
DGac> minutes then un freeze.  After I remove the debian box from the network it
DGac> does not freeze any of the other computers on the network.  Any help would
DGac> be appreciated.

Any DETAILS would be appreciated.

You don´t tell us anything about versions, configs, parameters  .

For example, is Samba PDC, BDC, stand-alone, Master Browser, . ?

This group is able to give vast amounts of useful information on all
kinds of Samba-issues if it is only given enough information about
your situation.

-- 
best regards,
Stefan G. Weichinger
mailto:[EMAIL PROTECTED]



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.1rc2 LDAP - problems joining domain

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Charles Hamel wrote:
| You are not the only one have this problem, the samba
| team is working to fix this.
|
| I had the same problem, downgraded to 3.0.1pre3 and
| it works.

3.0.1pre3 ? or 3.0.0 ?



cheers, jerry
~ --
~ Hewlett-Packard- http://www.hp.com
~ SAMBA Team -- http://www.samba.org
~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/3hbkIR7qMdg1EfYRAjXdAKC84daYNnSlRo0d6NK1BYpLkyaBkACaAot0
SPtVPCKlz2VHOqFwLNgr7Qo=
=/4S8
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.1rc2 LDAP - problems joining domain

[Adam Williams]

> Here's the wierd part though. I was just trying to reproduce the problem to 
> get some level 10 logs and now it seems to work (of course just when I want 
> it to screw-up ;-). So its not like its always busted.

Don't ya' hate it when that happens.

Now you've probably jinx'd me, and next time it won't work although it
always has. :)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.1rc2 LDAP - problems joining domain

[Adam Williams]

> You are not the only one have this problem, the samba team is working  
> to fix this.
> I had the same problem, downgraded to 3.0.1pre3 and it works.

Hmm.  I've got WYk, WY2kSp4, XP, and XPsp1 workstations.  Since
upgrading to 3.0.1rc2 I've joins a few of all the above to my
Samba/PDC/LDAP domain without incident.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.1rc2 LDAP - problems joining domain

[Greg Dickie]

Here's the wierd part though. I was just trying to reproduce the problem to 
get some level 10 logs and now it seems to work (of course just when I want 
it to screw-up ;-). So its not like its always busted.

thanks,
Greg


On Monday 15 December 2003 02:53 pm, Greg Dickie wrote:
> yup. saw that after I reported it and downgraded.
> thanks very much,
> Greg
>
> On Monday 15 December 2003 02:45 pm, you wrote:
> > You are not the only one have this problem, the samba team is working
> > to fix this.
> >
> > I had the same problem, downgraded to 3.0.1pre3 and it works.
> >
> > Charles Hamel
> >
> > On 03-12-15, at 11:48, Greg Dickie wrote:
> > > Hi,
> > >
> > >   I'm back on the list ;-)
> > >   I seem to be having some trouble getting W2K machines to join the
> > > domain in
> > > 3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks
> > > like
> > > the account gets created in LDAP and then it has trouble setting the
> > > password
> > > appropriately. I believe this is the relevant part of the log:
> > >
> > >  api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO
> > > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
> > >   00 samr_io_q_set_userinfo
> > > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
> > >    data1: 
> > > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
> > >   0004 data2: 0008
> > > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
> > >   0008 data3: 
> > > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
> > >   000a data4: 
> > > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
> > >   000c data5: 71 e1 dd 3f 61 70 00 00
> > > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
> > >   0014 switch_value: 0018
> > > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
> > >   0016 switch_value: 0018
> > > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
> > >   0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d
> > > 53 90
> > > 21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e
> > > a6 85 eb
> > > 7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07
> > > 34 63 37
> > > dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da
> > > b7 83 be
> > > 6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e
> > > 25 8d 91
> > > 42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30
> > > 1f a8 71
> > > 22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37
> > > 0b cb da
> > > 09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34
> > > b9 5c 02
> > > 73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac
> > > a9 5a 43
> > > ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc
> > > 49 ad 12
> > > 73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac
> > > 98 28 21
> > > e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5
> > > 02 e9 03
> > > ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2
> > > 4b b1 a3
> > > 19 8b 08 2 +>
> > >   4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37
> > > c4 36 bd
> > > d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3
> > > b0 b6 c7
> > > 2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1
> > > 83 d7 87
> > > 95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7
> > > db d9 34
> > > 09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba
> > > a7 49 66
> > > 90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa
> > > a2 24 cc
> > > 70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89
> > > 21 62 7a
> > > a2 18 f9
> > > [2003/12/15 11:29:37, 5]
> > > rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937)
> > >   _samr_set_userinfo: 2937
> > > [2003/12/15 11:29:37, 4]
> > > rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
> > >   Found policy hnd[0] [000] 00 00 00 00 08 00 00 00  00 00 00 00 71 E1
> > > DD 3F
> > >  q╴?
> > >   [010] 61 70 00 00   ap..
> > > [2003/12/15 11:29:37, 5]
> > > rpc_server/srv_samr_nt.c:access_check_samr_function(105)
> > >   _samr_set_userinfo: access check ((granted: 0x00b0;  required:
> > > 0x0024)
> > > [2003/12/15 11:29:37, 4]
> > > rpc_server/srv_samr_nt.c:access_check_samr_function(109)
> > >   _samr_set_userinfo: ACCESS should be DENIED (granted: 0x00b0;
> > > required:
> > > 0x0024)
> > >   but overwritten by euid == 0
> > > [2003/12/15 11:29:37, 5]
> > > rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950)
> > >   _samr_set_userinfo:
> > > sid:S-1-5-21-2656636599-2098491866-229994164-3044,
> > > level:24
> > > [2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068)
> > >   smbldap_search_suffix: searching

Re: [Samba] 3.0.1rc2 LDAP - problems joining domain

[Greg Dickie]

yup. saw that after I reported it and downgraded. 
thanks very much,
Greg

On Monday 15 December 2003 02:45 pm, you wrote:
> You are not the only one have this problem, the samba team is working
> to fix this.
>
> I had the same problem, downgraded to 3.0.1pre3 and it works.
>
> Charles Hamel
>
> On 03-12-15, at 11:48, Greg Dickie wrote:
> > Hi,
> >
> >   I'm back on the list ;-)
> >   I seem to be having some trouble getting W2K machines to join the
> > domain in
> > 3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks
> > like
> > the account gets created in LDAP and then it has trouble setting the
> > password
> > appropriately. I believe this is the relevant part of the log:
> >
> >  api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO
> > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
> >   00 samr_io_q_set_userinfo
> > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
> >    data1: 
> > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
> >   0004 data2: 0008
> > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
> >   0008 data3: 
> > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
> >   000a data4: 
> > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
> >   000c data5: 71 e1 dd 3f 61 70 00 00
> > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
> >   0014 switch_value: 0018
> > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
> >   0016 switch_value: 0018
> > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
> >   0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d
> > 53 90
> > 21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e
> > a6 85 eb
> > 7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07
> > 34 63 37
> > dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da
> > b7 83 be
> > 6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e
> > 25 8d 91
> > 42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30
> > 1f a8 71
> > 22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37
> > 0b cb da
> > 09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34
> > b9 5c 02
> > 73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac
> > a9 5a 43
> > ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc
> > 49 ad 12
> > 73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac
> > 98 28 21
> > e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5
> > 02 e9 03
> > ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2
> > 4b b1 a3
> > 19 8b 08 2 +>
> >   4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37
> > c4 36 bd
> > d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3
> > b0 b6 c7
> > 2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1
> > 83 d7 87
> > 95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7
> > db d9 34
> > 09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba
> > a7 49 66
> > 90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa
> > a2 24 cc
> > 70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89
> > 21 62 7a
> > a2 18 f9
> > [2003/12/15 11:29:37, 5]
> > rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937)
> >   _samr_set_userinfo: 2937
> > [2003/12/15 11:29:37, 4]
> > rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
> >   Found policy hnd[0] [000] 00 00 00 00 08 00 00 00  00 00 00 00 71 E1
> > DD 3F
> >  q╴?
> >   [010] 61 70 00 00   ap..
> > [2003/12/15 11:29:37, 5]
> > rpc_server/srv_samr_nt.c:access_check_samr_function(105)
> >   _samr_set_userinfo: access check ((granted: 0x00b0;  required:
> > 0x0024)
> > [2003/12/15 11:29:37, 4]
> > rpc_server/srv_samr_nt.c:access_check_samr_function(109)
> >   _samr_set_userinfo: ACCESS should be DENIED (granted: 0x00b0;
> > required:
> > 0x0024)
> >   but overwritten by euid == 0
> > [2003/12/15 11:29:37, 5]
> > rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950)
> >   _samr_set_userinfo:
> > sid:S-1-5-21-2656636599-2098491866-229994164-3044,
> > level:24
> > [2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068)
> >   smbldap_search_suffix: searching
> > for:[(&(sambaSID=S-1-5-21-2656636599-2098491866-229994164
> > -3044)(objectclass=sambaSamAccount))]
> > [2003/12/15 11:29:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
> >   init_sam_from_ldap: Entry found for user: gt1$
> > [2003/12/15 11:29:37, 5]
> > rpc_server/srv_samr_nt.c:set_user_info_pw(2877)
> >   Attempting administrator password change for user gt1$
> > [2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(501)
> >   decode_pw_buffer: incorrect password length (-2128390

Re: [Samba] 3.0.1rc2 LDAP - problems joining domain

[Charles Hamel]

You are not the only one have this problem, the samba team is working  
to fix this.

I had the same problem, downgraded to 3.0.1pre3 and it works.

Charles Hamel

On 03-12-15, at 11:48, Greg Dickie wrote:



Hi,

  I'm back on the list ;-)
  I seem to be having some trouble getting W2K machines to join the  
domain in
3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks  
like
the account gets created in LDAP and then it has trouble setting the  
password
appropriately. I believe this is the relevant part of the log:

 api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
  00 samr_io_q_set_userinfo
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
   data1: 
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
  0004 data2: 0008
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
  0008 data3: 
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
  000a data4: 
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
  000c data5: 71 e1 dd 3f 61 70 00 00
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
  0014 switch_value: 0018
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
  0016 switch_value: 0018
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
  0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d  
53 90
21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e  
a6 85 eb
7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07  
34 63 37
dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da  
b7 83 be
6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e  
25 8d 91
42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30  
1f a8 71
22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37  
0b cb da
09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34  
b9 5c 02
73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac  
a9 5a 43
ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc  
49 ad 12
73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac  
98 28 21
e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5  
02 e9 03
ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2  
4b b1 a3
19 8b 08 2 +>
  4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37  
c4 36 bd
d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3  
b0 b6 c7
2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1  
83 d7 87
95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7  
db d9 34
09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba  
a7 49 66
90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa  
a2 24 cc
70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89  
21 62 7a
a2 18 f9
[2003/12/15 11:29:37, 5]  
rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937)
  _samr_set_userinfo: 2937
[2003/12/15 11:29:37, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
  Found policy hnd[0] [000] 00 00 00 00 08 00 00 00  00 00 00 00 71 E1  
DD 3F
 q╴?
  [010] 61 70 00 00   ap..
[2003/12/15 11:29:37, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(105)
  _samr_set_userinfo: access check ((granted: 0x00b0;  required:
0x0024)
[2003/12/15 11:29:37, 4]
rpc_server/srv_samr_nt.c:access_check_samr_function(109)
  _samr_set_userinfo: ACCESS should be DENIED (granted: 0x00b0;   
required:
0x0024)
  but overwritten by euid == 0
[2003/12/15 11:29:37, 5]  
rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950)
  _samr_set_userinfo:  
sid:S-1-5-21-2656636599-2098491866-229994164-3044,
level:24
[2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068)
  smbldap_search_suffix: searching
for:[(&(sambaSID=S-1-5-21-2656636599-2098491866-229994164 
-3044)(objectclass=sambaSamAccount))]
[2003/12/15 11:29:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: gt1$
[2003/12/15 11:29:37, 5]  
rpc_server/srv_samr_nt.c:set_user_info_pw(2877)
  Attempting administrator password change for user gt1$
[2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(501)
  decode_pw_buffer: incorrect password length (-2128390977).
[2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(502)
  decode_pw_buffer: check that 'encrypt passwords = yes'
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
  00 samr_io_r_set_userinfo
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
   status: NT_STATUS_ACCESS_DENIED
[2003/12/15 11:29:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
  api_rpcTNP: called samr successfully

In particular, I find the decode_pw_buffer warnings to be t

[Samba] Samba freezing network

[David . Grudek]

I have testing debian with samba and while the linux server is on the 
network the other systems on the network lock up and freeze for several 
minutes then un freeze.  After I remove the debian box from the network it 
does not freeze any of the other computers on the network.  Any help would 
be appreciated.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] User/groups between samba and active directory

[LanRol]

The answer: ACL

http://acl.bestbits.at/download.html

Does it work?

- Original Message -
From: "Justin B. Kay" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 15, 2003 8:23 PM
Subject: [Samba] User/groups between samba and active directory


> I have an active directory server which I can authenticate to in order to
> access shares on the samba server (3.0.0).  When I create a file on the
samba
> server from a windows client the user name is DOMAIN+username and the
group
> is DOMAIN+Domain Users.  My question is how to set permissions on folders
in
> linux to allow DOMAIN+Domain Users/username to create files without
setting
> the permissions to world write access.  Any good online reading about this
> anywhere?
>
> Justin
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>
>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] User/groups between samba and active directory

[Justin B. Kay]

I have an active directory server which I can authenticate to in order to 
access shares on the samba server (3.0.0).  When I create a file on the samba 
server from a windows client the user name is DOMAIN+username and the group 
is DOMAIN+Domain Users.  My question is how to set permissions on folders in 
linux to allow DOMAIN+Domain Users/username to create files without setting 
the permissions to world write access.  Any good online reading about this 
anywhere?

Justin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: password synchronization

[Kevin Fries]

Jasper V. Ferrer wrote:

> hi, i have three machines excellence, sapphire and integrity. excellence
> runs samba and acts as a pdc for domain ferrer-lan. sapphire also runs
> samba and is a member of domain ferrer-lan (security=domain). integrity
> runs windowsxp and is also a member of domain ferrer-lan.
> 
> samba on both excellence and sapphire has unix password sync enabled and
> is syncing passwords just fine. so when i change password on integrity the
> local linux password on excellence gets synced too. however this leaves me
> with a different linux password on sapphire.
> 
> since samba on sapphire is a member of domain ferrer-lan, is there a way
> to automagically sync to the local linux password? on samba startup?
> whenever connecting to samba on excellence?
> 
> please help, thank you.
> 

This is a normal password sync problem that has plagued the nixes for years. 
However, there is some excellent tools out now-a-days that make this
problem trivial.

I run two Linux servers and two linux desktops in an otherwise all Windows
network.  I separate my linux logins into two categories: User Accounts;
and System Accounts.

System accounts are accounts such as: root; ftp; service; apache; mysql; and
other such accounts that are system/server specific.  For this I use the
standard Unix password system and PAM.

User accounts though are a different situation completely.  For these, I use
an OpenLDAP server with the nss_ldap and pam_ldap tools from padl.com. 
When set up correctly, all the user accounts will be visible via PAM
authentication, and your password sync will store the data in LDAP. 
Therefore, a change in password in either location, will actually reflect
on all nix or Mac computers using the LDAP for authentication.

HTH
Kevin Fries

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] incorrect password length when joining domain, need help

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthew Schumacher wrote:
| Confirmed, 3.0.0 fixes the problem.  Does samba have
| a trouble ticket  system where we could submit a issue?
I'm working on it.



ciao, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/3fulIR7qMdg1EfYRAqb3AJ0RH6bIBAImVufee5PVSl62hT/i2ACfUSqU
+/wmgfQ0Eju1pC/YN6TM8iY=
=2u5G
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP backend: "sambaDomain" object not created.

[Oscar Retana M.]

I have problems when adding a new user to a fresh installed Samba+LDAP.

Somewhere I read that the "sambaDomain" object is created automatically 
when samba first starts. Well, it seems the object is not created, and I 
find no log regarding to the issue when samba starts.

This is the log I get when trying to add a new user.

In the mail archive, I found several people asking for this problem, but 
I didn't find any solution.

Regards!

- Oscar Retana.


smbldap_search_suffix: Problem during the LDAP search:  (No such object)
smbldap_search_suffix: Query was: ou=panam.ed.cr,ou=domains,dc=panam, 
(&(objectClass=sambaDomain)(sambaDomainName=PANAM))
Problem during LDAPsearch: No such object
Query was: ou=panam.ed.cr,ou=domains,dc=panam, 
(&(objectClass=sambaDomain)(sambaDomainName=PANAM))
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the 
domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate 
new users/groups, and will risk BDCs having inconsistant SIDs




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Folder Redirection with NT4 Domains (II)

[Bruno Gimenes Pereti]

I forgot one detail. The shared profile is mandatory. When I create the
profile with an user and just rename the NTUSER.DAT to NTUSER.MAN it works
only with the user I created the profile, so had to copy the NTUSER.DAT from
" C:\Documents and Settings\Default User\NTUSER.DAT" to the shared profile
directory and rename it to NTUSER.MAN.

And IÂd like to thank you and all the samba time for the amazing work!

Bruno Pereti.


- Original Message - 
From: "John H Terpstra" <[EMAIL PROTECTED]>
To: "Bruno Gimenes Pereti" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, December 15, 2003 3:58 PM
Subject: Re: [Samba] Folder Redirection with NT4 Domains (II)


> Bruno,
>
> Thanks for this detail - it helps to make clear what you did.
>
> cheers,
> John T.
>
>
> On Mon, 15 Dec 2003, Bruno Gimenes Pereti wrote:
>
> > Hi John and all,
> >
> > I didnÂt implement it in a prodution server, but itÂs working in my test
> > server. IÂm working with poledit to redirect the "Desktop" and "My
> > Documents" from the default profile directory to the userÂs home
directory
> > on the PDC.
> >
> > In the file system.adm (got it from win2000 server) there is already a
> > police to redirect the Desktop folder, I added a police to redirect My
> > Documents folder, I changed the NTConfig.POL (with the poledit.exe tool)
and
> > itÂs working.
> >
> > There is a single shared profile directory "\\PDC\profiles\template" for
all
> > domain users and the local copy of the profile is erased when the user
> > logoff. I didnÂt finished all the tests I planned to do and there is
stil
> > some problems with implamentation that I hope I can correct til the and
of
> > the year.
> >
> > IÂll keep you and the list informed about the problems this environment
can
> > bring.
> >
> > Bruno Pereti.
> >
> >
> > - Original Message -
> > From: "John H Terpstra" <[EMAIL PROTECTED]>
> > To: "Juan Luis Fernandez" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Sunday, December 14, 2003 10:27 PM
> > Subject: Re: [Samba] Folder Redirection with NT4 Domains (II)
> >
> >
> > > On Mon, 15 Dec 2003, Juan Luis Fernandez wrote:
> > >
> > > > > Redirecting My Documnets isn't a tricky one. Just right click ->
> > > > > properties and change the target location. This is automatically
done
> > > > > in our network by changing the location in the default profile.
This
> > > > > is then applied to every user when they first logon. Do you mean
Local
> > > > > Settings or the Application Data folder. The Applications Data
folder
> > > > > is part of the profile anyway. I cant see why you would want to
copy
> > > > > the Local Settings directory with your profile.
> > > >
> > > > I just work with samba 2.2.8 as a part of FreeBSD ports colecction.
All
> > the
> > > > workstations are Win 2K SP4.
> > > >
> > > > All the things runs ok but lately there are some users configured
with
> > > > roaming profiles that put in the desktop some folders. I recomend
that
> > they
> > > > do it with links to the My documents folder opposite that creating
> > folder in
> > > > my desktop. In some users if I change this by this way ,the folders
> > > > previusly deleted reapered when users close and open the logon
again. I
> > > > donÂt know about how to track a solution about this. All the users
have
> > the
> > > > same rights and directory permisions in Unix and they are part of
local
> > > > administration group of  Win2K boxes. I donÂt know if this is about
> > recycle
> > > > bin in samba or I have roaming profiles misconfigured.
> > >
> > > Juan,
> > >
> > > You have hit on one of the key issues that needs to be addressed. I'd
like
> > > to see further comment on that too.
> > >
> > > - John T.
> > > --
> > > John H Terpstra
> > > Email: [EMAIL PROTECTED]
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> >
>
> -- 
> John H Terpstra
> Email: [EMAIL PROTECTED]
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Fw: [Samba] Samba 3 Printing Problems

[chris . olson]

Anyone have any suggestions for this?

-

Repeatedly getting the following error, any help out there for this?  I've
dug around the internet for several hours with no luck.

[2003/12/11 19:51:34, 2]
rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(268)
find_printer_index_by_hnd: Printer handle not found:_spoolss_writeprinter:
Invalid handle (OTHER:1583:10554)

Running Debian 3.0r1
Samba 3.0

Been getting the same error on the samba 2 releases as well.

# Global parameters
[global]
workgroup = MAJIQ
server string = %h server (Samba %v)
security = DOMAIN
min passwd length = 8
passdb backend = smbpasswd, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 2
log file = /var/log/samba/log.%m
max log size = 1000
server signing = auto
load printers = No
os level = 65
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = 10.65.1.1
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
invalid users = root
map acl inherit = Yes
lpq command =
lprm command =

[nagiosconfig]
path = /etc/nagios
force user = nagios
force group = nagios
read only = No

[pdfpickup]
path = /tmp/pdfpickup
force user = pdf
force group = pdf
read only = No

[pdf]
path = /tmp
guest ok = Yes
max print jobs = 10
printable = Yes
print command = /usr/local/bin/printpdf %s
use client driver = Yes


---
Chris Olson
Manager, Information Systems
TietoEnator Majiq, Inc.
E-Mail: [EMAIL PROTECTED]
Phone: +1-425-881-7100
Fax: +1-425-881-5084
--- Please note my email address has changed ---


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Folder Redirection with NT4 Domains (II)

[John H Terpstra]

Bruno,

Thanks for this detail - it helps to make clear what you did.

cheers,
John T.


On Mon, 15 Dec 2003, Bruno Gimenes Pereti wrote:

> Hi John and all,
>
> I didnÂt implement it in a prodution server, but itÂs working in my test
> server. IÂm working with poledit to redirect the "Desktop" and "My
> Documents" from the default profile directory to the userÂs home directory
> on the PDC.
>
> In the file system.adm (got it from win2000 server) there is already a
> police to redirect the Desktop folder, I added a police to redirect My
> Documents folder, I changed the NTConfig.POL (with the poledit.exe tool) and
> itÂs working.
>
> There is a single shared profile directory "\\PDC\profiles\template" for all
> domain users and the local copy of the profile is erased when the user
> logoff. I didnÂt finished all the tests I planned to do and there is stil
> some problems with implamentation that I hope I can correct til the and of
> the year.
>
> IÂll keep you and the list informed about the problems this environment can
> bring.
>
> Bruno Pereti.
>
>
> - Original Message -
> From: "John H Terpstra" <[EMAIL PROTECTED]>
> To: "Juan Luis Fernandez" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Sunday, December 14, 2003 10:27 PM
> Subject: Re: [Samba] Folder Redirection with NT4 Domains (II)
>
>
> > On Mon, 15 Dec 2003, Juan Luis Fernandez wrote:
> >
> > > > Redirecting My Documnets isn't a tricky one. Just right click ->
> > > > properties and change the target location. This is automatically done
> > > > in our network by changing the location in the default profile. This
> > > > is then applied to every user when they first logon. Do you mean Local
> > > > Settings or the Application Data folder. The Applications Data folder
> > > > is part of the profile anyway. I cant see why you would want to copy
> > > > the Local Settings directory with your profile.
> > >
> > > I just work with samba 2.2.8 as a part of FreeBSD ports colecction. All
> the
> > > workstations are Win 2K SP4.
> > >
> > > All the things runs ok but lately there are some users configured with
> > > roaming profiles that put in the desktop some folders. I recomend that
> they
> > > do it with links to the My documents folder opposite that creating
> folder in
> > > my desktop. In some users if I change this by this way ,the folders
> > > previusly deleted reapered when users close and open the logon again. I
> > > donÂt know about how to track a solution about this. All the users have
> the
> > > same rights and directory permisions in Unix and they are part of local
> > > administration group of  Win2K boxes. I donÂt know if this is about
> recycle
> > > bin in samba or I have roaming profiles misconfigured.
> >
> > Juan,
> >
> > You have hit on one of the key issues that needs to be addressed. I'd like
> > to see further comment on that too.
> >
> > - John T.
> > --
> > John H Terpstra
> > Email: [EMAIL PROTECTED]
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
>

-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba disconnect problem

[scott]

I have a persistant problem at a client site.  This is the error I am
getting in /var/log/messages:
Dec 10 09:03:41 fileserver smbd[7652]: [2003/12/10 09:03:41, 0] lib/
util_sock.c:read_data(436)
Dec 10 09:03:41 fileserver smbd[7652]:   read_data: read failure for 4.
Error = Connection reset by peer

No errors in log.smbd

Here is the Layout:

Three clients:
Win2000
Win2000
WinXP Pro

Server:
Mandrake 9.2
Samba Verion 2.28
All current patches and updates installed
Network card: 3Com 3c905b
PII-450
256Mb SDRAM
40Gb Hard Drive (IDE)

Network:
10/100 switched (U.S. Robotics SOHO 8 port Switch)
Cat-5 Wiring

All PCs have 10/100 network cards in them.

Primary use of server is to share Quickbooks files to the other computers.
This is where the problem is.  Once or twice a day they get booted out of
the client file that they are in.  This corresponds with the error in the
log.  This is a big problem for the customer.

The main user was gone last week; and no errors occurred for the other
users all week.  Her machine was on but not used during this time.

Here are the steps I have taken:
*ALL new hardware in server with the exception of the hard drive
*Replaced Switch
*Ran new cable to machine with most issues
*Replaced Network card in machine that was unoccupied last week.
*Checked network settings on clients - removed extra protocal (netbeui,
etc)
*Mapped clients directly to Server IP address to exclude name resolution
issues.
*Made TCPDUMP log - during errors there is no unusal messages in this
*Played with smb.conf setting - including trying different locking things
and such.  Bear in mind that the clients are NOT working within the same
account file - so there should be no locking or sharing issue there

I REALLY need to get this fixed - it is a big problem.  Let me know if
more info is needed.


Here is my smb.conf:
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#=== Global Settings
=
[global]
encrypt passwords = yes
os level = 20
map to guest = bad user
printing = cups
preferred master = no
security = user
load printers = yes
printer admin = @adm
dns proxy = no
smb passwd file = /etc/samba/smbpasswd
log file = /var/log/samba/log.%m
server string = Samba Server %v
printcap name = cups
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
workgroup = MDKGROUP
max log size = 50

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
# You can enable VFS recycle bin on a per share basis:
# Uncomment the next 2 lines (make sure you create a
# .recycle folder in the base of the share and ensure
# all users will have write access to it. See
# examples/VFS/recycle/REAME in samba-doc for details
;   vfs object = /usr/lib/samba/vfs/recycle.so
;   vfs options= /etc/samba/recycle.conf
# You may want to prevent abuse of your server disk space, and spread of
virii
;   veto files = /*.eml/*.nws/*.dll/*.mp3/*.MP3/*.mpg/*.MPG/*.vbs/*.VBS/

# Un-comment the following and create the netlogon directory for Domain
Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /var/lib/samba/netlogon
;   guest ok = yes
;   writable = no

#Uncomment the following 2 lines if you would like your login scripts to
#be created dynamically by ntlogon (check that you have it in the correct
#location (the default of the ntlogon rpm available in contribs)
;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d
/var/lib/samba/netlogon/
;root postexec = rm -f /var/lib/samba/netlogon/%U.bat

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;path = /var/lib/samba/profiles
;browseable = no
;guest ok = yes
;writable = yes
# This script can be enabled to create profile directories on the fly
# You may want to turn off guest acces if you enable this, as it
# hasn't been thoroughly tested.
;root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE
]; \
;then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi


# NOTE: If you have a CUPS print system there is no need to
# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
# drivers on your Windows clients. On the Samba server no filtering is
# done. If you wish that th

Re: [Samba] incorrect password length when joining domain, need help

[Greg Dickie]

Hi,

  Just tried this and it fixes my problem as well.

thanks!

I guess this needs to be fixed before 3.0.1 releases.

Jerry, if you need me to play with the broken code to get more info please let 
me know.

Greg

On Monday 15 December 2003 12:26 pm, Matthew Schumacher wrote:
> Confirmed, 3.0.0 fixes the problem.  Does samba have a trouble ticket
> system where we could submit a issue?
>
> Charles Hamel wrote:
> > I fixed my problem,
> >
> > This problem started to appear with 3.0.1rc1 ( maybe pre3 too ). I
> > installed RC2 and it did not fix the problem, 3.0.0 works fine!
> >
> > Charles
> >
> > On Fri, 12 Dec 2003 14:01:51 -0500, Charles Hamel wrote
> >
> >>Hi
> >>
> >>I just re-initiated by ldap sam database using smbldap-populate.pl,
> >> modified the Administrator account (uid/gid=0). I can join the domain
> >> from a Samba
> >>
> >>2.2.7 linux machine, it creates the machine account etc... The
> >>problem happens with Windows 2000 SP2, It tells me wrong
> >>user/password. Here is the samba error : decode_pw_buffer: incorrect
> >>password length (-2118884061).
> >>
> >>Here is the full log :
> >>
> >>  Attempting administrator password change (level 23) for user
> >> workstation$ [2003/12/12 13:25:57, 0]
> >> libsmb/smbencrypt.c:decode_pw_buffer(501) decode_pw_buffer: incorrect
> >> password length (-2118884061).
> >>[2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(502)
> >>  decode_pw_buffer: check that 'encrypt passwords = yes'
> >>[2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_debug(82)
> >>  00 samr_io_r_set_userinfo
> >>[2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
> >>   status: NT_STATUS_ACCESS_DENIED
> >>[2003/12/12 13:25:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
> >>  api_rpcTNP: called samr successfully
> >>
> >>Here is my smb.conf file
> >>[global]
> >>
> >> ADD SCRIPTS
> >>add machine script = /usr/local/samba/share/smbldap-useradd.pl -w
> >>"%u" add user script = /usr/local/samba/share/smbldap-useradd.pl
> >>"%u" delete user script = /usr/local/samba/share/smbldap-userdel.pl "%u"
> >>add group script = /usr/local/samba/share/smbldap-groupadd.pl "%g"
> >>delete group script = /usr/local/samba/share/smbldap-groupdel.pl "%g"
> >>add user to group script = /usr/local/samba/share/smbldap-
> >>groupmod.pl -m "%u" "%g" delete user from group script =
> >>/usr/local/samba/share/smbldap-groupmod.pl -x "%u" "%g" set primary
> >>group script = /usr/local/samba/share/smbldap-usermod.pl -G "%g" "%u"
> >>
> >>null passwords = yes
> >>#unix charset = UTF-8
> >>passdb backend = ldapsam:ldap://localhost/
> >>ldap suffix = o=smb,dc=qc,dc=ca
> >>ldap machine suffix = ou=Computers
> >>ldap user suffix = ou=Users
> >>ldap group suffix = ou=Groups
> >>ldap admin dn = cn=root,o=smb,dc=qc,dc=ca
> >>guest account = nobody
> >>workgroup = LINUX
> >>netbios name = PDC
> >>comment = Server
> >>security = user
> >>encrypt passwords = yes
> >>logon script = scripts\%U.bat
> >>domain logons = Yes
> >>os level = 255
> >>preferred master = Yes
> >>domain master = Yes
> >>#hosts allow = 192.168.0.0/255.255.255.0
> >>share modes = No
> >>wins support = Yes
> >>[homes]
> >>path=/home/domainusers
> >>read only = No
> >>create mask = 0700
> >>directory mask = 0700
> >>locking = No
> >>oplocks = No
> >>
> >>[netlogon]
> >>path = /usr/local/samba/netlogon
> >>locking = no
> >>read only = yes
> >>
> >>[profiles]
> >>path = /home/domainusers/profiles
> >>read only = no
> >>writeable = yes
> >>create mask = 0600
> >>directory mask = 0700
> >>
> >>Here is the LDIF entry of Administrator :
> >>
> >>dn: uid=Administrator,ou=Users,o=smb,dc=qc,dc=ca
> >>cn: Administrator
> >>sn: Administrator
> >>objectClass: inetOrgPerson
> >>objectClass: sambaSAMAccount
> >>objectClass: posixAccount
> >>uid: Administrator
> >>sambaLogonTime: 0
> >>sambaLogoffTime: 2147483647
> >>sambaKickoffTime: 2147483647
> >>sambaPwdCanChange: 0
> >>sambaHomePath: \\PDC\homes
> >>sambaHomeDrive: U:
> >>sambaProfilePath: \\PDC\profiles\
> >>loginShell: /bin/false
> >>gecos: Netbios Domain Administrator
> >>sambaSID: S-1-5-21-3655003630-1527190663-3647191254-1000
> >>sambaPrimaryGroupSID: S-1-5-21-3655003630-1527190663-3647191254-1001
> >>uidNumber: 0
> >>gidNumber: 0
> >>homeDirectory: /
> >>sambaLMPassword: XX (removed)
> >>sambaAcctFlags: [U]
> >>sambaNTPassword: XX (removed)
> >>sambaPwdLastSet: 1071185436
> >>sambaPwdMustChange: 1075073436
> >>userPassword:: XX (removed)
> >>
> >>I am running Samba 3.0.1rc1 on Redhat 9.0
> >>
> >>Please help me
> >>
> >>Thank you
> >>
> >>Charles
> >>
> >>--
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> > --
> > Open WebMail Project (http://openwebmail.org)

-- 
Greg Dickie
just a guy
Maximum Throughput

-- 
To unsubscribe from thi

[Samba] Profiles in XP when logging into Samba

[Wayne Dozier(Samba)]

Not really a samba question but here it goes.  In XP, when 
I log onto the Samba server.  Everything works fine, it 
logs on,but when it starts loading the personal setting, 
it complains saying it cannot find the roaming profile on 
the server.  Keep in mind that I do not want to use 
roaming profiles.  I want one profile that is defaulted to 
all users who logon.  Another problem i am going to run 
into, is the fact that if someone logs in at a computer, 
if they do not have a local profile, it creates a folder 
for them under documents and settings.  This is a problem 
because of mydocuments.  I want all users to use one 
profile,  with one mydocuments folder and so on.

The reason for such a headache is that these computers are 
in labs for students.  They will be frozen with deepfreeze 
so that no changes can be made whatsoever.  The 
mydocuments folder needs to be in an "unfrozen" portion of 
the drive.

So long story short, I want one default profile for 
everyone.  No roaming profiles, and I want to get ridof 
the error you get at loggon when it gripes aout not 
finding one on the server.

Thanks in advance to anyone who may be able to help.

Wayne
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] incorrect password length when joining domain, need help

[Matthew Schumacher]

Confirmed, 3.0.0 fixes the problem.  Does samba have a trouble ticket 
system where we could submit a issue?

Charles Hamel wrote:
I fixed my problem,

This problem started to appear with 3.0.1rc1 ( maybe pre3 too ). I installed
RC2 and it did not fix the problem, 3.0.0 works fine!
Charles

On Fri, 12 Dec 2003 14:01:51 -0500, Charles Hamel wrote

Hi

I just re-initiated by ldap sam database using smbldap-populate.pl, modified
the Administrator account (uid/gid=0). I can join the domain from a Samba
2.2.7 linux machine, it creates the machine account etc... The 
problem happens with Windows 2000 SP2, It tells me wrong 
user/password. Here is the samba error : decode_pw_buffer: incorrect 
password length (-2118884061).

Here is the full log :

 Attempting administrator password change (level 23) for user workstation$
[2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(501)
 decode_pw_buffer: incorrect password length (-2118884061).
[2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(502)
 decode_pw_buffer: check that 'encrypt passwords = yes'
[2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_debug(82)
 00 samr_io_r_set_userinfo
[2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
  status: NT_STATUS_ACCESS_DENIED
[2003/12/12 13:25:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
 api_rpcTNP: called samr successfully
Here is my smb.conf file 
[global]

 ADD SCRIPTS
add machine script = /usr/local/samba/share/smbldap-useradd.pl -w 
"%u" add user script = /usr/local/samba/share/smbldap-useradd.pl 
"%u" delete user script = /usr/local/samba/share/smbldap-userdel.pl "%u"
add group script = /usr/local/samba/share/smbldap-groupadd.pl "%g"
delete group script = /usr/local/samba/share/smbldap-groupdel.pl "%g"
add user to group script = /usr/local/samba/share/smbldap-
groupmod.pl -m "%u" "%g" delete user from group script = 
/usr/local/samba/share/smbldap-groupmod.pl -x "%u" "%g" set primary 
group script = /usr/local/samba/share/smbldap-usermod.pl -G "%g" "%u"

null passwords = yes
#unix charset = UTF-8
passdb backend = ldapsam:ldap://localhost/
ldap suffix = o=smb,dc=qc,dc=ca
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=root,o=smb,dc=qc,dc=ca
guest account = nobody
workgroup = LINUX
netbios name = PDC
comment = Server
security = user
encrypt passwords = yes
logon script = scripts\%U.bat
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
#hosts allow = 192.168.0.0/255.255.255.0
share modes = No
wins support = Yes
[homes]
   path=/home/domainusers
   read only = No
   create mask = 0700
   directory mask = 0700
   locking = No
   oplocks = No
[netlogon]
   path = /usr/local/samba/netlogon
   locking = no
   read only = yes
[profiles]
path = /home/domainusers/profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700
Here is the LDIF entry of Administrator :

dn: uid=Administrator,ou=Users,o=smb,dc=qc,dc=ca
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
uid: Administrator
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaHomePath: \\PDC\homes
sambaHomeDrive: U:
sambaProfilePath: \\PDC\profiles\
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaSID: S-1-5-21-3655003630-1527190663-3647191254-1000
sambaPrimaryGroupSID: S-1-5-21-3655003630-1527190663-3647191254-1001
uidNumber: 0
gidNumber: 0
homeDirectory: /
sambaLMPassword: XX (removed)
sambaAcctFlags: [U]
sambaNTPassword: XX (removed)
sambaPwdLastSet: 1071185436
sambaPwdMustChange: 1075073436
userPassword:: XX (removed)
I am running Samba 3.0.1rc1 on Redhat 9.0

Please help me

Thank you

Charles

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


--
Open WebMail Project (http://openwebmail.org)
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba-3.0 groupmapping problem

[vtux]

Hi,

I'm newbie with Samba.
I'm using Samba-3.0 directly installed with Fedora core.
I've made a PDC linux server with Samba-3.0, openldap-2.1.22 with pam_ldap

everything seems to be good but not with net groupmap.
when using command: "net groupmap list" I have the following error :

[2003/12/15 17:52:15, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2048)
  ldapsam_setsamgrent: LDAP search failed: No such object
[2003/12/15 17:52:15, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2113)
  ldapsam_enum_group_mapping: Unable to open passdb

bye the way it's also impossible to run command : net groupmap add
ntgroup="Domain Users" Unixgroup="domuser" rid=513 the error is :

passdb/pdb_ldap.c:ldapsam_search_one_group(1612)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No
such object)ldapsam_search_one_group: Problem during the LDAP search: LDAP
error: (No such object)

I've a dn: cn="Domain Users" in my ldif file and a manually group created
domuser in my /etc/group

Do I need to re-compile samba with particular options to use net groupmap
command. Do I need to declare windbind in my smb.conf ? Is there something wrong
in my ldap files, I really don't know how to correct this problem

If someone got any idea it would be wonderful

Thanks

Vincent
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.1rc2 LDAP - problems joining domain

[Greg Dickie]

Hi,

  I'm back on the list ;-)
  I seem to be having some trouble getting W2K machines to join the domain in 
3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks like 
the account gets created in LDAP and then it has trouble setting the password 
appropriately. I believe this is the relevant part of the log:

 api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
  00 samr_io_q_set_userinfo
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
   data1: 
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
  0004 data2: 0008
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
  0008 data3: 
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
  000a data4: 
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
  000c data5: 71 e1 dd 3f 61 70 00 00
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
  0014 switch_value: 0018
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
  0016 switch_value: 0018
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
  0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d 53 90 
21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e a6 85 eb 
7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07 34 63 37 
dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da b7 83 be 
6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e 25 8d 91 
42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30 1f a8 71 
22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37 0b cb da 
09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34 b9 5c 02 
73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac a9 5a 43 
ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc 49 ad 12 
73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac 98 28 21 
e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5 02 e9 03 
ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2 4b b1 a3 
19 8b 08 2 +>
  4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37 c4 36 bd 
d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3 b0 b6 c7 
2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1 83 d7 87 
95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7 db d9 34 
09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba a7 49 66 
90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa a2 24 cc 
70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89 21 62 7a 
a2 18 f9
[2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937)
  _samr_set_userinfo: 2937
[2003/12/15 11:29:37, 4] 
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
  Found policy hnd[0] [000] 00 00 00 00 08 00 00 00  00 00 00 00 71 E1 DD 3F  
 qï?
  [010] 61 70 00 00   ap..
[2003/12/15 11:29:37, 5] 
rpc_server/srv_samr_nt.c:access_check_samr_function(105)
  _samr_set_userinfo: access check ((granted: 0x00b0;  required: 
0x0024)
[2003/12/15 11:29:37, 4] 
rpc_server/srv_samr_nt.c:access_check_samr_function(109)
  _samr_set_userinfo: ACCESS should be DENIED (granted: 0x00b0;  required: 
0x0024)
  but overwritten by euid == 0
[2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950)
  _samr_set_userinfo: sid:S-1-5-21-2656636599-2098491866-229994164-3044, 
level:24
[2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068)
  smbldap_search_suffix: searching 
for:[(&(sambaSID=S-1-5-21-2656636599-2098491866-229994164-3044)(objectclass=sambaSamAccount))]
[2003/12/15 11:29:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: gt1$
[2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2877)
  Attempting administrator password change for user gt1$
[2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(501)
  decode_pw_buffer: incorrect password length (-2128390977).
[2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(502)
  decode_pw_buffer: check that 'encrypt passwords = yes'
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
  00 samr_io_r_set_userinfo
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
   status: NT_STATUS_ACCESS_DENIED
[2003/12/15 11:29:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
  api_rpcTNP: called samr successfully


In particular, I find the decode_pw_buffer warnings to be troubling (there are 
no passwords in the LDAP entry at this point). Perhaps an initialized 
variable? Any help would be most appreciated.

regards,
Greg


-- 
Greg Dickie
just a guy
Maximum Throughput

--
To unsubscribe from this list

[Samba] net rpc vampire problems

[Yeri Swamy]

Looks like you don;t have group maps done

So execute followinf script for group mapping then do vampire...

#!/bin/bash
 Keep this as a shell script for future re-use


# First assign well known groups
net groupmap modify ntgroup="Account Operators" unixgroup=root
net groupmap modify ntgroup="Administrators" unixgroup=root
net groupmap modify ntgroup="Backup Operators" unixgroup=bin
net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
net groupmap modify ntgroup="Domain Users" unixgroup=users
net groupmap modify ntgroup="Guests" unixgroup=nobody
net groupmap modify ntgroup="Power Users" unixgroup=sys
net groupmap modify ntgroup="Print Operators" unixgroup=lp
net groupmap modify ntgroup="Replicators" unixgroup=daemon
net groupmap modify ntgroup="System Operators" unixgroup=sys
net groupmap modify ntgroup="Users" unixgroup=users
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] DNS and DHCP setup

[Jonathan Villa]

I think you can find some info at

http://isc.org/

You can download BIND and DHCP from there as well.

Tarjei Huse wrote:
Hi,

Does anyone know of a document that gives details on how to set up Bind 
9 and DHCPD 3.x so that dns is updated when clients log on?
I saw this is not in the howto collection 
(http://www.bibsyst.no/samba/docs/man/DNSDHCP.html#id2981727) so I was 
kind of hoping someone else has some notes.

I would be greatfull for any tips and links.

Tarjei

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] DNS and DHCP setup

[Ganguly, Sapan]

Check this out -

http://voidmain.kicks-ass.net/redhat/redhat_8_dhcp_dynamic_dns.html

http://voidmain.kicks-ass.net/redhat/redhat_9_dhcp_dynamic_dns.html

I think these are both pretty much the same.

-Original Message-
From: Tarjei Huse [mailto:[EMAIL PROTECTED] 
Sent: 15 December 2003 16:14
To: [EMAIL PROTECTED]
Subject: [Samba] DNS and DHCP setup


Hi,

Does anyone know of a document that gives details on how to set up Bind 
9 and DHCPD 3.x so that dns is updated when clients log on?
I saw this is not in the howto collection 
(http://www.bibsyst.no/samba/docs/man/DNSDHCP.html#id2981727) so I was 
kind of hoping someone else has some notes.

I would be greatfull for any tips and links.

Tarjei

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NtfsDisableLastAccessUpdate and smbmounted Win shares

[Dragan Krnic]

>>>Now, that is strange. Setting the readonly attribute 
>
> attrib +r filename
> If you know how to use cmd.exe. If not use explorer, 
> right click, mark readonly.
>
>
>>> would change this, but this may not be a solution for 
>>> your problem. Try to revoke the right to 'write extended 
>>> attributes' for everyone, 
>
> Open security settings from a file, click the extended 
> button, edit and look up the list until you find 
> something similar. Mark deny. If you can't edit it 
> because it's all greyed out, it is an inherited right. 
> Create a new entry first or disable inheritance.
>
>
>> Must be something in Win registry?
> No.
> If you don't know what user rights exist on a NTFS 
> file system you really should look it up. Sorry that 
> my mind reading capabilities suffer with distance.
>
> Keep in mind that names and settings are translated 
> from german and could have different names in an 
> english version of windows.
>
> And before you ask, yes, it is tested.

That's great. It really works. Thanks, Holger.

I answered before it dawned on me that you meant the
"Write Extended Attributes" privilege in Advanced
File Security Properties. Sorry.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Variables and TCP/IP Throughput

[AndyLiebman]

Hi, 

Sorry if this is a duplicate message. I forgot whether or not this list 
accepts html posts so I am sending it again as a plain text message. 

I am trying to optimize my gigabit network. I have two Intel 1000 MT Gigabit 
Server Adapters, which support Jumbo Frames -- as well as a Switch that 
supports Jumbo Frames. However, I am observing some strange behavior in my file 
transfers from Windows XP to Linux and I am wondering if it has anything to do 
with the way the Samba variables are set on my Linux box? 

The "strange behavior" is that when I set both NICs to use Jumbo Frames 
[MTU=9014 on the Windows side (includes IP headers) , 9000 on the Linux side 
(doesn't include the headers], I am getting about half the throughput that I get 
when I set both NICs to use the standard MTU of 1514/1500. I see the same 
behavior even if I take the switch out of the system and connect the Windows XP and 
Linux machines directly to each other (crossover cable not required for 
computer-to-computer connection with these NICs -- and by the way all of my cables 
are CAT6). 

On the Linux side, I am using Samba 3.0.0 on Mandrake Linux 9.2 with all of 
Mandrake's current updates -- kernel = 2.4.22-21enterprisemdk. The Linux 
machine is a P4-3.06 Ghz with 1 GB of RAM -- running in hyperthreading mode. 

I am wondering if any of the Samba socket options settings like tcp_nodelay, 
so_sndbuf=8192 or so_rcvbuf=8192 are affecting my throughput -- particularly 
when I am using Jumbo Frames? And are there any other Samba settings that might 
be interacting in a negative way with my TCP/IP and NIC driver settings that 
are causing me to get lower throughput with Jumbo Frames instead of higher 
throughput (which is what I am told I should be getting). 

Any guidance would be appreciated. I have purchased "The Official Samba 3 
HOW-TO and Reference Guide" but it really isn't very helpful when it comes to 
understanding how to tune these options and how various socket options settings 
interact with other network settings and hardware. 

Andy Liebman
Resolute Films
119 Braintree Street, Suite 410
Boston, MA 02134

Tel: 617-782-0479
Cell: 617-308-0488
Fax: 617-782-1071
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] When login on other machines on the domain, some link follow target

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michele Nicosia wrote:

| nothing seems to be out of order, but the link of some
| desktop icon remain on the last machine //machine/Program
| files/... and so on, while i need to have c:/... for
| every machine, because the nstallation are exactly the same.
Disable link tracking on the client.  There is a registry
setting to do this (don;t remember what it is right now).


- --
cheers, jerry
~ --
~ Hewlett-Packard- http://www.hp.com
~ SAMBA Team -- http://www.samba.org
~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/3d5wIR7qMdg1EfYRAs1EAJ9PW2KiiAtC/A7q6dhMxiCGsmfaUQCg2e7g
lS0Frdl+wEWxaiht7vVxIaA=
=O+1Y
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Variables and TCP/IP Throughput

[AndyLiebman]

Hi, 

I am trying to optimize my gigabit network. I have two Intel 1000 MT Gigabit 
Server Adapters, which support Jumbo Frames -- as well as a Switch that 
supports Jumbo Frames. However, I am observing some strange behavior in my file 
transfers from Windows XP to Linux and I am wondering if it has anything to do 
with the way the Samba variables are set on my Linux box? 

The "strange behavior" is that when I set both NICs to use Jumbo Frames 
[MTU=9014 on the Windows side (includes IP headers) , 9000 on the Linux side 
(doesn't include the headers], I am getting about half the throughput that I get 
when I set both NICs to use the standard MTU of 1514/1500. I see the same 
behavior even if I take the switch out of the system and connect the Windows XP and 
Linux machines directly to each other (crossover cable not required for 
computer-to-computer connection with these NICs -- and by the way all of my cables 
are CAT6). 

On the Linux side, I am using Samba 3.0.0 on Mandrake Linux 9.2 with all of 
Mandrake's current updates -- kernel = 2.4.22-21enterprisemdk. The Linux 
machine is a P4-3.06 Ghz with 1 GB of RAM -- running in hyperthreading mode. 

I am wondering if any of the Samba socket options settings like tcp_nodelay, 
so_sndbuf=8192 or so_rcvbuf=8192 are affecting my throughput -- particularly 
when I am using Jumbo Frames? And are there any other Samba settings that might 
be interacting in a negative way with my TCP/IP and NIC driver settings that 
are causing me to get lower throughput with Jumbo Frames instead of higher 
throughput (which is what I am told I should be getting). 

Any guidance would be appreciated. I have purchased "The Official Samba 3 
HOW-TO and Reference Guide" but it really isn't very helpful when it comes to 
understanding how to tune these options and how various socket options settings 
interact with other network settings and hardware. 

Andy Liebman
Resolute Films
119 Braintree Street, Suite 410
Boston, MA 02134

Tel: 617-782-0479
Cell: 617-308-0488
Fax: 617-782-1071
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] DNS and DHCP setup

[Tarjei Huse]

Hi,

Does anyone know of a document that gives details on how to set up Bind 
9 and DHCPD 3.x so that dns is updated when clients log on?
I saw this is not in the howto collection 
(http://www.bibsyst.no/samba/docs/man/DNSDHCP.html#id2981727) so I was 
kind of hoping someone else has some notes.

I would be greatfull for any tips and links.

Tarjei

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon script and XP

[Wayne Dozier(Samba)]

Thanks, this fixed it.  I did not even notice that typo. 
Great eye Edd.

Thanks

Wayne

On Mon, 15 Dec 2003 15:59:36 +
 Edd Payne <[EMAIL PROTECTED]> wrote:

and for my netlogon.bat file:

net use f:\\darwin2\coursefolders /yes
Try "net use F: \\darwin2\coursefolders"
note the space between the : and the \\
HTH
edd
--
Edd Payne
IT Co-ordinator
University of London Union
Malet Street, London WC1E 7HY
tel: 020 7664 2060
fax: 020 7436 4604
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Question on printing

[Jurzitza, Dieter]

Dear listmembers,
I have a samba-2.2.8a installation on a linux system printing on two remote
printers. The printcap is built up in such a way that local printers exist
that forward their data to the remote printers.
Additionally I have set up a file entitled "/etc/samba/smbprintcap"
containing two entries that refer to valid printers within the /etc/printcap
file.
In /etc/samba/smb.conf I set printing=LPRNG.
Printing is functional. However, all the windows 2k clients say in the
printers dialog "access denied, unable to connect" when trying to gather
information on the two printers I tried to set up. Moreover, some of the
M$-drivers for those specific printers are non functional because they
obviousely expect some "feedback" from the printers they do not get.
Therefore I always use postscript printer drivers and ghostscript for
certain deskjet models (i.e. dj1220). This yields only sub-optimal results,
but it works.
Am I doing something wrong in my configuration?
Many thanks for your efforts in advance,
take care



Dieter Jurzitza


-- 


HARMAN BECKER AUTOMOTIVE SYSTEMS

Dr.-Ing. Dieter Jurzitza
Manager Hardware Systems
 ESI

Industriegebiet Ittersbach
Becker-Göring Str. 16
D-76307 Karlsbad / Germany

Phone: +49 (0)7248 71-1577
Fax:   +49 (0)7248 71-1216
eMail: [EMAIL PROTECTED]
Internet: http://www.becker.de
 


***
Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn 
Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, 
informieren Sie bitte sofort den Absender und loeschen Sie diese Mail. Das unerlaubte 
Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
 
This e-mail may contain confidential and/or privileged information. If you are not the 
intended recipient (or have received this e-mail in error) please notify the sender 
immediately and delete this e-mail. Any unauthorised copying, disclosure or 
distribution of the contents in this e-mail is strictly forbidden.
***

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon script and XP

[Edd Payne]

> and for my netlogon.bat file:
>
> net use f:\\darwin2\coursefolders /yes

Try "net use F: \\darwin2\coursefolders"
note the space between the : and the \\

HTH
edd
-- 
Edd Payne
IT Co-ordinator
University of London Union
Malet Street, London WC1E 7HY

tel: 020 7664 2060
fax: 020 7436 4604

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Logon script and XP

[Wayne Dozier(Samba)]

Here is the problem.  I am running samba 3.0 and I cannot 
seem to get my logon script to work with XP.  I want to to 
be able to map a drive for a share which is called 
coursefolders.  I am including a copy of my smb.conf file. 
I have created the necessary netlogon.bat file in a 
folder called netlogon.  I may have my syntax wrong in the 
actual netlogon.bat file but i am not sure.

smb.conf file:

[global]
	log file = /var/log/samba/log.%m
	smb passwd file = /etc/samba/smbpasswd
	load printers = yes
	admin users = billybob
	socket options = TCP_NODELAY
	interfaces = eth0.2
	domain master = yes
	encrypt passwords = yes
	add machine script = /usr/sbin/useradd -d /dev/null -g 
100 -s /bin/false -M %u
	share modes = no
	printer admin = billybob 
	passwd program = /usr/bin/passwd %u
	dns proxy = no
	netbios name = DARWIN2
	server string = Darwin Print Server
	printing = bsd
	local master = yes
	remote announce = 10.1.255.255
	workgroup = GCNET2
	logon drive = h:
	logon script = netlogon.bat
	os level = 65
	printcap name = /etc/printcap
	security = user
	max log size = 200
	domain logons = yes

[homes]
writable = yes
comment = Home Directories
guest ok = no
browseable = no
locking = no
create mask = 0755
directory mask = 0755
oplocks = yes

 [netlogon]
   comment = Network Logon Service
   path = /etc/samba/netlogon
   guest ok = no
   read only = yes
   oplocks = no
   writable = no
   share modes = no
# NOTE: If you have a BSD-style print system there is no 
need to 
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   printable = yes
   
[coursefolders]
	path = /home/coursefolders
	writable = yes
	comment = Course Folders
	locking = no

and for my netlogon.bat file:

net use f:\\darwin2\coursefolders /yes

Any help would be greatly appreciated.  I have been 
searchig online with everything I have tried leading only 
to failure.

Thanks in advance.

Wayne
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem logging in into Samba3 domain with w2k

[Wim Moons]

Hi,

I'm having problems logging in with a w2k prof and server into my Samba3 
domain.
I've found some faults in the log file but i can't find the answers.
If somebody could help me it would be a great help.

extracts from the log file with debug level 5

[2003/12/15 17:12:20, 3] lib/util_seaccess.c:se_access_check(267)
[2003/12/15 17:12:20, 3] lib/util_seaccess.c:se_access_check(268)
 se_access_check: user sid is 
S-1-5-21-1500465781-2286450115-1798819339-1000
 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-2025
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-1201
 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-512
 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-513
[2003/12/15 17:12:20, 5] lib/util_seaccess.c:se_access_check(331)
 se_access_check: access (211) denied.
[2003/12/15 17:12:20, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
 _samr_open_domain: ACCESS DENIED  (requested: 0x0211)
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_debug(81)
 00 samr_io_r_open_domain
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint32(634)
  data1: 
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint32(634)
 0004 data2: 
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint16(605)
 0008 data3: 
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint16(605)
 000a data4: 
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint8s(721)
 000c data5: 00 00 00 00 00 00 00 00
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
 0014 status: NT_STATUS_ACCESS_DENIED
[2003/12/15 17:12:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535)
 api_rpcTNP: called samr successfully
[2003/12/15 17:12:20, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
 free_pipe_context: destroying talloc pool of size 732
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_debug(81)
 00 smb_io_rpc_hdr hdr

[2003/12/15 17:12:20, 5] 
rpc_server/srv_samr_nt.c:access_check_samr_function(106)
 _samr_create_user: access check ((granted: 0x0201;  required: 
0x0010)
[2003/12/15 17:12:20, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
 _samr_create_user: ACCESS DENIED (granted: 0x0201;  required: 
0x0010)
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_debug(81)
 00 samr_io_r_create_user
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint32(634)
  data1: 
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint32(634)
 0004 data2: 
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint16(605)
 0008 data3: 
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint16(605)
 000a data4: 
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint8s(721)
 000c data5: 00 00 00 00 00 00 00 00
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint32(634)
 0014 access_granted: 
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_uint32(634)
 0018 user_rid : 
[2003/12/15 17:12:20, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
 001c status: NT_STATUS_ACCESS_DENIED
[2003/12/15 17:12:20, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535)
 api_rpcTNP: called samr successfully
...
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_uint32(634)
 0044 uni_str_len: 0007
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806)
 0048 buffer : W.I.N.D.O.W...
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_uint8s(721)
 0056 data: 8e cf 07 cd ef 99 b0 27
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_debug(81)
 00 net_io_r_auth
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_uint8s(721)
  data: 24 f6 ff bf 20 15 38 08
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
 0008 status: NT_STATUS_ACCESS_DENIED
[2003/12/15 17:12:22, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535)
 api_rpcTNP: called NETLOGON successfully
[2003/12/15 17:12:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
 free_pipe_context: destroying talloc pool of size 42
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_debug(81)
 00 smb_io_rpc_hdr hdr
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_uint8(576)
  major : 05
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_uint8(576)
 0001 minor : 00
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_uint8(576)
 0002 pkt_type  : 02
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_uint8(576)
 0003 flags : 03
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_uint8(576)
 0004 pack_type0: 10
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_uint8(576)
 0005 pack_type1: 00
[2003/12/15 17:12:22, 5] rpc_parse/parse_prs.c:prs_uint8(576)
 0006 pack_type2: 00

Wim Moons

_
C

[Samba] Samba 3.0 ACL, Windows Credentials

[Jason Gauthier]

This is probably a hot topic, and if this has been beaten to the ground,
forgive me.
I'm not a regular part of the Samba community.  

Although I have been using Samba for years, I now have to use it in a
corporate environment utilizing some of it's more modern features.

Let me just say, that it's been several hours of testing/troubleshooting to
get where I am now.
(And I don't mean just Samba)

I'm running Linux 2.6-test11 on a Sparc64.  (This was the cause of many of
those hours, and my display is horked and the keyboard is broken, any ideas
off list? :) )

But, I wanted to use a kernel with ACL built in, and not attempt to patch
one and have to keep up with patches every time I changed kernels.

So, I have ACL built. I'm using ext3.  
I went to http://acl.bestbits.at/ and downloaded and installed all the
supporting software required. (Course, all their links are broken, but I
eventually found them)

I followed this guide:
http://www.bluelightning.org/linux/samba_acl_howto/

And everything has gone fairly well. 
I did have to download and compile the MIT Kerberos package, but that was
just a minor set back (even with the compilation errors).

So, here I am.  I have kinit'd. I have ACL support. Samba 3.0 is running
with ACL support.
I have joined the domain, and I have joined active directory.

Now, as far as winbind goes, I've done nothing except changes to
nsswitch.conf.
I do not wish to use my AD credentials on the server, just the shares
themselves.

I think I'm in align, and when I browse to the server, I receive this error:

-=-=
[2003/12/15 10:23:11, 0] lib/util_sock.c:get_socket_addr(919)
  getpeername failed. Error was Transport endpoint is not connected
[2003/12/15 10:23:11, 0] lib/util_sock.c:write_socket_data(388)
  write_socket_data: write failure. Error = Connection reset by peer
[2003/12/15 10:23:11, 0] lib/util_sock.c:write_socket(413)
  write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset
by peer
[2003/12/15 10:23:11, 0] lib/util_sock.c:send_smb(585)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
-=-=

My windows client is then prompted for a password.
I'm not sure what to enter. I have set myself up with smbpasswd (do I need
to?)
So I try my Unix ID (which is different than my Windows ID, although I set
up the mapping)
And it fails:

-=-=
[2003/12/15 10:26:05, 0] lib/util_sock.c:get_socket_addr(919)
  getpeername failed. Error was Transport endpoint is not connected
[2003/12/15 10:26:05, 0] lib/util_sock.c:write_socket_data(388)
  write_socket_data: write failure. Error = Connection reset by peer
[2003/12/15 10:26:05, 0] lib/util_sock.c:write_socket(413)
  write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset
by peer
[2003/12/15 10:26:05, 0] lib/util_sock.c:send_smb(585)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
-=-=

So, then I try my windows credentials:

-=-=
[2003/12/15 10:26:32, 0] lib/util_sock.c:get_socket_addr(919)
  getpeername failed. Error was Transport endpoint is not connected
[2003/12/15 10:26:32, 0] lib/util_sock.c:write_socket_data(388)
  write_socket_data: write failure. Error = Connection reset by peer
[2003/12/15 10:26:32, 0] lib/util_sock.c:write_socket(413)
  write_socket: Error writing 4 bytes to socket 16: ERRNO = Connection reset
by peer
[2003/12/15 10:26:32, 0] lib/util_sock.c:send_smb(585)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
-=-=

I've done some google'ing on this, but because it's such a generic error(s)
nothing of significant value was found.  

Can anyone lend me some ideas? I feel like I've come so far already!
If I can run some verbose logging or run give some gdb output, I'd be happy
to.
 
Thanks for your time and attention at this lengthy e-mail,

Jason
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Tall tale of woe....

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ross McInnes (Systems) wrote:

| half way through writing this reply the server just panic'd and halted.
| on the screen was (or there abouts)
| smbd process PID 19579, stackpage = f300f000
|calltrace [] __kmem_cache_alloc
| followed by
|e1000_alloc_rx_buffers
|e1000_alloc_rx_irq
|
| might put some light onto it.
| dont suppose you know where RH writes panics
| to? i cant seem to find it.
The kernel should log the oops in /var/log/messages.

| when i look at the samba.log there is nothing untoward
|
| [2003/12/15 11:29:06, 1] smbd/service.c:make_connection(636)
|   m6-1 (172.16.175.10) connect to service dmn01 as user dmn01 (uid=1269,
| gid=102) (pid 18746)
| [2003/12/15 11:29:07, 0] lib/util_sock.c:read_data(436)
|   read_data: read failure for 4. Error = Connection reset by peer
| [2003/12/15 11:29:07, 1] smbd/service.c:close_cnum(677)
|   m5-3 (172.16.142.30) closed connection to service exams
| [2003/12/15 11:29:07, 1] smbd/service.c:close_cnum(677)
|   m5-3 (172.16.142.30) closed connection to service shared
...
|
| m6-8 (172.16.175.80) connect to service pn02 as user pn02
| (uid=2906, gid=102) (pid 19579)
| [2003/12/15 11:27:49, 1] smbd/service.c:make_connection(636)
|
| is the offending user/pid nothing untoward in his account or network
| traffic to or from his computer at the time.
|
| unfortunatly i was unaware of the slowdown/problems so i was unable to
| perform strace on the pid.
|
| im guessing it panics when the offending pid is left alone, and not kill
| -9 'd like i normally do.
We can't be blamed for a kernel oops.  If a user space app
can cause the kernel to die, then that's a kernel bug.
I would start pursuing this with RedHat (if you have support),
or logging it in bugzilla.redhat.com.




cheers, jerry
~ --
~ Hewlett-Packard- http://www.hp.com
~ SAMBA Team -- http://www.samba.org
~ GnuPG Key   http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/3dNyIR7qMdg1EfYRApdZAJ9htkTwywXzJZX0Ovv4oH3PApHWggCeIMRj
9lP0MyIVNBHMb+jErsEbLmA=
=GwKN
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problems connecting to Samba using windows XP

[Phil Asprey]

Hi,
 
We are having difficulty connecting to a samba server using windows XP pro.
Plain text is enabled and we can search for the server on the network, but
as soon as we map a drive to it, it asks for a username and password. We
enter this and then it asks for a password relating to a guest account.
 
Can anyone help me with why it defaults to the guest account?
 
Regards

Phil 



This message is confidential. If you are not the intended recipient please
notify us immediately. You may not copy this message or use it for any
purpose or disclose its contents to any other person or take any action
based on them. 

E-Mails are susceptible to interference. UCAS accepts no responsibility for
information, errors or omissions in this e-mail nor for its use or misuse
nor for any act committed or omitted in connection with this communication.
If in doubt, please verify the authenticity of the contents with the sender.


UCAS reserves the right to monitor and intercept communications for lawful
business purposes 





___
This e-mail has been scanned for all known viruses by Peapod via the MessageLabs 
service.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba & quotas

[Vlad B Yurovsky]

I've compiled Samba (2.2.5) on Linux with quotas and they work.
But Windows users don't receive warning messages when they over quota.

I've tested Samba with Windows Explorer and FAR (file manager written
by Eugene Roshal).

When user have 100 MB free on his homedir and try to copy file 200 MB
with Explorer, Samba "allow" it him! Actually this file (200 MB) is damaged.

When user create file by any application (for example MS Word) and
then try to save it, he receive warning message (Insufficient disk
space).

When user use FAR and try to copy file, he receive warning message
(Insufficient disk space).


I've found option "strict allocate" in smb.conf. It's "NO" by default.
When I've changed it to "YES" Samba's behaviour has been changed.

When user try to copy file 200 MB with Explorer, he receive warning
message (Insufficient disk space).

When user use FAR and try to copy file, Samba "allow" it him! Actually
this file (200 MB) is damaged. 

When user create file and then try to save it, he don't receive
warning message and this file (200 MB) is damaged.


I think this behaviour of Samba is incorrect.
What's wrong and how to fix this problem?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem: unable to vaildate passwort for user x in domain d to dc abc

[Thomas . Schweikle]

Hi,

I am having some problems with XP-clients within a new domain. All of them 
loging the following message:

domain_client_validate: unable to validate password for user X in domain 
DOM to Domain controller ABC, Error was NT_STATUS_WRONG_PASSWORD.

other clients not within this domain do not have this problem. Could 
anyone please explain what this means?


User/Password is known to ABC, since it resides in "/etc/samba/smbpasswd".
The user is created in both "/etc/passwd" and "/etc/samba/smbpasswd".

This new domain is a Windows 2K domain. The other, older domains are 
Windows NT or OS/2.
Samba is version 2.2.8a

Clients are all Windows XP SP#1

-- 
Thomas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with admin users

[McKeever Chris]

On Mon, 15 Dec 2003 12:09 , Luiz Fernando Aguiar Leme <[EMAIL PROTECTED]> sent:

>Hi all,
>
>on my smb.conf, contents the following lines:
>
>admin users = root claudio roberto
>security = server
>
>when this users save  or write files on shared folders, they saves with
>root:wheels.
>
>How do i force this users to save your own user:group and not root:wheels???
>
>On the shared folders contents the following lines, for example:
>
>[publico]
>   comment = Diretorio publico
>   path = /usuarios/publico
>   public = yes
>   writable = yes
>   security mask = 770
>   create mask = 0770
>   force create mode = 770
>   force directory mode = 770
>   force security mode = 770
>   printable = no
>
>thanks!
>

not 100% your answer, but for shared folders, you can force the user and group that it 
is written as, in this case, force it to administrator and 
domain admins ...

does the above scenario only happen with the admin-level users?  so standard users 
save with thier username and default group?


---
Chris McKeever
If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com
http://www.prupref.com

 Prudential Preferred Properties   www.prupref.com  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with admin users

[Luiz Fernando Aguiar Leme]

Hi all,

on my smb.conf, contents the following lines:

admin users = root claudio roberto
security = server

when this users save  or write files on shared folders, they saves with
root:wheels.

How do i force this users to save your own user:group and not root:wheels???

On the shared folders contents the following lines, for example:

[publico]
   comment = Diretorio publico
   path = /usuarios/publico
   public = yes
   writable = yes
   security mask = 770
   create mask = 0770
   force create mode = 770
   force directory mode = 770
   force security mode = 770
   printable = no

thanks!

- Original Message - 
From: "Dragan Krnic" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, December 15, 2003 10:48 AM
Subject: [Samba] Re: Profile privelege problem


> > ...
> > I used the latest and greatest SuSE 9.0 Professional...
> > I then installed all the latest patches via YaST.  That
> > gives me a kernel of 2.4.21 (-144 in SuSE speak) and
> > Samba 2.2.8a
> >
> > I had the configuration backed up on another box, so I
> > used that as the base for Samba 2.2.8a.  I have tried
> > chmod, chown of various directories, making profile
> > world readable, writeable, executeable, all to no avail.
> > have tried commenting out various lines as suggested by
> > other posts...also to no avail.
> >
> > W2K reports it can not find roaming profile, and then
> > also reports it can not find a local profile, and signs
> > the user (any user) on with a "temp" profile.  All drive
> > mappings are available, just no profiles, recent lists, etc...
> >
> > Samba log is showing:  api_samr_set_userinfo: Unable to
> > unmarshall SAMR_SET_Q_USERINFO
> >
> > bumping the samba log level, verifies that I am going after
> > the user profile and I am "dying" because of lack of
> > privelegesyet I can ssh into the box as a user and read
> > or touch or execute anything I want !?
>
> Must be something trivial, but whoever wants to help you will
> need your smb.conf to see how you set it up. I can suggest
> relevant options how I handle the profiles:
>
> [global]
>...
>logon path = \\p90.p1.n.d.d\profiles\%U
>domain logons = Yes
>create mask = 0664
>directory mask = 0775
>...
>
> [profiles]
>path = /local/profiles
>valid users = %U
>read only = No
>inherit permissions = No
>security mask = 0777
>directory security mask = 0777
>browseable = No
>csc policy = disable
>
>
> My Samba server is a PDC for the domain with wins and all.
> It runs SuSE 8.2 (kernel 2.4.20-86) but that shouldn't matter.
> The permissions on user profile directories are all "drwx--S--".
> All directories belong to individual users, group "users".
>
> If you can't recognize what your problem is, enclose smb.conf
> next time.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NtfsDisableLastAccessUpdate and smbmounted Win shares

[Holger Krull]

Now, that is strange. Setting the readonly attribute 
attrib +r filename
If you know how to use cmd.exe. If not use explorer, right click, mark 
readonly.


would change this, but this may not be a solution for 
your problem. Try to revoke the right to 'write extended 
attributes' for everyone, 
Open security settings from a file, click the extended button, edit and 
 look up the list until you find something similar. Mark deny. If you 
can't edit it because it's all greyed out, it is an inherited right. 
Create a new entry first or disable inheritance.


Must be something in Win registry?
No.
If you don't know what user rights exist on a NTFS file system you 
really should look it up. Sorry that my mind reading capabilities suffer 
with distance.

Keep in mind that names and settings are translated from german and 
could have different names in an english version of windows.

And before you ask, yes, it is tested.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] When login on other machines on the domain, some link follow target

[Michele Nicosia]

Hi all,
	actually i've upgraded from 2.2.8a to 3.0.1pre3, solving a bad problem 
o file corruption.
Now i'm looking for a solution to another problem: when a normal user 
log on another machine, on the domain, when he return and logon onto his 
machine the path of some link resolve to the last logon machine.
Everything seems to be ok, the profile works, the path is ok, the logon 
script is runned, nothing seems to be out of order, but the link of some 
desktop icon remain on the last machine //machine/Program files/... and 
so on, while i need to have c:/... for every machine, because the 
installation are exactly the same.

Thank you.



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba to Windows Domain

[Lancsár Roland]

Hi all,

I'm confused.

Just imagine: there is a network. It has a win2k server + domain + active directory + 
windows cliens.

Why would a samba server join to it? So, I can't understand. The Windows 2k server can 
act as a fileserver, a printerserver, etc. Ok, it isn't really stable. ;-)

Why have I asked this? I would like to write my diploma work this theme. Just only I 
can't explain why it is good.

Please give me some demonstration!

Thank you!

Bye, Roland
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Group mapping problem

[Jérôme Fenal]

Gonzalo Aguilera wrote:
Hi,

I have Samba 3 as Domain controller. From a Windows 2000 Professional I share a folder (c:\test) with access permission for certain domain user (MYDOMAIN\yo). I can access to that folder from other w2000 with that user validated into it. If I add that user to a unix group (domadm) and map this group to Domain Admins (net groupmap modify ntgroup="Domain Admins" unixgroup=domadm) and change w2000 shared folder access permission for group MYDOMAIN\Domain Admins I get Access Denied. What's wrong?

Thanks.
Please include more informations about your setup :
- What sam type are you using (tdb, ldap, etc.) ?
- Include a copy of testparm output
- Include the content of the mapping (ie. which RID dd you give to the 
domadmin group?)
- What version of Samba 3 (3.0.0, 3.0.1pre?, 3.0.1rc?)
- and any more information that would be valuable to answer you

Regards,

Jérôme

--
Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre
Groupe Expert & Managed Services - LogicaCMG France
http://www.logicacmg.com/fr/ - 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Profile privelege problem

[Dragan Krnic]

> ...
> I used the latest and greatest SuSE 9.0 Professional...
> I then installed all the latest patches via YaST.  That 
> gives me a kernel of 2.4.21 (-144 in SuSE speak) and 
> Samba 2.2.8a
>
> I had the configuration backed up on another box, so I 
> used that as the base for Samba 2.2.8a.  I have tried 
> chmod, chown of various directories, making profile 
> world readable, writeable, executeable, all to no avail.
> have tried commenting out various lines as suggested by 
> other posts...also to no avail.
> 
> W2K reports it can not find roaming profile, and then 
> also reports it can not find a local profile, and signs 
> the user (any user) on with a "temp" profile.  All drive 
> mappings are available, just no profiles, recent lists, etc...
>
> Samba log is showing:  api_samr_set_userinfo: Unable to 
> unmarshall SAMR_SET_Q_USERINFO
>
> bumping the samba log level, verifies that I am going after 
> the user profile and I am "dying" because of lack of 
> privelegesyet I can ssh into the box as a user and read 
> or touch or execute anything I want !?

Must be something trivial, but whoever wants to help you will
need your smb.conf to see how you set it up. I can suggest
relevant options how I handle the profiles:

[global]
   ...
   logon path = \\p90.p1.n.d.d\profiles\%U
   domain logons = Yes
   create mask = 0664
   directory mask = 0775
   ...

[profiles]
   path = /local/profiles
   valid users = %U
   read only = No
   inherit permissions = No
   security mask = 0777
   directory security mask = 0777
   browseable = No
   csc policy = disable


My Samba server is a PDC for the domain with wins and all.
It runs SuSE 8.2 (kernel 2.4.20-86) but that shouldn't matter.
The permissions on user profile directories are all "drwx--S--".
All directories belong to individual users, group "users".

If you can't recognize what your problem is, enclose smb.conf
next time.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Group mapping problem

[Gonzalo Aguilera]

Hi,

I have Samba 3 as Domain controller. From a Windows 2000 Professional I share 
a folder (c:\test) with access permission for certain domain user (MYDOMAIN\yo). I can 
access to that folder from other w2000 with that user validated into it. If I add that 
user to a unix group (domadm) and map this group to Domain Admins (net groupmap modify 
ntgroup="Domain Admins" unixgroup=domadm) and change w2000 shared folder access 
permission for group MYDOMAIN\Domain Admins I get Access Denied. What's wrong?

Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can't see Samba server from Windows

[Daryl Lee]

I can ping the server okay.  I can also ping the outside world, so I
know DNS resolution is working.  I realize now that I cannot even see
the workgroup name when I browse "My Network Places\Microsoft Windows
Network" from Windows Explorer.  I am befuddled.

Daryl

On Mon, 2003-12-15 at 15:05, MList wrote:
> Daryl , can u ping the samba server from the windoze machine...
> 
> 
> 
> >On Monday 15 December 2003 01:10, Daryl Lee wrote:
> > I cannot see my Linux box running Samba to print or access files.  The
> > output of "smbclient -U% -L localhost" seems to indicate I should see
> > one share and one printer: (the ...0.250 ip address is for my DSL
> > connection, the ...0.2 is for my LAN)
> > Any help would be appreciated.
> >
> > Daryl
> 
> -- 
> Regards,
> MList
> "Sharing The Power Of IT Through Linux"
> Mandrake 9.2
> Kernel 2.4.22-21
> KDE 3.1
> OpenOffice 1.1

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.9.9 winbind problem

[Thomas=20K=F6hn]

Hello,

Last week I installed a samba 3.0.0 Server. I successfully joined a w2k domain and the 
mapping of users and groups works perfect. But from time to time (for instance after 
6h) winbind is unable to talk to the domain.

/usr/bin/wbinfo -u
Error looking up domain users

In /var/log/messages I get the error message:

Dec 14 21:00:44 server smbd[14188]:   domain_client_validate: unable
to validate password for user test in domain TMVG to Domain controller
\\TSADM. Error was NT_STATUS_NO_SUCH_USER.

When I restart winbind everything is OK again. Is there anything I can do ??

Thomas
__
Horoskop, Comics, VIPs, Wetter, Sport und Lotto im WEB.DE Screensaver1.2
Kostenlos downloaden: http://screensaver.web.de/?mc=021110

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba logon as batch job

[Frank Wilke]

<->

Hello,

I need to be able to have a domain user be able to login to my Win2k
clients as a service.  On a Win2k server I could use the User Manager
for Domains tool, but that tool does not work yet in full with samba.

Frank

--><--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Tall tale of woe....

[Ross McInnes (Systems)]

Jerry...

> It logs to stdout.

Ah ok so redirect to another file will be in order.

> 
> I think the key will be figuring out which tdb the
> runaway smbd is reading.
> 
> Probably.  Does ifconfig show an abnormal amount of errors?
> If not, then you are probably ok wrt duplex settings, et. al.
> 
> And to clarify, when the smbd starts sucking up CPU, check to
> which client it is connected to and look at the traffic
> pattern from that client to see if the smbd process is doing
> real work on behalf of the client.
> 

no its fine, so thats one less thing to worry about.. or not.

eth0  Link encap:Ethernet  HWaddr 00:06:5B:F2:89:25
  inet addr:172.16.128.254  Bcast:172.16.255.255  Mask:255.255.0.0
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:1106496 errors:0 dropped:0 overruns:0 frame:0
  TX packets:1078245 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:100
  RX bytes:228665930 (218.0 Mb)  TX bytes:768785456 (733.1 Mb)
  Interrupt:28 Base address:0xdce0 Memory:fe8e-fe90

half way through writing this reply the server just panic'd and halted.

on the screen was (or there abouts)

smbd process PID 19579, stackpage = f300f000

calltrace [] __kmem_cache_alloc

followed by

e1000_alloc_rx_buffers
e1000_alloc_rx_irq

might put some light onto it.
dont suppose you know where RH writes panics to? i cant seem to find it.

when i look at the samba.log there is nothing untoward

[2003/12/15 11:29:06, 1] smbd/service.c:make_connection(636)
  m6-1 (172.16.175.10) connect to service dmn01 as user dmn01 (uid=1269, 
gid=102) (pid 18746)
[2003/12/15 11:29:07, 0] lib/util_sock.c:read_data(436)
  read_data: read failure for 4. Error = Connection reset by peer
[2003/12/15 11:29:07, 1] smbd/service.c:close_cnum(677)
  m5-3 (172.16.142.30) closed connection to service exams
[2003/12/15 11:29:07, 1] smbd/service.c:close_cnum(677)
  m5-3 (172.16.142.30) closed connection to service shared
[2003/12/15 11:29:07, 1] smbd/service.c:close_cnum(677)
  m5-3 (172.16.142.30) closed connection to service intranet
[2003/12/15 11:29:07, 1] smbd/service.c:close_cnum(677)
  m5-3 (172.16.142.30) closed connection to service winfiles
[2003/12/15 11:29:07, 1] smbd/service.c:close_cnum(677)
  m5-3 (172.16.142.30) closed connection to service netlogon
[2003/12/15 11:29:07, 1] smbd/service.c:close_cnum(677)
  m5-3 (172.16.142.30) closed connection to service ab02
[2003/12/15 11:46:24, 1] smbd/service.c:make_connection(636)
  premises (172.16.180.10) connect to service rsmith as user rsmith 
(uid=1029, gid=101) (pid 890)

m6-8 (172.16.175.80) connect to service pn02 as user pn02 
(uid=2906, gid=102) (pid 19579)
[2003/12/15 11:27:49, 1] smbd/service.c:make_connection(636)

is the offending user/pid nothing untoward in his account or network 
traffic to or from his computer at the time.

unfortunatly i was unaware of the slowdown/problems so i was unable to 
perform strace on the pid.

im guessing it panics when the offending pid is left alone, and not kill 
-9 'd like i normally do.

Many thanks

A perturbed Ross McInnes

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Paradox+Samba

[Gerald Drouillard]

[EMAIL PROTECTED] wrote:

Hi all... Last monday i migrated form novell 4.0 to Samba 3.0 PDC. The server
acts as a file server for 30 workstations (Win2000) using an aplicattion
that combines clipper (with .dbf files) and delphi (uses paradox .px and
.db). Its perfomance has been very poor since i changed the server. PLEASE
HELP ME, since its in production and i really don know what to do.
thanks,
Samba and Linux is a great combination for providing a reliable fast 
file server on a network.  Whether you are using Microsoft Access, 
FoxPro, Quickbooks or CA-Clipper, with any multi-user fileserver 
database application there are configurations done both on the server 
and the client systems for this to work reliably.  The main settings to 
look for when setting up the Samba server to host a database application 
are: lock spin, and oplocks.

Try looking at: http://www.drouillard.ca/Tips&Tricks/Samba/Oplocks.htm

Regards
Gerald Drouillard
Drouillard & Associates, Inc.


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem: unable to vaildate passwort for user x in domain d to dc abc

[Thomas . Schweikle]

Hi,

I am having some problems with XP-clients within a new domain. All of them
loging the following message:

domain_client_validate: unable to validate password for user X in domain
DOM to Domain controller ABC, Error was NT_STATUS_WRONG_PASSWORD.

other clients not within this domain do not have this problem. Could
anyone please explain what this means?


User/Password is known to ABC, since it resides in "/etc/samba/smbpasswd".
The user is created in both "/etc/passwd" and "/etc/samba/smbpasswd".

This new domain is a Windows 2K domain. The other, older domains are
Windows NT or OS/2.
Samba is version 2.2.8a

Clients are all Windows XP SP#1

--
Thomas



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Folder Redirection with NT4 Domains (II)

[Bruno Gimenes Pereti]

Hi John and all,

I didnÂt implement it in a prodution server, but itÂs working in my test
server. IÂm working with poledit to redirect the "Desktop" and "My
Documents" from the default profile directory to the userÂs home directory
on the PDC.

In the file system.adm (got it from win2000 server) there is already a
police to redirect the Desktop folder, I added a police to redirect My
Documents folder, I changed the NTConfig.POL (with the poledit.exe tool) and
itÂs working.

There is a single shared profile directory "\\PDC\profiles\template" for all
domain users and the local copy of the profile is erased when the user
logoff. I didnÂt finished all the tests I planned to do and there is stil
some problems with implamentation that I hope I can correct til the and of
the year.

IÂll keep you and the list informed about the problems this environment can
bring.

Bruno Pereti.


- Original Message - 
From: "John H Terpstra" <[EMAIL PROTECTED]>
To: "Juan Luis Fernandez" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, December 14, 2003 10:27 PM
Subject: Re: [Samba] Folder Redirection with NT4 Domains (II)


> On Mon, 15 Dec 2003, Juan Luis Fernandez wrote:
>
> > > Redirecting My Documnets isn't a tricky one. Just right click ->
> > > properties and change the target location. This is automatically done
> > > in our network by changing the location in the default profile. This
> > > is then applied to every user when they first logon. Do you mean Local
> > > Settings or the Application Data folder. The Applications Data folder
> > > is part of the profile anyway. I cant see why you would want to copy
> > > the Local Settings directory with your profile.
> >
> > I just work with samba 2.2.8 as a part of FreeBSD ports colecction. All
the
> > workstations are Win 2K SP4.
> >
> > All the things runs ok but lately there are some users configured with
> > roaming profiles that put in the desktop some folders. I recomend that
they
> > do it with links to the My documents folder opposite that creating
folder in
> > my desktop. In some users if I change this by this way ,the folders
> > previusly deleted reapered when users close and open the logon again. I
> > donÂt know about how to track a solution about this. All the users have
the
> > same rights and directory permisions in Unix and they are part of local
> > administration group of  Win2K boxes. I donÂt know if this is about
recycle
> > bin in samba or I have roaming profiles misconfigured.
>
> Juan,
>
> You have hit on one of the key issues that needs to be addressed. I'd like
> to see further comment on that too.
>
> - John T.
> -- 
> John H Terpstra
> Email: [EMAIL PROTECTED]
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba spawning its own process ?

[Emmanuel Lesouef]

Hello list users,

I have a strange issue : 

When I start samba, all is going well : 

# ps afx | more
...
  983 ?S  0:00 /usr/sbin/nmbd -D
  985 ?S  0:00 /usr/sbin/smbd -D

But after waiting for several minutes, smbd starts again and I get a second
process for smbd -D.

This makes the (only) windows 2k workstation a bit confused and it cannot
print anymore.

Do you have an idea of what this means ?

Thanks for the help

Emmanuel
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows 2000 and krb5 tickets...SOLVED

[Fernando Ruza]

Well, I think I have already solved my problem.

I've changed the Administrator password (as it says in the samba howto
page 84, 7.4.6. Notes) and now it works great :-D

However, I have a doubt. After mapping from win2k client using:

net use * \\MySambaServer\share

The share is mapped properly but in my samba server I don't have a
ticket for this win2k client:

[EMAIL PROTECTED] samba]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting ExpiresService principal
12/15/03 10:57:13  12/15/03 20:57:14  krbtgt/[EMAIL PROTECTED]
renew until 12/16/03 10:57:13, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32
12/15/03 10:57:49  12/15/03 20:57:14  [EMAIL PROTECTED]
renew until 12/16/03 10:57:13, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
12/15/03 10:57:49  12/15/03 20:57:14  kadmin/[EMAIL PROTECTED]
renew until 12/16/03 10:57:13, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


Should I have got one ticket for each Win2k or XP client connected ?? Is
this correct ??

Thanks in advanced,

Fernando.


On Mon, 2003-12-15 at 10:57, Fernando Ruza wrote:
> Hi,
>
> I did what you advise. I still have the same problem. Can see the shares
> from Win2k and XP but cannot browse the share that need authentication
> (valid users). I can map them with IP address but not with netbios name.
> I don't get any ticket from win2k and XP clients.
>
> All of the following works right: net ads leave, net ads join, wbinfo
> -u, wbinfo -g, getent passwd, getent group, smbclient
> //win2k_server/share -k
>
> Could you see something wrong in my conf files?? Any more things to try
> ??
>
> My krb5.conf file is the following:
>
> === krb5.conf ==
>
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
>  ticket_lifetime = 24000
>  default_realm = HGUV.LOCAL
>  default_etypes = des-cbc-crc des-cbc-md5
>  default_etypes_des = des-cbc-crc des-cbc-md5
>  default_tgs_enctypes = des-cbc-crc des-cbc-md5
>  default_tkt_enctypes = des-cbc-crc des-cbc-md5
> # permitted_enctypes = des-cbc-md5 des-cbc-crc
>  kdc_req_checksum_type = 2
>  clockskew = 600
>  dns_lookup_realm = false
>  dns_lookup_kdc = true
>  forwardable = true
>  proxiable = true
>  checksum_type = 2
>  ccache_type = 1
>
> [realms]
>  HGUV.LOCAL = {
>   kdc = 10.36.192.24:88
>   admin_server = 10.36.192.24:749
>   default_domain = hguv.local
>  }
>
> [domain_realm]
>  .hguv.local = HGUV.LOCAL
>  hguv.local = HGUV.LOCAL
>
> [kdc]
>  profile = /var/kerberos/krb5kdc/kdc.conf
>
> [appdefaults]
>  pam = {
>debug = false
>ticket_lifetime = 36000
>renew_lifetime = 36000
>forwardable = true
>krb4_convert = false
>  }
>
> [login]
>  krb4_convert = false
>  krb4_get_tickets = false
>
> 
>
> The tickets I get are:
>
> [EMAIL PROTECTED] etc]# klist -e
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: [EMAIL PROTECTED]
>
> Valid starting ExpiresService principal
> 12/15/03 09:34:53  12/15/03 19:34:54  krbtgt/[EMAIL PROTECTED]
>   renew until 12/16/03 09:34:53, Etype (skey, tkt): DES cbc mode with
> CRC-32, DES cbc mode with CRC-32
> 12/15/03 09:35:09  12/15/03 19:34:54  [EMAIL PROTECTED]
>   renew until 12/16/03 09:34:53, Etype (skey, tkt): ArcFour with
> HMAC/md5, ArcFour with HMAC/md5
> 12/15/03 09:35:09  12/15/03 19:34:54  kadmin/[EMAIL PROTECTED]
>   renew until 12/16/03 09:34:53, Etype (skey, tkt): DES cbc mode with
> CRC-32, DES cbc mode with CRC-32
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>
> =
>
> I don't get a ticket for Win2k and XP clients.
> More interested info:
>
>  libs used by winbindd and smbd 
> [EMAIL PROTECTED] sbin]# ldd winbindd
>   libcrypt.so.1 => /lib/libcrypt.so.1 (0x4002c000)
>   libresolv.so.2 => /lib/libresolv.so.2 (0x4005a000)
>   libnsl.so.1 => /lib/libnsl.so.1 (0x4006c000)
>   libdl.so.2 => /lib/libdl.so.2 (0x40081000)
>   libpopt.so.0 => /usr/lib/libpopt.so.0 (0x40084000)
>   libcrypto.so.2 => /lib/libcrypto.so.2 (0x4008c000)
>   libgssapi_krb5.so.2 => /usr/local/lib/libgssapi_krb5.so.2 (0x4016)
>   libkrb5.so.3 => /usr/local/lib/libkrb5.so.3 (0x40172000)
>   libk5crypto.so.3 => /usr/local/lib/libk5crypto.so.3 (0x401d)
>   libcom_err.so.3 => /usr/local/lib/libcom_err.so.3 (0x401f)
>   libldap.so.2 => /usr/lib/libldap.so.2 (0x401f2000)
>   liblber.so.2 => /usr/lib/liblber.so.2 (0x4021c000)
>   libc.so.6 => /lib/i686/libc.so.6 (0x4200)
>   libsasl.so.7 => /usr/lib/libsasl.so.7 (0x40228000)
>   libs

[Samba] very slow link between Win2k SP4 and Linux samba server (2.2.8a)

[jshin]

I've been experiencing an incredibly slow samba access from a Win2k SP4 
client to a Linux samba server (Mandrake 9.0, samba 2.2.8a).

It seems like the file transfer rate is not so slow, but the initial 
opening of files on the Linux samba server takes very long (10 ~ 20 
seconds). The directory listing is also very slow.

In the past, it took me about 2.5 hours to compile Mozilla-Windows 
(whose source is stored on the Linux samba server) from the scratch. 
With Win2k SP4 installed, I had to give up after 24 hours (yes, 24hours).

I uninstalled SP4 and it became faster but is not as fast as before. If 
compiling Mozilla can be any measure of the speed (no other change has 
been made on both sides of the connection), it took me about 6 
hours(instead of 2.5). Besides, it appears that the access time gets 
slower as time goes on.

A bit similar problem was reported for Win XP (SP1), but not for Win2k 
SP4. MS provides a hot fix for Win XP, but it does for Win2k. Moreover, 
as I wrote above, downgrading to SP3 didn't fully recover the 
performance I used to have.

Has anybody suffered from this problem and found a way to work 
around/solve it?

TIA,

Jungshik

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NtfsDisableLastAccessUpdate and smbmounted Win shares

[Dragan Krnic]

>> I wasn't clear enough perhaps.
>Maybe.
>
>> original file. If NtfsDisableLastAccessUpdate is set 
>> to 1 then the original file's LastAccessTime won't
>> be updated after a DOS copy command, but it will if
>> I use cp on an smbmounted volume.
>
> Now, that is strange. Setting the readonly attribute 
> would change this, but this may not be a solution for 
> your problem. Try to revoke the right to 'write extended 
> attributes' for everyone, that shouldn't interfere with 
> usual access, but stop the LastAccessUpdate.

Sounds self-explanatory. 
Must be something in Win registry?
I have to look it up.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows 2000 and krb5 tickets...SOLVED

[Fernando Ruza]

Hi,

I did what you advise. I still have the same problem. Can see the shares
from Win2k and XP but cannot browse the share that need authentication
(valid users). I can map them with IP address but not with netbios name.
I don't get any ticket from win2k and XP clients.

All of the following works right: net ads leave, net ads join, wbinfo
-u, wbinfo -g, getent passwd, getent group, smbclient
//win2k_server/share -k

Could you see something wrong in my conf files?? Any more things to try
??

My krb5.conf file is the following:

=== krb5.conf ==

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = HGUV.LOCAL
 default_etypes = des-cbc-crc des-cbc-md5
 default_etypes_des = des-cbc-crc des-cbc-md5
 default_tgs_enctypes = des-cbc-crc des-cbc-md5
 default_tkt_enctypes = des-cbc-crc des-cbc-md5
# permitted_enctypes = des-cbc-md5 des-cbc-crc
 kdc_req_checksum_type = 2
 clockskew = 600
 dns_lookup_realm = false
 dns_lookup_kdc = true
 forwardable = true
 proxiable = true
 checksum_type = 2
 ccache_type = 1

[realms]
 HGUV.LOCAL = {
  kdc = 10.36.192.24:88
  admin_server = 10.36.192.24:749
  default_domain = hguv.local
 }

[domain_realm]
 .hguv.local = HGUV.LOCAL
 hguv.local = HGUV.LOCAL

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

[login]
 krb4_convert = false
 krb4_get_tickets = false



The tickets I get are:

[EMAIL PROTECTED] etc]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting ExpiresService principal
12/15/03 09:34:53  12/15/03 19:34:54  krbtgt/[EMAIL PROTECTED]
renew until 12/16/03 09:34:53, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32
12/15/03 09:35:09  12/15/03 19:34:54  [EMAIL PROTECTED]
renew until 12/16/03 09:34:53, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
12/15/03 09:35:09  12/15/03 19:34:54  kadmin/[EMAIL PROTECTED]
renew until 12/16/03 09:34:53, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

=

I don't get a ticket for Win2k and XP clients.
More interested info:

 libs used by winbindd and smbd 
[EMAIL PROTECTED] sbin]# ldd winbindd
libcrypt.so.1 => /lib/libcrypt.so.1 (0x4002c000)
libresolv.so.2 => /lib/libresolv.so.2 (0x4005a000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4006c000)
libdl.so.2 => /lib/libdl.so.2 (0x40081000)
libpopt.so.0 => /usr/lib/libpopt.so.0 (0x40084000)
libcrypto.so.2 => /lib/libcrypto.so.2 (0x4008c000)
libgssapi_krb5.so.2 => /usr/local/lib/libgssapi_krb5.so.2 (0x4016)
libkrb5.so.3 => /usr/local/lib/libkrb5.so.3 (0x40172000)
libk5crypto.so.3 => /usr/local/lib/libk5crypto.so.3 (0x401d)
libcom_err.so.3 => /usr/local/lib/libcom_err.so.3 (0x401f)
libldap.so.2 => /usr/lib/libldap.so.2 (0x401f2000)
liblber.so.2 => /usr/lib/liblber.so.2 (0x4021c000)
libc.so.6 => /lib/i686/libc.so.6 (0x4200)
libsasl.so.7 => /usr/lib/libsasl.so.7 (0x40228000)
libssl.so.2 => /lib/libssl.so.2 (0x40233000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000)
libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x40263000)
libpam.so.0 => /lib/libpam.so.0 (0x4026a000)

[EMAIL PROTECTED] sbin]# ldd smbd
libldap.so.2 => /usr/lib/libldap.so.2 (0x4002c000)
liblber.so.2 => /usr/lib/liblber.so.2 (0x40057000)
libcrypto.so.2 => /lib/libcrypto.so.2 (0x40062000)
libgssapi_krb5.so.2 => /usr/local/lib/libgssapi_krb5.so.2 (0x40136000)
libkrb5.so.3 => /usr/local/lib/libkrb5.so.3 (0x40147000)
libk5crypto.so.3 => /usr/local/lib/libk5crypto.so.3 (0x401a5000)
libcom_err.so.3 => /usr/local/lib/libcom_err.so.3 (0x401c5000)
libresolv.so.2 => /lib/libresolv.so.2 (0x401c8000)
libcups.so.2 => /usr/lib/libcups.so.2 (0x401da000)
libssl.so.2 => /lib/libssl.so.2 (0x401f4000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40224000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40239000)
libpam.so.0 => /lib/libpam.so.0 (0x40266000)
libattr.so.1 => /lib/libattr.so.1 (0x4026f000)
libacl.so.1 => /lib/libacl.so.1 (0x40273000)
libdl.so.2 => /lib/libdl.so.2 (0x4027b000)
libpopt.so.0 => /usr/lib/libpopt.so.0 (0x4027e000)
libc.so.6 => /lib/i686/libc.so.6 (0x4200)
libsasl.so.7 => /usr/lib/libsasl.so.7 (0x40286000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000)
   

[Samba] Solaris Winbind LDAP pam_mkhomedir.so

[Ganguly, Sapan]

Dear list,

How do I test whether I have access to my winbind LDAP backend from my
Solaris 9 machine?  My LDAP database is held on a Redhat 9.0 machine also
running Samba 3.0.0.

I know winbind works because getent and wbinfo show up my NT users and
groups.

I would also like to have people log into my Solaris 9 machine with their NT
usernames, I have this working on Redhat already but Solaris is proving to
be a little more tricky.  I've copied a pam.conf from another post on this
mailing list but when I try to log in with an NT user name the process just
hangs after I type the password.  I don't see anything in the logs either.

I would also like to use pam_mkhomedir.so in my pam.conf so that when people
log in a home directory is automatically created but that's not going to
work until I can actually log in anyway.  
It was easy under Redhat.

Does anyone have any advice?  I'm going to look a bit silly if I can't make
this work.

Thanks,
Sapan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Folder Redirection ...

[C.Lee Taylor]

> Redirecting My Documnets isn't a tricky one.

   Please don't take this discuss off the list ... I have an interest 
in see what other people have done.

Thanks
Mailed
Lee
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can't see Samba server from Windows

[MList]

Daryl , can u ping the samba server from the windoze machine...



>On Monday 15 December 2003 01:10, Daryl Lee wrote:
> I cannot see my Linux box running Samba to print or access files.  The
> output of "smbclient -U% -L localhost" seems to indicate I should see
> one share and one printer: (the ...0.250 ip address is for my DSL
> connection, the ...0.2 is for my LAN)
> Any help would be appreciated.
>
> Daryl

-- 
Regards,
MList
"Sharing The Power Of IT Through Linux"
Mandrake 9.2
Kernel 2.4.22-21
KDE 3.1
OpenOffice 1.1
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba