[Samba] RE: samba problem
Hi Alexander, The kind of firewall i have uses the basic iptables which came with the installation CDs of linux-SuSE. I installed SuSE 8.1 which has a firewall that has to be activated. But now, u know, i can't find the file containing the iptables so as to adjust the rules. When i try iptables -L in console mode i can see all the rules. I think i need to add some new rules in the iptables so that samba works properly. What's yo opinion? So, could u be knowing the configuration file and path for the firewall rules? My kernel is 2.4.19. 'hope to hear from u any time. Thanks. Rgds, Segie. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba manpages
Hello I discovered one can get Samba manpages either by make install from samba sources (samba-3.0.2/sources: make install) or by downloading for example samba-20040215.tar.bz and manually copying the contents of manpages/ subdirectory into /usr/local/samba/man. Are both these sources of manpages equivalent? Which one of them should be used officially? Are the manpages in source tarball obsolete somehow? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OT: Re: samba problem (with firewalls)
Hi! If this firewall is iptables, then the problem with samba could be, that the iptables-rules allow the forwarding on ip-packet through the firewall-gateway but nothing is allowed to contact the gateway itself. In normal iptables-rules, the default policy for everything should be set to drop. Then the necessary ports are opend. There are 3 directions: forward (to forward packets from one net o another), input and output. The last two apply to the firewall gateway itsself. I don't know about the exact form of SuSEs rules, but to allow contact from the internal net to the gateway-samba-machine, there should be some rules like this: iptables -A INPUT -s ip-address.of.internal.net -p tcp -i interface-to -internal-net -j ACCEPT iptables -A INPUT -s ip-address.of.internal.net -p udp -i interface-to -internal-net -j ACCEPT iptables -A OUTPUT -d ip-address.of.internal.net -p tcp -o interface-to -internal-net -j ACCEPT iptables -A OUTPUT -d ip-address.of.internal.net -p udp -o interface-to -internal-net -j ACCEPT These rules should allow for any contact from the internal net to the gatway-firewall-machine and the correspondig responses (for all ports). If this is too crude for your needs you could refine it with some restictions to the ports used by samba (137, 138, 139, 445, as far as I know). If this doesn't work, then perhaps you have to allow contact to the loopback-ip-addess. There's an extensive and very goot HowTo about iptables-firewall-rules at http://iptables-tutorial.frozentux.net/iptables-tutorial.html (by Oskar Andreasson) Hope it helps, Alexander -- Netzwerk- Systemadministrator --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- Am Donnerstag, 12. Februar 2004 18:05 schrieb geralds: Hi Alexander, The kind of firewall i have uses the basic iptables which came with the installation CDs of linux-SuSE. I installed SuSE 8.1 which has a firewall that has to be activated. But now, u know, i can't find the file containing the iptables so as to adjust the rules. When i try iptables -L in console mode i can see all the rules. I think i need to add some new rules in the iptables so that samba works properly. What's yo opinion? So, could u be knowing the configuration file and path for the firewall rules? My kernel is 2.4.19. 'hope to hear from u any time. Thanks. Rgds, Segie. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd krb5_get_credentials errors
Hi All, can someone elaborate on the cause of my problem mentioned below? Service records exist for DC's only on DNS servers in that domain (ie DNS server in domain X has service records only for all DC's in domain X and so on for each domain), should normal DNS forwarding not allow a client in one domain to read the service record data from another? Normal host records for all domains in the forest are resolveable via DNS forwarding. Otherwise I'll need to have service records for all our DC's in all 6 domains in every DNS server in the forest which is not practical!?! thanks in advance, Andy. can you explain the many instances (against different server) of errors of the type from winbindd?, krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find KDC for requested realm) KDC's must either be able to be found in DNS (using the SRV records etc) or be in /etc/krb5.conf. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Only browsing and net view \\smbserver fails with unassigned share names :(
Dear Samba List, I'm having a browsing problem with W2k on my 2.0.9 Samba server and now you are my last hope to help me solving my problem. Not working is access from Win2k Clients: net view \\ixdp425 is the first test that fails, not meaning to terminate with error, but to produce the following unexpected output: Name Typ LokalBeschreibung (Description) --- IPC Platte (Disk) Der Befehl wurde erfolgreich ausgeführt. (Command terminated successfully!) Searching for Computers in W2k will also not produce any results When samba isn't running the Server Browsing Entire Network will produce an Error: Ixdp425 cannot be accessed, the network name was not found. Explorer is showing up two shares but they don't have any names assigned to. What is working: But I'm able to net use the shares from the W2k clients, or to direct access the shares by name e.g. with win commander by cd \\ixdp425\temp Access from Linux Client is fine and produces the following: Domain=[HOME] OS=[Unix] Server=[Samba 2.0.9] Sharename Type Comment - --- temp Disk temporary space IPC$ IPC IPC Service (Samba 2.0.9) Server Comment ---- IXDP425 Samba 2.0.9 MOBILE WorkgroupMaster ---- HOME IXDP425 I also tried Samba 2.0.7 before, I tried from my W2k Notebook with almost no included Service Packs My server is an Intel Arm Xscale based on Snapgears uC-Linux with Glibc 2.2.5, I'm running the Intel Access Library Version 1.4 and Kernel Version 2.4.20 My smb.conf is as following simple snip [global] workgroup=OFFICE encrypt passwords=yes netbios name=ixdp425 preferred master = yes local master = yes domain master = yes browseable = yes [temp] comment = temporary space browse list = yes snap I tried almost every complex and simple configuration, with/without lokal and/or domain masters for more then 4days now without success. So I hope someone else has some better ideas to solve my problem than me. Thanks in advance and best regards, Edmond -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd krb5_get_credentials errors
Hi everybody Could you explain me whay is the subject of this mailing list? I subscribed it because I wanted to have some information about samba... And you talk about servers and electronic problems... Please tell me why! Best regards, Agnès ww m-pubsyssamba [EMAIL PROTECTED] wrote: Hi All, can someone elaborate on the cause of my problem mentioned below? Service records exist for DC's only on DNS servers in that domain (ie DNS server in domain X has service records only for all DC's in domain X and so on for each domain), should normal DNS forwarding not allow a client in one domain to read the service record data from another? Normal host records for all domains in the forest are resolveable via DNS forwarding. Otherwise I'll need to have service records for all our DC's in all 6 domains in every DNS server in the forest which is not practical!?! thanks in advance, Andy. can you explain the many instances (against different server) of errors of the type from winbindd?, krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find KDC for requested realm) KDC's must either be able to be found in DNS (using the SRV records etc) or be in /etc/krb5.conf. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba - Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout ! Créez votre Yahoo! Mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA Problems
Hi, I am setting up a small network with a Linux machine running SAMBA. I have no problems connecting from a Windows 95 machine to the SAMBA server. However, I can't connect from a SuSE Linux 9.0 machine. It does not seem to find any servers on the network from the Linux machine. Lisa is running. What am I missing? Thanks Sarel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roman numerals in Samba HOWTO collection
Hello What is the purpose of Roman numbering of pages in Samba HOWTO Collection? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA Problems
lisa.conf ;) (it worked for me) Radu - Eosif Mihailescu Sarel Pretorius wrote: Hi, I am setting up a small network with a Linux machine running SAMBA. I have no problems connecting from a Windows 95 machine to the SAMBA server. However, I can't connect from a SuSE Linux 9.0 machine. It does not seem to find any servers on the network from the Linux machine. Lisa is running. What am I missing? Thanks Sarel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roman numerals in Samba HOWTO collection
On Mon, 2004-02-16 at 21:37, Karel Kulhavy wrote: Hello What is the purpose of Roman numbering of pages in Samba HOWTO Collection? To increase proficiency in Roman numerals naturally! (It's probably just a glitch in the XSLT stylesheet - getting that monster to generate at all is quite an achievement). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT4 Migration - Samba 3.0.2a + LDAP
On Mon, 2004-02-16 at 16:35, Beast wrote: * Andrew Bartlett [EMAIL PROTECTED] nulis: On Sat, 2004-02-14 at 20:18, Pirkka Luukkonen wrote: Hi! How can I maintain users old NT RIDs while migrating to Samba PDC when they start from 1000. The RID to UID conversion algorithm is RID = 2 * UID + 1000 so the user with RID of 1000 would be root (0 * 2 + 1000 = 1000) on Unix. Maintaining the old RIDs is essential for migrating on-the-fly, because re-adding hundreds of computers to domain and losing local user profiles is not an option. The only way to achieve these requirement is to use pwdump on NT PDC. I don't see how this is relevant. 'net rpc vampire' gets the passwords very nicely and migrates much more than pwdump. As I said, in particular it gets the SIDs right. From there you'll get old RID and hashes for machine+useraccount. Beware that pwdump sometimes can not retrive the hashes and hashes for machine is not correct if machine is joined more than x months. x = unknown value, maybe 1 or 2. The issue would no doubt be the same for 'net rpc vampire', as they read the same password database. Thanks for asking, I have similar questions. Is there any (big) company migrate from NT4 to samba3 (with at least 500 clients)? How they migrate? build fresh domain name or using existing domain name? How they avoid re-join all clients? Any body here using samba 3 on production with 500 win clients? They use 'net rpc vampire', as documented in the HOWTO. This ensures that the SIDs are accurate, as are the passwords. The clients should not be able to tell the difference (or wont care, once you get the fundamentals right) You need to use 'ldapsam' or 'tdbsam', you cannot use smbpasswd. Both backends can store arbitrary RIDs, to satisfy exactly this requirement. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT4 Migration - Samba 3.0.2a + LDAP
* Andrew Bartlett [EMAIL PROTECTED] nulis: On Mon, 2004-02-16 at 16:35, Beast wrote: * Andrew Bartlett [EMAIL PROTECTED] nulis: On Sat, 2004-02-14 at 20:18, Pirkka Luukkonen wrote: Hi! How can I maintain users old NT RIDs while migrating to Samba PDC when they start from 1000. The RID to UID conversion algorithm is RID = 2 * UID + 1000 so the user with RID of 1000 would be root (0 * 2 + 1000 = 1000) on Unix. Maintaining the old RIDs is essential for migrating on-the-fly, because re-adding hundreds of computers to domain and losing local user profiles is not an option. The only way to achieve these requirement is to use pwdump on NT PDC. I don't see how this is relevant. 'net rpc vampire' gets the passwords very nicely and migrates much more than pwdump. As I said, in particular it gets the SIDs right. OK, Thanks. I'll try it again. Last time vampiring my NT (with samba 3.0.1), the samba password attribute was only filled with 'XXX' (it was from smb-ldaptools i guess) With pwdump, you get the full control of account creation as well as any necessary attributes. Good if you already has account stored on ldap for another purpose. From there you'll get old RID and hashes for machine+useraccount. Beware that pwdump sometimes can not retrive the hashes and hashes for machine is not correct if machine is joined more than x months. x = unknown value, maybe 1 or 2. The issue would no doubt be the same for 'net rpc vampire', as they read the same password database. Last week migrating my smallest site with 60+ pc clients, only 1 (one) machine which is joined recently is able to login, other need to rejoin to NT domain and then obtain the new machine password with pwdump. Random sample from other site which machine was joined more than 6 months old get same results. It was strange, renaming machine name won't change the password also. So far I've found no problem with account password. Bugs or expected behaviour? You need to use 'ldapsam' or 'tdbsam', you cannot use smbpasswd. Both backends can store arbitrary RIDs, to satisfy exactly this requirement. I use ldapsam only. Andrew Bartlett Tks. --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Wrong owner file for the admin group
Hi, when I use the parameter domain admin group = @admin in my smb.conf, anyone user for the group admin create a file (in your home, or profile, or any resource) and the owner for this file is root. I would wish that the owner is the real user instead of root. I tried using the parameter force user=%U but don work. Somebody can help me? Thank -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Documentation bug? domadm privileges
Hello I have been solving a problem how to make a nonroot user able to administer the domain (add users, groups, modify them etc.) from Windows workstation using usrmgr.exe It looks like what is stated in Samba HOWTO collection as prerequisites is not enough. First I found Chapter 12 cxl How to make Samba PDC users member of the Domain Admins group - made the nonroot user member of domadm group, added domadm unix group and groupmapped Domain Admins NT group to domadm UNIX group. This didn't work. I suggest changing steps describe how to make Samba PDC users members of the Domain Admins to steps describe how to make Samba PDC users members of the Domain Admins (note that this won't assure same functionality as being a Domain Admin on an NT4 PDC, for further details, see 12.2.1 Important Administrative Information (page cxli) (why the heck was the numbering changed from Arabic to Roman numerals?). Then I searched further for the term 'Admins' in the Samba HOWTO Collection pdf and found 12.2.1 Important Administrative Information. It states among others: [...]adding users or groups, requires root level privilege.[...]Provision of root privileges can be done [...] by permitting [...] users to use a UNIX account that is a member of the UNIX group that has a GID=0 as the primary group in the /etc/passwd database. So I made the non-root user's primary group root (GID=0) and it still didn't work. I tried to restart samba. Still didn't work. Logout user from Windows and login back. Still didn't work. Restart samba again. Still didn't work. - Is there a place in the HOWTO that describes how to determine what sequence of reboots, logouts, domain removal and reattachments and Samba restarts is necessary to assure integrity of any given operation when dealing with Samba? Then I discovered another place in Samba HOWTO that contains example: Section 31.2. Migration Options cdxv (why the heck were the Arabic numerals replaced with Roman? Comparison of two Roman numeral takes about a minute to me and decreases the speed of manual binary search for a given page by several orders of magnitude) 5. Now assign each of the UNIX groups to NT groups: [...] # First assign well known domain global groups net groupmap modify ntgroup=Domain Admins unixgroup=root rid=512 This didn't work: oberon root # net groupmap modify ntgroup=Domain Admins unixgroup=root rid=512 Bad option: rid=512 However I got the idea behind the command and tried: net groupmap modify ntgroup=Domain Admins unixgroup=root oberon root # net groupmap modify ntgroup=Domain Admins unixgroup=root Updated mapping entry for Domain Admins oberon root # net groupmap list [...] Domain Admins (S-1-5-21-3784068046-1792391053-1311982112-512) - root Suggestion: replace net groupmap modify ntgroup=\Domain Admins\ unixgroup=root rid=512 in the Samba HOWTO Collection with net groupmap modify ntgroup=\Domain Admins\ unixgroup=root After that I reloaded Samba and tried the running usrmgr.exe: Invalid handle. Exited the usrmgr.exe and restarted usrmgr.exe (without logout) and it -- MIRACULOUSLY WORKED! Suggestion: replace Users of such accounts can use tools like the NT4 Domain User Management with Users of such accounts cannot still use tools like the NT4 Domain User Management because having root as primary group is not enough. However, if the Domain Admins group is in addition mapped to root group, this task becomes possible into chapter 12.2.1 Important Administrative Information (page cxli) Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with NT - Samba User Configuration: Probably very simple
Hi All, my problem is I am unable to configure an NT user to access a UNIX Tru64 5.1b share from their PC. I am running Samba 2.0.7 and it runs as a domain member. Here are the steps I have completed without success: Assuming ntuser is the NT username used to log into the NT workstation/PC. 1. Created UNIX user username 2. Created UNIX directory /usr/users/username/input 3. Appended following line to a user name mapping file defined in smb.conf with the parameter username map = ...: username = ntuser Note: The user name mapping file already contained an entry for another user and the one above was appended to the file. 4. Added the following to smb.conf: [servicename] comment = 'etc' path = /usr/users/username/input valid users = username public = no writable = yes printable = no 5. Restarted the samba daemons. Can anyone spot what the problem is? Have I missed out a particular step? In desperation I tried adding username to the samba password file by running smbpasswd but it would appear this user is already a member. This I concluded from the fact that I typed Enter when first asked for the existing password and when I entered the new password twice the following messages were displayed. error connecting to #.#.#.#:# (Connection refused) unable to connect to SMB server on machine #.#.#.#. Error was : code 0. Failed to change password for statdat Note the # symbols represent numbers which I have physically replaced with #. I believe they are addresses of some sort. If you know what the problem is please can you let me know as soon as you can. Your help with be greatly appreciated. I am hoping this is something very simple that can be quickly knocked on the head Many thanks Raymond === This electronic message contains information from the mmO2 plc Group which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address above) immediately. Please note that as of June 1st we will no longer be accepting email for any btcellnet.net, btcellnet.co.uk or cellnet.co.uk addresses. From this date all mail should be addressed to O2.com === -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL bug
hi damn! i'm going crazy... files created in the shell (bash) also get -x'ed example again: humanpdc:~ # getfacl /data/test/home/ getfacl: Removing leading '/' from absolute path names # file: data/test/home # owner: test # group: users user::rwx group::--- other::--- default:user::rwx default:group::--- default:mask::rwx default:other::--- humanpdc:~ # touch /data/test/home/test humanpdc:~ # getfacl /data/test/home/test getfacl: Removing leading '/' from absolute path names # file: data/test/home/test # owner: root # group: rootgroup user::rw- group::--- mask::rw- other::--- *argh* what's this? can anybody help me although it's not really smb related? thx³ Dariush Forouher schrieb: On Fri, 13 Feb 2004, Michael Gasch wrote: unfortunately this was not the problem though :( No, I think so as well. The umask setting only can take away permission bits, but it can't set new ones. Beside of that AFAIK Samba doesn't use an umask setting inherited from the parent process (and even if it would certenly be overwritten by the create mask setting). The problem I observed happens when creating files through Samba. Creating files from native Linux works (at least here) exactly as I'm expecting it to work. with attention to default:user::rwx why is it automatically set? AFAIK this is the default behaviour of the ACL implementation of Linux. The first time when setfacl is used these three defaults ACEs are automatically added with the same permissions of their non-default peers. and of course: on any file created in install owner just gets rw-, but my mask isn't recalculated (which is fine) Not for me! I don't like it if ordinary files have the x-bit set, which will happen if mask isn't shortened to rw-, like Samba does it at the moment! ciao Dariush -- Matrix - more than a vision ** Michael Gasch - Central IT Department - Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Loss of connection when changing smb.conf?
Hello, since upgrading to Samba 3 (3.0.1 on Debian 3.0), I noticed that clients seems to sometimes lose connection to the samba server when the configuration file is changed. Today I added oplocks = no to the homes section because I wanted to track down a specific problem, and voila: 1-2 minutes later some Win2K-Clients (but probably not all, couldn't check that) lost connection to the homes share and had to sign off and sign on again. Later on I added log level = 3 to the global section and the same happened again. I'm pretty sure this didn't happen with Samba 2.2.8. Could this have something to do with smb signing? I assume SMB signing maintains some kind of state information or serial number on the packages, in order to prevent man-in-the-middle attacks; and this could information could get lost when samba reloads the smb.conf? Thanks, Andreas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Quark Express 4.1 Saving problems
Hello, found this topic in the archives and would like to re-open this thread. I have some problems with Quark XPress Passport 4.1 on Win2K Clients and Samba 3.0.1 . Sometimes when saving a file, either an existing one or new, QuarkXPress produces an I/O-Error [-36] and cannot save the file, not even with Save as... under a different name. I turned off oplocks on this share, but it changed nothing. Other Apps seem to work fine. The problem cannot be easily reproduced, it occurs only every now and then. I set log level to 3 today and will wait till tomorrow, hope this happens again soon so I can provide log output. Has anyone else had this problem? Thanks, Andreas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Installation HP Tru64
I am installing the latest version of Samba on my DEC Alpha running HP Tru 64 and I was told to run ./autogen.sh before running the ./configure script. When I do so, I get the error message: ./autogen.sh: autoheader:not found ./autogen.sh: test:argument expected - Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL bug
so, i think i found an explanation: touch relies on mode parameter of creat(2), which is by default 666 this explains the behaviour of recalculating the mask and setting user:: to rw- anybody an idea how to change the default mode of 666 (kind of diabolic *gg) greez Michael Gasch schrieb: hi damn! i'm going crazy... files created in the shell (bash) also get -x'ed example again: humanpdc:~ # getfacl /data/test/home/ getfacl: Removing leading '/' from absolute path names # file: data/test/home # owner: test # group: users user::rwx group::--- other::--- default:user::rwx default:group::--- default:mask::rwx default:other::--- humanpdc:~ # touch /data/test/home/test humanpdc:~ # getfacl /data/test/home/test getfacl: Removing leading '/' from absolute path names # file: data/test/home/test # owner: root # group: rootgroup user::rw- group::--- mask::rw- other::--- *argh* what's this? can anybody help me although it's not really smb related? thx³ Dariush Forouher schrieb: On Fri, 13 Feb 2004, Michael Gasch wrote: unfortunately this was not the problem though :( No, I think so as well. The umask setting only can take away permission bits, but it can't set new ones. Beside of that AFAIK Samba doesn't use an umask setting inherited from the parent process (and even if it would certenly be overwritten by the create mask setting). The problem I observed happens when creating files through Samba. Creating files from native Linux works (at least here) exactly as I'm expecting it to work. with attention to default:user::rwx why is it automatically set? AFAIK this is the default behaviour of the ACL implementation of Linux. The first time when setfacl is used these three defaults ACEs are automatically added with the same permissions of their non-default peers. and of course: on any file created in install owner just gets rw-, but my mask isn't recalculated (which is fine) Not for me! I don't like it if ordinary files have the x-bit set, which will happen if mask isn't shortened to rw-, like Samba does it at the moment! ciao Dariush -- Matrix - more than a vision ** Michael Gasch - Central IT Department - Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] I can see share, but it won't let me use my pwd (OSX)
(Apologies if this has already gone to the list. I've been trying to post via the newsgroup and it appears none of my messages went through...so now I'm doing it via the list-serv) I have samba (2.28) running on a linux server (Mandrake 9.2). Neither my win2k machine nor my OSX (panther) machine will see the share via the network browser. In my OSX machine, I CAN connect if I specifically connect to server using the SMB://serverip/ format. It connects, and sees the shares (but only the ones I made...not the default home shares), but refuses my username/pwd. Here's some pertinent parts of my config file: [mp3onserver] comment = mp3s printable = no valid users = mp3,homerj create mode = 0765 writeable = yes path = /home/mp3/ [testshare] qeirw liar = mp3, homerj, @mp3, @homerj path = /home/mp3/ Via webin, I've told Samba to use the Unix usernames and passwords. It all appears to be set up correctly via webmin (the system's users show up as samba users). That all led to a connection, but would get invalid usr/pwd error. So, I made some more adjustments to Samba...namely putting in a default directory. Now I get a different error: the finder cannot complete the operation because some data in smb could not be read or written. (Error code -36). Google isn't turning anything up specific to that other than some mention of rebooting the router a few times (which I tried, to no avail). Any thoughts? -Darrel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] APW: Print Driver not Storing for some printer types
Hi there. I'm using samba 3.0.2 as a printserver. It's been working for ages and I upgraded it the other day to see if it fixed this problem I've been having trying to get printer drivers stored onto the server. The mechanism for uploading drivers seems to be working fine but I've recently got two new printers: an HP laserjet4200tn and OKI c5100. No matter what I seem to try, trying to get the APW to install these drivers to the print$ share on the sambe printserver fails. The error messages is: Unable to install HP LaserJet 4200 PS, Windows 2000 or XP, Intel Driver. Operation could not be completed. On pressing the New Driver button, it runs through the wizard OK then gives this error on Finish. What bugs me most is that It's working fine for my old printer drivers (mostly a variety of HP laserjets). I've reinstalled the drivers to check but these two refuse to work. I'm trying to install the latest PS drivers from the internet if that helps anyone. Two other things I have noticed which may be related to the problem: 1. On an XP machine, in the print$/w32x86 dir, there seems to be other folders created (hewletpackard. and oki_data_...). Could the drivers be trying to install not to the 3 folder as I think they should? 2. On the servers print$ share int the w32x86 folder it seems to try to have creates a temporary folder __SKIP_ when the error message is popped up. This folder is empty by the way. I'm thinking it's the drivers at fault. Or perhaps there's a new driver format that Samba doesn't support yet? Any help on my problem would be appreciated. Thanks -- Paul Cochrane (paul.m.cochrane (***at***) tuht.scot.nhs.uk) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roman numerals in Samba HOWTO collection
On Mon, 16 Feb 2004, Karel Kulhavy wrote: Hello What is the purpose of Roman numbering of pages in Samba HOWTO Collection? That happens to be the default behaviour of t he way the PDF is generated from the XML soruces. To force a change of page numbering to Roman numerals requires the insertion of a latex command which interferes with HTML production. Since we produce both PDF adn HTML for the Samba web site we have chosen to leave the default behaviour - at least until all the content of The Samba-3 HOWTO and Reference Guide has been committed to public CVS. That should happen around April. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Documentation bug? domadm privileges
Karel, Thanks for your feedback. I will certainly take this into account when I get time to update the HOWTO documentation. Cheers, John T. On Mon, 16 Feb 2004, Karel Kulhavy wrote: Hello I have been solving a problem how to make a nonroot user able to administer the domain (add users, groups, modify them etc.) from Windows workstation using usrmgr.exe It looks like what is stated in Samba HOWTO collection as prerequisites is not enough. First I found Chapter 12 cxl How to make Samba PDC users member of the Domain Admins group - made the nonroot user member of domadm group, added domadm unix group and groupmapped Domain Admins NT group to domadm UNIX group. This didn't work. I suggest changing steps describe how to make Samba PDC users members of the Domain Admins to steps describe how to make Samba PDC users members of the Domain Admins (note that this won't assure same functionality as being a Domain Admin on an NT4 PDC, for further details, see 12.2.1 Important Administrative Information (page cxli) (why the heck was the numbering changed from Arabic to Roman numerals?). Then I searched further for the term 'Admins' in the Samba HOWTO Collection pdf and found 12.2.1 Important Administrative Information. It states among others: [...]adding users or groups, requires root level privilege.[...]Provision of root privileges can be done [...] by permitting [...] users to use a UNIX account that is a member of the UNIX group that has a GID=0 as the primary group in the /etc/passwd database. So I made the non-root user's primary group root (GID=0) and it still didn't work. I tried to restart samba. Still didn't work. Logout user from Windows and login back. Still didn't work. Restart samba again. Still didn't work. - Is there a place in the HOWTO that describes how to determine what sequence of reboots, logouts, domain removal and reattachments and Samba restarts is necessary to assure integrity of any given operation when dealing with Samba? Then I discovered another place in Samba HOWTO that contains example: Section 31.2. Migration Options cdxv (why the heck were the Arabic numerals replaced with Roman? Comparison of two Roman numeral takes about a minute to me and decreases the speed of manual binary search for a given page by several orders of magnitude) 5. Now assign each of the UNIX groups to NT groups: [...] # First assign well known domain global groups net groupmap modify ntgroup=Domain Admins unixgroup=root rid=512 This didn't work: oberon root # net groupmap modify ntgroup=Domain Admins unixgroup=root rid=512 Bad option: rid=512 However I got the idea behind the command and tried: net groupmap modify ntgroup=Domain Admins unixgroup=root oberon root # net groupmap modify ntgroup=Domain Admins unixgroup=root Updated mapping entry for Domain Admins oberon root # net groupmap list [...] Domain Admins (S-1-5-21-3784068046-1792391053-1311982112-512) - root Suggestion: replace net groupmap modify ntgroup=\Domain Admins\ unixgroup=root rid=512 in the Samba HOWTO Collection with net groupmap modify ntgroup=\Domain Admins\ unixgroup=root After that I reloaded Samba and tried the running usrmgr.exe: Invalid handle. Exited the usrmgr.exe and restarted usrmgr.exe (without logout) and it -- MIRACULOUSLY WORKED! Suggestion: replace Users of such accounts can use tools like the NT4 Domain User Management with Users of such accounts cannot still use tools like the NT4 Domain User Management because having root as primary group is not enough. However, if the Domain Admins group is in addition mapped to root group, this task becomes possible into chapter 12.2.1 Important Administrative Information (page cxli) Cl -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Quark Express 4.1 Saving problems
On Mon, 16 Feb 2004, Andreas Heinlein wrote: Hello, found this topic in the archives and would like to re-open this thread. I have some problems with Quark XPress Passport 4.1 on Win2K Clients and Samba 3.0.1 . Sometimes when saving a file, either an existing one or new, QuarkXPress produces an I/O-Error [-36] and cannot save the file, not even with Save as... under a different name. I turned off oplocks on this share, but it changed nothing. Other Apps seem to work fine. The problem cannot be easily reproduced, it occurs only every now and then. I set log level to 3 today and will wait till tomorrow, hope this happens again soon so I can provide log output. Has anyone else had this problem? The Samba-HOWTO-Collection has a chapter on File and Record Locking that may help you. The bottom line is that Microsoft recognise that sometimes the only way to avoid a potential oplock problem is by turning off client registry settings that cause it to request oplock behaviour. I have documented specific examples of this in my new book Samba-3 by Example, however, the core of the information you need is in the Samba-HOWTO-Collection chapter I refer you to. You can find the HOWTO collection from the documentation page of the Samba web sites. Cheers, John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RES: RES: [Samba] Daylight saving
Sorry by the delay All my workstations are W2K SP4. I already changed the Dayligth saving option in the workstations but no results Tercio -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nome de Collen Enviada em: sexta-feira, 13 de fevereiro de 2004 12:17 Para: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Assunto: Re: RES: [Samba] Daylight saving are your workstations w98 ?? or nt/w2k ?? (have the same here, only with w98 ws) you can also use net time /SETSNTP:ntp server Collen Friday, February 13, 2004, 3:45:21 PM, you wrote: TFGF I already configured my time zone, daylight, etc. TFGF The server date is correct. I already compiled a TimeZone file(.ZIC) with TFGF the correct date for DayLight saving. TFGF The server knows that it is daylight saving, but the workstation don´t TFGF :-( TFGF []´s Tercio TFGF -Mensagem original- TFGF De: Kristyan Osborne [mailto:[EMAIL PROTECTED] TFGF Enviada em: sexta-feira, 13 de fevereiro de 2004 10:29 TFGF Para: Tercio Ferdinando Gaudencio Filho; [EMAIL PROTECTED] TFGF Assunto: RE: [Samba] Daylight saving TFGF Hi, TFGF have a look at the time offset option in the man pages. TFGF Cheers TFGF - TFGF Kristyan Osborne - IT Technician / Community Manager TFGF Longhill High School TFGF 01273 391672 / 304086 TFGF -- TFGF Computers are like airconditioners: They stop working properly if you open TFGF windows. TFGF Win95: A 32-bit patch for a 16-bit GUI shell running on top of an TFGF 8-bit operating system written for a 4-bit processor by a TFGF 2-bit company who cannot stand 1 bit of competition. TFGF -Original Message- TFGF From: TFGF [EMAIL PROTECTED] TFGF [mailto:[EMAIL PROTECTED] TFGF ]On Behalf Of Tercio Ferdinando Gaudencio Filho TFGF Sent: 13 February 2004 14:35 TFGF To: [EMAIL PROTECTED] TFGF Subject: [Samba] Daylight saving TFGF Hello there, TFGF I have a samba PDC 3.0.0 running ok, but I had turned on the option Time TFGF Server in smb.conf, to synchronize the workstations time with server. But TFGF the workstations synchronize 1 hour less than it is. I think that the TFGF workstations isn´t considering the daylight saving time. TFGF I´m using the command: net time \\server /set /yes TFGF Thank´s, TFGF []´s Tercio TFGF -- TFGF To unsubscribe from this list go to the following URL and read the TFGF instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Profiles
For Roaming Profiles, I could use the following in smb.conf file logon path = \\%L\Profiles\%u If I need the profiles to be local, what do I need to do in smb.conf? logon path = \\(name of local computer)\%u (HOW WOULD I FILL IN name of local computer)? Thanks, Saad. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Local Profiles - Quick Question
What changes should I make in logon home and logon path in smb.conf to force local profiles? Saad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] w2k client problem
Hi there; [apologies if this has already been posted, if so can someone point me in the right direction...] Experiencing problem with a w2k client listing content of a share on a samba server. I have Redhat 9 running Samba 2.2.7 release 7.9.0. I have various w2k clients connecting to a share downloading files nightly. [via WAN not LAN] I am experiencing a problem on a w2k client, where it is unable to list the contents of a share. The w2k client is able to see the samba server and it's shares via: net view //smb_svr and it is able to connect to the visible shares e.g.: net use t: //smb_svr/share When I try dir t:/ the client takes a while and returns with nothing. I have upgraded and tested on various versions of (2.2.7 release 7.9.0 and 8.9.0, 2.2.8, 3.0.2) with the same result. I am able to connect to other shares with less content, and it lists ok, does any one have any idea what might be wrong? thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Changing permissions not being root or owner
Hi all, got the following problem: I'm trying to set up a samba share and want the allowed group to administrate the file and directory permissions on their own. Goal is that everyone in the group can decide via NT security box who - from outside the group - should have read or write permissions on a specific file. I'm using ACL's and everything except this is working fine. Problem is that only the owner of that file or root is able to change the permissions. man smb.conf tells me that I have to use dos filemode = yes to allow users with write access to do this job. But this doesn't work. I don't now how many mode = combiniations I tried - nothing helped. Here is my current config: [global] workgroup = DCSHH netbios name = fileserver server string = File Server security = domain password server = * winbind uid = 1-2 winbind separator = + winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/false add user script = /usr/local/bin/add_samba_user %u unix extensions = Yes encrypt passwords = Yes log level = 0 nt acl support = Yes socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY wins support = No veto files = /.AppleDouble/lost+found/aquota.user/aquota.group [testshare] comment = Test share path = /shares/test public = yes writable = yes dos filemode = yes write list = @DCSHH+Domain-User ls -l /shares/test drwxrwxr-x2 DCSHH+Administrator DCSHH+Domain-User 4096 Feb 16 15:47 test And an example file in /shares/test: ls -l -rw-rw+ 1 DCSHH+silke DCSHH+Domain-User 105 Feb 16 13:55 testfile3.txt So as User DCSHH+alex (member of DCSHH+Domain-User) I should be able to modify the permissions of that file ! Can anyone give me a clue why dos filemode = yes isn't working as expected ??? Many thanks in advance Joerg -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problems with compiling samba under MacOS 10.2
Hi, I'm trying to compile samba on a G3 Powerbook Pismo by following the instructions on http://www.opensource. apple.com/projects/documentation/howto/html/osxsmb.html, but somehow the compiling doesn't work, I'm allways getting a compilation error. Using samba 2.2.1a I'm getting an error in printing/print_cups.c and using samba 3.0.2a I'm getting an error in libsmb/clikrb5.c. Does anybody know how I could solve this problem or which version I should use? Thanks alot, Vinzenz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.2 mapped by Actve Directory
I have spent a while trying to join a samba machine to our university's active directory structure so that allowed users can map to it by simply running \\webserver I was able to join the machine just fine via: net ads join VPSA/UH/UH-_ResComp_Servers/ -U adminname And now I can run wbinfo -u to get a listing of all users on our network. I have the right permissions, because from that computer, I can run smbclient //IP/c\$ -k and it lets me through as it should. However, when I run \\webserver from any other computer, log.smbd shows: [2004/02/16 10:51:46, 0] auth/auth_util.c:make_server_info_info3(1100) make_server_info_info3: pdb_init_sam failed! [2004/02/16 10:51:46, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [rceacostl] - [rceacostl] FAILED with error NT_STATUS_NO_SUCH_USER How can I make it so users can map their drives to this computer? Part of /etc/smb.conf [global] workgroup = ADILSTU realm = AD.ILSTU.EDU security = ADS auth methods = winbind, guest, sam password server = air.ad.ilstu.edu idmap uid = 1-5 winbind gid = 1-5 winbind enum users = yes winbind enum groups = yes valid users = @AD.ILSTU.EDU\ResCompBackupUser, @AD.ILSTU.EDU\ResCompAll, @AD.ILSTU.EDU\DevTeam -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd timeout on unreacheable domains
Hi All, I have a concern with the behaviour of winbindd on startup in a multi-domain environment, in my case a 6 domain AD forest + trusts to 3 NT 4 domains. I've tested startup of winbindd in a 2 domain development environment and found if a trusted domain is not contactable it takes five minutes to timeout before winbindd becomes active (/tmp/.winbindd/pipe is created). If I assume this will be the same behaviour for winbindd in our production environment then if our domain were isolated from the rest of the trusted domains then winbindd would take 45 minutes (9x 5minutes) to become active if we needed to restart a server. Because our domain is on a physically different and separately managed network from the others it is more than possible this type of situation could occur. 45 minutes to startup is obviously unacceptable especially as I hope to deploy Samba 3.x on one of our clusters. And to put this in comparison with a pure windows solution we would have no such issues starting a DC or fileserver in a domain just because it couldn't see any or all trusted domains. If I am incorrect please can you put me right on this, if I am correct is it possible that winbindd can be modified to establish connection only with its local domain at startup and start serving data to Samba from cached data for other domains? thanks in advance, Andy Smith. BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] primary gid of user [desires] is not a Domain group !
Wendell Wilson wrote: Precisely the same thing is happening to me! There have been a couple other threads with others having more or less the same problem... but I haven't seen any fixes that work for me, yet. I have 3.0.1, at the moment. Did you upgrade from 2.2.x? or from an earlier version of 3.x? Or did this just start out of the blue? I am not using LDAP, at this point, or even winbind to handle user/group mappings. What sort of setup do you have? Currently using 3.0.2, at least the ones FC1 just shiped over the weekend ... I did a clean installation and converted my LDAP ldif file to from Samba2 to Samba3 ... I have made all sorts of changes and can't get this to go away, so I don't know what the problem is ... At first I through that my posix accounts primary gid how to be mapped to an NT one, then I modified the Primary SID for each users and still got it ... so I really don't know ... Mailed Lee Wendell C.Lee Taylor wrote: Greetings ... I hope somebody can explain this to me, or give me a help to fix this problem ... On my Samba server ( 3.0.2rc2 ) I am getting ... Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1371) Feb 9 17:31:21 eastrand smbd[2113]: failed to decode PDU Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) Feb 9 17:31:21 eastrand smbd[2113]: process_request_pdu: failed to do schannel processing. Feb 9 17:31:26 eastrand smbd[2113]: [2004/02/09 17:31:26, 0] rpc_server/srv_util.c:get_domain_user_groups(372) Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups: primary gid of user [desires] is not a Domain group ! Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups: You should fix it, NT doesn't like that But if I do ... [EMAIL PROTECTED] root]# pdbedit -L -v -u desires Unix username:desires NT username: desires Account Flags:[UX ] User SID: S-1-5-21-3795178988-3942151060-2329322268-44008 Primary Group SID:S-1-5-21-3795178988-3942151060-2329322268-513 Full Name:Desire Steyn Home Directory: \\eastrand\desires HomeDir Drive:l: Logon Script: login.bat Profile Path: \\eastrand\desires\profile Domain: X-ZA-DM Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Fri, 13 Dec 1901 22:45:51 GMT Kickoff time: Fri, 13 Dec 1901 22:45:51 GMT Password last set:Thu, 13 Feb 2003 13:24:06 GMT Password can change: 0 Password must change: Fri, 13 Dec 1901 22:45:51 GMT [EMAIL PROTECTED] root]# Now I have an LDAP passdb, and I have done a [EMAIL PROTECTED] root]# net groupmap list Domain Users (S-1-5-21-3795178988-3942151060-2329322268-513) - ntusers Domain Computers (S-1-5-21-3795178988-3942151060-2329322268-515) - machines Domain Admins (S-1-5-21-3795178988-3942151060-2329322268-512) - ntadmin Domain Guests (S-1-5-21-3795178988-3942151060-2329322268-514) - nobody And [EMAIL PROTECTED] root]# getent passwd |grep -i des desires:x:21504:1:Desire:/home/users/desires:/sbin/nologin Has anyone got an idea of what I am missing ... Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Setting password must change for more than one user
Hello all, I'm using Samba 3 with ldapsam_compat and i have a bunch of users (~ 150). I'm trying to find a way to set 'password must change' attribute to a given value to all users of my domain, so that all be forced to reset their passwords at the same time. Is there an easy way to do that, better than editing ldap database by hand or writing a custom script? I looked at pdbedit, smbpasswd, smbldap-tools, and no...nothing seems to cope with it... Any idea? Cheers, Fabien Chevalier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Suse 9.0 2.2.8a smbd issue
Sorry if this issue has come up before. I have been using samba on a NetApp filer successfully for some time but I recently upgraded my samba server to Suse 9.0 Professional. I am trying to use the 'classic samba' version (since I don't know any better) and am having problems with file locking on my shares. Here is a transcript of the log.smbd that shows some incompatibility between 32/64-bit system file locking. Any ideas as to fix this? It is causing delay and problems for my users but I need to keep this version of Linux for other reasons. Please advise; thank you. Best Regards, Chris Haidinyak SAMBA LOG TRANSCRIPT SNIPPET [2004/02/16 10:03:52, 0] smbd/server.c:main(791) smbd version 2.2.8a-SuSE started. Copyright Andrew Tridgell and the Samba Team 1992-2002 tron:/var/log/samba # tail log.smbd [2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(658) an No locks available error. This can happen when using 64 bit lock offsets [2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(659) on 32 bit NFS mounted file systems. [2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(657) posix_fcntl_lock: WARNING: lock request at offset 480, length 1 returned [2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(658) an No locks available error. This can happen when using 64 bit lock offsets [2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(659) on 32 bit NFS mounted file systems. tron:/var/log/samba # tail log.smbd [2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(658) an No locks available error. This can happen when using 64 bit lock offsets [2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(659) on 32 bit NFS mounted file systems. [2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(657) posix_fcntl_lock: WARNING: lock request at offset 480, length 1 returned [2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(658) an No locks available error. This can happen when using 64 bit lock offsets [2004/02/16 10:06:02, 0] locking/posix.c:posix_fcntl_lock(659) on 32 bit NFS mounted file systems. [2004/02/16 10:06:52, 0] smbd/oplock.c:oplock_break(797) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file .XXX (dev = 13, inode = 987266, file_id = 17). [2004/02/16 10:06:52, 0] smbd/oplock.c:oplock_break(869) oplock_break: client failure in oplock break in file .XXX -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] printing form linux clients to samba
hi all and thanks in advance for reading this i have worked with samba for a while, sharing drives on my linux boxes and all went well until now. now, i tried to share a printer. 1 i setup a printer in a box with cups. the printer is working fine in that host printing everything as it is told. 2 i tried to share the printer to: 2.1 one windows wrokstation in the lan 2.2 two linux boxes on the lan with the following config file: [global] workgroup = PRINTSERVER netbios name = NEPTUN server string = neptun print server log file = /var/log/samba/log.%m max log size = 50 security = share encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat printing = cups [printers] comment = All Printers printer = hp_670C path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes create mode = 0700 print command = lpr -P %p -o raw %s -r lpq command = lpstat -o %p lprm command = cancel %p-%j use client driver = yes i then made the client configuration on the windows workstation, and windows is printing well to my linux printing server with samba. it shares drives and the printer without any kind of problem. the problem is that i cannot print form my linux boxes to that shared printer... on linux boxes i made the following 1 configured one printer queue with cups linking the smbspool to /usr/lib/cups/backend/ ln -s /usr/bin/smbspool /usr/lib/cups/backend/smb 2 loaded the driver for hp 670c in cups 3 tried to print a test page and i did it successfully now... the only thing is that i am only able to print test pages... and i can't figure out the command line options to print from my linux print clients to my linux print server... windows is doing fine though. other thing is that when I: smbclient //neptun/printers i can mount the share but it does not print. - Email Enviado utilizando o serviço MegaMail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] printing form linux clients to samba
hi all and thanks in advance for reading this i have worked with samba for a while, sharing drives on my linux boxes and all went well until now. now, i tried to share a printer. 1 i setup a printer in a box with cups. the printer is working fine in that host printing everything as it is told. 2 i tried to share the printer to: 2.1 one windows wrokstation in the lan 2.2 two linux boxes on the lan with the following config file: [global] workgroup = PRINTSERVER netbios name = NEPTUN server string = neptun print server log file = /var/log/samba/log.%m max log size = 50 security = share encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat printing = cups [printers] comment = All Printers printer = hp_670C path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes create mode = 0700 print command = lpr -P %p -o raw %s -r lpq command = lpstat -o %p lprm command = cancel %p-%j use client driver = yes i then made the client configuration on the windows workstation, and windows is printing well to my linux printing server with samba. it shares drives and the printer without any kind of problem. the problem is that i cannot print form my linux boxes to that shared printer... on linux boxes i made the following 1 configured one printer queue with cups linking the smbspool to /usr/lib/cups/backend/ ln -s /usr/bin/smbspool /usr/lib/cups/backend/smb 2 loaded the driver for hp 670c in cups 3 tried to print a test page and i did it successfully now... the only thing is that i am only able to print test pages... and i can't figure out the command line options to print from my linux print clients to my linux print server... windows is doing fine though. other thing is that when I: smbclient //neptun/printers i can mount the share but it does not print. - Email Enviado utilizando o serviço MegaMail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with trust account passowrds ???
Hi, I'm getting near a thousand error messages a day on only one of my two samba servers that both participate in the same domain: [2004/02/16 09:17:52, 0] rpc_client/cli_trust.c:change_trust_account_password(248) 2004/02/16 09:17:52 : change_trust_account_password: Failed to change password for domain ITS. The server getting the errors is version 2.2.7a-security-rollup-fix running on RedHat Linux. The server not receiving the error messages is version 2.2.0 running on SPARC Solaris. Both servers participate in the same domain, and neither act as a domain controller or WINS server. The technician that manages the microsoft domain itself has no idea since he doesn't see any problem on the microsoft side. I'm assuming, therefore, there is some fine tuning I need to do on the one samba server giving me the errors. Any ideas?? Thanks, Rob _ _ _ _ __ _ _ _ _ /\_\_\_\_\/\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_//\/_/ /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner UNIX Services Manager Linfield College, McMinnville OR (503) 434-2558 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] touble with install
I did ./configure make make install I got no errors, but it doesn't seem to have installed everything I need. Swat won't start. It didn't put an smb.conf file in /etc/samba (it didn't even create this folder) or /usr/local/samba/lib/. When I run testparm, I get Segmentation fault as my only output. Even if I create an smb.conf and run testparm on that file I get the exact same thing. Please help... Thanks, Anne -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] primary gid of user [desires] is not a Domain group !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 C.Lee Taylor írta: | Wendell Wilson wrote: | | Precisely the same thing is happening to me! There have been a couple | other threads with others having more or less the same problem... but | I haven't seen any fixes that work for me, yet. | | I have 3.0.1, at the moment. Did you upgrade from 2.2.x? or from an | earlier version of 3.x? Or did this just start out of the blue? I am | not using LDAP, at this point, or even winbind to handle user/group | mappings. What sort of setup do you have? | | |Currently using 3.0.2, at least the ones FC1 just shiped over the | weekend ... | |I did a clean installation and converted my LDAP ldif file to from | Samba2 to Samba3 ... I have made all sorts of changes and can't get this | to go away, so I don't know what the problem is ... | |At first I through that my posix accounts primary gid how to be | mapped to an NT one, then I modified the Primary SID for each users and | still got it ... so I really don't know ... | | | Mailed | Lee | | | Wendell | | C.Lee Taylor wrote: | | Greetings ... | |I hope somebody can explain this to me, or give me a help to fix | this problem ... | |On my Samba server ( 3.0.2rc2 ) I am getting ... | | Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0] | rpc_server/srv_pipe.c:api_pipe_netsec_process(1371) | Feb 9 17:31:21 eastrand smbd[2113]: failed to decode PDU | Feb 9 17:31:21 eastrand smbd[2113]: [2004/02/09 17:31:21, 0] | rpc_server/srv_pipe_hnd.c:process_request_pdu(605) | Feb 9 17:31:21 eastrand smbd[2113]: process_request_pdu: failed to | do schannel processing. | Feb 9 17:31:26 eastrand smbd[2113]: [2004/02/09 17:31:26, 0] | rpc_server/srv_util.c:get_domain_user_groups(372) | Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups: | primary gid of user [desires] is not a Domain group ! | Feb 9 17:31:26 eastrand smbd[2113]: get_domain_user_groups: You | should fix it, NT doesn't like that | |But if I do ... | | [EMAIL PROTECTED] root]# pdbedit -L -v -u desires | Unix username:desires | NT username: desires | Account Flags:[UX ] | User SID: S-1-5-21-3795178988-3942151060-2329322268-44008 | Primary Group SID:S-1-5-21-3795178988-3942151060-2329322268-513 | Full Name:Desire Steyn | Home Directory: \\eastrand\desires | HomeDir Drive:l: | Logon Script: login.bat | Profile Path: \\eastrand\desires\profile | Domain: X-ZA-DM | Account desc: | Workstations: | Munged dial: | Logon time: 0 | Logoff time: Fri, 13 Dec 1901 22:45:51 GMT | Kickoff time: Fri, 13 Dec 1901 22:45:51 GMT | Password last set:Thu, 13 Feb 2003 13:24:06 GMT | Password can change: 0 | Password must change: Fri, 13 Dec 1901 22:45:51 GMT | [EMAIL PROTECTED] root]# | |Now I have an LDAP passdb, and I have done a | [EMAIL PROTECTED] root]# net groupmap list | Domain Users (S-1-5-21-3795178988-3942151060-2329322268-513) - ntusers | Domain Computers (S-1-5-21-3795178988-3942151060-2329322268-515) - | machines | Domain Admins (S-1-5-21-3795178988-3942151060-2329322268-512) - ntadmin | Domain Guests (S-1-5-21-3795178988-3942151060-2329322268-514) - nobody | |And | | [EMAIL PROTECTED] root]# getent passwd |grep -i des | desires:x:21504:1:Desire:/home/users/desires:/sbin/nologin | |Has anyone got an idea of what I am missing ... | | Mailed | Lee | | | | | | | Just in time! I've had a strange problem: Windows98 and 2000 clients refused to implement the policy defined for groups, but implemented those defined for users and computers. In the same time I've found similar entries in the logs (My production systems are Samba3.0.1.pre1+some patches with ldapsam backend). I decided to set up a small test system: Samba3.0.2 with tdbsam backend. And found that the problem is related to one of the ~ users attributes called sambaPrimaryGroupSID in LDAP or Primary Group SID if you look at it with pdbedit -L -v username_here. I've fixed, half an hour ago, and now everything is working well. The sollution is simple, but can be a big lot of work if you have a lot of users and groups; take care, that sambaPrimaryGroupSID for any of your users is a valid SID of an existing ntgroup. Best if it the ntgroup, which corespond to your users primary unixgroup. Hope it helps. Cheers Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAMRsS/PxuIn+i1pIRAsgKAKC6Hcatrtdk6KFamlYcNGvRDxvDpACglOSb e6Us9tIYTC6L3csR5GH0zTU= =2T8G -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Newbie, Win2K config, fails on test 8 (long)
CORRECTION!! It would appear that I did something to make test 7 fail, and like a bad person, I didn't run through all the tests after every change. Anyway, here's the new status. Sorry for the extra spam. Again, thanks in advance. * sensorlabwrkst in lmhosts * smbpasswd -a mlederer * no firewall on linux box *TEST 7:* $ smbclient //sensorlabwrkst/tmp added interface ip=172.17.5.144 bcast=172.17.5.255 nmask=255.255.255.0 Password: Domain=[FOSTER-MILLER] OS=[Unix] Server=[Samba 2.2.3a] smb: \ *TEST 8:* net view \\sensorlabwrkst System error 5 has occurred. Access is denied. net view \\172.17.5.144 Shared resources at \\172.17.5.144 Samba 2.2.3a Share name Type Used as Comment --- tmp Disk X: test share for maitland The command completed successfully. *TEST 9:* net use x: \\sensorlabwrkst\tmp System error 1240 has occurred. The account is not authorized to log in from this station. L:\net use x: \\172.17.5.144\tmp The command completed successfully. *TEST 10:* $ nmblookup -M FOSTER-MILLER querying FOSTER-MILLER on 172.17.5.255 172.17.5.17 FOSTER-MILLER1d *smb.conf* # Samba config file created using SWAT # from b5pc-mlederer.foster-miller.com (172.17.5.51) # Date: 2004/02/16 12:49:18 # Global parameters [global] workgroup = FOSTER-MILLER netbios name = SENSORLABWRKST encrypt passwords = Yes log level = 2 log file = /etc/samba/log.%m os level = 0 preferred master = False local master = No domain master = False hosts allow = 172.17.5. [tmp] comment = test share for maitland path = /tmp guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind and pam_mkhomdedir problem
I have managed to join my samba server to an AD domain. I use winbind as an authenticator and pam_mkhomedir creates dirs on the fly. How do I get the users in windows to be able to access their files. Kind REgards ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP compiling
Hello All I've read documentation that i had to compile samba with LDAP support. However, I also read that LDAP support is already compiled with Samba ver 3.x. Is it true that ldap is compiled with Samba 3.x. I will be using the binary distribution for fedora core 1 Thanx for you patience Jeremy __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] What should my smbpasswd file look like?
I can not connect to my linux box from my Mac. I get a 'Could not connect to the server because the name or password is not correct' error. I'm not sure where to check to even see what username/pwd samba is using. If I open up my smbpasswd file, it looks like this: drrl:501:xxx:x:[UD]:LCT-402FFFE4: Is there anyway/format that I can add a usr/pwd to this file in plain-text so I can test it? I'm stumped as to how to tell which pwds samba is using for log-ins. -Darrel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] joining to a Domain with a tdbsam backend (smb.conf, testparm and log included)
I'm about to give up. It's been months now that I've been playing around with Samba 3.0. I've downloaded their documentation. Tried to follow it as much as possible, but I'm getting no where with adding machine accounts to a Domain, real fast. I've asked this question a couple of times at the Samba Mailing list, but have gotten no reply(probably my fault, not enough info). So here goes. I'm a home user, with some Knowledge of NT 4 Domain Controllers. Years ago a set one up for a company I worked for. So when I got exposed to Linux, I naturally gravitated to Samba 2.2xx. Took me a while to figure it out, but I managed to setup a simple domain at home, with a few shares. Was able to add both Win XP and Linux machines to my domain. Now they came out with Samba 3. I did an upgrade several times to version 3. All machines that were already members of the domain I have no problem with. But when I try to add new machines (actually 1 new machine) if I try to use root in adding the domain, I get user/password not found (something or other like that). If I try to use my log in name Roberto (Domain Admin) set up according to the Doc, I get access denied. Considering myself still a newbie, I asking you guys for help. HELP Here's my setup: # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2004/02/14 13:40:54 # Global parameters [global] workgroup = MEPHISTOPHELES server string = Samba Server %v (Wish me luck) passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = %U.bat domain logons = Yes os level = 62 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no [homes] comment = Home Directories read only = No browseable = No [netlogon] path = /home/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [work] path = /home/storage/work write list = @storage read only = No [movie] path = /home/storage/Movie write list = @storage read only = No [anonymous] path = /home/storage/anonymous valid users = @storage write list = @storage read only = No [Log] path = /var/log [installation] path = /home/storage/Installations valid users = @installation, @storage read list = @anonymous write list = @storage read only = No create mask = 0774 directory mask = 0774 [DOCUMENTS] path = /home/storage/Documents force user = roberto force group = documentation read only = No create mask = 0664 directory mask = 0664 inherit permissions = Yes [storage] path = /home/storage valid users = @storage, @installation read list = @installation write list = @storage force user = root force group = storage force create mode = 0775 force directory mode = 0775 [linuxdoc] path = /usr/share/doc This is what my net groupmap list gives [EMAIL PROTECTED] root]# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-517848066-3869322434-1176822426-512) - domadmin Domain Guests (S-1-5-21-517848066-3869322434-1176822426-514) - -1 Domain Users (S-1-5-21-517848066-3869322434-1176822426-513) - domusers Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 I'm including the log for log.programxp (programxp being the machine that I'm trying to join to the domain) This is only part of what was generated (what I assumed was necessary) [2004/02/16 16:46:57, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/02/16 16:46:57, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/02/16 16:46:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/02/16 16:46:57, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/02/16 16:46:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/02/16 16:46:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/02/16 16:46:57, 3] auth/auth_sam.c:check_sam_security(473) check_sam_security: Couldn't find user 'root' in passdb file. [2004/02/16 16:46:57, 3] auth/auth_winbind.c:check_winbind_security(79) check_winbind_security: Not using winbind, requested domain was for this SAM. [2004/02/16 16:46:57, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [admin] - [root] FAILED
Re: [Samba] What should my smbpasswd file look like?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 darrel wrote: | I can not connect to my linux box from my Mac. I get a 'Could not | connect to the server because the name or password is not correct' error. | | I'm not sure where to check to even see what username/pwd samba is using. | | If I open up my smbpasswd file, it looks like this: | | drrl:501:xxx:\ | x:[UD]:LCT-402FFFE4: This is a disabled account ('D') with no password ('...'). Run these commands as root ~ $ smbpasswd drrl ~ Password: ~ $ smbpasswd -e drrl cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAMUKgIR7qMdg1EfYRArm/AKDWes17nQ6UY4xBRbRe5X5S/dvHCACfXizD kEoJzxpueFlX37BklfZDnrU= =/qil -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Any help will be great. THX.
I've just installed Samba 2.2.3a on AIX 5.2. We're using a NT password server to authenticate username/password. Our NT guru's are complaining that there're seeing several authentication failures events with an account called sambatest which is not a valid userid on our site. It looks like some type of polling that Samba is doing. This is part of the errors they are seeing: Logon Failure: Reason: Unknown user name or bad password User Name: sambatestHOSTNAME Domain: OURDOMAIN In my smb.conf file I'm using: security = SERVER How can we stop these errors from occurring? We are getting a login screen to login to the network and when we try we get the same message over and over. Georges's Inc. 402 W. Robinson Springdale, AR 72764 ( 479-927-7134 2 479-927-7101 * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What should my smbpasswd file look like?
| drrl:501:xxx:\ | x:[UD]:LCT-402FFFE4: This is a disabled account ('D') with no password ('...'). Ah! Well, that explains my problems. Any idea why they're all disabled? How does one enable it? Run these commands as root ~ $ smbpasswd drrl ~ Password: ~ $ smbpasswd -e drrl I'll try that...does that set the password for Samba? -Darrel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind issue
I have 3 Linux rh9.0 servers on the network all using Samba/LDAP to authenticate. One is acting as the PDC and the other two are domain members. On one server I don't have winbind running and everything works great, however, on the other server, if I turn off the winbind I get a password prompt and cannot access the server. I have no need for winbind but I'm forced to keep it on. I'm using the PAM/NSS method to authenticate through the ldap server. I have the nsswitch set properly, all the library files are in the security folder and the login file in pam.d has all the necessary references, so I don't think it's related to LDAP. I am getting this error: make_server_info_info3: pdb_init_sam failed! but it seems to be related to winbind itself. How can I remove this systems need to use winbind? Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] REPOST: Problems with trust account passowrds ???
REPOST: Somehow I got unsubscribed so I resubscribed and am reposting. Apologies if you've seen this post before. Hi, I'm getting near a thousand error messages a day on only one of my two samba servers that both participate in the same domain: [2004/02/16 09:17:52, 0] rpc_client/cli_trust.c:change_trust_account_password(248) 2004/02/16 09:17:52 : change_trust_account_password: Failed to change password for domain ITS. The server getting the errors is version 2.2.7a-security-rollup-fix running on RedHat Linux. The server not receiving the error messages is version 2.2.0 running on SPARC Solaris. Both servers participate in the same domain, and neither act as a domain controller or WINS server. The technician that manages the microsoft domain itself has no idea since he doesn't see any problem on the microsoft side. I'm assuming, therefore, there is some fine tuning I need to do on the one samba server giving me the errors. Any ideas?? Thanks, Rob Rob Tanner UNIX Services Manager Linfield College, McMinnville OR _ _ _ _ __ _ _ _ _ /\_\_\_\_\/\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_//\/_/ /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner UNIX Services Manager Linfield College, McMinnville OR (503) 434-2558 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] permision problem
I have a server with SuSE 9.0 professional and samba 2.2.8a-170, with approximately 70 directories. I have created in samba a resource or share called data, within as the 70 directories inside it. The problem is since I make to assign the permissions to these directories. If for example, userA belongs to group1 and to group2 and directoryA has like group to grupo1, but when a user of group2 requires and enters directorioA, the group and the user owner changes and other users of group1 or group2 lose the access to that resource. What can I do? I think create a share for each directory, but are more than 70 directories. I try to assign permisions for group, but one user belongs to 2 groups, and dosen't work too. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind issue
Just in case anyone is interested I found the problem...my /etc/ldap.conf file was not correct. Cheers, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Gray Sent: Monday, February 16, 2004 4:29 PM To: Smb_List Subject: [Samba] Winbind issue I have 3 Linux rh9.0 servers on the network all using Samba/LDAP to authenticate. One is acting as the PDC and the other two are domain members. On one server I don't have winbind running and everything works great, however, on the other server, if I turn off the winbind I get a password prompt and cannot access the server. I have no need for winbind but I'm forced to keep it on. I'm using the PAM/NSS method to authenticate through the ldap server. I have the nsswitch set properly, all the library files are in the security folder and the login file in pam.d has all the necessary references, so I don't think it's related to LDAP. I am getting this error: make_server_info_info3: pdb_init_sam failed! but it seems to be related to winbind itself. How can I remove this systems need to use winbind? Cheers, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] CUPS printing from Windows
I have replaced a WinNT4 PDC with a Samba server. I'm not experiencing problems with file sharing/locking at all, but printing is another issue. In this network, there are several dot-matrix printers that are ONLY printed to using a DOS application, and a laser (HP 2300, PCL and PS) that is primarily used for Windows printing. Problem: Windows clients (using downloaded drivers from print$) don't seem to have full or proper control of printing. Example 1: An excel user has to click on Print to fit in Page setup in order for the page to be scaled properly. Otherwise it prints on multiple pages in very large type. Example 2: Another Excel user attempts to set Landscape orientation. The setting is accepted. no error is generated, but the page continues to print in portrait orientation. To begin with, this unit is based on RedHat 9 with all current updates (kernel 2.4.20-28.9, Samba 2.2.7a-8.9.0, Cups 1.1.17-13.3.0.3). After discovering that CUPS was the only printing system that RH9 installed, I went to the documentation and read the HOWTO chapters 18 (Classical printing support) and 19 (CUPS printing support). I then did the following: (1) Create the print queues using the RH/Gnome Printing control applet (2) Test printing from Linkx (ok) (3) Obtain the Windows drivers from the NT4 PDC (copied the whole c:\winnt\...\w32x86 structure to a scratch area. (4) Obtain the detailed descriptions of each installed driver using the rpcclient utility from the Samba server, querying the old NT4 server (temporarily attached) with the getdriver queue_name function. Route the query results to a file. Repeat for all queues. (5) Write a script to parse the output of (4) and automate steps 4-10 of Manual Driver Installation in 15 Steps from Chapter 19. (6) Run the script for each print queue. Drivers appear to be added without problem. (7) Join a WinNT workstation to the Samba domain (8) As Administrator, connect to the laser print queue. Succeeds, no error message. (9) Bring up Excel, attempt to print Landscape as noted above. This fails. Questions:: (A) The failure to command the printer properly suggests a problem with the uploaded drivers. Are there any other common explanations for this type of behavior?? (B) I attempted to set the dot-matrix queues to the Generic printer/Raw device. In this mode, I printed a short text file (in Linux), and copied a test file to the network queue (under Windows). In either case, the file was printed, but the paper was not advanced to the next page. In other words, this queue is so raw that it doesn't even recognise the end of a print job, so multiple print jobs can be printed on the same page. Is there any middle ground, where inter-job pagination occurs, but no other filtering is enabled?? TIA for your attention. A. Becker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] permision problem
On Mon, 2004-02-16 at 19:49, Clemente Acosta wrote: I have a server with SuSE 9.0 professional and samba 2.2.8a-170, with approximately 70 directories. I have created in samba a resource or share called data, within as the 70 directories inside it. The problem is since I make to assign the permissions to these directories. If for example, userA belongs to group1 and to group2 and directoryA has like group to grupo1, but when a user of group2 requires and enters directorioA, the group and the user owner changes and other users of group1 or group2 lose the access to that resource. What can I do? I think create a share for each directory, but are more than 70 directories. I try to assign permisions for group, but one user belongs to 2 groups, and dosen't work too. I think you should be able to set guid on any particular directory... chmod g+s /path/to/directory/inside/of/windows/share and it should hold Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: nmbd multihomed registration request must be directed at aWINS server error
mm.. no response, so I'll reply to myself :-) (B (BI think this error seemed to be caused by my entry of a server name into the (B"WINS Server" field, even though WINS support was turned off. Any idea why? (BDeleting the name seemed to stop the warning/error cropping up. (B (B- (BQ-Games, Dylan Cuthbert. (Bhttp://www.q-games.com (B (B (B"Dylan Cuthbert" [EMAIL PROTECTED] wrote in message (Bnews:[EMAIL PROTECTED] (B Hi there, (B (B I just got a new machine with Redhat Enterprise Workstation and samba (B 3.0.0-14 pre-installed. I am trying to connect it to my existing network (B which has a redhat v8 samba v2 PDC controlling 16 or so win2k and winxp (B machines. (B (B In the nmbd log I get this error 3 times every 5 seconds or so: (B (B nmbd/nmbd_packets.c:process_nmb_request(1448) (B process_nmb_request: Multihomed registration request must be directed at (Ba (B WINS server. (B (B What does this mean? Multihomed? The network is as simple as it gets, (B there is one PDC (and WINS server), and 16 or so clients, and everybody is (B on the same domain. (B (B As far as I can see this error doesn't cause anything to fail (I can (Baccess (B shares on the new machine fine) but I felt it best to check in case it (Bcomes (B back to bite me later on. (B (B Regards (B (B - (B Q-Games, Dylan Cuthbert. (B http://www.q-games.com (B (B (B -- (B To unsubscribe from this list go to the following URL and read the (B instructions: http://lists.samba.org/mailman/listinfo/samba (B (B (B (B-- (BTo unsubscribe from this list go to the following URL and read the (Binstructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] group problem on NT4 domain
Hi, Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc join successfully. everything work great, but group permission failed, error message is user_in_winbind_group_list: nametogid for group NTGROUP failed. smb.conf on shares as below: = omitted base configurations... [shareA] path = /public/shareA valid users = mailto:'@NT\Domain '@NT\Domain Users' write list = NT\steven the conf is simple but error occured. No one can access to shareA, a login prompted out for user/pass. BTW, it has no problem at all if only use user rather than group. Please kindly help or advise, thankyou. Best Regards, Steven Tse -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: nmbd multihomed registration request must be directed at aWINS server error
On Tue, 17 Feb 2004, Dylan Cuthbert wrote: mm.. no response, so I'll reply to myself :-) I think this error seemed to be caused by my entry of a server name into the WINS Server field, even though WINS support was turned off. Any idea why? Deleting the name seemed to stop the warning/error cropping up. The wins server = parameter requires the IP Address of your WINS server. Make sure that it is not the IP address of the Samba server if it is your WINS server (ie: wins support = yes in smb.conf). - John T. - Q-Games, Dylan Cuthbert. http://www.q-games.com Dylan Cuthbert [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi there, I just got a new machine with Redhat Enterprise Workstation and samba 3.0.0-14 pre-installed. I am trying to connect it to my existing network which has a redhat v8 samba v2 PDC controlling 16 or so win2k and winxp machines. In the nmbd log I get this error 3 times every 5 seconds or so: nmbd/nmbd_packets.c:process_nmb_request(1448) process_nmb_request: Multihomed registration request must be directed at a WINS server. What does this mean? Multihomed? The network is as simple as it gets, there is one PDC (and WINS server), and 16 or so clients, and everybody is on the same domain. As far as I can see this error doesn't cause anything to fail (I can access shares on the new machine fine) but I felt it best to check in case it comes back to bite me later on. Regards - Q-Games, Dylan Cuthbert. http://www.q-games.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group problem on NT4 domain
On Tue, 17 Feb 2004, steven.TSE wrote: Hi, Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc join successfully. everything work great, but group permission failed, error message is user_in_winbind_group_list: nametogid for group NTGROUP failed. Do you have winbindd running? Is /etc/nsswitch.conf configured to use winbind? - John T. smb.conf on shares as below: = omitted base configurations... [shareA] path = /public/shareA valid users = mailto:'@NT\Domain '@NT\Domain Users' write list = NT\steven the conf is simple but error occured. No one can access to shareA, a login prompted out for user/pass. BTW, it has no problem at all if only use user rather than group. Please kindly help or advise, thankyou. Best Regards, Steven Tse -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] group problem on NT4 domain
Yes, winbindd is running and nsswitch.conf is configured as: passwd: file winbind shadow: file group: file winbind smb.conf === [global] workgroup = NTDOM server string = Central File Server security = DOMAIN auth methods = winbind password server = bga peh pbe_filpn client lanman auth = No client plaintext auth = No log file = /var/log/samba/%m.log min protocol = LANMAN1 local master = No wins server = 192.168.100.9, 192.168.100.55 get quota command = /usr/bin/quota set quota command = /usr/sbin/setquota idmap uid = 1-2 idmap gid = 1-2 template homedir = /public/home/%U template shell = /bin/bash winbind cache time = 5 [finance] comment = Finance Dept path = /public/finance valid users = '@NTDOM\Domain Users' write list = PBE\steven_tse force group = ntgroup create mask = 0666 directory mask = 0777 I cannot access to shared folder finance, it always prompt for user login. Please help, thankyou Steve -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 3:09 PM To: steven.TSE Cc: [EMAIL PROTECTED] Subject: Re: [Samba] group problem on NT4 domain On Tue, 17 Feb 2004, steven.TSE wrote: Hi, Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc join successfully. everything work great, but group permission failed, error message is user_in_winbind_group_list: nametogid for group NTGROUP failed. Do you have winbindd running? Is /etc/nsswitch.conf configured to use winbind? - John T. smb.conf on shares as below: = omitted base configurations... [shareA] path = /public/shareA valid users = '@NT\Domain Users' write list = NT\steven the conf is simple but error occured. No one can access to shareA, a login prompted out for user/pass. BTW, it has no problem at all if only use user rather than group. Please kindly help or advise, thankyou. Best Regards, Steven Tse -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.2 mapped by Actve Directory
On Tue, 2004-02-17 at 04:06, Costlow Erik A. wrote: I have spent a while trying to join a samba machine to our university's active directory structure so that allowed users can map to it by simply running \\webserver I was able to join the machine just fine via: net ads join VPSA/UH/UH-_ResComp_Servers/ -U adminname And now I can run wbinfo -u to get a listing of all users on our network. I have the right permissions, because from that computer, I can run smbclient //IP/c\$ -k and it lets me through as it should. However, when I run \\webserver from any other computer, log.smbd shows: [2004/02/16 10:51:46, 0] auth/auth_util.c:make_server_info_info3(1100) make_server_info_info3: pdb_init_sam failed! [2004/02/16 10:51:46, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [rceacostl] - [rceacostl] FAILED with error NT_STATUS_NO_SUCH_USER How can I make it so users can map their drives to this computer? Add winbind to your nsswitch.conf - you need 'getent passwd' to return your AD users, before samba can use them. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Setting password must change for more than one user
On Tue, 2004-02-17 at 05:02, Fabien Chevalier wrote: Hello all, I'm using Samba 3 with ldapsam_compat and i have a bunch of users (~ 150). I'm trying to find a way to set 'password must change' attribute to a given value to all users of my domain, so that all be forced to reset their passwords at the same time. Is there an easy way to do that, better than editing ldap database by hand or writing a custom script? I looked at pdbedit, smbpasswd, smbldap-tools, and no...nothing seems to cope with it... Administrators with large LDAP sites soon become very familiar with Net::LDAP and perl scripting :-) It's really not that hard... ;-) (and yes, I know ldap can be a real pain - the benefit is that you *can* do this kind of manipulation, directly on the backend) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] group problem on NT4 domain (revised)
revised to prevent confusion, sorry -Original Message- From: steven.TSE Sent: Tuesday, February 17, 2004 3:30 PM To: John H Terpstra Cc: [EMAIL PROTECTED] Subject: RE: [Samba] group problem on NT4 domain Yes, winbindd is running and nsswitch.conf is configured as: passwd: file winbind shadow: file group: file winbind smb.conf === [global] workgroup = NTDOM server string = Central File Server security = DOMAIN auth methods = winbind password server = bga peh pbe_filpn client lanman auth = No client plaintext auth = No log file = /var/log/samba/%m.log min protocol = LANMAN1 local master = No wins server = 192.168.100.9, 192.168.100.55 get quota command = /usr/bin/quota set quota command = /usr/sbin/setquota idmap uid = 1-2 idmap gid = 1-2 template homedir = /public/home/%U template shell = /bin/bash winbind cache time = 5 [finance] comment = Finance Dept path = /public/finance valid users = '@NTDOM\Domain Users' write list = NTDOM\steven_tse force group = ntgroup create mask = 0666 directory mask = 0777 I cannot access to shared folder finance, it always prompt for user login. Please help, thankyou Steve -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 3:09 PM To: steven.TSE Cc: [EMAIL PROTECTED] Subject: Re: [Samba] group problem on NT4 domain On Tue, 17 Feb 2004, steven.TSE wrote: Hi, Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc join successfully. everything work great, but group permission failed, error message is user_in_winbind_group_list: nametogid for group NTGROUP failed. Do you have winbindd running? Is /etc/nsswitch.conf configured to use winbind? - John T. smb.conf on shares as below: = omitted base configurations... [shareA] path = /public/shareA valid users = '@NT\Domain Users' write list = NT\steven the conf is simple but error occured. No one can access to shareA, a login prompted out for user/pass. BTW, it has no problem at all if only use user rather than group. Please kindly help or advise, thankyou. Best Regards, Steven Tse -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] group problem on NT4 domain
On Tue, 17 Feb 2004, steven.TSE wrote: Yes, winbindd is running and nsswitch.conf is configured as: passwd: file winbind shadow: file group: file winbind What is the output of: getent passwd getent group wbinfo -u wbinfo -g See further comments below. - John T. smb.conf === [global] workgroup = NTDOM server string = Central File Server security = DOMAIN auth methods = winbind Get rid of auth methods password server = bga peh pbe_filpn Why is it necessary to set password server? If possible remote this too. client lanman auth = No client plaintext auth = No Neither of these should be needed. log file = /var/log/samba/%m.log min protocol = LANMAN1 local master = No The above 2 should not be needed either. wins server = 192.168.100.9, 192.168.100.55 get quota command = /usr/bin/quota set quota command = /usr/sbin/setquota idmap uid = 1-2 idmap gid = 1-2 template homedir = /public/home/%U template shell = /bin/bash winbind cache time = 5 [finance] comment = Finance Dept path = /public/finance valid users = '@NTDOM\Domain Users' Try: valid users = @NTDOM\Domain Users write list = PBE\steven_tse What do you get if you run as root on this server: id PBE\steven_tse force group = ntgroup create mask = 0666 directory mask = 0777 I cannot access to shared folder finance, it always prompt for user login. Please help, thankyou Steve -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 3:09 PM To: steven.TSE Cc: [EMAIL PROTECTED] Subject: Re: [Samba] group problem on NT4 domain On Tue, 17 Feb 2004, steven.TSE wrote: Hi, Installed latest Samba3.0.2a on NT4 domain, security = domain and net rpc join successfully. everything work great, but group permission failed, error message is user_in_winbind_group_list: nametogid for group NTGROUP failed. Do you have winbindd running? Is /etc/nsswitch.conf configured to use winbind? - John T. smb.conf on shares as below: = omitted base configurations... [shareA] path = /public/shareA valid users = '@NT\Domain Users' write list = NT\steven the conf is simple but error occured. No one can access to shareA, a login prompted out for user/pass. BTW, it has no problem at all if only use user rather than group. Please kindly help or advise, thankyou. Best Regards, Steven Tse -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Mapping Windows 2000 Drives/Shares from VMS
Matthew Robey wrote: Hi, I am running VMS V7.3-1 with TCPIP V5.3 eco 2 and Samba V2.2.8 Is it possible to map a Windows 2000 drive/share from VMS ? I can list the shares by doing: $ smbc -L windows server -U username But I cant work out how to use it to 'map' a drive. You can not map a drive on OpenVMS. It would require implementing a SMB file ACP on OpenVMS, and that would be a lot of work, and probably require the source listings. With out an assist from some TCP/IP internals, it also probably would be extremely slow. -John [EMAIL PROTECTED] Personal Opinion Only PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
CVS update: samba/source/utils
Date: Mon Feb 16 14:04:56 2004 Author: vlendec Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv9086 Modified Files: Tag: SAMBA_3_0 net_groupmap.c Log Message: Fix success message for net groupmap modify Volker Revisions: net_groupmap.c 1.1.2.20 = 1.1.2.21 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net_groupmap.c.diff?r1=1.1.2.20r2=1.1.2.21
CVS update: samba/source/utils
Date: Mon Feb 16 14:05:46 2004 Author: vlendec Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv9470 Modified Files: net_groupmap.c Log Message: Fix success message for net groupmap modify Volker Revisions: net_groupmap.c 1.15 = 1.16 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net_groupmap.c.diff?r1=1.15r2=1.16
CVS update: samba/source/rpc_server
Date: Mon Feb 16 14:24:35 2004 Author: vlendec Update of /data/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv13679 Modified Files: Tag: SAMBA_3_0 srv_samr_nt.c Log Message: Cosmetic fix: Use sid_is_in_our_domain instead of doing it per hand. Volker Revisions: srv_samr_nt.c 1.86.2.65 = 1.86.2.66 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_samr_nt.c.diff?r1=1.86.2.65r2=1.86.2.66
CVS update: samba-docs/docbook/projdoc
Date: Mon Feb 16 18:24:00 2004 Author: ab Update of /home/cvs/samba-docs/docbook/projdoc In directory dp.samba.org:/tmp/cvs-serv26282 Modified Files: CUPS-printing.xml NetworkBrowsing.xml printer_driver2.xml Log Message: Make link/ elements non-empty Revisions: CUPS-printing.xml 1.12 = 1.13 http://www.samba.org/cgi-bin/cvsweb/samba-docs/docbook/projdoc/CUPS-printing.xml.diff?r1=1.12r2=1.13 NetworkBrowsing.xml 1.13 = 1.14 http://www.samba.org/cgi-bin/cvsweb/samba-docs/docbook/projdoc/NetworkBrowsing.xml.diff?r1=1.13r2=1.14 printer_driver2.xml 1.10 = 1.11 http://www.samba.org/cgi-bin/cvsweb/samba-docs/docbook/projdoc/printer_driver2.xml.diff?r1=1.10r2=1.11
CVS update: samba/source/client
Date: Mon Feb 16 23:43:14 2004 Author: sfrench Update of /home/cvs/samba/source/client In directory dp.samba.org:/tmp/cvs-serv20782 Modified Files: Tag: SAMBA_3_0 mount.cifs.c Log Message: Disable suid on user mounts (can override with -DCIFS_ALLOW_USR_SUID) Revisions: mount.cifs.c1.2.2.11 = 1.2.2.12 http://www.samba.org/cgi-bin/cvsweb/samba/source/client/mount.cifs.c.diff?r1=1.2.2.11r2=1.2.2.12