Re[2]: [Samba] a better smbstatus for monitoring samba ?

[Collen Blijenberg]

depends on it...
what needs to be in the tool ???
what options, and all...

(got a big holyday comming up, so got some time to crack!)

l8r
-
Collen Blijenberg   (Montessori Lyceum Herman Jordan)

Wednesday, June 16, 2004, 3:26:43 AM, you wrote:

JA> On Tue, Jun 15, 2004 at 09:56:04PM +0200, Becskei Robert wrote:
>> Hello,
>> 
>>  does anyone know if there is a tool in existence that can
>> monitor samba shares like smbstatus
>> but is much more advanced (and runs in console) , I mean a tool that has menues, 
>> some search
>> options, and things sorted out nice. A Samba realtime monitor
>> would be the best thing with lots
>> of details and lots of options.
>> 
>> 
>>  I tried Swat, but that aint really a solution to watch who is
>> connected to where, neither is smbstatus
>> since when to many people are connected you can't see in
>> realtime who is using what. And that I think
>> is one major problem.
>> 
>>  I would like to have such a tool because I'm throwing the
>> Novell File Server out and using a Whitebox 3.0EL
>> instead. I wonder,...is there such a tool like Novell Monitor
>> ... for linux ? I mean if there aint one for samba
>> maybe another tool that is more advanced would be able to view
>> who is connected to what ? what is their IP
>> adress, what time did they logged on, what is the current system status, etc...

JA> No tool I know of currently. If anyone wants to write one (maybe a gui tool
JA> written in python ?) I'd be happy to integrate it into the source code.

JA> There are lots of admin options that could be added to Samba via TDB messaging
JA> to perform admin operations - we just need programmer enthusiasm to write such
JA> a tool. Anyone game ?

JA> Jeremy.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] win2000 + RH9 samba-3.0.4-1

[Collen Blijenberg]

try joining the domain as user root (or as an admin)
the error say's it all..

invalid user, or maybe you typed a wrong passwd ??
-
Collen Blijenberg   (Montessori Lyceum Herman Jordan)

Tuesday, June 15, 2004, 7:45:22 PM, you wrote:

L> HI, everybody i Have win2000 Professional and RH linux 9, with samba-3.0.4-1
L> i read the howto, but my win2000 can't login into my samba PDC, i send the
L> smb.conf and the screenshots of error windows, the pdc is found but send
L> erroro with invalid password i create user with smbpasswd -a jorge
L> I probe with several changes but error not changes,
L> the error is a message window:
L>  --|
L>  |   Network Identification 
 |
L>  |-|
L>  |  
 |
L>  |   Error to join Domain “linuxbeta”|
L>  |   Error to start session: invalid username or password wrong  |
L>  |  
 |
L>  |-|

L> Anybody can help me.
L> Regards
L> Jorge
L> sorry but my english isn't so good

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ok

["Alexey Panyovin"]

http://Mail.Ru - безлимитный почтовый ящик
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Returned post for members@inkman.com.au

[members-help]

Hi! This is the ezmlm program. I'm managing the
[EMAIL PROTECTED] mailing list.

I'm working for my owner, who can be reached
at [EMAIL PROTECTED]

I'm sorry, the list moderators for the members list
have failed to act on your post. Thus, I'm returning it to you.
If you feel that this is in error, please repost the message
or contact a list moderator directly.

--- Enclosed, please find the message you sent.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ssh tunnelling with putty

[Brian Johnson]

A number of VPN solutions do not work for win98 clients (including openvpn)

Although winscp is a working option, I am trying to determine if a secure
method is available to use the windows explorer interface like a normal samba
share



Tim Tait ([EMAIL PROTECTED]) wrote:
>
> Jonathan Johnson wrote:
>
> >On Tue, 15 Jun 2004, Paul Krash wrote:
> >
> >
> >
> >>Hi Brian!
> >>
> >>Brian Johnson wrote:
> >>
> >>
> >>>Could someone provide some help tunnelling a connection through a ssh pipe
> >>>using putty on a windows 98 client to a samba server?
> >>>
> >>>
> >>OK, ssh goes through port 22, mapping a drive requires ports 137 and 139
> >>(tcp and udp) to be open and routable by Windows RPC client.
> >>
> >>I would suggest configuring The Microsoft VPN adapter to attach to the
> >>server, then map your drive to samba.
> >>
> >>You will have to have the VPN configured on the server (and both routers).
> >>
> >>I am assuming (ah!!!) that you are trying to reach the samba server from
> >>outside the host network.
> >>
> >>
> >>
> >
> >Of course, the point of tunnelling is to allow one to connect to a
> >particular remote port (such as 137 and 139) when only ssh is
> >available. This works by creating a listening port of your choice on
> >the Windows machine, which PuTTY forwards via SSH to a remote machine
> >of your choice.
> >
> >Where this breaks down for SMB is when you realize that there is
> >already a listening service on ports 137 and 139: the windows server
> >service (or whatever it's euivalent is in 9x -- file and printer
> >sharing, I guess). That means that no matter how you try to connect to
> >the remote machine, all you're gonna get is your own computer.
> >
> >Now, there may be a way around it: for your local port, specify
> >something on the order of "127.0.0.5:137". For your remote port,
> >specify 137 on the remote IP address. This is sort of like the
> >"loopback adapter" but (hopefully) Windows isn't already listening on
> >that IP address to port 137. You may then be able to reach the remote
> >computer by the address 127.0.0.5.
> >
> >I haven't tried this, so your mileage may vary. But I think it's worth
> >a shot. Now, you won't be able to browse the remote network, but maybe
> >someone else knows a better way.
> >
> >--Jonathan Johnson
> >[EMAIL PROTECTED]
> >
> You could try a VPN that can pass thru ssh and has both Linux and
> Windows support, like OpenVPN or CIPE... I think you just need to
> forward one port, and it will appear on both machines to be a seperate
> ethernet adapter. If I remember right, OpenVPN will even pass thru an
> HTTP proxy, which ssh has built in.
>
> 
>
> Tim
>
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ssh tunnelling with putty

[Brian Johnson]

I am following http://www.aerospacesoftware.com/samba-ssh-tunnel-howto.htm and
others that I found that suggest that a drive can be mapped through a
tunnelled port 139 using putty if the File Sharing Network tool is
uninstalled.

I can successfully tunnel port 25, but cannot map a drive through my port 139
tunnel and am trying to troubleshoot what might be going wrong



Jonathan Johnson ([EMAIL PROTECTED]) wrote:
>
> On Tue, 15 Jun 2004, Paul Krash wrote:
>
> > Hi Brian!
> >
> > Brian Johnson wrote:
> > > Could someone provide some help tunnelling a connection through a ssh pipe
> > > using putty on a windows 98 client to a samba server?
> >
> > OK, ssh goes through port 22, mapping a drive requires ports 137 and 139
> > (tcp and udp) to be open and routable by Windows RPC client.
> >
> > I would suggest configuring The Microsoft VPN adapter to attach to the
> > server, then map your drive to samba.
> >
> > You will have to have the VPN configured on the server (and both routers).
> >
> > I am assuming (ah!!!) that you are trying to reach the samba server from
> > outside the host network.
> >
>
> Of course, the point of tunnelling is to allow one to connect to a
> particular remote port (such as 137 and 139) when only ssh is
> available. This works by creating a listening port of your choice on
> the Windows machine, which PuTTY forwards via SSH to a remote machine
> of your choice.
>
> Where this breaks down for SMB is when you realize that there is
> already a listening service on ports 137 and 139: the windows server
> service (or whatever it's euivalent is in 9x -- file and printer
> sharing, I guess). That means that no matter how you try to connect to
> the remote machine, all you're gonna get is your own computer.
>
> Now, there may be a way around it: for your local port, specify
> something on the order of "127.0.0.5:137". For your remote port,
> specify 137 on the remote IP address. This is sort of like the
> "loopback adapter" but (hopefully) Windows isn't already listening on
> that IP address to port 137. You may then be able to reach the remote
> computer by the address 127.0.0.5.
>
> I haven't tried this, so your mileage may vary. But I think it's worth
> a shot. Now, you won't be able to browse the remote network, but maybe
> someone else knows a better way.
>
> --Jonathan Johnson
> [EMAIL PROTECTED]
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] i've problem with login script

[andry]

any can help me how to make login script work fyi i use 
dos and win 9x as client, how to
about the configuration to make login script work for 
client

thanks
===
"Gabung INSTANIA, dapatkan XENIA. Daftar di www.telkomnetinstan.com, langsung dapat 
akses Internet Gratis..
Dan ..ikuti "Instan Smile" berhadiah Xenia,Tour S'pore, Komputer,dll, info hub : TELKOM 
Jatim 0-800-1-467826 "
===
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] how to make login script..

[andry]

hallo my name is awe from jakarta..
i have been learning linux for about one year and i 
interested learn more about it, for example SAMBA because 
before we use novell server for file sharing considering 
novell to expensive and then i suggest to use SAMBA and i 
would like to ask about samba and i hope you can help me, 
btw i would like to  apologize because my english not good

1. how to make samba as PDC, how about the 
configuration..?
2. how to make login script for client ( dos & win 
9x,nt,2k)

i currently use SWAT for configure samba because its 
helpfull for me

thanks
===
"Gabung INSTANIA, dapatkan XENIA. Daftar di www.telkomnetinstan.com, langsung dapat 
akses Internet Gratis..
Dan ..ikuti "Instan Smile" berhadiah Xenia,Tour S'pore, Komputer,dll, info hub : TELKOM 
Jatim 0-800-1-467826 "
===
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + Kerberos - ADS: possible?

[Andrew Bartlett]

On Wed, 2004-06-16 at 02:35, Rodolfo Broco Manin wrote:
> Hi, All!!
> 
> I have a Windows XP client configured to use Kerberos authentication (with
> a MIT KDC).  I configured it with ksetup.exe from Windows 2000 and it
> works well.
> 
> Question is: can I use the kerberos tickets I got at logon time to access
> the shares from our samba server, without configuring a entire AD struct
> and soon?
> 
> Actually, I can access the shares, but only if my kerberos password and my
> smbpasswd password are equals (that is, my Windows client is using NTLM
> authentication method to access it).
> 
> Btw, I'm currently using "security = user" at samba server, and we don't
> have any Windows server (and this is the issue: is possible to use
> kerberos between Windows clients and Samba servers without any windows
> machines at the scenario?).

Currently not, but I do hope to correct this silly situation. (Which
will be helped by the kerberos keytab patch currently under
consideration for inclusion).

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Invalid workgroup name in browse list

[Jeremy Allison]

On Fri, Jun 11, 2004 at 12:24:32PM -0400, [EMAIL PROTECTED] wrote:
> 
> On Fri, 11 Jun 2004, Jeremy Allison wrote:
> 
> > On Fri, Jun 11, 2004 at 11:01:18AM -0400, [EMAIL PROTECTED] wrote:
> > >
> > > On my PDC, which is also the DMB, there is a duplicate entry for a trusted
> > > domain that is run on an AD controller on the same ethernet segment.  The
> > > duplicate, though, has several spaces after the name (from browse.dat):
> > >
> > > "BROADWAY"80001000 "CALIMERO""BROADWAY"
> > > "BROADWAY   " 80001000 "CALIMERO""BROADWAY   
> > > "
> > >
> > > When I set enhanced browsing to no on the DMB and restart, the duplicate
> > > goes away.  When I set it back to yes and restart, it shows up
> > > immediately.  What could be causing this?
> >
> > It's a bug we've fixed in current svn. Jerry has the patch for it if
> > you  need a fix immediately. It'll be fixed in 3.0.5.
> 
> Yes, please.  Where can I grab it?

Here it is, sorry for the delay.

Jeremy.

--- lib/charcnv.c   2004-05-28 16:10:52.0 -0700
+++ /home/jeremy/src/samba3.0/source/lib/charcnv.c  2004-05-27 15:04:24.0 
-0700
@@ -932,7 +932,7 @@
   

 size_t pull_ascii_nstring(char *dest, size_t dest_len, const void *src)
 {
-   return pull_ascii(dest, src, dest_len, sizeof(nstring), STR_TERMINATE);
+   return pull_ascii(dest, src, dest_len, sizeof(nstring)-1, STR_TERMINATE);
 }
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] a better smbstatus for monitoring samba ?

[Jeremy Allison]

On Tue, Jun 15, 2004 at 09:56:04PM +0200, Becskei Robert wrote:
> Hello,
> 
>  does anyone know if there is a tool in existence that can monitor samba shares like 
> smbstatus
> but is much more advanced (and runs in console) , I mean a tool that has menues, 
> some search
> options, and things sorted out nice. A Samba realtime monitor would be the best 
> thing with lots
> of details and lots of options.
> 
> 
>  I tried Swat, but that aint really a solution to watch who is connected to where, 
> neither is smbstatus
> since when to many people are connected you can't see in realtime who is using what. 
> And that I think
> is one major problem.
> 
>  I would like to have such a tool because I'm throwing the Novell File Server out 
> and using a Whitebox 3.0EL
> instead. I wonder,...is there such a tool like Novell Monitor ... for linux ? I mean 
> if there aint one for samba
> maybe another tool that is more advanced would be able to view who is connected to 
> what ? what is their IP
> adress, what time did they logged on, what is the current system status, etc...

No tool I know of currently. If anyone wants to write one (maybe a gui tool
written in python ?) I'd be happy to integrate it into the source code.

There are lots of admin options that could be added to Samba via TDB messaging
to perform admin operations - we just need programmer enthusiasm to write such
a tool. Anyone game ?

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ssh tunnelling with putty

[Tim Tait]

Jonathan Johnson wrote:
On Tue, 15 Jun 2004, Paul Krash wrote:
 

Hi Brian!
Brian Johnson wrote:
   

Could someone provide some help tunnelling a connection through a ssh pipe
using putty on a windows 98 client to a samba server?
 

OK, ssh goes through port 22, mapping a drive requires ports 137 and 139
(tcp and udp) to be open and routable by Windows RPC client.
I would suggest configuring The Microsoft VPN adapter to attach to the 
server, then map your drive to samba.

You will have to have the VPN configured on the server (and both routers).
I am assuming (ah!!!) that you are trying to reach the samba server from 
outside the host network.

   

Of course, the point of tunnelling is to allow one to connect to a
particular remote port (such as 137 and 139) when only ssh is
available. This works by creating a listening port of your choice on
the Windows machine, which PuTTY forwards via SSH to a remote machine
of your choice.
Where this breaks down for SMB is when you realize that there is
already a listening service on ports 137 and 139: the windows server
service (or whatever it's euivalent is in 9x -- file and printer
sharing, I guess). That means that no matter how you try to connect to
the remote machine, all you're gonna get is your own computer.
Now, there may be a way around it: for your local port, specify
something on the order of "127.0.0.5:137". For your remote port,
specify 137 on the remote IP address. This is sort of like the
"loopback adapter" but (hopefully) Windows isn't already listening on
that IP address to port 137. You may then be able to reach the remote
computer by the address 127.0.0.5.
I haven't tried this, so your mileage may vary. But I think it's worth
a shot. Now, you won't be able to browse the remote network, but maybe
someone else knows a better way.
--Jonathan Johnson
[EMAIL PROTECTED]
You could try a VPN that can pass thru ssh and has both Linux and 
Windows support, like OpenVPN or CIPE... I think you just need to 
forward one port, and it will appear on both machines to be a seperate 
ethernet adapter. If I remember right, OpenVPN will even pass thru an 
HTTP proxy, which ssh has built in.


Tim
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + MS Access

[[EMAIL PROTECTED]]

From: Dan Weisenstein <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [Samba] Samba + MS Access
Date: Tue, 15 Jun 2004 11:42:50 -0700

- Original Message Follows -
> I have a single Linux server running SuSE 9.1 and Samba
> 3.04. I have one  share that has several MS Access tables
> on it. One user can operate just  fine, however when a
> second+ user tries to access the same database  tables,
> one of several things happens depending on what I have in
> the  smb.conf file. It's usually a permission denied, or a
> "can't lock" type  of error.
>
> When the first user opens a table, a file called xxx.ldb
> gets created,  where xxx is the name of the table. The
> lock file is owned by the user  and has permissions of
> 644. When a second user tries to open the same  table, the
> error occurs. In my smb.conf file, I have tried almost
> every  option I can find that would apply to file locking,
> including turning on  and off kernel oplocks, level2
> oplocks, oplocks, and setting veto oplock  files to
> /.ldb/.mdb/ and all possible permutations of all of them.
> Nothing really changes with any of them. If I force the
> lock file to  666, Access hangs.
>
I saw this in a Samba book by Gary Wilson.  Maybe it will
help (p83):
"To configure a share for [Access] database that is readable
by all users but can be modified by a few users ... "
[share]
path = /path/to/share
read only = yes
write list = user1, user2, @sales
create mask = 0666
directory mask = 0777
force create mode = 0666
force directory mode = 0777
oplocks = no
veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/
dos filetimes = yes

It was for Samba 2.2 but maybe it will help.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] security = ads: problem join XP Pro?

[Etienne-Hugues Fortin]

Hi Paul,

Finally, I got a new hard disk and reinstalled my XP workstation.  I'm now
able to join the domain correctly.  I've also been able to add my printer
driver on the PDC.  So, everything is working great now.

Here's my smb.conf for those who would like a working configuration of a PDC
with LDAP

smb.conf


[global]
workgroup = cyberspicace
netbios name = fs01
server string = fs01
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
wins support = yes

;PDC and master browser settings
os level = 64
preferred master = yes
local master = yes
domain master = yes
domain logons = yes

;security and logging settings
security = user
encrypt passwords = yes
unix password sync = yes
passdb backend = ldapsam:ldap://
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445

;security - interface
interfaces = eth0 192.168.1.0/24 lo 127/8
bind interfaces only = yes

;services
name resolve order = wins bcast hosts
time server = yes
load printers = yes
printcap name = cups
printing = cups
show add printer wizard = yes

;various scripts
passwd program = /var/lib/samba/sbin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%'g
add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u'
%g'
delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x
%u' '%g'
set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g'
%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = X:

;access
admin users = @Domain\ Admins
printer admin = root, @Domain\ Admins

;ldap backend
ldap suffix = dc=,dc=com
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap admin dn = cn=Manager,dc=,dc=com
map acl inherit = Yes

include = /etc/samba/shares.conf
-

Where shares.conf is having

[IPC$]
path = /tmp
hosts allow = 192.168.1.0/24, 127.0.0.1
hosts deny = 0.0.0.0/0

[homes]
comment = Home Directories
;valid users = %S
writable = yes
browseable = No

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
locking = no

[profiles]
comment = Profile Share
path = /home/samba/profiles
writable = yes
profile acls = yes
browseable = no
guest ok = yes

[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = yes
public = yes
writable = no
printable = yes
use client driver = no
browseable = no

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
browseable = yes
guest ok = no
read only = yes
write list = administrator, root
-

This is a really long config file but it's working.

Thank you for your help.  It has been really appreciated.


Etienne

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Etienne-Hugues Fortin
Sent: June 10, 2004 08:50
To: Paul Gienger
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] security = ads: problem join XP Pro?

Hi Paul,

> Where are you getting with adding the machines?  You should get a posix
> user added with machinename$ for the uid, then that user will be
> modified to include the sambaSamAccount data.

That's what I got when I tried joining the domain while security was set
to domain.  However, I've not been able to retest this with security set
to user as you suggested.  My test workstation hard disk crashed
yesterday.  I'm expecting my replacement drive tomorrow so I should be
able to test this during the weekend.

> I would suggest these for 'official' resources:
> http://us2.samba.org/samba/docs/man/howto/samba-pdc.html*
> *and
> http://us2.samba.org/samba/docs/man/guide/
> **

I'll have a look at those.  Until now, I've use the Samba by example and
that's where I got the security = ads which seems to be the cause of my
problem.

> there are a couple  of comments below:

Yes, the smbldap-tools are installed and working.  I've also setted the
secret with smbpasswd -w.  As I said, the join worked after I tried
security = domain.  I'm pretty sure it will work as well with security =
user.  I just have to wait for my new hard disk...

I'll keep you posted as soon as I'm having tested it.

Have a nice day.


Etienne-Hugues

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ssh tunnelling with putty

[Jonathan Johnson]

On Tue, 15 Jun 2004, Paul Krash wrote:

> Hi Brian!
> 
> Brian Johnson wrote:
> > Could someone provide some help tunnelling a connection through a ssh pipe
> > using putty on a windows 98 client to a samba server?
> 
> OK, ssh goes through port 22, mapping a drive requires ports 137 and 139
> (tcp and udp) to be open and routable by Windows RPC client.
> 
> I would suggest configuring The Microsoft VPN adapter to attach to the 
> server, then map your drive to samba.
> 
> You will have to have the VPN configured on the server (and both routers).
> 
> I am assuming (ah!!!) that you are trying to reach the samba server from 
> outside the host network.
> 

Of course, the point of tunnelling is to allow one to connect to a
particular remote port (such as 137 and 139) when only ssh is
available. This works by creating a listening port of your choice on
the Windows machine, which PuTTY forwards via SSH to a remote machine
of your choice.

Where this breaks down for SMB is when you realize that there is
already a listening service on ports 137 and 139: the windows server
service (or whatever it's euivalent is in 9x -- file and printer
sharing, I guess). That means that no matter how you try to connect to
the remote machine, all you're gonna get is your own computer.

Now, there may be a way around it: for your local port, specify
something on the order of "127.0.0.5:137". For your remote port,
specify 137 on the remote IP address. This is sort of like the
"loopback adapter" but (hopefully) Windows isn't already listening on
that IP address to port 137. You may then be able to reach the remote
computer by the address 127.0.0.5.

I haven't tried this, so your mileage may vary. But I think it's worth
a shot. Now, you won't be able to browse the remote network, but maybe
someone else knows a better way.

--Jonathan Johnson
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Can't Assign Rights to Samba Share via ADS

[Joel Johnston]

I have been through the ringer on this one and need some specific
guidance on diagnosing and "healing" my mistake.  I have successfully
assigned my server to the domain and can browse to the server and its
shares via explorer.  However, I can't create directories or save files
from windows on my samba shares.  I've checked the directory permissions
and they all have read/write/execute (for the time being.)   What would
cause me to have read-only permissions on these files?  I need a better
understanding of "whose" in control as it pertains to permissions on a
linux share.
 
I'm running Fedora Core 1 with all of the latest updates vi up2date. 
 
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[html]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
 
# Global parameters
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
server string = internal services server
security = ADS
password server = PDC.MYDOMAIN.COM
log level = 5
log file = /var/log/samba/log.%m
max log size = 50
idmap uid = 15000-2
idmap gid = 15000-2
template shell = /bin/bash
winbind separator = +
winbind enable local accounts = No
winbind use default domain = Yes
 
[html]
path = /var/www/html
read only = No
create mask = 0644
 
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Modify but not create permissions

[Bill Chmura]

I am still trying to figure out why samba wont let me create in subdirectories

I've tripple checked everything and a few things leapt out at me.

*) I can modify a file inside a directory that I cannot create a file in.  I 
did not know it was possible under linux to do that.  

*) If I set all perms on 777 I can create.  But neither 775 or 755 will allow 
it.

*) When I go into a mount through a terminal, and I do an ls -l I get raw UID 
numbers back instead of actual owners.  Is this normal?  I could not 
remember.

The logs show me being accepted as UID 500 which is what the files and 
directories are owned by

I am still baffled by the being able to modify, but not delete or create...

Any help would be greatly appreciated at this point!



-- 

Bill Chmura

w. http://www.fistfullofcode.com
w. http://www.explosivo.com

--
Without good motivation, science and technology, instead of helping, bring 
more fear and threaten global destruction. Compassionate thought is very 
important for humankind.
-His Holiness the Dalai Lama

Wisdom does not mean knowledge but experiential understanding. Wisdom helps 
you to change radically your habits and perceptions, as you discover the 
constantly changing, interconnected nature of the whole of existence.
-Martine Batchelor, "Meditation For Life"
---
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ssh tunnelling with putty

[Paul Krash]

Hi Brian!
Brian Johnson wrote:
Could someone provide some help tunnelling a connection through a ssh pipe
using putty on a windows 98 client to a samba server?
OK, ssh goes through port 22, mapping a drive requires ports 137 and 139
(tcp and udp) to be open and routable by Windows RPC client.
I would suggest configuring The Microsoft VPN adapter to attach to the 
server, then map your drive to samba.

You will have to have the VPN configured on the server (and both routers).
I am assuming (ah!!!) that you are trying to reach the samba server from 
outside the host network.

Of course, I could be wrong. :-)
Best,
Paul Krash
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Linux groups permissions change not reflected

[Tomáš Polák]

Hello,
I am running Samba 3.0 as PDC.
When changing group ownership via Linux 
command line of any file, those changes
are not reflected by Samba, until smbd 
is restarted.
I have find, that probably group_mapping.tdb
is a place where you have cached those 
permissions mapping to Linux. This file is 
refreshed only when smbd is started.

But I need to control user rights via Linux
commands and need to have these rights
accepted when users are accessing via
Samba share.

Unfortunatelly I cannot restart Samba each time I change
permissions of some file, because this causes 
MS Access application crash, when have opened
files from Samba shares.

Is there any regular way how to tell smbd, that 
permissions was changed?
I try signals, but was unsuccessful.
Maybe I am wrong in my smb.conf...?

Thank you for your response.

Best regards,
Tomas Polak

-- 
Tato sprava bola prehladana na vyskyt virusov a nebezpecneho obsahu antivirovym 
systemom na serveri spolocnosti Jaga Group s.r.o. a zda sa byt cista. Info: [EMAIL 
PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ssh tunnelling with putty

[Brian Johnson]

Could someone provide some help tunnelling a connection through a ssh pipe
using putty on a windows 98 client to a samba server?

I think I am doing it correctly but can't map a samba share and can't figure
out how to debug it

I can't find any log files or any other way to determine how the connection
attempt is proceeding

Any tips?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + MS Access

[Dan Weisenstein]

Guess I didn't provide enough details. Each user has his/her own copy of 
the database (forms, linked tables, queries, etc.). The tables in each 
are just links to the real tables which reside on a Samba share. Yes, 
Access creates the .ldb lock file. On a Windows server, this translated 
into just one lock file per table, no matter how many users are acessing 
that table.

There is also a lock file per database, i.e. the database Customers.mdb, 
when active, has an lock file called Customers.ldb (on the local 
machine), and uses the linked database tables on the shared drive called 
SalesTables.mdb which also has a lock file called SalesTables.ldb. No 
matter how many users are accessing SalesTables.mdb on the shared drive, 
there is only one lock file. Like I said before, this all works 
flawlessly on a Windows server.

So, what I need to figure out is how to have Samba mimic exactly what 
WinXP does for permissions on a network share.

Dan
Chris Jones wrote:
Hm its generally not a good idea to have more then 1 user inside an access
database. It can cause data corruption. The work around for something like
this is to do a front end/back end type system. IE put all the forms and
reports in one database give both users or all users a copy of this then use
linked tables to link them to the data in the background. The ldb file is
not created by samba and so these fellas prob won't be able to help ya. I
can't explain why it worked in XP it shouldn't have. the ldb file is
access's locked database file meaning someone else has it open for writing.
Chris
 

Dan
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] a better smbstatus for monitoring samba ?

[Becskei Robert]

Hello,

 does anyone know if there is a tool in existence that can monitor samba shares like 
smbstatus
but is much more advanced (and runs in console) , I mean a tool that has menues, some 
search
options, and things sorted out nice. A Samba realtime monitor would be the best thing 
with lots
of details and lots of options.


 I tried Swat, but that aint really a solution to watch who is connected to where, 
neither is smbstatus
since when to many people are connected you can't see in realtime who is using what. 
And that I think
is one major problem.

 I would like to have such a tool because I'm throwing the Novell File Server out and 
using a Whitebox 3.0EL
instead. I wonder,...is there such a tool like Novell Monitor ... for linux ? I mean 
if there aint one for samba
maybe another tool that is more advanced would be able to view who is connected to 
what ? what is their IP
adress, what time did they logged on, what is the current system status, etc...


 Please help me if possible.


 Sincerely
 Robert Becskei
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] J.H. Terpstra Samba Dallas, TX events - June 16-19

[Alex Monteiro]

Freedom Technology Center is proud to announce a series of events
happening in Dallas, TX. from June 16th - 19th in conjunction with the
Seattle ITEC (www.goitec.com) show.

>From 7:00-8:30 on June 16th, John H. Terpstra is having a special
meet-the-author cocktail reception to promote his latest book "Samba-3 By
Example".  The event is sponsored by his publisher Prentice Hall and will
be held at the South Side on Lamar http://www.southsideonlamar.com/
facility in Dallas.  The event will be held in the Artists Quarter.

The Dallas ITEC show is June 16-17 at the Dallas Convention Center.
Freedom Technology Center's John H. Terpstra will be presenting two
sessions on June 17th.  The first session is Analyzing ROI for Linux
Migration (Strategic Series) and the second is Running Linux in a Windows
World (Implementation Series).  ITEC has made the following offer to
Dallas area Linux User Group members - feel free to pass it along:

EXCLUSIVE OFFER for Dallas area Linux User Group members. Attend John
Terpstra's session at ITEC for Free - a $295 Value. Register today for a
Free Conference Pass to ITEC at www.goitec.com/reg/dal/ and use priority
code FTCDAL. Click here for more information on the sessions John is
presenting
http://www.goitec.com/live/15/events/15DAL04/conferences/conferencetracks/21/QYWEFA000Q13


Following the ITEC show, Freedom Technology Center is offering a special
1-Day tutorial on June 18th instructed by John H. Terpstra titled "Samba-3
By Example".  The tutorial will be held at the South Side on Lamar
facility.  This intensive 1-Day tutorial is an accelerated overview of the
topics John covers in his hands-on training workshops.  Each attendee will
receive a copy of John's "Samba-3 By Example" book as part of the
tutorial.  All LUG and FTC announce-list members are entitled to a 10%
discount on the tutorial.  You can visit the class page here:
http://freedomtechnologycenter.org/classes/samba/ .  Following the
tutorial will be a 6:00pm open-invitation cocktail reception sponsored by
our friends at South Side on Lamar and the South Side Technology Center.

On Saturday June 19th, Mr. Terpstra will be presenting a 1+ hour Samba-3
overview  at the North Texas LUG's monthly meeting.  Please visit their
page at http://www.ntlug.org for directions and details.

Please contact us at [EMAIL PROTECTED] or toll free at
866-643-3733 for more information.

--
Alex Monteiro
Program Manager - Freedom Technology Center
Toll Free:  866-643-3733  Fax: 650-964-4268

Offering the world's best in Open Source training.
http://www.freedomtechnologycenter.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PRINT$ Problems

[Aaron Goodman]

   Here are some more details. I am using samba 3.0.2a-Debian so that rules
out the possibility of the bug mentioned here:
http://lists.samba.org/archive/samba/2004-February/080294.html.  I am using
the printer drivers from HPs website
(http://h10025.www1.hp.com/ewfrf/wc/softwareList?product=71896&lang=en&lc=en
&cc=us&dlc=en&os=228).  I can print locally using the HPIJS drivers, how do
I figure out what PPD?  I added the drivers using the add printer wizard in
Windows XP.
   Another thing, the printer is not connected directly to the machine
running cups and samba; it is attached to a SMC router/print server.  The
SMC router has a proprietary driver for windows and a more standard one for
Linux so I decided to avoid that by connecting it to the Linux box and
sharing it via samba.  The printers.conf is below.
   I can print just fine if I disconnect a computer from the network and
install the drivers by hand then reconnect.  If I can't get point and print
to work is there a way to reset the drivers so it will prompt for me to find
them locally rather than installing ones that don't work?


---printers.conf--

Info HP5550
Location
DeviceURI lpd://192.168.1.3:515/lpt1
State Idle
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0

-


---global section
[global]
   panic action = /usr/share/samba/panic-action %d
   workgroup = geoduck.net
   server string = %h server (Samba %v)
   load printers = yes
   printcap name = cups
   printing = cups
   guest account = nobody
   log file = /var/log/samba/log.%m
   log level = 2
   max log size = 1000
   syslog = 0
   security = user
   encrypt passwords = true
   passdb backend = tdbsam guest
   socket options = TCP_NODELAY
   dns proxy = no
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .

   obey pam restrictions = yes
--

-Aaron Goodman
- Original Message - 
From: "Ryan Suarez" <[EMAIL PROTECTED]>
Cc: "Aaron Goodman" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, June 15, 2004 7:21 AM
Subject: Re: [Samba] PRINT$ Problems


> Oh, just saw your same error in this archive:
>
> http://lists.samba.org/archive/samba/2004-February/080294.html
>
> Ryan Suarez wrote:
>
> > Hi Aaron,
> >
> > Are you using CUPS for printing?
> >
> > If so:
> > What printer drivers are you using?  What PPD?  Did you use cupsaddsmb
> > to install the printer drivers to samba?
> >
> > Can we see your global section for smb.conf?
> >
> > Aaron Goodman wrote:
> >
> >> I have been trying to setup point and print on a debian testing box.
> >> I have
> >> a HP5550 printer and am trying to install the drivers through the add
> >> printer wizard, the drivers appeared to install fine.  Afterwards I
> >> right
> >> clicked on the printer and clicked connect, per the SAMBA howto, this
> >> also
> >> appeared to work.  When I tried to enter the properties screen of the
> >> local
> >> printer or on the share I get the following error message:
> >> "Function address 0x60630d26 caused a protection fault. (exception code
> >> 0xc005)
> >> Some or all property page(s) may not be displayed)."
> >> After the error message comes up, the properties window does not
> >> open.  I
> >> cannot print either.
> >>
> >> Here is the relavent section from my smb.conf:
> >>
> >> -
> >> [printers]
> >>   comment = All Printers
> >>   browseable = yes
> >>   printable = yes
> >>   path = /tmp
> >>   writable = yes
> >>   create mode = 0700
> >>
> >> [print$]
> >>   path = /etc/samba/drivers
> >>   browsable = no
> >>   guest ok = yes
> >>   read only = yes
> >>   write list = aaron root
> >> --
> >>
> >> Thanks,
> >> Aaron Goodman
> >>
> >>
> >>
> >
> >
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba + MS Access

[Dan Weisenstein]

I have a single Linux server running SuSE 9.1 and Samba 3.04. I have one 
share that has several MS Access tables on it. One user can operate just 
fine, however when a second+ user tries to access the same database 
tables, one of several things happens depending on what I have in the 
smb.conf file. It's usually a permission denied, or a "can't lock" type 
of error.

When the first user opens a table, a file called xxx.ldb gets created, 
where xxx is the name of the table. The lock file is owned by the user 
and has permissions of 644. When a second user tries to open the same 
table, the error occurs. In my smb.conf file, I have tried almost every 
option I can find that would apply to file locking, including turning on 
and off kernel oplocks, level2 oplocks, oplocks, and setting veto oplock 
files to /.ldb/.mdb/ and all possible permutations of all of them. 
Nothing really changes with any of them. If I force the lock file to 
666, Access hangs.

When this was a WinXP server, all of this worked just fine. There is 
something about the .ldb file that must be accessable by n+1 users. 
Anybody have an Access DB setup on a Samba share? How did you do it?

Below is my smb.conf file (in it's present state):
[global]
  workgroup = TESORO
  printing = cups
  printcap name = cups
  printcap cache time = 750
  cups options = raw
  printer admin = @ntadmin, root, administrator
  username map = /etc/samba/smbusers
  map to guest = Bad User
  logon path = \\%L\profiles\.msprofile
  logon drive = P:
  logon home = \\%L\%U\.9xprofile
  security = user
  encrypt passwords = yes
  server string = Samba Server
  add machine script =
  domain master = false
  domain logons = no
  local master = no
  preferred master = auto
  load printers = no
  ldap suffix = dc=example,dc=com
[access]
  available = yes
  browseable = yes
  comment =
  create mask = 0666
  force directory mode = 0777
  guest ok = no
  path = /shared/Access/
  printable = no
  veto oplock files = /*.mdb/*.xls/*.ldb
  oplocks = no
  level2 oplocks = no
  kernel oplocks = no
  read only = no
[shared]
  available = yes
  browseable = yes
  comment =
  create mask = 0644
  guest ok = no
  path = /shared
  printable = no
  read only = no
Thanks - Dan
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File corruption

[Jeremy Allison]

On Tue, Jun 15, 2004 at 08:59:37AM -0400, [EMAIL PROTECTED] wrote:
> 
>   Of course, all those things really only help if you can reproduce
> the problem to some degree. We had our hopes set high on strace, but after
> having experienced a known kernel bug, we could not use it. Since we had
> spent so much time on the problem, we upgraded to RedHat Enterprise
> Edition...all the problems vanished immediately.

Very interesting. What filesystem were you using on RH9.x and RHAS ?

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] win2000 + RH9 samba-3.0.4-1

[Linux]

HI, everybody i Have win2000 Professional and RH linux 9, with samba-3.0.4-1
i read the howto, but my win2000 can't login into my samba PDC, i send the
smb.conf and the screenshots of error windows, the pdc is found but send
erroro with invalid password i create user with smbpasswd -a jorge
I probe with several changes but error not changes,
the error is a message window:
--|
|   Network Identification 
 |
|-|
|  
 |
|   Error to join Domain “linuxbeta”|
|   Error to start session: invalid username or password wrong  |
|  
 |
|-|

Anybody can help me.
Regards
Jorge
sorry but my english isn't so good
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ntgroup to unixgroup mapping

[samba]

Is it possible to map more than one unixgroup to a single ntgroup?
(Samba 3.x) I'd like to map several unix groups to the 'Domain Users'
group, for example.

TIA.

-- 
Ron Peterson
Network & Systems Manager
Mount Holyoke College
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba for IBM

[Pineda, Mauricio]

Hello there.

   This is just to ask if Samba is supported for running on AIX 4.3.3 (IBM RS6000)

Looking forward to get news from you

Regards

UGS PLM Solutions

MAURICIO PINEDA
Technical Application Engineer
Unigraphics Solutions Mexico.
Campos Eliseos #1A piso 3
Col. Polanco Chapultepéc.
Miguel Hidalgo, México D.F. 11560
Phone: (5255) 52419911 ext 218 ó 214
Fax: (5255) 55453868
Mail to: [EMAIL PROTECTED]

www.ugsplm.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Help with cracklib

[Iván M. Marzán Rocha]

Hi! before nothing, sorry for my english, I hope you understand me.

I've a problem with the new samba 3.0.4-1.12, before I had the version 3.0.2a 
with LDAP
for administrate all the users and when a samba password expired I used the 
"use cracklib"
parameter for force the user to insert a strong password, well now this 
parameter isn't
avaliable and I believe that must make it with the /etc/pam.d/samba file if I 
want to do
the same effect than before, but the line which references to the 
pam_cracklib.so seems
to do nothing and I check that the file is been processed because if I input a 
wrong line
the logs how /var/log/messages or /var/log/samba/log.smbd warns me.

Please I need help!!

My configuration file has:


--

[global]
workgroup = DOMINFO73
interfaces = 127.0.0.1, eth0
bind interfaces only = Yes
obey pam restrictions = Yes
smb passwd file = /etc/samba/smbpasswd %u
passdb backend = ldapsam:ldap://demonio.servidores.fadesa
pam password change = Yes
passwd program = /usr/bin/passwd %u
unix password sync = Yes
load printers = No
logon script = inicio.bat
logon home = \\%N\%U\samba.perfiles
domain logons = Yes
domain master = Yes
ldap suffix = dc=fadesa,dc=es
ldap machine suffix = ou=maquinas
ldap user suffix = ou=personas
ldap group suffix = ou=grupos
ldap idmap suffix = ou=idmap
ldap admin dn = cn=manager,dc=fadesa,dc=es
ldap ssl = no
ldap passwd sync = Yes
idmap backend = ldap:ldap://demonio.servidores.fadesa

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[public]
comment = Carpeta pïlica
path = /tmp/samba.compartida
read only = No
guest ok = Yes

[netlogon]
comment = The domain netlogon service
path = /home/%U/samba.netlogon
read only = No
browseable = No

--
The /etc/pam.d/samba file has these lines:

---
#%PAM-1.0
authrequiredpam_warn.so
authrequisite   pam_nologin.so
authrequiredpam_unix.so
account requiredpam_warn.so
account requiredpam_unix.so
passwordrequiredpam_warn.so
passwordrequisite   pam_cracklib.so retry=3
passwordrequiredpam_unix.so shadow md5 use_authtok 
try_first_pass
passwordrequiredpam_smbpass.so nullok use_authtok 
try_first_pass
session requiredpam_unix.so

---

Thanks you in advance.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] XP roaming profile problem (access denied)

[Kelly Joyner]

Hi! I was hoping someone had seen this problem, and might be able to 
help me out with it; I've tried the suggestions I found in the mailing 
lists and on web sites, to no avail. I'm running samba 3.0.2 on RHEL 3, 
and XP clients seem to occasionally have problems saving the roaming 
profile, resulting in error messages and the use of the local profile.

The problem is when renaming prf*tmp files for programs that seem like 
they may be using those files when the user is logging out; this is 
mostly the ICA client, although I have seen IE cookies cause the error 
as well.

I have tried disabling oplocks, and setting CSC policy to disable on the 
share, and this reduced the frequency of the error to the point that I 
thought I'd solved it, but after a couple of weeks I found two more 
occurrences. When the error occurs I get the following in the 
USERENV.LOG file on the client machine:

USERENV(208.154) 16:33:37:609 ReconcileFile: Failed to rename file 
 to 
 with error = 32
USERENV(208.154) 16:33:37:609 ReportError: Impersonating user.
USERENV(208.20c) 16:34:08:687 UnloadUserProfileP:  CopyProfileDirectory 
returned FALSE for primary profile.  Error = 32
USERENV(208.20c) 16:34:08:687 ReportError: Impersonating user.

On the server side, I see only (log level = 2):
scowman opened file scowman/Application Data/ICAClient/Cache/prf5049.tmp 
read=
Yes write=No (numopen=5)
[2004/06/09 16:31:14, 2] smbd/close.c:close_normal_file(228)  scowman 
closed file scowman/Application Data/ICAClient/Cache/prf503B.tmp (numopen=4)
[2004/06/09 16:31:14, 2] smbd/close.c:close_normal_file(228)  scowman 
closed file scowman/Application Data/ICAClient/Cache/prf5049.tmp (numopen=3)

The relevant portions of my samba config are:
[global]
   # netbios name of this server
   netbios name = pdc
   # domain name of this server
   workgroup = khlsc
   # use the TDBSAM (Trivial Database SAM) backend to store account info.
   passdb backend = tdbsam
   # require client to encrypt passwords
   encrypt passwords = yes
   # Rotate logs when they reach 200MB
   max log size = 20
   # This should allow us to bypass requiring signorseal, but turning it
   # on breaks XP clients, for some reason.
   ;server schannel = yes
   # Listen for SMB traffic only on port 139. This may help avoid
   # lost connection issues under Windows XP.
   smb ports = 139
# Run a WINS server
   wins support = yes
# Always act as the local master browser
# and domain master browser.  Do not allow
# any other system to take over these roles!
   domain master = yes
   local master = yes
   preferred master = yes
   os level = 255
# Perform domain authentication.
   domain logons = yes
# The profiles share is for storing
# Windows NT/2000/XP roaming profiles.
# Use your own path, and make sure
# the directory exists.
[profiles]
# -- The following options are in effect to resolve the roaming
# profile "access denied" issue.
# Disable opportunistic locking on this share.
oplocks = false
level2 oplocks = false
# Disable client-side caching of profile information.
csc policy = disable
# This should have not effect if oplocks are disabled.
veto oplock files = /prf*.tmp/;
path = /files/profiles
writeable = yes
create mask = 0600
directory mask = 0700
browseable = no
  
# workaround for Windows 2000 SP4/XP SP1 security issue.
profile acls = yes

Thanks for any assistance!
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] listenning on interfaces

[Jean LEE]

I think you just have to put in smb.conf something like

bind interfaces only = yes
interfaces = eth0 eth1 lo

No ??


- Original Message - 
From: "Thomas Werner" <[EMAIL PROTECTED]>
To: "Jean LEE" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, June 15, 2004 4:33 PM
Subject: Re: [Samba] listenning on interfaces


> on friday i have to install a 2nd samba server on 1 machine with 2 network
> cards. if bind interfaces only is set i think is not a problem to run 2
smbd
> daemons. but i red that in man pages that nmbd always listen on 0.0.0.0
and
> drops the packets which doesnt match with the addresses af parameter list.
> in that case is not possible to run different instances on one machine?!
>
> help!
>
> cheers tom
>
>
> On 15.06.2004 16:02 Uhr, "Jean LEE" <[EMAIL PROTECTED]> wrote:
>
> > Hi,
> >
> > Thanks for your answer. I'm surprised.
> > There's no way in smb.conf to tell : "I don't want that nmbd listens on
> > 0.0.0.0/0" ?
> >
> > Regards,
> >
> > Jean
> >
> > - Original Message -
> > From: "Thomas Werner" <[EMAIL PROTECTED]>
> > To: "Jean LEE" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Tuesday, June 15, 2004 11:00 AM
> > Subject: Re: [Samba] listenning on interfaces
> >
> >
> >> maybe iptables? but dont forget to open some ports for the clients:
> >>
> >> 111.tcp
> >> 137.udp
> >> 138.udp
> >> 139.tcp
> >> 22.tcp
> >> .udp
> >> 445.tcp
> >> 631.tcp
> >> 67.udp
> >> 80.tcp
> >> and maybe 88.tcp for ads
> >>
> >> for example on a share connect. the xp clients look for a webserver on
80
> > to
> >> show the folder/drive content, the same for port . if you drop the
> >> packets, the home drive is slow, because the client timed out and get
no
> >> answer for special kind of service/feature.
> >>
> >> cheers tom
> >>
> >> On 15.06.2004 10:11 Uhr, "Jean LEE" <[EMAIL PROTECTED]> wrote:
> >>
> >>> Hello,
> >>>
> >>> I am new to samba and i would to well secure it.
> >>>
> >>> In smb.conf, I entered the following lines :
> >>>
> >>> hosts allow = 192.168.0.2 127.0.0.1
> >>> hosts deny = 0.0.0.0/0
> >>> bind interfaces only = yes
> >>> interfaces = eth0 lo
> >>>
> >>> I thought that it would only listens on the local machine and my
> > internal Lan
> >>> (which is on eth0 192.168.0.1) but nmbd seems to always listen on
> > UDP/137 and
> >>> UDP/138 (netbios-ns and netbios-dgm) on 0.0.0.0/0. Here is the output
of
> >>> netstat :
> >>>
> >>> [EMAIL PROTECTED] user]# netstat -taup
> >>> Active Internet connections (servers and established)
> >>> Proto Recv-Q Send-Q Local Address Foreign Address
> >>> State PID/Program name
> >>> tcp 0 0 192.168.0.1:netbios-ssn *:*
> >>> LISTEN 3800/smbd
> >>> tcp 0 0 ServeurLinu:netbios-ssn *:*
> >>> LISTEN 3800/smbd
> >>> tcp 0 0ServeurLinux:ipp*:*
> >>> LISTEN 3707/cupsd
> >>> tcp 0 0 192.168.0.:microsoft-ds *:*
> >>> LISTEN 3800/smbd
> >>> tcp 0 0 ServeurLin:microsoft-ds *:*
> >>> LISTEN 3800/smbd
> >>> udp 0 0192.168.0.1:netbios-ns *:*
> >>> 3804/nmbd
> >>> udp 0 0*:netbios-ns
*:*
> >>> 3804/nmbd
> >>> udp 0 0 192.168.0.1:netbios-dgm *:*
> >>> 3804/nmbd
> >>> udp 0 0 *:netbios-dgm
> > *:*
> >>> 3804/nmbd
> >>>
> >>>
> >>> What is netbios-ns and netbios-dgm? I would prefer that nmbd doesn't
> > listen on
> >>> *:netbios-ns and *:netbios-dgm because I will connect my server to the
> >>> internet through eth1 10.0.0.1. How can I do it?
> >>>
> >>> Thanks for any help.
> >>>
> >>> Jean Lee.
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  http://lists.samba.org/mailman/listinfo/samba
> >>>
> >>
> >> Dipl. Betriebswirt(BA) f. Inf. Thomas Werner
> >> Webmaster / Network Administrator
> >> ESMT European School of Management and Technology GmbH
> >> Schlossplatz 1
> >> D-10178 Berlin
> >> Germany
> >>
> >> Tel: +49 (0)30 21231 - 1085
> >> Fax: +49 (0)30 21231 - 9
> >> E-mail: [EMAIL PROTECTED]
> >> Web: http://www.esmt.org
> >>
> >>
> >>
> >
>
> Dipl. Betriebswirt(BA) f. Inf. Thomas Werner
> Webmaster / Network Administrator
> ESMT European School of Management and Technology GmbH
> Schlossplatz 1
> D-10178 Berlin
> Germany
>
> Tel: +49 (0)30 21231 - 1085
> Fax: +49 (0)30 21231 - 9
> E-mail: [EMAIL PROTECTED]
> Web: http://www.esmt.org
>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] GSSAPI/KRB5 based LDAP binds

[Enrico Scholz]

Hello,

I am using LDAP as passdb and idmap backends with Samba 3.0.3, and have
a problem with the configuration of 'ldap admin dn'. Currently, I have
to set the password for this DN with 'smbpasswd -w' (which works) and
Samba is doing simple LDAP binds then.

I would prefer a GSSAPI based LDAP authentication, which would have the
following advantages:

* the 'userPassword' attribute could be dropped (Samba is the only
  sevice which is requiring it); supporting this attribute beside krb5
  requires some effort on the LDAP server

* the authentication is passwordless; potential attackers can not hack
  passwords (krb tickets are limited on time and probably uninteresting
  for them)

* it would ease configuration with 'cfengine'; executing 'smbpasswd
  -w' is really bad since '' appears for a short
  time in the processlist. Since the password is stored in a binary
  format, it can not be modified in another way.



The practical usage of GSSAPI based auth would be:

1. configure a krb5 cache file (e.g. with $KRB5CCNAME, or an option in
   smb.conf)

2. periodically (with a cronjob) write the ticket into this file (when
   you are paranoid, this can happen on another machine and copied with
   ssh)

3. on demand, samba uses ldap_sasl_bind() instead of ldap_simple_bind()

Am I missing somthing and such a setup is already supported by samba, or
is it a wishlist item?




Enrico
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba + Kerberos - ADS: possible?

[Rodolfo Broco Manin]

Hi, All!!

I have a Windows XP client configured to use Kerberos authentication (with
a MIT KDC).  I configured it with ksetup.exe from Windows 2000 and it
works well.

Question is: can I use the kerberos tickets I got at logon time to access
the shares from our samba server, without configuring a entire AD struct
and soon?

Actually, I can access the shares, but only if my kerberos password and my
smbpasswd password are equals (that is, my Windows client is using NTLM
authentication method to access it).

Btw, I'm currently using "security = user" at samba server, and we don't
have any Windows server (and this is the issue: is possible to use
kerberos between Windows clients and Samba servers without any windows
machines at the scenario?).

Tnks in advice!!!

[]s!
Rodolfo


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Noch immer keine Zahlung

[ASICS-Shop]

Sehr geehrter Herr Tiede,

leider habe ich noch immer keine Zahlung erhalten. Melden Sie sich bitte kurzfristig. 
Kann ich Sie über Ihren Arbeitgeber erreichen?

Viele Grüße

Henrik von Lukowicz

-- 
ASICS-Shop
Comdirect Bank Quickborn
BLZ 200 411 11
Konto 303284440

Aufnehmen, abschicken, nah sein - So einfach ist 
WEB.DE Video-Mail: http://freemail.web.de/?mc=021200-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] guest account

[Aboe Bakr]

Hello,

it seems that 'guest account' can't be defined in a
service anymore. As far as i can tell the manual
states it should work though. Am i doing something
wrong here? (i upgraded from samba 2 to 3).
I would like to be able to get access to certain
shares using a particular user, so all rights are o.k.
(and i need 2 different users for different services,
so 1 global definition isn't really _the_ solution)

I'm running:
smbd: Version 3.0.2a-Debian

Thnx in advance,
grtz,

Pascal.


-
SMB.CONF
-
[global]
netbios name = COMPUTER
workgroup = WORKGROUP
server string = HI
name resolve order = lmhosts bcast
hosts allow = x.y.z.
security = user
map to guest = bad password
map to guest = bad user
password level = 0
encrypt passwords = yes
invalid users = root admin
max connections = 20
debug level = 1
syslog = 0
max log size = 50
interfaces = eth1 eth0 eth2
lm announce = no
lm interval = 0
local master = no
os level = 0
preferred master = no
domain master = no
wins server = w.x.y.z
wins support = no
wins proxy = no
dns proxy = no 
socket options = TCP_NODELAY SO_SNDBUF=32768
SO_RCVBUF=32768
deadtime = 5
oplocks = yes
getwd cache = yes
read raw = yes
write raw = yes
preserve case = yes
short preserve case = yes
load printers = no

include = /etc/samba/smb.limieten.inc.conf
[private]
comment = prive
path = /shares
public = yes
guest ok = yes
guest only = yes
guest account = USER
writable = True
hosts allow = x.y.
browsable = no

[www]
comment = prive
path = /var/www
public = yes
guest ok = yes
guest only = yes
guest account = WWW_USER
writable = True
hosts allow = x.y.
browsable = no



included file

[pub]
comment = Welkom %m
path = /shares/pub_samba/alles_open
public = yes
guest ok = True
guest account = nobody
guest only = yes
writable = False
level2 oplocks = yes


---
OUTPUT of testparm
---

Load smb config files from /etc/samba/smb.conf
Processing section "[pub]"
Global parameter guest account found in service
section!
Processing section "[private]"
Global parameter guest account found in service
section!
Processing section "[www]"
Global parameter guest account found in service
section!
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

# Global parameters
[global]
workgroup = XYZ
server string = Aboe Bakr on da net
interfaces = eth1, eth0, eth2
map to guest = Bad User
log level = 1
syslog = 0
max log size = 50
name resolve order = lmhosts bcast
deadtime = 5
socket options = TCP_NODELAY SO_SNDBUF=32768
SO_RCVBUF=32768
load printers = No
os level = 0
lm announce = No
lm interval = 0
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = w.x.y.z
invalid users = root, admin
hosts allow = x.y.
max connections = 20
include = /etc/samba/smb.limieten.inc.conf

[pub]
comment = Welkom %m
path = /shares/pub_samba/alles_open
guest only = Yes
guest ok = Yes

[private]
comment = prive
path = /shares
read only = No
guest only = Yes
guest ok = Yes
hosts allow = x.y.
browseable = No

[www]
comment = prive
path = /var/www
read only = No
guest only = Yes
guest ok = Yes
hosts allow = x.y.
browseable = No





__
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] configure not detecting IRIX6

[Philip Chambers]

A couple of days ago I sent a message about trying to build 3.0.4 under IRIX6 and 
having "make" fail because smbd/quota.h could not find .  I got no 
suggestions as to how to work out what the problem was.  I have now identified why 
the problem arose and that moves me to the next problem!

configure is failing to detect that the OS is IRIX6.  include/config.h does not have 
a #define for any OS.

Can someone suggest why configure is not setting up the OS on IRIX6?

Failing that, can someone point me to the part of configure where it should be 
detecting IRIX6 as the OS?

Phil.
---
Phil Chambers ([EMAIL PROTECTED])
University of Exeter

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] "pam_ldap"...help!

[Paul Gienger]

Where did you get your packages from?  that mz1 business doesn't look 
like a standard fedora package, so it could be looking for different 
versions of files and/or in different places.  From what I can find, 
nss_ldap installs the appropriate pam modules under FC1.

abebe lsslp wrote:
I'm trying to install "pam_ldap" on my fedora core 1 machine. It is asking for 
liblber.so and libldap.so dependencies even though I have them in /usr/lib. Should I just go 
install it with out a dependencies? what is wrong with this picture?
[EMAIL PROTECTED] rpms]# rpm -i pam_ldap*.rpm
error: Failed dependencies:
   liblber.so is needed by pam_ldap-38-mz1
   libldap.so is needed by pam_ldap-38-mz1
[EMAIL PROTECTED] rpms]# cd /usr/lib
[EMAIL PROTECTED] lib]# ls | grep libldap.so
libldap.so
libldap.so.2
libldap.so.2.0.122
[EMAIL PROTECTED] lib]# ls | grep liblber.so
liblber.so
liblber.so.2
liblber.so.2.0.122
[EMAIL PROTECTED] lib]# 

Ambex

		
-
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
 

--
Paul Gienger Office:701-281-1884
Applied Engineering Inc. Cell:  701-306-6254
Information Systems Consultant   Fax:   701-281-1322
URL: www.ae-solutions.commailto:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cant create in a subdirectory... <- the plot thickens

[Bill Chmura]

Hello,

ls -ld tmp gives me this...

drwxrwxr-x2 wbchmura wbchmura 4096 Jun 15 00:10 tmp

ls -ld on the directory about above it (the one I can create in) gives me 
this...

drwx--x--x   31 wbchmura wbchmura 4096 Jun 15 01:25 wbchmura/

Even less rights

This part of the log file had me wondering:

> >> call_trans2qfilepathinfo: SMB_VFS_LSTAT of testdir/newtest failed
> >> (No such file or directory)




On Tuesday 15 June 2004 10:19 am, Daniel Ramaley wrote:
> My guess is that you have permission to modify the parent directory,
> which would be sufficient to change the timestamp. But you do not have
> permission to modify the directory that you can't create a file in.
> What does "ld -ld " give you, where  is the directory in
> question?
>
> On Tuesday 15 June 2004 08:31 am, Bill Chmura wrote:
> >I just noticed that even though I can go into a subdirectory and not
> > create a file, I can update it with touch...  Does that make sense?
> > I would think I would need write permission to do that... in that
> > case, why can't I create?
> >
> >Ag
> >
> >On Tuesday 15 June 2004 02:31 am, Bill Chmura wrote:
> >> I've battled this one for a few days now and its costing my sanity
> >> so I am hoping that someone here has an answer
> >>
> >> I am running the samba server 3.0.4 on a linux 2.4.25 server.
> >>
> >> I can connect to my share point and authenticate fine
> >>
> >> I can create files or directories in the root of the sharepoint fine
> >>
> >> I can go into subdirectories and look at all the files...
> >>
> >> But I cannot create in any directories below the sharepoint!  If I
> >> do a touch filename I get a Permission Denied.  But I can do it in
> >> the root of my sharepoint.  I have several like this.
> >>
> >> Here is my fstab entry on my client box:
> >> 
> >> //modok/wbchmura/home/wbchmura/mnt/wbchmura smbfs
> >> rw,users,owner,noauto,username=wbchmura,password=,uid=500,gid=50
> >>0 0 0
> >> ---
> >> And a chunk of my smb.conf file
> >>
> >> [wbchmura]
> >> comment = Bill's directory
> >> path = /home/wbchmura
> >> valid users = wbchmura
> >> public = no
> >> writable = yes
> >> read only = no
> >> printable = no
> >>
> >> The uid and gif match the wbchmura uid and gid on the file server.
> >> In the sharepoint all of the files and directories are set
> >> accordingly.
> >>
> >> drwxr-xr-x2 wbchmura wbchmura 4096 Jun 15 01:17 testdir
> >> drwxrwxr-x2 wbchmura wbchmura 4096 Jun 15 00:10 tmp
> >>
> >> If I change the rights on a directory to 777 it works fine.
> >>
> >> Do symlinks affect anyting?  The path to my share is a symlink of
> >> /home -> /raid1/home
> >>
> >> I tried coding in /raid1/home and it seemed to not change anything
> >>
> >> Here are some log files.
> >> Let me know if I forgot anything...
> >>
> >> Thanks
> >>
> >> Logon##
> >>
> >> [2004/06/15 01:24:17, 3] smbd/oplock.c:init_oplocks(1226)
> >>   open_oplock_ipc: opening loopback UDP socket.
> >> [2004/06/15 01:24:17, 3]
> >> smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel
> >> oplocks enabled
> >> [2004/06/15 01:24:17, 3] smbd/oplock.c:init_oplocks(1257)
> >>   open_oplock ipc: pid = 22982, global_oplock_port = 32907
> >> [2004/06/15 01:24:17, 3] lib/access.c:check_access(313)
> >>   check_access: no hostnames in host allow/deny list.
> >> [2004/06/15 01:24:17, 2] lib/access.c:check_access(324)
> >>   Allowed connection from  (192.168.0.99)
> >> [2004/06/15 01:24:17, 3] smbd/process.c:process_smb(890)
> >>   Transaction 0 of length 183
> >> [2004/06/15 01:24:17, 3] smbd/process.c:switch_message(685)
> >>   switch message SMBnegprot (pid 22982)
> >> [2004/06/15 01:24:17, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> >>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> >> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
> >>   Requested protocol [PC NETWORK PROGRAM 1.0]
> >> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
> >>   Requested protocol [MICROSOFT NETWORKS 1.03]
> >> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
> >>   Requested protocol [MICROSOFT NETWORKS 3.0]
> >> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
> >>   Requested protocol [LANMAN1.0]
> >> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
> >>   Requested protocol [LM1.2X002]
> >> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
> >>   Requested protocol [DOS LANMAN2.1]
> >> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
> >>   Requested protocol [Samba]
> >>
> >>  cd into sharepoint and testdir and touch "newtest"#
> >> [2004/06/15 01:26:29, 3] smbd/process.c:process_smb(890)
> >>   Transaction 36 of length 80
> >> [2004/06/15 01:26:29, 3] smbd/process.c:switch_message(685)
> >>   switch message SMBtrans2 (pid 22982)
> >> [2004/06/15 01:26:29, 3]
> >> smbd/trans2.c:call_trans2qfilepathinfo(2331)
> >> call_trans2qfilepat

Re: [Samba] "pam_ldap"...help!

[Adam Tauno Williams]

> I'm trying to install "pam_ldap" on my fedora core 1 machine. It is asking
> for liblber.so and libldap.so dependencies even though I have them in
> /usr/lib. Should I just go install it with out a dependencies? what is wrong
> with this picture?

Why are you asking here and NOT on the pam_ldap list (PADL.com)?  This has
nothing to do with Samba.

Your probably using mismatched packages,  find the correct Fedora packages, or
rebuild them from the source RPM.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] "pam_ldap"...help!

[abebe lsslp]

I'm trying to install "pam_ldap" on my fedora core 1 machine. It is asking for 
liblber.so and libldap.so dependencies even though I have them in /usr/lib. Should I 
just go install it with out a dependencies? what is wrong with this picture?
 
[EMAIL PROTECTED] rpms]# rpm -i pam_ldap*.rpm
error: Failed dependencies:
liblber.so is needed by pam_ldap-38-mz1
libldap.so is needed by pam_ldap-38-mz1
[EMAIL PROTECTED] rpms]# cd /usr/lib
[EMAIL PROTECTED] lib]# ls | grep libldap.so
libldap.so
libldap.so.2
libldap.so.2.0.122
[EMAIL PROTECTED] lib]# ls | grep liblber.so
liblber.so
liblber.so.2
liblber.so.2.0.122
[EMAIL PROTECTED] lib]# 
 
Ambex





-
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] which XP clients registry hacks are necessary now?

[RRuegner]

Scott Serr schrieb:
I've read alot of dated material about various registry hacks to make 
various patch levels of XP Clients work.

Is there a URL that keeps this up to date?  I know it seems with each 
release of Samba there are less hacks necessary on XP Clients but there 
doesn't seems to be a definitive list.  Also with each new XP patch, 
there is a potential of needing more hacks.

If there isn't a source for this information can someone give me their 
best guess?  Latest Samba (3.0.4) and latest XP upgrades (SP1 with all 
windows updates til now).

Thanks,
-Scott
no need for reg hacks , if you use latest samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PDC and dividing roaming profile

[RRuegner]

abebe lsslp schrieb:
I have this problem...
I am working on implimenting a school network. I have two kinds of users on my network: students and facutly. I have also two types of operating system on my network: win 98 and win XPP. 
 
Here is the rights and privilages I am thinking about giving my users
 
Students (usage only in computer labs):
- limited roaming profile (basically, deny desktop roaming profile)
- give them access to some network devices: printers and file servers.
 
Faculty (usage in offices):
- give them access to network devices: mainly file servers
- keep profile on local computers (I am afraid roaming profile will take long authentication time as a result of loading profiles)
 
How can I address this issue, especially for Faculty. I don't want the samba PDC to interfere with whatever they have on their local computer. 
 
Thanks!
 
Ambex


-
Do you Yahoo!?
Friends.  Fun. Try the all-new Yahoo! Messenger
Hi, make use of smb groupmapping this will solve your problem,
win98 needs the profile in users homes ( no real problem )
but you know win98 ist not a domain working os at all,
roaming profiles will work ok if you have a good network ( 100/ethernet )
the biggest problem you will see if you log in in a profile which was 
created by win98 on a winxp prof machine and vice versa.
It will technical work but it will look terrrible and will confuse Users.
I recommend to switch all win clients to win 2000 serv pack 4
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Internet access control through samba ?

[RRuegner]

Jeremias Müller schrieb:
Hi,
is there a possibility to use a samba pdc for internet access control ?
I want only machines, which are logged in to the domain, to have  
internet access.
Currently everybody can use the Internet through the masquerading 
functionality
on the server(also pdc).

Thanks Jeremias M.
Hi, you can use the hosting smb machine as proxy server with squid and 
make access controls for squid via smb auth mechanism, howto configure 
the clients to use squid proxy depends deeply to your network layout, 
there are many ways to rome !
Best Regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] listenning on interfaces

[Thomas Werner]

on friday i have to install a 2nd samba server on 1 machine with 2 network
cards. if bind interfaces only is set i think is not a problem to run 2 smbd
daemons. but i red that in man pages that nmbd always listen on 0.0.0.0 and
drops the packets which doesnt match with the addresses af parameter list.
in that case is not possible to run different instances on one machine?!

help!

cheers tom


On 15.06.2004 16:02 Uhr, "Jean LEE" <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> Thanks for your answer. I'm surprised.
> There's no way in smb.conf to tell : "I don't want that nmbd listens on
> 0.0.0.0/0" ?
> 
> Regards,
> 
> Jean
> 
> - Original Message -
> From: "Thomas Werner" <[EMAIL PROTECTED]>
> To: "Jean LEE" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, June 15, 2004 11:00 AM
> Subject: Re: [Samba] listenning on interfaces
> 
> 
>> maybe iptables? but dont forget to open some ports for the clients:
>> 
>> 111.tcp
>> 137.udp
>> 138.udp
>> 139.tcp
>> 22.tcp
>> .udp
>> 445.tcp
>> 631.tcp
>> 67.udp
>> 80.tcp
>> and maybe 88.tcp for ads
>> 
>> for example on a share connect. the xp clients look for a webserver on 80
> to
>> show the folder/drive content, the same for port . if you drop the
>> packets, the home drive is slow, because the client timed out and get no
>> answer for special kind of service/feature.
>> 
>> cheers tom
>> 
>> On 15.06.2004 10:11 Uhr, "Jean LEE" <[EMAIL PROTECTED]> wrote:
>> 
>>> Hello,
>>> 
>>> I am new to samba and i would to well secure it.
>>> 
>>> In smb.conf, I entered the following lines :
>>> 
>>> hosts allow = 192.168.0.2 127.0.0.1
>>> hosts deny = 0.0.0.0/0
>>> bind interfaces only = yes
>>> interfaces = eth0 lo
>>> 
>>> I thought that it would only listens on the local machine and my
> internal Lan
>>> (which is on eth0 192.168.0.1) but nmbd seems to always listen on
> UDP/137 and
>>> UDP/138 (netbios-ns and netbios-dgm) on 0.0.0.0/0. Here is the output of
>>> netstat :
>>> 
>>> [EMAIL PROTECTED] user]# netstat -taup
>>> Active Internet connections (servers and established)
>>> Proto Recv-Q Send-Q Local Address Foreign Address
>>> State PID/Program name
>>> tcp 0 0 192.168.0.1:netbios-ssn *:*
>>> LISTEN 3800/smbd
>>> tcp 0 0 ServeurLinu:netbios-ssn *:*
>>> LISTEN 3800/smbd
>>> tcp 0 0ServeurLinux:ipp*:*
>>> LISTEN 3707/cupsd
>>> tcp 0 0 192.168.0.:microsoft-ds *:*
>>> LISTEN 3800/smbd
>>> tcp 0 0 ServeurLin:microsoft-ds *:*
>>> LISTEN 3800/smbd
>>> udp 0 0192.168.0.1:netbios-ns *:*
>>> 3804/nmbd
>>> udp 0 0*:netbios-ns *:*
>>> 3804/nmbd
>>> udp 0 0 192.168.0.1:netbios-dgm *:*
>>> 3804/nmbd
>>> udp 0 0 *:netbios-dgm
> *:*
>>> 3804/nmbd
>>> 
>>> 
>>> What is netbios-ns and netbios-dgm? I would prefer that nmbd doesn't
> listen on
>>> *:netbios-ns and *:netbios-dgm because I will connect my server to the
>>> internet through eth1 10.0.0.1. How can I do it?
>>> 
>>> Thanks for any help.
>>> 
>>> Jean Lee.
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  http://lists.samba.org/mailman/listinfo/samba
>>> 
>> 
>> Dipl. Betriebswirt(BA) f. Inf. Thomas Werner
>> Webmaster / Network Administrator
>> ESMT European School of Management and Technology GmbH
>> Schlossplatz 1
>> D-10178 Berlin
>> Germany
>> 
>> Tel: +49 (0)30 21231 - 1085
>> Fax: +49 (0)30 21231 - 9
>> E-mail: [EMAIL PROTECTED]
>> Web: http://www.esmt.org
>> 
>> 
>> 
> 

Dipl. Betriebswirt(BA) f. Inf. Thomas Werner
Webmaster / Network Administrator
ESMT European School of Management and Technology GmbH
Schlossplatz 1
D-10178 Berlin 
Germany 

Tel: +49 (0)30 21231 - 1085
Fax: +49 (0)30 21231 - 9
E-mail: [EMAIL PROTECTED]
Web: http://www.esmt.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Member Server in Active Directory

[Daniel Ramaley]

I have a very similar problem. I just joined the list yesterday with the 
intent of asking about it, after failure to find a solution via Google. 
Here's the info on the problem:

I have Samba 3.0.4 compiled from source running on OpenBSD 3.5. 
Cowles-Admin is the name of a user that has administrative access to an 
OU. I do not have administrator access to the entire Active Directory 
tree. I created a computer account in Active Directory called 
cowl-backup that the Samba server should use.

For now i've been working with a fairly simple smb.conf:
[global]
workgroup = DRAKE
realm = DRAKE.EDU
netbios name = cowl-backup
security = ads
password server = *
encrypt passwords = yes
private dir = /etc/samba/private

I believe i have Kerberos set up correctly since the command
# /usr/local/kerberos/bin/kinit [EMAIL PROTECTED]
runs just fine and after running it i can use smbclient to browse shares 
without bring prompted for a password. For example, this command to 
connect to Cowles-Admin's profile share works correctly:
# /usr/local/samba/bin/smbclient '\\Cowles-Library\Cowles-Admin' \
  -U Cowles-Admin -k

I've created an account for the computer (cowl-backup) in AD. When i try 
to join i get an error. Here's what happens:
# /usr/local/samba/bin/net ads join -U Cowles-Admin
Cowles-Admin's password: 
[2004/06/14 09:56:02, 0] libads/ldap.c:ads_add_machine_acct(1006)
  Host account for cowl-backup already exists - modifying old
account
[2004/06/14 09:56:02, 0] libads/ldap.c:ads_join_realm(1336)
  ads_add_machine_acct: No such object
ads_join_realm: No such object
Using Google i was able to find a few others who had this problem, but 
no solution. If anyone here knows how to fix this, i would appreciate 
knowing about it. Thanks in advance.


On Monday 14 June 2004 05:50 pm, M Maki wrote:
>I'm trying to join a  Samba 3.0.4 (compiled from source on Debian) to
> an Active Directory as a member server. I believe Kerberos is
> configured correctly as kinit creates a ticket for the realm.
> Executables appear to have support for Kerberos and LDAP (smbd -b |
> grep KRB and grep LDAP) return OK.
>
>When I try to join the AD with
>   net ads join -U myadminusername
>I'm prompted for my password but then get:
>   libads/ldap.c:ads_add_machine_acct(1006)
>   Host account for inpsamo-debian already exists - modifying old
> account libads/ldap.c:ads_join_realm(1336)
>   ads_add_machine_acct: No such object
>   ads_join_realm: No such object
>
>I only have admin rights for an ou of the Active Directory. Here is a
> Windows LDP search of my ou:
>
>ldap_search_s(ld, "DC=pwr,DC=int,DC=edited,DC=com", 2, "(ou=SAMO)",
> attrList, 0, &msg)
>Result <0>: (null)
>Matched DNs:
>
>Getting 1 entries:
>>> Dn: OU=SAMO,OU=Mediterranean Coast
>
>Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com
>   2> objectClass: top; organizationalUnit;
>   1> ou: SAMO;
>   1> description: SAMO;
>   1> distinguishedName: OU=SAMO,OU=Mediterranean Coast
>Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com;
>   1> name: SAMO;
>   1> canonicalName: pwr.int.edited.com/PWR/Mediterranean Coast
> Network/SAMO;
>
>I guess my question is could it be how my realm is configured
>(PWR.INT.EDITED.COM) or what else could keep me from joining the
> directory?
>
>Current smb.conf:
>[global]
>   unix charset = LOCALE
>   workgroup = PWR
>   realm = PWR.INT.EDITED.COM
>   server string = Samba 3.0.2
>   security = ADS
>   username map = /etc/samba/smbusers
>   log level = 1
>   syslog = 0
>   log file = /var/log/samba/%m
>   max log size = 50
>   printcap name = CUPS
>   ldap ssl = no
>   idmap uid = 1-2
>   idmap gid = 1-2
>   template primary group = "Domain Users"
>   template shell = /bin/bash
>   winbind separator = +
>   printing = cups
>
>[homes]
>   comment = Home Directories
>   valid users = %S
>   read only = No
>   browseable = No
>
>Thanks for any ideas...
>
>Mike

-- 

Dan Ramaley
Digital Media Library Specialist
(515) 271-1934
Cowles Library 140, Drake University

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PRINT$ Problems

[Ryan Suarez]

Oh, just saw your same error in this archive:
http://lists.samba.org/archive/samba/2004-February/080294.html
Ryan Suarez wrote:
Hi Aaron,
Are you using CUPS for printing?
If so:
What printer drivers are you using?  What PPD?  Did you use cupsaddsmb 
to install the printer drivers to samba?

Can we see your global section for smb.conf?
Aaron Goodman wrote:
I have been trying to setup point and print on a debian testing box.  
I have
a HP5550 printer and am trying to install the drivers through the add
printer wizard, the drivers appeared to install fine.  Afterwards I 
right
clicked on the printer and clicked connect, per the SAMBA howto, this 
also
appeared to work.  When I tried to enter the properties screen of the 
local
printer or on the share I get the following error message:
"Function address 0x60630d26 caused a protection fault. (exception code
0xc005)
Some or all property page(s) may not be displayed)."
After the error message comes up, the properties window does not 
open.  I
cannot print either.

Here is the relavent section from my smb.conf:
-
[printers]
  comment = All Printers
  browseable = yes
  printable = yes
  path = /tmp
  writable = yes
  create mode = 0700
[print$]
  path = /etc/samba/drivers
  browsable = no
  guest ok = yes
  read only = yes
  write list = aaron root
--
Thanks,
Aaron Goodman
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PRINT$ Problems

[Ryan Suarez]

Hi Aaron,
Are you using CUPS for printing?
If so:
What printer drivers are you using?  What PPD?  Did you use cupsaddsmb 
to install the printer drivers to samba?

Can we see your global section for smb.conf?
Aaron Goodman wrote:
I have been trying to setup point and print on a debian testing box.  I have
a HP5550 printer and am trying to install the drivers through the add
printer wizard, the drivers appeared to install fine.  Afterwards I right
clicked on the printer and clicked connect, per the SAMBA howto, this also
appeared to work.  When I tried to enter the properties screen of the local
printer or on the share I get the following error message:
"Function address 0x60630d26 caused a protection fault. (exception code
0xc005)
Some or all property page(s) may not be displayed)."
After the error message comes up, the properties window does not open.  I
cannot print either.
Here is the relavent section from my smb.conf:
-
[printers]
  comment = All Printers
  browseable = yes
  printable = yes
  path = /tmp
  writable = yes
  create mode = 0700
[print$]
  path = /etc/samba/drivers
  browsable = no
  guest ok = yes
  read only = yes
  write list = aaron root
--
Thanks,
Aaron Goodman
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cant create in a subdirectory... <- the plot thickens

[Daniel Ramaley]

My guess is that you have permission to modify the parent directory, 
which would be sufficient to change the timestamp. But you do not have 
permission to modify the directory that you can't create a file in. 
What does "ld -ld " give you, where  is the directory in 
question?

On Tuesday 15 June 2004 08:31 am, Bill Chmura wrote:
>I just noticed that even though I can go into a subdirectory and not
> create a file, I can update it with touch...  Does that make sense? 
> I would think I would need write permission to do that... in that
> case, why can't I create?
>
>Ag
>
>On Tuesday 15 June 2004 02:31 am, Bill Chmura wrote:
>> I've battled this one for a few days now and its costing my sanity
>> so I am hoping that someone here has an answer
>>
>> I am running the samba server 3.0.4 on a linux 2.4.25 server.
>>
>> I can connect to my share point and authenticate fine
>>
>> I can create files or directories in the root of the sharepoint fine
>>
>> I can go into subdirectories and look at all the files...
>>
>> But I cannot create in any directories below the sharepoint!  If I
>> do a touch filename I get a Permission Denied.  But I can do it in
>> the root of my sharepoint.  I have several like this.
>>
>> Here is my fstab entry on my client box:
>> 
>> //modok/wbchmura/home/wbchmura/mnt/wbchmura smbfs
>> rw,users,owner,noauto,username=wbchmura,password=,uid=500,gid=50
>>0 0 0
>> ---
>> And a chunk of my smb.conf file
>>
>> [wbchmura]
>> comment = Bill's directory
>> path = /home/wbchmura
>> valid users = wbchmura
>> public = no
>> writable = yes
>> read only = no
>> printable = no
>>
>> The uid and gif match the wbchmura uid and gid on the file server. 
>> In the sharepoint all of the files and directories are set
>> accordingly.
>>
>> drwxr-xr-x2 wbchmura wbchmura 4096 Jun 15 01:17 testdir
>> drwxrwxr-x2 wbchmura wbchmura 4096 Jun 15 00:10 tmp
>>
>> If I change the rights on a directory to 777 it works fine.
>>
>> Do symlinks affect anyting?  The path to my share is a symlink of
>> /home -> /raid1/home
>>
>> I tried coding in /raid1/home and it seemed to not change anything
>>
>> Here are some log files.
>> Let me know if I forgot anything...
>>
>> Thanks
>>
>> Logon##
>>
>> [2004/06/15 01:24:17, 3] smbd/oplock.c:init_oplocks(1226)
>>   open_oplock_ipc: opening loopback UDP socket.
>> [2004/06/15 01:24:17, 3]
>> smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel
>> oplocks enabled
>> [2004/06/15 01:24:17, 3] smbd/oplock.c:init_oplocks(1257)
>>   open_oplock ipc: pid = 22982, global_oplock_port = 32907
>> [2004/06/15 01:24:17, 3] lib/access.c:check_access(313)
>>   check_access: no hostnames in host allow/deny list.
>> [2004/06/15 01:24:17, 2] lib/access.c:check_access(324)
>>   Allowed connection from  (192.168.0.99)
>> [2004/06/15 01:24:17, 3] smbd/process.c:process_smb(890)
>>   Transaction 0 of length 183
>> [2004/06/15 01:24:17, 3] smbd/process.c:switch_message(685)
>>   switch message SMBnegprot (pid 22982)
>> [2004/06/15 01:24:17, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>>   Requested protocol [PC NETWORK PROGRAM 1.0]
>> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>>   Requested protocol [MICROSOFT NETWORKS 1.03]
>> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>>   Requested protocol [MICROSOFT NETWORKS 3.0]
>> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>>   Requested protocol [LANMAN1.0]
>> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>>   Requested protocol [LM1.2X002]
>> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>>   Requested protocol [DOS LANMAN2.1]
>> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>>   Requested protocol [Samba]
>>
>>  cd into sharepoint and testdir and touch "newtest"#
>> [2004/06/15 01:26:29, 3] smbd/process.c:process_smb(890)
>>   Transaction 36 of length 80
>> [2004/06/15 01:26:29, 3] smbd/process.c:switch_message(685)
>>   switch message SMBtrans2 (pid 22982)
>> [2004/06/15 01:26:29, 3]
>> smbd/trans2.c:call_trans2qfilepathinfo(2331)
>> call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 512
>> [2004/06/15 01:26:29, 3]
>> smbd/trans2.c:call_trans2qfilepathinfo(2362)
>> call_trans2qfilepathinfo . (fnum = -1) level=512 call=5 total_data=0
>> [2004/06/15 01:26:31, 3] smbd/process.c:process_smb(890)
>>   Transaction 37 of length 80
>> [2004/06/15 01:26:31, 3] smbd/process.c:switch_message(685)
>>   switch message SMBtrans2 (pid 22982)
>> [2004/06/15 01:26:31, 3]
>> smbd/trans2.c:call_trans2qfilepathinfo(2331)
>> call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 512
>> [2004/06/15 01:26:31, 3]
>> smbd/trans2.c:call_trans2qfilepathinfo(2362)
>> call_trans2qfilepathinfo . (fnum = -1) level=512 call=5 total_data=0
>> [2004/06/15

RE: [Samba] Please help

[mbc]

>I am using Redhat Linux 9 and configured it as Samba sever.When I tried to
>open files on windows network an error message is coming like "Cannot open
>files in Samba locations, you can copy those files and try to open in the
>linux machine".

Hi Anil. Can you show us your smb.conf file? Also, what does the EXACT error
message say that Windows is giving you?

Matthew
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Please help

[Jean LEE]

Hi,

What is your smb.conf file?

Jean
- Original Message - 
From: "Anil Thomas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 15, 2004 10:59 AM
Subject: [Samba] Please help


Hi,
 
I am using Redhat Linux 9 and configured it as Samba sever.When I tried to
open files on windows network an error message is coming like "Cannot open
files in Samba locations, you can copy those files and try to open in the
linux machine".
 
Why is it like that? Can you offer any ways to change this?
 
Thanking you,
 
Anil.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] listenning on interfaces

[Jean LEE]

Hi,

Thanks for your answer. I'm surprised.
There's no way in smb.conf to tell : "I don't want that nmbd listens on
0.0.0.0/0" ?

Regards,

Jean

- Original Message - 
From: "Thomas Werner" <[EMAIL PROTECTED]>
To: "Jean LEE" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, June 15, 2004 11:00 AM
Subject: Re: [Samba] listenning on interfaces


> maybe iptables? but dont forget to open some ports for the clients:
>
> 111.tcp
> 137.udp
> 138.udp
> 139.tcp
> 22.tcp
> .udp
> 445.tcp
> 631.tcp
> 67.udp
> 80.tcp
> and maybe 88.tcp for ads
>
> for example on a share connect. the xp clients look for a webserver on 80
to
> show the folder/drive content, the same for port . if you drop the
> packets, the home drive is slow, because the client timed out and get no
> answer for special kind of service/feature.
>
> cheers tom
>
> On 15.06.2004 10:11 Uhr, "Jean LEE" <[EMAIL PROTECTED]> wrote:
>
> > Hello,
> >
> > I am new to samba and i would to well secure it.
> >
> > In smb.conf, I entered the following lines :
> >
> > hosts allow = 192.168.0.2 127.0.0.1
> > hosts deny = 0.0.0.0/0
> > bind interfaces only = yes
> > interfaces = eth0 lo
> >
> > I thought that it would only listens on the local machine and my
internal Lan
> > (which is on eth0 192.168.0.1) but nmbd seems to always listen on
UDP/137 and
> > UDP/138 (netbios-ns and netbios-dgm) on 0.0.0.0/0. Here is the output of
> > netstat :
> >
> > [EMAIL PROTECTED] user]# netstat -taup
> > Active Internet connections (servers and established)
> > Proto Recv-Q Send-Q Local Address Foreign Address
> > State PID/Program name
> > tcp 0 0 192.168.0.1:netbios-ssn *:*
> > LISTEN 3800/smbd
> > tcp 0 0 ServeurLinu:netbios-ssn *:*
> > LISTEN 3800/smbd
> > tcp 0 0ServeurLinux:ipp*:*
> > LISTEN 3707/cupsd
> > tcp 0 0 192.168.0.:microsoft-ds *:*
> > LISTEN 3800/smbd
> > tcp 0 0 ServeurLin:microsoft-ds *:*
> > LISTEN 3800/smbd
> > udp 0 0192.168.0.1:netbios-ns *:*
> > 3804/nmbd
> > udp 0 0*:netbios-ns *:*
> > 3804/nmbd
> > udp 0 0 192.168.0.1:netbios-dgm *:*
> > 3804/nmbd
> > udp 0 0 *:netbios-dgm
*:*
> > 3804/nmbd
> >
> >
> > What is netbios-ns and netbios-dgm? I would prefer that nmbd doesn't
listen on
> > *:netbios-ns and *:netbios-dgm because I will connect my server to the
> > internet through eth1 10.0.0.1. How can I do it?
> >
> > Thanks for any help.
> >
> > Jean Lee.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
> Dipl. Betriebswirt(BA) f. Inf. Thomas Werner
> Webmaster / Network Administrator
> ESMT European School of Management and Technology GmbH
> Schlossplatz 1
> D-10178 Berlin
> Germany
>
> Tel: +49 (0)30 21231 - 1085
> Fax: +49 (0)30 21231 - 9
> E-mail: [EMAIL PROTECTED]
> Web: http://www.esmt.org
>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cant create in a subdirectory... <- the plot thickens

[Bill Chmura]

I just noticed that even though I can go into a subdirectory and not create a 
file, I can update it with touch...  Does that make sense?  I would think I 
would need write permission to do that... in that case, why can't I create?

Ag





On Tuesday 15 June 2004 02:31 am, Bill Chmura wrote:
> I've battled this one for a few days now and its costing my sanity so I am
> hoping that someone here has an answer
>
> I am running the samba server 3.0.4 on a linux 2.4.25 server.
>
> I can connect to my share point and authenticate fine
>
> I can create files or directories in the root of the sharepoint fine
>
> I can go into subdirectories and look at all the files...
>
> But I cannot create in any directories below the sharepoint!  If I do a
> touch filename I get a Permission Denied.  But I can do it in the root of
> my sharepoint.  I have several like this.
>
> Here is my fstab entry on my client box:
> 
> //modok/wbchmura/home/wbchmura/mnt/wbchmura smbfs
> rw,users,owner,noauto,username=wbchmura,password=,uid=500,gid=500  
> 0 0
> ---
> And a chunk of my smb.conf file
>
> [wbchmura]
> comment = Bill's directory
> path = /home/wbchmura
> valid users = wbchmura
> public = no
> writable = yes
> read only = no
> printable = no
>
> The uid and gif match the wbchmura uid and gid on the file server.  In the
> sharepoint all of the files and directories are set accordingly.
>
> drwxr-xr-x2 wbchmura wbchmura 4096 Jun 15 01:17 testdir
> drwxrwxr-x2 wbchmura wbchmura 4096 Jun 15 00:10 tmp
>
> If I change the rights on a directory to 777 it works fine.
>
> Do symlinks affect anyting?  The path to my share is a symlink of
> /home -> /raid1/home
>
> I tried coding in /raid1/home and it seemed to not change anything
>
> Here are some log files.
> Let me know if I forgot anything...
>
> Thanks
>
> Logon##
>
> [2004/06/15 01:24:17, 3] smbd/oplock.c:init_oplocks(1226)
>   open_oplock_ipc: opening loopback UDP socket.
> [2004/06/15 01:24:17, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303)
>   Linux kernel oplocks enabled
> [2004/06/15 01:24:17, 3] smbd/oplock.c:init_oplocks(1257)
>   open_oplock ipc: pid = 22982, global_oplock_port = 32907
> [2004/06/15 01:24:17, 3] lib/access.c:check_access(313)
>   check_access: no hostnames in host allow/deny list.
> [2004/06/15 01:24:17, 2] lib/access.c:check_access(324)
>   Allowed connection from  (192.168.0.99)
> [2004/06/15 01:24:17, 3] smbd/process.c:process_smb(890)
>   Transaction 0 of length 183
> [2004/06/15 01:24:17, 3] smbd/process.c:switch_message(685)
>   switch message SMBnegprot (pid 22982)
> [2004/06/15 01:24:17, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>   Requested protocol [PC NETWORK PROGRAM 1.0]
> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>   Requested protocol [MICROSOFT NETWORKS 1.03]
> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>   Requested protocol [MICROSOFT NETWORKS 3.0]
> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>   Requested protocol [LANMAN1.0]
> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>   Requested protocol [LM1.2X002]
> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>   Requested protocol [DOS LANMAN2.1]
> [2004/06/15 01:24:17, 3] smbd/negprot.c:reply_negprot(455)
>   Requested protocol [Samba]
>
>  cd into sharepoint and testdir and touch "newtest"#
> [2004/06/15 01:26:29, 3] smbd/process.c:process_smb(890)
>   Transaction 36 of length 80
> [2004/06/15 01:26:29, 3] smbd/process.c:switch_message(685)
>   switch message SMBtrans2 (pid 22982)
> [2004/06/15 01:26:29, 3] smbd/trans2.c:call_trans2qfilepathinfo(2331)
>   call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 512
> [2004/06/15 01:26:29, 3] smbd/trans2.c:call_trans2qfilepathinfo(2362)
>   call_trans2qfilepathinfo . (fnum = -1) level=512 call=5 total_data=0
> [2004/06/15 01:26:31, 3] smbd/process.c:process_smb(890)
>   Transaction 37 of length 80
> [2004/06/15 01:26:31, 3] smbd/process.c:switch_message(685)
>   switch message SMBtrans2 (pid 22982)
> [2004/06/15 01:26:31, 3] smbd/trans2.c:call_trans2qfilepathinfo(2331)
>   call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 512
> [2004/06/15 01:26:31, 3] smbd/trans2.c:call_trans2qfilepathinfo(2362)
>   call_trans2qfilepathinfo . (fnum = -1) level=512 call=5 total_data=0
> [2004/06/15 01:26:31, 3] smbd/process.c:process_smb(890)
>   Transaction 38 of length 87
> [2004/06/15 01:26:31, 3] smbd/process.c:switch_message(685)
>   switch message SMBtrans2 (pid 22982)
> [2004/06/15 01:26:31, 3] smbd/trans2.c:call_trans2qfilepathinfo(2331)
>   call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 512
> [2004/06/15 01:26:31, 3] smbd/trans2.c:call_trans2qfilepathinfo(2362)
>   call_trans2qfilepathinfo testdir (fnum = -1) lev

Re: [Samba] PRINT$ Problems

[Paul Espinosa]

What I've found with point and print is that some drivers don't like to play
with it on Samba.  I tried installing a Brother (don't remember exact model)
on point and print and got a similar protection fault.  A while later I was
able to get a Xerox N17 working so easy I had to check twice that it was
really working.

I came to a conclusion that it had something to do with the way the
individual printer drivers interact with Samba.

Nothing I ever did got the Brother to work with point and print on Samba.

-- 
Paul Espinosa
[EMAIL PROTECTED]
IT Supervisor
The World Company
785/312-6912


.[ Aaron Goodman wrote ]
|  
|  
|  I have been trying to setup point and print on a debian testing box.  I
|  have a HP5550 printer and am trying to install the drivers through the
|  add printer wizard, the drivers appeared to install fine.  Afterwards I
|  right clicked on the printer and clicked connect, per the SAMBA howto,
|  this also appeared to work.  When I tried to enter the properties screen
|  of the local printer or on the share I get the following error message:
|  "Function address 0x60630d26 caused a protection fault. (exception code
|  0xc005)
|  Some or all property page(s) may not be displayed)."
|  After the error message comes up, the properties window does not open.  I
|  cannot print either.
|  
|  Here is the relavent section from my smb.conf:
|  
|  -
|  [printers]
| comment = All Printers
| browseable = yes
| printable = yes
| path = /tmp
| writable = yes
| create mode = 0700
|  
|  [print$]
| path = /etc/samba/drivers
| browsable = no
| guest ok = yes
| read only = yes
| write list = aaron root
|  --
|  
|  Thanks,
|  Aaron Goodman
|  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] File corruption

[mbc]

>Now, about once every week or so, we get a file corruption, and last week
(even after
>upgrading some NICs) seemed to be even worse, with 5 or 6 problems.
>Because we had no problems before changing servers, I think hardware errors
>are probably not to blame,

Hi Warren!

Unfortunately, I don't know that I have a good answer for you, but I
thought I'd share this. We too have been experiencing EXACTLY what you have
described this past two weeks...seemingly random file corruption. We're
running Samba 3 on a RedHat Linux 9.0 box. We temporarily switched to NFS
but that turned out to be more of a nightmare than Samba (for us anyway).
Finally, after googling for hours and posting to this list, we decided to
try and trouble shoot the problem on a lower level the best we knew how.
There are three main things you can try that might reveal some clues
as to what's going on. Maybe you've tried them already.

1) Use strace to start smbd or attach it to a already running child process.
If you have a general idea of when or under what circumstances these
corruptions occurr, that would be a good time to fire it off because it
spits out a insane amount of data.
2) Turn Samba's log level to 3. Again, do that around the time you think
corruptions may occurr. Logging level 3 is VERY intense on your server and
will definately effect performance.
3) Use ethereal to capture and examine the network traffic. Look through the
SMB packets and see what you can see.

Of course, all those things really only help if you can reproduce
the problem to some degree. We had our hopes set high on strace, but after
having experienced a known kernel bug, we could not use it. Since we had
spent so much time on the problem, we upgraded to RedHat Enterprise
Edition...all the problems vanished immediately.

Hope this helps a little!

Matthew Connor
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Sage Production requires re-registration each day

[Jason Windmill]

Hello everyone,

 

My client is running FreeBSD 5.0, Samba 2.28 and using Sage production 3.6.

 

I'm having a problem in that each day the company must re-enter the Sage
serial number to re-register the product. Having done this the package will
work correctly for the remainder of the day.

 

The Sage support team have informed me that this is caused by time settings
on the file "aclient.dbf" and directed me to this link
http://www.oreilly.com/catalog/samba/chapter/book/ch08_01.html 

 

After adding the options below the problem remains.

Dos filetimes = yes

Dos filetime resolution = yes 

 

Sage are not willing to modify their package as it doing exactly what it's
meant to, the issue is with the Windows emulation (Samba). However they are
willing to assist in resolving the problem because they have anther two
other clients in the same position.

 

I've previously posted this problem on "Experts Exchange" and got zero
comments backs.

 

Regards,

Jase

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Connecting HOME-Drives

[Paul Gienger]

Let me see if I follow you here... you want 3 drives connected 
simultaneously with 3 different users?  If that's the case then you 
can't do that, you open one session with the server which can have one 
user specified.

This isn't a limitation of Samba, if you try to connect windows to 
windows in situations where you need to change your username you'll see 
an error about conflicting credentials.

Schmidt, Thomas wrote:
Hello,
we are using SAMBA 2.20 on Sun Solaris 8 and we provide all the HOME-Drives
for the Users:
Configuration:
# Samba config file created using SWAT
# from UNKNOWN (161.63.17.34)
# Date: 2004/06/15 08:42:27
# Global parameters
[global]
workgroup = MYGROUP
server string = Samba Server
log file = /var/adm/sambalog.%m
max log size = 50
dns proxy = No
[homes]
comment = Home Directories
read only = No
create mask = 0775
case sensitive = Yes
browseable = No
[printers]
path = /tmp
printable = Yes
browseable = No
Problem:
If we try to connect to different Home-Section on the same Server, all
Connections will be done with the same User ( of the first connection)
instead of using the individual for the Home-Drive.
Example:
User-Connection:John, Peter and Steve
Home-Pathes:/home/John
/data/Peter
/usr2/Steve
All Connections setup on W2k or WXP configured to use the individual User
(Connect as). But after reboot the PC, the connections are all made with the
first User.
=> Wich configuration have to be changed?
Thanks.
Thomas Schmidt
ArvinMeritor
[EMAIL PROTECTED]
 

--
Paul Gienger Office:701-281-1884
Applied Engineering Inc. Cell:  701-306-6254
Information Systems Consultant   Fax:   701-281-1322
URL: www.ae-solutions.commailto:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Linux + Active Directory Integration

[Milind Talekar]

Hi All,

  I am currently trying to authenticate Windows AD users from Linux
Workstations, I am able to autheticate the Windows users using LDAP but
can anybody suggest a way of mounting the windows home directory on
Linux workstations automatically using samba. The windows users using
profiles which are shared on a windows partition


Any help regarding this is very much helpful

Thanks 

Milind Talekar

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + ACL backup solution

[Hamish]

I did not know that webmin had a module to backup files as well as ACLs 
(all i could find was a dump module), could you give me a url to get the 
module from pls?

Stephen Kuhn wrote:
On Tue, 2004-06-15 at 21:42, Hamish wrote:
 

Hello all
I am looking for a good backup solution for samba shares, I do not mean 
to start a jihad between rival backup religions, but I would appreciate 
any suggestions.
I have tried star and love it, unfortunately there does not seem to be a 
gui or any frontend that can be used with it (it needs to be available 
to a couple of GUI-only (read as windows admin) people).
Thanks again,
Hamish
   

Er, Hamish - what about using Webmin - which can be accessed from any
machine, any browser, any OS on the network...eh?
stephen kuhn - proprietor
==
illawarra computer services
a kuhn media australia company
http://kma.0catch.com
mobile: 0410.728.389
--
21:46:59 up 2 days, 2:10, 4 users, load average: 0.27, 0.20, 0.13
--
 * This message was composed on a 100% Microsoft free computer *
 We expressly refuse to utilise Microsoft DRM encoded documents
--
This email is virus-free because we don't use Microsoft products
It is the business of the future to be dangerous. -- Hawkwind
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Réf. : [Samba] Samba + ACL backup solution

[Hamish]

Thanks, I will give it a try!
[EMAIL PROTECTED] wrote:

I use arkeia for backup.
It backup file and ACL.
http://www.arkeia.com
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467
|-+->
| |   Hamish <[EMAIL PROTECTED]>  |
| |   Envoyé par :  |
| |   [EMAIL PROTECTED]|
| |   s.samba.org   |
| | |
| | |
| |   15/06/2004 13:42  |
| | |
|-+->
 
>---|
 | 
  |
 |Pour :   Samba List <[EMAIL PROTECTED]>  
  |
 |cc : 
  |
 |Objet :  [Samba] Samba + ACL backup solution 
  |
 
>---|

Hello all
I am looking for a good backup solution for samba shares, I do not mean
to start a jihad between rival backup religions, but I would appreciate
any suggestions.
I have tried star and love it, unfortunately there does not seem to be a
gui or any frontend that can be used with it (it needs to be available
to a couple of GUI-only (read as windows admin) people).
Thanks again,
Hamish
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + ACL backup solution

[Stephen Kuhn]

On Tue, 2004-06-15 at 21:42, Hamish wrote:
> Hello all
> I am looking for a good backup solution for samba shares, I do not mean 
> to start a jihad between rival backup religions, but I would appreciate 
> any suggestions.
> I have tried star and love it, unfortunately there does not seem to be a 
> gui or any frontend that can be used with it (it needs to be available 
> to a couple of GUI-only (read as windows admin) people).
> Thanks again,
> Hamish

Er, Hamish - what about using Webmin - which can be accessed from any
machine, any browser, any OS on the network...eh?

stephen kuhn - proprietor
==
illawarra computer services
a kuhn media australia company
http://kma.0catch.com
mobile: 0410.728.389
--
21:46:59 up 2 days, 2:10, 4 users, load average: 0.27, 0.20, 0.13
--
  * This message was composed on a 100% Microsoft free computer *
  We expressly refuse to utilise Microsoft DRM encoded documents
--
This email is virus-free because we don't use Microsoft products

It is the business of the future to be dangerous. -- Hawkwind

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba + ACL backup solution

[Hamish]

Hello all
I am looking for a good backup solution for samba shares, I do not mean 
to start a jihad between rival backup religions, but I would appreciate 
any suggestions.
I have tried star and love it, unfortunately there does not seem to be a 
gui or any frontend that can be used with it (it needs to be available 
to a couple of GUI-only (read as windows admin) people).
Thanks again,
Hamish
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Please help

[Anil Thomas]

Hi,
 
I am using Redhat Linux 9 and configured it as Samba sever.When I tried to
open files on windows network an error message is coming like "Cannot open
files in Samba locations, you can copy those files and try to open in the
linux machine".
 
Why is it like that? Can you offer any ways to change this?
 
Thanking you,
 
Anil.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba-3.0.4 acl problem in windows shares

[Prajjwal P. Devkota]

Hi everyone

I've been trying to setup samba file sharing with acl support for the 
past few days. I recompiled my kernel with acl support, and have verified 
that setfacl and getfacl are working properly.

I compiled samba on my test machine with acl enabled, and was able to 
access and create files.  However, I cannot grant additional users 
permissions on the shared files, or modify the acls from my windows xp 
professional computer.  I had initially tried  the setup without samba 
functioning as a domain controller.  However, suspecting that it might be a 
domain related problem, I set it up to be a PDC.

I am still getting either a "permission denied" message or a "multiple 
connections to server from same account not allowed" when I try to modify the 
share acls from a windows xp/2000 box, and I am getting the following 
messages in the machine log for samba:

[2004/06/15 14:52:02, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(529)
  Doing spnego session setup
[2004/06/15 14:52:02, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(560)
  NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] 
PrimaryDomain=[]
[2004/06/15 14:52:02, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
  Got user=[praj] domain=[PRAJCOMP] workstation=[PRAJCOMP] len1=24 len2=24


I have seen similar problems when going through internet mailing 
lists, but have not been able to get much help from the replies that were 
posted.  I initially had a problem with group mappings, and apparently fixed 
it after mapping the groups wheel and users.  My logs do not complain about 
NT not liking the group not being a domain group, but I still get a 
permission denied when trying to set acl permissions on file shares.

Its my first experience with samba as a PDC as well as with samba 
acls, so I would be highly appreciative of any help that you could offer.

I've attached my basic configuration at the end of this letter, hope 
it is descriptive enough.

Thanking you in advance
Prajjwal


Linux kernel: 2.4.24 ( with acl patch from acl.bestbits.at )

Samba version: samba-3.0.4

samba compile options:
 ./configure --with-acl-support --with-smbmount --with-quotas --with-ads

smb.conf file:
[global]
workgroup = SYSTEMS
realm = SYSTEMS
server string = BRIDGE
smb passwd file = /etc/samba/smbpasswd
log file = /var/log/samba/%m.log

max log size = 50
acl compatibility = win2k
nt acl support = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = Yes
preferred master = Yes
local master = Yes
domain master = Yes
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s 
/bin/false -M %u
os level = 64
security = user

idmap uid = 1-2
idmap gid = 1-2
map acl inherit = Yes
log level = 3

[IPC$]
path = /tmp

[homes]
comment = Home Directories
read only = No
writeable = Yes

[commonshares]
comment = Common shares
read only = Yes
writeable = Yes
path = /sambasharing

[netlogon]
 comment = Network Logon Service
  path = /home/netlogon
  read only = yes
  write list = administrator
  public = no
  guest ok = yes
  browseable = yes
  writeable = no
  locking = no
  create mask = 0644
  directory mask = 0755

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: AW: [Samba] strange copy speed

[Götz Reinicke]

Hi,
this sounds a litle bit to complicate to me, how to do this or what do 
you mean exactly?

Regards
Götz

Masopust Christian schrieb:
Hello Götz,
could you do a closer look at your smbd (maybe with truss or strace)
to see what exactly happens? or maybe it would be enough to watch
traffic between your client and server (and traffic between your
server and nameserver, domaincotroler (if involved))
best regards,
chris
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Auftrag von Götz Reinicke
Gesendet: Montag, 14. Juni 2004 14:05
An: [EMAIL PROTECTED]
Betreff: Re: [Samba] strange copy speed

Imre, Nagy Jr. schrieb:
 >>To copy the files on the server from the client tooks also about 40
 >>minutes!
 >>
 >>To copy the files on the server beeing loged in by ssh tooks about 2 
sec.
 >>
 >>Anny ideas what could be wrong??
 >
 >
 > I might be wrong, but asymetric speed is most often caused by improper
 > auto-negotation. Try to set speed on interfaces manually if You can 
do so.

Hi,
I don't think that this could be the problem, because if I copy the same
files from the same client to the same server using netatalk on the
server side or using scp gives me the same speed in both directions (+-
5 sec./100MB)
Regards.
Götz
--
Götz Reinicke
IT Koordinator - IT OfficeNet
Tel. +49 (0) 7141 - 969 420
Fax  +49 (0) 7141 - 969 55 420
[EMAIL PROTECTED]
Filmakademie Baden-Württemberg
Mathildenstr. 20
71638 Ludwigsburg
www.filmakademie.de
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
Götz Reinicke
IT Koordinator - IT OfficeNet
Tel. +49 (0) 7141 - 969 420
Fax  +49 (0) 7141 - 969 55 420
[EMAIL PROTECTED]
Filmakademie Baden-Württemberg
Mathildenstr. 20
71638 Ludwigsburg
www.filmakademie.de
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Automatic ADS server fallback

[Alex de Vaal]

Dear list,

I have a question about automatic ADS server fallback of a Samba domain member
in a W2k3 environment.

I describe now a little our real production ADS environment;

Madrid: 2 W2k3 ADS servers (ADM01 and ADM02) in a cluster; both are a global
catalog server in the .COM realm.
Berlin; 1 W2k3 ADS server (ADM03); is also a global catalog server in the
.COM realm.

The ADS servers in Madrid and Berlin are replicated.

Düsseldorf; RHL9 server with Samba 3.0.4 (compiled with MIT 1.3.1-7 and CUPS)
as a domain member of the .COM realm. Winbind and Kerberos are used as
authentication method against ADS.

Connections between the various sites: Intranet, 128 Kb/s


The RHL9 server in Düsseldorf is joined to the domain and is working properly. XP
clients in Düsseldorf logon to the ADS domain and via the login script they’ll get 
their
shares on the local Samba server and this works fine.
Normally the Samba server is communicating with the ADM03 server in Berlin (The
1st DNS server is the ADM03 server; ADS is configured that clients and domain
members in the subnet of Düsseldorf first contact the ADS server in Berlin).

Question:
How can I configure Samba 3.0.4 that an automatic ADS server fallback is executed
if the connection with the ADS server in Berlin fails?
In other words; when communication with the ADM03 server fails, Samba must
automatically contact the ADM01 or ADM03 server in Madrid for its ADS queries.

I already used the entry “ password server = adm03..com, adm02..com,
* ” in my smb.conf file.
My krb5.conf file doesn’t exist, because MIT 1.3.1 searches its KDC servers via
DNS, or must I specify for Kerberos also a fallback?

The winbind cache time is default (300 sec). Must I specify a larger value (e.g. 900
sec.) on remote sites with a relative slow connection?

Thanx for any suggestion,
Alex.

Here is my smb.conf file (only the global section):

# Global parameters
[global]
workgroup = 
realm = .COM
server string = %h server (Samba %v)
security = ADS
password server = adm03..com, adm01..com, *
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u
domain master = No
dns proxy = No
idmap uid = 1-2
idmap gid = 1-2
template homedir = /data/hom/%U
template shell = /bin/bash
printer admin = root, '@.COM\Domain Admins',
@.COM\DEP_ADMIN_GERMANY
oplocks = No
level2 oplocks = No


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] vBulletin Issue - Do you? [SID-192982-7b7b7ec0]

[vBulletin Support Team]

Hello,

Your email has been received, and your query has been logged into
the vBulletin issue system.  A representative will be in touch
within 2 working days.

To view your query (and post followups), please visit this page:
http://www.vbulletin.com/contact/issue.php?issueid=192982&authcode=7b7b7ec0

If you would like to post a followup (or reply) to your query via
email, please email mailto:[EMAIL PROTECTED] being sure to
include this text in the subject:
[SID-192982-7b7b7ec0]

Thanks,

James Limm
vBulletin Support Team

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange problem with 3.0.4

["Olaf Eichhorn, Vermessungsbüro Pfeifer"]

Hi Collen,
it seems to be the same bug that prevents the NT-Backuptool and others 
(like robocopy and Macromedia Homesite) to work. :-(

https://bugzilla.samba.org/show_bug.cgi?id=1345
and https://bugzilla.samba.org/show_bug.cgi?id=1404
I hope there will be an fixed official release soon.
Olaf
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Password problems with Samba-3.0.4

[Matthias Spork]

Chris Hunter schrieb:
I'm apparently not the first person to have this problem, but I can't
find a fix for it anywhere on the web, or in Usenet.
Here's the scenario:
I upgraded from 2.2.8a to 3.0.4 during a recent hardware move.
All of my client machines are connecting properly, but my users can't
change passwords from their WinXP clients now. (Client error message
is
"bad username or incorrect old password".)
 

Please post the output of
pdbedit --account-policy="min password length"

This happens with any user account, including newly created test
accounts.
I already have 'encrypt passwords = yes' in my smb.conf file, and
I've
applied all the patches to the client machine, as well as the
"require_sign_or_seal" registry hack.
 

You don't have to do this.
I've manually set the password from the console, and I can login
using
that password, so it's definitely not something as simple as the new
password being thrown out by PAM.
If this weren't a binary install from the latest samba.org RPM file,
I'd
suspect that one of the executables or libraries were corrupted.  Any
help would be appreciated.
 

matze
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] listenning on interfaces

[Thomas Werner]

maybe iptables? but dont forget to open some ports for the clients:

111.tcp
137.udp
138.udp
139.tcp
22.tcp
.udp
445.tcp
631.tcp
67.udp
80.tcp
and maybe 88.tcp for ads

for example on a share connect. the xp clients look for a webserver on 80 to
show the folder/drive content, the same for port . if you drop the
packets, the home drive is slow, because the client timed out and get no
answer for special kind of service/feature.

cheers tom

On 15.06.2004 10:11 Uhr, "Jean LEE" <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> I am new to samba and i would to well secure it.
> 
> In smb.conf, I entered the following lines :
> 
> hosts allow = 192.168.0.2 127.0.0.1
> hosts deny = 0.0.0.0/0
> bind interfaces only = yes
> interfaces = eth0 lo
> 
> I thought that it would only listens on the local machine and my internal Lan
> (which is on eth0 192.168.0.1) but nmbd seems to always listen on UDP/137 and
> UDP/138 (netbios-ns and netbios-dgm) on 0.0.0.0/0. Here is the output of
> netstat :
> 
> [EMAIL PROTECTED] user]# netstat -taup
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State PID/Program name
> tcp 0 0 192.168.0.1:netbios-ssn *:*
> LISTEN 3800/smbd
> tcp 0 0 ServeurLinu:netbios-ssn *:*
> LISTEN 3800/smbd
> tcp 0 0ServeurLinux:ipp*:*
> LISTEN 3707/cupsd
> tcp 0 0 192.168.0.:microsoft-ds *:*
> LISTEN 3800/smbd
> tcp 0 0 ServeurLin:microsoft-ds *:*
> LISTEN 3800/smbd
> udp 0 0192.168.0.1:netbios-ns *:*
> 3804/nmbd
> udp 0 0*:netbios-ns *:*
> 3804/nmbd
> udp 0 0 192.168.0.1:netbios-dgm *:*
> 3804/nmbd
> udp 0 0 *:netbios-dgm *:*
> 3804/nmbd
> 
> 
> What is netbios-ns and netbios-dgm? I would prefer that nmbd doesn't listen on
> *:netbios-ns and *:netbios-dgm because I will connect my server to the
> internet through eth1 10.0.0.1. How can I do it?
> 
> Thanks for any help.
> 
> Jean Lee.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 

Dipl. Betriebswirt(BA) f. Inf. Thomas Werner
Webmaster / Network Administrator
ESMT European School of Management and Technology GmbH
Schlossplatz 1
D-10178 Berlin 
Germany 

Tel: +49 (0)30 21231 - 1085
Fax: +49 (0)30 21231 - 9
E-mail: [EMAIL PROTECTED]
Web: http://www.esmt.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbclient authentication with Suse 9.1

[Ian Stuart]

I have Samba 2.2 running on a Suse 8.1 box.  
  
 I have just built a 9.1 client and want to use Samba authentication. It all 
set up very nicely in YAST (saw the domain and joined the domain) but I cannot 
log in. Domain users are not appearing at the logon prompt and, if I try to 
type user name and password, I get no success.  
  
 I am convinced this is a problem on the client side as we have a number of 
other clients authenticating correctly - Win XP, Win NT4 and Xandros.  
  
 Help please 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] A small "thank you" for the samba-docs.

[malte . mueller]

I attended the Samba-tutorial at the last sambaXP and was lucky to receive a
copy of the "Samba by example" book.
The samba-server did always work as expected/configured for some years now, but
the hints provided by chapter 6 "making users happy" are invaluable. As pupils
log in here every 90 Minutes the load was quite high (ldap, ~7000 accounts,
P-III 1GHz). It has gone down significantly from something between 1 and 1.5 to
roughly 0.5 (as shown by "top") after using folder redirection!
I assume this is due to fewer access-rights look-up. As a side effect, the
loading of profiles is also a bit faster.

Thanks to the Samba-team,

Malte Müller
BBS I Emden

--
Powered by EWE TEL

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] listenning on interfaces

[Jean LEE]

Hello,

I am new to samba and i would to well secure it.

In smb.conf, I entered the following lines :

hosts allow = 192.168.0.2 127.0.0.1
hosts deny = 0.0.0.0/0
bind interfaces only = yes
interfaces = eth0 lo

I thought that it would only listens on the local machine and my internal Lan (which 
is on eth0 192.168.0.1) but nmbd seems to always listen on UDP/137 and UDP/138 
(netbios-ns and netbios-dgm) on 0.0.0.0/0. Here is the output of netstat :

[EMAIL PROTECTED] user]# netstat -taup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State 
PID/Program name
tcp 0 0 192.168.0.1:netbios-ssn *:*
 LISTEN 3800/smbd
tcp 0 0 ServeurLinu:netbios-ssn *:*
 LISTEN 3800/smbd
tcp 0 0ServeurLinux:ipp*:* 
LISTEN 3707/cupsd
tcp 0 0 192.168.0.:microsoft-ds *:*
 LISTEN 3800/smbd
tcp 0 0 ServeurLin:microsoft-ds *:*
 LISTEN 3800/smbd
udp 0 0192.168.0.1:netbios-ns *:*  
   3804/nmbd
udp 0 0*:netbios-ns *:*
 3804/nmbd
udp 0 0 192.168.0.1:netbios-dgm *:*
 3804/nmbd
udp 0 0 *:netbios-dgm *:*  
  3804/nmbd


What is netbios-ns and netbios-dgm? I would prefer that nmbd doesn't listen on 
*:netbios-ns and *:netbios-dgm because I will connect my server to the internet 
through eth1 10.0.0.1. How can I do it?

Thanks for any help.

Jean Lee.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] pdbedit - RID for machine accounts

[Gunnar Norling]

Hi,

I've tried to search for the problem on the lists without finding a
solution.

I'm trying to recreate a crashed PDC system on a new system with samba
3.0.4. It is a small domain and I use tdbsam as a backend. No LDAP (yet ;).
I could actually retrieve the old SIDs from a backup file, and also the
smb.conf file. All other files was though lost :(

I managed to give the new domain (PDC) the same SID as the previous using

$ net setlocalsid 

Now I want to add previous machines into the domain. Because I know the
machine SIDs I thought I could do something like this:

$ adduser $ -g machines
$ pdbedit -a -u  -m -U S-1-5-21-xx-xx-xx-

Using the SID from my backup. The entry is added but the SID is not the one
I entered! It seams as if pdbedit uses it own mechanism, even though I enter
a SID manually. Am I missing something? 

I actually manage to recreate users with this approach, i.e. using the SIDs
from may stored file. And also, rejoining using the "Network Identification"
applet in the client machine.

Sincerly
/norling
  


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] interresting behavior

[Arno Seidel]

Hi List,

i´ve a interesting problem on a samba share:

[data]

comment = Datas for al users
path = /space/data
read only = no
browse able = yes
create mask = 0777
force crate mask = 0777


whe i logon my samba-domain with any windows-client and create in that
share a file then the user-permisions are set to : rwx rw- rw-
and only the owner of the file can edit it. everyotherone just can read it.
the same is when on that share a folder will be createtd with a file in it.

but when i add following to lines to the share definition:

directory mask = 0777
force group = users

then all users can edit the file

i thought that the directory mask option is only for new folders (created by
loggedin users)

do i something wrong with my permissions?
i´ve tested it on my own selfcompiled samba 3.0.0
and the shipped version from SuSE 9.0 (2.??) and its the same behavior.


regards

Arno Seidel


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba