date:20040713

Hi,
I have done a migration from Samba 2 to 3.0.4; and i have a very big 
problem with ACL.

I have a file own by a user drif and group informatique with ACL 
attributes and unix attributes rwxrwx--- :
-rwxrwx---+   1 drif informatique68096 2004-07-13 11:01 fiche 
de migration.xls

When an other user which is in informatique group modify this file, 
the new file is own by this user, but unix attribute for the user is 
set to read-only :
-r--rwx---+   1 jokic informatique68096 2004-07-13 11:01 fiche 
de migration.xls

This problem appear only with files that have ACL attribute.
In my smb.conf i have set for shares create mask = 0770 and force 
create mode = 0770, and with samba 2 it was working !!

Please help me with this very big problem, .. after modification users 
can only read there files !!
Thanks a lot for your help.

Regards,
--
Christophe Suire   [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: AW: [Samba] Domain logon against a Windows Server 2003 based AD

2004-07-13 Thread Marcus Franke

Hi, 
 
 Jul 13 11:06:56 linux winbindd[20394]: [2004/07/13 11:06:56, 0]  
 libsmb/cliconnect.c:cli_session_setup_spnego(724)  
 Jul 13 11:06:56 linux winbindd[20394]:   Kinit failed: Cannot find KDC 
for 
 requested realm  
 
I did some further investigations into this direction and found 
some possible misconfiguration in the krb5-workstation/server 
package config. 
 
my /etc/krb5.conf looks like this (looks good for my eyes): 
 
Interesting is, there are no logfiles in /var/log/kerberos 
Tought about touching them, but I don't know which rights 
and set of user.group for the files, so I did not do it. 
 
[logging] 
 default = FILE:/var/log/kerberos/krb5libs.log 
 kdc = FILE:/var/log/kerberos/krb5kdc.log 
 admin_server = FILE:/var/log/kerberos/kadmind.log 
 
[libdefaults] 
 ticket_lifetime = 24000 
 default_realm = IDEALTEC.LOCAL  
 default_tgs_enctypes = des-cbc-md5 
 default_tkt_enctypes = des-cbc-md5 
 permitted_enctypes = des3-hmac-sha1 des-cbc-crc 
 dns_lookup_realm = false 
 dns_lookup_kdc = false 
 kdc_req_checksum_type = 2 
 checksum_type = 2 
 ccache_type = 1 
 forwardable = true 
 proxiable = true 
 
[realms] 
 IDEALTEC.LOCAL = { 
  kdc = dc-hh-001.idealtec.local:88 
  admin_server = dc-hh-001.idealtec.local:749 
  default_domain = idealtec.local 
 } 
 
These parameters seem to be right, because in my dns zone there 
is a _kerberos._tcp.dc._msdcs.idealtec.local entry pointing to 
port 88. kdc is avail and working, as my two windows test clients 
can use the domain with no problem :( 
 
but, admin_server isnt quite clear to me, what does it mean? 
 
 
[domain_realm] 
 .idealtec.local = IDEALTEC.LOCAL 
 
[kdc] 
 profile = /etc/kerberos/krb5kdc/kdc.conf 
 
in this file, there was a small error, as there was 
still MANDRAKESOFT.COM as default domain, but I changed 
this to the correct value, but no change.. 
 
[pam] 
 debug = true 
 ticket_lifetime = 36000 
 renew_lifetime = 36000 
 forwardable = true 
 krb4_convert = false 
 
 [login] 
 krb4_convert = false 
 krb4_get_tickets = false 
 
 
Bye, 
Marcus 

-- 
pedo mellon a minno

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba-3.0.x: Strange problems with roaming profiles

2004-07-13 Thread Erlend Aasland

Hello

I've got some strange problems with Samba-3.0.4. When using roaming
profiles, keyboard layout is set to english (instead of norwegian) and a
lot of programs wont load correctly. Setting log level = 3 revealed a
lot of errors after the netlogon-script had executed (and all shares
correctly set up). I switched to log level = 10 to get a more detailed
view of these errors (show below). Most of the errors were for a lot of
*.com, *.exe or *.dll files. There were multiple error for desktop.ini
and wdmaud.drv. I've attached my previous post (to [EMAIL PROTECTED])
below.

I can provide more logs if needed. In the meantime I'll keep browsing
the logs.

Erlend Aasland

--- begin log --
change_to_user uid=(0,0) gid=(0,200)
vfs_ChDir to /home/erlend-a
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
unix_convert called on file SETUPAPI.DLL
stat_cache_lookup: lookup failed for name [SETUPAPI.DLL]
unix_convert begin: name = SETUPAPI.DLL, dirpath = , start =
SETUPAPI.DLL
is_mangled SETUPAPI.DLL ?
is_mangled_component SETUPAPI.DLL (len 12) ?
is_mangled SETUPAPI.DLL ?
is_mangled_component SETUPAPI.DLL (len 12) ?
is_in_path: src
is_in_path: no name list.
is_in_path: .bash_history
is_in_path: no name list.
is_in_path: PUTTY.RND
is_in_path: no name list.
is_in_path: .ssh
is_in_path: no name list.
is_in_path: .viminfo
is_in_path: no name list.
is_in_path: .tcshrc
is_in_path: no name list.
is_in_path: wordlist
is_in_path: no name list.
is_in_path: .links
is_in_path: no name list.
is_in_path: shares
is_in_path: no name list.
is_in_path: log
is_in_path: no name list.
is_in_path: snmp
is_in_path: no name list.
is_in_path: snmp-manager
is_in_path: no name list.
is_in_path: .DS_Store
is_in_path: no name list.
is_mangled SETUPAPI.DLL ?
is_mangled_component SETUPAPI.DLL (len 12) ?
New file SETUPAPI.DLL
is_in_path: SETUPAPI.DLL
is_in_path: no name list.
call_trans2qfilepathinfo: SMB_VFS_STAT of SETUPAPI.DLL failed
(No such file or directory)
set_bad_path_error: err = 2 bad_path = 0
error string = No such file or directory
error packet at smbd/trans2.c(2219) cmd=50 (SMBtrans2)
NT_STATUS_OBJECT_NAME_NOT_FOUND
size=35
--- end log ---

- Forwarded message from myself -
Date: Mon, 12 Jul 2004 09:55:51 +0200
From: Erlend Aasland [EMAIL PROTECTED]
Subject: Strange language problems with roaming profiles
To: [EMAIL PROTECTED]

Hello,

I've just upgraded from Samba-2.2.8a to Samba 3.0.4. After tuning some
charset variables in smb.conf and downloading convmv I finally solved
some profile problems. All seem to work well now; I can log on to the
domain and the logon-script execute correctly. But one strange problem
remains: The keyboard layout is set to english (instead of norwegian)
when roaming profiles is used. It seems that some other language
settings are affected as well, since MS Office wants to install some extra
language settings when I start it. It seems like the registry might be
affected. Local login (e.g. Administrator login) works perfect: No
language problems - all programs behave normal.

I've googled without much luck, so I really hope that some of you might
point me in the right direction or give me some clues!

The Samba server is configured as a PDC.

Erlend Aasland
- End forwarded message -
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Profile Problem with ldap backend

2004-07-13 Thread ds_shadof


The Samba 3.0.5rc1 server is configured as a PDC.

[global]
#   client code page = 866
# NetBIOS name of that comp
netbios name = TOLTEC
#Name of Domain
workgroup = liin
#Comment
server string = Samba PDC %v
#Interface where samba works
interfaces = 10.0.0.4/24 127.0.0.1/24
bind interfaces only = yes
hosts allow = 10.0.0.
name resolve order = hosts bcast
#DOMAIN CONFIG
encrypt passwords = Yes
domain master = Yes
local master = Yes
prefered master = Yes
security = user
domain logons = yes
# ONLY FOR 2K/XP!
client ntlmv2 auth = Yes  
# NO WIN9X IN OUR DOMAIN!
client lanman auth = no
client plaintext auth = no
#TEst this
disable netbios = no
#OS level!!!
os level = 65 
#ALL about Loggin ^)
log level = 10
log file = /var/log/samba/%m.log
max log size = 2000

#WINBIND CONFIG
winbind separator = +
winbind use default domain = Yes
winbind uid =1-2
winbind gid =1-2
#If i comment it then
#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(560)
#  winbindd: idmap uid range missing or invalid
#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(561)
#  winbindd: cannot continue, exiting.
#  Could not init idmap -- netlogon proxy only
# strange thing on 3.0.4 i don't need to write it
winbind enum users = yes
winbind enum groups = yes
password server= localhost

logon path = \\%L\profiles\%u
logon script = logon.bat

logon drive = H:
#   logon home = \\%L\%u\.win_profile\%m 
# NO 9X HERE!!!

time server = yes

#LDAP STARTS HERE
passdb backend = ldapsam:ldap://localhost
ldap admin dn = cn=Manager,dc=liin,dc=org
ldap server = localhost
ldap port = 389
ldap suffix = dc=liin,dc=org
ldap machine suffix = ou=people
ldap user suffix = ou=people
ldap group suffix = ou=groups
#   ldap filter = ((uid%=%U)(ObjectClass=sambaSamAccount))
#LDAP continue
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap//localhost
idmap uid = 1 - 2
idmap gid = 1 - 2
#what is it?
map acl inherit = yes
#   printing = cups
#   printer admin = Administrator

#IDEALx SCRIPT's Rulezz
add user script = /usr/sbin/smbldap-useradd -a -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u

#   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#   load printers = No

#   dns proxy = No
guest account = nobody

[netlogon]
path = /usr/local/netlogon
writable = no 
browsable = no
[profiles]
path = /home/nt-prof
browsable = no
writable = yes
create mask = 0600
directory mask = 0700
guest ok = yes
profile acl = no
[homes]
read only = no
browsable = no
guest ok = no
map archive = yes

When i try to logon WinXP(pro) says:
Windows cannot find the server profile and is logging you on with a temporart 
profile.
 or somenthing like that. I have russian copy of winxp.
Next hi says:
Windows cannot find the local profile and is logging you on with a temporart profile.
(it because i removed c:\Documents and Settings\Default User)
And now the strange thing begin:
It logons and download default profile from samba netlogon share(!!!)
I waste a week about this problem
i try tdb backend and all works fine when i back to ldap backend things go wrong

OS RH8
OPENLDAP 2.2.14
Samba tested 3.0.4-3.0.5rc1

Problem n2:
Problem With Winbind(or not?)

[2004/07/14 01:59:55, 3] sam/idmap.c:idmap_init(131)
  idmap_init: using 'ldap' as remote backend
[2004/07/14 01:59:55, 5] lib/smbldap.c:smbldap_search(931)
  smbldap_search: base = [ou=Idmap,dc=liin,dc=org], filter = 
[(objectclass=sambaUnixIdPool)], scope = [2]
[2004/07/14 01:59:55, 10] lib/smbldap.c:smbldap_open_connection(543)
  smbldap_open_connection: ldap//localhost
[2004/07/14 01:59:55, 0] lib/smbldap.c:smbldap_open_connection(546)
  ldap_initialize: Time limit exceeded
[2004/07/14 01:59:55, 1] lib/smbldap.c:smbldap_retry_open(908)
  Connection to LDAP Server failed for the 1 try!
[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1646)
  fcntl_lock 7 13 0 1 1
[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1681)
  fcntl_lock: Lock call successful

I use idealx smbldap-populate to fill ldap directory

-- 
To unsubscribe from this list go to the following URL

Re: [Samba] Samba 3.0.4 ACL problem

Hi again,
I have just see, that the problem is not link with the modification of 
the file. In fact this problem appear when Windows change ACL 
attribute, and i have found an other strange thing :

A user jokic create a new text file. On the server i have :
-rwxrwx---+   1 root informatique   62 2004-07-13 14:13 Nouveau 
Texte seulement.txt
This file as no ACL, but first strange thing is own by root !!!

On a second time, user jokic modify the attribute of the file and add 
a new user delestre to read this one. Now i have :
-r--rwx---+   1 root informatique   62 2004-07-13 14:13 Nouveau 
Texte seulement.txt

# file: Nouveau\040Texte\040seulement.txt
# owner: root
# group: informatique
user::r--
user:delestre:r-x
group::---
mask::rwx
other::---
So the modification of the ACL attributes, add the new user with the 
correct right, but remove the write attribute to the primary user, and 
remove write and read to the primary group of the file !!!

Please help me !
Hi,
I have done a migration from Samba 2 to 3.0.4; and i have a very big 
problem with ACL.

I have a file own by a user drif and group informatique with ACL 
attributes and unix attributes rwxrwx--- :
-rwxrwx---+   1 drif informatique68096 2004-07-13 11:01 fiche 
de migration.xls

When an other user which is in informatique group modify this file, 
the new file is own by this user, but unix attribute for the user is 
set to read-only :
-r--rwx---+   1 jokic informatique68096 2004-07-13 11:01 fiche 
de migration.xls

This problem appear only with files that have ACL attribute.
In my smb.conf i have set for shares create mask = 0770 and force 
create mode = 0770, and with samba 2 it was working !!

Please help me with this very big problem, .. after modification users 
can only read there files !!
Thanks a lot for your help.

Regards,
--
Christophe Suire   [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.4 ACL problem

2004-07-13 Thread Umberto Zanatta

You should set profile acls = no from smb.conf

Here you are a tipical share:

[FOO]
profile acls = no
path = /opt/foo
write list = @, @bbb, @Administrators
create mask = 660
directory mask = 770
comment = Foo share
valid users = @aaa, @bbb, @Administrators
inherit acls = yes
map acl inherit = yes

You have to launch winbind if the PDC is another SAMBA o WINDOWS server
and do
the rights configurations on /etc/nsswitch.conf.

smb.conf
  winbind trusted domains only = yes
   idmap uid = 1-2
   idmap gid = 1-2
   winbind enum users = yes
   winbind enum groups = yes

Il mar, 2004-07-13 alle 14:22, Christophe SUIRE ha scritto:

 Hi again,
 
 I have just see, that the problem is not link with the modification of 
 the file. In fact this problem appear when Windows change ACL 
 attribute, and i have found an other strange thing :
 
 A user jokic create a new text file. On the server i have :
 -rwxrwx---+   1 root informatique   62 2004-07-13 14:13 Nouveau 
 Texte seulement.txt
 This file as no ACL, but first strange thing is own by root !!!
 
 On a second time, user jokic modify the attribute of the file and add 
 a new user delestre to read this one. Now i have :
 -r--rwx---+   1 root informatique   62 2004-07-13 14:13 Nouveau 
 Texte seulement.txt
 
 # file: Nouveau\040Texte\040seulement.txt
 # owner: root
 # group: informatique
 user::r--
 user:delestre:r-x
 group::---
 mask::rwx
 other::---
 
 So the modification of the ACL attributes, add the new user with the 
 correct right, but remove the write attribute to the primary user, and 
 remove write and read to the primary group of the file !!!
 
 Please help me !
 
  Hi,
 
  I have done a migration from Samba 2 to 3.0.4; and i have a very big 
  problem with ACL.
 
  I have a file own by a user drif and group informatique with ACL 
  attributes and unix attributes rwxrwx--- :
  -rwxrwx---+   1 drif informatique68096 2004-07-13 11:01 fiche 
  de migration.xls
 
  When an other user which is in informatique group modify this file, 
  the new file is own by this user, but unix attribute for the user is 
  set to read-only :
  -r--rwx---+   1 jokic informatique68096 2004-07-13 11:01 fiche 
  de migration.xls
 
  This problem appear only with files that have ACL attribute.
  In my smb.conf i have set for shares create mask = 0770 and force 
  create mode = 0770, and with samba 2 it was working !!
 
  Please help me with this very big problem, .. after modification users 
  can only read there files !!
  Thanks a lot for your help.
 
  Regards,
 
  -- 
  Christophe Suire   [EMAIL PROTECTED]
 
  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  http://lists.samba.org/mailman/listinfo/samba
 

___
Umberto Zanatta
linuxDidattica

tel: +39 (335) 54 71 385
email: [EMAIL PROTECTED]
web: http://linuxdidattica.org
___
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Port 445 Port 139 banned

2004-07-13 Thread Paul Gienger



Wang.Hua wrote:

   Because of security reasons, my school has blocked tcp port 445 and 139. 
This make it impossible to for my window xp desktop to the remote samba service on 
Linux. 
Although the samba sercie on Linux and change its port by a -p option. But windows 
always
look for 445 and 139 port.
   I've tried a lot of ways to work it out including local port redirection but 
 none of them works.
   Is there a way for window xp to use a different port for smb service lookup.
   Any help is apprieciated.
  

I'm assuming you're talking about within a college level campus here.
You could always try to plug in a consumer router box to the school
network and then put your machines behind it, it'd just be easier, and
less of a hack to your systems. That would probably keep you away from
both the rampant hax0r wannabes on most college campuses (at least
around here) and an overly ambitious IT department that likes to think
they own every student machine like they're on a corporate network.

-- 
Paul Gienger Office:701-281-1884
Applied Engineering Inc. Cell:  701-306-6254
Information Systems Consultant   Fax:   701-281-1322
URL: www.ae-solutions.commailto:[EMAIL PROTECTED]


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.4 ACL problem

The file server is the same as the PDC : linux / samba 3.0.4
So why i need to use winbind ?
I need to use roming profile so i need to have profile acls = yes ? no ?
Thanks a lot.
--
Christophe Suire   [EMAIL PROTECTED]
Le 13 juil. 04, à 14:39, Umberto Zanatta a écrit :
 You should set profile acls = no from smb.conf
 Here you are a tipical share:
 [FOO]
     profile acls = no
     path = /opt/foo
     write list = @, @bbb, @Administrators
     create mask = 660
     directory mask = 770
     comment = Foo share
     valid users = @aaa, @bbb, @Administrators
     inherit acls = yes
     map acl inherit = yes
 You have to launch winbind if the PDC is another SAMBA o WINDOWS 
server and do
 the rights configurations on /etc/nsswitch.conf.

 smb.conf
   winbind trusted domains only = yes
    idmap uid = 1-2
    idmap gid = 1-2
    winbind enum users = yes
    winbind enum groups = yes
 Il mar, 2004-07-13 alle 14:22, Christophe SUIRE ha scritto:
Hi again,
I have just see, that the problem is not link with the modification of
the file. In fact this problem appear when Windows change ACL
attribute, and i have found an other strange thing :
A user jokic create a new text file. On the server i have :
-rwxrwx---+   1 root informatique   62 2004-07-13 14:13 Nouveau
Texte seulement.txt
This file as no ACL, but first strange thing is own by root !!!
On a second time, user jokic modify the attribute of the file and add
a new user delestre to read this one. Now i have :
-r--rwx---+   1 root informatique   62 2004-07-13 14:13 Nouveau
Texte seulement.txt
# file: Nouveau\040Texte\040seulement.txt
# owner: root
# group: informatique
user::r--
user:delestre:r-x
group::---
mask::rwx
other::---
So the modification of the ACL attributes, add the new user with the
correct right, but remove the write attribute to the primary user, and
remove write and read to the primary group of the file !!!
Please help me !
 Hi,

 I have done a migration from Samba 2 to 3.0.4; and i have a very big
 problem with ACL.

 I have a file own by a user drif and group informatique with ACL
 attributes and unix attributes rwxrwx--- :
 -rwxrwx---+   1 drif informatique68096 2004-07-13 11:01 fiche
 de migration.xls

 When an other user which is in informatique group modify this file,
 the new file is own by this user, but unix attribute for the user is
 set to read-only :
 -r--rwx---+   1 jokic informatique68096 2004-07-13 11:01 
fiche
 de migration.xls

 This problem appear only with files that have ACL attribute.
 In my smb.conf i have set for shares create mask = 0770 and force
 create mode = 0770, and with samba 2 it was working !!

 Please help me with this very big problem, .. after modification 
users
 can only read there files !!
 Thanks a lot for your help.

 Regards,

 --
 Christophe Suire   [EMAIL PROTECTED]

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
 

 ___
Umberto Zanatta
linuxDidattica
tel: +39 (335) 54 71 385
email: [EMAIL PROTECTED]
web: http://linuxdidattica.org
___

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Profile Problem with ldap backend

2004-07-13 Thread Paul Gienger

[EMAIL PROTECTED] wrote:
The Samba 3.0.5rc1 server is configured as a PDC.
 

snip
#WINBIND CONFIG
   winbind separator = +
   winbind use default domain = Yes
   winbind uid =1-2
   winbind gid =1-2
#If i comment it then
#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(560)
#  winbindd: idmap uid range missing or invalid
#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(561)
#  winbindd: cannot continue, exiting.
#  Could not init idmap -- netlogon proxy only
# strange thing on 3.0.4 i don't need to write it
   winbind enum users = yes
   winbind enum groups = yes
 

Firstoff, is there someplace that people get confused about the use of 
winbind/idmap?  It is strictly for use ONLY with a windows AD server as 
your primary directory... well I guess maybe it would be used if you 
wanted to do some kind of wierd authentication against a different samba 
server, but why?!?!

Anyways, start by removing all your idmap entries and that will clear up 
some log entries.

   password server= localhost
 

This one too.  This is for authenticating against some other server, 
like if you were simply a member of a domain using domain security.

snip
#LDAP STARTS HERE
   passdb backend = ldapsam:ldap://localhost
   ldap admin dn = cn=Manager,dc=liin,dc=org
   ldap server = localhost
   ldap port = 389
   ldap suffix = dc=liin,dc=org
   ldap machine suffix = ou=people
   ldap user suffix = ou=people
   ldap group suffix = ou=groups
#   ldap filter = ((uid%=%U)(ObjectClass=sambaSamAccount))
#LDAP continue
   ldap idmap suffix = ou=Idmap
   idmap backend = ldap:ldap//localhost
   idmap uid = 1 - 2
   idmap gid = 1 - 2
 

The 4 lines above should go too.
snip the rest of smb.conf
When i try to logon WinXP(pro) says:
Windows cannot find the server profile and is logging you on with a temporart profile.
or somenthing like that. I have russian copy of winxp.
Next hi says:
Windows cannot find the local profile and is logging you on with a temporart profile.
(it because i removed c:\Documents and Settings\Default User)
 

Problem n2:
Problem With Winbind(or not?)
[2004/07/14 01:59:55, 3] sam/idmap.c:idmap_init(131)
 idmap_init: using 'ldap' as remote backend
[2004/07/14 01:59:55, 5] lib/smbldap.c:smbldap_search(931)
 smbldap_search: base = [ou=Idmap,dc=liin,dc=org], filter = [(objectclass=sambaUnixIdPool)], scope = [2]
[2004/07/14 01:59:55, 10] lib/smbldap.c:smbldap_open_connection(543)
 smbldap_open_connection: ldap//localhost
[2004/07/14 01:59:55, 0] lib/smbldap.c:smbldap_open_connection(546)
 ldap_initialize: Time limit exceeded
[2004/07/14 01:59:55, 1] lib/smbldap.c:smbldap_retry_open(908)
 Connection to LDAP Server failed for the 1 try!
 

Looks like you're failing to connect to your local server.  You've got 
some confusion because of the multiple specifications here.  Notice that 
this failure is complaining about being able to connect to 
ldap//localhost (see the missing colon?) You need to roto-till your 
smb.conf then try again.  Get the idmap stuff out and see if your errors 
are more specific.

Assuming you do all that and still have issues: Have you verified that 
your ldap setup is correct?  That is: does your system authenticate fine 
against ldap or are you just trying to store samba in ldap?  If you're 
just setting up one linux server then ldap is overkill for both system 
auth and samba, in that case stick to tdb.

[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1646)
 fcntl_lock 7 13 0 1 1
[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1681)
 fcntl_lock: Lock call successful
I use idealx smbldap-populate to fill ldap directory
 

--
Paul Gienger Office:701-281-1884
Applied Engineering Inc. Cell:  701-306-6254
Information Systems Consultant   Fax:   701-281-1322
URL: www.ae-solutions.commailto:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.4 ACL problem

Ok it works !!
Thanks a lot !
Permissions are set correctly but i steel have a strange thing ..
User which are Domains admins like root, when they create a new file, 
it's own by root.

--
Christophe Suire   [EMAIL PROTECTED]
Le 13 juil. 04, à 14:56, Umberto Zanatta a écrit :
 Il mar, 2004-07-13 alle 14:46, Christophe SUIRE ha scritto:
The file server is the same as the PDC : linux / samba 3.0.4
So why i need to use winbind ?
 You don't.
I need to use roming profile so i need to have profile acls = yes ? no 
?

 Actually, you're working in domain mode; I had same problem, and now 
the permissions are
 working.


Thanks a lot.
___
Umberto Zanatta
linuxDidattica
tel: +39 (335) 54 71 385
email: [EMAIL PROTECTED]
web: http://linuxdidattica.org
___

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Enabling account lockouts

2004-07-13 Thread Dunn, Drew A.

The release notes indicate support for bad password lockout policy starting
with version 3.0.3 but I can't figure out how to enable it.  I didn't see
anything in the docs about turning it on.  I also tried looking through all
the options by using swat in advanced mode.  How do I enable bad password
lockout policy?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winnt Scopy

2004-07-13 Thread Ruben Moretti

Hallo Gurus!
Sorry my English.
I've got some strange problems with Samba-3.0.4.
Wenn I try to copy Files from NT (with Scopy.exe) to one Mointmount on 
Samba, that provide error Invalid Destination X:\

I tested with fstype = ntfs or so but no way :(
I see with Explorer the Mount Drive.

Thanks for one Tip.

Greetings
Ruben Moretti



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.4 ACL problem

2004-07-13 Thread Umberto Zanatta

Did you have installed samba + ldap?

It isn't strange; 'cos samba maps groups and users from Windows to Unix.

when yuo map group Domain Admins - root or Administrators -
root, it will map to uid = 0 and gid = 0; because user is unix
administrator himself!

You should try samba + ldap and do a difference uid from users
Administrator and root (uid), so
you'll haven't problem anymore.


some people (me too, sic!) built administrator (into ldap) with uid=0
and gid=512 (ldap) and
root with uid=0 and gid =0 (into passwd).
The administrator should have SID: S--500 (root isn't a windows
user), but if uid=0, It will be root and no administrator!
Samba's working fine, but you need to use the groups Administrators or
Domain Admins
to modify acl.


Don't worry about; because you should do 'setfacl' and modify the
default mode, groups and
users will have right access, even if root create the file.

Il mar, 2004-07-13 alle 15:22, Christophe SUIRE ha scritto:

 Ok it works !!
 Thanks a lot !
 Permissions are set correctly but i steel have a strange thing ..
 User which are Domains admins like root, when they create a new file, 
 it's own by root.

___
Umberto Zanatta
linuxDidattica

tel: +39 (335) 54 71 385
email: [EMAIL PROTECTED]
web: http://linuxdidattica.org
___
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] (no subject)

2004-07-13 Thread Alex de Vaal

Hello,
I had the same problem as you and it took me a while to figure it out 
exactly.
Ive now a RHL9 server running with Samba 3.0.4 as a domain member of a W2k3 
realm.
Actually I updated Kerberos to version 1.3.1-7 on my RHL9 server to achieve 
this; otherwise samba cant verify the incoming ticket.

You are right; if you install the Kerberos 1.3.1 rpms with --force 
--nodeps, it will break the dependencies, but this is the only way to do it. 
After the update of the krb5 packages the libcom_err.so.3 dependency of 
other packages (example: httpd-2.0.40-21) is broken.

A TEMPORARY workaround is to change to the /lib directory and make the 
following symbolic link: ln -fs libcom_err.so.2.0 libcom_err.so.3 (This 
restores the libcom_err.so.3 dependency of other packages after the krb5 
update.) Now you can see if Samba 3.0.4 is working properly in a W2k3 realm.

What you should do afterwards is to recompile all the packages (on the 
machine with the Kerberos 1.3.1 rpms installed) that had a dependency with 
the old Kerberos packages and install those new recompiled packages. Now all 
the packages (that had a dependency with the old Kerberos packages) have a 
new dependency to Kerberos 1.3.1. After that you can remove the symbolic 
link with libcom_err.so.3.

This cost me several headaches too ;-)
Regards,
Alex.
_
Play online games with your friends with MSN Messenger 
http://messenger.msn.nl/

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winnt Scopy

2004-07-13 Thread Guenther Deschner

Hi,

On Tue, Jul 13, 2004 at 03:32:08PM +0200, Ruben Moretti wrote:
 Hallo Gurus!
 Sorry my English.
 I've got some strange problems with Samba-3.0.4.
 Wenn I try to copy Files from NT (with Scopy.exe) to one Mointmount on 
 Samba, that provide error Invalid Destination X:\
 
 I tested with fstype = ntfs or so but no way :(
 I see with Explorer the Mount Drive.

This is fixed in 3.0.5rc1.

Bye,
Guenther

-- 
Guenther Deschner, SerNet Service Network GmbH
Phone: +49-(0)551-37-0,  Fax: +49-(0)551-37-9


pgpFK7zQHgsdc.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.4 and kerberos 1.3.1

2004-07-13 Thread Alex de Vaal

Hello,
I had the same problem as you and it took me a while to figure it out
exactly.
Ive now a RHL9 server running with Samba 3.0.4 as a domain member of a W2k3
realm.
Actually I updated Kerberos to version 1.3.1-7 on my RHL9 server to achieve
this; otherwise samba cant verify the incoming ticket.
You are right; if you install the Kerberos 1.3.1 rpms with --force
--nodeps, it will break the dependencies, but this is the only way to do it.
After the update of the krb5 packages the libcom_err.so.3 dependency of
other packages (example: httpd-2.0.40-21) is broken.
A TEMPORARY workaround is to change to the /lib directory and make the
following symbolic link: ln -fs libcom_err.so.2.0 libcom_err.so.3 (This
restores the libcom_err.so.3 dependency of other packages after the krb5
update.) Now you can see if Samba 3.0.4 is working properly in a W2k3 realm.
What you should do afterwards is to recompile all the packages (on the
machine with the Kerberos 1.3.1 rpms installed) that had a dependency with
the old Kerberos packages and install those new recompiled packages. Now all
the packages (that had a dependency with the old Kerberos packages) have a
new dependency to Kerberos 1.3.1. After that you can remove the symbolic
link with libcom_err.so.3.
This cost me several headaches too ;-)
Regards,
Alex.
_
Talk with your online friends with MSN Messenger http://messenger.msn.nl/
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Permissions problem...I must be overlooking something...

2004-07-13 Thread David Brodbeck

I have a share I can't seem to create files on, and I can't figure out why.
I get Access denied from Windows, and the samba log shows this:

[2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293)
  open_directory: failing create on read-only share
[2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293)
  open_directory: failing create on read-only share

The share has the following definition:

[webfiles]
path = /var/www
force group = INTERCLEAN+Domain Admins
valid users = @INTERCLEAN+Domain Admins
writable = yes
read only = no

Here are the permissions on /var/www:

# file: www
# owner: root
# group: INTERCLEAN+Domain Admins
user::rwx
group::rwx
other::r-x

I'm in the Domain Admins group.  Why doesn't this work?  I'm sure there's
something silly I'm overlooking, but I can't see what it is right now.

---

David Brodbeck, System Administrator
InterClean Equipment, Inc.
3939 Bestech Drive Suite B
Ypsilanti, MI 48197
(734) 975-2967 x221
(734) 975-1646 (fax)
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Join domain as BDC: could not get CRED

2004-07-13 Thread ksun

Greetings,
I am following Tournier's Howto to configure Samb 3.x as domain 
controller. I use
net rpc getsid -S pdc-name -W domain name
to obtain the domain SID and configure smbldap-tools and created 
the backend database. (The SID is also saved on secrets.db on local 
machine)
I joint this server to the domain successfully using,
net rpc join -Uadministrator%password
The srvmgr.exe can see it joined the domain as a BDC.
But when I try to synchronize the domain controllers using
net rpc vampire -Uadministratorpassword
It faied with Can not get CRED or something like it.
Waht did I do wrong?
Please reply to my E-mail account at [EMAIL PROTECTED]
-- Kang

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.5pre1 - 3.0.5rc1 breaks winbindd group lookup with spaces

2004-07-13 Thread Matthew Moffitt

When upgrading our test system from 3.0.5pre1 to 3.0.5rc1 with identical 
configurations we found that one share using a group name with an 
embedded space was no longer accessible after the upgrade.

Here's an example of the logged error message:
[2004/07/13 10:50:07, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
  group 'Domain in domain TESTDOM does not exist
That's coming from a service specified thusly in smb.conf:
[sdisk$]
path = /disk1/sdisk
writable = yes
admin users = @'Domain Users'
It appears that the group name is being broken apart at the embedded 
space in 3.0.5rc1 but when we revert to 3.0.5pre1 things work nicely again.

-Matt
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Permissions problem...I must be overlooking something...

2004-07-13 Thread Mark Lidstone

Hi David,

First of all I'll suggest the obvious (probably not your problem here,
but it's worth a shot).

You've probably only put them in because of the problem you're having,
but writeable/writable and read only are actually the same setting
but reversed.  E.g. writeable/writable = yes is the same as read only
= no.  Therefore you only need to put one or the other.  If you stick
to only using one it can make your smb.conf easier to read.  This won't
be causing the problem, it's just a bit of config file snobbery  ;)

Anyway, onto my suggestion.  Have you restarted samba since you made the
share writeable?

Also, if you're forcing group INTERCLEAN+Domain Admins and setting
valid users to the same, won't everyone be able to write to the share
as a domain admin?  Seems a bit like a security risk to me, but then I'm
sure you've a good reason why you've done this.

I hope this helps,

Mark Lidstone
IT and Network Support Administrator

BMT SeaTech Ltd
Grove House, Meridians Cross, 7 Ocean Way
Ocean Village, Southampton.  SO14 3TJ. UK
Tel: +44 (0)23 8063 5122 
Fax: +44 (0)23 8063 5144

E-Mail:  mailto:[EMAIL PROTECTED]
Website: www.bmtseatech.co.uk

==
Confidentiality Notice and Disclaimer: 
The contents of this e-mail and any attachments are intended only for
the
use of the e-mail addressee(s) shown. If you are not that person, or one
of those persons, you are not allowed to take any action based upon it
or
to copy it, forward, distribute or disclose the contents of it and you
should please delete it from your system. BMT SeaTech Limited does not
accept liability for any errors or omissions in the context of this
e-mail
or its attachments which arise as a result of Internet transmission, nor
accept liability for statements which are those of the author and not
clearly made on behalf of BMT SeaTech Limited.

==
  

-Original Message-
From: David Brodbeck [mailto:[EMAIL PROTECTED] 
Sent: 13 July 2004 15:56
To: '[EMAIL PROTECTED]'
Subject: [Samba] Permissions problem...I must be overlooking
*something*...


I have a share I can't seem to create files on, and I can't figure out
why. I get Access denied from Windows, and the samba log shows this:

[2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293)
  open_directory: failing create on read-only share
[2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293)
  open_directory: failing create on read-only share

The share has the following definition:

[webfiles]
path = /var/www
force group = INTERCLEAN+Domain Admins
valid users = @INTERCLEAN+Domain Admins
writable = yes
read only = no

Here are the permissions on /var/www:

# file: www
# owner: root
# group: INTERCLEAN+Domain Admins
user::rwx
group::rwx
other::r-x

I'm in the Domain Admins group.  Why doesn't this work?  I'm sure
there's something silly I'm overlooking, but I can't see what it is
right now.

---

David Brodbeck, System Administrator
InterClean Equipment, Inc.
3939 Bestech Drive Suite B
Ypsilanti, MI 48197
(734) 975-2967 x221
(734) 975-1646 (fax)
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

FW: [Samba] Re: Access Denied touching shared CUPS printer

2004-07-13 Thread chris

After much trying I have finally got this to work and I'm slightly
embarassed to admit that the old RTFM tripped me up. In the Samba 3
HOWTO - the official one, rather than the draft I was originally using -
it states quite clearly that to get point 'n' print to work use client
driver needs to be set to no in the [global] section of smb.conf, and
the samba daemons restarted so that the APW will work. However you will
need to change this back to yes on completion and restart the daemons
again. During this process you may get Access Denied errors. 

I'm not sure if the rpcclient method works but it was pleasing to get
point 'n' print to work as smoothly as it should. Apart from this
difficulty, raw printing via Cups is very reliable, the only problem we
seem to have is with a Tally printer's internal print server which is
flaky under both NT and Samba.

Regards,
 
Chris
 
Christopher Moss
Murray McIntosh O'Brien
Wellesley House
204 London Road
Waterlooville
PO7 7AN
 
023 9223 1006

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Michael Lueck
Sent: 09 July 2004 18:43
To: [EMAIL PROTECTED]
Subject: [Samba] Re: Access Denied touching shared CUPS printer

Most Ugly! In Google'ing around it seems this Access Denied is a known
issue with Win2K/XP clients, CUPS printers, etc...

So, use printerui.dll to force install the printer driver and assign to
a local LPT1 port. Add a port registry key, and the update the port in
two spots under the printer instance. Finally stop/start 
the spooler task. Scrptable yet ugly.

Most Ugly! Ah, Samba team... does this topic need some pizza applied to
it? Please advise.

What's the bug anyway? Something to do with CUPS? It seems there are not
lots of people bumping into this, thus makes me think other printing
methods are not affected. I was quite pleased with HOW 
EASY this setup was going along, until slamming into the Access Denied
issue. RAW spooling looked way cool, Samba enum'ing the CUPS queues,
etc...

-- 
Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

---
Disclaimer

Privileged or confidential information may be contained in this message. 
If you are not the addressee of this message please notify the sender
 by return and delete it, and you may not use, copy, disclose or rely
 on the information contained in it. Internet e-mail may be susceptible 
to data corruption, interception and unauthorised amendment for which 
Murray McIntosh O'Brien does not accept liability. Likewise whilst we 
have taken reasonable precautions to ensure that this e-mail and any 
attachments have been swept for viruses, Murray McIntosh O'Brien 
does not accept liability for any losses caused as a result of viruses. 
Statements in this message that do not relate to the business of Murray 
McIntosh O'Brien are neither given nor endorsed by it or the Directors 
of Murray McIntosh O'Brien. A list of the Directors of Murray McIntosh 
O'Brien is available for inspection at our offices.

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Permissions problem...I must be overlooking somethin g...

2004-07-13 Thread David Brodbeck

 -Original Message-
 From: Mark Lidstone [mailto:[EMAIL PROTECTED]

 You've probably only put them in because of the problem you're having,
 but writeable/writable and read only are actually the same setting
 but reversed.  E.g. writeable/writable = yes is the same as 
 read only
 = no.  Therefore you only need to put one or the other.

Yes, I know.  I originally only had writable = yes, but I added the other
out of frustration with Samba insisting the share is read-only.

 Anyway, onto my suggestion.  Have you restarted samba since 
 you made the
 share writeable?

Yes, I sent the HUP signal to the daemon to tell it to re-load its
configuration file.

 Also, if you're forcing group INTERCLEAN+Domain Admins and setting
 valid users to the same, won't everyone be able to write to 
 the share
 as a domain admin?

Would they?  I figured only Domain Admins would be allowed to access the
share at all, then the force group would take effect after that.  I took
the force group line out, but it made no difference, I still can't create
any files.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: FW: Re: Access Denied touching shared CUPS printer

Are you refering to the printed book John Terpstra put out?
OK, so I allow it to download the driver, then I don't get the error?
And for what support exactly do I need to change it back to to = yes? Flipping this on the server from this to that to break one thing and fix another seems more than a bit annoying... especially when 
I like to work myself out of manual administrative tasks! ;-)

--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Error loading LDAP functions, even though they are compiled in

2004-07-13 Thread Kyle Miller

Hi,

I'm trying to use LDAP as my passdb backend, but having no luck,
seemingly because the LDAP code doesn't load, even though I have
compiled in LDAP support. I am getting the following error:

[2004/07/13 07:58:29, 2] passdb/pdb_interface.c:make_pdb_methods_name(654)
  No builtin backend found, trying to load plugin
[2004/07/13 07:58:29, 3] lib/module.c:do_smb_load_module(46)
  Error loading module '/usr/lib/samba/pdb/ldap.so':
/usr/lib/samba/pdb/ldap.so: cannot open shared object file: No such
file or directory
[2004/07/13 07:58:29, 0] passdb/pdb_interface.c:make_pdb_methods_name(664)
  No builtin nor plugin backend for ldap found
[2004/07/13 07:58:29, 1] passdb/pdb_interface.c:make_pdb_context_list(765)
  Loading ldap:ldaps://ldap3 failed!

It seems to say that builtin support isn't found, even though I
compiled it in. I was originally using the Fedora RPM, but have also
tried compiling myself using --with-ldap. In either case, smbd reports
that it is built in. A snippet from smbd -b:

Builtin modules:
pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_guest rpc_lsa rpc_reg
rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_samr
idmap_ldap idmap_tdb auth_rhosts auth_sam auth_unix auth_winbind
auth_server auth_domain auth_builtin


I think that pdb_ldap is what should be giving me this support, but
to no avail so far. The RPM version I'm using was 3.0.3, and I
compiled myself using 3.0.4.

Does anyone have any ideas? I'm having no luck. Any help would be
greatly appreciated.

Thanks,

Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Permission error on /etc/samba/private/secrets.tdb

On Tue, Jul 13, 2004 at 11:16:23AM +0200, Heinrich Rebehn wrote:
 Hi list,
 
 I have a strange permission problem with secrets.tdb on an nfs mounted 
 filesystem.
 A strace of smbd shows the following lines:
 
 
 open(/etc/samba/private/secrets.tdb, O_RDWR|O_CREAT|O_LARGEFILE, 0600) 
 = 4 
 
 fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=0, len=1}, 
 0xb010) = -1 EACCES (Permission denied) 
 
 
 
 /etc/samba/private/secrets.tdb is a link to 
 /var/etc/samba/private/secrets.tdb which in turn is a link to 
 /cluster/bremerhaven/secrets.tdb, which is on an nfs mounted filesystem.
 
 This setup is because the root fs is readonly and /var is volatile (tmpfs).
 
 root has full access on /cluster and it also does not help if i set 
 secrets.tdb's permissions to 0666.
 
 Are there known issues with the fcntl64 call? Would upgrading to kernel 
 2.6.x help?

Try not to put tdb files on an nfs mount. Some servers (Solaris as I
remember) have issues with doing fcntl locks on an mmapped file. By
issues I mean it doesn't work :-).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with 3.0.5 rc1

2004-07-13 Thread olly

Hi All,

I have been having problems with the known issue on 3.0.4 with NTBackup and
a DFS related issue. Therefore I decided to give 3.0.5rc1 a go, as SuSE have
released the rpms on their website. Once I installed the rpms, I found that
all daemons started correctly, but all domain authentication failed (I am
running a samba server as a member server against a Windows 2000 mixed mode
domain). 'getent group' did return a correct list of all the groups, so
there was at least some level of connectivity (nscd was stopped). I tried to
rejoin the domain, but now joining the domain failed. When I reverted back
to 3.0.4, I joined the domain with no troubles, but back to my old problem
with NTbackup.

[global]
workgroup = FOO
server string = Samba Server
security = DOMAIN
map to guest = Bad User
obey pam restrictions = Yes
restrict anonymous = 2
log level = 8
time server = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
os level = 2
local master = No
domain master = No
ldap ssl = no
host msdfs = Yes
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/bash
winbind use default domain = No
admin users = '@Foo\Domain mailto:'@Foo\Domain Admins'
veto files = /*.eml/*.nws/riched20.dll/*.{*}/

The bits of the log which seem relevant are below, but I can send a whole
log if necessary:


[2004/07/13 12:37:41, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212)
rpc_auth_pipe: pkt_type: 2 len: 80 auth_len: 32 NTLMSSP No schannel Yes
sign Y
es seal No
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_debug(82)
00 smb_io_rpc_hdr_auth auth_hdr
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint8(577)
 auth_type : 44
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint8(577)
0001 auth_level : 05
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint8(577)
0002 padding : 00
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint8(577)
0003 reserved : 00
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0004 auth_context : 0001
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_debug(82)
08 smb_io_rpc_auth_netsec_chk schannel_auth_sign
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
0008 sig : 77 00 ff ff ff ff 00 00
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
0010 seq_num: 76 e0 83 6f 0c f0 2a 4d
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
0018 packet_digest: 1c 0f 31 ef 79 43 0d 03
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
0020 confounder: 00 00 00 00 00 00 00 00
[2004/07/13 12:37:41, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525)
rpc_api_pipe: fragment first and last both set
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_debug(82)
18 lsa_io_r_enum_trust_dom
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0018 enum_context : 
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint32(635)
001c num_domains : 
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0020 ptr_enum_domains: 
[2004/07/13 12:37:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
linux:/home/susie # vi /var/log/samba/log.winbindd
[2004/07/13 12:18:57, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2004/07/13 12:18:57, 6] lib/util_sock.c:write_socket(449)
write_socket(22,45)
[2004/07/13 12:18:57, 6] lib/util_sock.c:write_socket(452)
write_socket(22,45) wrote 45
[2004/07/13 12:18:57, 5] lib/util.c:show_msg(443)
[2004/07/13 12:18:57, 5] lib/util.c:show_msg(453)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=18433
smb_pid=2395
smb_uid=28673
smb_mid=8
smt_wct=0
smb_bcc=0
[2004/07/13 12:18:57, 3] nsswitch/winbindd_cm.c:cm_open_connection(367)
schannel refused - continuing without schannel (NT_STATUS_ACCESS_DENIED)

Thanks in advance

Olly





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.5pre1 - 3.0.5rc1 breaks winbindd group lookup with spaces

On Tue, Jul 13, 2004 at 11:26:45AM -0400, Matthew Moffitt wrote:
 When upgrading our test system from 3.0.5pre1 to 3.0.5rc1 with identical 
 configurations we found that one share using a group name with an 
 embedded space was no longer accessible after the upgrade.
 
 Here's an example of the logged error message:
 
 [2004/07/13 10:50:07, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
   group 'Domain in domain TESTDOM does not exist
 
 That's coming from a service specified thusly in smb.conf:
 
 [sdisk$]
 path = /disk1/sdisk
 writable = yes
 admin users = @'Domain Users'
 
 It appears that the group name is being broken apart at the embedded 
 space in 3.0.5rc1 but when we revert to 3.0.5pre1 things work nicely again.

Quick fix - change the ' characters to  characters. I know what this
change was. I'll take a look at what needs to change for 3.0.5 final.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with 3.0.5 rc1

On Tue, Jul 13, 2004 at 05:09:00PM +0100, olly wrote:
 Hi All,
 
 I have been having problems with the known issue on 3.0.4 with NTBackup and
 a DFS related issue. Therefore I decided to give 3.0.5rc1 a go, as SuSE have
 released the rpms on their website. Once I installed the rpms, I found that
 all daemons started correctly, but all domain authentication failed (I am
 running a samba server as a member server against a Windows 2000 mixed mode
 domain). 'getent group' did return a correct list of all the groups, so
 there was at least some level of connectivity (nscd was stopped). I tried to
 rejoin the domain, but now joining the domain failed. When I reverted back
 to 3.0.4, I joined the domain with no troubles, but back to my old problem
 with NTbackup.
 
 [global]
 workgroup = FOO
 server string = Samba Server
 security = DOMAIN
 map to guest = Bad User
 obey pam restrictions = Yes
 restrict anonymous = 2
 log level = 8
 time server = Yes
 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
 os level = 2
 local master = No
 domain master = No
 ldap ssl = no
 host msdfs = Yes
 idmap uid = 1-2
 idmap gid = 1-2
 template shell = /bin/bash
 winbind use default domain = No
 admin users = '@Foo\Domain mailto:'@Foo\Domain Admins'
 veto files = /*.eml/*.nws/riched20.dll/*.{*}/
 
 The bits of the log which seem relevant are below, but I can send a whole
 log if necessary:

Quick test - try changing ' character separators to  in
the smb.conf.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Migrating from a WinNT 4 PDC to Samba 3 PDC Troubles

2004-07-13 Thread Nathaniel Grier

Craig,

Following your response as well as your response to Eric, I've tried
changing a few things in my config as well as the order of the steps.
Unfortunately I'm still having problems. Clearing my .tdbs (w/o Samba
running) I've done:
* net rpc setsid -S MABSERVE1 -W MAB -UAdministrator%secret (and the SID
shows up in secrets.tdb).
* net rpc join -S MABSERVE1 -W MAB -UAdministrator%secret (and the machine
successfully adds to the domain; looking at secrets.tdb we have a number of
things including the domain SID and the Machine trust account hash)
*If I then run net rpc vampire -S MABSERVE1 -UAdministrator%secret -d 4 I
get the following (clipped following the parsing of the smb.conf) output:

[2004/07/13 11:56:30, 4] param/loadparm.c:lp_load(3917)
  pm_process() returned Yes
[2004/07/13 11:56:30, 2] lib/interface.c:add_interface(79)
  added interface ip=192.168.1.251 bcast=192.168.1.255 nmask=255.255.255.0
[2004/07/13 11:56:30, 3] libsmb/namequery.c:resolve_lmhosts(857)
  resolve_lmhosts: Attempting lmhosts lookup for name MABSERVE10x20
[2004/07/13 11:56:30, 4] libsmb/namequery.c:startlmhosts(547)
  startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
[2004/07/13 11:56:30, 3] libsmb/namequery.c:resolve_wins(755)
  resolve_wins: Attempting wins lookup for name MABSERVE10x20
[2004/07/13 11:56:30, 3] libsmb/namequery.c:resolve_wins(758)
  resolve_wins: WINS server resolution selected and no WINS servers listed.
[2004/07/13 11:56:30, 3] libsmb/namequery.c:resolve_hosts(902)
  resolve_hosts: Attempting host lookup for name MABSERVE10x20
[2004/07/13 11:56:31, 3] libsmb/namequery.c:name_resolve_bcast(697)
  name_resolve_bcast: Attempting broadcast lookup for name MABSERVE10x20
[2004/07/13 11:56:31, 4] libsmb/nmblib.c:debug_nmb_packet(109)
  nmb packet from 192.168.1.253(137) header: id=30028 opcode=Query(0)
response=Yes
  header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
  header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
  answers: nmb_name=MABSERVE120 rr_type=32 rr_class=1 ttl=30
  answers   0 char `.   hex 6000C0A801FD
[2004/07/13 11:56:31, 2] libsmb/namequery.c:name_query(491)
  Got a positive name query response from 192.168.1.253 ( 192.168.1.253 )
[2004/07/13 11:56:31, 3] libsmb/cliconnect.c:cli_start_connection(1373)
  Connecting to host=MABSERVE1
[2004/07/13 11:56:31, 3] lib/util_sock.c:open_socket_out(735)
  Connecting to 192.168.1.253 at port 445
[2004/07/13 11:56:31, 2] lib/util_sock.c:open_socket_out(772)
  error connecting to 192.168.1.253:445 (Connection refused)
[2004/07/13 11:56:31, 3] lib/util_sock.c:open_socket_out(735)
  Connecting to 192.168.1.253 at port 139
[2004/07/13 11:56:31, 4] lib/time.c:get_serverzone(122)
  Serverzone is 14400
Cannot import users from MAB at this time, as the current domain:
MABSERVE3: S-1-5-21-763135753-2099275703-424145120
conflicts with the remote domain
MAB: S-1-5-21-1430529950-745024717-1233803906
Perhaps you need to set: 

security=user
workgroup=MAB

 in your smb.conf?
[2004/07/13 11:56:31, 1] utils/net_rpc.c:run_rpc_command(141)
  rpc command function failed! (NT_STATUS_UNSUCCESSFUL)
[2004/07/13 11:56:31, 2] utils/net.c:main(792)
  return code = 1

* If I run net setlocalsid S-1-5-21-1430529950-745024717-1233803906 and then
* net rpc vampire -S MABSERVE1 -UAdministrator%secret -d 4 I get the
following output (again starting after processing of smb.conf; also I've x'd
out the challenge/response strings)
[2004/07/13 11:58:41, 4] param/loadparm.c:lp_load(3917)
  pm_process() returned Yes
[2004/07/13 11:58:41, 2] lib/interface.c:add_interface(79)
  added interface ip=192.168.1.251 bcast=192.168.1.255 nmask=255.255.255.0
[2004/07/13 11:58:41, 3] libsmb/cliconnect.c:cli_start_connection(1373)
  Connecting to host=MABSERVE1
[2004/07/13 11:58:41, 3] lib/util_sock.c:open_socket_out(735)
  Connecting to 192.168.1.253 at port 445
[2004/07/13 11:58:41, 2] lib/util_sock.c:open_socket_out(772)
  error connecting to 192.168.1.253:445 (Connection refused)
[2004/07/13 11:58:41, 3] lib/util_sock.c:open_socket_out(735)
  Connecting to 192.168.1.253 at port 139
[2004/07/13 11:58:41, 4] lib/time.c:get_serverzone(122)
  Serverzone is 14400
[2004/07/13 11:58:41, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(260)
  Using cleartext machine password
[2004/07/13 11:58:41, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45)
  cli_net_req_chal: LSA Request Challenge from MABSERVE3 to MABSERVE1:

[2004/07/13 11:58:41, 4] libsmb/credentials.c:cred_session_key(59)
  cred_session_key
[2004/07/13 11:58:41, 4] libsmb/credentials.c:cred_create(90)
  cred_create
[2004/07/13 11:58:41, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102)
  cli_net_auth2: srv:\\MABSERVE1 acct:MABSERVE3$ sc:2 mc: MABSERVE3 chal
 neg: 
[2004/07/13 11:58:41, 4] libsmb/credentials.c:cred_create(90)
  cred_create
[2004/07/13 11:58:41, 4]

Re: [Samba] 3.0.5pre1 - 3.0.5rc1 breaks winbindd group lookup with spaces

2004-07-13 Thread Matthew Moffitt

Perfect.  I guess updating the man page would suffice if the code 
changes are complex.

Switching to double quotes is working for me, thanks,
-Matt
Jeremy Allison wrote:
On Tue, Jul 13, 2004 at 11:26:45AM -0400, Matthew Moffitt wrote:
When upgrading our test system from 3.0.5pre1 to 3.0.5rc1 with identical 
configurations we found that one share using a group name with an 
embedded space was no longer accessible after the upgrade.

Here's an example of the logged error message:
[2004/07/13 10:50:07, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
 group 'Domain in domain TESTDOM does not exist
That's coming from a service specified thusly in smb.conf:
[sdisk$]
path = /disk1/sdisk
writable = yes
admin users = @'Domain Users'
It appears that the group name is being broken apart at the embedded 
space in 3.0.5rc1 but when we revert to 3.0.5pre1 things work nicely again.

Quick fix - change the ' characters to  characters. I know what this
change was. I'll take a look at what needs to change for 3.0.5 final.
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind?

2004-07-13 Thread Derek Harkness

I've been fighting with winbind for several months now have yet to get 
it to work according to the documentation.

I've got a Samba 3.0.4 PDC, named PDC, running on a Debian linux box, 
and I'm trying to add a second linux box, FCSPRTSRV.  I can successful 
join the domain using net rpc join -U dharknes and at the point I can 
access the samba server resources, I can do a ntlm_auth --username 
dharknes and that works, and wbinfo -t succeeds.  But if I try to use 
winbind in pam or nss then it fails.  wbinfo -u or -g both fail and 
wbinfo -m lists BUILTIN and FCSPRTSRV but not the UMD domain.  If I do 
a winbind -i then I get the following out put.

Added domain UMD  S-0-0
Added domain BUILTIN  S-1-5-32
Added domain FCSPRTSRV  S-1-5-21-3155517584-1503604126-1704732448
I'm just guessing but shouldn't the first line list the sid for the 
domain?

Here is the PDC config.
[global]
workgroup = UMD
netbios name = PDC
password server = *
nt status support = yes
lanman auth = no
wide links = no
time server = Yes
server signing = auto
load printers = No
add machine script = /usr/sbin/dadduser %m$
domain logons = Yes
os level = 36
security = user
local master = Yes
preferred master = Yes
domain master = Yes
wins server = x1d.its.umd.umich.edu
idmap uid = 10-20
idmap gid = 10-20
winbind trusted domains only = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
Here is the domain member server config.
[global]
   workgroup = UMD
   wins server =  x1d.its.umd.umich.edu
   name resolve order = host wins
   encrypt passwords = yes
   security = DOMAIN
   password server = PDC
   invalid users = root
   printing = cups
   printcap name = cups
   socket options = TCP_NODELAY
   idmap uid = 10-20
   idmap gid = 10-20
   winbind enum users = yes
   winbind enum groups = yes
   winbind separator = +
   winbind cache time = 15
   winbind use default domain = yes
   template shell = /bin/bash
It is easier to fix Unix than to live with NT.


PGP.sig
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP and Domain

2004-07-13 Thread Daniel Guerrero

Hi to all,
I'm configuring a samba server to act as Windows Domain Server through 
ldap,
I've created the users for the domain, and seems to work fine when I'm 
not trying
to log against the domain, (I tried with smbclient and mac os x).

The problem is when I'm trying to add a windows machine to the domain, 
it ask me
the login/password, I give one of administrator (smbportia), but 
reading the ldap debug
(slapd -d 255) I think it's not matching the administrator group type 
or somehing, my data:

dn: uid=smbportia,ou=People,dc=deimos,dc=danguer,dc=com
uid: smbportia
cn: smbportia
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: sambaSamAccount
userPassword:: e2NyeXB0fSQxJDhuQlozZVhRJENxR0VCdG1uZXdxbms3U2hjWTFMMS4=
shadowLastChange: 12612
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1002
homeDirectory: /home/smbportia
gecos: ,,,
structuralObjectClass: account
entryUUID: bddf3fa4-6938-1028-91b2-88a002fe7a63
creatorsName: cn=admin,dc=deimos,dc=danguer,dc=com
createTimestamp: 20040713165216Z
sambaSID: S-1-0-0-3004
displayName: ,,,
sambaPwdCanChange: 1089737666
sambaPwdMustChange: 2147483647
sambaLMPassword: 837FF6FF6B2CD9BBAAD3B435B51404EE
sambaNTPassword: BF375DCCA5C6EC78C4E0DE1C2728DEEB
sambaPwdLastSet: 1089737666
sambaDomainName: DANGUERTONIA
gidNumber: 1002
sambaPrimaryGroupSID: S-1-5-21-0-512
sambaAcctFlags: [UX ]
entryCSN: 2004071317:29:49Z#0x0001#0#
modifiersName: cn=admin,dc=deimos,dc=danguer,dc=com
modifyTimestamp: 20040713172949Z
dn: cn=smbadmins,ou=Group,dc=deimos,dc=danguer,dc=com
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
cn: smbadmins
userPassword:: e2NyeXB0fXg=
structuralObjectClass: posixGroup
entryUUID: d7a87806-6938-1028-91b3-88a002fe7a63
creatorsName: cn=admin,dc=deimos,dc=danguer,dc=com
createTimestamp: 20040713165300Z
description: Local Unix group
gidNumber: 1002
displayName: Domain Admins
sambaSID: S-1-5-21-0-512
sambaGroupType: 2
memberUid: S-1-0-0
entryCSN: 2004071317:44:51Z#0x0001#0#
modifiersName: cn=admin,dc=deimos,dc=danguer,dc=com
modifyTimestamp: 20040713174451Z

I added the memberUID trying to get the domain:

dn: sambaDomainName=DANGUERTONIA,dc=deimos,dc=danguer,dc=com
objectClass: sambaDomain
sambaDomainName: DANGUERTONIA
sambaSID: S-1-0-0
structuralObjectClass: sambaDomain
entryUUID: e2832e72-68ef-1028-9b3e-b3f540fb5850
creatorsName: cn=admin,dc=deimos,dc=danguer,dc=com
createTimestamp: 20040713081045Z
entryCSN: 2004071308:10:45Z#0x0001#0#
modifiersName: cn=admin,dc=deimos,dc=danguer,dc=com
modifyTimestamp: 20040713081045Z
any suggestions? (I'm using samba 3.0a in a Debian testing box)
Thanks in advance
+-+-+-+-+-+-+-+-+-+-+-+-+-+
No te pido que hagas una búsqueda en Google por mi.
Eso ya lo hice!!!
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Antwort: Re: [Samba] 3.0.4: smbd's + nscd's = 100% CPU; load 4

2004-07-13 Thread Dragan . Krnic

 Bingo! It is exactly the same case.
 Two user names were spelled out slightly wrong
 in the /etc/group. As a consequence,
 under certain circumstances the smbd process
 keeps trying to resolve the name and doesn't
 take no from nscd for an answer.
 Each smbd process is looping around
 these 5 system calls:
 1) create a socket,
 2) connect to nscd's socket,
 3) write the mis-spelled name,
 4) read negative answer
 5) close socket:

socket(PF_UNIX,SOCK_STREAM,0)=26
connect(26,{sa_family=AF_UNIX,path=/var/run/.nscd_socket},110)=0
writev(26,[{\2\0...\0\22\0...,12},{GeorgeDubbyaBusch\0,18}],2)=30
read(26,\2\0\0\...\0\377\377\377\377\377\377...,36)=36
close(26)=0

 and the nscds spin like this

poll({fd=3,events=POLLRDNORM,revents=POLLRDNORM}],1,-1)=1
accept(3,,NULL)=9
read(9,\2\0\0\0\0\0\0\0\22\0\0\0,12)=12
read(9,GeorgeDubbyaBusch\0,18)=18
write(9,\2\0\...\0\377\377\377\377\377\377...,36=36
close(9)=0

 Since both mis-spelled names are among the
 earliest user names in 2 most frequently used
 groups (one is users), it's hard to tell
 why the smbd processes spin out of control so
 infrequently. Jeremy will know more about that.

 Ok, looking at the code in 3.0 there is no loop around the
 lookup for a bad user name. The code in question is here:

 for (gr = grp-gr_mem; (*gr != NULL)  ((*gr)[0] != '\0'); gr += 1)
{
   struct passwd *pw = getpwnam(*gr);

   if (pw == NULL)
 continue;
   add_uid_to_array_unique(pw-pw_uid, uids, num);
 }

 Note that if pw == NULL then the name should be skipped and
 the next entry examined. This code is not looping on bad lookups
 within smbd.

 Is it possible to attach to the smbd in question with gdb and
 walk through this code with a bad username in the group entry
 list and see if the getpwnam call ever returns NULL or just
 loops inside glibc ?

I checked my /etc/group for irregular entries and repaired
all of them. Since then the problem didn't occur any more.
Even so it wasn't very frequent.

I still have a bunch of strace logs of smbd and of nscd.
Cann I upload it somewhere for you if you can use it?

Or do you suggest to replant the erroneous entries and
wait for the loop ?

Cheers

-

Diese E-Mail könnte vertrauliche und/oder rechtlich geschützte
Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die
unbefugte Weitergabe dieser Mail sind nicht gestattet.

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

--


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba-3.0.4 - PANIC: Could not generate a machine SID

2004-07-13 Thread Mike Box

Searching the archives for a solution to this problem revealed no solution.

Recently I built Samba-3.0.4 from downloaded source on a computer running
Solaris 8.  I wish to have this computer join a Windows NT 4.0 domain (as
only a member.)  I have another computer currently running Samba-2.0.7 as
a member in this domain. (The goal is to have Samba-3.0.4 replace
Samba-2.0.7.)  After a successful build, I copied the Samba-2.0.7 smb.conf
to Samba-3.0.4 and changed the necessary identification statements. (testparm
runs clean.)  If needed, I will post smb.conf.

Key smb.conf statements:
security = domain
encrypt passwords = yes
password server = xyzzy

Samba is started via (complete path not shown):
.../nmbd -D
.../smbd -D

# ls -ald /usr/local/samba/private
drwxr-xr-x   2 root other   4096 Jul 12 17:23 /usr/local/samba/private
# ls -l /usr/local/samba/private/secrets.tdb
-rw---   1 root root8192 Jul 13 13:32 
/usr/local/samba/private/secrets.tdb

smbd repeatedly fails producing the following messages in the log:
[2004/07/13 12:50:24, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/SOURCES/samba-3.0.4/private/secrets.tdb): tdb_lock failed on list 30 
ltype=1 (Resource temporarily unavailable)
[2004/07/13 12:50:24, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/SOURCES/samba-3.0.4/private/secrets.tdb): tdb_lock failed on list 30 
ltype=2 (Resource temporarily unavailable)
[2004/07/13 12:50:24, 0] passdb/machine_sid.c:pdb_generate_sam_sid(176)
  pdb_generate_sam_sid: Failed to store generated machine SID.
[2004/07/13 12:50:24, 0] lib/util.c:smb_panic2(1398)
  PANIC: Could not generate a machine SID
  
[2004/07/13 12:50:24, 0] lib/fault.c:fault_report(36)
  ===
[2004/07/13 12:50:24, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 6 in pid 24581 (3.0.4)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/07/13 12:50:24, 0] lib/fault.c:fault_report(39)
  ===
[2004/07/13 12:50:24, 0] lib/util.c:smb_panic2(1398)
  PANIC: internal error
  

Thanks, in advance, for any help that you may offer.

Mike Box

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Permission error on /etc/samba/private/secrets.tdb

2004-07-13 Thread Heinrich Rebehn

Jeremy Allison wrote:
On Tue, Jul 13, 2004 at 11:16:23AM +0200, Heinrich Rebehn wrote:
Hi list,
I have a strange permission problem with secrets.tdb on an nfs mounted 
filesystem.
A strace of smbd shows the following lines:


open(/etc/samba/private/secrets.tdb, O_RDWR|O_CREAT|O_LARGEFILE, 0600) 
= 4 

fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=0, len=1}, 
0xb010) = -1 EACCES (Permission denied) 


/etc/samba/private/secrets.tdb is a link to 
/var/etc/samba/private/secrets.tdb which in turn is a link to 
/cluster/bremerhaven/secrets.tdb, which is on an nfs mounted filesystem.

This setup is because the root fs is readonly and /var is volatile (tmpfs).
root has full access on /cluster and it also does not help if i set 
secrets.tdb's permissions to 0666.

Are there known issues with the fcntl64 call? Would upgrading to kernel 
2.6.x help?

Try not to put tdb files on an nfs mount. Some servers (Solaris as I
remember) have issues with doing fcntl locks on an mmapped file. By
issues I mean it doesn't work :-).
Jeremy.
Thanks for your reply.
Unfortunately i do not have any other option on a diskless machine. I 
could copy it to tmpfs at boot time, but that would require copying it 
back on shutdown.
The good news, however, is that it works with kernel 2.6.7, so maybe 
it's not a server's problem but a linux problem (or both).
Yet smbd still complains that it can't set permission 0600 on 
secrets.tdb which still does not make sense.
Anyhow, samba does work now.

--Heinrich
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Authnication from NT

2004-07-13 Thread prasad vaisreddy critical path

Hi Samba Guru's...

  I have a problem connecting from a windows NT workstation to Samba server. It is 
working fine for Windows XP and Windows 2000. Samba not logging any information about 
that Windows NT m/c. Here i am giving the smb.conf file. Please try to help me to work 
it for Win NT also.

Here is my Configuration file.

Thanks in advance for any help.
# Global Parameters

[global]

netbios name = avengr03

workgroup = avengr03

map to guest = Bad User

passwd program = /usr/bin/passwd %u

passwd chat = *New*password* %n\n *Retype*new*password %n\n 
*passwd:*all*authentication*tokens*updated*sucessfully*

# Debug Logging Information


Log Level = 2

max log size = 1000

# log file = /var/log/samba/samba.log.%m

socket options = TCP_NODELAY IPTOS_LOWDELAY

wins support = yes

# Networking configuration Options

Hosts Allow = *.*.*.*

[Proj1]

comment = Proj1 directory

path = /engr/proj1

read only = No

valid users = @tec,pvasireddy,pbuenros,dan,dsteffen,scollins

[Proj2]

comment = Proj2 directory

path = /engr/proj2

read only = No

valid users = @tec,pvasireddy,pbuenros,dan,dsteffen,scollins
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] posixAccount for Machines in LDAP?

2004-07-13 Thread kent

Hello,
I have a question about machine accounts.
I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on
RedHat machines.
I also have 3 slave/BDC's and 1 master/PDC

Right now all of my users and groups exist entirely in the LDAP directory.
I have a few accounts in addition to the normal system accounts that are
used for emergency access. All authention and group enumeration uses
PAM_LDAP with NSS_LDAP.

My question is that when I have a machine join the domain, in the LDAP
directory an objectclass Account and sambaSAMAccount are created. I still
need to create a machine account in /etc/passwd for this to happen. Is
there anyone out there that is first creating a posixAccount with
appropriate attributes in LDAP then using the Samba/Windows to generate
the sambaSAMAccount object and attributes in LDAP also?

I was so happy to get all of the user/group stuff consolidated into the
directory. Now I see that this is a possibility also but I haven't tried
it.

Kent N
Wareham Public Schools

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] posixAccount for Machines in LDAP?

2004-07-13 Thread Paul Gienger

[EMAIL PROTECTED] wrote:
Hello,
I have a question about machine accounts.
I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on
RedHat machines.
I also have 3 slave/BDC's and 1 master/PDC
Right now all of my users and groups exist entirely in the LDAP directory.
I have a few accounts in addition to the normal system accounts that are
used for emergency access. All authention and group enumeration uses
PAM_LDAP with NSS_LDAP.
My question is that when I have a machine join the domain, in the LDAP
directory an objectclass Account and sambaSAMAccount are created. I still
need to create a machine account in /etc/passwd for this to happen. Is
there anyone out there that is first creating a posixAccount with
appropriate attributes in LDAP then using the Samba/Windows to generate
the sambaSAMAccount object and attributes in LDAP also?
 

You shouldn't need anything in /etc/passwd.  Perhaps by posting an 
smb.conf you could be pointed in the right direction.

I was so happy to get all of the user/group stuff consolidated into the
directory. Now I see that this is a possibility also but I haven't tried
it.
Kent N
Wareham Public Schools
 

--
Paul Gienger Office:701-281-1884
Applied Engineering Inc. Cell:  701-306-6254
Information Systems Consultant   Fax:   701-281-1322
URL: www.ae-solutions.commailto:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Antwort: Re: [Samba] 3.0.4: smbd's + nscd's = 100% CPU; load 4

On Tue, Jul 13, 2004 at 07:52:30PM +0200, [EMAIL PROTECTED] wrote:
 
 I checked my /etc/group for irregular entries and repaired
 all of them. Since then the problem didn't occur any more.
 Even so it wasn't very frequent.
 
 I still have a bunch of strace logs of smbd and of nscd.
 Cann I upload it somewhere for you if you can use it?
 
 Or do you suggest to replant the erroneous entries and
 wait for the loop ?

Actually if you could add one erroneous entry and catch it
in gdb in the act of looping that would be very helpful. I'm
still trying to determine if the bug is in glibc or smbd.

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Odd Access Denied which does not get logged even at log level 100

I'm still working on this Access Denied with CUPS, etc... I have a little command line utility written which uses the AddPrinterA function of WinSpool.drv to add a printer instance for a driver which 
has already been installed on the system.

If I add the port to the UNC of the printer and restart the spooler task I no longer 
get the Access Denied error.
However, trying to have AddPrinterA do the entire job returns an Access Denied, I was thinking from SMB. But I have cranked up the server logging to 100 and do not catch a think when I run the 
utility, nadda!

Simply adding the ports and restarting the spooler before AddPrinterA is a lot better 
than the extent I have had to code to... AddPrinterA to LPT1: and then hack the 
settings of each printer... yuck!
Am I appraoching time for a sniffer to debug this one, or should I set additional 
logging somehow?
Also, when I add the port and successfully then use AddPrinterA, I do not get anything 
in the log for porinting a printer at the network printer. So, error or successful, 
nothing logged at log level 100.
--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Migration: Failed to setup BDC creds

2004-07-13 Thread ksun

Greetings
I configured a BDC with Samba 3.0.3. When I try to synchronize it 
with a PDC using 
net rpc vampire -Uadministrator%password
I got Failed to setup BDC creds.
With deugger on the got the following information:

[2004/07/13 16:19:11, 4] param/loadparm.c:lp_load(3918)  pm_process() 
returned Yes
[2004/07/13 16:19:11, 2] lib/interface.c:add_interface(79)  added 
interface ip=10.50.30.32 bcast=10.50.255.255 nmask=255.255.0.0
[2004/07/13 16:19:11, 3] libsmb/cliconnect.c:cli_start_connection(1369) 
Connecting to host=127.0.0.1
[2004/07/13 16:19:11, 3] lib/util_sock.c:open_socket_out(733) Connecting 
to 127.0.0.1 at port 445
[2004/07/13 16:19:11, 4] lib/time.c:get_serverzone(122) Serverzone is 
14400
[2004/07/13 16:19:11, 4] 
passdb/secrets.c:secrets_fetch_trust_account_password(261) Using cleartext 
machine password
[2004/07/13 16:19:11, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) 
cli_net_req_chal: LSA Request Challenge from PDC to 127.0.0.1: 
2AAEDE6146FC2E56
[2004/07/13 16:19:11, 4] libsmb/credentials.c:cred_session_key(59) 
cred_session_key
[2004/07/13 16:19:11, 4] libsmb/credentials.c:cred_create(90)  cred_create
[2004/07/13 16:19:11, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102) 
cli_net_auth2: srv:\\127.0.0.1 acct:PDC$ sc:6 mc: PDC chal 
E5403E5FCF950D4F neg: 400701ff
[2004/07/13 16:19:11, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(283) 
cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
Failed to setup BDC creds
[2004/07/13 16:19:11, 1] utils/net_rpc.c:run_rpc_command(141) rpc command 
function failed! (NT_STATUS_ACCESS_DENIED)
[2004/07/13 16:19:11, 2] utils/net.c:main(792) return code = 1

What went wrong?

Thanks!

-- Kang Sun

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Fwd: Re: [Samba] posixAccount for Machines in LDAP?]

2004-07-13 Thread kent

 Original Message 
Subject: Re: [Samba] posixAccount for Machines in LDAP?
From:[EMAIL PROTECTED]
Date:Tue, July 13, 2004 4:54 pm
To:  Paul Gienger [EMAIL PROTECTED]
--

Thanks for getting back to me, Paul.
Here's the domain controllers smb.conf


[global]
workgroup = WarehamPS
encrypt passwords = Yes
time server = Yes
socket options = TCP_NODELAY
security = user
logon script = whs1.bat
writable = Yes
dns proxy = no
directory mask = 02770
preferred master = yes
netbios name = WHS1
server string = RedHat 8.0 LDAP Server
passdb backend = ldapsam
ldap passwd sync = Yes
machine password timeout = 604800
passwd program = /usr/local/samba/bin/smbpasswd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba.%m
debug level = 2
max log size = 50
add user script = /usr/local/sbin/smbldap-useradd.pl %u
delete user script = /usr/local/sbin/smbldap-useradd.pl %u add
group script = /usr/local/sbin/smbldap-groupadd.pl
delete group script = /usr/local/sbin/smbldap-groupdel.pl
add machine script = /usr/sbin/useradd -c Computer -d /dev/null
-s /bin/false -g 502 -M %u; /usr/local/samba/bin/smbpasswd -a -m
%u
logon script = whs1.bat
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 64
domain master = Yes
dns proxy = Yes
admin users = @domain_admins
wins support = Yes
name resolve order = wins hosts bcast
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no

[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
path = %H
hide files = /.*/

[netlogon]
comment = Netlogon share
root preexec = /usr/local/samba/sbin/prelogon.pl %U
path = /usr/local/samba/netlogon
locking = no
browseable = no
read only = yes
hide files = /*.dll/*.rap/*.kix/*.bat/

[staff]
comment = Staff Directory
path = /accounts/common
browseable = no
create mode = 0660
valid users = @whsstaff
write list = @whsstaff
force group = whsstaff

[programs]
comment = Programs
path = /accounts/programs
valid users = @whsstaff
browseable = no

[adm-pgms$]
comment = Admin Programs
path = /accounts/adm_pgms
browseable = no
valid users = @techstaff
write list = @techstaff
force group = techstaff
create mode = 0660

[images$]
comment = Ghost image files
path = /accounts/images
browseable = no
force group = techstaff
create mode = 0660
valid users = @techstaff
write list = @techstaff

[cafeteria]
path = /accounts/cafeteria/data
browseable = no
valid users = @whs-cafe
force group = whs-cafe
create mode = 0660
directory mode = 0770

[printers]
comment = All Printers
path = /var/spool/samba
valid users = @whsstaff, @techstaff
read only = Yes
printable = Yes
browseable = No
[hp8100]
path = /tmp
comment = HP8100 Laser
browseable = yes
writable = no
printable = yes
printer name = hp8100
[tricker]
path = /accounts/whsart/tricker
comment = WHS Art students
browseable = No
valid users = +tricker
write list = +tricker
force group = tricker
create mode = 0660
directory mode = 0770
[gunnels]
path = /accounts/whsart/gunnels
comment = WHS Art students
browseable = No
valid users = +gunnels
write list = +gunnels
force group = gunnels
create mode = 0660
directory mode = 0770
[einstein]
path = /accounts/whsart/einstein
comment = WHS Art students
browseable = No
valid users = +einstein
write list = +einstein
force group = einstein
create mode = 0660

[PCA]
comment = PC Analyzer files
path = /usr/local/samba/PCAnalyser
browseable = no
force group = techstaff
directory mode = 0770
create mode = 0770

Kent
Wareham Public Schools

 [EMAIL PROTECTED] wrote:

Hello,
I have a question about machine accounts.
I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on
RedHat machines.
I also have 3 slave/BDC's and 1 master/PDC

Right now all

[Samba] XP to Samba PDC, permissions. Please give me a hand.

2004-07-13 Thread guus

Hello list readers,
 
After setting up a Samba PDC on Suse Linux prof. 9.1. I succeeded in making
my Windows XP prof. workstation a member of the Samba domain.
When I, after succesfully logging in to the domain from XP, create or copy a
file in my own user directory (guus) permissions on te linux machine are set
right, like here:
 
-rwxrwxr--+ 1 guus users 4 2004-07-13 23:16 /home/guus/test
 
However, when I create or copy a file in the share pub the rights look like
this:
 
-rwx--  1 guus users 4 2004-07-13 23:19 /home/pub/test
 
Although the create mask for the share pub is set to 0775 so the rights
should look like -rwxrwxr-x+.

The directories where these files are in have rights -rwxrwxr-x+ for user
guus en group users.
 
I tried almost everything including reading the official Samba 3 howto
reader and tried various configurations in smb.conf. Both by editing by hand
and by using the swat tool and restart Samba each time, renew login etc.

Unfortunately I couldn't solve this problem. Can anyone give me a hand
please?
 
Here is a listing of my smb.conf:
 
# Samba config file created using SWAT
# from localhost (127.0.0.1)
# Date: 2004/07/13 22:20:22
 
# Global parameters
[global]
 workgroup = THNET
 server string = Samba
 interfaces = eth0, 10.0.0.130/24, lo
 bind interfaces only = Yes
 map to guest = Bad User
 passdb backend = smbpasswd:/etc/samba/smbpasswd
 guest account = guest
 passwd program = /usr/bin/passwd %u
 passwd chat = *password* %n\n *password* %n\n *changed*
 passwd chat debug = Yes
 username map = /etc/samba/smbusers
 unix password sync = Yes
 log level = 1
 log file = /var/log/samba/log.%m
 debug uid = Yes
 name resolve order = dns wins bcast host lmhosts
 socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
 hostname lookups = Yes
 printcap name = /etc/printcap
 add user script = ldapsmb -a -u
 delete user script = ldapsmb -d -u
 add group script = ldapsmb -a -g
 delete group script = ldapsmb -d -g
 add user to group script = ldapsmb -j -u
 delete user from group script = ldapsmb -j -u
 set primary group script = ldapsmb -m -u
 add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
/bin/false %m$
 shutdown script = ldapsmb --shutdown=
 abort shutdown script = ldapsmb --abortshutdown
 logon script = start.bat
 logon path = \\%L\profiles\%u
 logon drive = P:
 domain logons = Yes
 os level = 65
 domain master = Yes
 wins support = Yes
 ldap suffix = dc=domain, dc=com
 ldap ssl = no
 add share command = /var/lib/samba/scripts/modify_samba_config.pl
 delete share command = /var/lib/samba/scripts/modify_samba_config.pl
 socket address = 10.0.0.130
 write list = guus
 printer admin = @ntadmin, root, administrator
 create mask = 0777
 force create mode = 0775
 force security mode = 0770
 directory mask = 0777
 force directory mode = 0775
 force directory security mode = 0770
 hosts allow = 10.0.0.0/24, 127.0.0.1/24
 hosts deny = ALL
 printing = lprng
 print command = lpr -r -P'%p' %s
 lpq command = lpq -P'%p'
 lprm command = lprm -P'%p' %j
 lppause command = lpc hold '%p' %j
 lpresume command = lpc release '%p' %j
 queuepause command = lpc stop '%p'
 queueresume command = lpc start '%p'
 
[profiles]
 path = /var/lib/samba/profiles
 read only = No
 create mask = 0600
 directory mask = 0700
 
[netlogon]
 comment = Network Logon Service
 path = /var/lib/samba/netlogon
 browseable = No
 
[homes]
 comment = Home Directories
 read only = No
 create mask = 0755
 directory mask = 0755
 browseable = No
 
[users]
 comment = All users
 path = /home
 read only = No
 create mask = 0744
 directory mask = 0744
 inherit permissions = Yes
 guest ok = Yes
 veto files = /aquota.user/groups/shares/
 
[pdf]
 comment = PDF creator
 path = /var/tmp
 create mask = 0600
 guest ok = Yes
 printable = Yes
 
[printers]
 comment = All Printers
 path = /var/spool/samba
 guest ok = Yes
 printable = Yes
 browseable = No
 
[print$]
 comment = Printer Drivers
 path = /var/lib/samba/drivers
 write list = @ntadmin, root
 force group = ntadmin
 create mask = 0664
 directory mask = 0775
 printable = Yes
 
[pub]
 comment = pub
 path = /home/pub
 read only = No
 create mask = 0775
 security mask = 0775
 directory mask = 0775
 inherit permissions = Yes
 guest ok = Yes
 
[linux_docs]
 comment = Linux docs
 path = /usr/share/doc/
 
[mfc3820cn]
 path = /var/tmp
 printable = Yes

Thanks you very much in advance.

Guus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Any known issues with using @groupname syntax in smb.conf?

I was trying to get fancy and specify a group name vs a list of users via the @groupname syntax for a valid group in /etc/group and the users in that group no longer had their admin rights in this 
case. I've dropped back to listing all of the admin user ID's for now while I research this.

TIA!
--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] posixAccount for Machines in LDAP?

2004-07-13 Thread kent

Thanks, I'll give this a try tomorrow and let you know how things go. I
really appreciate your help. This is the last major hurdle that I can see.

Kent N

 Changes below:

 [EMAIL PROTECTED] wrote:

Thanks for getting back to me, Paul.
Here's the domain controllers smb.conf


[global]
workgroup = WarehamPS
  encrypt passwords = Yes
  time server = Yes
  socket options = TCP_NODELAY
  security = user
  logon script = whs1.bat
  writable = Yes
  dns proxy = no
  directory mask = 02770
  preferred master = yes
netbios name = WHS1
server string = RedHat 8.0 LDAP Server
passdb backend = ldapsam
ldap passwd sync = Yes
  machine password timeout = 604800
passwd program = /usr/local/samba/bin/smbpasswd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba.%m
debug level = 2
max log size = 50
add user script = /usr/local/sbin/smbldap-useradd.pl %u
delete user script = /usr/local/sbin/smbldap-useradd.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl
delete group script = /usr/local/sbin/smbldap-groupdel.pl
add machine script = /usr/sbin/useradd -c Computer -d /dev/null
-s /bin/false -g 502 -M %u; /usr/local/samba/bin/smbpasswd -a -m
%u


 Change these scripts to be liks so:

 add user script = /usr/sbin/smbldap-useradd -a -m %u
 delete user script = /usr/sbin/smbldap-userdel %u
 add group script = /usr/sbin/smbldap-groupadd %g
 delete group script = /usr/sbin/smbldap-groupdel %g
 add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
 delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
 set primary group script = /usr/sbin/smbldap-usermod -g %g %u
 add machine script = /usr/sbin/smbldap-useradd -w %u

 make sure the paths line up of course.  The quotes are important in case
 you get spaces in the parameters.

logon script = whs1.bat
  logon path =
logon drive = H:
  logon home =
domain logons = Yes
os level = 64
domain master = Yes
dns proxy = Yes
  admin users = @domain_admins
  wins support = Yes
  name resolve order = wins hosts bcast
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers


 Make ldap machine suffix match ldap user suffix.  Known bug.

ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no


 shares defs deleted

 Of course, make sure your smbldap config file matches the above LDAP dn
 information for users, computers.  Check back after trying it out.

 Paul

Kent
Wareham Public Schools



[EMAIL PROTECTED] wrote:



Hello,
I have a question about machine accounts.
I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on
RedHat machines.
I also have 3 slave/BDC's and 1 master/PDC

Right now all of my users and groups exist entirely in the LDAP
directory.
I have a few accounts in addition to the normal system accounts that
 are
used for emergency access. All authention and group enumeration uses
PAM_LDAP with NSS_LDAP.

My question is that when I have a machine join the domain, in the LDAP
directory an objectclass Account and sambaSAMAccount are created. I
 still
need to create a machine account in /etc/passwd for this to happen. Is
there anyone out there that is first creating a posixAccount with
appropriate attributes in LDAP then using the Samba/Windows to generate
the sambaSAMAccount object and attributes in LDAP also?




You shouldn't need anything in /etc/passwd.  Perhaps by posting an
smb.conf you could be pointed in the right direction.



I was so happy to get all of the user/group stuff consolidated into the
directory. Now I see that this is a possibility also but I haven't
 tried
it.

Kent N
Wareham Public Schools





--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell:   701-306-6254
Information Systems Consultant   Fax:701-281-1322
URL: www.ae-solutions.commailto:[EMAIL PROTECTED]










 --
 Paul Gienger Office:  701-281-1884
 Applied Engineering Inc. Cell:701-306-6254
 Information Systems Consultant   Fax: 701-281-1322
 URL: www.ae-solutions.commailto:[EMAIL PROTECTED]





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] from suha

2004-07-13 Thread Jenny Jones

hi ihab,
can you call me at the worthans at (615)665-0124?
suha
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] missing docs on smb.conf

2004-07-13 Thread David Bear

trying to look at smb.conf reference and I get

---
EXPLANATION OF EACH PARAMETER

xi:include/xi:include
--

anyone know where all parameters' info can be found?
-- 
David Bear
phone:  480-965-8257
fax:480-965-9189
College of Public Programs/ASU
Wilson Hall 232
Tempe, AZ 85287-0803
 Beware the IP portfolio, everyone will be suspect of trespassing
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] time server.

2004-07-13 Thread henrique paiva

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alex Satrapa wrote:
| On 13 Jul 2004, at 10:12, henrique paiva wrote:
|
| Can i just add time server = True and logon script = logon.bat lines
| in global conf? or should i add [netlogon] sharing too?
|
|
| You can't have a logon script without a netlogon share. From the manual:
|
| The script must be a relative path to the [netlogon] service. If
| the [netlogon] service specifies a path of /usr/local/samba/net-
| logon,  and  logon script = STARTUP.BAT, then the file that will
| be downloaded is:
|
| /usr/local/samba/netlogon/STARTUP.BAT
|
|
| HTH
| Alex Satrapa
|
I made something that i realy don't know if it's a good idea. I just put
~ a bat file in the startmenu/startup. wich the content is :
net time \\server /set /yes
it's working fine. but, is it a good idea ? or is better use the
[netlogon] way?
- --
~ ___
~|  henrique paiva   |
~|___|
~| email: [EMAIL PROTECTED] |
~|___|
~|  icq: 320094827   |
~|___|
Este email foi assinado pelo Gnupg http://www.gnupg.com e
~ Mozilla Thunderbird Enigmail http://enigmail.mozdev.org
Solicite minha chave pública.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA9GXUeE6sZ+g/aaURAmuSAJsHWf+ql18pEVstZ3E6j9BYMkRGqwCfX+VI
hJDLpdYh4FLYn2gQTC/DynI=
=Gq5E
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] missing docs on smb.conf

2004-07-13 Thread Jelmer Vernooij

Hi David,

I've just fixed this in current SVN. Should be fixed on the web
(http://us1.samba.org/samba/docs/man/smb.conf.5.html) soon.

Cheers,

Jelmer

On Wed, 2004-07-14 at 00:27, David Bear wrote:
 trying to look at smb.conf reference and I get
 
 ---
 EXPLANATION OF EACH PARAMETER
 
 xi:include/xi:include
 --
 
 anyone know where all parameters' info can be found?
 -- 
 David Bear
 phone:480-965-8257
 fax:  480-965-9189
 College of Public Programs/ASU
 Wilson Hall 232
 Tempe, AZ 85287-0803
  Beware the IP portfolio, everyone will be suspect of trespassing

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Antwort: Re: Antwort: Re: [Samba] 3.0.4: smbd's + nscd's = 100% CPU; load 4

2004-07-13 Thread Dragan . Krnic

 I checked my /etc/group for irregular entries and repaired
 all of them. Since then the problem didn't occur any more.
 Even so it wasn't very frequent.

 I still have a bunch of strace logs of smbd and of nscd.
 Cann I upload it somewhere for you if you can use it?

 Or do you suggest to replant the erroneous entries and
 wait for the loop ?

 Actually if you could add one erroneous entry and catch it
 in gdb in the act of looping that would be very helpful. I'm
 still trying to determine if the bug is in glibc or smbd.

Noblesse oblige.

OK. I've never debugged runaway programs.
Does it stay still when I attach it?
Should I compile a debug version for that?
Can you be just a little more specific
as to what I should try to clarify?

You seem to believe, that it is not
looping in samba sources, because you
can't see where it possibly could.

So probably, if the attached process
can be stepped, I should step a full
circle between two socket calls and
see if it ever lands back in samba
code. Is that it?

Cheers

-

Diese E-Mail könnte vertrauliche und/oder rechtlich geschützte
Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die
unbefugte Weitergabe dieser Mail sind nicht gestattet.

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

--


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] time server.

2004-07-13 Thread Alex Satrapa

On 14 Jul 2004, at 08:44, henrique paiva wrote:
I made something that i realy don't know if it's a good idea. I just 
put
~ a bat file in the startmenu/startup. wich the content is :
net time \\server /set /yes

it's working fine. but, is it a good idea ? or is better use the
[netlogon] way?
The advantage of having the logon script in the netlogon share is that 
if you want to make a change to it sometime, you edit it in one place. 
Using the netlogon share makes maintenance much easier.

With the script installed in 5 users' accounts, you'd have at least 5 
places to edit the script.

Just set up the netlogon share, copy the logon.bat to that share, set 
the logon script parameter, and relax :)

Alex
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Strangeness with computer account layout in LDAP Schema?

2004-07-13 Thread Eric J Bennett

Hello All,
I've been trying to migrate an NT 4 domain from a PDC to samba using net 
rpc vampire, ran into various hitches along the way which now appear to 
be mostly sorted, but the created machine accounts do not appear to be 
in the correct format.

Checking ou=Computers under the main tree, no entry under this branch 
has any space for an NT / LM password, here is an ldif dump of the main 
branch and one entry;

dn: ou=Computers,dc=itouchaudev,dc=com
objectClass: organizationalUnit
ou: Computers
dn: uid=LBLIGH$,ou=Computers,dc=itouchaudev,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: LBLIGH$
sn: LBLIGH$
uid: LBLIGH$
uidNumber: 1129
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
I'm not certain if it's just a feature of the client, but also a lot 
of additional blank fields are displayed under the GQ ldap client, (x121 
address, registered address, etc)

Is this schema correct? I used to idealx smbldap tools 0.5 to create it 
with smbldap-populate

Regards
Eric
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP and Domain

2004-07-13 Thread Alex Satrapa

On 14 Jul 2004, at 03:39, Daniel Guerrero wrote:
dn: uid=smbportia,ou=People,dc=deimos,dc=danguer,dc=com
sambaSID: S-1-0-0-3004
That doesn't seem right to me - for the Windows Administrator, the 
sambaSID and sambaPrimaryGroupSID should look something like

sambaSID: S-1-5-21-XX-XX-XX-
sambaPrimaryGroupSID: S-1-5-21-XX-XX-XX-512
Where the XX-XX-XX is the same string of 
numbers from your domain's sambaSID (the domain's sambaSID is stored in 
an object with objectClass=sambaDomain):

  [EMAIL PROTECTED] ldapsearch -h ldapserver -b dc=x,dc=com,dc=au -D \
cn=admin,dc=x,dc=com,dc=au -x -W sambaDomainName=DOMAIN
  dn: sambaDomainName=DOMAIN,o=smb,dc=x,dccom,dc=au
  sambaDomainName: DOMAIN
  sambaAlgorithmicRidBase: 1000
  objectClass: sambaDomain
  sambaSID: S-1-5-21-XX-XX-XX
Hope this helps
Alex
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strangeness with computer account layout in LDAP Schema?

2004-07-13 Thread Andrew Bartlett

On Wed, 2004-07-14 at 09:35, Eric J Bennett wrote:
 Hello All,
 
 I've been trying to migrate an NT 4 domain from a PDC to samba using net 
 rpc vampire, ran into various hitches along the way which now appear to 
 be mostly sorted, but the created machine accounts do not appear to be 
 in the correct format.
 
 Checking ou=Computers under the main tree, no entry under this branch 
 has any space for an NT / LM password, here is an ldif dump of the main 
 branch and one entry;
 
 dn: ou=Computers,dc=itouchaudev,dc=com
 objectClass: organizationalUnit
 ou: Computers
 
 dn: uid=LBLIGH$,ou=Computers,dc=itouchaudev,dc=com
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: posixAccount

So, it looks like your smbldap scripts had a 'machine account suffix'
set, but Samba is trying to add everything under ou=Users.  Check to see
if you have the 'other half' of the account there.

Then re-do the migration, but with the 'ldap suffix' in smb.conf as
'dc=itouchaudev,dc=com'.

Andrew Bartlett


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Trusting Multiple Domains NT4 and a AD Domain

2004-07-13 Thread Chris Fisher

Background: We are migrating from our NT4 domain, to a new Windows2003
Active Directory domain, so our Linux samba server is joined the the NT4
domain where most the users live. But we are now starting to migrate
(Using MS built in Migration tool) users from the NT4 domain to the Active
Directory. Once the users are migrated they are not able to access shares
on samba 3 file server

The samba 3 box is joined to an NT4 domain. Using winbind. That NT4 domain
has a trust with a Active Directory domain. Since the accounts have been
migrated from the NT4 domain to the new Active Directory domain their NT4
domain account and Active Directory account share the same SID.. Could
this be causing my problems? If so, how do I fix this?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Antwort: Re: Antwort: Re: [Samba] 3.0.4: smbd's + nscd's = 100% CPU; load 4

On Wed, Jul 14, 2004 at 12:57:22AM +0200, [EMAIL PROTECTED] wrote:
  I checked my /etc/group for irregular entries and repaired
  all of them. Since then the problem didn't occur any more.
  Even so it wasn't very frequent.
 
  I still have a bunch of strace logs of smbd and of nscd.
  Cann I upload it somewhere for you if you can use it?
 
  Or do you suggest to replant the erroneous entries and
  wait for the loop ?
 
  Actually if you could add one erroneous entry and catch it
  in gdb in the act of looping that would be very helpful. I'm
  still trying to determine if the bug is in glibc or smbd.
 
 Noblesse oblige.
 
 OK. I've never debugged runaway programs.
 Does it stay still when I attach it?
 Should I compile a debug version for that?
 Can you be just a little more specific
 as to what I should try to clarify?
 
 You seem to believe, that it is not
 looping in samba sources, because you
 can't see where it possibly could.
 
 So probably, if the attached process
 can be stepped, I should step a full
 circle between two socket calls and
 see if it ever lands back in samba
 code. Is that it?

Yes, that's the idea. You need to compile with -g
option and then to attach to the process once it's
looping. Then set a breakpoint in the smbd code at
the point I referred to and see if it ever arrives
there. If it does follow it along until it loops again.

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Solution! CUPS Printing / Win2K with Access Denied

Hey Samba team... I'll still buy you pizza!
Anyway, trying to be good security folks, we had tossed in a global setting in smb.conf that root was an invalid user. No Windows client will ever have an account named that which they need to touch
Samba with, and everyone knows it is bad bad bad to logon to your Linux box with root... but anyway, Samba sure seems to have an opinion about doing this... JUST DON'T DO IT! (I defer to the pizza fed
Samba team to explain why, I DON'T KNOW!)

Between the three books I have, and that setting, it now works!
I successfully right clicked the printer without getting an error, finally! I uploaded
the driver! I used printui.dll to command line attach the workstation to the printer!

OK, now ONE question. What methods exist to associate multiple drivers with a single printer for a single OS and thus create multiple printer icons on the client side. Such as a PCL6, PCL5e and PS
driver option for the same printer?

I am guessing that other methods I was trying to touch the printer will now work as
well, so I will be trying them.
As long as there are command line solutions to the suggestion(s) I am more than happy to consider them. Everything must be scriptable... we administrators / engineers have better things to do for job
security than set up printers for users, right?!

--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba performance/stability issue...

2004-07-13 Thread Marcello Melfi

Hi,
 
I have installed Samba 3.0.2a on a Sun Solaris 8 system using a binary
package (which was compiled with no particlar option) downloaded from the
www.sunfreeware.com web site.
 
The Samba server is installed and configured with the Domain security level
and has joined a Windows 2003 AD server (in native mode). I have created a
share and a unix logon. The unix logon is associated to that share and is
the same as the windows logon on the client box (which runs Windows XP).
Anyway, even if it was not, I am using the usermaps.txt file to make sure
that no matter the windows logon used, it will be associated to the already
defined unix logon. I know, this may not be very secure for now, but it is
only for testing purposes.
 
I am performing some benchmarks that will reflect the way I am going to use
Samba. Basically, I am copying/creating, via a simple C++ program running on
the client box, the same 50 K-Bytes file about 10,000 times on the Samba
share. Of course, the file is renamed with a sequence number so that at the
end there are 10,000 newly created files on the share. As you might have
guessed by now, I am not using Samba to simply replace a file server for
windows users. I am using Samba so that a windows application (running in
the background) can export files to another unix applications. NFS could
have been an alternative, but Samba will integrate this export mechanism in
a more transparent fashion.
 
The problem I have right now is that sometime it takes about 350 sec to
perform that test and a lot more times it takes about 700 sec. Each time, I
am performing the same test without anything different. I noticed that when
it performs faster, the smbd % CPU utilization is 5 to 8% and when it is
slower, the smbd % CPU utilization is about 25 to 35%. When using a windows
share on a windows server instead of Samba on an unix server, it
consistently takes about 485 sec.
 
Note 1: The network is not on any particular pre-existing load when
performing the test. The same goes for the CPU.
 
Note 2: Why not using Samba 3.0.4? Simply because there is no binary
available for Solaris 8 and because compiling it is not working for us right
now.
 
Note 3: Why not using the ADS security level? For the same reason as note 2
: the ADS security level requires compilation with Kerberos and OpenLDAP
development libraries.
 
Any idea to help resolve this performance/stability issue?
 
Regards,
 
Marcello
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba performance/stability issue...

On Tue, Jul 13, 2004 at 09:43:02PM -0400, Marcello Melfi wrote:
  
 I am performing some benchmarks that will reflect the way I am going to use
 Samba. Basically, I am copying/creating, via a simple C++ program running on
 the client box, the same 50 K-Bytes file about 10,000 times on the Samba
 share. Of course, the file is renamed with a sequence number so that at the
 end there are 10,000 newly created files on the share. As you might have
 guessed by now, I am not using Samba to simply replace a file server for
 windows users. I am using Samba so that a windows application (running in
 the background) can export files to another unix applications. NFS could
 have been an alternative, but Samba will integrate this export mechanism in
 a more transparent fashion.

Are you creating all these files in the same directory ? If so, that's
your answer for why things are slow. Samba has to provide a case-insensitive
lookup for a case-sensitive filesystem. Every time you try and create a file
that doesn't exist Samba has to do a directory scan to see if the file exists
in a different case. This is slow. Fix your app to create into different
directories and you'll find it gets much faster.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Windows XP - samba 1.1.9 slow file transfer problem

2004-07-13 Thread Greg Adams

I'm experiencing a problem with slow file transfer from a Solaris 2.6
Samba 1.1.9 server to Windows XP clients. This problem does not occur
for Windows 2000 clients. In attempting to troubleshoot the problem,
I've run Ethereal on both clients and noticed a marked difference in
the logs of a transfer of the same file from the server.

The Windows 2000 logs shows AndX SMB requests and responses with
various sizes ranging around 1000-8000 bytes. The number of packets in
the TCP conversation to transfer the file is 42 packets. With Windows
XP the logs show AndX SMB requests and responses around 2 to 4 bytes
long. The number of packets required for that transfer is 571. The
time to transfer is 3 seconds on Windows 2000 and 30 seconds on
Windows XP.

A notable factor is that this SMB file transfer is occuring over a WAN
connection, so the long ACK delay may be the problem factor, but I
don't see how it would become a problem on Windows XP clients, but not
on Windows 2000 clients.

I've already tried changing the socket options parameter in the global
section of the smb.conf file on the server. It previously was set to
TCP_NODELAY, and I tried a setting of IPTOS_THROUGHPUT SO_SNDBUFF=8192
SO_RCVBUFF=8192.

Any suggestions? Would upgrading to Samba 3.x resolve this issue?

Thanks for any input. Greg Adams
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba performance/stability issue...

2004-07-13 Thread Marcello Melfi

Hi Jeremy,

The C++ application was for testing purposes only. However, the real
application we are using is a commercial package for which I do not have any
control. In real life, that application will run on a few windows
workstations and should export about 3000 to 4000 files per workstation. We
were planning to have one directory per worstation within the samba share.
Can't do it otherwise...

Regardless of the above, why is it that sometimes I get very good results
and many other times bad ones? I would expect that this case-insensitive
thing be consistent and therefore always generates bad results. Do you have
an explanation for this behavior!

In any case, is there a way to stop this lookup? For example, always use
uppercase or something like that...

Note: I really appreciate you for taking the time to respond!

Bye,
 
Marcello
 

-Original Message-
From: Jeremy Allison [mailto:[EMAIL PROTECTED]
Sent: July 13, 2004 21:50
To: Marcello Melfi
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Samba performance/stability issue...

On Tue, Jul 13, 2004 at 09:43:02PM -0400, Marcello Melfi wrote:
  
 I am performing some benchmarks that will reflect the way I am going 
 to use Samba. Basically, I am copying/creating, via a simple C++ 
 program running on the client box, the same 50 K-Bytes file about 
 10,000 times on the Samba share. Of course, the file is renamed with a 
 sequence number so that at the end there are 10,000 newly created 
 files on the share. As you might have guessed by now, I am not using 
 Samba to simply replace a file server for windows users. I am using 
 Samba so that a windows application (running in the background) can 
 export files to another unix applications. NFS could have been an 
 alternative, but Samba will integrate this export mechanism in a more
transparent fashion.

Are you creating all these files in the same directory ? If so, that's your
answer for why things are slow. Samba has to provide a case-insensitive
lookup for a case-sensitive filesystem. Every time you try and create a file
that doesn't exist Samba has to do a directory scan to see if the file
exists in a different case. This is slow. Fix your app to create into
different directories and you'll find it gets much faster.

Jeremy.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] system freeze

2004-07-13 Thread henrique paiva

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I have a samba server 3.0.2a running in mandrake10 dell power edge
server as a file server with clipper 5.3 application. I have 20 clients
running win98/95.
Normaly in the afternoon (once a day), sometimes the system just freeze,
all the clipper sessions just freeze, and when i do smb restart,
everything goes fine.
what is wrong with my system?
- --
~ ___
~|  henrique paiva   |
~|___|
~| email: [EMAIL PROTECTED] |
~|___|
~|  icq: 320094827   |
~|___|
Este email foi assinado pelo Gnupg http://www.gnupg.com e
~ Mozilla Thunderbird Enigmail http://enigmail.mozdev.org
Solicite minha chave pública.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA9KjieE6sZ+g/aaURAoRzAKCjdCBNZHI0rmnV8w4nLfpCgX0megCfQeQ1
mUkd6BXvwHXzFpiQ5UhFydU=
=SK5e
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Help! Add samba server to Win2000 Domain

2004-07-13 Thread Jack

Hi,
I am trying to add samba server(3.0.4) in Solaris to win2000 domain, then
all PC in the domain can see the share drive in Solaris.
Followed the manual:

root#  groupadd machines
root# /usr/sbin/useradd -g machines -d /dev/null -c machine nickname -s
/bin/false machine_name$
root# passwd -l machine_name$
root# smbpasswd -a -m machine_name

1. On the MS Windows NT Domain Controller, using the Server Manager, add a
machine account for the Samba server.
2. On the UNIX/Linux system execute:
root# net rpc join -U administrator%password

successfully.

But when I tried to from the Win2000 pc to access the samba server, it
failed. Did I miss something?
Please help!!
Here is the smb.conf

Load smb config files from /usr/local/samba/lib/smb.conf
Processing section [homes]
Processing section [netlogon]
Processing section [printers]
Processing section [ImageShare]
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = MYDOMAIN
server string = My Samba Server
security = DOMAIN
unix password sync = Yes
encrypt passwords = yes
 password server = *
log level = 5
log file = /usr/local/samba/var/log.%m
max log size = 50
deadtime = 15
dns proxy = No
hosts allow = 192.168.17., 192.168.18., 127.

[homes]
comment = Home Directories
read only = No

[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
guest ok = Yes
share modes = No

[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No

[ImageShare]
comment = Share images
path = /temp
write list = @staff
read only = No
guest ok = Yes




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] cannot join win2k to samba domain

2004-07-13 Thread andry

hi,
i 've problem when i try to join win2k prof into samba 
domain 
i use samba ver 2.2.1a 
i add admin user as domain admin group=admin in global 
sections
but when i type user name and pass error message appear  
the spesified user doesn't exist.

any one can help mehow to solve my problem?!
===
Gabung INSTANIA, dapatkan XENIA. Daftar di www.telkomnetinstan.com, langsung dapat 
akses Internet Gratis..
Dan ..ikuti Instan Smile berhadiah Xenia,Tour S'pore, Komputer,dll, info hub : TELKOM 
Jatim 0-800-1-467826 
===
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba performance/stability issue...

On Tue, Jul 13, 2004 at 11:06:28PM -0400, Marcello Melfi wrote:
 
 Regardless of the above, why is it that sometimes I get very good results
 and many other times bad ones? I would expect that this case-insensitive
 thing be consistent and therefore always generates bad results. Do you have
 an explanation for this behavior!

No, sorry, I missed that. If it's a case insensitive problem yes
it should be constant if the files are always being created as new.

 In any case, is there a way to stop this lookup? For example, always use
 uppercase or something like that...

Yes, set case sensitive = yes, preserve case = no, short preserve case = no,
default case = lower
in the share you need this behaviour.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows XP - samba 1.1.9 slow file transfer problem

On Tue, Jul 13, 2004 at 07:50:27PM -0700, Greg Adams wrote:
 I'm experiencing a problem with slow file transfer from a Solaris 2.6
 Samba 1.1.9 server to Windows XP clients. This problem does not occur
 for Windows 2000 clients. In attempting to troubleshoot the problem,
 I've run Ethereal on both clients and noticed a marked difference in
 the logs of a transfer of the same file from the server.

Samba 1.1.x is *very* old. Please upgrade if just for securitys
sake.

 Any suggestions? Would upgrading to Samba 3.x resolve this issue?

Samba 3.0.x has been tuned to provide the same defaults to the
client as Windows 2000 - so hopefully you shouldn't get this
problem.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

svn commit: samba r1476 - branches/SAMBA_4_0/source/libcli/auth

2004-07-13 Thread abartlet

Author: abartlet
Date: 2004-07-13 06:39:55 + (Tue, 13 Jul 2004)
New Revision: 1476

Modified:
   branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c
Log:
Don't print messages about the CCACHE not being found - this is normal.

Andrew Bartlett


WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1476nolog=1

svn commit: samba r1477 - trunk/source/torture

2004-07-13 Thread vlendec

Author: vlendec
Date: 2004-07-13 09:25:44 + (Tue, 13 Jul 2004)
New Revision: 1477

Modified:
   trunk/source/torture/mangle_test.c
Log:
Merge 100% fix..

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1477nolog=1

svn commit: samba-web r148 - trunk

2004-07-13 Thread deryck

Author: deryck
Date: 2004-07-13 11:52:15 + (Tue, 13 Jul 2004)
New Revision: 148

Modified:
   trunk/samba.html
Log:
Add link to SuSE RPMs for current release announcement.

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=148nolog=1

svn commit: samba r1478 - branches/SAMBA_3_0/source/utils

2004-07-13 Thread idra

Author: idra
Date: 2004-07-13 12:39:38 + (Tue, 13 Jul 2004)
New Revision: 1478

Modified:
   branches/SAMBA_3_0/source/utils/pdbedit.c
Log:

Useful patch from Tom Alsberg [EMAIL PROTECTED], to export a single user from a 
backend.



WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1478nolog=1

svn commit: samba-web r149 - trunk

Author: jerry
Date: 2004-07-13 14:11:21 + (Tue, 13 Jul 2004)
New Revision: 149

Modified:
   trunk/samba.html
Log:
adding link to the original mail Lars sent to the samba-binaries list

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=149nolog=1

svn commit: samba-web r150 - trunk

Author: jerry
Date: 2004-07-13 14:14:18 + (Tue, 13 Jul 2004)
New Revision: 150

Modified:
   trunk/samba.html
Log:
removing old news

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=150nolog=1

svn commit: samba r1479 - branches/SAMBA_4_0/source/smb_server

Author: metze
Date: 2004-07-13 17:40:28 + (Tue, 13 Jul 2004)
New Revision: 1479

Modified:
   branches/SAMBA_4_0/source/smb_server/reply.c
Log:
print out domain too




WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1479nolog=1

svn commit: samba r1480 - branches/SAMBA_4_0/source/gtk

Author: metze
Date: 2004-07-13 17:52:29 + (Tue, 13 Jul 2004)
New Revision: 1480

Modified:
   branches/SAMBA_4_0/source/gtk/config.m4
Log:
gwsam has unresolved symbols in it
(on my SuSE 9.1)

so I disable it for now

metze


WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1480nolog=1

svn commit: samba r1481 - in branches/SAMBA_4_0/source: librpc librpc/idl torture torture/rpc

Author: metze
Date: 2004-07-13 18:05:02 + (Tue, 13 Jul 2004)
New Revision: 1481

Added:
   branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl
   branches/SAMBA_4_0/source/torture/rpc/drsuapi.c
Modified:
   branches/SAMBA_4_0/source/librpc/config.m4
   branches/SAMBA_4_0/source/torture/config.mk
   branches/SAMBA_4_0/source/torture/torture.c
Log:
add idl file and torture test dummies
for DRSUapi (the Active Directory Replication Protocol)

I'll try to fill the idl file as part of a study project
together with some other students...

metze


WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=1481nolog=1

svn commit: samba r1482 - branches/SAMBA_4_0/source/librpc/idl

Author: metze
Date: 2004-07-13 18:10:11 + (Tue, 13 Jul 2004)
New Revision: 1482

Modified:
   branches/SAMBA_4_0/source/librpc/idl/dcerpc.idl
Log:
today I saw DCERPC_AUTH_TYPE 16(0x10)
and it seems to be raw krb5, but I need to do some tests

metze


WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1482nolog=1

svn commit: samba r1483 - branches/SAMBA_4_0/source/build/smb_build

Author: metze
Date: 2004-07-13 18:41:08 + (Tue, 13 Jul 2004)
New Revision: 1483

Modified:
   branches/SAMBA_4_0/source/build/smb_build/makefile.pl
Log:
build dynconfig.c also with PICFLAGS

metze


WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1483nolog=1

svn commit: samba r1484 - branches/SAMBA_3_0/source/rpc_server

Author: jerry
Date: 2004-07-13 19:20:37 + (Tue, 13 Jul 2004)
New Revision: 1484

Modified:
   branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c
Log:
BUG 1520: work around bug in xp sp2 rc2 where the client sends a fnpcn() request 
without previously sending a ffpcn().  Return what win2k sp4 does

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1484nolog=1

svn commit: samba r1485 - branches/tmp/SAMBA_3_2_MERGE/source

Author: jerry
Date: 2004-07-13 20:30:59 + (Tue, 13 Jul 2004)
New Revision: 1485

Modified:
   branches/tmp/SAMBA_3_2_MERGE/source/Makefile.in
Log:
These binaries are building now...

$ ls bin
nmbd*  nmblookup*  smbclient*  smbspool*  testparm*  testprns*



WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1485nolog=1

svn commit: samba r1486 - in branches/SAMBA_4_0/source: auth include ntvfs/cifs param rpc_server smb_server smbd