Re: [Samba] Samba Printing
On Wednesday 25 August 2004 17:39, Douglas Sterner wrote: Using Samba 3.05 and cups I'm having some trouble getting documents to print thru CUPS in raw mode. Documents print fine from the server but not from an XP client. When I used the following print command statement for troubleshooting the job is getting to the Samba CUPS printing uses the cups API for printing. If your print commands would have any effect, you are not using CUPS as printing backend! Try ldd smbd | grep cups to make shure, you are really using CUPS! server spool directory for that printer. The CUPS admin page never sees the job and no errors are given. Everything looks like it has printed just nothing comes out of the printer. This is, why network printing is so exciting ;-) When I print a test page from the server it prints and the job shows up in cups. print command = cp %s /var/spool/samba/dell5300n/testprint.prn Question 1: What is a print command to use for raw printing thru cups None. See above. Question 2: What are the correct permissions user/group for the /var/spool/samba/dell5300n spool directory. I see no reason for having different spool directories. Samba takes the job and gives it to CUPS (so it will be copied into the CUPS spooldir anyway). Try 0777 for it. And if works, you can think about security things later. Unsufficient rights can really be the reason. Perhaps try: su user who cannot print cd spooldir of the printer touch test and see what happens. [global] server string = Camp Hill File/Print Server printcap name = cups printer admin = dsterner guest ok = Yes printing = cups cups options = raw This is not needed: print command = /usr/bin/lpr -d%p %s # print command = /usr/bin/lp -c -d%p -oraw # print command = cp %s /var/spool/samba/dell5300n/testprint.prn lpq command = /usr/bin/lpstat -o '%p' lprm command = /usr/bin/cancel '%p-%j' lppause command = /usr/bin/lp -i '%p-%j' -H hold lpresume command = /usr/bin/lp -i '%p-%j' -H resume queuepause command = /usr/bin/disable '%p' queueresume command = /usr/bin/enable '%p' [ EO not needed] [printers] comment = CHPA - Complete printer share path = /var/spool/samba printer admin = @ntadmin, root, dsterner printable = Yes browseable = No [print$] comment = Printer Driver Download Area path = /data/samba/drivers write list = @ntadmin, root, dsterner guest ok = Yes [scans] comment = Scanned documents from the Dell 1600N Printers path = /data/samba/shared/printer-scans read only = No force create mode = 0755 force directory mode = 0755 [CH-5300N] comment = CH Operations Dell 5300N Laser Jet path = /var/spool/samba/dell5300n printer admin = @ntadmin, root ^ Not quite shure, but I think, there is only one printeradmin in Samba - not per printer. If this overwrites the previous entry, dsterner is no printer admin. hosts allow = 192.168.10. guest ok = Yes printable = Yes printer name = CH Operations Dell 5300N Laser Jet Douglas Sterner Please try Samba 3.0.6. Gerald Carter has fixed several tings in printing since 3.0.5. Just to be shure... -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [3.0.6]: Fail to mount with NULL password
Hi, I failed to mount samba 3.0.6's share with NULL password: # mount -t smbfs -o username=alpha,password= //192.168.3.101/pub /mnt And what samba log say: [2004/08/24 16:30:08, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [alpha] - [alpha] FAILED with errorNT_STATUS_WRONG_PASSWORD But it is ok when using samba 2.2.8a! Best Regards! Jacky Kim . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Maximum size of samba share on win2000?
Hello, I'm investigating the possibility to set up a debian file server with samba, xfs as file system, hardware raid and a 10TB partition (for image storage). This file system should be mounted or mapped on a Windows 2000 server with samba. My question is, will the win2000 2TB partition limit kick in when we mount or map this samba share or can windows handle this (write/read files to the linux partition)? Thanx in advance Klaas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
No solution yet: [Samba] No access even with domain trusts
Me and my problem again... I created the root user on the 2k Domain now (same password as on linux), and can authenticate that one. Strange a little, don't really understand that though. Is there any possibility to solve that, maybe by duplicating the user database on Linux in a regular time period? Or anyone maybe got the same problem and could help me with that? Would be really nice. Regards, Jens -Ursprüngliche Nachricht- Von: Altrock, Jens [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 5. August 2004 10:04 An: Samba Mailing List (E-Mail) Betreff: [Samba] No access even with domain trusts Hi there! I got a little problem with samba 3.0.5 (configure options: --with-winbind --with-winbind-auth-challenge --with-configdir=/etc/samba) on RedHat 9 Kernel 2.4.20-8smp. I am trying to set up a Squid proxy with user authentification on our domain and their trust relationships. The situation: We got one domain (lets call it Domain A) where the server is a member, and we got 3 other domains ( B, C and D) that have bidirectional, non-transitive trust relationships. Domain B is Windows 2000 AD, Domains C and D are Windows 2003 ADs, all in mixed mode. After successfully joining domain A I tried to get the groups of users from a trusted domain. Using wbinfo -r domain\\username succeeded for Domain A, C and D, but not for domain B. I started winbind in interactive debug mode, and found out that the Linux Server can contact domain B, but gets an NT_STATUS_ACCESS_DENIED after some time... and I don't know why. Samba interprets that as an user does not exist message, although the user definitively exists. Looking at the output of wbinfo --sequence showxs that Domain B hast status disconnected, but if I check the trust relationship on the NT4 PDC it is ok though. I hope anyone can help me, for I got no more ideas. Regards Jens ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Change password giving error 1728 rpc protocol error
This my be useful to others. Been tareing my hair out over a samba PDC (version 3.0.6) that I get this 1728 error when I try and change the password from a Win XP box. Just installed SP2 service pack and it works now Stuart Ward 26 Florence Park BristolBS6 7LR signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Kerberos ticket automatic update
Hi! Im using Samba 3.0.5 and run it as a member server in Win2003 AD. Everything is working fine until the kerberos 5 ticket reaches it's end of life. My question are: How do I configure winbindd + kerberos to automatically update the ticket? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] dependent module libiconv.a (libiconv.so.2) could not be loaded. .......error starting smbd on AIX v5.1
Hi, My name is Eli Kirzner and I confront the same problem you described. Have you managed to resolve it ? If yes be so kind and let me know how ,Please. Thaks in advance. Eli Kirzner 972-4-8296390 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming profiles taking long time to load
I have recently got an Apple X-serve running samba 3.0.2 I have created new users for my windows environment and on logging in the roaming profiles have been created. My windows systems are WinXP. My problem is that logging in is taking approx 3mins and approx the same to log out, with saving settings being displayed for most of this time. The apple is the PDC and also the WINS server. The profile have only just been created and are only approx 750K in size, both the Apple and the PC's are on Gigabit links. What can I look for to stop this horrendous login/save times. Regards Tony Baker [EMAIL PROTECTED] Onestep Solutions plc 351 London Rd, Hadleigh, Essex. SS7 2BT tel 01702 426400 Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Strange update problem 3.0.5-3.0.6 with XP-Clients
Jerry Carter: | Upgrade from 3.0.6-1 to 3.0.6-2 did not solve anything. | | What are these versions? | | | The versions from the unstable debian distribution - I also | mailed to the package maintainer. Ahh...ok. I new they were mine. You got them from samba.org right ? Simo Sorce maintains those. Nope Jerry, they are from Debian *Unstable*, I produce packages only for debian *stable* (as Debian folks do not upgrade packages in stable). So don't try dodge this problem by dropping it on me ... drop it on debian folks :-) Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as NT Domain Member via Winbind - After Upgrade users prompted for password for any shares
Jerry, Thanks for your response. I tried tuning 'winbind use default domain = no' but still have the problem. When trying to browse the server for shares, users are prompted for an IPC$ password. If they try to access a specific share, they get a message saying the share cannot be found. Any other ideas? I've included below my smb.conf file, modified w/ suggested change as well as my logs for smbd, nmbd, and winbindd after all services are restarted and a connection attempt was made. Thanks, Jason McGlamary PC/LAN Specialist Washington Hospital Center --LOG.SMBD-- Barton:/var/log/samba# less log.smbd smbd version 3.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/08/26 07:40:14, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:40:27, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:40:27, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:40:27, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:40:52, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/08/26 07:40:52, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2004/08/26 07:40:52, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 22: ERRNO = Connection reset by peer [2004/08/26 07:40:52, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/08/26 07:40:52, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(194) Unable to open/create TDB passwd [2004/08/26 07:40:52, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(487) pdb_getsampwrid: Unable to open TDB rid database! [2004/08/26 07:41:42, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:54, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:57, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:57, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:57, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:58, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:58, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:42:31, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/08/26 07:42:31, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/08/26 07:42:31, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2004/08/26 07:42:31, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by p eer [2004/08/26 07:42:31, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/08/26 07:42:31, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(194) Unable to open/create TDB passwd [2004/08/26 07:42:31, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(487) pdb_getsampwrid: Unable to open TDB rid database! -LOG.NMBD-- Barton:/var/log/samba# less log.nmbd [2004/08/22 15:11:13, 0] nmbd/nmbd_namequery.c:query_name_response(101) query_name_response: Multiple (2) responses received for a query on subnet 172 .25.37.198 for name MHG1d. This response was from IP 172.25.37.104, reporting an IP address of 172.25.37. 104. [2004/08/25 10:28:26, 0] nmbd/nmbd.c:terminate(54) Got SIGTERM: going down... [2004/08/25 10:28:42, 0] nmbd/nmbd.c:main(664) Netbios nameserver version 3.0.6 started. Copyright Andrew Tridgell and the Samba Team 1994-2004 [2004/08/25 10:49:37, 0] nmbd/nmbd.c:terminate(54) Got SIGTERM: going down... [2004/08/25 10:49:53, 0] nmbd/nmbd.c:main(664) Netbios nameserver version 3.0.6 started. Copyright Andrew Tridgell and the Samba Team 1994-2004 [2004/08/25 10:53:27, 0] nmbd/nmbd.c:terminate(54) Got SIGTERM: going down... [2004/08/25 10:53:27, 0] nmbd/nmbd.c:main(664) Netbios nameserver version 3.0.6 started. Copyright Andrew Tridgell and the Samba Team 1994-2004 [2004/08/25 10:58:06, 0] nmbd/nmbd.c:terminate(54) Got SIGTERM: going down... [2004/08/25 11:00:04, 0] nmbd/nmbd.c:main(664) --LOG.WINBINDD- [2004/08/26 07:38:38, 1] nsswitch/winbindd.c:main(854) winbindd version 3.0.6 started.
[Samba] Disaster recovery on PDC
Hi all, I search about disaster recovery, but I can't understand how to proceed... I perform backups on my PDC (data and configuration). My question is about secrets.tdb: according some docs, I can't install a new server and just put the secrets.tdb on samba configuration directory, because the SID it's specific. If I don't repair this file, the domain SID will be change and the machines can't locate the domain (and I have to put it again on domain). How to proceed to repair a PDC without problems? (in moment, I'm using Samba 2.x, but I'll migrate to 3.x). Regards, Fabiano Felix -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] building on Solaris 10
Has anyone attempted to build samba on Solaris 10? Yes it's beta. Apparently Sun gets it to work as they include 3.0.4, but it fails on me with the following error: In file included from include/includes.h:275, from dynconfig.c:21: /usr/include/net/if.h:368: error: parse error before zoneid_t /usr/include/net/if.h:390: error: parse error before '}' token make: *** [dynconfig.o] Error 1 I fixed part of the config script so that it didn't catch the no large file support by changing this: case `uname -r` in 5.0*|5.2*|5.1*|5.3*|5.5*) echo $as_me:$LINENO: result: no large file support 5 to this case `uname -r` in 5.0*|5.2*|5.3*|5.5*) echo $as_me:$LINENO: result: no large file support 5 Is there anything else that needs tweaking? -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] VSS and Samba on Tru64 Unix
Hi there, All users in a defined unix group should be able to copy, edit, and delete any file created by any other user in that group. As most of you probably already know, this works fine if the user checking the file out is the same as the user checking it in. But if the user trying to check out a file is not the original user (ie. the unix user-owner) of the file, VSS dies, since it can't remove the windows READ attribute from the file in question. I don't know which version it was introduced in, ut have a look at the option 'dos filemode'. I think it will do what you want. http://www.samba.org/samba/docs/man/smb.conf.5.html#DOSFILEMODE Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kerberos ticket automatic update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 treklor wrote: | Hi! | | Im using Samba 3.0.5 and run it as a member server in | Win2003 AD. Everything is working fine until the kerberos | 5 ticket reaches it's end of life. My question are: | How do I configure winbindd + kerberos to automatically | update the ticket? You mean that max lifetime ? The instance expiration was partially addressed in 3.0.3 (search for BUG 1208 in the WHATSNEW). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLedBIR7qMdg1EfYRAkcBAJ9qGtxiClx9F5epRdwwK28D0p7epQCguAx/ HIeYS+87EEgztN8m4MFdmZA= =tUTb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap_open_connection(623)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thiagasundaram, PariX P wrote: | I am running Redhat Linux 9, openldap 2.2.15, Bdb - 4.2.52, openssl - | 0.9.7d, smbldap-tools-0.8.5 and samba - 3.0.6. | | | | When I try to migrate my users from NT 4 domain to Samba, using the net | vampire command, I get the following error: | | | | [2004/08/25 14:58:59, 0]Lib/smbldap.c:smbldap_open_connection(623) | |Failed to issue the StartTLS instruction: Connect error Verify slapd's ssl setup first. $ ldapsearch -ZZ -x -H uri from passdb backend value \ -b '' -s base '(objectclass=*)' + cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLefFIR7qMdg1EfYRAkV5AJ9yFTgCb+NpebKgsUIUvwMmV5cwuQCfVxf3 lXxth52G3bgowZyXXUc0tTQ= =2tNC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Slow Samba share--why?
I trying to figure out why copying from a Samba drive to Windows XP is slower than an FTP transfer beween the same two machines. To copy the 110 MB file from Samba takes 400 seconds, and to transfer the same file by FTP takes 41 seconds. From using ethereal, and comparing a fast smb copy to a slow smb copy, I can see that the slow copy has a _lot_ more tcp traffic for a SMB single read request. I'm guessing this is the reason for the slow transfer speed. I'm hoping someone here can verify this (and hopefully tell me how to fix it!). My environment is: Sarge: Debian Sarge Samba 3.0.5-1 (smb.conf attached) vsftpd 2.0.1-1 Sarge has the Samba share and the FTP server. XP (virtual machine in Sarge): VMware 4.5.2 build-8848 (bridged network connection) Windows XP Home, Service Pack 1 Woody Debian Woody Samba 2.2.3a-12.3 (for smbmount) When I copy a file from the Sarge Samba share to XP, it takes ten times as long as FTP'ing the same file in the same direction. When I mount Sarge's share from Woody using smbmount, the cp command speed is a bit slower than the ftp speed (135 seconds instead of 111). This seems normal. I ran ethereal on Sarge and captured logs for both the slow and the fast copy. The fast copy (Woody) repeats this pattern over and over again: 959 SMB Read Request (115 bytes) 960 SMB Read Response (1514 bytes) 961 TCP [Continuation to #961] netbios-ssn 1043 ACK (1514 bytes) 962 TCP [Continuation to #962] netbios-ssn 1043 PSA, ACK (1318 bytes) 963 TCP 1043 netbios-ssn ACK (963 bytes) The slow copy (from XP) has two similar SMB packets (Read AndX Request instead of Read Request), but from there on the sequence differs, with many more TCP continuation packets and one SMB [TCP Retransmission]. I have attached a section of the ethereal log for the slow copy. It includes all packets between one Read AndX Request and the next. I have saved a copy of the complete ethereal logs for both the slow and the fast copy and can send them if they would be of any help. I have also attached the log files generated by Samba at log level 3 for both a fast and slow copy. (A different run that the ran that generated the ethereal logs.) I removed the time stamps and diff'd them, but didn't make out much. Thanks for any pointers! Regards, Mark P.S. I am not subscribed to this list, so please CC me on any replies. # # Sample configuration file for the Samba suite for Debian GNU/Linux. # # # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options most of which # are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentary and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command # testparm to check that you have not many any basic syntactic # errors. # #=== Global Settings === [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = hubcap # server string is the equivalent of the NT Description field server string = %h server (Samba %v) # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server ; wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast Debugging/Accounting # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 1000 # If you want Samba to only log through syslog then set the following # parameter to 'yes'. ; syslog only = no # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ### Authentication ### # security = user is always a good idea. This will require a Unix account # in this server for every user accessing the server. See # /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc # package for details. ; security = user # You may wish to use password encryption. See the section on # 'encrypt passwords' in the smb.conf(5)
[Samba] Roaming profiles taking long time to load
Check that the Web Client service is disabled on the Windows XP clients. Mike Elkevizth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP backend not mapping permissions properly and other problems
Sorry this is so long, but I think it is all relevant. I also have an output from pdbedit with log level 10 if needed. First, the latest problem I have noticed. When I create a new directory on the server, samba creates the files properly and gives them the proper permissions on the server, but when I look at the file security properties (Right click,Properties, Security Tab) I don't get the files proper information. The user and group are both in the LDAP directory with samba SIDs, but I get two groups that are not even related to the file and don't get the user and group that are assigned to the file. I have tried to run winbindd, but it doesn't work at all, I got it to connect to the LDAP server by changing my configuration, and it looks in the log like it starts fine, but when I run wbinfo -u it gives me error looking up users, wbinfo -g gives me 3 BUILTN groups, and wbinfo -D gives me my domain info. Since my domain is purely made of samba servers though, I'm not even sure if I should be running winbindd. I am wondering if this has anything to do with the fact that the new smbldap-tools scripts require a entry with an objectClass=sambaUnixIdPool as does the Idmap entry. I had to change the scripts from searching (objectclass=sambaUnixIdPool) to search for (cn=NextFreeUnixId) in order to get the scripts to work, because they kept giving me a can't find next available uidNumber error. An ldapsearch for (objectclass=sambaUnixIdPool) gives this: ldapsearch -x (objectclass=sambaunixidpool) # extended LDIF # # LDAPv3 # base with scope sub # filter: (objectclass=sambaunixidpool) # requesting: ALL # # Idmap, ldap.dcs dn: ou=Idmap,dc=ldap,dc=dcs objectClass: organizationalUnit objectClass: sambaUnixIdPool ou: Idmap uidNumber: 1 gidNumber: 1 # NextFreeUnixId, ldap.dcs dn: cn=NextFreeUnixId,dc=ldap,dc=dcs objectClass: inetOrgPerson objectClass: sambaUnixIdPool gidNumber: 1000 cn: NextFreeUnixId sn: NextFreeUnixId uidNumber: 1012 # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 History, I am trying (and have been for about six months) to build a small distributed network (between 3 offices per VPN w/10 users 4 mobile) and I can't figure it out. I purchased a Samba 3 by Example book and have followed it and keep getting strange errors. I have 4 servers, one PDC and one BDC at the main office and a BDC at each of the other offices (they really aren't there yet because I'm trying to make it work first). All of them are running Fedora Core 2 with samba 3.0.6. They each have a dhcp and dns server on them which operate fine, and sync together properly where needed. They all run OpenLDAP and that runs great on all of them, the PDC runs the master and the BDCs are all slaves. Also, I get weird errors from User Manager for Domains. I can change passwords properly from the Ctl-Alt-Delete Change Password method and it changes both the unix and the samba passwords. If I try to change a users password other than the administrator's (linux uid=0) in the User Manager for Domains it works fine, if I try to do anything to adminstrator though, it gives me a the group name could not be found error. Then if I go into the Domain Admins group, it doesn't show the administrator as being a member, although he is in the ldap directory, so I try to put the administrator in and it gives me a the user does not belong to this group error. I also have noticed I can't set the password must change at next logon for any user. I am using smbldap-tools version 0.8.5 (the latest from their website). Mike Elkevizth smb.conf: [global] # Basic settings workgroup = dcs netbios name = dcs004 server string = Hartville PDC Server security = user show add printer wizard = no # Network settings time server = yes wins support = yes name resolve order = wins bcast hosts smb ports = 139 445 hosts allow = 192.168.5. 192.168.6. 192.168.7. 127. # Domain control options os level = 99 local master = yes preferred master = yes domain master = yes domain logons = yes logon script = %U.bat logon path = \\%L\profile # Password change and create options for domain control unix password sync = yes passwd chat timeout = 10 ldap delete dn = yes lanman auth = no passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n encrypt passwords = yes passwd program = /usr/sbin/smbldap-passwd -u %u add machine script = /usr/sbin/smbldap-useradd -w '%u' add user script = /usr/sbin/smbldap-useradd -a -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add user to group script =
Re: [Samba] UID and GID mapping.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Doug VanLeuven wrote: | Is this a better, or preferred, method than | winbind trusted domains only = yes | I ask because I used the above in my smb.conf | during testing and it works in conjunction with | an existing NIS domain where sAMAccountName is | guaranteed to match the corresponding NIS user. | But I haven't gone production yet. As long as the set of windows users == set of NIS users, that will work as well. New behavior introduced in 3.0.6 is that you can start winbindd without a uid or gid range and winbindd will only to the name/SID mapping. All users (in your own domain and in all trusted domains must have an existings UNIX account). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLewbIR7qMdg1EfYRApasAKDa7o2oHFgH4xuTjxSGbCqGmiSQ4wCdG3u2 hADfoae4mNlqhbh84t5WzTc= =DDhW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] :) look at this-review week: medical m^ira-cle
Her flesh was fine and smooth as polished ivory, and her poise expressed both dignity and grace -Original Message- From: Kelvin Bell [mailto:[EMAIL PROTECTED] To: bryan lawyer; derek pishko; edwardo deporter Sent: Sunday, July, 2004 12:54 PM Subject: look at this-review week: me'dical mira.cle Dar'von, Celebrex, Ultram, Vioxx, Val_ium, Via-gra, Cialis, Levitra, Meridia, Reductil, Xenical http://pj.a.werthebestrx.us/track.asp?cg=tfc=info The site does carry Soma's generic- Carisoprodol as muscle relaxant. If you could take some other physical therapy under the direction of the doctor, your body will recover quicker. viciosamente 10 minifundio 91labranti`n soberani`aojalatero -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.6 and pam_winbind problems (sernet)?
Recently I upgraded a server from samba 3.0.2a to 3.0.6, and now apache won't authenticate properly with pam_winbind. Winbind's been restarted, apache has been restarted, for grins I even rebooted the server. From /var/log/messages: Aug 26 10:24:51 linps2 pam_winbind[654]: user 'jarboed' granted acces From apache's error log: [Thu Aug 26 10:24:51 2004] [error] (2)No such file or directory: access to /cgi-bin/print/modify/modify.py failed for 10.176.156.41, reason: User not known to the underlying authentication module This is on SLES8 s390 using the sernet srpms. To break it, I upgrade to the new rpms, to fix it, I rpm -Uhv --oldpackage to the old ones. I can go back and forth, and it breaks/fixes. The apache behavior is kind of strange too, it doesn't prompt for another password, just immediately returns the 401 Authentication Required. /etc/pam.d/httpd is only: authrequired/lib/security/pam_winbind.so account required/lib/security/pam_winbind.so Since the only thing changing is the version of samba installed, does anyone have any ideas? Thanks, ~ Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.6 and pam_winbind problems (sernet)?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | [Thu Aug 26 10:24:51 2004] [error] (2)No such file | or directory: access to /cgi-bin/print/modify/modify.py | failed for 10.176.156.41, reason: | User not known to the underlying authentication module Did the libnss_winbind.so.2 get updated via the RPM upgrade ? That would be the first place I would look. You can run winbindd at level 10 and see if ther request sizes match up with what the daemon expects. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLfXnIR7qMdg1EfYRAiXzAKCJ50dYhRJaPkpfAbNf7Uy+YEP9GwCg3JKk KsmZANVf6AE5y+OalKg/W3w= =Cyul -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] suddent random problem with Windows boxes
Hello all, I am not a Samba expert by any means, so please bear with me if I make a fool of myself. We run a small network in this office. There is a Windows domain running off of a Debian Linux server, running Linux 2.4.25. There are mostly Windows 2000 and Windows XP machines, but there are still a few users clinging on to Windows 98 (this is because they run specialized testing software that does not work in 2000 or XP). Starting a few days ago, anyone who tries to log onto a Win98 machine gets the following error: The domain password you supplued is not correct, or access to your logon server has been denied. In addition, a few Windows 2000 users have suddenly lost network access, being told that they do not have permission to access their roaming profiles. I have made absolutely no changes to the server or Samba in a few weeks, so I don't know what could be causing this. I was running Samba 2.2.9pre1, so I upgraded to 3.0.6 to no avail. Here is a copy of my smb.conf file (which was last modified on July 30th): [global] security = user workgroup = EPPIE netbios aliases = FUDD unicode = yes unix charset = 850 display charset = 850 allow hosts = 136.142.198. #wins server = encrypt passwords = yes netbios name = SPEEDY domain logons =yes logon script = scripts\logon.bat logon path = \\%N\profiles\%U add user script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bi n/false %m$ guest account = nobody share modes=no os level=65 time server = yes #unix password sync = true #passwd program = /usr/bin/passwd %u #passwd chat = *password* %n\n *password* %n\n *successful* include = /usr/local/samba/lib/smb.conf.fudd lm announce = no [profiles] path = /usr/local/samba/netlogon/profiles guest ok = no create mask = 0774 directory mask = 0755 write list = %U public = no allow hosts = 136.142.198. [homes] guest ok = no read only = no create mask = 0700 directory mask = 0700 oplocks = false locking = no [mhpcd] comment = MHPCD Documents browseable = yes allow hosts = 136.142.198. public = no guest only = no write list = fail tml nadine sonyaf nancys2 nday marie gale cindy carriet kare ns eva willford path = /usr/local/export hide dot files = yes follow symlinks = yes wide links = no create mask = 774 directory mask = 775 force group = office [documents] comment = Full Online Documentation browseable = yes allow hosts = 136.142.198. public = yes guest only = no read only = yes write list = matt sonyaf path = /usr/local/documents hide dot files = yes follow symlinks = yes wide links = no create mask = 774 directory mask = 775 force group = office [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no I am allow hosts = 136.142.198. public = yes guest only = no read only = yes write list = matt sonyaf path = /usr/local/documents hide dot files = yes follow symlinks = yes wide links = no create mask = 774 directory mask = 775 force group = office [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no Oh, and of possible interest: there is nothing in log.smbd about the Windows 98 logon attempts. I mean NOTHING. Not even a failure notice. Any and all help and suggestions would be greatly appreciated. Thanks! Regards, Matt Singerman [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Can't Join Domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joshua Schmidlkofer wrote: | usersdn=ou=Users,dc=mydc,dc=com | computersdn=ou=Computers,dc=mydc,dc=com | | I set my nss_ldap as such: | | nss_base_passwd dc=mydc,dc=com?sub According to Luke Howard, nss_ldap 204 or later (i may be slightly off on the version) will support nss_base_passwd ou=users,dc=mydc,dc=com?sub nss_base_passwd ou=computers,dc=mydc,dc=com?sub rather than haveing to search from the parent. I haven't had a chance to verify this yet though. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLfs+IR7qMdg1EfYRAjNjAKDaqCPnHT9GCgNOfvQvm3hflRLLjgCeIckB 8kowi8BSsHD00YOEyGYhBLo= =jNbX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind/krb5 questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jay Ted wrote: | After setting up winbindd, krb5 and pam, I can log | into my linux server and be authenticated against the AD. | When I am logged into the linux server should I have any | tickets shown with klist? I can manually runkpass after login | but I would like this to be automated, wasn't sure if I should | be using the pam_krb5 module to take care of creating the ticket | at login. pam_winbindd doesn't use krb5 to authenticate requests. So therefore no tickets. I would recommend pam_krb5 in this case (there's a creds option to get it to keep your tickets when you login). | How do I handle the passwd commands? If a user trys to change | their password while logged into the linux server are they | supposed to use the smbpasswd command? You can use pam_winbind.so or pam_krb5 (though probably the latter is easier if you are wanting a more krb5 oriented solution). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLfv8IR7qMdg1EfYRAs0zAJ98CgEKol5LD9olGblkS3yBKqzOKACg30sB fcie94FlRToYnibOPOA0Tx4= =aTvH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.6 and pam_winbind problems (sernet)?
Hi Daniel! I experienced the same problem after upgrading on Debian, so I stopped daemons, again, deleted *.tdb files under /var/cache/samba/ (also printers/) and started the daemons and everything got fixed. I hope it helps. Regards, Juan Rey Saura [EMAIL PROTECTED] wrote: Recently I upgraded a server from samba 3.0.2a to 3.0.6, and now apache won't authenticate properly with pam_winbind. Winbind's been restarted, apache has been restarted, for grins I even rebooted the server. From /var/log/messages: Aug 26 10:24:51 linps2 pam_winbind[654]: user 'jarboed' granted acces From apache's error log: [Thu Aug 26 10:24:51 2004] [error] (2)No such file or directory: access to /cgi-bin/print/modify/modify.py failed for 10.176.156.41, reason: User not known to the underlying authentication module This is on SLES8 s390 using the sernet srpms. To break it, I upgrade to the new rpms, to fix it, I rpm -Uhv --oldpackage to the old ones. I can go back and forth, and it breaks/fixes. The apache behavior is kind of strange too, it doesn't prompt for another password, just immediately returns the 401 Authentication Required. /etc/pam.d/httpd is only: authrequired/lib/security/pam_winbind.so account required/lib/security/pam_winbind.so Since the only thing changing is the version of samba installed, does anyone have any ideas? Thanks, ~ Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
3.0.6 winbindd upgrade problems (was: Re: [Samba] 3.0.6 and pam_winbind problems (sernet)?)
Hi Juan! On Thu, 26 Aug 2004 17:05:11 +0200 Juan Rey Saura [EMAIL PROTECTED] wrote: I experienced the same problem after upgrading on Debian, so I stopped daemons, again, deleted *.tdb files under /var/cache/samba/ (also printers/) and started the daemons and everything got fixed. Yepp - that was the solution to my (similar) problems, too. Too simple so I did not think of that one either. Maybe the Debian package maintainer (is he listening?) could put a one-liner into the restart-scripts, doing the remove automatically? Thanks a lot Volker Tanger ITK Security -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Point 'n' Print, issues after upgrade to 3.0.6
I've upgraded successfully to 3.0.6 finally. As part of that upgrade, I configured the print$ share and installed the printer drivers into it. I've been using the Laserjet 4 Plus driver with great success. However, when I configured the printer to use this driver stored on the server, everything printed fine except for Excel documents! Excel gives the error in print preview that the margin size does not fit on the page. Only for Excel! So I installed the 4300 PS driver onto the server. It works for all programs. However, it's dog slow! It prints a page, waits, prints a page, waits. Takes over twice as long to print. Needless to say, my users don't like it. Can anyone give me ideas about why the 4P driver is not working with Excel? Anyone with similar experiences? I'm not sure whether to blame it on the upgrade, the fact that the drivers are now stored on the server, or some other factor. Oh yeah, another strange problem. The Windows print job monitor thing that comes up when you double-click a printer, no longer automatically refreshes now that I have the drivers on the server. This one isn't terribly important, but just odd. You have to manually refresh it. Thanks in advance, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions head-ache on Samba V3.0.4
Hi, I hope that this is a quick answer, as it's probably been answered many times before and I'm just missing a very minor setting in my config. I have just setup a samba server(ver 3.0.4) on a Redhat Enterprise Linux Box ES3. The box has been setup as a member of a Windows NT4 domain, it's to be used as a fileserver for users on the NT domain. I have configured samba to use domain security, and have winbind working correctly (I think!!) - I can get the domain users and groups to show from a 'wbinfo -u or wbinfo -g. I have been trying (unsucessfully) to configure the /home directory so that the domain admins here can manage the subfolders and the permissions, from the server administrator or management console on their NT / 2000 workstations. I have used the following commands on the /home volume so that the domain admins/users can have access to the volume: chown DOMAIN+Administrator /home chgrp DOMAIN+Domain Users /home (both commands threw back no errors) I'm guessing that the problem may down to the smb.conf file but I'm not sure what I'm missing.. would be grateful if someone could assist. TIA Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba printing
As suggested I am in the process of updating to Samba 3.06 I added things to my spec file including --enable-cups\ and it died building the rpm with the following error. NO cups-config make sure you have the development libraries installed? Does this mean on RH 3 cups really isn't being used even though the packages are loaded. When I run ldd smbd | grep cups I get the no such file error Douglas Sterner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba printing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Douglas Sterner wrote: | As suggested I am in the process of updating to Samba 3.06 | I added things to my spec file including --enable-cups\ and | it died building the rpm with the following error. NO cups-config | make sure you have the development libraries installed? Does | this mean on RH 3 cups really isn't being used even | though the packages are loaded. Do you have the cups-devel RPM installed ? I'll try to bring up a RHEL 3 vmware session soon to test the build. Should be fine though. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLgjmIR7qMdg1EfYRAirSAKDIKkdCp6bFyubqlc4qAkGNUm0Q0ACfXvLD K5AZyW2JobAqttuh9fEbN6A= =kT9N -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Exclusive oplock left by process
I don't think that blocking locks is your problem. Jeremy just answered the question about releasing locks by clearing the lock files (tdbs), although again, I don't think it will affect your operation. His reply is at: http://marc.theaimsgroup.com/?l=sambam=109270256108878w=2 Eric Roseme Hewlett-Packard [EMAIL PROTECTED] wrote: Hi Eric, Thank you for your response. I will read the white paper that you wrote. I forgot to mention that in my smb.conf file for SAMBA 3.0.5, I have blocking locks = no. Should I set this? Or should I use the default blocking locks = yes? I also curious about if it is safe to remove all files(including locking.tdb, brlok.tdb, etc.) under /var/.../locks directory after I stop samba server? I can see your point to disable oplocks, however, I am still wondering how this upgrade from 2.0.7 (nmbd -V showed 2.0.7, smbd -V showed 2.0.9, NOT 2.2.7) to 3.0.5 introduced oplock problem since we use the default settings for both versions of samba. Thank you very much for your help! Xiaoqin Qiu IT Infrastructure Services Organization Agilent Technologies, Inc. [EMAIL PROTECTED] -Original Message- From: eric roseme [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 3:46 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Exclusive oplock left by process Hi Xiaoqin, It appears to me that oplock break wait time = 0 is the default on both 2.2 (2.2.10 for me) and 3.0 (3.0.2a for me). Unless you have a good reason for using oplocks, I suggest turning them off altogether (oplocks = no, level2 oplocks = no - so testparm does not complain that level2 is on when oplocks are off). Also, if you have NFS users accessing the same files that are being oplocked, you could have some data integrity problems. You can look at a whitepaper I did about oplocks at: http://www.docs.hp.com/hpux/onlinedocs/4501/CIFS_Oplock_Guideline.pdf Eric Roseme Hewlett-Packard [EMAIL PROTECTED] wrote: Hi all, We have a HP-UX 11i server running as a samba server. Users use Windows 2000 boxes with Service Pack 4 to connect to the samba server. Several days ago, we upgraded samba server from 2.0.7 to 3.0.5, and we started to experience the following problem: The general connection and access to the samba server is ok. However, under the samba share there have been some directories mounted from some other HP-UX 11i servers through WAN. When people try to copy files from these directories or running some applications using files under these directories, the windows explorer/application kind of hang and became very slow. But this type of tasks were successful using samba version 2.0.7. The problem only happened after the upgrade. I looked at the samba log file and found the following errors: [2004/08/24 18:07:51, 0] smbd/oplock.c:request_oplock_break(1023) request_oplock_break: no response received to oplock break request to pid 27458 on port 54926 for dev = 430016a8, inode = 3310429, file_id = 24 [2004/08/24 18:07:51, 0] smbd/open.c:open_mode_check(680) open_mode_check: exlusive oplock left by process 27458 after break ! For file hped/sr/osclib_encode_def.atf, dev = 430016a8, inode = 3310429. Deleting it to continue... [2004/08/24 18:07:51, 0] smbd/open.c:open_mode_check(684) open_mode_check: Existent process 27458 left active oplock. Our WAN connection is pretty fast although it is a lot slower than LAN. And in the meantime, we had no problem accessing these directories using NFS. I read man pages and search the internet. Although there are sevel posts on the internet describing similar problem, I havn't found any solution. From the man page, parameter oplock break wait time caught my eyes. We have been using default value for both 2.0.7 and 3.0.5. However, the default value for this parameter seems getting changed from 10 to 0 (if that was not a typo). And we use default values for all oplock related parameters. Can I change this paramter to 10? The man page kind of made me be afraid of change this value. Will this help? And any suggestion about our problem? Thank you very much for your help! Xiaoqin Qiu IT Infrastructure Services Organization Agilent Technologies, Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Hi All-ADS_Groupmap probs
Back again to working out ADS groupmapping. Environment WK2 server, FreeBSD 5.2.1 with Samba 3.0.6. Net ads join works. Lildude is in ADS computer CN. Now, when doing: net groupmap add unixgroup=admin ntgroup=Administrators I get the following. lildude# net groupmap add unixgroup=admin ntgroup=Administrators [2004/08/26 09:28:19, 0] param/loadparm.c:map_parameter(2449) Unknown parameter encountered: default_keytab_name [2004/08/26 09:28:19, 0] param/loadparm.c:lp_do_parameter(3139) Ignoring unknown parameter default_keytab_name No rid or sid specified, choosing algorithmic mapping [2004/08/26 09:28:19, 0] lib/smbldap.c:smbldap_connect_system(796) failed to bind to server with dn= Error: Can't contact LDAP server (unknown) [2004/08/26 09:28:35, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:28:51, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:29:07, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:29:23, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) ^C lildude# I'm either missing/misconfigured a conf file or missing something else. Any pointers would be appreciated. Thanks in advance TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.0.6 and pam_winbind problems (sernet)?
| [Thu Aug 26 10:24:51 2004] [error] (2)No such file | or directory: access to /cgi-bin/print/modify/modify.py | failed for 10.176.156.41, reason: | User not known to the underlying authentication module Did the libnss_winbind.so.2 get updated via the RPM upgrade ? That would be the first place I would look. You can run winbindd at level 10 and see if ther request sizes match up with what the daemon expects. Yes, /lib/libnss_winbind.so.2 is the one that was packaged with the new rpm. The libnss_winbind.so symlink is still there, too. There's none of the Invalid request size messages that happen when different versions of the libnss_winbind.so are used. Per some other suggestions, I backed up the tdb's and saved file ownership information, then removed tdb files and started fresh to see if it made any difference... it did not for me. Comparing the two winbindd.log's, I notice the new version never reports a getgrnam. The .htaccess file requires group Domain Print Ops Debug level 5... both: nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) request location of privileged pipe nsswitch/winbindd_pam.c:winbindd_pam_auth(88) pam auth jarboed nsswitch/winbindd_cm.c:cm_get_ipc_userpass(107) IPC$ connections done anonymously nsswitch/winbindd_cm.c:cm_open_connection(221) anonymous connection attempt to TCS_MAIN_PDC from LINPS1 nsswitch/winbindd_pam.c:winbindd_pam_auth(212) Plain-text authentication for user jarboed returned NT_STATUS_OK (PAM: 0) nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 20, pid 536: EOF old version does this: nsswitch/winbindd_misc.c:winbindd_interface_version(261) request interface version nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) request location of privileged pipe then they both pick up again: nsswitch/winbindd_user.c:winbindd_getpwnam(122) getpwnam jarboed nsswitch/winbindd_rpc.c:name_to_sid(290) rpc: name_to_sid name=jarboed nsswitch/winbindd_rpc.c:name_to_sid(299) name_to_sid [rpc] jarboed for domain TCS_MAIN_DOM nsswitch/winbindd_rpc.c:query_user(382) rpc: query_user rid=S-1-5-21-2020293289-429224891-1907648334-21755 nsswitch/winbindd_rpc.c:query_user(393) query_user: Cache lookup succeeded for S-1-5-21-2020293289-429224891-1907648334-21755 the old version continues, while the new version has stopped... nsswitch/winbindd_user.c:winbindd_getpwnam(122) getpwnam jarboed nsswitch/winbindd_rpc.c:name_to_sid(290) rpc: name_to_sid name=jarboed nsswitch/winbindd_rpc.c:name_to_sid(299) name_to_sid [rpc] jarboed for domain TCS_MAIN_DOM nsswitch/winbindd_group.c:winbindd_getgrnam(232) getgrnam Domain Print Ops nsswitch/winbindd_rpc.c:name_to_sid(290) rpc: name_to_sid name=Domain Print Ops nsswitch/winbindd_rpc.c:name_to_sid(299) name_to_sid [rpc] Domain Print Ops for domain TCS_MAIN_DOM nsswitch/winbindd_misc.c:winbindd_interface_version(261) request interface version nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) request location of privileged pipe nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 20, pid 572: EOF Any ideas? Thanks, ~ Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd complains about LDAP: Object class violation
I'm trying to get Samba on a Mac OS X box running as a PDC with an LDAP backend. I've read through all of the major walkthroughs I can find, and we've actually already got it running very nicely as a file server; people are currently authenticating against a different PDC and then mapping drives from the Samba box in question. However, I'd like it to be the PDC eventually, but I'm running up against a problem. It is my understanding that the machine trust accounts need to be added with smbpasswd (or an LDAP workaround such as the smbldap-useradd.pl that comes with samba), but smbpasswd fails with the following error: # ./smbpasswd -a -m guinea-pig$ ldap_connect_system: Binding to ldap server as cn=directory manager LDAP search ((uid=guinea-pig_)(objectclass=sambaAccount)) returned 0 entries. ldap_connect_system: Binding to ldap server as cn=directory manager failed to modify user with uid = guinea-pig$ with: Object class violation Failed to add entry for user guinea-pig$. Failed to modify password entry for user guinea-pig$ The best thing I could find on the web was this: http://lists.samba.org/archive/samba/2003-February/062371.html, which only suggests upping my debug level. Doing so provides no better info, though: ./smbpasswd -D 10 -a -m guinea-pig$ [snip] Initializing connection to newman.nebrwesleyan.edu on port 389 ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as cn=directory manager ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[((uid=guinea-pig$)(objectclass=sambaAccount))] ldap_search_one_user: searching for:[uid=guinea-pig$] User exists without samba properties: adding them Setting entry for user: guinea-pig$ failed to modify user with uid = guinea-pig$ with: Object class violation Failed to add entry for user guinea-pig$. Failed to modify password entry for user guinea-pig$ If that thread I linked to is correct, then smbpasswd is trying to add the machine user guinea-pig$ with the structural objectClass sambaAccount -- which is bogus. If that's the case, is there a fix that doesn't involve hacking smbpasswd? Or, if that's not the case, what is and how do I fix it? Thanks for your help! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbldap_open_connection(623)
When I do a ldapsearch -ZZ -x -H ldap://red.ab.com/ -b '' -s base '(objectclass=*)'+ I get the error: Ldap_start_tls: Connect error (-11) Additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure I am pretty new to Linux and samba. What am I missing here? Regards, Pari -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 6:38 AM To: Thiagasundaram, PariX P Cc: [EMAIL PROTECTED] Subject: Re: [Samba] smbldap_open_connection(623) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thiagasundaram, PariX P wrote: | I am running Redhat Linux 9, openldap 2.2.15, Bdb - 4.2.52, openssl - | 0.9.7d, smbldap-tools-0.8.5 and samba - 3.0.6. | | | | When I try to migrate my users from NT 4 domain to Samba, using the net | vampire command, I get the following error: | | | | [2004/08/25 14:58:59, 0]Lib/smbldap.c:smbldap_open_connection(623) | |Failed to issue the StartTLS instruction: Connect error Verify slapd's ssl setup first. $ ldapsearch -ZZ -x -H uri from passdb backend value \ -b '' -s base '(objectclass=*)' + cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLefFIR7qMdg1EfYRAkV5AJ9yFTgCb+NpebKgsUIUvwMmV5cwuQCfVxf3 lXxth52G3bgowZyXXUc0tTQ= =2tNC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap_open_connection(623)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thiagasundaram, PariX P wrote: | When I do a | | ldapsearch -ZZ -x -H ldap://red.ab.com/ -b '' -s base '(objectclass=*)'+ | | | I get the error: | | Ldap_start_tls: Connect error (-11) | Additional info: error:14077410:SSL | routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure | | I am pretty new to Linux and samba. | | What am I missing here? More of an OpenLDAP or OpenSSL issue actually. But the #1 reason why StartTLS fails in my experience is using a different hostname connection request that the one used when generating the certificate. For example, generating the certificate for foo.plainjoe.org and connecting to localhost. There's a good link in the OpenLDAP FAQ about this (don't have it handy though). cheer,s jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLiRrIR7qMdg1EfYRAvqYAKCdTGv/DLpTR0YYiRwM6OV2gV2/tACfb6Sp +1bMWWjG0zkZmG+RrQM43lk= =Ar+3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba printing
Well upgrading to 3.06 did not fix any of my issues with printing from the client. Once again I can print from the server cups see's the job and logs it the client can't print at all. No errors no messages. Any more ideas. This errored out ldd smbd | grep cups This did nothing su user who cannot print cd spooldir of the printer touch test Douglas Sterner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.06 home directory service number
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: | Uwe Laverenz wrote: | | Hi, | | | | I successfully upgraded our servers to 3.06 last night and almost | | everything works great so far. One point that made me happy about | | 3.06 was this one: | | | |From the Release Notes: | | | | * Ensure home directory service number is correctly reused | | (inspired by patches from Michael Collin Nielsen ). | | | | There still seems to be one small bug left: when a user logs | | out and in again within a short period of time ( 2mins), | | he will get a home directory with 3.06, but it is connected | | to the wrong share. In our case, the home drive H: gets | | connected to the netlogon share. :-) | | hmmm...Can you send a level 10 debug log and a network | trace of this happening ? And here's the patch. was an unitialized snum in the vuid struct (defaulting to 0). (for anyone who cares). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLij3IR7qMdg1EfYRApE/AJ4gfkn9Lskn7EvvIPYB1LkZQCOSHQCg7bnM I1l0hExCe/LuPAQftbdTTBg= =giYS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba printing
Doug, don't know if this will help, but mine is working from XP clients printing to a laserjet attached to my server. Here are the permissions for the various spool directories: skyline:/var # ls -al ... drwxr-xr-x 17 root root 448 May 17 22:30 spool ... skyline:/var # ls -al spool ... drwx--x---3 lp lp 2328 Aug 22 15:02 cups drwxr-xr-x2 lp lp 48 Sep 23 2003 lpd drwxrwxrwx2 nobody nobody 48 Aug 22 15:02 samba my cupsd.conf is: skyline:/etc/cups # cat cupsd.conf | grep -v '#' LogLevel info Printcap /etc/cups/printcap User lp Group lp RunAsUser Yes Port 631 BrowseAllow @LOCAL BrowseDeny All Location / Order Deny,Allow Deny From All Allow From 127.0.0.1 Allow From 127.0.0.2 Allow From @LOCAL /Location Location /admin AuthType BasicDigest AuthClass Group AuthGroupName sys Order Deny,Allow Deny From All Allow From 127.0.0.1 /Location My printers.conf is: DefaultPrinter HP_LJ4 Info HP Laserjet 4 Location DeviceURI parallel:/dev/lp0 State Idle Accepting Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 /Printer -- David C. Rankin, J.D., P.E. RANKIN * BERTIN, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankin-bertin.com -- - Original Message - From: Douglas Sterner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 26, 2004 1:12 PM Subject: [Samba] Re: samba printing Well upgrading to 3.06 did not fix any of my issues with printing from the client. Once again I can print from the server cups see's the job and logs it the client can't print at all. No errors no messages. Any more ideas. This errored out ldd smbd | grep cups This did nothing su user who cannot print cd spooldir of the printer touch test Douglas Sterner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Printing
Doug, On Wed, Aug 25, 2004 at 11:39:04AM -0400, Douglas Sterner wrote: Using Samba 3.05 and cups I'm having some trouble getting documents to print thru CUPS in raw mode. Documents print fine from the server but not from an XP client. When I used the following print command statement for troubleshooting the job is getting to the Samba server spool directory for that printer. The CUPS admin page never sees the job and no errors are given. Everything looks like it has printed just nothing comes out of the printer. When I print a test page from the server it prints and the job shows up in cups. I've been having a similar problem. I had been able to print with Samba 3.0.2a but something changed in 3.0.3 and after and I've been unable to print from a Windows client with any version since. There's an open bug, 1464, in Bugzilla, posted by someone else, describing a similar problem. I've gotten traces and logs up for some of the other team members to look at. This is happening at both sites where I have Samba set up as a print server and I had to downgrade one site and install a print server at the other. Note that downgrading may not be advisable due to security concerns as well as a spooler segfault problem in 3.0.2a. May also be related to bug 1644 but only one of my two sites is running CUPS. I'm hoping to hear more before too long. Is there any chance you can run a test with 3.0.2a just to see if it works? There must be a lot of people who have later versions printing just fine. I just don't know what the parameter or conditions are that are delineating those who are working and those who are not. print command = cp %s /var/spool/samba/dell5300n/testprint.prn I can print anything from the server, either through the CUP's management page (one site is CUPS, one is LPRng) or by enscript or lpr. All the Linux printing works fine. But I can't print a test page from any Windows client. No errors, but no print job ever hits the print queue. : The team already has the URL for my traces and data. Available on request for anyone else. Douglas Sterner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it! pgpoe07Y8Z8BY.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Printing
Mike, Have you uncommented the last line? The one with: application/octet-stream in both: /etc/cups/mime.convs /etc/cups/mime.types The symptoms you report sound like these entries are commented out. - John T. On Thursday 26 August 2004 13:11, Michael H. Warfield wrote: Doug, On Wed, Aug 25, 2004 at 11:39:04AM -0400, Douglas Sterner wrote: Using Samba 3.05 and cups I'm having some trouble getting documents to print thru CUPS in raw mode. Documents print fine from the server but not from an XP client. When I used the following print command statement for troubleshooting the job is getting to the Samba server spool directory for that printer. The CUPS admin page never sees the job and no errors are given. Everything looks like it has printed just nothing comes out of the printer. When I print a test page from the server it prints and the job shows up in cups. I've been having a similar problem. I had been able to print with Samba 3.0.2a but something changed in 3.0.3 and after and I've been unable to print from a Windows client with any version since. There's an open bug, 1464, in Bugzilla, posted by someone else, describing a similar problem. I've gotten traces and logs up for some of the other team members to look at. This is happening at both sites where I have Samba set up as a print server and I had to downgrade one site and install a print server at the other. Note that downgrading may not be advisable due to security concerns as well as a spooler segfault problem in 3.0.2a. May also be related to bug 1644 but only one of my two sites is running CUPS. I'm hoping to hear more before too long. Is there any chance you can run a test with 3.0.2a just to see if it works? There must be a lot of people who have later versions printing just fine. I just don't know what the parameter or conditions are that are delineating those who are working and those who are not. print command = cp %s /var/spool/samba/dell5300n/testprint.prn I can print anything from the server, either through the CUP's management page (one site is CUPS, one is LPRng) or by enscript or lpr. All the Linux printing works fine. But I can't print a test page from any Windows client. No errors, but no print job ever hits the print queue. The team already has the URL for my traces and data. Available on request for anyone else. Douglas Sterner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Mike -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] oplocks w2k excel
Hi, I have the problem: Clients with W2K and Office 2k try to open a xls-file on a samba share. It worked fine until a few weeks ago. The few weeks because there were holidays, our clerks wern't working, but I did some maintenance on IT equipment (Yes: my fault! so I am in great distress. I did my best to convince the workers, they did something wrong, but they don't believe me, can You imagine?). Now there are the following results possible (ordered by occurence): 1. Can open, but it takes a long time, can change, but cannot save, not even with a new name in the same folder or anywhere on the share, 2. Cannot open at all, Excel freezes (Maybe the same than 1, but it takes more time I can spare waiting for 3. Opens at once, You can change and save to the same file Number 3 was happening when I opened the file saved it to local HD-folder copied it with Explorer to a new directory on the samba share Then it worked once. Additional attempts produced 1 or 2. The copy on the local filesystem works fine. When I watched the account with smbstatus | grep pid I had the impression that when Excel tried to open there file there was first: one entry saying that the user had opened the desired file in DENY_NONE RW mode, second: there was a few seconds later the same entry as in first still present, but additionally a second one, saying the client had opened the same file in RO mode, and third: when excel was finally ready, showing the file and You were able to edit, the process for the client had a new ID, the old one was gone and there were no files open at all. It is the first time I tried to watch via smbstatus whats going on, so I do ot know, wether this behavior is normal or show something significant. Afterwards I have the following entries in samba.log.%m: [2004/08/26 17:18:33, 0] smbd/oplock.c:oplock_break(807) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file sichLohnEHW/Controlling/km_kst.xls (dev = 3a00, inode = 1695812, file_id = 20). [2004/08/26 17:18:33, 0] smbd/oplock.c:oplock_break(879) oplock_break: client failure in oplock break in file sichLohnEHW/ Controlling/km_kst.xls [2004/08/26 17:19:35, 1] smbd/service.c:close_cnum(887) gh571 (172.23.2.224) closed connection to service EHWLohn [2004/08/26 17:19:35, 1] smbd/service.c:close_cnum(887) gh571 (172.23.2.224) closed connection to service cdrom2 [2004/08/26 17:19:35, 1] smbd/service.c:close_cnum(887) gh571 (172.23.2.224) closed connection to service stahle [2004/08/26 17:19:35, 1] smbd/service.c:close_cnum(887) gh571 (172.23.2.224) closed connection to service hne2_unix1 [2004/08/26 17:19:35, 1] smbd/service.c:close_cnum(887) gh571 (172.23.2.224) closed connection to service Marktplatz [2004/08/26 17:19:35, 1] smbd/service.c:close_cnum(887) gh571 (172.23.2.224) closed connection to service Marktplatz [2004/08/26 17:19:35, 1] smbd/service.c:close_cnum(887) gh571 (172.23.2.224) closed connection to service EHWLohn [2004/08/26 17:19:36, 1] smbd/service.c:make_connection_snum(705) gh571 (172.23.2.224) connect to service EHWLohn initially as user klaus (uid=510, gid=109) (pid 14179) [2004/08/26 17:19:36, 1] smbd/service.c:make_connection_snum(705) The files are located directly on the samba-server, a lvm-volume I increased from 100GB to 250GB, there are odbc-connections in this xls-files to txt-based datas on a nfs-volume from an DEC/OSF1 ( yes, a little bit in the ages). But I tried to copy the data-files to the samba server, but there was no change. I use SuSE 8.1 professional, samba 3.01, this is unchanged since several month, to clients I did the latest MS - update for win2k. I also connected the clients to the domain, my samba is master controller. My smb.conf (partially): ; [global] workgroup = xyz guest account = nobody server string = xyz4 ; keep alive = 20 os level = 64 kernel oplocks = no security = user hide dot files = yes domain master = yes prefered master = yes local master = yes dos charset = 850 add user script = /usr/sbin/addsmbuser.sh %u add group script = /usr/sbin/smbgradd.sh %g add printer command = /usr/bin/addprinter.sh log level = 1 log file = /usr/local/samba/var/samba.log.%m max log size = 50 encrypt passwords = yes printing = LPRNG printcap name = /etc/printcap load printers = yes printer admin = @ntadmin socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY map to guest = Bad User interfaces = 192.168.1.4/255.255.255.0 wins support = yes name resolve order = hosts wins bcast dns proxy = yes logon script =%U.bat domain logons = yes [netlogon] path = /var/lib/samba/netlogon browseable = no read only = yes public = no [homes] comment = Heimatverzeichnis browseable = no read only = no create mode = 0750 veto files = /.*/ The share with the problems on [EHWLohn] comment = Lohn-Buchhaltung path
[Samba] Re: samba printing
Hi, I had similar probs with samba and cups in samba version 2.x and 3.0.1. There is something about the directories you have to create, make entries for application/raw in the cups.conf, but it was never stable. After I found out, that cups is fine, when you want to print from the linux-box, but I am not working on my samba-servers, I changed back to LPRNG and since then my troubles where gone. CUPS is a fine thing, but I see no benefits, if just use the linux-spool-system as a printserver for win clients. Maybe someone tells about the advandages of cupy and shows me a howto getting cups and samba working properly and stable. I will consider my desicion once again, but until now I am maybe not using all the fine things of cups, but avoiding problems. Am Dienstag, 17. August 2004 20:39 schrieb Douglas Sterner: I'm making progress but samba doesn't seem to hand off printing to cups. I used ldadmin to create my tcp/ip printing shares and I from xwindows i can print a test page but not from an xp client. Douglas Sterner -- mit freundlichen Grüßen Martin Schmidt Tel: 09843/988095 Fax: 09843/988096 email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions head-ache on Samba V3.0.4
Hi Paul, You probably want to ensure you have EXT3 ACL support on your server, if it isn't already.. not sure if Redhate Enterprise supports this out of the box. I've found that editing permissions from a Windows NT 4.0 box leads to acls being set incorrectly on Samba - use win2k or higher. You probably also want to chown the directories to root, as once the users specified in the 'admin users' directive in smb.conf authenticate to the server they will be mapped in as root (you can see this when you ps aux |grep smbd). I've found the best way to start permissions wise is with owner root:root and permissions 0777 on the directory, and from the ACL editor in Windows restrict permissions that way. Hope this helps Tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PaulD Sent: Thursday, 26 August 2004 11:06 p.m. To: [EMAIL PROTECTED] Subject: [Samba] file permissions head-ache on Samba V3.0.4 Hi, I hope that this is a quick answer, as it's probably been answered many times before and I'm just missing a very minor setting in my config. I have just setup a samba server(ver 3.0.4) on a Redhat Enterprise Linux Box ES3. The box has been setup as a member of a Windows NT4 domain, it's to be used as a fileserver for users on the NT domain. I have configured samba to use domain security, and have winbind working correctly (I think!!) - I can get the domain users and groups to show from a 'wbinfo -u or wbinfo -g. I have been trying (unsucessfully) to configure the /home directory so that the domain admins here can manage the subfolders and the permissions, from the server administrator or management console on their NT / 2000 workstations. I have used the following commands on the /home volume so that the domain admins/users can have access to the volume: chown DOMAIN+Administrator /home chgrp DOMAIN+Domain Users /home (both commands threw back no errors) I'm guessing that the problem may down to the smb.conf file but I'm not sure what I'm missing.. would be grateful if someone could assist. TIA Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Net groupmap fails
Samba 3.0.6 installed. Net join ads worked perfectly. Net groupmap add fails as follows: lildude# net groupmap add unixgroup=admin ntgroup=Administrators [2004/08/26 09:28:19, 0] param/loadparm.c:map_parameter(2449) Unknown parameter encountered: default_keytab_name [2004/08/26 09:28:19, 0] param/loadparm.c:lp_do_parameter(3139) Ignoring unknown parameter default_keytab_name No rid or sid specified, choosing algorithmic mapping [2004/08/26 09:28:19, 0] lib/smbldap.c:smbldap_connect_system(796) failed to bind to server with dn= Error: Can't contact LDAP server (unknown) [2004/08/26 09:28:35, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:28:51, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:29:07, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:29:23, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) ^C lildude# Any pointers would be most appreciated. Thanks TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Net groupmap fails
It looks like you are using LDAP as the back end... just a guess (since I don't use LDAP at this time), did you get the corrected LDAP schema for 3.0.6? -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 and Windows 2003
Has anyone experienced disconnect errors when using Samba 3 with Windows 2003 Domain authentication servers? Thanks E.R. Fortin UNIX Systems Administrator Alberta Department of Energy 1-780-415-2069 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Net groupmap fails
Michael Lueck wrote: It looks like you are using LDAP as the back end... Ah my bad. W2K server. The grand WAN OpenLDAP Samba experiment gets started this weekend. Oh the joy. Just trying to iron out a few of these nagging issues before the deluge. BTW do have proper schema for the yet inert LDAP servers. just a guess (since I don't use LDAP at this time), did you get the corrected LDAP schema for 3.0.6? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Printing
On Thu, Aug 26, 2004 at 01:49:26PM -0600, John H Terpstra wrote: Mike, Have you uncommented the last line? The one with: application/octet-stream in both: /etc/cups/mime.convs /etc/cups/mime.types Sigh... Well, that was a really nice thought that nobody had mentioned before and, yes, they were commented out but... Nice try but no cigar. As it turns out (and I just realized this) I lied. Neither of the two systems in question were RUNNING cups. The system I just checked, has cups installed, but it's LPRng that's running. I found out when I went to restart cups and found it wasn't started and the alternatives are set to lprng. The other site, doesn't even have cups installed. IAC... Fixing the files had no effect on the symptoms. But my problems are with LPRng, and not CUPS. Another point on the curve. The symptoms you report sound like these entries are commented out. - John T. On Thursday 26 August 2004 13:11, Michael H. Warfield wrote: Doug, On Wed, Aug 25, 2004 at 11:39:04AM -0400, Douglas Sterner wrote: Using Samba 3.05 and cups I'm having some trouble getting documents to print thru CUPS in raw mode. Documents print fine from the server but not from an XP client. When I used the following print command statement for troubleshooting the job is getting to the Samba server spool directory for that printer. The CUPS admin page never sees the job and no errors are given. Everything looks like it has printed just nothing comes out of the printer. When I print a test page from the server it prints and the job shows up in cups. I've been having a similar problem. I had been able to print with Samba 3.0.2a but something changed in 3.0.3 and after and I've been unable to print from a Windows client with any version since. There's an open bug, 1464, in Bugzilla, posted by someone else, describing a similar problem. I've gotten traces and logs up for some of the other team members to look at. This is happening at both sites where I have Samba set up as a print server and I had to downgrade one site and install a print server at the other. Note that downgrading may not be advisable due to security concerns as well as a spooler segfault problem in 3.0.2a. May also be related to bug 1644 but only one of my two sites is running CUPS. I'm hoping to hear more before too long. Is there any chance you can run a test with 3.0.2a just to see if it works? There must be a lot of people who have later versions printing just fine. I just don't know what the parameter or conditions are that are delineating those who are working and those who are not. print command = cp %s /var/spool/samba/dell5300n/testprint.prn I can print anything from the server, either through the CUP's management page (one site is CUPS, one is LPRng) or by enscript or lpr. All the Linux printing works fine. But I can't print a test page from any Windows client. No errors, but no print job ever hits the print queue. The team already has the URL for my traces and data. Available on request for anyone else. Douglas Sterner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Mike -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it! pgpvtKM9ysOO7.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP Samba
I have a Samba server that I want to allow anonymous access to for the purpose of printing. It's stand alone and not joined to my Windows domain. When I try to connect to it through a Windows 2000 PC, it pops up a username password box, but when I click OK I'm in. Not a problem. However, when I try to browse the printer list from a Windows XP box, I get the username password box, but the username is grayed out. The grayed out username has CUPS\MyGuest (name of cups server\renamed windows guest account). Needless to say, when I click OK, the prompt comes back and I can't get in. The strange thing, If I put in the path to one of the shared printers, I can connect. Here is my smb.conf: [global] netbios name = CUPS workgroup = MYWORKGROUP security = share encrypt passwords = yes guest only = yes load printers = yes guest account = nobody hosts deny = all hostname lookups = yes hosts allow = 127. .domain.domain .otherdomain.domain local master = no printcap name = cups printing = cups load printers = yes restrict anonymous = no map to guest = bad user [printers] path = /tmp printable = yes guest ok = yes public = yes writable = no -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Printing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John H Terpstra wrote: | Mike, | | Have you uncommented the last line? The one with: | | application/octet-stream | | in both: | /etc/cups/mime.convs | /etc/cups/mime.types btw...i never commented these out and printing works fine for me. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLmmYIR7qMdg1EfYRAmx7AKDwCkHGah0c6twwFY6/jYZRwRCrOwCfT0Qj ZQHpz3hMrDapEZyPFEOWTEM= =iLNl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: copying over an existing file when not owner
| If I try to copy a file to a samba share which | already contains an earlier version of the same | file, the file will still belong to me and the | date will be the date of the source file. | | But if I copy a file over an existing homonymous | file which belongs to someone else, then the file | will still belong to that other user but the date | will be the date at the moment of copying. | | Try setting 'dos filetimes = yes'. See the smb.conf(5) | man page for details. Read the darned manual. Thank you, Gerald. I must have mixed dos filetimes with the notion of dos time resolution. It solves my problem and it says so. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disaster recovery on PDC
On Thu, 2004-08-26 at 22:22, Fabiano Felix wrote: Hi all, I search about disaster recovery, but I can't understand how to proceed... I perform backups on my PDC (data and configuration). My question is about secrets.tdb: according some docs, I can't install a new server and just put the secrets.tdb on samba configuration directory, because the SID it's specific. If I don't repair this file, the domain SID will be change and the machines can't locate the domain (and I have to put it again on domain). How to proceed to repair a PDC without problems? (in moment, I'm using Samba 2.x, but I'll migrate to 3.x). If you keep the same machine name, then it will not be an issue. If you change the machine's name, then you should note the machine's sid, and follow some of the advise on this list for manually setting a machine/domain SID. Samba 3.0 has command in 'net' to handle this, it's messier in Samba 2.2. If your configuration is in LDAP, we make attempts to use the Domain SID maintained in LDAP, to avoid some of these issues. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: 3.0.6 winbindd upgrade problems (was: Re: [Samba] 3.0.6 and pam_winbind problems (sernet)?)
On Fri, 2004-08-27 at 01:19, Volker Tanger wrote: Hi Juan! On Thu, 26 Aug 2004 17:05:11 +0200 Juan Rey Saura [EMAIL PROTECTED] wrote: I experienced the same problem after upgrading on Debian, so I stopped daemons, again, deleted *.tdb files under /var/cache/samba/ (also printers/) and started the daemons and everything got fixed. Yepp - that was the solution to my (similar) problems, too. Too simple so I did not think of that one either. Maybe the Debian package maintainer (is he listening?) could put a one-liner into the restart-scripts, doing the remove automatically? If you remove the wrong files, then bad things will happen. A list of tdbs and 'lifetimes' has been posted here before, but I would strongly suggest getting to the bottom of the real issue before deciding to 'just blow away all the tdbs'. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] clarification on recent printing threads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If you are having any printing issues and upgrading from 3.0.2a to v3.0.3 or later, please read this: Prior to Samba 3.0.3, Linux system were incorrectly tagged as using BSD printing by default even if cups support was detected. Ironically, this was correct for many systems that had the cups-devel package installed but still ran lpd. Samba 3.0.3 and later will set printing = cups as the default if we have detected that cups support is indeed available. This test does not include whether or not you are using the cups server. You can check if this is the case on your system by running $ testparm -v -s /dev/null | egrep '(print|lp)' To disable the check at compile time, add --enable-cups=no to your configure options. To override this at run time, make sure you explicitly set the printing parameter in smb.conf. And please be aware that the printing option should work correctly on a per service basis as the documentation states as of 3.0.4. Hope this helps someone. - -- cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBLnogIR7qMdg1EfYRArSHAKChT8CxJ07FOqX9VIX3+mXgxQgRjwCgzsIQ 8G6NaVbeA83KRe7c6uYIXpA= =ZMvA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as NT Domain Member via Winbind - After Upgrade users prompted for password for any shares
(Trying to pick up this thread though I can't reply to the original message) I'm having similar problems with Samba 3.0.6... Jason, try this for scientific purposes: 1. Stop Samba 2. Delete /%samba/var/locks/netsamlogon_cache.tdb 3. Start Samba 4. run 'getent passwd username' (where username includes the domain name and domain separator if necessary) If the account shows up, my guess is that your shares will work for that user for the moment. If you try to access a share before that (even anonymous \\server), you'll be locked out and won't be able to access anything until you delete netsamlogon_cache.tdb and start over. Jerry, why does this happen? ;) Here's my best definition of the situation and the problem: Existing Infrastructure - Windows NT 4.0 Domain - PDC, BDC - Two-way Domain Trust with external domain - SP6a Desired Samba server - Samba 3.0.6 - Red Hat Linux 7.2 - Domain member server - Winbind Successes - configure, make, make install run normally - net rpc join -U Admin joins server to domain - starting samba allows getent passwd, group - wbinfo -t, -p work fine Problems - Users can only connect to shares after doing a 'getent passwd username' *before* attempting a connection to \\servername - Trying to Run... \\servername before doing that locks out the user until the service is stopped, netsamlogon_cache.tdb is deleted, and the service is restarted. Diagnostics - setting winbind use default domain = yes or no has no effect. - setting passdb backend = tdbsam or smbpasswd or commenting out the line has no effect. - this line occurs repeatedly in the visiting workstation's log: [2004/08/26 15:04:48, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! smb.conf Global Settings #=== Global Settings = [global] workgroup = MY_DOMAIN netbios name = SERVERNAME server string = Server security = DOMAIN hosts allow = [my.ip.subnet]. 127. log level = 2 log file = /usr/local/samba/var/%m.log max log size = 500 password server = * idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = + winbind use default domain = Yes use sendfile = Yes local master = no os level = 33 wins server = [my.wins.server.address] winbind enable local accounts = no # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. passdb backend = tdbsam ; passdb backend = smbpasswd # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 Jerry, Thanks for your response. I tried tuning 'winbind use default domain = no' but still have the problem. When trying to browse the server for shares, users are prompted for an IPC$ password. If they try to access a specific share, they get a message saying the share cannot be found. Any other ideas? I've included below my smb.conf file, modified w/ suggested change as well as my logs for smbd, nmbd, and winbindd after all services are restarted and a connection attempt was made. Thanks, Jason McGlamary PC/LAN Specialist Washington Hospital Center -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Exclusive oplock left by process
Hi Eric, Thank you for your response. I made changes in smb.conf file to disable oplocks. And use default for blocking locks. Now the exlusive oplock left by process error is gone. However, I am still experiencing the same problem that when people try to copy files from directories which were mounted through WAN or running some applications using files under these directories, the windows explorer/application kind of hang and became very slow. And I saw some processes left running on samba server even after user already disconnected the samba shares from windows explorer. The command smbstatus shows the process left running still locks some files, such as: 23933 DENY_NONE 0x20089 RDONLY NONE /disk1/samba/sr/cadence/cadence.log Thu Aug 26 17:33:37 2004 My procedure to produce this problem is that: I removed locking.tdb file after I stopped samba server. Then I start samba server and connect from Windows machine to the share, then tried to click on the file which located in directory mounted through WAN, then run into super slow. Then I disconnected share once I got control of windows explore. But there was/were process(processes) left running on samba server owned by me and they still held locks. In the meantime, the average round-trip ping time for 64 byte packets from the samba server to the NFS server through WAN is 15ms. Is it some kind of bug or is there still some configurations that I can change to make it work? Thank you very much for your help! Xiaoqin Qiu IT Infrastructure Services Organization Agilent Technologies, Inc. [EMAIL PROTECTED] -Original Message- From: eric roseme [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 9:04 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Exclusive oplock left by process I don't think that blocking locks is your problem. Jeremy just answered the question about releasing locks by clearing the lock files (tdbs), although again, I don't think it will affect your operation. His reply is at: http://marc.theaimsgroup.com/?l=sambam=109270256108878w=2 Eric Roseme Hewlett-Packard [EMAIL PROTECTED] wrote: Hi Eric, Thank you for your response. I will read the white paper that you wrote. I forgot to mention that in my smb.conf file for SAMBA 3.0.5, I have blocking locks = no. Should I set this? Or should I use the default blocking locks = yes? I also curious about if it is safe to remove all files(including locking.tdb, brlok.tdb, etc.) under /var/.../locks directory after I stop samba server? I can see your point to disable oplocks, however, I am still wondering how this upgrade from 2.0.7 (nmbd -V showed 2.0.7, smbd -V showed 2.0.9, NOT 2.2.7) to 3.0.5 introduced oplock problem since we use the default settings for both versions of samba. Thank you very much for your help! Xiaoqin Qiu IT Infrastructure Services Organization Agilent Technologies, Inc. [EMAIL PROTECTED] -Original Message- From: eric roseme [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 3:46 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Exclusive oplock left by process Hi Xiaoqin, It appears to me that oplock break wait time = 0 is the default on both 2.2 (2.2.10 for me) and 3.0 (3.0.2a for me). Unless you have a good reason for using oplocks, I suggest turning them off altogether (oplocks = no, level2 oplocks = no - so testparm does not complain that level2 is on when oplocks are off). Also, if you have NFS users accessing the same files that are being oplocked, you could have some data integrity problems. You can look at a whitepaper I did about oplocks at: http://www.docs.hp.com/hpux/onlinedocs/4501/CIFS_Oplock_Guideline.pdf Eric Roseme Hewlett-Packard [EMAIL PROTECTED] wrote: Hi all, We have a HP-UX 11i server running as a samba server. Users use Windows 2000 boxes with Service Pack 4 to connect to the samba server. Several days ago, we upgraded samba server from 2.0.7 to 3.0.5, and we started to experience the following problem: The general connection and access to the samba server is ok. However, under the samba share there have been some directories mounted from some other HP-UX 11i servers through WAN. When people try to copy files from these directories or running some applications using files under these directories, the windows explorer/application kind of hang and became very slow. But this type of tasks were successful using samba version 2.0.7. The problem only happened after the upgrade. I looked at the samba log file and found the following errors: [2004/08/24 18:07:51, 0] smbd/oplock.c:request_oplock_break(1023) request_oplock_break: no response received to oplock break request to pid 27458 on port 54926 for dev = 430016a8, inode = 3310429, file_id = 24 [2004/08/24 18:07:51, 0] smbd/open.c:open_mode_check(680) open_mode_check: exlusive oplock left by process
[Samba] Re: Re: Samba as NT Domain Member via Winbind - After Upgrade users prompted for password for any shares
Thomas, I followed your instructions, and your theory proved correct. The user I performed 'getent passwd username was able to access the shares. It's something at least, and believe me I was getting ready to swear off technology forever. Now, how can I manage this task for 2 users? Is this a problem only happeningn w/ 3.0.6? It didn't happen to me until I upgraded yesterday. Does anyone know how I can roll back to a previous version on Debian? I've really just started using the Distro recently. Thanks, Jason --- I'm having similar problems with Samba 3.0.6... Jason, try this for scientific purposes: 1. Stop Samba 2. Delete /%samba/var/locks/netsamlogon_cache.tdb 3. Start Samba 4. run 'getent passwd username' (where username includes the domain name and domain separator if necessary) If the account shows up, my guess is that your shares will work for that user for the moment. If you try to access a share before that (even anonymous \\server), you'll be locked out and won't be able to access anything until you delete netsamlogon_cache.tdb and start over. Jerry, why does this happen? ;) Here's my best definition of the situation and the problem: Existing Infrastructure - Windows NT 4.0 Domain - PDC, BDC - Two-way Domain Trust with external domain - SP6a Desired Samba server - Samba 3.0.6 - Red Hat Linux 7.2 - Domain member server - Winbind Successes - configure, make, make install run normally - net rpc join -U Admin joins server to domain - starting samba allows getent passwd, group - wbinfo -t, -p work fine Problems - Users can only connect to shares after doing a 'getent passwd username' *before* attempting a connection to \\servername - Trying to Run... \\servername before doing that locks out the user until the service is stopped, netsamlogon_cache.tdb is deleted, and the service is restarted. Diagnostics - setting winbind use default domain = yes or no has no effect. - setting passdb backend = tdbsam or smbpasswd or commenting out the line has no effect. - this line occurs repeatedly in the visiting workstation's log: [2004/08/26 15:04:48, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: issue with running samba on two separate systems under 1 hostname
ok.. at this point, I think I have 0 issues EXCEPT constant corruption of my printing TDBs.. is there anyway to cut down on this/prevent this? should I upgrade my samba beyond the RHEL provided one? Tom On Wed, 25 Aug 2004, Tom Ryan wrote: I have a read only share and a couple of printers exported that I would like to be available under a single hostname. to that end, I have a created a hostname that refers to two ip addresses, each being a separate machine. I have configured samba identically on each system and everything appears to work ok for a little while until our printing tdb becomes corrupted and everything hangs up.. (at least the printing).. deleting the tdbs and restarting samba appears to correct the issue until the next hang.. this is samba-3.0.4-6.3E (yep on RHEL 3). is there anything else I should be doing or am I at this point, stuck.. Tom p.s. for what its worth, I can't get both machines to register (of course) under the same netbios name, but I'm not sure thats an issue.. ___ Tom RyanVoice: 856-225-6361 Consulting System Administrator Fax: 856-969-7900 Rutgers School of Law - Camden IT Help Desk: 856-225-2343 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] use ads join command with general user account on AD
Hello, (BI'm a little bit confused. Please can I have you advice. (B (BI installed Samba 3.0.6 on RedHat 9.0 and tried to join in to (BActive Directory. (B (BAt first, I made a computer account on AD and gave a permission (Bof using this computer account to an user account on AD. (BAnd then, I executed "kinit [EMAIL PROTECTED]" command, put a (Bcorrect password and did "use ads join" command. But it failed. (B (BWith NTLM authentication and "use rpc join" command, this kind (Bof approach was succeeded. (B (BI would like to know whether or not "use ads join" command (Bruns successfully with only administrator account on AD, and (Bif so I would like to know why... because in order to join normal (BWindows PC or member server to AD, just an user account which (Bhas a permission of using this computer account on AD is enough. (B (BBest regards, (B (B_ $B3Z$7$$3(J8;z$G%3%3%mEA$o$k%a%C%;%s%8%c!<(B http://messenger.msn.co.jp/ (B (B-- (BTo unsubscribe from this list go to the following URL and read the (Binstructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Slightly OT - WinXP client management under Mac OS X samba
Hi all, first post, and slightly off-topic... I've setup a Mac OS X Server 10.3.5 network running samba for WinXP client logins. I have the logins working properly, hitting the right homedirs and getting folder redirection via a login script in /etc/netlogon/. Now, the main question I have is how to manage the clients once they've logged in. I made a few changes using the group policy editor on a local machine to change the login window settings (caching last logins, welcome message, etc.) but I'm not a windows guy, and I'd like to find a good tutorial on how to limit apps, control panels, etc... Any help is appreciated... Regards, Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] The best way to setup permitions.
Hello list. I need help in setting permitions in samba server for office. I'm new on the list, so excuse me if my question is very trivial. I need to create file server for small office. There is one cheif of company. Company have 4 divisoins. Each divistion have one manager and some workers. So I need home dirrectory for each worker. Manager also have it's home dirrectory and must have possibility to look through his division workers files. The chief should have the possibility to look throught all files. How to create such permissions in samba? Should I look at ACL or simple unix permissions is enough? Of course user computers are windows workstations... Thank you in advance, -- __ Volkov Peter, [EMAIL PROTECTED] General Physics Institute Russian Academy of Sciences. __ Linux 2.4.26-gentoo-r6 i686 Mobile Intel(R) Celeron(R) CPU 1.60GHz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba r2077 - in branches/SAMBA_3_0/source: param smbd
Author: jerry Date: 2004-08-26 20:47:58 + (Thu, 26 Aug 2004) New Revision: 2077 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/sourcerev=2077nolog=1 Log: fix logic bug in the check for creating a user's home directory in register_vuid(); add a few extra debug lines Modified: branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/smbd/password.c Changeset: Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2004-08-25 23:20:47 UTC (rev 2076) +++ branches/SAMBA_3_0/source/param/loadparm.c 2004-08-26 20:47:58 UTC (rev 2077) @@ -2305,6 +2305,10 @@ copy_service(ServicePtrs[i], tservice, NULL); if (name) string_set(ServicePtrs[i]-szService, name); + + DEBUG(8,(add_a_service: Creating snum = %d for %s\n, + i, ServicePtrs[i]-szService)); + return (i); } @@ -2344,7 +2348,7 @@ ServicePtrs[i]-autoloaded = True; DEBUG(3, (adding home's share [%s] for user '%s' at '%s'\n, pszHomename, - user, newHomedir)); + user, ServicePtrs[i]-szPath )); return (True); } Modified: branches/SAMBA_3_0/source/smbd/password.c === --- branches/SAMBA_3_0/source/smbd/password.c 2004-08-25 23:20:47 UTC (rev 2076) +++ branches/SAMBA_3_0/source/smbd/password.c 2004-08-26 20:47:58 UTC (rev 2077) @@ -252,27 +252,30 @@ } /* Register a home dir service for this user iff + (a) This is not a guest connection, (b) we have a home directory defined - If a share exists by this name (autoloaded or not) reuse it so - long as the home directory is the same as the share directory. */ + (c) there s not an existing static share by that name + + If a share exists by this name (autoloaded or not) reuse it . */ - if ( (!vuser-guest) vuser-unix_homedir *(vuser-unix_homedir)) { + vuser-homes_snum = -1; + + if ( (!vuser-guest) vuser-unix_homedir *(vuser-unix_homedir)) + { int servicenumber = lp_servicenumber(vuser-user.unix_name); + if ( servicenumber == -1 ) { DEBUG(3, (Adding homes service for user '%s' using home directory: '%s'\n, vuser-user.unix_name, vuser-unix_homedir)); vuser-homes_snum = add_home_service(vuser-user.unix_name, vuser-user.unix_name, vuser-unix_homedir); - } else if (strcmp(lp_pathname(servicenumber),vuser-unix_homedir) == 0) { - DEBUG(3, (Reusing homes service for user '%s' using home directory: '%s'\n, - vuser-user.unix_name, vuser-unix_homedir)); - + } else { + DEBUG(3, (Using static (or previously created) service for user '%s'; path = '%s'\n, + vuser-user.unix_name, lp_path(servicenumber) )); vuser-homes_snum = servicenumber; } - } else { - vuser-homes_snum = -1; - } + } if (srv_is_signing_negotiated() !vuser-guest !srv_signing_started()) { /* Try and turn on server signing on the first non-guest sessionsetup. */
svn commit: samba r2078 - in trunk/source: param smbd
Author: jerry Date: 2004-08-26 20:58:04 + (Thu, 26 Aug 2004) New Revision: 2078 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/sourcerev=2078nolog=1 Log: fix logic bug in the check for creating a user's home directory in register_vuid(); add a few extra debug lines Modified: trunk/source/param/loadparm.c trunk/source/smbd/password.c Changeset: Modified: trunk/source/param/loadparm.c === --- trunk/source/param/loadparm.c 2004-08-26 20:47:58 UTC (rev 2077) +++ trunk/source/param/loadparm.c 2004-08-26 20:58:04 UTC (rev 2078) @@ -2312,6 +2312,10 @@ copy_service(ServicePtrs[i], tservice, NULL); if (name) string_set(ServicePtrs[i]-szService, name); + + DEBUG(8,(add_a_service: Creating snum = %d for %s\n, + i, ServicePtrs[i]-szService)); + return (i); } @@ -2351,7 +2355,7 @@ ServicePtrs[i]-autoloaded = True; DEBUG(3, (adding home's share [%s] for user '%s' at '%s'\n, pszHomename, - user, newHomedir)); + user, ServicePtrs[i]-szPath )); return (True); } Modified: trunk/source/smbd/password.c === --- trunk/source/smbd/password.c2004-08-26 20:47:58 UTC (rev 2077) +++ trunk/source/smbd/password.c2004-08-26 20:58:04 UTC (rev 2078) @@ -258,27 +258,30 @@ } /* Register a home dir service for this user iff + (a) This is not a guest connection, (b) we have a home directory defined - If a share exists by this name (autoloaded or not) reuse it so - long as the home directory is the same as the share directory. */ + (c) there s not an existing static share by that name + + If a share exists by this name (autoloaded or not) reuse it . */ - if ( (!vuser-guest) vuser-unix_homedir *(vuser-unix_homedir)) { + vuser-homes_snum = -1; + + if ( (!vuser-guest) vuser-unix_homedir *(vuser-unix_homedir)) + { int servicenumber = lp_servicenumber(vuser-user.unix_name); + if ( servicenumber == -1 ) { DEBUG(3, (Adding homes service for user '%s' using home directory: '%s'\n, vuser-user.unix_name, vuser-unix_homedir)); vuser-homes_snum = add_home_service(vuser-user.unix_name, vuser-user.unix_name, vuser-unix_homedir); - } else if (strcmp(lp_pathname(servicenumber),vuser-unix_homedir) == 0) { - DEBUG(3, (Reusing homes service for user '%s' using home directory: '%s'\n, - vuser-user.unix_name, vuser-unix_homedir)); - + } else { + DEBUG(3, (Using static (or previously created) service for user '%s'; path = '%s'\n, + vuser-user.unix_name, lp_path(servicenumber) )); vuser-homes_snum = servicenumber; } - } else { - vuser-homes_snum = -1; - } + } if (srv_is_signing_negotiated() !vuser-guest !srv_signing_started()) { /* Try and turn on server signing on the first non-guest sessionsetup. */
svn commit: samba r2079 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: gd Date: 2004-08-26 21:32:49 + (Thu, 26 Aug 2004) New Revision: 2079 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=2079nolog=1 Log: Clear the publish-bit from the attributes-mask when migrating printer-settings. publishing-info is not handled yet. Guenther Modified: branches/SAMBA_3_0/source/utils/net_rpc_printer.c trunk/source/utils/net_rpc_printer.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_printer.c === --- branches/SAMBA_3_0/source/utils/net_rpc_printer.c 2004-08-26 20:58:04 UTC (rev 2078) +++ branches/SAMBA_3_0/source/utils/net_rpc_printer.c 2004-08-26 21:32:49 UTC (rev 2079) @@ -2095,6 +2095,12 @@ is correctly installed (incl. driver ???) */ init_unistr( ctr_dst.printers_2-portname, SAMBA_PRINTER_PORT_NAME); + /* check if printer is published - no publish-migration for the moment */ + if (ctr_enum.printers_2[i].attributes PRINTER_ATTRIBUTE_PUBLISHED) { + printf(printer on originating server was published, ignoring that\n); + ctr_dst.printers_2-attributes = PRINTER_ATTRIBUTE_SAMBA; + } + /* copy devmode (info level 2) */ ctr_dst.printers_2-devmode = talloc_memdup(mem_ctx, ctr_enum.printers_2[i].devmode, sizeof(DEVICEMODE)); Modified: trunk/source/utils/net_rpc_printer.c === --- trunk/source/utils/net_rpc_printer.c2004-08-26 20:58:04 UTC (rev 2078) +++ trunk/source/utils/net_rpc_printer.c2004-08-26 21:32:49 UTC (rev 2079) @@ -2095,6 +2095,12 @@ is correctly installed (incl. driver ???) */ init_unistr( ctr_dst.printers_2-portname, SAMBA_PRINTER_PORT_NAME); + /* check if printer is published - no publish-migration for the moment */ + if (ctr_enum.printers_2[i].attributes PRINTER_ATTRIBUTE_PUBLISHED) { + printf(printer on originating server was published, ignoring that\n); + ctr_dst.printers_2-attributes = PRINTER_ATTRIBUTE_SAMBA; + } + /* copy devmode (info level 2) */ ctr_dst.printers_2-devmode = talloc_memdup(mem_ctx, ctr_enum.printers_2[i].devmode, sizeof(DEVICEMODE));
svn commit: samba r2080 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: gd Date: 2004-08-26 21:37:20 + (Thu, 26 Aug 2004) New Revision: 2080 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=2080nolog=1 Log: Remove last traces of static migration to localhost. Needed to allow a local netbios-alias bound to non-loopback interface as a migration target. It's now possible to migrate printers|shares|files from Server A to Server B while running the net-command on client C. Guenther Modified: branches/SAMBA_3_0/source/utils/net.c branches/SAMBA_3_0/source/utils/net.h branches/SAMBA_3_0/source/utils/net_rpc.c branches/SAMBA_3_0/source/utils/net_rpc_printer.c trunk/source/utils/net.c trunk/source/utils/net.h trunk/source/utils/net_rpc.c trunk/source/utils/net_rpc_printer.c Changeset: Sorry, the patch is too large (365 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=2080nolog=1
svn commit: samba r2081 - in trunk/source/smbd: .
Author: jra Date: 2004-08-26 21:38:50 + (Thu, 26 Aug 2004) New Revision: 2081 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/smbdrev=2081nolog=1 Log: lp_path should be lp_pathname. Paranoia fix on mangle prefix. Jeremy. Modified: trunk/source/smbd/mangle_hash2.c trunk/source/smbd/password.c Changeset: Modified: trunk/source/smbd/mangle_hash2.c === --- trunk/source/smbd/mangle_hash2.c2004-08-26 21:37:20 UTC (rev 2080) +++ trunk/source/smbd/mangle_hash2.c2004-08-26 21:38:50 UTC (rev 2081) @@ -119,7 +119,7 @@ this hash needs to be fast with a low collision rate (what hash doesn't?) */ -static u32 mangle_hash(const char *key, unsigned length) +static u32 mangle_hash(const char *key, unsigned int length) { u32 value; u32 i; @@ -129,6 +129,7 @@ doesn't depend on the case of the long name. Note that this is the only place where we need to use a multi-byte string function */ + length = MIN(length,sizeof(fstring)-1); strncpy(str, key, length); str[length] = 0; strupper_m(str); Modified: trunk/source/smbd/password.c === --- trunk/source/smbd/password.c2004-08-26 21:37:20 UTC (rev 2080) +++ trunk/source/smbd/password.c2004-08-26 21:38:50 UTC (rev 2081) @@ -278,7 +278,7 @@ vuser-user.unix_name, vuser-unix_homedir); } else { DEBUG(3, (Using static (or previously created) service for user '%s'; path = '%s'\n, - vuser-user.unix_name, lp_path(servicenumber) )); + vuser-user.unix_name, lp_pathname(servicenumber) )); vuser-homes_snum = servicenumber; } }
svn commit: samba r2082 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2004-08-26 21:39:10 + (Thu, 26 Aug 2004) New Revision: 2082 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/smbdrev=2082nolog=1 Log: lp_path should be lp_pathname. Paranoia fix on mangle prefix. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/mangle_hash2.c branches/SAMBA_3_0/source/smbd/password.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/mangle_hash2.c === --- branches/SAMBA_3_0/source/smbd/mangle_hash2.c 2004-08-26 21:38:50 UTC (rev 2081) +++ branches/SAMBA_3_0/source/smbd/mangle_hash2.c 2004-08-26 21:39:10 UTC (rev 2082) @@ -119,7 +119,7 @@ this hash needs to be fast with a low collision rate (what hash doesn't?) */ -static u32 mangle_hash(const char *key, unsigned length) +static u32 mangle_hash(const char *key, unsigned int length) { u32 value; u32 i; @@ -129,6 +129,7 @@ doesn't depend on the case of the long name. Note that this is the only place where we need to use a multi-byte string function */ + length = MIN(length,sizeof(fstring)-1); strncpy(str, key, length); str[length] = 0; strupper_m(str); Modified: branches/SAMBA_3_0/source/smbd/password.c === --- branches/SAMBA_3_0/source/smbd/password.c 2004-08-26 21:38:50 UTC (rev 2081) +++ branches/SAMBA_3_0/source/smbd/password.c 2004-08-26 21:39:10 UTC (rev 2082) @@ -272,7 +272,7 @@ vuser-user.unix_name, vuser-unix_homedir); } else { DEBUG(3, (Using static (or previously created) service for user '%s'; path = '%s'\n, - vuser-user.unix_name, lp_path(servicenumber) )); + vuser-user.unix_name, lp_pathname(servicenumber) )); vuser-homes_snum = servicenumber; } }
svn commit: samba r2083 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2004-08-27 01:16:25 + (Fri, 27 Aug 2004) New Revision: 2083 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/smbdrev=2083nolog=1 Log: Fix memleak on return code path. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/open.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/open.c === --- branches/SAMBA_3_0/source/smbd/open.c 2004-08-26 21:39:10 UTC (rev 2082) +++ branches/SAMBA_3_0/source/smbd/open.c 2004-08-27 01:16:25 UTC (rev 2083) @@ -592,7 +592,7 @@ int i; int num_share_modes; int oplock_contention_count = 0; - share_mode_entry *old_shares = 0; + share_mode_entry *old_shares = NULL; BOOL fcbopen = False; BOOL broke_oplock; @@ -601,12 +601,15 @@ num_share_modes = get_share_modes(conn, dev, inode, old_shares); - if(num_share_modes == 0) + if(num_share_modes == 0) { + SAFE_FREE(old_shares); return 0; + } if (desired_access ((desired_access ~(SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|FILE_WRITE_ATTRIBUTES))==0) ((desired_access (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|FILE_WRITE_ATTRIBUTES)) != 0)) { /* Stat open that doesn't trigger oplock breaks or share mode checks... ! JRA. */ + SAFE_FREE(old_shares); return num_share_modes; } @@ -758,9 +761,6 @@ free_broken_entry_list(broken_entry_list); } while(broke_oplock); - if(old_shares != 0) - SAFE_FREE(old_shares); - /* * Refuse to grant an oplock in case the contention limit is * reached when going through the lock list multiple times. @@ -772,6 +772,7 @@ oplock_contention_count )); } + SAFE_FREE(old_shares); return num_share_modes; }
svn commit: samba r2084 - in trunk/source/smbd: .
Author: jra Date: 2004-08-27 01:16:30 + (Fri, 27 Aug 2004) New Revision: 2084 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/smbdrev=2084nolog=1 Log: Fix memleak on return code path. Jeremy. Modified: trunk/source/smbd/open.c Changeset: Modified: trunk/source/smbd/open.c === --- trunk/source/smbd/open.c2004-08-27 01:16:25 UTC (rev 2083) +++ trunk/source/smbd/open.c2004-08-27 01:16:30 UTC (rev 2084) @@ -592,7 +592,7 @@ int i; int num_share_modes; int oplock_contention_count = 0; - share_mode_entry *old_shares = 0; + share_mode_entry *old_shares = NULL; BOOL fcbopen = False; BOOL broke_oplock; @@ -601,12 +601,15 @@ num_share_modes = get_share_modes(conn, dev, inode, old_shares); - if(num_share_modes == 0) + if(num_share_modes == 0) { + SAFE_FREE(old_shares); return 0; + } if (desired_access ((desired_access ~(SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|FILE_WRITE_ATTRIBUTES))==0) ((desired_access (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|FILE_WRITE_ATTRIBUTES)) != 0)) { /* Stat open that doesn't trigger oplock breaks or share mode checks... ! JRA. */ + SAFE_FREE(old_shares); return num_share_modes; } @@ -758,9 +761,6 @@ free_broken_entry_list(broken_entry_list); } while(broke_oplock); - if(old_shares != 0) - SAFE_FREE(old_shares); - /* * Refuse to grant an oplock in case the contention limit is * reached when going through the lock list multiple times. @@ -772,6 +772,7 @@ oplock_contention_count )); } + SAFE_FREE(old_shares); return num_share_modes; }