[Samba] Mapping resolution.
I have a NT4.0 PDC and samba 3.0.2 member domain, it store SID-UID mapping in winbind_idmap.tdb file.I have read about a more scalability way to store these informations in a ldap server.So I can install another member domain to share the same mapping. How it is work?Can I found any documentation? Thanks, Marco. Marco Meli GKN SINTER METALS via Verdi, 82 I-20063 Cernusco s/naviglio (MI) / Italy % +39/02/929051452 Fax: +39/02/9230690 * [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SuSE 9.1 Pro
Hi, the simple answer is dont use suse firewall,( iptables scripts are easy to google ) and study more chapters from Samba Browsing That's not very nice, the Suse 'firewall' is well written. And you can't expect everyone to learn that much about paket filtering just to run samba. And it works with samba. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Warning: E-mail viruses detected
Our virus detector has just been triggered by a message you sent:- To: [EMAIL PROTECTED] Subject: Re: Mail Authentification Date: Tue Oct 5 09:47:56 2004 One or more of the attachments (document.txt .exe, document.zip) are on the list of unacceptable attachments for this site and will not have been delivered. Consider renaming the files to avoid this constraint. The virus detector said this about the message: Report: MailScanner: Executable DOS/Windows programs are dangerous in email (document.txt .exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (document.txt .exe) -- MailScanner Email Virus Scanner www.mailscanner.info MailScanner thanks transtec Computers for their support -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 and forest trust
I have 2 W2K3 forests: forestA.com and forestB.com. forestB.com has several child domains: child1.forestB.com, child2.forestB.com, etc... forestA.com has no children. There is a 2-way transitive forest trust between the forests. What I would like is to have Samba3 box in forestA.com to be able to authenticate users from child domains of forestB.com. i.e.: user from child1.forestB.com can access samba3box.forestA.com. I can successfully join samba box to forestA.com AD, but from the logs I see that winbind does not enumerate the child domains of forestB.com (because it's a forest and not NTLM trust ?). As a side note: is there any way to make winbind not to enumerate certain domains and/or certain users/groups by the means of custom LDAP filter ? We have a rather large environment and an attempt to enumerate some 50K users miserably times out. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbmount and UTF-8 characters
Hello list! Sorry to be a pain, but I've hunted high and low and can't seem to find the answer. I have a Slackware 10 system and a Microsoft Windows 2000 system. On the Windows 2000 system are lots of files with extended characters - like (tm), (r) and characters with umlauts. I used the localedef command and set LC_ALL=en_US.UTF8. I am running KDE and in the Konqueror browser I can use smb:// to connect to a share on the Windows system. All extended characters display as expected. If I use the smbmount command to mount these shares, and then use Konqueror to browse to /mnt/projects I can not longer see the extended characters. An example of one of the many variants of smbmount I have used: smbmount //systemx/projects /mnt/projects/ -o username=**,password=**,workgroup=,codepage=cp850,iocharset= utf8 The filesystem for /mnt/projects is reiserfs, which I understand supports utf8 just fine, though I have not used any explicit mount options. Can anybody guide me towards the magic that will make this work? If it makes any difference, I am trying to mount many shares for the purpose of using s-tar to archive old files. Many thanks, Also, is what I am asking actually possible? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Point'n'Print: adddriver / WERR_ACCESS_DENIED
Tried doing that, no dice - same error message! However, I noticed that the New Driver button is not grayed out anymore - I get Access Denied when trying to update the driver via that method as well. I tried chmodding drivers dir 777, still access denied... Regards, Philip Martin Zielinski wrote: Hello Philip, try putting the printer admin parameter into the global section. It's a global parameter that cannot be used per share. Greetings, Martin On Monday 04 October 2004 16:00, Philip Maurer wrote: Dear list, This problem has been bugging me for days now, I've got Cups version 1.1.21 and Samba 3.0.7 installed and working. There is a single Laserjet 4100 attached to the network, printing via Cups or Cups/Samba works fine. The problems are with getting Point'n'Print to work. I've been scouring the net, archived posts of this list, read the official Samba manual, to no avail. The problem is always the same; I can successfully copy the drivers into the W32X86 directory using e.g. smbclient, but issuing the adddriver command via rpcclient rpcclient newserver -N -U'root%**' -c 'adddriver Windows NT x86 printer:cupsdrvr.dll:printer.ppd:cupsui.dll:cups.hlp:NULL:RAW:NULL' Always returns: result was WERR_ACCESS_DENIED I've tried using the GUI method but when I get to the Advanced tab the 'New Driver' button is grayed out. Best regards, Philip Here's my smb.conf: ---[snip]- [global] # Replace MYWORKGROUPNAME with your workgroup/domain workgroup = NOVASOFT # Of course this has no REAL purpose other than letting # everyone know its not Windows! # %v prints the version of Samba we are using. server string = Samba Server %v # We are going to use cups, so we are going to put it in here ;-) load printers = yes printing = cups printcap name = cups use client driver = no # We want a log file and we do not want it to get bigger than 50kb. log file = /var/log/samba/log.%m max log size = 50 # We are going to set some options for our interfaces... socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # This is a good idea, what we are doing is binding the # samba server to our local network. # For example, if eth0 is our local network device interfaces = lo eth0 bind interfaces only = yes # Now we are going to specify who we allow, we are afterall # very security conscience, since this configuration does # not use passwords! hosts allow = 127.0.0.1 195.163.190.192/27 hosts deny = 0.0.0.0/0 # Other options for this are USER, DOMAIN, ADS, and SERVER # The default is user security = user # No passwords, so we're going to use a guest account! guest account = samba guest ok = yes # We now will implement the on access virus scanner. # NOTE: By putting this in our [Global] section, we enable # scanning of ALL shares, you could optionally move # these to a specific share and only scan it. # For Samba 3.x vfs object = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf # Now we setup our print drivers information! [print$] comment = Printer Drivers # this path holds the driver structure path = /etc/samba/drivers guest ok = yes browseable = yes read only = yes # Modify this to username,root if you don't want root to # be the only printer admin) write list = maph,root [HP_Laserjet_4100] comment = HP LaserJet Network Printer printable = yes path = /var/spool/samba public = yes guest ok = yes guest account = samba printer admin = maph,root # Now we setup our printers share. This should be # browseable, printable, public. [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writeable = no printable = yes printer admin = maph,root -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind netlogon scripts
Using an XP workstation joined to Samba PDC domain, when a user tries to log into a trusted win2003 ADS domain from this machine (using winbind) should the user's login script run (as specified in their windows account)? Because at the moment I can't seem to get scripts to run. Lee Baker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PHD
Dear Sir/Madam, My name is Vivek Singh Raghuwanshi i live in India and work on Linux Network as a Administrator in a University. My qualification are MBA in Information Tech. Sir i want to do Phd in Samba or Linux Network. Help me plz Regards Vivek Singh Raghuwanshi - Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using parameters in lpq command conflicts with background
Hi Jerry, (and rest of list) I have an application than makes use of the lpq command and uses the %U parameter in the command string. The application returns a personalized queue list based on the value of %U. This technique worked well in older versions of Samba (circa RedHat 8), but I have run into some trouble with Samba 3. The issue appears to be twofold. 1) The lpq command is now run from the background lpq monitoring process, which does not have a user (%U) per-se associated with it. 2) The background lpq process maintains its cache(s) based on the service name. IIRC, the older caching system maintained a cache for each unique lpq command line. Indeed it did. In fact the whole (tdb-based) lpq monitoring system has a whole heap of changes from previous Samba versions (we jumped from 1.9.18p8 to 3.0.6) and all sorts of strange things happen now. I've temporarily solved the problem by running smbd from inetd - this prevents the background lpq process from running and causes each user's process to invoke their own lpq command (complete with %U substitution). Fab! Thanks for finding this workaround. I'll give it a shot. Would it be possible to update the background lpq code to use the (fully substituted) lpq command as the cache identifier instead of (or in addition to) the service name? My application aside, I think it would be best if Samba's behavior was consistent in both daemon and non-daemon modes. I'd be willing to lend my mediocre programming skills to the task if it would help. I agree about the damon vs. non-daemon mode, very odd that the behaviour is inconsistent. Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Scaleable LDAP Backends for Samba; Domain Controllers group access
objectclass ( 1.3.6.1.4.1.6921.1.18 NAME 'nssBisGroup' DESC 'Adds POSIX Attributes To A GroupOfNames' SUP top AUXILIARY MUST ( cn, gidNumber ) MAY ( userPassword, description ) ) Uh... gee, on second thought I don't see how this is going to work with the smbldap scripts nor do I know if this will take a sambaGroupMapping. sambaGroupMapping is ***AUXILIARY***, so you can essentially stick it on anything. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.7 joining NT4 domain: no go, but 2.2.12 is joining just fine!
Hi, I am still wrestling with WinNT4 domain PDC which does not like a Samba 3.0.7 member. I built 2.2.12 from sources and it does join the very same domain just fine! However, I did not try to do it from the same machine where I tested 3.0.7. Logs of # smbpasswd -D $D -j PORT -r PORT_PDC -U vda 21 | tee join.out.$D with D=4..10 are in attached tarball, with smb.conf Any thoughts? -- vda-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [PATCH] 2.2.12: fix support for samba daemons running under daemontools
Hi, One can run samba 2.2.12 daemons (nmbd,smbd,winbindd) under daemontools if they are started with -i option. However, smbd does not handle more than one connection at once in this mode. If one redirects it to pipe/file, logging to stdout is buffered. Log text appears there with inacceptable delay. This patch: * adds option -f to nmbd, smbd and windindd. * for nmbd and winbindd it is identical to -i. * for smbd it is mostly like -i but allows multiple connections to smbd. * usage() text updated accordingly. * smbd help on -i now mentions single threaded behaviour. * getopt in nmbd and smbd source expected -f option with parameter, but there were no other supporting code for it. An oversight? Removed. * stdout set to unbuffered mode if we do logging to it. Run tested. Please review/apply. -- vda-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.7 joining NT4 domain: no go, but 2.2.12 is joining just fine!
On Tuesday 05 October 2004 15:32, Denis Vlasenko wrote: I am still wrestling with WinNT4 domain PDC which does not like a Samba 3.0.7 member. I built 2.2.12 from sources and it does join the very same domain just fine! However, I did not try to do it from the same machine where I tested 3.0.7. Logs of # smbpasswd -D $D -j PORT -r PORT_PDC -U vda 21 | tee join.out.$D with D=4..10 are in attached tarball, with smb.conf ...but attachment did not make it to the list. You can wget it here: http://195.66.192.168/linux/2.2.12.tar.bz2 -- vda -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SuSE 9.1 Pro
Holger Krull schrieb: Hi, the simple answer is dont use suse firewall,( iptables scripts are easy to google ) and study more chapters from Samba Browsing That's not very nice, the Suse 'firewall' is well written. And you can't expect everyone to learn that much about paket filtering just to run samba. And it works with samba. Sorry Holger, but my opinion is different, suse firewall may be good written, but learning about packet filtering and networking is helpfull in any way. If you dont push the button block internal internal interface in yast and you bind samba to your internal nic suse firewall is not involded with you samba stuff. If you want use samba trough nat or suse firewall, you should take your own iptables script, cause you cant really adjust this in suse firewall. For more help post more of your desired network layout and you samba conf Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SuSE 9.1 Pro
My entire smb.conf file is listed in the thread [Samba] Samba 3.0.4 Profile Permissions. I'll post it here as well. My layout is fairly simple. I have one machine in my network running Linux and Samba that acts as a Primary Domain Controller. It resides at IP addres 192.168.1.100 while all of the other machines on my network (all Windows XP clients) have an IP address of 192.168.1.xxx I currently have this setup running in Mandrake (from about 2 years ago) and everything works as it should regarding Samba (version 2.2.4 btw). All of my clients login to the server using an account and password that exists on the Linux machine. Following this message is my smb.conf and my log files from last night. This was with the firewall disabled altogether. I would like a firewall of some sort on this server so disabling the firewall doesn't really make me feel all that comfortable but if it doesn't work right, it doesn't work. I have ports 137, 138, 139 and 445 open, according to YaST, but this still will not work. I (usually) can't even see the Domain Controller while the firewall is running. I say ususally because sometimes I do... and I hadn't changed a thing. It's there one minute and gone the next. When you look at the log files you will notice that I attempted to log in with a user account of bagginsadmin which is a member of the adm group. The adm group is set in all of my Windows XP clients as a member of the Administrators group so that I can use this particular login to access any of my XP clients and make any necessary modifications. When I attempted to login last night I got the following error: Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator. I then attempted to login with my own account (also a member of the adm group) and got this error: Windows cannot log you in now because the domain BAGGINS is not available. I then created a new user account in Linux and Samba and attempted to login. I get the same error. When I login using the original administrative account above I get access to most of the shares that I have setup. My network logon script runs just fine. I do not, however, have Administrative priveleges on the XP client. When I attempt to modify the XP client Administrators group I get a list of numbers as the members instead of what I am used to seeing (i.e. BAGGINS\unix_group.XXX). Now I am sure that the following line in my log.smbd explains what is going wrong but I'll be snookered if I knew what it meant: [2004/10/04 11:59:05, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(5988) init_sam_user_info_21A: User bagginsadmin has Primary Group SID S-1-5-32- 544, which conflicts with the domain sid S-1-5-21-2763611909-969304523- 3334035465. Failing operation. So, having said all of that, here are my configuration and log files. As always, any help is greatly appreciated. [global] workgroup = BAGGINS security = user encrypt passwords = yes passdb backend = smbpasswd server string = Domain Controller netbios name = BILBO add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody - s /bin/false %m$ domain master = yes domain logons = yes logon script = logon.cmd local master = yes preferred master = yes os level = 65 [homes] comment = Home Directory for %u path = /home/%u read only = No browseable = No [Projects] comment = Project Folders path = /data-1/projects admin users = @Design, adm, Manager read only = No create mask = 0775 force create mode = 0775 force security mode = 0775 force directory mode = 0775 force directory security mode = 0775 [Temp] comment = Temporary Space path = /data-1/temp admin users = @Design, adm, Manager read only = No create mask = 0777 [Archive] comment = Archived Projects path = /data-1/archive write list = @adm security mask = 0755 directory security mask = 0755 guest ok = Yes [netlogon] comment = Network Logon Service path = /etc/samba/netlogon guest ok = Yes [Profiles] path = /home/%u/profile browseable = No writeable = yes nt acl support = yes My log.smbd [2004/10/04 11:55:00, 1] smbd/service.c:make_connection_snum(619) baggins001 (192.168.1.6) connect to service bagginsadmin initially as user bagginsadmin (uid=543, gid=4) (pid 7537) [2004/10/04 11:55:00, 1] smbd/service.c:close_cnum(801) baggins001 (192.168.1.6) closed connection to service bagginsadmin [2004/10/04 11:55:04, 1] smbd/service.c:make_connection_snum(619) baggins001 (192.168.1.6) connect to service bagginsadmin initially as user bagginsadmin (uid=543, gid=4) (pid
Re: [Samba] SuSE 9.1 Pro
Hi, the simple answer is dont use suse firewall,( iptables scripts are easy to google ) and study more chapters from Samba Browsing That's not very nice, the Suse 'firewall' is well written. And you can't expect everyone to learn that much about paket filtering just to run samba. And it works with samba. Sorry Holger, but my opinion is different, suse firewall may be good written, but learning about packet filtering and networking is helpfull in any way. Agree, the SuSe firewall is nice, but it is really for simple workstation/desktop setups. If you want to do more advanced setups you need to leave the tool behind. I recommend fwbuilder - http://freshmeat.net/projects/fwbuilder/ The UI is intuitive and you can build VERY sophisticated rule stacks. Even Windows admins manage to figure it out. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] kerberos and Win2003AD problems
Hi Peter, excuse me that i cannot help you solving this problem because we have it too. We have installed Samba 3.0.7 on FreeBSD 5.2.1 with Heimdal Kerberos 0.6.1, OpenLDAPClient 2.2.x, BerkleyDB 4.1.x, Krb5_pam , Nsskrb5 ,Nssldap andOpen SSL 0.9.7d and got the same problems like you for 5 days. So I have the question whether you have solved already the problem? Can you help us with your experiences? Thanks and Kind regards Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Slow Directory listing
hi, on samba3 a have a directory foo with one subfolder blah. the subfolder contains a huge subtree with lot of files (11gig). if i click on foo it takes 10 or more seconds to get the one folder blah. but if i use the left foldertree of explorer, there are no problems, it's fast. what is the explorer looking for? size calculations? it there a hint or configuration param in the smb.conf to tune up explorer? thx tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slow Directory listing
-Original Message- From: [EMAIL PROTECTED] Thomas Werner Subject: [Samba] Slow Directory listing hi, on samba3 a have a directory foo with one subfolder blah. the subfolder contains a huge subtree with lot of files (11gig). if i click on foo it takes 10 or more seconds to get the one folder blah. but if i use the left foldertree of explorer, there are no problems, it's fast. what is the explorer looking for? size calculations? it there a hint or configuration param in the smb.conf to tune up explorer? thx tom I've seen this on native Microsoft Windows fileshares as well. We recently moved some clients to Microsoft Windows XP which was when this problem started. Curiously, the slow-down only occurs when browsing using My Network Places - Microsoft Windows Explorer appears unaffected. I have not found real a solution or a cause, other than not to use My Network Places. My spider senses tell me it is some sort of caching issue... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow Directory listing
On 05.10.2004 16:36 Uhr, Russell Packer [EMAIL PROTECTED] wrote: I've seen this on native Microsoft Windows fileshares as well. We recently moved some clients to Microsoft Windows XP which was when this problem started. Curiously, the slow-down only occurs when browsing using My Network Places - Microsoft Windows Explorer appears unaffected. I have not found real a solution or a cause, other than not to use My Network Places. it happens with the same explorer window on a mapped network drive: foldertree left: fast each view right: slow strange... My spider senses tell me it is some sort of caching issue... a caching issue of explorer or samba? we use a raid5 storage unit with 8 scsi disc, wich is not the fastest. but it should faster then a single disc with reading. the filesystem is ext3. is reiserfs a better choise, i guess not, or? cheers tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] WINBIND Problem.....
Most definitely. The test directory appears as follows: [EMAIL PROTECTED] avamx_shares]# ls -al total 12 drwxr-xr-x 3 root root 4096 Sep 21 14:40 . drwxr-xr-x 17 root root 4096 Sep 2 06:07 .. drwxr-xr-x 2 tbullock Domain Admins 4096 Sep 21 14:40 tbullock The directory 'tbullock' is the one I am trying to gain access to. As you see Fedora allows me to use the winbind generated or acquired tbullock user and Domain Admins groups which I found pretty cool by the way. And also the wierd thing is if I try to browse to that 'tbullock' share and I am not actually logged in as 'tbullock' (Domain account) it gives me an straight forward Access Denied message. If I am sitting at my computer logged in as my Domain Account 'tbullock' then the message is much different and goes something like: Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. So it is returning different error messages depending on which account attempts to access the share. Thanks for the interest in this problem. Cheers, Travis -Original Message- From: Hamish [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 4:48 AM To: Travis Bullock Cc: [EMAIL PROTECTED] Subject: Re: [Samba] WINBIND Problem. Sorry for obvious question, but have you made sure that you have write permission to the directory you are trying to write to? Travis Bullock wrote: Hello again. Still have not resolved this winbind issue, although it may not be winbind at all. The odd thing is, when I attempt to access a share on the Fedora C2 server running samba 3.x and winbind it will ask for a password. If I enter the wrong username and password, it will give me an invalid username or password error. If I enter the correct username and password, it will give me a Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. Any ideas out there? Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slow Directory listing
On 05.10.2004 16:36 Uhr, Russell Packer [EMAIL PROTECTED] wrote: I've seen this on native Microsoft Windows fileshares as well. We recently moved some clients to Microsoft Windows XP which was when this problem started. Curiously, the slow-down only occurs when browsing using My Network Places - Microsoft Windows Explorer appears unaffected. I have not found real a solution or a cause, other than not to use My Network Places. it happens with the same explorer window on a mapped network drive: foldertree left: fast each view right: slow strange... My spider senses tell me it is some sort of caching issue... a caching issue of explorer or samba? we use a raid5 storage unit with 8 scsi disc, wich is not the fastest. but it should faster then a single disc with reading. the filesystem is ext3. is reiserfs a better choise, i guess not, or? cheers tom Caching on the Windows Explorer side. I seem to recall there is an option somewhere about not caching. This is all pure speculation, but for me it only started to happen with Windows XP. I would go back and re-test it with a Windows 2000 client and a Linux client, but its not high on my list of things to do :) The basic thing is though, this happens in an all-microsoft environment too, so I'm not certain that anything could be done with Samba to fix this? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] WINBIND Problem.....
Hi, Sorry for a few more obvious questions, but... What does the share definition in smb.conf look like? What global parameters have you set? Maybe I missed an earlier post or something. Thanks, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: 05 October 2004 05:07 PM To: 'Hamish' Cc: [EMAIL PROTECTED] Subject: RE: [Samba] WINBIND Problem. Most definitely. The test directory appears as follows: [EMAIL PROTECTED] avamx_shares]# ls -al total 12 drwxr-xr-x 3 root root 4096 Sep 21 14:40 . drwxr-xr-x 17 root root 4096 Sep 2 06:07 .. drwxr-xr-x 2 tbullock Domain Admins 4096 Sep 21 14:40 tbullock The directory 'tbullock' is the one I am trying to gain access to. As you see Fedora allows me to use the winbind generated or acquired tbullock user and Domain Admins groups which I found pretty cool by the way. And also the wierd thing is if I try to browse to that 'tbullock' share and I am not actually logged in as 'tbullock' (Domain account) it gives me an straight forward Access Denied message. If I am sitting at my computer logged in as my Domain Account 'tbullock' then the message is much different and goes something like: Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. So it is returning different error messages depending on which account attempts to access the share. Thanks for the interest in this problem. Cheers, Travis -Original Message- From: Hamish [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 4:48 AM To: Travis Bullock Cc: [EMAIL PROTECTED] Subject: Re: [Samba] WINBIND Problem. Sorry for obvious question, but have you made sure that you have write permission to the directory you are trying to write to? Travis Bullock wrote: Hello again. Still have not resolved this winbind issue, although it may not be winbind at all. The odd thing is, when I attempt to access a share on the Fedora C2 server running samba 3.x and winbind it will ask for a password. If I enter the wrong username and password, it will give me an invalid username or password error. If I enter the correct username and password, it will give me a Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. Any ideas out there? Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can join domain; can't logon
I had a problem similar to my current one a week or so ago, and I was encouraged to upgrade from Samba 2.2.9 to 3.0.7, which I did. Now that I've completed that nightmare, the problem I initially set out to fix is still there, just different. Namely: I am trying to set up Samba 3.0.7 on a SuSE 9.1 box as an LDAP PDC whose only job will be authentication. Our LDAP server is on a separate box. I can join the domain just fine, but when I try to login via Windows, I get the following error: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. I suspected that neither of these were the case, as I created the account with idealx's smbldap-tools. I verified that the account is there with ldapsearch. Last time I had this problem, Samba wasn't even communicating with LDAP, but this time it is. When I try to login, here's what the LDAP logs show: [05/Oct/2004:10:03:52 -0500] conn=53576 op=7 SRCH base=o=nebrwesleyan.edu,o=isp scope=2 filter=((uid=GUINEA-PIG$)(objectClass=sambaSamAccount)) attrs=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount sambabadpasswordtime sambapasswordhistory modifyTimestamp sambalogonhours modifyTimestamp [05/Oct/2004:10:03:52 -0500] conn=53576 op=8 SRCH base=o=nebrwesleyan.edu,o=isp scope=2 filter=((uid=GUINEA-PIG$)(objectClass=sambaSamAccount)) attrs=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount sambabadpasswordtime sambapasswordhistory modifyTimestamp sambalogonhours modifyTimestamp It searches twice for the machine trust account, which I've verified exists. The only thing I can think of is that not all of the attributes it's asking for exist. (In fact, a lot of them don't.) As you can see in the attached nmbd log, though, Samba doesn't show any obvious errors. I've also included my smb.conf (with some changes to protect my server's innocence). Any ideas are greatly appreciated. Thanks. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 [global] server string = test workgroup = NWU_TEST netbios name = TESTERATOR log level = 1 encrypt passwords = yes max smbd processes = 0 socket options = TCP_NODELAY add machine script = /usr/local/sbin/smbldap-useradd -w '%u' logon script = scripts\logon.bat logon path = \\%L\profiles\%U domain logons = yes local master = yes preferred master = yes wins server = 10.9.1.12 security = user passdb backend = ldapsam:ldap://server.nebrwesleyan.edu ldap suffix = o=nebrwesleyan,o=edu ldap machine suffix = ou=Machines ldap user suffix = ou=People ldap group suffix = ou=Groups ldap filter = (uid=%u) ldap admin dn = cn=foo ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes locking = No [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No [tmp] comment = temporary files path = /tmp read only = yes [2004/10/05 11:14:43, 5] nmbd/nmbd_packets.c:process_dgram(1194) process_dgram: ignoring dgram packet sent to name COMPUTER LABS1d from 10.9.1.10 [2004/10/05 11:14:43, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet 10.9.1.111: found. [2004/10/05 11:14:43, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1096992883) - last(1096992397) 900 [2004/10/05 11:14:43, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found. [2004/10/05 11:14:43, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162) find_workgroup_on_subnet: workgroup search for NWU_TEST on subnet UNICAST_SUBNET: found. [2004/10/05 11:14:48, 10] lib/util_sock.c:read_udp_socket(230) read_udp_socket: lastip 10.9.1.97 lastport 138 read: 290 [2004/10/05 11:14:48, 5] libsmb/nmblib.c:read_packet(757) Received a packet of len 290 from (10.9.1.97) port 138 [2004/10/05 11:14:48, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) nmbd_subnetdb:namelist_entry_compare() -1 == memcmp( NWU_TEST1c, NWU_TEST1d, 84 ) [2004/10/05 11:14:48, 10]
RE: [Samba] WINBIND Problem.....
Here she is: [global] log level = 3 # workgroup = NT-Domain-Name or Workgroup-Name workgroup = AVMAX # server string is the equivalent of the NT Description field server string = Samba Server # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 1 to 2 for domain users winbind uid = 1-2 # use gids from 1 to 2 for domain groups winbind gid = 1-2 # allow enumeration of winbind users and groups password server = nt_bdc AVMAX encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers winbind use default domain = yes winbind cache time = 15 winbind enum users = yes winbind enum groups = yes obey pam restrictions = yes template shell = /bin/bash [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [tbullock] comment = Avmax Domain Shares browseable = yes writable = yes read only = no path = /usr/avmax_shares/tbullock valid users = AVMAX+tbullock -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Le Noury Sent: Tuesday, October 05, 2004 9:10 AM To: [EMAIL PROTECTED] Subject: RE: [Samba] WINBIND Problem. Hi, Sorry for a few more obvious questions, but... What does the share definition in smb.conf look like? What global parameters have you set? Maybe I missed an earlier post or something. Thanks, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: 05 October 2004 05:07 PM To: 'Hamish' Cc: [EMAIL PROTECTED] Subject: RE: [Samba] WINBIND Problem. Most definitely. The test directory appears as follows: [EMAIL PROTECTED] avamx_shares]# ls -al total 12 drwxr-xr-x 3 root root 4096 Sep 21 14:40 . drwxr-xr-x 17 root root 4096 Sep 2 06:07 .. drwxr-xr-x 2 tbullock Domain Admins 4096 Sep 21 14:40 tbullock The directory 'tbullock' is the one I am trying to gain access to. As you see Fedora allows me to use the winbind generated or acquired tbullock user and Domain Admins groups which I found pretty cool by the way. And also the wierd thing is if I try to browse to that 'tbullock' share and I am not actually logged in as 'tbullock' (Domain account) it gives me an straight forward Access Denied message. If I am sitting at my computer logged in as my Domain Account 'tbullock' then the message is much different and goes something like: Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. So it is returning different error messages depending on which account attempts to access the share. Thanks for the interest in this problem. Cheers, Travis -Original Message- From: Hamish [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 4:48 AM To: Travis Bullock Cc: [EMAIL PROTECTED] Subject: Re: [Samba] WINBIND Problem. Sorry for obvious question, but have you made sure that you have write permission to the directory you are trying to write to? Travis Bullock wrote: Hello again. Still have not resolved this winbind issue, although it may not be winbind at all. The odd thing is, when I attempt to access a share on the Fedora C2 server running samba 3.x and winbind it will ask for a password. If I enter the wrong username and password, it will give me an invalid username or password error. If I enter the correct username and password, it will give me a Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. Any ideas out there? Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printer giving Access Denied
Is the samba spool directory the same for both printers? Andrew Gaffney wrote: I have 2 printer queues setup on my samba 3.0.6 NT4-style PDC. About a month ago, one of them stopped working due to an issue with CUPS. After restarting CUPS, printing to that share was giving Access Denied. From a windows box, I was able to add drivers and set default print settings as a domain administrator but I still couldn't print. I created a new printer share pointing at the same CUPS printer with the same configuration and the new one worked. In my smb.conf snippet below, the non-working printer share had the same settings as 'jetdirect' but with the printer of 'minimike'. 'jetdirect' has never given me a problem and 'minimike' worked from the moment I created the share. The current 'minimike' settings are scaled down from what it was when I first created it. Can anyone think of a reason why this would happen? [jetdirect] printer = jetdirect comment = Hallway printer printable = yes writeable = yes public = yes printer admin = @domainadmins guest ok = yes [minimike] printer = hp4200 printable = yes read only = no printer admin = @domainadmins -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] logon script, sometimes is no executed!!! Why?!?
Hello, I don't know what to do anymore. I've set up a Samba server domain and some windows clients (some XP, ME, 9x). The BIG problem arises on XP. Sometimes, some users (random) just can't login, other it logs in but don't run the logon script. Windows Me and 9x works good... Thanks bruno rodrigues -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbmount ignores uid option
Hi all, I have nearly the same problem with an actual SuSE 9.1 (Pro) distribution. Older releases (SuSE 8.1/8.2/9.0 Pro) are working as expected with the correct UID/GID. These distriburtions are based on samba 2.x clients - with 9.1 SuSE switched to a samba 3.x client. With SUSE 9.1 I tried the following alternatives mounting a samba share as an normal user (the server is a samba 3.x linux host): sudo mount -t smbfs -o username=smbuser,password=smbpwd,uid=1000,gid=100 //server/share ~/mountpoint or sudo smbmount //server/share ./mountpoint -o uid=1000,gid=100,username=smbuser,password=smbpwd on the older distros I simply set the SUID bit of smbmnt and smbumount, so mounting as an user like described in the example above works without calling sudo. I tried the alternatives from above with - samba 3.0.7 (RPM binaries for SuSE 9.1 available at ftp.sernet.de/pub/samba/) - samba 2.2.12 - current stable version from 2.x series (sources from samba.org - manually build) - samba 2.2.8a - this version comes with SuSE 9.0 (old sources I loaded from a samba.org mirror - manually build) With all these versions the same problem - the contents of the mounted directory is owned by root. So I guess the problem has something to do with a changed system configuration, changed shared libraries or kernel update. This problem was described some times before in this list, but I could not find any answer for this issue. I hope someone who solved it can help me or give me a hint what I could trie next to find a solution. Manuel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINBIND Problem.....
You will want to ensure the two top-level directories above your share are set to at least r-x. (usr and avmax_shares). If that is correct try temporarily changing the permission to rwx or 777 for everyone to see if it is a permission problem. Finally, try adding a user (adduser) to your unix box with the exact name of your windows login. tbullock I would assume. You do not need to do anything special to the unix account except perhaps ensure the password is the same as your windows account. Regards, Gerald Bird - Original Message - From: Travis Bullock [EMAIL PROTECTED] To: 'Mark Le Noury' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 9:44 AM Subject: RE: [Samba] WINBIND Problem. Here she is: [global] log level = 3 # workgroup = NT-Domain-Name or Workgroup-Name workgroup = AVMAX # server string is the equivalent of the NT Description field server string = Samba Server # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 1 to 2 for domain users winbind uid = 1-2 # use gids from 1 to 2 for domain groups winbind gid = 1-2 # allow enumeration of winbind users and groups password server = nt_bdc AVMAX encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers winbind use default domain = yes winbind cache time = 15 winbind enum users = yes winbind enum groups = yes obey pam restrictions = yes template shell = /bin/bash [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [tbullock] comment = Avmax Domain Shares browseable = yes writable = yes read only = no path = /usr/avmax_shares/tbullock valid users = AVMAX+tbullock -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Le Noury Sent: Tuesday, October 05, 2004 9:10 AM To: [EMAIL PROTECTED] Subject: RE: [Samba] WINBIND Problem. Hi, Sorry for a few more obvious questions, but... What does the share definition in smb.conf look like? What global parameters have you set? Maybe I missed an earlier post or something. Thanks, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: 05 October 2004 05:07 PM To: 'Hamish' Cc: [EMAIL PROTECTED] Subject: RE: [Samba] WINBIND Problem. Most definitely. The test directory appears as follows: [EMAIL PROTECTED] avamx_shares]# ls -al total 12 drwxr-xr-x 3 root root 4096 Sep 21 14:40 . drwxr-xr-x 17 root root 4096 Sep 2 06:07 .. drwxr-xr-x 2 tbullock Domain Admins 4096 Sep 21 14:40 tbullock The directory 'tbullock' is the one I am trying to gain access to. As you see Fedora allows me to use the winbind generated or acquired tbullock user and Domain Admins groups which I found pretty cool by the way. And also the wierd thing is if I try to browse to that 'tbullock' share and I am not actually logged in as 'tbullock' (Domain account) it gives me an straight forward Access Denied message. If I am sitting at my computer logged in as my Domain Account 'tbullock' then the message is much different and goes something like: Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. So it is returning different error messages depending on which account attempts to access the share. Thanks for the interest in this problem. Cheers, Travis -Original Message- From: Hamish [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 4:48 AM To: Travis Bullock Cc: [EMAIL PROTECTED] Subject: Re: [Samba] WINBIND Problem. Sorry for obvious question, but have you made sure that you have write permission to the directory you are trying to write to? Travis Bullock wrote: Hello again. Still have not resolved this winbind issue, although it may not be winbind at all. The odd thing is, when I attempt to access a share on the Fedora C2 server running samba 3.x and winbind it will ask for a password. If I enter the wrong username and password, it will give me an invalid username or password error. If I enter the correct username and password, it will give me a Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. Any ideas out there? Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help: File is present (via Samba) but cannot be opened?
When I mount a Windows XP partition (NTFS) on my SuSE 9.1 machine via Samba 3.0.4, I find some files can be listed (via ls) but mysteriously cannot be opened, even though the file permissions appear fine. What is a good way to track down this sort of problem? Here's an example where I cd into a samba-mounted directory and try to open a file that I know is present. It cannot be opened, but I can list it by wildcard so the shell does see the directory entry. ALL OTHER FILES in the directory are fine, it's just this one that is problematic. # cd '/mnt/sirius/g/Work/Mac_Home/MANUSCRIPTS/AF and HB detection' # /bin/ls -l PsyScience.cove.otes.031203.doc /bin/ls: PsyScience.cove.otes.031203.doc: No such file or directory # /bin/ls -l PsyScience.cove.otes.031203.do* -rwxr-xr-x 1 root root 54272 Mar 13 2003 PsyScience.cove.otes.031203.doc # df . Filesystem 1K-blocks Used Available Use% Mounted on //sirius/Work 19526656 4684800 14841856 24% /mnt/sirius/g # stat -f . File: . ID: 0Namelen: 1024Type: smb Blocks: Total: 4881664Free: 3710464Available: 3710464Size: 4096 Inodes: Total: 0 Free: 0 If it makes any difference, the samba-mounted drive is attached by firewire to the XP machine. Could $LANG make any difference? # echo $LANG en_US.UTF-8 Just for fun, here's the /etc/fstab entry: //sirius/Work /mnt/sirius/gsmbfsusername=x0 0 and an strace of the unsuccessful ls command above. execve(/bin/ls, [ls, PsyScience.cove.otes.031203.doc], [/* 62 vars */]) = 0 uname({sys=Linux, node=myhost, ...}) = 0 brk(0) = 0x805b000 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40017000 open(/etc/ld.so.preload, O_RDONLY)= -1 ENOENT (No such file or directory) open(/etc/ld.so.cache, O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=122568, ...}) = 0 old_mmap(NULL, 122568, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40018000 close(3)= 0 open(/lib/tls/librt.so.1, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\34\0..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=35844, ...}) = 0 old_mmap(NULL, 30460, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40036000 madvise(0x40036000, 30460, MADV_SEQUENTIAL|0x1) = 0 old_mmap(0x4003d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6000) = 0x4003d000 close(3)= 0 open(/lib/libacl.so.1, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\24..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=31632, ...}) = 0 old_mmap(NULL, 20956, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4003e000 madvise(0x4003e000, 20956, MADV_SEQUENTIAL|0x1) = 0 old_mmap(0x40043000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x5000) = 0x40043000 close(3)= 0 open(/lib/libselinux.so.1, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0003\0..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=61336, ...}) = 0 old_mmap(NULL, 57140, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40044000 madvise(0x40044000, 57140, MADV_SEQUENTIAL|0x1) = 0 old_mmap(0x4005, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xb000) = 0x4005 close(3)= 0 open(/lib/tls/libc.so.6, O_RDONLY)= 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360U\1..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1349081, ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40052000 old_mmap(NULL, 1132940, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40053000 madvise(0x40053000, 1132940, MADV_SEQUENTIAL|0x1) = 0 old_mmap(0x4015d000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x10a000) = 0x4015d000 old_mmap(0x40165000, 10636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40165000 close(3)= 0 open(/lib/tls/libpthread.so.0, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360I\0..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=88272, ...}) = 0 old_mmap(NULL, 65004, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40168000 madvise(0x40168000, 65004, MADV_SEQUENTIAL|0x1) = 0 old_mmap(0x40175000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xd000) = 0x40175000 old_mmap(0x40176000, 7660, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40176000 close(3)= 0 open(/lib/libattr.so.1, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \r\0\000..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=14350, ...}) = 0 old_mmap(NULL, 13076, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40178000 madvise(0x40178000, 13076, MADV_SEQUENTIAL|0x1) = 0 old_mmap(0x4017b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
Re: [Samba] Poor linux client performance (comparing to XP)
On Mon, 04 Oct 2004 19:19:09 +0200 Holger Krull [EMAIL PROTECTED] wrote: Bostjan Skufca @ domenca.com schrieb: Is there any patch (official/unofficial) available to fix this issue? None that i know about. You could try using mount.cifs. Arent there any changes needed for the samba server, just use other mount options? Is anyone familiar with this issue? Yes, this has been observed a lot. It's as far as i know based on smb packet size. smbfs will only use 4096 Bytes in one smb packet, whereas a windows client will use much larger packets, up to 60K -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] getpeername failed. Error was Transport endpoint is not connected
Hi all, I'm using slackware 10, running samba-3.0.7, OpenLDAP-2.2.17 with ssl, tls and sasl2. While i trying include a workstation windows xp in the samba domain it return this: [2004/10/05 12:51:25, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/10/05 12:51:26, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/10/05 12:51:26, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2004/10/05 12:51:26, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 22: ERRNO = Connection reset by peer [2004/10/05 12:51:26, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) Anyone know why? My configuration has been in http://www.nerdgroup.org/doc/samba+ldap+qmail.txt Thanks -- Fernando Ribeiro - GPG-KEY: 0x8D7255F4 Linux Counter: #273768 - ICQ: 175630330 Linux Professional Institute - LPIC-1 Death the graph! Death the mouse! Death patents! Death closed standards! http://www.nerdgroup.org http://musb.nerdgroup.org -- Grandes mentes discutem idéias; Mentes medianas discutem eventos; Mentes pequenas discutem pessoas. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Help: File is present (via Samba) but cannot be opened?
Daniel Barrett Sent: 05 October 2004 17:46 To: [EMAIL PROTECTED] Cc: Daniel Barrett Subject: [Samba] Help: File is present (via Samba) but cannot be opened? When I mount a Windows XP partition (NTFS) on my SuSE 9.1 machine via Samba 3.0.4, I find some files can be listed (via ls) but mysteriously cannot be opened, even though the file permissions appear fine. What is a good way to track down this sort of problem? Here's an example where I cd into a samba-mounted directory and try to open a file that I know is present. It cannot be opened, but I can list it by wildcard so the shell does see the directory entry. ALL OTHER FILES in the directory are fine, it's just this one that is problematic. # cd '/mnt/sirius/g/Work/Mac_Home/MANUSCRIPTS/AF and HB detection' # /bin/ls -l PsyScience.cove.otes.031203.doc /bin/ls: PsyScience.cove.otes.031203.doc: No such file or directory # /bin/ls -l PsyScience.cove.otes.031203.do* -rwxr-xr-x 1 root root 54272 Mar 13 2003 PsyScience.cove.otes.031203.doc I'm battling with the same problem at the moment as well. I'm hoping (fingers crossed!) that using cifs as the filesystem type will resolve the issue. Of course, this means moving from my current 2.4 kernel to a 2.6 one... and it takes a little while to re-compile on my p500! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Poor linux client performance (comparing to XP)
Is there any patch (official/unofficial) available to fix this issue? None that i know about. You could try using mount.cifs. Arent there any changes needed for the samba server, just use other mount options? No changes on the server side. Just use mount -t cifs if you have that in kernel or as module. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Update: [Samba] Samba Shares not Refreshing contents
At my lan all workdstations are WindowsXP and they suffer this problem even after we upgraded to Samba 3. Marcus --- Greg Freemyer [EMAIL PROTECTED] wrote: We have the problem on some of our machines, and we are a pure workgroup setup. BTW: I think this also happens with some of our Win2K servers, so this is not a samba unique issue. On Mon, 4 Oct 2004 15:37:45 -0600, Omar Castañeda Acosta [EMAIL PROTECTED] wrote: Actually it looks like this problem only affects some workstations. Could it be my domain policy? (I guess so 'cause only computers logged on to the domain exhibit this behavior) Anyone ever experienced this? Omar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Omar Castañeda Acosta Sent: Monday, October 04, 2004 3:31 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba Shares not Refreshing contents Hello List, I've seen this question multiple times in several forums, and no answers. I've just setup a couple of Linux (fedora core2)/Samba servers that are supposed to act as NAS (2.7 and 3.7 TB respectively), samba is working fine and it's perfectly integrated to the active directory and NT domain (win2003 environment). However I've got a problem refreshing the contents of any folders whenever I create a new folder or rename a file. I've got to manually refresh the explorer windows (pressing F5) to see the changes, Is there any way to make it work so explorer reloads the folder lists whenever they change? Basically, this is just an annoyance, 'because users won't use directly the samba shares. I want to upgrade our fileservers from win2003 to Linux/Samba later on, and then will become a big issue instead of just a minor annoyance. As I said before I've seen this question on forums previously but couldn't find a decent answer. Even some Sun technician just answered to a customer that it was pretty much the standard samba behavior. Is it true? Thanks in Advance, Omar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] random errors the local drive name is already in use. This connection has not been restored.
I have had this problem unrelated to samba. I believe it is in the login scripts. Perhaps you are using the net use /persistent switch when you do no need to? Regards, Gerald Bird - Original Message - From: [EMAIL PROTECTED] Date: Tuesday, October 5, 2004 11:05 am Subject: [Samba] random errors the local drive name is already in use. This connection has not been restored. Hello, I have random errors that I can not analyze nor fix: when several users connect to the same Samba share, they get sometimes error messages the local drive name is already in use. This connection has not been restored, although the connection is still usable afterwards. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can join domain; can't logon
Chris St. Pierre wrote: I had a problem similar to my current one a week or so ago, and I was encouraged to upgrade from Samba 2.2.9 to 3.0.7, which I did. Now that I've completed that nightmare, the problem I initially set out to fix is still there, just different. Namely: I am trying to set up Samba 3.0.7 on a SuSE 9.1 box as an LDAP PDC whose only job will be authentication. Our LDAP server is on a separate box. I can join the domain just fine, but when I try to login via Windows, I get the following error: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. I suspected that neither of these were the case, as I created the account with idealx's smbldap-tools. I verified that the account is there with ldapsearch. Last time I had this problem, Samba wasn't even communicating with LDAP, but this time it is. When I try to login, here's what the LDAP logs show: smbldap-tools create posixAccounts in case you use NSS LDAP support. You should verify that it's there with 'getent passwd GUINEA-PIG$'. If not - you probably use passwd or shadow in which case you need to use adduser to to the job. Besides posixAccount you should also have Samba account as well. You should look at what was responses to the LDAP requests by looking at the SEARCH RESULT lines with the same 'conn=' and 'op='. I would guess that response was 'nentries=0' And it has nothing to do with some optional attributes being empty - just with the fact that there's no such entry with 'objectClass=sambaSamAccount'. It can also be a problem of nscd if you have one. Your LDAP requests are at 10:03 and your nmbd log extract is for 11:14 which means LDAP requests were done long before Samba requests unless there's a timezone issue between the machines or that their clocks are really scrude up. I would also recommend to post smbd log instead of nmbd since its smbd which interacts with LDAP. Igor [05/Oct/2004:10:03:52 -0500] conn=53576 op=7 SRCH base=o=nebrwesleyan.edu,o=isp scope=2 filter=((uid=GUINEA-PIG$)(objectClass=sambaSamAccount)) attrs=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount sambabadpasswordtime sambapasswordhistory modifyTimestamp sambalogonhours modifyTimestamp [05/Oct/2004:10:03:52 -0500] conn=53576 op=8 SRCH base=o=nebrwesleyan.edu,o=isp scope=2 filter=((uid=GUINEA-PIG$)(objectClass=sambaSamAccount)) attrs=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount sambabadpasswordtime sambapasswordhistory modifyTimestamp sambalogonhours modifyTimestamp It searches twice for the machine trust account, which I've verified exists. The only thing I can think of is that not all of the attributes it's asking for exist. (In fact, a lot of them don't.) As you can see in the attached nmbd log, though, Samba doesn't show any obvious errors. I've also included my smb.conf (with some changes to protect my server's innocence). Any ideas are greatly appreciated. Thanks. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 [global] server string = test workgroup = NWU_TEST netbios name = TESTERATOR log level = 1 encrypt passwords = yes max smbd processes = 0 socket options = TCP_NODELAY add machine script = /usr/local/sbin/smbldap-useradd -w '%u' logon script = scripts\logon.bat logon path = \\%L\profiles\%U domain logons = yes local master = yes preferred master = yes wins server = 10.9.1.12 security = user passdb backend = ldapsam:ldap://server.nebrwesleyan.edu ldap suffix = o=nebrwesleyan,o=edu ldap machine suffix = ou=Machines ldap user suffix = ou=People ldap group suffix = ou=Groups ldap filter = (uid=%u) ldap admin dn = cn=foo ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes locking = No [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No [tmp] comment = temporary files path = /tmp read only = yes [2004/10/05 11:14:43, 5] nmbd/nmbd_packets.c:process_dgram(1194) process_dgram: ignoring dgram packet
[Samba] wbinfo -a always failing with NT_STATUS_WRONG_PASSWORD
Hello! Please help! I have been googling and experimenting for the past few days, but I can't get user authentications to work with my AD domain. Fedora Core 2 running Samba 3.0.7-2.FC2 Windows Server 2003 Standard Edition After much fuss, I was able to get it to join the domain (had to disable client signing). wbinfo -u and wbinfo -g both work fine, and I can see the user I'm trying to authenticate with. wbinfo -a user%pass always gives me: # wbinfo -a user%pass plaintext password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user user%pass with plaintext password challenge/response password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user user with challenge/response It eventually locks out the account. I've tried multiple accounts, and even creating a new account with the same results. Trying with a bogus user gives me NT_STATUS_NO_SUCH_USER (0xc064). I think I've read every how-to out there on this, and searched every forum I can find. I am at a loss. Can someone give me an idea of what settings I can play with that would affect this? Or what to look for in a debug? Any suggestions would be GREATLY appreciated! Thanks! -Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.8pre1, encoding problem?
Dmitry, Have you checked your settings in Tools - Folder Options - View Tab - Advanced Settings box - Upper case names? It is just a thought. Andrew Carroll Carroll-Tech 720-273-6814 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SuSE 9.1 Pro
Hi, btw, SuSE support will likely soon release an updated glibc RPM to addresss the .local problem (there you can switch off the MDNS lookups). Schlomo PS: For iptables you could try http://www.fwbuilder.org/ - it is quite nice. On Tue, 5 Oct 2004, rruegner wrote: Chuck Chauvin schrieb: Is anyone aware of any specific problems with SuSE 9.1 Pro in regards to running Samba as a domain controller? I have been trying for a couple of weeks to get it setup but keep running into one roadblock or another. Half of the time I can't see the DC at all unless I disable the SuSE Firewall altogether, other times I am able to see the DC just not connect if I have ports 137, 138, 139 and 445 open. I haven't been able to find much help online or in the various forums that I frequent and was wondering if anyone knew of any specific probelms with SuSE 9.1 that I might not be aware of. Thanks in advance. -- Chuck Chauvin Network Administrator [EMAIL PROTECTED] Hi, the simple answer is dont use suse firewall,( iptables scripts are easy to google ) and study more chapters from Samba Browsing I run many samba server under suse without any special problems what you should now is taht you should not use a .local dns domain on your internal nameserver , which is highly recommend for a private network, in suse 9.1 this dns domains are resolved by multicast for miracle reason, without having the magic to disable it. Regards -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Help: File is present (via Samba) but cannot be opened?
On October 5, 2004, Daniel Barrett wrote: When I mount a Windows XP partition (NTFS) on my SuSE 9.1 machine via Samba 3.0.4, I find some files can be listed (via ls) but mysteriously cannot be opened... Russell Packer responded: I'm battling with the same problem at the moment as well. I'm hoping (fingers crossed!) that using cifs as the filesystem type will resolve the issue. Thanks for the suggestion. cifs works! Thank you!! cifs also reveals that the filename in question contains non-ASCII characters, which must have triggered the problem. Under smbfs: PsyScience.cove.otes.031203.doc Under cifs: PsyScience.coveâ¦otes.031203.doc -- Dan Barrett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-2.2.8a-220 and OSX
Hi to all. We have a samba-2.2.8a-220 Server. The server works still fine with several clients (W9x, W2k, WXP and smbmounts via Linux). But now I have to connect an Apple OSX and now I have one problem. From OSX I can connect to the shares, browse the file listing. But when a file is copied into a share, the file is on the destination with 0 (zero) Bytes filesize. The linux uid and gid are correctly set, according to the parameters from smb.conf. This phenomen occurs only with MacOSX. What happens there ??? BTW: I habe also a test server with Samba 3 and there is no problem to connect and upload files. But I cannot change the samba 2 Server now. Thanks in advance. Regards -- Gunther Grelczak Deutsches Museum - Elektronik und Medien t: +49.89.2179-349f: +49.89.2179-326 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SuSE 9.1 Pro
Hi, nice to here cause i never will use suse again in the future until they do not fix this essential dns bug Regards Schlomo Schapiro schrieb: Hi, btw, SuSE support will likely soon release an updated glibc RPM to addresss the .local problem (there you can switch off the MDNS lookups). Schlomo PS: For iptables you could try http://www.fwbuilder.org/ - it is quite nice. On Tue, 5 Oct 2004, rruegner wrote: Chuck Chauvin schrieb: Is anyone aware of any specific problems with SuSE 9.1 Pro in regards to running Samba as a domain controller? I have been trying for a couple of weeks to get it setup but keep running into one roadblock or another. Half of the time I can't see the DC at all unless I disable the SuSE Firewall altogether, other times I am able to see the DC just not connect if I have ports 137, 138, 139 and 445 open. I haven't been able to find much help online or in the various forums that I frequent and was wondering if anyone knew of any specific probelms with SuSE 9.1 that I might not be aware of. Thanks in advance. -- Chuck Chauvin Network Administrator [EMAIL PROTECTED] Hi, the simple answer is dont use suse firewall,( iptables scripts are easy to google ) and study more chapters from Samba Browsing I run many samba server under suse without any special problems what you should now is taht you should not use a .local dns domain on your internal nameserver , which is highly recommend for a private network, in suse 9.1 this dns domains are resolved by multicast for miracle reason, without having the magic to disable it. Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo -a always failing with NT_STATUS_WRONG_PASSWORD
My current smb.conf: [global] realm = DOTP.NCP.NET workgroup = DOTP password server = dotdc1p.dotp.ncp.net security = ads encrypt passwords = yes winbind use default domain = yes log level = 3 testparm output: Load smb config files from /etc/samba/smb.conf Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = DOTP realm = DOTP.NCP.NET security = ADS password server = dotdc1p.dotp.ncp.net log level = 3 winbind use default domain = Yes Thanks! On Tue, 05 Oct 2004 11:36:15 -0600, Gerald Bird [EMAIL PROTECTED] wrote: A look at your smb.conf might be helpful in this situation. Also the output of running a testparm. Regards, Gerald Bird - Original Message - From: Jeremy Naylor [EMAIL PROTECTED] Date: Tuesday, October 5, 2004 11:24 am Subject: [Samba] wbinfo -a always failing with NT_STATUS_WRONG_PASSWORD Hello! Please help! I have been googling and experimenting for the past few days, but I can't get user authentications to work with my AD domain. Fedora Core 2 running Samba 3.0.7-2.FC2 Windows Server 2003 Standard Edition After much fuss, I was able to get it to join the domain (had to disable client signing). wbinfo -u and wbinfo -g both work fine, and I can see the user I'm trying to authenticate with. wbinfo -a user%pass always gives me: # wbinfo -a user%pass plaintext password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user user%pass with plaintext password challenge/response password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user user with challenge/response It eventually locks out the account. I've tried multiple accounts, and even creating a new account with the same results. Trying with a bogus user gives me NT_STATUS_NO_SUCH_USER (0xc064). I think I've read every how-to out there on this, and searched every forum I can find. I am at a loss. Can someone give me an idea of what settings I can play with that would affect this? Or what to look for in a debug? Any suggestions would be GREATLY appreciated! Thanks! -Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SuSE 9.1 Pro
Chuck Chauvin schrieb: My entire smb.conf file is listed in the thread [Samba] Samba 3.0.4 Profile Permissions. I'll post it here as well. My layout is fairly simple. I have one machine in my network running Linux and Samba that acts as a Primary Domain Controller. It resides at IP addres 192.168.1.100 while all of the other machines on my network (all Windows XP clients) have an IP address of 192.168.1.xxx I currently have this setup running in Mandrake (from about 2 years ago) and everything works as it should regarding Samba (version 2.2.4 btw). All of my clients login to the server using an account and password that exists on the Linux machine. Following this message is my smb.conf and my log files from last night. This was with the firewall disabled altogether. I would like a firewall of some sort on this server so disabling the firewall doesn't really make me feel all that comfortable but if it doesn't work right, it doesn't work. I have ports 137, 138, 139 and 445 open, according to YaST, but this still will not work. I (usually) can't even see the Domain Controller while the firewall is running. I say ususally because sometimes I do... and I hadn't changed a thing. It's there one minute and gone the next. When you look at the log files you will notice that I attempted to log in with a user account of bagginsadmin which is a member of the adm group. The adm group is set in all of my Windows XP clients as a member of the Administrators group so that I can use this particular login to access any of my XP clients and make any necessary modifications. When I attempted to login last night I got the following error: Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator. I then attempted to login with my own account (also a member of the adm group) and got this error: Windows cannot log you in now because the domain BAGGINS is not available. I then created a new user account in Linux and Samba and attempted to login. I get the same error. When I login using the original administrative account above I get access to most of the shares that I have setup. My network logon script runs just fine. I do not, however, have Administrative priveleges on the XP client. When I attempt to modify the XP client Administrators group I get a list of numbers as the members instead of what I am used to seeing (i.e. BAGGINS\unix_group.XXX). Now I am sure that the following line in my log.smbd explains what is going wrong but I'll be snookered if I knew what it meant: [2004/10/04 11:59:05, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(5988) init_sam_user_info_21A: User bagginsadmin has Primary Group SID S-1-5-32- 544, which conflicts with the domain sid S-1-5-21-2763611909-969304523- 3334035465. Failing operation. So, having said all of that, here are my configuration and log files. As always, any help is greatly appreciated. [global] workgroup = BAGGINS security = user encrypt passwords = yes passdb backend = smbpasswd server string = Domain Controller netbios name = BILBO add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody - s /bin/false %m$ domain master = yes domain logons = yes logon script = logon.cmd local master = yes preferred master = yes os level = 65 [homes] comment = Home Directory for %u path = /home/%u read only = No browseable = No [Projects] comment = Project Folders path = /data-1/projects admin users = @Design, adm, Manager read only = No create mask = 0775 force create mode = 0775 force security mode = 0775 force directory mode = 0775 force directory security mode = 0775 [Temp] comment = Temporary Space path = /data-1/temp admin users = @Design, adm, Manager read only = No create mask = 0777 [Archive] comment = Archived Projects path = /data-1/archive write list = @adm security mask = 0755 directory security mask = 0755 guest ok = Yes [netlogon] comment = Network Logon Service path = /etc/samba/netlogon guest ok = Yes [Profiles] path = /home/%u/profile browseable = No writeable = yes nt acl support = yes My log.smbd [2004/10/04 11:55:00, 1] smbd/service.c:make_connection_snum(619) baggins001 (192.168.1.6) connect to service bagginsadmin initially as user bagginsadmin (uid=543, gid=4) (pid 7537) [2004/10/04 11:55:00, 1] smbd/service.c:close_cnum(801) baggins001 (192.168.1.6) closed connection to service bagginsadmin [2004/10/04 11:55:04, 1] smbd/service.c:make_connection_snum(619) baggins001 (192.168.1.6) connect to service bagginsadmin initially as user bagginsadmin (uid=543, gid=4)
Re: [Samba] SuSE 9.1 Pro
Actually the user is a domain user. And, as I stated in my example, I setup a brand new user in Linux and Samba with even worse results. As far as my conf file goes, I moved the original smb.conf and recreated this one using YaST. -- Chuck Chauvin Network Administrator [EMAIL PROTECTED] -- Original Message --- From: rruegner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tue, 05 Oct 2004 20:28:26 +0200 Subject: Re: [Samba] SuSE 9.1 Pro ---8---snip!--- Hi Chuck now i think it is clear that your firewall is not envolved anyway disable it until you fetch the bug. at a short look User bagginsadmin has Primary Group SID S-1-5-32- 544, which conflicts with the domain sid S-1-5-21-2763611909- 969304523- 3334035465. Failing operation. your user is not a domain user, your smb.conf is very small for a pdc but should be enough, as your samba does logs no blocking by a firewall is done in my suse setup i have passdb backend = smbpasswd:/etc/samba/smbpasswd check if the user is exist /etc/passwd and create him with smbpasswd -a user This should help you out , but i recommend to read more on samba faq and suse example conf as well, cause your missing very usefull parameters in your conf Regards --- End of Original Message --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mac OS X winbind on Samba domain
Hi All, Has anyone managed to get a Mac (OS X I'm using) to authenticate to a Samba/NT domain? I've been playing with this all day, and am not getting very far - smbd, nmbd and winbind (3.0.2) all run fine, I can see the domain, can connect individually to windows shares, wbinfo shows users (and groups, I assume), but there's no hints as far as what the equivalent to nsswitch.conf (there's no libnss_winbind.so, or /etc/nsswitch.conf). I was hoping to set them up similarly to adding Linux clients, as domain members with automount or something. OS X looks enough like linux to be comfortable, but not enough like it for me to be able to get it to work. any ideas anyone? cheers Jim Potter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] random errorsthe local drive name is already in use. This connection has not beenrestored.
Try using: net use * /delete /yes Before mapping any drives in the login script. This will clear any drives already mapped. I do this in my login script to get rid of the drives that XP/2k will sometimes hold on to and not let go on reboot. - Brad - Original Message - From: Gerald Bird [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 12:14 PM Subject: Re: [Samba] random errorsthe local drive name is already in use. This connection has not beenrestored. I have had this problem unrelated to samba. I believe it is in the login scripts. Perhaps you are using the net use /persistent switch when you do no need to? Regards, Gerald Bird - Original Message - From: [EMAIL PROTECTED] Date: Tuesday, October 5, 2004 11:05 am Subject: [Samba] random errors the local drive name is already in use. This connection has not been restored. Hello, I have random errors that I can not analyze nor fix: when several users connect to the same Samba share, they get sometimes error messages the local drive name is already in use. This connection has not been restored, although the connection is still usable afterwards. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.8pre1, encoding problem?
Someone sent me an email to my carroll-tech address from Samba. The message you sent was accidentally deleted. Please resend it. I think your name was Matthew. Anyway. This is the best I can do to contact you because there is no way to restore the email you sent. Andrew Carroll Carroll-Tech 720-273-6814 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error 16770
When I try to mount an administrative //mymachine2/c$ share(the shared resource is on a WinXP_SP2 unfirewalled machine) from a Linux machine, using the command bellow, I receive an 16770 error message. [EMAIL PROTECTED] scripts]# smbmount //mymachine2/c$ /mnt/tmp/ -o username=administrator 16770: session request to MYMACHINE2 failed (Not listening on called name) 16770: session request to *SMBSERVER failed (Not listening on called name) SMB connection failed If instead of netbios name (mymachine2) I use the private IP address it is the same result. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Group mapping, Samba 3.0.7, and Win 2k SP4
I'm running Samba 3.0.7 as a PDC on a Redhat 7.3 box and have setup group mapping on the required domain groups to local unix groups. All seems fine here. When I log in to the samba domain with a Win XP client or Win2x client pre SP 4, all is fine. The user comes in as a member of what ever mapped domain group they've been assigned. However, if I log in on Win 2k SP4, the user comes in as a member of the default windows guest group. For some reason Win2k SP 4 doesn't seem to be pulling the domain group information from Samba. Anyone else seeing this? Any suggestions? Thanks. Greg -- Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. 1243 West 7th Avenue Eugene, Oregon 97402 Voice 541-683-8383Fax 541-683-8144 www.leiinc.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Getting the SID
Hello all, I'm getting ready to upgrade an old outdated Samba installation. Moving to new hardware and Samba 3.0.7. And now I've got a little conundrum. How to I get the local SID from the old samba server. It's running Samba 2.2.2 and it doesn't appear to have the -X flag for smbpasswd that is supposed to be in 2.2.8 and it obviously doesn't have the net getlocalsid command. Any help is appreciated. Thanks, -- Paul Espinosa [EMAIL PROTECTED] IT Supervisor The World Company 785/312-6912 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Can join domain; can't logon
I did verify that the account exists in LDAP. To prove it: # ldapsearch -b o=nebrwesleyan.edu,o=isp ((uid=GUINEA-PIG$)(objectClass=sambaSamAccount)) uid=guinea-pig$,ou=machines,o=nebrwesleyan.edu,o=isp [...snip...] And moreover: # getent passwd guinea-pig$ guinea-pig$:x:1001:1000:guinea-pig$:/dev/null:/bin/false I am not running ncsd. The samba machine has a decidedly out-of-sync system clock, but I haven't bothered with it since it's only a test box. However! Here's the smbd log: [2004/10/05 16:24:17, 1] lib/smbldap.c:add_new_domain_info(1289) failed to add domain dn= sambaDomainName=NWU_TEST,o=nebrwesleyan.edu,o=isp with: Object class violation [2004/10/05 16:24:17, 0] lib/smbldap.c:smbldap_search_domain_info(1338) Adding domain info for NWU_TEST failed with NT_STATUS_UNSUCCESSFUL [2004/10/05 16:24:20, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261) get_md4pw: Workstation GUINEA-PIG$: no account in domain [2004/10/05 16:24:20, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261) get_md4pw: Workstation GUINEA-PIG$: no account in domain Which alerts me to the fact that it's the creation of the domain in LDAP that's causing problems. I properly installed the 3.0.7 schema -- as is evidenced by other things working -- but this is giving me an object class violation. I cranked the log level up to 10, but it didn't give me much more information that was readily useful to me; the full 157K log is available, though, if you want it. Any ideas? Or, if anyone has a typical LDAP domain entry I can look at, I can add it by hand and get more info from it. Thanks. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 On Tue, 5 Oct 2004, Igor Belyi wrote: Chris St. Pierre wrote: I had a problem similar to my current one a week or so ago, and I was encouraged to upgrade from Samba 2.2.9 to 3.0.7, which I did. Now that I've completed that nightmare, the problem I initially set out to fix is still there, just different. Namely: I am trying to set up Samba 3.0.7 on a SuSE 9.1 box as an LDAP PDC whose only job will be authentication. Our LDAP server is on a separate box. I can join the domain just fine, but when I try to login via Windows, I get the following error: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. I suspected that neither of these were the case, as I created the account with idealx's smbldap-tools. I verified that the account is there with ldapsearch. Last time I had this problem, Samba wasn't even communicating with LDAP, but this time it is. When I try to login, here's what the LDAP logs show: smbldap-tools create posixAccounts in case you use NSS LDAP support. You should verify that it's there with 'getent passwd GUINEA-PIG$'. If not - you probably use passwd or shadow in which case you need to use adduser to to the job. Besides posixAccount you should also have Samba account as well. You should look at what was responses to the LDAP requests by looking at the SEARCH RESULT lines with the same 'conn=' and 'op='. I would guess that response was 'nentries=0' And it has nothing to do with some optional attributes being empty - just with the fact that there's no such entry with 'objectClass=sambaSamAccount'. It can also be a problem of nscd if you have one. Your LDAP requests are at 10:03 and your nmbd log extract is for 11:14 which means LDAP requests were done long before Samba requests unless there's a timezone issue between the machines or that their clocks are really scrude up. I would also recommend to post smbd log instead of nmbd since its smbd which interacts with LDAP. Igor [05/Oct/2004:10:03:52 -0500] conn=53576 op=7 SRCH base=o=nebrwesleyan.edu,o=isp scope=2 filter=((uid=GUINEA-PIG$)(objectClass=sambaSamAccount)) attrs=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount sambabadpasswordtime sambapasswordhistory modifyTimestamp sambalogonhours modifyTimestamp [05/Oct/2004:10:03:52 -0500] conn=53576 op=8 SRCH base=o=nebrwesleyan.edu,o=isp scope=2 filter=((uid=GUINEA-PIG$)(objectClass=sambaSamAccount)) attrs=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount sambabadpasswordtime sambapasswordhistory
Re: [Samba] random errorsthe local drive name is already in use. This connection has not beenrestored.
I think this is possibly a windows problem, I have had the same error in high usage workgroup situations with win2000. There is a relatively simple fix, I think if you search MS for the error message it is there. H Brad Otto wrote: Try using: net use * /delete /yes Before mapping any drives in the login script. This will clear any drives already mapped. I do this in my login script to get rid of the drives that XP/2k will sometimes hold on to and not let go on reboot. - Brad - Original Message - From: Gerald Bird [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 12:14 PM Subject: Re: [Samba] random errorsthe local drive name is already in use. This connection has not beenrestored. I have had this problem unrelated to samba. I believe it is in the login scripts. Perhaps you are using the net use /persistent switch when you do no need to? Regards, Gerald Bird - Original Message - From: [EMAIL PROTECTED] Date: Tuesday, October 5, 2004 11:05 am Subject: [Samba] random errors the local drive name is already in use. This connection has not been restored. Hello, I have random errors that I can not analyze nor fix: when several users connect to the same Samba share, they get sometimes error messages the local drive name is already in use. This connection has not been restored, although the connection is still usable afterwards. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] random errorsthe local drive name is already in use.This connection has not beenrestored.
I had the same problem with XP. Modifying the login script to delete the mapping first was the only cure I found. and just recently I found Service Pack 2 fixes this in XP! I don't know how the other OSs might be affected. Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hamish Sent: Tuesday, October 05, 2004 2:59 PM To: Brad Otto Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] random errorsthe local drive name is already in use.This connection has not beenrestored. I think this is possibly a windows problem, I have had the same error in high usage workgroup situations with win2000. There is a relatively simple fix, I think if you search MS for the error message it is there. H Brad Otto wrote: Try using: net use * /delete /yes Before mapping any drives in the login script. This will clear any drives already mapped. I do this in my login script to get rid of the drives that XP/2k will sometimes hold on to and not let go on reboot. - Brad - Original Message - From: Gerald Bird [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 12:14 PM Subject: Re: [Samba] random errorsthe local drive name is already in use. This connection has not beenrestored. I have had this problem unrelated to samba. I believe it is in the login scripts. Perhaps you are using the net use /persistent switch when you do no need to? Regards, Gerald Bird - Original Message - From: [EMAIL PROTECTED] Date: Tuesday, October 5, 2004 11:05 am Subject: [Samba] random errors the local drive name is already in use. This connection has not been restored. Hello, I have random errors that I can not analyze nor fix: when several users connect to the same Samba share, they get sometimes error messages the local drive name is already in use. This connection has not been restored, although the connection is still usable afterwards. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printer driver doesn't install under XP
hi, all I have samba 2.2 as PDC running under AIX. a HP 4100tn printer is installed. now i want to print to this printer from a xp machine but i can't seems to install the printer driver to the xp machine during the printer wizard. it always prompts me error that 'windows cannot locate a suitable printer driver I already unziped the drive where i got it from hp site and point it to the right location but still no avail. anyone got a idea how to fix this ? thanks, Qiang __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ERRATA: Potential Arbitrary File Access (CAN-2004-0815)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ERRATA - -- The original announcement for the Samba vulnerability identified by CAN-2004-0815 reported that Samba versions 3.0.0 - 3.0.5 inclusive were subject the remote file access bug. Later research has confirmed that *only* Samba 3.0.x = 3.0.2a contains the exploitable code. The Samba Team expresses sincere apologies for any confusion this inaccuracy in the original announcement has caused. Updated Security Announcement - - Subject:Potential Arbitrary File Access Affected Versions: Samba 2.2.x = 2.2.11 and Samba 3.0.x = 3.0.2a Summary:A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection. Patch Availability - -- The patch for Samba 3.0.2a and earlier releases 3.0.x (samba-3.0.2a-reduce_name.patch) can be downloaded from http://download.samba.org/samba/ftp/patches/security/ Samba 2.2.12 has been released to specifically address this bug. Description - --- A bug in the input validation routines used to convert DOS path names to path names on the Samba host's file system may be exploited to gain access to files outside of the share's path defined by smb.conf. Protecting Unpatched Servers - Samba file shares with 'wide links = no' (a non-default setting) in the service definition in smb.conf are *not* vulnerable to this attack. The Samba Team always encourages users to run the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the Server Security documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). Karol Wiesek is credited with this discovery. - -- Please report any security related issues to [EMAIL PROTECTED] Our Code, Our Bugs, Our Responsibility. -- The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBYwUjIR7qMdg1EfYRAjlAAKCSsMiDnq7gEFfaizA33mhp0w51cgCfd1ov mIzM8w2CpSas2oa6/zJkO2s= =7h9O -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Compile Error on 3.0.7 and 3.0.8 Pre 1 on X64 Fedora Core 3 Test 2
Hello, I am trying to compile samba 3.0.7 or samba 3.0.8 pre 1 on a AMD Opteron(tm) Processor 244 running Fedora Test 2 Core 3. The message I am getting is: [EMAIL PROTECTED] source]# make Using FLAGS = -O -Iinclude -I/usr/src/samba-3.0.7/source/include -I/usr/src/samba-3.0.7/source/ubiqx -I/usr/src/samba-3.0.7/source/smbwrapper -I. -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/src/samba-3.0.7/source LIBS = -lcrypt -lnsl -ldl LDSHFLAGS = -shared -Wl,-Bsymbolic -L/usr/lib64 LDFLAGS = -L/usr/lib64 Generating smbd/build_options.c Building include/proto.h creating /usr/src/samba-3.0.7/source/include/proto.h Building include/wrepld_proto.h creating /usr/src/samba-3.0.7/source/include/wrepld_proto.h Building include/build_env.h creating /usr/src/samba-3.0.7/source/nsswitch/winbindd_proto.h creating /usr/src/samba-3.0.7/source/web/swat_proto.h creating /usr/src/samba-3.0.7/source/client/client_proto.h creating /usr/src/samba-3.0.7/source/utils/net_proto.h Compiling dynconfig.c /tmp/cccsbyQh.s: Assembler messages: /tmp/cccsbyQh.s:44: Error: suffix or operands invalid for `mov' /tmp/cccsbyQh.s:97: Error: suffix or operands invalid for `mov' make: *** [dynconfig.o] Error 1 output for samba 3.0.8 pre 1 [EMAIL PROTECTED] source]# make Using FLAGS = -O -Iinclude -I/usr/src/samba-3.0.8pre1/source/include -I/usr/src/samba-3.0.8pre1/source/ubiqx -I/usr/src/samba-3.0.8pre1/sourc e/smbwrapper -I. -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/src/samba-3.0.8pre1/source LIBS = -lcrypt -lnsl -ldl LDSHFLAGS = -shared -Wl,-Bsymbolic -L/usr/lib64 LDFLAGS = -L/usr/lib64 Generating smbd/build_options.c Building include/proto.h creating /usr/src/samba-3.0.8pre1/source/include/proto.h Building include/wrepld_proto.h creating /usr/src/samba-3.0.8pre1/source/include/wrepld_proto.h Building include/build_env.h creating /usr/src/samba-3.0.8pre1/source/nsswitch/winbindd_proto.h creating /usr/src/samba-3.0.8pre1/source/web/swat_proto.h creating /usr/src/samba-3.0.8pre1/source/client/client_proto.h creating /usr/src/samba-3.0.8pre1/source/utils/net_proto.h creating /usr/src/samba-3.0.8pre1/source/utils/ntlm_auth_proto.h Compiling dynconfig.c /tmp/ccosVX6b.s: Assembler messages: /tmp/ccosVX6b.s:44: Error: suffix or operands invalid for `mov' /tmp/ccosVX6b.s:97: Error: suffix or operands invalid for `mov' make: *** [dynconfig.o] Error 1 my gcc level is : gcc (GCC) 3.4.1 20040831 (Red Hat 3.4.1-10) Copyright (C) 2004 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. my configure command is ./configure Any Ideas Shane Drinkwater -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] WINBIND Problem.....
Thanks for the tipshave done the chmods but to no availI really dont want to consider adding users with identical names and passwords to those on the Windows DC's because that is just way too much administrative overhead...I was hoping WINBIND would save me that grief... Thanks for tips. Cheers, Travis -Original Message- From: Gerald Bird [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 10:28 AM To: Travis Bullock; [EMAIL PROTECTED] Subject: Re: [Samba] WINBIND Problem. You will want to ensure the two top-level directories above your share are set to at least r-x. (usr and avmax_shares). If that is correct try temporarily changing the permission to rwx or 777 for everyone to see if it is a permission problem. Finally, try adding a user (adduser) to your unix box with the exact name of your windows login. tbullock I would assume. You do not need to do anything special to the unix account except perhaps ensure the password is the same as your windows account. Regards, Gerald Bird - Original Message - From: Travis Bullock [EMAIL PROTECTED] To: 'Mark Le Noury' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 9:44 AM Subject: RE: [Samba] WINBIND Problem. Here she is: [global] log level = 3 # workgroup = NT-Domain-Name or Workgroup-Name workgroup = AVMAX # server string is the equivalent of the NT Description field server string = Samba Server # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 1 to 2 for domain users winbind uid = 1-2 # use gids from 1 to 2 for domain groups winbind gid = 1-2 # allow enumeration of winbind users and groups password server = nt_bdc AVMAX encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers winbind use default domain = yes winbind cache time = 15 winbind enum users = yes winbind enum groups = yes obey pam restrictions = yes template shell = /bin/bash [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [tbullock] comment = Avmax Domain Shares browseable = yes writable = yes read only = no path = /usr/avmax_shares/tbullock valid users = AVMAX+tbullock -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Le Noury Sent: Tuesday, October 05, 2004 9:10 AM To: [EMAIL PROTECTED] Subject: RE: [Samba] WINBIND Problem. Hi, Sorry for a few more obvious questions, but... What does the share definition in smb.conf look like? What global parameters have you set? Maybe I missed an earlier post or something. Thanks, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: 05 October 2004 05:07 PM To: 'Hamish' Cc: [EMAIL PROTECTED] Subject: RE: [Samba] WINBIND Problem. Most definitely. The test directory appears as follows: [EMAIL PROTECTED] avamx_shares]# ls -al total 12 drwxr-xr-x 3 root root 4096 Sep 21 14:40 . drwxr-xr-x 17 root root 4096 Sep 2 06:07 .. drwxr-xr-x 2 tbullock Domain Admins 4096 Sep 21 14:40 tbullock The directory 'tbullock' is the one I am trying to gain access to. As you see Fedora allows me to use the winbind generated or acquired tbullock user and Domain Admins groups which I found pretty cool by the way. And also the wierd thing is if I try to browse to that 'tbullock' share and I am not actually logged in as 'tbullock' (Domain account) it gives me an straight forward Access Denied message. If I am sitting at my computer logged in as my Domain Account 'tbullock' then the message is much different and goes something like: Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. So it is returning different error messages depending on which account attempts to access the share. Thanks for the interest in this problem. Cheers, Travis -Original Message- From: Hamish [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 4:48 AM To: Travis Bullock Cc: [EMAIL PROTECTED] Subject: Re: [Samba] WINBIND Problem. Sorry for obvious question, but have you made sure that you have write permission to the directory you are trying to write to? Travis Bullock wrote: Hello again. Still have not resolved this winbind issue, although it may not be winbind at all. The odd thing is, when I attempt to access a share on the Fedora C2 server running samba 3.x and winbind it will ask for a password. If I enter the wrong username and password, it will give me an invalid username or password error. If I enter the correct username and password, it will give me a Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. Any ideas out
[Samba] samba server as NT4 domain member- security=domain - need to create password db manually?
# Global parameters [global] workgroup = MYDOMAIN server string = Samba Server %v on %L security = DOMAIN log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap local master = No dns proxy = No wins server = MYWINSERVER idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [domain_user] comment = My Private Share path = /home/samba/domain_username valid users = domain_username read only = No guest ok = Yes [public] path = /home/samba/public valid users = domain_user read only = No [data] comment = Data Drive path = /home/samba/data read only = No volume = Sample-Data-Drive Hi I want to set up a samba domain-member server with shares for office users. I can see the samba server on the NT/Win2000 network. I can access the [data] share above - as it requires no authentication. The public and domain_user shares both ask for a username and password when I try to open them from a windows machine. As I am using our NT4 domain controller for user authentication I shouldnt have to use encrypted files and create each samba user with smbpasswd should I? Thats the point of telling samba I want to use 'domain' isnt it? If I do wbinfo -u and wbinfo -g on the samba server I see a list of the groups and useraccounts. Can someone tell me what I am missing from smb.conf? Do I need some password backend in samba. Thanks for any help R. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.773 / Virus Database: 520 - Release Date: 05/10/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon scripts
All, If I want to specify a logon script, does security need to be set to Domain? The issue is that we have authentication at the PDC/BDC so that our VPN users can map drives on their home PC's. Is there a different way to do a logon script other than setting the SECURITY = DOMAIN? I am running 2.2.8a (planning on 2.2.12) on Solaris 8. Thanks for your help. spike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printer name changed in samba 3.0.7
We have a strange problem when using samba 3.0.7 where a printer's name is changed to the name of the printer driver. We use samba to share out printers from a fedora core 1 system. On a windows client they initially show up accurately. When adding the windows driver from a windows client for a new shared printer the driver files get transferred just fine. However, the printer name in the Printer and Faxes folder suddenly gets changed to the name of the printer driver just uploaded after clicking the final OK in the windows dialog box. The name can be changed back to its original name and the printer works fine and the properties can be set. This did not happen in previous versions of samba. Would anyone know the cause of this? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Getting the SID
Il 05/10/2004, alle ore 21:16, Paul Espinosa ha scritto: And now I've got a little conundrum. How to I get the local SID from the old samba server. It's running Samba 2.2.2 and it doesn't appear to have the -X flag for smbpasswd that is supposed to be in 2.2.8 and it obviously The SID should be stored in the secrets.tdb file, try copying this file to the new installation. Pay attention to using the correct directory... I had problems when moving from Mandrakelinux 9.0 to Debian Woody because they kept secrets.tdb in different places. -- Ciao, Marco. ...Stupid Dream, Porcupine Tree 1999 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Joining Samba 3.0.2 vanilla to ADS
I've been looking at several posts for weeks now and finally concluded through testing how to install Samba 3.X into the Windows Active Directory environment. I was completely under the impression that you needed to load Kerbos/ LDAP and a bunch of other stuff. In our case our ADS is running in native mode and I was able to join the domain quite easily. I've tested authentications and mapping drives .. and it seems to work correctly.. I'm still trying to to get the winbindd working .. but hopefully I can get the working soon as well. Here's the sequence I followed: 1) Download vanilla Samba 3.0.2 for Solaris 8 .. no special compilation w/ ads - ldap etc 2) installed and configured global parameters below 3) created valid machine account in the ads domain .. made to sure to have rights to join domain and this account 4) Make sure machine name of the host matches the machine account created in the ads domain ( netboisname also ) 5) samba server is not active/running .. kill all samba processes 6) ADS domain is running in native mode 7) net join -S xxxdomain -U syx password: x Added to Domain xxx ( response from ADS domain ) 8) /etc/init.d/samba.server start 9) Add user accounts and groups to unix host 10) add user account to samba ( smbpasswd -a user12345 ) 11) add entries to the /usr/local/samba/lib/user.map file user12345 = user12345 user34565 = user34565 (unix acct) ( ads acctname) I then ran SWAT and configured a few shares.. adding the groups to rights on the folders I was sharing.. home by user default was set. # Samba config file created using SWAT # from 43.131.5.12 (43.131.5.12) # Date: 2004/10/05 15:09:55 # Global parameters [global] workgroup = AM netbiosname = machinexxx netbios aliases = us-sd-xxx server string = SD-EC2 Samba Server %h (Samba %v) interfaces = xx.1xx.16.0/22, 127.0.0.0/8 security = DOMAIN update encrypted = Yes map to guest = Bad Password password server = ussdiad ussdiax username map = /usr/local/samba/lib/user.map unix password sync = Yes log file = /usr/local/samba/var/log.%m max log size = 50 min protocol = LANMAN1 socket options = TCP_NODELAY IPTOS_THROUGHPUT os level = 0 lm announce = Yes preferred master = No local master = No domain master = No wins server = xx.1xx.95.12 hosts allow = 127., 43. printing = bsd hide dot files = No oplocks = No level2 oplocks = No [homes] comment = User Home Directories read only = No browseable = No [ptc] comment = PTC Fileserver Share path = /export/ptc invalid users = nobody valid users = @staff admin users = @staff write list = @staff To browse the shares .. users use the start/run entering \\hostname file://\\hostname and then ok .,, this returns the browsable shares The user selects the share and maps the network drive using the connect as feature domain\username .. This seems to be working fine so far.. and works the same as the server I have in the Windows NT Domain environment.. -d -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [PATCH] 2.2.12: fix support for samba daemons running under daemontools
On Wed, 2004-10-06 at 01:51, Denis Vlasenko wrote: On Tuesday 05 October 2004 15:45, Denis Vlasenko wrote: One can run samba 2.2.12 daemons (nmbd,smbd,winbindd) under daemontools if they are started with -i option. However, smbd does not handle more than one connection at once in this mode. If one redirects it to pipe/file, logging to stdout is buffered. Log text appears there with inacceptable delay. This patch: * adds option -f to nmbd, smbd and windindd. * for nmbd and winbindd it is identical to -i. * for smbd it is mostly like -i but allows multiple connections to smbd. * usage() text updated accordingly. * smbd help on -i now mentions single threaded behaviour. * getopt in nmbd and smbd source expected -f option with parameter, but there were no other supporting code for it. An oversight? Removed. * stdout set to unbuffered mode if we do logging to it. Run tested. Please review/apply. Samba 2.2 just ran into it's 'end of life' (Oct 1). (And we have only be doing security releases for the last year or so). Available at http://195.66.192.168/linux/fg.patch Is it just me, or attachents are banned/stripped on this list? If they are not text/plain, then yes. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbfs timestamp problem
Here's a curly one. I have a share mounted via smbfs on my linux desktop. This share is on a NetApp filer somewhere, but I've also tried this on a an old linux server as well, and I have the same problem. Basically, since day light savings came into effect here (NZDT or +13), any file I create on the share gets a time creation timestamp that is way out (approximately 12 hours and 48 minutes behind). This really confuses applications that rely on these times for normal operation, such as emacs. If I create a file on the local file system, it gets the correct date. Here's an example: first local: $ date touch new ls -l new Tue Oct 5 17:18:41 NZDT 2004 -rw-r--r-- 1 nigelr nigelr 0 2004-10-05 17:18 new $ and then the remote samba share: $ date touch new ls -l new Tue Oct 5 17:17:22 NZDT 2004 -rwxr--r-- 1 nigelr nigelr 0 2004-10-05 04:30 new $ The date on both the servers are correct as they are using the same ntp time source as my desktop. If I create a file using windows to access the share, it get's the correct date (and it reads as the correct date using linux as well). I'm using version 3.0.7 of the samba tools and I have a linux 2.6.8.1 kernel. Anyone seen anything like this before? Any suggestions? Regards, Nigel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Domain trusts (Again)
I hope someone can answer this since my other emails have gone unanswered. I am using Samba 3.0.7 on both machines and am using LDAP. I believe that the trusts are working but I am still having a slight problem. I guess we'll use DOM1 and DOM2 for the domain names. DOM2 is trusting DOM1. If a DOM1 user tries to locally login to a DOM1 computer, it gives a System could not log you on. error. I noticed in the logs that it is trying to create a user with the same name but it is getting this error: Error: modifications require authentication at /usr/local/sbin///smbldap_tools.pm line 885, DATA line 283. If I manually create a user in DOM1 with the same username, it will then let the user in DOM2 login. Is this how the trust is supposed to work? The user has to have a posix account in both domains? Also, if a user is logged into DOM1 and browses to the DOM2 server, the DOM2 server automatically creates a posix account for that user, thus letting that person login locally to DOM2 from then on. It seems as though it is able to create the posix account it needs when browsing but not when a user tries to login locally for the first time. I hope this makes some sense to someone. Thanks, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Efficient way to login/logoff users
Hi there, I have a network running win9x/2000 machines, connected to a samba server with ldap autentication. I wanna know if there's way to receive information about login(principally logoff) in a fast way.. The WIN machines take a long time to send the logoff message (about 2-3min). I was thinking in running a program every time the users login and logoff, this program could send a logoff message to a server and it must run on windows machines..is there a way to run that program? Waiting answears, Erich Silvestre -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer name changed in samba 3.0.7
Cavanaugh, Mike F wrote: We have a strange problem when using samba 3.0.7 where a printer's name is changed to the name of the printer driver. We use samba to share out printers from a fedora core 1 system. On a windows client they initially show up accurately. When adding the windows driver from a windows client for a new shared printer the driver files get transferred just fine. However, the printer name in the Printer and Faxes folder suddenly gets changed to the name of the printer driver just uploaded after clicking the final OK in the windows dialog box. The name can be changed back to its original name and the printer works fine and the properties can be set. This did not happen in previous versions of samba. Would anyone know the cause of this? This isn't just a 3.0.7 thing. I noticed the same thing last night with 3.0.6 when adding print drivers to the samba PDC from an XP box. -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ldap, Whatfor do I need winbind?
Hello, I don't understand why I have to use winbind for domain-wide user accounts. I have a PDC and a second server which joined the Domain. All (posix)-Accounts are unique on these servers. Both servers use the same sldap as passdb backend. To my knowledge winbind is only needed when to authenticate agains windows servers. Am I wrong? Are the any problems using the same slapd for multiple samba servers? Second, by fiddling with ACL I have noticed that the second server reports SERVER\username as qualified users, rather than DOMAIN\username, as I'd expected and as it is on the PDC. Does this occurs because of the absense of winbind, or whatelse is the reason for this effect? Thanks for comments A -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon scripts
way to do a logon script other than setting the SECURITY = DOMAIN? Actually you don't set domain to run login scripts at all. Rather, set your the following parameters like so along with whatever else you have:: [global] security = user logon script = something.bat logon path = \\%N\profiles\%u logon drive = H: logon home = \\%N\%u domain logons = Yes preferred master = Yes domain master = Yes [netlogon] path = /some/dir browseable = No Anything I've left out is either default or not important to the question at hand (or at least I think it isn't) -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Can join domain; can't logon
Chris St. Pierre wrote: However! Here's the smbd log: [2004/10/05 16:24:17, 1] lib/smbldap.c:add_new_domain_info(1289) failed to add domain dn= sambaDomainName=NWU_TEST,o=nebrwesleyan.edu,o=isp with: Object class violation [2004/10/05 16:24:17, 0] lib/smbldap.c:smbldap_search_domain_info(1338) Adding domain info for NWU_TEST failed with NT_STATUS_UNSUCCESSFUL [2004/10/05 16:24:20, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261) get_md4pw: Workstation GUINEA-PIG$: no account in domain [2004/10/05 16:24:20, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261) get_md4pw: Workstation GUINEA-PIG$: no account in domain Which alerts me to the fact that it's the creation of the domain in LDAP that's causing problems. I properly installed the 3.0.7 schema -- as is evidenced by other things working -- but this is giving me an object class violation. I cranked the log level up to 10, but it didn't give me much more information that was readily useful to me; the full 157K log is available, though, if you want it. Any ideas? Or, if anyone has a typical LDAP domain entry I can look at, I can add it by hand and get more info from it. Hopefuly you already found that it's something obvious in your setup, but just in case... Here's the relevant part of the samba.scheme: objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) ) Here's what I have for this entry: # TESTPDC, mydomain.org dn: sambaDomainName=TESTPDC,dc=mydomain,dc=org sambaDomainName: TESTPDC sambaSID: S-1-5-21-2972487546-3827399895-3041126189 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain You can also look in LDAP log to see if all MUST attributes are sent in ldap_add_s call for the domain entry. Hope it helps, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT 4 Client, Samba user w/no password
I've got several users I created with a blank password (only temporary until I can get the system fully operational, long story behind that), but for some reason when I try to access a share that a user with no password is authorized for, NT 4 won't let me in to the share. Any and all assistance is greatly appreciated! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Joining Samba 3.0.2 vanilla to ADS
Hi Doug, Good news for you! However, as I have mentioned to you in a previous post, you are NOT performing ADS authentication. You are using Samba's DOMAIN security mode and, therefore, you are using the NTLM authentication (NT style...) via the emulator provided by the Win2K3 AD server. In other words, if that emulator is turned off for security reasons (e.g. your security department requires Kerberos and wishes to eliminate all NT stuff), then your Samba shares will no longer work. Then again, if NTLM authentication is enough for your company, then everything is OK. Samba's ADS security mode requires MIT (or Heindal) Kerberos and OpenLDAP packages to be installed on the UNIX system where Samba is installed. Regards, Marcello -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sylliaasen, Doug Sent: October 5, 2004 18:42 To: '[EMAIL PROTECTED]' Cc: Sylliaasen, Doug Subject: [Samba] Joining Samba 3.0.2 vanilla to ADS I've been looking at several posts for weeks now and finally concluded through testing how to install Samba 3.X into the Windows Active Directory environment. I was completely under the impression that you needed to load Kerbos/ LDAP and a bunch of other stuff. In our case our ADS is running in native mode and I was able to join the domain quite easily. I've tested authentications and mapping drives .. and it seems to work correctly.. I'm still trying to to get the winbindd working .. but hopefully I can get the working soon as well. Here's the sequence I followed: 1) Download vanilla Samba 3.0.2 for Solaris 8 .. no special compilation w/ ads - ldap etc 2) installed and configured global parameters below 3) created valid machine account in the ads domain .. made to sure to have rights to join domain and this account 4) Make sure machine name of the host matches the machine account created in the ads domain ( netboisname also ) 5) samba server is not active/running .. kill all samba processes 6) ADS domain is running in native mode 7) net join -S xxxdomain -U syx password: x Added to Domain xxx ( response from ADS domain ) 8) /etc/init.d/samba.server start 9) Add user accounts and groups to unix host 10) add user account to samba ( smbpasswd -a user12345 ) 11) add entries to the /usr/local/samba/lib/user.map file user12345 = user12345 user34565 = user34565 (unix acct) ( ads acctname) I then ran SWAT and configured a few shares.. adding the groups to rights on the folders I was sharing.. home by user default was set. # Samba config file created using SWAT # from 43.131.5.12 (43.131.5.12) # Date: 2004/10/05 15:09:55 # Global parameters [global] workgroup = AM netbiosname = machinexxx netbios aliases = us-sd-xxx server string = SD-EC2 Samba Server %h (Samba %v) interfaces = xx.1xx.16.0/22, 127.0.0.0/8 security = DOMAIN update encrypted = Yes map to guest = Bad Password password server = ussdiad ussdiax username map = /usr/local/samba/lib/user.map unix password sync = Yes log file = /usr/local/samba/var/log.%m max log size = 50 min protocol = LANMAN1 socket options = TCP_NODELAY IPTOS_THROUGHPUT os level = 0 lm announce = Yes preferred master = No local master = No domain master = No wins server = xx.1xx.95.12 hosts allow = 127., 43. printing = bsd hide dot files = No oplocks = No level2 oplocks = No [homes] comment = User Home Directories read only = No browseable = No [ptc] comment = PTC Fileserver Share path = /export/ptc invalid users = nobody valid users = @staff admin users = @staff write list = @staff To browse the shares .. users use the start/run entering \\hostname file://\\hostname and then ok .,, this returns the browsable shares The user selects the share and maps the network drive using the connect as feature domain\username .. This seems to be working fine so far.. and works the same as the server I have in the Windows NT Domain environment.. -d -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
HELP .... Documentation on installation and configuration
Hi, I am new to Samba, and do not know much about it. Can any one of you kindly post the documentation on installation and configuration(SMB.CONF) of Samba on OpenVMS please? Thanks in Advance, With warm regards Usha PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r2825 - in branches/SAMBA_4_0/source/ldap_server: .
Author: metze Date: 2004-10-05 11:10:26 + (Tue, 05 Oct 2004) New Revision: 2825 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/ldap_serverrev=2825nolog=1 Log: fix the build this function names are unsed elsewhere in the code too metze Modified: branches/SAMBA_4_0/source/ldap_server/ldap_parse.c Changeset: Modified: branches/SAMBA_4_0/source/ldap_server/ldap_parse.c === --- branches/SAMBA_4_0/source/ldap_server/ldap_parse.c 2004-10-05 03:26:02 UTC (rev 2824) +++ branches/SAMBA_4_0/source/ldap_server/ldap_parse.c 2004-10-05 11:10:26 UTC (rev 2825) @@ -21,7 +21,7 @@ #include includes.h #include ldap_parse.h -char char_from_hex(char a, char b) { +static char char_from_hex(char a, char b) { char m, l; if ('0' = a a = '9') { @@ -47,7 +47,7 @@ return ((m 4) + l); } -char *parse_slash(char *p, char *end) { +static char *parse_slash(char *p, char *end) { switch (*(p + 1)) { case ',': case '=':
svn commit: samba-docs r243 - in trunk: . manpages xslt
Author: jelmer Date: 2004-10-05 13:20:54 + (Tue, 05 Oct 2004) New Revision: 243 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunkrev=243nolog=1 Log: Start working on samba-specific conversion script to pearson XML Added: trunk/xslt/docbook2pearson.xsl trunk/xslt/sambadoc2pearson.xsl Removed: trunk/xslt/pearson.xsl Modified: trunk/Makefile.in trunk/manpages/ntlm_auth.1.xml Changeset: Sorry, the patch is too large (1180 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunkrev=243nolog=1
svn commit: samba-web r367 - in trunk: .
Author: deryck Date: 2004-10-05 14:00:17 + (Tue, 05 Oct 2004) New Revision: 367 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/trunkrev=367nolog=1 Log: Typo fix. --deryck Modified: trunk/colophon.html Changeset: Modified: trunk/colophon.html === --- trunk/colophon.html 2004-10-02 22:06:49 UTC (rev 366) +++ trunk/colophon.html 2004-10-05 14:00:17 UTC (rev 367) @@ -7,7 +7,7 @@ pAs you've probably noticed, samba.org has been redesigned. This version of the Samba website has a striking new look and features XHTML markup and a CSS-controlled layout. This document will seek to outline some of -the changes to samba.org in greater detail. So if your not all that interested +the changes to samba.org in greater detail. So if you're not all that interested in XHTML conversion, web standards, and the separation of content from presentation, you might want to click away now./p @@ -83,4 +83,4 @@ in keeping with the new samba.org. Please check out those sites as well!/p -!--#include virtual=/samba/footer.html -- \ No newline at end of file +!--#include virtual=/samba/footer.html --
svn commit: samba-docs r244 - in trunk/Samba-HOWTO-Collection: .
Author: jelmer Date: 2004-10-05 16:37:24 + (Tue, 05 Oct 2004) New Revision: 244 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/Samba-HOWTO-Collectionrev=244nolog=1 Log: Typo fixes Modified: trunk/Samba-HOWTO-Collection/FastStart.xml trunk/Samba-HOWTO-Collection/Install.xml Changeset: Modified: trunk/Samba-HOWTO-Collection/FastStart.xml === --- trunk/Samba-HOWTO-Collection/FastStart.xml 2004-10-05 13:20:54 UTC (rev 243) +++ trunk/Samba-HOWTO-Collection/FastStart.xml 2004-10-05 16:37:24 UTC (rev 244) @@ -77,7 +77,7 @@ para Finally, we start looking at more complex systems that will either integrate into existing -Microsoft Windows networks, or replace them entirely. The examples provided covers domain +Microsoft Windows networks, or replace them entirely. The examples provided cover domain member servers as well as Samba Domain Control (PDC/BDC) and finally describes in detail a large distributed network with branch offices in remote locations. /para Modified: trunk/Samba-HOWTO-Collection/Install.xml === --- trunk/Samba-HOWTO-Collection/Install.xml2004-10-05 13:20:54 UTC (rev 243) +++ trunk/Samba-HOWTO-Collection/Install.xml2004-10-05 16:37:24 UTC (rev 244) @@ -121,7 +121,7 @@ listitempara indextermprimarywinbindd/primary/indexterm indextermprimarystarting samba/primarysecondarywinbindd/secondary/indexterm - This daemon should be started when Samba is a member of a Windows NT4 or ADS Domain. IT is also needed when + This daemon should be started when Samba is a member of a Windows NT4 or ADS Domain. It is also needed when Samba has trust relationships with another Domain. The commandwinbindd/command daemon will check the smb.conf; file for the presence of the parameteridmap uid/parameter and parameteridmap gid/parameter parameters. If they are not found commandwinbindd/command will bail-out and refuse to start. @@ -130,7 +130,7 @@ /variablelist para - When Samba has been packages by an operating system vendor the start-up process is typically a custom feature of its + When Samba has been packaged by an operating system vendor the start-up process is typically a custom feature of its integration into the platform as a whole. Please refer to your operating system platform administration manuals for specific information pertaining to correct management of Samba start-up. /para
svn commit: samba-web r368 - in trunk: .
Author: jerry Date: 2004-10-05 20:40:50 + (Tue, 05 Oct 2004) New Revision: 368 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/trunkrev=368nolog=1 Log: adding mention of errata for CAN-2004-0815 Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2004-10-05 14:00:17 UTC (rev 367) +++ trunk/index.html2004-10-05 20:40:50 UTC (rev 368) @@ -9,6 +9,17 @@ h2Current Release/h2 +h4a05 October 2004/a/h4 +p class=headlineERRATE : Security Notice -- CVE CAN-2004-0815/p + +pThe original notice for CAN-2004-0815 indicated that Samba 3.0.x = 3.0.5 + was vulnerable to the security issue. After further research, Samba developers + have confirmed that only Samba 3.0.2a and earlier releases contain the exploitable + code. A new a href=/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patchpatch + for Samba 3.0.2a and earlier/a (a href=/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch.ascsignature/ +a) + has been posted./p + h4a30 September 2004/a/h4 p class=headlineSecurity Notice -- CVE CAN-2004-0815/p
svn commit: samba-web r369 - in trunk: .
Author: jerry Date: 2004-10-05 20:42:19 + (Tue, 05 Oct 2004) New Revision: 369 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/trunkrev=369nolog=1 Log: grr...typo Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2004-10-05 20:40:50 UTC (rev 368) +++ trunk/index.html2004-10-05 20:42:19 UTC (rev 369) @@ -10,7 +10,7 @@ h2Current Release/h2 h4a05 October 2004/a/h4 -p class=headlineERRATE : Security Notice -- CVE CAN-2004-0815/p +p class=headlineERRATA : Security Notice -- CVE CAN-2004-0815/p pThe original notice for CAN-2004-0815 indicated that Samba 3.0.x = 3.0.5 was vulnerable to the security issue. After further research, Samba developers
svn commit: samba-web r370 - in trunk: .
Author: jerry Date: 2004-10-05 20:43:58 + (Tue, 05 Oct 2004) New Revision: 370 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/trunkrev=370nolog=1 Log: close a tag Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2004-10-05 20:42:19 UTC (rev 369) +++ trunk/index.html2004-10-05 20:43:58 UTC (rev 370) @@ -16,8 +16,7 @@ was vulnerable to the security issue. After further research, Samba developers have confirmed that only Samba 3.0.2a and earlier releases contain the exploitable code. A new a href=/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patchpatch - for Samba 3.0.2a and earlier/a (a href=/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch.ascsignature/ -a) + for Samba 3.0.2a and earlier/a (a href=/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch.ascsignature/a) has been posted./p h4a30 September 2004/a/h4
svn commit: samba-docs r245 - in trunk/manpages: .
Author: jelmer Date: 2004-10-05 21:24:43 + (Tue, 05 Oct 2004) New Revision: 245 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/manpagesrev=245nolog=1 Log: Document iocharset= (patch by Bjoern Jacke) Modified: trunk/manpages/mount.cifs.8.xml Changeset: Modified: trunk/manpages/mount.cifs.8.xml === --- trunk/manpages/mount.cifs.8.xml 2004-10-05 16:37:24 UTC (rev 244) +++ trunk/manpages/mount.cifs.8.xml 2004-10-05 21:24:43 UTC (rev 245) @@ -186,6 +186,19 @@ /varlistentry varlistentry + termiocharset/term + + listitemparaCharset used to convert local path names to and from + Unicode. Unicode is used by default for network path + names if the server supports it. If iocharset is + not specified then the nls_default specified + during the local client kernel build will be used. + If server does not support Unicode, this parameter is + unused. /para/listitem + + /varlistentry + + varlistentry termro/term listitemparamount read-only/para/listitem
svn commit: samba-docs r246 - in trunk/Samba-HOWTO-Collection: .
Author: jelmer Date: 2004-10-05 21:28:09 + (Tue, 05 Oct 2004) New Revision: 246 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/Samba-HOWTO-Collectionrev=246nolog=1 Log: Document charset handling fixes to SWAT (patch by Bjoern Jacke) Modified: trunk/Samba-HOWTO-Collection/SWAT.xml Changeset: Modified: trunk/Samba-HOWTO-Collection/SWAT.xml === --- trunk/Samba-HOWTO-Collection/SWAT.xml 2004-10-05 21:24:43 UTC (rev 245) +++ trunk/Samba-HOWTO-Collection/SWAT.xml 2004-10-05 21:28:09 UTC (rev 246) @@ -374,10 +374,6 @@ /para/listitem listitempara - Set the correct locale value for smbconfoptionnamedisplay charset/name/smbconfoption. - /para/listitem - - listitempara Set your browsers language setting. /para/listitem /itemizedlist @@ -398,7 +394,7 @@ msgstr Imposta Default /screen and so on. If you find a mistake or create a new commandmsg/command file, please email it -to us so we will include this in the next release of Samba. +to us so we will include this in the next release of Samba. The commandmsg/command file should be encoded in UTF-8. /para /para @@ -611,21 +607,4 @@ /sect2 /sect1 -sect1 -titleSWAT View Page Displays Incorrectly/title - -para -When parameterdisplay charset/parameter and parameterdos charset/parameter parameters -are different, the view page will not display correctly. Currently the -parameterdisplay charset/parameter parameter must use the same encoding as that -in which the msg file has been encoded. In Japanese this means that parameterdisplay -charset/parameter must be set to parameterCP932/parameter. -/para - -para -Setting parameterunix charset = EUCJP-MS/parameter will cause this problem to occur. -/para - -/sect1 - /chapter
svn commit: samba-docs r247 - in trunk/xslt: .
Author: jelmer Date: 2004-10-05 21:33:36 + (Tue, 05 Oct 2004) New Revision: 247 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/xsltrev=247nolog=1 Log: Finish docbook to pearson conversion scripts. I still need to look at getting internal links correctly though. Modified: trunk/xslt/docbook2pearson.xsl trunk/xslt/sambadoc2pearson.xsl Changeset: Sorry, the patch is too large (316 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/xsltrev=247nolog=1
svn commit: samba r2826 - in branches/SAMBA_3_0/source/utils: .
Author: jelmer Date: 2004-10-05 22:18:32 + (Tue, 05 Oct 2004) New Revision: 2826 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/utilsrev=2826nolog=1 Log: Complain if 'password chat' doesn't contain the %u variable. based on a patch by Ronan Waide Modified: branches/SAMBA_3_0/source/utils/testparm.c Changeset: Modified: branches/SAMBA_3_0/source/utils/testparm.c === --- branches/SAMBA_3_0/source/utils/testparm.c 2004-10-05 11:10:26 UTC (rev 2825) +++ branches/SAMBA_3_0/source/utils/testparm.c 2004-10-05 22:18:32 UTC (rev 2826) @@ -132,8 +132,9 @@ cannot be executed (error was %s).\n, truncated_prog, strerror(errno) ); ret = 1; } - } + } + #ifdef WITH_PAM } #endif @@ -142,6 +143,11 @@ fprintf(stderr, ERROR: the 'unix password sync' parameter is set and there is no valid 'passwd chat' \ parameter.\n); ret = 1; + } else + /* check if there's a %u parameter present */ + if(strstr_m(lp_passwd_chat(), %u) == NULL) { + fprintf(stderr, ERROR: the 'passwd program' (%s) requires a '%%u' parameter.\n, lp_passwd_program()); + ret = 1; } /* @@ -365,3 +371,4 @@ } return(ret); } +
svn commit: samba r2827 - in trunk/source/utils: .
Author: jelmer Date: 2004-10-05 22:19:09 + (Tue, 05 Oct 2004) New Revision: 2827 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/utilsrev=2827nolog=1 Log: Complain if 'password chat' doesn't contain '%u'. Based on a patch by Ronan Waide Modified: trunk/source/utils/testparm.c Changeset: Modified: trunk/source/utils/testparm.c === --- trunk/source/utils/testparm.c 2004-10-05 22:18:32 UTC (rev 2826) +++ trunk/source/utils/testparm.c 2004-10-05 22:19:09 UTC (rev 2827) @@ -132,8 +132,9 @@ cannot be executed (error was %s).\n, truncated_prog, strerror(errno) ); ret = 1; } - } + } + #ifdef WITH_PAM } #endif @@ -142,6 +143,11 @@ fprintf(stderr, ERROR: the 'unix password sync' parameter is set and there is no valid 'passwd chat' \ parameter.\n); ret = 1; + } else + /* check if there's a %u parameter present */ + if(strstr_m(lp_passwd_chat(), %u) == NULL) { + fprintf(stderr, ERROR: the 'passwd program' (%s) requires a '%%u' parameter.\n, lp_passwd_program()); + ret = 1; } /* @@ -365,3 +371,4 @@ } return(ret); } +
svn commit: samba-docs r248 - in trunk/smbdotconf/protocol: .
Author: abartlet Date: 2004-10-06 00:36:46 + (Wed, 06 Oct 2004) New Revision: 248 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/smbdotconf/protocolrev=248nolog=1 Log: Remove bogus comment from 'client use spnego'. Andrew Bartlett Modified: trunk/smbdotconf/protocol/clientusespnego.xml Changeset: Modified: trunk/smbdotconf/protocol/clientusespnego.xml === --- trunk/smbdotconf/protocol/clientusespnego.xml 2004-10-05 21:33:36 UTC (rev 247) +++ trunk/smbdotconf/protocol/clientusespnego.xml 2004-10-06 00:36:46 UTC (rev 248) @@ -4,13 +4,11 @@ developer=1 xmlns:samba=http://samba.org/common; description -para This variable controls whether samba clients will try +para This variable controls whether Samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with -WindowsXP and Windows2000 servers to agree upon an authentication mechanism. - SPNEGO client support for SMB Signing is currently broken, so - you might want to turn this option off when operating with - Windows 2003 domain controllers in particular. -/para +supporting servers (including WindowsXP, Windows2000 and Samba +3.0) to agree upon an authentication +mechanism. This enables Kerberos authentication in particular./para /description value type=defaultyes/value
svn commit: samba r2828 - branches/SAMBA_3_0/source/python trunk/source/python
Author: tpot Date: 2004-10-06 02:05:39 + (Wed, 06 Oct 2004) New Revision: 2828 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=2828nolog=1 Log: Fix for bugzilla #1864 from Brett again. Add sd-type field to security descriptor Python representation. Modified: branches/SAMBA_3_0/source/python/py_ntsec.c trunk/source/python/py_ntsec.c Changeset: Modified: branches/SAMBA_3_0/source/python/py_ntsec.c === --- branches/SAMBA_3_0/source/python/py_ntsec.c 2004-10-05 22:19:09 UTC (rev 2827) +++ branches/SAMBA_3_0/source/python/py_ntsec.c 2004-10-06 02:05:39 UTC (rev 2828) @@ -182,6 +182,10 @@ PyDict_SetItemString(*dict, revision, obj); Py_DECREF(obj); + obj = PyInt_FromLong(sd-type); + PyDict_SetItemString(*dict, type, obj); + Py_DECREF(obj); + if (py_from_SID(obj, sd-owner_sid)) { PyDict_SetItemString(*dict, owner_sid, obj); Py_DECREF(obj); @@ -209,6 +213,7 @@ { PyObject *obj; uint16 revision; + uint16 type = SEC_DESC_SELF_RELATIVE; DOM_SID owner_sid, group_sid; SEC_ACL sacl, dacl; BOOL got_dacl = False, got_sacl = False; @@ -222,6 +227,12 @@ revision = PyInt_AsLong(obj); + if ((obj = PyDict_GetItemString(dict, type))) { + if (obj != Py_None) { + type = PyInt_AsLong(obj); + } + } + if ((obj = PyDict_GetItemString(dict, owner_sid))) { if (obj != Py_None) { @@ -276,7 +287,7 @@ { size_t sd_size; - *sd = make_sec_desc(mem_ctx, revision, SEC_DESC_SELF_RELATIVE, + *sd = make_sec_desc(mem_ctx, revision, type, got_owner_sid ? owner_sid : NULL, got_group_sid ? group_sid : NULL, got_sacl ? sacl : NULL, Modified: trunk/source/python/py_ntsec.c === --- trunk/source/python/py_ntsec.c 2004-10-05 22:19:09 UTC (rev 2827) +++ trunk/source/python/py_ntsec.c 2004-10-06 02:05:39 UTC (rev 2828) @@ -182,6 +182,10 @@ PyDict_SetItemString(*dict, revision, obj); Py_DECREF(obj); + obj = PyInt_FromLong(sd-type); + PyDict_SetItemString(*dict, type, obj); + Py_DECREF(obj); + if (py_from_SID(obj, sd-owner_sid)) { PyDict_SetItemString(*dict, owner_sid, obj); Py_DECREF(obj); @@ -209,6 +213,7 @@ { PyObject *obj; uint16 revision; + uint16 type = SEC_DESC_SELF_RELATIVE; DOM_SID owner_sid, group_sid; SEC_ACL sacl, dacl; BOOL got_dacl = False, got_sacl = False; @@ -222,6 +227,12 @@ revision = PyInt_AsLong(obj); + if ((obj = PyDict_GetItemString(dict, type))) { + if (obj != Py_None) { + type = PyInt_AsLong(obj); + } + } + if ((obj = PyDict_GetItemString(dict, owner_sid))) { if (obj != Py_None) { @@ -276,7 +287,7 @@ { size_t sd_size; - *sd = make_sec_desc(mem_ctx, revision, SEC_DESC_SELF_RELATIVE, + *sd = make_sec_desc(mem_ctx, revision, type, got_owner_sid ? owner_sid : NULL, got_group_sid ? group_sid : NULL, got_sacl ? sacl : NULL,