Re: [Samba] Acl problems with 3.07 on solaris 9
Hi Well it works but not the way I want... ; ) I would like to have the SID for user0 to map to the UID for user0, otherwise if winbindd maps user0 SID to UID 15000 when the user has UID 512 all permissions that are set from windows are worthless when accessing the filestructure from unix with NIS permissions. If the files are moved to another fileserver same thing the mapping would also break. My NT users and groups are for legacy reasons "empty" and only for windows login, all permissions are managed by NIS users and groups and are set by standar file permission or acl:s. Standard user/group and rwx can be set from windows but the acls can´t. Your winnbindd instructions solves that but not in a usable way, can I solve this with some kind of static UID<->SID mapping list or am I forced to use ldap or AD ? /Henrik www.sgu.se John H Terpstra <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 2004-10-01 19:19 Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject Re: [Samba] Acl problems with 3.07 on solaris 9 On Friday 01 October 2004 02:41, Henrik Beckman wrote: > Hi all > > I get the following errors when trying to set acls, client os is NT4 and > XP, server is 3.0.7 on solaris9 > > [2004/10/01 09:33:22, 0] smbd/posix_acls.c:create_canon_ace_lists(1385) > create_canon_ace_lists: unable to map SID > to uid or gid. > > Samba is a member in a NT4 domain, all permissions is managed by unix > uid/gid which are in NIS, each unix user exists in NT but no groups. > (passwords are syncronized.) > There is a user.map fil for those 5 user who doesn´t have the same > username in unix as in the domain but those are admin accounts only. > > Do I have to use winbind to get the mapping to work ? > > [global] > workgroup = > netbios name = server string = > security = DOMAIN > encrypt passwords = Yes This is already default behavior - no need to set it. > min passwd length = 6 > password server = This is worked out automatically - only need to specify it if you absolutely need to force samba to authenticate to a particular PDC or BDC server. > username map = /usr/local/samba/lib/users.map > #loglevel = 2 > log file = /var/opt/samba/log/%m > name resolve order = host wins bcast Suggest: name resolve order = wins bcast host > time server = Yes > deadtime = 10 > wins server = Specifiy only one WINS server. > kernel oplocks = No > host msdfs = Yes > invalid users = smsclitoknacct& smsclisvcacct& > create mask = 0644 > inherit acls = Yes Add: idmap uid = 15000-2 idmap gid = 15000-2 Also, you must run winbindd. I hope you have added to your /etc/nsswitch.conf file: hosts: files dns wins passwd: files winbind shadow: files winbind group: files winbind Make sure that the following work: wbinfo -u wbinfo -g getent passwd getent group > > Samba is compiled with acl support. > ACL are used in the ufs filesystem and works. > > This is slowly driving me insane. http://www.samba.org/samba/docs/Samba-Guide.pdf See chapter 9. It's all explained there. If it is not clear and I have failed to cover your needs please let me know so I can update the documentation. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows small buisness server and SMB
Shaun Feeley schrieb: hi guys, just want to confirm something. at the moment im running around 30 XP workstations with a SMB domain controller / file / print server. anyway another collegue has purchased a new server running microsoft small buisness server 2003 and has set it up to run microsofts sharepoint software. She is keen to add this server as a member of our main domain. now im pretty sure ive been told that windows small buisness server 2003 cannot be a member of a domain without needing to be the PDC is this true. i cannot find where i read this so i was hoping one of you may be able to confirm this either way. thanks for your help My last info about that produkt goes, that this is a mixed win 2003/exchange server ( giving small companies the first shot to never turn back back windows addiction g ? ), so should be able to add it to the smb domain but you cant use all funktions ( exchange )right out of the box (cause they need to have the active directory ), so if sharepoint needs to have active directory,which iam strongly guess of , forget it. My last info about this Produkt from my win admin friend ( its true i have some g ) dont use this it , cause the services arent work work very good together , cause of the general software layout. I would recommend to search for gnu alternatives for sharepoint ( whatever it is ) Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + ldap pdc and SUS
On Wed, 2004-10-06 at 21:28, Kristyan Osborne wrote: > >Has anyone of you guys ever tried a setup like this? > Yes. Use NT policy editor. I have attached the policy file I use for SUS updates. Which was unfortunately stripped. Was this just the one that I posted to the list a while back? I really should put my collection of these up somewhere... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't access shares
Im running Mandrake and Samba 3.0. I access this server with two WinXP Pro machines (I try to anyways). My problem is that it seems like no matter how I configure Samba, when I try to access a share, it pops up a login box. I put in my username and password and it doesn't accept it. I click ok and it just pops back up. It does this with root or any other users. Ive created the machine accounts also. Ive converted my users linux accounts to Samba accounts. Ive tried setting all shares to "777", tried using Guest=yes and every other thing under the sun. Could somebody post a simple smb.conf with a share that should allow ANYBODY to to have access no matter what? Im at my wits end. I should also mention that these machines used to connect to a Samba 2.x server without issue. Ive done the required policy changes and registry tweaks. That doesn't help either. Brian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)???
Hi, I have compiled and installed Samba 3.0.7 with MIT Kerberos 1.3.5 and OpenLDAP 2.2.17. The reason for it is that I need to authenticate Windows' user accesses to a Samba share via the Samba's ADS security mode. I found out one potential problem with Samba 3.0.7 and I have one general question: Problem Normally, when Samba is started, there should be one smbd process and one nmbd process up and running. Then, one additional smbd process is started for each share established with a client pc. However, this is not the case here. When I start Samba 3.0.7, I get two (instead of one) smbd processes and one nmbd process. Other then that, everything seems to work ok (although I did nor had the time to perform a lot of testing...). Is this a new Samba feature or is there something wrong here? Please note that I started Samba 3.0.7 with the same smb.conf file I used with Samba 3.0.2a. It is setup in Domain security mode because I wanted first to make sure that the binaries I created was at least functional. Question - Whether I use the Domain or ADS security mode, my requirements with Samba is to have a network share from a Sun Solaris machine to be accessible to a few (about 15) Windows 2000 machines so that the main application running on these machines can export many data files on the Sun Solaris machine in a transparent manner, i.e. thinking it is a Windows server. I do not need (and do not want...) to have users logging on the Sun Solaris machine and I do not have a need to provide a kind of general file server service to many Windows users through Samba, nor do I need to implement a SSO to users having both Windows and UNIX accounts. I was able to implement successfully Samba 3.0.2a in DOMAIN security mode that way. I need to do it in ADS security mode. The question is: do I really need Winbindd, PAM, etc. for this? I do not think so in my particular situation, but I would like to have this confirmed by someone from the Samba team. Thanks in advance for the answer! Regards, Marcello Melfi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: winbind with ldap backend permissions
Thorsten Scherf wrote: On Wed,, 06.10.2004 Igor Belyi wrote: I think the difference is that you forgot to add '.regexp' to your access statement. It should have been: dn.regexp="(.*),ou=idmap,dc=example,dc=com" otherwise it was matching dn as it is without applying regular expression rules. I think I got it! :o) To add entries you need to have access to the root entry where children are created and that's what subtree does. In your example you have an extra comma which cause you the headache. Try to change it to the following: dn="(.*)ou=idmap,dc=example,dc=com" Hope it helps, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] windows small buisness server and SMB
hi guys, just want to confirm something. at the moment im running around 30 XP workstations with a SMB domain controller / file / print server. anyway another collegue has purchased a new server running microsoft small buisness server 2003 and has set it up to run microsofts sharepoint software. She is keen to add this server as a member of our main domain. now im pretty sure ive been told that windows small buisness server 2003 cannot be a member of a domain without needing to be the PDC is this true. i cannot find where i read this so i was hoping one of you may be able to confirm this either way. thanks for your help -- Shaun Feeley System Admin CYTOPIA RESEARCH PTY LTD A.C.N. 082 492 680 Level 5, Baker Heart Research Institute Building Commercial Road Melbourne Victoria 3004 Australia Tel: +61 3 9522 6900 Fax: +61 3 9510 9292 Email: [EMAIL PROTECTED] Website: www.cytopia.com.au The information contained in this e-mail is confidential and is intended only for the use of the addressee (s). If you receive this e-mail in error, please notify the sender by return e-mail immediately and erase all copies of the message and attachments." -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT4 Domain Member Server Access Denied v3.07
I want to set up a Samba Server (Cactus_3) as member server in our NT4 domain (PDC is Cactus_1, BDC is Cactus_2). We have about 50 client workstations most of which are WinXP but we have a few Win2K and Win98 machines. Shortly we will migrate off the NT4 servers but in the meantime we wish to test some real time scenarios. It is for this reason that I want SSO so the tests are transparant to the users. I don't want to replicate 40 users into the unix environment. I followed the setup in Chapter 2 of the HOWTO Collection for a Domain Member server. I am using Samba 3.07 on Suse 9.1. My smb.conf file follows the signature line as well as nsswitch.conf file. I have reread chapters 3,6, & 9 from the HOW-TO Collection. I have read through the archives for October & September and googled the user group, but i am still not finding what I am missing. Here is an outline of whats happening. 1) "linux~# net rpc join -U%" works, at least it responds with 'Joined domain DOMAIN'. 2) "linux~# wbinfo --set-auth-user=,%" appears to succeed. 3) "linux~# wbinfo -u" succeeds in giving a list of all domain users (same for groups with -g flag) however it shows "domainuser" only and not "DOMAIN+domainuser" as indicated in the chapter text. 4) "linux~# getent passwd " succeeds. 5) "linux~# chown /export/a_file" appears to succeed however a listing of "/export/a_file" shows owner remaining as 'root'. 6) "linux~# net rpc trustdom list" fails with the message: linux:~ # net rpc trustdom list Password: Could not connect to server CACTUS_1 The username or password was not correct. [2004/10/06 16:31:06, 0] utils/net_rpc.c:rpc_trustdom_list(3030) Couldn't connect to domain controller linux:~ # 7) Other 'net rpc' commands fail as illustrated: linux:~ # net rpc samdump [2004/10/06 16:36:41, 0] utils/net_rpc_samsync.c:rpc_samdump_internals(216) Could not fetch trust account password linux:~ # net rpc getsid Storing SID S-1-5-21-1930001043-1750228388-9522986 for Domain DOMAIN in secrets.tdb linux:~ # net rpc vampire Could not retrieve domain trust secret 8) From Windows Explorer on a Windows PC workstation I see the Samba server (Cactus_3) and I see shares (ACCTMATE, DOCUMENTS, PICTURES, Printer LexMark T522) but I get 'Permission Denied' when attempting to access. Mapping through "net use k: \\cactus_3\documents" succeeds but access is still denied. A directory listing from the command window responds as "File not found." Please be so kind as to point out what I am missing. Thank you for your kind help. Dennis A. Johnson Controller K.M.B., Inc. Phoenix, Arizona, USA smb.conf #~ Configuration for Samba Server (Cactus_3) to be a member server on NT4 domain DOMAIN #~ Shares should be accessible to every authenticated user on DOMAIN. #~ PDC is Cactus_1 (192.168.0.70) is also WINS server #~ BDC is Cactus_2 (192.168.0.252) is also DHCP server #~ Network is 192.168.0.0/24 #~ revisions 1.0 10/06/2004 1:00PM # # [global] workgroup = domain server string = Samba Server netbios name = Cactus_3 security = domain password server = CACTUS_1 CACTUS_2 wins server = 192.168.0.70 winbind separator = + winbind use default domain = yes winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 15 winbind enum users = yes winbind enum groups = yes idmap uid = 15000-2 idmap gid = 15000-2 use sendfile = yes interfaces = 127.0.0.1 eth0 hosts allow = 192.168.0. 127. bind interfaces only = true local master = no printing = cups printcap name = cups printer admin = @ntadmin, root, administrator disable spoolss = yes map to guest = Bad User encrypt passwords = yes passdb backend = smbpasswd # SO_RCVBUF=8192 SO_SNDBUF=8192 # socket options = TCP_NODELAY # add machine script = # domain master = false # domain logons = yes # local master = no # preferred master = auto # ldap suffix = dc=example,dc=com [homes] comment = Home Directories valid users = %S browseable = no read only = no guest ok = no printable = no [ACCTMATE] comment = Accounting Application Only path = /export/ACCTMATE writeable = yes inherit permissions = yes # veto files = /aquota.user/groups/shares/ browseable = yes guest ok = no printable = no [Documents] comment = Public Documents path = /export/Documents writeable = yes inherit permissions = yes browseable = yes guest ok = no # printable = yes [Pictures] comment = Public Pictures path = /export/Pictures read only = no writeable = yes # printable = yes browseable = yes inherit permissions = yes guest ok = no [printers] comment = All Printers path = /var/spool/samba printer admin = root, itadminkmb, dennis printable = yes create mask = 0600 browseable = no guest ok = no [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force g
Re: [Samba] Using parameters in lpq command conflicts with background
Thank you for the response. After some further investigation, I discovered that Samba 3.0.3 behaves correctly (i.e. the %U substitution works). Samba 3.0.7 is ignoring the %U substitution. This would fit in with your comment about jumping to 3.0.6. Will someone likely be addressing this issue, or would it be proper for me to make a propsed fix and submit the diff? Oh - and my apologies for submitting quoted-printable (i.e. the wide-screen version) on my original post. -Jerry - Original Message - From: "Mac" <[EMAIL PROTECTED]> To: "Jerry Askew" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, October 05, 2004 3:06 AM Subject: Re: [Samba] Using parameters in lpq command conflicts with background Hi Jerry, (and rest of list) I have an application than makes use of the "lpq command" and uses the %U parameter in the command string. The application returns a personalized queue list based on the value of %U. This technique worked well in older versions of Samba (circa RedHat 8), but I have run into some trouble with Samba 3. The issue appears to be twofold. 1) The lpq command is now run from the background lpq monitoring process, which does not have a "user" (%U) per-se associated with it. 2) The background lpq process maintains its cache(s) based on the service name. IIRC, the older caching system maintained a cache for each unique "lpq command" line. Indeed it did. In fact the whole (tdb-based) lpq monitoring system has a whole heap of changes from previous Samba versions (we jumped from 1.9.18p8 to 3.0.6) and all sorts of strange things happen now. I've temporarily solved the problem by running smbd from inetd - this prevents the background lpq process from running and causes each user's process to invoke their own lpq command (complete with %U substitution). Fab! Thanks for finding this workaround. I'll give it a shot. Would it be possible to update the background lpq code to use the (fully substituted) lpq command as the cache identifier instead of (or in addition to) the service name? My application aside, I think it would be best if Samba's behavior was consistent in both daemon and non-daemon modes. I'd be willing to lend my mediocre programming skills to the task if it would help. I agree about the damon vs. non-daemon mode, very odd that the behaviour is inconsistent. Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Passwords -Solved
It seems that when I used SuSE's YaST (gui) to set my Samba parameters, the parameter "guest ok" was set to "yes" but it remained as "No" in the smb.conf file. (I haven't been able to duplicate it.) Anyway, perhaps this can help someone. Don Henson Donald D Henson wrote: I'm a Samba newbie also so please bear with me. I installed Samba 2.x under SuSE 9.0. It worked well for my simple setup (home network with one Linux fileserver, one WindowsXP desktop, and one WindowsXP laptop all connected via a 10/100 ethernet). When I upgraded to SuSE 9.1, I was automatically upgraded to Samba 3.x. This still worked with my original settings but something would go wrong about once every 24 hours or so. (I would have to disable and restart Samba.) When I ran across Samba 3.0.7, I installed it and now things seem to be working except that Samba always asks me for a username and password but I can't figure out which username and password it's asking for. Since this is a home network, I would be quite happy without usernames and passwords but I can't figure out how to do that either. I've read about Samba in the SuSE admin manual, studied a couple of chapters in a Samba online book (that I can't find anymore), and have reviewed the HOW-TOs that come with Samba. For a newbie, these publications are very difficult to understand. I just want my Windows clients to be able to access some files on my Linux box. Any assistance in this direction will be appreciated. -- Donald D. Henson, Managing Director West El Paso Information Network The "Non-Initiation of Force Principle" Rules -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Point&print problem: printer names show the ip, not the server name.
Hello, i have this strange problem with printing and server naming after upgrading a server from RH9 (running Samba 3.0.3 ) to Fedora Core 1 (3.0.7-2.FC1). Everything was working before the upgrade, but i immediately started noticing some peculiarities after restoring the samba files (/etc/samba, /var/cache/samba) and starting samba. The problem manifests by the following: - when i double click on a workstation printer created using point&print, the header of the window shows the ip number of the server instead of the server name. The printer description on the local printers&faxes folder is right, though: ex: "laser on jimmy". - creating a new printer using point&print, the new printer gets a description as "laser on 192.168.2.19" (using the ip number, not the server name). - If i am not validated on the domain, but just login to the server, accessing the shared printers directly asks me again for the username and password, and if i use the net use command, i notice that i am mapped to both \\server\ipc$ and \\192.168.2.19\ipc$ In all cases, point&print seems to be messed up to the point it can't install new printer drivers unless the drivers are already installed locally. Since i changed the dns domain name of the server, i first looked at the possibility of a dns configuration problem, but after looking everywhere i am stumped. Any ideas? A portion of my smb.conf: [global] workgroup = WORKGROUP server string = JIMMY File Server passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = netlogon.bat logon path = \\%L\%U\profile logon drive = u: domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes printer admin = @ntadmin hosts allow = 192.168.2., 1.0.0., 127. cups options = raw [printers] comment = All Printers path = /var/spool/samba create mask = 0600 guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /etc/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 guest ok = Yes Thanks in advance, Pedro -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with displaying large number of large file names
[EMAIL PROTECTED] schrieb: We have been using Samba for 4 or 5 years. The server has done its function well. Now, I'm trying to upgrade from 2.0.3 to 3.0.x ==> We serve files with large file names (80 characters). We can see all file names on our 2.0.3 server but cannot on the 3.0.x implementation. ==> Seems coincidental with trying to operate on files in UNIX Did you check if your dos charset unix charset display charset settings are correct? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Need to mass update pasword expiration - which ldap attributes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 06 Oct 2004 22:50, Andrew Bartlett wrote: > On Thu, 2004-10-07 at 06:06, Jeff Davis wrote: > > Hi, > > > > I need to mass-update my users in openldap so that their passwords don't > > expire (school teachers). Anyone have any ideas about what the best > > process would be for accomplishing this? > > A Net::LDAP script is what I use for all of this type of admin task. That means a Perl script. See here for examples from the LDAP O'reilly book: http://examples.oreilly.com/ldapsa/ > > Andrew Bartlett - -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1467 624141 M +44 (0) 7930 323266 F +44 (0) 1224 742001 E [EMAIL PROTECTED] Open Source. Open Solutions. http://www.suretecsystems.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBZGkBeWseh9tzvqgRAltLAKCR3NAKqkx10OHrN5277VRWDxRBmwCeNGrF aCwF7WPgP4wtRutECVc2T7E= =phI6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Need to mass update pasword expiration - which ldap attributes?
On Thu, 2004-10-07 at 06:06, Jeff Davis wrote: > Hi, > > I need to mass-update my users in openldap so that their passwords don't > expire (school teachers). Anyone have any ideas about what the best > process would be for accomplishing this? A Net::LDAP script is what I use for all of this type of admin task. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Installing printer Drivers into [print$]
Hi, I am trying to install the a HP 4100 printer driver to samba(2.2) from a xp machine. I have download the driver from HP site. I am following the instruction on the HOWTO by Open the Windows Explorer, open Network Neighborhood, browse to the Samba host, open Samba's Printers folder, right-click on the printer icon and select Properties, then prompted with "The '' printer driver is not installed on this computer. Some printer properties will not be accessible unless you install the printer driver. Do you want to install the driver now?" click NO, Click on New Driver to install a new printer driver , then the APW starts up. I picked the HP 4100 driver from the list and prompted with window asking me to specify the driver location. ( but windows xp comes with 4100 driver and i did tcp/ip printer install and it went fine. ) anyway, i go download the HP 4100 driver and locate it in the above step, it complains with 'windows cannot locate a suitable printer driver.' i am really baffled.. what did i do wrong ? many thanks, Qiang ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba and xp
Hi, I've problems with a mixed network: a debian woody file server with samba 3.07 from backports and 5 xp-home/pro clients. When I browse the network, looking for debian, I see two identical debian icons on the clients gui and, copying massive quantity of folders to debian, after 10/20 minutes there is a disconnection advise. The client doesn't freeze, just disconnects. I have others file server with a windows LAN with win98, win2k and xp but I've never had this kind of problems. Do you have similar experiences? Thanks, ricc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Efficient way to login/logoff users
RTFM: deadtime (G) The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is consid- ered dead, and it is disconnected. The deadtime only takes effect if the number of open files is zero. This is useful to stop a serverâs resources being exhausted by a large number of inactive connections. Most clients have an auto-reconnect feature when a connection is broken so in most cases this parameter should be transparent to users. Using this parameter with a timeout of a few minutes is recom- mended for most systems. A deadtime of zero indicates that no auto-disconnection should be performed. Yang On Tue, 05 Oct 2004 20:31:18 -0300 (EST), [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi there, > I have a network running win9x/2000 machines, connected to > a samba server with ldap autentication. I wanna know if > there's way to receive information about login(principally > logoff) in a fast way.. The WIN machines take a long time to > send the logoff message (about 2-3min). I was thinking in > running a program every time the users login and logoff, this > program could send a logoff message to a server and it must > run on windows machines..is there a way to run that program? > > Waiting answears, > Erich Silvestre > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Need to mass update pasword expiration - which ldap attributes?
Hi, I need to mass-update my users in openldap so that their passwords don't expire (school teachers). Anyone have any ideas about what the best process would be for accomplishing this? Thanks... -Jeff -- Jefferson K. Davis Technology and Information Systems Manager Standard School District 1200 North Chester Ave Bakersfield, CA 93308 USA 661-392-2110 ext 120 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problem with displaying large number of large file names
We have been using Samba for 4 or 5 years. The server has done its function well. Now, I'm trying to upgrade from 2.0.3 to 3.0.x ==> We serve files with large file names (80 characters). We can see all file names on our 2.0.3 server but cannot on the 3.0.x implementation. ==> Seems coincidental with trying to operate on files in UNIX /ms9v_000>ls * /bin/ksh: /usr/bin/ls: 0403-027 The parameter list is too long. ms9v_000>ls | wc 441 441 33957 samba will display all files in /ms9v_000 in 2.0.3 (441 files) but only 65 files are displayed in 3.0.x release ==> We can access all files by name, but a directory listing in DOS prompt only displays 65 files and the Windows display only lists 65 files /PCTMP>ls | wc 518 7036988 ls * in the "/PCTMP" directory works fine samba will properly display all files in /PCTMP in 2.0.3 release and 3.0.x release I tried using 3.0.1, 3.0.4, 3.0.5, and 3.0.7 releases. Thanks for your time. Regards, David Marshall Phone: 937-309-9437 Fax: 937-645-6262 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + ldap pdc and SUS
I use tqcrunas / regedit via the login script. Here's my .reg file for the update Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "WUServer"="http://serverurlgoeshere"; "WUStatusServer"="http://serverurlgoeshere"; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "NoAutoUpdate"=dword: "AUOptions"=dword:0004 "NoAutoRebootWithLoggedOnUsers"=dwoord:0001 "ScheduledInstallDay"=dword: "ScheduledInstallTime"=dword:0006 "UseWUServer"=dword:0001 "RescheduleWaitTime"=dword:0001 Mattia wrote: Hi all, I'm here again ith a non-strictly samba related problem, but I hope someone in the list has already faced and perhaps solved it... I've got a 60 clients network (most Windows 200 and XP) organized in a domain. The pdc and bdc run on Fedora 2 + samba 3.0.7-2.FC2 + openldap-2.1.29-1, and everything works fine. To limit the use of internet bandwidth I installed a Windows 2003 server acting as SUS (Software Update Services) server (for those who don't know it... it's something similar to an internal Windows Update server) The problem is I can't configure the clients to point to the new server instead of the official Windows Update servers. If the domain would have been Windows-based I would have done it with a group policy, but I have no possibility to do it with Samba. I've tried to remotely modify the registry keys on the clients, but with no success (the change requires also a local policy change, not just a registry key change, and I don't know how to do it remotely). Has anyone of you guys ever tried a setup like this? Sorry if I'm a little bit OT... Thanks! Bye... Mattia -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netbios name failure, wins problem?
Hi all, [EMAIL PROTECTED]:/var/log/samba# nmblookup -S PDC querying PDC on 10.0.0.255 10.0.0.4 PDC<00> Looking up status of 10.0.0.4 PDC <00> - H [EMAIL PROTECTED]:/var/log/samba# nmblookup -S testefinal querying testefinal on 10.0.0.255 10.0.0.100 testefinal<00> Looking up status of 10.0.0.100 TESTEFINAL <00> - B But it don't found in master-browser. [EMAIL PROTECTED]:/var/log/samba# nmblookup -M testefinal querying testefinal on 10.0.0.255 querying testefinal on 127.255.255.255 name_query failed to find name testefinal#1d [EMAIL PROTECTED]:/var/log/samba# nmblookup It don't found into wins.dat [EMAIL PROTECTED]:/var/log/samba# tail -f /usr/local/samba/var/locks/wins.dat VERSION 1 0 "PDC#00" 1097349014 10.0.0.4 66R "PDC#03" 1097349014 10.0.0.4 66R "PDC#20" 1097349014 10.0.0.4 66R "DOMAINNAME#00" 1097349014 255.255.255.255 e4R "DOMAINNAME#1b" 1097349014 10.0.0.4 64R "DOMAINNAME#1c" 1097349014 10.0.0.4 e4R "DOMAINNAME#1e" 1097349014 255.255.255.255 e4R [EMAIL PROTECTED]:/var/log/samba# ifconfig eth0 Link encap:Ethernet HWaddr 00:90:27:70:E7:A5 inet addr:10.0.0.4 Bcast:10.0.0.255 Mask:255.255.255.0 10.0.0.100 is my windows workstation. My smb.conf [global] workgroup = DOMAINMANE netbios name = PDC server string = PDC security = user encrypt passwords = yes load printers = yes log file = /var/log/samba/%m.log max log size = 50 os level = 33 local master = yes domain master = yes preferred master = yes domain logons = yes admin users = fernando.ribeiro, wesley.lago logon script = %U.bat logon path = \\%L\profiles\%U wins support = yes name resolve order = wins lmhosts hosts bcast dns proxy = no # smb ports = 137 138 139 445 interfaces = 127.0.0.1 eth0 bind interfaces only = Yes ldap passwd sync = yes ldap delete dn = Yes ldap port = 636 ldap ssl = yes passdb backend = ldapsam:ldaps://ldap.domain.com.br/ ldap admin dn = cn=suporte,dc=domain,dc=com,dc=br ldap suffix = dc=domain,dc=com,dc=br ldap group suffix = ou=Grupos ldap user suffix = ou=Usuarios ldap machine suffix = ou=Computadores idmap uid = 1-15000 idmap gid = 1-15000 nt acl support = yes create mask = 600 directory mask = 0700 force directory mode = 0700 passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add user script = /usr/local/sbin/smbldap-useradd -m "%u" delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" dos charset = UTF-8 unix charset = UTF-8 cups server = 10.0.0.11 [homes] comment = Diretorio Home browseable = no writable = yes force user = %U [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = Yes csc policy = disable force user = %U valid users = %U @"Domain Admins" [netlogon] path = /home/netlogon browseable = No read only = yes [printers] comment = Impressoras path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes Anyone know why? -- Fernando Ribeiro - GPG-KEY: 0x8D7255F4 Linux Counter: #273768 - ICQ: 175630330 Linux Professional Institute - LPIC-1 Death the graph! Death the mouse! Death patents! Death closed standards! http://www.nerdgroup.org http://musb.nerdgroup.org -- "Grandes mentes discutem idéias; Mentes medianas discutem eventos; Mentes pequenas discutem pessoas." -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] CIFS in fstab
Hi, folks, I have a difficulty using a cifs connection... O/S: Mandrake 10.0, updated kernel, at 2.6.8.1-12mdk, running Samba 3.0.7 packages. I'm trying to mount, via CIFS a share on a Windows 2003 server. I have no control over the use of smb signing, so I need to use cifs, not smbfs (the organisation as a whole has over 25000 users, using numerous servers, almost exclusively Microsoft based). I can successfully mount the share in question, using: mount.cifs //winserver/share /winshare -o user=linuxwinshareduser ...then entering a password, however, I ***cannot*** get this to work automatically when trying to do it in my fstab, using: //winserver/share /winshare cifs user=linuxwinshareduser, pass=password However, the command: mount -t smbfs //winserver/winshare /winshare -o username=linuxwinshareduser ***works*** ...but: mount -t cifs //winserver/winshare /winshare -o username=linuxwinshareduser *fails* Of course, all works well when I specify the ip address of "winserver", in the fstab, but IIRC, this invokes a (slightly?) different method of establishing the connection. And I might (or someone else might) at some point change the ip address of "winserver". The Linux server in question has been joined to the Windows (Active directory) domain, successfully. It authenticates users, using AD, just fine. Any hints? Thanks. -- John Kirkland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] "security = user" security setting
[EMAIL PROTECTED] wrote on 10/06/2004 01:20:30 PM: > Using Samba 3.x, we are looking at the "security" setting. We want to > get "security = user" to work, preferably with user authentication > independent from local /etc/passwd & shadow. But we don't want to use > Samba-based authentication due to administrative overhead. > > Ideally, we want to tie in with a Windows Active Directory domain > through Kerberos 5 so people can use their AD username & password > (instead of maintaining it separately) and to avoid having to create > many users locally (in /etc/passwd or Samba-based user list) to reduce > administrative overhead. Any ideas? > > Thanks, > > -- > -Brian > [EMAIL PROTECTED] > [EMAIL PROTECTED] > -- I would think what you wanted to use is "security = ADS", and then use samba and winbind to authenticate against your AD domain. This security setting would not require you to to any additional user management, because people could log in to samba using their AD account and password. There is plenty of decent documentation on setting up Samba and Winbind. Google should be a good start. ~alex > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.7 & adding machines. Wrong primary group.
Hi! Some time ago (samba 3.0.1?) I added machines to my domain with 'srvmrg.exe' and all went as I expect. IIRC. If I am now adding machines, all machine-accounts have the initially group "users" set instead of "machines". But they should't. | add machine script = useradd -d /dev/null -g machines -s /bin/false %u This is, because even if adding machines to the Domain the "set primary group script" is called. But there is (or I see) no need for that. Just when adding users to the Domain, this script is needed. So, is this a "Bug" or a "Feature"? Should I write a Bug-Report? TIA. -- <) .--. )#=+ ' /## | .+.Best regards, ,,/###,|,,| Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Passwords
I'm a Samba newbie also so please bear with me. I installed Samba 2.x under SuSE 9.0. It worked well for my simple setup (home network with one Linux fileserver, one WindowsXP desktop, and one WindowsXP laptop all connected via a 10/100 ethernet). When I upgraded to SuSE 9.1, I was automatically upgraded to Samba 3.x. This still worked with my original settings but something would go wrong about once every 24 hours or so. (I would have to disable and restart Samba.) When I ran across Samba 3.0.7, I installed it and now things seem to be working except that Samba always asks me for a username and password but I can't figure out which username and password it's asking for. Since this is a home network, I would be quite happy without usernames and passwords but I can't figure out how to do that either. I've read about Samba in the SuSE admin manual, studied a couple of chapters in a Samba online book (that I can't find anymore), and have reviewed the HOW-TOs that come with Samba. For a newbie, these publications are very difficult to understand. I just want my Windows clients to be able to access some files on my Linux box. Any assistance in this direction will be appreciated. -- Donald D. Henson, Managing Director West El Paso Information Network The "Non-Initiation of Force Principle" Rules -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.5 cannot mount Windows 2003 shares
I have kernel 2.4.20-31.9smp, samba-3.0.7-1 and redhat linux and I have a problem like as " I'm having a real hair-raising problem here and I thought maybe someone could help. At least I hope so. My workstation was running 3.0.2a, upgraded to 3.0.5. After upgrading to 3.0.5, I can no longer mount shares on my 2003 server. This started happening on an upgrade to 3.0.4 as well, I might add. Permissions-wise: I own the directory mounts on the local Linux workstation, directories are set 755. When I try to mount with smbfs via an fstab entry: //kitanah/home /mnt/kitanah/home smbfs credentials=/etc/credentials,uid=1000,gid=100,workgroup=RED-ABSTRACT,noauto,rw,users,user 0 0 ...nautilus crashes and all attempts to "ls" the mounted directory result in "ls: permission denied." Also, I can no longer work with the directory or unmount it until I reboot. I've also tried the fstab line above, substituting smbfs for cifs and I get "missing or invalid username," despite the fact that /etc/credentials is in the format: username=vermyndax password=(nottelling) cifs also fails with the same error if I try to do a "mount -t cifs yadda yadda". I have SMB signing disabled on the 2003 server and this was working fine until the upgrade to 3.0.4 and now 3.0.5. I've spent the better part of two days trying to figure out what's going on, but cannot unravel it. Can anyone here give me some pointers on what I can check? Thanks in advance. " sorry, my english is poor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Spoolserver: Connection timed out
Hi people! I use samba and cups as a print-/spoolserver. The clients are WinXP machines (SP1). When the XP client is attached to network and keeps running the samba server corresponds after a while (i have no idea after how long exactly) the bellow error message. Additionally the same error occures when the printserver starts (off any reason) later than the clients. log.winclient: [2004/09/05 22:39:08, 0] lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Connection timed out [2004/09/17 19:19:34, 0] lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Connection reset by peer [2004/09/20 21:56:26, 0] lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Connection reset by peer [2004/09/20 22:04:12, 0] lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Connection reset by peer Has anybody of you an idea how i can solve this problem. My current workarround is to restart samba and reboot the clients afterwards (not really the best solution :-)) Thanks for helping a samba newbie. P.s.: My samba version: 2.2.3a-13 for Debian (woody) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Best locking strategy
Hi, I have a customer having one samba server (running samba 3.0.0 and IRIX 6.5.22f) where the share is exported read-only to 5 editing systems running Windows XP. The files are written in that share with ftp. So ftp is write only, and smb concurrent read-only. It is possible that the Windows clients work on growing files. It works basically very well, but from time to time, there is a kind of congestion, samba response times are very high. After having checked the complete network setup, the next point to check is the samba configuration. The current configuration is: [Rohmaterial] comment = Rohmaterial path = /smb/clips/rohmaterial read only = Yes Browsable = Yes fake oplocks = Yes And now the questions: 1) I am considering to also disable the locking (locking = no). I have read a lot about locking and oplocks during the last 2 days, but I am not 100% sure if it is a good idea to do it. Any comment about that ? 2) Would it make sense to disable the kernel oplocks to avoid oplock breaks when the material coming over ftp is growing ? 3) If 1 and 2 are simply stupid, what would be the best locking strategy in that setup ? Thanks for input, Pierre. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Spoolserver: Connection timed out
Hi people! I use samba and cups as a print-/spoolserver. The clients are WinXP machines (SP1). When the XP client is attached to network and keeps running the samba server corresponds after a while (i have no idea after how long exactly) the bellow error message. Additionally the same error occures when the printserver starts (off any reason) later than the clients. log.winclient: [2004/09/05 22:39:08, 0] lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Connection timed out [2004/09/17 19:19:34, 0] lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Connection reset by peer [2004/09/20 21:56:26, 0] lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Connection reset by peer [2004/09/20 22:04:12, 0] lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Connection reset by peer Has anybody of you an idea how i can solve this problem. My current workarround is to restart samba and reboot the clients afterwards (not really the best solution :-)) Thanks for helping a samba newbie. P.s.: My samba version: 2.2.3a-13 for Debian (woody) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] "security = user" security setting
Using Samba 3.x, we are looking at the "security" setting. We want to get "security = user" to work, preferably with user authentication independent from local /etc/passwd & shadow. But we don't want to use Samba-based authentication due to administrative overhead. Ideally, we want to tie in with a Windows Active Directory domain through Kerberos 5 so people can use their AD username & password (instead of maintaining it separately) and to avoid having to create many users locally (in /etc/passwd or Samba-based user list) to reduce administrative overhead. Any ideas? Thanks, -- -Brian [EMAIL PROTECTED] [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] logon scripts by group
Misty Stanley-Jones schrieb: Hi, I am having a hard time figuring out how to have logon scripts that only execute if the user is a member of a certain group. I had the smart idea of putting the supplemental logon script in a share only available to the group, and then calling it from the normal logon script using "CALL "path_to_script". However it looks like it always executes that CALL even if the user is not part of a group, and I don't want to confuse my users by the text that goes into the DOS window that pops up to run the logon scripts. Also, somehow I feel like there must be a better way to do this, some way to query Samba for group membership as the user logs in. Also, is there a such thing as a logoff script? Or do I need to put those things in postexec scripts? (things like "net use /d *") Thanks for your assistance to this non-Windows user! Misty hi, the simpelst way is to use to create one default script for every user default.bat and write a ifmember statement ( ifmember.exe is in the win resource kit) which leads then to a "group.bat". there is also a tool called hidecmd to make the popup at logon unvisible and cpau ( with crypt ) to give admin rights if you desire to implement higher access statements. Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust between two samba
Šopík Bronislav schrieb: I have a problem with Samba: I want to make trust between two Samba domains. I have setup the trust on the DOMAINB server then on the Samba DOMAINA server "net rpc trustdom establish DOMAINB" I then get the following: Password: [entered password] Could not connect to server SERVERB[this is the PDC for the DOMAINB domain] Trust to domain DOMAINB established When I then try to logon to the DOMAINB domain from XP computers in DOMAINA domain, I always get a fail with bad password. Please can someone help me. Sopik Brona hi, this normally is a network problem for establish the trust a good connection and wins browsing must work but there may be also some other issues which bug your trust, what are the log talking of? Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + ldap pdc and SUS
Mattia schrieb: Hi all, I'm here again ith a non-strictly samba related problem, but I hope someone in the list has already faced and perhaps solved it... I've got a 60 clients network (most Windows 200 and XP) organized in a domain. The pdc and bdc run on Fedora 2 + samba 3.0.7-2.FC2 + openldap-2.1.29-1, and everything works fine. To limit the use of internet bandwidth I installed a Windows 2003 server acting as SUS (Software Update Services) server (for those who don't know it... it's something similar to an internal Windows Update server) The problem is I can't configure the clients to point to the new server instead of the official Windows Update servers. If the domain would have been Windows-based I would have done it with a group policy, but I have no possibility to do it with Samba. I've tried to remotely modify the registry keys on the clients, but with no success (the change requires also a local policy change, not just a registry key change, and I don't know how to do it remotely). Has anyone of you guys ever tried a setup like this? Sorry if I'm a little bit OT... Thanks! Bye... Mattia Hi, you can do this in serveral ways , reg patch, programs, but the best way is to create a ntconfig.pol i run this very nice for years here you get info about many way to do it http://susserver.com/ regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Slow Directory listing
When you move the mouse pointer over a file in the explorer, it tries to prepare to display the information popup. This means reading a part of the file, even if it is on a network drive. Maybe there is something similar for directories, even though no information popup is ever opened. So you might try to disable the explorer option about information popups. In case you want to understand what is going on, you could use a spyware, such as the free utility "filemon" from Sysinternals. I can show you which files or directories are opened by the explorer. Yves. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind with ldap backend permissions
Igor Belyi wrote: Thorsten Scherf wrote: this works fine. but what is the difference to "dn=(.*),ou=idmap,dc=example,dc=com"? with my understanding of the ldap-access rules it should just be a performance issue, souldn't it?! I think the difference is that you forgot to add '.regexp' to your access statement. It should have been: dn.regexp="(.*),ou=idmap,dc=example,dc=com" otherwise it was matching dn as it is without applying regular expression rules. Hm.. On the second reading of slapd.access it looks like regex is a default dnstyle... I'll try to experiment and see if I can comeup with the answer to the 'difference' question. Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Impact of bnetd judgment on Samba?
On Tuesday 05 October 2004 23:05, Alex Satrapa wrote: > Just wondering if the decisions in the bnetd case might affect Samba at > all? > The specs of the SMB protocol are public, so at least at present there's not much anybody can do. The real question (which only time will answer) is whether or not MS will insert new patented technology into a newer version of the protocol. Nobody really knows, but given the need for backwards compatibility the existing protocol is likely to be supported for the forseeable future anyway. So I wouldn't worry (yet). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] logon scripts by group
Step 1: Create a NETLOGON share with a group variable in the path e.g. /domain_data/netlogon_shares/%g Step 2: In the [globals] section of your conf file enter the name of your script for 'logon script' (e.g. login.bat) Step 3: On your samba PDC create folders for each group name in /domain_data/netlogon/ (or whatever location you have chosen) make sure that users will have read only access. Step 4: Put your login.bat scripts in each folder (you may want to use symbolic links if many groups use the same script - it will make it easier to edit in future). Hope this helps, Lee Baker -Original Message- Sent: 06 October 2004 16:33 To: [EMAIL PROTECTED] Subject: [Samba] logon scripts by group Hi, I am having a hard time figuring out how to have logon scripts that only execute if the user is a member of a certain group. I had the smart idea of putting the supplemental logon script in a share only available to the group, and then calling it from the normal logon script using "CALL "path_to_script". However it looks like it always executes that CALL even if the user is not part of a group, and I don't want to confuse my users by the text that goes into the DOS window that pops up to run the logon scripts. Also, somehow I feel like there must be a better way to do this, some way to query Samba for group membership as the user logs in. Also, is there a such thing as a logoff script? Or do I need to put those things in postexec scripts? (things like "net use /d *") Thanks for your assistance to this non-Windows user! Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: winbind with ldap backend permissions
Thorsten Scherf wrote: On Wed, 06.10.2004 Igor Belyi wrote: Thorsten Scherf wrote: hi, I set up a winbindd with a ldap backend, here is the relevant part of my smb.conf: idmap backend = ldap:ldap://mail.rhel.homelinux.com ldap admin dn = cn=winbind,dc=example,dc=com ldap suffix = dc=example,dc=com ldap idmap suffix = ou=idmap On the ldap server I set up the ou=idmap and also permissions for cn=winbind to write into the ou=idmap: access to dn="(.),ou=idmap,dc=example,dc=com" by dn="cn=winbind,dc=example,dc=com" by * read Did you try to change your 'what' part of the access to: dn.subtree="ou=idmap,dc=example,dc=com" this works fine. but what is the difference to "dn=(.*),ou=idmap,dc=example,dc=com"? with my understanding of the ldap-access rules it should just be a performance issue, souldn't it?! I think the difference is that you forgot to add '.regexp' to your access statement. It should have been: dn.regexp="(.*),ou=idmap,dc=example,dc=com" otherwise it was matching dn as it is without applying regular expression rules. Hope it helps, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain trusts (Again)
rruegner wrote: Doug Curtis schrieb: I hope someone can answer this since my other emails have gone unanswered. I am using Samba 3.0.7 on both machines and am using LDAP. I believe that the trusts are working but I am still having a slight problem. I guess we'll use DOM1 and DOM2 for the domain names. DOM2 is trusting DOM1. If a DOM1 user tries to locally login to a DOM1 computer, it gives a "System could not log you on." error. I noticed in the logs that it is trying to create a user with the same name but it is getting this error: "Error: modifications require authentication at /usr/local/sbin///smbldap_tools.pm line 885, line 283." If I manually create a user in DOM1 with the same username, it will then let the user in DOM2 login. Is this how the trust is supposed to work? The user has to have a posix account in both domains? Also, if a user is logged into DOM1 and browses to the DOM2 server, the DOM2 server automatically creates a posix account for that user, thus letting that person login locally to DOM2 from then on. It seems as though it is able to create the posix account it needs when browsing but not when a user tries to login locally for the first time. I hope this makes some sense to someone. Thanks, Doug I guess yor trust is not working in the right way so , the pdc tries to create a temp account with ldap tools ( which fails ) Ahh, I hoped that this wouldn't be the proper way for trusts to work. Otherwise, what's the point of trusts? I've used NT4 trusts before and didn't have a problem with those. If you have 2 domains with different ldap servers , every domain must have her own complete accounts cause they acting as complete different system , as far i know the trust is only handeled by hashes through the pdcs and given to the clients longing that hash that there is now a trusted domain.Perhaps some of the gurus will help you out,but theres also good doku in the samba faqs Regards Yep, that's how I have things setup. Well, I guess I'll keep searching or hopefully someone can shed some light on this. Thanks for your reply, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: winbind with ldap backend permissions
On Wed, 06.10.2004 Igor Belyi wrote: > Thorsten Scherf wrote: > > hi, > > > > I set up a winbindd with a ldap backend, here is the relevant part of my > > smb.conf: > > > > idmap backend = ldap:ldap://mail.rhel.homelinux.com > > ldap admin dn = cn=winbind,dc=example,dc=com > > ldap suffix = dc=example,dc=com > > ldap idmap suffix = ou=idmap > > > > On the ldap server I set up the ou=idmap and also permissions for > > cn=winbind to write into the ou=idmap: > > > > access to dn="(.),ou=idmap,dc=example,dc=com" > > by dn="cn=winbind,dc=example,dc=com" > > by * read > > Did you try to change your 'what' part of the access to: > > dn.subtree="ou=idmap,dc=example,dc=com" this works fine. but what is the difference to "dn=(.*),ou=idmap,dc=example,dc=com"? with my understanding of the ldap-access rules it should just be a performance issue, souldn't it?! cu, thorsten -- Thorsten Scherf <[EMAIL PROTECTED]> signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] logon scripts by group
I am having a hard time figuring out how to have logon scripts that only
execute if the user is a member of a certain group.
We got around a problem like that here initially by using the ifmember
tool, however that only returned the primary group, at the time that was
under 2.2.x.
To get around THAT problem I started writing pre-exec scripts attached
to the netlogon share. What I do is define this as netlogon:
[netlogon]
path = /opt/samba/share/netlogon
browseable = No
root preexec = /local/scripts/prelogon.pl '%U'
Which then generates a script for the user with their name that has the
commands that they need to run according to this global line:
logon script = %U.bat
In the script I do something like this:
$groups = `/usr/bin/groups $user`;
open (LOGON,">/opt/samba/share/netlogon/$user.bat");
if ( $groups =~ m/itadmin/ )
{
print LOGON "NET USE Q: fgoserv\\itadmin\r\n";
}
That's perl in case you aren't fluent, but I imagine you could use any
scripting language and probably do fun stuff like direct ldap queries if
that's where you store your posix data, but this works well for us.
things in postexec scripts? (things like "net use /d *")
I believe if you use the /persistant:no flag on your mounts then they
won't come back when you log back in, but I could be wrong. That won't
solve the problem of the users adding mapped drives that you don't
want. For that reason I delete the drives first elsewhere in the
script. The pre/post exec lines execute on the server, not the client,
so they need to be unix scripts/commands, not windows batch executables.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Information Systems Consultant Fax:701-281-1322
URL: www.ae-solutions.commailto: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust between two samba
Šopík Bronislav wrote: I have a problem with Samba: I want to make trust between two Samba domains. I have setup the trust on the DOMAINB server then on the Samba DOMAINA server "net rpc trustdom establish DOMAINB" I then get the following: Password: [entered password] Could not connect to server SERVERB[this is the PDC for the DOMAINB domain] Trust to domain DOMAINB established When I then try to logon to the DOMAINB domain from XP computers in DOMAINA domain, I always get a fail with bad password. Please can someone help me. Sopik Brona I wish I could offer something to try but I am obviously doing something wrong too because I have the same exact problem. I've checked faqs and mailings lists and even had other people email directly to see if I ever fixed it. So, just in case no one else replies, I just wanted to let you know you're not the only one with this problem. Thanks, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust between two samba
I have a problem with Samba: I want to make trust between two Samba domains. I have setup the trust on the DOMAINB server then on the Samba DOMAINA server "net rpc trustdom establish DOMAINB" I then get the following: Password: [entered password] Could not connect to server SERVERB[this is the PDC for the DOMAINB domain] Trust to domain DOMAINB established When I then try to logon to the DOMAINB domain from XP computers in DOMAINA domain, I always get a fail with bad password. Please can someone help me. Sopik Brona -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] logon scripts by group
Hi, I am having a hard time figuring out how to have logon scripts that only execute if the user is a member of a certain group. I had the smart idea of putting the supplemental logon script in a share only available to the group, and then calling it from the normal logon script using "CALL "path_to_script". However it looks like it always executes that CALL even if the user is not part of a group, and I don't want to confuse my users by the text that goes into the DOS window that pops up to run the logon scripts. Also, somehow I feel like there must be a better way to do this, some way to query Samba for group membership as the user logs in. Also, is there a such thing as a logoff script? Or do I need to put those things in postexec scripts? (things like "net use /d *") Thanks for your assistance to this non-Windows user! Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] winbind pam nsswitch question
Hey man, You only need to do the nsswitch stuff in order to accomplish what you described. The pam stuff is for logging in to the unix box with an AD account, the nss stuff is necessary for the enumeration of the AD accounts + groups. So you need winbindd + libnss_winbind.so + changes to nsswitch.conf Hope this helped. Thanks, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Adams Sent: 06 October 2004 05:26 PM To: [EMAIL PROTECTED] Subject: [Samba] winbind pam nsswitch question I am setting up a Samba 3.0.6 ADS member server, configured like this: Windows 2000 ADS Server Samba 3.0.6 ADS members server (Solaris 9) is a member of ADS domain Windows XP clients are members of ADS domain, require access to Samba shares on Solaris server. I'm trying to make it so that I don't have to maintain a usermap to map all of the users or groups in the ADS domain on the Solaris server. I think I still need winbindd running in order for Samba to be able to enumerate the users and groups on the ADS server, but I'm confused as to which parts of the tutorials to follow. I don't want the ADS accounts to be able to log in to the Solaris server, I just want them to be able to map drives. I also don't want to have files that the ADS accounts access to have user or group ownership based on their ADS accounts... I'd like to force all the ADS users to a single Solaris account. From looking at the tutorials, I'm thinking that I'll use Unix directory permissions to achieve that instead of "force user" in smb.conf. Here are my questions: 1. The By Example document talks about adding winbind to /etc/nsswitch.conf and putting libnss_winbind.so in my /usr/lib directory. Is this required for the situation described above, or is this only required if you want to be able to log into the Solaris server using an ADS account and password? 2. The Official Howto talks about adding pam_smbpass.so and/or pam_winbind.so entries to /etc/pam.conf. Again, is this required for the situation described above, or is this only required for logging into Unix with ADS accounts? Thanks for any info... Greg Adams -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] random errors "the local drive name is already in use. This connection has not been restored."
(Sorry for the first incomplete answer, here is the long version) Thanks for your suggestions. Unfortunately, my warning messages do not happen at login time. They happen during the use of the share, and in most cases the persistent option was not set. I have checked the "idle time before disconnecting" option in the security settings: it is set to 0, as recommended on some Windows help sites.. I have checked MS known problems, and found a few ones which are supposed to be fixed in Windows 2000 SP 3. Something strange is that they mention the same error message with the "device" word instead of "drive". Other problems refer to anti-virus tools, e.g. VirusScan: I have it but do not think it is involved, because I have a version number higher that the one which is supposed to fix the bug, and I have disabled the scan of network drives, and test PC do not have it. My current conclusion is that the error message is just an alias for the "normal" disconnection popup. So I just have to find why I get disconnections... Would you be aware of temporary disconnection caused by network timeouts ? And were to tune the timers ? I could not find any parameter at Windows level. Best Regards, Yves Lejeune. > "Hamish" <[EMAIL PROTECTED]> wrote: > > I had the same problem with XP. > Modifying the login script to delete the mapping first was the only cure I found. > > and just recently I found Service Pack 2 fixes this in XP! > > I don't know how the other OSs might be affected. > > Steve > Gerald Bird <[EMAIL PROTECTED]>@INTERNET wrote: > > I have had this problem unrelated to samba. I believe it is in the login scripts. Perhaps you are using the "net use /persistent" switch when you do no need to? > > Regards, > Brad Otto <[EMAIL PROTECTED]> wrote: > I think this is possibly a windows problem, I have had the same error in > high usage workgroup situations with win2000. There is a relatively > simple fix, I think if you search MS for the error message it is there. > H > > Brad Otto wrote: > > >Try using: > > > >net use * /delete /yes > > > >Before mapping any drives in the login script. This will clear any drives > >already mapped. I do this in my login script to get rid of the drives that > >XP/2k will sometimes hold on to and not let go on reboot. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind pam nsswitch question
I am setting up a Samba 3.0.6 ADS member server, configured like this: Windows 2000 ADS Server Samba 3.0.6 ADS members server (Solaris 9) is a member of ADS domain Windows XP clients are members of ADS domain, require access to Samba shares on Solaris server. I'm trying to make it so that I don't have to maintain a usermap to map all of the users or groups in the ADS domain on the Solaris server. I think I still need winbindd running in order for Samba to be able to enumerate the users and groups on the ADS server, but I'm confused as to which parts of the tutorials to follow. I don't want the ADS accounts to be able to log in to the Solaris server, I just want them to be able to map drives. I also don't want to have files that the ADS accounts access to have user or group ownership based on their ADS accounts... I'd like to force all the ADS users to a single Solaris account. From looking at the tutorials, I'm thinking that I'll use Unix directory permissions to achieve that instead of "force user" in smb.conf. Here are my questions: 1. The By Example document talks about adding winbind to /etc/nsswitch.conf and putting libnss_winbind.so in my /usr/lib directory. Is this required for the situation described above, or is this only required if you want to be able to log into the Solaris server using an ADS account and password? 2. The Official Howto talks about adding pam_smbpass.so and/or pam_winbind.so entries to /etc/pam.conf. Again, is this required for the situation described above, or is this only required for logging into Unix with ADS accounts? Thanks for any info... Greg Adams -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbmount and UTF-8 characters
> Russell Packer > Sent: 05 October 2004 09:37 > To: [EMAIL PROTECTED] > Subject: RE: [Samba] smbmount and UTF-8 characters > > > Hello list! > > > > I have a Slackware 10 system and a Microsoft Windows 2000 system. > > > > On the Windows 2000 system are lots of files with extended characters > - > > like (tm), (r) and characters with umlauts. > > > > I used the "localedef" command and set LC_ALL=en_US.UTF8. > > > > I am running KDE and in the Konqueror browser I can use smb:// to > > connect to a share on the Windows system. All extended characters > > display as expected. > > > > If I use the "smbmount" command to mount these shares, and then use > > Konqueror to browse to "/mnt/projects" I can not longer see the > > extended characters. > > > > An example of one of the many variants of smbmount I have used: > > > > smbmount //systemx/projects /mnt/projects/ -o > > username=**,password=**,workgroup=,codepage=cp850, > >iocharset=utf8 > > > > The filesystem for /mnt/projects is reiserfs, which I understand > > supports utf8 just fine, though I have not used any explicit mount > > options. > > > > Can anybody guide me towards the magic that will make this work? If it > > makes any difference, I am trying to mount many shares for the purpose > > of using "s-tar" to archive old files. > > > > Many thanks, > > Also, is what I am asking actually possible? OK. Finally got it! Looks like it isn't possible using smbmount. For future searchers, here is what I did: 1. Upgraded to Linux 2.6.7 kernel: installpkg kernel-generic-2.6.7-i486-1.tgz (with the modules and headers. Handily Patrick's config includes CIFS support, which is what is needed here). 2. Popped into /boot and ran: mkinitrd -c -k 2.6.7 -m reiserfs 3. Modified /etc/lilo.conf to boot 2.6: image = /boot/vmlinuz-generic-2.6.7 initrd = /boot/initrd.gz root = /dev/hdb3 label = Linux-2.6 read-only 4. Rebooted into 2.6 5. Mounted the new fileshare using: mount -t cifs //server/share //mnt/mountpoint -o dom=DOMAIN,user=USERNAME,password=PASSWORD Et voila! Filenames that work! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getpeername failed. Error was Transport endpoint is not connected
It trying port 430 and 455? Why?? Palavras de Fernando Ribeiro [Tue, Oct 05, 2004 at 01:45:26PM -0300]: > Hi all, > > I'm using slackware 10, running samba-3.0.7, OpenLDAP-2.2.17 with ssl, > tls and sasl2. > > > While i trying include a workstation windows xp in the samba domain it > return this: > > [2004/10/05 12:51:25, 0] lib/util_sock.c:send_smb(647) > Error writing 4 bytes to client. -1. (Connection reset by peer) > [2004/10/05 12:51:26, 0] lib/util_sock.c:get_peer_addr(1000) > getpeername failed. Error was Transport endpoint is not connected > [2004/10/05 12:51:26, 0] lib/util_sock.c:write_socket_data(430) > write_socket_data: write failure. Error = Connection reset by peer > [2004/10/05 12:51:26, 0] lib/util_sock.c:write_socket(455) > write_socket: Error writing 4 bytes to socket 22: ERRNO = Connection > reset by peer > [2004/10/05 12:51:26, 0] lib/util_sock.c:send_smb(647) > Error writing 4 bytes to client. -1. (Connection reset by peer) > > Anyone know why? > > My configuration has been in > http://www.nerdgroup.org/doc/samba+ldap+qmail.txt > > Thanks > > -- > Fernando Ribeiro - GPG-KEY: 0x8D7255F4 > Linux Counter: #273768 - ICQ: 175630330 > Linux Professional Institute - LPIC-1 > Death the graph! Death the mouse! > Death patents! Death closed standards! > http://www.nerdgroup.org > http://musb.nerdgroup.org > -- > "Grandes mentes discutem idéias; > Mentes medianas discutem eventos; > Mentes pequenas discutem pessoas." > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- Fernando Ribeiro - GPG-KEY: 0x8D7255F4 Linux Counter: #273768 - ICQ: 175630330 Linux Professional Institute - LPIC-1 Death the graph! Death the mouse! Death patents! Death closed standards! http://www.nerdgroup.org http://musb.nerdgroup.org -- "Grandes mentes discutem idéias; Mentes medianas discutem eventos; Mentes pequenas discutem pessoas." -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind with ldap backend permissions
Thorsten Scherf wrote: hi, I set up a winbindd with a ldap backend, here is the relevant part of my smb.conf: idmap backend = ldap:ldap://mail.rhel.homelinux.com ldap admin dn = cn=winbind,dc=example,dc=com ldap suffix = dc=example,dc=com ldap idmap suffix = ou=idmap On the ldap server I set up the ou=idmap and also permissions for cn=winbind to write into the ou=idmap: access to dn="(.),ou=idmap,dc=example,dc=com" by dn="cn=winbind,dc=example,dc=com" by * read Did you try to change your 'what' part of the access to: dn.subtree="ou=idmap,dc=example,dc=com" Igor when trying a "getent passwd" on the client I get the following error messages on the ldap-server: Oct 6 13:02:49 mail slapd[21955]: conn=2 op=22 SEARCH RESULT tag=101 err=0 text= Oct 6 13:02:49 mail slapd[21955]: conn=2 op=23 MOD dn="cn=IdPool,ou=Idmap,dc=example,dc=com" Oct 6 13:02:49 mail slapd[21955]: conn=2 op=23 RESULT tag=103 err=0 text= Oct 6 13:02:49 mail slapd[21955]: conn=2 op=24 ADD dn="SAMBASID=S-1-5-32-546,OU=IDMAP,DC=EXAMPLE,DC=COM" Oct 6 13:02:49 mail slapd[21955]: conn=2 op=24 RESULT tag=105 err=50 text=no write access to parent Oct 6 13:02:49 mail slapd[21955]: conn=2 op=25 SRCH base="ou=idmap,dc=example,dc=com" scope=2 filter="(&(objectClass=sambaIdmapEntry)(sambaSID=S-1-5-32-547))" so, seems that winbind have no write access on the PARENT! if I give him write access on dc=example,dc=com everything works just fine and the sid/uid/gib-mapping works wonderful. but why is winbind needing access on the parent and not just on the ou-container where the id-mapping happens, ou=idmap? can anybody explain that to me?! thanks and greetings, thorsten -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust between two samba
I have a problem with Samba: I want to make trust between two Samba domains. I have setup the trust on the DOMAINB server then on the Samba DOMAINA server "net rpc trustdom establish DOMAINB" I then get the following: Password: [entered password] Could not connect to server SERVERB[this is the PDC for the DOMAINB domain] Trust to domain DOMAINB established When I then try to logon to the DOMAINB domain from XP computers in DOMAINA domain, I always get a fail with bad password. Please can someone help me. Sopik Brona -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Point'n'Print: adddriver / WERR_ACCESS_DENIED
Now, that you have a valid printer admin account - it should work. Unfortunatly Samba returns ACCESS_DENIED for several reasons which have nothing to do with access rights. Wrong accounts or passwords result in a "result was DOS code 0x0013" message. The only case, I could provoke this error message was, when not all files were in the W32X86 directory. Are the names really ok? My driver files are names "cupsui5.dll, cups5.hlp and cupsdrv5.dll". Perhaps you have newer or older ones? The ppd file has to be in the W32X86 dir, too. And please check the linux permissions of the driver files. Bye, Martin On Tuesday 05 October 2004 10:40, Philip Maurer wrote: > Tried doing that, no dice - same error message! However, I noticed that > the "New Driver" button is not grayed out anymore - I get "Access > Denied" when trying to update the driver via that method as well. I > tried chmodding drivers dir 777, still access denied... > > Regards, > Philip > > Martin Zielinski wrote: > >Hello Philip, > > > >try putting the "printer admin" parameter into the global section. > >It's a global parameter that cannot be used "per share". > > > >Greetings, > >Martin > > > >On Monday 04 October 2004 16:00, Philip Maurer wrote: > >>Dear list, > >> > >>This problem has been bugging me for days now, I've got Cups version > >>1.1.21 and Samba 3.0.7 installed and working. There is a single > >>Laserjet 4100 attached to the network, printing via Cups or Cups/Samba > >>works fine. > >> > >>The problems are with getting Point'n'Print to work. I've been scouring > >>the net, archived posts of this list, read the official Samba manual, to > >>no avail. The problem is always the same; I can successfully copy the > >>drivers into the W32X86 directory using e.g. smbclient, but issuing the > >>adddriver command via rpcclient > >> > >>rpcclient newserver -N -U'root%**' -c 'adddriver "Windows NT x86" > >>"printer:cupsdrvr.dll:printer.ppd:cupsui.dll:cups.hlp:NULL:RAW:NULL"' > >> > >>Always returns: result was WERR_ACCESS_DENIED > >> > >>I've tried using the GUI method but when I get to the Advanced tab the > >>'New Driver' button is grayed out. > >> > >>Best regards, > >> Philip > >> > >>Here's my smb.conf: > >>---[snip]- > >>[global] > >># Replace MYWORKGROUPNAME with your workgroup/domain > >>workgroup = NOVASOFT > >># Of course this has no REAL purpose other than letting > >># everyone know its not Windows! > >># %v prints the version of Samba we are using. > >>server string = Samba Server %v > >># We are going to use cups, so we are going to put it in here ;-) > >>load printers = yes > >>printing = cups > >>printcap name = cups > >>use client driver = no > >># We want a log file and we do not want it to get bigger than 50kb. > >>log file = /var/log/samba/log.%m > >>max log size = 50 > >># We are going to set some options for our interfaces... > >>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > >># This is a good idea, what we are doing is binding the > >># samba server to our local network. > >># For example, if eth0 is our local network device > >>interfaces = lo eth0 > >>bind interfaces only = yes > >># Now we are going to specify who we allow, we are afterall > >># very security conscience, since this configuration does > >># not use passwords! > >>hosts allow = 127.0.0.1 195.163.190.192/27 > >>hosts deny = 0.0.0.0/0 > >># Other options for this are USER, DOMAIN, ADS, and SERVER > >># The default is user > >>security = user > >># No passwords, so we're going to use a guest account! > >>guest account = samba > >>guest ok = yes > >> > >># We now will implement the on access virus scanner. > >># NOTE: By putting this in our [Global] section, we enable > >># scanning of ALL shares, you could optionally move > >># these to a specific share and only scan it. > >> > >># For Samba 3.x > >>vfs object = vscan-clamav > >>vscan-clamav: config-file = /etc/samba/vscan-clamav.conf > >> > >># Now we setup our print drivers information! > >>[print$] > >>comment = Printer Drivers > >># this path holds the driver structure > >>path = /etc/samba/drivers > >>guest ok = yes > >>browseable = yes > >>read only = yes > >># Modify this to "username,root" if you don't want root to > >># be the only printer admin) > >>write list = maph,root > >> > >>[HP_Laserjet_4100] > >>comment = HP LaserJet Network Printer > >>printable = yes > >>path = /var/spool/samba > >>public = yes > >>guest ok = yes > >>guest account = samba > >>printer admin = maph,root > >> > >># Now we setup our printers share. This should be > >># browseable, printable, public. > >>[printers] > >>comment = All Printers > >>path = /var/spool/samba > >>browseable = no > >>public = yes > >>guest ok = yes > >>writeable = no > >>printable = yes > >>printer admin = maph,root -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsu
Re: [Samba] Samba + ldap pdc and SUS
Kristyan Osborne wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone of you guys ever tried a setup like this? Yes. Use NT policy editor. I have attached the policy file I use for SUS updates. That's nice, thank you a lot. The only disadvantage of this approach is that I have to manually walk to every user's desk and import the adm file on every client... If it would be possible to do it remotely (or, even better, automatically at the moment the user first logs into the domain) it would be a dream... :-) Does anyone has an idea on how to do that? Use policy editor to create a NTCONFIG.pol file and place it in your netlogon folder. Exact instruction for doing this are in the Samba-Howto PDF. Mmm... it seems perfect. Thanks a lot again. I'll ive it a try Bye... Mattia -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] random errors "the local drive name is already in use. This connection has not been restored."
Thanks for your suggestions. Unfortunately, my warning messages do not happen at login time. > "Hamish" <[EMAIL PROTECTED]> wrote: > > I had the same problem with XP. > Modifying the login script to delete the mapping first was the only cure I found. > > and just recently I found Service Pack 2 fixes this in XP! > > I don't know how the other OSs might be affected. > > Steve > Gerald Bird <[EMAIL PROTECTED]>@INTERNET wrote: > > I have had this problem unrelated to samba. I believe it is in the login scripts. Perhaps you are using the "net use /persistent" switch when you do no need to? > > Regards, > Brad Otto <[EMAIL PROTECTED]> wrote: > I think this is possibly a windows problem, I have had the same error in > high usage workgroup situations with win2000. There is a relatively > simple fix, I think if you search MS for the error message it is there. > H > > Brad Otto wrote: > > >Try using: > > > >net use * /delete /yes > > > >Before mapping any drives in the login script. This will clear any drives > >already mapped. I do this in my login script to get rid of the drives that > >XP/2k will sometimes hold on to and not let go on reboot. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + ldap pdc and SUS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >>>Has anyone of you guys ever tried a setup like this? >> >> Yes. Use NT policy editor. I have attached the policy file I use for SUS updates. >That's nice, thank you a lot. >The only disadvantage of this approach is that I have to manually walk >to every user's desk and import the adm file on every client... >If it would be possible to do it remotely (or, even better, >automatically at the moment the user first logs into the domain) it >would be a dream... :-) >Does anyone has an idea on how to do that? Use policy editor to create a NTCONFIG.pol file and place it in your netlogon folder. Exact instruction for doing this are in the Samba-Howto PDF. Cheers - - Kristyan Osborne - IT Technician Longhill High School 01273 391672 / 304086 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) iD8DBQFBY/HUqrr+KdRYU5gRAguSAJ9wYzjp2Fj1Mr1H2u3JxL4TTPRz0QCeMzwr 1vTYr+gYLvI6pKSM9tkj/mc= =bebr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + ldap pdc and SUS
Kristyan Osborne wrote: Has anyone of you guys ever tried a setup like this? Yes. Use NT policy editor. I have attached the policy file I use for SUS updates. That's nice, thank you a lot. The only disadvantage of this approach is that I have to manually walk to every user's desk and import the adm file on every client... If it would be possible to do it remotely (or, even better, automatically at the moment the user first logs into the domain) it would be a dream... :-) Does anyone has an idea on how to do that? Bye... Mattia -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Accessing Windows Roaming Profiles
Hi there. I'm doing a project based on a live cd fro the final year of my college course. Basically it's a Knoppix clone, but my problem is as follows. Can I use Samba to access a users roaming profile on the Windows server, to say, store files on thier profile or access the Exchange server for email? Regards, etc, Donal Farrell -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.6 and OpenLDAP performance problem
Sep 27 15:01:09 umwsap11 slapd[16930]: conn=458 op=65 SRCH base="dc=XX Company,dc=pl" scope=2 filter="(&(uid=umwadd01)(objectClass=sambaSamAccount))" ldap suffix = dc=XX Company,dc=pl ldap group suffix = ou=groups ldap user suffix = ou=people ldap idmap suffix = ou=idmap,dc=XX Company,dc=pl ldap machine suffix = ou=machines These entries make me think you could probably speed things up a bit with a tighter search scope. It looks like you're searching the whole DIT every time since you've got your machine and user accounts split up. I'm assuming you also have nss configured to search dc=XX Company,dc=pl?sub. I'd suggest either merging the user and machine OUs or perhaps putting both of them in a container OU you can search in, rather than doing the whole LDAP tree. True, that won't solve the multiple searches problem, but it should help along the speed of the searches that it does do. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba v3 and mount -t smbfs ignores UID/GID
hi list, i have a big problem: i try to mount a samba v3 share from a client with mount -t smbfs //server/share /mnt -ousername=user,uid=0 but the mounted directory doesn´t set the uid of /mnt/* to 0 and leaves it to the uid of "user" this problem only occurs with libsmbclient-3.0.4-1.27 and samba 3.0.x (from SuSE 9.1) it doesn´t occur with libsmbclient3-2.99_3.0.0rc3-18 (from SuSE 9.0) and samba 3.0.x so i think the prob is on side of the client can anyone help me please? thankyou -- "Matrix - more than a vision" ** Michael Gasch - Central IT Department - Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Link exchange
Hello, We offer accommodation services and I thought you might be interested in link exchange. We provide several travel-related sites. All of them are page rank 6. If you are interested please contact us. If you got this message in error please forward this mail to your webmaster. I look forward to hearing from you. Best Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help needed/.....
Can someone please explain to me what does numopen=a mean when "a" takes values of 0,1,2,3 etc?? In addition, can someone guide me in an online manual (or a pdf or something like that) for all those meanings and error codes that I get from time to time?? Thanx Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + ldap pdc and SUS
>Has anyone of you guys ever tried a setup like this? Yes. Use NT policy editor. I have attached the policy file I use for SUS updates. Cheers - Kristyan Osborne - IT Technician Longhill High School 01273 391672 / 304086 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + ldap pdc and SUS
Hi all, I'm here again ith a non-strictly samba related problem, but I hope someone in the list has already faced and perhaps solved it... I've got a 60 clients network (most Windows 200 and XP) organized in a domain. The pdc and bdc run on Fedora 2 + samba 3.0.7-2.FC2 + openldap-2.1.29-1, and everything works fine. To limit the use of internet bandwidth I installed a Windows 2003 server acting as SUS (Software Update Services) server (for those who don't know it... it's something similar to an internal Windows Update server) The problem is I can't configure the clients to point to the new server instead of the official Windows Update servers. If the domain would have been Windows-based I would have done it with a group policy, but I have no possibility to do it with Samba. I've tried to remotely modify the registry keys on the clients, but with no success (the change requires also a local policy change, not just a registry key change, and I don't know how to do it remotely). Has anyone of you guys ever tried a setup like this? Sorry if I'm a little bit OT... Thanks! Bye... Mattia -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind with ldap backend permissions
hi, I set up a winbindd with a ldap backend, here is the relevant part of my smb.conf: idmap backend = ldap:ldap://mail.rhel.homelinux.com ldap admin dn = cn=winbind,dc=example,dc=com ldap suffix = dc=example,dc=com ldap idmap suffix = ou=idmap On the ldap server I set up the ou=idmap and also permissions for cn=winbind to write into the ou=idmap: access to dn="(.),ou=idmap,dc=example,dc=com" by dn="cn=winbind,dc=example,dc=com" by * read when trying a "getent passwd" on the client I get the following error messages on the ldap-server: Oct 6 13:02:49 mail slapd[21955]: conn=2 op=22 SEARCH RESULT tag=101 err=0 text= Oct 6 13:02:49 mail slapd[21955]: conn=2 op=23 MOD dn="cn=IdPool,ou=Idmap,dc=example,dc=com" Oct 6 13:02:49 mail slapd[21955]: conn=2 op=23 RESULT tag=103 err=0 text= Oct 6 13:02:49 mail slapd[21955]: conn=2 op=24 ADD dn="SAMBASID=S-1-5-32-546,OU=IDMAP,DC=EXAMPLE,DC=COM" Oct 6 13:02:49 mail slapd[21955]: conn=2 op=24 RESULT tag=105 err=50 text=no write access to parent Oct 6 13:02:49 mail slapd[21955]: conn=2 op=25 SRCH base="ou=idmap,dc=example,dc=com" scope=2 filter="(&(objectClass=sambaIdmapEntry)(sambaSID=S-1-5-32-547))" so, seems that winbind have no write access on the PARENT! if I give him write access on dc=example,dc=com everything works just fine and the sid/uid/gib-mapping works wonderful. but why is winbind needing access on the parent and not just on the ou-container where the id-mapping happens, ou=idmap? can anybody explain that to me?! thanks and greetings, thorsten -- Thorsten Scherf <[EMAIL PROTECTED]> signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb_proc_readdir_long error
Hi guys/girls, How are you ? I'm running "Linux 2.4.22 SMP" with Samba-3.0.4 and pick up the following message in my syslog when accessing a mounted NT4 share: kernel: smb_proc_readdir_long: name=\OLAP Services\Data\GreatPlains\*, result=-13, rcls=1, err=5 Any ideas what this is ? Your assistance is greatly appreciated. Many thanks. Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind with ldap backend permissions
hi, I set up a winbindd with a ldap backend, here is the relevant part of my smb.conf: idmap backend = ldap:ldap://mail.rhel.homelinux.com ldap admin dn = cn=winbind,dc=example,dc=com ldap suffix = dc=example,dc=com ldap idmap suffix = ou=idmap On the ldap server I set up the ou=idmap and also permissions for cn=winbind to write into the ou=idmap: access to dn="(.),ou=idmap,dc=example,dc=com" by dn="cn=winbind,dc=example,dc=com" by * read when trying a "getent passwd" on the client I get the following error messages on the ldap-server: Oct 6 13:02:49 mail slapd[21955]: conn=2 op=22 SEARCH RESULT tag=101 err=0 text= Oct 6 13:02:49 mail slapd[21955]: conn=2 op=23 MOD dn="cn=IdPool,ou=Idmap,dc=example,dc=com" Oct 6 13:02:49 mail slapd[21955]: conn=2 op=23 RESULT tag=103 err=0 text= Oct 6 13:02:49 mail slapd[21955]: conn=2 op=24 ADD dn="SAMBASID=S-1-5-32-546,OU=IDMAP,DC=EXAMPLE,DC=COM" Oct 6 13:02:49 mail slapd[21955]: conn=2 op=24 RESULT tag=105 err=50 text=no write access to parent Oct 6 13:02:49 mail slapd[21955]: conn=2 op=25 SRCH base="ou=idmap,dc=example,dc=com" scope=2 filter="(&(objectClass=sambaIdmapEntry)(sambaSID=S-1-5-32-547))" so, seems that winbind have no write access on the PARENT! if I give him write access on dc=example,dc=com everything works just fine and the sid/uid/gib-mapping works wonderful. but why is winbind needing access on the parent and not just on the ou-container where the id-mapping happens, ou=idmap? can anybody explain that to me?! thanks and greetings, thorsten -- Thorsten Scherf <[EMAIL PROTECTED]> signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.6 and OpenLDAP performance problem
Hello, I'm running Samba 3.0.6 PDC with OpenLDAP 2.1.25 backend on a Linux machine with RedHat 3.0 ES installed. This is a large installation with separate Samba BDC and 2 file servers. The BDC server uses a replica LDAP server, working as slave for the master LDAP server installed at PDC. The number of domain accounts is about 1850 and at the moment about 500 machines are added to the Samba domain. The number of machines increased slowly since April and for the last few weeks we observed large delays during the domain logons. The logon process for some Windows machines takes as much as 10-20 minutes (!) For most of the users these times are of course unacceptable. Most of the users start their work and logon to the domain between 7:30-8:30 AM. Within these hours the load of the PDC server sometimes exceeds 100-120. About 90% of the CPU time is utilized by slapd. The PDC/BDC machines are HP DL-380 server with single Xeon CPU 2.80GHz, 2,5 GB of RAM, no swap and with Gigabit Ethernet interface. When I turned on the high debug level for both Samba and OpenLDAP daemons and the problem is that during the processing of the logon script Samba orders the LDAP backend to perform multiple searches for all the domain users and repeats it 3 or 4 times. This gives about 8-9 _thousand_ of full LDAP directory searches for single logon session! The small part of slapd debug file follows: Sep 27 15:01:09 umwsap11 slapd[16930]: conn=458 op=65 SRCH base="dc=XX Company,dc=pl" scope=2 filter="(&(uid=umwadd01)(objectClass=sambaSamAccount))" Sep 27 15:01:09 umwsap11 slapd[16930]: conn=458 op=65 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 27 15:01:09 umwsap11 slapd[16930]: conn=458 op=66 SRCH base="dc=XX Company,dc=pl" scope=2 filter="(&(uid=umwadd02)(objectClass=sambaSamAccount))" Sep 27 15:01:09 umwsap11 slapd[16930]: conn=458 op=66 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 27 15:01:09 umwsap11 slapd[16930]: conn=458 op=67 SRCH base="dc=XX Company,dc=pl" scope=2 filter="(&(uid=umwadd03)(objectClass=sambaSamAccount))" Sep 27 15:01:09 umwsap11 slapd[16930]: conn=458 op=67 SEARCH RESULT tag=101 err=0 nentries=1 text= ... and so on, for some reason every user must be found in LDAP several times. All these searches are performed during the logon script processing. Since many of our users are still using Win98 workstations, the system "hangs" for them for several minutes with empty screen and only a logon script window open. What's more confusing, for some of the domain users only about 60 LDAP searches are performed and they are able to log on to the domain in a few seconds. I tried to compare their exported ldif data with users which experience the delays, but there's nothing exceptional, only their names, UIDs and SIDs are different. The problem does not depend on the operating system of the workstation - we've tested Win98, NT, W2000 and XP systems. It seems to be rather user-centric. I tried to increase OpenLDAP and nscd performance by setting the thread number up to 256 and increasing the cache size, but this gives only a small improvement. The indexes in slapd.conf are defined as described in the Samba docs: index default sub index objectClass eq index uidNumber,gidNumber eq index memberUid eq index cn,sn,uid,displayName pres,sub,eq index mail,givennameeq,subinitial index nisMapName,nisMapEntryeq,pres,sub index homeDirectory,sambaLogonScripteq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq sizelimit -1 cachesize 10 dbcachesize 1500 threads 256 We have BDC server configured as the second logon server, but for some reason only small number of workstation chooses this server as logon server. Perhaps I should increase the "os level" for the BDC from 33 to 255, as it is configured for the PDC? The smb.conf of the PDC server follows: [global] workgroup = XXCOMP security = user server string = XX Company - PDC passdb backend = ldapsam:ldap://127.0.0.1 idmap backend = ldap:ldap://127.0.0.1 idmap uid = 4-5 idmap gid = 4-5 log level = 1 log file = /var/log/samba/log.%m max log size = 500 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 logon path = logon drive = K: logon home = \\fileserv02\homes\%U #logon script = %U.bat domain logons = Yes os level = 255 local master = Yes preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap suffix = dc=XX Company,dc=pl ldap group suf
[Samba] Ms SMS installation with a samba 3 PDC
Hi, I would like to know if someone already managed to successfully install and use MS SMS on a network controlled by a samba3 PDC ? Is there any workaround available, even non-official ? My problem is that when i give SMS a network username (admin) it says the PDC may be down, or the user doesn't have the rights needed for the installation and management of the network. Arnauld -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Possible solution to "Access Denied"
I have been using Windows synchronize with Samba to allow me to work offline from my Linux box. Just recently, (I do not believe anything has changed but you can never tell what IS may have done), it stopped working with an error similar to the following (reported in http://www.mail-archive.com/[EMAIL PROTECTED]/msg45272.html). Offline Files (\\server\user on server): Access to 'file.txt' is denied on \\server\user\my_folder. After a little fruitless googling for a solution I turned on debug logging (in SMBD) and found the following messages. [2004/10/06 10:39:00, 2] smbd/posix_acls.c:set_canon_ace_list(1776) set_canon_ace_list: conn->vfs_ops.sys_acl_set_file failed for file dir1/8000B143 (Operation not supported). [2004/10/06 10:39:00, 3] smbd/posix_acls.c:set_nt_acl(2285) set_nt_acl: failed to set file acl on file dir1/8000B143 (Operation not supported). [2004/10/06 10:39:00, 2] smbd/close.c:close_normal_file(213) anon closed file dir1/8000B143 (numopen=0) [2004/10/06 10:39:00, 5] smbd/files.c:file_free(346) freed files structure 4514 (0 used) [2004/10/06 10:39:00, 3] smbd/error.c:error_packet(94) error string = Operation not supported Some more googling indicated that there was a problem with ACL support in samba when working with Win2K and a possible solution (http://www.spinics.net/lists/samba/msg13778.html) was to disable it. I then added the following to all my shares. nt acl support = no Kicked samba (kill -1) so it would pick up the changes, resynchronized and lo and behold it worked. Hope this helps. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain trusts (Again)
Doug Curtis schrieb: I hope someone can answer this since my other emails have gone unanswered. I am using Samba 3.0.7 on both machines and am using LDAP. I believe that the trusts are working but I am still having a slight problem. I guess we'll use DOM1 and DOM2 for the domain names. DOM2 is trusting DOM1. If a DOM1 user tries to locally login to a DOM1 computer, it gives a "System could not log you on." error. I noticed in the logs that it is trying to create a user with the same name but it is getting this error: "Error: modifications require authentication at /usr/local/sbin///smbldap_tools.pm line 885, line 283." If I manually create a user in DOM1 with the same username, it will then let the user in DOM2 login. Is this how the trust is supposed to work? The user has to have a posix account in both domains? Also, if a user is logged into DOM1 and browses to the DOM2 server, the DOM2 server automatically creates a posix account for that user, thus letting that person login locally to DOM2 from then on. It seems as though it is able to create the posix account it needs when browsing but not when a user tries to login locally for the first time. I hope this makes some sense to someone. Thanks, Doug I guess yor trust is not working in the right way so , the pdc tries to create a temp account with ldap tools ( which fails ) If you have 2 domains with different ldap servers , every domain must have her own complete accounts cause they acting as complete different system , as far i know the trust is only handeled by hashes through the pdcs and given to the clients longing that hash that there is now a trusted domain.Perhaps some of the gurus will help you out,but theres also good doku in the samba faqs Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.7-1_rh9 - where do I get swat to go with the new release
We need to upgrade from samba2.2 in order to support xp clients. I downloaded and installed samba-3.0.7-1_rh9.i386.rpm but found that I had disable samba-swat. I used synaptic to try to update it but found only the current 2.2 release (same for samba-client and samba-common. I did notice that samba-3.0.7-1.i386.rpm with matching samba-client, samba-swat and samba-common were available for download for fedora. Can I use these for redhat9? The samba for rh9 is 21Mb whereas the fedora version is only 14Mb. What is the difference and when will the rh9 versions be available. Peter Lawrie - ALL-NEW Yahoo! Messenger - all new features - even more fun! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon scripts
Spike Burkhardt schrieb: All, If I want to specify a logon script, does security need to be set to Domain? The issue is that we have authentication at the PDC/BDC so that our VPN users can map drives on their home PC's. Is there a different way to do a logon script other than setting the SECURITY = DOMAIN? I am running 2.2.8a (planning on 2.2.12) on Solaris 8. Thanks for your help. spike Hi, dint plan on version 2.2.8a use samba version tree 3, if samba is pdc security = user is right study samba faqs Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SuSE 9.1 Pro
Hi Chuck, yast is a usefull tool, but not very usefull for configure samba your smb log tells the truth the failure can be seen there try recreate the user Regards Chuck Chauvin schrieb: Actually the user is a domain user. And, as I stated in my example, I setup a brand new user in Linux and Samba with even worse results. As far as my conf file goes, I moved the original smb.conf and recreated this one using YaST. -- Chuck Chauvin Network Administrator [EMAIL PROTECTED] -- Original Message --- From: rruegner <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Tue, 05 Oct 2004 20:28:26 +0200 Subject: Re: [Samba] SuSE 9.1 Pro ---8<---snip!--- Hi Chuck now i think it is clear that your firewall is not envolved anyway disable it until you fetch the bug. at a short look User bagginsadmin has Primary Group SID S-1-5-32- > 544, > which conflicts with the domain sid S-1-5-21-2763611909- 969304523- > 3334035465. > Failing operation. your user is not a domain user, your smb.conf is very small for a pdc but should be enough, as your samba does logs no blocking by a firewall is done in my suse setup i have passdb backend = smbpasswd:/etc/samba/smbpasswd check if the user is exist /etc/passwd and create him with smbpasswd -a user This should help you out , but i recommend to read more on samba faq and suse example conf as well, cause your missing very usefull parameters in your conf Regards --- End of Original Message --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Poor linux client performance (comparing to XP)
I heard (read) about the socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 line that resolves some problems. No, TCP_NODELAY is the standard setting for quite a while and setting the buffers to 8K makes them smaller on most systems. And doesn't help. smbfs is slow. And there is nothing someone can do about it. At least to my knowledge. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Poor linux client performance (comparing to XP)
Kevin Wheatley a écrit : Holger Krull wrote: Is there any patch (official/unofficial) available to fix this issue? None that i know about. You could try using mount.cifs. Arent there any changes needed for the samba server, just use other mount options? No changes on the server side. Just use mount -t cifs if you have that in kernel or as module. large readwrite = yes From smb.conf man page: This parameter determines whether or not smbd supports the new 64k streaming read and write varient SMB requests introduced with Windows 2000. Note that due to Windows 2000 client redirector bugs this requires Samba to be running on a 64-bit capable operating system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with Windows 2000 clients. Defaults to off. Not as tested as some other Samba code paths. May help. Kevin Hello, I heard (read) about the socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 line that resolves some problems. Maybe could it solve yours. sam -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Poor linux client performance (comparing to XP)
Kevin Wheatley schrieb: No changes on the server side. Just use mount -t cifs if you have that in kernel or as module. large readwrite = yes From smb.conf man page: This parameter determines whether or not smbd supports the new 64k streaming read and write varient SMB requests introduced with Windows 2000. Note that due to performance by 10% with Windows 2000 clients. Defaults to off. Not as tested as some other Samba code paths. May help. Don't think so, this is a parameter for the server, the smbfs client does not use this. And large readwrite = yes became the standard setting in recent smbd versions anyway. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow Directory listing
DA Forsyth wrote: > it might be looking for icons for each program in the listing. > somewhere else you said there are 32000 files, is that all in one > folder? seems a really large number to me, I'd split it up a bit. In my world that's only about '22 minutes' worth of data (often out of over 200 minutes), and that means its not always possible to break it up. You may also want to look at the hashing function for name mangling, depending on the clients requirement turning off the mangling all together. Disabling 8.3 name generation in NTFS can speed it up for instance Kevin -- | Kevin Wheatley, Cinesite (Europe) Ltd | Nobody thinks this | | Senior Technology | My employer for certain | | And Network Systems Architect | Not even myself | -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Poor linux client performance (comparing to XP)
Holger Krull wrote: > >>>Is there any patch (official/unofficial) available to fix this issue? > >> > >>None that i know about. You could try using mount.cifs. > > > > Arent there any changes needed for the samba server, just use other mount options? > > No changes on the server side. Just use mount -t cifs if you have that > in kernel or as module. large readwrite = yes >From smb.conf man page: This parameter determines whether or not smbd supports the new 64k streaming read and write varient SMB requests introduced with Windows 2000. Note that due to Windows 2000 client redirector bugs this requires Samba to be running on a 64-bit capable operating system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with Windows 2000 clients. Defaults to off. Not as tested as some other Samba code paths. May help. Kevin -- | Kevin Wheatley, Cinesite (Europe) Ltd | Nobody thinks this | | Senior Technology | My employer for certain | | And Network Systems Architect | Not even myself | -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-2.2.8a-220 and OSX
Gunther Grelczak wrote: We have a samba-2.2.8a-220 Server. The server works still fine with several clients (W9x, W2k, WXP and smbmounts via Linux). But now I have to connect an Apple OSX and now I have one problem. From OSX I can connect to the shares, browse the file listing. But when a file is copied into a share, the file is on the destination with 0 (zero) Bytes filesize. The linux uid and gid are correctly set, according to the parameters from smb.conf. This phenomen occurs only with MacOSX. What happens there ??? BTW: I habe also a test server with Samba 3 and there is no problem to connect and upload files. But I cannot change the samba 2 Server now. You may want to take a look at http://marc.theaimsgroup.com/?l=netatalk&w=2&r=1&s=File+Compatibility There are a 'number of issues' if you let OS X store stuff on an SMB (or any non-AFP) server - thanks Apple ! As to your problem, check the permissions on the parent of the folder you are trying to write to, and to the root of the share. The Mac generally requires write priviledge to additional locations in order to save file/folder/volume metadata. In some cases (such as creating the Network trash), you need write access at the share root so it can create the trash folder, but then you can remove write access. Do you get any errors BTW ? If it was a permissions error then I would expect to get errors on the client. Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mac OS X winbind on Samba domain
Jim Potter wrote: Has anyone managed to get a Mac (OS X I'm using) to authenticate to a Samba/NT domain? I've been playing with this all day, and am not getting very far - smbd, nmbd and winbind (3.0.2) all run fine, I can see the domain, can connect individually to windows shares, wbinfo shows users (and groups, I assume), but there's no hints as far as what the equivalent to nsswitch.conf (there's no libnss_winbind.so, or /etc/nsswitch.conf). I was hoping to set them up similarly to adding Linux clients, as domain members with automount or something. OS X looks enough like linux to be comfortable, but not enough like it for me to be able to get it to work. I believe the answer is (probably) a combination of LDAP and OpenDirectory (Apples centralised admin system) - though I'm not at all sure which bits are OS X Server only and which are avialable in the desktop version. You can find manuals at http://docs.info.apple.com/article.html?artnum=107912. If you look in the OpenDirectory admin guide you will find some fairly detailed stuff on what a Mac will look for in a directory services server (OpenDirectory is basically an LDAP schema) which should help you work out what you want. Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba server as NT4 domain member- security=domain - needto create password db manually?
Hi, Looks like you are missing the password server = domain_controller_name Directive in the [global] section. Thanks, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Moorhouse Sent: 06 October 2004 12:24 AM To: [EMAIL PROTECTED] Subject: [Samba] samba server as NT4 domain member- security=domain - needto create password db manually? # Global parameters [global] workgroup = MYDOMAIN server string = Samba Server %v on %L security = DOMAIN log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap local master = No dns proxy = No wins server = MYWINSERVER idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [domain_user] comment = My Private Share path = /home/samba/domain_username valid users = domain_username read only = No guest ok = Yes [public] path = /home/samba/public valid users = domain_user read only = No [data] comment = Data Drive path = /home/samba/data read only = No volume = Sample-Data-Drive Hi I want to set up a samba domain-member server with shares for office users. I can see the samba server on the NT/Win2000 network. I can access the [data] share above - as it requires no authentication. The public and domain_user shares both ask for a username and password when I try to open them from a windows machine. As I am using our NT4 domain controller for user authentication I shouldnt have to use encrypted files and create each samba user with smbpasswd should I? Thats the point of telling samba I want to use 'domain' isnt it? If I do wbinfo -u and wbinfo -g on the samba server I see a list of the groups and useraccounts. Can someone tell me what I am missing from smb.conf? Do I need some password backend in samba. Thanks for any help R. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.773 / Virus Database: 520 - Release Date: 05/10/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Odd make error
Im building Samba 3.0.7 on Solaris 8. Using Forte 6 Update 2 and GNU make 3.80. gmake runs fine until it failes at nsswitch/libnss_wins.so. Running gmake again won't help. SUN make manages to get the job done. Anyone seen this before? Compiling lib/secace.c with -KPIC Compiling lib/secacl.c with -KPIC Compiling lib/dummysmbd.c with -KPIC Compiling libads/kerberos.c with -KPIC "libads/kerberos.c", line 84: warning: argument #4 is incompatible with prototype: prototype: pointer to char : "/opt/krb5/include/krb5.h", line 2471 argument : pointer to const char Compiling libads/ads_status.c with -KPIC Linking nsswitch/libnss_wins.so ld: fatal: file dynconfig.po.o: cannot open file: No such file or directory ld: fatal: file lib/version.po.o: cannot open file: No such file or directory ld: fatal: File processing errors. No output written to nsswitch/libnss_wins.so gmake: *** [nsswitch/libnss_wins.so] Error 1 [EMAIL PROTECTED] /export/samba-3.0.7/source#gmake Using FLAGS = -O -I./popt -Iinclude -I/export/samba-3.0.7/source/include -I/export/samba-3.0.7/source/ubiqx -I/export/samba-3.0.7/source/smbwrapper -I. -I/opt/krb5/include -I/opt/gnu/include -I/opt/Openldap/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/export/samba-3.0.7/source LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -ldl -liconv LDSHFLAGS = -G -O -L/opt/krb5/lib -L/opt/Openldap/lib -L/opt/gnu/lib -R/opt/gnu/lib -R/opt/Openldap/lib -R/opt/krb5/lib LDFLAGS = -L/opt/krb5/lib -L/opt/Openldap/lib -L/opt/gnu/lib -R/opt/gnu/lib -R/opt/Openldap/lib -R/opt/krb5/lib Compiling dynconfig.po.c with -KPIC Compiling lib/version.po.c with -KPIC Linking nsswitch/libnss_wins.so ld: fatal: file dynconfig.po.o: cannot open file: No such file or directory ld: fatal: file lib/version.po.o: cannot open file: No such file or directory ld: fatal: File processing errors. No output written to nsswitch/libnss_wins.so gmake: *** [nsswitch/libnss_wins.so] Error 1 [EMAIL PROTECTED] /export/samba-3.0.7/source#make Using FLAGS = -O -I./popt -Iinclude -I/export/samba-3.0.7/source/include -I/export/samba-3.0.7/source/ubiqx -I/export/samba-3.0.7/source/smbwrapper -I. -I/opt/krb5/include -I/opt/gnu/include -I/opt/Openldap/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/export/samba-3.0.7/source LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -ldl -liconv LDSHFLAGS = -G -O -L/opt/krb5/lib -L/opt/Openldap/lib -L/opt/gnu/lib -R/opt/gnu/lib -R/opt/Openldap/lib -R/opt/krb5/lib LDFLAGS = -L/opt/krb5/lib -L/opt/Openldap/lib -L/opt/gnu/lib -R/opt/gnu/lib -R/opt/Openldap/lib -R/opt/krb5/lib Compiling dynconfig.c with -KPIC Compiling lib/version.c with -KPIC Linking nsswitch/libnss_wins.so Compiling libsmb/libsmbclient.c with -KPIC Compiling libsmb/libsmb_compat.c with -KPIC Compiling libsmb/libsmb_cache.c with -KPIC Compiling rpc_client/cli_lsarpc.c with -KPIC Compiling rpc_client/cli_samr.c with -KPIC "rpc_client/cli_samr.c", line 1453: warning: argument #1 is incompatible with prototype: prototype: pointer to char : "include/proto.h", line 2195 argument : pointer to unsigned char "rpc_client/cli_samr.c", line 1462: warning: argument #1 is incompatible with prototype: prototype: pointer to char : "include/proto.h", line 2195 argument : pointer to unsigned char "rpc_client/cli_samr.c", line 1478: warning: argument #4 is incompatible with prototype: prototype: pointer to const char : "include/proto.h", line 5070 argument : pointer to unsigned char "rpc_client/cli_samr.c", line 1478: warning: argument #6 is incompatible with prototype: prototype: pointer to const char : "include/proto.h", line 5070 argument : pointer to unsigned char Compiling rpc_client/cli_netlogon.c with -KPIC Tommy Fallsen System Administrator Kongsberg Defence & Aerospace +47 930 57 326 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] "Text file busy" inconsistent problem with newly created files: bug?
I have noticed an inconsistency with the behavior of linux smbfs mounting a remote win2k server while a file is open for writing: 1) If a linux process opens a file that /doesn't exist/ on the win2k server, while the file is open, other machines trying to read the file give the usual 'Text file is busy' (linux) or 'file is in use by another process' (windows). 2) However, if a linux process opens a file that /does/ exist, other machines can read the file just fine while it is open, both linux and windows print the file's contents just fine. It seems like a bug; why should it matter if the file exists or not? If intentional, how can a unix program (or mount flags?) control opening the windows file in such a way that the file is /always/ readable by other machines, without ever giving 'text file busy' errors. Basically, I need behavior #2 above consistently. VERSIONS Client is Redhat 9.0, running the default samba 2.2.7a-6. The file server is Windows 2000. I was able to confirm this behavior at a separate location, where they are running redhat 9.0 with the latest Samba 3.x.x installed, and I think they have a Windows 2003 server. REPLICATION --- The problem is replicated in the following screen history, using a 'ping' command to hold the file open while other machines try to read its log output. Note that the *second* run of the 'ping' command is readable by the other machines, while the first is not. 'win2k' is the remote win2k file server. 'linux1' is the local linux machine, win2k mounted as /win2k/c 'linux2' is the remote linux machine, win2k mounted as /win2k/c - snip [EMAIL PROTECTED] $ grep smbfs /etc/fstab<-- SHOW HOW LOCALHOST MOUNTS THE WIN2K SERVER //win2k/c /win2k/c smbfs noauto,uid=500,gid=500,dmask=775,fmask=775 0 0 [EMAIL PROTECTED] $ mount | grep win2k <-- SHOW MOUNT //win2k/c on /win2k/c type smbfs (0) [EMAIL PROTECTED] $ rm /win2k/c/foo.log <-- MAKE SURE LOG FILE DOESNT EXIST [EMAIL PROTECTED] $ ping localhost >& /win2k/c/foo.log & <-- REDIRECT A 'SLOW' PROGRAM TO LOG [1] 5778 [EMAIL PROTECTED] $ rsh linux2 cat /win2k/c/foo.log <-- REMOTE LINUX CAN'T READ FILE cat: /win2k/c/foo.log: Text file busy [EMAIL PROTECTED] $ rsh win2k 'type c:\foo.log' <-- WIN2K SERVER CAN'T READ FILE The process cannot access the file because it is being used by another process. [EMAIL PROTECTED] $ kill %% <-- KILL THE PROCESS, CLOSING LOG [1] + Terminatedping localhost >& /win2k/c/foo.log [EMAIL PROTECTED] $ ls -la /win2k/c/foo.log <-- VERIFY LOG FILE NOW EXISTS -rwxrwxr-x1 foo foo14534 Oct 5 23:26 /win2k/c/foo.log [EMAIL PROTECTED] $ ping localhost >& /win2k/c/foo.log & <-- RUN *SAME* COMMAND AGAIN [1] 6397 <-- (Only difference: file exists) [EMAIL PROTECTED] $ rsh linux2 cat /win2k/c/foo.log <-- REMOTE LINUX READS OK PING localhost.erco.x (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.erco.x (127.0.0.1): icmp_seq=1 ttl=64 time=0.030 ms 64 bytes from localhost.erco.x (127.0.0.1): icmp_seq=2 ttl=64 time=0.030 ms 64 bytes from localhost.erco.x (127.0.0.1): icmp_seq=3 ttl=64 time=0.035 ms [..] [EMAIL PROTECTED] $ rsh win2k 'type c:\foo.log' <-- WIN2K SERVER READS OK PING localhost.erco.x (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.erco.x (127.0.0.1): icmp_seq=1 ttl=64 time=0.030 ms 64 bytes from localhost.erco.x (127.0.0.1): icmp_seq=2 ttl=64 time=0.030 ms 64 bytes from localhost.erco.x (127.0.0.1): icmp_seq=3 ttl=64 time=0.035 ms [..] - snip -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
