[Samba] Bad lockout attempt recorded twice
All, I built and installed 3.0.7. I am trying to finalize my setup by limiting the user to 3 failed logon attempts. I used: ./pdbedit -P bad lockout attempt -C 3 This works fine for all users EXCEPT for the user with a matching Windows user name. In other words, if my windows user name is 'bender' and my samba user name is 'bender' the number of Bad logon attempts will continue to increment as other accounts logon's fail. Example: I logon to my Windows box as 'bender' I also have the samba users 'bob', 'chuck' and 'bender'. If I Map a Share as bob and mess up twice (or once) and then successfully logon, the 'Bad password count' for 'bob' will correctly be 0, but for bender it will be 2. If I logon as 'chuck' and mess up once - 'bender' is now locked out!! Not only that, all the shares on my samba server are locked out to EVERYONE until I either remove user 'bender' or ./pdbedit -z -c='[]' bender I included smb.conf below although I doubt this matters much. Thanks for any help! Bender # Global parameters [global] netbios name = SAMBA min passwd length = 8 passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat debug = Yes log level = 2 load printers = No show add printer wizard = No logon script = notice.bat os level = 35 preferred master = No ldap ssl = no winbind use default domain = Yes directory security mask = 0700 hosts allow = XX.XX.XX.XX/255.255.252.0, locahost [some_dir] comment = XXX path = /usr/local/ read only = No create mask = 0765 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] account on winXP system unable to access workgroup
no PDC, setup login account with same name and passwd on Desktop as on the server (used smbpasswd -a - to add passwd) Did you create a regular Unix account and password for the XP User with useradd?? Also, I always make the Unix password and smbpasswd the same to allow password sync to work. -- David C. Rankin, J.D., P.E. Rankin * Bertin, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankin-bertin.com -- - Original Message - From: bill eight [EMAIL PROTECTED] To: sambalist [EMAIL PROTECTED] Sent: Monday, October 11, 2004 4:56 PM Subject: [Samba] account on winXP system unable to access workgroup Hi Please Help... Adding winXP pro user into Samba 2.2.12, no PDC, setup login account with same name and passwd on Desktop as on the server (used smbpasswd -a - to add passwd) following the guide www.faqs.org/docs/samba/ch03.html trouble - Can't access the server MP samba looks like it is running from the trouble shooting I have done... smbstatus returns the following on the test user.. [EMAIL PROTECTED] init.d]# smbstatus [..] data test samba14342 mp16 (192.168.10.116) Mon Oct 11 15:22:59 2004 thanks r -- other details -- [EMAIL PROTECTED] data]# echo hello | telnet localhost 139 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. [EMAIL PROTECTED] data]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [printers] Processing section [data] Processing section [acctng] Loaded services file OK. Press enter to see a dump of your service definitions [..] [EMAIL PROTECTED] init.d]# smbstatus Samba version 2.2.12 Service uid gid pid machine -- data mp002samba14342 mp16 (192.168.10.116) Mon Oct 11 12:42:01 2004 data mp001samba14090 mep-0001 (192.168.10.21) Mon Oct 11 15:43:43 2004 data test samba14342 mp16 (192.168.10.116) Mon Oct 11 15:22:59 2004 acctng mp001samba14090 mep-0001 (192.168.10.21) Mon Oct 11 12:19:36 2004 No locked files [EMAIL PROTECTED] init.d]# ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Two Questions concerning samba - file access times - two instances on one server
Hi, -| -| Da wäre dann noch von Interesse was sich den sonst noch -| unterscheidet, -| 1. Dateisystem -| 2. Filelocking -| 3. Ist dos filetime gesetzt? -| -| Wurde mit dem gleichen Client getestet? -| Bei 3.0.7 wie unterschiedlich sind die Zeiten denn? i compared the share options and applied an additional share option to the 3.0.7 box. It was: nt acl support = yes and now it works... Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers Sales Central Europe Deutschland Professional Service Organisation Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Two Questions concerning samba - file access times - two instances on one server
Hello, -| -Original Message- -| From: Holger Krull [mailto:[EMAIL PROTECTED] -| Sent: Tuesday, October 12, 2004 9:57 AM -| To: Laurenz, Dirk -| Subject: Re: [Samba] Two Questions concerning samba - file -| access times - two instances on one server -| -| -| a file. If i access a file on a samba share, -| the access time will be modified correctly, -| but if i resave a file, the create time is -| also changed although i would expect that only -| the change time will be modified. -| -| That's because most applications (all MS Office apps) -| create a new file, -| delete the old one and rename the new one. The in reality -| it is a new -| file, therefore new create time. -| MS Servers cache the old attributes for some while, and -| reapply them, -| samba does not. on another box (in this case 3.0.4) this happens not. on the other (3.0.7) times won't be set correctly... Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers Sales Central Europe Deutschland Professional Service Organisation Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2 log files for the same client workstation accessing a Samba sha re
Hi, I am using Samba 3.0.7. Why is there a log filename with the IP address and another one with the machine name in the samba/var directory? For example : log.10.x.x.x. log.machine_name_at_10.x.x.x Note: I deleted all logs before restarting Samba and connecting to a share. Both log files are created at about the same time. Is this a normal Samba behavior? Regards, Marcello -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Installing Samba
Okay, well I've either really offended someone or I'm trying use Samba in a way that it wasn't intended and no one wants to say so. I apologize will try to find assistance elsewhere. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Ex-PDC always loosing sync with new samba PDC
Hi All, I´ve migrated my Win NT4 PDC to a samba 3.0.7 with ldap backend. In all the 22 city´s I made this, the old PDC just let me connect on it if I go on srvmgr and ask it to syncronize wiht the PDC. After that I can open its shares normally. After a while the Win BDC starts again asking for username and password. Note that I´m using the same SID of the NT server on the Samba server. Anyone no how to solve this issue? Thank´s Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot receive files from server 3.0.7 to W2K
Hello, My problem is the following : I have a Debian (testing distribution) on which I used to have Samba server v3.0.2a it worked perfectly with my other machine which is running Windows 2000. I recently made a global packages update on my Debian machine, which apparently changed the Samba server to 3.0.7 Since then, I have been absolutely unable to retrieve files from the debian server to the Windows client. This is the detailed operation : I map \\mydebianserver\myshare to a local drive on my W2K, that works great I can browse all subdirectories from myshare. that works great too I can create files on myshare from W2K, and even write in the files. However, when I try to copy a file from myshare to any Windows directory, the file appears on the W directory... as if it was done correctly, but as soon as I try to open it, it says it cannot open, the file disappears from the directory, and the mapping crashes with an error saying that windows cannot access the share anymore. With further investigation, it seems that if the file appeared on Windows, it is just because the place was reserved for the copy, but no bytes were actually copied, as the samba server crashes immediately when I try to retrieve data from the server. One other strange thing that I met through my tests is : I have retrieved a MS Word file from the server by the same copy-paste method described below, and I opened it . It seemed to have altered the file, and added unreadable data at the beginning of the Word file. some at the beginning of this data, I can notice the word SMB Thanks for any help. I have to confess that i'm a bit lost ... Have a nice day. Aymeric -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Is it possible to specify read only by netgroup for hostname entries?
I'm not seeing any way to do this in any of the documentation, but... We have NFS shares that are equivalent to our SAMBA shares and the NFS server can be set to share rw to one netgroup of machines and ro to another netgroup of machines (our lab machines). Is there any way to do that in SAMBA? It seems that hosts allow can specify a netgroup of machines, but there does not seem to be any way to specify a read list or something like that for machines, only for user names or netgroups of usernames. Any chance I'm missing something that could make this work? Thanks very much. -- David Pullman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot receive files from server 3.0.7 to W2K
Standard Debian Response, third time this day. Try adding use sendfile = no to global section. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Access rights for one user only?
I currently have samba-2.2.7-3.7.3 running on a Redhat 7.3 machine. I have a share setup called Share1 and within this share are numerous directories which are accessible by all authenticated Windows NT server clients. My question is: I have one user out of 100 employees that should be able to access some of the directories within Share1 but NOT other directories. Is there a way to limit access to certain directories within this public Share and allow for access to other directories within this public share? If so please provide a descriptive answer. I'm under the impression I could create a group with all 99 employees and chgrp the directories only they can access (thus denying access to the one employee) but this seems like an administrative nightmare. I realize I could deny access to this public share using this employees' host name but is there a smb.conf entry in the share definition secton that would allow access to other directories in the share? Or am I totally on the wrong track? Thank You -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba setup with Winbind connecting to NT4 PDC - Login is now Slow...
Hi Guys, I've reverted back to a image and tried this multiple time and I cannot figure out what I'm doing wrong. I installed Samba right now i'm using ver 3.07 but 3.04 did the same thing for me... This is what I basically do... - Install samba - Install winbind - Turn both on at boot - configure my smb.conf file and test : wbinfo -g wbinfo -u getent passwd etc all work great - Reboot the machine and it is SLOW... takes about 2 min before the KDE login box comes up, once that happens everything goes through and it's back to normal. Thoughts? Here is my files that I work with... --- SMB.CONF # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE # Date: 2004-09-16 [global] workgroup = MYDOMAIN printing = cups printcap name = cups printcap cache time = 750 cups options = raw printer admin = @ntadmin, root, administrator username map = /etc/samba/smbusers map to guest = Bad User ###include = /etc/samba/dhcp.conf #logon path = \\%L\profiles\.msprofile #logon home = \\%L\%U\.9xprofile #logon drive = P: # My additions... security = DOMAIN encrypt passwords = yes password server = PDC BDC obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = PWS BWS dns proxy = no netbios name = MACHINE log level = 1 winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 15 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash winbind use default domain = yes name resolve order = wins lmhosts host bcast [pdf] comment = PDF creator path = /var/tmp printable = Yes print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z create mask = 0600 [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 [Public] comment = Public Folder path = /data/Public writable = yes [NetworkAccess] writable = yes path = /data/NetworkAccess write list = @domain+TestLinuxGroup force group = ntadmin force user = root comment = Network Share for Writability... create mode = 0660 directory mode = 0770 [tmp] comment = Temporary File Space path = /data/tmp read only = no public = yes - NSSSWITCH.CONV - # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # compat Use compatibility setup # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the /var/db databases # [NOTFOUND=return] Stop searching if not found so far # # For more information, please read the nsswitch.conf.5 manual page. # # passwd: files nis # shadow: files nis # group: files nis passwd: compat winbind group: compat winbind hosts: files dns networks: files dns services: files protocols: files rpc:files ethers:files netmasks: files netgroup: files publickey:files bootparams: files automount: files nis aliases:files -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] for XP client do I need to have a machine account
Hi, Ok - win95 systems were on Samba 2.2.x Now, added XP pro systems... added user account on XP desktop AND on samba/linux server and did a smbpasswd -a c:\net use \\ipaddr\share /user:user works .. but on the XP system (logged in as that user) I CAN't see the network, even doing an add network places.. (I get no error.. ) question - DO I need to put info about the XP machine into the samba server? thanks b ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Setting up a server
Good day Please can you help me on this. I want to set up a server on this PC using the Samba. This is what i want to do. have about 4 other computers connect to the server. Now i need to install sooftware from this server on all the other windows computers. So i dont need to keep doing one at a time. I also want to install Windows on some computers through this server. I dont have a clue how to start. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Photoshop Disk Full error, a linux filesystem NOT Samba issue
Hi, which filesystems do you use? What are the mount options? Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers Sales Central Europe Deutschland Professional Service Organisation Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of ip.guy -| Sent: Thursday, October 14, 2004 5:59 AM -| To: [EMAIL PROTECTED] -| Subject: [Samba] Photoshop Disk Full error,a linux -| filesystem NOT Samba issue -| -| Hi all. -| -| Thought you would all be interested to know that i, like -| many others, am -| experiencing issues with Samba and Photoshop 7.0. -| -| The problem is specific to Photoshop 7.0 when saving files -| to a Samba -| share via a W2k/XP OS. -| -| Users experience a disk full error when saving from -| Photoshop but have -| no issues copying/moving etc files to/from the share outside of PS. -| -| Well, after some testing, the problem as been narrowed down -| to a Linux -| filesystem issue, well at lest this is my current thinking. -| -| To explain. -| --- -| We have 2 x 2TB Dell Powervault arrays, both identically -| formatted and -| mounted on the same Dell PowerEdge server, no issues. -| -| If i create a share on /dev/sdb, Photoshop will not save to -| that share, -| disk full error -| -| If i create a share on /dev/sdc, no problems. -| -| In both cases, the options for the shares are identical -| (apart from the -| share name, blah1/blah2, and pathing information) -| -| Well, that's where I'm at at the moment, further -| investigation pending. -| -| -ipguy -| -- -| To unsubscribe from this list go to the following URL and read the -| instructions: http://lists.samba.org/mailman/listinfo/samba -| -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Photoshop Disk Full error, a linux filesystem NOT Samba issue
Le jeudi 14 Octobre 2004 05:59, ip.guy a écrit : Hi all. Hi Thought you would all be interested to know that i, like many others, am experiencing issues with Samba and Photoshop 7.0. The problem is specific to Photoshop 7.0 when saving files to a Samba share via a W2k/XP OS. Users experience a disk full error when saving from Photoshop but have no issues copying/moving etc files to/from the share outside of PS. max disk size (G) This option allows you to put an upper limit on the apparent size of disks. If you set this option to 100 then all shares will appear to be not larger than 100 MB in size. I had the same problem on a 1,6T share, putting a fake limit of 10G solved my problem. Pierre -- --- Colos pédophiles --- Autrefois, avant de partir en vacances, nos parents nous donnaient de la crème contre le soleil. Aujourd'hui, ils nous donnent de la vaseline pour le cul. +-- Brèves Charlie Hebdo n°259 (04/06/97) --+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Photoshop Disk Full error, a linux filesystem NOT Samba issue
my smb.conf as requested. no, i'm not reporting a fixed disk size --- [global] netbios name = MYSERV-SAMBA netbios aliases = MYSERV-NPS workgroup = MYSERV_NET log level = 2 log file = /array/.samba-logs/samba.log.%U security = domain hosts allow = password server = MYSERV encrypt passwords = Yes wins server = server string = Samba File/Print Server winbind separator = + winbind cache time = 15 winbind uid = 1-2 winbind gid = 1-2 winbind enum users = Yes winbind enum groups = Yes socket options = TCP_NODELAY nt acl support = No directory mask = 770 strict allocate = Yes load printers = Yes printer admin = MYSERV_NET+fullaccess map archive = Yes interfaces = hide files = /~$*/~*/DesktopFolderDB/Thumbs.db/ veto files = /.recycle*/*.divx/.secure/*.mp3/*.eml/*.nws/riched20.dll/*.{*}/MSVXD.EXE/MSVXD16.DLL/MSVXD32.DLL/ invalid users = root in daemon adm lp sync shutdown halt mail news uucp operator games gopher ftp nobody rpm vcsa nscd sshd rpc rpcuser nfsnobody mailnull smmsp pcap apache xfs named ntp host msdfs = yes [distributed-fs] path = /export/dfsroot msdfs root = yes [print$] writeable = yes path = /array/samba/compiled-drivers browseable = No [homes] vfs options = /etc/samba/recycle.conf browseable = no writeable = Yes include = /etc/samba/%U.conf path = /array2/samba/homes/%U vfs object = /etc/samba/recycle.so preexec = /bin/mkdir /array2/samba/homes/%U force create mode = 770 create mask = 0770 comment = '(H:) Your Private Home Directory' [helpdesk] path = /array2/samba/helpdesk browseable = No writeable = Yes vfs object = /etc/samba/recycle.so vfs options = /etc/samba/recycle.conf valid users = MYSERV_NET+fullaccess read list = MYSERV_NET+fullaccess write list = MYSERV_NET+IT force group = MYSERV_NET+fullaccess create mask = 0770 force create mode = 770 [share] writeable = Yes path = /array/samba/share force group = MYSERV_NET+fullaccess force create mode = 770 create mask = 0770 valid users = MYSERV_NET+fullaccess write list = MYSERV_NET+fullaccess [share1] vfs options = /etc/samba/recycle.conf writeable = Yes path = /array/samba/share1 vfs object = /etc/samba/recycle.so force group = MYSERV_NET+share1 force create mode = 770 create mask = 0770 valid users = MYSERV_NET+share1 [share2] vfs options = /etc/samba/recycle.conf writeable = Yes path = /array/samba/share2 vfs object = /etc/samba/recycle.so force group = MYSERV_NET+share2 force create mode = 770 create mask = 0770 valid users = MYSERV_NET+share2 [share3] vfs options = /etc/samba/recycle.conf writeable = Yes path = /array/samba/share3 vfs object = /etc/samba/recycle.so force group = MYSERV_NET+fullaccess force create mode = 770 create mask = 0770 valid users = MYSERV_NET+fullaccess [share4] writeable = Yes path = /array/samba/share4 vfs object = /etc/samba/recycle.so vfs options = /etc/samba/recycle.conf force group = MYSERV_NET+fullaccess force create mode = 770 create mask = 0770 valid users = MYSERV_NET+fullaccess [share5] writeable = yes path = /array2/samba/share5 vfs object = /etc/samba/recycle.so vfs options = /etc/samba/recycle.conf force group = MYSERV_NET+fullaccess force create mode = 770 create mask = 0770 valid users = MYSERV_NET+fullaccess [graphics] vfs options = /etc/samba/recycle.conf writeable = Yes path = /array2/samba/graphics vfs object = /etc/samba/recycle.so force group = MYSERV_NET+graphics force create mode = 770 create mask = 0770 valid users = MYSERV_NET+graphics send an output of your smb.conf are you reporting a fixed disk size ? RP ip.guy wrote: Hi all. Thought you would all be interested to know that i, like many others, am experiencing issues with Samba and Photoshop 7.0. The problem is specific to Photoshop 7.0 when saving files to a Samba share via a W2k/XP OS. Users experience a disk full error when saving from Photoshop but have no issues copying/moving etc files to/from the share outside of PS. Well, after some testing, the problem as been narrowed down to a Linux filesystem issue, well at lest this is my current thinking. To explain. --- We have 2 x 2TB Dell Powervault arrays, both identically formatted and mounted on the same Dell PowerEdge server, no issues. If i create a share on /dev/sdb, Photoshop will not save to that share, disk full error If i create a share on /dev/sdc, no problems. In both cases,
Re: [Samba] Photoshop Disk Full error, a linux filesystem NOT Samba issue
Hi lists Just installed RHFC2 with Samba3.0.3-5. my problem is when I log on my windows98 logon script was run but it did not map my home directory and MS Office to my windows98 machine. Logon bat script has only this net use h: /home net use m: \\smbnfs\MS Office here is the output of my testparm # Global parameters [global] workgroup = BMCMNL server string = Samba Server log-on domain for win95 and win98 interfaces = 192.168.101.124/25 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap logon script = logon.bat logon path = \\%L\profiles\%U\%m logon home = \\%L\%U\.win_profile\%m domain logons = Yes dns proxy = No wins support = Yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 hosts allow = 192.168.101., 127. [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon browseable = No share modes = No [profiles] path = /home/profiles read only = No guest ok = Yes browseable = No root preexec = /bin/mkdir /home/profiles/%U; /bin/chown %U /home/profiles/%U; /bin/chmod 700 /home/profiles/%U [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [MS Office] comment = Microsoft Office 97 for all path = /mnt/win/Program Files/Microsoft Office/Office guest ok = Yes thanks drex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Setting up a server
Hi, there's a nice project called unattended on sourceforge for installing windows automaticly via linux. http://unattended.sourceforge.net/ Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers Sales Central Europe Deutschland Professional Service Organisation Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of Gerald -| Sent: Thursday, October 14, 2004 9:24 AM -| To: [EMAIL PROTECTED] -| Subject: [Samba] Setting up a server -| -| Good day -| -| Please can you help me on this. I want to set up a server -| on this PC using -| the Samba. This is what i want to do. have about 4 other -| computers connect -| to the server. Now i need to install sooftware from this -| server on all the -| other windows computers. So i dont need to keep doing one -| at a time. I also -| want to install Windows on some computers through this -| server. I dont have a -| clue how to start. -| -- -| To unsubscribe from this list go to the following URL and read the -| instructions: http://lists.samba.org/mailman/listinfo/samba -| -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Photoshop Disk Full error, a linux filesystem NOT Samba issue
Hi, do you think /home is right in Win Platform? Put the \\smbnfs\MS Office in like \\smbnfs\MS Office. I think Win98 doesn't like blanks and share names longer than eight characters Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers Sales Central Europe Deutschland Professional Service Organisation Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of Drexx -| Sent: Thursday, October 14, 2004 7:45 AM -| To: [EMAIL PROTECTED] -| Subject: Re: [Samba] Photoshop Disk Full error,a linux -| filesystem NOT Samba issue -| -| Hi lists -| Just installed RHFC2 with Samba3.0.3-5. my problem is when -| I log on my -| windows98 logon script was run but it did not map my home directory -| and MS Office to my windows98 machine. Logon bat script has -| only this -| net use h: /home -| net use m: \\smbnfs\MS Office -| -| here is the output of my testparm -| -| # Global parameters -| [global] -| workgroup = BMCMNL -| server string = Samba Server log-on domain for -| win95 and win98 -| interfaces = 192.168.101.124/25 -| log file = /var/log/samba/%m.log -| max log size = 50 -| socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 -| printcap name = /etc/printcap -| logon script = logon.bat -| logon path = \\%L\profiles\%U\%m -| logon home = \\%L\%U\.win_profile\%m -| domain logons = Yes -| dns proxy = No -| wins support = Yes -| idmap uid = 16777216-33554431 -| idmap gid = 16777216-33554431 -| hosts allow = 192.168.101., 127. -| -| [homes] -| comment = Home Directories -| read only = No -| browseable = No -| -| [netlogon] -| comment = Network Logon Service -| path = /home/netlogon -| browseable = No -| share modes = No -| -| [profiles] -| path = /home/profiles -| read only = No -| guest ok = Yes -| browseable = No -| root preexec = /bin/mkdir /home/profiles/%U; /bin/chown %U -| /home/profiles/%U; /bin/chmod 700 /home/profiles/%U -| -| [printers] -| comment = All Printers -| path = /var/spool/samba -| printable = Yes -| browseable = No -| -| [MS Office] -| comment = Microsoft Office 97 for all -| path = /mnt/win/Program Files/Microsoft Office/Office -| guest ok = Yes -| -| -| thanks -| drex -| -- -| To unsubscribe from this list go to the following URL and read the -| instructions: http://lists.samba.org/mailman/listinfo/samba -| -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba setup with Winbind connecting to NT4 PDC - Login isnow Slow...
Hi, -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of Eric Murray -| Sent: Thursday, October 14, 2004 12:20 AM -| To: [EMAIL PROTECTED] -| Subject: [Samba] Samba setup with Winbind connecting to NT4 -| PDC - Login isnow Slow... -| -| winbind enum users = yes -| winbind enum groups = yes remove those two... Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers Sales Central Europe Deutschland Professional Service Organisation Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba and photoshop
i'm having the same problem with my samba server and photoshop 7.0 strangely enought though, the problem only exists on one of the two mounted file systems (both identically formatted and mounted) [EMAIL PROTECTED] wrote: Hello all, I have a OSX server that is serving to an XP box via samba. When the user on the XP box tries to save a file out of photoshop, It errors out giving a delay write failure error. He can save local and then copy it to the same directory without a problem. If you open a different paint app ( or any app for that matter) on the XP box ( ex, paint or paint shop pro), it works fine. you can save files to the OSX server no problem, but if you open the exact file in photoshop and do a save as, it won't save. My hunch is that there is something photoshop is doing as it saves that samba doesn't like, maybe tring to save a temp cache file or something. I have tried the same action ( same file) with a totally different OSX server ( fresh install, with only afp and samba turned on) and XP box, with the exect same results. Has anyone ever seen this and maybe know a work around? Thanks Brent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba server stucking problem - Samba 3.x
Hello All, I have Samba 3.0 and 3.0.7 servers that have similar problem , the problem occures once a week ~aprox, all about 1 per minute samba server created smbd -D process with root ownership thats never die, the server stucks after about 200 such processes and I need to reboot it to release the stuck. There is someone knows why it happens Denis _ Brodsky Denis System Administrator, IT dept. Freescale Semiconductor, Inc. http://www.freescale.com www.freescale.com (972) 9 9522264 (972) 57 7788157 (Iden) (972) 9 958 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba server 3.0.7: Short read when getting file
I am running a Samba server on Debian testing. Each day, I run an automatic update via apt. Up until recently, the server was working fine; I am assuming that the update has upgraded to a non-working version. I can log onto the server using smbclient and browse the files, but when I issue a get command I get the Short read error message. If I use smbmount, things are worse: The directory mounts but I cannot browse it or unmount it. Accessing the directory from a Windows machine provides a similar effect to smbclient: I can browse the directories but accessing the files does not work. Has anybody experienced these problems or know a solution for them? Peter -- [EMAIL PROTECTED] http://www.cs.ucl.ac.uk/staff/P.Saffrey/ Beacon Project http://www.grid.ucl.ac.uk/biobeacon/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problem with samba, ldap and windows
hi, i have read that someone has similar problem to mines, however i didn't find how it solved them . The problem is this: samba as a PDC for a window domain. The authentication is managed with openldap. if i try to change the password of any ldap account with smbpassword i have no error. if i try to access to the shared folder of samba, with windows, it asks me for authentication and it all work. The only thing i'm not able to do is to manage the windows authentication through domain: when i try to join the domain using Administrator it says to me Can't find user but in samba log i have: [2004/10/13 11:27:45, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/13 11:27:45, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/13 11:27:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: Administrator [2004/10/13 11:27:45, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] - [Administrator] - [Administrator] succeeded [2004/10/13 11:27:46, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477) Returning domain sid for domain KOSAVUTU - S-1-5-21-1603302580-212172761-3240640930 [2004/10/13 11:27:46, 2] smbd/server.c:exit_server(571) Closing connections so Administrator is known, the authentication works, but in some way either samba or windows doesn't communicate well. Any hints ? i'm attaching my smb.conf, hoping it can help. Regards # # Sample configuration file for the Samba suite for Debian GNU/Linux. # # # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options most of which # are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentary and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command # testparm to check that you have not many any basic syntactic # errors. # #=== Global Settings === [global] ## Browsing/Identification ### workgroup = KOSAVUTU ;netbios name = PDC server string = %h server (Samba %v) syslog = 30 security = user null passwords = true encrypt passwords = true add user script = /usr/sbin/smbldap-useradd -m -a %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = logon.bat logon path = \\PDC\profiles\%g client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No min protocol = LANMAN2 time server = Yes server signing = auto local master = Yes os level = 40 domain logons = Yes preferred master = Yes domain master = Yes wins support = No wins server = 10.0.0.1 log file = /var/log/samba/samba.log.%m log level = 2 passdb:2 auth:2 winbind:2 admin users = root,Administrator passdb backend = ldapsam:ldap://127.0.0.1/ passwd program = /usr/sbin/smbldap-passwd -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *succesfully* passwd chat debug = Yes ldap suffix = dc=sferacarta,dc=com ldap machine suffix = ou=machines ldap user suffix = ou=people ldap group suffix = ou=groups ldap idmap suffix = ou=users ldap admin dn = cn=Manager,dc=sferacarta,dc=com ldap ssl = no ldap passwd sync = Yes ldap delete dn = Yes [netlogon] path = /etc/samba/netlogon locking = no browsable = no read only = yes [profiles] path = /etc/samba/profiles read only = no writeable = yes create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable force user = %U valid users = %U Domain Admins [homes] comment = Home Directories browseable = no writable = no create mask = 0700 directory mask = 0700 [kosovo] comment = kosovo browseable =
Re: [Samba] Timestamp problem
Hi When new files or copied files are putted in a Samba share (3.0.2 Solaris) from Win clients, it has no time stamp, only date stamp, example: -rwxr--r-- 1 me me 740762 Oct 11 2004 test.jpg This looks like an 'ls' command. Also, you have a slight misunderstanding of UNIX timestamps. Every file has a full time stamp with time and date. However, the 'ls' command shows the time stamp in one of two different ways:- either 'Mon DD ' or 'Mon DD HH:MM' It chooses the second form if the file has been modified within the last three months. It chooses the first form (with the year) if the file's modification time is not within the last three months. The important thing here is that when the time stamp on a file is _ahead_ of the current time, then the 'within the last three months' test fails. I'll bet that you file has a timestamp that's further ahead in time than the system clock of the server you ran the 'ls' command on. Here's a rough timeline ('the past' on the left, 'the future' on the right) +++N- 321o w |--| The number represent months. The lower line is the period for which 'ls' will display the 'Mon DD HH:MM' format. I think the timestamp on your file is to the right of 'Now'. There's various things you can do to check this. If your OS has a command 'stat' then that will show you all the timestamps in full detail. Or you can use the 'stat' function in perl maybe, or the stat(2) system call. Or, you can wait for a few hours, until the time on your server catches up with the timestamp on the file and then 'ls' will display what you're looking for. Remember all of this does not in any way affect the actual timestamp, just the way 'ls' presents it to you. The underlying problme is almost certainly one of time-syncing. Or TimeZone differences. Have a look at all of them. And have a look at the timestamp from a client machine too. Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] time server directive and synchronizing Win XP clients
Hi all! I have configured a Samba PDC (3.0.7) on a Fedora Core 2 machine with LDAP authentication (conform http://samba.idealx.org/smbldap-howto.en.html). I have about 180 Windows XP Pro clients using this PDC to log onto the domain, which works great! However I seem to have trouble synchronizing the time on the clients to the time on the server. The users (in group Domain Users) do not have permissions to change the time on the clients and therefore 'net time /set /yes' in the netlogon will result in an error, as will 'w32tm /sync'. According to an earlier post to this list I found on Google (http://groups.google.com/groups?q=+pdc+samba+%22time+server+%22hl=enlr=as_drrb=bas_mind=1as_minm=1as_miny=2004as_maxd=13as_maxm=10as_maxy=2004selm=1Fo2I-86r-5%40gated-at.bofh.itrnum=1) if the Win XP Pro clients are part of the domain (like in my case) they should automatically synch the time with the PDC if it runs a NTP service. This is exactly what I want, because in my opinion the time sych is something that is related to domain membership and not to domain logins (as with 'net time'). I have tried enabling an NTP service on the PDC and setting 'time server =yes' in smb.conf, but unfortunately the time on the clients still doesn't work. What am I missing here and could someone confirm behaviour described in above mentioned posting? If this is not the the is there another way to achieve what I want? I'd rather not manually grant Domain Users time setting priviledges on 180 clients. Thanks a lot! Jonathan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'credentials' file doesn't work - also observed by others
On Wed, Oct 13, 2004 at 04:10:23PM +1300, Michael Woodhams wrote: Background: Linux, Debian (Sarge). I want to auto-mount an smbfs at boot. smbmount version is 3.0.7-Debian. snip username=user/domain password=password Isn't the syntax --- user = fred password = * domain = bloggs --- Thats what I have in mine and it's working with win2k and samba servers. Yours Tony linux.conf.au http://linux.conf.au/ Apr 18-23 2005 The Australian Linux Technical Conference! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help Samba. More then 1 virtual samba servers.
Excuse for troubling. But neither in FAQ, nor in the documentation i have not found the answer to the question. How do i start on 1 computer it is more than 1 virtual Samba-servers? It is necessary for me that to everyone virtual VLAN-based interface corresponded a virtual SAMBA-server. It is thankful in advance, Vitaly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance Issues with GBit LAN
Dimitar Vassilev wrote: Read the links and adjust your values accordingly. I haven't been able to implement all options, but I have a similar problem on 10/100mbit net with a slack 10/2.6.8 kernel. The tips on netbios over tcp and computer browser were given me by my net admin. The rest I googled and wrote down. Hope it helps. Please tell how it works. Regards, Dimitar Vassilev I adjusted the settings, and i got a plus in performance of 1 MB so i get a download of 9-10 MB now. But not what i expected. Anyway: thanks for your help, it gave me a great insight in the configuration of the samba Server. If i should Cc: you in the following mails, please let me know. Regards, Steffen Timmermann Tom Hibbert wrote: Hi Steffen Looking at the configuration of the server PC, you have a Realtek network card and an unspecified RAID card on a P2 300. I'm guessing that the machine is based on an LX or BX chipset with PC66 or PC100 ram. I looked it up and it's an ASUS P2B-LS Motherboard with the 440BX Chipset. You have 66mhz bandwidth to play with in the PCI bus. You also have 66mhz FSB thanks to the PII 300 CPU. All the benchmarking you have done (both Iperf and hdparm) both test the two subsystems individually, not together. My initial guess is that your PCI bus and/or CPU cannot drive this system at its full potential. Look at the load average on the server during transfer. The average loads are 0.23, 0.22, 0.12 I don't know what it means exactly, but i get them out of top during transfer Secondly you are running Redhat 9 with a Realtek 8169. There were a number of issues with the stock Redhat 9 kernel versus a Realtek 8169, see here http://www.linuxquestions.org/questions/showthread.php?s=threadid=14975 1highlight=8169. In fact these users are reporting only 8-10mb throughput which is exactly what you are describing. I have tested the machine with Suse 8.2 before, but there's the same problem. Maybe because the Kernel version is almost the same? (2.4.20) My advice to you is to roll a custom kernel for your system I have once compiled a new kernel on another machine, but i'm not familiar with it. Please tell me the commands i have to run for this. (optimized for Pentium 2, raid and network drivers built into kernel instead of modules). At the Moment they're both modules [r8169.o (version 2.2 from realtek site) and the raidcontroller (which is an ITE 8212)] Then perform a proper hard disk benchmark using Bonnie++ so you know what the disks are truly capable of (hdparm -t doesn't cut it in this respect). I've done it. Here are the results: On /dev/sda: [EMAIL PROTECTED] bonnie]# ./Bonnie File './Bonnie.1938', size: 104857600 Writing with putc()...done Rewriting...done Writing intelligently...done Reading with getc()...done Reading intelligently...done Seeker 1...Seeker 2...Seeker 3...start 'em...done...done...done... ---Sequential Output ---Sequential Input-- --Random-- -Per Char- --Block--- -Rewrite-- -Per Char- --Block--- --Seeks--- MachineMB K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU /sec %CPU 100 2419 99.2 42898 85.5 58114 98.2 2378 99.5 154956 99.9 7765.2 99.0 [EMAIL PROTECTED] bonnie]# On /dev/sdb: [EMAIL PROTECTED] bonnie]# ./Bonnie File './Bonnie.1926', size: 104857600 Writing with putc()...done Rewriting...done Writing intelligently...done Reading with getc()...done Reading intelligently...done Seeker 1...Seeker 2...Seeker 3...start 'em...done...done...done... ---Sequential Output ---Sequential Input-- --Random-- -Per Char- --Block--- -Rewrite-- -Per Char- --Block--- --Seeks--- MachineMB K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU /sec %CPU 100 2259 99.6 27232 99.5 60478 93.3 2382 99.6 154711 101.2 7958.0 99.5 [EMAIL PROTECTED] bonnie]# As I see, there is almost 100% CPU Used when the Program reads/writes from/to the Harddisks. In this case, do you think upgrading the System to an 700 Mhz Celeron will bring more Performance? When I want to do so, i must ensure that the data on the RAID isn't lost while transferring the harddisks and the controller to the other PC, because it's too much to transfer on the 2nd PC. (By the Way: Do you know if the Data on the disks is lost when i transfer the raid out of the one machine into another?) Then I would compare the difference between throughput serving from both your SCSI disk (sda) and RAID array with the benchmark data given by bonnie++. This may reveal a CPU or FSB bottleneck. Good luck and thanks Tom Additional information about the System: This is the dmesg output: [EMAIL PROTECTED] root]# dmesg Linux version 2.4.20-8 ([EMAIL PROTECTED]) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #1 Thu Mar 13 17:54:28 EST 2003 BIOS-provided physical RAM map: BIOS-e820: - 0009f800 (usable) BIOS-e820: 0009f800 - 000a (reserved) BIOS-e820: 000f -
Re: [Samba] time server directive and synchronizing Win XP clients
Jonathan Salomon írta: Hi all! I have configured a Samba PDC (3.0.7) on a Fedora Core 2 machine with LDAP authentication (conform http://samba.idealx.org/smbldap-howto.en.html). I have about 180 Windows XP Pro clients using this PDC to log onto the domain, which works great! However I seem to have trouble synchronizing the time on the clients to the time on the server. The users (in group Domain Users) do not have permissions to change the time on the clients and therefore 'net time /set /yes' in the netlogon will result in an error, as will 'w32tm /sync'. According to an earlier post to this list I found on Google (http://groups.google.com/groups?q=+pdc+samba+%22time+server+%22hl=enlr=as_drrb=bas_mind=1as_minm=1as_miny=2004as_maxd=13as_maxm=10as_maxy=2004selm=1Fo2I-86r-5%40gated-at.bofh.itrnum=1) if the Win XP Pro clients are part of the domain (like in my case) they should automatically synch the time with the PDC if it runs a NTP service. This is exactly what I want, because in my opinion the time sych is something that is related to domain membership and not to domain logins (as with 'net time'). I have tried enabling an NTP service on the PDC and setting 'time server =yes' in smb.conf, but unfortunately the time on the clients still doesn't work. What am I missing here and could someone confirm behaviour described in above mentioned posting? If this is not the the is there another way to achieve what I want? I'd rather not manually grant Domain Users time setting priviledges on 180 clients. Thanks a lot! Jonathan This is true for an AD domain. But for an NT4 domain such as a Samba controled one is you have to set the time server for each of your workstations to the ip adress (or with a working DNS the ip name) of your NTP server. This way your XP machines would sync time automaticaly, and you wouldn't need time server =yes and net time //PDC /set /yes in logon script (only usefull for Windows 9x, or the quite strange case of all of your users beeing domain administrators). To set the timeserver on the XP machines we use the domain policy, with an adm file (attached) made by Andrew Bartlett. Good Luck! CLASS MACHINE CATEGORY !!Time POLICY !!NTPServer KEYNAME SYSTEM\CurrentControlSet\Services\W32Time\Parameters PART !!NTP_SERVER EDITTEXT VALUENAME NtpServer END PART PART !!SERVERTYPE EDITTEXT VALUENAME type END PART END POLICY END CATEGORY; Time [Strings] Time=Time Servers NTPServer=NTP Server NTP_SERVER=NTP Server address SERVERTYPE=Server Type (ntp) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba as gateway MIT kerberos
Volker Lendecke Volker.Lendecke at SerNet.DE writes: It's irrelevant whether you have kerberos enabled or not. The only thing to make Samba a gateway to AFS is the option --with-fake-kaserver=yes. Setting that enables Samba to act as a kaserver. Three things to be done for configuration: * You have to give Samba access to the AFS KeyFile. This might be a blocker for you security-wise, but being a kaserver depends on being able to create kerberos tickets. This is done via the command 'net afskey keyfile afs-cellname' Thanks very much for the replies. May i ask a few questions regarding the replies? sorry if the qustions are too obvious to some of you. I thought Samba could just act as a client and request tickets from the real Kerberos server, just like what the normal kerberos clients do? Does it work with Kerberos V? cos I read from some forums that it only works with Kerberos IV. Thanks again for your help. Warren -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] kerberos and/or winbind ??
Hi, I'm getting confused about the role that kerberos authentication plays. What exactly is the point of using kerberos to join a samba server to an AD domain? If using kerberos still requires you to rely on winbindd for all the nsswitch stuff then what is the point? I can just as easily specify workgroup = wkgrp security = domain and do a net join Instead of doing realm = wkgrp.krb.realm workgoup = wkgrp security = ADS and doing net ads join Are there performance benefits/better security...what?? I think that maybe my understanding of the kerberos setup is a bit flawed. thanks for any replies, Mark Le Noury -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NTFS ACLs - access denied
People, I had gone panic... there is no way to migrate Files from my NT 4, to the Samba BDC Server. I had vampired all the users. but still I get access denied in robocopy when it tries to copy the NTFS Security. Any Idea what could it be?? I swear to god, that I will share a bit of my salary to solve this out!! 2 weeks fighting and going throw forums, and this weekend my boss will go with win2000 if I dont find a solution!! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Missing folders when accessing via Samba ?
Hi, at least for me no changes. I've added those hide unreadable/unwriteable = no , restarted samba and tried to access. Same thing. Anyone with the same problem ? On Mon, 11 Oct 2004 18:04:00 +0100, Hamish [EMAIL PROTECTED] wrote: A long shot, but maybe try `hide unreadable = no` and `hide unwriteable = no`? charlie wrote: I have the same trouble, but in my case is with Win XP machines and G5.The G5, lost some files in transfers of big number of files, and then this same files look like dissapear in the XP machine when you browse from G5.You look into the XP from XP an there it is. weird!!! Any clues about this? thanks On Mon, 11 Oct 2004 07:29:19 -0400, Mario Bittencourt [EMAIL PROTECTED] wrote: Hi, I have a linux server (FC2) with samba 3.0.7 (3.0.7-2.FC2). Everything was fine but recently I found the some folders that I used to access from windows clients are missing. They exist if I log on the samba server (using ssh) and ls. but does not apper in my windows machine. Other folders in the same share do appear. All folders (that appear and don't appear) have the same owner/group and permitions. If I put the full path (]\\samba\share\missing_folder) in my windows explorer I can access the missing folder and use it without a problem. I am not quite sure but it seems to have started after the latest update of my samba version. The machine has been rebooted since this event. Any ideas ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] kerberos and/or winbind ??
Mark Le Noury wrote: Hi, I'm getting confused about the role that kerberos authentication plays. What exactly is the point of using kerberos to join a samba server to an AD domain? If using kerberos still requires you to rely on winbindd for all the nsswitch stuff then what is the point? I can just as easily specify workgroup = wkgrp security = domain and do a net join Instead of doing realm = wkgrp.krb.realm workgoup = wkgrp security = ADS and doing net ads join Are there performance benefits/better security...what?? I think that maybe my understanding of the kerberos setup is a bit flawed. thanks for any replies, Mark Le Noury Here is an over simplified explanation. Configuring kerberos with samba will not give you any additional features. It is definately more secure -- the linux system will authenticate via kerberos with your AD DC. Aside from the security bonus the only other reason you would want to consider doing this is if your Active Directory is running in Native Mode. If this is the case, you *have* to use kerberos if you wish to become a full domain member. Otherwise, if you are running in Mixed Mode (the default mode on 2000/2003) and the added benefits of kerberos security are not a requirement, then by all means run in domain mode as an old style NT system and enjoy being free from the headaches of kerberos compatibility issues. Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Groupmapping doesn't work
Hi I got a problem with groupmapping. It doesn't work correct: Wilma2:/home/root # net groupmap list | grep 512 Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) - domadm ldapsearch -x cn=domadm: # domadm, groups, wms-hn.de dn: cn=domadm,ou=groups,dc=my-domain objectClass: posixGroup objectClass: sambaGroupMapping cn: domadm gidNumber: 65669 memberUid: tilo sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512 sambaGroupType: 2 displayName: Domain Admins description: Domain Admins The problem is tilo doesn't have any administrator rights. Any idea whats wrong? I use samba 3.0.7 What 'getent group domadm' returns you? I suspect that it does not have tilo as a member. If you have the same posixGroup defined both in /etc/group and in LDAP and what to have definition wormhole:/var/log # getent group | grep domadm domadm:x:65669:tilo It has tilo as member. The group is only define in ldap, not in /etc/group Cheers Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Groupmapping doesn't work
Hi I got a problem with groupmapping. It doesn't work correct: Wilma2:/home/root # net groupmap list | grep 512 Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) - domadm ldapsearch -x cn=domadm: On Tuesday 12 October 2004 05:05, jamrock wrote: I could never get group mapping to work. After reading Samba 3 by example, I realized that I needed to migrate the relevant groups from /etc/group to LDAP. As you can see group domadm is stored in ldap. I got only standard Linux system groups in /etc/group. I also tried to use set the primary group of tilo to domadm but it still doesn't help. Any ideas? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: TOSHARG: Samba ADS domain membership notes
Jeremy, Thanks for this feedback. I will include this info as soon as I get a moment. Good work. - John T. --- John H Terpstra Samba-Team email: [EMAIL PROTECTED] Original Message Subject: TOSHARG: Samba ADS domain membership notes From: Jeremy Naylor [EMAIL PROTECTED] Date: Wed, October 13, 2004 5:27 am To: [EMAIL PROTECTED] Hi John, I ran into a few problems adding a samba machine to my Win2k3 AD domain for Squid authentication. I pinned it down to two specific settings in the Security Policy on the domain controller. I googled for days and found a few other cases of the same problem but never any solutions. I finally found them through trial and error. I think these two would be good tips to add to the how-to, since the settings are recommended by Microsoft as a best practice for security. At first, I was always getting this message: [2004/10/13 08:11:14, 0] utils/net_ads.c:ads_startup(183) ads_connect: Strong(er) authentication required This directly correlated with this setting in the Security Policy: Domain Controller: LDAP server signing requirements = Require Signing Changing this to None got it working as a workaround. I'm still trying to get it to work with that enabled. The other issue I had was testing authentication with wbinfo -a user%pass. That would never succeed, even once I had joined the domain. It would always come back with: plaintext password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user user%pass with plaintext password challenge/response password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user user with challenge/response It also failed when using the ntlm_auth helper (with basic or NTLM authentication). I found out this is because neither wbinfo or ntlm_auth support NTLMv2, and I had this setting in my Security Policy: Network security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM NTLM I configured Squid for NTLMv2 (ntlm_auth --helper-protocol=squid-2.5-ntlmssp) authentication and that worked fine. I could have saved a lot of time had I realized the other tools would never work. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't join domain - no message
I have installed Samba 2.2.8a onto a Solaris 2.5.1 system from Sunfreeware. Config file has been copied from another similar working system and all that was changed was the netbios name. Using smbpasswd to join the domain does not seem to be working. No message is displayed to say either domain joined or not. secrets file is created and an account is created on the domain. Machine is browsable, but cannot connect to the shares. Error message in log is: [2004/10/13 14:39:14, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain DOMAINNAME Any ideas? Regards, Stuart *** Gold Medal Travel E Mail disclaimer This e-mail contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail. *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
I have problem adding users after I set up a goupmap. Before there was no problem. net groupmap ntgroup=Users unixgroup=users Users (S-1-5-32-545) - users useradd pesho -g users pdbedit -a pesho new password: retype new password: tdb_update_sam: Failing to store a SAM_ACCOUNT for [pesho] without a primary group RID Unable to add user! (does it already exist?) pesho of cource doesn´t exist pdbedit -L | grep pesho returns nothing. I´m using two passwd backends: passdb backend = tdbsam:/etc/samba/passdb.tdb \ smbpasswd:/etc/samba/smbpasswd In this case I´m trying to add pesho to tdbsam, when I remove it and only smbpasswd was in the smb.conf I was able to add it sucessfully. I´m using samba 3.0.7-2.FC1. Can somebody tell me what have I done wrong? This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: problem with samba, ldap and windows
Different people have different reason for this failure but in your case you need to remember that besides finding Administrator Samba need to find machine trust account as well. If it can't find it the same error message Can't find user is reported back to Windows. Check that machine account was successfuly created during joining of the Domain, that flag marks it as a Workstation trust account (W), and that you can see this account with 'getent passwd' request. And a minor note, which probably is unrelated to your problem - don't use '-a' option to smbldap-useradd in your 'add user script' since Samba expects this script to create only Posix account. Igor Samuele Giovanni Tonon wrote: hi, i have read that someone has similar problem to mines, however i didn't find how it solved them . The problem is this: samba as a PDC for a window domain. The authentication is managed with openldap. if i try to change the password of any ldap account with smbpassword i have no error. if i try to access to the shared folder of samba, with windows, it asks me for authentication and it all work. The only thing i'm not able to do is to manage the windows authentication through domain: when i try to join the domain using Administrator it says to me Can't find user but in samba log i have: [2004/10/13 11:27:45, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/13 11:27:45, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/13 11:27:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: Administrator [2004/10/13 11:27:45, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] - [Administrator] - [Administrator] succeeded [2004/10/13 11:27:46, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477) Returning domain sid for domain KOSAVUTU - S-1-5-21-1603302580-212172761-3240640930 [2004/10/13 11:27:46, 2] smbd/server.c:exit_server(571) Closing connections so Administrator is known, the authentication works, but in some way either samba or windows doesn't communicate well. Any hints ? i'm attaching my smb.conf, hoping it can help. Regards # # Sample configuration file for the Samba suite for Debian GNU/Linux. # # # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options most of which # are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentary and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command # testparm to check that you have not many any basic syntactic # errors. # #=== Global Settings === [global] ## Browsing/Identification ### workgroup = KOSAVUTU ;netbios name = PDC server string = %h server (Samba %v) syslog = 30 security = user null passwords = true encrypt passwords = true add user script = /usr/sbin/smbldap-useradd -m -a %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = logon.bat logon path = \\PDC\profiles\%g client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No min protocol = LANMAN2 time server = Yes server signing = auto local master = Yes os level = 40 domain logons = Yes preferred master = Yes domain master = Yes wins support = No wins server = 10.0.0.1 log file = /var/log/samba/samba.log.%m log level = 2 passdb:2 auth:2 winbind:2 admin users = root,Administrator passdb backend = ldapsam:ldap://127.0.0.1/ passwd program = /usr/sbin/smbldap-passwd -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *succesfully* passwd chat debug = Yes ldap suffix = dc=sferacarta,dc=com ldap machine suffix = ou=machines ldap user suffix = ou=people ldap group suffix = ou=groups ldap idmap suffix = ou=users
[Samba] NT and XP clients cannot reach Samba PDC
When attempting to join my domain, the NT 4 Workstation and XP Pro clients cannot contact the domain controller. The Samba server is running normally, and can be connected to via IP address, but not by name. Additionally, when I set up a DNS, it still could not contact the Samba server. The clients and server are on the same subnet. I have read as much as I could find on configuring Samba as a PDC, but thus far have found nothing that has solved my problem. Below is a copy of my smb.conf file. Any assistance is appreciated. Thanks! [global] netbios name = THOR workgroup = ASGARD server string = Thor at Asgard encrypt passwords = yes status = yes wins support = yes passdb backend = smbpasswd os level = 64 prefered master = yes domain master = yes local master = yes security = user domain logons = yes logon path = \\%N\profiles\%u logon drive = S: logon home = \\homeserver\%u\winprofile #logon script = logon.cmd domain admin group = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*Password* %n\n *Please*Retype*New*Password* %n\n *Password*Updated* [netlogon] comment = Samba PDC Logon Scripts and Policies path = /etc/samba/netlogon read only = yes write list = ntadmin [profiles] comment = Roaming Profiles path = /etc/samba/profiles read only = no create mask = 0600 directory mask = 0700 [homes] comment = %u's Home Directory read only = no browsable = no guest ok = no writeable = yes [printers] comment = All Printers path = /var/spool/samba printer admin = root guest ok = Yes printable = Yes use client driver = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: problem with samba, ldap and windows
Different people have different reason for this failure but in your case you need to remember that besides finding Administrator Samba need to find machine trust account as well. If it can't find it the same error message Can't find user is reported back to Windows. Check that machine account was successfully created during joining of the Domain, that flag marks it as a Workstation trust account (W), and that you can see this account with 'getent passwd' request. And a minor note, which probably is unrelated to your problem - don't use '-a' option to smbldap-useradd in your 'add user script' since Samba expects this script to create only Posix account. Igor Samuele Giovanni Tonon wrote: hi, i have read that someone has similar problem to mines, however i didn't find how it solved them . The problem is this: samba as a PDC for a window domain. The authentication is managed with openldap. if i try to change the password of any ldap account with smbpassword i have no error. if i try to access to the shared folder of samba, with windows, it asks me for authentication and it all work. The only thing i'm not able to do is to manage the windows authentication through domain: when i try to join the domain using Administrator it says to me Can't find user but in samba log i have: [2004/10/13 11:27:45, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/13 11:27:45, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/13 11:27:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: Administrator [2004/10/13 11:27:45, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] - [Administrator] - [Administrator] succeeded [2004/10/13 11:27:46, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477) Returning domain sid for domain KOSAVUTU - S-1-5-21-1603302580-212172761-3240640930 [2004/10/13 11:27:46, 2] smbd/server.c:exit_server(571) Closing connections so Administrator is known, the authentication works, but in some way either samba or windows doesn't communicate well. Any hints ? i'm attaching my smb.conf, hoping it can help. Regards # # Sample configuration file for the Samba suite for Debian GNU/Linux. # # # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options most of which # are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentary and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command # testparm to check that you have not many any basic syntactic # errors. # #=== Global Settings === [global] ## Browsing/Identification ### workgroup = KOSAVUTU ;netbios name = PDC server string = %h server (Samba %v) syslog = 30 security = user null passwords = true encrypt passwords = true add user script = /usr/sbin/smbldap-useradd -m -a %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = logon.bat logon path = \\PDC\profiles\%g client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No min protocol = LANMAN2 time server = Yes server signing = auto local master = Yes os level = 40 domain logons = Yes preferred master = Yes domain master = Yes wins support = No wins server = 10.0.0.1 log file = /var/log/samba/samba.log.%m log level = 2 passdb:2 auth:2 winbind:2 admin users = root,Administrator passdb backend = ldapsam:ldap://127.0.0.1/ passwd program = /usr/sbin/smbldap-passwd -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *succesfully* passwd chat debug = Yes ldap suffix = dc=sferacarta,dc=com ldap machine suffix = ou=machines ldap user suffix = ou=people ldap group suffix = ou=groups ldap idmap suffix = ou=users
Re: [Samba] NT and XP clients cannot reach Samba PDC
M Middleton wrote: When attempting to join my domain, the NT 4 Workstation and XP Pro clients cannot contact the domain controller. The Samba server is running normally, and can be connected to via IP address, but not by name. Additionally, when I set up a DNS, it still could not contact the Samba server. The clients and server are on the same subnet. I have read as much as I could find on configuring Samba as a PDC, but thus far have found nothing that has solved my problem. Below is a copy of my smb.conf file. Any assistance is appreciated. Thanks! [global] netbios name = THOR workgroup = ASGARD server string = Thor at Asgard encrypt passwords = yes status = yes wins support = yes passdb backend = smbpasswd os level = 64 prefered master = yes domain master = yes local master = yes security = user domain logons = yes logon path = \\%N\profiles\%u logon drive = S: logon home = \\homeserver\%u\winprofile #logon script = logon.cmd domain admin group = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*Password* %n\n *Please*Retype*New*Password* %n\n *Password*Updated* [netlogon] comment = Samba PDC Logon Scripts and Policies path = /etc/samba/netlogon read only = yes write list = ntadmin [profiles] comment = Roaming Profiles path = /etc/samba/profiles read only = no create mask = 0600 directory mask = 0700 [homes] comment = %u's Home Directory read only = no browsable = no guest ok = no writeable = yes [printers] comment = All Printers path = /var/spool/samba printer admin = root guest ok = Yes printable = Yes use client driver = Yes browseable = No Have you tried manually setting a WINS entry (ip address of samba server) for the windows machines? Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 By Example - Suggested Update (Correction?) And Two Winbind Defects
We were trying to build a SuSE 9.1 box in a lab as a Domain Member server in a Windows Active Directory domain where the AD server was running Windows 2000 Server. We found that the instructions in Chapter 9.3.3 were, at least in our case, incomplete. The AD server was managing a private domain, so following the Windows Configure My Server wizard the domain was setup as smelug.local. When we attempted to have the Linux box (running SuSE 9.1 (fully patched) with the Samba 3.0.7 rpm packages from the SuSE ftp site) join the domain, we got an error indicating the Linux box could not find the Kerberos server. After Googling, we saw that others experiencing this problem had as the root cause either a DNS configuration problem or a misconfigured realm in krb5.conf. We checked DNS on the W2K server and on the Linux box, added entries in the Linux and Windows hosts files, and then watched the packets go back and forth with Ethereal between the Windows 2K AD server and the SuSE box, but we still got the error. The two boxes were clearly exchanging packets, so we felt pretty good that we didn't have any DNS configuration errors. Next, we undid all of the above changes, and simply edited the krb5.conf file to include the realm information and the IP:port info for the AD server. The join was successful now. May I therefore suggest that configuring the krb5.conf file be added to Chapter 9.3.3 in S3BE? Separately, we found two winbind errors during testing: First, we found that winbind does not shut down cleanly during a reboot (we used the SuSE runlevel editor in YaST to have smb, nmb and winbind startup automagically during boot up). Winbind leaves /var/run/samba/winbindd.pid in place, which we must remove manually before we can start winbind. Second, even after starting/stopping/restarting winbind manually, wbinfo -u (and -g) do not work at first. We found we needed to run net ads info first, and then wbinfo -whatever would work just fine. Please let me know if you would like me to file bugzilla reports on these errors, or if you would like more detail. We are not programmers so we don't know how to narrow this down further. With best regards, Mark P.S. The lab machines are VMware 4.5.2 guests, running on a SuSE Linux 8.2 host. We can make the virtual machine files available to you if you would like to run these machines locally for testing (assuming you have VMware and a Windows 2000 Server license). -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: www.RNoME.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT and XP clients cannot reach Samba PDC
On Wed, 13 Oct 2004 10:33:49 -0400, Christian Merrill [EMAIL PROTECTED] wrote: Have you tried manually setting a WINS entry (ip address of samba server) for the windows machines? Christian I entered the hostname and IP address of the Samba server on the XP Client's hosts file, and was able to ping via hostname, but was still unable to contact the domain controller. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.7-Debian ***Error Performing inpage operation***
After upgrading to Samba 3.0.7 via apt-get I get an error when I try to copy files from the share from a windows server The error is Can not copy xx.pdf, error performing inpage operation If I try to open the file then adobe lounches but there is nothing inside. Can anyone tell me what could be wrong? --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Login with a NT 4.0 PDC
Hi all, I want to make a Samba Sever as amember of a Domain, using a Windows NT 4.0 as PDC. I have my smb.conf configured to do this, but users ca't connect on Samba useing the Windows NT account. Is it possible or I have to create them on a smbpasswd to make them login on it? I have a Samba Server 3.0.7 running under a Slackware Linux 10.0, with Kernel 2.6.8.1. I'm sending my smb.conf configurations. #=== Global Settings = [global] workgroup = WORKGROUP interfaces = eth0 ; invalid users = root ; character set = ISO8859-1 ; client code page = 850 name resolve order = wins bcast host lmhosts bind interfaces only = yes password server = WINNT-SERVER security = user server string = %h log file = /var/log/samba/%m.log smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 os level = 0 syslog = 0 dead time = 20 domain master = no local master = yes preferred master = yes ; domain admin group = root logon script = users.bat unix password sync = yes max log size = 1000 winbind trusted domains only = yes restrict anonymous = yes update encrypted = yes winbind use default domain = yes domain master = no ; socket address = 192.168.0. ; root directory = /root ; hostname lookups = yes passwd chat timeout = 5 max protocol = NT acl compatibility = winnt ldap ssl = No server signing = Auto # Share Definitions == [homes] comment = Home Directories read only = no valid users = %S create mask = 0664 directory mask = 0775 ; map to guest = bad user [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes share modes = no browseable = no [Profiles] path = /usr/local/samba/profiles browseable = no guest ok = yes ;[printers] ; comment = All Printers ; path = /var/spool/samba ; browseable = no # Set public = yes to allow user 'guest account' to print ; guest ok = no ; printable = yes # This one is useful for people to share files [tmp] comment = Diretório de arquivos temporários path = /tmp read only = no guest ok = yes [public] comment = Public Stuff valid users = %S path = /home/samba guest ok = yes read only = no write list = someone # Um diretório privado SOMENTE utilizado pelo usuario bruno, # e requer acesso de escrita no diretorio inteiro. [pchome] comment = PC Directories path = /usr/local/pc/%m public = no writable = yes [public] path = /usr/share/samba_public guest ok = yes guest only = yes read only = no [someone] comment = Someone's Share path = /home/bruno valid users = someone read only = no create mask = 0765 browseable = no [cdrom] comment = CDROM compartilhado locking = no path = /mnt/cdrom guest ok = yes valid users = someone [easy$] comment = Acesso geral para os servidores da Easy path = / write list = someone read only = no valid users = someone admin users = someone Thanks for your help, Bruno -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Login with a NT 4.0 PDC
Try by setting the security = domain see http://www.informit.com/articles/article.asp?p=169560seqNum=3 this should help -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bruno Lessa Cardoso Sent: Mittwoch, 13. Oktober 2004 17:02 To: Samba List Subject: [Samba] Login with a NT 4.0 PDC Hi all, I want to make a Samba Sever as amember of a Domain, using a Windows NT 4.0 as PDC. I have my smb.conf configured to do this, but users ca't connect on Samba useing the Windows NT account. Is it possible or I have to create them on a smbpasswd to make them login on it? I have a Samba Server 3.0.7 running under a Slackware Linux 10.0, with Kernel 2.6.8.1. I'm sending my smb.conf configurations. #=== Global Settings = [global] workgroup = WORKGROUP interfaces = eth0 ; invalid users = root ; character set = ISO8859-1 ; client code page = 850 name resolve order = wins bcast host lmhosts bind interfaces only = yes password server = WINNT-SERVER security = user server string = %h log file = /var/log/samba/%m.log smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 os level = 0 syslog = 0 dead time = 20 domain master = no local master = yes preferred master = yes ; domain admin group = root logon script = users.bat unix password sync = yes max log size = 1000 winbind trusted domains only = yes restrict anonymous = yes update encrypted = yes winbind use default domain = yes domain master = no ; socket address = 192.168.0. ; root directory = /root ; hostname lookups = yes passwd chat timeout = 5 max protocol = NT acl compatibility = winnt ldap ssl = No server signing = Auto # Share Definitions == [homes] comment = Home Directories read only = no valid users = %S create mask = 0664 directory mask = 0775 ; map to guest = bad user [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes share modes = no browseable = no [Profiles] path = /usr/local/samba/profiles browseable = no guest ok = yes ;[printers] ; comment = All Printers ; path = /var/spool/samba ; browseable = no # Set public = yes to allow user 'guest account' to print ; guest ok = no ; printable = yes # This one is useful for people to share files [tmp] comment = Diretório de arquivos temporários path = /tmp read only = no guest ok = yes [public] comment = Public Stuff valid users = %S path = /home/samba guest ok = yes read only = no write list = someone # Um diretório privado SOMENTE utilizado pelo usuario bruno, # e requer acesso de escrita no diretorio inteiro. [pchome] comment = PC Directories path = /usr/local/pc/%m public = no writable = yes [public] path = /usr/share/samba_public guest ok = yes guest only = yes read only = no [someone] comment = Someone's Share path = /home/bruno valid users = someone read only = no create mask = 0765 browseable = no [cdrom] comment = CDROM compartilhado locking = no path = /mnt/cdrom guest ok = yes valid users = someone [easy$] comment = Acesso geral para os servidores da Easy path = / write list = someone read only = no valid users = someone admin users = someone Thanks for your help, Bruno -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login with a NT 4.0 PDC
On Wed, 2004-10-13 at 12:01 -0300, Bruno Lessa Cardoso wrote: I want to make a Samba Sever as amember of a Domain, using a Windows NT 4.0 as PDC. I have my smb.conf configured to do this, but users ca't connect on Samba useing the Windows NT account. Is it possible or I have to create them on a smbpasswd to make them login on it? snip security = user Unless my understanding of SAMBA config and your needs is flawed, you need to set security = domain, not security = user. This is the setting that lets a SAMBA member server pass authentication requests to the PDC. There is a good explanation of SAMBA security modes at http://www.phptr.com/articles/article.asp?p=169560seqNum=3 -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Groupmapping doesn't work
Tilo Lutz wrote: I got a problem with groupmapping. It doesn't work correct: Wilma2:/home/root # net groupmap list | grep 512 Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) - domadm ldapsearch -x cn=domadm: # domadm, groups, wms-hn.de dn: cn=domadm,ou=groups,dc=my-domain objectClass: posixGroup objectClass: sambaGroupMapping cn: domadm gidNumber: 65669 memberUid: tilo sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512 sambaGroupType: 2 displayName: Domain Admins description: Domain Admins The problem is tilo doesn't have any administrator rights. Any idea whats wrong? I use samba 3.0.7 What 'getent group domadm' returns you? I suspect that it does not have tilo as a member. If you have the same posixGroup defined both in /etc/group and in LDAP and what to have definition wormhole:/var/log # getent group | grep domadm domadm:x:65669:tilo It has tilo as member. The group is only define in ldap, not in /etc/group Did you also check that SID of this 'Domain Admins' is acctually belong to your Domain? What 'net getlocalsid' returns you? Does tilo user belong to 'Domain Admins' when you look at it with usrmgr.exe under Windows? Does 'Domain Admins' group is a member of local 'Administrators' group on Windows? Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] admin users and root priviledges
Hi everybody, Specifying admin users = root,@adm in global would make any access by members of the adm group maped to the root *nix user, thus allowing them to add machine accounts (my goal). Can I override this on a per share base, with admin users = root , so that they won't be able to accidentally do harmful things on the filesystem? Thanks in advance, Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] kerberos and/or winbind ??
Hi Christian, Can you explain what winbindd has to do with kerberos and the ADS security mode? I was using the DOMAIN security mode without it and now I am trying to make it work with ADS (our Win2K3 server will be in Native mode for ... security reason!). Do I really need winbindd even if I only need to have a Samba share available to some Windows XP/2000 machines via the same Windows logon and no need to log on the Unix box running the Samba share. Regards, Marcello -Message d'origine- De : Christian Merrill [mailto:[EMAIL PROTECTED] Envoyé : mercredi 13 octobre 2004 09:21 À : Mark Le Noury Cc : [EMAIL PROTECTED] Objet : Re: [Samba] kerberos and/or winbind ?? Mark Le Noury wrote: Hi, I'm getting confused about the role that kerberos authentication plays. What exactly is the point of using kerberos to join a samba server to an AD domain? If using kerberos still requires you to rely on winbindd for all the nsswitch stuff then what is the point? I can just as easily specify workgroup = wkgrp security = domain and do a net join Instead of doing realm = wkgrp.krb.realm workgoup = wkgrp security = ADS and doing net ads join Are there performance benefits/better security...what?? I think that maybe my understanding of the kerberos setup is a bit flawed. thanks for any replies, Mark Le Noury Here is an over simplified explanation. Configuring kerberos with samba will not give you any additional features. It is definately more secure -- the linux system will authenticate via kerberos with your AD DC. Aside from the security bonus the only other reason you would want to consider doing this is if your Active Directory is running in Native Mode. If this is the case, you *have* to use kerberos if you wish to become a full domain member. Otherwise, if you are running in Mixed Mode (the default mode on 2000/2003) and the added benefits of kerberos security are not a requirement, then by all means run in domain mode as an old style NT system and enjoy being free from the headaches of kerberos compatibility issues. Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Looking for large-ish deployment advice
Colleagues- I am working on the design of a fairly large samba deployment, and I am looking for feedback on some of my design ideas. I have 10 buildings spread out in and around a city, all interconnected via 1.5Mb leased lines. There are samba servers in each building. I have some users that move from building to building. We are using primarily windows 98 desktops, with a few 2K and XPP machines thrown in for flavor. Ideally, I would like to setup a single centrally managed and authenticated domain, but have user home directories served from member servers in the users' home buildings, as performance over the WAN links is poor. The problem I'm having is figuring out a mechanism wherein the PDC or a login script will be smart enough to know which member server to connect to for their home directories. My goal is to normally only have authentication and internet traffic traversing the WAN links, and only have user data traversing the WAN links when someone is not in their usual home building. Right now, I am planning on setting up multiple domains, one for each building, and then setting trusts between them all. This way everyone can login to their home domain and get at their data, but then still have access to the applications on the local server, regardless of which building they are in. This solution is more complex and has more management overhead than I would like, but is the only way I have come up with that I know will work. Anyone have any better ideas? As I've only done relatively small and simple samba deployments in the past, I'm sure there are some more advanced features that I don't know about that might make this possible. Would DFS work? -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust between two samba domains
Hi, I posted my problem to list but nobody answerd me. I have found a solution of netsamlogon_cache.tdb but still I have a problem with authentication. I have changed a smb.conf files. servera: [global] workgroup = DOMAINA netbios name = SERVERA security = user passdb backend = smbpasswd local master = yes domain logons = yes os level = 33 domain master = yes preferred master = yes log level = 3 allow trusted domains = yes wins support = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon read only = yes [Documents] comment = Dokumenty path = /export/documents writeable = yes browseable = yes guest ok = yes serverb: [global] workgroup = DOMAINB netbios name = SERVERB security = user passdb backend = smbpasswd local master = yes domain logons = yes os level = 33 domain master = yes preferred master = yes log level = 3 allow trusted domains = yes wins support = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon read only = yes [Documents] comment = Dokumenty path = /export/documents writeable = yes browseable = yes guest ok = yes loga: [2004/10/13 16:40:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1541) api_rpcTNP: rpc command: NET_SAMLOGON [2004/10/13 16:40:21, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613) SAM Logon (Interactive). Domain:[DOMAINA]. User:[EMAIL PROTECTED] Requested Domain:[DOMAINB] [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] libsmb/namequery_dc.c:rpc_dc_name(145) rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB [2004/10/13 16:40:21, 3] libsmb/cliconnect.c:cli_start_connection(1376) Connecting to host=SERVERB [2004/10/13 16:40:21, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.100.11 at port 445 [2004/10/13 16:40:21, 3] auth/auth_util.c:make_server_info_info3(1114) User bronasek does not exist, trying to add it [2004/10/13 16:40:21, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/10/13 16:40:21, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [bronasek] - [bronasek] FAILED with error NT_STATUS_NO_SUCH_USER [2004/10/13 16:40:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 6274 [2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=73cc nwritten=336 [2004/10/13 16:40:21, 3] smbd/process.c:process_smb(1092) Transaction 39 of length 63 [2004/10/13 16:40:21, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 10156) conn 0x83d8040 [2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=73cc min=1024 max=1024 nread=96 logb: [2004/10/13 16:17:06, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(620) SAM Logon (Network). Domain:[DOMAINB]. User:[EMAIL PROTECTED] Requested Domain:[DOMAINB] [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13
RE: [Samba] Looking for large-ish deployment advice
Hi Quentin Why not having one central PDC and use login scripts to map the home directories on the local PC to the apropriate place on a per user basis? /Krystian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Quentin Hartman Sent: Mittwoch, 13. Oktober 2004 17:39 To: [EMAIL PROTECTED] Subject: [Samba] Looking for large-ish deployment advice Colleagues- I am working on the design of a fairly large samba deployment, and I am looking for feedback on some of my design ideas. I have 10 buildings spread out in and around a city, all interconnected via 1.5Mb leased lines. There are samba servers in each building. I have some users that move from building to building. We are using primarily windows 98 desktops, with a few 2K and XPP machines thrown in for flavor. Ideally, I would like to setup a single centrally managed and authenticated domain, but have user home directories served from member servers in the users' home buildings, as performance over the WAN links is poor. The problem I'm having is figuring out a mechanism wherein the PDC or a login script will be smart enough to know which member server to connect to for their home directories. My goal is to normally only have authentication and internet traffic traversing the WAN links, and only have user data traversing the WAN links when someone is not in their usual home building. Right now, I am planning on setting up multiple domains, one for each building, and then setting trusts between them all. This way everyone can login to their home domain and get at their data, but then still have access to the applications on the local server, regardless of which building they are in. This solution is more complex and has more management overhead than I would like, but is the only way I have come up with that I know will work. Anyone have any better ideas? As I've only done relatively small and simple samba deployments in the past, I'm sure there are some more advanced features that I don't know about that might make this possible. Would DFS work? -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.7 adding machines. Wrong primary group.
Michael Liebl wrote: Domainname: MITTELERDE PDC:ISENGART Machinename I added: TESTMACHINE My Command: add machine script = /usr/sbin/useradd -c Samba-Computer -d /dev/null -g machines -s /bin/false %u If I change 'set primary group script' to /bin/true the machine will stay in Group machines, so the command works. After adding the machine, it has the primary unix group domusr. Domain Users (S-1-5-21-1418210569-3342691074-3409555407-513) - domusr Using: Debian/unstable x86 Linux 2.6.5 Samba: Version 3.0.7-Debian (Also I checked with FC2) If you need more info, please let me know. Interesting case... The request comes from Windows to update machine account with a bunch of new values and in this request RID of the primary group for the account (group_rid) is listed as 513 (0x201). If you look at the 'fields_present' in the request you will notice that it requests almost all information to be updated - 09f827fa (this is a bitwise mask of fields to be updated). When I add a computer in my domain I have it only '00c4 fields_present : 0112'. Note, that on the other hand I have similar set of data updates when I create normal user with usrmgr.exe: 00c4 fields_present : 08f827fa. So, I suspect the problem is somewhere on Windows side. I haven't found any Domain Policy requiring all accounts to be in Domain Users group which is the only thing which comes to my mind as a probably cause for the problem. I hope somebody having more experience with different Domain/Windows configurations can help in this case. Bellow is the relavent extracts from the (log level = 5) smbd log: Igor [2004/10/11 09:06:31, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2245) _samr_create_user: Running the command `/usr/sbin/useradd -c Samba-Computer -d /dev/null -g machines -G samba -s /bin/false testmachine$' gave 0 [2004/10/11 09:06:31, 5] lib/username.c:Get_Pwnam(293) Finding user testmachine$ .. [2004/10/11 09:06:31, 5] passdb/pdb_tdb.c:tdb_update_sam(631) Storing (new) account testmachine$ with RID 5024 .. [2004/10/11 09:06:31, 4] rpc_server/srv_pipe.c:api_rpcTNP(1534) api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO .. [2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00b8 user_rid : [2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00bc group_rid : 0201 [2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00c0 acb_info : 0080 [2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00c4 fields_present : 09f827fa .. [2004/10/11 09:06:31, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2977) _samr_set_userinfo: sid:S-1-5-21-1418210569-3342691074-3409555407-5024, level:23 [2004/10/11 09:06:31, 5] rpc_server/srv_samr_nt.c:set_user_info_23(2830) Attempting administrator password change (level 23) for user testmachine$ [2004/10/11 09:06:31, 5] rpc_server/srv_samr_nt.c:set_user_info_23(2850) Changing trust account or non-unix-user password, not updating /etc/passwd [2004/10/11 09:06:31, 3] passdb/lookup_sid.c:fetch_gid_from_cache(247) fetch uid from cache 6000 - S-1-5-21-1418210569-3342691074-3409555407-513 [2004/10/11 09:06:31, 3] groupdb/mapping.c:smb_set_primary_group(1189) smb_set_primary_group: Running the command `/usr/sbin/usermod -g domusr testmachine$' gave 0 [2004/10/11 09:06:31, 5] passdb/pdb_tdb.c:tdb_update_sam(631) Storing account testmachine$ with RID 5024 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba as gateway MIT kerberos
Warren Yuen warrenyuen at hotmail.com writes: Volker Lendecke Volker.Lendecke at SerNet.DE writes: It's irrelevant whether you have kerberos enabled or not. The only thing to make Samba a gateway to AFS is the option --with-fake-kaserver=yes. Setting that enables Samba to act as a kaserver. Three things to be done for configuration: I suppose the fake-kaserver option is to set Samba create the actual tickets on its own. Still i am not sure if it works with our kerveros 5. Cheers, Warren -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Failed groupmap
Users (S-1-5-32-545) is a local group. Domain users should have Domain group from their domain as their primary group. I would recommend to change mapping by removing 'Users - users' map and adding 'Domain Users - users' one. The problem can be also caused if you already have 'Domain Users - users' and add 'Users - users' since Samba mapps gid - SID by finding the first SID - gid mapping with the right gid and will fail if 'Users - users' is the first map it encounters. Hope it helps, Igor Anton Krosnev wrote: I have problem adding users after I set up a goupmap. Before there was no problem. net groupmap ntgroup=Users unixgroup=users Users (S-1-5-32-545) - users useradd pesho -g users pdbedit -a pesho new password: retype new password: tdb_update_sam: Failing to store a SAM_ACCOUNT for [pesho] without a primary group RID Unable to add user! (does it already exist?) pesho of cource doesn´t exist pdbedit -L | grep pesho returns nothing. I´m using two passwd backends: passdb backend = tdbsam:/etc/samba/passdb.tdb \ smbpasswd:/etc/samba/smbpasswd In this case I´m trying to add pesho to tdbsam, when I remove it and only smbpasswd was in the smb.conf I was able to add it sucessfully. I´m using samba 3.0.7-2.FC1. Can somebody tell me what have I done wrong? This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Looking for large-ish deployment advice
That's the point you have to use a seperate script for each user. In samba conf file: [global] ... .. . logon script = %U.bat [netlogon] comment = The netlogon share path = /xxx/logon public = no writeable = no browsable = no put a [username].bat file in the root of the netlogon share containing something like: net use h: \\server1\home\[user] I don't think that you will be able to have the PDC to self detect where the share should be mapped. hope this helps Regards /Krystian -Original Message- From: Quentin Hartman [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 13. Oktober 2004 18:07 To: Krystian Filiks Subject: RE: [Samba] Looking for large-ish deployment advice On Wed, 2004-10-13 at 17:59 +0200, Krystian Filiks wrote: Hi Quentin Why not having one central PDC and use login scripts to map the home directories on the local PC to the apropriate place on a per user basis? That's exactly what I haven't been able to figure out how to do. How would the login script know that joeuser needs to connect to server1, without having to write a different script for every user? If you have a solution or a pointer to a place in TFM, I'd be thrilled to hear about it. -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT4 RAS Dial-in with Samba 3 PDC
Hi, I installed UsrMgr.exe (downloaded from the MS support site) on an XP client, joined the client to the domain hosted by the Samba 3 PDC, then opened UsrMgr.exe. The NT tools saw the domain and listed the users and groups, but when I clicked on a user or group and hit properties, the UsrMgr.exe crashed. Am I missing something obvious like you cant run this tool on a newer OS than NT 4? Or you have to run it on a server version of the OS, or should this work? thanks Aaron On Oct 11, 2004, at 5:36 PM, Andrew Bartlett wrote: On Tue, 2004-10-12 at 00:56, Aaron Rosenblum wrote: Hi, I am searching for information on how to set up an NT4 RAS server to authenticate users against a Samba 3 PDC. Right now we have 2 domain controllers and the plan is to phase them out. We want to set up samba as the PDC, but we need RAS to work for the time being. Is there a way to do this? Have you tried this? Does it fail? Particularly with the LDAP backend (or tdbsam) and setting the properties in usrmgr, it should work... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Looking for large-ish deployment advice
The only other way that I see to do this is NFS and NIS. But in any way you will have to store a list of users and associated servers. So I think that having a logonscript for every user will allow you to acheave this in the easyest way, besides it gives you flexibility to map drives, change the PC time and other things on a per user basis Regards /Krystian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Krystian Filiks Sent: Mittwoch, 13. Oktober 2004 18:21 To: 'Quentin Hartman' Cc: [EMAIL PROTECTED] Subject: RE: [Samba] Looking for large-ish deployment advice That's the point you have to use a seperate script for each user. In samba conf file: [global] ... .. . logon script = %U.bat [netlogon] comment = The netlogon share path = /xxx/logon public = no writeable = no browsable = no put a [username].bat file in the root of the netlogon share containing something like: net use h: \\server1\home\[user] I don't think that you will be able to have the PDC to self detect where the share should be mapped. hope this helps Regards /Krystian -Original Message- From: Quentin Hartman [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 13. Oktober 2004 18:07 To: Krystian Filiks Subject: RE: [Samba] Looking for large-ish deployment advice On Wed, 2004-10-13 at 17:59 +0200, Krystian Filiks wrote: Hi Quentin Why not having one central PDC and use login scripts to map the home directories on the local PC to the apropriate place on a per user basis? That's exactly what I haven't been able to figure out how to do. How would the login script know that joeuser needs to connect to server1, without having to write a different script for every user? If you have a solution or a pointer to a place in TFM, I'd be thrilled to hear about it. -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Looking for large-ish deployment advice
Quoting L. Mark Stone [EMAIL PROTECTED]: On Wednesday, October 13, 2004 11:38 am, Quentin Hartman wrote: Ideally, I would like to setup a single centrally managed and authenticated domain, but have user home directories served from member servers in the users' home buildings, as performance over the WAN links is poor. The problem I'm having is figuring out a mechanism wherein the PDC or a login script will be smart enough to know which member server to connect to for their home directories. Well, if you use LDAP, you can set homedirs (and paths) and profileopaths for each user. Problem solved. Tarjei Trying to understand this a bit better before I comment... First, won't roving users be disappointed if you have separate home directories in each building? Won't they expect that a document on which they worked in one building be available when they go to the next building? Second, are you contemplating using roaming profiles, and if so, are these profiles likely to be large? E.g., users store big files on their Desktop, and/or have 200MB Outlook pst files, etc Lastly, if I read your post correctly you have T-1 speeds between buildings. That's a pretty fat pipe to fill, so why do you say the building-to-building networks links are slow? -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: www.RNoME.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Mob: 920 63 413 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Looking for large-ish deployment advice
Trying to understand this a bit better before I comment... Thanks for taking the time. First, won't roving users be disappointed if you have separate home directories in each building? Won't they expect that a document on which they worked in one building be available when they go to the next building? That's part of the core mechanic that I am trying to work out. When a user logs on, the logon script figures out what their home building is and connects their home directory appropriately. In the case of logging in at their home building, it connects to their local server, in the case of logging in at another building, it connects to the appropriate server in another building. Using separate domains, this is easy, and somewhat the natural behavior. I would like to use a single domain to keep management overhead lower if possible. It's the figuring out part that I have to work out yet. Second, are you contemplating using roaming profiles, and if so, are these profiles likely to be large? E.g., users store big files on their Desktop, and/or have 200MB Outlook pst files, etc I am contemplating roaming profiles, though they are unlikely to be large in most cases. To answer your examples specifically, as far as I know most users are not in the habit of saving files on their desktops, and we do not use Outlook. Lastly, if I read your post correctly you have T-1 speeds between buildings. That's a pretty fat pipe to fill, so why do you say the building-to-building networks links are slow? I suppose I left out an important point in my first post in that this network has about 3000 users and just over 1000 computers on it. Many of which who are working medium to large sized files stored in their home directories. Between that and the large volume of Internet traffic, my WAN links are pegged all day under the current setup, wherein there is a cluster of NT4 servers all centrally located and all user data has to traverse those links. During peak usage times, it can be painfully slow. Another list member suggested using individual logon scripts, and as far as I can tell at this point, that is the only solution that will work. If that's the case, I then need to decide what's harder to manage, 10 seperate domains, or 3000+ individual logon scripts, where I have a very high rate of user churn. Since this is for a public school district, I'm nearly constantly creating and destroying accounts as students enroll and depart. -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group membership
I'm responding to my own message below with more data. oink:/home # net rpc group members engr Password: CORP1\root smbldap-groupmod -x root engr ... 307: SEQUENCE { 00041: INTEGER = 3 0007 300: [APPLICATION 4] { 000B 38: STRING = 'cn=engr,ou=groups,dc=borkholder,dc=com' 0033 256: SEQUENCE { 0037 12: SEQUENCE { 00392: STRING = 'cn' 003D6: SET { 003F4: STRING = 'engr' 0045 : } 0045 : } 0045 19: SEQUENCE { 00479: STRING = 'gidNumber' 00526: SET { 00544: STRING = '1001' 005A : } 005A : } 005A 21: SEQUENCE { 005C 11: STRING = 'displayName' 00696: SET { 006B4: STRING = 'engr' 0071 : } 0071 : } 0071 21: SEQUENCE { 0073 14: STRING = 'sambaGroupType' 00833: SET { 00851: STRING = '2' 0088 : } 0088 : } 0088 59: SEQUENCE { 008A9: STRING = 'memberUid' 0095 46: SET { 00973: STRING = 'pat' 009C5: STRING = 'chuck' 00A36: STRING = 'jeremy' 00AB5: STRING = 'jerry' 00B24: STRING = 'paul' 00B85: STRING = 'roger' 00BF4: STRING = 'todd' 00C5 : } 00C5 : } 00C5 51: SEQUENCE { 00C7 11: STRING = 'objectClass' 00D4 36: SET { 00D63: STRING = 'top' 00DB 10: STRING = 'posixGroup' 00E7 17: STRING = 'sambaGroupMapping' 00FA : } 00FA : } 00FA 59: SEQUENCE { 00FC8: STRING = 'sambaSID' 0106 47: SET { 0108 45: STRING = 'S-1-5-21-725326080-1709766072-2910717368-1001' 0137 : } 0137 : } 0137 : } 0137 : } 0137 : } Net::LDAP=HASH(0x84b2b48) received: 30 0C 02 01 03 65 07 0A 01 00 04 00 04 00 __ __ 0e 12: SEQUENCE { 00021: INTEGER = 3 00057: [APPLICATION 5] { 00071: ENUM = 0 000A0: STRING = '' 000C0: STRING = '' 000E : } 000E : } Net::LDAP=HASH(0x84b2b48) sending: 30 53 02 01 04 63 4E 04 26 63 6E 3D 65 6E 67 72 0S...cN.cn=engr 2C 6F 75 3D 67 72 6F 75 70 73 2C 64 63 3D 62 6F ,ou=groups,dc=bo 72 6B 68 6F 6C 64 65 72 2C 64 63 3D 63 6F 6D 0A rkholder,dc=com. 01 00 0A 01 02 02 01 00 02 01 00 01 01 00 A0 13 A3 11 04 09 6D 65 6D 62 65 72 55 69 64 04 04 72 memberUid..r 6F 6F 74 30 00 __ __ __ __ __ __ __ __ __ __ __ oot0. 83: SEQUENCE { 00021: INTEGER = 4 0005 78: [APPLICATION 3] { 0007 38: STRING = 'cn=engr,ou=groups,dc=borkholder,dc=com' 002F1: ENUM = 0 00321: ENUM = 2 00351: INTEGER = 0 00381: INTEGER = 0 003B1: BOOLEAN = FALSE 003E 19: [CONTEXT 0] { 0040 17: [CONTEXT 3] { 00429: STRING = 'memberUid' 004D4: STRING = 'root' 0053 : } 0053 : } 00530: SEQUENCE { 0055 : } 0055 : } 0055 : } Net::LDAP=HASH(0x84b2b48) received: 30 0C 02 01 04 65 07 0A 01 00 04 00 04 00 __ __ 0e 12: SEQUENCE { 00021: INTEGER = 4 00057: [APPLICATION 5] { 00071: ENUM = 0 000A0: STRING = '' 000C0: STRING = '' 000E : } 000E : } User root is not in the group engr! Net::LDAP=HASH(0x84b2b48) sending: 30 05 02 01 05 42 00 __ __ __ __ __ __ __ __ __ 0B. 5: SEQUENCE { 00021: INTEGER = 5 00050: [APPLICATION 2] 0007 : } And the interesting thing is that if I do add root as a member of the group, net rpc group list works correctly: oink:/home # net rpc group members engr Password: CORP1\pat CORP1\chuck CORP1\jeremy CORP1\jerry CORP1\paul CORP1\roger CORP1\todd CORP1\root Take root back out, and I am back to: oink:/home # net rpc group members engr Password: CORP1\root It looks to me like root needs to be a member of every single group for these tools to work correctly. That's really bizarre to me. I await the wisdom of the Samba Gurus. Misty On Tuesday 12 October 2004 17:04, Misty Stanley-Jones wrote: I am using Samba PDC with OpenLDAP2 and smbldap-tools. As part of my logon.bat, I call a script called ifmember.exe. This script can list out the groups a user is a member of. It is reporting that my root user is a member of the group 'engr.' I don't know if this is a bug with ifmember.exe or if it's an issue in Samba or in LDAP. Here is some relevant data: oink:/etc/smbldap-tools # smbldap-groupshow engr dn: cn=engr,ou=groups,dc=borkholder,dc=com cn: engr gidNumber: 1001 memberUid: pat,chuck,gene,paul,roger,jerry,mike,jose,todd,howard,jb objectClass: top,posixGroup,sambaGroupMapping sambaGroupType: 2 sambaSID: S-1-5-21-725326080-1709766072-2910717368-1001 oink:/usr/local/sbin # ./smbldap-usershow root dn:
Re: [Samba] Looking for large-ish deployment advice
On Wed, 2004-10-13 at 18:47 +0200, Tarjei Huse wrote: The problem I'm having is figuring out a mechanism wherein the PDC or a login script will be smart enough to know which member server to connect to for their home directories. Well, if you use LDAP, you can set homedirs (and paths) and profileopaths for each user. Problem solved. I did not know that sort of information could be accessed via samba in an LDAP directory. Thanks for the suggestion, I will look into it more closely. Do you know of a specific piece of documentation that covers that? I have not seen that in the Official howto, or in by example, and my knowledge of LDAP is sketchy at best. -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Looking for large-ish deployment advice
What I mean is that the home dir is on a NFS share on whatewer server you have in mind in the apropriate building and then use NIS to lookup what server holds the share for this user. This means in anyway that you will have to have a NIS DB with the username and his home server for the lookup. Maybe trying to asign different IP to people in different buildings and using that info combined with the vbs script have the apropriate share mapped? This gives you other advantages like lets say you need to upgrade the maschine of one user, just put couple of lines in his login script and the next time he logson his maschine gets updated, you can even run the login script as the local administrator if need be by executing the WSHShell.run(RUNAS /USER:Administrator ...) Regards /krystian -Original Message- From: Quentin Hartman [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 13. Oktober 2004 18:45 To: Krystian Filiks Subject: RE: [Samba] Looking for large-ish deployment advice On Wed, 2004-10-13 at 18:30 +0200, Krystian Filiks wrote: The only other way that I see to do this is NFS and NIS. Using NFS would mean that the user data would have to traverse the WAN anyway, would it not? I presume you mean that the user's home directories are all NFS mounted on the PDC and shared from there. The data would then have to move from the member server via nfs, to the PDC, where it is served out again via samba. For someone in a building away from the PDC, the situation would actually degrade from where it is now, and their data would be traversing the slow links twice. Do you have something else in mind? Am I not understanding the data flow correctly? But in any way you will have to store a list of users and associated servers. So I think that having a logonscript for every user will allow you to acheave this in the easyest way, besides it gives you flexibility to map drives, change the PC time and other things on a per user basis Yes, I plan on using logon scripts, but a different one for each user, when I have approximately 3000 of them seemed excessive, hence my search for a more manageable method. Perhaps intelligently using some other piece of user info, group membership or the like. Though, for now, I agree that individual logon scripts are probably the only way to achieve this, unless there is some feature in samba that I do not know about. -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Looking for large-ish deployment advice
Wouldn't this take you away from domain Controller Authentification? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Quentin Hartman Sent: Mittwoch, 13. Oktober 2004 19:05 To: [EMAIL PROTECTED] Subject: Re: [Samba] Looking for large-ish deployment advice On Wed, 2004-10-13 at 18:47 +0200, Tarjei Huse wrote: The problem I'm having is figuring out a mechanism wherein the PDC or a login script will be smart enough to know which member server to connect to for their home directories. Well, if you use LDAP, you can set homedirs (and paths) and profileopaths for each user. Problem solved. I did not know that sort of information could be accessed via samba in an LDAP directory. Thanks for the suggestion, I will look into it more closely. Do you know of a specific piece of documentation that covers that? I have not seen that in the Official howto, or in by example, and my knowledge of LDAP is sketchy at best. -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance Issues with GBit LAN
Now I have built the RAID into the other machine with 700 MHz Celeron and the same GBit card. This Machine has also 384 MB of RAM, so this is upgraded too. The output of Bonnie tested on the Raid looks like: [EMAIL PROTECTED] bonnie]# ./Bonnie File './Bonnie.2324', size: 104857600 Writing with putc()...done Rewriting...done Writing intelligently...done Reading with getc()...done Reading intelligently...done Seeker 1...Seeker 2...Seeker 3...start 'em...done...done...done... ---Sequential Output ---Sequential Input-- --Random-- -Per Char- --Block--- -Rewrite-- -Per Char- --Block--- --Seeks--- MachineMB K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU /sec %CPU 100 5084 99.0 47481 96.9 15686 15.0 5079 94.9 48069 23.0 558.3 5.6 [EMAIL PROTECTED] bonnie]# I think, the CPU-Rates are better as before in the old machine. Now the test on the (Now Onboard-IDE) 10 GB Seagate Harddisk /dev/hda/: [EMAIL PROTECTED] bonnie]# ./Bonnie File './Bonnie.2331', size: 104857600 Writing with putc()...done Rewriting...done Writing intelligently...done Reading with getc()...done Reading intelligently...done Seeker 1...Seeker 2...Seeker 3...start 'em...done...done...done... ---Sequential Output ---Sequential Input-- --Random-- -Per Char- --Block--- -Rewrite-- -Per Char- --Block--- --Seeks--- MachineMB K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU /sec %CPU 100 4952 98.8 36262 47.8 9078 9.6 4356 87.7 48891 23.4 338.5 3.4 [EMAIL PROTECTED] bonnie]# Here the CPU-Rates are better, too. So this should have been the first bottleneck. The dmesg now looks like: [EMAIL PROTECTED] bonnie]# dmesg Linux version 2.4.20-8 ([EMAIL PROTECTED]) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #1 Thu Mar 13 17:54:28 EST 2003 BIOS-provided physical RAM map: BIOS-e820: - 0009f800 (usable) BIOS-e820: 0009f800 - 000a (reserved) BIOS-e820: 000f - 0010 (reserved) BIOS-e820: 0010 - 17feb000 (usable) BIOS-e820: 17feb000 - 17fef000 (ACPI data) BIOS-e820: 17fef000 - 17fff000 (reserved) BIOS-e820: 17fff000 - 1800 (ACPI NVS) BIOS-e820: - 0001 (reserved) 0MB HIGHMEM available. 383MB LOWMEM available. On node 0 totalpages: 98283 zone(0): 4096 pages. zone(1): 94187 pages. zone(2): 0 pages. Kernel command line: auto BOOT_IMAGE=linux ro BOOT_FILE=/boot/vmlinuz-2.4.20-8 root=LABEL=/ Initializing CPU#0 Detected 701.604 MHz processor. Console: colour VGA+ 80x25 Calibrating delay loop... 1399.19 BogoMIPS Memory: 381976k/393132k available (1347k kernel code, 8592k reserved, 999k data, 132k init, 0k highmem) Dentry cache hash table entries: 65536 (order: 7, 524288 bytes) Inode cache hash table entries: 32768 (order: 6, 262144 bytes) Mount cache hash table entries: 512 (order: 0, 4096 bytes) Buffer-cache hash table entries: 32768 (order: 5, 131072 bytes) Page-cache hash table entries: 131072 (order: 7, 524288 bytes) CPU: L1 I cache: 16K, L1 D cache: 16K CPU: L2 cache: 128K Intel machine check architecture supported. Intel machine check reporting enabled on CPU#0. CPU: After generic, caps: 0383f9ff CPU: Common caps: 0383f9ff CPU: Intel Celeron (Coppermine) stepping 06 Enabling fast FPU save and restore... done. Enabling unmasked SIMD FPU exception support... done. Checking 'hlt' instruction... OK. POSIX conformance testing by UNIFIX mtrr: v1.40 (20010327) Richard Gooch ([EMAIL PROTECTED]) mtrr: detected mtrr type: Intel PCI: PCI BIOS revision 2.10 entry at 0xf0d90, last bus=2 PCI: Using configuration type 1 PCI: Probing PCI hardware Transparent bridge - Intel Corp. 82801BA/CA/DB PCI Bridge PCI: Using IRQ router PIIX [8086/2440] at 00:1f.0 isapnp: Scanning for PnP cards... isapnp: No Plug Play device found Linux NET4.0 for Linux 2.4 Based upon Swansea University Computer Society NET3.039 Initializing RT netlink socket apm: BIOS version 1.2 Flags 0x03 (Driver version 1.16) Starting kswapd VFS: Disk quotas vdquot_6.5.1 pty: 2048 Unix98 ptys configured Serial driver version 5.05c (2001-07-08) with MANY_PORTS MULTIPORT SHARE_IRQ SERIAL_PCI ISAPNP enabled ttyS0 at 0x03f8 (irq = 4) is a 16550A ttyS1 at 0x02f8 (irq = 3) is a 16550A Real Time Clock Driver v1.10e Floppy drive(s): fd0 is 1.44M FDC 0 is a post-1991 82077 NET4: Frame Diverter 0.46 RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize Uniform Multi-Platform E-IDE driver Revision: 7.00beta-2.4 ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx ICH2: IDE controller at PCI slot 00:1f.1 ICH2: chipset revision 2 ICH2: not 100% native mode: will probe irqs later ide0: BM-DMA at 0xa800-0xa807, BIOS settings: hda:DMA, hdb:pio ide1: BM-DMA at 0xa808-0xa80f, BIOS settings: hdc:pio, hdd:pio hda:
[Samba] smbfs mount issues
This problem began a couple months ago with my new install of (you guessed it) XP sp2. Now, when i mount a share from the xp machine to my debian box, everyone, including rot, gets a permission denied trying to ls the dir. I've read posts about switching to cifs, but that has opened a whole new can of worms. I'd just like to see smbfs mount my shares properly the way they used to. My version of samba is 3.0.7-1 according to dpkg on debian unstable. the mount command is mount -t smbfs -o credentials=cred.file,netbiosname=intruder,workgroup=workgroup,ip=111.111.111.111 //host/share /path/to/mount/dir I've done lots of look ups on google regarding many combinations of xp smbfs and the problems encountered to no avail. I'm at wits end and don't know what else to do. Sincerely, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Looking for large-ish deployment advice
On Wednesday, October 13, 2004 01:00 pm, Quentin Hartman wrote: Another list member suggested using individual logon scripts, and as far as I can tell at this point, that is the only solution that will work. Hi Quentin, If it were me, I'd get a copy of Samba3 By Example and look at some of the suggested LDAP installations for inspiration. Chapters 6 and 7 will be most helpful I expect. Specifically, I might set up a Samba/LDAP Master in the main building, and Samba/LDAP slaves in each of the other buildings. The Samba/LDAP master will be your PDC and the Samba/LDAP slaves will be your BDCs. They will replicate in the background. If you can organize which (few) buildings students roam in, you could set up separate network segments for each of those roaming zones, and have roaming profiles limited to those zones. This may not fit your physical network topology however. Keep in mind, that if everyone is pulling their files from the main building's NT4 servers now, your peak WAN traffic should actually decrease with distributed BDCs. This is because replication takes place in the background, so users will mostly be pulling from the user directories from their local BDC. Again, by using network segments (and/or traffic shaping) you can force this behavior. Hope this is helpful, Mark -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: www.RNoME.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbfs mount issues
I am having a similar problem on a Domain. The problem only seems to be when mounting a share located on a Windows 2003 server. My problem is this: I run the mount command. It completes without error. However, the mount path disappears. In your example, /path/to/mount/dir would be mounted, but the dir would disappear from view. If I open a terminal, SU, and then ls -la /path/to/mount It will not show anything at all. If I run unmount the share, the folder reappears. This used to work on an older version of Samba.. like 2.28 or early 3. Now I am running 3.0.7-2 on Mandrake 10.1. The stranger part is, I can preview the contents with SMB4K or LAN:// but once it is mounted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Pirok Sent: Wednesday, October 13, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: [Samba] smbfs mount issues This problem began a couple months ago with my new install of (you guessed it) XP sp2. Now, when i mount a share from the xp machine to my debian box, everyone, including rot, gets a permission denied trying to ls the dir. I've read posts about switching to cifs, but that has opened a whole new can of worms. I'd just like to see smbfs mount my shares properly the way they used to. My version of samba is 3.0.7-1 according to dpkg on debian unstable. the mount command is mount -t smbfs -o credentials=cred.file,netbiosname=intruder,workgroup=workgroup,ip=111.11 1.111.111 //host/share /path/to/mount/dir I've done lots of look ups on google regarding many combinations of xp smbfs and the problems encountered to no avail. I'm at wits end and don't know what else to do. Sincerely, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password change error
Hi, We migrated from redhat 7.1 to redhat 3 ES and ran into one road block after the other. Most of them were solved except this last one. Users cannot change their passwords and then I read somewhere that samba 3.0 and MS KB828471 or 741 don't want to be friends. Then I upgraded my samba to be samba 3.0.7 (which i guess is the latest) Then I un-installed the KBB patch being accused. Still cannot change my passwords. Please advice. The following is my smb.conf # Global parameters [global] workgroup = sambapdc netbios name = PCSERVER server string = primary domain server running samba%v min password length = 6 ; obey pam restrictions = Yes pam password change = Yes ; username map = /etc/passwd smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u encrypt passwords = yes passwd chat = *New*Unix*Password* %n\n *Retype*new*Unix*password*%n\n *passwd: all authentication tokens updated successfully* %n passwd chat debug = Yes username level = 10 unix password sync = Yes log level = 2 case sensitive = no log file = /var/log/samba/log.%m max log size = 50 time server = Yes unix extensions = Yes socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 admin users = worldofbanking\gurnish, @employee, administrator, @administrators add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u logon script = netlogon.bat logon path = \\%L\profile\%u.pds logon home = domain logons = Yes os level = 64 preferred master = Yes domain master = yes wins support = Yes hosts allow = 127.0.0.1 192.168.2.0/255.255.255.0 ; password server = None hosts deny = 0.0.0.0/0 @web 192.168.2.200 [profile] path = /home/samba/profile force user = %U writeable = yes create mask = 0600 directory mask = 0700 guest ok = Yes profile acls = Yes browseable = No csc policy = disable [netlogon] path = /home/samba/netlogon write list = root @administrator browseable = No [pcshare] path = /home/samba writeable = yes create mask = 0 directory mask = 0 guest ok = Yes [Wywo] path = /home/samba/WYWO writeable = yes create mask = 0 directory mask = 0 guest ok = Yes [temp] path = /home/samba/temp writeable = yes create mask = 0 directory mask = 0 guest ok = Yes [Docs] path = /home/samba/MB/DOCS writeable = yes create mask = 0 directory mask = 0 [epsonprint] path = /tmp printable = Yes [EMAIL PROTECTED] root]# -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Bad lockout attempt recorded 2x
All, I built and installed 3.0.7. I am trying to finalize my setup by limiting the user to 3 failed logon attempts. I used: ./pdbedit -P bad lockout attempt -C 3 This works fine for all users EXCEPT for the user with a matching Windows user name. In other words, if my windows user name is 'bender' and my samba user name is 'bender' the number of Bad logon attempts will continue to increment as other accounts logon's fail. Example: I logon to my Windows box as 'bender' I also have the samba users 'bob', 'chuck' and 'bender'. If I Map a Share as bob and mess up twice (or once) and then successfully logon, the 'Bad password count' for 'bob' will correctly be 0, but for bender it will be 2. If I logon as 'chuck' and mess up once - 'bender' is now locked out!! Not only that, all the shares on my samba server are locked out to EVERYONE until I either remove user 'bender' or ./pdbedit -z -c='[]' bender I included smb.conf below although I doubt this matters much. Thanks for any help! Bender # Global parameters [global] netbios name = SAMBA min passwd length = 8 passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat debug = Yes log level = 2 load printers = No show add printer wizard = No logon script = notice.bat os level = 35 preferred master = No ldap ssl = no winbind use default domain = Yes directory security mask = 0700 hosts allow = XX.XX.XX.XX/255.255.252.0, locahost [some_dir] comment = XXX path = /usr/local/ read only = No create mask = 0765 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.7 and OpenLDAP
Hello List, yet another OpenLDAP/Samba problem... OpenLDAP: slapd 2.2.17 Samba: Version 3.0.7 Debian stable with 2.4.27 I am trying to do this howto (smb auth via ldap): http://www.idealx.org/prj/samba/smbldap-howto.en.html Even IF the user does not exits in my ldap table, why does smbd just exit? Do i start it the wrong way? This is the output of smbd -F -i -d 9 -S -s /etc/samba/smb.conf - Trying to load: ldapsam:ldap://127.0.0.1/ Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam:ldap://127.0.0.1/ (ldapsam) Found pdb backend ldapsam Searching for:[((objectClass=sambaDomain)(sambaDomainName=PDC-SRV))] smbldap_search: base = [dc=my-domain,dc=com], filter = [( (objectClass=sambaDomain)(sambaDomainName=PDC-SRV))], scope = [2] smbldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesfully connected pdb backend ldapsam:ldap://127.0.0.1/ has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Wed Oct 13 20:38:32 2004 open_oplock_ipc: opening loopback UDP socket. Linux kernel oplocks enabled open_oplock ipc: pid = 5911, global_oplock_port = 1071 Serverzone is -7200 got message type 0x0 of len 0x85 Transaction 0 of length 137 size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 switch message SMBnegprot (pid 5911) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [LANMAN1.0] Requested protocol [Windows for Workgroups 3.1a] Requested protocol [LM1.2X002] Requested protocol [LANMAN2.1] Requested protocol [NT LM 0.12] lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Wed Oct 13 20:38:32 2004 lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Wed Oct 13 20:38:32 2004 using SPNEGO Selected protocol NT LM 0.12 negprot index=5 size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]=5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 5888 (0x1700) smb_vwv[ 8]= 23 (0x17) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 4711 (0x1267) smb_vwv[13]=22320 (0x5730) smb_vwv[14]=50353 (0xC4B1) smb_vwv[15]=34817 (0x8801) smb_vwv[16]=15103 (0x3AFF) smb_bcc=58 write_socket(21,131) write_socket(21,131) wrote 131 got message type 0x0 of len 0xce Transaction 1 of length 210 size=206 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 206 (0xCE) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]=0 (0x0) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]=0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]=0 (0x0) smb_vwv[ 9]=0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=147 switch message SMBsesssetupX (pid 5911) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 40 Making default auth method list for standalone security=user, encrypt passwords = yes Attempting to register auth backend rhosts Successfully added auth method 'rhosts' Attempting to register auth backend hostsequiv Successfully added auth method 'hostsequiv' Attempting to register auth backend sam Successfully added auth method 'sam' Attempting to register auth backend sam_ignoredomain Successfully added auth method 'sam_ignoredomain' Attempting to register auth backend unix Successfully added auth method 'unix' Attempting to register
svn commit: samba-web r373 - in trunk: .
Author: deryck Date: 2004-10-13 11:59:23 + (Wed, 13 Oct 2004) New Revision: 373 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/trunkrev=373nolog=1 Log: Wrap content in table to fix IE bug. IE interpreted the table listing the mailing lists as a seperate div and created a gap on the page. --deryck Modified: trunk/archives.html Changeset: Modified: trunk/archives.html === --- trunk/archives.html 2004-10-12 19:09:01 UTC (rev 372) +++ trunk/archives.html 2004-10-13 11:59:23 UTC (rev 373) @@ -4,8 +4,9 @@ h2Samba Mailing list/h2 + tabletrtd !-- table wrapper is needed to fix + page breaking problem in IE -- - h3How to subscribe?/h3 pThe easiest way to subscribe to the list is through the web interface at a href=http://lists.samba.org/;http://lists.samba.org//a. Please read this note on ba href=/samba/ml-etiquette.htmlmailing list etiquette/a/b before posting./p @@ -91,5 +92,6 @@ pConnect to a href=news://news.gmane.org/;news://news.gmane.org//a to read a href=http://news.gmane.org/?match=samba;Samba newsgroups/a./p + /td/tr/table !-- close table wrapper -- !--#include virtual=/samba/footer.html --
svn commit: samba r2943 - in branches/SAMBA_3_0/packaging/Solaris: .
Author: jerry Date: 2004-10-13 12:20:07 + (Wed, 13 Oct 2004) New Revision: 2943 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/packaging/Solarisrev=2943nolog=1 Log: solaris packagaing updates from Darren Chew [EMAIL PROTECTED] Modified: branches/SAMBA_3_0/packaging/Solaris/makepkg.sh.tmpl branches/SAMBA_3_0/packaging/Solaris/prototype.master Changeset: Modified: branches/SAMBA_3_0/packaging/Solaris/makepkg.sh.tmpl === --- branches/SAMBA_3_0/packaging/Solaris/makepkg.sh.tmpl2004-10-13 01:40:35 UTC (rev 2942) +++ branches/SAMBA_3_0/packaging/Solaris/makepkg.sh.tmpl2004-10-13 12:20:07 UTC (rev 2943) @@ -49,6 +49,12 @@ echo s none /usr/lib/nss_winbind.so.2=/usr/lib/libnss_winbind.so 0755 root other fi + # add pam_winbind module to /usr/lib/security +if [ -f $DISTR_BASE/source/nsswitch/pam_winbind.so ] ; then + echo f none /usr/lib/security/pam_winbind.so.1=source/nsswitch/pam_winbind.so 0755 root bin + echo s none /usr/lib/security/pam_winbind.so=/usr/lib/security/pam_winbind.so.1 0777 root root +fi + # add the .dat codepages echo #\n# Codepages \n# for file in $DISTR_BASE/source/codepages/*.dat ; do Modified: branches/SAMBA_3_0/packaging/Solaris/prototype.master === --- branches/SAMBA_3_0/packaging/Solaris/prototype.master 2004-10-13 01:40:35 UTC (rev 2942) +++ branches/SAMBA_3_0/packaging/Solaris/prototype.master 2004-10-13 12:20:07 UTC (rev 2943) @@ -40,12 +40,12 @@ d none samba/lib/charset 0755 root other f none samba/lib/smb.conf.example=examples/smb.conf.default 0644 root other d none samba/lib/regeditscripts 0755 root other -f none samba/lib/regeditscripts/NT4_PlainPassword.reg=docs/Registry/NT4_PlainPassword.reg 0444 root other -f none samba/lib/regeditscripts/Win95_PlainPassword.reg=docs/Registry/Win95_PlainPassword.reg 0444 root other -f none samba/lib/regeditscripts/Win98_PlainPassword.reg=docs/Registry/Win98_PlainPassword.reg 0444 root other -f none samba/lib/regeditscripts/WinME_PlainPassword.reg=docs/Registry/WinME_PlainPassword.reg 0444 root other -f none samba/lib/regeditscripts/Win2000_PlainPassword.reg=docs/Registry/Win2000_PlainPassword.reg 0444 root other -f none samba/lib/regeditscripts/WinXP_PlainPassword.reg=docs/Registry/WinXP_PlainPassword.reg 0444 root other +f none samba/lib/regeditscripts/NT4_PlainPassword.reg=docs/registry/NT4_PlainPassword.reg 0444 root other +f none samba/lib/regeditscripts/Win95_PlainPassword.reg=docs/registry/Win95_PlainPassword.reg 0444 root other +f none samba/lib/regeditscripts/Win98_PlainPassword.reg=docs/registry/Win98_PlainPassword.reg 0444 root other +f none samba/lib/regeditscripts/WinME_PlainPassword.reg=docs/registry/WinME_PlainPassword.reg 0444 root other +f none samba/lib/regeditscripts/Win2000_PlainPassword.reg=docs/registry/Win2000_PlainPassword.reg 0444 root other +f none samba/lib/regeditscripts/WinXP_PlainPassword.reg=docs/registry/WinXP_PlainPassword.reg 0444 root other # # Random files f none samba/docs/Samba-HOWTO-Collection.pdf=docs/Samba-HOWTO-Collection.pdf 0644 root other
svn commit: samba r2947 - in branches/SAMBA_2_2: . source/include source/smbd
Author: jerry Date: 2004-10-13 12:31:37 + (Wed, 13 Oct 2004) New Revision: 2947 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_2_2rev=2947nolog=1 Log: applying changes for 2.2.12 Modified: branches/SAMBA_2_2/WHATSNEW.txt branches/SAMBA_2_2/source/include/version.h branches/SAMBA_2_2/source/smbd/vfs.c Changeset: Modified: branches/SAMBA_2_2/WHATSNEW.txt === --- branches/SAMBA_2_2/WHATSNEW.txt 2004-10-13 12:29:57 UTC (rev 2946) +++ branches/SAMBA_2_2/WHATSNEW.txt 2004-10-13 12:31:37 UTC (rev 2947) @@ -1,4 +1,85 @@ == + Release Notes for Samba 2.2.12 + Sept 29, 2004 + == + + + SECURITY RELEASE + +Summary: Potential Arbitrary File Access + +Affected +Versions: Samba 2.2.x + +Summary: A remote attacker may be able to gain access + to files which exist outside of the share's + defined path. Such files must still be readable + by the account used for the connection. + +CVE ID:CAN-2004-0815 + (http://cve.mitre.org/) + +This is the last stable release of the Samba 2.2 code base. +There will be no further Samba 2.2.x releases. + +- +CAN-2004-0815 +- + +A bug in the input validation routines used to convert DOS +path names to path names on the Samba host's file system +may be exploited to gain access to files outside of the +share's path defined by smb.conf. + + +Protecting Unpatched Servers + + +Samba file shares with 'wide links = no' (a non-default +setting) in the service definition in smb.conf are *not* +vulnerable to this attack. + +The Samba Team always encourages users to run the latest stable +release as a defense of against attacks. However, under certain +circumstances it may not be possible to immediately upgrade +important installations. In such cases, administrators should +read the Server Security documentation found at +http://www.samba.org/samba/docs/server_security.html. + + +Credits + + +Both security issues were reported to Samba developers by +iDEFENSE (http://www.idefense.com/). Karol Wiesek is +credited with this discovery. + +-- + +Older releases notes for 2.2.x distributions follow + + -- + == + Release Notes for Samba 2.2.11 + Aug 12, 2004 + == + +This is the latest stable release of the Samba 2.2 code base. + +Please note that the Samba 2.2 code tree will reach its End-Of-Life +on October 1, 2004. Administrators of existing Samba 2.2 +installations are encouraged to upgrade to the latest Samba 3.0.x +release prior to that date. + +The Samba 2.2.11 release addresses the following bug: + + o Crashes in smbd triggered by a Windows XP SP2 client sending +a FindNextPrintChangeNotify() request without previously +issuing FindFirstPrintChangeNotify(). + + + -- + == Release Notes for Samba 2.2.10 July 22, 2004 == @@ -27,8 +108,6 @@ or v3.0.5. -Older releases notes for 2.2.x distributions follow - -- = Modified: branches/SAMBA_2_2/source/include/version.h === --- branches/SAMBA_2_2/source/include/version.h 2004-10-13 12:29:57 UTC (rev 2946) +++ branches/SAMBA_2_2/source/include/version.h 2004-10-13 12:31:37 UTC (rev 2947) @@ -1 +1 @@ -#define VERSION 2.2.11pre1 +#define VERSION 2.2.13pre1 Modified: branches/SAMBA_2_2/source/smbd/vfs.c === --- branches/SAMBA_2_2/source/smbd/vfs.c2004-10-13 12:29:57 UTC (rev 2946) +++ branches/SAMBA_2_2/source/smbd/vfs.c2004-10-13 12:31:37 UTC (rev 2947) @@ -784,7 +784,6 @@ *dir2 = *wd = *base_name = *newname = 0; if (widelinks) { - unix_clean_name(s); /* can't have a leading .. */ if (strncmp(s,..,2) == 0 (s[2]==0 || s[2]=='/')) { DEBUG(3,(Illegal file name? (%s)\n,s));
svn commit: samba r2948 - in branches/SAMBA_4_0/source: build/pidl librpc/ndr
Author: tridge Date: 2004-10-13 12:55:10 + (Wed, 13 Oct 2004) New Revision: 2948 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2948nolog=1 Log: added support for the [range(low,high)] attribute in pidl. This allows range checking of any integer value, to help protect against denial of service attacks (which could otherwise cause large memory allocations) Modified: branches/SAMBA_4_0/source/build/pidl/parser.pm branches/SAMBA_4_0/source/librpc/ndr/libndr.h Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/parser.pm === --- branches/SAMBA_4_0/source/build/pidl/parser.pm 2004-10-13 12:31:37 UTC (rev 2947) +++ branches/SAMBA_4_0/source/build/pidl/parser.pm 2004-10-13 12:55:10 UTC (rev 2948) @@ -547,6 +547,11 @@ } else { pidl \tNDR_CHECK(ndr_pull_$e-{TYPE}(ndr, $ndr_flags, $cprefix$var_prefix$e-{NAME}));\n; } + if (my $range = util::has_property($e, range)) { + my ($low, $high) = split(/ /, $range, 2); + pidl \tif ($var_prefix$e-{NAME} $low || $var_prefix$e-{NAME} $high) {\n; + pidl \t\treturn ndr_pull_error(ndr, NDR_ERR_RANGE, \value out of range\);\n\t}\n; + } end_flags($e); } Modified: branches/SAMBA_4_0/source/librpc/ndr/libndr.h === --- branches/SAMBA_4_0/source/librpc/ndr/libndr.h 2004-10-13 12:31:37 UTC (rev 2947) +++ branches/SAMBA_4_0/source/librpc/ndr/libndr.h 2004-10-13 12:55:10 UTC (rev 2948) @@ -141,7 +141,8 @@ NDR_ERR_STRING, NDR_ERR_VALIDATE, NDR_ERR_BUFSIZE, - NDR_ERR_ALLOC + NDR_ERR_ALLOC, + NDR_ERR_RANGE }; /*
svn commit: samba r2949 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: tridge Date: 2004-10-13 13:00:57 + (Wed, 13 Oct 2004) New Revision: 2949 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librpc/idlrev=2949nolog=1 Log: added some range checks in samr.idl Modified: branches/SAMBA_4_0/source/librpc/idl/samr.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/samr.idl === --- branches/SAMBA_4_0/source/librpc/idl/samr.idl 2004-10-13 12:55:10 UTC (rev 2948) +++ branches/SAMBA_4_0/source/librpc/idl/samr.idl 2004-10-13 13:00:57 UTC (rev 2949) @@ -48,7 +48,7 @@ /* Function: 0x02 */ typedef struct { - [value(ndr_size_security_descriptor(r-sd))] uint32 sd_size; + [range(0,262144),value(ndr_size_security_descriptor(r-sd))] uint32 sd_size; [subcontext(4)] security_descriptor *sd; } samr_SdBuf; @@ -328,7 +328,7 @@ } samr_SidType; typedef struct { - uint32 count; + [range(0,1024)] uint32 count; [size_is(count)] uint32 *ids; } samr_Ids; @@ -343,7 +343,7 @@ NTSTATUS samr_LookupNames( [in,ref] policy_handle *domain_handle, - [in] uint32 num_names, + [in,range(0,1000)] uint32 num_names, [in,ref,size_is(1000),length_is(num_names)] samr_Name *names, [out] samr_Ids rids, [out] samr_Ids types @@ -360,7 +360,7 @@ NTSTATUS samr_LookupRids( [in,ref] policy_handle *domain_handle, - [in] uint32 num_rids, + [in,range(0,1000)] uint32 num_rids, [in,ref,size_is(1000),length_is(num_rids)] uint32 *rids, [out] samr_Names names, [out] samr_Ids types
svn commit: samba r2950 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: tridge Date: 2004-10-13 13:04:55 + (Wed, 13 Oct 2004) New Revision: 2950 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librpc/idlrev=2950nolog=1 Log: 0x4 is clearer than 262144 Modified: branches/SAMBA_4_0/source/librpc/idl/samr.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/samr.idl === --- branches/SAMBA_4_0/source/librpc/idl/samr.idl 2004-10-13 13:00:57 UTC (rev 2949) +++ branches/SAMBA_4_0/source/librpc/idl/samr.idl 2004-10-13 13:04:55 UTC (rev 2950) @@ -48,7 +48,7 @@ /* Function: 0x02 */ typedef struct { - [range(0,262144),value(ndr_size_security_descriptor(r-sd))] uint32 sd_size; + [range(0,0x4),value(ndr_size_security_descriptor(r-sd))] uint32 sd_size; [subcontext(4)] security_descriptor *sd; } samr_SdBuf;
svn commit: samba r2951 - in branches/SAMBA_4_0/source: build/m4 include
Author: tridge Date: 2004-10-13 13:27:52 + (Wed, 13 Oct 2004) New Revision: 2951 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2951nolog=1 Log: fixed the intptr_t test for discard_const() Modified: branches/SAMBA_4_0/source/build/m4/rewrite.m4 branches/SAMBA_4_0/source/include/includes.h Changeset: Modified: branches/SAMBA_4_0/source/build/m4/rewrite.m4 === --- branches/SAMBA_4_0/source/build/m4/rewrite.m4 2004-10-13 13:04:55 UTC (rev 2950) +++ branches/SAMBA_4_0/source/build/m4/rewrite.m4 2004-10-13 13:27:52 UTC (rev 2951) @@ -275,7 +275,7 @@ AC_CHECK_TYPE(loff_t,off_t) AC_CHECK_TYPE(offset_t,loff_t) AC_CHECK_TYPE(ssize_t, int) -AC_CHECK_TYPE(intptr_t, void*) +AC_CHECK_TYPES(intptr_t) Modified: branches/SAMBA_4_0/source/include/includes.h === --- branches/SAMBA_4_0/source/include/includes.h2004-10-13 13:04:55 UTC (rev 2950) +++ branches/SAMBA_4_0/source/include/includes.h2004-10-13 13:27:52 UTC (rev 2951) @@ -1089,7 +1089,11 @@ Also, please call this via the discard_const_p() macro interface, as that makes the return type safe. */ +#ifdef HAVE_INTPTR_T #define discard_const(ptr) ((void *)((intptr_t)(ptr))) +#else +#define discard_const(ptr) ((void *)(ptr)) +#endif #define discard_const_p(type, ptr) ((type *)discard_const(ptr)) #endif /* _INCLUDES_H */
svn commit: samba r2952 - in branches/SAMBA_4_0/source: librpc/idl rpc_server/drsuapi torture/rpc
Author: metze Date: 2004-10-13 14:25:44 + (Wed, 13 Oct 2004) New Revision: 2952 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2952nolog=1 Log: add idl and torture test for DsCrackNames (I need to find out what the fields mean but it works) metze Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c branches/SAMBA_4_0/source/torture/rpc/drsuapi.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl === --- branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2004-10-13 13:27:52 UTC (rev 2951) +++ branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2004-10-13 14:25:44 UTC (rev 2952) @@ -71,9 +71,47 @@ NTSTATUS DRSUAPI_GET_NT4_CHANGELOG(); /*/ -/* Function 0x0c */ - NTSTATUS DRSUAPI_CRACKNAMES(); + /* Function 0x0c */ + typedef struct { + unistr *str; + } drsuapi_DsCrackNamesInInfo1Names; + typedef struct { + uint32 unknown1; + uint32 unknown2; + uint32 unknown3; + uint32 unknown4; + uint32 unknown5; + [range(1,1)] uint32 count; + [size_is(count)] drsuapi_DsCrackNamesInInfo1Names *names; + } drsuapi_DsCrackNamesInInfo1; + + typedef union { + [case(1)] drsuapi_DsCrackNamesInInfo1 info1; + } drsuapi_DsCrackNamesInInfo; + + typedef struct { + uint32 unknown1; + unistr *name1; + unistr *name2; + } drsuapi_DsCrackNamesOutInfo1Names; + + typedef struct { + uint32 count; + [size_is(count)] drsuapi_DsCrackNamesOutInfo1Names *names; + } drsuapi_DsCrackNamesOutInfo1; + + typedef union { + [case(1)] drsuapi_DsCrackNamesOutInfo1 *info1; + } drsuapi_DsCrackNamesOutInfo; + + NTSTATUS drsuapi_DsCrackNames( + [in,ref] policy_handle *bind_handle, + [in, out] uint32 level, + [in,switch_is(level)] drsuapi_DsCrackNamesInInfo in, + [out,switch_is(level)] drsuapi_DsCrackNamesOutInfo out + ); + /*/ /* Function 0x0d */ NTSTATUS DRSUAPI_WRITE_SPN(); Modified: branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c === --- branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c 2004-10-13 13:27:52 UTC (rev 2951) +++ branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c 2004-10-13 14:25:44 UTC (rev 2952) @@ -190,10 +190,10 @@ /* - DRSUAPI_CRACKNAMES + drsuapi_DsCrackNames */ -static NTSTATUS DRSUAPI_CRACKNAMES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct DRSUAPI_CRACKNAMES *r) +static NTSTATUS drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct drsuapi_DsCrackNames *r) { DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } Modified: branches/SAMBA_4_0/source/torture/rpc/drsuapi.c === --- branches/SAMBA_4_0/source/torture/rpc/drsuapi.c 2004-10-13 13:27:52 UTC (rev 2951) +++ branches/SAMBA_4_0/source/torture/rpc/drsuapi.c 2004-10-13 14:25:44 UTC (rev 2952) @@ -48,6 +48,40 @@ return ret; } +static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *bind_handle) +{ + NTSTATUS status; + struct drsuapi_DsCrackNames r; + struct drsuapi_DsCrackNamesInInfo1Names names[1]; + BOOL ret = True; + + ZERO_STRUCT(r); + r.in.bind_handle = bind_handle; + r.in.level = 1; + r.in.in.info1.unknown1 = 0x04e4; + r.in.in.info1.unknown2 = 0x0407; + r.in.in.info1.unknown3 = 0x; + r.in.in.info1.unknown4 = 0x0007; + r.in.in.info1.unknown5 = 0x0002; + r.in.in.info1.count = 1; + r.in.in.info1.names = names; + + names[0].str = talloc_asprintf(mem_ctx, %s/, lp_realm()); + + status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, r); + if (!NT_STATUS_IS_OK(status)) { + const char *errstr = nt_errstr(status); + if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { + errstr = dcerpc_errstr(mem_ctx, p-last_fault_code); + } + printf(drsuapi_DsCrackNames failed - %s\n, errstr); + ret = False; + } + + return ret; +} + static BOOL test_DsUnbind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *bind_handle) { @@ -95,6 +129,10 @@ ret = False; } + if
svn commit: samba r2953 - in branches/SAMBA_4_0/source/rpc_server/common: .
Author: metze Date: 2004-10-13 15:04:51 + (Wed, 13 Oct 2004) New Revision: 2953 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/rpc_server/commonrev=2953nolog=1 Log: add NTSTATUS_TALLOC_CHECK(x) metze Modified: branches/SAMBA_4_0/source/rpc_server/common/common.h Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/common/common.h === --- branches/SAMBA_4_0/source/rpc_server/common/common.h2004-10-13 14:25:44 UTC (rev 2952) +++ branches/SAMBA_4_0/source/rpc_server/common/common.h2004-10-13 15:04:51 UTC (rev 2953) @@ -21,6 +21,10 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#define NTSTATUS_TALLOC_CHECK(x) do {\ + if (!(x)) return NT_STATUS_NO_MEMORY;\ +} while (0) + #define WERR_TALLOC_CHECK(x) do {\ if (!(x)) return WERR_NOMEM;\ } while (0)
svn commit: samba r2954 - in branches/SAMBA_4_0/source/rpc_server/drsuapi: .
Author: metze Date: 2004-10-13 15:06:43 + (Wed, 13 Oct 2004) New Revision: 2954 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/rpc_server/drsuapirev=2954nolog=1 Log: add server cracknames code: - we currently only do it for our REALM metze Modified: branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c === --- branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c 2004-10-13 15:04:51 UTC (rev 2953) +++ branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c 2004-10-13 15:06:43 UTC (rev 2954) @@ -195,7 +195,47 @@ static NTSTATUS drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct drsuapi_DsCrackNames *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct dcesrv_handle *h; + + r-out.level = r-in.level; + ZERO_STRUCT(r-out.out); + + DCESRV_PULL_HANDLE(h, r-in.bind_handle, DRSUAPI_BIND_HANDLE); + + switch (r-in.level) { + case 1: { + int i; + + r-out.out.info1 = talloc_p(mem_ctx, struct drsuapi_DsCrackNamesOutInfo1); + NTSTATUS_TALLOC_CHECK(r-out.out.info1); + + r-out.out.info1-names = talloc_array_p(mem_ctx, + struct drsuapi_DsCrackNamesOutInfo1Names, + r-in.in.info1.count); + NTSTATUS_TALLOC_CHECK(r-out.out.info1-names); + + r-out.out.info1-count = r-in.in.info1.count; + + for (i=0; i r-out.out.info1-count; i++) { + const char *name; + r-out.out.info1-names[i].unknown1 = 2; + r-out.out.info1-names[i].name1 = NULL; + r-out.out.info1-names[i].name2 = NULL; + + /* TODO: fill crack the right names! */ + name = talloc_asprintf(mem_ctx, %s/, lp_realm()); + if (strcmp(name, r-in.in.info1.names[i].str) != 0) { + continue; + } + r-out.out.info1-names[i].unknown1 = 0; + r-out.out.info1-names[i].name1 = talloc_asprintf(mem_ctx, %s, lp_realm()); + r-out.out.info1-names[i].name2 = talloc_asprintf(mem_ctx, %s\\, lp_workgroup()); + } + return NT_STATUS_OK; + } + } + + return NT_STATUS_INVALID_LEVEL; }
svn commit: samba r2955 - in branches/SAMBA_3_0/source: include printing rpc_server
Author: jerry Date: 2004-10-13 19:40:22 + (Wed, 13 Oct 2004) New Revision: 2955 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/sourcerev=2955nolog=1 Log: fixing a segfault uncovered by the changes for BUG 1519 Modified: branches/SAMBA_3_0/source/include/rpc_spoolss.h branches/SAMBA_3_0/source/printing/nt_printing.c branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: branches/SAMBA_3_0/source/include/rpc_spoolss.h === --- branches/SAMBA_3_0/source/include/rpc_spoolss.h 2004-10-13 15:06:43 UTC (rev 2954) +++ branches/SAMBA_3_0/source/include/rpc_spoolss.h 2004-10-13 19:40:22 UTC (rev 2955) @@ -206,6 +206,7 @@ #define PRINTER_NOTIFY_TYPE 0x00 #define JOB_NOTIFY_TYPE 0x01 +#define PRINT_TABLE_END 0xFF #define MAX_PRINTER_NOTIFY 26 #define MAX_JOB_NOTIFY 24 Modified: branches/SAMBA_3_0/source/printing/nt_printing.c === --- branches/SAMBA_3_0/source/printing/nt_printing.c2004-10-13 15:06:43 UTC (rev 2954) +++ branches/SAMBA_3_0/source/printing/nt_printing.c2004-10-13 19:40:22 UTC (rev 2955) @@ -380,9 +380,11 @@ msgs. This is done in claim_connection() */ - win_rc = check_published_printers(); - if (!W_ERROR_IS_OK(win_rc)) - DEBUG(0, (nt_printing_init: error checking published printers: %s\n, dos_errstr(win_rc))); + if ( lp_security() == SEC_ADS ) { + win_rc = check_published_printers(); + if (!W_ERROR_IS_OK(win_rc)) + DEBUG(0, (nt_printing_init: error checking published printers: %s\n, dos_errstr(win_rc))); + } return True; } Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2004-10-13 15:06:43 UTC (rev 2954) +++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2004-10-13 19:40:22 UTC (rev 2955) @@ -3506,6 +3506,7 @@ { JOB_NOTIFY_TYPE, JOB_NOTIFY_TOTAL_PAGES, JOB_NOTIFY_TOTAL_PAGES, NOTIFY_ONE_VALUE, spoolss_notify_total_pages }, { JOB_NOTIFY_TYPE, JOB_NOTIFY_PAGES_PRINTED, JOB_NOTIFY_PAGES_PRINTED, NOTIFY_ONE_VALUE, spoolss_notify_pages_printed }, { JOB_NOTIFY_TYPE, JOB_NOTIFY_TOTAL_BYTES, JOB_NOTIFY_TOTAL_BYTES, NOTIFY_ONE_VALUE, spoolss_notify_job_size }, +{ PRINT_TABLE_END, 0x0, NULL, 0x0, NULL }, }; /*** @@ -3571,7 +3572,7 @@ { int i; - for (i = 0; i sizeof(notify_info_data_table); i++) { + for (i = 0; notify_info_data_table[i].type != PRINT_TABLE_END; i++) { if (notify_info_data_table[i].type == type notify_info_data_table[i].field == field notify_info_data_table[i].fn != NULL) {
svn commit: samba r2956 - in branches/SAMBA_4_0/source/librpc: idl rpc
Author: jelmer Date: 2004-10-13 20:09:46 + (Wed, 13 Oct 2004) New Revision: 2956 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librpcrev=2956nolog=1 Log: Fix towers_length for now. I'm currently working on a pidl extension that can generate these kinds of functions Modified: branches/SAMBA_4_0/source/librpc/idl/epmapper.idl branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/epmapper.idl === --- branches/SAMBA_4_0/source/librpc/idl/epmapper.idl 2004-10-13 19:40:22 UTC (rev 2955) +++ branches/SAMBA_4_0/source/librpc/idl/epmapper.idl 2004-10-13 20:09:46 UTC (rev 2956) @@ -194,7 +194,7 @@ } epm_towers; typedef struct { - uint32 tower_length; + [value(ndr_size_epm_towers(r-towers))] uint32 tower_length; [subcontext(4)] epm_towers towers; } epm_twr_t; Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c 2004-10-13 19:40:22 UTC (rev 2955) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c 2004-10-13 20:09:46 UTC (rev 2956) @@ -23,6 +23,58 @@ #include includes.h /* + this ndr_size_* stuff should really be auto-generated +*/ + +static size_t ndr_size_epm_floor(struct epm_floor *fl) +{ + size_t ret = 5; + if (fl-lhs.protocol == EPM_PROTOCOL_UUID) { + ret += 18; + } else { + ret += fl-lhs.info.lhs_data.length; + } + switch (fl-lhs.protocol) { + case EPM_PROTOCOL_TCP: + case EPM_PROTOCOL_UDP: + case EPM_PROTOCOL_HTTP: + case EPM_PROTOCOL_UUID: + ret += 2; + break; + case EPM_PROTOCOL_IP: + ret += 4; + break; + case EPM_PROTOCOL_NCADG: + case EPM_PROTOCOL_NCACN: + case EPM_PROTOCOL_NCALRPC: + ret += 2; + break; + + case EPM_PROTOCOL_SMB: + ret += strlen(fl-rhs.smb.unc)+1; + break; + case EPM_PROTOCOL_PIPE: + ret += strlen(fl-rhs.pipe.path)+1; + break; + case EPM_PROTOCOL_NETBIOS: + ret += strlen(fl-rhs.netbios.name)+1; + break; + } + + return ret; +} + +size_t ndr_size_epm_towers(struct epm_towers *towers) +{ + size_t ret = 2; + int i; + for (i=0;itowers-num_floors;i++) { + ret += ndr_size_epm_floor(towers-floors[i]); + } + return ret; +} + +/* work out what TCP port to use for a given interface on a given host */ NTSTATUS dcerpc_epm_map_tcp_port(const char *server,
svn commit: samba r2957 - in trunk/source: include printing rpc_server
Author: jerry Date: 2004-10-13 20:13:39 + (Wed, 13 Oct 2004) New Revision: 2957 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/sourcerev=2957nolog=1 Log: fixing a segfault uncovered by the changes for BUG 1519 Modified: trunk/source/include/rpc_spoolss.h trunk/source/printing/nt_printing.c trunk/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: trunk/source/include/rpc_spoolss.h === --- trunk/source/include/rpc_spoolss.h 2004-10-13 20:09:46 UTC (rev 2956) +++ trunk/source/include/rpc_spoolss.h 2004-10-13 20:13:39 UTC (rev 2957) @@ -206,6 +206,7 @@ #define PRINTER_NOTIFY_TYPE 0x00 #define JOB_NOTIFY_TYPE 0x01 +#define PRINT_TABLE_END 0xFF #define MAX_PRINTER_NOTIFY 26 #define MAX_JOB_NOTIFY 24 Modified: trunk/source/printing/nt_printing.c === --- trunk/source/printing/nt_printing.c 2004-10-13 20:09:46 UTC (rev 2956) +++ trunk/source/printing/nt_printing.c 2004-10-13 20:13:39 UTC (rev 2957) @@ -380,9 +380,11 @@ msgs. This is done in claim_connection() */ - win_rc = check_published_printers(); - if (!W_ERROR_IS_OK(win_rc)) - DEBUG(0, (nt_printing_init: error checking published printers: %s\n, dos_errstr(win_rc))); + if ( lp_security() == SEC_ADS ) { + win_rc = check_published_printers(); + if (!W_ERROR_IS_OK(win_rc)) + DEBUG(0, (nt_printing_init: error checking published printers: %s\n, dos_errstr(win_rc))); + } return True; } Modified: trunk/source/rpc_server/srv_spoolss_nt.c === --- trunk/source/rpc_server/srv_spoolss_nt.c2004-10-13 20:09:46 UTC (rev 2956) +++ trunk/source/rpc_server/srv_spoolss_nt.c2004-10-13 20:13:39 UTC (rev 2957) @@ -3506,6 +3506,7 @@ { JOB_NOTIFY_TYPE, JOB_NOTIFY_TOTAL_PAGES, JOB_NOTIFY_TOTAL_PAGES, NOTIFY_ONE_VALUE, spoolss_notify_total_pages }, { JOB_NOTIFY_TYPE, JOB_NOTIFY_PAGES_PRINTED, JOB_NOTIFY_PAGES_PRINTED, NOTIFY_ONE_VALUE, spoolss_notify_pages_printed }, { JOB_NOTIFY_TYPE, JOB_NOTIFY_TOTAL_BYTES, JOB_NOTIFY_TOTAL_BYTES, NOTIFY_ONE_VALUE, spoolss_notify_job_size }, +{ PRINT_TABLE_END, 0x0, NULL, 0x0, NULL }, }; /*** @@ -3571,7 +3572,7 @@ { int i; - for (i = 0; i sizeof(notify_info_data_table); i++) { + for (i = 0; notify_info_data_table[i].type != PRINT_TABLE_END; i++) { if (notify_info_data_table[i].type == type notify_info_data_table[i].field == field notify_info_data_table[i].fn != NULL) {
svn commit: samba r2958 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tridge Date: 2004-10-13 23:33:17 + (Wed, 13 Oct 2004) New Revision: 2958 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/build/pidlrev=2958nolog=1 Log: the warnings from the swig code in pidl were totally swamping valid warnings, making real errors impossible to spot. this fixes the warnings, and probably fixes some pidl/python bugs as well. Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm branches/SAMBA_4_0/source/build/pidl/util.pm Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm === --- branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-13 20:13:39 UTC (rev 2957) +++ branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-13 23:33:17 UTC (rev 2958) @@ -141,7 +141,7 @@ my($prefix) = shift; my($result) = ; -my($array_len) = $e-{ARRAY_LEN}; +my($array_len) = util::array_size($e); if ($array_len eq * or util::has_property($e, size_is)) { $array_len = util::has_property($e, size_is); @@ -476,14 +476,16 @@ $result .= \tu = talloc(mem_ctx, sizeof(union $u-{NAME}));\n\n; for my $e (@{$u-{DATA}{DATA}}) { - $result .= \tif ((dict = PyDict_GetItemString(obj, \$e-{DATA}{NAME}\))) {\n; - if ($e-{DATA}{POINTERS} == 0) { - $result .= \t\t$e-{DATA}{TYPE}_from_python(mem_ctx, u-$e-{DATA}{NAME}, dict, \$e-{DATA}{NAME}\);\n; - } elsif ($e-{DATA}{POINTERS} == 1) { - $result .= \t\tu-$e-{DATA}{NAME} = $e-{DATA}{TYPE}_ptr_from_python(mem_ctx, dict, \$e-{DATA}{NAME}\);\n; - } else { - $result .= \t\t// $e-{DATA}{TYPE} pointers=$e-{DATA}{POINTERS}\n; - } + if (defined $e-{DATA}{NAME}) { + $result .= \tif ((dict = PyDict_GetItemString(obj, \$e-{DATA}{NAME}\))) {\n; + if ($e-{DATA}{POINTERS} == 0) { + $result .= \t\t$e-{DATA}{TYPE}_from_python(mem_ctx, u-$e-{DATA}{NAME}, dict, \$e-{DATA}{NAME}\);\n; + } elsif ($e-{DATA}{POINTERS} == 1) { + $result .= \t\tu-$e-{DATA}{NAME} = $e-{DATA}{TYPE}_ptr_from_python(mem_ctx, dict, \$e-{DATA}{NAME}\);\n; + } else { + $result .= \t\t// $e-{DATA}{TYPE} pointers=$e-{DATA}{POINTERS}\n; + } + } $result .= \t\treturn u;\n; $result .= \t}\n\n; @@ -511,6 +513,7 @@ $result .= \t}\n\n; for my $e (@{$u-{DATA}{DATA}}) { + if (defined $e-{DATA}{NAME}) { $result .= \tif ((dict = PyDict_GetItemString(obj, \$e-{DATA}{NAME}\))) {\n; if ($e-{DATA}{POINTERS} == 0) { $result .= \t\t$e-{DATA}{TYPE}_from_python(mem_ctx, u-$e-{DATA}{NAME}, dict, \$e-{DATA}{NAME}\);\n; @@ -519,7 +522,7 @@ } else { $result .= \t\t// $e-{DATA}{TYPE} pointers=$e-{DATA}{POINTERS}\n; } - + } $result .= \t\treturn;\n; $result .= \t}\n\n; } @@ -542,10 +545,9 @@ for my $e (@{$u-{DATA}{DATA}}) { $result .= \tif (switch_is == $e-{CASE}) {\n; - if ($e-{POINTERS} == 0) { - $result .= \t\tPyDict_SetItemString(obj, \$e-{DATA}{NAME}\, $e-{DATA}{TYPE}_ptr_to_python(mem_ctx, u-$e-{DATA}{NAME}));\n; - } else { - $result .= \t\tPyDict_SetItemString(obj, \$e-{DATA}{NAME}\, $e-{DATA}{TYPE}_ptr_to_python(mem_ctx, u-$e-{DATA}{NAME}));\n; + my $prefix = util::c_pull_prefix($e); + if (defined $e-{DATA}{NAME}) { + $result .= \t\tPyDict_SetItemString(obj, \$e-{DATA}{NAME}\, $e-{DATA}{TYPE}_ptr_to_python(mem_ctx, $prefix\u-$e-{DATA}{NAME}));\n; } $result .= \t}\n; } Modified: branches/SAMBA_4_0/source/build/pidl/util.pm === --- branches/SAMBA_4_0/source/build/pidl/util.pm2004-10-13 20:13:39 UTC (rev 2957) +++ branches/SAMBA_4_0/source/build/pidl/util.pm2004-10-13 23:33:17 UTC (rev 2958) @@ -360,7 +360,7 @@ sub is_constant($) { my $s = shift; - if ($s =~ /^\d/) { + if (defined $s $s =~ /^\d/) { return 1; } return 0;
svn commit: samba r2960 - in branches/SAMBA_4_0/source/include: .
Author: tridge Date: 2004-10-14 05:26:35 + (Thu, 14 Oct 2004) New Revision: 2960 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/includerev=2960nolog=1 Log: during a lunchtime discussion I found out that all powerpc processors can correctly (and quickly!) handle unaligned little endian memory accesses, just like i386. This should reduce code size and speeds things up quite a lot on ppc, at the expense of some inline asm code (whcih means it only works with gcc) Modified: branches/SAMBA_4_0/source/include/byteorder.h Changeset: Modified: branches/SAMBA_4_0/source/include/byteorder.h === --- branches/SAMBA_4_0/source/include/byteorder.h 2004-10-14 03:19:57 UTC (rev 2959) +++ branches/SAMBA_4_0/source/include/byteorder.h 2004-10-14 05:26:35 UTC (rev 2960) @@ -93,11 +93,45 @@ */ + +/* + on powerpc we can use the magic instructions to load/store + in little endian +*/ +#if (defined(__powerpc__) defined(__GNUC__)) +static __inline__ uint16_t ld_le16(const uint16_t *addr) +{ + uint16_t val; + __asm__ (lhbrx %0,0,%1 : =r (val) : r (addr), m (*addr)); + return val; +} + +static __inline__ void st_le16(uint16_t *addr, const uint16_t val) +{ + __asm__ (sthbrx %1,0,%2 : =m (*addr) : r (val), r (addr)); +} + +static __inline__ uint32_t ld_le32(const uint32_t *addr) +{ + uint32_t val; + __asm__ (lwbrx %0,0,%1 : =r (val) : r (addr), m (*addr)); + return val; +} + +static __inline__ void st_le32(uint32_t *addr, const uint32_t val) +{ + __asm__ (stwbrx %1,0,%2 : =m (*addr) : r (val), r (addr)); +} +#define HAVE_ASM_BYTEORDER 1 +#endif + + + #undef CAREFUL_ALIGNMENT /* we know that the 386 can handle misalignment and has the right byteorder */ -#ifdef __i386__ +#if defined(__i386__) #define CAREFUL_ALIGNMENT 0 #endif @@ -110,9 +144,20 @@ #define PVAL(buf,pos) (CVAL(buf,pos)) #define SCVAL(buf,pos,val) (CVAL_NC(buf,pos) = (val)) +#if HAVE_ASM_BYTEORDER -#if CAREFUL_ALIGNMENT +#define _PTRPOS(buf,pos) (((const uint8_t *)buf)+(pos)) +#define SVAL(buf,pos) ld_le16((const uint16_t *)_PTRPOS(buf,pos)) +#define IVAL(buf,pos) ld_le32((const uint32_t *)_PTRPOS(buf,pos)) +#define SSVAL(buf,pos,val) st_le16((uint16_t *)__PTRPOS(buf,pos), val) +#define SIVAL(buf,pos,val) st_le32((uint32_t *)__PTRPOS(buf,pos), val) +#define SVALS(buf,pos) ((int16_t)SVAL(buf,pos)) +#define IVALS(buf,pos) ((int32_t)IVAL(buf,pos)) +#define SSVALS(buf,pos,val) SSVAL((buf),(pos),((int16_t)(val))) +#define SIVALS(buf,pos,val) SIVAL((buf),(pos),((int32_t)(val))) +#elif CAREFUL_ALIGNMENT + #define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)8) #define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)16) #define SSVALX(buf,pos,val) (CVAL_NC(buf,pos)=(uint8_t)((val)0xFF),CVAL_NC(buf,pos+1)=(uint8_t)((val)8))
svn commit: samba r2961 - in branches/SAMBA_4_0/source/include: .
Author: tridge Date: 2004-10-14 05:38:48 + (Thu, 14 Oct 2004) New Revision: 2961 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/includerev=2961nolog=1 Log: fixed a silly typo Modified: branches/SAMBA_4_0/source/include/byteorder.h Changeset: Modified: branches/SAMBA_4_0/source/include/byteorder.h === --- branches/SAMBA_4_0/source/include/byteorder.h 2004-10-14 05:26:35 UTC (rev 2960) +++ branches/SAMBA_4_0/source/include/byteorder.h 2004-10-14 05:38:48 UTC (rev 2961) @@ -149,8 +149,8 @@ #define _PTRPOS(buf,pos) (((const uint8_t *)buf)+(pos)) #define SVAL(buf,pos) ld_le16((const uint16_t *)_PTRPOS(buf,pos)) #define IVAL(buf,pos) ld_le32((const uint32_t *)_PTRPOS(buf,pos)) -#define SSVAL(buf,pos,val) st_le16((uint16_t *)__PTRPOS(buf,pos), val) -#define SIVAL(buf,pos,val) st_le32((uint32_t *)__PTRPOS(buf,pos), val) +#define SSVAL(buf,pos,val) st_le16((uint16_t *)_PTRPOS(buf,pos), val) +#define SIVAL(buf,pos,val) st_le32((uint32_t *)_PTRPOS(buf,pos), val) #define SVALS(buf,pos) ((int16_t)SVAL(buf,pos)) #define IVALS(buf,pos) ((int32_t)IVAL(buf,pos)) #define SSVALS(buf,pos,val) SSVAL((buf),(pos),((int16_t)(val)))
svn commit: samba r2962 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tpot Date: 2004-10-14 05:59:28 + (Thu, 14 Oct 2004) New Revision: 2962 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/build/pidlrev=2962nolog=1 Log: Tweak to get conversion function for pointers to union compiling again. Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm === --- branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-14 05:38:48 UTC (rev 2961) +++ branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-14 05:59:28 UTC (rev 2962) @@ -547,7 +547,7 @@ $result .= \tif (switch_is == $e-{CASE}) {\n; my $prefix = util::c_pull_prefix($e); if (defined $e-{DATA}{NAME}) { - $result .= \t\tPyDict_SetItemString(obj, \$e-{DATA}{NAME}\, $e-{DATA}{TYPE}_ptr_to_python(mem_ctx, $prefix\u-$e-{DATA}{NAME}));\n; + $result .= \t\tPyDict_SetItemString(obj, \$e-{DATA}{NAME}\, $e-{DATA}{TYPE}_ptr_to_python(mem_ctx, ${prefix}u-$e-{DATA}{NAME}));\n; } $result .= \t}\n; }