[Samba] Re: Samba as PDC - Can't get user profiles to save properly
Hi, I'm still sitting fighting with this problem here I mentioned a little while ago. Say, it can't be that you need to add PDC users on every workstation if you want to have them working with admin-accounts (which they seem to need in order to be able to save their profiles on the PDC), can it? Any ideas? Felix Greetings, I'm running desperate on a problem with my windows user profiles here, searched the net and read the docus alot but still no luck. I've got an running Samba domain, an existing windows 2000 machine can log into the domain properly. Furthermore, a test account is made aswell, and the 2k machine is able to log in with that account. Now, my problem is: When I try to change windows settings (like switch active desktop to on) or delete/rename icons from my desktop, log out and in again, all changes are undone like they've been not saved on the server. But if I create new icons on the desktop and relog, those are still there. Additionally, when I right-click in some folder and choose New- there's only Folder and Link to choose where you would expect things like new text file etc. Now, when I log in locally on the client as admin and add an domain-user with the same name as my test user on the server, log out and back in on the domain again, then it's possible to delete/rename icons on the desktop, settings like active desktop can't be changed at all still though. Access permissions on the home-folder of the user seem fine, I've even tried mask 0777 just to see if it would work. Sorry for the long story, but maybe somebody is able to recognize the problem. I'm really running out of ideas what to try next... Thanks alot Felix -- Append: My original smb.conf # Global parameters [global] # Base Options workgroup = SAMBA netbios name = PDC server string = Samba %v (PDC) @ biomax.de interfaces = eth0 # Security Options security = user #encypted passwords = yes update encrypted = Yes passdb backend = smbpasswd unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* allow trusted domains = yes # password server = ALBERICH password server = PDC # Logging Options log level = 2 log file = /var/log.%m # Tuning Options deadtime = 15 # Logon Options add machine script = /usr/sbin/useradd -d /dev/null -g ntclient -s /bin/false -M %u logon script = logon.bat logon path = \\%L\profile\%u logon home = \\%N\%U logon drive = Z: domain logons = Yes # Browse Options os level = 65 preferred master = Yes domain master = Yes # Ldap Options ldap ssl = no # Misc panic action = /usr/share/samba/panic-action %d admin users = root printing = cups browseable = No [homes] comment = Benutzer-Verzeichnisse path = /samba/profile/%u read only = No browseable = Yes [netlogon] comment = NetLogON path = /samba/netlogon [profile] comment = Benutzerprofile path = /samba/profile read only = No [public] comment = Oeffentlicher Ordner path = /samba/public read only = No guest ok = Yes browseable = Yes -- -- ** Felix Knoblach Biomax Informatics AG Lochhamer Str. 11 82152 Martinsried, Germany Email: [EMAIL PROTECTED] Website: www.biomax.com PGP: https://ssl.biomax.de/pgp/ ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] polling for options on printing commands
Gerald (Jerry) Carter schrieb: I have a fax printer setup which uses: print command = ( /usr/bin/printfax2.pl %I %s %U %m; rm %s ) For people with print servers: I'm working on fixing a bug for 3.0.8 and need to know how many people use smb.conf variables other than the standard printing vars like %p, %j, etc... in the various printing commands. Please send me examples if you use things like %U, or %m. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] polling for options on printing commands
Hi Jerry, For people with print servers: I'm working on fixing a bug for 3.0.8 and need to know how many people use smb.conf variables other than the standard printing vars like %p, %j, etc... in the various printing commands. Please send me examples if you use things like %U, or %m. Thanks. with LPRng: print command = /usr/bin/lpr [EMAIL PROTECTED] -P%p -r %s or print command = chmod 666 %s; name=`echo '%J' | sed s/^.*- //`; if [ $name = ]; then name=%s; fi; /usr/bin/lpr [EMAIL PROTECTED] -P%p -J$name %s; rm %s and so on: lpq command = /usr/bin/lpq [EMAIL PROTECTED] -P%p lprm command = /usr/bin/lprm [EMAIL PROTECTED] -P%p %j lppause command = /usr/sbin/lpc [EMAIL PROTECTED] hold %p %j lpresume command = /usr/sbin/lpc [EMAIL PROTECTED] release %p %j queuepause command = /usr/sbin/lpc [EMAIL PROTECTED] stop %p queueresume command = /usr/sbin/lpc [EMAIL PROTECTED] start %p der tom __ Mit WEB.DE FreePhone mit hoechster Qualitaet ab 0 Ct./Min. weltweit telefonieren! http://freephone.web.de/?mc=021201 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Troubles with roaming profiles
Hello All! I have some troubles with samba as PDC. I tried to work with roaming profiles, but samba give`s me some errors: Client requested device type [?] for share [PROFILES] [2004/10/19 12:35:33, 2] smbd/service.c:make_connection_snum(307) guest user (from session setup) not permitted to access this share (profiles) [2004/10/19 12:35:33, 3] smbd/error.c:error_packet(129) error packet at smbd/reply.c(416) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED This is my config: [global] dos charset = CP866 unix charset = koi8-r workgroup = OFFICE server string = Office Domain Controller interfaces = 192.168.1.1 security = user log level = 4 log file = /usr/local/samba/var/log.%m max log size = 10240 load printers = No logon path = \\%L\Profiles\%U logon drive = Z: logon home = \\%L\%u\profile domain logons = Yes os level = 255 preferred master = Yes guest account = nobody domain master = Yes dns proxy = No wins support = Yes admin users = @root write list = @root printer admin = @root hosts allow = 192.168.1., 127. blocking locks = yes kernel oplocks = yes locking = no oplocks = no level2 oplocks = no posix locking = yes strict locking = no share modes = yes [homes] comment = Home Directories read only = No browseable = No [NETLOGON] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = Yes share modes = No browseable = Yes [Profiles] path = /usr/local/samba/profiles read only = No writeable = yes create mask = 0600 directory mask = 0700 guest ok = Yes [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes [public] comment = Public Stuff path = /home/samba write list = @staff read only = No guest ok = Yes [buhgalters] comment = buhgalters path = /home/buhgalters valid users = irina, @root write list = irina, @root read only = No create mask = 0700 force create mode = 0700 security mask = 0700 directory mask = 0700 directory security mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] no subject
Thomas Bork schrieb am 19.10.04 09:54:43: I'm working on fixing a bug for 3.0.8 and need to know how many people use smb.conf variables other than the standard printing vars like %p, %j, etc... in the various printing commands. Please send me examples if you use things like %U, or %m. Thanks. with LPRng: print command = /usr/bin/lpr [EMAIL PROTECTED] -P%p -r %s more: print command = ( /usr/bin/printfax.sh %I %s %U %m %H; rm %s ) lpq command = /usr/bin/faxlpq %U lprm command = /usr/bin/faxlprm %j %U lpq command = /var/install/bin/samba-print-pdf status print command = ( /var/install/bin/samba-print-pdf %s /public //%L/public %m %I %u -dPDFSETTINGS=/default public yes ) der tom Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.7 OpenLDAP performance problem
hi, sorry if this topic already exists, but i haven't found a solution yet. I am using a Samba PDC with OpenLDAP. After updating my Samba 2.2.7 to version 3.0.7, I encountered the following problem : All my Windows-clients are able to logon to the Domain but it takes several minutes until the Client finally is logged on. If I try to open a directory that is stored on the server, it takes several minutes, too. The profiles I am using are not stored on the server except their home-directories. I testet the Samba update several times on a VMware machine with virtual server and clients and it worked perfectly every try. thanks for help, greetings, c.triebstein -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
rruegner schrieb: Hi Walter, i have the same setup samba 3.07 , cups win xp serv pack 2 german. I have noticed that something changed in behavior after the upgrade to win xp serv pack 2 , but non of your described failures are comming up in my setups for hp laser printers , and canon bjc 2000 as well as my pdf printer. I only noticed after upgrade to serv pack 2 that ich have to refresh the pinter icon in the taskbar now after printing is done to disapear. also my standart paper size is now switching to letter and not staying to default dina 4. But i have not upgraded my cups or/and win drivers ( which is allways recomended ), i wanted to cotroll this stuff these days but as this bugs are not really heavy for me , i will wait until there is time. I dont think this is really a problem with samba. Are you using cups? YES, I think it is cups 1.1.20 How is your smb.conf very simple: Here the relevant parts: # Global parameters [global] workgroup = CSINTERN server string = col Samba Server on RedHat log file = /usr/local/samba/var/log.%m max log size = 10 deadtime = 60 preferred master = No domain master = No ldap ssl = no printer admin = root, walterw, fritzw, gerhardj hosts allow = 192.168.1. [homes] comment = Home Directories read only = No create mask = 0750 [printers] comment = All Printers path = /var/spool/samba printer admin = root, walterw create mask = 0700 guest ok = Yes printable = Yes use client driver = Yes browseable = No [print$] comment = Share fuer Printer Treiber path = /usr/local/samba/lib/printers write list = root, walterw, fritzw, gerhardj [kyocera-ps] comment = Kopierdrucker mit Duplexfunktion path = /var/spool/samba printer admin = root, walterw read only = No create mask = 0700 guest ok = Yes printable = Yes printer name = KYOCERA use client driver = Yes oplocks = No share modes = No ** , have you checked cups logs, nothing special! do you have the latest printers? Yes, actual drivers What are this Printers ( Manufacter ) Kyocera, HP ... Have disabled the xp firewall Tried with and without firewall as well as the webclient services on xp, tried with enabled and disabled what are the event logs talking at the win xp? only on XP startup I get an error message: you can see in the appended temp.gif If you don't see it: It is a message in sytem part. Source is MRxSmb Type is warning Event number is 3019 Text is: ( if I try to translate): Redirector Service cannot recognize the type of connection Is file sharing running corect with your samba machine? Yes, no problem, even with MS Access Is it a stand alone spooler , ??? do you do accounting, nothing setup are you printing via a printserver device yes, network print server, done over CUPS or direct over lpd/usb no! Do you use postscript/ghostscript filters, or direct win drivers? direct win drivers All this stuff must be tested and controlled to give you the right answer/help...there is no naturally reason why printing with samba should fail with win xp as far i know It does not fail, the startup of the print dialogue is just very slow !! When removing SP2, the problem has gone! Best Regards Walter Willmertinger schrieb: We have problems with printing after installing XP SP2. In nearly every software it takes about 10 seconds to 30 seconds, if you click on Print-Button and wait for the print dialogue window. Extremly slow are programs like MS Word (30 seconds, when you open a document the first time). Another problem, (but I am sure it's not a samba related problem): In some word documents you have problems viewing embedded graphics. Sometimes you see the graphics, sometimes not. It is not a problem with wrong settings (View - Use placeholders for Graphics). In preview there is no graphics, maybe after some scrolling the graphics appear, on the printout graphics are contained. Samba installed is 3.0.7 (compiled on RH 9.0 with standard options)! Regards, Walter rruegner schrieb: CHAN YICK WAI schrieb: Just would like to ask if anyone has experience with Samba with XP SP2, can you share with us? Thanks, Yw Hi, for sure we share : it works read the samba faqs for more info, and/or give us more detailed questions Regards -- Mit freundlichen Grüßen, Dr. Walter Willmertinger CONSYS Gesellschaft für Softwaretechnologie und Systementwicklung mbH Dr. Walter Willmertinger Landsberger Strasse 402 EMail: [EMAIL PROTECTED] 81241 MuenchenPhone: 089-589 789 0 Germany Fax: 089-589 789 99 WWW-Homepage: http://www.consys.de So finden Sie zu uns: http://mail.map24.com/consys-muenchen -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] SID syntax
man, 18,.10.2004 kl. 11.30 +0600, skrev Ilia Chipitsine: Dear Sirs, does SID always have the same length ? I want to extract user's RID from user's SID. User's SID is composed of domain's SID + user's RID. This might help: http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#Create_builtin Tarjei does domain SID always have the same length ? Cheers, Ilia Chipitsine -- Tarjei Huse [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.7 make check fails in function strstr_m
Hi all, I wanted to upgrade from samba 3.0.4 to 3.0.7 and installed Samba 3.0.7 in a seperate directory . OS is Solaris 8 on Sun-Sparc. Python 2.3.3 (from sunfreeware) installed libiconv 1.8 installed When running make check i get the following output: .. # make check WARNING: you need to run ./config.status Linking bigballofmud shared library bin/libbigballofmud.so ln -snf libbigballofmud.so bin/libbigballofmud.so.0 gcc -O -Iinclude -I/sambafiles/samba-3.0.7/source/include -I/sambafiles/samba-3.0.7/source/ubiqx -I/sambafiles/samba-3.0.7/source/smbwrapper -I. -I/usr/local/include/python2.3/ -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/local/include -I/sambafiles/samba-3.0.7/source -o bin/t_strcmp -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -liconv torture/t_strcmp.o -L ./bin -lbigballofmud gcc -O -Iinclude -I/sambafiles/samba-3.0.7/source/include -I/sambafiles/samba-3.0.7/source/ubiqx -I/sambafiles/samba-3.0.7/source/smbwrapper -I. -I/usr/local/include/python2.3/ -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/local/include -I/sambafiles/samba-3.0.7/source -o bin/t_strstr -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -liconv torture/t_strstr.o -L ./bin -lbigballofmud gcc -O -Iinclude -I/sambafiles/samba-3.0.7/source/include -I/sambafiles/samba-3.0.7/source/ubiqx -I/sambafiles/samba-3.0.7/source/smbwrapper -I. -I/usr/local/include/python2.3/ -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/local/include -I/sambafiles/samba-3.0.7/source -o bin/t_push_ucs2 -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -liconv torture/t_push_ucs2.o -L ./bin -lbigballofmud Compiling dynconfig.c Compiling lib/iconv.c lib/iconv.c: In function `sys_iconv': lib/iconv.c:131: warning: passing arg 2 of `libiconv' from incompatible pointer type Linking bin/smbcontrol LD_LIBRARY_PATH=`pwd`/bin:$LD_LIBRARY_PATH \ PATH=`pwd`/bin:$PATH \ python stf/standardcheck.py; \ if test -n ; then \ python stf/pythoncheck.py; \ fi StrCaseCmp OK strstr_m FAIL - Traceback (most recent call last): File /sambafiles/samba-3.0.7/source/stf/comfychair.py, line 325, in runtests obj.runtest() File /sambafiles/samba-3.0.7/source/stf/strings.py, line 138, in runtest self.run_strstr(a, b, expect) File /sambafiles/samba-3.0.7/source/stf/strings.py, line 100, in run_strstr out, err = self.runcmd('t_strstr \%s\ \%s\' % (a.encode('utf-8'), b.encode('utf-8'))) File /sambafiles/samba-3.0.7/source/stf/comfychair.py, line 196, in runcmd raise AssertionError(command returned %d; expected %s: \%s\ AssertionError: command returned 139; expected 0: t_strstr hello goodbye stdout: stderr: Segmentation Fault - core dumped test_log: Run command: t_strstr hello hello Wait status: 0x0 (exit code 0, signal 0) stdout: hello stderr: Run command: t_strstr hello goodbye Wait status: 0x8b00 (exit code 139, signal 0) stdout: stderr: Segmentation Fault - core dumped - PushUCS2_Tests OK NoArgs OK OneArg OK SmbdDest OK NmbdDest NOTRUN, not implemented WinbinddDest NOTRUN, not implemented PidDestOK SelfDest OK BadDestOK BadCmd OK Debug OK ForceElection OK SamSyncOK SamReplOK DmallocMarkOK DmallocChanged OK Shutdown OK DrvUpgrade OK CloseShare OK Ping OK Debuglevel OK PrintNotifyOK ProfileOK ProfileLevel OK TimeoutArg OK ConfigFileArg OK BogusArg OK snprintf_Test OK ... also make produced a bunch of really frightening warnings: .. lib/sysacls.c: In function `sys_acl_to_text': lib/sysacls.c:647: warning: assignment discards qualifiers from pointer target type passdb/pdb_ldap.c: In function `ldapsam_alias_memberships': passdb/pdb_ldap.c:2649: warning: passing arg 5 of `smbldap_search' from incompatible pointer type lib/sendfile.c: In function `sys_sendfile': lib/sendfile.c:164: warning: cast from pointer to integer of different size lib/util_str.c: In function `strstr_m': lib/util_str.c:1322: warning: return discards qualifiers from pointer target type lib/iconv.c: In function `sys_iconv': lib/iconv.c:131: warning: passing arg 2 of `libiconv' from incompatible pointer type tdb/tdbutil.c: In function `make_tdb_data': tdb/tdbutil.c:46: warning: assignment discards qualifiers from pointer
[Samba] Domain Trust Logins
Dear All, I have a problem with authentication on XP workstaions from trusted domain. I have two domains: domaina servera trusting domain domainb serverb trusted domain When I try to logon the user from domainb on XP workstation(in domaina) it gave me a fail but when I write on servera: smbclient -L servera -W DOMAINB -U user the authenticaton is succeded and after then I authenticate user on XP workstations to. I thing that is the problem in creating unix account on servera for user from domainb. Thank you, Sopik Bronislav -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] does SECURITY=ADS fall back to the smbpasswd file?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim wrote: | Hi Samba List, | | I'm trying to upgrade from Samba 2.2.11 to 3.0.7. I'm | using the SECURITY = ADS option and I have the winbind | stuff working fine. I have joined the windows domain and | authenticate my NT users perfectly. | | However, some of my users don't have NT accounts, so they access | their samba share using local accounts in the smbpasswd file. Samba | 2.2 (with SECURITY = DOMAIN) used to fall back to the smbpasswd file | after trying to authenticate the user from the PDC and this was | exactly how we wanted it. | | But my Samba 3 doesn't do this. Is it supposed to? Or do i have | to turn this function on with some configuration option that I have | missed? Each auth method (winbind, sam, etc...) is associated with a domain. For example, the local machine domain or the domain to which the server is joined. Once an auth method reports NT_STATUS_LOGON_FAILURE, no other auth method will be tried. So the short answer is no, smbd will not fall back to smbpasswd in Samba 3. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdPa9IR7qMdg1EfYRAkOmAJ4u0X6WUafY+DaJI/EwXiWnDvYwZwCeMj/I AX/NsHf07D2pmU+UYfWZhP0= =yH+P -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind and ads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert St.Denis wrote: | We have a large network and are seeing some serious | issues with ads in particular. At best we are seeing an | id name take 5-6secs ... but averaging around 2 mins | | is there a way to tell winbind to start at a particular | ou and not look below it ? Not currently. Maybe it would help to provide some more details on exactly what you are seeing and how you came to the conclusion about requiring a more restricted search base? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdPveIR7qMdg1EfYRAsseAKDVfKIU2wjsVY/FvyxA8bl2BK26hQCdHQx+ 3htg/9E604vLo7LJf4X7BzI= =VRHU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind and ads
Well as I mentioned our tree is rather large, and the users are sorted by region (not my idea), which means they aren't in any single given ou=. And those ou='s are all over the place. I am seeing a whole lot of traffic on ethereal where it looks like winbind is checking the whole tree whenever someone tries to connect. So I figured it might be best to limit the amount of the tree winbind has to look at since I don't mind telling our ads guys to make one ou= for all our users (just web developpers and such). I recently saw there is a postfix section I can add to smb.conf, but not sure if thats what we are looking for ? Rob On Tue, 2004-10-19 at 07:34, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert St.Denis wrote: | We have a large network and are seeing some serious | issues with ads in particular. At best we are seeing an | id name take 5-6secs ... but averaging around 2 mins | | is there a way to tell winbind to start at a particular | ou and not look below it ? Not currently. Maybe it would help to provide some more details on exactly what you are seeing and how you came to the conclusion about requiring a more restricted search base? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdPveIR7qMdg1EfYRAsseAKDVfKIU2wjsVY/FvyxA8bl2BK26hQCdHQx+ 3htg/9E604vLo7LJf4X7BzI= =VRHU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] BEN JONES's invitation
Hi, I have sent you a special invitation, so we can send FREE SMS (text messages) to each other's mobile phones from the web. To sign up, just copy this link into your browser: http://www.sms.ac/registration/Intro.aspx?InviteId=3e28e1508k00mo96se6yw011499rw5y0j258khi3c After signing up, you can also send FREE messages to your other contacts, and try other cool applications (some totally free, some not) for your mobile phone. After signing up, you can also send FREE messages to your other contacts, and try other cool applications (some totally free, some not) for your mobile phone. Hope you like it! BEN -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Bork wrote: | Hallo, | | |We have problems with printing after installing XP SP2. |In nearly every software it takes about 10 seconds to 30 seconds, if you |click on Print-Button and wait for the print dialogue window. |Extremly slow are programs like MS Word (30 seconds, when you open a |document the first time). | | | same problem here. This a known but _unresolved_ problem for | Samba 3.0.7 and 2.2.12 - you can read about in the mailing | list archive (read the complete threads): | | http://marc.theaimsgroup.com/?l=sambam=109410258903823w=2 | http://marc.theaimsgroup.com/?l=sambam=108006188614178w=2 Unresolved may be a little too strong. I'm pretty sure the problem is the XP firewall. Can you send me a level 10 debug log with timestamps so I can verify? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdQ8jIR7qMdg1EfYRAh2bAJ9mXBapu88qrwMby6ZWzt+L1QwPkwCeLpz8 f62CD2PuxRhoMbfYNkJAVqA= =Oto/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba causing high load
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vegard Hanssen wrote: | We have experienced some trouble with samba lately. The servers load | going from 5 to 20 causing everything to go very slow, but when I use | top to check which process could be the cause of the trouble nothing | uses CPU cycles. We have about 90% idle CPU usage, but load from 5-20. | | When I kill samba (service smb stop) the root-smb process still hangs | and when I kill it (kill -9) the load goes back to normal (0.20). Then | starting samba again and all is fine - for a couple of days. | | Any suggestion to what I can check for? I have tried checking the open | files, network traffic (pr IP too) but nothing unnormal shows up. | | We're running samba-3.0.7-2.FC1 I would start by runngin strace on the parent smbd process. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdQ+HIR7qMdg1EfYRAp6YAKCmWvhzvgP9Wu4ULIV2kGKYgP6N4QCdH+dx VkAmdnrOr4YfbCB8TfDkV28= =fR6P -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Bug 135832 - smbtree frees invalid pointer
hi, it's be useful fix in the upstream too: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135832 -- Levente Si vis pacem para bellum! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.5 dying
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott C Klimek wrote: | Samba seems to die now that we have an increase of users accessing it. It | seems to lock up and I have to stop/start it. Here is my conf file. Is | there something I am overlooking? I am fairly new to SAMBA. What do you mean by 'dieing' ? Is there a panic in the Samba logs ? Please try to get a backtrace or more details on where the crash is occurring. I would also test 3.0.7 if I were in your position. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdRBwIR7qMdg1EfYRAuFlAKCEaqammUJuf0Bae1i/N3ySJ1Y9iQCfXkD4 40cybRnUeRCmci2+Uau4B9g= =pygU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] does SECURITY=ADS fall back to the smbpasswd file?
Hi Jerry. Thanks for your response. Quoting Gerald (Jerry) Carter [EMAIL PROTECTED]: Each auth method (winbind, sam, etc...) is associated with a domain. For example, the local machine domain or the domain to which the server is joined. Once an auth method reports NT_STATUS_LOGON_FAILURE, no other auth method will be tried. So the short answer is no, smbd will not fall back to smbpasswd in Samba 3. So in that case, is there any way at all I can authenticate both sets of users I have with the same Samba host? i.e. The users who have NT accounts, and the users who don't (smbpasswd auth) Thanks, Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] does SECURITY=ADS fall back to the smbpasswd file?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim wrote: | Hi Jerry. | | Thanks for your response. | | Quoting Gerald (Jerry) Carter [EMAIL PROTECTED]: | | |Each auth method (winbind, sam, etc...) is associated |with a domain. For example, the local machine domain |or the domain to which the server is joined. Once an |auth method reports NT_STATUS_LOGON_FAILURE, no other |auth method will be tried. | |So the short answer is no, smbd will not fall back to |smbpasswd in Samba 3. | | | So in that case, is there any way at all I can authenticate | both sets of users I have with the same Samba host? | | i.e. The users who have NT accounts, and the users who | don't (smbpasswd auth) You can set auth methods = guest sam_ignoredomain winbind:ntdomain in the [global] section of smb.conf. However, if there is any overlap in the usernames between local users and domain users, the local user account takes precendence. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdRQ1IR7qMdg1EfYRAnXLAJ9suXKwX5iBOCa14b+UqkYlgM8aFQCeKyM8 OENLc7B2ZwU6A/TDshGliL4= =gSGt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Igor Belyi wrote: | Greg Adams wrote: | | Yeah, that solved the problem for valid users. Thanks. | | However, I now have a different problem. The same kind | of logic should apply to the username map, right? But it | doesn't seem to. | username.map: | | !grega = EDSADDDM+imguser ... | So... it appears that the username map is not using the domain | information. | | | I do believe it should... Could you provide 'log level = 10' | from the moment 'EDSADDDM+imguser' logs in and till it creates | a file? This should be logs for the '!grega = EDSADDDM+imguser' | line in the map file. I just checked on this and it looks like when you are a domain member server, the username map honors the domain portion of the username (on the LHS) when you authenticate using kerberos but not when using NTLM. Anyone besides me consider that a bug ? However, changing behavior is always risky. Are there a lot of people utilizing a username map with with a domain member server ? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdRUBIR7qMdg1EfYRAmkbAJ45YyG3OJgum55k22PuUyS6AClg4ACffl8J PMkqLuDV4SGT1LQ4zByohK0= =Lfl2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Making Red Hat 3 Authenticate against AD Domain
I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I want to use the homes function of Samba and I want user's to authenticate against my AD domain. I am having a problem making the server a member server of my domain. I tried using the smbpasswd command and got the error about trying net join for this action. Also, is there anything else I have to do to get my users to authenticate against the AD domain? Any help and suggestions would be much appreciated. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change password AS_ROOT=FALSE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 rick talbot wrote: | passwd program = passwd %u | passwd chat = *old*password*%o\n *new*password*%n\n *new*password*%n\n * | passwd chat debug = true | unix password sync = yes | | | Doing it this way forces samba to change it as root, and | this is giving me another problem. The old password is not available (i don't know why we even have the %o variable there). So root pw change sis really the only viaable option I can think of. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdRubIR7qMdg1EfYRAtKTAKDAEd6esSlL1eZuoLDEwBb49EeDggCg2nyo hHPMj3bstF9lL2fPsYkio38= =RoXA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Oplock errors
Hi ! I'm having some problems, where the user lose connection with Samba and the Windows98 Workstation crash. Looking at logs I found the follow messages: [2004/10/15 11:36:49, 0] smbd/oplock.c:oplock_break(807) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file Notes.ini (dev = 904, inode = 18530507, file_id = 1). [2004/10/15 11:36:49, 0] smbd/oplock.c:oplock_break(879) oplock_break: client failure in oplock break in file Notes.ini In this example, the user was accessing the Notes.ini file and the windows crash. I'm using Fedora Core 2, and I try Samba3.0.7 and Samba3.0.4(this was working fine at an old server with FedoraCore 1), and the errors happens any way. Could anybody help me understand this errors messages ? Thanks, Bruno Stella [EMAIL PROTECTED] Setor de Redes - (19) 3031-4165 Secretaria de Informatica Tribunal Regional do Trabalho da 15a. Regiao -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] does SECURITY=ADS fall back to the smbpasswd file?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim wrote: | Quoting Gerald (Jerry) Carter [EMAIL PROTECTED]: | | || So in that case, is there any way at all I can authenticate || both sets of users I have with the same Samba host? || || i.e. The users who have NT accounts, and the users who || don't (smbpasswd auth) | |You can set | | auth methods = guest sam_ignoredomain winbind:ntdomain | |in the [global] section of smb.conf. However, if there is any |overlap in the usernames between local users and domain users, |the local user account takes precendence. | | | Thanks Jerry, that fixed it! | | Just cos I cant find it in the docs, whats the different between | sam and sam_ignoredomain? In general an auth method will ignore requests that are not for its designated domain. The domain of the sam method for a member server is the Samba server's name. The sam_ignoredomain ignores the domain portion of the logon request and just looks for the username.handle | Also, whats the colon mean between winbind and ntdomain? Failover. if winbind is not available, the method falls back to using the smbd ntdomain method. ciao, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdRyCIR7qMdg1EfYRAsr8AKDT0kJn2kRUMmz3CIh6cnHNqnlkXQCdH1B+ ZLbod38C44YGMnRbi66ix3o= =fvMX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] REVISED: Nobody can join domain (was W2K can't join 3.0.7 domain)
On Monday 18 October 2004 14:51, Misty Stanley-Jones wrote: W2K reports User not found when I try to join the domain. However, the machine account is indeed created in LDAP! But the machine doesn't think it has joined. I also can't join from a Linux system. Here is what I get: baa:/home/misty # net rpc join -SCORPSRV -U root Password: Create of workstation account failed Unable to join domain CORP1. But the machine account is created fine in LDAP, it's in the right ou, has the right GID and everything. Can someone give me a clue what might be happening here? I assume it's the same problem with the W2K system as well. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Making Red Hat 3 Authenticate against AD Domain
David, I found this webpage to be very useful for setting up samba with active directory authentication - http://www.rongage.org/manual_samba_howto.html. I started with a very base install of WBEL without samba. The version of Kerberos that comes with WBEL is not new enough to work with a Win2K AD domain or at least I could never get it to work. I used the latest versions of Samba and Kerberos. OpenLDAP was not needed since it was already installed on the box. My homes share definition looks like this: [global] template homedir = /home/%D/%U [homes] comment = Home Directories create mask = 0600 directory mask = 0700 read only = no browseable = no valid users = @Domain Admins,@Domain Users veto oplock files = /*.xls/ The veto oplock files = /*.xls/ line is to take care of a problem with excel thinking that a file has been changed since opened when it actually hasn't been. I created the /home/DOMAIN/ directory with the group set to Domain Admins and group rights of u+rwx,g+rwsx,o-rwsx so that I could use Active Directory Users and Computers to set the home directory. The domain name had to be all caps for it to work right. Right now I am manually creating the home directory and setting ownership and permissions. Haven't been able to get the home directory creation through Active Directory Users and Computers working yet. Kevin Riggins, CISSP Quester Linguistics, Inc. -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: [Samba] Making Red Hat 3 Authenticate against AD Domain I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I want to use the homes function of Samba and I want user's to authenticate against my AD domain. I am having a problem making the server a member server of my domain. I tried using the smbpasswd command and got the error about trying net join for this action. Also, is there anything else I have to do to get my users to authenticate against the AD domain? Any help and suggestions would be much appreciated. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issues/Questions about Samba 3.x.x versus it's Working Status
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | 1. I once asked if it was possible not to use winbindd | and just use the username map parameter/file. I never got | any answer to that... Is that a tough question? Yes. | 2. When using winbindd, can I still use the username | map parameter/file so that I link Windows accounts to the | same Unix one? Right now, this does not seem to work... Is | there some issues with this? What is the exact syntax? See my post about this earlier today. | 3. Is PAM absolutely required? I do not think so, but, | hey, you never know... No. not required. | 4. I saw in a few mails on Google that the | command wbinfo --set-auth-user DOMAINNAME\\Administrator%password | is sometime required? Is it true? What is it all about? No. not required nor needed in the latest Samba releases (especially when using security = ads). | 5. I saw also in a lot of mails on Google and Samba list | that it was required to copy the libnss_winbind.so (from | the nsswitch directory in the samba source) to the /lib | directory. However, the target filename is sometime nss_winbnid.so, | sometime libnss_winbind.so, sometime ending with | .so.1 or .so.2, etc. What is it all about? What is really | required? Is this system specific? nss_winbind.so is the NSS library used to export domain users and groups to the underlying UNIX OS. It is required when you run winbindd and the name is OS specific. | 6. Does the Samba server (aka the Unix box) need to be in the | same domain as the Win2K3 server? Same question for | the client workstations? Yes and no. Suggest you re-reead the documentation on security = [domain|ads] | 7. I saw in some other mails/documents (too many read in | a short period) that it may be required to change the | Windows account's password? Is this true? If so, when | is it required and with what typical configuration? Normally this is handled automatically for you by smbd (if appropriate) once you are joined to a domain. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdR4CIR7qMdg1EfYRAj6OAKCZV7HpL4cuwLmpzLXVnFTEoeWABQCfUFa5 HE1bh8awLFwbDunY7VzXnjY= =EYiB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.7 OpenLDAP performance problem
This may be an index problem. See http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2533661 []'s --- christian triebstein wrote: hi, sorry if this topic already exists, but i haven't found a solution yet. I am using a Samba PDC with OpenLDAP. After updating my Samba 2.2.7 to version 3.0.7, I encountered the following problem : All my Windows-clients are able to logon to the Domain but it takes several minutes until the Client finally is logged on. If I try to open a directory that is stored on the server, it takes several minutes, too. The profiles I am using are not stored on the server except their home-directories. I testet the Samba update several times on a VMware machine with virtual server and clients and it worked perfectly every try. thanks for help, greetings, c.triebstein Bruno Stella [EMAIL PROTECTED] Setor de Redes - (19) 3031-4165 Secretaria de Informatica Tribunal Regional do Trabalho da 15a. Regiao -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Smbmount fails -- Windows 2003 Server , ADS user
Hi, I am trying to mount a shared folder on windows 2003 server (Domain Controller). But mount fails with the following error. --- cli_negprot: SMB signing is mandatory and we have disabled it. 24632: protocol negotiation failed SMB connection failed --- Command: ./smbmount //ip address/share /home/kloga/ -o username=war,password=test123* I also tried configuring smbd.conf with client signing=yes. Are there any options in SMB side to enable / mount Win 2003 server folders. Thanks and regards, Karthik Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust not working - long
Hi All, I have a network with 23 PDCs. One in my main building and other 22 all over the country connected over 256k Frame-relay links. Well, these 22 PDCs are trusting and are trusted by my main PDC and vice-versa. I was using Windows WINS over NT4 doing replication in each places, but trying to solve my problem I´m using now a unique box dedicated to run WINS on SAMBA. All teh problems begin when I try to map or connect to a trusted machine on a remote node. I have three kind of situations. 1. The trust works fine. 2. The remote machine ask me for password to log in like there is no trust. 3. The remote machine sends back an error saying there´s no trust between the my personal machine and the remote host. Doing the same thing at the remote node trying to map or connect to a Windows or Samba server here in the main facility gives us the same three problems. Other curious thing is that sometimes you can map some servers and not others. These servers I´m trying to map are Windows and Samba and the problem occurs on both. The confs are all the same and the network conditions too. The old NT4 PDCs still are connected to the network as BDCs as we can´t took them of the network. As possible we are demoting them to member servers but this could be done in only one remote node. Even the main facility has it´s old PDC running as BDC. One more important information is when I create my trust I always get: Could not connect to server SERVERB Trust to domain DOMAINB established On saturday all the trusts seem to work fine but on monday it became a caos. There goes a sample conf of my servers: I would appreciate any help so it can save my skin. Regards, Gustavo # Global parameters [global] workgroup = COMPANY netbios name = mainserver admin users= @Domain Admins server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 6 obey pam restrictions = No ldap passwd sync = Yes log level = 1 syslog = 100 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = wins lmhosts host idmap backend = ldap:ldap://127.0.0.1 remote announce = 10.11.255.255 10.21.255.255 10.31.255.255 10.41.255.255 10.51.255.255 10.61.255.255 10.71.255.255 10.81.255.255 10.91.255.255 10.101.255.255 10.111.255.255 10.121.255.255 10.131.255.255 10.141.255.255 10.151.255.255 10.161.255.255 10.171.255.255 10.181.255.255 10.191.255.255 10.201.255.255 10.211.255.255 10.221.255.255 10.231.255.255 remote browse sync = 10.11.255.255 10.21.255.255 10.31.255.255 10.41.255.255 10.51.255.255 10.61.255.255 10.71.255.255 10.81.255.255 10.91.255.255 10.101.255.255 10.111.255.255 10.121.255.255 10.131.255.255 10.141.255.255 10.151.255.255 10.161.255.255 10.171.255.255 10.181.255.255 10.191.255.255 10.201.255.255 10.211.255.255 10.221.255.255 10.231.255.255 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 255 preferred master = Yes domain master = Yes wins server = 10.1.0.61 passdb backend = smbpasswd ldapsam:ldap://127.0.0.1/ # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=admin,dc=company,dc=com,dc=br ldap suffix = dc=matriz,dc=company,dc=com,dc=br ldap group suffix = ou=grupos ldap user suffix = ou=usuarios ldap machine suffix = ou=maquinas ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/local/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g #delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u # printers configuration printer admin = @Print Operators load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case
[Samba] Re: REVISED: Nobody can join domain (was W2K can't join 3.0.7 domain)
There could be number of reasons why you can't join domain. The best way to investigate your problem is to look in smbd log for error messages. Igor Misty Stanley-Jones wrote: On Monday 18 October 2004 14:51, Misty Stanley-Jones wrote: W2K reports User not found when I try to join the domain. However, the machine account is indeed created in LDAP! But the machine doesn't think it has joined. I also can't join from a Linux system. Here is what I get: baa:/home/misty # net rpc join -SCORPSRV -U root Password: Create of workstation account failed Unable to join domain CORP1. But the machine account is created fine in LDAP, it's in the right ou, has the right GID and everything. Can someone give me a clue what might be happening here? I assume it's the same problem with the W2K system as well. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
How do you choose to authenticate using kerberos instead of NTLM? Is that when you map as [EMAIL PROTECTED] instead of DOMAIN\userid? Is there another way for me to do user mapping than using the username map? I've seen some OpenLDAP method of doing it, but since my goal is to map a handful of ADS domain groups to individual unix id's, I figured it was easier to just use username map instead of setting up an LDAP schema. Greg Adams On Tue, 19 Oct 2004 08:22:10 -0500, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Igor Belyi wrote: | Greg Adams wrote: | | Yeah, that solved the problem for valid users. Thanks. | | However, I now have a different problem. The same kind | of logic should apply to the username map, right? But it | doesn't seem to. | username.map: | | !grega = EDSADDDM+imguser ... | So... it appears that the username map is not using the domain | information. | | | I do believe it should... Could you provide 'log level = 10' | from the moment 'EDSADDDM+imguser' logs in and till it creates | a file? This should be logs for the '!grega = EDSADDDM+imguser' | line in the map file. I just checked on this and it looks like when you are a domain member server, the username map honors the domain portion of the username (on the LHS) when you authenticate using kerberos but not when using NTLM. Anyone besides me consider that a bug ? However, changing behavior is always risky. Are there a lot of people utilizing a username map with with a domain member server ? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdRUBIR7qMdg1EfYRAmkbAJ45YyG3OJgum55k22PuUyS6AClg4ACffl8J PMkqLuDV4SGT1LQ4zByohK0= =Lfl2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticating PPTP users against Samba/LDAP
Hi, I have a few remote user who use a PPTP based VPN. The server is running PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC for (some) added security. Currently, users authentication information is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to put users into LDAP, and have ppp authenticate either directly against LDAP, or against Samba (with an LDAP backend). Any ideas on how I might go about this? Most of the docs I've seen suggest that you can't use PAM for authentication with CHAP, so it seems not to be as simple as I might have hoped. Disclaimer - I haven't actually tried any of this yet, I'm just trying to get it clear in my head before I start... Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Red Hat 3 Authenticate against AD Domain
Thanks for the link and info. I have tried it, but when I get to the testing kerberos I get an error. command: kinit [EMAIL PROTECTED] error: kinit(v5): KDC has no support for encryption type while getting initial credentials FYI: All I want to do is allow my users, once they logon on to there domain computers, map to their directory on the web server through domain authentication instead of the local /etc/passwd file. On Tue, 19 Oct 2004 08:58:17 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: David, I found this webpage to be very useful for setting up samba with active directory authentication - http://www.rongage.org/manual_samba_howto.html. I started with a very base install of WBEL without samba. The version of Kerberos that comes with WBEL is not new enough to work with a Win2K AD domain or at least I could never get it to work. I used the latest versions of Samba and Kerberos. OpenLDAP was not needed since it was already installed on the box. My homes share definition looks like this: [global] template homedir = /home/%D/%U [homes] comment = Home Directories create mask = 0600 directory mask = 0700 read only = no browseable = no valid users = @Domain Admins,@Domain Users veto oplock files = /*.xls/ The veto oplock files = /*.xls/ line is to take care of a problem with excel thinking that a file has been changed since opened when it actually hasn't been. I created the /home/DOMAIN/ directory with the group set to Domain Admins and group rights of u+rwx,g+rwsx,o-rwsx so that I could use Active Directory Users and Computers to set the home directory. The domain name had to be all caps for it to work right. Right now I am manually creating the home directory and setting ownership and permissions. Haven't been able to get the home directory creation through Active Directory Users and Computers working yet. Kevin Riggins, CISSP Quester Linguistics, Inc. -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: [Samba] Making Red Hat 3 Authenticate against AD Domain I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I want to use the homes function of Samba and I want user's to authenticate against my AD domain. I am having a problem making the server a member server of my domain. I tried using the smbpasswd command and got the error about trying net join for this action. Also, is there anything else I have to do to get my users to authenticate against the AD domain? Any help and suggestions would be much appreciated. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: REVISED: Nobody can join domain (was W2K can't join 3.0.7 domain)
On Tuesday 19 October 2004 09:32, Igor Belyi wrote: There could be number of reasons why you can't join domain. The best way to investigate your problem is to look in smbd log for error messages. There are no errors in the log. See the entire level 10 log for the time when I attempted to join the domain from my Linux box: [2004/10/19 10:10:42, 6] param/loadparm.c:lp_file_list_changed(2681) lp_file_list_changed() file /usr/local/samba/lib/bhpro.smb - /usr/local/samba/lib/bhpro.smb last mod_time: Mon Oct 18 14:46:33 2004 file /usr/local/samba/lib/printers.smb - /usr/local/samba/lib/printers.smb last mod_time: Fri Oct 8 08:47:47 2004 file /usr/local/samba/lib/smb.conf - /usr/local/samba/lib/smb.conf last mod_time: Mon Oct 18 17:00:56 2004 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDBUF = 16384 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVBUF = 87380 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDLOWAT = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVLOWAT = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDTIMEO = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVTIMEO = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDBUF = 16384 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVBUF = 87380 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDLOWAT = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVLOWAT = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDTIMEO = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVTIMEO = 0 [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:make_pdb_context_list(763) Trying to load: ldapsam:ldap://localhost [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam' [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam_compat [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam_compat' [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend smbpasswd [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'smbpasswd' [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend tdbsam [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'tdbsam' [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend guest [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'guest' [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(648) Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam) [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(669) Found pdb backend ldapsam [2004/10/19 10:10:42, 2] lib/smbldap.c:smbldap_search_domain_info(1319) Searching for:[((objectClass=sambaDomain)(sambaDomainName=CORP1))] [2004/10/19 10:10:42, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base =
[Samba] Implementing printer drivers using [print$]
Hi All, I'm implementing a Samba as print server and I would like to share all drivers to be installed on clients using the print$ share (to be installed automatically). My system is a SUSE 9.1 Professional, and the samba version is samba 3.0.4-1. The drivers are located on /var/lib/samba/drivers. I have made some tests with 3 printers (all had functioned correctly). To install the printers, I'm using the Windows API whitout problems but I have some doubts: - How I remove some driver? And update? - How I verify which files are provided by a specific driver? - The drivers are organized using numbers (explained into the Samba Howto) and architecture. How Samba manage the drivers to guarantee that the installed versions aren't replaced? In an example, if I install some HP printers, will Samba guarantee that some DLL aren't replaced? How it is done? - Reading the printers.tdb file, I found that is provided some information about the drivers. How I make a backup of this drivers to restore in case of disaster? - I'll provide a lot of printers (more than 20 printers) on this server, all sharing this own driver. It's really possible, or this recurse is recommended only to small servers? Thanks and regards, Fabiano Felix -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Red Hat 3 Authenticate against AD Domain
I have tried the uppercase, lowercase and any combinations. I have made the following changes to my krb5.conf file and still get the same error. What services need to be started? Thanks alot for your input. On Tue, 19 Oct 2004 10:44:29 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: One other thing. My /etc/krb5.conf file is a bit different than the one given on the page I sent you to. The pertinent portion being below: [libdefaults] ticket_lifetime = 24000 default_realm = COMDEV.COM default_tgs_enctypes = rc4-hmac default_tkt_enctypes = rc4-hmac forwardable = true proxiable = true dns_lookup_realm = false dns_lookup_kdc = false -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 10:15 AM To: Kevin Riggins Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain Thanks for the link and info. I have tried it, but when I get to the testing kerberos I get an error. command: kinit [EMAIL PROTECTED] error: kinit(v5): KDC has no support for encryption type while getting initial credentials FYI: All I want to do is allow my users, once they logon on to there domain computers, map to their directory on the web server through domain authentication instead of the local /etc/passwd file. On Tue, 19 Oct 2004 08:58:17 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: David, I found this webpage to be very useful for setting up samba with active directory authentication - http://www.rongage.org/manual_samba_howto.html. I started with a very base install of WBEL without samba. The version of Kerberos that comes with WBEL is not new enough to work with a Win2K AD domain or at least I could never get it to work. I used the latest versions of Samba and Kerberos. OpenLDAP was not needed since it was already installed on the box. My homes share definition looks like this: [global] template homedir = /home/%D/%U [homes] comment = Home Directories create mask = 0600 directory mask = 0700 read only = no browseable = no valid users = @Domain Admins,@Domain Users veto oplock files = /*.xls/ The veto oplock files = /*.xls/ line is to take care of a problem with excel thinking that a file has been changed since opened when it actually hasn't been. I created the /home/DOMAIN/ directory with the group set to Domain Admins and group rights of u+rwx,g+rwsx,o-rwsx so that I could use Active Directory Users and Computers to set the home directory. The domain name had to be all caps for it to work right. Right now I am manually creating the home directory and setting ownership and permissions. Haven't been able to get the home directory creation through Active Directory Users and Computers working yet. Kevin Riggins, CISSP Quester Linguistics, Inc. -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: [Samba] Making Red Hat 3 Authenticate against AD Domain I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I want to use the homes function of Samba and I want user's to authenticate against my AD domain. I am having a problem making the server a member server of my domain. I tried using the smbpasswd command and got the error about trying net join for this action. Also, is there anything else I have to do to get my users to authenticate against the AD domain? Any help and suggestions would be much appreciated. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: REVISED: Nobody can join domain (was W2K can't join 3.0.7 domain)
This log shows no attempts to join domain at all - only initial initialization of Samba. Can you check the time written in the log and time you attempt to join the domain? What do you do to join the domain? What error message do you get while attempting to join the domain? Igor Misty Stanley-Jones wrote: On Tuesday 19 October 2004 09:32, Igor Belyi wrote: There could be number of reasons why you can't join domain. The best way to investigate your problem is to look in smbd log for error messages. There are no errors in the log. See the entire level 10 log for the time when I attempted to join the domain from my Linux box: [2004/10/19 10:10:42, 6] param/loadparm.c:lp_file_list_changed(2681) lp_file_list_changed() file /usr/local/samba/lib/bhpro.smb - /usr/local/samba/lib/bhpro.smb last mod_time: Mon Oct 18 14:46:33 2004 file /usr/local/samba/lib/printers.smb - /usr/local/samba/lib/printers.smb last mod_time: Fri Oct 8 08:47:47 2004 file /usr/local/samba/lib/smb.conf - /usr/local/samba/lib/smb.conf last mod_time: Mon Oct 18 17:00:56 2004 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDBUF = 16384 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVBUF = 87380 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDLOWAT = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVLOWAT = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDTIMEO = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVTIMEO = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDBUF = 16384 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVBUF = 87380 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDLOWAT = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVLOWAT = 1 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDTIMEO = 0 [2004/10/19 10:10:42, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVTIMEO = 0 [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:make_pdb_context_list(763) Trying to load: ldapsam:ldap://localhost [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam' [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam_compat [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam_compat' [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend smbpasswd [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'smbpasswd' [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend tdbsam [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'tdbsam' [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend guest [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'guest' [2004/10/19 10:10:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(648) Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam) [2004/10/19 10:10:42, 5]
RE: [Samba] Making Red Hat 3 Authenticate against AD Domain
I also thought of something else, make sure you are using the binaries that were installed by the new Kerberos package. I accomplished this by putting /usr/local/bin and /usr/local/sbin at the beginning of my path statement. This needs to be done prior to compiling Samba, because Samba uses the krb5-config command to configure itself for Kerberos. If `which kinit` returns anything other than /usr/local/bin, this is contributing to the problem. My bad, sorry. No services are necessary for the Kerberos portion of the setup. Kevin -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 10:59 AM To: Kevin Riggins Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain I have tried the uppercase, lowercase and any combinations. I have made the following changes to my krb5.conf file and still get the same error. What services need to be started? Thanks alot for your input. On Tue, 19 Oct 2004 10:44:29 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: One other thing. My /etc/krb5.conf file is a bit different than the one given on the page I sent you to. The pertinent portion being below: [libdefaults] ticket_lifetime = 24000 default_realm = COMDEV.COM default_tgs_enctypes = rc4-hmac default_tkt_enctypes = rc4-hmac forwardable = true proxiable = true dns_lookup_realm = false dns_lookup_kdc = false -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 10:15 AM To: Kevin Riggins Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain Thanks for the link and info. I have tried it, but when I get to the testing kerberos I get an error. command: kinit [EMAIL PROTECTED] error: kinit(v5): KDC has no support for encryption type while getting initial credentials FYI: All I want to do is allow my users, once they logon on to there domain computers, map to their directory on the web server through domain authentication instead of the local /etc/passwd file. On Tue, 19 Oct 2004 08:58:17 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: David, I found this webpage to be very useful for setting up samba with active directory authentication - http://www.rongage.org/manual_samba_howto.html. I started with a very base install of WBEL without samba. The version of Kerberos that comes with WBEL is not new enough to work with a Win2K AD domain or at least I could never get it to work. I used the latest versions of Samba and Kerberos. OpenLDAP was not needed since it was already installed on the box. My homes share definition looks like this: [global] template homedir = /home/%D/%U [homes] comment = Home Directories create mask = 0600 directory mask = 0700 read only = no browseable = no valid users = @Domain Admins,@Domain Users veto oplock files = /*.xls/ The veto oplock files = /*.xls/ line is to take care of a problem with excel thinking that a file has been changed since opened when it actually hasn't been. I created the /home/DOMAIN/ directory with the group set to Domain Admins and group rights of u+rwx,g+rwsx,o-rwsx so that I could use Active Directory Users and Computers to set the home directory. The domain name had to be all caps for it to work right. Right now I am manually creating the home directory and setting ownership and permissions. Haven't been able to get the home directory creation through Active Directory Users and Computers working yet. Kevin Riggins, CISSP Quester Linguistics, Inc. -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: [Samba] Making Red Hat 3 Authenticate against AD Domain I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I want to use the homes function of Samba and I want user's to authenticate against my AD domain. I am having a problem making the server a member server of my domain. I tried using the smbpasswd command and got the error about trying net join for this action. Also, is there anything else I have to do to get my users to authenticate against the AD domain? Any help and suggestions would be much appreciated. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: REVISED: Nobody can join domain (was W2K can't join 3.0.7 domain)
The first time I sent this in private: On Tuesday 19 October 2004 11:17, you wrote: This log shows no attempts to join domain at all - only initial initialization of Samba. Can you check the time written in the log and time you attempt to join the domain? What do you do to join the domain? What error message do you get while attempting to join the domain? The time stamp on that log is during the time I was trying to join the domain. I was tailing it in one terminal session while I simultaneously tried to join the domain in another terminal session: ### TAIL ON SERVER ### Trying to join domain now at Tue Oct 19 11:31:50 EST 2004 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 1 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 1 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 0 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 0 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDBUF = 16384 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVBUF = 87380 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDLOWAT = 1 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVLOWAT = 1 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDTIMEO = 0 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVTIMEO = 0 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 1 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 1 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 0 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 0 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDBUF = 16384 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVBUF = 87380 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDLOWAT = 1 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVLOWAT = 1 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_SNDTIMEO = 0 [2004/10/19 11:31:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_RCVTIMEO = 0 [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:make_pdb_context_list(763) Trying to load: ldapsam:ldap://localhost [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam' [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam_compat [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam_compat' [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend smbpasswd [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'smbpasswd' [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend tdbsam [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'tdbsam' [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend guest [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'guest' [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:make_pdb_methods_name(648) Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam) [2004/10/19 11:31:55, 5] passdb/pdb_interface.c:make_pdb_methods_name(669) Found pdb backend ldapsam [2004/10/19 11:31:55, 2] lib/smbldap.c:smbldap_search_domain_info(1319) Searching for:[((objectClass=sambaDomain)(sambaDomainName=CORP1))] [2004/10/19 11:31:55, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base = [dc=borkholder,dc=com], filter = [((objectClass=sambaDomain)(sambaDomainName=CORP1))], scope = [2] [2004/10/19 11:31:55, 10]
Re: [Samba] Making Red Hat 3 Authenticate against AD Domain
I am using the kinit that is default rpm with RHEL AS which kinit is returning: /usr/kerberos/bin/kinit On Tue, 19 Oct 2004 11:09:42 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: I also thought of something else, make sure you are using the binaries that were installed by the new Kerberos package. I accomplished this by putting /usr/local/bin and /usr/local/sbin at the beginning of my path statement. This needs to be done prior to compiling Samba, because Samba uses the krb5-config command to configure itself for Kerberos. If `which kinit` returns anything other than /usr/local/bin, this is contributing to the problem. My bad, sorry. No services are necessary for the Kerberos portion of the setup. Kevin -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 10:59 AM To: Kevin Riggins Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain I have tried the uppercase, lowercase and any combinations. I have made the following changes to my krb5.conf file and still get the same error. What services need to be started? Thanks alot for your input. On Tue, 19 Oct 2004 10:44:29 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: One other thing. My /etc/krb5.conf file is a bit different than the one given on the page I sent you to. The pertinent portion being below: [libdefaults] ticket_lifetime = 24000 default_realm = COMDEV.COM default_tgs_enctypes = rc4-hmac default_tkt_enctypes = rc4-hmac forwardable = true proxiable = true dns_lookup_realm = false dns_lookup_kdc = false -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 10:15 AM To: Kevin Riggins Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain Thanks for the link and info. I have tried it, but when I get to the testing kerberos I get an error. command: kinit [EMAIL PROTECTED] error: kinit(v5): KDC has no support for encryption type while getting initial credentials FYI: All I want to do is allow my users, once they logon on to there domain computers, map to their directory on the web server through domain authentication instead of the local /etc/passwd file. On Tue, 19 Oct 2004 08:58:17 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: David, I found this webpage to be very useful for setting up samba with active directory authentication - http://www.rongage.org/manual_samba_howto.html. I started with a very base install of WBEL without samba. The version of Kerberos that comes with WBEL is not new enough to work with a Win2K AD domain or at least I could never get it to work. I used the latest versions of Samba and Kerberos. OpenLDAP was not needed since it was already installed on the box. My homes share definition looks like this: [global] template homedir = /home/%D/%U [homes] comment = Home Directories create mask = 0600 directory mask = 0700 read only = no browseable = no valid users = @Domain Admins,@Domain Users veto oplock files = /*.xls/ The veto oplock files = /*.xls/ line is to take care of a problem with excel thinking that a file has been changed since opened when it actually hasn't been. I created the /home/DOMAIN/ directory with the group set to Domain Admins and group rights of u+rwx,g+rwsx,o-rwsx so that I could use Active Directory Users and Computers to set the home directory. The domain name had to be all caps for it to work right. Right now I am manually creating the home directory and setting ownership and permissions. Haven't been able to get the home directory creation through Active Directory Users and Computers working yet. Kevin Riggins, CISSP Quester Linguistics, Inc. -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: [Samba] Making Red Hat 3 Authenticate against AD Domain I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I want to use the homes function of Samba and I want user's to authenticate against my AD domain. I am having a problem making the server a member server of my domain. I tried using the smbpasswd command and got the error about trying net join for this action. Also, is there anything else I have to do to get my users to authenticate against the AD domain? Any help and suggestions would be much appreciated. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] Winbind/wbinfo question
Finally managed to get this problem fixed. A combination of recompiling the latest SRPM of Samba, adding additional KDC¹s to krb5.conf and leaving/rejoining the domain seemed to do the trick. Thanks, Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] largosh printing patch for Samba 3.0.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For anyone interested in testing some printing fixes: I've just uplaoded a moderate sized patch for Samba 3.0.7 that addresses the following bugs: https://bugzilla.samba.org/show_bug.cgi?id=1519 https://bugzilla.samba.org/show_bug.cgi?id=1679 Both fixes have been checked in for incusion in the next 3.0.8 preview release. The patch for 3.0.7 can be found at http://samba.org/~jerry/patches/post-3.0.7/printername_and_queue_update.patch cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdUqKIR7qMdg1EfYRAqJaAKDkJq0mCrlSMRzKfW75/7jfHVvnxACeJclP GBMmBemOgiAqcgpIgrL2oso= =e1CQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] libsmbclient ftruncate
All, I am trying to build some SMB functionality into one of my existing programs using libsmbclient. The interface has everything I need, except for the ability to shrink files (basically do an ftruncate). Looking at some ethereal captures, it looks like when a client wants to do a shrink of a file, it issues a TRANS2 with SET_FILE_INFO and SMB_FILE_END_OF_FILE_INFO, and SMB_FILE_ALLOCATION_INFO. Is there any way I can approximate this using the current smbc_* functions, or do I have to write it myself? Thanks in advance for any replies. From, Chris Lalancette (P.S. Please CC me on any correspondence; I am not subscribed to the list) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Re: ADS valid users can't map share
Hi Jerry, Yes, I do use the username map file with Samba 3.0.2a and the DOMAIN security mode. The Samba share is accessed by many workstations exporting data files (via a background application) to it on a regular basis. There is no need to log on the Samba box therefore all workstations are using the same Windows account and this account is associated to a Unix one via the username map file. I am trying to do the same with Samba 3.0.7 and the ADS security mode. Note: Although it is up to the Samba team to determine the specifications of the product, I do hope that the backward compatibility is kept as much as possible. Regards, Marcello -Message d'origine- De : Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Envoyé : mardi 19 octobre 2004 09:22 À : Igor Belyi Cc : [EMAIL PROTECTED] Objet : Re: [Samba] Re: ADS valid users can't map share -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Igor Belyi wrote: | Greg Adams wrote: | | Yeah, that solved the problem for valid users. Thanks. | | However, I now have a different problem. The same kind | of logic should apply to the username map, right? But it doesn't seem | to. | username.map: | | !grega = EDSADDDM+imguser ... | So... it appears that the username map is not using the domain | information. | | | I do believe it should... Could you provide 'log level = 10' from the | moment 'EDSADDDM+imguser' logs in and till it creates a file? This | should be logs for the '!grega = EDSADDDM+imguser' line in the map | file. I just checked on this and it looks like when you are a domain member server, the username map honors the domain portion of the username (on the LHS) when you authenticate using kerberos but not when using NTLM. Anyone besides me consider that a bug ? However, changing behavior is always risky. Are there a lot of people utilizing a username map with with a domain member server ? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdRUBIR7qMdg1EfYRAmkbAJ45YyG3OJgum55k22PuUyS6AClg4ACffl8J PMkqLuDV4SGT1LQ4zByohK0= =Lfl2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: REVISED: Nobody can join domain (was W2K can't join 3.0.7 domain)
This whole probably was complete stupidity on my part. I apologize for wasting all of your time. I had been testing LDAP failover and had my Samba server pointing at a read-only replica this whole time. I feel really really stupid but I guess it happens to the best of us, so I thought I would admit my mistake so it would be in the archives for anyone else who has a similar issue in the future. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba not printing queue
Hi folks- I'm having a problem with Samba printing from Windows to Solaris printers, running samba 2.2.8a. At the moment, when windows jobs sent to samba, samba is copying them to /var/spool/samba, but not starting printing. This worked fine until yesterday, and nothing in Samba has been touched (at least, not to my knowledge). We use SystemV printing, which works on the unix side-I can go to /var/spool/samba and run lp [file name] without a problem. I've tried changing the smb.conf to use BSD printing and tried several different print command = , to no affect. All the other features seem to work (shares, PDC authentication), just not printing. Is there an process in addition to smbd and nmbd that needs to be running? I've tried everything the howto's and google have turned up, but I'm out of ideas-any help would be appreciated. here's the relevent smb.conf info: [global] max print jobs = 1000 printable = No postscript = No printing = sysv print command = lp -c -d%p %s; rm %s lpq command = lpstat -o%p lprm command = cancel %p-%j lppause command = lp -i %p-%j -H hold lpresume command = lp -i %p-%j -H resume queuepause command = disable %p queueresume command = enable %p printer name = use client driver = No default devmode = No printer driver = printer driver file = /opt/samba/lib/printers.def printer driver location = [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes browseable = No Thanks Sam Waters ___ Samuel R. Waters[EMAIL PROTECTED] System Administrator Department of Computer Science (585)475-4934 Rochester Institute of Technology Questions? Start here: http://www.cs.rit.edu/~srw ___ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2k3 ads and fc2 client
Hi, I am trying to join a fedora fc2 client (latest patches as of yesturday) to a 2k3 ads. when running; kinit [EMAIL PROTECTED] I get no errors. When running; klist I get; Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] ... klist: You have no tickets cached Winbind shows; spnego_gen_negTokenTarg failed: No credentials cache found. The renewel is in 10 hours. The Service principal looks funny; Service prinical is krbtgt/[EMAIL PROTECTED] Is the; client use spnego = yes in smb.conf a valid flag to use that may fix this? Does 2k3 require the ckients to cache the keys? Bri- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bug 135832 - smbtree frees invalid pointer
On Tue, Oct 19, 2004 at 03:01:07PM +0200, Farkas Levente wrote: hi, it's be useful fix in the upstream too: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135832 I think this is already fixed in the SVN code. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Issues/Questions about Samba 3.x.x versus it's Worki ng Status
Hi Jerry, First, thanks a lot for the answers! In regards, to your reply, can you provide a little bit more precisions here: 1. The question 1 was about not using winbindd when in ADS security mode. Is the answer still Yes? I know that it is true when in DOMAIN security mode. 2. About Question 6, from your answer, my understanding is that the Samba server must be in the same domain as the Win2K/Win2K3 server. In other words the full name of these machines would be sambaserver.domaineA.com and win2kserver.domaineA.com. Is this true whether it is with the DOMAIN or ADS security mode? Regards, Marcello -Message d'origine- De : Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Envoyé : mardi 19 octobre 2004 10:01 À : [EMAIL PROTECTED] Cc : [EMAIL PROTECTED] Objet : Re: [Samba] Issues/Questions about Samba 3.x.x versus it's Working Status -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | 1. I once asked if it was possible not to use winbindd | and just use the username map parameter/file. I never got any answer | to that... Is that a tough question? Yes. | 2. When using winbindd, can I still use the username | map parameter/file so that I link Windows accounts to the same Unix | one? Right now, this does not seem to work... Is there some issues | with this? What is the exact syntax? See my post about this earlier today. | 3. Is PAM absolutely required? I do not think so, but, | hey, you never know... No. not required. | 4. I saw in a few mails on Google that the | command wbinfo --set-auth-user DOMAINNAME\\Administrator%password | is sometime required? Is it true? What is it all about? No. not required nor needed in the latest Samba releases (especially when using security = ads). | 5. I saw also in a lot of mails on Google and Samba list | that it was required to copy the libnss_winbind.so (from | the nsswitch directory in the samba source) to the /lib directory. | However, the target filename is sometime nss_winbnid.so, sometime | libnss_winbind.so, sometime ending with .so.1 or .so.2, etc. What is | it all about? What is really required? Is this system specific? nss_winbind.so is the NSS library used to export domain users and groups to the underlying UNIX OS. It is required when you run winbindd and the name is OS specific. | 6. Does the Samba server (aka the Unix box) need to be in the same | domain as the Win2K3 server? Same question for the client | workstations? Yes and no. Suggest you re-reead the documentation on security = [domain|ads] | 7. I saw in some other mails/documents (too many read in | a short period) that it may be required to change the | Windows account's password? Is this true? If so, when | is it required and with what typical configuration? Normally this is handled automatically for you by smbd (if appropriate) once you are joined to a domain. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdR4CIR7qMdg1EfYRAj6OAKCZV7HpL4cuwLmpzLXVnFTEoeWABQCfUFa5 HE1bh8awLFwbDunY7VzXnjY= =EYiB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Making Red Hat 3 Authenticate against AD Domain
The default version of kerberos that ships with RHEL AS is 1.2 something and the default samba rpm is built against this version. In order for a samba box to become a member of an active directory domain, Kerberos 1.3+ is required. This is why it is necessary to download the latest binary of kerberos from the following location and download and compile Samba. Kerberos: http://web.mit.edu/kerberos/dist/krb5/1.3/krb5-1.3.5-i686-pc-linux-gnu.t ar Samba: http://us3.samba.org/samba/ftp/samba-latest.tar.gz -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 11:46 AM To: Kevin Riggins Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain I am using the kinit that is default rpm with RHEL AS which kinit is returning: /usr/kerberos/bin/kinit On Tue, 19 Oct 2004 11:09:42 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: I also thought of something else, make sure you are using the binaries that were installed by the new Kerberos package. I accomplished this by putting /usr/local/bin and /usr/local/sbin at the beginning of my path statement. This needs to be done prior to compiling Samba, because Samba uses the krb5-config command to configure itself for Kerberos. If `which kinit` returns anything other than /usr/local/bin, this is contributing to the problem. My bad, sorry. No services are necessary for the Kerberos portion of the setup. Kevin -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 10:59 AM To: Kevin Riggins Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain I have tried the uppercase, lowercase and any combinations. I have made the following changes to my krb5.conf file and still get the same error. What services need to be started? Thanks alot for your input. On Tue, 19 Oct 2004 10:44:29 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: One other thing. My /etc/krb5.conf file is a bit different than the one given on the page I sent you to. The pertinent portion being below: [libdefaults] ticket_lifetime = 24000 default_realm = COMDEV.COM default_tgs_enctypes = rc4-hmac default_tkt_enctypes = rc4-hmac forwardable = true proxiable = true dns_lookup_realm = false dns_lookup_kdc = false -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 10:15 AM To: Kevin Riggins Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain Thanks for the link and info. I have tried it, but when I get to the testing kerberos I get an error. command: kinit [EMAIL PROTECTED] error: kinit(v5): KDC has no support for encryption type while getting initial credentials FYI: All I want to do is allow my users, once they logon on to there domain computers, map to their directory on the web server through domain authentication instead of the local /etc/passwd file. On Tue, 19 Oct 2004 08:58:17 -0500, Kevin Riggins [EMAIL PROTECTED] wrote: David, I found this webpage to be very useful for setting up samba with active directory authentication - http://www.rongage.org/manual_samba_howto.html. I started with a very base install of WBEL without samba. The version of Kerberos that comes with WBEL is not new enough to work with a Win2K AD domain or at least I could never get it to work. I used the latest versions of Samba and Kerberos. OpenLDAP was not needed since it was already installed on the box. My homes share definition looks like this: [global] template homedir = /home/%D/%U [homes] comment = Home Directories create mask = 0600 directory mask = 0700 read only = no browseable = no valid users = @Domain Admins,@Domain Users veto oplock files = /*.xls/ The veto oplock files = /*.xls/ line is to take care of a problem with excel thinking that a file has been changed since opened when it actually hasn't been. I created the /home/DOMAIN/ directory with the group set to Domain Admins and group rights of u+rwx,g+rwsx,o-rwsx so that I could use Active Directory Users and Computers to set the home directory. The domain name had to be all caps for it to work right. Right now I am manually creating the home directory and setting ownership and permissions. Haven't been able to get the home directory creation through Active Directory Users and Computers working yet. Kevin Riggins, CISSP Quester Linguistics, Inc. -Original Message- From: David Nickel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: [Samba] Making Red Hat 3 Authenticate against AD Domain I have a Red Hat 3 AS server I
[Samba] getpeername failed. Error was Transport endpoint is not connected, don't solve?
Hi all, I'm using Samba 3.0.7, OpenLDAP 2.2.17, smbldap-tools-0.8.5 It has been configured pdc with tls. tls work fine: ldapsearch -x -ZZ -h ldap.domain.com.br -D cn=suport,dc=domain,dc=com,dc=br -L -W ... ... # numResponses: 20 # numEntries: 19 my user has been found and accept password in the ldap [EMAIL PROTECTED]:~# id fernando.ribeiro uid=1000(fernando.ribeiro) gid=1000(suporte) groups=1000(suporte),512(Domain Admins) [EMAIL PROTECTED]:~# smbclient -L ldap.domain.com.br -U fernando.ribeiro Password: Domain=[domain] OS=[Unix] Server=[Samba 3.0.7] ... WorkgroupMaster --- domain PDC my ldap.conf base dc=domain,dc=com,dc=br uri ldap://ldap.domain.com.br ssl start_tls port 389 TLS_CACERT /usr/local/ssl/cacert.pem rootbinddn cn=suporte,dc=domain,dc=com,dc=br nss_base_passwd ou=Usuarios,dc=domain,dc=com,dc=br?one nss_base_shadow ou=Usuarios,dc=domain,dc=com,dc=br?one nss_base_group ou=Grupos,dc=domain,dc=com,dc=br?one [global] workgroup = domain netbios name = PDC server string = PDC security = user encrypt passwords = yes load printers = yes log file = /var/log/samba/%m.log max log size = 50 log level = 5 os level = 255 local master = yes domain master = yes preferred master = yes domain logons = yes admin users = fernando.ribeiro, wesley.lago logon script = %U.bat logon path = \\%L\profiles\%U # wins support = no # wins proxy = no # dns proxy = no # name resolve order = wins lmhosts hosts bcast # smb ports = 137 138 139 445 # interfaces = 10.0.0.0/24 127.0.0.1 # bind interfaces only = Yes ldap passwd sync = yes ldap delete dn = Yes ldap port = 389 ldap ssl = start_tls passdb backend = ldapsam:ldap://ldap.domain.com.br/ ldap admin dn = cn=suporte,dc=domain,dc=com,dc=br ldap suffix = dc=domain,dc=com,dc=br ldap group suffix = ou=Grupos ldap user suffix = ou=Usuarios ldap machine suffix = ou=Computadores idmap uid = 1-15000 idmap gid = 1-15000 nt acl support = yes create mask = 600 directory mask = 0700 force directory mode = 0700 passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m %u add group script = /usr/local/sbin/smbldap-groupadd -p %g add machine script = /usr/local/sbin/smbldap-useradd -w %u delete user script = /usr/local/sbin/smbldap-userdel %u delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u dos charset = UTF-8 unix charset = UTF-8 cups server = 10.0.0.11 #use sendfile = no [homes] comment = Diretorio Home browseable = no writable = yes force user = %U [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = Yes csc policy = disable force user = %U valid users = %U @Domain Admins [netlogon] path = /home/netlogon browseable = No read only = yes [printers] comment = Impressoras path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes And while i try include a workstation (windows XP with SP2) it return this error: [2004/10/19 16:12:19, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/10/19 16:12:19, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2004/10/19 16:12:19, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 22: ERRNO = Connection reset by peer [2004/10/19 16:12:19, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) It created the windows$ entry in ldap: [EMAIL PROTECTED]:~# ldapsearch -x -ZZ -h ldap.domain.com.br -D cn=suporte,dc=domain,dc=com,dc=br uid=windows$ -W -LLL Enter LDAP Password: dn: uid=windows$,ou=Computadores,dc=domain,dc=com,dc=br objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: windows$ sn: windows$ uid: windows$
[Samba] Samba and Active Directory
Hi, I'm trying to join my Linux file server to an AD domain. I've looked at several different documents describing how to do this, but I still am not able to get everything to work correctly. I am able to join my domain, but I cannot use smbclient to connect to another file server in the domain, nor can I connect to the samba server from my desktop PC. My kerberos tickets seem to be in order: $ kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: $ klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/19/04 12:26:21 10/19/04 22:26:25 krbtgt/[EMAIL PROTECTED] renew until 10/19/04 13:26:21 $ smbclient -U [EMAIL PROTECTED] -k //fs02/Share session setup failed: NT_STATUS_LOGON_FAILURE Even with debug enabled, I don't get any clues: $ smbclient -U [EMAIL PROTECTED] -k -d 4 //fs02/Share lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] doing parameter local master = no doing parameter realm = MY.BIG.DOMAIN.LOC doing parameter password server = 10.109.40.128 doing parameter workgroup = MYDOMAIN doing parameter netbios name = FS01 handle_netbios_name: set global_myname to: FS01 doing parameter encrypt passwords = yes doing parameter security = ads doing parameter log file = /var/log/samba.log doing parameter server string = doing parameter winbind separator = + doing parameter winbind uid = 1-2 doing parameter winbind gid = 1-2 doing parameter template shell = /bin/bash doing parameter wins server = 10.109.40.128 doing parameter client use spnego = no doing parameter use spnego = yes pm_process() returned Yes added interface ip=10.109.40.77 bcast=10.109.41.255 nmask=255.255.254.0 Client started (version 3.0.7-2.FC2). Connecting to 10.109.40.59 at port 445 session request ok Serverzone is 25200 session setup failed: NT_STATUS_LOGON_FAILURE /var/log/samba.log has three error messages which might be related to my problem: [2004/10/19 11:46:21, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) krb5_cc_get_principal failed (No credentials cache found) [2004/10/19 11:51:31, 1] libads/ldap.c:ads_connect(251) Failed to get ldap server info [2004/10/19 12:01:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059) user 'root' does not exist My smb.conf: [global] local master = no realm = MY.BIG.DOMAIN.LOC password server = 10.109.40.128 workgroup = MYDOMAIN netbios name = FS01 encrypt passwords = yes security = ads log file = /var/log/samba.log server string = winbind separator = + winbind uid = 1-2 winbind gid = 1-2 template shell = /bin/bash wins server = 10.109.40.128 client use spnego = no use spnego = yes [Share] comment = Share browseable = yes writable = yes guest ok = no path = /smb/share I'm running Fedora Core 2, Samba Version 3.0.7-2.FC2, and kernel 2.6.5-1.358. Active Directory lives on 10.109.40.128. The samba server is FS01 at 10.109.40.77. A windows fileserver is FS02 at 10.109.40.59. Does anyone have any suggestions about what I might do to get samba working correctly? Thanks, Mike (: -- [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] issues with Mac OS X clients
Hi all, I am looking to issues related to file sharing between a Mac OS X (10.3.3 or 10.3.5) and Windows server. I have been problems with file/dir locking and Excel file corruption. Regards, --jh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Active Directory
I had to add the following lines to the [libdefaults] section of my /etc/krb5.conf file to get it working: default_tgs_enctypes = rc4-hmac default_tkt_enctypes = rc4-hmac dns_lookup_realm = false dns_lookup_kdc = false This assumes you are trying to connect to a Win2K Domain Controller. I don't know if it works with a 2003 server. Also, since your kinit was successful, the -U parameter is unnecessary when using smbclient -k. ex. smbclient -k //fs02/Share Kevin -Original Message- From: Mike Kelly [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 2:42 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba and Active Directory Hi, I'm trying to join my Linux file server to an AD domain. I've looked at several different documents describing how to do this, but I still am not able to get everything to work correctly. I am able to join my domain, but I cannot use smbclient to connect to another file server in the domain, nor can I connect to the samba server from my desktop PC. My kerberos tickets seem to be in order: $ kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: $ klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/19/04 12:26:21 10/19/04 22:26:25 krbtgt/[EMAIL PROTECTED] renew until 10/19/04 13:26:21 $ smbclient -U [EMAIL PROTECTED] -k //fs02/Share session setup failed: NT_STATUS_LOGON_FAILURE Even with debug enabled, I don't get any clues: $ smbclient -U [EMAIL PROTECTED] -k -d 4 //fs02/Share lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] doing parameter local master = no doing parameter realm = MY.BIG.DOMAIN.LOC doing parameter password server = 10.109.40.128 doing parameter workgroup = MYDOMAIN doing parameter netbios name = FS01 handle_netbios_name: set global_myname to: FS01 doing parameter encrypt passwords = yes doing parameter security = ads doing parameter log file = /var/log/samba.log doing parameter server string = doing parameter winbind separator = + doing parameter winbind uid = 1-2 doing parameter winbind gid = 1-2 doing parameter template shell = /bin/bash doing parameter wins server = 10.109.40.128 doing parameter client use spnego = no doing parameter use spnego = yes pm_process() returned Yes added interface ip=10.109.40.77 bcast=10.109.41.255 nmask=255.255.254.0 Client started (version 3.0.7-2.FC2). Connecting to 10.109.40.59 at port 445 session request ok Serverzone is 25200 session setup failed: NT_STATUS_LOGON_FAILURE /var/log/samba.log has three error messages which might be related to my problem: [2004/10/19 11:46:21, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) krb5_cc_get_principal failed (No credentials cache found) [2004/10/19 11:51:31, 1] libads/ldap.c:ads_connect(251) Failed to get ldap server info [2004/10/19 12:01:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059) user 'root' does not exist My smb.conf: [global] local master = no realm = MY.BIG.DOMAIN.LOC password server = 10.109.40.128 workgroup = MYDOMAIN netbios name = FS01 encrypt passwords = yes security = ads log file = /var/log/samba.log server string = winbind separator = + winbind uid = 1-2 winbind gid = 1-2 template shell = /bin/bash wins server = 10.109.40.128 client use spnego = no use spnego = yes [Share] comment = Share browseable = yes writable = yes guest ok = no path = /smb/share I'm running Fedora Core 2, Samba Version 3.0.7-2.FC2, and kernel 2.6.5-1.358. Active Directory lives on 10.109.40.128. The samba server is FS01 at 10.109.40.77. A windows fileserver is FS02 at 10.109.40.59. Does anyone have any suggestions about what I might do to get samba working correctly? Thanks, Mike (: -- [EMAIL PROTECTED] --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Active Directory
On Tue, Oct 19, 2004 at 03:05:52PM -0500, Michael Wray wrote: Make sure signed traffic is disabled on the AD server (at least for traffic from your samba) under domain and local policies. And that LM,NTLM,NTLM2 when negotiated are enabled on the AD server. Unfortuntely, the signed traffic setting affects the entire domain, and I don't think that I will be able to sell my company's AD admins on decreasing company-wide security for a single branch office server. I read this message which says that samba 3 supports signing, and that it doesn't need to be disabled in AD. http://lists.samba.org/archive/samba/2003-October/000341.html Is this mesage inaccurate? Also check your log.winbindd file for errors. (usually /var/log/log.winbindd or /var/log/samba/log.winbindd some servers have both.) I have /var/log/samba/winbindd.log, which consistantly states: [2004/10/19 11:46:21, 1] nsswitch/winbindd.c:main(854) winbindd version 3.0.7-2.FC2 started. Copyright The Samba Team 2000-2004 Thanks, Mike (: -- [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Active Directory
On Tue, Oct 19, 2004 at 03:01:05PM -0500, Kevin Riggins wrote: I had to add the following lines to the [libdefaults] section of my /etc/krb5.conf file to get it working: default_tgs_enctypes = rc4-hmac default_tkt_enctypes = rc4-hmac dns_lookup_realm = false dns_lookup_kdc = false I already had: default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 dns_lookup_realm = false dns_lookup_kdc = false But adding rc4-hmac did not help. This assumes you are trying to connect to a Win2K Domain Controller. I don't know if it works with a 2003 server. My AD server is running 2003 Server, so I guess this means that the above doesn't work with 2003. ): I'm open to any other ideas you might have. Thanks, Mike (: -- [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] polling for options on printing commands
Thomas Bork schrieb: I'm working on fixing a bug for 3.0.8 and need to know how many people use smb.conf variables other than the standard printing vars like %p, %j, etc... in the various printing commands. Please send me examples if you use things like %U, or %m. Thanks. with LPRng: print command = /usr/bin/lpr [EMAIL PROTECTED] -P%p -r %s or print command = chmod 666 %s; name=`echo '%J' | sed s/^.*- //`; if [ $name = ]; then name=%s; fi; /usr/bin/lpr [EMAIL PROTECTED] -P%p -J$name %s; rm %s and so on: lpq command = /usr/bin/lpq [EMAIL PROTECTED] -P%p lprm command = /usr/bin/lprm [EMAIL PROTECTED] -P%p %j lppause command = /usr/sbin/lpc [EMAIL PROTECTED] hold %p %j lpresume command = /usr/sbin/lpc [EMAIL PROTECTED] release %p %j queuepause command = /usr/sbin/lpc [EMAIL PROTECTED] stop %p queueresume command = /usr/sbin/lpc [EMAIL PROTECTED] start %p and print command = ( /usr/bin/printfax.sh %I %s %U %m %H; rm %s ) lpq command = /usr/bin/faxlpq %U lprm command = /usr/bin/faxlprm %j %U and lpq command = /var/install/bin/samba-print-pdf status print command = ( /var/install/bin/samba-print-pdf %s ~%u //%L/%u %m %I %u -dPDFSETTINGS=/default mail no ) -- der tom [fli4l-/eis-team] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Called name not present
I have been searching around for solutions to this but none of worked. I am trying to mount a drive over the Internet to my house. Very ugly, but it should work, no? I am pretty certain that I have opened all the correct ports. Here is the root of the problem: davt01-linux:~ # smbclient -I ip.address -L td-home session request to TD-HOME failed (Called name not present) session request to *SMBSERVER failed (Called name not present) davt01-linux:~ # nmblookup -U ip.address -R -A ip.address Looking up status of ip.address TD-HOME 00 - B ACTIVE WORKGROUP 00 - GROUP B ACTIVE MAC Address = 00-50-DA-C2-92-11 C:\Documents and Settings\tdnbtstat -n Local Area Connection: Node IpAddress: [192.168.1.13] Scope Id: [] NetBIOS Local Name Table Name Type Status - TD-HOME00 UNIQUE Registered WORKGROUP 00 GROUP Registered C:\Documents and Settings\td Thanks for any help! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
Gerald (Jerry) Carter schrieb: |We have problems with printing after installing XP SP2. |In nearly every software it takes about 10 seconds to 30 seconds, if you |click on Print-Button and wait for the print dialogue window. |Extremly slow are programs like MS Word (30 seconds, when you open a |document the first time). | | | same problem here. This a known but _unresolved_ problem for | Samba 3.0.7 and 2.2.12 - you can read about in the mailing | list archive (read the complete threads): | | http://marc.theaimsgroup.com/?l=sambam=109410258903823w=2 | http://marc.theaimsgroup.com/?l=sambam=108006188614178w=2 Unresolved may be a little too strong. tried to verify with my own setup - can not reproduce it with or without xp firewall :( I'm pretty sure the problem is the XP firewall. Can you send me a level 10 debug log with timestamps so I can verify? But we have some users with this problem, level 10 debug log is pending (Samba 2.2.12). With level 3 there only were these messages in the log: http://marc.theaimsgroup.com/?l=sambam=109421179803704w=2 http://lists.spline.inf.fu-berlin.de/mailman/htdig/eisfair/2004-August/066507.html -- der tom [fli4l-/eis-team] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Active Directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Kelly wrote: | On Tue, Oct 19, 2004 at 03:05:52PM -0500, Michael Wray wrote: | | Make sure signed traffic is disabled on the AD server | (at least for traffic from your samba) under domain | and local policies. And that LM,NTLM,NTLM2 | when negotiated are enabled on the AD server. | | | Unfortuntely, the signed traffic setting affects the | entire domain, and I don't think that I will be able to | sell my company's AD admins on decreasing | company-wide security for a single branch office server. | | I read this message which says that samba 3 supports signing, | and that it doesn't need to be disabled in AD. | http://lists.samba.org/archive/samba/2003-October/000341.html | | Is this mesage inaccurate? Samba 3.0.x does support SMB signing. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdY2JIR7qMdg1EfYRAsg6AJ9BUizsCjMfQY8TaMvj76ip+AdJogCfZpoJ UoGKkcTAljVT790EXEJ9/Zw= =FEGD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't ssh with administrator user
why i can't ssh from other host with Administrator user : [EMAIL PROTECTED] root]# ssh [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Last login: Wed Oct 20 07:23:04 2004 from dadang Connection to 192.168.150.1 closed. but i am success join domain with this user. sorry my bad languange. regard, dadang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba setup with Winbind connecting to NT4 PDC - Login is Slow...
I think you will be interested in recent Andreas's experience with KDE: http://lists.samba.org/archive/samba-technical/2004-October/037685.html Igor Eric Murray wrote: -| PDC - Login isnow Slow... -| -| winbind enum users = yes -| winbind enum groups = yes remove those two... Mit freundlichem Gruß, Ok, I removed those 2 lines and tried again... It still took at least 2 minutes to login as it just Sit's on the KDE welcome screen with nothing and then all of a sudden up pops the KDE login box and proceeds as normal. Questions : - Is there a chance that becuase I'm on a trusted Domain with 3 locations that it is trying to Syncronize with the PDC's on the 3 domains on startup? Causing it to be slow like that? - Is there a chance that PAM has something to do with it? My SMB shares are all working and it authenticates with the PDC correctly so I would rather not mess with pam as I don't know what I'm doing with it. Here is my current SMB.CONF and NSSWITCH.CONF files again now. - SMB.CONF - # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE # Date: 2004-09-16 [global] workgroup = SHELTER printing = cups printcap name = cups printcap cache time = 750 cups options = raw printer admin = @ntadmin, root, administrator username map = /etc/samba/smbusers map to guest = Bad User ###include = /etc/samba/dhcp.conf #logon path = \\%L\profiles\.msprofile #logon home = \\%L\%U\.9xprofile #logon drive = P: # My additions... security = DOMAIN encrypt passwords = yes password server = shelternt1 sriesrv2 obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = shelternt1 sriesrv2 dns proxy = no netbios name = sriemailsrv log level = 1 winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 15 #winbind enum users = yes #winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash winbind use default domain = yes name resolve order = wins lmhosts host bcast [pdf] comment = PDF creator path = /var/tmp printable = Yes print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z create mask = 0600 [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 [Public] comment = Public Folder path = /data/Public writable = yes [NetworkAccess] writable = yes path = /data/NetworkAccess write list = @shelter+TestLinuxGroup force group = ntadmin force user = root comment = Network Share for Writability... create mode = 0660 directory mode = 0770 [tmp] comment = Temporary File Space path = /data/tmp read only = no public = yes - NSSWITCH.CONF - # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # compat Use compatibility setup # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the /var/db databases # [NOTFOUND=return] Stop searching if not found so far # # For more information, please read the nsswitch.conf.5 manual page. # # passwd: files nis # shadow: files nis # group: files nis passwd: compat winbind group: compat winbind hosts: files dns networks: files dns services: files protocols: files rpc:files ethers:files netmasks: files netgroup: files publickey:files bootparams: files automount: files nis aliases:files Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating PPTP users against Samba/LDAP
On Wed, 2004-10-20 at 00:44, Mike Brodbelt wrote: Hi, I have a few remote user who use a PPTP based VPN. The server is running PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC for (some) added security. Currently, users authentication information is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to put users into LDAP, and have ppp authenticate either directly against LDAP, or against Samba (with an LDAP backend). Any ideas on how I might go about this? Most of the docs I've seen suggest that you can't use PAM for authentication with CHAP, so it seems not to be as simple as I might have hoped. Disclaimer - I haven't actually tried any of this yet, I'm just trying to get it clear in my head before I start... The pppd patch (one for 2.4.2, one for current CVS) is here: http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd The documentation is: http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf Note that the patch changed a little since the report was written, use the instructions in the README for configuration. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.7 OpenLDAP performance problem
On Tue, 2004-10-19 at 18:50, christian triebstein wrote: hi, sorry if this topic already exists, but i haven't found a solution yet. I am using a Samba PDC with OpenLDAP. After updating my Samba 2.2.7 to version 3.0.7, I encountered the following problem : All my Windows-clients are able to logon to the Domain but it takes several minutes until the Client finally is logged on. If I try to open a directory that is stored on the server, it takes several minutes, too. You could try current SVN, I fixed one of the performance killers. There is more work to do however. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba as a bdc
On Sat, 2004-10-16 at 04:37, Matthias Spork wrote: Patricio Bruna V. schrieb: Can samba be a BDC of a NT4 domain? and if it can, then can i promote it to PDC, will it have all the accounts and passwords? Jep, Jep. Yes and no. It cannot be a 'live' BDC - it only reads the database once. You cannot run a Samba BDC with an NT PDC, you must turn off the NT4 machine as soon as you finish the process. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Changing Permissions from W2k to a samba share - Access Denied
Guys. Two Questions: 1) when trying to set up permissions within W2k to a Samba Shared File, I get access denied, My Conf is Suse 9.1 Pro Samba 3.0.7 (ACL support) Reiserfs with ACL support (setfacl works) - Winbind works great - Everything smooth When I try to set up the permissions from W2K I get Access Denied but I can see that log message says... -- Too many ACE entries for file . to convert to posix perms. 2) Its possible to mount a NT share respecting the file permissions?? how do I accomplish this? when I mount the share a mask is created and setfacl says operation not supported The log Message shows this [2004/10/18 09:13:40, 3] passdb/lookup_sid.c:fetch_uid_from_cache(173) fetch uid from cache 1 - S-1-5-21-538738344-134243190-1478062314-1003 [2004/10/18 09:13:40, 3] passdb/lookup_sid.c:fetch_uid_from_cache(173) fetch uid from cache 1 - S-1-5-21-538738344-134243190-1478062314-1003 [2004/10/18 09:13:40, 3] smbd/dosmode.c:unix_mode(111) unix_mode(.) returning 0744 [2004/10/18 09:13:40, 3] smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2506) convert_canon_ace_to_posix_perms: Too many ACE entries for file . to convert to posix perms. [2004/10/18 09:13:40, 3] smbd/posix_acls.c:set_nt_acl(3147) set_nt_acl: failed to convert file acl to posix permissions for file .. [2004/10/18 09:13:40, 3] smbd/error.c:error_packet(105) error string = Function not implemented [2004/10/18 09:13:40, 3] smbd/error.c:error_packet(129) error packet at smbd/nttrans.c(2020) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED Thanks!!! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating PPTP users against Samba/LDAP
I'm already running such configuration: freeradius + mpd (vpn server on FreeBSD) + samba the keyword here is RADIUS server. freeradius is a good one. if You are running FreeBSD, I can help You with mpd configuration. Cheers, Ilia Chipitsine Hi, I have a few remote user who use a PPTP based VPN. The server is running PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC for (some) added security. Currently, users authentication information is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to put users into LDAP, and have ppp authenticate either directly against LDAP, or against Samba (with an LDAP backend). Any ideas on how I might go about this? Most of the docs I've seen suggest that you can't use PAM for authentication with CHAP, so it seems not to be as simple as I might have hoped. Disclaimer - I haven't actually tried any of this yet, I'm just trying to get it clear in my head before I start... Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Applications that need admin privileges
Hi guys, I have a working samba and openldap pdc which is actively being tested. I have a group of users that have specifics tools to use such as oracle client tools (sqlplus etc). I tried to logon as a test user and run the sqlplus but nothing happened, I tried adding this user to the local poweruser group but it produced the same result. Can this be achieved? It works fine if this user is a member of local admin group which I dont want to do because I want to limit what they can do to their workstations. Anyone out here who had a similar experience? Thanks for any help Jan - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Fwd: Re: [Samba] Intermittent Network name cannot be found error when accessing XP roaming profile]
Hi guys, Unfortunately I've still made no progress on this. Is disabling the roaming profile permission checking in XP the only way to fix this ? Will any future versions of Samba have something that we can do in Samba on the server side to work around this ? Many thanks David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba r3053 - in branches/SAMBA_4_0/source/torture: .
Author: tridge Date: 2004-10-19 06:30:52 + (Tue, 19 Oct 2004) New Revision: 3053 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/torturerev=3053nolog=1 Log: make the maxfid test use subdirectories, so it doesn't create 64k files in one directory (running the test was very slow) and can clean up after itself easily. Modified: branches/SAMBA_4_0/source/torture/torture.c Changeset: Modified: branches/SAMBA_4_0/source/torture/torture.c === --- branches/SAMBA_4_0/source/torture/torture.c 2004-10-19 06:29:41 UTC (rev 3052) +++ branches/SAMBA_4_0/source/torture/torture.c 2004-10-19 06:30:52 UTC (rev 3053) @@ -986,10 +986,10 @@ */ static BOOL run_maxfidtest(struct smbcli_state *cli, int dummy) { -#define MAXFID_TEMPLATE \\maxfid.%d.%d +#define MAXFID_TEMPLATE \\maxfid\\fid%d\\maxfid.%d.%d char *fname; int fnums[0x11000], i; - int retries=4; + int retries=4, maxfid; BOOL correct = True; if (retries = 0) { @@ -997,10 +997,30 @@ return False; } + if (smbcli_deltree(cli-tree, \\maxfid) == -1) { + printf(Failed to deltree \\maxfid - %s\n, + smbcli_errstr(cli-tree)); + return False; + } + if (NT_STATUS_IS_ERR(smbcli_mkdir(cli-tree, \\maxfid))) { + printf(Failed to mkdir \\maxfid, error=%s\n, + smbcli_errstr(cli-tree)); + return False; + } + printf(Testing maximum number of open files\n); for (i=0; i0x11000; i++) { - asprintf(fname, MAXFID_TEMPLATE, i,(int)getpid()); + if (i % 1000 == 0) { + asprintf(fname, \\maxfid\\fid%d, i/1000); + if (NT_STATUS_IS_ERR(smbcli_mkdir(cli-tree, fname))) { + printf(Failed to mkdir %s, error=%s\n, + fname, smbcli_errstr(cli-tree)); + return False; + } + free(fname); + } + asprintf(fname, MAXFID_TEMPLATE, i/1000, i,(int)getpid()); if ((fnums[i] = smbcli_open(cli-tree, fname, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) == -1) { @@ -1015,9 +1035,11 @@ printf(%6d\n, i); i--; + maxfid = i; + printf(cleaning up\n); - for (;i=0;i--) { - asprintf(fname, MAXFID_TEMPLATE, i,(int)getpid()); + for (i=0;imaxfid/2;i++) { + asprintf(fname, MAXFID_TEMPLATE, i/1000, i,(int)getpid()); if (NT_STATUS_IS_ERR(smbcli_close(cli-tree, fnums[i]))) { printf(Close of fnum %d failed - %s\n, fnums[i], smbcli_errstr(cli-tree)); } @@ -1027,10 +1049,28 @@ correct = False; } free(fname); - printf(%6d\r, i); + + asprintf(fname, MAXFID_TEMPLATE, (maxfid-i)/1000, maxfid-i,(int)getpid()); + if (NT_STATUS_IS_ERR(smbcli_close(cli-tree, fnums[maxfid-i]))) { + printf(Close of fnum %d failed - %s\n, fnums[maxfid-i], smbcli_errstr(cli-tree)); + } + if (NT_STATUS_IS_ERR(smbcli_unlink(cli-tree, fname))) { + printf(unlink of %s failed (%s)\n, + fname, smbcli_errstr(cli-tree)); + correct = False; + } + free(fname); + + printf(%6d %6d\r, i, maxfid-i); } printf(%6d\n, 0); + if (smbcli_deltree(cli-tree, \\maxfid) == -1) { + printf(Failed to deltree \\maxfid - %s\n, + smbcli_errstr(cli-tree)); + return False; + } + printf(maxfid test finished\n); if (!torture_close_connection(cli)) { correct = False;
svn commit: samba r3054 - in branches/SAMBA_4_0/source/smb_server: .
Author: tridge Date: 2004-10-19 06:31:37 + (Tue, 19 Oct 2004) New Revision: 3054 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/smb_serverrev=3054nolog=1 Log: use talloc_zero_array_p() in a couple of places Modified: branches/SAMBA_4_0/source/smb_server/nttrans.c branches/SAMBA_4_0/source/smb_server/trans2.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/nttrans.c === --- branches/SAMBA_4_0/source/smb_server/nttrans.c 2004-10-19 06:30:52 UTC (rev 3053) +++ branches/SAMBA_4_0/source/smb_server/nttrans.c 2004-10-19 06:31:37 UTC (rev 3054) @@ -39,7 +39,7 @@ { trans-out.setup_count = setup_count; if (setup_count != 0) { - trans-out.setup = talloc_zero(req, sizeof(uint16_t) * setup_count); + trans-out.setup = talloc_zero_array_p(req, uint16_t, setup_count); } trans-out.params = data_blob_talloc(req, NULL, param_size); trans-out.data = data_blob_talloc(req, NULL, data_size); Modified: branches/SAMBA_4_0/source/smb_server/trans2.c === --- branches/SAMBA_4_0/source/smb_server/trans2.c 2004-10-19 06:30:52 UTC (rev 3053) +++ branches/SAMBA_4_0/source/smb_server/trans2.c 2004-10-19 06:31:37 UTC (rev 3054) @@ -73,7 +73,7 @@ { trans-out.setup_count = setup_count; if (setup_count != 0) { - trans-out.setup = talloc_zero(req, sizeof(uint16_t) * setup_count); + trans-out.setup = talloc_zero_array_p(req, uint16_t, setup_count); } trans-out.params = data_blob_talloc(req, NULL, param_size); trans-out.data = data_blob_talloc(req, NULL, data_size);
svn commit: samba r3057 - in branches/SAMBA_4_0/source: lib ntvfs/common ntvfs/posix smb_server smbd torture
Author: tridge Date: 2004-10-19 07:08:35 + (Tue, 19 Oct 2004) New Revision: 3057 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=3057nolog=1 Log: - moved the idtree.c code into lib/ - converted the tid handling to use a idtree instead of bitmaps Added: branches/SAMBA_4_0/source/lib/idtree.c Removed: branches/SAMBA_4_0/source/ntvfs/common/idtree.c Modified: branches/SAMBA_4_0/source/lib/basic.mk branches/SAMBA_4_0/source/ntvfs/posix/config.mk branches/SAMBA_4_0/source/smb_server/conn.c branches/SAMBA_4_0/source/smb_server/smb_server.h branches/SAMBA_4_0/source/smbd/rewrite.c branches/SAMBA_4_0/source/torture/vfstest.c Changeset: Sorry, the patch is too large (591 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=3057nolog=1
svn commit: samba r3058 - in branches/SAMBA_4_0/source/lib: .
Author: tridge Date: 2004-10-19 07:10:56 + (Tue, 19 Oct 2004) New Revision: 3058 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librev=3058nolog=1 Log: we don't use the bitmap code any more, delete it Removed: branches/SAMBA_4_0/source/lib/bitmap.c Modified: branches/SAMBA_4_0/source/lib/basic.mk Changeset: Modified: branches/SAMBA_4_0/source/lib/basic.mk === --- branches/SAMBA_4_0/source/lib/basic.mk 2004-10-19 07:08:35 UTC (rev 3057) +++ branches/SAMBA_4_0/source/lib/basic.mk 2004-10-19 07:10:56 UTC (rev 3058) @@ -17,7 +17,6 @@ lib/time.o \ lib/genrand.o \ lib/username.o \ - lib/bitmap.o \ lib/snprintf.o \ lib/dprintf.o \ lib/xfile.o \ Deleted: branches/SAMBA_4_0/source/lib/bitmap.c === --- branches/SAMBA_4_0/source/lib/bitmap.c 2004-10-19 07:08:35 UTC (rev 3057) +++ branches/SAMBA_4_0/source/lib/bitmap.c 2004-10-19 07:10:56 UTC (rev 3058) @@ -1,163 +0,0 @@ -/* - Unix SMB/CIFS implementation. - simple bitmap functions - Copyright (C) Andrew Tridgell 1992-1998 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include includes.h - -/* these functions provide a simple way to allocate integers from a - pool without repetition */ - -/ -allocate a bitmap of the specified size -/ -struct bitmap *bitmap_allocate(int n) -{ - struct bitmap *bm; - - bm = (struct bitmap *)malloc(sizeof(*bm)); - - if (!bm) return NULL; - - bm-n = n; - bm-b = (uint32_t *)malloc(sizeof(bm-b[0])*(n+31)/32); - if (!bm-b) { - SAFE_FREE(bm); - return NULL; - } - - memset(bm-b, 0, sizeof(bm-b[0])*(n+31)/32); - - return bm; -} - -/ -free a bitmap. -/ - -void bitmap_free(struct bitmap *bm) -{ - if (!bm) - return; - - SAFE_FREE(bm-b); - SAFE_FREE(bm); -} - -/ -talloc a bitmap -/ -struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n) -{ - struct bitmap *bm; - - if (!mem_ctx) return NULL; - - bm = (struct bitmap *)talloc(mem_ctx, sizeof(*bm)); - - if (!bm) return NULL; - - bm-n = n; - bm-b = (uint32_t *)talloc(mem_ctx, sizeof(bm-b[0])*(n+31)/32); - if (!bm-b) { - return NULL; - } - - memset(bm-b, 0, sizeof(bm-b[0])*(n+31)/32); - - return bm; -} - -/ -set a bit in a bitmap -/ -BOOL bitmap_set(struct bitmap *bm, uint_t i) -{ - if (i = bm-n) { - DEBUG(0,(Setting invalid bitmap entry %d (of %d)\n, - i, bm-n)); - return False; - } - bm-b[i/32] |= (1(i%32)); - return True; -} - -/ -clear a bit in a bitmap -/ -BOOL bitmap_clear(struct bitmap *bm, uint_t i) -{ - if (i = bm-n) { - DEBUG(0,(clearing invalid bitmap entry %d (of %d)\n, - i, bm-n)); - return False; - } - bm-b[i/32] = ~(1(i%32)); - return True; -} - -/ -query a bit in a bitmap -/ -BOOL bitmap_query(struct bitmap *bm, uint_t i) -{ - if (i = bm-n) return False; - if (bm-b[i/32] (1(i%32))) { - return True; - } - return False; -} -
svn commit: samba r3060 - in branches/SAMBA_4_0/source/smb_server: .
Author: tpot Date: 2004-10-19 07:41:19 + (Tue, 19 Oct 2004) New Revision: 3060 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/smb_serverrev=3060nolog=1 Log: Replace magic number with a C99 constant. Modified: branches/SAMBA_4_0/source/smb_server/conn.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/conn.c === --- branches/SAMBA_4_0/source/smb_server/conn.c 2004-10-19 07:18:56 UTC (rev 3059) +++ branches/SAMBA_4_0/source/smb_server/conn.c 2004-10-19 07:41:19 UTC (rev 3060) @@ -59,7 +59,7 @@ tcon = talloc_zero_p(smb_conn, struct smbsrv_tcon); if (!tcon) return NULL; - i = idr_get_new(smb_conn-tree.idtree_tid, tcon, 0x1); + i = idr_get_new(smb_conn-tree.idtree_tid, tcon, UINT16_MAX + 1); if (i == -1) { DEBUG(1,(ERROR! Out of connection structures\n)); return NULL;
svn commit: samba r3061 - in branches/SAMBA_4_0/source/lib: .
Author: tridge Date: 2004-10-19 09:53:23 + (Tue, 19 Oct 2004) New Revision: 3061 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librev=3061nolog=1 Log: change a debug to help track down a charset problem Modified: branches/SAMBA_4_0/source/lib/charcnv.c Changeset: Modified: branches/SAMBA_4_0/source/lib/charcnv.c === --- branches/SAMBA_4_0/source/lib/charcnv.c 2004-10-19 07:41:19 UTC (rev 3060) +++ branches/SAMBA_4_0/source/lib/charcnv.c 2004-10-19 09:53:23 UTC (rev 3061) @@ -192,7 +192,8 @@ if (descriptor == (smb_iconv_t)-1 || descriptor == (smb_iconv_t)0) { /* conversion not supported, return -1*/ - DEBUG(3, (convert_string_talloc: conversion not supported!\n)); + DEBUG(3, (convert_string_talloc: conversion from %s to %s not supported!\n, + charset_name(from), charset_name(to))); return -1; }
svn commit: samba r3062 - in branches/SAMBA_4_0/source/param: .
Author: tridge Date: 2004-10-19 10:02:02 + (Tue, 19 Oct 2004) New Revision: 3062 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/paramrev=3062nolog=1 Log: handle spaces at the start of options in lp_set_cmdline() Modified: branches/SAMBA_4_0/source/param/loadparm.c Changeset: Modified: branches/SAMBA_4_0/source/param/loadparm.c === --- branches/SAMBA_4_0/source/param/loadparm.c 2004-10-19 09:53:23 UTC (rev 3061) +++ branches/SAMBA_4_0/source/param/loadparm.c 2004-10-19 10:02:02 UTC (rev 3062) @@ -2431,6 +2431,9 @@ int parmnum = map_parameter(pszParmName); int i; + while (isspace(*pszParmValue)) pszParmValue++; + + if (parmnum 0 strchr(pszParmName, ':')) { /* set a parametric option */ return lp_do_parameter_parametric(-1, pszParmName, pszParmValue, FLAG_CMDLINE);
svn commit: samba r3063 - in branches/SAMBA_4_0/source/lib: .
Author: tridge Date: 2004-10-19 10:15:34 + (Tue, 19 Oct 2004) New Revision: 3063 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librev=3063nolog=1 Log: our default dos charset is CP850, but some systems don't have that, so as a special case, automatically fall back to ASCII if its not found. Modified: branches/SAMBA_4_0/source/lib/charcnv.c Changeset: Modified: branches/SAMBA_4_0/source/lib/charcnv.c === --- branches/SAMBA_4_0/source/lib/charcnv.c 2004-10-19 10:02:02 UTC (rev 3062) +++ branches/SAMBA_4_0/source/lib/charcnv.c 2004-10-19 10:15:34 UTC (rev 3063) @@ -98,7 +98,21 @@ n2 = charset_name(to); conv_handles[from][to] = smb_iconv_open(n2,n1); + + if (conv_handles[from][to] == (smb_iconv_t)-1) { + if ((from == CH_DOS || to == CH_DOS) + strcasecmp(charset_name(CH_DOS), ASCII) != 0) { + DEBUG(0,(dos charset '%s' unavailable - using ASCII\n, +charset_name(CH_DOS))); + lp_set_cmdline(dos charset, ASCII); + n1 = charset_name(from); + n2 = charset_name(to); + + conv_handles[from][to] = smb_iconv_open(n2,n1); + } + } + return conv_handles[from][to]; }
svn commit: samba r3064 - in branches/SAMBA_4_0/source: include lib ntvfs/posix smb_server
Author: tridge Date: 2004-10-19 12:06:01 + (Tue, 19 Oct 2004) New Revision: 3064 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=3064nolog=1 Log: - use UINT8_MAX and UINT16_MAX instead of hex values for idr_get_new() limits - change idr_get_new() to use instead of = in the limit check Modified: branches/SAMBA_4_0/source/include/includes.h branches/SAMBA_4_0/source/lib/idtree.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c branches/SAMBA_4_0/source/smb_server/conn.c Changeset: Modified: branches/SAMBA_4_0/source/include/includes.h === --- branches/SAMBA_4_0/source/include/includes.h2004-10-19 10:15:34 UTC (rev 3063) +++ branches/SAMBA_4_0/source/include/includes.h2004-10-19 12:06:01 UTC (rev 3064) @@ -466,6 +466,14 @@ #define uint64 uint64_t #endif +#ifndef UINT8_MAX +#define UINT8_MAX 255 +#endif + +#ifndef UINT16_MAX +#define UINT16_MAX 65535 +#endif + /* * Types for devices, inodes and offsets. */ Modified: branches/SAMBA_4_0/source/lib/idtree.c === --- branches/SAMBA_4_0/source/lib/idtree.c 2004-10-19 10:15:34 UTC (rev 3063) +++ branches/SAMBA_4_0/source/lib/idtree.c 2004-10-19 12:06:01 UTC (rev 3064) @@ -322,7 +322,7 @@ int idr_get_new(void *idp, void *ptr, int limit) { int ret = idr_get_new_above_int((struct idr *)idp, ptr, 0); - if (ret = limit) { + if (ret limit) { idr_remove(idp, ret); return -1; } @@ -336,7 +336,7 @@ int idr_get_new_above(void *idp, void *ptr, int starting_id, int limit) { int ret = idr_get_new_above_int((struct idr *)idp, ptr, starting_id); - if (ret = limit) { + if (ret limit) { idr_remove(idp, ret); return -1; } Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2004-10-19 10:15:34 UTC (rev 3063) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2004-10-19 12:06:01 UTC (rev 3064) @@ -157,7 +157,7 @@ return NT_STATUS_NO_MEMORY; } - fnum = idr_get_new(pvfs-idtree_fnum, f, 0x1); + fnum = idr_get_new(pvfs-idtree_fnum, f, UINT16_MAX); if (fnum == -1) { talloc_free(f); return NT_STATUS_TOO_MANY_OPENED_FILES; Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c 2004-10-19 10:15:34 UTC (rev 3063) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c 2004-10-19 12:06:01 UTC (rev 3064) @@ -287,7 +287,7 @@ /* we need to give a handle back to the client so it can continue a search */ - id = idr_get_new(pvfs-idtree_search, search, 0x100); + id = idr_get_new(pvfs-idtree_search, search, UINT8_MAX); if (id == -1) { return NT_STATUS_INSUFFICIENT_RESOURCES; } @@ -415,7 +415,7 @@ return status; } - id = idr_get_new(pvfs-idtree_search, search, 0x1); + id = idr_get_new(pvfs-idtree_search, search, UINT16_MAX); if (id == -1) { return NT_STATUS_INSUFFICIENT_RESOURCES; } Modified: branches/SAMBA_4_0/source/smb_server/conn.c === --- branches/SAMBA_4_0/source/smb_server/conn.c 2004-10-19 10:15:34 UTC (rev 3063) +++ branches/SAMBA_4_0/source/smb_server/conn.c 2004-10-19 12:06:01 UTC (rev 3064) @@ -59,7 +59,7 @@ tcon = talloc_zero_p(smb_conn, struct smbsrv_tcon); if (!tcon) return NULL; - i = idr_get_new(smb_conn-tree.idtree_tid, tcon, UINT16_MAX + 1); + i = idr_get_new(smb_conn-tree.idtree_tid, tcon, UINT16_MAX); if (i == -1) { DEBUG(1,(ERROR! Out of connection structures\n)); return NULL;
svn commit: samba-docs r251 - in trunk/smbdotconf/ldap: .
Author: gd Date: 2004-10-19 13:32:45 + (Tue, 19 Oct 2004) New Revision: 251 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/smbdotconf/ldaprev=251nolog=1 Log: Corrected default settings for ldap timeout. Guenther Modified: trunk/smbdotconf/ldap/ldaptimeout.xml Changeset: Modified: trunk/smbdotconf/ldap/ldaptimeout.xml === --- trunk/smbdotconf/ldap/ldaptimeout.xml 2004-10-11 21:23:58 UTC (rev 250) +++ trunk/smbdotconf/ldap/ldaptimeout.xml 2004-10-19 13:32:45 UTC (rev 251) @@ -5,11 +5,11 @@ xmlns:samba=http://samba.org/common; description paraWhen Samba connects to an ldap server that server -may be down or unreachable. To prevent Samba from handing whilst +may be down or unreachable. To prevent Samba from hanging whilst waiting for the connection this parameter specifies in seconds how long Samba should wait before failing the connect. The default is -to only wait five seconds for the ldap server to respond to the +to only wait fifteen seconds for the ldap server to respond to the connect request./para /description -value type=default5/value +value type=default15/value /samba:parameter
svn commit: samba r3065 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jerry Date: 2004-10-19 14:45:48 + (Tue, 19 Oct 2004) New Revision: 3065 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/rpc_serverrev=3065nolog=1 Log: BUG 1519 (more): apparently the server_name notify request is used to fill in the title bar of the port monitor window and unless we get it right, you cannot open the printer properties from the port monitor window Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2004-10-19 12:06:01 UTC (rev 3064) +++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2004-10-19 14:45:48 UTC (rev 3065) @@ -2750,8 +2750,6 @@ return WERR_OK; } -#if 0 /* JERRY -- disabled; not used for now */ - /*** * fill a notify_info_data with the servername / @@ -2762,15 +2760,11 @@ NT_PRINTER_INFO_LEVEL *printer, TALLOC_CTX *mem_ctx) { - pstring temp_name, temp; + pstring temp; uint32 len; - fstrcpy( temp_name, %L ); - standard_sub_basic( , temp_name, sizeof(temp_name)-1 ); + len = rpcstr_push(temp, printer-info_2-servername, sizeof(temp)-2, STR_TERMINATE); - - len = rpcstr_push(temp, temp_name, sizeof(temp)-2, STR_TERMINATE); - data-notify_data.data.length = len; data-notify_data.data.string = (uint16 *)talloc(mem_ctx, len); @@ -2782,9 +2776,6 @@ memcpy(data-notify_data.data.string, temp, len); } -#endif - - /*** * fill a notify_info_data with the printername (not including the servername). / @@ -3457,7 +3448,7 @@ static const struct s_notify_info_data_table notify_info_data_table[] = { -{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SERVER_NAME, PRINTER_NOTIFY_SERVER_NAME, NOTIFY_STRING, NULL}, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SERVER_NAME, PRINTER_NOTIFY_SERVER_NAME, NOTIFY_STRING, spoolss_notify_server_name }, { PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRINTER_NAME, PRINTER_NOTIFY_PRINTER_NAME,NOTIFY_STRING, spoolss_notify_printer_name }, { PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SHARE_NAME, PRINTER_NOTIFY_SHARE_NAME, NOTIFY_STRING, spoolss_notify_share_name }, { PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PORT_NAME, PRINTER_NOTIFY_PORT_NAME, NOTIFY_STRING, spoolss_notify_port_name }, @@ -3484,7 +3475,7 @@ { PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_TOTAL_BYTES, PRINTER_NOTIFY_TOTAL_BYTES, NOTIFY_POINTER, NULL }, { PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_BYTES_PRINTED, PRINTER_NOTIFY_BYTES_PRINTED, NOTIFY_POINTER, NULL }, { JOB_NOTIFY_TYPE, JOB_NOTIFY_PRINTER_NAME,JOB_NOTIFY_PRINTER_NAME, NOTIFY_STRING, spoolss_notify_printer_name }, -{ JOB_NOTIFY_TYPE, JOB_NOTIFY_MACHINE_NAME,JOB_NOTIFY_MACHINE_NAME, NOTIFY_STRING, NULL}, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_MACHINE_NAME,JOB_NOTIFY_MACHINE_NAME, NOTIFY_STRING, spoolss_notify_server_name }, { JOB_NOTIFY_TYPE, JOB_NOTIFY_PORT_NAME, JOB_NOTIFY_PORT_NAME, NOTIFY_STRING, spoolss_notify_port_name }, { JOB_NOTIFY_TYPE, JOB_NOTIFY_USER_NAME, JOB_NOTIFY_USER_NAME, NOTIFY_STRING, spoolss_notify_username }, { JOB_NOTIFY_TYPE, JOB_NOTIFY_NOTIFY_NAME, JOB_NOTIFY_NOTIFY_NAME, NOTIFY_STRING, spoolss_notify_username },
svn commit: samba r3066 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jerry Date: 2004-10-19 16:17:23 + (Tue, 19 Oct 2004) New Revision: 3066 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/rpc_serverrev=3066nolog=1 Log: BUG 1519: fix segfault caused by double free of a printer Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2004-10-19 14:45:48 UTC (rev 3065) +++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2004-10-19 16:17:23 UTC (rev 3066) @@ -8663,7 +8663,6 @@ free_job_info_2(info_2);/* Also frees devmode */ SAFE_FREE(info_2); - free_a_printer(ntprinter, 2); return ret; }
svn commit: samba-web r376 - in trunk: .
Author: deryck Date: 2004-10-19 16:54:31 + (Tue, 19 Oct 2004) New Revision: 376 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/trunkrev=376nolog=1 Log: Open page to two-column. Display svn co directions in pre tags, not blockquotes. --deryck Modified: trunk/subversion.html Changeset: Modified: trunk/subversion.html === --- trunk/subversion.html 2004-10-18 21:49:19 UTC (rev 375) +++ trunk/subversion.html 2004-10-19 16:54:31 UTC (rev 376) @@ -1,6 +1,6 @@ !--#include virtual=/samba/header.html -- titleSamba - Subversion Instructions/title -!--#include virtual=/samba/header2.html -- +!--#include virtual=/samba/download/header_download.html -- h2 align=centerSubversion access to svnanon.samba.org/h2 @@ -20,24 +20,24 @@ pTo access the 'trunk', run: -blockquote +pre svn co svn://svnanon.samba.org/samba/trunk samba-trunk -/blockquote +/pre pTo check out a certain branch, say a branch called bBRANCH/b, run: -blockquote +pre svn co svn://svnanon.samba.org/samba/branches/bBRANCH/b samba-bBRANCH/b -/blockquote +/pre pMajor current branches include: -blockquote +pre svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_0 samba-3_0 -/blockquote -blockquote +/pre +pre svn co svn://svnanon.samba.org/samba/branches/SAMBA_4_0 samba-4_0 -/blockquote +/pre H3Access via rsync and ftp/H3
svn commit: samba r3067 - in branches/SAMBA_3_0/source: include printing smbd
Author: jerry Date: 2004-10-19 17:05:01 + (Tue, 19 Oct 2004) New Revision: 3067 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/sourcerev=3067nolog=1 Log: patch based on volker's initial work in trunk that fixes the queu update problem when using the background daemon Modified: branches/SAMBA_3_0/source/include/printing.h branches/SAMBA_3_0/source/printing/lpq_parse.c branches/SAMBA_3_0/source/printing/notify.c branches/SAMBA_3_0/source/printing/print_cups.c branches/SAMBA_3_0/source/printing/print_generic.c branches/SAMBA_3_0/source/printing/printfsp.c branches/SAMBA_3_0/source/printing/printing.c branches/SAMBA_3_0/source/smbd/fileio.c Changeset: Sorry, the patch is too large (1895 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/sourcerev=3067nolog=1
svn commit: samba r3069 - in branches/SAMBA_3_0/source: param printing rpc_server
Author: jerry Date: 2004-10-19 22:13:08 + (Tue, 19 Oct 2004) New Revision: 3069 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/sourcerev=3069nolog=1 Log: add 'force printername' service parameter for people that want to enforce printername == sharename for spoolss printing Modified: branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/printing/nt_printing.c branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2004-10-19 22:05:38 UTC (rev 3068) +++ branches/SAMBA_3_0/source/param/loadparm.c 2004-10-19 22:13:08 UTC (rev 3069) @@ -413,6 +413,7 @@ BOOL bMSDfsRoot; BOOL bUseClientDriver; BOOL bDefaultDevmode; + BOOL bForcePrintername; BOOL bNTAclSupport; BOOL bForceUnknownAclUser; BOOL bUseSendfile; @@ -537,6 +538,7 @@ False, /* bMSDfsRoot */ False, /* bUseClientDriver */ False, /* bDefaultDevmode */ + False, /* bForcePrintername */ True, /* bNTAclSupport */ False, /* bForceUnknownAclUser */ True, /* bUseSendfile */ @@ -983,6 +985,7 @@ {printer, P_STRING, P_LOCAL, sDefault.szPrintername, NULL, NULL, FLAG_HIDE}, {use client driver, P_BOOL, P_LOCAL, sDefault.bUseClientDriver, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT}, {default devmode, P_BOOL, P_LOCAL, sDefault.bDefaultDevmode, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT}, + {force printername, P_BOOL, P_LOCAL, sDefault.bForcePrintername, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT}, {N_(Filename Handling), P_SEP, P_SEPARATOR}, {mangling method, P_STRING, P_GLOBAL, Globals.szManglingMethod, NULL, NULL, FLAG_ADVANCED}, @@ -1885,6 +1888,7 @@ FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS) FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver) FN_LOCAL_BOOL(lp_default_devmode, bDefaultDevmode) +FN_LOCAL_BOOL(lp_force_printername, bForcePrintername) FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport) FN_LOCAL_BOOL(lp_force_unknown_acl_user, bForceUnknownAclUser) FN_LOCAL_BOOL(lp_ea_support, bEASupport) Modified: branches/SAMBA_3_0/source/printing/nt_printing.c === --- branches/SAMBA_3_0/source/printing/nt_printing.c2004-10-19 22:05:38 UTC (rev 3068) +++ branches/SAMBA_3_0/source/printing/nt_printing.c2004-10-19 22:13:08 UTC (rev 3069) @@ -3357,7 +3357,8 @@ { pstring key; NT_PRINTER_INFO_LEVEL_2 info; - int len = 0; + int len = 0; + int snum = lp_servicenumber(sharename); TDB_DATA kbuf, dbuf; fstring printername; char adevice[MAXDEVICENAME]; @@ -3403,7 +3404,12 @@ /* Restore the stripped strings. */ slprintf(info.servername, sizeof(info.servername)-1, %s, servername); - slprintf(printername, sizeof(printername)-1, %s\\%s, servername, info.printername); + + if ( lp_force_printername(snum) ) + slprintf(printername, sizeof(printername)-1, %s\\%s, servername, sharename ); + else + slprintf(printername, sizeof(printername)-1, %s\\%s, servername, info.printername); + fstrcpy(info.printername, printername); len += unpack_devicemode(info.devmode,dbuf.dptr+len, dbuf.dsize-len); @@ -3416,7 +3422,7 @@ * See comments in get_a_printer_2_default() */ - if (lp_default_devmode(lp_servicenumber(sharename)) !info.devmode) { + if (lp_default_devmode(snum) !info.devmode) { DEBUG(8,(get_a_printer_2: Constructing a default device mode for [%s]\n, printername)); info.devmode = construct_nt_devicemode(printername); Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2004-10-19 22:05:38 UTC (rev 3068) +++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2004-10-19 22:13:08 UTC (rev 3069) @@ -529,12 +529,20 @@ } } + /* do another loop to look for printernames */ for (snum=0; !found snumn_services; snum++) { - if ( !(lp_snum_ok(snum) lp_print_ok(snum) ) ) + /* no point in checking if this is not a printer or + we aren't allowing printername != sharename */ + + if ( !(lp_snum_ok(snum) +lp_print_ok(snum) +!lp_force_printername(snum)) ) + { continue; + }
svn commit: samba r3070 - in trunk/source: param printing rpc_server
Author: jerry Date: 2004-10-19 22:14:48 + (Tue, 19 Oct 2004) New Revision: 3070 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/sourcerev=3070nolog=1 Log: add 'force printername' service parameter for people that want to enforce printername == sharename for spoolss printing Modified: trunk/source/param/loadparm.c trunk/source/printing/nt_printing.c trunk/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: trunk/source/param/loadparm.c === --- trunk/source/param/loadparm.c 2004-10-19 22:13:08 UTC (rev 3069) +++ trunk/source/param/loadparm.c 2004-10-19 22:14:48 UTC (rev 3070) @@ -416,6 +416,7 @@ BOOL bMSDfsRoot; BOOL bUseClientDriver; BOOL bDefaultDevmode; + BOOL bForcePrintername; BOOL bNTAclSupport; BOOL bForceUnknownAclUser; BOOL bUseSendfile; @@ -540,6 +541,7 @@ False, /* bMSDfsRoot */ False, /* bUseClientDriver */ False, /* bDefaultDevmode */ + False, /* bForcePrintername */ True, /* bNTAclSupport */ False, /* bForceUnknownAclUser */ True, /* bUseSendfile */ @@ -988,6 +990,7 @@ {printer, P_STRING, P_LOCAL, sDefault.szPrintername, NULL, NULL, FLAG_HIDE}, {use client driver, P_BOOL, P_LOCAL, sDefault.bUseClientDriver, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT}, {default devmode, P_BOOL, P_LOCAL, sDefault.bDefaultDevmode, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT}, + {force printername, P_BOOL, P_LOCAL, sDefault.bForcePrintername, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT}, {N_(Filename Handling), P_SEP, P_SEPARATOR}, {mangling method, P_STRING, P_GLOBAL, Globals.szManglingMethod, NULL, NULL, FLAG_ADVANCED}, @@ -1898,6 +1901,7 @@ FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS) FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver) FN_LOCAL_BOOL(lp_default_devmode, bDefaultDevmode) +FN_LOCAL_BOOL(lp_force_printername, bForcePrintername) FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport) FN_LOCAL_BOOL(lp_force_unknown_acl_user, bForceUnknownAclUser) FN_LOCAL_BOOL(lp_ea_support, bEASupport) Modified: trunk/source/printing/nt_printing.c === --- trunk/source/printing/nt_printing.c 2004-10-19 22:13:08 UTC (rev 3069) +++ trunk/source/printing/nt_printing.c 2004-10-19 22:14:48 UTC (rev 3070) @@ -3357,7 +3357,8 @@ { pstring key; NT_PRINTER_INFO_LEVEL_2 info; - int len = 0; + int len = 0; + int snum = lp_servicenumber(sharename); TDB_DATA kbuf, dbuf; fstring printername; char adevice[MAXDEVICENAME]; @@ -3403,7 +3404,12 @@ /* Restore the stripped strings. */ slprintf(info.servername, sizeof(info.servername)-1, %s, servername); - slprintf(printername, sizeof(printername)-1, %s\\%s, servername, info.printername); + + if ( lp_force_printername(snum) ) + slprintf(printername, sizeof(printername)-1, %s\\%s, servername, sharename ); + else + slprintf(printername, sizeof(printername)-1, %s\\%s, servername, info.printername); + fstrcpy(info.printername, printername); len += unpack_devicemode(info.devmode,dbuf.dptr+len, dbuf.dsize-len); @@ -3416,7 +3422,7 @@ * See comments in get_a_printer_2_default() */ - if (lp_default_devmode(lp_servicenumber(sharename)) !info.devmode) { + if (lp_default_devmode(snum) !info.devmode) { DEBUG(8,(get_a_printer_2: Constructing a default device mode for [%s]\n, printername)); info.devmode = construct_nt_devicemode(printername); Modified: trunk/source/rpc_server/srv_spoolss_nt.c === --- trunk/source/rpc_server/srv_spoolss_nt.c2004-10-19 22:13:08 UTC (rev 3069) +++ trunk/source/rpc_server/srv_spoolss_nt.c2004-10-19 22:14:48 UTC (rev 3070) @@ -529,12 +529,20 @@ } } + /* do another loop to look for printernames */ for (snum=0; !found snumn_services; snum++) { - if ( !(lp_snum_ok(snum) lp_print_ok(snum) ) ) + /* no point in checking if this is not a printer or + we aren't allowing printername != sharename */ + + if ( !(lp_snum_ok(snum) +lp_print_ok(snum) +!lp_force_printername(snum)) ) + { continue; + } fstrcpy(sname, lp_servicename(snum)); @@ -555,16 +563,16 @@ } printername++; - +
svn commit: samba-docs r252 - in trunk: manpages xslt
Author: jelmer Date: 2004-10-19 22:54:36 + (Tue, 19 Oct 2004) New Revision: 252 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunkrev=252nolog=1 Log: Fix indentation in Pearson XML output Add some markup in mount.cifs(8) Modified: trunk/manpages/mount.cifs.8.xml trunk/xslt/docbook2pearson.xsl trunk/xslt/sambadoc2pearson.xsl Changeset: Modified: trunk/manpages/mount.cifs.8.xml === --- trunk/manpages/mount.cifs.8.xml 2004-10-19 13:32:45 UTC (rev 251) +++ trunk/manpages/mount.cifs.8.xml 2004-10-19 22:54:36 UTC (rev 252) @@ -258,9 +258,9 @@ para The primary mechanism for making configuration changes and for reading debug information for the cifs vfs is via the Linux /proc filesystem. -In the directory /proc/fs/cifs are various configuration files and -pseudo files which can display debug information. For more -information see the kernel file fs/cifs/README +In the directory filename/proc/fs/cifs/filename are various +configuration files and pseudo files which can display debug information. +For more information see the kernel file filenamefs/cifs/README/filename. /para /refsect1 Modified: trunk/xslt/docbook2pearson.xsl === --- trunk/xslt/docbook2pearson.xsl 2004-10-19 13:32:45 UTC (rev 251) +++ trunk/xslt/docbook2pearson.xsl 2004-10-19 22:54:36 UTC (rev 252) @@ -102,12 +102,8 @@ xsl:apply-templates/ /xsl:template -xsl:template match=index - xsl:comment XXX insert index here /xsl:comment - !-- chapter - xsl:call-template name=transform.id.attribute/ - xsl:apply-templates/ -/chapter -- + xsl:template match=index + xsl:comment XXX insert index here /xsl:comment /xsl:template xsl:template match=preface Modified: trunk/xslt/sambadoc2pearson.xsl === --- trunk/xslt/sambadoc2pearson.xsl 2004-10-19 13:32:45 UTC (rev 251) +++ trunk/xslt/sambadoc2pearson.xsl 2004-10-19 22:54:36 UTC (rev 252) @@ -23,12 +23,12 @@ /xsl:template xsl:template match=smbconfexample/smbconfoption|smbconfblock/smbconfoption - xsl:value-of select=name/xsl:text = /xsl:textxsl:value-of select=value/xsl:text#10;/xsl:text + xsl:text /xsl:textxsl:value-of select=name/xsl:text = /xsl:textxsl:value-of select=value/xsl:text#10;/xsl:text /xsl:template xsl:template match=smbconfexample - !--xsl:call-template name=transform.id.attribute/-- listing + xsl:call-template name=transform.id.attribute/ xsl:if test=title != '' descriptionxsl:value-of select=title//description /xsl:if
svn commit: samba r3071 - in trunk/source/torture: .
Author: jra Date: 2004-10-19 23:41:20 + (Tue, 19 Oct 2004) New Revision: 3071 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/torturerev=3071nolog=1 Log: Fix for bug #1947 - incorrect use of getpwnam() etc. interface. Jeremy. Modified: trunk/source/torture/cmd_vfs.c Changeset: Modified: trunk/source/torture/cmd_vfs.c === --- trunk/source/torture/cmd_vfs.c 2004-10-19 22:14:48 UTC (rev 3070) +++ trunk/source/torture/cmd_vfs.c 2004-10-19 23:41:20 UTC (rev 3071) @@ -538,8 +538,6 @@ printf( Modify: %s, ctime((st.st_mtime))); printf( Change: %s, ctime((st.st_ctime))); - SAFE_FREE(pwd); - SAFE_FREE(grp); return NT_STATUS_OK; } @@ -606,8 +604,6 @@ printf( Modify: %s, ctime((st.st_mtime))); printf( Change: %s, ctime((st.st_ctime))); - SAFE_FREE(pwd); - SAFE_FREE(grp); return NT_STATUS_OK; } @@ -662,8 +658,6 @@ printf( Modify: %s, ctime((st.st_mtime))); printf( Change: %s, ctime((st.st_ctime))); - SAFE_FREE(pwd); - SAFE_FREE(grp); return NT_STATUS_OK; }
svn commit: samba r3073 - in branches/SAMBA_4_0/source: lib librpc/ndr
Author: abartlet Date: 2004-10-20 02:02:00 + (Wed, 20 Oct 2004) New Revision: 3073 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=3073nolog=1 Log: Fix bug in the handling of null-terminated ASCII strings in RPC. Because we didn't count the null terminator, we would not move past it in the packet. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/util_str.c branches/SAMBA_4_0/source/librpc/ndr/ndr_basic.c Changeset: Modified: branches/SAMBA_4_0/source/lib/util_str.c === --- branches/SAMBA_4_0/source/lib/util_str.c2004-10-19 23:41:26 UTC (rev 3072) +++ branches/SAMBA_4_0/source/lib/util_str.c2004-10-20 02:02:00 UTC (rev 3073) @@ -1120,6 +1120,24 @@ /*** +return the number of bytes occupied by a buffer in ASCII format +the result includes the null termination +limited by 'n' bytes +/ +size_t ascii_len_n(const char *src, size_t n) +{ + size_t len; + + len = strnlen(src, n); + if (len+1 = n) { + len += 1; + } + + return len; +} + + +/*** Return a string representing a CIFS attribute for a file. / char *attrib_string(TALLOC_CTX *mem_ctx, uint32_t attrib) Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_basic.c === --- branches/SAMBA_4_0/source/librpc/ndr/ndr_basic.c2004-10-19 23:41:26 UTC (rev 3072) +++ branches/SAMBA_4_0/source/librpc/ndr/ndr_basic.c2004-10-20 02:02:00 UTC (rev 3073) @@ -657,7 +657,7 @@ case LIBNDR_FLAG_STR_NULLTERM: if (byte_mul == 1) { - len1 = strnlen(ndr-data+ndr-offset, ndr-data_size - ndr-offset); + len1 = ascii_len_n(ndr-data+ndr-offset, ndr-data_size - ndr-offset); } else { len1 = utf16_len_n(ndr-data+ndr-offset, ndr-data_size - ndr-offset); }
svn commit: samba r3075 - in branches/SAMBA_4_0/source: libcli/auth librpc/rpc
Author: abartlet Date: 2004-10-20 02:10:46 + (Wed, 20 Oct 2004) New Revision: 3075 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=3075nolog=1 Log: Initialise (and check for intialisation) of the private pointer to ensure we don't segfault on the cleanup from an incomplete schannel bind. Andrew Bartlett Modified: branches/SAMBA_4_0/source/libcli/auth/schannel.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_schannel.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/auth/schannel.c === --- branches/SAMBA_4_0/source/libcli/auth/schannel.c2004-10-20 02:08:36 UTC (rev 3074) +++ branches/SAMBA_4_0/source/libcli/auth/schannel.c2004-10-20 02:10:46 UTC (rev 3075) @@ -278,8 +278,10 @@ */ void schannel_end(struct schannel_state **state) { - talloc_destroy((*state)-mem_ctx); - (*state) = NULL; + if (*state) { + talloc_destroy((*state)-mem_ctx); + (*state) = NULL; + } } /* Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_schannel.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_schannel.c 2004-10-20 02:08:36 UTC (rev 3074) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_schannel.c 2004-10-20 02:10:46 UTC (rev 3075) @@ -279,9 +279,13 @@ static NTSTATUS dcerpc_schannel_server_start(struct gensec_security *gensec_security) { NTSTATUS status; + struct dcerpc_schannel_state *dce_schan_state; status = dcerpc_schannel_start(gensec_security); + dce_schan_state = gensec_security-private_data; + dce_schan_state-schannel_state = NULL; + if (!NT_STATUS_IS_OK(status)) { return status; }
svn commit: samba r3076 - in branches/SAMBA_4_0/source/rpc_server/netlogon: .
Author: abartlet Date: 2004-10-20 02:11:40 + (Wed, 20 Oct 2004) New Revision: 3076 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/rpc_server/netlogonrev=3076nolog=1 Log: Fix memory leak. Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/schannel_state.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/schannel_state.c === --- branches/SAMBA_4_0/source/rpc_server/netlogon/schannel_state.c 2004-10-20 02:10:46 UTC (rev 3075) +++ branches/SAMBA_4_0/source/rpc_server/netlogon/schannel_state.c 2004-10-20 02:11:40 UTC (rev 3076) @@ -68,7 +68,7 @@ return NT_STATUS_NO_MEMORY; } - asprintf(s, %u, (unsigned int)expiry); + s = talloc_asprintf(mem_ctx, %u, (unsigned int)expiry); if (s == NULL) { talloc_free(ldb); @@ -97,6 +97,8 @@ ret = ldb_add(ldb-ldb, msg); + talloc_free(s); + if (ret != 0) { DEBUG(0,(Unable to add %s to session key db - %s\n, msg.dn, ldb_errstring(ldb-ldb)));
svn commit: samba r3077 - in branches/SAMBA_4_0/source/rpc_server/samr: .
Author: abartlet Date: 2004-10-20 02:12:52 + (Wed, 20 Oct 2004) New Revision: 3077 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/rpc_server/samrrev=3077nolog=1 Log: Add initial handling of Account Flags in SAMR user info level 21 and 25. Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c === --- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2004-10-20 02:11:40 UTC (rev 3076) +++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2004-10-20 02:12:52 UTC (rev 3077) @@ -1676,12 +1676,17 @@ SET_STRING(msg, info21.workstations.name, userWorkstations); IFSET(SAMR_FIELD_LOGON_HOURS) SET_LHOURS(msg, info21.logon_hours, logonHours); + IFSET(SAMR_FIELD_ACCT_FLAGS) + SET_AFLAGS(msg, info21.acct_flags, userAccountControl); IFSET(SAMR_FIELD_CALLBACK) SET_STRING(msg, info21.callback.name, userParameters); IFSET(SAMR_FIELD_COUNTRY_CODE) SET_UINT (msg, info21.country_code, countryCode); IFSET(SAMR_FIELD_CODE_PAGE) SET_UINT (msg, info21.code_page, codePage); + + + /* Any reason the rest of these can't be set? */ #undef IFSET break; @@ -1701,6 +1706,8 @@ SET_STRING(msg, info23.info.workstations.name, userWorkstations); IFSET(SAMR_FIELD_LOGON_HOURS) SET_LHOURS(msg, info23.info.logon_hours, logonHours); + IFSET(SAMR_FIELD_ACCT_FLAGS) + SET_AFLAGS(msg, info23.info.acct_flags, userAccountControl); IFSET(SAMR_FIELD_CALLBACK) SET_STRING(msg, info23.info.callback.name, userParameters); IFSET(SAMR_FIELD_COUNTRY_CODE) @@ -1744,6 +1751,8 @@ SET_STRING(msg, info25.info.workstations.name, userWorkstations); IFSET(SAMR_FIELD_LOGON_HOURS) SET_LHOURS(msg, info25.info.logon_hours, logonHours); + IFSET(SAMR_FIELD_ACCT_FLAGS) + SET_AFLAGS(msg, info25.info.acct_flags, userAccountControl); IFSET(SAMR_FIELD_CALLBACK) SET_STRING(msg, info25.info.callback.name, userParameters); IFSET(SAMR_FIELD_COUNTRY_CODE)
svn commit: samba r3078 - in branches/SAMBA_4_0/source/script: .
Author: abartlet Date: 2004-10-20 02:13:45 + (Wed, 20 Oct 2004) New Revision: 3078 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/scriptrev=3078nolog=1 Log: Allow more things to be set as command line options to provision. Andrew Bartlett Modified: branches/SAMBA_4_0/source/script/provision.pl Changeset: Modified: branches/SAMBA_4_0/source/script/provision.pl === --- branches/SAMBA_4_0/source/script/provision.pl 2004-10-20 02:12:52 UTC (rev 3077) +++ branches/SAMBA_4_0/source/script/provision.pl 2004-10-20 02:13:45 UTC (rev 3078) @@ -41,7 +41,7 @@ return sprintf(%08x-%04x-%04x-%04x-%08x%04x, $r1, $r2, $r3, $r4, $r5, $r6); } -my $domainguid = randguid(); +my $opt_domainguid = randguid(); my $hostguid = randguid(); sub randsid() @@ -50,7 +50,7 @@ int(rand(10**8)), int(rand(10**8)), int(rand(10**8))); } -my $domainsid = randsid(); +my $opt_domainsid = randsid(); # generate a random password. Poor algorithm :( sub randpass() @@ -82,7 +82,7 @@ } if ($var eq DOMAINSID) { - return $domainsid; + return $opt_domainsid; } if ($var eq DOMAIN) { @@ -122,7 +122,7 @@ } if ($var eq DOMAINGUID) { - return $domainguid; + return $opt_domainguid; } if ($var eq HOSTGUID) { @@ -246,6 +246,8 @@ 'help|h|?' = \$opt_help, 'realm=s' = \$opt_realm, 'domain=s' = \$opt_domain, + 'domain-guid=s' = \$opt_domainguid, + 'domain-sid=s' = \$opt_domainsid, 'hostname=s' = \$opt_hostname, 'hostip=s' = \$opt_hostip, 'adminpass=s' = \$opt_adminpass,
svn commit: samba r3079 - in branches/SAMBA_4_0/source: libcli/ldap torture/ldap
Author: abartlet Date: 2004-10-20 02:14:28 + (Wed, 20 Oct 2004) New Revision: 3079 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=3079nolog=1 Log: make code more pretty :-) Andrew Bartlett Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c branches/SAMBA_4_0/source/torture/ldap/common.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2004-10-20 02:13:45 UTC (rev 3078) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2004-10-20 02:14:28 UTC (rev 3079) @@ -1535,7 +1535,7 @@ return result; } - gensec_want_feature(conn-gensec, GENSEC_WANT_SIGN|GENSEC_WANT_SEAL); + gensec_want_feature(conn-gensec, GENSEC_WANT_SIGN | GENSEC_WANT_SEAL); status = gensec_set_domain(conn-gensec, domain); if (!NT_STATUS_IS_OK(status)) { Modified: branches/SAMBA_4_0/source/torture/ldap/common.c === --- branches/SAMBA_4_0/source/torture/ldap/common.c 2004-10-20 02:13:45 UTC (rev 3078) +++ branches/SAMBA_4_0/source/torture/ldap/common.c 2004-10-20 02:14:28 UTC (rev 3079) @@ -120,10 +120,10 @@ return False; status = gensec_seal_packet(conn-gensec, - msg-mem_ctx, - request.data, request.length, - request.data, request.length, - creds); + msg-mem_ctx, + request.data, request.length, + request.data, request.length, + creds); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,(gensec_seal_packet: %s\n,nt_errstr(status))); return False;
svn commit: samba r3080 - in branches/SAMBA_4_0/source/rpc_server/samr: .
Author: abartlet Date: 2004-10-20 02:26:59 + (Wed, 20 Oct 2004) New Revision: 3080 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/rpc_server/samrrev=3080nolog=1 Log: Make the Samba4 SAMR server pass the new, nasty torture test (now that SAMR_FIELD_PASSWORD has been split up). Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c === --- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2004-10-20 02:14:28 UTC (rev 3079) +++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2004-10-20 02:26:59 UTC (rev 3080) @@ -1721,6 +1721,13 @@ a_state-domain_state-domain_dn, mem_ctx, msg, r-in.info-info23.password); + } else IFSET(SAMR_FIELD_PASSWORD2) { + status = samr_set_password(dce_call, + a_state-sam_ctx, + a_state-account_dn, + a_state-domain_state-domain_dn, + mem_ctx, msg, + r-in.info-info23.password); } #undef IFSET break; @@ -1766,6 +1773,13 @@ a_state-domain_state-domain_dn, mem_ctx, msg, r-in.info-info25.password); + } else IFSET(SAMR_FIELD_PASSWORD2) { + status = samr_set_password_ex(dce_call, + a_state-sam_ctx, + a_state-account_dn, + a_state-domain_state-domain_dn, + mem_ctx, msg, + r-in.info-info25.password); } #undef IFSET break;
svn commit: samba-docs r253 - in trunk/Samba-Guide: .
Author: jht Date: 2004-10-20 05:58:37 + (Wed, 20 Oct 2004) New Revision: 253 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/Samba-Guiderev=253nolog=1 Log: Updates and fixes. Modified: trunk/Samba-Guide/Chap03-TheSmallOffice.xml trunk/Samba-Guide/Chap04-SecureOfficeServer.xml Changeset: Modified: trunk/Samba-Guide/Chap03-TheSmallOffice.xml === --- trunk/Samba-Guide/Chap03-TheSmallOffice.xml 2004-10-19 22:54:36 UTC (rev 252) +++ trunk/Samba-Guide/Chap03-TheSmallOffice.xml 2004-10-20 05:58:37 UTC (rev 253) @@ -430,23 +430,13 @@ # Add Functional Domain Groups net groupmap add ntgroup=Accounts Dept unixgroup=acctsdep type=d net groupmap add ntgroup=Financial Services unixgroup=finsrvcs type=d - -# Map Windows NT machine local groups to local UNIX groups -net groupmap modify ntgroup=Administrators unixgroup=sys -net groupmap modify ntgroup=Users unixgroup=public -net groupmap modify ntgroup=Guests unixgroup=nobody -net groupmap modify ntgroup=System Operators unixgroup=daemon -net groupmap modify ntgroup=Account Operators unixgroup=wheel -net groupmap modify ntgroup=Backup Operators unixgroup=bin -net groupmap modify ntgroup=Print Operators unixgroup=lp -net groupmap modify ntgroup=Replicatorsunixgroup=kmem -net groupmap modify ntgroup=Power Usersunixgroup=ntadmin /screen /example screen rootprompt; chmod 755 initGrps.sh -rootprompt; /etc/samba # ./initGrps.sh +rootprompt; cd /etc/samba +rootprompt; ./initGrps.sh Updated mapping entry for Domain Admins Updated mapping entry for Domain Users Updated mapping entry for Domain Guests @@ -454,31 +444,23 @@ Successfully added group Accounts Dept to the mapping db No rid or sid specified, choosing algorithmic mapping Successfully added group Domain Guests to the mapping db -Updated mapping entry for Administrators -Updated mapping entry for Users -Updated mapping entry for Guests -Updated mapping entry for System Operators -Updated mapping entry for Account Operators -Updated mapping entry for Backup Operators -Updated mapping entry for Print Operators -Updated mapping entry for Replicators -Updated mapping entry for Power Users -rootprompt; /etc/samba # net groupmap list | sort -Account Operators (S-1-5-32-548) - wheel +rootprompt; cd /etc/samba +rootprompt; net groupmap list | sort +Account Operators (S-1-5-32-548) - -1 Accounts Dept (S-1-5-21-194350-25496802-3394589-2003) - acctsdep -Administrators (S-1-5-32-544) - sys -Backup Operators (S-1-5-32-551) - bin +Administrators (S-1-5-32-544) - -1 +Backup Operators (S-1-5-32-551) - -1 Domain Admins (S-1-5-21-194350-25496802-3394589-512) - root Domain Guests (S-1-5-21-194350-25496802-3394589-514) - nobody Domain Users (S-1-5-21-194350-25496802-3394589-513) - users Financial Services (S-1-5-21-194350-25496802-3394589-2005) - finsrvcs -Guests (S-1-5-32-546) - nobody -Power Users (S-1-5-32-547) - ntadmin -Print Operators (S-1-5-32-550) - lp -Replicators (S-1-5-32-552) - kmem -System Operators (S-1-5-32-549) - daemon -Users (S-1-5-32-545) - public +Guests (S-1-5-32-546) - -1 +Power Users (S-1-5-32-547) - -1 +Print Operators (S-1-5-32-550) - -1 +Replicators (S-1-5-32-552) - -1 +System Operators (S-1-5-32-549) - -1 +Users (S-1-5-32-545) - -1 /screen /para/step @@ -677,13 +659,13 @@ smbconfoptionnamename resolve order/namevaluewins bcast hosts/value/smbconfoption smbconfoptionnameprintcap name/namevalueCUPS/value/smbconfoption smbconfoptionnameshow add printer wizard/namevalueNo/value/smbconfoption -smbconfoptionnameadd user script/namevalue/usr/sbin/useradd -m %u/value/smbconfoption -smbconfoptionnamedelete user script/namevalue/usr/sbin/userdel -r %u/value/smbconfoption -smbconfoptionnameadd group script/namevalue/usr/sbin/groupadd %g/value/smbconfoption -smbconfoptionnamedelete group script/namevalue/usr/sbin/groupdel %g/value/smbconfoption -smbconfoptionnameadd user to group script/namevalue/usr/sbin/usermod -G %g %u/value/smbconfoption +smbconfoptionnameadd user script/namevalue/usr/sbin/useradd -m '%u'/value/smbconfoption +smbconfoptionnamedelete user script/namevalue/usr/sbin/userdel -r '%u'/value/smbconfoption +smbconfoptionnameadd group script/namevalue/usr/sbin/groupadd '%g'/value/smbconfoption +smbconfoptionnamedelete group script/namevalue/usr/sbin/groupdel '%g'/value/smbconfoption +smbconfoptionnameadd user to group script/namevalue/usr/sbin/usermod -G '%g' '%u'/value/smbconfoption smbconfoptionnameadd machine script/namevalue/usr/sbin/useradd \/value/smbconfoption -memberparameter-s /bin/false -d /dev/null %u/parameter/member +memberparameter-s /bin/false -d /dev/null '%u'/parameter/member smbconfoptionnamelogon script/namevaluescripts\login.bat/value/smbconfoption smbconfoptionnamelogon path/namevalue /value/smbconfoption smbconfoptionnamelogon drive/namevalueX:/value/smbconfoption @@ -763,13 +745,13 @@