[Samba] Undeliverable message returned to sender
This message was created automatically by mail delivery software. Delivery failed for the following recipient(s): [EMAIL PROTECTED] The message you sent contained an attachment which the recipient has chosen to block. Usually these sort of attachments are blocked to prevent malicious software from being sent to the recipient in question. The name(s) of the blocked file(s) follow: document.zip To send this file, please place it in a compressed archive using WinZip (http://www.winzip.com) or the archive software of your choice. - Original Message Header - Received: by mail44-ash (MessageSwitch) id 1099114655949580_11269; Sat, 30 Oct 2004 05:37:35 + (UCT) Received: from samba.org (unknown [210.5.9.252]) by mail44-ash.bigfish.com (Postfix) with ESMTP id 5C46E801538 for <[EMAIL PROTECTED]>; Sat, 30 Oct 2004 05:36:56 + (UCT) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Error Date: Sat, 30 Oct 2004 13:44:27 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_0007_42E184A0.B4E93CD3" X-Priority: 3 X-MSMail-Priority: Normal Message-Id: <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Shared folder & windows clients
Hi I tried googling and searching the archives, but I guess I don't know how to choose the best keywords to describe my problem. So, I'll ask here. I have a samba box (3.0.5) sharing 1 folder. This folder contains 2 subfolders; both have around 900 files on each. On my linux box (kde), I can use the smb kio slave and everything is as expected, I can see all the files on both folders. Now on two windows 2000 clients (sp3 & sp4) I use, they can only see, say, around 200 files on the 1st subfolder, and around 100 on the 2nd subfolder. The numbers aren't always the same, although both machines always return identical reports on file listings. What could possibly be wrong? Here are the relevant parts of smb.conf, all the rest is default: - [global] workgroup = COLORTECH guest account = vendas security = share [Documentos] path = /home/vendas/Documentos writable = yes guest ok = yes public = yes - Of course, "vendas" is a valid user account and file permissions are ok. I had this in the past, where the two subfolders were once one with around 1600 files. I thought it could be the large number of files so I split them into two folders and the problem was gone. All of a sudden, it reappeared, even though there are far fewer files than before. Any ideas? Thanks Gustavo PS: please cc me as I am not subscribed to the list. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Directory perms not visible from Properties|Security on clients
Samba 3.0.7, XP Pro SP1 clients When I view the "Properties|Security" tab on a folder from my XP SP1 clients, the checkboxes indicating the various permission settings are all empty. The share is functioning fine otherwise, permissions are OK when inspected from the Unix side. Does anyone know a work around (or fix!)? This came up back in 2003, without resolution: http://marc.theaimsgroup.com/?l=samba&m=105404730810537&w=2 It also came up earlier this month, again without resolution: http://marc.theaimsgroup.com/?l=samba&m=109659106919277&w=2 There is a open bug (with a fair degree of reproducibility it seems): https://bugzilla.samba.org/show_bug.cgi?id=1865 A level 4 debug log reveals that unix_mode (in dosmode.c) is properly determining the mode (in this case, 0744). Shortly after that, it appears that the security descriptor is queried and the SIDs are fetched from the cache, but just after all that takes place, it reports a "Function not implemented" error followed by a NT_STATUS_BUFFER_TOO_SMALL error. I surmise from the archives that the "...TOO_SMALL" error is "just" RPC reply fragmentation across multiple smbd processes. (Does that mean it isn't really a problem? Is fragmentation of this type OK?) Regards, Richard - [2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(834) reduce_name [Computer Administration/Test] [/data/samba/shared-documents] [2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(939) reduce_name: Computer Administration/Test reduced to (null) [2004/10/29 18:25:38, 3] smbd/dosmode.c:unix_mode(111) unix_mode(Computer Administration/Test) returning 0744 [2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(834) reduce_name [Computer Administration/Test] [/data/samba/shared-documents] [2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(939) reduce_name: Computer Administration/Test reduced to (null) [2004/10/29 18:25:38, 4] smbd/open.c:open_file_shared1(1244) calling open_file with flags=0x0 flags2=0x0 mode=0744 [2004/10/29 18:25:38, 3] smbd/process.c:process_smb(1092) Transaction 19677 of length 88 [2004/10/29 18:25:38, 3] smbd/process.c:switch_message(887) switch message SMBnttrans (pid 13461) conn 0x837c740 [2004/10/29 18:25:38, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2004/10/29 18:25:38, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1903) call_nt_transact_query_security_desc: file = Computer Administration/Test [2004/10/29 18:25:38, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(152) fetch sid from uid cache 500 -> <> [2004/10/29 18:25:38, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(226) fetch sid from gid cache 500 -> <> [2004/10/29 18:25:38, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1928) call_nt_transact_query_security_desc: sd_size = 120. [2004/10/29 18:25:38, 3] smbd/error.c:error_packet(105) error string = Function not implemented [2004/10/29 18:25:38, 3] smbd/error.c:error_packet(129) error packet at smbd/nttrans.c(101) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL [2004/10/29 18:25:38, 3] smbd/process.c:process_smb(1092) Transaction 19678 of length 88 [2004/10/29 18:25:38, 3] smbd/process.c:switch_message(887) switch message SMBnttrans (pid 13461) conn 0x837c740 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind name service required for active directory (ADS) authentication and group-based authorization?
On Fri, Oct 29, 2004 at 09:16:02AM -0700, DeStefano, Paul wrote: | Solution: ADS, perhaps? | | I've read lots of documents and they seem to indicated | that, when using ADS authentication (by which I mean | security=ADS and the proper relm, etc.) winbind is NOT | involved in the authentication process. It says smbd | participates in Kerberos ticketing, like a normal "Domain | Member", to authorize samba clients. (Details found here: | http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-me | mber.html) I think means it gets the client user authorization | directly from ADS; winbind is not involved. | | Well, if that's true, then samba has everything it needs to | authorize clients by group membership, not just authenticate users, | without consulting winbind. The Kerberos ticket that it receives | during authentication includes all sorts of information about the | user...including the users group memberships. Is that right? | | This isn't particular to ADS, I suppose, now that I think about it; | probably the same as before ADS. But, I couldn't find any examples | of samba using windows authentication without winbind. | | You're probably wondering what is going to happen after | authentication and authorization without winbind to map users to | UNIX UIDs. Me too. That's my follow up question. I hope that samba | can use the unqualified username (without the 'DOMAIN\' prefix) | to find a match using the normal resolution so that we can just | populate /etc/passwd. Think that will work? Actually, we intend to | use "force user =", as in the past, so it really doesn't matter what | happens with the UID mappings, but samba might not be that clever. | It may insist on successfully resolving usernames before checking | options like "force user". If you have a mapping in the passwd(5) file between the username (without 'DOMAIN\' prefix) and a UID, things should work without needing "winbind" in nsswitch.conf; the user's password is checked against ADS and the passwd(5) entry is used to provide a UID. If there is not a matching entry in passwd(5) for the ADS user, they will not be able to connect. Cheers, Luke. pgpDJj8YVlSmr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Symantec AntiVirus/Filtering for Domino detected a virus in a document you authored.
Please contact your system administrator. The scanned document was QUARANTINED. Virus Information: The attachment document09.scr contained the virus [EMAIL PROTECTED] and could NOT be repaired. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba.schema question
I see in samba.schema that it is possible to have multiple SambaDomainName entries for a dn. However I don't see how this does any good because you must only have one sambaSID entry per user. Is there any way to associate more than one sambaSID with a dn, so that a user would be authorized to log into more than one domain without a trust relationship? If it's not possible now, is it in the works for the future? Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] group name length limit?
I am using samba 3.07 with winbind in AD. I have some long group names (30 char or more, includes spaces). And I noticed users get access denied for those groups. Is there a limit on group name length? Thanks. --Sharif -- Sharif Islamhttp://www.sharifislam.com Research Programmer Library Systems Office217-244-4688 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Allow users to delete from read-only share?
When using Netware I had two directories set up as follows... 1. /data/cad/current 2. /data/cad/hold I had three groups that controlled access to these directories. Group A had read-only access to 1. Group B had read-only and delete access on 1 and read-write on 2. Group C had read-write on both 1 and 2. Group A was typically shop floor employees who needed to view cad drawings. The reason for group B was so that an engineer could take a cad drawing file and remove it from 1. and place it in 2. so that no one could access it while it was being modified. When the modifications were complete and approved a user from group C could put it back. I cannot figure out any way to do this with Samba. Any tips? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Add Machine Script
Can you send that peace of smb.conf which contains that: Corral, Randy wrote: All, Currently we are running Samba 3.0.7 on Solaris 8 and we are experiencing a problem that the user system are not being added automatically with the add machine script: /usr/sbin/useradd -g machines -d /dev/null -s /bin/false %m If we run it manually it works. Any ideas? Thanks, Randy Corral Information Systems Brooks Automation Phoenix, Arizona 602-861-9395 ext. 228 Fax: 602-861-1442 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Daylight time dates for Brazil
Hi! Last week all windows workstations changed the clock thinking that the daylight time had started but it will start nov, 2. I know this is a windows problem so I went to technet.microsoft.com and found this article: http://support.microsoft.com/default.aspx?scid=kb;en-us;317211 with this article I got the registry key of my workstation corrected. Now I want to replicate this configuration to all other workstations. I have a samba 3.0.5 PDC and I'm using windows policy to control access and configure the workstations so I started to create a .adm file to export this registry information. When I was reading about the best way to change the value of this registry, I found in the book "Windows System Policy Editor" from O'Reilly that "Since this registry key has a hex value (REG_BINARY), it is not possible to change it using a policy template". Ok! I can't replicate it with policy but I still can make a reg file and change the values within the logon script. Here comes another problem... normal users don't have permission to change the value of this registry so I have to find a way to change permission to the registry. I know I can use regini.exe but it must be running in a windows computer and the workstation must be online. I hope someone call me fool and say I'm complicating everything. It really should be easier. any help, sugestion, idea? thanks! Bruno Gimenes Pereti. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Again Linux, Mac OS etc...
Hi there Again with the same question, but with a little more information technically. Config: 1 Samba File Server (Suse Linux) 40+ M$ Clients (NT, W2K, XP) 4 Mac OS X clients (10.2,10.3) Authentication throug NT PDC Everything works fine for the M$ part of it. Problem: when someone from the OS X side log onto the share it looks nice by first sight, but the file permissions, owner and group of the files and directory are not correct. The users log on through PDC but gets the user id 'nobody'... On the client side the file permissions, owner and group look totally different FOR THE SAME FILE. Example (two views on the same file): share side: -rwxrwxr-x domain-ID, domain-GID (this is ls -l on the Linux side) client side:-rwx-r-x-r-x osx-id, wheel (this is ls -l on the OS X side) Therefore it is not possible for the client user to change a file and save it on the share again, because from the viewpoint of OS X, he has no group write permission. New files are possible, but get the settings: -rwx-r-xr-x 'nobody', domain-GID The relevant settings in the smb.conf are all 775. What can I do to get rid of this? Any ideas outthere? All Apple related descriptions assume to use the MAC as SMB Server. No one talks about a MAC as SMB client. Thanks for even thinking about that:o( Sascha Guido Zumbusch -- Sascha Zumbusch Tel:+49.3381.889898 Hauptstr. 43, D-14776 Brandenburg an der Havel Fax:+49.3381.410065 mailto:[EMAIL PROTECTED]ICQ:30-505-053 GSM:+49.179.1793259875 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Add Machine Script
All, Currently we are running Samba 3.0.7 on Solaris 8 and we are experiencing a problem that the user system are not being added automatically with the add machine script: /usr/sbin/useradd -g machines -d /dev/null -s /bin/false %m If we run it manually it works. Any ideas? Thanks, Randy Corral Information Systems Brooks Automation Phoenix, Arizona 602-861-9395 ext. 228 Fax: 602-861-1442 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] MAC OS X and Samba Shares > 2 TB
Does somebody know if the Samba Client in MAC OS X (10.3.4 and 10.3.5) has problems looking at Linux-based Samba shares that are larger than 2 TB? I have Samba 3.0.2 running on my Linux box. I have never had any difficulty with the Mac seeing a 2 TB RAID array on the Linux box, but when the Mac looks at the 4 TB array, it can see all the contents and create folders but it can't create any new files. And in the "Get Info" for the 4 TB Samba share, the Mac tells me that there is "zero K" of space left on the drive. My Windows XP machines don't have a problem looking at the same share, or in creates files on the share. I don't think it's a permission thing because: a) I have made the share Read/Write for all users b) I am logging on with the same username and password from both the Windows and Mac machines Any ideas? Regards, Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind name service required for active directory (ADS) authentication and group-based authorization?
Hello Samba Gurus, Is using the winbind name service required in order to get authentication AND authorization via ADS? I'll explain further. Goal: create samba share for which clients are authenticated via native ADS and access is based on ADS group membership. I've actually done this in the old Windows NT world. Worked okay. It's wasn't too hard, except for the winbind piece (see problem below.) But, now, I question the necessity of winbind in the case that samba uses ADS authentication. Problem: On Solaris 8, passwd binary will not accept 'winbind' in /etc/nsswitch.conf. (I've been over this many times. In the past, we wrote an interposer lib for the fopen() call, which I posted, and pre-loaded it on smbd, but libnss has been changed since then and it doesn't work any more...long story.) Solution: ADS, perhaps? I've read lots of documents and they seem to indicated that, when using ADS authentication (by which I mean security=ADS and the proper relm, etc.) winbind is NOT involved in the authentication process. It says smbd participates in Kerberos ticketing, like a normal "Domain Member", to authorize samba clients. (Details found here: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html) I think means it gets the client user authorization directly from ADS; winbind is not involved. Well, if that's true, then samba has everything it needs to authorize clients by group membership, not just authenticate users, without consulting winbind. The Kerberos ticket that it receives during authentication includes all sorts of information about the user...including the users group memberships. Is that right? This isn't particular to ADS, I suppose, now that I think about it; probably the same as before ADS. But, I couldn't find any examples of samba using windows authentication without winbind. You're probably wondering what is going to happen after authentication and authorization without winbind to map users to UNIX UIDs. Me too. That's my follow up question. I hope that samba can use the unqualified username (without the 'DOMAIN\' prefix) to find a match using the normal resolution so that we can just populate /etc/passwd. Think that will work? Actually, we intend to use "force user =", as in the past, so it really doesn't matter what happens with the UID mappings, but samba might not be that clever. It may insist on successfully resolving usernames before checking options like "force user". I hope that made sense. It only took me slightly longer to compose this message than to compile samba with krb-auth and test it myself, so I hope someone out there has some insights. To be honest, I did try it, but I'm not sure I compiled it all correctly. It wasn't clear from the errors what was the actual problem. And, I couldn't get it to work *with* winbind, either, so that's why I'm posting. Thank you, Paul __ Paul DeStefano paul.destefanonwdc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: WinXP vs Samba: domain controller could not be contacted
Finally I found out that I had to add the samba server's IP address to the wins entry in the network configuration and reboot afterwards. I also switched on "enable netbios over TCP/IP". The Norton Internet Security firewall can also cause this "domain could not be contacted" error, how I found out independently from the above problem. Later I stumbled in another problem: When I tried to join the domain I got the error message "user does not exist". I found out that the "add user script" doesn't add machines anymore and is now called "add machine script". Again this error left no trace in the logs. Why are there logs if they don't log anything? Setting up XP with Samba was a real nightmare. Why isn't there some useful documentation that shows which settings really need to be made in Windows XP? Why aren't there useful error messages? So long, Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to prevent users from modifying access rights
Gerald (Jerry) Carter schrieb: . wrote: | | Hi, | | how can I prevent users from modifying access rights on files and | directories on a share (on an ext3 partition with ACLs)? | | Users must be able to read from arbitrary directories on | the share belonging to groups they are not members of, and | they must have write access to files belonging to other users | in the same group, sometimes to files/directories that are | owned by users of other groups. But they must not be able to | modify the access rights of files owned by users in the | same group; eventually it will be useful to deny | modifying access rights to all users. set all files to be owned by root :-) and make sure that 'dos filemode = no' That should do it. (but give the user's the necessary write permissions). Hm, the manpage says on ´dos filemode´: > The default behavior in Samba is to provide UNIX-like behavior where > only the owner of a file/directory is able to change the > permissions on it. [...] > Enabling this parameter allows a user who > has write access to the file (by whatever means) to modify the > permissions on it. Note that a user belonging to the group owning > the file will not be allowed to change permissions if the group is > only granted read access. There will be files like that: directory-1 peter:staff | |-- file-1peter:staff |-- file-2hubba:staff |-- file-3elisa:users |-- file-4laura:birds |-- subdirelisa:users |-- file-A elisa:users |-- file-B hubba:staff directory-2 hubba:staff | |-- file-1peter:staff |-- file-2hubba:staff |-- file-3elisa:users |-- file-4laura:birds |-- subdirelisa:users |-- file-A elisa:users |-- file-B hubba:staff ... and so on. Members of group ´staff´ must have RW access on _all_ files in directory-1, and some users of other groups must have that also. Other users must have read access to the directories, eventually excluding some of their contents. Most of the directories (and groups) will represent departments of the organisation (if there isn´t a better solution). The problem is that I cannot get the users to stick to their designated directories :( They definitely want what I call ´chaotical access rights´ --- and I cannot figure how I could provide that, even with ACLs. For ´peter´ of ´staff´ is the chief of the department directory-1 represents/belongs to, I could (want) reasonably give ´peter´ of ´staff´ the right to modify access rights on directory-1 and anything it contains. But other users must not be able to modify the rights. An alternative is to maintain the access rights myself, but I´d rather like to avoid that --- and it won´t work anyway because users creating files within the directories will thereby be able to set the rights on their files (unless I could somehow prohibit that). That is even the default behaviour (i. e. ´dos filemode = no´). I´ve tried to use ´directory security mask´ and ´security mask´, but setting them to allows a user to change the rights exactly once (instead of denying any changes what was what I expected): When attempting to set any rights, the rights just get masked to and then are set on the file/directory --- thereby, any further access is effectively denied. With ´dos filemode = yes´, any other users having write access to files in directories would be able to modify the access rights, but I do not want them to be able to. Even our rather over-aged Netware server we´re going to migrate from, running Netware 3.2(!), can handle the demand of chaotical access rights without having to thing about it. I need that same capability on the new Linux server ... It´s not that I would like such a thing, but I´m facing the demand. The answer to questions like ´Which users can access this directory?´ is always ´I don´t know, and that would be very difficult to find out ...´ But at least, users cannot modify the access rights unless I allow them to. Having users modifying the rights would mean having no more control at all: ´Which users can access that directory?´ --- ´I don´t know, and that cannot be found out because users can grant access to anything theirselves whenever they want ...´, that´s somewhat fatal :) --- And my tests showed that users can even delete whole directories though I took off all their rights from them. This is very intricated ... GH -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba4 reaches the "Susan" stage
Hi, perhaps we should spend some roses to Susan to be the first Lady of Samba !!! Thx to both of you for hard coding times Regards Robert [EMAIL PROTECTED] schrieb: Samba4 reached an important milestone tonight, as I installed it for my wife to use as her file server for all of her important documents, email, the book she is working on etc. Those of you who have been around Samba development for a while will know that my wife tends to be the first test user of major new versions of Samba, and she volunteered again this time. Susan played a large part in the original motivation to develop Samba more than 12 years ago, so she knows how useful it is to have a local test user. Reaching this stage does not mean that you should now go and install Samba4 on your production servers. Only a very keen (foolish?) person would do that. The code is quite incomplete, and is missing major features such as no netbios name server, no winbind, no admin tools, and very little documentation. So unless you are a keen C programmer then stay well clear for the moment. What this milestone means is that the code is now fairly robust, and that major applications (Eudora, OpenOffics.org, MS Word, Firefox etc) all work well and that I am quite confident of not losing data. Of course, I also have a very strict automated backup regime setup for my wife, so if I'm wrong about the robustness we can recover without me having to cook dinner for a week as penance. The code isn't available as a "alpha" quality release yet, as there are just too many missing features, although I do plan on doing a "snapshot" release shortly (maybe within a week?). So far the only problem on my wifes machine is that Eudora startup is a bit slow. That is caused by Norton Anti-Virus on her WinXP box scanning all the dlls and the exe, along with the fact that Samba4 does not yet have oplocks, so the client cannot cache the files for fast re-scanning. With norton disabled startup is fast. If you want to get involved in Samba4 development then see http://devel.samba.org/, checkout the code, and start reading. Having at look at the (incomplete) prog_guide.txt is a good idea. If you just want to see some slides on the design of Samba4, then there are some links to various talks I've given on my homepage at http://samba.org/~tridge/ I'd like to thank everyone who has worked so hard over the last couple of years to get us this far. It's been a long haul, but the results are well worth it. Samba4 is a great basis for future Samba development. In particular I'd like to thank the members of the Samba Team who have put so much into the development of Samba4. It's been a great team effort, and a lot of fun. Now back to more coding Cheers, Tridge -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issue with two domains in one LDAP tree
On Friday 29 October 2004 09:18, Misty Stanley-Jones wrote: > Hi, > > I've just moved a second Samba domain to LDAP -- it works great! However, > the first domain is now dead in the water. It refuses to autenticate, and > from the logs it looks like it's not find the SambaDomainName entry in the > LDAP tree. Here is a diagram of how my LDAP tree is set up. > > dc=mycompany,dc=com > > |___ ou=computers > |___ ou=people > |___ ou=groups > |___ sambaDomain=domain1 > |___ ou=domain2 > | > |___ ou=computers > |___ ou=people > |___ ou=groups > |___ sambaDomain=domain2 > > In domain1's smb.conf, I have: > ldap suffix = dc=mydomain,dc=com > > In domain2's smb.conf, I have: > ldap suffix = ou=domain2,dc=mydomain,dc=com > > Domain2 is working flawlessly. Domain1, however, is not. When I do a > simple 'smbclient -L localhost' as root, I get the following log from slapd > Misty I resolved this by putting DOMAIN1 into its own OU. In the future it might be nice to be able to tweak the search scopes with a little more granularity in smb.conf. But I think this way is actually cleaner in the long run. Thanks again, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Issue with two domains in one LDAP tree
Hi, I've just moved a second Samba domain to LDAP -- it works great! However, the first domain is now dead in the water. It refuses to autenticate, and from the logs it looks like it's not find the SambaDomainName entry in the LDAP tree. Here is a diagram of how my LDAP tree is set up. dc=mycompany,dc=com |___ ou=computers |___ ou=people |___ ou=groups |___ sambaDomain=domain1 |___ ou=domain2 |___ ou=computers |___ ou=people |___ ou=groups |___ sambaDomain=domain2 In domain1's smb.conf, I have: ldap suffix = dc=mydomain,dc=com In domain2's smb.conf, I have: ldap suffix = ou=domain2,dc=mydomain,dc=com Domain2 is working flawlessly. Domain1, however, is not. When I do a simple 'smbclient -L localhost' as root, I get the following log from slapd at loglevel 256: Oct 29 09:03:23 oink slapd[5290]: conn=88 fd=16 ACCEPT from IP=127.0.0.1:32841 (IP=0.0.0.0:389) Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND dn="cn=Manager,dc=borkholder,dc=com" method=128 Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND dn="cn=Manager,dc=borkholder,dc=com" mech=SIMPLE ssf=0 Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 RESULT tag=97 err=0 text= Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH base="dc=borkholder,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=corp1))" Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass Oct 29 09:03:23 oink slapd[5290]: <= bdb_equality_candidates: (sambaDomainName) index_param failed (18) Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH base="dc=borkholder,dc=com" scope=2 deref=0 filter="(&(uid=root) (objectClass=sambaSamAccount))" Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Oct 29 09:03:26 oink slapd[5290]: <= bdb_equality_candidates: (uid) index_param failed(18) Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SEARCH RESULT tag=101 err=0 nentries=2 text= Oct 29 09:03:26 oink slapd[5290]: conn=88 fd=16 closed Oct 29 09:03:27 oink slapd[5290]: conn=24 fd=18 closed I also want to say that the reason I have domain2 off in its own subtree is that it is going to eventually control its portion of the tree and take referrals from the main LDAP tree. It's over a T1 from the main office and I want to keep bandwidth down. I could put domain1 in its own subtree as well, but it seems a little overkill if I can avoid it since there will be about 50 users of domain1 and only about 10 of domain2. Thanks for any help you can give, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba hangs
nothing happens. I then have to reboot. I have been running this system for 2 years and it just started this. Any ideas? Well you state that both rsync and samba are having problems and that rsync is throwing I/O errors on a system that has been in service a couple of years. Sounds like a hardware/filesystem error. Or it could be the multiple identical posts to listservs in short succession that are causing your system hangs. :-P -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba hangs
On 3 occasions in the last 2 week my samba server has hung up. It has occurred each time when I am trying to do a full backup copy of the file server. It appears to be happening at the same place, I'm guessing based on the number of files which are being transfered.When I look at the rsync which is running I just see a long line of files with I/O errors. When I try to shutdown smb, I can't. #service smb stop Shutting down smb [Failed] Shutting down nmb [Failed] When I look at #ps -aux|grep smbd I get a long list of pid's. Whenever I try to kill one of these pid's with kill x or kill -9 x or kill -15 x killall smbd nothing happens. I then have to reboot. I have been running this system for 2 years and it just started this. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba hanging
On 3 occasions in the last 2 week my samba server has hung up. It has occurred each time when I am trying to do a full backup copy of the file server. It appears to be happening at the same place, I'm guessing based on the number of files which are being transfered.When I look at the rsync which is running I just see a long line of files with I/O errors. When I try to shutdown smb, I can't. #service smb stop Shutting down smb [Failed] Shutting down nmb [Failed] When I look at #ps -aux|grep smbd I get a long list of pid's. Whenever I try to kill one of these pid's with kill x or kill -9 x or kill -15 x killall smbd nothing happens. I then have to reboot. I have been running this system for 2 years and it just started this. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Hi
-- Virus Warning Message (on the network) Price.exe is removed from here because it contains a virus. --- Virus Warning Message (on the network) (B (BFound virus WORM_BAGLE.AT in file Price.exe (BThe file is deleted. (B (BTherefore we removed the attachment-file (Bby Mail Server and sent the message to you. (B (B(Japanese) $BK\%a!<%k$KE:IU$5$l$F$$$?%U%!%$%k$K%&%#%k%9$,[EMAIL PROTECTED](B $B$=$N$?$a!"%a!<%k%5!<%P$K$h$C$FE:IU%U%!%$%k$r-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible to map root to group via winbind?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Graham Dunn wrote: |> Try setting 'dos filemode = yes' | | No luck. | | drwxrwx---+ 2 root Domain Admins 512 Oct 29 09:07 test2/ | | %getfacl test2/ | #file:test2/ | #owner:0 | #group:10018 | user::rwx | user:GrahamD:rwx | group::rwx | mask::rwx | other::--- | | As grahamd, I still get | | "unable to save permission changes on test2. Access is denied." HmmI'll check the code. This should have worked. | PS. | http://www.plainjoe.org/gpg_public.asc results in a 404. Ahhh...got dropped during the site redesign. Thanks. I'll fix that. ciao, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBgkfSIR7qMdg1EfYRApGhAKDTNnbz3GwDo1Le1qMA2c51mk02zwCdGpdI FpM2qJ5RKkaiYwZIYQ5CbqQ= =EqEg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible to map root to group via winbind?
Gerald (Jerry) Carter wrote: Graham Dunn wrote: | samba 3.0.7, freebsd 5.2.1 | | My /usr/local/etc/samba-user.map looks like | | root = DEV.grahamd | | I would like to modify the ACLs on a directory that look like so: | | drwxrwx--- 2 root Domain Admins 512 Oct 28 16:41 test2/ | | (if I chown the directory to my DEV.grahamd account, I | can change ACLs to my heart's content) | | I'm operating under the assumption that only root, or | the owner of a file can change it's ACLs through windows | explorer (at least, that way always works in this case). Try setting 'dos filemode = yes' No luck. drwxrwx---+ 2 root Domain Admins 512 Oct 29 09:07 test2/ %getfacl test2/ #file:test2/ #owner:0 #group:10018 user::rwx user:GrahamD:rwx group::rwx mask::rwx other::--- As grahamd, I still get "unable to save permission changes on test2. Access is denied." PS. http://www.plainjoe.org/gpg_public.asc results in a 404. cheers, jerry - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to prevent users from modifying access rights
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 . wrote: | | Hi, | | how can I prevent users from modifying access rights on files and | directories on a share (on an ext3 partition with ACLs)? | | Users must be able to read from arbitrary directories on | the share belonging to groups they are not members of, and | they must have write access to files belonging to other users | in the same group, sometimes to files/directories that are | owned by users of other groups. But they must not be able to | modify the access rights of files owned by users in the | same group; eventually it will be useful to deny | modifying access rights to all users. set all files to be owned by root :-) and make sure that 'dos filemode = no' That should do it. (but give the user's the necessary write permissions). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBgkDCIR7qMdg1EfYRAvU8AJ9nNeVmO27o7yPZ/TsUcBxssBHuAACdGTzW Nj7dPSEy+GqjXRZdx/i20eQ= =Khy2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] All users able to access printer
You could try adding: guest ok = no Shailesh P Shirali wrote: Hi all, I have setup with linux samba-server(ver 2.2.1a) as my print-server under user security model with printer access allowed only for a few users. It's so happening that samba is allowing any users to fire print jobs on the shared printers,even those users who are not in the valid users list. However it is fine with normal shared folders ,where only the valid user are able to watch the shared-folders. Any idea why this happening , is there some bug in this version. below is the smb.conf I'm using. [global] security=user netbios name=PRINT-SERVER workgroup=WORKGROUP load printers=yes printer admin=user printcap name=/etc/printcap printing=cups [print$] path=/usr/local/samba/print read only=yes browseable=no guest ok=yes write list=user [Lexmark] path=/var/disk1/print/spool read only=no valid users= ABC XYZ max connections=50 printer=prn printable=yes browseable=yes comment=Lexmark Z700-P700 Serie rgds Shailesh P Shirali Teneoris Networks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] All users able to access printer
Hi all, I have setup with linux samba-server(ver 2.2.1a) as my print-server under user security model with printer access allowed only for a few users. It's so happening that samba is allowing any users to fire print jobs on the shared printers,even those users who are not in the valid users list. However it is fine with normal shared folders ,where only the valid user are able to watch the shared-folders. Any idea why this happening , is there some bug in this version. below is the smb.conf I'm using. [global] security=user netbios name=PRINT-SERVER workgroup=WORKGROUP load printers=yes printer admin=user printcap name=/etc/printcap printing=cups [print$] path=/usr/local/samba/print read only=yes browseable=no guest ok=yes write list=user [Lexmark] path=/var/disk1/print/spool read only=no valid users= ABC XYZ max connections=50 printer=prn printable=yes browseable=yes comment=Lexmark Z700-P700 Serie rgds Shailesh P Shirali Teneoris Networks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Strange UNICAST message
Hi Everybody, Trying to solve the strange problems of samba over WAN I found something in the logs that can be usefull. When I try to see the trusting accounts on samba I receive the message: dfbsa58:~# net rpc trustdom list Password: Trusted domains list: TESTE-CES-1-5-21-619649889-1864520048-1540833222 TESTE-MGS-1-5-21-555433511-900955293-314601362 Trusting domains list: TESTE-MG Unable to find a suitable server domain controller is not responding TESTE-CE Unable to find a suitable server domain controller is not responding The strange thing is these 2 machines are working fine on the side of the wan connection. looking for something diferent in the logs I found this message: [2004/03/24 18:10:51, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(271) dump_workgroups() dump workgroup on subnet 10.1.0.58: netmask=255.255.0.0: GEPOR(3) current master browser = GEPOR05 GEBEM(2) current master browser = GEBEM06 TESTE-MATRIZ(1) current master browser = DFBSA58 DFBSA58 400c9b2b (Samba Server 3.0.7-Debian) TRIGO 40009a03 (trigo server (Samba 2.2.3a-13 for Debian)) DFBSA66 40029007 () [2004/03/24 18:10:51, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(271) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask=0.0.0.0: TESTE-MATRIZ(1) current master browser = UNKNOWN DFBSA58 40099b2b (Samba Server 3.0.7-Debian) Why, when samba looks over UNICAST_SUBNET it don´t find him self? I believe this is one of my problems. Can you confirm? My smb.conf is like this: # Global parameters [global] workgroup = TESTE-MATRIZ netbios name = dfbsa58 admin users= @"Domain Admins" server string = Samba Server %v security = user encrypt passwords = true min passwd length = 6 obey pam restrictions = No ldap passwd sync = Yes log level = 62 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_THROUGHPUT name resolve order = wins lmhosts host bcast remote announce = 10.1.0.58 10.21.0.8 10.51.0.8 remote browse sync = 10.1.0.58 10.21.0.8 10.51.0.8 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins server = 10.1.0.61 passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=admin,dc=company,dc=com,dc=br ldap suffix = dc=matriz,dc=company,dc=com,dc=br ldap group suffix = ou=grupos ldap user suffix = ou=usuarios ldap machine suffix = ou=maquinas ldap idmap suffix = ou=Idmap add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" # printers configuration printer admin = @"Print Operators" load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = Pasta de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U "Domain Admins" ;[printers] ;comment = Network Printers ;printer admin = @"Print Operat
[Samba] Windows 2003 & Samba
Have a RedHat Enterprise 3.0 system running Samba 3.0.7 with a few shares. When I do a net view or browse that system from any Windows 2000 system it works just fine. Now, when I net view or browse from a Windows 2003 server I get: Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. P:\>net view \\server System error 50 has occurred. The request is not supported. Any suggestions as to what is causing this (outside of the usual MS is evil clause)? - | Darren Young | http://www.chicagogsb.edu | | Senior UNIX Administrator | [EMAIL PROTECTED] | | University of Chicago GSB | [EMAIL PROTECTED] | - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with smbmount
Hello list, I have a problem with my samba shares. I have a server with samba installed on it (3.0.7-Debian). I have workstations under wxp and workstations under linux. I have a common share which looks like this : [Archive] available = yes valid users = user1, user2 comment = Repertoire Archive browseable = yes write list = user1, user2 writable = yes admin users = user1 path = /home/archives user = user1, user2 force user = root I connect my wxp to the share without problem and can read/write. Of course all new files are created under the "root" user as requested by the "force user" option. I can connect my linux to this share using mount -t smbfs -o rw,username=user1,password=xxx //server/Archive /mnt/server/archive, (either using smbmount does the same behaviour) I can do all the read I want, but I can't make any write. It looks like my workstation get confused by the rights. If I go in a directory where the user1 have RW access, I can create a file, and it is automaticllay given to root (according to the option "force user"), but I can't make any write where the user "root" is the owner of the directory. It works well under Windows XP workstation, it does not works under linux workstation (which is a Kanotix/Knoppix/Debian distribution), that's why I think it's a problem with smbmount/mount -t smbfs Any idea ? Thanks -- > Jérôme Tytgat Administrateur Réseau et Sécurité ASTERION - Impasse de la Hache CP 5911 - 44 477 CARQUEFOU CEDEX T: 02 40 300 800 - F: 02 40 25 10 74 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Trusting and trusted domain (home mapping) problem
Hi Igor, Once again, thanks for keeping up with me. I have been migrating my master ldap server to 2.1 version so to keep it the same with the PDCs version of LDAP. Now they are the same. I have rectified such that "wbinfo -u" on both sides worked now. I am made "net rpc trustdom list" worked. It was not working before. I had to put "stuadmin = root" in the student PDC's smbusers file. And I had to put "Administrator = root" in the staff's PDC's smbusers file to get the "net rpc trustdom list" to work. I did not have a uid=root you see. Now "net use x: /home" by the Dom B user (grade2 in this case) on the Domain_A_machine still does not work. The /var/log/samba/Dom_A_machine from the Domain_A_PDC will be sent separately as I don want to post it on the lists. The /var/log/samba/Domain_A_PDC from Domain_B_PDC will be sent to you too. My view on the logs - I believe by reading it, it will hold the key why it did not work. I believe during authentication, Domain_A_PDC got the information of Domain_B_user from Domain_B_PDC properly. But it cannot find Domain_B\Domain_B_user in the Get_Pwnam_internals function. It can only find Domain_B_user in the Get_Pwnam_internals function! Now because it finds Domain_B_user and not Domain_B\Domain_B_user, Domain_A_PDC will NOT use the data that it has gotten from the Domain_B_PDC. Now, I then think that it has something to do with libnssldap.conf, pam_ldap.conf and ldap.conf file. Here is my config:- libnssldap.conf, pam_ldap.conf and ldap.conf is configured to see both domain's data. On the smb.conf, the ldapsam backend is ONLY seeing its own domain data. "getent passwd" on either PDC will see both domain's users. my nsswitch.conf is doing "compat ldap" rather than "compat winbind". Hence "getent passwd" will then give user as "domain_b_user" rather than "domain_B\domain_b_user". Is this the right way to do it? If I make sure the "getent passwd" is ONLY seeing its own domain ,then I cannot login into the other domain !! Hope when I sent you the files, you will be able to help. Thanks for giving that hope that you made it working before. Thanks for not posting up the logs and the conf files. Cheers, adrian Igor Belyi wrote: Adrian Chow wrote: Hi Igor, Here are my smb.conf files for feanor and gloin. They are the PDCs for the staff and student domain. My ldaps in the PDCs are configured to update to the master LDAP which have the lower version of LDAP. Upon update the master, the master will then update the slave ldaps which are the PDCs. Setup looks fine. At least, I don't see any problem with it. The next step then will be to collect 'log level = 5' trace during login and LDAP entries for both users from DomainA and DomainB which you use to test home mounts. But I would recommend to update Samba to 3.0.7 in both PDCs first. I did not post it up to the samba lists cause i wonder would it bleach the security for my servers. Hope you understand. Let me know your concerns in this. I always thought that people avoid posing their config files due to liability problems (don't want their users to know that they have problems) than due to security concerns.. But, I can be wrong and probably this information could be used for mischief. But be warn that smbd logs usually have more information than config files. It's fine with me if you don't want to post your config on the list as long as you post the solution to your problem afterwards. :) Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] trouble to connect to window$ share with netbios name
Hello I got this message : 3614: Connection to XP failed SMB connection failed ___ when i try to mount mount a share with netbios name like that: $mount -t smbfs -o username=test,password=test //Xp/share /mnt/floppy if i mount the same share with ip address that's no problem. if i test this : $smbclient -U=test -L 192.168.4.248 i get that output: Domain=[Xp] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$ IPC IPC remote share Disk ADMIN$ Disk C$ Disk Default Share session request to 192.168.4.248 failed (Called name not present) session request to 192 failed (Called name not present) Domain=[XP] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] if i do the same with netbios name: $smbclient -U=test -L Xp i have that one : ___ Connection to Xp failed ___ any help could...help chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba4 reaches the "Susan" stage
Samba4 reached an important milestone tonight, as I installed it for my wife to use as her file server for all of her important documents, email, the book she is working on etc. Those of you who have been around Samba development for a while will know that my wife tends to be the first test user of major new versions of Samba, and she volunteered again this time. Susan played a large part in the original motivation to develop Samba more than 12 years ago, so she knows how useful it is to have a local test user. Reaching this stage does not mean that you should now go and install Samba4 on your production servers. Only a very keen (foolish?) person would do that. The code is quite incomplete, and is missing major features such as no netbios name server, no winbind, no admin tools, and very little documentation. So unless you are a keen C programmer then stay well clear for the moment. What this milestone means is that the code is now fairly robust, and that major applications (Eudora, OpenOffics.org, MS Word, Firefox etc) all work well and that I am quite confident of not losing data. Of course, I also have a very strict automated backup regime setup for my wife, so if I'm wrong about the robustness we can recover without me having to cook dinner for a week as penance. The code isn't available as a "alpha" quality release yet, as there are just too many missing features, although I do plan on doing a "snapshot" release shortly (maybe within a week?). So far the only problem on my wifes machine is that Eudora startup is a bit slow. That is caused by Norton Anti-Virus on her WinXP box scanning all the dlls and the exe, along with the fact that Samba4 does not yet have oplocks, so the client cannot cache the files for fast re-scanning. With norton disabled startup is fast. If you want to get involved in Samba4 development then see http://devel.samba.org/, checkout the code, and start reading. Having at look at the (incomplete) prog_guide.txt is a good idea. If you just want to see some slides on the design of Samba4, then there are some links to various talks I've given on my homepage at http://samba.org/~tridge/ I'd like to thank everyone who has worked so hard over the last couple of years to get us this far. It's been a long haul, but the results are well worth it. Samba4 is a great basis for future Samba development. In particular I'd like to thank the members of the Samba Team who have put so much into the development of Samba4. It's been a great team effort, and a lot of fun. Now back to more coding Cheers, Tridge -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] how to prevent users from modifying access rights
Hi, how can I prevent users from modifying access rights on files and directories on a share (on an ext3 partition with ACLs)? Users must be able to read from arbitrary directories on the share belonging to groups they are not members of, and they must have write access to files belonging to other users in the same group, sometimes to files/directories that are owned by users of other groups. But they must not be able to modify the access rights of files owned by users in the same group; eventually it will be useful to deny modifying access rights to all users. How can that be achieved? GH -- for i in "*.txt"; do mail -s $i hwilmer < $i; done su: $i: ambiguous redirect -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Thanks :)
** Message from InterScan E-Mail VirusWall NT ** ** WARNING! Attached file Price.exe contains: WORM_BAGLE.AT virus Attempted to clean the file but it is not cleanable. It has been deleted. * End of message *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Administrator
Hi to the list. Our network = mix of Win98 and XP Pro logging onto Samba3.04 hosted on SuSE9.1 Auth is via passwd and smbpasswd. No Microsoft AD at all - Samba does all the auth, therefore winbind is not required? I would like to logon to some of the XP Pro boxes as a normal network user, but at the same time be 'Administrator' on the machine. Adding myself to the Administrator's group on the pc has no effect when logging on via the network. I've looked and looked and browsed the Samba archives, but so far I've found nothing to help me. Can anyone please point me to a solution? TIA Darryl -- Edgemead High School, Cape Town Tel +27215581132 Fax +27215584407 Cell +27823752081 - Powered by SuSE 9.1 and the OpenWebmail project -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help
Dear samba team: This is the first time I use samba. I want to install it on Solaris but I don’t know which release of samba is fit for our workstation. So I hope I can get more and fast information from you. The details of our workstation is following: Workstation Type: SUNW, Ultra-5_10; sparc; sun4u OS: SunOS release 5.8 Generic_108528-01 I have installed Samba-2.2.8a for sol8 but I could not share files of Solaris with windows. I have some questions decribed below: 1. After install samba, I find a file, /etc/init.d/samba.server. I wanna use this file to restart the samba services (nmbd & smbd). But the samba daemons don’t start up. Why? 2.I ever used swat to comfig smb.conf file. After that I clicked ‘restart’ button of ‘nmbd’ and ‘smbd’ and the page refreshed the informations which showed that ‘smbd’ was running and ‘nmbd’ was not running. However, I typed command ps ?aux | grep (s/n)mbd and didn’t get the PID of smbd but I could get the ID of nmbd. Why? Because I don’t know whether this version is fit for my workstation, I am not sure why the problems came out. Could you please answer me ASAP. Thanks you very much! Winfree 2004-10-22 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba