[Samba] Undeliverable message returned to sender

[Content Filter]

This message was created automatically by mail delivery software.

Delivery failed for the following recipient(s):
[EMAIL PROTECTED]


The message you sent contained an attachment which the recipient has chosen to block.
Usually these sort of attachments are blocked to prevent malicious software from being 
sent to the recipient in question.

The name(s) of the blocked file(s) follow:

document.zip

To send this file, please place it in a compressed archive using WinZip 
(http://www.winzip.com) or the archive software of your choice.


- Original Message Header -
Received: by mail44-ash (MessageSwitch) id 1099114655949580_11269; Sat, 30 Oct 2004 
05:37:35 + (UCT)
Received: from samba.org (unknown [210.5.9.252])
by mail44-ash.bigfish.com (Postfix) with ESMTP id 5C46E801538
for <[EMAIL PROTECTED]>; Sat, 30 Oct 2004 05:36:56 + (UCT)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Error
Date: Sat, 30 Oct 2004 13:44:27 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_NextPart_000_0007_42E184A0.B4E93CD3"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <[EMAIL PROTECTED]>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Shared folder & windows clients

[Gustavo Michels]

Hi

I tried googling and searching the archives, but I guess I don't know how to 
choose the best keywords to describe my problem. So, I'll ask here.

I have a samba box (3.0.5) sharing 1 folder. This folder contains 2 
subfolders; both have around 900 files on each.
 
On my linux box (kde), I can use the smb kio slave and everything is as 
expected, I can see all the files on both folders. Now on two windows 2000 
clients (sp3 & sp4) I use, they can only see, say, around 200 files on the 
1st subfolder, and around 100 on the 2nd subfolder. The numbers aren't 
always the same, although both machines always return identical reports on 
file listings.

What could possibly be wrong? Here are the relevant parts of smb.conf, all 
the rest is default:

-
[global]
workgroup = COLORTECH
guest account = vendas
security = share

[Documentos]
 path = /home/vendas/Documentos
 writable = yes
 guest ok = yes
 public = yes
-

Of course, "vendas" is a valid user account and file permissions are ok.

I had this in the past, where the two subfolders were once one with around 
1600 files. I thought it could be the large number of files so I split them 
into two folders and the problem was gone. All of a sudden, it reappeared, 
even though there are far fewer files than before.

Any ideas? 

Thanks
Gustavo

PS: please cc me as I am not subscribed to the list.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Directory perms not visible from Properties|Security on clients

[Richard Michael]

Samba 3.0.7, XP Pro SP1 clients

When I view the "Properties|Security" tab on a folder from my XP SP1
clients, the checkboxes indicating the various permission settings are
all empty.

The share is functioning fine otherwise, permissions are OK when
inspected from the Unix side.

Does anyone know a work around (or fix!)?

This came up back in 2003, without resolution:
http://marc.theaimsgroup.com/?l=samba&m=105404730810537&w=2

It also came up earlier this month, again without resolution:
http://marc.theaimsgroup.com/?l=samba&m=109659106919277&w=2

There is a open bug (with a fair degree of reproducibility it seems):
https://bugzilla.samba.org/show_bug.cgi?id=1865

A level 4 debug log reveals that unix_mode (in dosmode.c) is properly
determining the mode (in this case, 0744).  Shortly after that, it
appears that the security descriptor is queried and the SIDs are fetched
from the cache, but just after all that takes place, it reports a
"Function not implemented" error followed by a
NT_STATUS_BUFFER_TOO_SMALL error.

I surmise from the archives that the "...TOO_SMALL" error is "just" RPC
reply fragmentation across multiple smbd processes.  (Does that mean it
isn't really a problem?  Is fragmentation of this type OK?)

Regards,
Richard


-
[2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(834)
  reduce_name [Computer Administration/Test]
[/data/samba/shared-documents]
[2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(939)
  reduce_name: Computer Administration/Test reduced to (null)
[2004/10/29 18:25:38, 3] smbd/dosmode.c:unix_mode(111)
  unix_mode(Computer Administration/Test) returning 0744
[2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(834)
  reduce_name [Computer Administration/Test]
[/data/samba/shared-documents]
[2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(939)
  reduce_name: Computer Administration/Test reduced to (null)
[2004/10/29 18:25:38, 4] smbd/open.c:open_file_shared1(1244)
  calling open_file with flags=0x0 flags2=0x0 mode=0744
[2004/10/29 18:25:38, 3] smbd/process.c:process_smb(1092)
  Transaction 19677 of length 88
[2004/10/29 18:25:38, 3] smbd/process.c:switch_message(887)
  switch message SMBnttrans (pid 13461) conn 0x837c740
[2004/10/29 18:25:38, 4] smbd/uid.c:change_to_user(194)
  change_to_user: Skipping user change - already user
[2004/10/29 18:25:38, 3]
smbd/nttrans.c:call_nt_transact_query_security_desc(1903)
  call_nt_transact_query_security_desc: file = Computer
Administration/Test
[2004/10/29 18:25:38, 3]
passdb/lookup_sid.c:fetch_sid_from_uid_cache(152)
  fetch sid from uid cache 500 ->
<>
[2004/10/29 18:25:38, 3]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(226)
  fetch sid from gid cache 500 ->
<>
[2004/10/29 18:25:38, 3]
smbd/nttrans.c:call_nt_transact_query_security_desc(1928)
  call_nt_transact_query_security_desc: sd_size = 120.
[2004/10/29 18:25:38, 3] smbd/error.c:error_packet(105)
  error string = Function not implemented
[2004/10/29 18:25:38, 3] smbd/error.c:error_packet(129)
  error packet at smbd/nttrans.c(101) cmd=160 (SMBnttrans)
NT_STATUS_BUFFER_TOO_SMALL
[2004/10/29 18:25:38, 3] smbd/process.c:process_smb(1092)
  Transaction 19678 of length 88
[2004/10/29 18:25:38, 3] smbd/process.c:switch_message(887)
  switch message SMBnttrans (pid 13461) conn 0x837c740

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind name service required for active directory (ADS) authentication and group-based authorization?

[Luke Mewburn]

On Fri, Oct 29, 2004 at 09:16:02AM -0700, DeStefano, Paul wrote:
  | Solution: ADS, perhaps?
  |
  | I've read lots of documents and they seem to indicated
  | that, when using ADS authentication (by which I mean
  | security=ADS and the proper relm, etc.) winbind is NOT
  | involved in the authentication process. It says smbd
  | participates in Kerberos ticketing, like a normal "Domain
  | Member", to authorize samba clients. (Details found here:
  | http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-me
  | mber.html) I think means it gets the client user authorization
  | directly from ADS; winbind is not involved.
  |
  | Well, if that's true, then samba has everything it needs to
  | authorize clients by group membership, not just authenticate users,
  | without consulting winbind. The Kerberos ticket that it receives
  | during authentication includes all sorts of information about the
  | user...including the users group memberships. Is that right?
  |
  | This isn't particular to ADS, I suppose, now that I think about it;
  | probably the same as before ADS. But, I couldn't find any examples
  | of samba using windows authentication without winbind.
  |
  | You're probably wondering what is going to happen after
  | authentication and authorization without winbind to map users to
  | UNIX UIDs. Me too. That's my follow up question. I hope that samba
  | can use the unqualified username (without the 'DOMAIN\' prefix)
  | to find a match using the normal resolution so that we can just
  | populate /etc/passwd. Think that will work? Actually, we intend to
  | use "force user =", as in the past, so it really doesn't matter what
  | happens with the UID mappings, but samba might not be that clever.
  | It may insist on successfully resolving usernames before checking
  | options like "force user".

If you have a mapping in the passwd(5) file between the username
(without 'DOMAIN\' prefix) and a UID, things should work without
needing "winbind" in nsswitch.conf; the user's password is
checked against ADS and the passwd(5) entry is used to provide a UID.

If there is not a matching entry in passwd(5) for the ADS user,
they will not be able to connect.

Cheers,
Luke.


pgpDJj8YVlSmr.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Symantec AntiVirus/Filtering for Domino detected a virus in a document you authored.

[lxsrv01 . HOLZMANN]

Please contact your system administrator.


The scanned document was QUARANTINED.


Virus Information:
The attachment document09.scr contained the virus [EMAIL PROTECTED] and could
NOT be repaired.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba.schema question

[Misty Stanley-Jones]

I see in samba.schema that it is possible to have multiple SambaDomainName 
entries for a dn.  However I don't see how this does any good because you 
must only have one sambaSID entry per user.  Is there any way to associate 
more than one sambaSID with a dn, so that a user would be authorized to log 
into more than one domain without a trust relationship?  If it's not possible 
now, is it in the works for the future?

Thanks,
Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] group name length limit?

[sharif islam]

I am using samba 3.07 with winbind in AD. I have some long group names
(30 char or more, includes spaces). And I noticed users get access
denied for those groups. Is there a limit on group name length?
Thanks. 

--Sharif

-- 
Sharif Islamhttp://www.sharifislam.com
Research Programmer 
Library Systems Office217-244-4688
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Allow users to delete from read-only share?

[Joe Konecny]

When using Netware I had two directories set up as follows...
1. /data/cad/current
2. /data/cad/hold
I had three groups that controlled access to these directories.
Group A had read-only access to 1.
Group B had read-only and delete access on 1 and read-write on 2.
Group C had read-write on both 1 and 2.
Group A was typically shop floor employees who needed to
view cad drawings.  The reason for group B was so that an
engineer could take a cad drawing file and remove it from 1.
and place it in 2. so that no one could access it while it
was being modified.  When the modifications were complete
and approved a user from group C could put it back.
I cannot figure out any way to do this with Samba.  Any tips?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Add Machine Script

[Anton K.]

Can you send that peace of smb.conf which contains that:
Corral, Randy wrote:
All,
Currently we are running Samba 3.0.7 on Solaris 8 and we are experiencing a
problem that the user system are not being added automatically with the add
machine script:
/usr/sbin/useradd -g machines -d /dev/null -s /bin/false %m
If we run it manually it works. 

Any ideas?
Thanks,
Randy Corral
Information Systems
Brooks Automation
Phoenix, Arizona
602-861-9395 ext. 228
Fax: 602-861-1442
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Daylight time dates for Brazil

[Bruno Gimenes Pereti]

Hi!
Last week all windows workstations changed the clock thinking that the 
daylight time had started but it will start nov, 2. I know this is a windows 
problem so I went to technet.microsoft.com and found this article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;317211
with this article I got the registry key of my workstation corrected. Now I 
want to replicate this configuration to all other workstations. I have a 
samba 3.0.5 PDC and I'm using windows policy to control access and configure 
the workstations so I started to create a .adm file to export this registry 
information. When I was reading about the best way to change the value of 
this registry, I found in the book "Windows System Policy Editor" from 
O'Reilly that "Since this registry key has a hex value (REG_BINARY), it is 
not possible to change it using a policy template".
Ok! I can't replicate it with policy but I still can make a reg file and 
change the values within the logon script. Here comes another problem... 
normal users don't have permission to change the value of this registry so I 
have to find a way to change permission to the registry. I know I can use 
regini.exe but it must be running in a windows computer and the workstation 
must be online.

I hope someone call me fool and say I'm complicating everything. It really 
should be easier.

any help, sugestion, idea?
thanks!
Bruno Gimenes Pereti. 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Again Linux, Mac OS etc...

[Sascha Guido Zumbusch]

Hi there

Again with the same question, but with a little more information
technically.

Config:

1 Samba File Server (Suse Linux)
40+ M$ Clients (NT, W2K, XP)
4 Mac OS X clients (10.2,10.3)

Authentication throug NT PDC

Everything works fine for the M$ part of it.

Problem: when someone from the OS X side log onto the share it looks
nice by first sight, but the file permissions, owner and group of the
files and directory are not correct.

The users log on through PDC but gets the user id 'nobody'...
On the client side the file permissions, owner and group look totally
different FOR THE SAME FILE.

Example (two views on the same file):

share side: -rwxrwxr-x   domain-ID, domain-GID (this is ls -l on the Linux side)
client side:-rwx-r-x-r-x osx-id, wheel (this is ls -l on the OS X side)

Therefore it is not possible for the client user to change a file and
save it on the share again, because from the viewpoint of OS X, he has
no group write permission.

New files are possible, but get the settings:
-rwx-r-xr-x 'nobody', domain-GID

The relevant settings in the smb.conf are all 775.


What can I do to get rid of this? Any ideas outthere?

All Apple related descriptions assume to use the MAC as SMB Server.
No one talks about a MAC as SMB client.

Thanks for even thinking about that:o(
Sascha Guido Zumbusch

--
Sascha Zumbusch Tel:+49.3381.889898
Hauptstr. 43, D-14776 Brandenburg an der Havel  Fax:+49.3381.410065
mailto:[EMAIL PROTECTED]ICQ:30-505-053 GSM:+49.179.1793259875

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Add Machine Script

[Corral, Randy]

All,

Currently we are running Samba 3.0.7 on Solaris 8 and we are experiencing a
problem that the user system are not being added automatically with the add
machine script:

/usr/sbin/useradd -g machines -d /dev/null -s /bin/false %m

If we run it manually it works. 

Any ideas?

Thanks,

Randy Corral
Information Systems
Brooks Automation
Phoenix, Arizona
602-861-9395 ext. 228
Fax: 602-861-1442

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] MAC OS X and Samba Shares > 2 TB

[AndyLiebman]

Does somebody know if the Samba Client in MAC OS X (10.3.4 and 10.3.5) has 
problems looking at Linux-based Samba shares that are larger than 2 TB? 

I have Samba 3.0.2 running on my Linux box. I have never had any difficulty 
with the Mac seeing a 2 TB RAID array on the Linux box, but when the Mac looks 
at the 4 TB array, it can see all the contents and create folders but it can't 
create any new files. And in the "Get Info" for the 4 TB Samba share, the Mac 
tells me that there is "zero K" of space left on the drive. 

My Windows XP machines don't have a problem looking at the same share, or in 
creates files on the share. 

I don't think it's a permission thing because: 

a) I have made the share Read/Write for all users
b) I am logging on with the same username and password from both the Windows 
and Mac machines

Any ideas? 

Regards, 
Andy Liebman
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] winbind name service required for active directory (ADS) authentication and group-based authorization?

[DeStefano, Paul]

Hello Samba Gurus,

Is using the winbind name service required in order to get authentication AND 
authorization via ADS?  I'll explain further.

Goal: create samba share for which clients are authenticated via native ADS and access 
is based on ADS group membership.

I've actually done this in the old Windows NT world.  Worked okay.  It's wasn't too 
hard, except for the winbind piece (see problem below.)  But, now, I question the 
necessity of winbind in the case that samba uses ADS authentication.

Problem: On Solaris 8, passwd binary will not accept 'winbind' in /etc/nsswitch.conf.  
(I've been over this many times.  In the past, we wrote an interposer lib for the 
fopen() call, which I posted, and pre-loaded it on smbd, but libnss has been changed 
since then and it doesn't work any more...long story.)

Solution:  ADS, perhaps?

I've read lots of documents and they seem to indicated that, when using ADS 
authentication (by which I mean security=ADS and the proper relm, etc.) winbind is NOT 
involved in the authentication process.  It says smbd participates in Kerberos 
ticketing, like a normal "Domain Member", to authorize samba clients.  (Details found 
here: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html)  
I think means it gets the client user authorization directly from ADS; winbind is not 
involved.

Well, if that's true, then samba has everything it needs to authorize clients by group 
membership, not just authenticate users, without consulting winbind.  The Kerberos 
ticket that it receives during authentication includes all sorts of information about 
the user...including the users group memberships.  Is that right?

This isn't particular to ADS, I suppose, now that I think about it; probably the same 
as before ADS.  But, I couldn't find any examples of samba using windows 
authentication without winbind.

You're probably wondering what is going to happen after authentication and 
authorization without winbind to map users to UNIX UIDs.  Me too.  That's my follow up 
question.  I hope that samba can use the unqualified username (without the 'DOMAIN\' 
prefix) to find a match using the normal resolution so that we can just populate 
/etc/passwd.  Think that will work?  Actually, we intend to use "force user =", as in 
the past, so it really doesn't matter what happens with the UID mappings, but samba 
might not be that clever.  It may insist on successfully resolving usernames before 
checking options like "force user".

I hope that made sense.  It only took me slightly longer to compose this message than 
to compile samba with krb-auth and test it myself, so I hope someone out there has 
some insights.  To be honest, I did try it, but I'm not sure I compiled it all 
correctly.  It wasn't clear from the errors what was the actual problem.  And, I 
couldn't get it to work *with* winbind, either, so that's why I'm posting.

Thank you,
Paul

__
Paul DeStefano
paul.destefanonwdc.net

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: WinXP vs Samba: domain controller could not be contacted

[Martin Wartens]

Finally I found out that I had to add the samba server's IP address to the wins 
entry in the network configuration and reboot afterwards. I also switched 
on "enable netbios over TCP/IP". The Norton Internet Security firewall can also 
cause this "domain could not be contacted" error, how I found out independently 
from the above problem. 
Later I stumbled in another problem: When I tried to join the domain I got the 
error message "user does not exist". I found out that the "add user script" 
doesn't add machines anymore and is now called "add machine script". Again this 
error left no trace in the logs. Why are there logs if they don't log anything? 
Setting up XP with Samba was a real nightmare. Why isn't there some useful 
documentation that shows which settings really need to be made in Windows XP? 
Why aren't there useful error messages?
So long, Martin

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to prevent users from modifying access rights

[.]

Gerald (Jerry) Carter schrieb:
. wrote:
|
| Hi,
|
| how can I prevent users from modifying access rights on files and
| directories on a share (on an ext3 partition with ACLs)?
|
| Users must be able to read from arbitrary directories on
| the share  belonging to groups they are not members of, and
| they must have write access to files belonging to other users
| in the same group, sometimes to files/directories that are
| owned by users of other groups. But they must not be able to
| modify the access rights of files owned by users in the
| same group; eventually it will be useful to deny
| modifying access rights to all users.
set all files to be owned by root :-)  and make sure that
'dos filemode = no'   That should do it.   (but give the
user's the necessary write permissions).
Hm, the manpage says on ´dos filemode´:
> The default behavior in Samba is to provide UNIX-like behavior where
> only the owner of a file/directory is able to  change  the
> permissions  on  it. [...]
> Enabling this parameter allows a user who
> has write access to the file (by whatever means) to modify the
> permissions on it. Note that a user belonging to the group own­ing
> the file will not be allowed to change permissions if the group is
> only granted read access.­
There will be files like that:
directory-1 peter:staff
  |
  |-- file-1peter:staff
  |-- file-2hubba:staff
  |-- file-3elisa:users
  |-- file-4laura:birds
  |-- subdirelisa:users
|-- file-A  elisa:users
|-- file-B  hubba:staff
directory-2 hubba:staff
  |
  |-- file-1peter:staff
  |-- file-2hubba:staff
  |-- file-3elisa:users
  |-- file-4laura:birds
  |-- subdirelisa:users
|-- file-A  elisa:users
|-- file-B  hubba:staff
... and so on. Members of group ´staff´ must have RW access on _all_ 
files in directory-1, and some users of other groups must have that 
also. Other users must have read access to the directories, eventually 
excluding some of their contents.

Most of the directories (and groups) will represent departments of the 
organisation (if there isn´t a better solution). The problem is that I 
cannot get the users to stick to their designated directories :( They 
definitely want what I call ´chaotical access rights´ --- and I cannot 
figure how I could provide that, even with ACLs.

For ´peter´ of ´staff´ is the chief of the department directory-1 
represents/belongs to, I could (want) reasonably give ´peter´ of ´staff´ 
the right to modify access rights on directory-1 and anything it 
contains. But other users must not be able to modify the rights.

An alternative is to maintain the access rights myself, but I´d rather 
like to avoid that --- and it won´t work anyway because users creating 
files within the directories will thereby be able to set the rights on 
their files (unless I could somehow prohibit that). That is even the 
default behaviour (i. e. ´dos filemode = no´).

I´ve tried to use ´directory security mask´ and ´security mask´, but 
setting them to  allows a user to change the rights exactly once 
(instead of denying any changes what was what I expected): When 
attempting to set any rights, the rights just get masked to  and 
then are set on the file/directory --- thereby, any further access is 
effectively denied.

With ´dos filemode = yes´, any other users having write access to files 
in directories would be able to modify the access rights, but I do not 
want them to be able to.

Even our rather over-aged Netware server we´re going to migrate from, 
running Netware 3.2(!), can handle the demand of chaotical access rights 
without having to thing about it. I need that same capability on the new 
Linux server ...

It´s not that I would like such a thing, but I´m facing the demand. The 
answer to questions like ´Which users can access this directory?´ is 
always ´I don´t know, and that would be very difficult to find out ...´ 
 But at least, users cannot modify the access rights unless I 
allow them to. Having users modifying the rights would mean having no 
more control at all:

´Which users can access that directory?´ --- ´I don´t know, and that 
cannot be found out because users can grant access to anything 
theirselves whenever they want ...´, that´s somewhat fatal :) --- And my 
tests showed that users can even delete whole directories though I took 
off all their rights from them. This is very intricated ...

GH
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] (no subject)

[Ross McInnes]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba4 reaches the "Susan" stage

[rruegner]

Hi,
perhaps we should spend some roses to Susan
to be the first Lady of Samba !!!
Thx to both of you for hard coding times
Regards Robert
[EMAIL PROTECTED] schrieb:
Samba4 reached an important milestone tonight, as I installed it for
my wife to use as her file server for all of her important documents,
email, the book she is working on etc.
Those of you who have been around Samba development for a while will
know that my wife tends to be the first test user of major new
versions of Samba, and she volunteered again this time. Susan played a
large part in the original motivation to develop Samba more than 12
years ago, so she knows how useful it is to have a local test user.
Reaching this stage does not mean that you should now go and install
Samba4 on your production servers. Only a very keen (foolish?) person
would do that. The code is quite incomplete, and is missing major
features such as no netbios name server, no winbind, no admin tools,
and very little documentation. So unless you are a keen C programmer
then stay well clear for the moment.
What this milestone means is that the code is now fairly robust, and
that major applications (Eudora, OpenOffics.org, MS Word, Firefox etc)
all work well and that I am quite confident of not losing data. Of
course, I also have a very strict automated backup regime setup for my
wife, so if I'm wrong about the robustness we can recover without me
having to cook dinner for a week as penance.
The code isn't available as a "alpha" quality release yet, as there
are just too many missing features, although I do plan on doing a
"snapshot" release shortly (maybe within a week?).
So far the only problem on my wifes machine is that Eudora startup is
a bit slow. That is caused by Norton Anti-Virus on her WinXP box
scanning all the dlls and the exe, along with the fact that Samba4
does not yet have oplocks, so the client cannot cache the files for
fast re-scanning. With norton disabled startup is fast.
If you want to get involved in Samba4 development then see
http://devel.samba.org/, checkout the code, and start reading. Having
at look at the (incomplete) prog_guide.txt is a good idea.
If you just want to see some slides on the design of Samba4, then
there are some links to various talks I've given on my homepage at
http://samba.org/~tridge/
I'd like to thank everyone who has worked so hard over the last couple
of years to get us this far. It's been a long haul, but the results
are well worth it. Samba4 is a great basis for future Samba
development.
In particular I'd like to thank the members of the Samba Team who have
put so much into the development of Samba4. It's been a great team
effort, and a lot of fun.
Now back to more coding 
Cheers, Tridge
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Issue with two domains in one LDAP tree

[Misty Stanley-Jones]

On Friday 29 October 2004 09:18, Misty Stanley-Jones wrote:
> Hi,
>
> I've just moved a second Samba domain to LDAP -- it works great!  However,
> the first domain is now dead in the water.  It refuses to autenticate, and
> from the logs it looks like it's not find the SambaDomainName entry in the
> LDAP tree.  Here is a diagram of how my LDAP tree is set up.
>
> dc=mycompany,dc=com
>
> |___ ou=computers
> |___ ou=people
> |___ ou=groups
> |___ sambaDomain=domain1
> |___ ou=domain2
> |
>   |___ ou=computers
>   |___ ou=people
>   |___ ou=groups
>   |___ sambaDomain=domain2
>
> In domain1's smb.conf, I have:
> ldap suffix = dc=mydomain,dc=com
>
> In domain2's smb.conf, I have:
> ldap suffix = ou=domain2,dc=mydomain,dc=com
>
> Domain2 is working flawlessly.  Domain1, however, is not.  When I do a
> simple 'smbclient -L localhost' as root, I get the following log from slapd

> Misty

I resolved this by putting DOMAIN1 into its own OU.  In the future it might be 
nice to be able to tweak the search scopes with a little more granularity in 
smb.conf.  But I think this way is actually cleaner in the long run.

Thanks again,
Misty

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Issue with two domains in one LDAP tree

[Misty Stanley-Jones]

Hi,

I've just moved a second Samba domain to LDAP -- it works great!  However, the 
first domain is now dead in the water.  It refuses to autenticate, and from 
the logs it looks like it's not find the SambaDomainName entry in the LDAP 
tree.  Here is a diagram of how my LDAP tree is set up.

dc=mycompany,dc=com
|___ ou=computers
|___ ou=people
|___ ou=groups
|___ sambaDomain=domain1
|___ ou=domain2
|___ ou=computers
|___ ou=people
|___ ou=groups
|___ sambaDomain=domain2

In domain1's smb.conf, I have:
ldap suffix = dc=mydomain,dc=com

In domain2's smb.conf, I have: 
ldap suffix = ou=domain2,dc=mydomain,dc=com

Domain2 is working flawlessly.  Domain1, however, is not.  When I do a simple 
'smbclient -L localhost' as root, I get the following log from slapd at 
loglevel 256:

Oct 29 09:03:23 oink slapd[5290]: conn=88 fd=16 ACCEPT from IP=127.0.0.1:32841 
(IP=0.0.0.0:389) 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND 
dn="cn=Manager,dc=borkholder,dc=com" method=128 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND 
dn="cn=Manager,dc=borkholder,dc=com" mech=SIMPLE ssf=0 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 RESULT tag=97 err=0 text= 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH 
base="dc=borkholder,dc=com" scope=2 deref=0 
filter="(&(objectClass=sambaDomain)(sambaDomainName=corp1))" 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH attr=sambaDomainName 
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID 
sambaAlgorithmicRidBase objectClass 
Oct 29 09:03:23 oink slapd[5290]: <= bdb_equality_candidates: 
(sambaDomainName) index_param failed (18) 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text= 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH 
base="dc=borkholder,dc=com" scope=2 deref=0 filter="(&(uid=root)
(objectClass=sambaSamAccount))" 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH attr=uid uidNumber 
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange 
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive 
sambaHomePath sambaLogonScript sambaProfilePath description 
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword 
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial 
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory 
modifyTimestamp sambaLogonHours modifyTimestamp 
Oct 29 09:03:26 oink slapd[5290]: <= bdb_equality_candidates: (uid) 
index_param failed(18) 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SEARCH RESULT tag=101 err=0 
nentries=2 text= 
Oct 29 09:03:26 oink slapd[5290]: conn=88 fd=16 closed 
Oct 29 09:03:27 oink slapd[5290]: conn=24 fd=18 closed 
 
I also want to say that the reason I have domain2 off in its own subtree is 
that it is going to eventually control its portion of the tree and take 
referrals from the main LDAP tree.  It's over a T1 from the main office and I 
want to keep bandwidth down.  I could put domain1 in its own subtree as well, 
but it seems a little overkill if I can avoid it since there will be about 50 
users of domain1 and only about 10 of domain2.

Thanks for any help you can give,
Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba hangs

[Paul Gienger]

nothing happens.  I then have to reboot.  I have been running this 
system for 2 years and it just started this.  Any ideas?
Well you state that both rsync and samba are having problems and that 
rsync is throwing I/O errors on a system that has been in service a 
couple of years.  Sounds like a hardware/filesystem error. 

Or it could be the multiple identical posts to listservs in short 
succession that are causing your system hangs. :-P

--
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba hangs

[Philip Washington]

On 3 occasions in the last 2 week  my  samba server has hung up.  It has 
occurred each time when I am  trying to do a full backup copy of the 
file server.
It appears to be happening at the same place, I'm guessing based on the 
number of files which are being transfered.When I look at the rsync 
which is running  I just see a long line of files with I/O errors.

When I try to shutdown smb, I can't.
#service smb stop
Shutting down smb   [Failed]
Shutting down nmb   [Failed]
When I look at
#ps -aux|grep smbd
I get a long list of pid's.  Whenever I try to kill one of these pid's with
kill x
or kill -9 x
or kill -15 x
killall smbd
nothing happens.  I then have to reboot.  I have been running this 
system for 2 years and it just started this.  Any ideas?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba hanging

[Philip Washington]

On 3 occasions in the last 2 week  my  samba server has hung up.  It has 
occurred each time when I am  trying to do a full backup copy of the 
file server. 

It appears to be happening at the same place, I'm guessing based on the 
number of files which are being transfered.When I look at the rsync 
which is running  I just see a long line of files with I/O errors.

When I try to shutdown smb, I can't.
#service smb stop
Shutting down smb   [Failed]
Shutting down nmb   [Failed]
When I look at
#ps -aux|grep smbd
I get a long list of pid's.  Whenever I try to kill one of these pid's with
kill x
or kill -9 x
or kill -15 x
killall smbd
nothing happens.  I then have to reboot.  I have been running this 
system for 2 years and it just started this.  Any ideas?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Hi

[Shinyashiki]

--  Virus Warning Message (on the network)

Price.exe is removed from here because it contains a virus.

---  Virus Warning Message (on the network)
(B
(BFound virus WORM_BAGLE.AT in file Price.exe
(BThe file is deleted.
(B
(BTherefore we removed the attachment-file
(Bby Mail Server and sent the message to you.
(B
(B(Japanese)
$BK\%a!<%k$KE:IU$5$l$F$$$?%U%!%$%k$K%&%#%k%9$,[EMAIL PROTECTED](B
$B$=$N$?$a!"%a!<%k%5!<%P$K$h$C$FE:IU%U%!%$%k$r-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Possible to map root to group via winbind?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Graham Dunn wrote:
|> Try setting 'dos filemode = yes'
|
| No luck.
|
| drwxrwx---+ 2 root  Domain Admins  512 Oct 29 09:07 test2/
|
| %getfacl test2/
| #file:test2/
| #owner:0
| #group:10018
| user::rwx
| user:GrahamD:rwx
| group::rwx
| mask::rwx
| other::---
|
| As grahamd, I still get
|
| "unable to save permission changes on test2. Access is denied."
HmmI'll check the code.  This should have worked.
| PS.
| http://www.plainjoe.org/gpg_public.asc results in a 404.
Ahhh...got dropped during the site redesign.  Thanks.
I'll fix that.

ciao, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBgkfSIR7qMdg1EfYRApGhAKDTNnbz3GwDo1Le1qMA2c51mk02zwCdGpdI
FpM2qJ5RKkaiYwZIYQ5CbqQ=
=EqEg
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Possible to map root to group via winbind?

[Graham Dunn]

Gerald (Jerry) Carter wrote:
Graham Dunn wrote:
| samba 3.0.7, freebsd 5.2.1
|
| My /usr/local/etc/samba-user.map looks like
|
| root = DEV.grahamd
|
| I would like to modify the ACLs on a directory that look like so:
|
| drwxrwx---  2 root  Domain Admins  512 Oct 28 16:41 test2/
|
| (if I chown the directory to my DEV.grahamd account, I
| can change ACLs to my heart's content)
|
| I'm operating under the assumption that only root, or
| the owner of a  file can change it's ACLs through windows
| explorer (at least, that way always works in this case).
Try setting 'dos filemode = yes'
No luck.
drwxrwx---+ 2 root  Domain Admins  512 Oct 29 09:07 test2/
%getfacl test2/
#file:test2/
#owner:0
#group:10018
user::rwx
user:GrahamD:rwx
group::rwx
mask::rwx
other::---
As grahamd, I still get
"unable to save permission changes on test2. Access is denied."
PS.
http://www.plainjoe.org/gpg_public.asc results in a 404.


cheers, jerry
-
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to prevent users from modifying access rights

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
. wrote:
|
| Hi,
|
| how can I prevent users from modifying access rights on files and
| directories on a share (on an ext3 partition with ACLs)?
|
| Users must be able to read from arbitrary directories on
| the share  belonging to groups they are not members of, and
| they must have write access to files belonging to other users
| in the same group, sometimes to files/directories that are
| owned by users of other groups. But they must not be able to
| modify the access rights of files owned by users in the
| same group; eventually it will be useful to deny
| modifying access rights to all users.
set all files to be owned by root :-)  and make sure that
'dos filemode = no'   That should do it.   (but give the
user's the necessary write permissions).


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBgkDCIR7qMdg1EfYRAvU8AJ9nNeVmO27o7yPZ/TsUcBxssBHuAACdGTzW
Nj7dPSEy+GqjXRZdx/i20eQ=
=Khy2
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] All users able to access printer

[Jason C. Waters]

You could try adding:
guest ok = no
Shailesh P Shirali wrote:
Hi all,
 I have setup with linux samba-server(ver 2.2.1a) as my
print-server under user security model with printer access allowed only
for a few users. It's so happening that samba is allowing any users to
fire print jobs on the shared printers,even those users who are not in
the valid users list. 
However it is fine with normal shared folders ,where only the valid user
are able to watch the shared-folders. 

Any idea why this happening , is there some bug in this version.
below is the smb.conf I'm using.
[global]
security=user
netbios name=PRINT-SERVER
workgroup=WORKGROUP
load printers=yes
printer admin=user
printcap name=/etc/printcap
printing=cups
[print$]
path=/usr/local/samba/print
read only=yes
browseable=no
guest ok=yes
write list=user
[Lexmark]
path=/var/disk1/print/spool
read only=no
valid users= ABC XYZ
max connections=50
printer=prn
printable=yes
browseable=yes
comment=Lexmark  Z700-P700 Serie
 
rgds
Shailesh P Shirali
Teneoris Networks
   

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] All users able to access printer

[Shailesh P Shirali]

Hi all,
 I have setup with linux samba-server(ver 2.2.1a) as my
print-server under user security model with printer access allowed only
for a few users. It's so happening that samba is allowing any users to
fire print jobs on the shared printers,even those users who are not in
the valid users list. 
However it is fine with normal shared folders ,where only the valid user
are able to watch the shared-folders. 

Any idea why this happening , is there some bug in this version.
below is the smb.conf I'm using.

[global]
security=user
netbios name=PRINT-SERVER
workgroup=WORKGROUP
load printers=yes
printer admin=user
printcap name=/etc/printcap
printing=cups
[print$]
path=/usr/local/samba/print
read only=yes
browseable=no
guest ok=yes
write list=user
[Lexmark]
path=/var/disk1/print/spool
read only=no
valid users= ABC XYZ
max connections=50
printer=prn
printable=yes
browseable=yes
comment=Lexmark  Z700-P700 Serie
 
rgds
Shailesh P Shirali
Teneoris Networks
   

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Strange UNICAST message

[Gustavo Lima]

Hi Everybody,

Trying to solve the strange problems of samba over WAN I found something in the logs 
that can be usefull.

When I try to see the trusting accounts on samba I receive the message:

dfbsa58:~# net rpc trustdom list
Password:
Trusted domains list:

TESTE-CES-1-5-21-619649889-1864520048-1540833222
TESTE-MGS-1-5-21-555433511-900955293-314601362

Trusting domains list:

TESTE-MG
Unable to find a suitable server
domain controller is not responding
TESTE-CE
Unable to find a suitable server
domain controller is not responding

The strange thing is these 2 machines are working fine on the side of the wan 
connection. looking for something diferent in the logs I found this message:

[2004/03/24 18:10:51, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(271)
  dump_workgroups()
   dump workgroup on subnet   10.1.0.58: netmask=255.255.0.0:
GEPOR(3) current master browser = GEPOR05
GEBEM(2) current master browser = GEBEM06
TESTE-MATRIZ(1) current master browser = DFBSA58
DFBSA58 400c9b2b (Samba Server 3.0.7-Debian)
TRIGO 40009a03 (trigo server (Samba 2.2.3a-13 for Debian))
DFBSA66 40029007 ()
[2004/03/24 18:10:51, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(271)
  dump_workgroups()
   dump workgroup on subnet  UNICAST_SUBNET: netmask=0.0.0.0:
TESTE-MATRIZ(1) current master browser = UNKNOWN
DFBSA58 40099b2b (Samba Server 3.0.7-Debian)

Why, when samba looks over UNICAST_SUBNET it don´t find him self?

I believe this is one of my problems. Can you confirm?

My smb.conf is like this:

# Global parameters
[global]
workgroup = TESTE-MATRIZ
netbios name = dfbsa58
admin users= @"Domain Admins"
server string = Samba Server %v
security = user
encrypt passwords = true
min passwd length = 6
obey pam restrictions = No
ldap passwd sync = Yes
log level = 62
syslog = 0
log file = /var/log/samba/log.%m
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_THROUGHPUT
name resolve order = wins lmhosts host bcast
remote announce = 10.1.0.58 10.21.0.8 10.51.0.8
remote browse sync = 10.1.0.58 10.21.0.8 10.51.0.8
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1

logon script = logon.bat
logon drive = H:
logon home =
logon path =

domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins server = 10.1.0.61
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=company,dc=com,dc=br
ldap suffix = dc=matriz,dc=company,dc=com,dc=br
ldap group suffix = ou=grupos
ldap user suffix = ou=usuarios
ldap machine suffix = ou=maquinas
ldap idmap suffix = ou=Idmap
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g" 
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

# printers configuration
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no

[homes]
comment = Pasta de %U, %u
read only = No
create mask = 0644
directory mask = 0775
browseable = No

[netlogon]
path = /home/netlogon/
browseable = No
read only = yes

[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles 
force user = %U 
# next line allows administrator to access all profiles 
valid users = %U "Domain Admins"

;[printers]
;comment = Network Printers
;printer admin = @"Print Operat

[Samba] Windows 2003 & Samba

[Young, Darren]

Have a RedHat Enterprise 3.0 system running Samba 3.0.7 with a few
shares. When I do a net view or browse that system from any Windows 2000
system it works just fine. Now, when I net view or browse from a Windows
2003 server I get:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

P:\>net view \\server
System error 50 has occurred.

The request is not supported.

Any suggestions as to what is causing this (outside of the usual MS is
evil clause)?

-
| Darren Young  | http://www.chicagogsb.edu |
| Senior UNIX Administrator | [EMAIL PROTECTED]   |
| University of Chicago GSB | [EMAIL PROTECTED] |
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with smbmount

[Jerome Tytgat]

Hello list,
I have a problem with my samba shares.
I have a server with samba installed on it (3.0.7-Debian).
I have workstations under wxp and workstations under linux.
I have a common share which looks like this :
[Archive]
available = yes
valid users = user1, user2
comment = Repertoire Archive
browseable = yes
write list = user1, user2
writable = yes
admin users = user1
path = /home/archives
user = user1, user2
force user = root
I connect my wxp to the share without problem and
can read/write. Of course all new files are created
under the "root" user as requested by the "force user"
option.
I can connect my linux to this share using
mount -t smbfs -o rw,username=user1,password=xxx //server/Archive /mnt/server/archive,
(either using smbmount does the same behaviour)
I can do all the read I want, but I can't make any write.
It looks like my workstation get confused by the rights.
If I go in a directory where the user1 have RW access, I can
create a file, and it is automaticllay given to root (according
to the option "force user"), but I can't make any write
where the user "root" is the owner of the directory.
It works well under Windows XP workstation, it does not works under linux
workstation (which is a Kanotix/Knoppix/Debian distribution), that's
why I think it's a problem with smbmount/mount -t smbfs
Any idea ?
Thanks
--

> Jérôme Tytgat
Administrateur  Réseau  et  Sécurité
ASTERION -   Impasse de la Hache
CP 5911   -   44 477 CARQUEFOU CEDEX
T: 02 40 300 800 - F: 02 40 25 10 74

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Trusting and trusted domain (home mapping) problem

[Adrian Chow]

Hi Igor,
Once again, thanks for keeping up with me.  I have been migrating my 
master ldap server to 2.1 version so to keep it the same with the PDCs 
version of LDAP.  Now they are the same.

I have rectified such that "wbinfo -u" on both sides worked now.  I am 
made "net rpc trustdom list" worked.  It was not working before.  I had 
to put "stuadmin = root" in the student PDC's smbusers file.  And I had 
to put "Administrator = root" in the staff's PDC's smbusers file to get 
the "net rpc trustdom list" to work.  I did not have a uid=root you see.

Now "net use x: /home" by the Dom B user (grade2 in this case) on the 
Domain_A_machine still does not work.  The /var/log/samba/Dom_A_machine 
from the Domain_A_PDC will be sent separately as I don want to post it 
on the lists.
The /var/log/samba/Domain_A_PDC from Domain_B_PDC will be sent to you too.

My view on the logs
-
I believe by reading it, it will hold the key why it did not work.  I 
believe during authentication, Domain_A_PDC got the information of 
Domain_B_user from Domain_B_PDC properly.  But it cannot find 
Domain_B\Domain_B_user in the Get_Pwnam_internals function.  It can only 
find Domain_B_user in the Get_Pwnam_internals function!  Now because it 
finds Domain_B_user and not Domain_B\Domain_B_user, Domain_A_PDC will 
NOT use the data that it has gotten from the Domain_B_PDC.

Now, I then think that it has something to do with libnssldap.conf, 
pam_ldap.conf and ldap.conf file.

Here is my config:-
libnssldap.conf, pam_ldap.conf and ldap.conf is configured to see both 
domain's data.
On the smb.conf, the ldapsam backend is ONLY seeing its own domain data.
"getent passwd" on either PDC will see both domain's users.
my nsswitch.conf is doing "compat ldap" rather than "compat winbind". 
Hence "getent passwd" will then give user as "domain_b_user" rather than 
"domain_B\domain_b_user".

Is this the right way to do it?  If I make sure the "getent passwd" is 
ONLY seeing its own domain ,then I cannot login into the other domain !!

Hope when I sent you the files, you will be able to help.  Thanks for 
giving that hope that you made it working before.  Thanks for not 
posting up the logs and the conf files.

Cheers,
adrian
Igor Belyi wrote:
Adrian Chow wrote:
Hi Igor,
Here are my smb.conf files for feanor and gloin.  They are the PDCs 
for the staff and student domain.  My ldaps in the PDCs are configured 
to update to the master LDAP which have the lower version of LDAP.  
Upon update the master, the master will then update the slave ldaps 
which are the PDCs.
 

Setup looks fine. At least, I don't see any problem with it. The next 
step then will be to collect 'log level = 5' trace during login and LDAP 
entries for both users from DomainA and DomainB which you use to test 
home mounts. But I would recommend to update Samba to 3.0.7 in both PDCs 
first.

I did not post it up to the samba lists cause i wonder would it bleach 
the security for my servers.  Hope you understand.  Let me know your 
concerns in this.

I always thought that people avoid posing their config files due to 
liability problems (don't want their users to know that they have 
problems) than due to security concerns.. But, I can be wrong and 
probably this information could be used for mischief. But be warn that 
smbd logs usually have more information than config files.

It's fine with me if you don't want to post your config on the list as 
long as you post the solution to your problem afterwards. :)

Igor

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] trouble to connect to window$ share with netbios name

[Mack Christian]

Hello
I got this message :

3614: Connection to XP failed
SMB connection failed
___
when i try to mount mount a share with netbios name like that:
$mount -t smbfs -o username=test,password=test //Xp/share /mnt/floppy
if i mount the same share with ip address that's no problem.
if i test this :
$smbclient -U=test -L 192.168.4.248
i get that output:

Domain=[Xp] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
Sharename   Type  Comment
   -     ---
   IPC$  IPC   IPC remote
   share  Disk
   ADMIN$   Disk 
   C$  Disk  Default Share
session request to 192.168.4.248 failed (Called name not present)
session request to 192 failed (Called name not present)
Domain=[XP] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]


if i do the same with netbios name:
$smbclient -U=test -L Xp
i have that one :
___
Connection to Xp failed
___
any help could...help
chris

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba4 reaches the "Susan" stage

[tridge]

Samba4 reached an important milestone tonight, as I installed it for
my wife to use as her file server for all of her important documents,
email, the book she is working on etc.

Those of you who have been around Samba development for a while will
know that my wife tends to be the first test user of major new
versions of Samba, and she volunteered again this time. Susan played a
large part in the original motivation to develop Samba more than 12
years ago, so she knows how useful it is to have a local test user.

Reaching this stage does not mean that you should now go and install
Samba4 on your production servers. Only a very keen (foolish?) person
would do that. The code is quite incomplete, and is missing major
features such as no netbios name server, no winbind, no admin tools,
and very little documentation. So unless you are a keen C programmer
then stay well clear for the moment.

What this milestone means is that the code is now fairly robust, and
that major applications (Eudora, OpenOffics.org, MS Word, Firefox etc)
all work well and that I am quite confident of not losing data. Of
course, I also have a very strict automated backup regime setup for my
wife, so if I'm wrong about the robustness we can recover without me
having to cook dinner for a week as penance.

The code isn't available as a "alpha" quality release yet, as there
are just too many missing features, although I do plan on doing a
"snapshot" release shortly (maybe within a week?).

So far the only problem on my wifes machine is that Eudora startup is
a bit slow. That is caused by Norton Anti-Virus on her WinXP box
scanning all the dlls and the exe, along with the fact that Samba4
does not yet have oplocks, so the client cannot cache the files for
fast re-scanning. With norton disabled startup is fast.

If you want to get involved in Samba4 development then see
http://devel.samba.org/, checkout the code, and start reading. Having
at look at the (incomplete) prog_guide.txt is a good idea.

If you just want to see some slides on the design of Samba4, then
there are some links to various talks I've given on my homepage at
http://samba.org/~tridge/

I'd like to thank everyone who has worked so hard over the last couple
of years to get us this far. It's been a long haul, but the results
are well worth it. Samba4 is a great basis for future Samba
development.

In particular I'd like to thank the members of the Samba Team who have
put so much into the development of Samba4. It's been a great team
effort, and a lot of fun.

Now back to more coding 

Cheers, Tridge
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] how to prevent users from modifying access rights

[.]

Hi,
how can I prevent users from modifying access rights on files and 
directories on a share (on an ext3 partition with ACLs)?

Users must be able to read from arbitrary directories on the share 
belonging to groups they are not members of, and they must have write 
access to files belonging to other users in the same group, sometimes to 
files/directories that are owned by users of other groups. But they must 
not be able to modify the access rights of files owned by users in the 
same group; eventually it will be useful to deny modifying access rights 
to all users.

How can that be achieved?
GH
--
for i in "*.txt"; do mail -s $i hwilmer < $i; done
su: $i: ambiguous redirect
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Thanks :)

[Barryc]

** Message from InterScan E-Mail VirusWall NT **

** WARNING! Attached file Price.exe contains:

 WORM_BAGLE.AT virus

   Attempted to clean the file but it is not cleanable.
   It has been deleted.
* End of message ***

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Administrator

[darryl penny]

Hi to the list.

Our network = mix of Win98 and XP Pro logging onto Samba3.04 hosted on SuSE9.1
Auth is via passwd and smbpasswd.
No Microsoft AD at all - Samba does all the auth, therefore winbind is not
required?
I would like to logon to some of the XP Pro boxes as a normal network user,
but at the same time be 'Administrator' on the machine. Adding myself to the
Administrator's group on the pc has no effect when logging on via the network.

I've looked and looked and browsed the Samba archives, but so far I've found
nothing to help me.

Can anyone please point me to a solution?

TIA
Darryl

--
Edgemead High School, Cape Town
Tel +27215581132
Fax +27215584407
Cell +27823752081
-
Powered by SuSE 9.1 and the OpenWebmail project
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] help

[QinXuguo]

Dear samba team:
 This is the first time I use samba. I want to install it on
Solaris but I don’t know which release of samba is fit for our
workstation. So I hope I can get more and fast information from you. The
details of our workstation is following:
 Workstation Type: SUNW, Ultra-5_10; sparc; sun4u
 OS: SunOS release 5.8 Generic_108528-01
 
 I have installed Samba-2.2.8a for sol8 but I could not share
files of Solaris with windows. I have some questions decribed below:
 1. After install samba, I find a file,
/etc/init.d/samba.server. I wanna use this file to restart the samba
services (nmbd & smbd). But the samba daemons don’t start up. Why?
 2.I ever used swat to comfig smb.conf file. After that I
clicked ‘restart’ button of ‘nmbd’ and ‘smbd’ and the page
refreshed the informations which showed that ‘smbd’ was running and
‘nmbd’ was not running. However, I typed command ps ?aux | grep
(s/n)mbd and didn’t get the PID of smbd but I could get the ID of nmbd.
Why?
 
 Because I don’t know whether this version is fit for my
workstation, I am not sure why the problems came out. 
 Could you please answer me ASAP. Thanks you very much!
 
Winfree
2004-10-22
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba