[Samba] segmentation fault
Dear sir, I have configured samba with ads integration and it was working perfectly in RedHat Linux 9.0. But Yesterday I changed that configuration as simple user level security. But my problem was when I run 'smbpasswd' command I am getting one error as 'Segmentation fault'. What I can do to trouble shoot this problem. Kindly reply me as soon as possible.. Thanks & Rgds Bensi Bose T.C. RHCE Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind: authenticating UNIX user before Win Domain user
On Wed, Nov 17, 2004 at 03:48:06PM -0500, Greg Chavez wrote: | We have a samba 3.0.7 server on RHEL-3 (rain) joined as a domain | member (security = domain) to a win2k pdc (clouds) for the domain DOM. | We have several unix users and two Win-only users. The unix users | have matching AD accounts on the win2k, but the Win-only users do not | have unix accounts (and we want to keep it that way). So, it seemed | that winbind would be the best way to bridge the gap: | | 1. UNIX users could access shares on the samba server in the same way | whether logged on to windows workstation or the samba server itself | 2. Files created on the shares would be controlled via permissions | for UNIX users and groups. | 3. Win users would not need to have UNIX accounts created, but could | access the samba shares as easily as the UNIX users. | 4. Home directories and profiles will be pulled from the samba server. | | It works well exept that winbind does not authenticate the UNIX users | as expected when they logon from Windows. I have the same requirement; except samba can't currently do this. See: http://lists.samba.org/archive/samba/2004-October/094981.html I implemented a "trim default domain" option and provided a patch in: http://www.dragoninc.on.ca/mail-archives/samba-technical/2004-10/0342.html (I would suggest the "canonical" mailing list URL http://lists.samba.org/archive/samba-technical/2004-October/037813.html except the mailing list archive software there borked the message.) The rest of the thread on samba-technical has more details. Cheers, Luke. pgpnGp4Ee55Cx.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A device attached to the system is not functioning
hi, i have this in my log file, after i have raise the log level. -- [2004/11/18 09:59:32, 0] lib/util_sock.c:get_peer_addr(952) getpeername failed. Error was Transport endpoint is not connected [2004/11/18 09:59:32, 0] lib/util_sock.c:write_socket_data(388) write_socket_data: write failure. Error = Connection reset by peer [2004/11/18 09:59:32, 0] lib/util_sock.c:write_socket(413) write_socket: Error writing 4 bytes to socket 17: ERRNO = Connection reset by peer [2004/11/18 09:59:32, 0] lib/util_sock.c:send_smb(605) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/18 09:59:32, 2] smbd/server.c:exit_server(558) Closing connections [2004/11/18 09:59:32, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/11/18 09:59:32, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/18 09:59:32, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/11/18 09:59:32, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/11/18 09:59:32, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/11/18 09:59:32, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/11/18 09:59:32, 3] smbd/server.c:exit_server(601) Server exit (process_smb: send_smb failed.) [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/11/18 09:59:32, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/18 09:59:32, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 99 -> S-1-5-21-3447136413-2320333403-873454024-1199 [2004/11/18 09:59:32, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: guest authentication for user [] succeeded [2004/11/18 09:59:32, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2004/11/18 09:59:32, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 [2004/11/18 09:59:32, 3] smbd/password.c:register_vuid(221) User name: nobodyReal name: nobody [2004/11/18 09:59:32, 3] smbd/password.c:register_vuid(240) UNIX uid 99 is UNIX user nobody, and will be vuid 100 [2004/11/18 09:59:32, 3] smbd/process.c:process_smb(890) Transaction 3 of length 80 [2004/11/18 09:59:32, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 8110) [2004/11/18 09:59:32, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/18 09:59:32, 3] smbd/service.c:make_connection_snum(543) Connect path is '/tmp' for service [IPC$] [2004/11/18 09:59:32, 3] lib/util_seaccess.c:se_access_check(251) [2004/11/18 09:59:32, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-3447136413-2320333403-873454024-501 se_access_check: also S-1-5-21-3447136413-2320333403-873454024-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3447136413-2320333403-873454024-1199 [2004/11/18 09:59:32, 3] smbd/vfs.c:vfs_init_default(203) Initialising default vfs hooks [2004/11/18 09:59:32, 3] lib/util_seaccess.c:se_access_check(251) [2004/11/18 09:59:32, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-3447136413-2320333403-873454024-501 se_access_check: also S-1-5-21-3447136413-2320333403-873454024-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-34471
[Samba] Migrating to Samba 3
Hi, I need to migrate my samba 2.xx PDC (without ldap) to a new machine running samba 3.07 with ldap backend. Can I follow the procedures as in migrating from NT to samba3 as shown in the documentations using commands like "net rpc vampire"? If not how should I do it? regards, melvin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS Winbind unable to join SuSe 9.1
Hi all, We are trying to add SuSe 9.1 file server to Windows Domain. Here is our configuration. Windows 2000 Active Directory SuSe 9.1 with Samba 3.0.8 When I try to add Linux file server to windows domain using net command, net command dies with segment fault message. While starting winbind process, it dies with segment fault error message. Here is my configuration files and error message on this problem. smb.conf: # Global parameters [global] workgroup = xyz realm = xyz.COM security = ADS map to guest = Bad User password server = 192.168.1.201 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No wins server = 192.168.1.201 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind separator = / winbind use default domain = Yes printer admin = @ntadmin, root, administrator [homes] comment = Home Directory valid users = xyz/%S read only = No browseable = No net as join -UAdministrator -d 10 command output = ads_try_connect: trying ldap server port 389 [2004/11/17 20:11:24, 3] libads/ldap.c:ads_connect(247) Connected to LDAP server 192.168.1.201 [2004/11/17 20:11:24, 3] libads/ldap.c:ads_server_info(2431) got ldap server name [EMAIL PROTECTED], using bind path: dc=XYZ,dc=COM [2004/11/17 20:11:24, 4] libads/ldap.c:ads_server_info(2437) time offset is -86 seconds [2004/11/17 20:11:24, 4] libads/sasl.c:ads_sasl_bind(447) Found SASL mechanism GSS-SPNEGO [2004/11/17 20:11:24, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2004/11/17 20:11:24, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2004/11/17 20:11:24, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2004/11/17 20:11:24, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2004/11/17 20:11:24, 3] libads/sasl.c:ads_sasl_spnego_bind(211) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] [2004/11/17 20:11:24, 3] libsmb/clikrb5.c:ads_krb5_mk_req(382) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) [2004/11/17 20:11:24, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(319) Ticket in ccache[MEMORY:net_ads] expiration Thu, 18 Nov 2004 06:09:58 GMT [2004/11/17 20:11:24, 10] libsmb/clikrb5.c:ads_krb5_mk_req(409) ads_krb5_mk_req: Ticket ([EMAIL PROTECTED]) in ccache (MEMORY:net_ads) is valid until: (Thu, 18 Nov 2004 06:09:58 GMT - 1100776198) [2004/11/17 20:11:24, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(511) Got KRB5 session key of length 16 [2004/11/17 20:11:24, 10] lib/util.c:name_to_fqdn(2506) name_to_fqdn: lookup for filesrv1 -> filesrv1.XYZ.com. [2004/11/17 20:11:24, 0] libads/ldap.c:ads_add_machine_acct(1366) ads_add_machine_acct: Host account for filesrv1 already exists - modifying old account [2004/11/17 20:11:24, 5] libads/ldap_utils.c:ads_do_search_retry(56) Search for (objectclass=*) gave 1 replies [2004/11/17 20:11:25, 3] libads/ldap.c:ads_workgroup_name(2526) Found alternate name 'XYZ' for realm 'XYZ.COM' net command strace output: = # strace -v -f -F -o /tmp/aa net ads join -UAdministrator 6418 fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=324, len=1}, 0xbfffe370) = 0 6418 fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=324, len=1}, 0xbfffe370) = 0 6418 fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=344, len=1}, 0xbfffe470) = 0 6418 fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=344, len=1}, 0xbfffe470) = 0 6418 time(NULL)= 1100740285 6418 fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=532, len=1}, 0xbfffe470) = 0 6418 fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=532, len=1}, 0xbfffe470) = 0 6418 fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=552, len=1}, 0xbfffe470) = 0 6418 fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=552, len=1}, 0xbfffe470) = 0 6418 getuid32()= 0 6418 geteuid32() = 0 6418 getgid32()= 0 6418 getegid32() = 0 6418 open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) 6418 getuid32()= 0 6418 geteuid32() = 0 6418 getgid32()= 0 6418 getegid32() = 0 6418 --- SIGSEGV (Segmentation fault) @ 0 (0) --- 6418 +++ killed by SIGSEGV +++ #tcpdump output: = 20:11:24.603653 IP (tos 0x0, ttl 64, id 52256, offset 0, flags [DF], length: 77) 172.68.1.53.32772 > 172.68.1.201.53:
Re: [Samba] A device attached to the system is not functioning
hi matt, this is the log file that i retrieve from /var/log/samba/log.machinename [2004/11/17 15:17:02, 0] lib/util_sock.c:get_peer_addr(952) getpeername failed. Error was Transport endpoint is not connected [2004/11/17 15:17:02, 0] lib/util_sock.c:write_socket_data(388) write_socket_data: write failure. Error = Connection reset by peer [2004/11/17 15:17:02, 0] lib/util_sock.c:write_socket(413) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2004/11/17 15:17:02, 0] lib/util_sock.c:send_smb(605) Error writing 4 bytes to client. -1. (Connection reset by peer) together i attached by smb.conf file. (actually i copied from a reference from internet) # Global parameters [global] workgroup = SHINYANG netbios name = SYPDC interfaces = 172.16.0.222 username map = /etc/samba/smbusers server string = Samba Server %v security = domain encrypt passwords = yes min passwd length = 3 #obey pam restriction = no ldap passwd sync = yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = STARTUP.BAT logon drive = H: logon home = logon path = domain logons = yes os level = 65 preferred master = yes domain master = yes wins support = yes passdb backend = ldapsam:ldap://127.0.0.1/ #ldap admin dn = cn=samba,ou=DSA,cn=root,dc=shinyang,dc=com,dc=my ldap admin dn = cn=root,dc=shinyang,dc=com,dc=my ldap suffix = cn=root,dc=shinyang,dc=com,dc=my ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=USers #ldap ssl = start tls add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = yes add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" # printers configuration printer admin = @"Print Operators" load printers = yes create mask = 0640 directory mask = 0750 nt acl support = no printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc/,/dev/,/etc/,/lib/,/lost+found,/initrd show add printer wizard = yes preserve case = yes short preserve case = yes case sensitive = no [homes] comment = Home directory %U, %u read only = no create mask = 0664 directory mask = 0775 browseable = no [netlogon] path = /home/samba/netlogon/ browseable = no read only = yes [doc] path = /usr/share/doc public = yes writable = no read only = no create mask = 0750 guest ok = yes [profiles] path = /home/samba/profiles read only = no create mask = 0600 directory mask = 0700 browseable = no guest ok = yes profile acls = yes csc policy = disable force user = %U valid users = %U @"Domain Admins" [printers] comment = Network Printers printer admin = @"Print Operators" guest ok = yes printable = yes path = /home/spool browseable = no read only = yes printable = yes print command = /usr/sbin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j [print$] path = /home/samba/printers guest ok = no browseable = yes read only = yes valid users = @"Print Operators" write list = @"Print Operators" create mask = 0664 directory mask = 0775 [public] comment = Public path = /home/public browseable = yes guest ok = yes read only = no directory mask = 0775 create mask = 0664 At this moment, all i can get the information from the linux box is as much. later on, i will repost a better log information from windows xp professional client in a much detail manner. pls enlight me, bcz i am really a newbie to samba. anyway, can a samba 3 susbtitute a windows NT PDC machines? thanks cheers, yenonn MaTT wrote: Hi, doesn't seems to be a samba related problem. did you check the logs?? anything there?? increase log level ?? check the XP event viewer regards MRB www.lionix.com Linux Hiu Yen Onn wrote: hi, i have a samba-ldap pdc. from the windows xp client. i hardly logon to the network. the windows popup a box stating "A device attached to the system is not functioning". .but however, i tested the account from windows 98. it worked perfectly. can someone give me some pointers? thanks -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Installing Samba 3.0.5 in Mac OSX 10.3.4 server
MAXTOR 300GB INTERNAL UATA 16MB CACHE $249 SEG/MAXTOR 300GB EXTERNAL COMBO USB2/FW400 $299 IPOD 20GB W/CLICK WHL--AM9282 LL/A--$299 GRIFFIN (1yr wty) IPOD Voice Recorder for Ipod - ITalk $32 Fm Transmitter for Ipod Mini - Itrip Mini $28 Fm Transmitter for 1G/2G Ipods - Itrip $28 Fm Transmitter for 3G/4G Ipods - Itrip2 $28 Auto Adapter - Powerpod$14 Cup Holder Insert for Ipod/Ipodmini - Podpod$7 SEG USB/USB2/FW/F8001-4950+ USB Bluetooth 100 Meters-SEGWRLBTBTD $29 $call FW800 3P PCI Card - SEGFWPCI800 $49 $call All of these products have been tested to work with Mac and PC APPLE IPOD ACCESSORIES1-4950+ SPECK (1yr wty) Mini Skin - Clear/Blue - SPIMST1C/1B$15$call Mini Skin 3pk - Clear/Blue/Green- SPIMST1T$22$call Mini ArmBand w/skin - SPIMSTAB1 $22$call Mini FlipStand - SPIMFS01$22$call Ipod Skin - Clear/Blue (3RAG)- SPIS1001/1001B$15$call Ipod Skin - Clear(4taG) - SPIS1004 $15$call Ipod Skin 3pk -3G Clear/Blue/Green - SPIS1003 $22$call Ipod FlipStand - SPFS1002 $22$call SPEAKERS1-4950+ ALTEC LANSING (1yr wty)Ipod InMotion Speakers $119$call CAJAS MACALLY ALUMINUM (1yr wty) 2.5² USB2 - PHR250A$25$call 2.5² USB2/FW - PHR250CC$45$call 3.5" FW - PHR100AF $45$call 3.5" USB2/FW - PHR100AC $55$call 3.5" F800/USB2 - PHR100ACB $95$call 5.25" USB2/FW - PHC500BC $55$call MACALLY (1yr wty) AC Adapter for new Powerbooks and Ibooks$33 GRIFFIN ADC to VGA Adapter - 4011-ADCV$24$call USB PERIPHERALS1-4950+ MACALLY (1yr wty) SPECIALS USB Optical Micro Mouse Bulk - Micro $9$call USB 7Port Hub (6 Caps)-110v/220v- IHub7$19$call USB Wireless Presentation Cont - KeyPoint$44$call Ibook Station - IceStation $13$call USB Mini Writing Tablet - IceCad $34$call USB2 128mb Flash Drive - FD128$49$call USB 1X Ext. Floppy - FDDUSB$31$call USB Airstick- Mjas $36$call USB Video Web Camera - IceCam$22$call USB Dot Mouse - DotMouse $12$call USB Ice Mouse - IceMouse$21$call USB Ice Mouse Jr - IceJr $20$call USB Ice Mouse Mini - IceMini $11$call USB Wireless Optical Mouse - RFMouse$31$call USB Wireless Optical Mini Mouse - RFMini $31$call USB Optical Micro Mouse Retail - Micro $25$call USB Optical Micro Mouse Bulk - Micro $9$call USB Optical Internet MouseJr Retail-IOptijr$22$call USB Optical Internet Mouse - IOptinet$24$call USB Mouse 1B (6 Caps) - ISweet$19$call USB2 Cardbus - PB G3 - UH-2226$35$call USB2 PCI Card 5P - UH2225 $21$call USB2 4P Hub (WH) - U2Hub $30$call USB2/FW 4P Hub (WH) - HubUF $42$call USB2 Hub Jr. (WH) - U2Hubjr$25$call USB Mini Hub USB2 - Hub2Mini$18$call USB 7Port Hub (6 Caps)-110v/220v- IHub7$19$call USB Ice Key - IceKey$39$call USB Ext KB (G4) -Eng - Ikey4$31$call KEYSPAN (1yr wty) USB1 PCI Card - UPCI2$18$call USB High Speed Serial - USA19HS$38$call Digital Media Remote - URM15A$38$call USB Twin Serial - USA28X$58$call USB Server - US4A$108$call GRIFFIN (1yr wty) Apple Pro Speaker adapter/Fw Amplifier-Ifire$28$call Laptop/Powerbook/Ibook Stand - Icurve$28$call USB Audio Interface - Imic $31$call USB to 1ADB Adapter- Imate$34$call SEG F800/F400/USB2 HARD DRIVES* SEG 200gb - SEG200F800F400U2 $239 * TRIPLE INTERFACE DVD-R+CDRW EXTERNO SEG108 Ext Kit - SEGPIO108 USB2FW $185 (external kit incl: Pioneer 108, EZDVD Creator , Toast Lite 5 and 6 , Retrospect, 1 CDR 52X media and 1 DVD+R 4X media) CDRW EXTERNO SEG 523252 Ext Kit-SEGLIT523252 USB2FW $95 (ext kit incl: Liteon 523252 CDRW, EZCD Creator, Toast Lite 5 , Retrospect & 1 CDR 52X media) 3.5² INT ATA HARD DRIVES1-4950+ 3.5² 7200RPM (1yr wty) Maxtor 160gb - uata133/8mb - 6Y160P0 $109$call Maxtor 200gb - uata133/8mb - 6Y200P0 $139$call 3.5" HD SERIAL ATA (SATA) G5 SEAGATE 3.5² 7200RPM (1yr wty) 120gb - ST3120026AS (inc serial cable) $99$call 160gb - ST3160827AS (inc serial cable) $119$call :-) Gracias Krismay Armas SEG COMPUTERS MAC ACCESORY CENTER 8200 NW 27 ST SUITE #112 DORAL,FL33122 PH: 305-592-1914 FX: 305-592-1915 E-mail: [EMAIL PROTECTED] E-Mail: [EMAIL PROTECTED] ICQ #273690539 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error with ACLs and follow symlinks=no
On Tue, Nov 16, 2004 at 04:07:15PM -0800, Tom Dickson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > We had 3.0.2a which worked fine. If you tried to open a file that the > ACLs wouldn't let you, you'd get access denied. We had follow > symlinks=no in smb.conf > > Now with 3.0.8, and no other changes, we get a message about "The file > has moved or otherwise gone away," instead of access denied. > > And we get this in the log file: > > [2004/11/16 15:57:25, 1] smbd/vfs.c:reduce_name(896) > ~ reduce_name: couldn't get realpath for B/* > > Changing follow symlinks=yes fixed it. Is this a bug? I'd like to use > ACLs and follow symlinks=no. Yep it's a bug. Try this patch. Jeremy. Index: smbd/vfs.c === --- smbd/vfs.c (revision 3814) +++ smbd/vfs.c (working copy) @@ -897,7 +897,8 @@ } default: DEBUG(1,("reduce_name: couldn't get realpath for %s\n", fname)); - errno = saved_errno; + /* Don't restore the saved errno. We need to return the error that + realpath caused here as it was not one of the cases we handle. JRA. */ return False; } } -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with shares accessible for not logged users - how?
Paul Gienger wrote: As I'm logged onto that workstation as an Administrator (Administrator of that PC, not logged into a domain), I get something like that into the logs - when I double click on a Server icon in a Network Neighbourhood: Sounds like you want to be dealing with the guest parameters. Just off the top of my head, you can try setting guest ok = yes, then you need a guest account to map the username to so that samba stays sane. You could try either setting up a guest and putting that into the guest account = directive or using any user that has permissions on the share. And of course make sure it's read only, which I believe you've already done. Tada! OK, so I added these two lines to the [global] section of smb.conf: guest account = dupa null passwords = yes and matched Administrator to this user dupa in smbusers: dupa = administrator and it works! Now I have to "reconfigure" it a bit, because Administrator is used for other purposes like joining domain here... :) Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind: authenticating UNIX user before Win Domain user
We have a samba 3.0.7 server on RHEL-3 (rain) joined as a domain member (security = domain) to a win2k pdc (clouds) for the domain DOM. We have several unix users and two Win-only users. The unix users have matching AD accounts on the win2k, but the Win-only users do not have unix accounts (and we want to keep it that way). So, it seemed that winbind would be the best way to bridge the gap: 1. UNIX users could access shares on the samba server in the same way whether logged on to windows workstation or the samba server itself 2. Files created on the shares would be controlled via permissions for UNIX users and groups. 3. Win users would not need to have UNIX accounts created, but could access the samba shares as easily as the UNIX users. 4. Home directories and profiles will be pulled from the samba server. It works well exept that winbind does not authenticate the UNIX users as expected when they logon from Windows. For example: from Windows workstation, I log on as "gchavez". There is a UNIX user on the samba server "gchavez" which I expect winbind to authenticate against when I try to access the samba shares. This does not happen. Instead, winbind authenticates against the win2k server with my Win account, DOM+gchavez, and things don't work (although it does manage to map my home directory correctly). Consequently, I come in with Windows group permissions (DOM+Domain Users) and cannot access the shares protected with UNIX group permissions. I am trying to keep this message short, but these command line vitals should tell the rest of the story. shell> tesparm -sv [global] workgroup = DOM security = DOMAIN passdb backend = tdbsam username map = /etc/samba/smbusers log level = 2 client use spnego = No preferred master = No local master = No domain master = No idmap uid = 1-2 idmap gid = 1-2 winbind separator = + valid users = +users, "DOM+Domain Users" force group = +users read only = No create mask = 0660 directory mask = 01770 [homes] comment = "DOM Home Directories" path = /usera/home/%U/winhome create mask = 0600 directory mask = 0740 browseable = No [docs] comment = "Product Documentation - full access" path = /usera/docs [programs] comment = "Shared Programs - full access" path = /usera/programs [backups] comment = "Backups" path = /usera/backups [projects] comment = "Project Files - full access" path = /usera/projects [proj_psc] comment = "PSC Project - restricted" path = /usera/projects/psc valid users = +psc force group = +psc shell> getent passwd | grep gchavez gchavez:x:503:503:Greg Chavez:/home/gchavez:/bin/bash DOM+gchavez:x:10007:1:Greg Chavez:/home/OSDS/gchavez:/bin/false ** this happens when I try to access my homes share from windows, the shares are chmod'd with full permission so I can get in *** shell> tail /var/log/samba/smb.log [2004/11/17 15:09:12, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [gchavez] -> [gchavez] -> [DOM+gchavez] succeeded [2004/11/17 15:09:14, 2] smbd/uid.c:change_to_user(202) change_to_user: SMB user (unix user nobody, vuid 101) not permitted access to share IPC$. [2004/11/17 15:09:14, 0] smbd/service.c:make_connection_snum(570) Can't become connected user! [2004/11/17 15:09:14, 1] smbd/service.c:make_connection_snum(648) sunfish (xx.93.106.16) connect to service gchavez initially as user DOM+gchavez (uid=10007, gid=1) (pid 3312) # net groupmap list | grep users Domain Users (S-1-5-21-1316288518-2476102628-626236970-513) -> users # grep winbind /etc/nsswitch.conf passwd: files winbind group: files winbind Thanks --Greg Chavez -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with shares accessible for not logged users - how?
As I'm logged onto that workstation as an Administrator (Administrator of that PC, not logged into a domain), I get something like that into the logs - when I double click on a Server icon in a Network Neighbourhood: Sounds like you want to be dealing with the guest parameters. Just off the top of my head, you can try setting guest ok = yes, then you need a guest account to map the username to so that samba stays sane. You could try either setting up a guest and putting that into the guest account = directive or using any user that has permissions on the share. And of course make sure it's read only, which I believe you've already done. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with shares accessible for not logged users - how?
Paul Gienger wrote: this directory shouldn't be writable, so I have it now like that: [wpkg] comment = Windows Packager path = /home/samba/wpkg read only = yes browseable = yes valid users = nobody, unattended, guest guest ok = Yes public = Yes but as the server is a domain controller, it prompts for a username/password even if I just click on its icon (from win2k workstation). Most likely it's prompting you for a user/pass because you're not coming in as a valid user for the server. Indeed it's the case. But I want every user to be able to browse this share - but this is not possible as it seems that to access this share I have to access server first (as a valid user). As I'm logged onto that workstation as an Administrator (Administrator of that PC, not logged into a domain), I get something like that into the logs - when I double click on a Server icon in a Network Neighbourhood: check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/11/17 21:05:57, 3] auth/auth.c:check_ntlm_password(222) (...) check_ntlm_password: Authentication for user [Administrator] -> [root] FAILED with error NT_STATUS_WRONG_PASSWORD If I try to access it from Explorer like \\server\myshare - Windows complains that there is no such object (?), with Samba logs similar to above. What do you mean by "force user"? Force user means, in a nutshell: Make it look like I'm this guy, where thisguy is the user named in the force user line. You still need to be a valid authenticated user before going to said share. From the man page: So this is rather useful for me, right (as I have to still supply password). Any more hints? Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with shares accessible for not logged users - how?
this directory shouldn't be writable, so I have it now like that: [wpkg] comment = Windows Packager path = /home/samba/wpkg read only = yes browseable = yes valid users = nobody, unattended, guest guest ok = Yes public = Yes but as the server is a domain controller, it prompts for a username/password even if I just click on its icon (from win2k workstation). Most likely it's prompting you for a user/pass because you're not coming in as a valid user for the server. This workstation already has a machine account. Doesn't really matter for simple file access. Does matter for logging into the domain from said machine. What do you mean by "force user"? Force user means, in a nutshell: Make it look like I'm this guy, where thisguy is the user named in the force user line. You still need to be a valid authenticated user before going to said share. From the man page: This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems. This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed as the "forced user", no matter what username the client connected as. This can be very useful. In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the primary group for all file activity. Prior to 2.0.5 the primary group was left as the primary group of the connecting user (this was a bug). Any more hints? Tomek -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] More compile problems with Samba 3.0.8a...
Thank for your help everyone! I did get Samba compiled and upgraded and running fine on my test machine. I plan on upgrading production this evening (still running the sunfreeware.com package of 3.0.2a) to 3.0.8a tonight. Problem is I have compile errors on one machine. The other two have worked fine. The one that is having problems is a Solaris 8 machine. The error when compiling is: bash-2.03# make Using FLAGS = -O -I./popt -Iinclude -I/f1/kls/samba/samba-3.0.8/source/include -I/f1/kls/samba/samba-3.0.8/source/ubiqx -I/f1/kls/samba/samba-3.0.8/source/smbwrapper -I. -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 -I/f1/kls/samba/samba-3.0.8/source LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -ldl LDSHFLAGS = -G -lthread LDFLAGS = -lthread Compiling dynconfig.c Compiling smbd/vfs.c Compiling passdb/pdb_interface.c Compiling lib/iconv.c Compiling auth/auth.c Compiling smbd/build_options.c Compiling smbd/server.c Linking bin/smbd /usr/ccs/bin/ld: illegal option -- E Probably something simple. I did the configure with the option of --with-included-popt so I would not have to set the LD_Library_Path in the startup script. Please help! Thanks in advance! ~Kevin == Kevin L. Statz University of Chicago Press Unix Systems Administration 773-702-7651 == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with shares accessible for not logged users - how?
MaTT wrote: Tomek, did you checked if using force user, and setting read only=no, and having a machine account in the samba for the machine where the program runs, work? just guessing! this directory shouldn't be writable, so I have it now like that: [wpkg] comment = Windows Packager path = /home/samba/wpkg read only = yes browseable = yes valid users = nobody, unattended, guest guest ok = Yes public = Yes but as the server is a domain controller, it prompts for a username/password even if I just click on its icon (from win2k workstation). This workstation already has a machine account. What do you mean by "force user"? Any more hints? Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can join domain; can't logon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i am having a similar problem when using samba 3.0.7 and LDAP. i get the same error message, but on random machines at random times. for instance, my (other) workstation was working just fine. i rebooted and was unable to log back into the domain (same error you were having). ~ it was working just a few minutes earlier. nothing had changed on the entry in LDAP at all, but to be sure, i removed the LDAP entry, and added it back again. i still was unable to log in. so, i logged in locally as myself, changed my settings from using a domain to using a workgroup (same name). when i was welcomed to the workgroup, i went back in and changed it back to domain. i used the administrator username/password to add the machine back to the domain, logged out and back into the domain, and it's been fine ever since. i did have this problem spring up on two more computers today. they were working fine, then *poof*. everything has been working fine for over a month, then these things started happening. so any help you or anyone else reading this may be able to provide would be greatly appreciated (i know that Daniel Gapinski on this list is having the same problem as well, but non-LDAP). regards, nb Chris St. Pierre thus spake on 10/05/2004 11:24 AM: | I had a problem similar to my current one a week or so ago, and I was | encouraged to upgrade from Samba 2.2.9 to 3.0.7, which I did. Now | that I've completed that nightmare, the problem I initially set out to | fix is still there, just different. Namely: | | I am trying to set up Samba 3.0.7 on a SuSE 9.1 box as an LDAP PDC | whose only job will be authentication. Our LDAP server is on a | separate box. I can join the domain just fine, but when I try to | login via Windows, I get the following error: | | "The system cannot log you on to this domain because the system's | computer account in its primary domain is missing or the password on | that account is incorrect." | | I suspected that neither of these were the case, as I created the | account with idealx's smbldap-tools. I verified that the account is | there with ldapsearch. Last time I had this problem, Samba wasn't | even communicating with LDAP, but this time it is. When I try to | login, here's what the LDAP logs show: | | [05/Oct/2004:10:03:52 -0500] conn=53576 op=7 SRCH | base="o=nebrwesleyan.edu,o=isp" scope=2 | filter="(&(uid=GUINEA-PIG$)(objectClass=sambaSamAccount))" attrs="uid | uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange | sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn | displayName sambaHomeDrive sambaHomePath sambaLogonScript | sambaProfilePath description sambaUserWorkstations sambaSID | sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName | objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount | sambabadpasswordtime sambapasswordhistory modifyTimestamp | sambalogonhours modifyTimestamp" | [05/Oct/2004:10:03:52 -0500] conn=53576 op=8 SRCH | base="o=nebrwesleyan.edu,o=isp" scope=2 | filter="(&(uid=GUINEA-PIG$)(objectClass=sambaSamAccount))" attrs="uid | uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange | sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn | displayName sambaHomeDrive sambaHomePath sambaLogonScript | sambaProfilePath description sambaUserWorkstations sambaSID | sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName | objectClass sambaAcctFlags sambamungeddial sambabadpasswordcount | sambabadpasswordtime sambapasswordhistory modifyTimestamp | sambalogonhours modifyTimestamp" | | It searches twice for the machine trust account, which I've verified | exists. The only thing I can think of is that not all of the | attributes it's asking for exist. (In fact, a lot of them don't.) As | you can see in the attached nmbd log, though, Samba doesn't show any | obvious errors. I've also included my smb.conf (with some changes to | protect my server's innocence). Any ideas are greatly appreciated. | Thanks. | | Chris St. Pierre | Unix Systems Administrator | Nebraska Wesleyan University | 402.465.7549 | | | | | [global] | server string = test | workgroup = NWU_TEST | netbios name = TESTERATOR | | log level = 1 | encrypt passwords = yes | max smbd processes = 0 | socket options = TCP_NODELAY | | add machine script = /usr/local/sbin/smbldap-useradd -w '%u' | | logon script = scripts\logon.bat | logon path = \\%L\profiles\%U | | domain logons = yes | local master = yes | preferred master = yes | wins server = 10.9.1.12 | security = user | | passdb backend = ldapsam:ldap://server.nebrwesleyan.edu | ldap suffix = o=nebrwesleyan,o=edu | ldap machine suffix = ou=Machines | ldap user suffix = ou=People | ldap group suffix = ou=Groups | ldap filter = (uid=%u) | ldap admin dn = cn=foo | ldap ssl = no | | idmap uid = 1-2 | idmap gid = 1
Re: [Samba] Intermittent failed logon for one computer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi Dan, i too am having the same problems with 3.0.7. things have been functioning fine for over a month when my (other) workstation gave me the same error. my only difference is i am using LDAP to store all the ~ information. zero changes had been made to my workstation's LDAP entry when this happened. i logged in as myself locally (instead of domain logon), changed network settings from domain to workgroup (i kept the same name). once i was welcomed to the workgroup, i went back in and changed it back to domain. i then used the admin username/password to add myself back to the domain. i have had no problems with my workstation since then. i thought it might be some random occurance until two other people had the same problem today. so, like you i am on a quest for answers. i will certainly let you know if/when i figure out what is going on. so to those reading this, any ideas/suggestions would be most welcome. regards, nb P.S. - i am not running ncsd, i don't even have it installed. Daniel Gapinski thus spake on 10/18/2004 11:32 AM: | Hello, | | We have been using Samba 3.0.7 for almost a month now, and today marks | the second time that I see a machine (one out of twelve on our network" | that gives this error when I log in: | | "The system cannot log you on to this domain because the system's | computer account in its primary domain is missing or the password on | that account is incorrect." | | Last time this happened, I thought it might be a problem with that | computer needing to be removed and then rejoined to the domain, which | didn't work (the user still was not able to log on), and then half an | hour later, the user could log on again. | | Can anybody tell me what might be wrong - on other posts it looks like a | problem with the guest account (nobody), but specifying the nobody | account as guest doesn't seem to help (though I did check to make sure | that a nobody account in fact existed). | | I should mention that the 2 computers that had this problem are on a | subnet (192.168.1.0). I am sending my smb.conf as a post script. Thanks | for your help!!! | | My best, | Dan Gapinski | | [global] | ; | ;+ Server Settings + | ; | workgroup = QUASAR | netbios name = Jupiter | server string = QSI Office Server %v | hosts allow = 192.168.1. 192.168.0. 192.168.2. 192.168.3. 192.168.4. | 127.0.0.1 | log level = 2 | log file = /var/log/samba/%m.log | max log size = 0 | time server = yes | | ; | ;+ Domain Settings + | ; | os level = 35 | domain logons = yes | | ; | ;+ Browse Settings + | ; | domain master = yes | local master = yes | preferred master = yes | remote browse sync = 192.168.1.255 192.168.2.255 192.168.3.255 | 192.168.4.255 | remote announce = 192.168.1.255 192.168.2.255 192.168.3.255 | 192.168.4.255 | | ; | ;+ WINS Settings + | ; | wins support = yes | guest ok = yes | dns proxy = no | | ; | ;+ User and Security Settings + | ; | logon drive = z: | logon home = | logon path = | encrypt passwords = yes | smb passwd file = /etc/samba/smbpasswd | username map = /etc/samba/smbusers | min password length = 3 | guest account = nobody | | ;++ | ;+ added 10-Sep-2003 for file server support + | ;++ | # admin users = @public | nt acl support = yes | security mask = 0777 | force security mode = 0 | directory security mask = 0777 | force directory security mode = 0 | | ;++ | ;+ Management Scripts + | ;++ | add user script = /usr/sbin/useradd -m %u | delete user script = /usr/sbin/userdel -r %u | add group script = /usr/sbin/groupadd %g | delete group script = /usr/sbin/groupdel %g | add user to group script = /usr/sbin/usermod -G %g %u | add machine script = /usr/sbin/useradd -d /dev/null -g machines -s | /bin/false -M %u | | ;++ | ;+ Logon Scripts + | ;++ | # NOTE: SAMBA CAN ONLY RUN ONE SCRIPT AT A TIME! | # run a general logon batch file for everyone | logon script = logon.bat | # run a specific logon batch file per workstation (machine) | #logon script = %m.bat | # run a specific logon batch file per username | #logon script = %U.bat | | ;++ | ;+ General Share Settings + | ;++ | preserve case = yes | short preserve case = no | default case = lower | case sensitive = no | | (then the share settings...) - -- Nathan Benson http://sourcefire.com/ 1C1A F2C1 82AD F75F 9B6B E501 0D73 DC9B E96B DD96 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBm6TEDXPcm+lr3ZYRAjaoAJ0RTBM6
Re: [Samba] authentication against win2k3 server
OK, I've tried to get a kerberos ticket, without success. I generated the w2k3 keytab, then integrated into the freebsd machine via the ktutil command. I tried to use the kinit [EMAIL PROTECTED] but got this error: secureschool# kinit [EMAIL PROTECTED] FreeBSD Inc. (freebsd.newdomain.com) Kerberos Initialization for "[EMAIL PROTECTED]" Password: kinit: Can't send request (send_to_kdc) Here's the krb5.conf file: [libdefaults] default_realm = DOMAIN.LOCAL default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 default_keytab-name = FILE:/usr/src/crypto/heimdal/freebsd_mchine.keytab clockskew = 300 [realms] ANDLESS.LOCAL = { kdc= WIN2K3.DOMAIN.LOCAL admin_server = WIN2K3.DOMAIN.LOCAL default_domain = DOMAIN.LOCAL } [domain_realm] .DOMAIN.LOCAL = DOMAIN.LOCAL The one thing I noticied is I do not have a krb5.conf in /etc or anywhere else on my system. Should thisfile be there already, or do I have to manually create it? Thanks for the help! Carissa Srugis On Tue, 16 Nov 2004 13:29:20 -0800, Tom Skeren <[EMAIL PROTECTED]> wrote: > Carissa Srugis wrote: > > >I've been trying to setup Samba to authenticate users against accounts > >existing on a Windows 2003 Server without any backwards capability. > >Ideally, this needs to be done without any changes to the Windows 2003 > >Server. Users will not be logging into the Samba shares at all. This > >is merely for authentication. > > > > > OK, well, try getting a kerberos ticket first. > > kinit [EMAIL PROTECTED] > If you get a valid ticket, you can just do net ads join -U > Administrator, no need for pw. > > If no kerberos ticket, then you've got a krb5.conf issue. > > Heimdal requires these lines: > > default_etypes = des-cbc-crc des-cbc-md5 > default_etypes_des = des-cbc-crc des-cbc-md5 > > You also might need to have the w2k3 generate a keytab for you. If so you > need this line as well. > > default_keytab-name = FILE:/etc/krb5.keytab > > > > > >I'm running FreeBSD 4.10-Relase #4 with Samba 3.0.8. > > > >This is my smb.conf file: > >[global] > > realm = WIN2K3.DOMAIN.LOCAL > > security = ads > > auth methods = winbind > > winbind separator = + > > encrypt passwords = yes > > workgroup = DOMAIN.LOCAL > > netbios name = FREEBSD_Machine > > winbind uid = 1-2 > > winbind gid = 1-2 > > winbind enum users = yes > > winbind enum groups = yes > > idmap uid = 1-2 > > idmap gid = 1-2 > > password server = WIN2K3.DOMAIN.LOCAL > > > >So once winbindd is running, I type the following and get these results: > > > >freebsd_machine# net ads join member -I 192.168.0.1 -U administrator > >administrator's password: *password* > >[2004/11/16 14:27:06, 0] libsmb/nmblib.c:send_udp(793) > > Packet send failed to 127.255.255.255(137) ERRNO=Permission denied > >[2004/11/16 14:27:07, 0] libsmb/nmblib.c:send_udp(793) > > Packet send failed to 127.255.255.255(137) ERRNO=Permission denied > >[2004/11/16 14:27:07, 0] utils/net_ads.c:ads_startup(186) > > ads_connect: Permission denied > > > >In the winbindd log I've also gotten the following error messages at > >one point or another: > > > >Could not fetch sid for our domain WIN2K3.DOMAIN.LOCAL > >Packet send failed to 127.255.255.255(137) ERRNO=Permission denied > >ads_connect for domain WIN2K3.DOMAIN.LOCAL failed: Permission denied > >get_trust_pw: could not fetch trust account password for my domain > >DOMAIN.LOCAL > > > >The odd part is when I try to use wbinfo to verify connections. If I > >type "wbinfo -g" it will display the correct group listing from the > >win2k3 server. But nothing else seems to work: > > > >freebsd_machine# wbinfo -t > >checking the trust secret via RPC calls failed > >error code was NT_STATUS_INTERNAL_ERROR (0xc0e5) > >Could not check secret > > > >freebsd_machine# wbinfo -u > >Error looking up domain users > > > >freebsd_machine# wbinfo --domain-info=DOMAIN.LOCAL > >Name : WIN2K3.DOMAIN.LOCAL > >Alt_Name : DOMAIN.LOCAL > >SID : S-0-0 > >Active Directory : No > >Native: No > >Primary : Yes > >Sequence : -1 > > > >I'm obviously missing something, but I am at a loss. Any help is > >greatly appreciated! > > > >Carissa Srugis > > > > > > > > > > -- * Carissa Srugis [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] fix for libldap configure error when using openldap on FreeBSD
i have seen several reports of the following problem: ./configure --with-ldap --with-krb5=/usr/heimdal --with-ads --config-cache --with-pam [snip] checking for LDAP support... yes checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... yes checking for ldap_init in -lldap... no checking for ldap_domain2hostlist... no checking for ldap_set_rebind_proc... no checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no configure: error: libldap is needed for LDAP support despite libldap being present and correct. in my case (FreeBSD 5.2.1), this turned out to be a crypto library problem as well as the more obvious path issues, and the fix is: CFLAGS=-I/usr/local/include CPPFLAGS=-I/usr/local/include LDFLAGS="-lcrypto -L/usr/local/lib" ./configure --with-ldap --with-krb5=/usr/heimdal --with-ads --config-cache --with-pam hope this is useful to someone somewhere... :) please note that i'm not subbed to this list, so copy me in on any replies if you want me to see them. cheers, Adam -- Adam Laurie Tel: +44 (20) 7605 7000 The Bunker Secure Hosting Ltd. Fax: +44 (20) 7605 7099 Shepherds Building http://www.thebunker.net Rockley Road London W14 0DA mailto:[EMAIL PROTECTED] UNITED KINGDOM PGP key on keyservers -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with shares accessible for not logged users - how?
Tomek, did you checked if using force user, and setting read only=no, and having a machine account in the samba for the machine where the program runs, work? just guessing! MRB http://www.lionix.com Linux Tomasz Chmielewski wrote: Hello, Is it possible to create a share on a Samba PDC, which would be accessible for everybody, evyn for users who didn't join / log into the domain? I have a program which starts as a service, and keeps its settings on a central server (for all machines); but the authors of that program didn't think that some servers are password-protected (or are domains)... Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] iplanet ldap and samba
Is there a good how-to on getting samba to work with Iplanet LDAP ? I already installed it and started configuring from bits and pieces I could find with google, but there're still many things missing. I also found a posting that said samba schema for Iplanet5 shipped with Samba 3.0.8 isn't up to date. What would need to be changed ? Basically I'm looking for a complete walkthrough, modify/import schema, settings, users to create, etc... also, is it at all possible to get Samba users authenticated via LDAP or PAM without having any lm, SSID and other attributes, basically relying only on successful LDAP bind or PAM success ? thank you -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: SOLVED: More Printing Fun (Point and print not working)
Ok, last night I was able to do some work after the trolls, er, users went home. 1) printer admin= is set in the [global] section. 2) restarted samba. Same problem. 3) stopped samba. got rid of all printing related tdb files. started samba. made no other changes. was able to add drivers to the print$ share. All this was done remotely, so I couldn't verify that the printers were actually printing, so I came in a little early and saw that they were. So, I'm guessing I had another corrupt tdb file, probably from screwing around so much trying to get the slow-print issue fixed. (In case anyone missed that, my vendor issued a new driver for their printer that sped up printing. It's still a little slow, but it's much, much better than it was.) Now if I can just fix the "printer on x.x.x.x" instead of "printer on " problem. But that's cosmetic and I don't care at this point. 3.0.8 will probably fix it anyway. :) Thanks, everyone, for your help. --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC with shares accessible for not logged users - how?
Hello, Is it possible to create a share on a Samba PDC, which would be accessible for everybody, evyn for users who didn't join / log into the domain? I have a program which starts as a service, and keeps its settings on a central server (for all machines); but the authors of that program didn't think that some servers are password-protected (or are domains)... Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problem running kde
On Wed, Nov 17, 2004 at 07:11:26PM +0100, Tilo Lutz wrote: > > > If you're pointing it at a Samba server then get a debug level 10 log > > with timestamps so you can tell what is going on on the wire. > > > > It might be easier for test purposes to set up a loopback mount onto > > the same machine to ensure time sync. > > Thank you for aour support. It's not directly a samba problem > but how can I debug the cifs kernel module and kde itself? > > Is there any way to start an application, kde in my case, with another > programm wich logs every filesystem access? strace would do it. But what I'm saying is that logging cifsfs and Samba will tell you exactly what filesystem calls are being made, and what is being failed. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problem running kde
Hi > On Wed, Nov 17, 2004 at 11:40:19AM +0100, Tilo Lutz wrote: > > I've tried out the registry patch. I'm now able to run kde > > applications like konqueror. But I can't start the kde display-manager > > via startx oder kdm. Startup still hangs. Jeremy wrote: > If you're pointing it at a Samba server then get a debug level 10 log > with timestamps so you can tell what is going on on the wire. > > It might be easier for test purposes to set up a loopback mount onto > the same machine to ensure time sync. Thank you for aour support. It's not directly a samba problem but how can I debug the cifs kernel module and kde itself? Is there any way to start an application, kde in my case, with another programm wich logs every filesystem access? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [samba] create account that can join machines but not admin access on domain
daniel, increase the log level and check if the information provided give any help MRB http://www.lionix.com Linux Daniel Wilson wrote: MaTT wrote: Hi Daniel... this is from the Samba Docs... will help One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him root access. How can we do this? Users who are members of the Domain Admins group can add machines to the Domain. This group is mapped to the UNIX group account called root (or equivalent on wheel on some UNIX systems) that has a GID of 0. This must be the primary GID of the account of the user who is a member of the Windows Domain Admins account. MRB http://www.lionix.com Linux Daniel Wilson wrote: hi list, im using samba 3.0.8 with LDAP, To add a machine to the domain i currently use the administrator account (which has uidNumber=0), which means this account has automatic root on all of the shares (my shares arnt using samba, im using NetApps Filers, which have been configured to authenticate via samba), when we roll this project out accross the university (approx 50,000 users) we want the technicians in each school to be able to add machines to the domain but not get root/admin access to all the shares. So my question is, Can you create an account that can add machines to the domain but doesnt get root/admin priveldges on all the shares/domain (as the would conflict with human rights issues etc...) Regards ive tried to set GID to 0 to an account, but i get unkwon username or password error when i try to add it, if i use administrtor adding is successful! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problem running kde
On Wed, Nov 17, 2004 at 11:40:19AM +0100, Tilo Lutz wrote: > Hi > > > We use the exact same setup as you. We found NFS too insecure for our > > tastes aswell. > > Here are our experiences with it: > > http://lists.samba.org/archive/linux-cifs-client/2004-November/000477.html > > ( http://tinyurl.com/55ofl ) > > and: > > http://lists.samba.org/archive/linux-cifs-client/2004-November/000485.html > > ( http://tinyurl.com/6wfc5 ) > > > > I haven't gotten gotten around to testing the kernel-patch yet but my > > buddy said kde works properly now. > > I've tried out the registry patch. I'm now able to run kde > applications like konqueror. But I can't start the kde display-manager > via startx oder kdm. Startup still hangs. If you're pointing it at a Samba server then get a debug level 10 log with timestamps so you can tell what is going on on the wire. It might be easier for test purposes to set up a loopback mount onto the same machine to ensure time sync. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Transfer winbind idmap to LDAP
Le sam 13/11/2004 à 12:36, Paul Coray a écrit : > Marcel de Riedmatten wrote: > > Le mer 10/11/2004 à 11:21, Paul Coray a écrit : > > > > > > 1) get the winbind-idmap in text form with a getent passwd for example > > I did that with # net idmap dump winbindd_idmap.tdb > > /tmp/winbindd_idmap.dump on the member server. the resulting file looks > like: > > ... > UID 10013 S-1-5-21-98201057-1281969052-1085559986-1608 > UID 10202 S-1-5-21-98201057-1281969052-1085559986-1436 > UID 10138 S-1-5-21-98201057-1281969052-1085559986-1011 > UID 10105 S-1-5-21-98201057-1281969052-1085559986-1418 > UID 10067 S-1-5-21-98201057-1281969052-1085559986-1137 > ... Actualy you want this information on the following form UIDName:x:UIDNumber:GIDNumber This is because smbldap-useradd doesn't know about SID. The vampire use it only for the posix part of the account. Again a getent passwd with the unusefull line removed will do the trick. > > > > 3) hack the script defined under "user add script" who will be adding > > the users to use the information of 1). With the ldap backend this is > > usually smbldap-useradd . > > Well, I'd like to, but my knowledge of Perl is still too limited :-( So > if any body can help, I think I'm not the only one who would appreciate > highly! Another way would be to modify the IDs of each user and Group in > LDAP after the vampire process. I have had an other idea. You can just populate the posix account before running the vampire according to the data you got under 1). The vampire check if the account exist and if it exist smbldap-useradd is not called. You can populate with the following script: #!/bin/bash USERADD="/usr/local/sbin/smbldap-useradd" while read STRING ; do #echo $STRING UIDName=$(echo $STRING | cut -d : -f1) UIDNumber=$(echo $STRING | cut -d : -f3) GIDNumber=$(echo $STRING | cut -d : -f4) echo "Creating Account: $UIDName $UIDNumber $GIDNumber " $USERADD -u $UIDNumber -g $GIDNumber $UIDName done call it populate.sh and do # ./populate.sh < myaccountlistfile Depending of your data you might need something similar for your groups. Cheers -- Marcel de Riedmatten signature.asc Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with joining Active Server Domain
I have built samba 3.0.8 with ADS support. From the Solaris 9 end it appeared to join the active directory server domain OK. However when I look using Windows Explorer on the ADS (Windows 2003) machine it appears as Samba 3.0.8 server under WORKGROUP, and I cannot access the shares. I am using the MIT kerberos. The Howto guide on page 74 is a bit ambiguous. I read it to say that if you are you are using Heimdel it must be a release later than 0.6. A colleague took it to read that you must use Heimdal rather than MIT for Windows 2003. Is this the problem or is it something else. Any advice welcomed. /usr/local/samba/bin/net ads join -U Administrator Administrator's password: [2004/11/17 17:03:53, 0] libads/ldap.c:(1366) ads_add_machine_acct: Host account for pike already exists - modifying old account Using short domain name -- ASTTEST Joined 'PIKE' to realm 'ASTTEST.LOCAL' The relevant parts of the /etc/krb5.conf file are as follows: [libdefaults] default_realm = astest.local [realms] astest.local = { kdc = eng-test.astest.local } [domain_realm] .kerberos.server = astest.local And smb.conf : # Global parameters [global] workgroup = ASTTEST realm = ASTTEST.LOCAL security = ADS password server = eng-test.asttest.local username map = /etc/samba/usermap.txt log level = 1 log file = /var/log/samba socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No os level = 0 dns proxy = No idmap uid = 15000-2 idmap gid = 15000-2 read only = No create mask = 0775 directory mask = 0775 [mds0650] --- David Evans-Roberts [EMAIL PROTECTED] Systems Administrator HR Wallingford ** HR Wallingford uses Faxes and Emails for confidential and legally privileged business communications. They do not of themselves create legal commitments. Disclosure to parties other than addressees requires our specific consent. We are not liable for unauthorised disclosures nor reliance upon them. If you have received this message in error please advise us immediately and destroy all copies of it. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Program for encrypt passwords
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 check out the perl module Crypt::SmbHash, you can find it on CPAN. i hope this helps. nb Francisco Cano Entrena thus spake on 11/10/2004 06:06 AM: | Hello! | At the University of Granada (Spain) we use a Samba Server for aprox. 1000 | users and runs ok. | But (there's always a but) we need to know how encript password for the | smbpasswd file. I know that we can use the smbpasswd program but we need get | the encrypted password in the stdout. Has someone a program than does this?? | | TIA. | | _ | / __/ / _/ / _/ |/ /___ / // /___ Francisco Cano Entrena | / ___// // /Serv. Informática, Univ. Granada | / // /_ / /_ E-mail: [EMAIL PROTECTED] | /_//___/ /___/ Tlf: + 34 58 241010 Ext. 31081 Fax: 244221 | - -- Nathan Benson http://sourcefire.com/ 1C1A F2C1 82AD F75F 9B6B E501 0D73 DC9B E96B DD96 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBm4TKDXPcm+lr3ZYRAn08AKCDwouw2946jkn5BZzdrhQqS8EsCgCgpOsu FS9oSAnaGC8cfRUEysdAzDY= =z8xx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [samba] create account that can join machines but not admin access on domain
MaTT wrote: Hi Daniel... this is from the Samba Docs... will help One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him root access. How can we do this? Users who are members of the Domain Admins group can add machines to the Domain. This group is mapped to the UNIX group account called root (or equivalent on wheel on some UNIX systems) that has a GID of 0. This must be the primary GID of the account of the user who is a member of the Windows Domain Admins account. MRB http://www.lionix.com Linux Daniel Wilson wrote: hi list, im using samba 3.0.8 with LDAP, To add a machine to the domain i currently use the administrator account (which has uidNumber=0), which means this account has automatic root on all of the shares (my shares arnt using samba, im using NetApps Filers, which have been configured to authenticate via samba), when we roll this project out accross the university (approx 50,000 users) we want the technicians in each school to be able to add machines to the domain but not get root/admin access to all the shares. So my question is, Can you create an account that can add machines to the domain but doesnt get root/admin priveldges on all the shares/domain (as the would conflict with human rights issues etc...) Regards ive tried to set GID to 0 to an account, but i get unkwon username or password error when i try to add it, if i use administrtor adding is successful! -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating NT4 Domain with Idealx tools
On Wed, Nov 17, 2004 at 05:37:02PM +0100, Marcel de Riedmatten wrote: > > nss_base_passwd ou=Users,dc=mydomain,dc=ch > > nss_base_passwd ou=Computers,dc=mydomain,dc=ch > > nss_base_group ou=Groups,dc=mydomain,dc=ch > > I am not sure. I just don't specify nss_base_passwd ie i just > defined Yes, this is possible since nss_ldap-204: 204 Luke Howard <[EMAIL PROTECTED]> * Linux netgroup implementation from Larry Lile --> * Multiple service search descriptor support from Symas * IPv6 patch from Thorsten Kukuk at SuSE -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.7 problems with LDAP groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I just upgraded samba to 3.0.7 from 3.0.4, and am now having trouble with my groups. I used to be able to log into a windows machine and request a share that I didn't have access to, and it would then ask me for a username/password to connect to the share (as it should). I would then add myself (or whatever user) to the proper LDAP group entry that was responsible for that share. I would then try the share again and it would either let me right in, or prompt me for the username and password. If I got prompted, I entered my username/password, and I was given access to the share. Now my problem is that since upgrading to 3.0.7, this is no longer the case. I have to log out and log back in for me to gain access to the share. So, it seems that samba is caching the groups I belong to when I log in, and not querying the LDAP server again when I provide credentials when prompted. I am sure that is is probably something trivial that I am missing, but I am indeed missing it. I would appreciate any input on this, as it is more than mildly annoying. Regards, Nathan - -- Nathan Benson http://sourcefire.com/ 1C1A F2C1 82AD F75F 9B6B E501 0D73 DC9B E96B DD96 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBm3+qDXPcm+lr3ZYRAtohAJ9YUu3wn0Vi8C7zN3KA+fPXn5N10QCgl77F 4TchVkpfCchSzJZKjykwzYA= =9Cxa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] AD Account locked out issue
I am having several of my AD account getting locked out while users are trying to get to the samba share from the workstation in the AD domain. I am trying to figure out if this is something to do with the samba setup or problem in the AD domain. After the user unlocks their account, they can get in. However, there ware few instance when they had to unlock the account multiple times or wait several minutes before they can get in. This is something I noticed in the log after a user tried to access a share. [2004/11/17 10:28:40, 1] smbd/service.c:make_connection_snum(648) .x connect to service systemsweb initially as user Domain\joe (uid=10093, gid=17540) (pid 31075) [2004/11/17 10:28:40, 1] smbd/service.c:close_cnum(836) xx.xxx. closed connection to service web -- Sharif Islamhttp://www.sharifislam.com Research Programmer Library Systems Office -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating NT4 Domain with Idealx tools
Le mer 17/11/2004 à 17:09, Paul Coray a écrit : > Marcel de Riedmatten schrieb: > > > > you can have them separated. What count is that the machines account are > > visible on domain controllers (PDC BDC) ie getent passwd must show the > > machine (posix) account. This is nss_ldap configuration. If samba > > doesn't see the machine (posix) account it won't work . > > So can I specify more then one nss base for passwd in libnss-ldap.conf > > i.e. > > nss_base_passwd ou=Users,dc=mydomain,dc=ch > nss_base_passwd ou=Computers,dc=mydomain,dc=ch > nss_base_groupou=Groups,dc=mydomain,dc=ch I am not sure. I just don't specify nss_base_passwd ie i just defined base dc=mydomain,dc=ch > > > >> So I would suspect some problem in the communication with the > >> > >>>PDC and double check that on the samba box > >>> > >>>1) you have the domain SID as local SID > >> > >>Do SIDS for the PDC and for the domain have to be the same? > > > > > > yes the domain SID _is_ the (local) SID of the PDC and all domain > > controllers must have the same SID. > > Thanks Marcel, this is very valuable information to me! I think these > should be pointed out more clearly in the docs. > > ok By the way I am preparing something for the vampire and idmap stuff. -- Marcel de Riedmatten signature.asc Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating NT4 Domain with Idealx tools
Marcel de Riedmatten schrieb: Now I realize this works when i configure LDAP and Idealx-Tools to store machine accounts in the same container as useraccounts. Although this makes my directory look somewhat messy, I can live with it if I have to. Still I can't add machines doing smbldap-useradd -w, nor when I try to join the domain from a client. you can have them separated. What count is that the machines account are visible on domain controllers (PDC BDC) ie getent passwd must show the machine (posix) account. This is nss_ldap configuration. If samba doesn't see the machine (posix) account it won't work . So can I specify more then one nss base for passwd in libnss-ldap.conf? i.e. nss_base_passwd ou=Users,dc=mydomain,dc=ch nss_base_passwd ou=Computers,dc=mydomain,dc=ch nss_base_group ou=Groups,dc=mydomain,dc=ch So I would suspect some problem in the communication with the PDC and double check that on the samba box 1) you have the domain SID as local SID Do SIDS for the PDC and for the domain have to be the same? yes the domain SID _is_ the (local) SID of the PDC and all domain controllers must have the same SID. Thanks Marcel, this is very valuable information to me! I think these should be pointed out more clearly in the docs. Cheers Paul -- Paul Coray Administrator Server und Netzwerk Oeffentliche Bibliothek der Universitaet Basel EDV-Abteilung Schoenbeinstrasse 18-20 CH-4056 Basel Tel: +41 61 267 05 13 Fax: +41 61 267 31 03 mailto:[EMAIL PROTECTED] http://www.ub.unibas.ch -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating NT4 Domain with Idealx tools
Le sam 13/11/2004 à 12:23, Paul Coray a écrit : > Marcel de Riedmatten wrote: > > Le mar 09/11/2004 à 17:57, Paul Coray a écrit : > > > This doesn't seem normal. The samba attribute should be added by the > > vampire. > > But I my case it doesn't... net rpc vampire says 'Couldn't create Posix > information for machinename$'. Well in reality, it did, but without > samba atrrs. > > Now I realize this works when i configure LDAP and Idealx-Tools to store > machine accounts in the same container as useraccounts. Although this > makes my directory look somewhat messy, I can live with it if I have to. > Still I can't add machines doing smbldap-useradd -w, nor when I try to > join the domain from a client. you can have them separated. What count is that the machines account are visible on domain controllers (PDC BDC) ie getent passwd must show the machine (posix) account. This is nss_ldap configuration. If samba doesn't see the machine (posix) account it won't work . > > So I would suspect some problem in the communication with the > > PDC and double check that on the samba box > > > > 1) you have the domain SID as local SID > > Do SIDS for the PDC and for the domain have to be the same? yes the domain SID _is_ the (local) SID of the PDC and all domain controllers must have the same SID. signature.asc Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [samba] create account that can join machines but not admin access on domain
Hi Daniel... this is from the Samba Docs... will help One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him root access. How can we do this? Users who are members of the Domain Admins group can add machines to the Domain. This group is mapped to the UNIX group account called root (or equivalent on wheel on some UNIX systems) that has a GID of 0. This must be the primary GID of the account of the user who is a member of the Windows Domain Admins account. MRB http://www.lionix.com Linux Daniel Wilson wrote: hi list, im using samba 3.0.8 with LDAP, To add a machine to the domain i currently use the administrator account (which has uidNumber=0), which means this account has automatic root on all of the shares (my shares arnt using samba, im using NetApps Filers, which have been configured to authenticate via samba), when we roll this project out accross the university (approx 50,000 users) we want the technicians in each school to be able to add machines to the domain but not get root/admin access to all the shares. So my question is, Can you create an account that can add machines to the domain but doesnt get root/admin priveldges on all the shares/domain (as the would conflict with human rights issues etc...) Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User Administrator in passdb, but getpwnam() fails when trying to add XP machine to smb/ldap domain
On Wed, Nov 17, 2004 at 04:35:48PM +0200, Henti Smith wrote: > when I try to add the computer using the settings in XP, when prompted with > username and password I use the administrator and password set preveiosly. > > this results in failure and log reports: > > [2004/11/17 17:59:25, 1] auth/auth_util.c:make_server_info_sam(822) > User Administrator in passdb, but getpwnam() fails! Try configuring nss_ldap. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A device attached to the system is not functioning
Hi, doesn't seems to be a samba related problem. did you check the logs?? anything there?? increase log level ?? check the XP event viewer regards MRB www.lionix.com Linux Hiu Yen Onn wrote: hi, i have a samba-ldap pdc. from the windows xp client. i hardly logon to the network. the windows popup a box stating "A device attached to the system is not functioning". .but however, i tested the account from windows 98. it worked perfectly. can someone give me some pointers? thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profile inaccessable
I have ONE user on ONE workstation that occasionally gets locked out of his workstation with the message about a corrupt/inaccessable profile, using a temp (sorry for not having the exact text, I've killed people for lesser offenses myself). When I go in as administrator I see that Amendment to this statement, I guess it's happening to another user as well, so it's not as isolated as I thought. He's just not one to complain, -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] User Administrator in passdb, but getpwnam() fails when trying to add XP machine to smb/ldap domain
Hi all I've been trying to get this sorted out for a day now, I have done the following: Followed the howto at http://samba.idealx.org/smbldap-howto.en.html Changed the reg settings in XP added the computer to ldap added administrator to ldap when I try to add the computer using the settings in XP, when prompted with username and password I use the administrator and password set preveiosly. this results in failure and log reports: [2004/11/17 17:59:25, 1] auth/auth_util.c:make_server_info_sam(822) User Administrator in passdb, but getpwnam() fails! [2004/11/17 17:59:25, 0] auth/auth_sam.c:check_sam_security(306) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2004/11/17 17:59:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1982) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2004/11/17 17:59:26, 1] auth/auth_util.c:make_server_info_sam(822) User Administrator in passdb, but getpwnam() fails! [2004/11/17 17:59:26, 0] auth/auth_sam.c:check_sam_security(306) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2004/11/17 17:59:26, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1982) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) I've searched google and the list for possible options, but I've not yet found one that solves this problem. Any suggestions ? Thanks -- Henti Smith [EMAIL PROTECTED] +27 82 958 2525 http://www.geekware.co.za DISCLAIMER : Unauthorised use of characters, images, sounds, odors, severed limbs, noodles, wierd dreams, strange looking fruit, oxygen, and certain parts of Jupiter are strictly forbidden. If I find you violating, or molesting my property in any way, I will employ a pair of burly convicts to find you, kidnap you, and perform god-awful sexual experiments on you until you lose the ability to sound out vowels. I don't know why you are still reading this, but by doing so you have proven that you have far too much time on your hands, and you should go plant a tree, or read a book or something. - http://www.ctrlaltdel-online.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Limit the size of file sended to samba server
Hi, I'm looking for a way to prevent users to send BIG files to a samba server. After some research, I discovered that : - There are option in smb.conf that deal with quota (get/set quota commands), but the quotas deal with the total amount of data you put in a partition (a file system), not the size of one file - There is an option to limit the amount of octets sent in a samba session, but I doubt this has to deal with my question - Some advice me to modify the script that launches the smb server, (that is launched by root) to add a 'ulimit' command before the launch. This may work, but I don't know if this command will act on this script/environnement alone, or will act on everything is done by root on this server (that would not fit) So, I can't believe I'm the first guy to have this problem, with users sending huge MPEGs in the boss's financial subdirectories :o) How would you do that (except napalm) ? -- Nicolas Ecarnot -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba 3.0.4 and DOS 6.2.2 - MSDOS Copy problem
Hi Craig, could you (temporarely) set the samba debuglevel to 10? Set log level to 10 and got the output below. Hopefully it is useful. We have about 12 machines using samba, so I tried to only send relevant portion of log file. Generated by COPY DEFAULT.PLP TMP.PLP [2004/11/17 01:04:39, 5] smbd/filename.c:unix_convert(114) unix_convert called on file "3277/TEST/DEFAULT.PLP" [2004/11/17 01:04:39, 10] smbd/statcache.c:stat_cache_lookup(251) stat_cache_lookup: lookup failed for name [3277/TEST/DEFAULT.PLP] [2004/11/17 01:04:39, 10] smbd/statcache.c:stat_cache_lookup(251) stat_cache_lookup: lookup failed for name [3277/TEST] [2004/11/17 01:04:39, 10] smbd/statcache.c:stat_cache_lookup(251) stat_cache_lookup: lookup failed for name [3277] [2004/11/17 01:04:39, 5] smbd/statcache.c:stat_cache_add(178) stat_cache_add: Added entry 3277/TEST/DEFAULT.PLP -> 3277/TEST/DEFAULT.PLP [2004/11/17 01:04:39, 5] smbd/filename.c:unix_convert(176) conversion finished 3277/TEST/DEFAULT.PLP -> 3277/TEST/DEFAULT.PLP [2004/11/17 01:04:39, 3] smbd/dosmode.c:unix_mode(111) unix_mode(3277/TEST/DEFAULT.PLP) returning 0764 [2004/11/17 01:04:39, 5] smbd/files.c:file_new(122) allocated file structure 3721, fnum = 7817 (1 used) [2004/11/17 01:04:39, 10] smbd/open.c:open_file_shared1(833) open_file_shared: fname = 3277/TEST/DEFAULT.PLP, dos_attrs = 6, share_mode = 0, ofun = 1, mode = 764, oplock request = 0 [2004/11/17 01:04:39, 8] lib/util.c:is_in_path(1508) is_in_path: 3277/TEST/DEFAULT.PLP [2004/11/17 01:04:39, 8] lib/util.c:is_in_path(1512) is_in_path: no name list. [2004/11/17 01:04:39, 8] smbd/dosmode.c:dos_mode(270) dos_mode: 3277/TEST/DEFAULT.PLP [2004/11/17 01:04:39, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning a [2004/11/17 01:04:39, 8] lib/util.c:is_in_path(1508) is_in_path: 3277/TEST/DEFAULT.PLP [2004/11/17 01:04:39, 8] lib/util.c:is_in_path(1512) is_in_path: no name list. [2004/11/17 01:04:39, 8] smbd/dosmode.c:dos_mode(302) dos_mode returning a [2004/11/17 01:04:39, 4] smbd/open.c:open_file_shared1(1010) calling open_file with flags=0x0 flags2=0x0 mode=0764 [2004/11/17 01:04:39, 10] smbd/open.c:fd_open(45) fd_open: name 3277/TEST/DEFAULT.PLP, flags = 00 mode = 0764, fd = 25. [2004/11/17 01:04:39, 2] smbd/open.c:open_file(240) JENNY opened file 3277/TEST/DEFAULT.PLP read=Yes write=No (numopen=1) [2004/11/17 01:04:39, 10] smbd/open.c:open_file_shared1(1122) open_file_shared : share_mode = 0 [2004/11/17 01:04:39, 10] locking/locking.c:set_share_mode(659) set_share_mode: creating entry for file 3277/TEST/DEFAULT.PLP. num_share_modes = 1 [2004/11/17 01:04:39, 10] locking/locking.c:print_share_mode_table(409) print_share_mode_table: share_mode_entry[0]: pid = 18126, share_mode = 0x0, desired_access = 0x1, port = 0x0, type= 0x0, file_id = 1, dev = 0x803, inode = 295012 [2004/11/17 01:04:39, 8] smbd/dosmode.c:dos_mode(270) dos_mode: 3277/TEST/DEFAULT.PLP [2004/11/17 01:04:39, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning a [2004/11/17 01:04:39, 8] lib/util.c:is_in_path(1508) is_in_path: 3277/TEST/DEFAULT.PLP [2004/11/17 01:04:39, 8] lib/util.c:is_in_path(1512) is_in_path: no name list. [2004/11/17 01:04:39, 8] smbd/dosmode.c:dos_mode(302) dos_mode returning a [2004/11/17 01:04:39, 5] lib/util.c:show_msg(456) [2004/11/17 01:04:39, 5] lib/util.c:show_msg(466) size=49 smb_com=0x2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=128 smb_flg2=18433 smb_tid=1 smb_pid=1597 smb_uid=100 smb_mid=0 smt_wct=7 smb_vwv[ 0]= 7817 (0x1E89) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 4256 (0x10A0) smb_vwv[ 3]=16794 (0x419A) smb_vwv[ 4]= 600 (0x258) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]=0 (0x0) smb_bcc=0 [2004/11/17 01:04:39, 6] lib/util_sock.c:write_socket(432) write_socket(5,53) [2004/11/17 01:04:39, 6] lib/util_sock.c:write_socket(435) write_socket(5,53) wrote 53 [2004/11/17 01:04:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 41 [2004/11/17 01:04:39, 6] smbd/process.c:process_smb(889) got message type 0x0 of len 0x29 [2004/11/17 01:04:39, 3] smbd/process.c:process_smb(890) Transaction 5 of length 45 [2004/11/17 01:04:39, 5] lib/util.c:show_msg(456) [2004/11/17 01:04:39, 5] lib/util.c:show_msg(466) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=1 smb_pid=1597 smb_uid=100 smb_mid=0 smt_wct=3 smb_vwv[ 0]= 7817 (0x1E89) smb_vwv[ 1]= 4256 (0x10A0) smb_vwv[ 2]=16794 (0x419A) smb_bcc=0 [2004/11/17 01:04:39, 3] smbd/process.c:switch_message(685) switch message SMBclose (pid 18126) [2004/11/17 01:04:39, 4] smbd/uid.c:change_to_user(186) change_to_user: Skipping user change - already user [2004/11/17 01:04:39, 3] smbd/reply.c:reply_close(2693) close fd=25 fnum=7817 (numopen=1) [2004/11/17 01:04:39, 10] locking/locking.c:del_share_entry(569) del_share_entry: num_share_modes = 1 [2004/11/17 01:04:39, 10] l
[Samba] Profile inaccessable
I realize this may not/probably does not have anything to do with samba per se, but it didn't happen before I upgraded/rebuilt this particular server on 3.0.7. I'll ask anyway in case somebody has seen this... I have ONE user on ONE workstation that occasionally gets locked out of his workstation with the message about a corrupt/inaccessable profile, using a temp (sorry for not having the exact text, I've killed people for lesser offenses myself). When I go in as administrator I see that his profile has status= backup. While mucking about with it I've found that if I do a 'copy to' operation from that screen then it will let the user back in again. I just now attempted a copy, and it failed due to some locked file, but the user tried to log back in after I rebooted it and was able to. It appears that the mention of this 'copy' operation fixes it, as if the profile were somehow saying that it needed to be backed up and this clears that bit. I have tried rebuilding the profile from the default on the machine, with no luck. We don't run a mandatory profile, and this particular user has been set to not roaming back to a local profile via the User Profiles screen in the computer -> properties page. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows - Samba freeze/slow browsing problem
Hello, I have the following setup and problems and wanted to ask if anyone could help. Network 1 -- 192.168.1.xxx - Network 2 -- 192.168.2.xxx |-- Switch with port based vlan and a Samba Server which | | is placed in all port based vlan's and has ip aliases | | from all Network 1 through 10 Network 10 -- 192.168.10.xxx - The Samba server is acting as LMB, DMB and wins server. Apparently everything works fine: samba becomes LMB for all subnets and DMB, wins has got a lot of entries; nmblookup for master browser works fine; resolving names through wins (tested from linux) works fine. All computers are placed under the same workgroup (well 90% of them). But when I try from a windows Xp/2000 station to access the network upon clicking on My Network Places the computer freezes for about 20-40 seconds. Afterwards I get to see a list of available workgroups. After clicking on my workgroup (the one managed by the samba server) again the computer freezes for 20-40 seconds. Afterwards I see a list of all computers and can acces them just fine and if I click back on explorer to return to the browse list of computers in my workgroup, sometimes I get a freeze (once in something like 8-10 refreshes) but usually it works without any more problems. (as long as I don't go back to my network places or to the workgroups choosing screen). Any idea what's causing this ? Or how can I solve it ? >From my Linux smb4k program where I have configured it to use wins and the samba master browser everything works without lagging or freezing. If anyone would have the time to look my smb.conf file can be found at: www.duras.ro/smb.conf Thanks, Mihai -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba/Netscape Directory Server
On Tue, Nov 16, 2004 at 03:22:11PM -0500, Christian Merrill wrote: > I knew all along I was an idiot :). The other steps needed to be done > but the culprit was me putting the smbldap scripts in /usr/local/bin and > then telling samba to look for them in /usr/local/sbin. Amazing how > much better it works now. So I can now join a machine to the domain, > however on the XP box I am testing on I am running into an interesting > problem. When I login with a user account it takes the authentication, > goes blue which is normal, and then reboots the machine. Pretty neat, > going to see what event logs show (nothing on the smbd side of things), > ever seen anything like this? Never. I knew XP was fragile, but this... ;) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] create account that can join machines but not admin access on domain
hi list, im using samba 3.0.8 with LDAP, To add a machine to the domain i currently use the administrator account (which has uidNumber=0), which means this account has automatic root on all of the shares (my shares arnt using samba, im using NetApps Filers, which have been configured to authenticate via samba), when we roll this project out accross the university (approx 50,000 users) we want the technicians in each school to be able to add machines to the domain but not get root/admin access to all the shares. So my question is, Can you create an account that can add machines to the domain but doesnt get root/admin priveldges on all the shares/domain (as the would conflict with human rights issues etc...) Regards -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[samba] create account that can join machines but not admin access on domain
hi list, im using samba 3.0.8 with LDAP, To add a machine to the domain i currently use the administrator account (which has uidNumber=0), which means this account has automatic root on all of the shares (my shares arnt using samba, im using NetApps Filers, which have been configured to authenticate via samba), when we roll this project out accross the university (approx 50,000 users) we want the technicians in each school to be able to add machines to the domain but not get root/admin access to all the shares. So my question is, Can you create an account that can add machines to the domain but doesnt get root/admin priveldges on all the shares/domain (as the would conflict with human rights issues etc...) Regards -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba+nis
Dear Sir, Thanks for making Samba this is very helpful for me to make a network based on linux environment. i Need your help i am running Red Hat linux (2.4.21-4.EL )Server and running samba as a PDC with windows 2000 profaction + service pack 3 as a clients but i need some more security and dont want to disturb existing setup and make a NIS server for authantication and want to merger NIS and samba Kindly help me My current configuration of samba are as followes - Do you Yahoo!? Discover all thats new in My Yahoo!-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problem running kde
Hi > We use the exact same setup as you. We found NFS too insecure for our > tastes aswell. > Here are our experiences with it: > http://lists.samba.org/archive/linux-cifs-client/2004-November/000477.html > ( http://tinyurl.com/55ofl ) > and: > http://lists.samba.org/archive/linux-cifs-client/2004-November/000485.html > ( http://tinyurl.com/6wfc5 ) > > I haven't gotten gotten around to testing the kernel-patch yet but my > buddy said kde works properly now. I've tried out the registry patch. I'm now able to run kde applications like konqueror. But I can't start the kde display-manager via startx oder kdm. Startup still hangs. I don't get any error messages in the console I typed startx. How can I find the problem? Is there any way to log every fileoperation kde is doing in linux? Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticating off a Windows 2003 ADS DC with Samba/Winbind
[originally posted to fedora-users] I'm having difficulty getting samba/winbind to authenticate of a W2K3 box. I've searched the list archives and although there are some similar problems, none have seemed to help resolve this one. Here's the network configuration: - Windows 2003 Server gx270-rmaniar [192.168.0.100] - Fedora Core 3 gx280rmaniarFC3 [192.168.0.5] FYI: A Windows XP box correctly connects to the DC OK. ** Here's what I've done: - removed the Active Directory service from the W2K3 box and started from scratch again. - configured /etc/krb5.conf - timesynced both the Linux and Windows boxes - Used kinit [EMAIL PROTECTED] to login, all OK. - Can login to smb share using smbclient -k //gx270-rmaniar/C$ so kerberos ticket is ok. - configured winbind/smb.conf using the Authentication applet. - smb/winbind are started ok. ** Here's the problem: [EMAIL PROTECTED] samba]# net ads join -S gx270-rmaniar -U Administrator Administrator's password: [2004/11/16 17:35:12, 0] libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (gx280rmaniarfc3): Type or value exists ads_join_realm: Type or value exists So it says it exists already, despite the fact that its not shown in the 'Computers' list in AD. Tried it again, and got: [EMAIL PROTECTED] pam.d]# net ads join -S gx270-rmaniar -U Administrator Administrator's password: [2004/11/16 17:51:26, 0] libads/ldap.c:ads_add_machine_acct(1297) ads_add_machine_acct: Host account for gx280rmaniarfc3 already exists - modifying old account [2004/11/16 17:51:26, 0] libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (gx280rmaniarfc3): Type or value exists ads_join_realm: Type or value exists The computer now appears in the "Computers" list on the Windows server. [EMAIL PROTECTED] samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_INTERNAL_ERROR (0xc0e5) Could not check secret ** Here's the relevant info from smb.conf: workgroup = TEST.COM security = ads password server = 192.168.0.100 realm = TEST.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = no And someone asked for authconfig --test --kickstart: caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is disabled LDAP+TLS is disabled LDAP server = "127.0.0.1" LDAP base DN = "dc=example,dc=com" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is enabled SMB workgroup = "TEST.COM" SMB servers = "192.168.0.100" SMB security = "ads" SMB realm = "TEST.COM" Winbind template shell = "/bin/bash" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_wins is disabled pam_unix is always enabled shadow passwords are enabled md5 passwords are enabled pam_krb5 is disabled krb5 realm = "TEST.COM" krb5 realm via dns is disabled krb5 kdc = "192.168.0.100:88,192.168.0.100" krb5 kdc via dns is disabled krb5 admin server = "" pam_ldap is disabled LDAP+TLS is disabled LDAP server = "127.0.0.1" LDAP base DN = "dc=example,dc=com" pam_smb_auth is disabled SMB workgroup = "TEST.COM" SMB servers = "192.168.0.100" pam_winbind is enabled SMB workgroup = "TEST.COM" SMB servers = "192.168.0.100" SMB security = "ads" SMB realm = "TEST.COM" pam_cracklib is enabled (retry=3) pam_passwdqc is disabled () So there you have it. I've googled for the problem with no luck. Any ideas? Thanks, Rafiq -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Windows XP SP2 doesn't login to SAMBA domain
Quoting "Dean Landry" <[EMAIL PROTECTED]>: > Unfortunately I don't have a test box at this point :) Just a week until > students return to the lab. :) I've gotten everything to work now. Login > scripts worked once I disabled sendfile. Everything should be working fine > now. Do you have any notes on what/how you did the upgrade? What version (exactly) did you upgrade to? I just got 3.0.7-2 and building it now, but if you have any pointers that can help me, I'd apreciate it :) It seems like I'm also forced to upgrade a clients server. And like you, I don't have any test machine. And there's not much time to set one up either. The clients at the site keep crashing (or at leaset one of them) so they want it fixed yesterday (we've never heard that before, do we!? :). -- Ft. Meade Peking Honduras PLO Delta Force nuclear domestic disruption BATF subway explosion cryptographic Iran strategic FSF killed [See http://www.aclu.org/echelonwatch/index.html for more about this] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba