Re: [Samba] ADS Authentication
Hi, Your pam.d/logon file locks nice, mostly.. as you stated, the winbind part is authenticating correct, so you would be able to login with an ADS account, if not the pam system would try to verify the posix-account too. This is why you get asked for the second password. As i'm running linux and you FreeBSD there are differences in the syntax of the pam-files. There must be an option like use_first_pass in your system too, and i guess it would apply to the lines calling the system-module. You'll have to check your pam documentation for this. It is definitly not a samba problem. After winbind authenticated the user there is no part of samba involved in the login process anymore. Christoph Tom Skeren schrieb: Christoph Scheeder wrote: Hi, 2 points: 1.) use the smb.conf which gives you a working wbinfo. 2.) this sounds like missconfigured pam to me. -you have to tell pam that winbind is sufficient for auth and account with the lines Here's the /etc/pam.d/logon file info. This must be working because of the dual authentication when logging in at the terminal. In fact if you open a new terminal sessions and log in there, the primary [F1] screen will show pam_winbind[451]: user 'root' granted access. Further, when attempting to log on with an ADS account, although the log in fails, pam_winbind grants access. Here's the file info: # # $FreeBSD: src/etc/pam.d/login,v 1.16 2003/06/14 12:35:05 des Exp $ # # PAM configuration for the login service # # auth authrequiredpam_nologin.so no_warn authsufficient pam_self.so no_warn authinclude system authsufficient /usr/local/lib/pam_winbind.so # account account requisite pam_securetty.so account include system account sufficient /usr/local/lib/pam_winbind.so # session session include system # password passwordinclude system account sufficient pam_winbind.so and auth sufficient pam_winbind.so this drops the need for the local posix-account. -And for the auth modify the line with pam_unix.so to read like auth required pam_unix.so use_first_pass nullok this gets you rid of the second password-prompt. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join fails - Preauthetication failed
Resending, as I used wrong sender and it doesn't seem to have appeared on the list. The problem is sort of solved... First, I tried stopping smb and winbind and cleaning out all cache files (/var/cache/samba). Then joining worked fine for a while. Then it didn't. Whenever it didn't I got those weird messages with [EMAIL PROTECTED]@KLIENT.UIB.NO again. Now the problem with the double realm name seems to be fixed. I still get the same errors joining (just with the correct realm name). Seen from the AD side the join succeeds, and I can authenticate against AD as expected. I'm not sure what this is, but I'll get someone on the AD side to help me clean out the credentials for IFTSMB100 completely. Does anyone here know what it takes to get completely rid of all traces of a host in the kerberos part of AD so I can really retry from scratch? To get to a working setup I had to add a domain-to-realm mapping in krb5.conf so my domain maps to a realm name (map ift.uib.no to KLIENT.UIB.NO) and match the default realm in krb5.conf to the realm in smb.conf (KLIENT.UIB.NO). This is the realm where computers live in this setup. Users live in other domains. My new config files are at http://www.ift.uib.no/~birger/krb5.conf and http://www.ift.uib.no/~birger/smb.conf I also upgraded kerberos and samba to the versions in the yum develop repo for fc3. samba*-3.0.9-2 and krb5*-1.3.5-2 Now, even with the preauthentication failures when joining I have a working server that authenticates as expected. :-) -- birger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mapping home directory share names to AD user names?
Resending this as I sent it using wrong sender and it never appeared on the list... I finally have a samba server running with security=ads and user name mapping using smbusers file. Now, to make this perfect I would like to have home directory shares show up using the users AD names instead of the unix names. Is this possible? -- birger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba=3.0.4 - no more smbpasswd ? no more local auth when joined to domain ?
I just hope that this time I get heard since obviously nobody reads news://linux.samba ... Platform: SuSE-9.1, kernel-2.6.5, samba-3.0.4 I have recently upgraded from 3.0.2a to 3.0.4 and I have just noticed that using the same smb.conf as with previous version, the system just does not work anymore for me ! Furthermore, smbpasswd utility appears to be dropped ! Afterwards, I have noticed that I had to join the domain once again (security = DOMAIN). Yet, I still could not log in on to my machine. Before joining again, every attempt to access shared resources on MYHOST failed with: session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE This behaviour was just the same even if I tried to used local samba user. This indicates, that the smbpasswd file is either ignored (despite passdb backend being set to smbpasswd) either changed the structure either being displaced. Anyway, browsing the samba docs I could only realize it was rather outdated (it refered to samba 3.0, obviously not to samba-3.0.4 and later), wasn't it ? # smbclient -U me -L MYHOST -d3 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] Unknown parameter encountered: character set Ignoring unknown parameter character set Unknown parameter encountered: client code page Ignoring unknown parameter client code page added interface ip=172.22.110.137 bcast=172.22.255.255 nmask=255.255.0.0 added interface ip=192.168.74.1 bcast=192.168.74.255 nmask=255.255.255.0 Client started (version 3.0.2a-SUSE). Connecting to 172.22.110.137 at port 139 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPENGO login failed: Trust relationship failure session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE As I've already said, I realized that I should have joined domain again. Why so if none of samba admin files changed during upgrade ? Anyway, net join went smoothly - I got reported Joined to domain OURDOMAIN so I supposed I was joined, wasn't I ? Now I could perform net user -L MYHOST with DOMAIN authentication, yet I could not map or browse any of served shares from MYHOST (see the smbclient dump below) And more - where has support for local user/passwords gone ? I had previously configured few users which had not been configured within OURDOMAIN (using smbpasswd -a FOOUSER) and authentication was performed locally even when MYHOST was joined into OURDOMAIN. It seems that this functionality has just been dropped, hasn't it ? Smbclient dump: smbclient notoriously reports as follows (see also testparm dump after smbclient dump): # smbclient -d3 -L me -U MYHOST lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface ip=172.22.110.137 bcast=172.22.255.255 nmask=255.255.0.0 added interface ip=192.168.74.1 bcast=192.168.74.255 nmask=255.255.255.0 Client started (version 3.0.2a-SUSE). resolve_lmhosts: Attempting lmhosts lookup for name kiztok0x20 resolve_wins: Attempting wins lookup for name kiztok0x20 resolve_wins: using WINS server 172.22.0.8 and tag '*' Got a positive name query response from 172.22.0.8 ( 192.168.74.1 172.22.110.137 ) Connecting to 192.168.74.1 at port 139 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPENGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE # testparm -v Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [print$] Processing section [movies] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = ISO8859-15 workgroup = OURDOMAIN realm = netbios name = MYHOST netbios aliases = netbios scope = server string = My Linux host interfaces = bind interfaces only = No security = DOMAIN auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min passwd length = 5 use cracklib = No map to guest = Never null passwords = No obey pam restrictions = No password server =
RE : [Samba] Samba 3.09, Cups slow Print Dialoge.
I have the same problem under samba 2.2.3a-13 for Debian with a WinXP SP2 I try you solution but without success. I resolve the problem by also deleting the entry in DevModePerUser. And now it works! Thank you. But any one know why? -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Walter Willmertinger Envoyé : mardi 7 décembre 2004 17:24 À : Isaiah Salinas Cc : [EMAIL PROTECTED] Objet : Re: [Samba] Samba 3.09, Cups slow Print Dialoge. I had this problem for a long time after upgrading XP with SP2. What I did, was recommended by Martin Zielinski [EMAIL PROTECTED]. Go to the registry and delete local device modes for the samba printers. use regedit and goto HKEY_CURRENT_USER\Printers\ look for DevModes or DevModes2 and delete the keys for the printers connected to samba printers. So I had no problem any more and all seems to work. I don't know what the devmode means, but it seems to be not very important, as anything prints like before and also fast! Isaiah Salinas schrieb: I setup samba 3.09 printing with cups. However the dialogue box takes about 10 - 15 seconds to load or even when i switch printer or change properties to printers. Strangly enough when i add my user account as a admin in the global section, the problem goes away. I am running my clinet on XP SP1. Any help would be great. Thanks! Isaiah __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Pdf printer by mail with samba 3.0.9-1
Mitch (WebCob) wrote: The problem of the connectivity error seems to have been persistant for the duration of the windows login - so whatever I had screwed up I think I must have fixed, but I still have concerns... (and oodles of ideas - I could use this same process to create a fax gateway too...) I also wanted to do a fax gateway, but got sidetracked by another project (Replacing exchange yay!) Id be really interested in how you get on with that. Check out http://www.hylafax.org/ before you go on, make sure you arent re-inventing the wheel! I did not have much time to investigate, but the thing that worried me was how do you get the recipient fax number to the fax script? [Mitch says:] One of you had: [Mitch says:] lpq command = lpq -P'%p' [Mitch says:] lprm command = lprm -P'%p' %j [Mitch says:] lppause command = lpc hold '%p' %j [Mitch says:] lpresume command = lpc release '%p' %j [Mitch says:] queuepause command = lpc stop '%p' [Mitch says:] queueresume command = lpc start '%p' [Mitch says:] And one had only lpq and lprm with nothing after the = - I [Mitch says:] tried both ways?!?! Further to my other email... The common important element is the line: print command = /usr/local/bin/pdfout1.sh %s %u %m %I When I look at the calls to lpq -P'%p etc, they all return errors as %p's value (the printer share name) is not defined in printcap - would doing this have any purpose? print command seems to get called directly from the user as the call the print job, which in theory would mean there could be many calls to the script at once... ok I guess, but it does mean people should be careful with simple file naming systems - ones that rely on the date or possibly even the process id could result in duplicate files - right? Perhaps somehow I should be using lpd to call the script? To create a proper queueing process and serialize the conversions? Otherwise couldn't I experience the print-of-death from my users as 100 of them start to print a PDF all at once? I worried about that too - but with the script the file is named $DATE-$TIME-$USER.pdf - so unless they figure out how to print more than one per second per user, it will probably be ok (Not sure how many simultaneous prints it can do, but its never caused a problem here. If I'm way off here, please tell me where I'm heading wrong... Thanks for the help! m/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] disabling login window popup
Hi, I have functional setup of Samba PDC/LDAP domain member server. The problem happens when Windows workstation users (who are logged into the domain) try to access shares on domain member server which they don't have access to (for example they not belong to group which has the access to the particular share). Then Windows pops up a Connect to dialog window with username/password fields and users can enter different credentials. Is there any way (on server or client side) how to disable this behavior and make Windows system just inform the user with Acess is denied message ? Regars, Pavel Tuma -- A za kolik kupujete ELEKTRO Vy? http://www.MALL.cz/penezenka Ovte si pes SMS, kolik se d UETIT! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC not adding machines
samba-3.0.7-1.3E.1 Last time I checked (about 2 weeks ago), I could log machines onto the domain using the automated join in 2000 (and smbpasswd -a) Now, when I try to make a machine join the domain, Windows will show success, but I can't log in with a domain account! On adding the machine, I get: Dec 8 10:40:31 RedHat01 smbd[16299]: [2004/12/08 10:40:31, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(786) Dec 8 10:40:31 RedHat01 smbd[16299]: api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. On logging in I get: Dec 8 11:04:26 RedHat01 smbd[21553]: [2004/12/08 11:04:26, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244) Dec 8 11:04:26 RedHat01 smbd[21553]: get_md4pw: Workstation WS-07-2K$: no account in domain I have tried disabling secure encryption in Policy Settings, but that didn't help (The error in the log goes away, but I still can't log in). I have also tried manually removign and re-adding the machine, to no avail. Any ideas? My smb.conf: # Global parameters [global] workgroup = AA-AUDIT-IT server string = Server password server = None log file = /var/log/samba/%m.log max log size = 50 log level = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/useradd -d /dev/null -g samba -s /bin/bash -M %u add machine script = /usr/sbin/adduser -n -g workstations -c Machine -d /dev/null -s /bin/false %u logon script = logon.bat logon path = \\%L\Profiles\%U logon drive = I: domain logons = Yes os level = 65 preferred master = Yes local master = Yes domain master = Yes dns proxy = Yes wins support = Yes guest ok = No create mask= 0777 force directory mode = 0777 force create mode = 0777 printer admin = @administrators ... the rest is shares / printer definition -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.08 debian / problems mounting a share
hoi, the machine is running on debian 3 woody, using samba 3.08 from backports.org. we are using a w2k-domain (ads). i need to mount a share on a windows-server. so i do this: mount -t smbfs -o username=xxx //def00shh/data /opt/lampp/ExNet/dinfo/data and samba answers: mount: wrong fs type, bad option, bad superblock on //def00shh/datascan, or too many mounted file systems in log.smbd we find: [2004/12/08 12:10:09, 1] auth/auth_util.c:make_server_info_sam(822) User Nobody in passdb, but getpwnam() fails! smb.conf looks like this: [global] load printers = Yes guest account = Nobody socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY preserve case = yes wins server = 130.10.116.10 map to guest = Bad User encrypt passwords = yes veto files = /*.eml/*.nws/riched20.dll/*.{*}/ passwd program = /usr/bin/smbpasswd -U %u winbind uid = 1-2 template shell = /bin/bash netbios name = ffzx0sa2 winbind enum users = yes password server = ffzx0sa0 path = / default = backup unix password sync = yes winbind gid = 1-2 workgroup = FFZR1R winbind enum groups = yes os level = 2 security = domain short preserve case = yes preferred master = no domain master = no winbind separator = / interfaces = 130.7.42.101/255.255.0.0 winbind use default domain = yes it doesn't matter which share i try to mount, the result is always the same. also it doesn't matter if the used username is stored in ads or in (the still existing) nt-domain. thanks for your help lorenz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] printing server
Bonjour, I have some problem to configure a printing server with samba. I have a private network with a linux box as a gateway to the internet and several machine on this network some under windows, others under linux. One of the linux machine (which is not the gateway) has a printer which I want to be shared by the windows machines. The gateway has 192.168.0.1 as private IP number and the linux box with the printer has IP number 192.168.0.4 Here is my smb.conf file: # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2004/12/02 07:35:28 # Global parameters [global] workgroup = MYGROUP server string = Samba Server interfaces = 192.168.0.4/24, 192.168.0.1/24 log file = /var/log/samba/%m.log max log size = 50 name resolve order = host wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = yes ldap ssl = no printer admin = root hosts allow = 192.168.0., 127. cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes browseable = No [canon] path = /var/spool/samba guest ok = Yes printable = Yes printer name = canon [canon1] path = /var/spool/samba guest ok = Yes printable = Yes printer name = canon1 I get some error messages when smb start, here are from the nmbd.log: [2004/12/08 03:03:54, 0] nmbd/nmbd.c:main(665) Netbios nameserver version 3.0.7-2.FC1 started. Copyright Andrew Tridgell and the Samba Team 1994-2004 [2004/12/08 03:03:54, 0] lib/util_sock.c:open_socket_in(708) bind failed on port 137 socket_addr = 192.168.0.1. Error = Ne peut attribuer l'adresse demandée [2004/12/08 03:03:54, 0] nmbd/nmbd_subnetdb.c:make_subnet(126) nmbd_subnetdb:make_subnet() Failed to open nmb socket on interface 192.168.0.1 for port 137. Error was Ne peut attribuer l'adresse de mandée [2004/12/08 03:03:54, 0] nmbd/nmbd.c:main(733) ERROR: Failed when creating subnet lists. Exiting. Here are the 198.162.0.4 samba log: [2004/12/02 06:05:47, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(189) startsmbfilepwent_internal: file /etc/samba/smbpasswd did not exist. File successfully created. [2004/12/02 06:07:15, 0] smbd/service.c:make_connection(800) melusine (127.0.0.1) couldn't find service print$ There is a firewall on the gateway, but everything is opened on the private network: /sbin/iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j ACCEPT /sbin/iptables -A OUTPUT -o eth1 -d 192.168.0.0/24 -j ACCEPT What is missing? Anybody could help me. Thank you. -- François Patte Ecole française d'Extrême-Orient - Pune - Inde Université René Descartes - Paris 5 UFR de mathématiques et informatique http://www.math-info.univ-paris5.fr/~patte -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.08 debian / problems mounting a share
pls forget the accidently send email from Interne Kommunikation and send your answers to this box. sorry! hoi, the machine is running on debian 3 woody, using samba 3.08 from backports.org. we are using a w2k-domain (ads). i need to mount a share on a windows-server. so i do this: mount -t smbfs -o username=xxx //def00shh/data /opt/lampp/ExNet/dinfo/data and samba answers: mount: wrong fs type, bad option, bad superblock on //def00shh/datascan, or too many mounted file systems in log.smbd we find: [2004/12/08 12:10:09, 1] auth/auth_util.c:make_server_info_sam(822) User Nobody in passdb, but getpwnam() fails! smb.conf looks like this: [global] load printers = Yes guest account = Nobody socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY preserve case = yes wins server = 130.10.116.10 map to guest = Bad User encrypt passwords = yes veto files = /*.eml/*.nws/riched20.dll/*.{*}/ passwd program = /usr/bin/smbpasswd -U %u winbind uid = 1-2 template shell = /bin/bash netbios name = ffzx0sa2 winbind enum users = yes password server = ffzx0sa0 path = / default = backup unix password sync = yes winbind gid = 1-2 workgroup = FFZR1R winbind enum groups = yes os level = 2 security = domain short preserve case = yes preferred master = no domain master = no winbind separator = / interfaces = 130.7.42.101/255.255.0.0 winbind use default domain = yes it doesn't matter which share i try to mount, the result is always the same. also it doesn't matter if the used username is stored in ads or in (the still existing) nt-domain. thanks for your help lorenz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Lorenz Lammersdorf Schulstr. 19b 56412 Heiligenroth 02602/1342852 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd in 3.0.9 broken
Hello, i have an wierd problem under 3.0.8. This versions seems to encrypt password different to 2.2.9 an by this lock out any user. The machine is a Sun under Solaris 8 with the recommended patch cluster. User Repository is done by ldap_compat, because of several Systems in need of the old samba-schema (2.2.9). Anybody out there, who can reproduce the behaviour ? I´ve already filed a bug under 2020. Regards Joerg Example: bash-2.03# ./smbpasswd smbtest10 New SMB password: Retype new SMB password: bash-2.03# ./smbclient -s/usr/local/smb/system/config/customersite/smb.pdc2.conf -U smbtest10 //pdc2-customersite/smbtest10 Password: session setup failed: NT_STATUS_LOGON_FAILURE NOW CHANGING PASSWORD FROM A DIFFERENT SERVER UNDER 2.2.9 to same value bash-2.03# ./smbclient -s/usr/local/smb/system/config/customersite/smb.pdc2.conf -U smbtest10 //pdc2-customersite/smbtest10 Password: Domain=[domainname] OS=[Unix] Server=[Samba 3.0.8] smb: \ quit working Userentry-LDIF, changed with smbpasswd of 2.2.9 dn: uid=smbtest10,ou=people,ou=allgemein,o=organisation objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: account objectClass: top objectClass: organizationalPerson objectClass: person objectClass: sambaAccount acctFlags: [U ] cn: smbtest10 displayName: smbtest10 gecos: #T:common gidNumber: 1 homeDirectory: /somedirectory/smbtest10 kickoffTime: 2147483647 lmPassword: 86859AF790F4B217AAD3B435B51404EE loginShell: /bin/false logofftime: 2147483647 logonTime: 2147483647 ntPassword: 0C6AE10552793A8B88778B8185E47B78 primaryGroupID: 21001 pwdCanChange: 1086693852 pwdLastSet: 1100177214 pwdMustChange: 2147483647 rid: 41734 shadowFlag: 0 sn: smbtest10 uid: smbtest10 uidNumber: 20367 userPassword:: e1NTSEF9N1dJcjNIaWxGeENiZ0VSRmJxckpTN1dNWG1pNkZyWVB1RHBtUHc9P Q== Same user, changed with smbpassword with Samba 3.0.8, login not possible dn: uid=smbtest10,ou=people,ou=allgemein,o=organisation objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: account objectClass: top objectClass: organizationalPerson objectClass: person objectClass: sambaAccount acctFlags: [U ] cn: smbtest10 displayName: smbtest10 gecos: #T:common gidNumber: 1 homeDirectory: /somedirectory/smbtest10 kickoffTime: 2147483647 lmPassword: FE12086CE1A36EF5AAD3B435B51404EE loginShell: /bin/false logofftime: 2147483647 logonTime: 2147483647 ntPassword: 314040DC01195C391E161E6B39824C78 primaryGroupID: 21001 pwdCanChange: 1086693852 pwdLastSet: 1100177019 pwdMustChange: 2147483647 rid: 41734 shadowFlag: 0 sn: smbtest10 uid: smbtest10 uidNumber: 20367 userPassword:: e1NTSEF9N1dJcjNIaWxGeENiZ0VSRmJxckpTN1dNWG1pNkZyWVB1RHBtUHc9P Q== Diff of both ldifs : 18c18 lmPassword: 86859AF790F4B217AAD3B435B51404EE --- lmPassword: FE12086CE1A36EF5AAD3B435B51404EE 22c22 ntPassword: 0C6AE10552793A8B88778B8185E47B78 --- ntPassword: 314040DC01195C391E161E6B39824C78 25c25 pwdLastSet: 1100177214 --- pwdLastSet: 1100177019 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade 2.2.12 - 3.0.9
Hi All, I have a modified RH 9 box running as a PDC with roaming profiles and home shares. We really need to upgrade this system to 3.0.9 PDC with LDAP. If it all falls apart on the upgrade I'd like to be able to go back to 2.2.12 at the toss of a hat. Are there any files other than my /usr/local/samba2 directory and the tdb files that live in /var somewhere. I have LDAP almost ready to test as per the HOWTOO's - from the section Making users happy Cheers Ang -- Angela Williams Enterprise Outsourcing SCO Unix/Linux Cisco spoken here! Bedfordview [EMAIL PROTECTED] Gauteng South Africa Smile!! Jesus Loves You!! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Kerberos Error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norman Zhang wrote: | I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on | LM10.0. A similar summary to what I'm seeing could be found here. | | http://lists.samba.org/archive/samba/2004-July/090210.html | | | Solve the problem by changing | | [libdefaults] | ticket_lifetime = 24000 | default_realm = HQ.ARKONNETWORKS.COM | ; default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc | ; default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc | ; permitted_enctypes = des3-hmac-sha1 des-cbc-crc | | default_etypes = des-cbc-crc des-crc-md5 | default_etypes_des = des-cbc-crc des-crc-md5 unless you are pretty comfortable with krb5 enc types and have a specific reason to use the des keys, I would recommend not setting those 2 lines at all on MIT krb 1.3.x releases. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtwG3IR7qMdg1EfYRAir/AJ9t7u9f24PH/bARPXKt0emKyWtobACfYpAK 7LvcSN/7GohUT7ND14YdUhQ= =+q/F -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Pdf printer by mail with samba 3.0.9-1
The problem of the connectivity error seems to have been persistant for the duration of the windows login - so whatever I had screwed up I think I must have fixed, but I still have concerns... (and oodles of ideas - I could use this same process to create a fax gateway too...) I also wanted to do a fax gateway, but got sidetracked by another project (Replacing exchange yay!) Id be really interested in how you get on with that. Check out http://www.hylafax.org/ before you go on, make sure you arent re-inventing the wheel! I did not have much time to investigate, but the thing that worried me was how do you get the recipient fax number to the fax script? We also use HylaFAX, but this has little to do with Samba. You require a client for Windows in order to give users a decent experience, I recommend HylaFSP (which is a commercial product, but reasonably priced). There are several Win32 clients, most of which don't really stand up to regular use. [Mitch says:] One of you had: [Mitch says:] lpq command = lpq -P'%p' [Mitch says:] lprm command = lprm -P'%p' %j [Mitch says:] lppause command = lpc hold '%p' %j [Mitch says:] lpresume command = lpc release '%p' %j [Mitch says:] queuepause command = lpc stop '%p' [Mitch says:] queueresume command = lpc start '%p' [Mitch says:] And one had only lpq and lprm with nothing after the = - I [Mitch says:] tried both ways?!?! Further to my other email... The common important element is the line: print command = /usr/local/bin/pdfout1.sh %s %u %m %I When I look at the calls to lpq -P'%p etc, they all return errors as %p's value (the printer share name) is not defined in printcap Sure. You can replace those lpc calls with scripts or just try echo statements. All samba does is grab standard out and the return code. Perhaps somehow I should be using lpd to call the script? No. To create a proper queueing process and serialize the conversions? Otherwise couldn't I experience the print-of-death from my users as 100 of them start to print a PDF all at once? You can nice the script. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Printer driver auto upload.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim C. wrote: | Here is what is especially strange. If I click on the | printer icon with FileAnt I get this: | | \\Enigma\::{2227A280-3AEA-1069-A2DE-08002B30309D} | | Enigma is the name of my server but what is the SID | type info for? It's a GUID. Don't ask me for a deeper explanation. :-) | | [EMAIL PROTECTED] 0 samba]$ ls -l printers | | total 20 | | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 W32ALPHA | | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 W32MIPS | | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 W32PPC | | drwxrwsr-x 3 root adm 4096 Dec 6 19:33 W32X86 | | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 WIN40 | | [EMAIL PROTECTED] 0 samba]$ | | What is the S for? Somehow I doubt it is supposed to | be there. It's the group id bit for forcing group ownership of files and subdirectories created with each directory. | |write list = root, @'Domain, Admins' | | The comma definately does not belong. Is this a cowinkydink of | testparm or will it actually be interpreted this way? Use double quotes. cheeers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtwQPIR7qMdg1EfYRAnstAJ9rUH8XP+oClBazwU+7SMyVWI+aXQCfSsTf dhK0lBP7LaYpZbISyKDUsJs= =ThLU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mapping home directory share names to AD user names?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 birger wrote: | Resending this as I sent it using wrong sender and it never | appeared on the list... | | I finally have a samba server running with security=ads | and user name mapping using smbusers file. | | Now, to make this perfect I would like to have | home directory shares show up using the users AD names | instead of the unix names. Is this possible? Maybe. Try using a share named [%U] rather than [homes]. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtwR4IR7qMdg1EfYRAvrdAJ9pY/HTJYjBA2+towlTTfAH8kNIhACghUsB 726FN2MyUCrR3BHlcjhl7CY= =psSr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to change password in winxp using ctrl+alt+delete
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jason lee wrote: | if there is a way to search for the answer to my question, | please let me know. Samba archives are searchable at http://marc.theaimsgroup.com/ cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtwTWIR7qMdg1EfYRAjN7AJ9mgJg+IvUia5vx36WOS8mTS5fH8wCg4tVp lRuyelRtLhdp8TM6tuMCTZw= =YdnN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing Errors in log since installing 3.0.9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vickie L. Kidder wrote: | Since installing Samba 3.0.9, I am getting the following errors in my | samba log file related to printing. | I haven't made any changes to the smb.conf file from 3.0.7 where printing | worked fine. | | This is a sample of the errors from the samba log file. | [2004/12/06 15:45:55, 0] printing/printing_db.c:get_print_db_byname(109) | get_print_db: Failed to open printer backend database | /usr/local/samba/var/locks/printing/hpl4_smb.tdb. | [2004/12/06 15:45:55, 0] lib/fault.c:fault_report(36) | === | [2004/12/06 15:45:55, 0] lib/fault.c:fault_report(37) | INTERNAL ERROR: Signal 11 in pid 9038 (3.0.9) | Please read the appendix Bugs of the Samba HOWTO collection | [2004/12/06 15:45:55, 0] lib/fault.c:fault_report(39) | === Can you try the patch at http://samba.org/~jerry/patches/post-3.0.9/printing-3-0-9.patch ? Thanks. | security = user | encrypt passwords = yes | |; Global Settings for Printers | printing = aix | load printers = yes | printcap name = /etc/printcap | printer admin = vlkidder, kalagan, lbbell | print command = /usr/bin/lpr -P%p -h -r %s | lpq cache time = 0 You really don't want to set that to 0. Trust me. It will cause an unecessary load on the server. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtwYUIR7qMdg1EfYRAqT/AJsGDVbPE3dGrCeVRUeOonxl1G/d1ACeLaQ4 6Px2DfpCZJZabgXYdW/ipxA= =8PQQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printing server
Okay, lets see if i understand this correct ;-) you have a network with: 1 gateway/firewall to the internet (ip 192.168.0.1) 1 linux-pc which shall share his printer to the local network (ip 192.168.0.4) several other linux/windows pc's which shall be able to print. all trafic is *not* passing through the gateway. [snip] # Global parameters [global] workgroup = MYGROUP server string = Samba Server interfaces = 192.168.0.4/24, 192.168.0.1/24 then this line is complete rubish. it should read interfaces = 192.168.0.4/24, 127.0.0.1/8 log file = /var/log/samba/%m.log max log size = 50 samba is telling you that (if my rudimentary frech doesn't fool me...) [snip] [2004/12/08 03:03:54, 0] lib/util_sock.c:open_socket_in(708) bind failed on port 137 socket_addr = 192.168.0.1. Error = Ne peut attribuer l'adresse demandée it trys to open a socket on an interface with adress 192.168.0.1, which will not succeed as it has no such interface. Christoph -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] profiles migration
hello i am actually working on migrating a windows 2000 active directory to samba v3, ldap backend so far i have successfully vampirized account information in my ldap tree. i am looking for a way to migrate roaming profiles. simple copy does not work ( it complains about files being in use ). moving profile from system properties is not automated enough since it is on a per user basis. are they any solution ? thanx for answering -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Kerberos Error
Hello! I'm currently trying to understand some problem reports from customers using samba with ADS. Googling brought a lot of suggestions but no real solutions. So I'd like to ask some general questions about that: 1. Has anyone a working ticket authentication with MIT kerberos? I mean: really working. Not the NTLMSSP fallback when you enter an IP address instead of a hostname. I haven't noticed this for month since I always used the IP address :-( 2. If so, what does the trick ? Where to look at in the libraries. 3. What do we (samba users) need to know about the ticket received by kinit? Do we ever need to renew it? Or is the ticket obsolete after joining the domain? I had LOGON errors even with heimdal 0.6.3 until I deleted the /tmp/kr file. No idea, why. 4. Does a W2k client ever do ticket authentication? I can't get my W2k client to do this. Thanks a lot, Martin On Wednesday 08 December 2004 14:29, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norman Zhang wrote: | I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on | LM10.0. A similar summary to what I'm seeing could be found here. | | http://lists.samba.org/archive/samba/2004-July/090210.html | | Solve the problem by changing | | [libdefaults] | ticket_lifetime = 24000 | default_realm = HQ.ARKONNETWORKS.COM | ; default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc | ; default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc | ; permitted_enctypes = des3-hmac-sha1 des-cbc-crc | | default_etypes = des-cbc-crc des-crc-md5 | default_etypes_des = des-cbc-crc des-crc-md5 unless you are pretty comfortable with krb5 enc types and have a specific reason to use the des keys, I would recommend not setting those 2 lines at all on MIT krb 1.3.x releases. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtwG3IR7qMdg1EfYRAir/AJ9t7u9f24PH/bARPXKt0emKyWtobACfYpAK 7LvcSN/7GohUT7ND14YdUhQ= =+q/F -END PGP SIGNATURE- -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Printer driver auto upload.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | | I have a third party file manager that I use to get Administrator access | to XP just like you can with konqeror. It is called FileAnt and it | totally rocks... but I digress. | | I've noticed that I can't browse to my print$ share despite the | following settings: | | | [printers] | | comment = All Printers | | path = /var/spool/samba | | printer admin = root | | guest ok = Yes | | printable = Yes | | browseable = No | | | | [print$] | | comment = Printer Drivers | | path = /var/lib/samba/printers | | read only = No | | Here is what is especially strange. If I click on the printer icon with | FileAnt I get this: | | \\Enigma\::{2227A280-3AEA-1069-A2DE-08002B30309D} | | Enigma is the name of my server but what is the SID type info for? It's a class id, not a SID. | If I paste it into an explorer box I get the printers subdirectory also. | | Q: Is the printers subdirectory synonymous with \\Enigma\printer$ ? If | this is the case than I am actually browseing it however I can still not | create a directory despite the settings above. | | I've also noticed something else strange with the perms: | | | [EMAIL PROTECTED] 0 samba]$ ls -l printers | | total 20 | | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 W32ALPHA | | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 W32MIPS | | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 W32PPC | | drwxrwsr-x 3 root adm 4096 Dec 6 19:33 W32X86 | | drwxrwsr-x 2 root adm 4096 Nov 9 12:35 WIN40 | | [EMAIL PROTECTED] 0 samba]$ | | What is the S for? setgid | Somehow I doubt it is supposed to be there. How else would you sure that the group ownership of the files will *always* stay correct (access controls should always be applied at the filesystem level if possible, rather than the share definition). Anyway, you could check with 'rpm -V' and see that they are as packaged. Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtxJkrJK6UGDSBKcRAqr3AJ40HuM61Z0mGYW0FRdg6NOfjjV1IQCfUxI6 IL5gkX+ykBgxXy4XadStT9o= =vqvZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC + Kerberos
Has any one actually gotten a samba PDC to authenticate against a Kerberos server? If so were you able to get Samba to pass along the tokens. I have built Samba PDC at other companies without to much complication. My new company does not curently have a either a PDC or a kerberos server, but would like to get both. What has your experience been? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd hung processes - Samba 3.0.7
We have upgraded to the 3.0.7-1.3E.1 RH Samba update and this problem still occurs. Has anyone else experienced this or does anyone have any ideas on what's causing this? -John [EMAIL PROTECTED] wrote: We've seen Samba crash and burn twice in the last 48 hours - it just started happening, and we have no idea what might be causing it. I'm hoping that someone will recognize this problem. Platform: we are running RedHat Enterprise Server, with Samba 3.0.7. We're using security=domain in an old-style NT4 domain environment. The symptom that we're seeing is that the number of smbd processes suddenly begins to increase. We normally run with betwen 100 and 150 smb processes, but when Samba fails, the number starts to increase quickly, and users start to have problems accessing files. smbstatus reports approximately the right number of clients (133), but ps shows a much larger number of smbd processes active (680). Smbstatus reports a list of active smbd processes - this list includes the oldest processes and the newest processes, but there is a block of smbd processes in the middle that are not in the smbstatus report. What we THINK is happening is that the smbd processes begin to hang, the clients time out, they initiate a new session with Samba server, which respawns another smbd server process (leaving the old, hung process running). This keeps happening over and over until we kill samba. The hung processes need to be kill -9'ed. If you do a strace on these apparently hung processes, you see this: # strace -p 20403 Process 20403 attached - interrupt to quit fcntl64(13, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=280, len=1} unfinished ... I'm not sure if it's relevent, but netstat -a reports a large number of sockets in the CLOSE_WAIT state (I've included a small sample): Proto Recv-Q Send-Q Local Address Foreign Address State tcp1 0 valhalla:microsoft-ds army39:1455 CLOSE_WAIT tcp1 0 valhalla:microsoft-ds 131.101.40.174:2531 CLOSE_WAIT tcp 54 0 valhalla:microsoft-ds army39:1435 CLOSE_WAIT tcp 54 0 valhalla:microsoft-ds 131.101.40.174:2512 CLOSE_WAIT In this log, valhalla is the Samba server, and microsoft-ds is port 445 (the CIFS port). There doesn't seem to be anything relevent in the smbd log files (we were using log level 1). We've increased the log level to 3 in the hope that we'll get more information the next time Samba goes wild. Our smb.conf file isn't complicated - the global section looks like this: [global] workgroup = ICD netbios name = VALHALLA security = domain password server = * wins server = nn.nn.nn.nn mm.mm.mm.mm server string = Linux ClearCase Server %v %h log file = /var/log/samba/%m.log log level = 3 max log size = 4000 username map = /etc/samba/smbusers read raw = no oplocks = no kernel oplocks = no level2 oplocks = no create mask = 0774 directory mask = 0775 map archive = No preserve case = yes deadtime = 0 Is this by any chance with the 3.0.7-1.3E.1 RH Samba update that was just recently released or one of the previous 3.0.7 RH packages? Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles - exclude Application Data from roaming profile
On Tuesday 07 December 2004 20:19, Brett Carruthers wrote: I would still like to know how to exclude the Application Data from roaming profiles on a whole samba server basis. Also, how hard is it to have some users not use a roaming profile but others continuing to use a roaming profile? Use Kixtart to edit the registry of each user at initial login to redirect Application Data folder to the user's network home directory. Misty Regards, Brett rruegner wrote: Brett Carruthers schrieb: Hello All, I have a problem with my roaming profiles where they are becoming too large due to the Thunderbird mail accounts (stored by default) in Application Data. What I would like to do is exclude this directory from being part of the roaming profile. How can I do this? Also, how hard is it to have some users not use a roaming profile but others continuing to use a roaming profile? We have some laptop users that don't need roaming but office staff which do benefit from the use of roaming profiles. Thanks in advance, Brett Carruthers Hi, choose the folder of storing mail file in the account settings of thunderbird , or better use imap if possible 8 so you dont have to download mail ) consult thunderbird help faqs, if you got in trouble with firebird cache, you can set another folder for cache in default.ini ( i thought this was the name , look in the help files here too ) or minimize it, this should solve profile problems. a good place for all this stuff may be the home directory of the user on the samba server , or a place on clients computer local storage if this fits to your security Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] profiles migration
On Wednesday 08 December 2004 09:01, Thomas Constans wrote: hello i am actually working on migrating a windows 2000 active directory to samba v3, ldap backend so far i have successfully vampirized account information in my ldap tree. i am looking for a way to migrate roaming profiles. simple copy does not work ( it complains about files being in use ). moving profile from system properties is not automated enough since it is on a per user basis. Change the SID of the new PDC to be the same sid that the AD server has. Then the simple copy (zip them up and scp is more likely) will work. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA or CUPS printing an extra page
I don't know which software to blame. Two of my Windows XP users get an extra page of output every time they print to our HP 8500 color laserjet. The driver is in print$ on the server. I do not believe that _all_ of the XP users are having the problem, which is strange. But it's wasting a lot of paper and they are complaining. If it's SAMBA do you guys have any ideas how I can troubleshoot it? Here are my SAMBA printing details: [global] printing = cups printcap = cups printcap cache time = 60 print command = /usr/bin/lpr -P %p -o raw %s -r load printers = yes force printername = yes printer admin = @Domain Admins [print$] comment = Printer Drivers Share path = /data/samba/drivers write list = root browseable = no [printers] comment = All Printers path = /data/samba/spool public = yes guest ok = yes writeable = no printable = yes browseable = yes printer admin = @Domain Admins ## Specific printers that need extra permissions [acct_hp8500] copy = printers comment = Accounting Color Laser Printer path = /data/samba/spool/private public = no valid users = @acct @acct_admin @hr @Domain Admins dwayne terri danae browseable = yes Thanks for any help, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
Edward Wissner wrote: What did you change in your smb.conf file? Well, I managed to get samba to authenticate, however, continued winbindd problems make the setup worthless. Group searches fail, or are incomplete. Domain users and groups list without domain id. net groupmap fails. Attempts to re-join via net ads join fail. If your interested, I have copied all the relevant config files here: _*smb.conf:*_ workgroup = FSK realm = FSKLAW.NET server string = SSERVER netbios name = SSERVER security = ADS client schannel = Yes server schannel = Yes passdb backend = ldapsam:ldap://w2000.fsklaw.net socket options = TCP_NODELAY dns proxy = No ldap admin dn = cn=Administrator,cn=users,DC=fsklaw,DC=net ldap suffix = DC=fsklaw,DC=net idmap uid = 1-2 idmap gid = 1-2 winbind separator = / winbind enum users = No winbind enum groups = No winbind use default domain = Yes dos filemode = Yes acl compatibility = win2k inherit acls = yes inherit permissions = yes [FSK] path = /home/FSK public = yes only guest = no browseable = yes writeable = yes printable = no create mask = 0777 force create mode = 0777 force directory mode = 0777 directory security mask = 0777 _*ldap.conf: *_ host w2000.fsklaw.net base dc=fsklaw,dc=net ldap_version 3 URI ldaps:w2000.fsklaw.net scope sub pam_login_attribute Administrator pam_password md5 idle_timelimit 3600 nss_base_passwd cn=Users,dc=fsklaw,dc=net?one nss_base_group cn=Users,dc=fsklaw,dc=net?one ssl on TLS_CACERT /etc/CA/fsk.pem tls_ciphers TLSv1 sasl_secprops maxssf=0 krb5_ccname FILE:/tmp/krb5cc_0 _*nsswitch.conf: *_ passwd: files winbind shadow: files winbind group: files winbind hosts: dns winbind ldap files nis automount: files winbind ldap nisplus aliases: files winbind ldap nisplus _*krb5.conf:*_ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = FSKLAW.NET dns_lookup_realm = false dns_lookup_kdc = false default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 default_keytab-name = FILE:/etc/krb5.keytab [realms] FSKLAW.NET = { kdc = KERBEROS.FSKLAW.NET admin_server = w2000.fsklaw.net default_domain= fsklaw.net } [domain_realm] .fsklaw.net = FSKLAW.NET fsklaw.net = FSKLAW.NET .FSKLAW.NET = FSKLAW.NET .kerberos.server = KERBEROS.FSKLAW.NET [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false _*pam.d/login: *_ # # $FreeBSD: src/etc/pam.d/login,v 1.16 2003/06/14 12:35:05 des Exp $ # # PAM configuration for the login service # # auth auth required pam_nologin.so no_warn auth sufficient pam_self.so no_warn auth include system auth sufficient /usr/local/lib/pam_winbind.so # account account requisite pam_securetty.so account include system account sufficient /usr/local/lib/pam_winbind.so # session session include system # password password include system -Original Message- From: Tom Skeren [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 07, 2004 4:04 PM To: Jeremy Allison Cc: samba Subject: Re: [Samba] ADS Authentication Jeremy Allison wrote: It was an smb.conf issue. Authentication against ADS is now functioning. Now it's time to wrestle with ACLs. Thanks for the help. TMS III On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote: I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? Yes, so long as you have nsswitch and pam set up correctly. It sounds like you don't. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming profiles - exclude Application Data from roamingprofile
On Tuesday 07 December 2004 20:19, Brett Carruthers wrote: I would still like to know how to exclude the Application Data from roaming profiles on a whole samba server basis. Also, how hard is it to have some users not use a roaming profile but others continuing to use a roaming profile? [Mitch says:] There is a registry key on Windows for this... currently it will include Local Settings - search for that - or search ms site. There you specifically list folders to NOT sync. Note that if you aren't syncing them, it won't cause users apps not to still store data there, which may mean that if a user changes PC's they will seem to lose some files - redirecting might be better. m/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] mandatory profiles - again
My question is: How can I set up the \\L%\%u\profile to be deleted on exit? This way the default profile would be loaded every time a user logs on because windows would think it was new user since there are now profiles for the user neither local or on the logonserver. [Mitch says:] My answer is: On samba, delete any that exist or they will be downloaded and are a waste of storage anyways... then use group policy on Windows or find the appropriate registry keys to force windows to not write-back the profile and to delete the local cache on exit... From what I can see, group policy is a fancy way of saying registry hacks applied automatically, but tied to a security group - so with a little research and the help of something like ntregmon, you can do anything I think ;-) m/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd hung processes - Samba 3.0.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | We have upgraded to the 3.0.7-1.3E.1 RH Samba update | and this problem still occurs. Has anyone else experienced | this or does anyone have any ideas on what's causing this? | | -John | | | [EMAIL PROTECTED] wrote: | | | We've seen Samba crash and burn twice in the last 48 hours | - it just started happening, and we have no idea what | might be causing it. I'm hoping that someone will | recognize this problem. Are you reexporting NFS shares by chance? | in the middle that are not in the smbstatus report. | What we THINK is happening is that the smbd processes | begin to hang, the clients time out, A good theory (which would be true if re-exporting NFS shares and the NFS server got stuck). | # strace -p 20403 | Process 20403 attached - interrupt to quit | fcntl64(13, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=280, |len=1} |unfinished ... look in /proc/pid/fd and see what file fd 13 is. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtyX5IR7qMdg1EfYRAmD+AKCvqab8SuxkEFDp8PxPNsqOMJxHmQCfQHpz FMflmk9WH2CP7Jfr52aktkA= =tLj7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd hung processes - Samba 3.0.7
Hi Jerry, Thanks for the reply. I'll check this if it reoccurs again. We've turned off strict locking to see if this helps. This was on a hunch that it was a lock issue. To answer your question, the access to the main share on this server is via the automounter to a local directory. For example the automount map /hwnet/ccvobs mounts /export/vobs on this server. The share [vobs] is mapped to /hwnet/vobs. The default timeout is 60 seconds and we do see the automounter expire and remount this mount point frequently. While we're not re-exporting this file system there are certainly times when the automounter will apparently unmount and remount it. Note: that during the event the filesystem is available both locally and via the automounter. -John Gerald (Jerry) Carter [EMAIL PROTECTED] 12/08/2004 11:04 AM To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject:Re: [Samba] smbd hung processes - Samba 3.0.7 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | We have upgraded to the 3.0.7-1.3E.1 RH Samba update | and this problem still occurs. Has anyone else experienced | this or does anyone have any ideas on what's causing this? | | -John | | | [EMAIL PROTECTED] wrote: | | | We've seen Samba crash and burn twice in the last 48 hours | - it just started happening, and we have no idea what | might be causing it. I'm hoping that someone will | recognize this problem. Are you reexporting NFS shares by chance? | in the middle that are not in the smbstatus report. | What we THINK is happening is that the smbd processes | begin to hang, the clients time out, A good theory (which would be true if re-exporting NFS shares and the NFS server got stuck). | # strace -p 20403 | Process 20403 attached - interrupt to quit | fcntl64(13, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=280, |len=1} |unfinished ... look in /proc/pid/fd and see what file fd 13 is. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtyX5IR7qMdg1EfYRAmD+AKCvqab8SuxkEFDp8PxPNsqOMJxHmQCfQHpz FMflmk9WH2CP7Jfr52aktkA= =tLj7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba doesn't show in Windows
Hello guys, I have got my samba server as PDC run and it worked well. I could see the machine in a windows explorer and the linux users could login into the windows. Now, suddenly, I can't see samba server in windows explorer any more, but linux users can still log in the windows machines. I can ping from the samba server and it works. When I run #smbclient -L localhost I get the error: protocol negotiation failed As I am new to Samba, would appreciate, if someone could help me. Cheers Alam __ Mit WEB.DE FreePhone mit hoechster Qualitaet ab 0 Ct./Min. weltweit telefonieren! http://freephone.web.de/?mc=021201 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] configure dual samba 3.0.8 instances-one fedora box
Greetings, I've a need to run 2 instances on one box. I've spent the better part of 2 days looking for docs and howto's and reading the FM. However, I think I'm making too much out of it, thinking that there is more to it than there really is. the first instance is to serve the users, the second instance is for the backup system. I'm running fedora core 2 with samba 3.0.8pre2 (the first instance is a member server in a win2k3 domain and its working well.) I have a test box set up to experiment on. is there someone that can give me a quick run down as to the process of setting this up? or just a link to a doc would be fine... I haven't really found that much on the web though. Thanks Fred -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Pdf printer by mail with samba 3.0.9-1
We also use HylaFAX, but this has little to do with Samba. You require a client for Windows in order to give users a decent experience, I recommend HylaFSP (which is a commercial product, but reasonably priced). There are several Win32 clients, most of which don't really stand up to regular use. [Mitch says:] We did something similar back in the day... and we did it by creating a simple standard - the first phone number - or perhaps the first phone number in a certain font - was the destination phone number... As long as you are working from a template doc, this is easy to keep users consistent about - all we did was grep for the first phone number pattern, and extract it for the to. [Mitch says:] One of you had: [Mitch says:] lpq command = lpq -P'%p' [Mitch says:] lprm command = lprm -P'%p' %j [Mitch says:] lppause command = lpc hold '%p' %j [Mitch says:] lpresume command = lpc release '%p' %j [Mitch says:] queuepause command = lpc stop '%p' [Mitch says:] queueresume command = lpc start '%p' [Mitch says:] And one had only lpq and lprm with nothing after the = - I [Mitch says:] tried both ways?!?! Further to my other email... The common important element is the line: print command = /usr/local/bin/pdfout1.sh %s %u %m %I When I look at the calls to lpq -P'%p etc, they all return errors as %p's value (the printer share name) is not defined in printcap Sure. You can replace those lpc calls with scripts or just try echo statements. All samba does is grab standard out and the return code. [Mitch says:] ok - I understand the theory, but if your print command doesn't submit to lpd, and your printer is unknown, may would the lpq ever show any contents? Without using lpd to manage the queue, it doesn't seem to make sense to use the other components to report stop and start and empty queue that was never running to begin with - does it? Perhaps somehow I should be using lpd to call the script? No. [Mitch says:] What actually processes the queue then? The samba man for the print command seems to indicate it would normally be used for submitting the job to the queue for handling, but we aren't doing that - does that mean that there is no limit on simultaneous prints? To create a proper queueing process and serialize the conversions? Otherwise couldn't I experience the print-of-death from my users as 100 of them start to print a PDF all at once? You can nice the script. [Mitch says:] Not sure what the effect of that would be with fast server and workstation with low load... Last night I already got the first expected error (I lost print jobs cause I printed too fast) - but my other concern was for samba's server ability to simultaneously process the load of a large number of simultaneous prints... (btw: I generated the fast print jobs really simply - I pdf-printed an internet explorer page with frames - the default is one print job per frame... there were 4 frames, but I only got 4 print jobs when the server was under enough load to slow the printing down so the total process took more than 4 seconds...) I don't think I want to nice the script, I think I want to somehow allow them to queue so they can be pdf'd asynchronously. Hope I'm explaining better. Thanks! m/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] IPC$ when login as trusted user
Hi all, I am just curious with the following setup and hope to hear some good response on this:- 1. Why when I login as a trusted domain user on a computer, it logins anonymously? I have 2 domains that fully trust each other, Domain_A and Domain_B. Computer_A joins domain_A. I login as user_B (select the option Domain_B when login) on Computer_A. It was a successful login but with no login scripts. It was loginning in as a anonymous user. (logs shows it) 2. Why when I disable IPC$ share in the smb.conf, I cannot login as user_B onto Computer_A (as scenario above) at all? I don't even see the option to choose Domain_B. Disable IPC$ will not allow me to do a smbclient -L Anyone knows why? adrian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd hung processes - Samba 3.0.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hmmm. So do you think turning off strict locking will | help or is there something wrong with the tdb records | that we can clear? First we need to find out what file that fd is associated with. Then we can start working backwards to find root cause. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtzGPIR7qMdg1EfYRAi6dAJ9ShhAuixBiW4PLkq2BbM0h7IIF+QCfZjJX Z2Mc3N+SCOQm3RgKfDEwxCY= =ZDqD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA or CUPS printing an extra page
If this were NetWare I'd point you at the formfeed option on the print capture (client OS side)... I can't remember if the MS client has that concept for printing at all. Else, for CUPS here I don't have a print command specified... maybe Samba is smart enough to skip that when in CUPS mode. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Risposta automatica Fuori sede: Mail Delivery (failure g.biffi@nolan.it)
Purtroppo non Vi posso essere d'aiuto rientrer in ufficio luned 13 dicembre 2004. Vi ricontatter al mio rientro. Grazie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
first: STOP, you want your samba-server to be a membersever in ADS, do you?, then *remove* *all* bits referencing ldap from your smb.conf. you entrust all user and groupmanagment to ADS via winbindd and only via winbindd. second: you have configured winbindd not to give you the domain part from ADS by setting: winbindd use default domain = Yes set it to no and you will get the domain part for your domain users/groups third: don't use / as domain-seperator in linux/unix. it has special meaning (path-seperator) and using it probably will give you strange problems. Christoph Tom Skeren schrieb: Edward Wissner wrote: I have similar issues, but am not using an ldap server, rather a W2k Active Directory domain controller. Yes, so am I. The ldap server listed in ldap.conf is named w2000 And am not interested in lging into the linux server with AD. Domain users and groups list without the domain ID for me as well. I don't know if that is proper as I have never seen a working setup. No...it should be DOMAIN_NAME/user1 DOMAIN_NAME/group1 etc. The / is specified in smb.conf as winbindd separator. I see my shares on the samba server from a w2k client, but am prompted again for usr/passwd when attempting to open a shared directory. That's when I get a failure. Try mapping a drive by \\ip-addy\sharebet it works. I'm ready to toss it and start over, migrating completely away from w2k AD and setting up an ldap directory instead. I can't unfortunately. Samba works great if I create my users locally. It works pretty well as an NT style PDC, yes, but this project requires a samba server become a member server in ADS. ed -Original Message- *From:* Tom Skeren [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, December 08, 2004 10:32 AM *To:* Edward Wissner; samba *Subject:* Re: [Samba] ADS Authentication Edward Wissner wrote: What did you change in your smb.conf file? Well, I managed to get samba to authenticate, however, continued winbindd problems make the setup worthless. Group searches fail, or are incomplete. Domain users and groups list without domain id. net groupmap fails. Attempts to re-join via net ads join fail. If your interested, I have copied all the relevant config files here: _*smb.conf:*_ workgroup = FSK realm = FSKLAW.NET server string = SSERVER netbios name = SSERVER security = ADS client schannel = Yes server schannel = Yes passdb backend = ldapsam:ldap://w2000.fsklaw.net socket options = TCP_NODELAY dns proxy = No ldap admin dn = cn=Administrator,cn=users,DC=fsklaw,DC=net ldap suffix = DC=fsklaw,DC=net idmap uid = 1-2 idmap gid = 1-2 winbind separator = / winbind enum users = No winbind enum groups = No winbind use default domain = Yes dos filemode = Yes acl compatibility = win2k inherit acls = yes inherit permissions = yes [FSK] path = /home/FSK public = yes only guest = no browseable = yes writeable = yes printable = no create mask = 0777 force create mode = 0777 force directory mode = 0777 directory security mask = 0777 _*ldap.conf: *_ host w2000.fsklaw.net base dc=fsklaw,dc=net ldap_version 3 URI ldaps:w2000.fsklaw.net scope sub pam_login_attribute Administrator pam_password md5 idle_timelimit 3600 nss_base_passwd cn=Users,dc=fsklaw,dc=net?one nss_base_group cn=Users,dc=fsklaw,dc=net?one ssl on TLS_CACERT /etc/CA/fsk.pem tls_ciphers TLSv1 sasl_secprops maxssf=0 krb5_ccname FILE:/tmp/krb5cc_0 _*nsswitch.conf: *_ passwd: files winbind shadow: files winbind group: files winbind hosts: dns winbind ldap files nis automount: files winbind ldap nisplus aliases: files winbind ldap nisplus _*krb5.conf:*_ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = FSKLAW.NET dns_lookup_realm = false dns_lookup_kdc = false default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 default_keytab-name = FILE:/etc/krb5.keytab [realms] FSKLAW.NET = { kdc = KERBEROS.FSKLAW.NET admin_server = w2000.fsklaw.net default_domain= fsklaw.net } [domain_realm] .fsklaw.net = FSKLAW.NET fsklaw.net = FSKLAW.NET .FSKLAW.NET = FSKLAW.NET .kerberos.server = KERBEROS.FSKLAW.NET [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false _*pam.d/login: *_ # # $FreeBSD: src/etc/pam.d/login,v 1.16 2003/06/14 12:35:05 des Exp $ # # PAM
Re: [Samba] smbd hung processes - Samba 3.0.7
Looks like it's a link to /var/cache/samba/gencache.tdb. -John Gerald (Jerry) Carter [EMAIL PROTECTED] 12/08/2004 11:53 AM To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject:Re: [Samba] smbd hung processes - Samba 3.0.7 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hmmm. So do you think turning off strict locking will | help or is there something wrong with the tdb records | that we can clear? First we need to find out what file that fd is associated with. Then we can start working backwards to find root cause. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtzGPIR7qMdg1EfYRAi6dAJ9ShhAuixBiW4PLkq2BbM0h7IIF+QCfZjJX Z2Mc3N+SCOQm3RgKfDEwxCY= =ZDqD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NetBIOS-Remotecache
Hi out there. I have not been able to solve the following problem yet. I configured samba-3.0.9 as LMB/PDC with correct DNS and WINS. When I log on with my Windowsbox (no matter which version) and do immidiatly an nbtstat -c on the command-line I get: snip NetBIOS-Remotecache-Namentabelle Name TypHostadresse Dauer [Sek.] - SNEAKER1C GRUPPE 192.168.10.1395 snap When I now import lmhosts.sam with: snip 192.168.10.1 hunter #PRE #DOM:sneaker snap I get the correct information: snip NetBIOS-Remotecache-Namentabelle Name TypHostadresse Dauer [Sek.] - SNEAKER1C GRUPPE 192.168.10.1-1 HUNTER 03 EINDEUTIG 192.168.10.1-1 HUNTER 00 EINDEUTIG 192.168.10.1-1 HUNTER 20 EINDEUTIG 192.168.10.1-1 snap What have I not configured correctly??? Greetings Sascha -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Kerberos Error
Hi Gerald, I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on LM10.0. A similar summary to what I'm seeing could be found here. http://lists.samba.org/archive/samba/2004-July/090210.html Solve the problem by changing [libdefaults] ticket_lifetime = 24000 default_realm = HQ.ARKONNETWORKS.COM ; default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc ; default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc ; permitted_enctypes = des3-hmac-sha1 des-cbc-crc default_etypes = des-cbc-crc des-crc-md5 default_etypes_des = des-cbc-crc des-crc-md5 unless you are pretty comfortable with krb5 enc types and have a specific reason to use the des keys, I would recommend not setting those 2 lines at all on MIT krb 1.3.x releases. LM Samba is compiled against MIT kerberos 1.3.x. Unfortunately, I cannot get it to work with W2K3 without setting the above. Actually I followed the recommendation at http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member, and I'm not aware of any security loop-holes or drawbacks of enc types. Would you kindly point me to proper references? Regards, Norman Zhang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining XP clients to a Samba PDC
As far as I can tell I should be able to join the domain with the root account (added with smbldap-useradd -a -G 512 -m -s /bin/false -d /dev/null -F -P root). But all I get for my efforts is an error dialog The following error occurred attempting to join the domain 'BI': The network path was not found. If you're using the stock idealx setup (I believe) that you could be using the Administrator account, make sure that you have the password for that account, change it with smbpasswd if not. Your root user may or may not be set up right, I don't know the syntax of the command off hand. I've set the passwords for Administrator and for root with smbpassword and that doesn't seem to help. Try to change your double quotes to single quotes, I believe that has been known to cause issues. Do you mean the double quotes in the smbldap-useradd command above? Have you set the password for your manager DN? Does your sambaDomain object exist? The sambaDomain object does exist and was created by the idealx setup script I believe. At any rate it shows up in my LDAP tree. From my gui LDAP browser, this is what my directory looks like: World iiw bibleinfo bi #sambaDomain object? * Computers * Groups * Idmap % Manager % NextFreeUnixId * People % Administrator % User1 % User2 . . % nobody % proxyagent % root % user3 . . I'm using JXplorer and the symbols * % above translate to icons as follows: = small round circle (generic object icon I think) * = an icon looking like a cluster or tree of boxes (container for objects?) % = an icon consisting of a little face (user) and a sheet of paper (properties) Grasping at straws a bit here since your log doesn't seem to say anything blatantly obvious. Speaking of logs. I bumped the log level down to 2 and this is what was printed for two consecutive domain joining attempts (one with the root user, and one with the Administrator user) [2004/12/08 09:03:34, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/12/08 09:03:34, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/12/08 09:03:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: root [2004/12/08 09:03:35, 2] passdb/pdb_ldap.c:init_group_from_ldap(1902) init_group_from_ldap: Entry found for group: 512 [2004/12/08 09:03:35, 2] passdb/pdb_ldap.c:init_group_from_ldap(1902) init_group_from_ldap: Entry found for group: 1000 [2004/12/08 09:03:35, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2004/12/08 09:03:36, 2] smbd/server.c:exit_server(571) Closing connections [2004/12/08 09:10:53, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/12/08 09:10:53, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/12/08 09:10:53, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: Administrator [2004/12/08 09:10:53, 2] passdb/pdb_ldap.c:init_group_from_ldap(1902) init_group_from_ldap: Entry found for group: 512 [2004/12/08 09:10:53, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] - [Administrator] - [Administrator] succeeded [2004/12/08 09:10:54, 2] smbd/server.c:exit_server(571) Closing connections A log level of 3 gives much more detail, but that's a lot to post here and I don't see anything that jumps out at me error-wise. Would it be a problem with an obscure setting on the XP machine somehow? I've tried disabling Domain member: Digitally encrypt or sign secure channel data (always) as suggested by Chuck, but I still get the same error. (The network path was not found) I presume this is the same as another suggestion I found about changing the registry: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameter s] requiresignorseal=dword: signsecurechannel=dword: So the bottom line is still no luck. Anyone have additional suggestions? -Andrew -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Kerberos Error
Martin Zielinski wrote: 3. What do we (samba users) need to know about the ticket received by kinit? Do we ever need to renew it? Or is the ticket obsolete after joining the domain? Have you tried my workaround? It is recommended by http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member. What do you get when you type # klist tickets [libdefaults] ticket_lifetime = 24000 default_realm = HQ.ARKONNETWORKS.COM ; default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc ; default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc ; permitted_enctypes = des3-hmac-sha1 des-cbc-crc default_etypes = des-cbc-crc des-crc-md5 default_etypes_des = des-cbc-crc des-crc-md5 Regards, Norman Zhang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
Christoph Scheeder wrote: first: STOP, Too late, but not a problem. I was begining to suspect the Free BSD 5.x guide I was using was problematic. I just did a clean install of 5.3, and am installing software. I had already considered getting rid of ldap refences. Should I also get rid of nss_ldap? Thanks for the fresh pair of eyes looking at this for me. TMS III you want your samba-server to be a membersever in ADS, do you?, then *remove* *all* bits referencing ldap from your smb.conf. you entrust all user and groupmanagment to ADS via winbindd and only via winbindd. second: you have configured winbindd not to give you the domain part from ADS by setting: winbindd use default domain = Yes set it to no and you will get the domain part for your domain users/groups third: don't use / as domain-seperator in linux/unix. Yeah, I thought about that I will switch back to _ as a separator. it has special meaning (path-seperator) and using it probably will give you strange problems. Christoph Tom Skeren schrieb: Edward Wissner wrote: I have similar issues, but am not using an ldap server, rather a W2k Active Directory domain controller. Yes, so am I. The ldap server listed in ldap.conf is named w2000 And am not interested in lging into the linux server with AD. Domain users and groups list without the domain ID for me as well. I don't know if that is proper as I have never seen a working setup. No...it should be DOMAIN_NAME/user1 DOMAIN_NAME/group1 etc. The / is specified in smb.conf as winbindd separator. I see my shares on the samba server from a w2k client, but am prompted again for usr/passwd when attempting to open a shared directory. That's when I get a failure. Try mapping a drive by \\ip-addy\sharebet it works. I'm ready to toss it and start over, migrating completely away from w2k AD and setting up an ldap directory instead. I can't unfortunately. Samba works great if I create my users locally. It works pretty well as an NT style PDC, yes, but this project requires a samba server become a member server in ADS. ed -Original Message- *From:* Tom Skeren [mailto:[EMAIL PROTECTED] *Sent:* Wednesday, December 08, 2004 10:32 AM *To:* Edward Wissner; samba *Subject:* Re: [Samba] ADS Authentication Edward Wissner wrote: What did you change in your smb.conf file? Well, I managed to get samba to authenticate, however, continued winbindd problems make the setup worthless. Group searches fail, or are incomplete. Domain users and groups list without domain id. net groupmap fails. Attempts to re-join via net ads join fail. If your interested, I have copied all the relevant config files here: _*smb.conf:*_ workgroup = FSK realm = FSKLAW.NET server string = SSERVER netbios name = SSERVER security = ADS client schannel = Yes server schannel = Yes passdb backend = ldapsam:ldap://w2000.fsklaw.net socket options = TCP_NODELAY dns proxy = No ldap admin dn = cn=Administrator,cn=users,DC=fsklaw,DC=net ldap suffix = DC=fsklaw,DC=net idmap uid = 1-2 idmap gid = 1-2 winbind separator = / winbind enum users = No winbind enum groups = No winbind use default domain = Yes dos filemode = Yes acl compatibility = win2k inherit acls = yes inherit permissions = yes [FSK] path = /home/FSK public = yes only guest = no browseable = yes writeable = yes printable = no create mask = 0777 force create mode = 0777 force directory mode = 0777 directory security mask = 0777 _*ldap.conf: *_ host w2000.fsklaw.net base dc=fsklaw,dc=net ldap_version 3 URI ldaps:w2000.fsklaw.net scope sub pam_login_attribute Administrator pam_password md5 idle_timelimit 3600 nss_base_passwd cn=Users,dc=fsklaw,dc=net?one nss_base_group cn=Users,dc=fsklaw,dc=net?one ssl on TLS_CACERT /etc/CA/fsk.pem tls_ciphers TLSv1 sasl_secprops maxssf=0 krb5_ccname FILE:/tmp/krb5cc_0 _*nsswitch.conf: *_ passwd: files winbind shadow: files winbind group: files winbind hosts: dns winbind ldap files nis automount: files winbind ldap nisplus aliases: files winbind ldap nisplus _*krb5.conf:*_ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = FSKLAW.NET dns_lookup_realm = false dns_lookup_kdc = false default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 default_keytab-name = FILE:/etc/krb5.keytab [realms] FSKLAW.NET = { kdc = KERBEROS.FSKLAW.NET admin_server = w2000.fsklaw.net default_domain= fsklaw.net } [domain_realm] .fsklaw.net
[Samba] Re: no security info sent !
Mark Nienberg wrote: I have about 20 users accessing a Samba 3.07 server on Fedora core 1. The samba server is the PDC for the domain. The users are all Win 2000. The logs for one user show many entries like this: [2004/11/30 15:02:05, 0] smbd/posix_acls.c:unpack_nt_owners(892) unpack_nt_owners: no security info sent ! [2004/11/30 15:02:05, 0] smbd/posix_acls.c:unpack_canon_ace(1907) unpack_canon_ace: no security info sent ! [2004/11/30 15:07:51, 0] smbd/posix_acls.c:unpack_nt_owners(892) unpack_nt_owners: no security info sent ! [2004/11/30 15:07:51, 0] smbd/posix_acls.c:unpack_canon_ace(1907) unpack_canon_ace: no security info sent ! In the past, I have seen the same thing for another user or two. In spite of these errors, everything seems to be working fine. Does anyone have any ideas on what this means? Thanks, No ideas anyone? Sometimes this client logs 4000 lines like this per day. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd reads entire directory when creating files?
Jeremy Allison wrote: A strace on the smbd process receiving the files from the windows box (it is mapped as a share on the 2k3 server) reveals that smbd is looking up the entire directory (with getdents64) every time it writes a file. Several times, in fact. So as the number of files grows, it churns more and more. I'm sure most of it is in cache but the data still has to be moved around in memory. I know this is not necessary for writing/copying files with unix semantics, but I wonder if the case-fiddling or any other Windows imitative behavior is making this getdents64 orgy necessary. Is there any way to disable it? I was also looking at the case sensitivity options, but alas they don't seem to be able to prevent the readdir bonanza. I'm guessing the unix_convert routine is responsible for at least one set of traversals. In this case I don't care at all about converting these paths and there are no wildcards. It seems that, in that particular case, the contract of the routine could be satisfied by checking to see if we are in case sensitive mode and if so we don't bother doing the scan_directory (filename.c:284), since the SMB_VFS_STAT will tell us if the file really exists or not. Granted, it's an optimization. I realize that in the presence of wildcards (of which case-insensitivity is a variety) you have to do that scan_directory call. Of course, ideally, you would cache that resulting directory list as long as you possibly can. Name mangling also complicates this, but it's another feature I'm not using at all in this application. Obviously such a special case would make the code ugly...but I might try patching it just for my own testing to see if it makes any difference. Any pointers you can offer? -m -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 3.0.8 Authentication/Configuration problems with LDAP (SunOne Directory Server 5.2)
Q#1. What SAMBA related object classes and attributes I must add to a POSIX user in LDAP (SunOne DS 5.2) before it can be used by SAMBA for authentication? Q#2. Why does the SAMBA log for the user show the error FAILED with error NT_STATUS_WRONG_PASSWORD even before the user is prompted for username and password on the SAMBA client? Also in this log, I saw another error NT MD4 password check failed for username. I know that my LDAP uses CRYPT as the password storage scheme. Other options available are CLEAR, SHA, and SSHA but we must use CRYPT because other apps require it. When I do put the valid POSIX username and password in the SAMBA clients dialog box, I get an error Incorrect password or unknown username. I am using Samba version 3.0.8 which I compiled with the with-ldapsam and -with-pam_smbpass options and also used OpenLDAP libraries. It is running on Solaris 9 as a stand-alone server. My goal is to simply allow Win2K users to map UNIX directories on their PCs. In the past, we used the smbpasswd file but on a new system, we want to use LDAP (SunOne DS 5.2). I already have a POSIX account in LDAP that works just fine for UNIX logins. Based on the netscape-5.x schema from the examples/LDAP directory, I added 6 object classes (sambaSamAccount, sambaGroupMapping, sambaDomain, sambaUnixIdPool, sambaIdmapEntry, and sambaSidEntry) and several attributes including sambaLMPassword, sambaAcctFlags, sambaDomainName, smabaSID, and sambaNTPassword to my LDAP servers schema. An account has been added to LDAP (under ou=people) for the Solaris host where Samba is running. Both SAMBA stand-alone server and LDAP server are running on the same Solaris server. The Samba users log on to their Win2K PCs after being authenticated from their own network service. My SAMBA server is just a stand-alone server and not a PDC or BDC. From my LDAP server logs, I can see that samba binds to the LDAP server successfully. It searched for the user but it used a filter that put sambaSID=S-1-5-21-43403935-1067099457-3807174611-501 in it which resulted in user not being found. Next, I added the sambaSID attribute to the user and assigned this value. Now I dont get the error but am still unable to map a drive as this user. Samba starts up fine and I am able to do smbclient L localhost U% to list the shares etc. Here are the contents of my smb.conf file: [global] workgroup = MYGROUP netbios name = DEVWS2 server string = Samba Server DEVWS2 encrypt passwords = Yes update encrypted = Yes password level = 8 obey pam restrictions = Yes pam password change = No restrict anonymous = Yes debug uid = Yes preferred master = No domain master = No security = user hosts allow = 148. 127. log file = /usr/local/samba/var/log.%m log level = 5 max log size = 500 passdb backend = ldapsam:ldap://localhost:389 dns proxy = no ldap admin dn=cn=Directory Manager ldap server = DEVws2.DEV.xx.com ldap ssl = off ldap port = 389 ldap suffix = ou=people,dc=DEV,dc=xx,dc=com [homes] comment = Users' Home Directories path = /export/home public = no writable = yes printable = no create mask = 0765 [tmp] comment = temp path = /tmp read only = No Logs of the user from the /usr/local/samba/var directory: smbldap_search: base = [ou=people,dc=,dc=xx,dc=com], filter = [((uid=user)(objectclass=sambaSamAccount))], scope = [2] [2004/12/08 12:53:47, 2, effective(0, 0), real(0, 0)] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: user [2004/12/08 12:53:47, 4, effective(0, 0), real(0, 0)] lib/substitute.c:automount_server(323) Home server: devws2 [2004/12/08 12:53:47, 4, effective(0, 0), real(0, 0)] lib/substitute.c:automount_server(323) Home server: devws2 [2004/12/08 12:53:47, 3, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/12/08 12:53:47, 4, effective(0, 0), real(0, 0)] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2004/12/08 12:53:47, 3, effective(0, 0), real(0, 0)] libsmb/ntlm_check.c:ntlm_password_check(344) ntlm_password_check: NT MD4 password check failed for user user [2004/12/08 12:53:47, 3, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/12/08 12:53:47, 3, effective(0, 0), real(0, 0)] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/12/08 12:53:47, 3, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/12/08 12:53:47, 5, effective(0, 0), real(0, 0)] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/12/08 12:53:47, 5, effective(0, 0), real(0, 0)]
Re: [Samba] smbd reads entire directory when creating files?
On Wed, Dec 08, 2004 at 01:37:23PM -0600, Matt Mitchell wrote: Obviously such a special case would make the code ugly...but I might try patching it just for my own testing to see if it makes any difference. Any pointers you can offer? That's exactly the case I was intending to add :-). I'm have to work on the malloc issue at the moment - you seem to have quickly identified the neccessary optimization without my help :-) - well done ! Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
OK Christopher, samba is authenticating, if a bit oddly (some XP machines can use \\sserver\fsk others need to use \\ipaddy\fsk---not a huge problem). However I don't think I'm grasping the net groupmap function. I was of the belief that if I did this: net groupmap add ntgroup=nt-group unixgroup=(some group in /etc/group), then ADS members in nt-group would be mapped to the unix group. Thus when I setfacl on that directory with the unix mapped group rwx, then ADS members of the nt-group would have rwx permissions. However, when I log in to the share, the smaba server terminal burps up: smbd[582] chdir (/home/FSK) failed I must be missing something. Any thoughts would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with print$
Further information on this issue includes output from my smblog file: [2004/12/08 11:48:13, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: chuck [2004/12/08 11:48:13, 2] passdb/pdb_ldap.c:init_ldap_from_sam(864) init_ldap_from_sam: Setting entry for user: chuck [2004/12/08 11:48:13, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [chuck] - [chuck] FAILED with error NT_STATUS_WRONG_PASSWORD [2004/12/08 11:48:22, 2] smbd/server.c:exit_server(571) Closing connections This is repeated ten times for each attempt to display the printer properties dialog. I am able to see all other shares from the server, thus my NT and LM passwords are correct, so why the refusal? See below for permissions I have set for the print spool and print driver directories. Thanks, Chuck At 04:11 PM 12/7/2004, Chuck Theobald wrote: Hi All, I finally signed up for the list after years of using Samba successfully - a testament to the quality of Samba. Yet now I have a problem with the point-and-print functionality. I am able to authenticate against my server (Solaris 8, Samba 3.0.7, OpenLDAP 2.1.25) as user 'chuck' in my LDAP directory and browse the shares, but when I right-click on the printer and select Properties (on WinXP), I get a dialog: Printer properties cannot be displayed. Access is denied. And no properties dialog is shown. I googled the above message and found exactly one reference, the advice of which I followed (chmod 1777 /var/spool/samba), to no avail. A bit of background information: mansfield{79}# pwd /usr/local/samba mansfield{80}# bin/testparm Load smb config files from /usr/local/samba/lib/smb.conf Processing section [printers] Processing section [print$] Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [htdocs] Processing section [data] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = LCNI-MAN server string = Mansfield Server passdb backend = ldapsam:ldap://mansfield.uoregon.edu password level = 8 username level = 8 log level = 2 winbind:10 log file = /var/adm/samba/smblog.%m max log size = 500 add user script = /usr/local/samba/sbin/smbldap-useradd -m %u delete user script = /usr/local/samba/sbin/smbldap-userdel %u add group script = /usr/local/samba/sbin/smbldap-groupadd -p %g delete group script = /usr/local/samba/sbin/smbldap-groupdel %g add user to group script = /usr/local/samba/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/samba/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/samba/sbin/smbldap-usermod -g %g %u add machine script = /usr/local/samba/sbin/smbldap-useradd -w %u domain logons = Yes os level = 33 preferred master = Yes domain master = Yes dns proxy = No ldap admin dn = cn=smbadmin,ou=people,dc=lcni,dc=uoregon,dc=edu ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=people ldap passwd sync = Yes ldap suffix = dc=lcni,dc=uoregon,dc=edu ldap ssl = start tls ldap user suffix = ou=people printer admin = @sysadmin, chuck, root, LCNI-MAN\chuck printing = bsd print command = /usr/ucb/lpr -r -P'%p' %s lpq command = /usr/ucb/lpq -P'%p' lprm command = /usr/ucb/lprm -P'%p' %j [printers] path = /var/spool/samba printable = Yes browseable = No [print$] comment = Print Driver Area path = /usr/local/samba/lib/printers write list = @sysadmin, chuck, root, LCNI-MAN\chuck browseable = No [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Domain Logon path = /usr/local/samba/lib/netlogon browseable = No [profiles] comment = Roaming Profiles path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 [htdocs] comment = Web Server Files path = /var/www/htdocs read only = No [data] comment = Basic Data Storage path = /data read only = No mansfield{81}# ls -l /var/spool total 14 drwxr-xr-x 4 root sys 512 Oct 8 2003 cron drwxr-xr-x 2 uucp uucp 512 Nov 29 17:51 locks drwxrwxr-x 7 lp lp 512 Dec 6 16:20 lp drwxr-x--- 2 root bin 512 Dec 7 15:55 mqueue drwxrwxrwt 4 root bin 512 Oct 9 2003 pkg drwxr-xr-x 2 root lp 512 Oct 8 2003 print drwxrwxrwt 2 root other512 Dec 7 10:38 samba mansfield{83}# ls -ld /usr/local/samba/lib/printers drwxrwxr-x 4 root
Re: [Samba] Re: no security info sent !
Hi Mark, You may be able to reduce the size of your log files by an appropriate setting for log level in your smb.conf file, somthing like log level winbind:0 may work. Also, the messages point to acl usage, are these enabled on your system? Chuck At 11:20 AM 12/8/2004, Mark Nienberg wrote: Mark Nienberg wrote: I have about 20 users accessing a Samba 3.07 server on Fedora core 1. The samba server is the PDC for the domain. The users are all Win 2000. The logs for one user show many entries like this: [2004/11/30 15:02:05, 0] smbd/posix_acls.c:unpack_nt_owners(892) unpack_nt_owners: no security info sent ! [2004/11/30 15:02:05, 0] smbd/posix_acls.c:unpack_canon_ace(1907) unpack_canon_ace: no security info sent ! [2004/11/30 15:07:51, 0] smbd/posix_acls.c:unpack_nt_owners(892) unpack_nt_owners: no security info sent ! [2004/11/30 15:07:51, 0] smbd/posix_acls.c:unpack_canon_ace(1907) unpack_canon_ace: no security info sent ! In the past, I have seen the same thing for another user or two. In spite of these errors, everything seems to be working fine. Does anyone have any ideas on what this means? Thanks, No ideas anyone? Sometimes this client logs 4000 lines like this per day. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Chuck Theobald System Administrator The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Removing printers and faxes folder from windows explorer
Does anyone know how to make Printers and faxes folder not showing up in all client's Windows Explorer. I have tried to not include a [printers] section. I have also included a [printers] section but make browseable = no I have also tried load printers = no -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Removing printers and faxes folder from windows explorer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Does anyone know how to make Printers and faxes folder not showing up | in all | client's Windows Explorer. | | I have tried to not include a [printers] section. I have also included | a [printers] section but make browseable = no | I have also tried load printers = no Tried this? show add printer wizard = No - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBt2MD57L0B7uXm9oRAvgJAJ47gTqT6YGcyaP2AcYRow2k4vwLawCfQWmy RqhSVQg/1lmaHbxEJuLKFtI= =P25u -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Removing printers and faxes folder from windows explorer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 panos wrote: | | Does anyone know how to make Printers and faxes folder | not showing up in all client's Windows Explorer. | | I have tried to not include a [printers] section. I | have also included a [printers] section but make browseable = no | I have also tried load printers = no 'disable spoolss = yes' but the is not really commended since it has been know to cause high loads on the server due to client pollling. Use at your own risk. Why do people care if the 'printers and faxes' folder shows up ? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBt2RhIR7qMdg1EfYRAq2jAJ9re3+LQVLwHfVpQQAdVd5okIcHggCg19pb 8ISPgNgOOZsGoWvL/NzFx9s= =clnB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Removing printers and faxes folder from windows explorer
Thanks We have clients where things must be very simple. Of course we can live with the folder, but making it as clean as possible is a priority...though not at the cost of stability. So given your warning, I am not sure if it is worth it. What is client polling? Thanks again, Panos -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 08, 2004 12:30 PM To: panos Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Removing printers and faxes folder from windows explorer -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 panos wrote: | | Does anyone know how to make Printers and faxes folder | not showing up in all client's Windows Explorer. | | I have tried to not include a [printers] section. I | have also included a [printers] section but make browseable = no | I have also tried load printers = no 'disable spoolss = yes' but the is not really commended since it has been know to cause high loads on the server due to client pollling. Use at your own risk. Why do people care if the 'printers and faxes' folder shows up ? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBt2RhIR7qMdg1EfYRAq2jAJ9re3+LQVLwHfVpQQAdVd5okIcHggCg19pb 8ISPgNgOOZsGoWvL/NzFx9s= =clnB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA or CUPS printing an extra page
I had this problem with Cups and samba and it ended up being a mis-match on the printer options. The printers were able to print duplex and the the default for CUPS on the server was duplex and the default for the windows driver was simplex (or was it the other way around? I can't recall at the moment - getting old I guess.) Anyway, once the default for CUPS and the default for MS Windows had the same setting the extra page issue went away. It was interesting because not every print job printed an extra page, only print jobs that had an odd number of pages to print generated the blank page. This was using the CUPS-Samba drivers with driver download from the print server. -Bob -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Removing printers and faxes folder from windows explorer
Why do people care if the 'printers and faxes' folder shows up ? On the same note, is there a way to get the PrintersFaxes to show up, but NOT have the printers show up at the share level (\\servername)? I hate how cluttered it makes that look. If I remember right, making them not browseable takes away all access to seeing the printers. Misty cheers, jerry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Joining ADS errors when using net ads join command
Dear Samba Gurus, I've been R'ing TFM but I can't seem to find any help with this problelm. When I attempt to get samba to join the active directory domain I get the following error message: [2004/12/08 14:42:51, 0] libads/kerberos.c:get_service_ticket(335) get_service_ticket: kerberos_kinit_password [EMAIL PROTECTED]@WESTAM-US.CORP failed: Client not found in Kerberos database Bus Error I have an account created in the active directory server, so I have no idea why its coming back with Client not found. Does the repetition of the realm (i.e. [EMAIL PROTECTED]) make sense? If that is what is causing the server to deny the kerberos certificate, where would I look to find the replication? Also, what would cause the bus error warning? Thank you in advance -- Ryan Worthington names changed to protect the guilty Difficile est satiram non scribere. This message is confidential and may be privileged. It is intended solely for the named addressee. If you are not the intended recipient please inform us. Any unauthorised dissemination, distribution or copying hereof is prohibited. As we cannot guarantee the genuineness or completeness of the information contained in this message, the statements set forth above are not legally binding. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SAMBA or CUPS printing an extra page
On Wednesday 08 December 2004 15:48, Robert M. Martel wrote: Anyway, once the default for CUPS and the default for MS Windows had the same setting the extra page issue went away. This was it! As soon as I turned duplex off for CUPS it stopped printing out the extra page. Thanks much! Misty -Bob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Removing printers and faxes folder from windows explorer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 panos wrote: | Thanks | We have clients where things must be very simple. Of | course we can live with the folder, but making it as | clean as possible is a priority...though not at the | cost of stability. So given your warning, I am not sure | if it is worth it. | | What is client polling? client = Windows NT fall back to lanman printing calls when the server doesn't support the rpc based printing mechanism (this is what 'disable spoolss = yes' means). the clients then poll the server for changes in printing attributes a lot. Mostly I've seen this cause problems on Solaris servers. Not sure about Linux. My guess is that Linux is probably better in this respect. Also, if you aren't going to server any printers, then it is probably also ok. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBt27YIR7qMdg1EfYRAnvUAKDd4KKC21KRudYmFZE4yCZ5kHfeEgCgsPyr y0WQ4B4rz+tgdyJifLYWDn8= =iLzM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Removing printers and faxes folder from windows explorer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Misty Stanley-Jones wrote: |Why do people care if the 'printers and faxes' folder shows |up ? | | | On the same note, is there a way to get the PrintersFaxes | to show up, but NOT have the printers show up at the | share level (\\servername)? I hate how cluttered it makes | that look. If I remember right, making them not | browseable takes away all access to seeing the printers. No. Unlike Windows NT based servers, Samba does not support printers that are not share to clients. It could be done, but we don't. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBt3AzIR7qMdg1EfYRArFnAKDybNGxrBu341i2xLbGt636w4UYvACcCytK FBr5wSnC1hRaBBo4Q2h/AN0= =EAE/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure dual samba 3.0.8 instances-one fedora box
On Wed, 2004-12-08 at 10:19 -0600, Fred wrote: Greetings, I've a need to run 2 instances on one box. I've spent the better part of 2 days looking for docs and howto's and reading the FM. However, I think I'm making too much out of it, thinking that there is more to it than there really is. the first instance is to serve the users, the second instance is for the backup system. I'm running fedora core 2 with samba 3.0.8pre2 (the first instance is a member server in a win2k3 domain and its working well.) I have a test box set up to experiment on. is there someone that can give me a quick run down as to the process of setting this up? or just a link to a doc would be fine... I haven't really found that much on the web though. You are missing an additional IP Address. Just assign an additional IP Addr to the existing interface and then have the working one only listen to the original interface (eth0 maybe), and the new one listen on the added interface (eth0.1 or what ever you name it) Both instances have to have different configs and storage areas for things like the tdbs and WINS/cached information, print$ and profiles. Though you can still have the same shares defined. And the printers should just work as well especially if you use CUPS. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Wrong Foldername
Hi, I'm using samba 3.0.6. I see computer_name folders created in homedir. This never happened before I switch from Domain to ADS. Could someone please give me a few pointers? Regards, Norman Zhang [global] workgroup = ARKONDOMAIN realm = HQ.ARKONNETWORKS.COM server string = Samba Server %v security = ADS obey pam restrictions = Yes password server = 192.168.22.22 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 18 preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 15000-2 idmap gid = 15000-2 template homedir = /hsd1/transfer/%u template shell = /bin/bash winbind separator = / winbind use default domain = Yes [transfer] comment = Temporary Storage path = /hsd1/transfer read only = No create mask = 0777 directory mask = 0777 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba printer name != cups printer name
I recently added a printer to cups and the samba name is wrong. Anyone know how I can fix it? Environment: OS: Red Hat Enterprise Linux ES release 3 (Taroon Update 3) Uname: Linux stilton.ulticom.com 2.4.21-20.EL #1 Wed Aug 18 20:58:25 EDT 2004 i686 i686 i386 GNU/Linux Samba: samba-client-3.0.4-6.3E samba-common-3.0.4-6.3E samba-3.0.4-6.3E Cups: cups-libs-1.1.17-13.3.16 cups-devel-1.1.17-13.3.16 cups-1.1.17-13.3.16 /etc/smb.conf: [global] workgroup = MTLAUREL netbios name = PRINT server string = Print Server printcap name = cups load printers = yes printing = cups log file = /var/log/samba/%m.log log level = 0 max log size = 50 security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no dns proxy = no ldap admin dn = uid=sambaAdmin,ou=Directory Administrators,dc=ulticom,dc=com ldap ssl = off passdb backend = ldapsam_compat:ldap://ldap.ulticom.com ldap delete dn = no ldap user suffix = ou=people ldap group suffix = ou=group ldap machine suffix = ou=computers ldap suffix = dc=ulticom,dc=com ldap filter = (uid=%u) ldap passwd sync = no [printers] comment = All Printers path = /var/spool/samba browseable = no public = no guest ok = no writable = no printable = yes printer admin = root, @it [print$] comment = Printer Driver Download Area path = /var/samba/printers browseable = no guest ok = no read only = yes write list = root, @it force group = +it map archive = no map hidden = no map system = no force directory mode = 02775 force create mode = 0664 directory mask = 02775 create mask = 0664 Section of /etc/cups/printers.conf: Printer fulllj2420 DeviceURI socket://fulllj2420:9100 State Idle Accepting Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 /Printer As cups knows the printer: % lpstat -a | grep 2420 fulllj2420 accepting requests since Jan 01 00:00 As samba knows the printer: % rpcclient -c 'enumprinters' -Uroot print |grep -B2 2420 flags:[0x80] name:[\\print\HP LaserJet 2420 PS] description:[\\print\HP LaserJet 2420 PS,HP LaserJet 2420 PS,HP LaserJet 2420dn] comment:[HP LaserJet 2420dn] The windows world sees the same name as rpcclient. I have restarted cups, I have restarted samba. I have deleted the printer from cups and restarted both. The printer goes away ok. If I re-add it to cups and restart samba, the bad name comes back. I notice there is no deleteprinter command in rpcclient, so that won't work. How can I fix this? I can't have the model name be the printer name, I have a second printer of the same type to setup. I have 30 printers setup just fine. The cups name == the samba name. Just this latest one messed up. BTW: I can't upgrade Samba as the newer releases from Red Hat don't support ldapsam_compat (this has been reported as a bug to them). -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba printer name != cups printer name
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gary Algier wrote: | | I recently added a printer to cups and the samba name is wrong. | | Anyone know how I can fix it? Upgarde to 3.0.9 and set 'force printername = yes' for that share. | BTW: I can't upgrade Samba as the newer releases from | Red Hat don't support ldapsam_compat (this has been reported | as a bug to them). Doh! cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBt3niIR7qMdg1EfYRAko+AJ9/uX7nU83orQb7/mg/UsNd/gtDhgCbBw+9 /DtdjJ4kptbgoUWbDSe0T14= =iCSs -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Force user and replace with SUID and SGID. Realize error, but please assist
Hello again, Okay so I realize the error I made with the SUID ans SGID. Those settings represent what user/group the file is executed under. Must have had a brain cramp or something. I would however still appreciate some assistance in trying to get rid of the force user setting I am having to use to resolve an issue with Microsoft Office files and their time stamps being changed upon viewing of the file. Thanks Michael Kelly Michael Kelly [EMAIL PROTECTED] 06/12/2004 10:02:18 am Hi all, I am trying to get rid of a force user setting on our samba server. I read an article that talked about setting the SUID and SGID on the top-level directory, and all sub-directories, of a share and this would cause all files to be own by the user and group for which the sticky bit has been set. Here is what I did. 1. recursively changed owner/group on all file and directories in the share to the user and group who I wanted to own said files and directories. 2. executed find /mnt/fileserver/server -type d -exec ug+s {} \; to set the sticky bit on all directories within the share. 3. removed the force user entry from the share definition and restarted Samba 4. Browsed the share and created a new file. It came up as owned by me not the user who I had set the sticky bit for. It did have the proper group as I am a member of that group. 5. Opened and Excel file and then closed that file. It prompted me to save changes, made none, and when I said no it updated the time stamp anyway. I am using the force user entry to solve the known problem with Microsoft Office files. I have about 14 employees who access the share and all file and directories within it. Timestamps are very important and we need them not be changed when simply viewing a file. It was my understanding that by setting the SUID and SGID it would cause all files to retain their ownership and all newly created files to get the user and group for which the sticky bit was set. I know that this is a Linux file system question, but it is relating to Samba and I am hoping that someone out there has experienced this and can point me in the right direction. Thank you Michael Kelly -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba - Joining AD and OU issues
Windows 2000 Server named adtest.com as PDC. Solaris 9 server with SAMBA 3.0.7. I am trying to get a handle on the OU issue I am having. Suppose the PDC adtest.com has 100 OU such as a1, a2, a3, ..., a98, a99, a100. On the Solaris Server I am doing: kinit [EMAIL PROTECTED] type in Administrator password nmbd; smbd; winbindd -B net ads join When I do wbinfo -g or getent passwd I see all the accounts in all the OU. Suppose I only want one or two OUs? Imagine that I want a7 only, do I have to create a special account within OU a7 (such as a7adadmin) and use kinit a7adadmin? If so, then what do I need to have specifically two OUs, a7 and a12? The second question I have is that kinit always prompts for a password is there a better way to do this? Thank you, Wayne -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Folder Redirection, Roaming Profiles and Working Offline
Hi, I have been trying to use samba for a while as a way to have an identical desktop/startmenu/profile/favourites/etc on multiple PCs. Samba is setup as the PDC and I can join the domain and login. The problems started firstly when I wanted to have some sort of caching and also logon concurrently to different pcs with the same user. The main problem being that whichever computer I log off last gets all the changes saved and the first to log off looses all its changes. So I decided to read into Folder Redirection and followed the article at http://isg.ee.ethz.ch/tools/realmen/det/skel.en.html I changed the registry keys to make as may files possible redirected to a server share leaving just the profile on the profile share (by the way I am running windows XP on both workstations) Now when I try and logon having moved the rest of my profile to a mapped home drive I get the following error: Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Incorrect function. Click on OK and it loads my profile from the server, no error in the samba log files or anything, Is there an obvious cure? The next problem is that because its all accessing the profile directly from the server I keep getting helpful windows baloons telling me Delayed Write Fail and that my mail file or whatever has been lost. One of my two computers is a laptop and is obviously used away from my network so I use working offline- well attempt to, When it manages to lock the files and doesn't decide to go offline because it can't syncronise. Again is there anything that i'm doing wrong? Lastly is this the best approach to take or does anyone have any other suggestions? I have a debian server running samba and two winXP computers; one laptop and one desktop. I basically want to keep the computers with the same desktop/information/bookmarks etc on them and also have the laptop working away from the home server. I have enclosed my smb.conf file at the bottom of this message. Thankyou for all your help and sorry about asking all these questions but I have been attempting and failing to get a working solution for several months :( PS I am running Version 3.0.8-Debian Samba Thanks! Richard smb.conf: # Global parameters [global] workgroup = HOMENET netbios name = XEBIAN map to guest = Bad User passdb backend = tdbsam, guest pam password change = Yes unix password sync = Yes name resolve order = wins lmhosts bcast time server = Yes add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = %ULogon.bat logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes idmap uid = 15000-2 idmap gid = 15000-2 admin users = richard, @ntadmins hosts allow = 10.0.0., EXCEPT 10.0.0.1, 127. map acl inherit = Yes Log file = /var/log/samba/log.%m max log size = 50 log level = 2 hide files = /desktop.ini/ntuser.ini/NTUSER.*/ server string = %h server (Samba %v) [netlogon] path = /var/lib/samba/netlogon write list = @ntadmins, ntadmin [Profiles] path = /var/lib/samba/profiles valid users = %U force user = %U read only = No create mask = 0700 directory mask = 0700 guest ok = Yes profile acls = Yes browseable = No csc policy = disable root preexec = PROFILE=/var/lib/samba/profiles/%U; if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi [homes] path = /home/%U/windows comment = Home Directories valid users = %S read only = No force create mode = 0600 force directory mode = 0700 veto files = /Maildir/.bash_history/.bash*/.ssh/.spamassassin/.procmail$ hide files = /Maildir/.*/desktop.ini/ntuser.ini/NTUSER.*/hpothb07.dat/Thumbs.db browseable = No dos filetimes = Yes root preexec = WinHome=/home/%u/windows; if [ ! -e $WinHome ]; then mkdir -pm700 $WinHome; chown %u:%g $WinHome;fi [media] comment = music and video files path = /home/samba/media dos filetimes = Yes write list = @ntadmins, ntadmin [docs] comment = linux documents folder path = /usr/share/doc dos filetimes = Yes read only = Yes [pub] comment = Public directory path = /home/samba/pub read
[Samba] Problem connecting to domain
Greetings, I have compiled samba 3.0.9 to use kerberos 1.3.5 that I have also compiled from source. However, when I attempt to conect the host to an Active Directory domain, it fails with the following error after a lengthy delay: /usr/local/samba/bin/net: relocation error: /usr/local/samba/bin/net: undefined symbol: krb5_cc_close What can I do to resolve this? *** This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of the Department of Lands. This email message has been swept by MIMEsweeper for the presence of computer viruses. *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permission denied after successful mount of Windows share
I'm wanting to mount a Windows share from a Windows 2003 Server to a Fedora Core 2 using Samba. I run the following mount command (as root), which terminates with a 0 return code, but when I attempt to look at the mounted filesystem with df or ls, I get a Permission denied error. Here is the mount command (with user/pwd/machine altered) and debug level 4... mount -t smbfs -o username=,password=,rw,fmask=770,dmask=777,debug=4,port=139 //machine/bayside\$ /mnt/backup/bayside opts: port=139 mount.smbfs started (version 3.0.3-5) added interface ip=129.223.92.99 bcast=129.223.92.255 nmask=255.255.255.0 Connecting to 129.223.92.11 at port 139 1486: session request ok Serverzone is -36000 1486: session setup ok 1486: tconx ok I also tried NOT specifying port=139, and it also failed. Running the exact same mount command from a RedHat 7.3 box to the same Windows 2003 server and the same share works correctly; the mount works and I can see the files on the filesystem. Here is the mount command (with user/pwd/machine altered) and debug level 4... mount -t smbfs -o username=,password=,rw,fmask=770,dmask=777,debug=4 //machine/bayside\$ /mnt/backup/bayside mount.smbfs started (version 2.2.3a) added interface ip=129.223.92.16 bcast=129.223.92.255 nmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name machine0x20 getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_hosts: Attempting host lookup for name machine0x20 resolve_wins: Attempting wins lookup for name machine0x20 resolve_wins: WINS server resolution selected and no WINS servers listed. name_resolve_bcast: Attempting broadcast lookup for name machine0x20 bind succeeded on port 0 nmb packet from 129.223.92.11(137) header: id=8987 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=AUBNE2-R220 rr_type=32 rr_class=1 ttl=30 answers 0 char `...\. hex 600081DF5C0B Got a positive name query response from 129.223.92.11 ( 129.223.92.11 ) tdb((null)): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory tdb((null)): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory tdb((null)): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory Connecting to 129.223.92.11 at port 139 7586: session request ok 7586: session setup ok 7586: tconx ok If someone can shed any light on why the newer version of Samba does not work anymore, I'd appreciate knowing. TIA, Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - Joining AD and OU issues
Wayne Rasmussen wrote: Windows 2000 Server named adtest.com as PDC. Solaris 9 server with SAMBA 3.0.7. I am trying to get a handle on the OU issue I am having. Suppose the PDC adtest.com has 100 OU such as a1, a2, a3, ..., a98, a99, a100. On the Solaris Server I am doing: kinit [EMAIL PROTECTED] type in Administrator password nmbd; smbd; winbindd -B net ads join When I do wbinfo -g or getent passwd I see all the accounts in all the OU. Suppose I only want one or two OUs? Imagine that I want a7 only, do I have to create a special account within OU a7 (such as a7adadmin) and use kinit a7adadmin? If so, then what do I need to have specifically two OUs, a7 and a12? The second question I have is that kinit always prompts for a password is there a better way to do this? Well, once you kinit, you have a ticket. kinit again asks the ADS to reissue a ticket. Do a klist to see if ticket is active. Thank you, Wayne -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.09 pdc ldap usrmgr problem with viewing some groups
Hi sambatistas, i just noticed a strange problem with usrmgr, on my new pdc with my standart well tested smb.conf for smb pdc with ldap, usrmgr does only show up a few from the default groups, i.e Domain Admins can be seen but not Administrators i can browse that groups with a ldap client so i know everything went right at the populate, i view from a win xp serv pack2 system anybody else with simular problems? Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Reality Check - Roaming Profiles
Disclaimer... I know Roaming Profiles are a modern day example of the emperors new cloths. I also know that 2+2=4. Let's think Linux/Unix here a second. Preference files are stored in the user's home dir. A user can log in (text or X) multiple times, they will always get the same home dir. Thus each login instance will share those config files. The same just happens to be true of Windows clients logging into a Linux box ala Samba PDC. So why exactly is the general response to this that it is not working properly and needs to be corrected? I guess maybe I never will understand until I decide to ware rose colored glasses all the time. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with print$
Joy is me! Upgrading to 3.0.9 (from 3.0.7) quashed the print properties dialog problem I was seeing. FYI, Chuck Theobald System Administrator The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Folder Redirection, Roaming Profiles and Working Offline
Hi, I have been trying to use samba for a while as a way to have an identical desktop/startmenu/profile/favourites/etc on multiple PCs. Samba is setup as the PDC and I can join the domain and login. The problems started firstly when I wanted to have some sort of caching and also logon concurrently to different pcs with the same user. The main problem being that whichever computer I log off last gets all the changes saved and the first to log off looses all its changes. So I decided to read into Folder Redirection and followed the article at http://isg.ee.ethz.ch/tools/realmen/det/skel.en.html I changed the registry keys to make as may files possible redirected to a server share leaving just the profile on the profile share (by the way I am running windows XP on both workstations) Now when I try and logon having moved the rest of my profile to a mapped home drive I get the following error: Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Incorrect function. Click on OK and it loads my profile from the server, no error in the samba log files or anything, Is there an obvious cure? The next problem is that because its all accessing the profile directly from the server I keep getting helpful windows baloons telling me Delayed Write Fail and that my mail file or whatever has been lost. One of my two computers is a laptop and is obviously used away from my network so I use working offline- well attempt to, When it manages to lock the files and doesn't decide to go offline because it can't syncronise. Again is there anything that i'm doing wrong? Lastly is this the best approach to take or does anyone have any other suggestions? I have a debian server running samba and two winXP computers; one laptop and one desktop. I basically want to keep the computers with the same desktop/information/bookmarks etc on them and also have the laptop working away from the home server. I have enclosed my smb.conf file at the bottom of this message. Thankyou for all your help and sorry about asking all these questions but I have been attempting and failing to get a working solution for several months :( PS I am running Version 3.0.8-Debian Samba Thanks! Richard smb.conf: # Global parameters [global] workgroup = HOMENET netbios name = XEBIAN map to guest = Bad User passdb backend = tdbsam, guest pam password change = Yes unix password sync = Yes name resolve order = wins lmhosts bcast time server = Yes add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = %ULogon.bat logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes idmap uid = 15000-2 idmap gid = 15000-2 admin users = richard, @ntadmins hosts allow = 10.0.0., EXCEPT 10.0.0.1, 127. map acl inherit = Yes Log file = /var/log/samba/log.%m max log size = 50 log level = 2 hide files = /desktop.ini/ntuser.ini/NTUSER.*/ server string = %h server (Samba %v) [netlogon] path = /var/lib/samba/netlogon write list = @ntadmins, ntadmin [Profiles] path = /var/lib/samba/profiles valid users = %U force user = %U read only = No create mask = 0700 directory mask = 0700 guest ok = Yes profile acls = Yes browseable = No csc policy = disable root preexec = PROFILE=/var/lib/samba/profiles/%U; if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi [homes] path = /home/%U/windows comment = Home Directories valid users = %S read only = No force create mode = 0600 force directory mode = 0700 veto files = /Maildir/.bash_history/.bash*/.ssh/.spamassassin/.procmail$ hide files = /Maildir/.*/desktop.ini/ntuser.ini/NTUSER.*/hpothb07.dat/Thumbs.db browseable = No dos filetimes = Yes root preexec = WinHome=/home/%u/windows; if [ ! -e $WinHome ]; then mkdir -pm700 $WinHome; chown %u:%g $WinHome;fi [media] comment = music and video files path = /home/samba/media dos filetimes = Yes write list = @ntadmins, ntadmin [docs] comment = linux documents folder path = /usr/share/doc dos filetimes = Yes read only = Yes [pub]
[Samba] Re: no security info sent !
Chuck Theobald wrote: Hi Mark, You may be able to reduce the size of your log files by an appropriate setting for log level in your smb.conf file, somthing like log level winbind:0 may work. Also, the messages point to acl usage, are these enabled on your system? I'm not using winbind. Do these log entries relate to winbind? As I said, it only occurs for one user. I'll try setting the winbind log level to 0 as you suggested. If you mean does the system support posix acls, then no. This is a standard Fedora Core 1 system and I'm using the Fedora rpm version of samba (from Fedora, not from Samba). I do have nt acl support = yes in smb.conf. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Reality Check - Roaming Profiles
On 9 Dec 2004, at 12:07, Michael Lueck wrote: Let's think Linux/Unix here a second. Preference files are stored in the user's home dir. A user can log in (text or X) multiple times, they will always get the same home dir. Thus each login instance will share those config files. The same just happens to be true of Windows clients logging into a Linux box ala Samba PDC. The two are not the same. When you log in remotely to a unix-like system, you're using files in the one home directory, on one central file system. If you log in to a workstation that has NFS-mounted the remote directory, the same holds true - the files you edit are those present on the remote/central file system. When you log in to a Microsoft Windows client with roaming profiles enabled, the client will copy all of the files in your profile across to the local file system. You edit them in place on the local file system. Then when you log off, the files are copied back to the profile directory. There is no rsync or other optimisation - if you have 200MB of files in your profile, that 200MB will be copied back and forth every time you log in and log out. The two approaches have their advantages and disadvantages. In the case of the unix-like with home directories mounted over NFS, you don't want to be using KDE3 and Konqueror (for example), since Konqueror will check it's on-(NFS-)disk cache for the latest version of a file, find it's outdated, download the new file from the web server, save it to the on-(NFS-)disk cache, then display it to the user. Thus the main disadvantages of the remote/central disk method are the dependence (utter and absolute) on the remote hard disk, and the intermediate network. If either of those should stall, all machines on the network will halt as the NFS client waits for responses to NFS I/O. The main disadvantage of the Microsoft Windows approach is the bandwidth wasted while people log in and out. Both methods need to be fixed IMHO - a fair middle ground would be to mark some portions of the profile as volatile (and thus they won't be copied back to the central store on logout), and the actual copying back and forth of non-volatile (I'm not going to use the word permanent) data should use an optimised copy - something like rsync, which will only copy the changes. This means you can feasibly run a 100-workstation network on 100Mbps Ethernet - no need for Gigabit unless you actually have to transfer tens of thousands of rendered frames of movies across the network (or you absolutely must have sub-millisecond timing on communications, or...) (and assuming that everyone doesn't try to log in at the same second). Alex PS: Of course, there are people out there who will tell you to get diskless workstations, and trust the network and server hardware to up to snuff. But they tend to have more money to spend than I do, and don't seem to care that a local file system is faster than a network mounted file system ;) (it helps to have bug-free chipsets on the servers, too) (and now I don my flame-retardant suit, and bring out the sun lamp) PGP.sig Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba PDC + LDAP auth
I setup my samba sever to use ldap as a backend for authentication I can connect to the ldap directory using ldapAdmin from windows xp and diradmin in FC3 and administer the ldap directory but when I issue a command from the teminal window ( smbpasswd -a test I got the following error. ldap_initialized: time limit exceeded connetion to LDAP sever failed fot the 1 try ldap_initialized: time limit exceeded connetion to LDAP sever failed fot the 2 try ldap_initialized: time limit exceeded connetion to LDAP sever failed fot the 3 try ldap_initialized: time limit exceeded connetion to LDAP sever failed fot the 4 try ldap_initialized: time limit exceeded connetion to LDAP sever failed fot the 5 try How can I resolve this problem. Thanks alton -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] include statement problem
hi all... i have a little problem with an include statement in my smb.conf. what i want to achieve is to allow the administrator user access to read/write/browse to all the users home drives under /array2/samba/homes can anyone see why even after the include file was added, the administrator user is not able to browse /array2/samba/homes/* ? [homes] browseable = no writeable = Yes include = /etc/samba/%U path = /array2/samba/homes/%U force create mode = 770 create mask = 0770 #include file called administrator [homes] browseable = yes writeable = yes path = /array2/samba/homes/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Wrong Foldername
I'm using samba 3.0.6. I see computer_name folders created in homedir. This never happened before I switch from Domain to ADS. Could someone please give me a few pointers? To illustrate what I mean, drwxr-xr-x 3 2D-015$ Domain Computers 100 Dec 7 13:49 2D-015_/ drwxr-xr-x 3 2D-030$ Domain Computers 100 Dec 7 13:31 2D-030_/ drwxr-xr-x 3 2D-032$ Domain Computers 100 Dec 7 12:29 2D-032_/ drwxr-xr-x 3 2D-060$ Domain Computers 100 Dec 7 13:53 2D-060_/ drwxr-xr-x 3 2D-063$ Domain Computers 100 Dec 7 14:27 2D-063_/ drwxr-xr-x 3 2D-067$ Domain Computers 100 Dec 7 12:29 2D-067_/ drwxr-xr-x 3 2D-068$ Domain Computers 100 Dec 7 13:34 2D-068_/ drwxr-xr-x 3 2D-069$ Domain Computers 100 Dec 7 12:39 2D-069_/ drwxr-xr-x 3 2D-095$ Domain Computers 100 Dec 7 13:30 2D-095_/ drwxr-xr-x 3 2D-102$ Domain Computers 100 Dec 7 14:02 2D-102_/ drwxr-xr-x 3 3D-202$ Domain Computers 100 Dec 7 14:15 3D-202_/ drwxrwxrwx 2 acheng Domain Users 38 Jul 6 14:46 acheng/ drwxrwxrwx 4 achow Domain Users 4096 Nov 26 17:46 achow/ I think it has to do with winbind. Winbind seems to received Computers under W2K3's Active Directory Users and Computers as users. Please advise how may I solve this. This never happened when security=Domain # wbinfo -u syang ttu wleung wshao ylng IUSR_MECHSERVER IWAM_MECHSERVER lxiao ejen recruit 2D-032$ 2D-035$ 2D-026$ 2D-037$ 2D-028$ 2D-024$ 2D-036$ doccon 2D-014$ # getent passwd syang:x:15101:15009:Steven Yang:/hsd1/transfer/syang:/bin/bash ttu:x:15103:15009:Tyler Tu:/hsd1/transfer/ttu:/bin/bash wleung:x:15105:15009:Wilson Leung:/hsd1/transfer/wleung:/bin/bash wshao:x:15108:15009:Wells Shao:/hsd1/transfer/wshao:/bin/bash ylng:x:15109:15009:Yik-Lap Ng:/hsd1/transfer/ylng:/bin/bash IUSR_MECHSERVER:x:15046:15009:IUSR_MECHSERVER:/hsd1/transfer/IUSR_MECHSERVER:/bin/bash IWAM_MECHSERVER:x:15047:15009:IWAM_MECHSERVER:/hsd1/transfer/IWAM_MECHSERVER:/bin/bash lxiao:x:15071:15009:Linda Xiao:/hsd1/transfer/lxiao:/bin/bash ejen:x:15033:15009:Eric Jen:/hsd1/transfer/ejen:/bin/bash recruit:x:15087:15009:Recruit Officer:/hsd1/transfer/recruit:/bin/bash 2D-032$:x:15117:15063:2D-032:/hsd1/transfer/2D-032_:/bin/bash 2D-035$:x:15157:15063:2D-035:/hsd1/transfer/2D-035_:/bin/bash 2D-026$:x:15158:15063:2D-026:/hsd1/transfer/2D-026_:/bin/bash 2D-037$:x:15159:15063:2D-037:/hsd1/transfer/2D-037_:/bin/bash 2D-028$:x:15160:15063:2D-028:/hsd1/transfer/2D-028_:/bin/bash 2D-024$:x:15161:15063:2D-024:/hsd1/transfer/2D-024_:/bin/bash 2D-036$:x:15162:15063:2D-036:/hsd1/transfer/2D-036_:/bin/bash doccon:x:15026:15009:Doccon:/hsd1/transfer/doccon:/bin/bash 2D-014$:x:15132:15063:2D-014:/hsd1/transfer/2D-014_:/bin/bash [global] workgroup = ARKONDOMAIN realm = HQ.ARKONNETWORKS.COM server string = Samba Server %v security = ADS obey pam restrictions = Yes password server = 192.168.22.22 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 18 preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 15000-2 idmap gid = 15000-2 template homedir = /hsd1/transfer/%u template shell = /bin/bash winbind separator = / winbind use default domain = Yes [transfer] comment = Temporary Storage path = /hsd1/transfer read only = No create mask = 0777 directory mask = 0777 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Your mail to Firewalls
This pre-recorded message is being sent in response to your recent email to Firewalls. The Firewalls mailing list has moved to [EMAIL PROTECTED]. Your message has NOT been forwarded. You must send your messages directly to [EMAIL PROTECTED] rather than to [EMAIL PROTECTED] For more information, see: http://www.isc.org/services/public/lists/firewalls.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] how many matt dobbertien's can there be?
hi- it's Andy Pappas- I hope this is you- I bet I haven't seen you for 13 years! Sometimes I get nostalgic for the old days. I'd love to catch up. If this is a different Matt Dobbertien, nice to meet you, and best of luck. Sincerely, Andy Pappas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Reality Check - Roaming Profiles
On Wednesday 08 December 2004 18:19, Alex Satrapa wrote: On 9 Dec 2004, at 12:07, Michael Lueck wrote: The main disadvantage of the Microsoft Windows approach is the bandwidth wasted while people log in and out. In my experience, samba networks also have more problem with profiles becoming corrupted and not being able to copy down from the server or back up to it. I surmise it is differences in Win32 and Linux with respect to permitted characters and/or path length. Both methods need to be fixed IMHO - a fair middle ground would be to mark some portions of the profile as volatile (and thus they won't be copied back to the central store on logout), Windows and samba already do this -- you have an invisible Local Settings file in your Roaming profile where, for example, Outlook stores its .pst files. It doesn't get copied up to the server. Of course, I'd much rather email did get copied to the server -- leave the web browser cache behind instead. and the actual copying back and forth of non-volatile (I'm not going to use the word permanent) data should use an optimised copy - something like rsync, which will only copy the changes. That would certainly be an improvement. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] Reality Check - Roaming Profiles
Hmm. Guess I'll try sending this to the right list now. -- Forwarded message -- From: Eric Lester [EMAIL PROTECTED] Date: Wed, 8 Dec 2004 21:46:13 -0800 Subject: Re: [Samba] Reality Check - Roaming Profiles To: taclug mailing list [EMAIL PROTECTED] What I've found useful by way of compromise is to use a logon script to map a drive to the user's share on the Samba server. On the client desktop I point My Documents at this drive and use gpedit to prevent the user from changing this target. This keeps users from saving to the My Documents directory in Documents and Settings, which makes the profile pretty heavy. Theoretically, you could make the desktop read only, though I haven't done that. Yet. Furthermore, I set the browser cache limit to 20MB. This is also lockable with the Group Policy editor. And -- Thanks be to Zeus or whoever -- we don't use Outlook. Yet, anyway. If there's gonna be Outlook, though, you can point it to another place on the network (or local drive) to store the .pst. Those buggers can get very big. Or, if you have a lot of Outlook junkies, you can run something like Open Exchange and put all that drek on a database server. With these arrangements I've had a minimal amount of trouble. So far. On Wed, 8 Dec 2004 21:18:50 -0800, Matthew Easton [EMAIL PROTECTED] wrote: On Wednesday 08 December 2004 18:19, Alex Satrapa wrote: On 9 Dec 2004, at 12:07, Michael Lueck wrote: The main disadvantage of the Microsoft Windows approach is the bandwidth wasted while people log in and out. In my experience, samba networks also have more problem with profiles becoming corrupted and not being able to copy down from the server or back up to it. I surmise it is differences in Win32 and Linux with respect to permitted characters and/or path length. Both methods need to be fixed IMHO - a fair middle ground would be to mark some portions of the profile as volatile (and thus they won't be copied back to the central store on logout), Windows and samba already do this -- you have an invisible Local Settings file in your Roaming profile where, for example, Outlook stores its .pst files. It doesn't get copied up to the server. Of course, I'd much rather email did get copied to the server -- leave the web browser cache behind instead. and the actual copying back and forth of non-volatile (I'm not going to use the word permanent) data should use an optimised copy - something like rsync, which will only copy the changes. That would certainly be an improvement. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- All men are frauds. The only difference between them is that some admit it. I myself deny it. -- H. L. Mencken -- All men are frauds. The only difference between them is that some admit it. I myself deny it. -- H. L. Mencken -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] include statement problem
I could be missing something, but it sounds like your problem comes from the UNIX side of the server. 'administrator' would have to be a UNIX user with permission to rwx those directories. e.g. you could create a new group 'administrator,' make all the home folders owned by usernameand 'administrator' group with 770 permissions. Make administrator a member of administrator group (add to /etc/group) and he should be able to rwx. I think? On Thu, 09 Dec 2004 13:58:26 +1100, ip.guy [EMAIL PROTECTED] wrote: hi all... i have a little problem with an include statement in my smb.conf. what i want to achieve is to allow the administrator user access to read/write/browse to all the users home drives under /array2/samba/homes can anyone see why even after the include file was added, the administrator user is not able to browse /array2/samba/homes/* ? [homes] browseable = no writeable = Yes include = /etc/samba/%U path = /array2/samba/homes/%U force create mode = 770 create mask = 0770 #include file called administrator [homes] browseable = yes writeable = yes path = /array2/samba/homes/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- All men are frauds. The only difference between them is that some admit it. I myself deny it. -- H. L. Mencken -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: XP fails to cache Domain Credentials --SOLVED
On Saturday 04 December 2004 11:04, Matthew Easton wrote: My win2000 laptop caches the domain credentials so I can log into the computer when disconnected from the network. However, Windows XP SP2 laptops cannot. I get a domain unavailable error even though the local security profile on the laptop is set to allow domain credential caching. People seem to think this is a windows issue, but I call it a samba issue or a windows/samba interoperability issue because authenticating to a microsoft windows server will never behave this way. I note the solution here to spare some one else this particular head ache. This issue is apparent in Windows XP up to and including Service Pack 2. It may also be present in other versions of windows. My assertion that it does not occur in windows 2000 above, is probably a red herring. The problem looks like domain cacheing has failed. In fact, it is a feature of the mechanism which maps unix users to windows user names. The scenario: You log into your laptop with local admin privileges and join the domain. Your unix root user is mapped to administrator in your domain using the username map = /some/file directive. You succeed in joining the domain, so you reboot and log back in as the domain administrative user. So far so good. But... If you disconnect from the network or use a dodgy wireless connection, and log in with the windows domain administrator user or any windows username that is mapped to a unix name the login fails to use the cached credentials because it doesn't actually have credentials for the windows user name. In the case of the windows administrator account --- the windows workstation has cached credentials for MYDOMAIN\root and you just tried to login as MYDOMAIN\administrator. You can demonstrate this by performing a disconnected login with username root and MYDOMAIN\administrator's password. After you reconnect to the network, the domain is available and windows will successfully refer the login request of unknown user MYDOMAIN\administrator back to MYDOMAIN and samba will map administrator to unix user root. Moral of the story: avoid mapping windows user names to unix user names if you want to use cached credentials... HTH -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Reality Check - Roaming Profiles
On 9 Dec 2004, at 16:47, Eric Lester wrote: Furthermore, I set the browser cache limit to 20MB. This is also lockable with the Group Policy editor. The biggest problem for me - by far - is Mozilla storing its cache in the Documents and Settings folder. Rather than fiddle with cache size, I'd like to be able to point the browser at C:\tmp\username (and /tmp/username in the case of Mozilla on unix-like platforms, or Konqueror under KDE) for its cache instead. Cache doesn't *really* need to be copied between machines. I guess I should submit a feature request! And -- Thanks be to Zeus or whoever -- we don't use Outlook. Yet I'm -this- far away from having my mail server refuse connections from Outlook clients. They only ever send me viruses anyway. But that's a different topic for a different forum. Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Removing printers and faxes folder from windows explorer
Thanks for writing back and the info client polling. We are using linux and we will not serve any printers so based on your input we should be ok. Looking up the man page on disable spoolss, NT and 2000 was mentioned a lot, but nothing about XP. We are all on XP machines and tried your suggestion, but the printer and fax folder still appeared. Is it possible that setting 'disable spoolss = no' works only with NT or 2000? Also we are using Samba 3.x.x Thanks again. Panos disable spoolss (G) Enabling this parameter will disable Sambaâs support for the SPOOLSS set of MS-RPCâs and will yield identical behavior as Samba 2.0.x. Windows NT/2000 clients will downgrade to using Lanman style printing commands. Windows 9x/ME will be unaffected by the parameter. However, this will also disable the ability to upload printer drivers to a Samba server via the Windows NT Add Printer Wizard or by using the NT printer properties dialog window. It will also disable the capability of Windows NT/2000 clients to download print drivers from the Samba host upon demand. Be very careful about enabling this parameter. Default: disable spoolss = no -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 08, 2004 1:15 PM To: panos Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Removing printers and faxes folder from windows explorer -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 panos wrote: | Thanks | We have clients where things must be very simple. Of | course we can live with the folder, but making it as | clean as possible is a priority...though not at the | cost of stability. So given your warning, I am not sure | if it is worth it. | | What is client polling? client = Windows NT fall back to lanman printing calls when the server doesn't support the rpc based printing mechanism (this is what 'disable spoolss = yes' means). the clients then poll the server for changes in printing attributes a lot. Mostly I've seen this cause problems on Solaris servers. Not sure about Linux. My guess is that Linux is probably better in this respect. Also, if you aren't going to server any printers, then it is probably also ok. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBt27YIR7qMdg1EfYRAnvUAKDd4KKC21KRudYmFZE4yCZ5kHfeEgCgsPyr y0WQ4B4rz+tgdyJifLYWDn8= =iLzM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] include statement problem
Hi Eric I shouldn't need to to that, i already have a admin users = @domain+itgroup entry in the smb.conf effectly does the same thing but much sexier. thanks I could be missing something, but it sounds like your problem comes from the UNIX side of the server. 'administrator' would have to be a UNIX user with permission to rwx those directories. e.g. you could create a new group 'administrator,' make all the home folders owned by usernameand 'administrator' group with 770 permissions. Make administrator a member of administrator group (add to /etc/group) and he should be able to rwx. I think? On Thu, 09 Dec 2004 13:58:26 +1100, ip.guy [EMAIL PROTECTED] wrote: hi all... i have a little problem with an include statement in my smb.conf. what i want to achieve is to allow the administrator user access to read/write/browse to all the users home drives under /array2/samba/homes can anyone see why even after the include file was added, the administrator user is not able to browse /array2/samba/homes/* ? [homes] browseable = no writeable = Yes include = /etc/samba/%U path = /array2/samba/homes/%U force create mode = 770 create mask = 0770 #include file called administrator [homes] browseable = yes writeable = yes path = /array2/samba/homes/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba=3.0.4 - no more smbpasswd ? no more local auth when joined to domain ?
Not only nobody reads news://linux.samba, nobody obviously reads this newsgroup also ! This is just the 5th time I am sending the same or similar message in last 7 days with no response... I would like to point out that *I really need help on this - either appointment to prompter resource either an answer about what is going on with my Samba installation Platform: SuSE-9.1, kernel-2.6.5, samba-3.0.4 I have recently upgraded from 3.0.2a to 3.0.4 and I have just noticed that using the same smb.conf as with previous version, the system just does not work anymore for me ! Furthermore, smbpasswd utility appears to be dropped ! Afterwards, I have noticed that I had to join the domain once again (security = DOMAIN). Yet, I still could not log in on to my machine. Before joining again, every attempt to access shared resources on MYHOST failed with: session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE This behaviour was just the same even if I tried to used local samba user. This indicates, that the smbpasswd file is either ignored (despite passdb backend being set to smbpasswd) either changed the structure either being displaced. Anyway, browsing the samba docs I could only realize it was rather outdated (it refered to samba 3.0, obviously not to samba-3.0.4 and later), wasn't it ? # smbclient -U me -L MYHOST -d3 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] Unknown parameter encountered: character set Ignoring unknown parameter character set Unknown parameter encountered: client code page Ignoring unknown parameter client code page added interface ip=172.22.110.137 bcast=172.22.255.255 nmask=255.255.0.0 added interface ip=192.168.74.1 bcast=192.168.74.255 nmask=255.255.255.0 Client started (version 3.0.2a-SUSE). Connecting to 172.22.110.137 at port 139 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPENGO login failed: Trust relationship failure session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE As I've already said, I realized that I should have joined domain again. Why so if none of samba admin files changed during upgrade ? Anyway, net join went smoothly - I got reported Joined to domain OURDOMAIN so I supposed I was joined, wasn't I ? Now I could perform net user -L MYHOST with DOMAIN authentication, yet I could not map or browse any of served shares from MYHOST (see the smbclient dump below) And more - where has support for local user/passwords gone ? I had previously configured few users which had not been configured within OURDOMAIN (using smbpasswd -a FOOUSER) and authentication was performed locally even when MYHOST was joined into OURDOMAIN. It seems that this functionality has just been dropped, hasn't it ? Smbclient dump: smbclient notoriously reports as follows (see also testparm dump after smbclient dump): # smbclient -d3 -L me -U MYHOST lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface ip=172.22.110.137 bcast=172.22.255.255 nmask=255.255.0.0 added interface ip=192.168.74.1 bcast=192.168.74.255 nmask=255.255.255.0 Client started (version 3.0.2a-SUSE). resolve_lmhosts: Attempting lmhosts lookup for name kiztok0x20 resolve_wins: Attempting wins lookup for name kiztok0x20 resolve_wins: using WINS server 172.22.0.8 and tag '*' Got a positive name query response from 172.22.0.8 ( 192.168.74.1 172.22.110.137 ) Connecting to 192.168.74.1 at port 139 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPENGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE # testparm -v Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [print$] Processing section [movies] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = ISO8859-15 workgroup = OURDOMAIN realm = netbios name = MYHOST netbios aliases = netbios scope = server string = My Linux host interfaces = bind interfaces only = No security = DOMAIN auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server
Problem report - 4DOS List file disappearance non-repro
I have a problem report from one of my Samba share users. They displayed the ASCII contents of an application program (.BAS) using the 4DOS List command. The user than performed Other PC workstation operations unrelated to the specific .BAS file. When they subsequently went looking for the file that had been listed, it was no longer present on the directory. Problem not reproducible. Alpha/Samba V2.2.8 release 20041021 plus subsequent patches. OpenVMS/Alpha V7.3-2 w/patches, TCPIP 5.4 ECO 2. This report is supplied to primary make users and developers aware of an anomaly, in the hope that others may contribute related reports that would permit subsequent troubleshooting. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r4095 - in branches/SAMBA_4_0/source/smb_server: .
Author: tridge Date: 2004-12-08 08:09:42 + (Wed, 08 Dec 2004) New Revision: 4095 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4095 Log: smbsrv_terminate_connection() doesn't exit() in single processor mode, so after we call it we need to return, and not continue processing packets Modified: branches/SAMBA_4_0/source/smb_server/negprot.c branches/SAMBA_4_0/source/smb_server/reply.c branches/SAMBA_4_0/source/smb_server/request.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/negprot.c === --- branches/SAMBA_4_0/source/smb_server/negprot.c 2004-12-08 03:02:29 UTC (rev 4094) +++ branches/SAMBA_4_0/source/smb_server/negprot.c 2004-12-08 08:09:42 UTC (rev 4095) @@ -63,6 +63,7 @@ if (req-smb_conn-signing.mandatory_signing) { smbsrv_terminate_connection(req-smb_conn, CORE does not support SMB signing, and it is mandetory\n); + return; } req_send_reply(req); @@ -95,6 +96,7 @@ if (req-smb_conn-signing.mandatory_signing) { smbsrv_terminate_connection(req-smb_conn, COREPLUS does not support SMB signing, and it is mandetory\n); + return; } req_send_reply(req); @@ -145,6 +147,7 @@ if (req-smb_conn-signing.mandatory_signing) { smbsrv_terminate_connection(req-smb_conn, LANMAN1 does not support SMB signing, and it is mandetory\n); + return; } req_send_reply(req); @@ -193,6 +196,7 @@ if (req-smb_conn-signing.mandatory_signing) { smbsrv_terminate_connection(req-smb_conn, LANMAN2 does not support SMB signing, and it is mandetory\n); + return; } req_send_reply(req); Modified: branches/SAMBA_4_0/source/smb_server/reply.c === --- branches/SAMBA_4_0/source/smb_server/reply.c2004-12-08 03:02:29 UTC (rev 4094) +++ branches/SAMBA_4_0/source/smb_server/reply.c2004-12-08 08:09:42 UTC (rev 4095) @@ -2378,14 +2378,17 @@ switch (msg_type) { case 0x81: /* session request */ if (req-smb_conn-negotiate.done_nbt_session) { - smbsrv_terminate_connection(req-smb_conn, multiple session request not permitted); + smbsrv_terminate_connection(req-smb_conn, + multiple session request not permitted); + return; } SCVAL(buf,0,0x82); SCVAL(buf,3,0); DEBUG(0,(REWRITE: not parsing netbios names in NBT session request!\n)); - /* TODO: store the name for the session setup 'remote machine' code, as well as smbstatus */ + /* TODO: store the name for the session setup 'remote + machine' code, as well as smbstatus */ req-smb_conn-negotiate.done_nbt_session = True; Modified: branches/SAMBA_4_0/source/smb_server/request.c === --- branches/SAMBA_4_0/source/smb_server/request.c 2004-12-08 03:02:29 UTC (rev 4094) +++ branches/SAMBA_4_0/source/smb_server/request.c 2004-12-08 08:09:42 UTC (rev 4095) @@ -86,6 +86,7 @@ req-out.buffer = talloc_realloc(req, req-out.buffer, req-out.allocated); if (!req-out.buffer) { smbsrv_terminate_connection(req-smb_conn, allocation failed); + return; } req-out.hdr = req-out.buffer + NBT_HDR_SIZE; @@ -120,6 +121,7 @@ req-out.buffer = talloc(req, req-out.allocated); if (!req-out.buffer) { smbsrv_terminate_connection(req-smb_conn, allocation failed); + return; } req-out.hdr = req-out.buffer + NBT_HDR_SIZE;
svn commit: samba r4096 - in branches/SAMBA_4_0/source: . build/smb_build dsdb dsdb/common dsdb/samdb rpc_server rpc_server/samr
Author: metze Date: 2004-12-08 08:21:35 + (Wed, 08 Dec 2004) New Revision: 4096 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4096 Log: move the samdb code to source/dsdb/ the idea is to have a directory service db layer which will be used by the ldap server, samr server, drsuapi server authentification... I plan to make different implementations of this interface possible - current default will be the current samdb code with sam.ldb - a compat implementation for samba3 (if someone wants to write one) - a new dsdb implementation which: - understands naming contexts (directory parrtitions) - do schema and acl checking checking - maintain objectGUID, timestamps and USN number, maybe linked attributes ('member' and 'memberOf' attributes) - store metadata on a attribute=value combination... metze Added: branches/SAMBA_4_0/source/dsdb/ branches/SAMBA_4_0/source/dsdb/common/ branches/SAMBA_4_0/source/dsdb/common/flag_mapping.c branches/SAMBA_4_0/source/dsdb/samdb/ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c Removed: branches/SAMBA_4_0/source/rpc_server/samr/samdb.c branches/SAMBA_4_0/source/rpc_server/samr/samr_utils.c Modified: branches/SAMBA_4_0/source/build/smb_build/main.pm branches/SAMBA_4_0/source/rpc_server/config.mk Changeset: Sorry, the patch is too large (1088 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4096
svn commit: samba r4097 - in branches/SAMBA_4_0/source/dsdb: .
Author: metze Date: 2004-12-08 10:13:45 + (Wed, 08 Dec 2004) New Revision: 4097 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4097 Log: add missing file from last commit sorry!:-) metze Added: branches/SAMBA_4_0/source/dsdb/config.mk Changeset: Added: branches/SAMBA_4_0/source/dsdb/config.mk === --- branches/SAMBA_4_0/source/dsdb/config.mk2004-12-08 08:21:35 UTC (rev 4096) +++ branches/SAMBA_4_0/source/dsdb/config.mk2004-12-08 10:13:45 UTC (rev 4097) @@ -0,0 +1,15 @@ +# Directory Service subsystem + + +# Start SUBSYSTEM SAMDB +[SUBSYSTEM::SAMDB] +INIT_OBJ_FILES = \ + dsdb/samdb/samdb.o +ADD_OBJ_FILES = \ + dsdb/common/flag_mapping.o +REQUIRED_SUBSYSTEMS = \ + DCERPC_COMMON \ + LIBLDB +# +# End SUBSYSTEM SAMDB +
svn commit: samba r4098 - in branches/SAMBA_4_0/source/librpc/ndr: .
Author: tridge Date: 2004-12-08 10:24:10 + (Wed, 08 Dec 2004) New Revision: 4098 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4098 Log: catch null guid string so RPC-DRSUAPI works against my server Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_misc.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_misc.c === --- branches/SAMBA_4_0/source/librpc/ndr/ndr_misc.c 2004-12-08 10:13:45 UTC (rev 4097) +++ branches/SAMBA_4_0/source/librpc/ndr/ndr_misc.c 2004-12-08 10:24:10 UTC (rev 4098) @@ -37,6 +37,10 @@ uint32_t node[6]; int i; + if (s == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } + if (11 == sscanf(s, %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x, time_low, time_mid, time_hi_and_version, clock_seq[0], clock_seq[1],
svn commit: samba r4099 - in branches/SAMBA_4_0/source/smb_server: .
Author: tpot Date: 2004-12-08 10:36:14 + (Wed, 08 Dec 2004) New Revision: 4099 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4099 Log: Spelling fixes. Modified: branches/SAMBA_4_0/source/smb_server/negprot.c branches/SAMBA_4_0/source/smb_server/signing.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/negprot.c === --- branches/SAMBA_4_0/source/smb_server/negprot.c 2004-12-08 10:24:10 UTC (rev 4098) +++ branches/SAMBA_4_0/source/smb_server/negprot.c 2004-12-08 10:36:14 UTC (rev 4099) @@ -62,7 +62,7 @@ if (req-smb_conn-signing.mandatory_signing) { smbsrv_terminate_connection(req-smb_conn, - CORE does not support SMB signing, and it is mandetory\n); + CORE does not support SMB signing, and it is mandatory\n); return; } @@ -95,7 +95,7 @@ if (req-smb_conn-signing.mandatory_signing) { smbsrv_terminate_connection(req-smb_conn, - COREPLUS does not support SMB signing, and it is mandetory\n); + COREPLUS does not support SMB signing, and it is mandatory\n); return; } @@ -146,7 +146,7 @@ if (req-smb_conn-signing.mandatory_signing) { smbsrv_terminate_connection(req-smb_conn, - LANMAN1 does not support SMB signing, and it is mandetory\n); + LANMAN1 does not support SMB signing, and it is mandatory\n); return; } @@ -195,7 +195,7 @@ if (req-smb_conn-signing.mandatory_signing) { smbsrv_terminate_connection(req-smb_conn, - LANMAN2 does not support SMB signing, and it is mandetory\n); + LANMAN2 does not support SMB signing, and it is mandatory\n); return; } Modified: branches/SAMBA_4_0/source/smb_server/signing.c === --- branches/SAMBA_4_0/source/smb_server/signing.c 2004-12-08 10:24:10 UTC (rev 4098) +++ branches/SAMBA_4_0/source/smb_server/signing.c 2004-12-08 10:36:14 UTC (rev 4099) @@ -84,8 +84,8 @@ srv_setup_signing(smb_conn, session_key, response); smb_conn-signing.next_seq_num = 2; if (smb_conn-signing.mandatory_signing) { - DEBUG(5, (Configured for mandetory signing, 'good packet seen' forced on\n)); - /* if this is mandetory, then + DEBUG(5, (Configured for mandatory signing, 'good packet seen' forced on\n)); + /* if this is mandatory, then * pretend we have seen a * valid packet, so we don't * turn it off */
svn commit: samba r4100 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: metze Date: 2004-12-08 10:54:09 + (Wed, 08 Dec 2004) New Revision: 4100 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4100 Log: fix drsuapi_DsReplicaObjMetaData2() idl (many thanks to tridge for telling me that HYPER_T isn't the same as uint64!) metze Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl === --- branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2004-12-08 10:36:14 UTC (rev 4099) +++ branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2004-12-08 10:54:09 UTC (rev 4100) @@ -370,8 +370,8 @@ GUID source_dsa_obj_guid; GUID source_dsa_invocation_id; GUID transport_obj_guid; - uint64 tmp_highest_usn; - uint64 highest_usn; + HYPER_T tmp_highest_usn; + HYPER_T highest_usn; NTTIME last_success; NTTIME last_attempt; WERROR result_last_attempt; @@ -386,7 +386,7 @@ typedef struct { GUID source_dsa_invocation_id; - uint64 highest_usn; + HYPER_T highest_usn; } drsuapi_DsReplicaCoursor; typedef struct { @@ -400,8 +400,8 @@ uint32 version; NTTIME originating_last_changed; GUID originating_dsa_invocation_id; - uint64 originating_usn; - uint64 local_usn; + HYPER_T originating_usn; + HYPER_T local_usn; } drsuapi_DsReplicaObjMetaData; typedef struct { @@ -453,8 +453,8 @@ uint32 version; NTTIME originating_last_changed; GUID originating_dsa_invocation_id; - uint64 originating_usn; - uint64 local_usn; + HYPER_T originating_usn; + HYPER_T local_usn; } drsuapi_DsReplicaAttrValMetaData; typedef struct { @@ -465,7 +465,7 @@ typedef struct { GUID source_dsa_invocation_id; - uint64 highest_usn; + HYPER_T highest_usn; NTTIME last_sync_success; } drsuapi_DsReplicaCoursor2; @@ -477,7 +477,7 @@ typedef struct { GUID source_dsa_invocation_id; - uint64 highest_usn; + HYPER_T highest_usn; NTTIME last_sync_success; unistr *source_dsa_obj_dn; } drsuapi_DsReplicaCoursor3; @@ -489,14 +489,13 @@ } drsuapi_DsReplicaCoursor3Ctr; typedef struct { - uint32 attribute_name;/*unistr *attribute_name;*/ + unistr *attribute_name; uint32 version; NTTIME originating_last_changed; GUID originating_dsa_invocation_id; - uint64 originating_usn; - uint64 local_usn; - uint32 originating_dsa_obj_dn;/*unistr *originating_dsa_obj_dn;*/ - uint32 u1; /* in the last element this is not present; some stupid alignment? */ + HYPER_T originating_usn; + HYPER_T local_usn; + unistr *originating_dsa_obj_dn; } drsuapi_DsReplicaObjMetaData2; typedef struct { @@ -515,8 +514,8 @@ uint32 version; NTTIME originating_last_changed; GUID originating_dsa_invocation_id; - uint64 originating_usn; - uint64 local_usn; + HYPER_T originating_usn; + HYPER_T local_usn; unistr *originating_dsa_obj_dn; } drsuapi_DsReplicaAttrValMetaData2;