Re: [Samba] SUS server on linux/unix (maybe out of scope)
Hi Bart, there is no pure linux sus server, there are some scripts which can do it with perl , or one script from german magazine ct which runs on windows ( this should be easily ported to linux ) but you can install the ms-susserver on a vmware machine without problems. If you use a repack of the orginal sus msi ms pack you can run a susserver on a win 2000 workstation too. ( no win server version is needed ) good info can be found at http://www.susserver.com/ there are other solution which are more for general deploy software like i.e. unattended which have equal features for distribute win updates Regards Bart Haezeleer schrieb: A collegue claim there is a way to setup a SUS server on a linux/unix, but he doesn't have any URLs or documentation. Is there a solution such a solution (pure unix, no emulation with vmware or so)? Where can I find more info? THX -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] security = server, username map, different domain - no login
Hi, I posted a similar question a few days before. I'm still confused what might be wrong with my config. Setup: - update from Samaba 2.2.12 to 3.0.10 - Solaris 8 Server - server is not a domain (EMEA) member, and it's not possible to add the server to the EMEA domain :(- server is only in workgroup ERS (our department, no DC, only a few hosts). - no winbind - authentification happens agains the EMEA domain password server, where each local unix user has a valid account- mapping of some unix accounts via username map Extract of the smb.conf [global] workgroup = ERS netbios name = SAMBASERVER encrypt passwords = Yes username map = /etc/samba/smbusers security = server password server = PASSWORDSERVER smbusers file rg=ralfgro This worked without a problem till 2.2.12. Since 3.0.10 (tried 3.0.11.pre1 too) the 'wrong' domain/workgroup is passed to the password server for authentification. I tried smbclient //sambaserver/ralfgro -U RALFGRO -W EMEA part of the smbd debug output: ... Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [MICROSOFT NETWORKS 1.03] Requested protocol [MICROSOFT NETWORKS 3.0] Requested protocol [LANMAN1.0] Requested protocol [LM1.2X002] Requested protocol [DOS LANMAN2.1] Requested protocol [Samba] using SPNEGO Selected protocol NT LANMAN 1.0 Transaction 1 of length 164 switch message SMBsesssetupX (pid 26508) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 wct=12 flg2=0xc801 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 44 Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH Connecting to PASSWORDSERVERIP at port 445 error connecting to PASSWORDSERVERIP:445 (Verbindungsaufbau abgelehnt) Connecting to PASSWORDSERVERIP at port 139 connected to password server PASSWORDSERVER got session password server OK using password server validation Transaction 2 of length 264 switch message SMBsesssetupX (pid 26508) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 wct=12 flg2=0xc801 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] Got user=[ralfgro] domain=[EMEA] workstation=[CLIENT] len1=24 len2=24 Scanning username map /etc/samba/smbusers Mapped user ralfgro to rg get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: PASSWORDSERVER:0 enumerate_domain_trusts: can't locate a DC for domain ERS check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interfacecheck_ntlm_password: mapped user is: [EMAIL PROTECTED] password server PASSWORDSERVER rejected the password check_ntlm_password: Authentication for user [ralfgro] - [rg] FAILED with error NT_STATUS_LOGON_FAILUREtimeout_processing: End of file from client (client has disconnected). ... ethereal trace --- Samba 2.2.12 Session Setup AndX Request, User: EMEA\RALFGRO Account: RALFGRO Primary Domain: EMEA --- Samba 3.0.10 Session Setup AndX Request, User: ERS\RALFGRO Account: RALFGRO Primary Domain: ERS I can see that the mapping via the smbuser file is working, but why is samba 3.0.10 passing domain ERS insted of EMEA to the password server? Is it not possible to do these things in 3.0.10? What do I have to change to get this working in samba 3.x? Any ideas? I'm a bit lost at the moment. Our samba 2.x config was nice, simple and just working. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Fwd: password quality compliance]
Original Message Subject: password quality compliance Date: Fri, 14 Jan 2005 10:45:37 +0100 From: fandino [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: samba@lists.samba.org Hello list, I'd like to have an advice about how to configure samba with password quality compliance. My file server is running samba 3.0.10 with a ldap backend and the users change their passwords regularly, all runs fine expect for the weak passwords that users choose, they are very simple ones like _12345678_ or _qwertyui_. All I can do with samba is impose a password length but it is clearly insufficient. Please note that in my country personal data must satisfy some laws and they force us to update passwords regularly. I know that cracklib support was removed and the choice seems PAM but no password directive support is present with this version. I wonder how other admins resolved this problem. Thank you. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] INTERNAL ERROR: Signal 6...
What can I do with this error ? Thank you, Raphael Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] smbd/tdbutil.c:smbd_tdb_log(42) Jan 11 10:51:21 server smbd[30445]: tdb(/var/lib/samba/locking.tdb): tdb_reopen: open failed (No such file or directory) Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] smbd/server.c:open_sockets_smbd(419) Jan 11 10:51:21 server smbd[30445]: tdb_reopen_all failed. Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/util.c:smb_panic2(1398) Jan 11 10:51:21 server smbd[30445]: PANIC: tdb_reopen_all failed. Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/util.c:smb_panic2(1406) Jan 11 10:51:21 server smbd[30445]: BACKTRACE: 6 stack frames: Jan 11 10:51:21 server smbd[30445]:#0 /usr/sbin/smbd(smb_panic2+0x1b6) [0x81cdceb] Jan 11 10:51:21 server smbd[30445]:#1 /usr/sbin/smbd(smb_panic+0x19) [0x81cdb33] Jan 11 10:51:21 server smbd[30445]:#2 /usr/sbin/smbd [0x8239f73] Jan 11 10:51:21 server smbd[30445]:#3 /usr/sbin/smbd(main+0x5f9) [0x823ab87] Jan 11 10:51:21 server smbd[30445]:#4 /lib/i686/libc.so.6(__libc_start_main+0xc7) [0x402b9d17] Jan 11 10:51:21 server smbd[30445]:#5 /usr/sbin/smbd(ldap_msgfree+0x85) [0x80784f1] Jan 11 10:51:21 server smbd[30445]: Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/fault.c:fault_report(36) Jan 11 10:51:21 server smbd[30445]: === Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/fault.c:fault_report(37) Jan 11 10:51:21 server smbd[30445]: INTERNAL ERROR: Signal 6 in pid 30445 (3.0.4-SerNet-SuSE) Jan 11 10:51:21 server smbd[30445]: Please read the appendix Bugs of the Samba HOWTO collection Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/fault.c:fault_report(39) Jan 11 10:51:21 server smbd[30445]: === -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA for 20 days!!! Please help me....... :(
Hi! Please help me... I'm really confused.. I have read almost all the books out there but its not working.. I just want my Windows PC to be able to access UNIX PC with a username and password authentication. Below is my smb.conf file.. [global] workgroup = MyWorkgroup netbios name = board_pc server string = %h server (samba %v) log level = 10 syslog = 0 log file = /usr/local/samba/var/log.%m encrypt passwords = Yes unix password sync = yes username level = 8 password level = 8 domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes interfaces = 127.0.0.1/255.0.0.0 192.168.214.30/255.255.255.0 bind interfaces only = Yes password server = rbtx4938_pc [homes] path = /home writeable = yes browsable = yes guest ok = yes valid users = %S [netlogon] comment = The domain logon service path = /export/samba/logon public = no writeable = no browsable = no [dian] path = /home/dian comment = Dian's home directory writeable = yes valid users = dian, dianag, dianag$, root I have tried all of these commands together with the outputs: 1) ./smbclient -L 192.168.214.30 -U% added ip interface = 127.0.0.1 bcast=192.255.255.255 netmask=255.0.0.0 added ip interface = 192.168.214.30 bcast=192.168.214.255 netmask=255.255.255.0 Password: Domain=[Murata] SharenameType Comment --- - homes Disk . . . . . Server Comment - -- Dianag board_pc 192 server (samba 3.0.5) . . . 2) ./smbpasswd -a -m dianag #to add a trusted domain which resulted a line in smbpasswd: dianag$:501:4B8A4614E53B8055AAD3B435B51404EE:F4D74586093798E91CE014337F533210:[W ]:LCT-41E7AAC2: Then I tried to access the board_pc, but I cant log-in.. And if u'l examine the log files, it has many authentication processes with different results. For example, I've got an error of NT_STATUS_NO_SUCH_USER in one authentication method, then in SAM authentication - I've got NT_WRONG_PASSWORD... Please help me.. I don't know what to do.. Please - Do you Yahoo!? All your favorites on one personal page Try My Yahoo! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] INTERNAL ERROR: Signal 6...
Hi, Stop and restart samba quickly. if lock.tdb file is deleted, samba hang. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 14/01/2005 11:24:23 : What can I do with this error ? Thank you, Raphael Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] smbd/tdbutil.c:smbd_tdb_log(42) Jan 11 10:51:21 server smbd[30445]: tdb(/var/lib/samba/locking.tdb): tdb_reopen: open failed (No such file or directory) Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] smbd/server.c:open_sockets_smbd(419) Jan 11 10:51:21 server smbd[30445]: tdb_reopen_all failed. Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/util.c:smb_panic2(1398) Jan 11 10:51:21 server smbd[30445]: PANIC: tdb_reopen_all failed. Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/util.c:smb_panic2(1406) Jan 11 10:51:21 server smbd[30445]: BACKTRACE: 6 stack frames: Jan 11 10:51:21 server smbd[30445]:#0 /usr/sbin/smbd(smb_panic2+0x1b6) [0x81cdceb] Jan 11 10:51:21 server smbd[30445]:#1 /usr/sbin/smbd(smb_panic+0x19) [0x81cdb33] Jan 11 10:51:21 server smbd[30445]:#2 /usr/sbin/smbd [0x8239f73] Jan 11 10:51:21 server smbd[30445]:#3 /usr/sbin/smbd(main+0x5f9) [0x823ab87] Jan 11 10:51:21 server smbd[30445]:#4 /lib/i686/libc.so.6(__libc_start_main+0xc7) [0x402b9d17] Jan 11 10:51:21 server smbd[30445]:#5 /usr/sbin/smbd(ldap_msgfree+0x85) [0x80784f1] Jan 11 10:51:21 server smbd[30445]: Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/fault.c:fault_report(36) Jan 11 10:51:21 server smbd[30445]: === Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/fault.c:fault_report(37) Jan 11 10:51:21 server smbd[30445]: INTERNAL ERROR: Signal 6 in pid 30445 (3.0.4-SerNet-SuSE) Jan 11 10:51:21 server smbd[30445]: Please read the appendix Bugs of the Samba HOWTO collection Jan 11 10:51:21 server smbd[30445]: [2005/01/11 10:51:21, 0] lib/fault.c:fault_report(39) Jan 11 10:51:21 server smbd[30445]: === -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] security questions
I'm new to Samba and bringing 3.0.10 up. The current question is how to nail down security to give the department free access to our resources and keep everyone else out. The network has UNIX, Linux, and Windows compute servers, some specialized file servers, clients mostly running Windows and/or Linux, a few Sun workstations, and several printers. The users belong to two or three different domains and will be logging in from any of several different subnets that are shared with other departments. Some of the clients have dynamically assigned IP addresses. The boss wants it nailed down so that only members of the department can get to our resources. The hosts allow option includes all the subnets where the department has a presence, but that doesn't exclude the other organizations that share those subnets. The valid users option looks helpful. Can Samba use netgroups even if none of the UNIX systems it serves are running NIS or NIS+? If not, is there an upper bound on the number of characters or entries in the value of the valid users option? If all the users have to be specified individually, it's going to be a long list. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] SAMBA for 20 days!!! Please help me....... :(
Hi, Your samba server is PDC ? You cannot specify a password server is your server is PDC, see above (man smb.conf): password server (G) By specifying the name of another SMB server or Active Directory domain controller with this option, and using security = [ads|domain|server] it is possible to get Samba to to do all its username/password validation using a specific remote server. This option sets the name or IP address of the password server to use. New syntax has been added to support defining the port to use when connecting to the server the case of an ADS realm. To define a port other than the default LDAP port of 389, add the port number using a colon after the name or IP address (e.g. 192.168.1.100:389). If you do not specify a port, Samba will use the standard LDAP port of tcp/389. Note that port numbers have no effect on password servers for Windows NT 4.0 domains or netbios connections. --- Stphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a crit sur 14/01/2005 11:27:11 : Hi! Please help me... I'm really confused.. I have read almost all the books out there but its not working.. I just want my Windows PC to be able to access UNIX PC with a username and password authentication. Below is my smb.conf file.. [global] workgroup = MyWorkgroup netbios name = board_pc server string = %h server (samba %v) log level = 10 syslog = 0 log file = /usr/local/samba/var/log.%m encrypt passwords = Yes unix password sync = yes username level = 8 password level = 8 domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes interfaces = 127.0.0.1/255.0.0.0 192.168.214.30/255.255.255.0 bind interfaces only = Yes password server = rbtx4938_pc [homes] path = /home writeable = yes browsable = yes guest ok = yes valid users = %S [netlogon] comment = The domain logon service path = /export/samba/logon public = no writeable = no browsable = no [dian] path = /home/dian comment = Dian's home directory writeable = yes valid users = dian, dianag, dianag$, root I have tried all of these commands together with the outputs: 1) ./smbclient -L 192.168.214.30 -U% added ip interface = 127.0.0.1 bcast=192.255.255.255 netmask=255.0.0.0 added ip interface = 192.168.214.30 bcast=192.168.214.255 netmask=255.255.255.0 Password: Domain=[Murata] SharenameType Comment --- - homes Disk . . . . . Server Comment - -- Dianag board_pc 192 server (samba 3.0.5) . . . 2) ./smbpasswd -a -m dianag #to add a trusted domain which resulted a line in smbpasswd: dianag$:501:4B8A4614E53B8055AAD3B435B51404EE: F4D74586093798E91CE014337F533210:[W ]:LCT-41E7AAC2: Then I tried to access the board_pc, but I cant log-in.. And if u'l examine the log files, it has many authentication processes with different results. For example, I've got an error of NT_STATUS_NO_SUCH_USER in one authentication method, then in SAM authentication - I've got NT_WRONG_PASSWORD... Please help me.. I don't know what to do.. Please - Do you Yahoo!? All your favorites on one personal page Try My Yahoo! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printer Properties Greyed Out
Hi All, I have recently upgraded to the Samba 3.0.10, up until this time all was well. However since upgrading whenever I display the properties of a Samba printer it is all greyed out, even when using what should be a Printer Admin account. Does anyone have any ideas what could cause this and how I could resolve this. Thanks in advance Jez -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RESEND: SAMBA for 20days!!! Please help me
Hi! Please help me... I'm really confused.. I have read almost all the books out there but its not working.. I just want my Windows PC to be able to access UNIX PC with a username and password authentication. Below is my smb.conf file.. [global] workgroup = MyWorkgroup netbios name = board_pc server string = %h server (samba %v) log level = 10 syslog = 0 log file = /usr/local/samba/var/log.%m encrypt passwords = Yes unix password sync = yes username level = 8 password level = 8 domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes interfaces = 127.0.0.1/255.0.0.0 192.168.214.30/255.255.255.0 bind interfaces = Yes [homes] path = /home writeable = yes browsable = yes guest ok = yes valid users = %S [netlogon] comment = The domain logon service path = /export/samba/logon public = no writeable = no browsable = no [dian] path = /home/dian comment = Dian's home directory writeable = yes valid users = dian, dianag, dianag$, root I have tried all of these commands together with the outputs: 1) ./smbclient -L 192.168.214.30 -U% added ip interface = 127.0.0.1 bcast=192.255.255.255 netmask=255.0.0.0 added ip interface = 192.168.214.30 bcast=192.168.214.255 netmask=255.255.255.0 Password: Domain=[Murata] SharenameType Comment --- - homes Disk . . . . . Server Comment - -- Dianag board_pc 192 server (samba 3.0.5) . . . 2) ./smbpasswd -a -m dianag #to add a trusted domain which resulted a line in smbpasswd: dianag$:501:4B8A4614E53B8055AAD3B435B51404EE:F4D74586093798E91CE014337F533210:[W ]:LCT-41E7AAC2: Then I tried to access the board_pc, but I cant log-in.. And if u'l examine the log files, it has many authentication processes with different results. For example, I've got an error of NT_STATUS_NO_SUCH_USER in one authentication method, then in SAM authentication - I've got NT_WRONG_PASSWORD... Please help me.. I don't know what to do.. Please __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Does Samba3 support AD trusts?
Hi, I was wondering, does anyone know if Samba 3 support Windows 2003 Active directory forest trusts ? We have been trying to make Samba 3 (3.0.10) in an environment that has 2 Windows 2003 Active directory forests connected by a 'Forest Trust'. Does Samba 3 support 'Forest trusts' and if so are their any limitations on their use. In our environment all Samba 3 servers and windows client workstations are members of one forest and the accounts used to access these resources are in the other - can we make this work ? Any information you have on this will be gratefully received -- Richard Cardwell- H-P Labs [EMAIL PROTECTED] (email) - RIT 312-9375 (phone)- Bristol IT Professional - United Kingdom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] groupmap trouble
hi, i'm moving from nt4 to samba ( 3.0.7 on suse 9.2). I'm able to join the domain, and roaming profiles work. I used net groupmap to map unix to nt group, this way: System Operators (S-1-5-32-549) - -1 Domain Guests (S-1-5-21-2839205766-3667556824-2828225164-514) - nobody Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - ntguests Power Users (S-1-5-32-547) - pusers Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - ntadmins Domain Users (S-1-5-21-2839205766-3667556824-2828225164-513) - ntusers Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - ntusers Domain Admins (S-1-5-21-2839205766-3667556824-2828225164-512) - ntadmins User lorenzo belongs to ntadmins (not as primary group). I'm able to make a pc join the domain using lorenzo as domain admins, but lorenzo doesn't work as administrator on the client. i think something is mismatching in group mapping Any Idea? L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbprngenpdf documentation?
I am looking for some documentation or instructions for setup and use of smbprngenpdf by Windows clients. Can anyone point me in the proper direction. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] attaching xp machine to existing domain
Multiple connections to a server or shared resource by the same user, using more than one username, are not allowed. Disconnect all previous connections to the server or shared resource and try again. Rebooting and logging in with a local administrator account is a sure fire way to fix this, assuming that administrator doesn't have any drives mapped over or anything else that will open a connection to the server. For instance, I used to have an issue with clients that would seek out all network shares (xp style autodiscovery stuff) when my local admin account had a valid user/pass combo on the server. If that's the case for you, you'll see objects in 'My Network Places'. Delete all these, reboot again and see if things don't work better. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] groupmap trouble
Administrators (S-1-5-32-544) - ntadmins Domain Admins (S-1-5-21-2839205766-3667556824-2828225164-512) - ntadmins User lorenzo belongs to ntadmins (not as primary group). I'm able to make a pc join the domain using lorenzo as domain admins, but lorenzo doesn't work as administrator on the client. You can have one and only one group mapping to a unix group. Get rid of the mapping to Administrators and leave only Domain Admins mapped. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mapping Windows groups to Unix ones on Samba 2.2
eric roseme wrote: Is this Samba Opensource 2.2.12 or HP CIFS Server 2.2.12 (A.01.11.03)? groupname map is not a real Samba feature, I believe. See Jerry's response at: http://marc.theaimsgroup.com/?l=sambam=104302387220719w=2 HP CIFS Server at 2.2 was not enabled for winbind, thus there is no way to do what you want. If you go to HP CIFS Server A.02.01 (3.0.7 and 3.0.8) you get winbind and net groupmap - not the same syntax as below but you can map AD groups. Thanks to all that answered. I guess I'm out of luck on this one, since this is HP CIFS Server, and 2.2.12 (A.01.11.03) is the most recent version for HP-UX 11.00 (compiling is not an option, though I wish it were). So I'll do that when it's upgraded to 11.11. At least I won't waste my time trying :-) Thanks a lot, Laurent -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba over several IP Ranges ?
Hi all ! I am the system administrator for a medium sized university network. We have a network of Windows PCs which is connected to some Linux (SuSE 9.1) machines via a Samba box. Also, we have a cluster of 17 DEC Alphas running SuSE 7.0 using a private IP range (192.168.100-115). One of the Alphas has two NICs and is used as a connection gateway to the ordinary Linux boxes. Each of the cluster nodes exports its hard disk via NFS to the cluster gateway. Now, for some reason (don´t ask, it´s my boss´s idea) I am supposed to make these directories available to the Windows office PCs. Is it possible to use the existing Samba box ? Or do I have to set up another Samba Server on the gateway machine for the node disks ? Is it even possible to run 2 Samba servers in one workgroup ? Thanks for the help, Jörg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Why is there a folder refresh problem in w2k?
Hi everyone, I have a Debian box with samba installed and a w2k client connected. The operation is good except for one thing. If I create a file on a unix box also connected it won't appear in a viewed folder on the w2k client unless the window is manually refreshed. Am I missing something in the config that will push the new listing to the client? # Global parameters [global] workgroup = FOO netbios name = BAR encrypt passwords = Yes password server = * syslog = 0 log file = /var/log/samba/log.%m max log size = 1 os level = 60 wins server = FOO.BAR.FOO.BAR username = user invalid users = other_user write list = @group read only = No create mask = 0660 directory mask = 0775 sync always = Yes case sensitive = Yes oplocks = No level2 oplocks = No [share] path = /path valid users = user guest ok = No Any input very welcome. Cheers Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Has anyone ever ported SMBCLIENT to WATTCP?
Quoting Mike Duffy [EMAIL PROTECTED]: And are there any other (free) DOS-based SMB clients without the huge lower (640K) memory requirements. Bart has GREAT tools/info/downloads on this... http://nu2.nu/ I have been using his ideas/programs for years. I can't say enough great things about the amount of work he has done to help all of us, by taking alot of the mystery out of DOS networking! :-) HTH, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kerberos negotion error? reply_spnego_kerberos(250)
On Thu, 2005-01-13 at 11:04 -0600, [EMAIL PROTECTED] wrote: Good morning everyone, I have had Samba 3.0.9 running on Solaris, connected to a Windows AD domain for a couple of weeks now, and i've suddenly started getting the following errors: [2005/01/07 11:31:55, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username domain\IT075$ is invalid on this system So, are you running winbindd, and is it really Samba 3.0.9? These are requests for machine accounts, as the local system service is performing a network activity. Winbindd has been providing these accounts for a number of versions now. If you don't run winbindd, then it's your responsibility to provide all the equivalent accounts. Andrew Bartlett Yes, this is really version 3.0.9 according to wbinfo -V As it turns out, winbindd wasn't running. Doesn't it start automatically? If not, how would I ensure that it does? Also, I've been reading on winbindd, and I'm wondering if its really necessary for what I want to accomplish. All I'm trying to do is allow Windows hosts to access files on a Unix (Solaris) server. I don't want my users logging on to the servers with their Windows credentials. With this in mind, is it necessary to configure nsswitch.conf? When you mention machine accounts, are you saying its necessary to create accounts for each machine in smbpasswd? Please forgive my ignorance, Samba is brand new to me. -- Ryan Worthington Systems and Network Analyst Difficile est satiram non scribere. This message is confidential and may be privileged. It is intended solely for the named addressee. If you are not the intended recipient please inform us. Any unauthorised dissemination, distribution or copying hereof is prohibited. As we cannot guarantee the genuineness or completeness of the information contained in this message, the statements set forth above are not legally binding. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTConfig.POL file
Does anybody that have it working can give me a sample of what looks like a NTConfig.POL file that changes users passwords every 45 days. Password changing is handled by server policy, you set it using pdbedit. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] More than one LDAP-Server in smb.conf?
Hello, can I use more than one LDAP-Server in my smb.conf? I would like to have a backup, if the first OpenLDAP crashed. In my installation (306), this had no effekt: passdb backend = ldapsam:ldap://127.0.0.1:389, ldapsam:ldap://server2:389 , ldapsam:ldap://server1:389 matze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help with samba
Hi, I have an small network with SUSE 9.1 and trying to use samba. I was reading a lot of papers about samba, but i cannot do something i need. In my computer i have a directory named cotiza owned by user4(me) with the group users and mode 765. M users list there're user1, user2, user3 and user4 all of them with users group. In smb.conf have: [cotiza] comment = Directorio de Cotizaciones path = /home/cotiza/ valid users = user1,user2,user3 read list = user1 write list = user2,user3 create mask = 0765 create directory mask = 0765 create directory mode = 0765 In users 1, 2 and 3 smbfstab have: //xxx.xxx.x.x/cotiza /home/user(x)cotiza username=user(X),password=,fmask=765,dmask=765 All of that is not working. I need that users2 and 3 can create or modify any of the files inside and user1 just read it. Also, I need users 2 and 3 can make directorys with the same mode and that is not working too. Can somebody help me?? Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File transfer very slow one way - why?
I use Samba between a Windows 98SE and a Linux Slackware 10 box. File transfers from Linux to Windows are very slow - about 10% of the quite reasonable speed from Windows to Linux. Any idea why this is so slow? Thanks, Larry Alkoff Larry Alkoff N2LA - Austin TX -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More than one LDAP-Server in smb.conf?
This is from: http://us4.samba.org/samba/docs/man/smb.conf.5.html pay close attention to the quotes. passdb backend = ldapsam:ldap://ldap-1.example.com ldap://ldap-2.example.com; Bill On Sun, 7 Nov 2004, Matthias Spork wrote: Hello, can I use more than one LDAP-Server in my smb.conf? I would like to have a backup, if the first OpenLDAP crashed. In my installation (306), this had no effekt: passdb backend = ldapsam:ldap://127.0.0.1:389, ldapsam:ldap://server2:389 , ldapsam:ldap://server1:389 matze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ACL propegation problem - any known issues?
I thought, just to close out this old thread, that I'd mention that I recently switched from ext3fs to xfs and my ACL problems went away. I haven't had any default ACLs fail to propegate in the last couple of weeks. Before it was happening several times a week. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Users with changed passwords can connect locally, but not remotely
Hi. I've just run into a very strange problem with a Samba server. I'm running version 3.0.2a, which came with Yellow Dog Linux (a Mac that originally ran OS X server, but that I like better with Samba). I migrated a complete Samba configuration from an old server, including the entire /etc/samba directory and all user accounts, making sure that the UIDs all matched (and, while we're on the subject of continuity, I even made sure that the new server had the old server's local SID in the secrets.tdb database, and that the users' SIDs matched the machine SID). At first, no clients were aware that anything had changed. However, I changed the passwords of two users and now they can't connect with either the old or new passwords. I even changed them back, with no success. Oddly, they can both connect fine from the server itself when I do this: smbclient -L 127.0.0.1 -U username Password: ... All the services are listed normally. But when I issue the same command from a remote machine, it fails: smbclient -L servername -U username Password: session setup failed: NT_STATUS_LOGON_FAILURE - It's not a firewall issue, because I can indeed connect. And users who are still using their original passwords can connect fine. - It's not a conflict with the old server, because the old server is not running Samba and has a new IP address. - It's not that I'm connecting to the wrong machine, because I tried stopping Samba, and then I couldn't even connect form the remote host. So this really is a case of Samba rejecting a login for a remote machine but allowing the same login locally - but only for users with changed passwords. Anyone ever seen anything like this? Thanks in advance, Ed -- :: Ed Holden :: Administrator, Research Information Systems :: McLean Hospital :: Tel: (617) 855-2822 :: Web: http://research.mclean.harvard.edu/ris Any information, including protected health information (PHI), transmitted in this email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential and or exempt from disclosure under applicable Federal or State law. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon, protected health information (PHI) by persons or entities other than the intended recipient is prohibited. If you received this email in error, please contact the sender and delete the material from any computer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Tivoli Storage Mgr (TSM) Integration Query ???
All, Can anyone confirm that Samba/Solaris will integrate with TSM (Tivoli Storage Manager) when deployed into a Wintel client environment. ie. Solaris/Samba as a TSM client - we need to be sure that the ACL's will be maintained correctly via a TSM backup/restore (full or partial) Or confirm this does not work, which is not what we want to hear - but the truth will suffice. Many thanks, Graham. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with samba
Hi, i think you have a problem with the linux file rights: You have 765 so you get drwxrw-r-x for your directory /home/cotiza. Your users need the right x for changing in a directory. So all users in your group users aren't allowed to get in! Am Freitag, den 14.01.2005, 08:12 -0800 schrieb Sebastian Sola: Hi, In my computer i have a directory named cotiza owned by user4(me) with the group users and mode 765. You will need 775! M users list there're user1, user2, user3 and user4 all of them with users group. OK. In smb.conf have: [cotiza] comment = Directorio de Cotizaciones path = /home/cotiza/ valid users = user1,user2,user3 read list = user1 write list = user2,user3 create mask = 0765 create directory mask = 0765 create directory mode = 0765 Isn't user4 allowed to write there with a smb/cifs-client? In users 1, 2 and 3 smbfstab have: //xxx.xxx.x.x/cotiza /home/user(x)cotiza username=user(X),password=,fmask=765,dmask=765 I think you can leave f/dmask away, but I'm not sure. All of that is not working. I need that users2 and 3 can create or modify any of the files inside and user1 just read it. Also, I need users 2 and 3 can make directorys with the same mode and that is not working too. You will have this points, when you change the rights to 775. Problem are users in group users, which can access your computer (where samba is running), because they can write too! A second method would be acl and perhaps you can make some easier configuration with sticky bits - change to 2775, then every file beyond /home/cotiza will get equal groups. Can somebody help me?? Hope so! Bye -- Christoph Stoettner [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Domain Name Change
What are the repercusions, particularly with respect to XP Pro, for changing the domain name in Samba 3.0.9 PDC? Can I join a Samba PDC to a W2K domain with net rpc or is this a bad idea? TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to connect to smb shares from second machine in workgroup
I have a pretty simply home LAN with a Linux box (Mandrake 9.1) and 2 XP boxes. The workgroup is named UNIVERSE and the machines are earth (Linux), voyager (XP) and starbase (XP). (smb.conf has security=user). Voyager can browse over to \\earth\share no problem. Recently I connected starbase to my LAN using a wireless router. When on starbase I cannot browse to \\earth\share. When I do so I get prompted for a username/password. No username/password works however! Now I realize that in this situation with no domain control a user named voyager\foo is not considered the same as starbase\foo. However how can I get them both to be able to use \\earth\share? BTW: Starbase used to be able to browse to \\earth\share before. Voyager is a new XP box and replaced Starbase. Any ideas would be helpful. A little more info. Trying to follow the instructions at http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html. When I do nmblookup -B voyager * I get: Earth:nmblookup -B voyager * querying * on 192.168.1.100 192.168.1.100 *00 However when I do it for starbase: Earth:nmblookup -B starbase * querying * on 192.168.1.102 name_query failed to find name * I have starbase in both /etc/hosts and /etc/samba/lmhosts pointing to 192.168.1.102. I've also tried completely turning off the XP SP2 firewall on Starbase - didn't help. Ideas? -- Just what part of NO didn't you understand? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to connect to smb shares from second machine in workgroup
That you are getting a password prompt on starbase at all indicates that you are connecting to earth, but earth is probbaly rejecting your login. While voyager\foo and \starbase\foo may not be the same user, in my experience as long as you are using the correct password for your Samba user earth\foo, the username foo should work fine from starbase. Are you seeing anything odd in the Samba logs on earth? Perhaps your wireless network is on a different subnet from your wired one? In that case a host allow line in smb.conf may be the culprit. What happens when starbase is on the wired network instead of the wireless one (assuming you have a normal ethernet port on starbase). -Ed :: Ed Holden :: Administrator, Research Information Systems :: McLean Hospital :: Tel: (617) 855-2822 :: Web: http://research.mclean.harvard.edu/ris Andrew DeFaria wrote: I have a pretty simply home LAN with a Linux box (Mandrake 9.1) and 2 XP boxes. The workgroup is named UNIVERSE and the machines are earth (Linux), voyager (XP) and starbase (XP). (smb.conf has security=user). Voyager can browse over to \\earth\share no problem. Recently I connected starbase to my LAN using a wireless router. When on starbase I cannot browse to \\earth\share. When I do so I get prompted for a username/password. No username/password works however! Now I realize that in this situation with no domain control a user named voyager\foo is not considered the same as starbase\foo. However how can I get them both to be able to use \\earth\share? BTW: Starbase used to be able to browse to \\earth\share before. Voyager is a new XP box and replaced Starbase. Any ideas would be helpful. A little more info. Trying to follow the instructions at http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html. When I do nmblookup -B voyager * I get: Earth:nmblookup -B voyager * querying * on 192.168.1.100 192.168.1.100 *00 However when I do it for starbase: Earth:nmblookup -B starbase * querying * on 192.168.1.102 name_query failed to find name * I have starbase in both /etc/hosts and /etc/samba/lmhosts pointing to 192.168.1.102. I've also tried completely turning off the XP SP2 firewall on Starbase - didn't help. Ideas? Any information, including protected health information (PHI), transmitted in this email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential and or exempt from disclosure under applicable Federal or State law. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon, protected health information (PHI) by persons or entities other than the intended recipient is prohibited. If you received this email in error, please contact the sender and delete the material from any computer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC with Samba
Hi, I'm new to the list and pretty new to Samba. I'm building a PDC with Samba, but things don't seem to be right. In fact after I had modified my conf file, I tried my domain. From a win2k host I tried to join the domain, with these settings: user: admin passw: ** domain: WORKGROUP This user is a Unix and Samba user I created on the server. But the negotiation ends with a fail message telling that user doesn't exist or the password is wrong. Perhaps netlogon is not well configured? How can I create a profile on the server? Many thanks PS: I've attached my conf file -- Alessandro Dal Grande Student In The University Of Padua - Computer Science Linux Registered User #359258 System: GNU/Linux Debian unstable on i686 Kernel: 2.4.25 Debian Custom Mail: Thunderbird Chat: Kopete (ICQ) 150487234 Put the fan back into computing [global] name resolve order = lmhosts host bcast preserve case = yes socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 logon drive = H: domain master = yes interfaces = 192.168.0.22/255.255.255.0 time server = yes encrypt passwords = yes logon home = \home%u dns proxy = no netbios name = LANMASTER server string = %h Samba, cache proxy e pop3 proxy server logon script = logon.cmd invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n local master = yes logon path = \%Nprofiles%u workgroup = WORKGROUP syslog only = no os level = 64 syslog = 0 security = user short preserve case = yes preferred master = yes max log size = 1000 domain logons = yes [netlogon] path = /home/netlogon/%g read only = yes public = no browseable = no write list = ntadmin [profili] path = /export/smb/ntprofile read only = no create mask = 0600 directory mask = 0700 [homes] comment = Home browseable = no read only = no create mask = 0700 directory mask = 0700 [work] comment = Area di lavoro path = /netdisk public = yes guest ok = yes writable = yes create mask = 0755 directory mask = 0755 signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTConfig.POL file
Adam, Thank´s for your help. But just one unanswered and undocumented question. pdbedit -P maximum password age -C x In which unit should this x be used? Days? timestamp? hours? minutes? Thank´s once again, Gustavo - Original Message - From: Adam Tauno Williams [EMAIL PROTECTED] To: Gustavo Lima [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Friday, January 14, 2005 1:43 PM Subject: Re: [Samba] NTConfig.POL file Does anybody that have it working can give me a sample of what looks like a NTConfig.POL file that changes users passwords every 45 days. Password changing is handled by server policy, you set it using pdbedit. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to connect to smb shares from second machine in workgroup
Ed Holden wrote: That you are getting a password prompt on starbase at all indicates that you are connecting to earth, but earth is probbaly rejecting your login. While voyager\foo and \starbase\foo may not be the same user, in my experience as long as you are using the correct password for your Samba user earth\foo, the username foo should work fine from starbase. Are you seeing anything odd in the Samba logs on earth? Well on both XP boxes the username is my name, Andrew DeFaria, and the passwords are indeed the same. On the Linux box I use a username of just andrew. smbusers maps Andrew DeFaria - andrew and this works just fine for Voyager but again, not for Starbase. The user andrew on the Linux box has the same password as the two XP boxes. No, I'm seeing nothing strange in the Samba log files. I think the fact that nmblookup is telling in that it cannot seem to find the machine Starbase but it can fine the machine voyager. I don't know why. I've taken steps to insure that /etc/hosts on the machines all reflect the proper IP addresses. I've even created an /etc/samba/lmhosts so that the proper IP addresses are denoted there. Perhaps your wireless network is on a different subnet from your wired one? In that case a host allow line in smb.conf may be the culprit. I don't think so. The IP addresses involved are voyager: 192.168.1.100, earth: 192.168.1.101 and starbase: 192.168.1.102. What happens when starbase is on the wired network instead of the wireless one (assuming you have a normal ethernet port on starbase). I thought of that but argh! Now I gotta fine a wire that long! :-( Well it's not that far away and I could always move the machine (but was hoping to avoid that). BTW: Starbase can browse to shares on Voyager and Voyager can browse to shares on Starbase. At least I think I did that before - I'll have to check tonight. -- Do you think that when they asked George Washington for ID that he just whipped out a quarter? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Revisiting SMB and SMP
Hi Samba List, I did a little sniffing around for issues between samba and SMP, but didn't seem to come across any that dealt with the behavior I'm seeing. The general question is: Does samba work correctly in an SMP environment? Apparently OOB it doesn't...but is there a way to make it work? The specifics of my situation are as follows: - Custom-built Debian Sarge kernel-2.6.8 -- Support for 4 cpus (2 HT Xeons, which each appear as 2 cpus) -- samba is compiled-in on my most recent attempt - When booting a non-SMP kernel, samba works flawlessly. - When booting the SMP kernel, samba loses its ability to create or modify files, spitting out input/output errors, such as the following example: samus:/mnt/smb/file-serv/george# touch testfile touch: setting times of `testfile': Input/output error (names have been changed to protect the guilty) Any help would be greatly appreciated, as I would enjoy being able to utilize the benefits of both SMP and SMB. Cheers, ~Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Revisiting SMB and SMP
The general question is: Does samba work correctly in an SMP environment? Apparently OOB it doesn't...but is there a way to make it work? Can't say there's any problem in my environment, on a few SMP-ish servers. I say smp-ish because they're really hyperthreaded Xeons, but they're supposed to ACT just like a true SMP box. I'm using the stock Fedora versions, but I don't think they do anything funky to it. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTConfig.POL file - answer
Thank´s again. Is in seconds. - Original Message - From: Gustavo Lima [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Friday, January 14, 2005 4:28 PM Subject: Re: [Samba] NTConfig.POL file Adam, Thank´s for your help. But just one unanswered and undocumented question. pdbedit -P maximum password age -C x In which unit should this x be used? Days? timestamp? hours? minutes? Thank´s once again, Gustavo - Original Message - From: Adam Tauno Williams [EMAIL PROTECTED] To: Gustavo Lima [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Friday, January 14, 2005 1:43 PM Subject: Re: [Samba] NTConfig.POL file Does anybody that have it working can give me a sample of what looks like a NTConfig.POL file that changes users passwords every 45 days. Password changing is handled by server policy, you set it using pdbedit. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fwd: error
Hi I found your post on Internet about Network Write Error you are having. I was wondering if you were able to find out what it is. I am having the same. Thanks Et Ignjatovic IT Analyst 519-426-4664-254 [EMAIL PROTECTED] A ship in the harbor is safe, but that is not what ships are built for. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with samba
I have 2 windows computers too. --- Darcy Bangsund [EMAIL PROTECTED] wrote: These are all just linux systems ? Why not use NFS instead? - Original Message - From: Sebastian Sola [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, January 14, 2005 11:12 AM Subject: [Samba] Help with samba Hi, I have an small network with SUSE 9.1 and trying to use samba. I was reading a lot of papers about samba, but i cannot do something i need. In my computer i have a directory named cotiza owned by user4(me) with the group users and mode 765. M users list there're user1, user2, user3 and user4 all of them with users group. In smb.conf have: [cotiza] comment = Directorio de Cotizaciones path = /home/cotiza/ valid users = user1,user2,user3 read list = user1 write list = user2,user3 create mask = 0765 create directory mask = 0765 create directory mode = 0765 In users 1, 2 and 3 smbfstab have: //xxx.xxx.x.x/cotiza /home/user(x)cotiza username=user(X),password=,fmask=765,dmask=765 All of that is not working. I need that users2 and 3 can create or modify any of the files inside and user1 just read it. Also, I need users 2 and 3 can make directorys with the same mode and that is not working too. Can somebody help me?? Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Unable to connect to smb shares from second machine in workgroup
What if you log on as andrew with your Samba password instead of using the long name you have in smbusers? Yes, it does look like your wireless netwokr is on the same subnet as your wired one, so I'd doubt that the wired test will be successful (but it's probably still worth trying). Again, I suspect from the login prompt that you are indeed connecting to Earth, but something in the authentication is going amiss. Maybe you should increase the debug level to see what turns up in the logs. Also, have you fixed starbase's group policy security settings? There are a couple XP settings for digitally signing and encrypting data, and sometimes they can cause incompatibilities with Samba. Run gpedit.msc from the Start menu on starbase and the Group Policy editor will pop up. Navigate through it to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. Then disable the following policies: Domain Member: Digitally encrypt or sign secure channel data (always) Domain Member: Digitally sign secure channel data (when possible) -Ed :: Ed Holden :: Administrator, Research Information Systems :: McLean Hospital :: Tel: (617) 855-2822 :: Web: http://research.mclean.harvard.edu/ris Andrew DeFaria wrote: Ed Holden wrote: That you are getting a password prompt on starbase at all indicates that you are connecting to earth, but earth is probbaly rejecting your login. While voyager\foo and \starbase\foo may not be the same user, in my experience as long as you are using the correct password for your Samba user earth\foo, the username foo should work fine from starbase. Are you seeing anything odd in the Samba logs on earth? Well on both XP boxes the username is my name, Andrew DeFaria, and the passwords are indeed the same. On the Linux box I use a username of just andrew. smbusers maps Andrew DeFaria - andrew and this works just fine for Voyager but again, not for Starbase. The user andrew on the Linux box has the same password as the two XP boxes. No, I'm seeing nothing strange in the Samba log files. I think the fact that nmblookup is telling in that it cannot seem to find the machine Starbase but it can fine the machine voyager. I don't know why. I've taken steps to insure that /etc/hosts on the machines all reflect the proper IP addresses. I've even created an /etc/samba/lmhosts so that the proper IP addresses are denoted there. Perhaps your wireless network is on a different subnet from your wired one? In that case a host allow line in smb.conf may be the culprit. I don't think so. The IP addresses involved are voyager: 192.168.1.100, earth: 192.168.1.101 and starbase: 192.168.1.102. What happens when starbase is on the wired network instead of the wireless one (assuming you have a normal ethernet port on starbase). I thought of that but argh! Now I gotta fine a wire that long! :-( Well it's not that far away and I could always move the machine (but was hoping to avoid that). BTW: Starbase can browse to shares on Voyager and Voyager can browse to shares on Starbase. At least I think I did that before - I'll have to check tonight. Any information, including protected health information (PHI), transmitted in this email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential and or exempt from disclosure under applicable Federal or State law. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon, protected health information (PHI) by persons or entities other than the intended recipient is prohibited. If you received this email in error, please contact the sender and delete the material from any computer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with samba
Ok, I did change all to probe just with one user. The same /home/cotiza directory, with 775 mode In user1 computer's: mount -t smbfs -o username=user4(the owner of /home/cotiza),password=x,fmask=775,dmask=775 user1 can mount /home/cotiza but, if we try to make a directory inside, the mode for the new directory are o+rwx g+rx a+rx, so they cannot save anything inside. --- Christoph Stoettner [EMAIL PROTECTED] wrote: Hi, i think you have a problem with the linux file rights: You have 765 so you get drwxrw-r-x for your directory /home/cotiza. Your users need the right x for changing in a directory. So all users in your group users aren't allowed to get in! Am Freitag, den 14.01.2005, 08:12 -0800 schrieb Sebastian Sola: Hi, In my computer i have a directory named cotiza owned by user4(me) with the group users and mode 765. You will need 775! M users list there're user1, user2, user3 and user4 all of them with users group. OK. In smb.conf have: [cotiza] comment = Directorio de Cotizaciones path = /home/cotiza/ valid users = user1,user2,user3 read list = user1 write list = user2,user3 create mask = 0765 create directory mask = 0765 create directory mode = 0765 Isn't user4 allowed to write there with a smb/cifs-client? In users 1, 2 and 3 smbfstab have: //xxx.xxx.x.x/cotiza /home/user(x)cotiza username=user(X),password=,fmask=765,dmask=765 I think you can leave f/dmask away, but I'm not sure. All of that is not working. I need that users2 and 3 can create or modify any of the files inside and user1 just read it. Also, I need users 2 and 3 can make directorys with the same mode and that is not working too. You will have this points, when you change the rights to 775. Problem are users in group users, which can access your computer (where samba is running), because they can write too! A second method would be acl and perhaps you can make some easier configuration with sticky bits - change to 2775, then every file beyond /home/cotiza will get equal groups. Can somebody help me?? Hope so! Bye -- Christoph Stoettner [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating PDC
I am trying to migrate my samba 3.0.10 PDC from a Solaris 2.8 machine to a Suse 9.1 machine. Nothing in the docs including the part about moving from a windows PDC to samba PDC seem to work in my case. Is their some quick and dirty or do I have to reinstall on the Suse machine and recreate all the users? Thanks, John Allen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = server, username map, different domain - no login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralf Gross wrote: | | --- Samba 2.2.12 | Session Setup AndX Request, User: EMEA\RALFGRO | Account: RALFGRO | Primary Domain: EMEA | | --- Samba 3.0.10 | Session Setup AndX Request, User: ERS\RALFGRO | Account: RALFGRO | Primary Domain: ERS | | I can see that the mapping via the smbuser file is working, | but why is samba 3.0.10 passing domain ERS insted of EMEA | to the password server? Is it not possible to do these things | in 3.0.10? What do I have to change to get this working in | samba 3.x? Any ideas? | | I'm a bit lost at the moment. Our samba 2.x config was | nice, simple and just working. The simpliest thing is to swap over to security = domain. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6Ca0IR7qMdg1EfYRAtP0AJ9QQJq+Ic1BXo6v7ngdsmhfHp19MgCfXk8i i2AZ6JV9vVQr21xFfNckgKM= =MgW1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd -a -s /add smbuser via bash script
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Colin E. McDonald wrote: | I have a script that used to work fine under Samba 2.2.7a. | | I would pass the username and password to smbpasswd | -a -s $user $password and it worked fine. (echo $pw; echo $pw ) | smbpasswd -s -a $user cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6CdbIR7qMdg1EfYRAlJGAJ9hm9NbVLGhfrneTLzTiK9XqGBlIgCg7TPX UDYLCbPNBCnFKpOE/PjLIDw= =crZ/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does Samba3 support AD trusts?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard Cardwell wrote: | Hi, | | I was wondering, does anyone know if Samba 3 support | Windows 2003 Active directory forest trusts ? | | We have been trying to make Samba 3 (3.0.10) in | an environment that has 2 Windows 2003 Active directory | forests connected by a 'Forest Trust'. Does Samba 3 | support 'Forest trusts' and if so are their any limitations | on their use. As a domain member in security =ads, yes. This will all work. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6CfPIR7qMdg1EfYRAjLrAKDcyzbG3rwrRm4PbqNlKKA5naJ4ygCg8QKy KisK/hxpAtYRKhLNH0FUEcY= =FscF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using WMI Classes to join worksation to domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kristyan Osborne wrote: | This always fails with error code 1326 (username or | password invalid). However looking at the logs on the | Samba server, it tells me that the authentication for | user root was successful. | | Is this a fundermental mistake of mine, where Samba doesn't | support these WMI calls, or is it something I'm overlooking. The WMI calls should just plunk down to basic RPC's on the wire. Check your level 10 smbd log for ACCESS_DENIED and see which call failed. A network trace in ethereal miight prove helpful as well. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6CjKIR7qMdg1EfYRAry5AJwIu7KUAXg1zxq700h3G0DirU/AlwCg2jX5 nEM+qWr+Acit8ryk06KHskU= =/TUp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Joining a samba domain on WinXP without a root login?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Tauno Williams wrote: | Both NT4 and AD have special ways to create a basic | domain user, then add the specific permission to join | workstations to the domain. Can your creativity | provide that type of an implementation for Samba? | | Isn't this privilages? You can muck about with them a | bit with rpcclient but they don't seem to do anything. Yeah. The Domain Admins hack was a quick fix in an afternoon of work. Simo convinced me to spend the time and effort to implement the privileges feature he wrote for trunk. I checked in a backport/rewrite on the privileges code from trunk into the 3.0 svn code base yesterday. So at this point you should be able to assing the SeMachineAccountPrivilege to any SID you like and use that SID to join the domain. I've still got some security auditing to do on to make sure I haven't done anything stupid, but this code will be in 3.0.11pre2 sue out next week. I'll send a short howto as soon as I finish the lingering details. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6Cn5IR7qMdg1EfYRAiUaAKC7ELoNshYFmg9EQ0AvyYEC8uJHwQCeM7di i/E37m0ieaZO+aQk7Bbp0Ns= =sH4m -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with samba
Am Freitag, den 14.01.2005, 11:43 -0800 schrieb Sebastian Sola: Ok, I did change all to probe just with one user. The same /home/cotiza directory, with 775 mode In user1 computer's: mount -t smbfs -o username=user4(the owner of /home/cotiza),password=x,fmask=775,dmask=775 I think you can leave f/dmask away. These settings should come from samba. user1 can mount /home/cotiza but, if we try to make a directory inside, the mode for the new directory are o+rwx g+rx a+rx, so they cannot save anything inside. Did you change your smb.conf? There are: create mask = 0765 create directory mask = 0765 create directory mode = 0765 Should be create mask = 0660 (so only user4 and users can read and write files create directory mask/mode = 0775 or 0770 If this won't work - have a look at the users umask! Bye Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_ACCESS_DENIED with ADS + Kerberos
I'm trying to setup Samba in ADS security mode so I can run winbind for NSS and Kerberos for user authentication, chiefly for shell accounts for developers. These hosts will not provide any file or printer services, at least in the near-term. My hosts are CentOS 3 (a free RHEL3 clone) and my ADS servers are Windows 2000 (not 2003), in hybid mode. I am using stock RPMs for both Kerberos and Samba; krb5-libs-1.2.7-31 (et al) and samba-3.0.9-1.3E.2 (et al). I have been successful using Kerberos authentication with the W2k servers and pam_krb5 (with local users in /etc/passwd). I can use Kerberized telnet between Linux hosts. I've also configured OpenLDAP-based IdMap, which after a little tweaking so uidNumbers match the manual maps I'd created, works fine. I can also get winbind to work as expected using 'security = domain' and I suppose I could leave it at that, but I'm a curious sort. I joined the realm by running 'kinit -p [EMAIL PROTECTED]' and then 'net join ads'. Kerberos keytab has been created with 'net ads keytab CREATE; 'klist -k' shows a full list of keys--about 72 of them. However, 'wbinfo' commands have problems: # wbinfo -u and # wbinfo -g work consistently. (I've run them in a loop which checks the line counts between runs.) # wbinfo -n Name works inconsistently (for users and groups). Errors are similar to below but the connection is to \PIPE\lsarpc. wbinfo -t never works: # wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret winbind log looks like this when running this command: ... [2005/01/14 11:58:08, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745) got [EMAIL PROTECTED] [2005/01/14 11:58:08, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(538) Doing kerberos session setup [2005/01/14 11:58:08, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(319) Ticket in ccache[MEMORY:cliconnect] expiration Fri, 14 Jan 2005 21:58:06 GMT [2005/01/14 11:58:08, 1] nsswitch/winbindd_cm.c:cm_open_connection(333) failed tcon_X with NT_STATUS_ACCESS_DENIED [2005/01/14 11:58:08, 3] nsswitch/winbindd_cm.c:new_cm_connection(499) Could not open a connection to MYDOMAIN for \PIPE\NETLOGON (NT_STATUS_ACCESS_DENIED) [2005/01/14 11:58:08, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68) could not open handle to NETLOGON pipe [2005/01/14 11:58:08, 2] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98) Checking the trust account password returned NT_STATUS_ACCESS_DENIED Here's one of the smb.conf's (the more minimal): [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM security = ADS use kerberos keytab = Yes log level = 3 ads:20 auth:10 sam:10 rpc:20 ldap admin dn = cn=Manager,dc=mydomain,dc=COM ldap idmap suffix = ou=Idmap ldap suffix = dc=mydomain,dc=COM idmap backend = ldap:ldap://ldap-server idmap uid = 15-55 idmap gid = 15-55 template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind cache time = 1 winbind use default domain = Yes -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Missing last character in share name when access from Win2k
I'm getting frequent errors on Samba 3.0.10 about failing to access a share, where the name is missing its last character: Jan 13 20:55:42 pyloric smbd[18322]: [2005/01/13 20:55:42, 0] smbd/service.c:make_connection(800) Jan 13 20:55:42 pyloric smbd[18322]: vomit (192.168.23.143) couldn't find service music-ri vomit is a win2k (fully patched) machine. This error occurs when attempting to access the share //pyloric/music-rip. When the error occurs, I can still access the share, though it does feel sluggish -- it's difficult for me to say for sure, though. I've googled for this, and found a fair number of reports of this issue, but no explanation or fix. One such report is here: http://lists.samba.org/archive/samba/2004-September/092432.html There's a reply to that report suggesting an upgrade to 3.0.7 to fix the issue, but obviously that won't help me, as I'm already running 3.0.10. :) Any advice? Thanks, - Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Revisiting SMB and SMP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Henning wrote: | Hi Samba List, | I did a little sniffing around for issues between samba and SMP, but | didn't seem to come across any that dealt with the behavior I'm seeing. | | The general question is: Does samba work correctly in | an SMP environment? Apparently OOB it doesn't...but is there | a way to make it work? You asking about smbfs and not Samba. You'll have to check with the linux kernel folks for the asnwer to your Q. We don't maintain the smbfs kernel code. I routinely run Samba on a 2 way Xeon HT box (so its show up as a 4-way box) . | samus:/mnt/smb/file-serv/george# touch testfile | touch: setting times of `testfile': Input/output error cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6C0LIR7qMdg1EfYRAo+VAKCa1ZNCztzmzVbfF0ndFN8GvjmL3wCdFL1N AhjCDSi73hpqzQZXww/2UgE= =RIE/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fw: [Samba] problems with username map
Begin forwarded message: Date: Thu, 13 Jan 2005 13:29:52 + From: HeRnAn DeL bOcA [EMAIL PROTECTED] To: samba@lists.samba.org Subject: [Samba] problems with username map if someone knows anything about this problem??? with samba 2.2.7 i've used a username map called smbusers file with this structure user_domain =[EMAIL PROTECTED] user2_domain = [EMAIL PROTECTED] and so on. obviosuly in the smb.conf the option is enable username map = /etc/samba/smbusers and it worked just fine but now i upgraded samba to 3.0 and the option username map is not working is there any solution??? thanks to anybody that can help me Hernan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Allen wrote: | I am trying to migrate my samba 3.0.10 PDC from a | Solaris 2.8 machine to a Suse 9.1 machine. | Nothing in the docs including the part about moving | from a windows PDC to samba PDC seem to | work in my case. Is their some quick and dirty or | do I have to reinstall on the Suse machine and recreate | all the users? You should be able to just copy the necessary files. No big mystery I don't think. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6C1YIR7qMdg1EfYRAjcPAKDAf8TXm0KHmtq/al9lpV6SQSbeFQCffxkI rGG5jh2itblIO8DbINlkElU= =GEqW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Domain Name Change
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Skeren wrote: | What are the repercusions, particularly with respect | to XP Pro, for changing the domain name in Samba 3.0.9 PDC? The domain SID will be regenerated (you can manually set it to the old value after the name change if you like). | Can I join a Samba PDC to a W2K domain with net rpc or | is this a bad idea? bad idea. Samba 3 cannot currently operate as a BDC for NT4 or AD domains with Windows DC's cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6C2oIR7qMdg1EfYRAtjNAKCtZIjdmJJkGlKnbywZzvnW9h1iPwCgx4Ml Cs3vwYlinyA3kXAYFm04nLY= =R4HO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with samba
Ok, I did it I founded a force directory mask option reading some new paper in the web. With that, it seems to be working. Thanks for your help Chirstoph. Sebastian --- Christoph Stoettner [EMAIL PROTECTED] wrote: Am Freitag, den 14.01.2005, 11:43 -0800 schrieb Sebastian Sola: Ok, I did change all to probe just with one user. The same /home/cotiza directory, with 775 mode In user1 computer's: mount -t smbfs -o username=user4(the owner of /home/cotiza),password=x,fmask=775,dmask=775 I think you can leave f/dmask away. These settings should come from samba. user1 can mount /home/cotiza but, if we try to make a directory inside, the mode for the new directory are o+rwx g+rx a+rx, so they cannot save anything inside. Did you change your smb.conf? There are: create mask = 0765 create directory mask = 0765 create directory mode = 0765 Should be create mask = 0660 (so only user4 and users can read and write files create directory mask/mode = 0775 or 0770 If this won't work - have a look at the users umask! Bye Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Performance problems with 3.0.10
Hello folks, Has anyone experienced problems with ver 3.0.10? I just upgraded to 3.0.10 and have been having my memory eaten up. Any help would be appreciated. Sheikji Nazirudeen IT Analyst Syracuse University 315-443-1207 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] setting options before user logs on via policies
Read the HOWTO chapter that covers this. It's pretty thorough. You can use NT4 policies. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Thu, 23 Dec 2004, Florian Effenberger wrote: Hello, is it possible to set options before a user logs on via policies, or does this depend on active directory? I would like to set things like screensaver at logon dialogue, ctrl-alt-del requirement, clear last user at logon, etc., but it seems to be impossible using policies. A workaround I can think of is doing that via MSI files. Any tip is welcome. :-) Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Odd LPQ behavior in 3.0.x
I have a service called Server, but none labeled the way you described it (XP SP2). Does not seem to work even though it is enabled. Perhaps I have another problem. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 14 Dec 2004, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Novosielski wrote: | I have another question related to this. My NT admin | appears to have disabled the channel that allows | back-communication to the PC's -- does anyone know | off the top of their head what setting/service on NT | enables that so that I can try it out and ask | him to re-enable it if it is helpful? It's the Server service on WIndows NT and the File and Print sharing for MS Networks for 2k/xp/2k3 cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBv3/hIR7qMdg1EfYRAkQ3AKCWl55KxJpxw3JyY6Yei4qwg9sZ/QCeOAix dii14c+tDE0irlYtfQqP1rI= =c9CS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Domain Name Change
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Skeren wrote: | What are the repercusions, particularly with respect | to XP Pro, for changing the domain name in Samba 3.0.9 PDC? The domain SID will be regenerated (you can manually set it to the old value after the name change if you like). | Can I join a Samba PDC to a W2K domain with net rpc or | is this a bad idea? bad idea. Samba 3 cannot currently operate as a BDC for NT4 or AD domains with Windows DC's Right, I understand. I just wondered if it would sit there and look like a member server to users on the other node? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6C2oIR7qMdg1EfYRAtjNAKCtZIjdmJJkGlKnbywZzvnW9h1iPwCgx4Ml Cs3vwYlinyA3kXAYFm04nLY= =R4HO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems on HP-UX 11i with 'user add script'
The thing is, I do not want this behavior. I want to have a setup where the user only necessarily exists in one location (ie., DOMA\freddy does not exist in DOMB... but I want him to be able to log into machines that live in DOMB). The problem I'm seeing is that Samba is often unable to create the placeholder account for DOMA\freddy in DOMB -- the script exits with status 1, for no reason that I can see (I will turn up debug higher). Does Winbindd belong in this situation or no? _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 4 Jan 2005, John H Terpstra wrote: On Tuesday 04 January 2005 14:49, Ryan Novosielski wrote: This one doesn't make any sense to me. What's worse, it seems to occasionally work and sometimes not. I am attempting to log into a domain (DOMA let's say) and I only have an account on DOMB. When DOMA's Samba PDC attempts to create a UNIX account for me, this is what happens: ... ...when running that command from a shell, it does not exit 1. I can't figure out why it does that, or why there is a problem with the netsamlogon_cache.tdb. I read something about requiring Winbindd, but I don't see how my situation (two Samba PDC's with a trust relationship between the two different domains) requires Winbindd, unless Winbindd running would keep me from having to do 'add user script' work (simply using the same accounting info via NSS that it is getting from Samba). Can someone shed some light on this for me? The docs are not making it clearer. Let's consider an example: DOMA has a user 'freddy' with UID=2349 DOMB has a user 'freddy' with UID=5412 DOMA\freddy has SID='S-1-5-21-12345678-12345678-12345678-4698 DOMB\freddy has SID='S-1-5-21-87654321-87654321-87654321-10824 There is a two-way trust relationship between DOMA and DOMB. The method for establishing interdomain trusts is documented in the Samba-HOWTO-Collection. There is a chapter on it. DOMA\freddy is an entirely different person from DOMB\freddy. One is the CEO and the other the janitor. I guess the CEO of DOMA would not like the janitor of DOMB to have access to his files. What happens with your method? My guess: DOMB\freddy accesses DOMA and inherits DOMA\freddy file access permissions. After all, what is there to distinguish DOMA\freddy from DOMAB\freddy - they will have the same account name because you will not create a new account by calling the user add script if the local account already exists. In other words DOMA\freddy is the same user as DOMB\freddy in your configuration. With winbind, DOMB\freddy will on access to the DOMA domain be allocated a UID out of the IDMAP UID pool, and for all intents and purposes will be an entirely different user from DOMA\freddy. Does that clear up why you need to use winbind? The other reason is that winbind caches the domain credentials for each trusted domain thus making the entire network operation more efficient. I hope this helps. This should be in the HOWTO-Collection - if not it must be added. I'll check and update this too. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: Question about win2000 and samba
I'd say no on that one. /PERSIST is for next logon, AFAIK. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Fri, 24 Dec 2004, Gémes Géza wrote: Marco De Vitis írta: Il 24/12/2004, alle ore 10:02, Gémes Géza ha scritto: It happens to me to at any W2k machine on the network, and also to other users, so I suspect it is not a network problem. Maybe faulty network card/cable on the server or something like that? Check the Samba logs for errors; if the problem is in Samba, they should show some traces of it. Changed the NICs and other hardware (even the servers), and of course the Samba release (a couple of times) since the problem first apeared in 2001 (then we got our first Win2k workstations). I haven't inspected Samba logs (yet) haunting for such simptoms, but I've did it many times for other problems. Anyway transfer problems were allways close to the 100Mbps hardware offered maximum. Could it have anything to do with specifying /PERSIST:NO with every NET USE command? Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: print$ worked in 3.0.7, broken after upgrading to 3.0.9
Doesn't matter -- this is a test from the server to determine if the share is in good shape. He was asking as a diagnostic idea. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Wed, 15 Dec 2004, Jeff Umbach wrote: Franz Pförtsch wrote: Do you have tried: smbclient //server/print$ -U windowsuser what is happening? I tried following the solution in that thread and it didn't help. I can print to the printers if I install the driver manually, but I cannot get it to install the driver automatically from the print$ share anymore. The Access Denied message refers to the printer status. I am printing from WinXP Pro SP2, not Linux. There are no other Linux systems on this network. All the other Windows computers that already had their printers installed still work but if I uninstall a printer I cannot reinstall it properly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RETRACT: Re: [Samba] [PATCH] printing patch update
Isn't this supposed to be fixed in 3.0.11pre1 anyway? _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Mon, 10 Jan 2005, Misty Stanley-Jones wrote: This mail was sent in error. The patch does compile. On Monday 10 January 2005 09:33, Misty Stanley-Jones wrote: On Monday 10 January 2005 09:15, Jerome Borsboom wrote: In reviewing the recent printing-3-0-10_v2 patch, I think I have found an omitted 'release_print_db'. The following patch corrects this. Regards, Jerome Borsboom --- samba-3.0.10/source/printing/printing.c 2005-01-10 15:07:27.060999122 +0100 +++ samba-3.0.10.new/source/printing/printing.c 2005-01-10 15:07:36.784464292 +0100 @@ -1077,6 +1077,7 @@ if ( !print_cache_expired(sharename, False) ) { DEBUG(5,(print_queue_update_internal: print cache for %s is still ok\n, sharename)); + release_print_db( pdb ); return; } I tried adding this to printing.c in 3.0.11pre1 and it does not compile: Compiling printing/printing.c printing/printing.c: In function `print_cache_expired': printing/printing.c:1038: warning: passing arg 3 of `tdb_fetch_uint32' from incompatible pointer type printing/printing.c: In function `print_queue_update_internal': printing/printing.c:2713: error: parse error at end of input printing/printing.c:30: warning: `remove_from_jobs_changed' used but never defined make: *** [printing/printing.o] Error 1 Just thought you would like to know, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance problems with 3.0.10
What do you mean with performance problem. I ask this question because I upgraded my samba version 3.0.7 - 3.0.10 and all windows 9x clients have problem when use office 97 files. The network is very slow and CPU is 100%. Maybe is because my office97 is installed to my server ? The windows 2000 client not have this problem because office97 is not used from server. Sheikji Nazirudeen a écrit : Hello folks, Has anyone experienced problems with ver 3.0.10? I just upgraded to 3.0.10 and have been having my memory eaten up. Any help would be appreciated. Sheikji Nazirudeen IT Analyst Syracuse University 315-443-1207 -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Lingering WinXP SP2 issues
I have this problem. Well, I don't have it now. Here's when I started to have it. I have queues named things like \\njmsa-lm\djnlab. I decided, when I noticed the names are stored in .tdb's, not smb.conf, that I would rename them to more civilized names from the Windows side. I called the afforementioned printer: \\njmsa-lm\Lab Poster Printer (djnlab) ...this worked... sometimes. Sometimes I'd see the error above. I made it go away by naming things back the way they were, but I'd really like to do what I described. The other thing that seemed to cause it sometimes (or cause other confusion) was having a djnlab and djnlab1 (djnlab1 was mapped from a staff machine only and was rather unrestricted, djnlab was mapped from lab machines and had a time-of-day restriction). Occaisionally, it appeared as if a change to one would affect the wrong printer. Another related note: why is it that installing a new printer driver renames the printer? (ie. set up share, djnlab. Install printer Driver. Printer gets named hp designjet 42 ps3 without my permission). Is this expected behavior? _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Thu, 13 Jan 2005, David Schlenk wrote: On Jan 13, 2005, at 12:11 PM, Paul Gienger wrote: from connecting to this print queue. Please contact your system administrator. on a select few queues. This occurs only on WXP SP2 machines You didn't have this issue before SP2? AFAIK, you should see this all the time (SP2 or not, even w/2000) when a non-admin user connects, provided the printer hasn't been installed already as by someone with admin. Nope. Worked fine, prior. I will play around with that and see if I can get a pattern though. It does only affect certain drivers, so maybe it wasn't supposed to be working before and now correctly isn't working. --- On Jan 13, 2005, at 12:18 PM, Misty Stanley-Jones wrote: On Thursday 13 January 2005 13:11, Paul Gienger wrote: Has anyone else had this behavior? Any fixes (deleting tdb files perhaps)? It's a client side issue, no server changes would fix it aside from making the user a member of Domain Admins, thereby giving local admin. That's most likely not what you REALLY want to do though. It would be solved by using [PRINT$] share and storing all your printer drivers on the server. A normal user will be able to connect to a network printer but won't be able to install any drivers. The only users of mine who have to be administrator are the ones who need to use a printer which will not store its drivers on the server. I do this already. Used to work great. :) -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance problems with 3.0.10
I am having some problems. Apparently one of my machines that is used as a print monitor (running the queues on a Win98 screen) with the default 'lpq cache time=' value was running at 100% CPU. I'm not sure what's causing it and haven't had the time to mess with tracing, etc, yet. But that problem has been reported to me a number of times so far. I forget what the default is, but before someone warns me (I had proposed using = 5 to solve the print queue problem) about my settings I just wanted to mention that. ;) _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Fri, 14 Jan 2005, Stéphane Purnelle wrote: What do you mean with performance problem. I ask this question because I upgraded my samba version 3.0.7 - 3.0.10 and all windows 9x clients have problem when use office 97 files. The network is very slow and CPU is 100%. Maybe is because my office97 is installed to my server ? The windows 2000 client not have this problem because office97 is not used from server. Sheikji Nazirudeen a écrit : Hello folks, Has anyone experienced problems with ver 3.0.10? I just upgraded to 3.0.10 and have been having my memory eaten up. Any help would be appreciated. Sheikji Nazirudeen IT Analyst Syracuse University 315-443-1207 -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Delayed Write Error in Windows XP (Samba 3.0.9/HP-UX 11i)
I'm seeing these Delayed Write failed messages pop up occaisionally on XP Desktops, in fact most frequently upon installing printer drivers to PRINT$. Everything seems to work anyway, but I was wondering if anyone else has seen this. Server is an HP-UX 11i machine as described. Thanks for any feedback or requests for more info. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] TCP_NODELAY and TCP_MAXSEG on HP-UX 11i
So far, bugs 2072 and 2140 have reported this condition. I was wondering if there was any movement on it. I know Richard Allen, author of 2140 and apparently the patch to bug 1065, had said he'd do some work on it. My fix for now has been ripping the #ifdef's out of config.h, but I still get a lot of complaints in the system log files about TCP_NODELAY, et. al: [2005/01/14 16:36:36, 0] lib/util_sock.c:set_socket_options(202) Failed to set socket option SO_KEEPALIVE (Error Invalid argument) [2005/01/14 16:36:36, 0] lib/util_sock.c:set_socket_options(202) Failed to set socket option TCP_NODELAY (Error Invalid argument) It's hard to rule out stupid Samba admin tricks when these bugs are floating around in there... if I had more time and resources I'd love to attempt to patch these myself, but I'd probably only make things worse. (do you guys offer support contracts? maybe a little money couldn't hurt as far as getting these bugs fixed? ;)) _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Odd LPQ behavior in 3.0.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Novosielski wrote: | I have a service called Server, but none labeled the | way you described it (XP SP2). Does not seem to work | even though it is enabled. Perhaps I have another problem. Windows XP sp2 broke print change notify (even windows to windows). cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6EkSIR7qMdg1EfYRAraoAKCAp47CsaghLXE8zp0VmSO1t/tHAgCgyoCP Gwp0y+BWApdhf6FaNW/zVHo= =eFYW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Domain Name Change
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas M. Skeren III wrote : | | Can I join a Samba PDC to a W2K domain with net rpc or | | is this a bad idea? | | bad idea. Samba 3 cannot currently operate as a BDC for | NT4 or AD domains with Windows DC's | | | Right, I understand. I just wondered if it would | sit there and look like a member server to users on | the other node? Why not just set up a trust between the Samba domain and the AD domain ? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6ElXIR7qMdg1EfYRAgA/AJ95Ue0b2z5hyjYvmBTCxJEJmx+jSQCfe++A dhvDhU9n/RZpPz+u1VuW85Q= =54EG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance problems with 3.0.10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Novosielski wrote: | I am having some problems. Apparently one of my machines that is used as | a print monitor (running the queues on a Win98 screen) with the default | 'lpq cache time=' value was running at 100% CPU. I'm not sure what's | causing it and haven't had the time to mess with tracing, etc, yet. But | that problem has been reported to me a number of times so far. I forget | what the default is, but before someone warns me (I had proposed using = | 5 to solve the print queue problem) about my settings I just wanted to | mention that. ;) 3.0.10 needs the printing patch at http://samba.org/~jerry/patchges/post-3.0.10/ or else memory useage can explode due to an excessive amount of print_queue_update() messages between smbd processes. This is fixed in 3.0.11pre1 (although the print jobs staying in the queue list is apparently not). 3.0.11pre2 is due out next week. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6EsnIR7qMdg1EfYRAgWzAJ9cVEGzRN10bVbt8ObMc/TDDoFeqACg8UuN lJ3Bm2M5WxNDtw2cPK7GHa0= =LEqR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Domain Name Change
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas M. Skeren III wrote : | | Can I join a Samba PDC to a W2K domain with net rpc or | | is this a bad idea? | | bad idea. Samba 3 cannot currently operate as a BDC for | NT4 or AD domains with Windows DC's | | | Right, I understand. I just wondered if it would | sit there and look like a member server to users on | the other node? Why not just set up a trust between the Samba domain and the AD domain ? Goes to the name change thing. I f'd up and named the samba domain the NetBIOS name of the AD domain. DOH!!! cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6ElXIR7qMdg1EfYRAgA/AJ95Ue0b2z5hyjYvmBTCxJEJmx+jSQCfe++A dhvDhU9n/RZpPz+u1VuW85Q= =54EG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2003 member server
I have a Samba 3 pdc set up with ldap password backend, I successfully joined a windows 2003 server to the domain, however I cannot log in with any domain users from the samba pdc. If I log in as a local user on the windows 2003 server I can connect to the samba pdc, and when asked for a username/password, the username and password of a user on the PDC works. I can log in that way and see a user's files on the PDC, however initial authentication fails. My first question is, Is this a supported layout (samba 3 PDC, windows 2003 member server)?. Secondly, what would cause authentication from the windows login prompt to fail, but authentication inside windows to work? Thanks for any help, Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] problems with auto mounted share from Macintosh server on SuSE Linux
My inability to write files to the Samba share seems to have been fixed by upgrading to Mac OS X 10.3.7. I'd still like to know whether the smbmount uid and gid options refer to a user and group on the server or the client system. Cheers, Jane Eisenstein -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to connect to smb shares from second machine in workgroup
Ed Holden wrote: What if you log on as andrew with your Samba password instead of using the long name you have in smbusers? Not sure what you mean here by log on. Do you mean to specify andrew instead of Andrew DeFaria to the username portion of the dialog box that is presented when I attempt to go to \\earth\share? Tried that already. It fails and then leaves username as STARBASE\andrew. First let me say that the password for andrew on my Linux box is the same as the password for Andrew DeFaria on both XP boxes. Again, I can connect from Voyager as Andrew DeFaria - I assume that would really be VOYAGER\Andrew DeFaria. I cannot connect from Starbase as Andrew DeFaria - I assume that would be STARBASE\Andrew DeFaria. I've also tried STARBASE\andrew, UNIVERSE\andrew and even EARTH\andrew. Nothing works but only from Starbase. Yes, it does look like your wireless netwokr is on the same subnet as your wired one, so I'd doubt that the wired test will be successful (but it's probably still worth trying). Still looking for that long cable :-) Yes I would be worth a try because before Voyager arrived on the scene, Starbase stood in it's place and worked just fine. BTW: my hosts allow was something like 192.168.1. 127.. I changed that to specifically allow 192.168.1.100 192.168.1.102 127.. Didn't help. :-( Again, I suspect from the login prompt that you are indeed connecting to Earth, but something in the authentication is going amiss. Exactly. Sorry for my wording of the subject. I can connect - I can't authenticate. Maybe you should increase the debug level to see what turns up in the logs. I did that at one time. A lot came out - nothing stood out as the exact cause. Perhaps I will try again in a more isolated environment and capture the output to post here. Also, have you fixed starbase's group policy security settings? I don't muck with group policy settings. I haven't changed anything. There are a couple XP settings for digitally signing and encrypting data, and sometimes they can cause incompatibilities with Samba. Run gpedit.msc from the Start menu on starbase and the Group Policy editor will pop up. Navigate through it to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. Then disable the following policies: Domain Member: Digitally encrypt or sign secure channel data (always) Domain Member: Digitally sign secure channel data (when possible) Disable them? Or do you mean enable them? Because they are enabled already and I thought Samba preferred such things enabled. Besides Voyager has them enabled and doesn't have problems. Additionally Starbase - Voyager can talk to each other WRT SMB shares. Nonetheless I tried this and have the same problem. What do you think about the fact that nmblookup cannot find Starbase but can find Voyager? I would think before any authentication could be successful Samba would need to be able to locate the machine in question. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r4731 - in branches/SAMBA_3_0/source/lib: .
Author: vlendec Date: 2005-01-14 08:14:22 + (Fri, 14 Jan 2005) New Revision: 4731 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4731 Log: Fix the build Modified: branches/SAMBA_3_0/source/lib/privileges.c Changeset: Modified: branches/SAMBA_3_0/source/lib/privileges.c === --- branches/SAMBA_3_0/source/lib/privileges.c 2005-01-14 02:10:11 UTC (rev 4730) +++ branches/SAMBA_3_0/source/lib/privileges.c 2005-01-14 08:14:22 UTC (rev 4731) @@ -393,10 +393,11 @@ NTSTATUS privilege_set_init(PRIVILEGE_SET *priv_set) { NTSTATUS ret; + TALLOC_CTX *mem_ctx; ZERO_STRUCTP( priv_set ); - TALLOC_CTX *mem_ctx = talloc_init(privilege set); + mem_ctx = talloc_init(privilege set); ALLOC_CHECK(mem_ctx, ret, done, init_privilege); priv_set-mem_ctx = mem_ctx;
svn commit: samba r4732 - in branches/SAMBA_3_0/source/nsswitch: .
Author: vlendec Date: 2005-01-14 12:17:18 + (Fri, 14 Jan 2005) New Revision: 4732 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4732 Log: Even if we have 'password server' set, we need to look up the native DC name via netbios, as the user might have set an IP address or a fqdn. Volker Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2005-01-14 08:14:22 UTC (rev 4731) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2005-01-14 12:17:18 UTC (rev 4732) @@ -557,6 +557,12 @@ if (!resolve_name(dcname, ip, 0x20)) continue; + /* Even if we got the dcname, double check the name to use for +* the netlogon auth2 */ + + if (!name_status_find(domain-name, 0x1c, 0x20, ip, dcname)) + continue; + add_one_dc_unique(mem_ctx, domain-name, dcname, ip, dcs, num_dcs); }
Re: svn commit: samba r4732 - in branches/SAMBA_3_0/source/nsswitch: .
On Fri, Jan 14, 2005 at 12:17:19PM +, [EMAIL PROTECTED] wrote: Even if we have 'password server' set, we need to look up the native DC name via netbios, as the user might have set an IP address or a fqdn. Forgot: Thanks to Martin Zielinski [EMAIL PROTECTED] for finding it. Volker
svn commit: samba-web r505 - in trunk/docs/FAQ: .
Author: deryck Date: 2005-01-14 14:29:16 + (Fri, 14 Jan 2005) New Revision: 505 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=505 Log: Adding questions suggested by Marc. deryck Modified: trunk/docs/FAQ/index.html Changeset: Modified: trunk/docs/FAQ/index.html === --- trunk/docs/FAQ/index.html 2005-01-13 21:59:48 UTC (rev 504) +++ trunk/docs/FAQ/index.html 2005-01-14 14:29:16 UTC (rev 505) @@ -23,5 +23,9 @@ h3Will you include my patch for XYZ feature in the next release?/h3 +h3What should I do if I think I've found a security issue?/h3 +h3What should I do if I think I've found a bug?/h3 + + !--#include virtual=/samba/footer.html --
svn commit: samba r4733 - in trunk/source: . auth include lib passdb rpc_client rpc_parse rpc_server smbd torture utils
Author: jerry Date: 2005-01-14 15:59:00 + (Fri, 14 Jan 2005) New Revision: 4733 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4733 Log: * replace privilege code with work from 3.0 * fix build issues (srv_reg_nt.c, vfstest.c) * merge some additional Makefile changes from 3.0 for tdbdump and tdbtool Removed: trunk/source/passdb/privileges.c Modified: trunk/source/Makefile.in trunk/source/auth/auth_util.c trunk/source/include/privileges.h trunk/source/include/rpc_lsa.h trunk/source/include/smb.h trunk/source/lib/account_pol.c trunk/source/lib/privileges.c trunk/source/lib/util_sid.c trunk/source/passdb/pdb_interface.c trunk/source/passdb/pdb_ldap.c trunk/source/passdb/pdb_tdb.c trunk/source/passdb/util_sam_sid.c trunk/source/rpc_client/cli_lsarpc.c trunk/source/rpc_parse/parse_lsa.c trunk/source/rpc_server/srv_lsa_nt.c trunk/source/rpc_server/srv_pipe_hnd.c trunk/source/rpc_server/srv_reg_nt.c trunk/source/rpc_server/srv_samr_nt.c trunk/source/smbd/conn.c trunk/source/smbd/password.c trunk/source/smbd/sec_ctx.c trunk/source/smbd/service.c trunk/source/smbd/uid.c trunk/source/torture/vfstest.c trunk/source/utils/net.c Changeset: Sorry, the patch is too large (4723 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4733
svn commit: samba r4734 - in trunk: examples/autofs examples/pdb/mysql packaging/Debian/debian-stable packaging/Fedora packaging/Mandrake packaging/RedHat packaging/Solaris packaging/SuSE source source/auth source/client source/include source/lib source/libsmb source/param source/passdb source/printing source/rpc_parse source/rpc_server source/smbd source/tdb source/utils
Author: jerry Date: 2005-01-14 18:14:33 + (Fri, 14 Jan 2005) New Revision: 4734 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4734 Log: more merges from 3.0 and cleanup from the privileges rewrite Added: trunk/packaging/Solaris/samba.init.master Removed: trunk/packaging/Solaris/makepkg.sh.tmpl trunk/packaging/Solaris/pkg-specs/ trunk/packaging/Solaris/samba.server.master Modified: trunk/examples/autofs/auto.smb trunk/examples/pdb/mysql/mysql.dump trunk/packaging/Debian/debian-stable/changelog trunk/packaging/Fedora/samba.spec.tmpl trunk/packaging/Mandrake/samba2.spec.tmpl trunk/packaging/Mandrake/smb.conf trunk/packaging/Mandrake/winbind.init trunk/packaging/RedHat/samba.spec.tmpl trunk/packaging/Solaris/pkginfo.master trunk/packaging/Solaris/postinstall trunk/packaging/Solaris/preremove trunk/packaging/Solaris/prototype.master trunk/packaging/SuSE/samba3-vscan.diff trunk/source/VERSION trunk/source/auth/auth_winbind.c trunk/source/client/client.c trunk/source/client/mount.cifs.c trunk/source/include/includes.h trunk/source/include/md5.h trunk/source/include/passdb.h trunk/source/include/smbldap.h trunk/source/lib/smbldap.c trunk/source/lib/substitute.c trunk/source/lib/util_str.c trunk/source/libsmb/clikrb5.c trunk/source/libsmb/namequery.c trunk/source/param/loadparm.c trunk/source/passdb/pdb_interface.c trunk/source/printing/nt_printing.c trunk/source/printing/printing.c trunk/source/rpc_parse/parse_misc.c trunk/source/rpc_server/srv_netlog_nt.c trunk/source/rpc_server/srv_spoolss_nt.c trunk/source/smbd/chgpasswd.c trunk/source/tdb/tdb.h trunk/source/utils/net_help.c trunk/source/utils/smbpasswd.c trunk/source/utils/testparm.c Changeset: Sorry, the patch is too large (2430 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4734
svn commit: samba r4735 - in trunk: docs examples/LDAP source/include source/lib source/libsmb source/passdb source/printing source/rpc_parse source/rpc_server source/smbd source/torture source/utils
Author: jerry Date: 2005-01-14 19:08:13 + (Fri, 14 Jan 2005) New Revision: 4735 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4735 Log: more mergese from 3.0 Modified: trunk/docs/README-NOW trunk/examples/LDAP/samba.schema trunk/source/include/ads.h trunk/source/include/auth.h trunk/source/lib/account_pol.c trunk/source/lib/genparser_samba.c trunk/source/lib/substitute.c trunk/source/libsmb/clireadwrite.c trunk/source/passdb/pdb_ldap.c trunk/source/passdb/secrets.c trunk/source/printing/printing.c trunk/source/rpc_parse/parse_ds.c trunk/source/rpc_parse/parse_lsa.c trunk/source/rpc_server/srv_samr_util.c trunk/source/smbd/message.c trunk/source/smbd/service.c trunk/source/torture/masktest.c trunk/source/utils/nmblookup.c Changeset: Sorry, the patch is too large (390 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4735
svn commit: samba r4736 - in branches/SAMBA_3_0/source: include lib libads param passdb rpc_client rpc_server rpcclient smbd
Author: jerry Date: 2005-01-14 19:26:13 + (Fri, 14 Jan 2005) New Revision: 4736 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4736 Log: small set of merges from rtunk to minimize the diffs Modified: branches/SAMBA_3_0/source/include/smbldap.h branches/SAMBA_3_0/source/lib/smbldap.c branches/SAMBA_3_0/source/libads/kerberos.c branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/passdb/pdb_get_set.c branches/SAMBA_3_0/source/passdb/pdb_ldap.c branches/SAMBA_3_0/source/rpc_client/cli_lsarpc.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c branches/SAMBA_3_0/source/smbd/conn.c Changeset: Sorry, the patch is too large (270 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4736
svn commit: samba r4737 - in trunk/source/modules: .
Author: jra Date: 2005-01-14 20:23:16 + (Fri, 14 Jan 2005) New Revision: 4737 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4737 Log: Fix for bug #2238 - memory leak in shadow copy vfs. Jeremy. Modified: trunk/source/modules/vfs_shadow_copy.c Changeset: Modified: trunk/source/modules/vfs_shadow_copy.c === --- trunk/source/modules/vfs_shadow_copy.c 2005-01-14 19:26:13 UTC (rev 4736) +++ trunk/source/modules/vfs_shadow_copy.c 2005-01-14 20:23:16 UTC (rev 4737) @@ -137,6 +137,7 @@ { shadow_copy_Dir *dirp = (shadow_copy_Dir *)_dirp; + SAFE_FREE(dirp-dirs); SAFE_FREE(dirp); return 0;
svn commit: samba r4738 - in branches/SAMBA_3_0/source/modules: .
Author: jra Date: 2005-01-14 20:23:22 + (Fri, 14 Jan 2005) New Revision: 4738 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4738 Log: Fix for bug #2238 - memory leak in shadow copy vfs. Jeremy. Modified: branches/SAMBA_3_0/source/modules/vfs_shadow_copy.c Changeset: Modified: branches/SAMBA_3_0/source/modules/vfs_shadow_copy.c === --- branches/SAMBA_3_0/source/modules/vfs_shadow_copy.c 2005-01-14 20:23:16 UTC (rev 4737) +++ branches/SAMBA_3_0/source/modules/vfs_shadow_copy.c 2005-01-14 20:23:22 UTC (rev 4738) @@ -137,6 +137,7 @@ { shadow_copy_Dir *dirp = (shadow_copy_Dir *)_dirp; + SAFE_FREE(dirp-dirs); SAFE_FREE(dirp); return 0;
svn commit: samba r4739 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jerry Date: 2005-01-14 21:05:54 + (Fri, 14 Jan 2005) New Revision: 4739 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4739 Log: require membership in Domain Admins to be able to set privileges Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2005-01-14 20:23:22 UTC (rev 4738) +++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2005-01-14 21:05:54 UTC (rev 4739) @@ -954,7 +954,14 @@ if (!(handle-access POLICY_GET_PRIVATE_INFORMATION)) return NT_STATUS_ACCESS_DENIED; + /* check to see if the pipe_user is a Domain Admin since + account_pol.tdb was already opened as root, this is all we have */ + + if ( !nt_token_check_domain_rid( p-pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + return NT_STATUS_ACCESS_DENIED; + /* associate the user/group SID with the (unique) handle. */ + if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL) return NT_STATUS_NO_MEMORY; @@ -1085,6 +1092,12 @@ if (!find_policy_by_hnd(p, q_u-pol, (void **)info)) return NT_STATUS_INVALID_HANDLE; + /* check to see if the pipe_user is a Domain Admin since + account_pol.tdb was already opened as root, this is all we have */ + + if ( !nt_token_check_domain_rid( p-pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + return NT_STATUS_ACCESS_DENIED; + if (!pdb_getgrsid(map, info-sid)) return NT_STATUS_NO_SUCH_GROUP; @@ -1108,6 +1121,12 @@ /* find the connection policy handle. */ if (!find_policy_by_hnd(p, q_u-pol, (void **)info)) return NT_STATUS_INVALID_HANDLE; + + /* check to see if the pipe_user is a Domain Admin since + account_pol.tdb was already opened as root, this is all we have */ + + if ( !nt_token_check_domain_rid( p-pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + return NT_STATUS_ACCESS_DENIED; set = q_u-set; @@ -1142,6 +1161,12 @@ if (!find_policy_by_hnd(p, q_u-pol, (void **)info)) return NT_STATUS_INVALID_HANDLE; + /* check to see if the pipe_user is a Domain Admin since + account_pol.tdb was already opened as root, this is all we have */ + + if ( !nt_token_check_domain_rid( p-pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + return NT_STATUS_ACCESS_DENIED; + set = q_u-set; for (i = 0; i set-count; i++) {
svn commit: samba r4740 - in branches/SAMBA_3_0/source: printing rpc_server
Author: jerry Date: 2005-01-14 21:24:15 + (Fri, 14 Jan 2005) New Revision: 4740 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4740 Log: allow SE_PRINT_OPERATORS to have printer admin access Modified: branches/SAMBA_3_0/source/printing/nt_printing.c branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: branches/SAMBA_3_0/source/printing/nt_printing.c === --- branches/SAMBA_3_0/source/printing/nt_printing.c2005-01-14 21:05:54 UTC (rev 4739) +++ branches/SAMBA_3_0/source/printing/nt_printing.c2005-01-14 21:24:15 UTC (rev 4740) @@ -5034,6 +5034,11 @@ print_job_delete, print_job_pause, print_job_resume, print_queue_purge + Try access control in the following order (for performance reasons): +1) root ans SE_PRINT_OPERATOR can do anything (easy check) +2) check security descriptor (bit comparisons in memory) +3) printer admins (may result in numerous calls to winbind) + / BOOL print_access_check(struct current_user *user, int snum, int access_type) { @@ -5050,10 +5055,9 @@ if (!user) user = current_user; - /* Always allow root or printer admins to do anything */ + /* Always allow root or SE_PRINT_OPERATROR to do anything */ - if (user-uid == 0 || - user_in_list(uidtoname(user-uid), lp_printer_admin(snum), user-groups, user-ngroups)) { + if ( user-uid == 0 || user_has_privilege(user-nt_user_token, SE_PRINT_OPERATOR) ) { return True; } @@ -5102,6 +5106,13 @@ DEBUG(4, (access check was %s\n, result ? SUCCESS : FAILURE)); +/* see if we need to try the printer admin list */ + +if ( access_granted == 0 ) { +if ( user_in_list(uidtoname(user-uid), lp_printer_admin(snum), user-groups, user-ngroups) ) +return True; +} + talloc_destroy(mem_ctx); if (!result) Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2005-01-14 21:05:54 UTC (rev 4739) +++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2005-01-14 21:24:15 UTC (rev 4740) @@ -1689,10 +1689,12 @@ return WERR_ACCESS_DENIED; } - /* if the user is not root and not a printer admin, then fail */ + /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, + and not a printer admin, then fail */ if ( user.uid != 0 - !user_in_list(uidtoname(user.uid), lp_printer_admin(snum), user.groups, user.ngroups) ) +!user_has_privilege( user.nt_user_token, SE_PRINT_OPERATOR ) +!user_in_list(uidtoname(user.uid), lp_printer_admin(snum), user.groups, user.ngroups) ) { close_printer_handle(p, handle); return WERR_ACCESS_DENIED;
svn commit: samba-web r506 - in trunk/news: articles team
Author: deryck Date: 2005-01-14 21:47:09 + (Fri, 14 Jan 2005) New Revision: 506 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=506 Log: Adding item about abartlet's Samba 3.0 / Samba 4 integration paper. deryck Added: trunk/news/articles/samba3-4_integration.pdf trunk/news/team/abartlet_integration.html Changeset: Sorry, the patch is too large (692 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=506
svn commit: samba-web r507 - in trunk/news/team: .
Author: deryck Date: 2005-01-14 22:07:41 + (Fri, 14 Jan 2005) New Revision: 507 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=507 Log: Make format consist with abartlet's formatting. deryck Modified: trunk/news/team/abartlet_integration.html Changeset: Modified: trunk/news/team/abartlet_integration.html === --- trunk/news/team/abartlet_integration.html 2005-01-14 21:47:09 UTC (rev 506) +++ trunk/news/team/abartlet_integration.html 2005-01-14 22:07:41 UTC (rev 507) @@ -2,14 +2,14 @@ div class=article pSamba Team member a href=http://samba.org/~abartlet;Andrew Bartlett/a has -written a paper on Samba3/Samba4 integration. The paper explores past attempts +written a paper on Samba 3.0 / Samba4 integration. The paper explores past attempts at merges between the current production Samba 3.0 release and the Samba4 development branch. The paper moves through an overview of existing interfaces in Samba 3.0 and Samba4 and examines the possibilities for future integration between the two code bases and their vastly different interface designs./p pThis paper is targeted primarily at groups implementing Samba, and offers Andrew's -perspective on questions that might arise from those currently running Samba3 as a Samba4 +perspective on questions that might arise from those currently running Samba 3.0 as a Samba4 release grows more imminent. It's a nicely written piece, certainly worth the time to read. So check out a href=/samba/news/articles/samba3-4_integration.pdfPossibilities for Samba 3.0 / Samba4 Integration/a./p
svn commit: samba r4741 - in trunk/packaging: Mandrake Solaris
Author: jerry Date: 2005-01-14 22:57:57 + (Fri, 14 Jan 2005) New Revision: 4741 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4741 Log: merging some more files from 3.0 Added: trunk/packaging/Mandrake/samba-3.0.2a-smbldap-config.patch trunk/packaging/Mandrake/samba-3.0.6-revert-libsmbclient-move.patch trunk/packaging/Mandrake/smb-migrate trunk/packaging/Solaris/makepkg.sh trunk/packaging/Solaris/smb.conf.default Changeset: Sorry, the patch is too large (836 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4741
Build status as of Sat Jan 15 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-01-14 00:00:38.0 + +++ /home/build/master/cache/broken_results.txt 2005-01-15 00:00:31.0 + @@ -1,4 +1,4 @@ -Build status as of Fri Jan 14 00:00:01 2005 +Build status as of Sat Jan 15 00:00:02 2005 Build counts: Tree Total Broken Panic @@ -6,51 +6,38 @@ distcc 33 3 0 ppp 10 0 0 rsync36 1 0 -samba2 2 0 +samba2 1 1 samba-docs 0 0 0 -samba4 38 11 0 -samba_3_038 21 1 +samba4 38 12 0 +samba_3_038 8 1 Currently broken builds: Host Tree Compiler Status mungerasamba_3_0gccok/ok/ok/ 2/PANIC fusberta samba4 gccok/ 2/?/? -fusberta samba_3_0gccok/ 2/?/? -sasoe_smb samba_3_0gccok/ 2/?/? -samba-s390 samba_3_0gccok/ 2/?/? rhonwynsamba4 gcc-4.0ok/ 2/?/? rhonwynsamba_3_0gcc-4.0ok/ 2/?/? superego samba4 gccok/ 2/?/? gc8samba4 gccok/ 1/?/? -gc8samba_3_0gccok/ 1/?/? -aretnapsamba_3_0gccok/ 1/?/? -gc4samba_3_0gccok/ 1/?/? +gc4samba4 gcc 127/?/?/? smartserv1 samba_3_0gcc-4.0ok/ok/ok/ 2 gwen distcc cc ok/ 1/?/? gwen samba4 cc ok/ 1/?/? -au2distcc cc ok/ 1/?/? -au2samba_3_0cc 126/?/?/? +au2distcc cc 126/?/?/? au2distcc gccok/ 1/?/? -au2samba_3_0gccok/ 1/?/? us4samba4 cc ok/ 1/?/? -us4samba_3_0cc ok/ 1/?/? us4samba4 gccok/ 1/?/? flock samba4 gccok/ 1/?/? -flock samba_3_0gccok/ 1/?/? -svamp samba_3_0gccok/ 2/?/? +svamp samba_3_0gccok/ok/ok/ 42 opisol10 ccache gccok/ok/ok/ 1 opisol10 samba4 gccok/ 1/?/? opisol10 samba_3_0gccok/ 1/?/? gc20 samba4 gccok/ 2/?/? -gc20 samba_3_0gccok/ 2/?/? sun1 samba_3_0cc ok/ 2/?/? -sun1 samba_3_0gccok/ 2/?/? fire1 samba_3_0cc ok/ 2/?/? m30ccache gccok/ok/ok/ 2 m30rsyncgccok/ 2/?/? m30samba4 gccok/ 2/?/? -m30samba_3_0gccok/ok/ok/ 42 -metze02sambagccok/ 2/?/? -metze02samba_3_0gccok/ 2/?/? -metze01sambagccok/ 2/?/? +m30samba_3_0gccok/ 2/?/? +metze01sambagccok/ok/ok/ 1/PANIC
svn commit: samba r4742 - in branches/SAMBA_3_0/source: lib rpc_parse rpc_server rpcclient
Author: jerry Date: 2005-01-15 02:20:30 + (Sat, 15 Jan 2005) New Revision: 4742 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4742 Log: add server support for lsa_add/remove_account_rights() and fix some parsing bugs related to that code Modified: branches/SAMBA_3_0/source/lib/privileges.c branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c Changeset: Sorry, the patch is too large (420 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4742
svn commit: samba r4743 - in trunk/source: lib printing rpc_parse rpc_server rpcclient
Author: jerry Date: 2005-01-15 02:28:26 + (Sat, 15 Jan 2005) New Revision: 4743 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4743 Log: svn merge -r4738:4742 from 3.0 Modified: trunk/source/lib/privileges.c trunk/source/printing/nt_printing.c trunk/source/rpc_parse/parse_lsa.c trunk/source/rpc_server/srv_lsa.c trunk/source/rpc_server/srv_lsa_nt.c trunk/source/rpc_server/srv_spoolss_nt.c trunk/source/rpcclient/cmd_lsarpc.c Changeset: Sorry, the patch is too large (538 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4743
svn commit: samba r4744 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: tridge Date: 2005-01-15 02:54:53 + (Sat, 15 Jan 2005) New Revision: 4744 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4744 Log: until we decide what to do about attribute aliasing (see my recent samba-technical posting), this is an interim solution that makes us work pretty much like w2k3 does. Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2005-01-15 02:28:26 UTC (rev 4743) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2005-01-15 02:54:53 UTC (rev 4744) @@ -150,12 +150,13 @@ continue; } - if (ldb_attr_cmp(attrs[i], dn) == 0) { + if (ldb_attr_cmp(attrs[i], dn) == 0 || + ldb_attr_cmp(attrs[i], distinguishedName) == 0) { struct ldb_message_element el2; struct ldb_val val; el2.flags = 0; - el2.name = talloc_strdup(ret, dn); + el2.name = talloc_strdup(ret, attrs[i]); if (!el2.name) { talloc_free(ret); return NULL; @@ -501,7 +502,8 @@ } if (tree-operation == LDB_OP_SIMPLE - ldb_attr_cmp(tree-u.simple.attr, dn) == 0 + (ldb_attr_cmp(tree-u.simple.attr, dn) == 0 || +ldb_attr_cmp(tree-u.simple.attr, distinguishedName) == 0) !ltdb_has_wildcard(module, tree-u.simple.attr, tree-u.simple.value)) { /* yay! its a nice simple one */ ret = ltdb_search_dn(module, tree-u.simple.value.data, attrs, res);
svn commit: samba r4745 - in branches/SAMBA_4_0/source/rpc_server/samr: .
Author: tridge Date: 2005-01-15 03:48:15 + (Sat, 15 Jan 2005) New Revision: 4745 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4745 Log: remove the distinguishedName attribute adds from samr. See the discussion on samba-technical about this. Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c === --- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2005-01-15 02:54:53 UTC (rev 4744) +++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2005-01-15 03:48:15 UTC (rev 4745) @@ -528,7 +528,6 @@ if (!msg-dn) { return NT_STATUS_NO_MEMORY; } - samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, distinguishedName, msg-dn); samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, name, groupname); samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, cn, groupname); samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, sAMAccountName, groupname); @@ -796,7 +795,6 @@ if (!msg-dn) { return NT_STATUS_NO_MEMORY; } - samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, distinguishedName, msg-dn); samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, name, account_name); samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, cn, account_name); samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, sAMAccountName, account_name); @@ -1016,7 +1014,6 @@ return NT_STATUS_NO_MEMORY; } - samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, distinguishedName, msg-dn); samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, name, aliasname); samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, cn, aliasname); samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, sAMAccountName, aliasname); @@ -2162,8 +2159,6 @@ memberdn = msg-dn; samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, -distinguishedName, msg-dn); - samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, name, sidstr); samdb_msg_add_string(d_state-sam_ctx, mem_ctx, msg, objectClass,
svn commit: samba r4746 - in branches/SAMBA_3_0/source: lib nsswitch rpc_parse rpc_server
Author: jerry Date: 2005-01-15 03:54:03 + (Sat, 15 Jan 2005) New Revision: 4746 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4746 Log: add server support for lsa_enum_acct_rights(); last checkin for the night Modified: branches/SAMBA_3_0/source/lib/util_str.c branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util_str.c === --- branches/SAMBA_3_0/source/lib/util_str.c2005-01-15 03:48:15 UTC (rev 4745) +++ branches/SAMBA_3_0/source/lib/util_str.c2005-01-15 03:54:03 UTC (rev 4746) @@ -2092,3 +2092,19 @@ safe_strcat(*left, right, new_len-1); } + +BOOL add_string_to_array(TALLOC_CTX *mem_ctx, +const char *str, const char ***strings, +int *num) +{ + char *dup_str = talloc_strdup(mem_ctx, str); + + *strings = TALLOC_REALLOC_ARRAY(mem_ctx, *strings, const char *, (*num)+1); + + if ((*strings == NULL) || (dup_str == NULL)) + return False; + + (*strings)[*num] = dup_str; + *num += 1; + return True; +} Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2005-01-15 03:48:15 UTC (rev 4745) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2005-01-15 03:54:03 UTC (rev 4746) @@ -446,21 +446,6 @@ return True; } -static BOOL add_string_to_array(TALLOC_CTX *mem_ctx, - const char *str, char ***array, int *num) -{ - char *dup_str = talloc_strdup(mem_ctx, str); - - *array = TALLOC_REALLOC_ARRAY(mem_ctx, *array, char *, (*num)+1); - - if ((*array == NULL) || (dup_str == NULL)) - return False; - - (*array)[*num] = dup_str; - *num += 1; - return True; -} - static BOOL add_sockaddr_to_array(TALLOC_CTX *mem_ctx, struct in_addr ip, uint16 port, struct sockaddr_in **addrs, int *num) Modified: branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c 2005-01-15 03:48:15 UTC (rev 4745) +++ branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c 2005-01-15 03:54:03 UTC (rev 4746) @@ -2300,6 +2300,33 @@ } /*** +/ +NTSTATUS init_r_enum_acct_rights( LSA_R_ENUM_ACCT_RIGHTS *r_u, PRIVILEGE_SET *privileges ) +{ + uint32 i; + char *privname; + const char **privname_array = NULL; + int num_priv = 0; + + for ( i=0; iprivileges-count; i++ ) { + privname = luid_to_privilege_name( privileges-set[i].luid ); + if ( privname ) { + if ( !add_string_to_array( get_talloc_ctx(), privname, privname_array, num_priv ) ) + return NT_STATUS_NO_MEMORY; + } + } + + if ( num_priv ) { + if ( !init_unistr2_array( r_u-rights, num_priv, privname_array ) ) + return NT_STATUS_NO_MEMORY; + + r_u-count = num_priv; + } + + return NT_STATUS_OK; +} + +/*** reads or writes a LSA_Q_ENUM_ACCT_RIGHTS structure. / BOOL lsa_io_q_enum_acct_rights(const char *desc, LSA_Q_ENUM_ACCT_RIGHTS *q_q, prs_struct *ps, int depth) Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa.c === --- branches/SAMBA_3_0/source/rpc_server/srv_lsa.c 2005-01-15 03:48:15 UTC (rev 4745) +++ branches/SAMBA_3_0/source/rpc_server/srv_lsa.c 2005-01-15 03:54:03 UTC (rev 4746) @@ -704,6 +704,37 @@ } /*** + api_lsa_enum_acct_rights + ***/ + +static BOOL api_lsa_enum_acct_rights(pipes_struct *p) +{ + LSA_Q_ENUM_ACCT_RIGHTS q_u; + LSA_R_ENUM_ACCT_RIGHTS r_u; + + prs_struct *data = p-in_data.data; + prs_struct *rdata = p-out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_enum_acct_rights(, q_u, data, 0)) { + DEBUG(0,(api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n)); + return False; + } + + r_u.status = _lsa_enum_acct_rights(p, q_u, r_u); + + /* store the
svn commit: samba r4747 - in trunk/source: rpc_parse rpc_server
Author: jerry Date: 2005-01-15 03:55:51 + (Sat, 15 Jan 2005) New Revision: 4747 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4747 Log: merge of lsa_enum_acct_right() server support from 3.0 Modified: trunk/source/rpc_parse/parse_lsa.c trunk/source/rpc_server/srv_lsa.c trunk/source/rpc_server/srv_lsa_nt.c Changeset: Modified: trunk/source/rpc_parse/parse_lsa.c === --- trunk/source/rpc_parse/parse_lsa.c 2005-01-15 03:54:03 UTC (rev 4746) +++ trunk/source/rpc_parse/parse_lsa.c 2005-01-15 03:55:51 UTC (rev 4747) @@ -2300,6 +2300,33 @@ } /*** +/ +NTSTATUS init_r_enum_acct_rights( LSA_R_ENUM_ACCT_RIGHTS *r_u, PRIVILEGE_SET *privileges ) +{ + uint32 i; + char *privname; + const char **privname_array = NULL; + int num_priv = 0; + + for ( i=0; iprivileges-count; i++ ) { + privname = luid_to_privilege_name( privileges-set[i].luid ); + if ( privname ) { + if ( !add_string_to_array( get_talloc_ctx(), privname, privname_array, num_priv ) ) + return NT_STATUS_NO_MEMORY; + } + } + + if ( num_priv ) { + if ( !init_unistr2_array( r_u-rights, num_priv, privname_array ) ) + return NT_STATUS_NO_MEMORY; + + r_u-count = num_priv; + } + + return NT_STATUS_OK; +} + +/*** reads or writes a LSA_Q_ENUM_ACCT_RIGHTS structure. / BOOL lsa_io_q_enum_acct_rights(const char *desc, LSA_Q_ENUM_ACCT_RIGHTS *q_q, prs_struct *ps, int depth) Modified: trunk/source/rpc_server/srv_lsa.c === --- trunk/source/rpc_server/srv_lsa.c 2005-01-15 03:54:03 UTC (rev 4746) +++ trunk/source/rpc_server/srv_lsa.c 2005-01-15 03:55:51 UTC (rev 4747) @@ -704,6 +704,37 @@ } /*** + api_lsa_enum_acct_rights + ***/ + +static BOOL api_lsa_enum_acct_rights(pipes_struct *p) +{ + LSA_Q_ENUM_ACCT_RIGHTS q_u; + LSA_R_ENUM_ACCT_RIGHTS r_u; + + prs_struct *data = p-in_data.data; + prs_struct *rdata = p-out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_enum_acct_rights(, q_u, data, 0)) { + DEBUG(0,(api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n)); + return False; + } + + r_u.status = _lsa_enum_acct_rights(p, q_u, r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_enum_acct_rights(, r_u, rdata, 0)) { + DEBUG(0,(api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n)); + return False; + } + + return True; +} + +/*** api_lsa_query_info2 ***/ @@ -761,6 +792,7 @@ { LSA_REMOVEPRIVS , LSA_REMOVEPRIVS , api_lsa_removeprivs }, { LSA_ADDACCTRIGHTS , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights }, { LSA_REMOVEACCTRIGHTS, LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights }, + { LSA_ENUMACCTRIGHTS , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights }, { LSA_QUERYSECOBJ , LSA_QUERYSECOBJ , api_lsa_query_secobj }, /* be careful of the adding of new RPC's. See commentrs below about ADS DC capabilities */ Modified: trunk/source/rpc_server/srv_lsa_nt.c === --- trunk/source/rpc_server/srv_lsa_nt.c2005-01-15 03:54:03 UTC (rev 4746) +++ trunk/source/rpc_server/srv_lsa_nt.c2005-01-15 03:55:51 UTC (rev 4747) @@ -1404,9 +1404,6 @@ if ( !nt_token_check_domain_rid( p-pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) return NT_STATUS_ACCESS_DENIED; - /* according to an NT4 PDC, you can add privileges to SIDs even without - call_lsa_create_account() first. And you can use any arbitrary SID. */ - sid_copy( sid, q_u-sid.sid ); if ( q_u-removeall ) { @@ -1429,7 +1426,7 @@ /* only try to add non-null strings */ if ( *privname !revoke_privilege_by_name( sid, privname ) ) { - DEBUG(2,(_lsa_remove_acct_rights: Failed to add privilege [%s]\n, privname )); +
svn commit: samba r4748 - in branches/SAMBA_4_0/source: . script
Author: tridge Date: 2005-01-15 06:18:23 + (Sat, 15 Jan 2005) New Revision: 4748 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4748 Log: removed unnecessary distinguishedName from provisioning Modified: branches/SAMBA_4_0/source/provision.ldif branches/SAMBA_4_0/source/script/provision.pl Changeset: Sorry, the patch is too large (289 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4748