date:20050118

Wil Cooley wrote:
On 2005-01-18, gary ng [EMAIL PROTECTED] wrote:

does samba server access the disk periodically even it
is not serving any client ? I am trying to setup a
home server which is not frequently used and set the
HD to spin down after 60s inactivity. But it get kicks
up again apparently by samba(stoping samba and the
disk won't spin up anymore). I think it is a 3 minute
or so interval.
Is there a way to tell it not to as I can sacrifice
some performance in exchange for much less noise and
some power savings.

Short of a good answer, here's a guess: Logging with disk buffering.
Set your loglevel to 0 and see if it stops.
doesn't it also look into smb.conf periodically for changes? I'm not 
sure if it can be disabled, though (putting this file in ramdisk would 
be a solution if there is no other way to stop Samba from looking into 
that file).

Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

AW: [Samba] Slow write access with Samba 3.0.10-Debian

2005-01-18 Thread Markus Wollny

By the way, the wait-period before the write access is committed or whatever 
is always precisely 30 seconds, so I believe, that there may be some timeout 
issue before samba is actually doing what it's supposed to do. Has anybody got 
an idea?

 -Ursprüngliche Nachricht-
 Von: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED]
 g] Im Auftrag von Markus Wollny
 Gesendet: Montag, 17. Januar 2005 18:19
 An: samba@lists.samba.org
 Betreff: [Samba] Slow write access with Samba 3.0.10-Debian
 
 Hi!
  
 I've got a problem with write access on samba fileshares 
 mounted via fstab on two Debian Sarge servers. These servers 
 are behind firewalls and can only access each other, so 
 security is not an issue. They are configured as follows:
  
 I'll use placeholders for IP-adresses, usernames, passwords 
 etc. just out of paranoia, I do know, that these IPs do not 
 make sense ;)
  
 the servers are server1 with the ip 123.123.123.101 and 
 server2 with the ip 213.123.123.102
  
 fstab-entry of server1:
 //123.123.123.101/service /path/to/mountpoint  smbfs
 password=mypass,uid=myuser,gid=mygroup,fmask=666,dmask=777,rw 0 0
  
 fstab-entry of server2:
 //123.123.123.102/service /path/to/mountpoint  smbfs
 password=mypass,uid=myuser,gid=mygroup,fmask=666,dmask=777,rw 0 0
  
 smb.conf for server1 is
 ---
 # Global parameters
 [global]
 workgroup = MYWORKGROUP
 netbios name = SERVER1
 security = SHARE
 time server = Yes
 map to guest = Bad User
 guest account = myuser
 log level = 1
 syslog = 0
 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
 printcap name = cups
 os level = 2
 default service = service
 printing = cups
 print command =
 lpq command =
 lprm command =
 veto files = /*.eml/*.nws/riched20.dll/*.{*}/
 
 [service]
 path = /path/to/folder
 read only = No
 guest ok = Yes
 guest only = Yes
 hosts allow = All
 nt acl support = No
 hide dot files = No
 ---
 smb.conf for server2 is identical, except for netbios name = SERVER2.
  
 When I connect to Server1, cd to /path/to/mountpoint and 
 issue echo 1234
  test.txt, it takes 30 seconds before the command prompt returns. The
 file is written okay. An rm test.txt is executed 
 instantaneously, as is an ls or any read-operation on a file 
 on the mounted fileshare. It's just write-access which is 
 always delayed by half a minute. The curious thing is, that I 
 can connect from a windows box and just write to the 
 fileshare like to a local drive with no noticeable delay 
 whatsoever. The same applies to an older SuSE Linux 8.2 box 
 with Samba version 2.2.7a-SuSE - I can write to the shares on 
 server1 and server2 without any such delay. This leads me to 
 the conclusion, that there must be some problem in the way, 
 the two boxes are accessing each others' shares.
 Unfortunately I haven't got a clue how I could further 
 diagnose the problem. I'd be very happy if someone could give 
 me a hint in the right direction. Thank you very much!
 
 Kind regards
 
Markus
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] IdealX

2005-01-18 Thread Duncan Brannen


Have IdealX.org lost their domain?  it seems to have been pinched by some 
company selling domains.

Site is partially mirrored at Idealx.com but stil links to 
idealx.org.  Replace idealx.org urls
with idealx.com but the samba downloadable stuff isn't there at the moment.

  Duncan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] IdealX

thats because you need to use http://www.idealx.org
Duncan Brannen wrote:

Have IdealX.org lost their domain?  it seems to have been pinched by 
some company selling domains.

Site is partially mirrored at Idealx.com but stil links to 
idealx.org.  Replace idealx.org urls
with idealx.com but the samba downloadable stuff isn't there at the 
moment.

  Duncan
--

Daniel Wilson
Systems Administrator
IT  Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road
Sunderland
SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be 
privileged and is for the exclusive use of the recipient.
It is the responsibility of the recipient to ensure that this message 
and its attachments are virus free.
Any views or opinions presented are solely those of the author and do 
not necessarily represent those of the University, unless otherwise 
specifically
stated.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] IdealX

Duncan Brannen wrote:

Have IdealX.org lost their domain?  it seems to have been pinched by 
some company selling domains.

Site is partially mirrored at Idealx.com but stil links to idealx.org.  
Replace idealx.org urls
with idealx.com but the samba downloadable stuff isn't there at the moment.
IdealX.org works for me from several IPs (in different locations).
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] how to check IP addresses of machines in the network?

Hello,
This post is similar to what I posted yesterday 'smbclient -L host to 
list IP addresses - possible?'.

I have a PDC in one place and many workstations in different other 
places connected using WAN/VPN.

These workstations have rather changing IPs assigned by DHCP.
Sometimes I need to connect to these machines using VNC, for example, 
connect to machine AC-PC001 to show something to the user or fix 
something when a user is not there.

However, smbclient -L pdc gives me only netbios names, and not IP addresses:
$ smbclient -L pdc
(...)
Server   Comment
----
AC-PC001
AC-PC002
How can I list workstations with their netbios names and corresponding 
IP addresses?

Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] User in passdb, but getpwnam() fails!

2005-01-18 Thread Adi Nugraha

Hi
my problem is just like the subject, I could browse the shares with the same
username  password but I can't login to the domain, I'm using samba 3.0.2.a
with ldap backend, can anyone help me with this, I know it's been posted
before but I can't find a solution.

thanks

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to check IP addresses of machines in the network?

try the tool that comes with samba (findsmb)?!
Tomasz Chmielewski wrote:
Hello,
This post is similar to what I posted yesterday 'smbclient -L host 
to list IP addresses - possible?'.

I have a PDC in one place and many workstations in different other 
places connected using WAN/VPN.

These workstations have rather changing IPs assigned by DHCP.
Sometimes I need to connect to these machines using VNC, for example, 
connect to machine AC-PC001 to show something to the user or fix 
something when a user is not there.

However, smbclient -L pdc gives me only netbios names, and not IP 
addresses:

$ smbclient -L pdc
(...)
Server   Comment
----
AC-PC001
AC-PC002
How can I list workstations with their netbios names and corresponding 
IP addresses?

Tomek

--

Daniel Wilson
Systems Administrator
IT  Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road
Sunderland
SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. 
It is the responsibility of the recipient to ensure that this message and its attachments are virus free. 
Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically
stated.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] User in passdb, but getpwnam() fails!


Adi Nugraha wrote:
Hi
my problem is just like the subject, I could browse the shares with the same
username  password but I can't login to the domain, I'm using samba 3.0.2.a
with ldap backend, can anyone help me with this, I know it's been posted
before but I can't find a solution.
thanks
 

--

Daniel Wilson
Systems Administrator
IT  Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road
Sunderland
SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. 
It is the responsibility of the recipient to ensure that this message and its attachments are virus free. 
Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically
stated.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] User in passdb, but getpwnam() fails!

what is the Operating System on the samba server?
Also you need to edit your nsswitch conf file, usually
/etc/nsswitch.conf to have:
passwd: files ldap
group: files ldap
Your problem is that your OS isnt looking at ldap for its user accounts,
its also looking at your passwd file (/etc/passwd)
Adi Nugraha wrote:
Hi
my problem is just like the subject, I could browse the shares with the same
username  password but I can't login to the domain, I'm using samba 3.0.2.a
with ldap backend, can anyone help me with this, I know it's been posted
before but I can't find a solution.
thanks
 

--

Daniel Wilson
Systems Administrator
IT  Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road
Sunderland
SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be 
privileged and is for the exclusive use of the recipient.
It is the responsibility of the recipient to ensure that this message 
and its attachments are virus free.
Any views or opinions presented are solely those of the author and do 
not necessarily represent those of the University, unless otherwise 
specifically
stated.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Sync password (with MIT-kerberos server) and migration

2005-01-18 Thread Turbo Fredriksson

 FM == FM  [EMAIL PROTECTED] writes:

FM Hello turbo, It's funny that you help me in all mailing List
FM connected to ldap as a backend ;-)

Well, LDAP is my main/only interest now :)

 Use userPassword: [EMAIL PROTECTED] then ldap will 'ask'
 the KDC, and samba don't have to care...

FM Correct me if I am wrong but : UserPassword is for unix
FM password right ?  Can samba use UserPassword (so in my case,
FM sasl, so kerberos password) to authenticate the user ?

Oh, right... Sorry, don't know (yet) how samba authenticates users...
-- 
Waco, Texas president Khaddafi security Treasury 747 Serbian CIA
nuclear Uzi explosion colonel Nazi spy Mossad
[See http://www.aclu.org/echelonwatch/index.html for more about this]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Using ssh for samba authentication?

2005-01-18 Thread Igor Bukanov

I use ssh port forwarding to connect to a samba server from Windows
2000/ XP clients. But there is an annoying part that I have to enter my
password for samba shares after I already authenticated with the server
using ssh. Is there any way to setup samba so in the case of ssh
connections it would use already authenticated user name and would not
ask for any password for shares?

Regards, Igor
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Can't add new domain members to Samba PDC

2005-01-18 Thread Bob Sabine von Knobloch

Dear Samba List,
I have been running a Samba PDC (Win 2000  XP Clients) for about 1 year 
without problems. Now I find I cannot add new PCs to the domain, 
existing accounts are working fine.
It seems to be a rights issue, but I am not sure quite how to analyse it.
All attempts to add a computer account result in unknown user or wrong 
password (translated from German, may not be quite exact in English), 
although this user can and does login and use shares OK including those 
that have only ntadmins access rights.
I have,  always used this user account for this purpose and it worked in 
the past.

I am running Samba 3.0.10-1.fc2 on Fedora Core 2.
Your help would be appreciated.
Robert von Knobloch
Sample log (loglevel=10) from a single attempt to bring a new pc into 
the domain
(NetBIOS Names: Domain = KNOBLOCH, Computer = SCHLEPPTOP)
User = bob, member of group ntadmins:
Start schlepptop.log:

[2005/01/18 11:20:44, 5] smbd/uid.c:change_to_root_user(296)
 change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/01/18 11:20:44, 5] auth/auth_util.c:free_server_info(1344)
 attempting to free (and zero) a server_info structure
[2005/01/18 11:20:44, 3] smbd/reply.c:reply_ulogoffX(1249)
 ulogoffX vuid=100
[2005/01/18 11:20:44, 5] lib/util.c:show_msg(486)
[2005/01/18 11:20:44, 5] lib/util.c:show_msg(496)
 size=39
 smb_com=0x74
 smb_rcls=0
 smb_reh=0
 smb_err=0
 smb_flg=136
 smb_flg2=51201
 smb_tid=0
 smb_pid=65279
 smb_uid=100
 smb_mid=1728
 smt_wct=2
 smb_vwv[ 0]=  255 (0xFF)
 smb_vwv[ 1]=0 (0x0)
 smb_bcc=0
[2005/01/18 11:20:44, 6] lib/util_sock.c:write_socket(449)
 write_socket(5,43)
[2005/01/18 11:20:44, 6] lib/util_sock.c:write_socket(452)
 write_socket(5,43) wrote 43
[2005/01/18 11:20:44, 10] 
lib/util_sock.c:read_smb_length_return_keepalive(505)
 got smb length of 35
[2005/01/18 11:20:44, 6] smbd/process.c:process_smb(1090)
 got message type 0x0 of len 0x23
[2005/01/18 11:20:44, 3] smbd/process.c:process_smb(1091)
 Transaction 29 of length 39
[2005/01/18 11:20:44, 5] lib/util.c:show_msg(486)
[2005/01/18 11:20:44, 5] lib/util.c:show_msg(496)
 size=35
 smb_com=0x71
 smb_rcls=0
 smb_reh=0
 smb_err=0
 smb_flg=24
 smb_flg2=51207
 smb_tid=1
 smb_pid=65279
 smb_uid=100
 smb_mid=1792
 smt_wct=0
 smb_bcc=0
[2005/01/18 11:20:44, 3] smbd/process.c:switch_message(886)
 switch message SMBtdis (pid 12191) conn 0x8919948
[2005/01/18 11:20:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/18 11:20:44, 5] auth/auth_util.c:debug_nt_user_token(486)
 NT user token: (NULL)
[2005/01/18 11:20:44, 5] auth/auth_util.c:debug_unix_user_token(505)
 UNIX token of user 0
 Primary group is 0 and contains 0 supplementary groups
[2005/01/18 11:20:44, 5] smbd/uid.c:change_to_root_user(296)
 change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/01/18 11:20:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/18 11:20:44, 5] auth/auth_util.c:debug_nt_user_token(486)
 NT user token: (NULL)
[2005/01/18 11:20:44, 5] auth/auth_util.c:debug_unix_user_token(505)
 UNIX token of user 0
 Primary group is 0 and contains 0 supplementary groups
[2005/01/18 11:20:44, 5] smbd/uid.c:change_to_root_user(296)
 change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/01/18 11:20:44, 3] smbd/service.c:close_cnum(836)
 schlepptop (192.168.1.177) closed connection to service IPC$
[2005/01/18 11:20:44, 3] smbd/connection.c:yield_connection(69)
 Yielding connection to IPC$
[2005/01/18 11:20:44, 4] smbd/vfs.c:vfs_ChDir(654)
 vfs_ChDir to /
[2005/01/18 11:20:44, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/18 11:20:44, 5] auth/auth_util.c:debug_nt_user_token(486)
 NT user token: (NULL)
[2005/01/18 11:20:44, 5] auth/auth_util.c:debug_unix_user_token(505)
 UNIX token of user 0
 Primary group is 0 and contains 0 supplementary groups
[2005/01/18 11:20:44, 5] smbd/uid.c:change_to_root_user(296)
 change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/01/18 11:20:44, 5] lib/util.c:show_msg(486)
[2005/01/18 11:20:44, 5] lib/util.c:show_msg(496)
 size=35
 smb_com=0x71
 smb_rcls=0
 smb_reh=0
 smb_err=0
 smb_flg=136
 smb_flg2=51201
 smb_tid=1
 smb_pid=65279
 smb_uid=100
 smb_mid=1792
 smt_wct=0
 smb_bcc=0
[2005/01/18 11:20:44, 6] lib/util_sock.c:write_socket(449)
 write_socket(5,39)
[2005/01/18 11:20:44, 6] lib/util_sock.c:write_socket(452)
 write_socket(5,39) wrote 39
[2005/01/18 11:20:44, 10] lib/util_sock.c:read_socket_data(378)
 read_socket_data: recv of 4 returned 0. Error = Success
[2005/01/18 11:20:44, 10] lib/util_sock.c:receive_smb_raw(556)
 receive_smb_raw: length  0!
[2005/01/18 11:20:44, 3] smbd/process.c:timeout_processing(1336)
 timeout_processing: End of file from client (client has disconnected).
[2005/01/18 11:20:44, 5] lib/gencache.c:gencache_shutdown(88)
 Closing cache file
[2005/01/18 11:20:44, 5] libsmb/namecache.c:namecache_shutdown(79)
 namecache_shutdown: netbios namecache closed

Re: [Samba] Multiple winbindd processes

2005-01-18 Thread Sridhar Venkatakrishnan

Hi,
I finally made the patch and uploaded it. You can access it at the 
following URL: 
http://www.sridharv.net/samba/patch-multwinbinddpr-vs-3.0.11pre1.diff
The patch is against the samba 3.0.11pre1 release. It should work 
against 3.0.9 and 3.0.10 as well but I haven't tried it.

cd-ing into the source directory and using patch -p1 should do the trick.
Please read the REAME.winbind-patch file in the nsswitch directory 
before you start using this patch.

If you find any bugs or you think of any improvements then please let me 
know :)

Thanks
Sridhar
[EMAIL PROTECTED] wrote:
On Tuesday 11 January 2005 06:16, [EMAIL PROTECTED] wrote:
Hi,
 

I had posted in the technical list about this sometime back. However, I
don't think anything was available at that time, so I went ahead and wrote
a small patch that allows multiple winbindd process to run at the same
time :) . What it does is to create a seperate pipe for each winbindd
process. However, this would need a patch for the nss library as well and
I've only worked out a patch for the linux nss library. I'd also added a
couple of extra parameters to the smb.conf file that allowed for
specification of a list of domains that could be veto-ed or allowed. I
could send you the patch if you're interested.
   

I'm really interested. Thank you :-)
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to check IP addresses of machines in the network?

2005-01-18 Thread Thomas M. Skeren III

Daniel Wilson wrote:
try the tool that comes with samba (findsmb)?!
Tomasz Chmielewski wrote:
Hello,
This post is similar to what I posted yesterday 'smbclient -L host 
to list IP addresses - possible?'.

I have a PDC in one place and many workstations in different other 
places connected using WAN/VPN.

These workstations have rather changing IPs assigned by DHCP.
Sometimes I need to connect to these machines using VNC, for example, 
connect to machine AC-PC001 to show something to the user or fix 
something when a user is not there.

However, smbclient -L pdc gives me only netbios names, and not IP 
addresses:

use smbstatus:
PRiSM# smbstatus
Samba version 3.0.7
PID Username  Group Machine
---
16082   xxx  sm   (192.168.65.1)
14557   x   thejudge (192.168.64.190)

$ smbclient -L pdc
(...)
Server   Comment
----
AC-PC001
AC-PC002
How can I list workstations with their netbios names and 
corresponding IP addresses?

Tomek



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to check IP addresses of machines in the network?

Daniel Wilson wrote:
try the tool that comes with samba (findsmb)?!
well, it doesn't work for me or I use it in a wrong way:

# smbclient -L serwer
(...)
Server   Comment
----
PIOTRO
SERWER
So 2 machines. Now I run findsmb:
# findsmb
IP ADDR NETBIOS NAME   WORKGROUP/OS/VERSION
-
192.168.1.1SERWER   *[FRYSZTACKA] [Unix] [Samba 2.2.8a]
So one name and IP only.
Now I add broadcast, and still one host only.
# findsmb 192.168.1.255
IP ADDR NETBIOS NAME   WORKGROUP/OS/VERSION -B 192.168.1.255
-
192.168.1.1SERWER   *[FRYSZTACKA] [Unix] [Samba 2.2.8a]
The second host is reachable, I can ping it and do smbclient -L PIOTRO.
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to check IP addresses of machines in the network?

Thomas M. Skeren III wrote:
Daniel Wilson wrote:
try the tool that comes with samba (findsmb)?!
Tomasz Chmielewski wrote:
Hello,
This post is similar to what I posted yesterday 'smbclient -L host 
to list IP addresses - possible?'.

I have a PDC in one place and many workstations in different other 
places connected using WAN/VPN.

These workstations have rather changing IPs assigned by DHCP.
Sometimes I need to connect to these machines using VNC, for example, 
connect to machine AC-PC001 to show something to the user or fix 
something when a user is not there.

However, smbclient -L pdc gives me only netbios names, and not IP 
addresses:

use smbstatus:
PRiSM# smbstatus
This will list workstations that are currently connected to Samba 
server; if the workstation is not connected to Samba, it won't be shown 
with smbstatus.
So this method is not good for me.

# smbclient -L serwer
(...)
Server   Comment
----
PIOTRO
SERWER
# smbstatus
Samba version 2.2.8a
Service  uid  gid  pid machine
--
No locked files
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple winbindd processes

2005-01-18 Thread Sridhar Venkatakrishnan

I forgot to add the Makefile.in changes to the patch. I've uploaded the 
fixed version at the same URL.

Thanks
Sridhar
Sridhar Venkatakrishnan wrote:
Hi,
I finally made the patch and uploaded it. You can access it at the 
following URL: 
http://www.sridharv.net/samba/patch-multwinbinddpr-vs-3.0.11pre1.diff
The patch is against the samba 3.0.11pre1 release. It should work 
against 3.0.9 and 3.0.10 as well but I haven't tried it.

cd-ing into the source directory and using patch -p1 should do the trick.
Please read the REAME.winbind-patch file in the nsswitch directory 
before you start using this patch.

If you find any bugs or you think of any improvements then please let 
me know :)

Thanks
Sridhar
[EMAIL PROTECTED] wrote:
On Tuesday 11 January 2005 06:16, [EMAIL PROTECTED] 
wrote:

Hi,
 

I had posted in the technical list about this sometime back. However, I
don't think anything was available at that time, so I went ahead and 
wrote
a small patch that allows multiple winbindd process to run at the same
time :) . What it does is to create a seperate pipe for each winbindd
process. However, this would need a patch for the nss library as 
well and
I've only worked out a patch for the linux nss library. I'd also 
added a
couple of extra parameters to the smb.conf file that allowed for
specification of a list of domains that could be veto-ed or allowed. I
could send you the patch if you're interested.
  

I'm really interested. Thank you :-)
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] browse list problem

2005-01-18 Thread Oneill

Hi!
I use samba 3.0.10 in FreeBSD 4.10 and I've some problem with browse 
list. The network were I'm supervisor contains about 50 XP box, 1 
FreeBSD (DHCP+WINS server) and 1 Debian box (samba 3.0.10 ) which is a 
large file server. I've tryed many version of samba (3.X) but the 
problem is still here. Log files says nothing (loglevel MAX). Browse 
list die very often and I must restart samba in freeBSD box.

-All clients use hibryd nodes and dhcp allocate this + the wins server 
address.
-There is  a simple workgroup , clients not enter any DOMAIN.
-FreeBSD Samba box is preferred master, there are some lines from the 
config global section:

 security = share
 wins support = yes
 name resolve order = wins lmhosts hosts bcast
 wins proxy = no
 os level = 999
 domain master = yes
 local master = yes
 preferred master = yes
 domain logons = no
Anyone have a good idea what cause crash of the browse list?
Thanks : XelNega
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] IdealX

2005-01-18 Thread Duncan Brannen

Cheers,
Looks like our dns servers picked up an extra Authorative source 
for idealx.org

;  DiG 9.2.1  www.idealx.org
;; global options:  printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 55053
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.idealx.org.IN  A
;; ANSWER SECTION:
www.idealx.org. 74634   IN  A   12.47.46.198
;; AUTHORITY SECTION:
idealx.org. 74630   IN  NS  launtra.fumble.org.
idealx.org. 74630   IN  NS  sarajevo.idealx.com.
;; ADDITIONAL SECTION:
launtra.fumble.org. 74631   IN  A   12.47.46.198
sarajevo.idealx.com.161032  IN  A   213.41.87.90
;; Query time: 18 msec
;; SERVER: 138.251.66.46#53(138.251.66.46)
;; WHEN: Tue Jan 18 12:26:12 2005
;; MSG SIZE  rcvd: 142
Using nslookup against sarajevo.idealx.org gives me the correct address.
Noone else affected by this then?
  Duncan

At 09:56 18/01/2005, Tomasz Chmielewski wrote:
Duncan Brannen wrote:
Have IdealX.org lost their domain?  it seems to have been pinched by some 
company selling domains.
Site is partially mirrored at Idealx.com but stil links to idealx.org.
Replace idealx.org urls
with idealx.com but the samba downloadable stuff isn't there at the moment.
IdealX.org works for me from several IPs (in different locations).
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaPwdMustChange

2005-01-18 Thread kent

Another time converter is a perl script amtime.pl that can be used in
shell scripts to convert back and forth between seconds and human readable
time.

http://www.unixreview.com/documents/s=1344/ur0307g/ur0307g_script.htm


Kent N

 Patrick,

 This number is a timestamp. To figure out what day it means paste it in
 this
 url
 http://www.4webhelp.net/us/timestamp.php?action=stampstamp=timezone=0

 To set an account to never expire it´s password you have to set
 sambaacctflags to [UX]

 Regards,

 Gustavo


 - Original Message -
 From: Patrick DUBAU [EMAIL PROTECTED]
 To: samba@lists.samba.org
 Sent: Monday, January 17, 2005 1:14 PM
 Subject: [Samba] sambaPwdMustChange


 Hi,

 i have samba 3.0.10 installed with LDAP.
 I noticed few days ago that my adminsitrator account has expired. I
 think
 it's because of the sambaPwdMustChange field of LDAP. I changed the
 passwd
 now i have the value 1108741705 in it. What does it mean (when will i be
 prompted again to change my passwd) and do i have to put in this field
 so
 that the password will never expire ?

 Thanks for any help

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba


 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to check IP addresses of machines in the network?

Thomas M. Skeren III wrote:
use smbstatus:
PRiSM# smbstatus

This will list workstations that are currently connected to Samba 
server; if the workstation is not connected to Samba, it won't be 
shown with smbstatus.
So this method is not good for me.

I thought you had a PDC.  If so then when users log on, they will create 
an smb connection to the PDC.
Yes, I have a PDC, but also BDCs. PDC is somewhere else behind WAN/VPN.
So if users connect, they connect to the BDC in their respective office.
But even then I think smbstatus will show nothing some time after they 
are logged in, and certainly won't show anything if they are logged out.

smbclient -L PDC, however, will show all the machines in all offices 
(but without IP addresses).

Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] migration from 2.2.4 to 3.0.10

2005-01-18 Thread peter grotz

hi all,

I want to migrate my samba 2.2.4 pdc with roaming profiles and shares to a
new installed samba 3.0.10 pdc.
How must I go on to migrate my users and their profiles from the old server
(with smbpasswd) to the new pdc running with ldap-passbackend with out
loosing the profiles and passwords?
For the share´s and profile´s data I´m using rsync but what about the
NTUSER.dat?
Does the net vampire work with 2.2.4?

Are there any howtos for this special case?

Thanks in advance,

-Peter

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba-3.0.10 in solaris10

2005-01-18 Thread SALOME Alexandre

Hi,

I am buying a server SUN with 4 processor and work with  solaris 10,  and
I am going to install
samba-3.0.10-sol10-sparc-local.gz. 
Please: I would like to know if this version of samba is multi task (work
with more one processor)
or if all sons trials  work in only one processor)
Thank you for answer

Alexandre Salomé
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] IdealX

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Duncan Brannen wrote:
| Using nslookup against sarajevo.idealx.org gives me
| the correct address.
|
| Noone else affected by this then?
I see it as well.  I'll contact the developers.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
I never saved anything for the swim back. Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7Q9SIR7qMdg1EfYRAqsJAKDpy2TNRHgb9DfKBTsxZREs9YQ/WwCg6O2K
L1mGAeg1HAtPjcUnof1UQoc=
=O09I
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to check IP addresses of machines in the network?

Thomas M. Skeren III wrote:
Tomasz Chmielewski wrote:
Well, I run ISC-DHCP so when all else fails I check 
/var/db/dhcpd.leases.  All dhcp servers that I know of, have a way to 
check leases.

The problem is, DHCP server is in my case a small Linksys router box.
It's rather problematic to check leases there.
Second problem, I have several of these devices, so checking would be 
even more troublesome.

So, if there is no better way, I think I would have to check wins.dat 
file on a PDC machine (it's also w WINS server), it seems to have a copy 
of all netbios names with corresponding IPs.

It's not very readable, but with some parsing I think I will have what I 
want (as a html page even to make things easier).

But what if someone like me doesn't use WINS?
smbclient -L would be great if it could show IP addresses, too.
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] can't access directory although group is listen in ACL

2005-01-18 Thread Sven Pfeifer

Hi,

we are running Samba 3.0.10 on Solaris 8. I compiled Samba with ACL
support. Our Samba server is connected to our Windows 2000 AD-Domain as
a member server. wbinfo -u and wbinfo -g are working fine, so that I can
see all our Windows user and groups. Using getent group lists only my
Unix groups and just one Windows group.

And now I have the following problem when accessing a directory in our
main-share data.

One of my colleagues created the directory staff-dir within the share.
He added the Windows-group DOMAIN+staff to the ACL, using the Windows
ACL-dialog, to gain full access. We are both members of the group
DOMAIN+staff, but I'm not allowed to access. I get the error message
access denied.

TIA

Sven




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Curious timestamp bug in samba???

2005-01-18 Thread Christian Merrill

Testing indicates that when a file located on a linux samba share is 
modified from a windows client, the creation date is modified along with 
the modification date.  It appears that samba doesn't differentiate 
between the two?  I know it's relatively minor in the great scheme of 
things, but we have seen a few complaints regarding this behavior.  Any 
feedback would be welcome.

Christian
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Unable to connect to smb shares from second machine in workgroup

So you are connecting, but it seems to be rejecting just the password. 
That is odd.  Are you sure the username is valid?  What if you use 
Explorer and input \\earth\web?  It should prompt you for a user and 
password?  What if you create a new user on earth and dry to connect as 
the new user?

-Ed
:: Ed Holden
:: Administrator, Research Information Systems
:: McLean Hospital
:: Tel: (617) 855-2822
:: Web: http://research.mclean.harvard.edu/ris
Andrew DeFaria wrote:
I upped the log level to 5 and restarted Samba. From Starbase I did a 
simple:

C:\ net use w: \\earth\web
Enter the user name for 'earth': System error 1223 has occurred.
The operation was canceled by the user.
The password is invalid for \\earth\web.
The logfile follows. It seems clear that it's confused as to which user 
is requesting access and I get mapped to nobody (but I'm not nobody! I'm 
not, I'm not, I'm not!).

[2005/01/17 20:23:31, 5] smbd/connection.c:claim_connection(156)
 claiming  0
[2005/01/17 20:23:31, 5] smbd/reply.c:reply_special(152)
 init msg_type=0x81 msg_flags=0x0
[2005/01/17 20:23:31, 3] smbd/process.c:process_smb(878)
 Transaction 1 of length 137
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(275)
 size=133
 smb_com=0x72
 smb_rcls=0
 smb_reh=0
 smb_err=0
 smb_flg=24
 smb_flg2=51283
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(281)
 smb_tid=0
 smb_pid=65279
 smb_uid=0
 smb_mid=0
 smt_wct=0
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(291)
 smb_bcc=98
[2005/01/17 20:23:31, 3] smbd/process.c:switch_message(685)
 switch message SMBnegprot (pid 15356)
[2005/01/17 20:23:31, 3] smbd/sec_ctx.c:set_sec_ctx(329)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/17 20:23:31, 5] smbd/uid.c:change_to_root_user(217)
 change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342)
 Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342)
 Requested protocol [LANMAN1.0]
[2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342)
 Requested protocol [Windows for Workgroups 3.1a]
[2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342)
 Requested protocol [LM1.2X002]
[2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342)
 Requested protocol [LANMAN2.1]
[2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342)
 Requested protocol [NT LM 0.12]
[2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(426)
 Selected protocol NT LM 0.12
[2005/01/17 20:23:31, 5] smbd/negprot.c:reply_negprot(433)
 negprot index=5
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(275)
 size=86
 smb_com=0x72
 smb_rcls=0
 smb_reh=0
 smb_err=0
 smb_flg=136
 smb_flg2=1
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(281)
 smb_tid=0
 smb_pid=65279
 smb_uid=0
 smb_mid=0
 smt_wct=17
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[0]=5 (0x5)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[1]=12803 (0x3203)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[2]=256 (0x100)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[3]=1024 (0x400)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[4]=65 (0x41)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[5]=0 (0x0)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[6]=256 (0x100)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[7]=64512 (0xFC00)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[8]=59 (0x3B)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[9]=63744 (0xF900)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[10]=227 (0xE3)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[11]=32768 (0x8000)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[12]=16227 (0x3F63)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[13]=5495 (0x1577)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[14]=50429 (0xC4FD)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[15]=57345 (0xE001)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[16]=2049 (0x801)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(291)
 smb_bcc=17
[2005/01/17 20:23:31, 3] smbd/process.c:process_smb(878)
 Transaction 2 of length 150
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(275)
 size=146
 smb_com=0x73
 smb_rcls=0
 smb_reh=0
 smb_err=0
 smb_flg=24
 smb_flg2=18439
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(281)
 smb_tid=0
 smb_pid=65279
 smb_uid=0
 smb_mid=64
 smt_wct=13
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[0]=117 (0x75)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[1]=115 (0x73)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[2]=16644 (0x4104)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[3]=50 (0x32)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[4]=0 (0x0)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[5]=15356 (0x3BFC)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)
 smb_vwv[6]=0 (0x0)
[2005/01/17 20:23:31, 5] lib/util.c:show_msg(286)

Re: [Samba] Using ssh for samba authentication?

2005-01-18 Thread Truls Løkholm Bergli

On Tuesday 18 January 2005 12:20, Igor Bukanov wrote:
 I use ssh port forwarding to connect to a samba server from Windows
 2000/ XP clients. But there is an annoying part that I have to enter my
 password for samba shares after I already authenticated with the server
 using ssh. Is there any way to setup samba so in the case of ssh
 connections it would use already authenticated user name and would not
 ask for any password for shares?

How do you do the port forwarding?   I have a few ideas, but need too see how 
you start/initiate the tunnel(s).

-- 
Truls Løkholm Bergli
Student og Undervisnings Tjenester
IT-avdelinga   Uitø
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] [Fwd: password quality compliance]

2005-01-18 Thread Chris Snider

I would also like to see a force strong password feature added.

Thanks,
Chris

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:samba-
 [EMAIL PROTECTED] On Behalf Of Gerald
 (Jerry) Carter
 Sent: Monday, January 17, 2005 9:01 AM
 To: [EMAIL PROTECTED]
 Cc: samba@lists.samba.org
 Subject: Re: [Samba] [Fwd: password quality compliance]
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 fandino wrote:
 |
 | ok, I will do a more direct question.
 |
 | How is supposed Samba will prevent users from selecting
 | weak passwords?
 
 There have been several variants opf patches that would allow
 smbd to use the libcrack library to enforce string passwords.
 The final agreed upon design was never implemented to my knowlege
 (at least I don't remember seeing a patch).
 
 What we need is just a hook that allows you to call an
 external script to check the password strength.  Would be very
 easy to do.  The main issue would be good error returns from
 the script to smbd (such as dictionary word, password to
 short, etc...) and then translating these to an NTSTATUS error
 code for the client.
 
 If you are interested in implementing this, I'd take it up
 on the samba-technical mailing list.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Users with changed passwords can't log on remotely (but can locally)

(I submitted this last week, but hopefully someone who knows the 
intricacies of secrets.tdb and machine migrations will read this ...)

I migrated a complete Samba configuration from an old server to a new 
one, including the entire /etc/samba directory and all user accounts. 
At first, no clients were aware that anything had changed.  But when I 
changed the passwords of two users they suddenly couldn't connect. 
Doesn't matter whether it's the old or new password - Samba rejects it 
as invalid.  I even tried to change the passwords back to what they 
were, with no success.  Oddly, they can both connect fine from the 
server itself when I do this:

 smbclient -L 127.0.0.1 -U username
 Password:
 ...
But when I issue the same command from a remote machine, it fails:
 smbclient -L servername.domain.com -U username
 Password:
 session setup failed: NT_STATUS_LOGON_FAILURE
Local OK, remote bad.  It boggles the mind.  Here are some things I've 
tried:

- I made sure that the UIDs all match.
- I made sure that the new server has the old server's local SID, and 
that the users' SIDs matched the machine SID.

- I disabled the firewall.
- I made sure the old server is off.
So this really is a case of Samba rejecting a login for a remote machine 
but allowing the same login locally - but only for users with changed 
passwords.  It's version 3.0.2a, which came with Yellow Dog Linux. 
I'm guessing it's something in the secrets.tdb database, though when I 
delete the database and Samba recreates it, the problems are not solved. 
 Anyone ever seen anything like this?

Thanks in advance,
Ed
--
:: Ed Holden
:: Administrator, Research Information Systems
:: McLean Hospital
:: Tel: (617) 855-2822
:: Web: http://research.mclean.harvard.edu/ris
Any information, including protected health information (PHI), transmitted
in this email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential and or
exempt from disclosure under applicable Federal or State law. Any review,
retransmission, dissemination or other use of or taking of any action in
reliance upon, protected health information (PHI) by persons or entities other
than the intended recipient is prohibited. If you received this email in error,
please contact the sender and delete the material from any computer.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Users with changed passwords can't log on remotely (but can locally)

Ed Holden wrote:
I migrated a complete Samba configuration from an old server to a new 
one, including the entire /etc/samba directory and all user accounts. At 
first, no clients were aware that anything had changed.  But when I 
changed the passwords of two users they suddenly couldn't connect. 

 Anyone ever seen anything like this?

Could you try joining to domain (I assume you have some PDC?) from the 
workstation the user can't log in once again?

Maybe there are troubles with machine passwords, joining domain once 
again should solve it, or there are two or more machines in LAN with the 
same netbios name etc.

Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using ssh for samba authentication?

2005-01-18 Thread Igor Bukanov

Truls Løkholm Bergli wrote:
On Tuesday 18 January 2005 12:20, Igor Bukanov wrote:
I use ssh port forwarding to connect to a samba server from Windows
2000/ XP clients. But there is an annoying part that I have to enter my
password for samba shares after I already authenticated with the server
using ssh. Is there any way to setup samba so in the case of ssh
connections it would use already authenticated user name and would not
ask for any password for shares?

How do you do the port forwarding?   
Using either cygwin ssh port and running from command prompt on windows 
box:
ssh -L 139:127.0.0.1:139 [EMAIL PROTECTED]

or via similar configuration using PuTTY
Regards, Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using ssh for samba authentication?

2005-01-18 Thread ml

On Tue, 18 Jan 2005 15:29:59 +0100, Truls L#248;kholm Bergli
[EMAIL PROTECTED] said:
 On Tuesday 18 January 2005 12:20, Igor Bukanov wrote:
  I use ssh port forwarding to connect to a samba server from Windows
  2000/ XP clients. But there is an annoying part that I have to enter my
  password for samba shares after I already authenticated with the server
  using ssh. Is there any way to setup samba so in the case of ssh
  connections it would use already authenticated user name and would not
  ask for any password for shares?
 
 How do you do the port forwarding?

Using either cygwin ssh port and running from command prompt on windows
box:
ssh -L 139:127.0.0.1:139 [EMAIL PROTECTED]

or via similar configuration using PuTTY

Regards, Igor
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Users with changed passwords can't log on remotely (but can locally)

Actually it's not a PDC.  Most of the clients are Mac OS X, with a few 
Windows machines here and there, so no client machines are actually 
joined to the domain.  The issue is purely with connecting.

-Ed
:: Ed Holden
:: Administrator, Research Information Systems
:: McLean Hospital
:: Tel: (617) 855-2822
:: Web: http://research.mclean.harvard.edu/ris
Tomasz Chmielewski wrote:
Ed Holden wrote:
I migrated a complete Samba configuration from an old server to a new 
one, including the entire /etc/samba directory and all user accounts. 
At first, no clients were aware that anything had changed.  But when I 
changed the passwords of two users they suddenly couldn't connect. 

 Anyone ever seen anything like this?

Could you try joining to domain (I assume you have some PDC?) from the 
workstation the user can't log in once again?

Maybe there are troubles with machine passwords, joining domain once 
again should solve it, or there are two or more machines in LAN with the 
same netbios name etc.

Tomek

Any information, including protected health information (PHI), transmitted
in this email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential and or
exempt from disclosure under applicable Federal or State law. Any review,
retransmission, dissemination or other use of or taking of any action in
reliance upon, protected health information (PHI) by persons or entities other
than the intended recipient is prohibited. If you received this email in error,
please contact the sender and delete the material from any computer.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Curious timestamp bug in samba???

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christian Merrill wrote:
| Testing indicates that when a file located on a linux
| samba share is  modified from a windows client, the creation
| date is modified along with the modification date.  It
| appears that samba doesn't differentiate  between the two?
| I know it's relatively minor in the great scheme of
| things, but we have seen a few complaints regarding
| this behavior.  Any feedback would be welcome.
See 'man 2 stat'.  This is one of the semantic differences
between UNIX file systems and Win32 ones.



cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
I never saved anything for the swim back. Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7STwIR7qMdg1EfYRAgvUAJwI213RzNe856f4HztjSGmT4963bgCguMaD
DucKexq8MiYrQyChmPrJQLw=
=6qEi
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem adding user to Administrator list

Hi, all,

We are using Samba 3.0.10 with an LDAP backend. 
It's been working fine for a long time.

One strange thing that has come up today : I cannot add 1 specific domain 
user to the local Administrator group of Windows servers that are also in 
the domain. 
Adding the user to the admin group on a workstation works just fine. 
Adding other users to the admin group on the Windows servers works fine as 
well. 

It is just this one user that is being refused. 

This is the logging from Samba : (for the failing user edockx)

[2005/01/18 15:37:00, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: edockx

This is the logging for another user : 

[2005/01/18 15:37:16, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
  init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
  init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
  init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez

Any thoughts ? 

(Sorry about the lengthy message)




Regards,

Bert De Ridder

PeopleWare NV - Head Office
Cdt.Weynsstraat 85 
B-2660 Hoboken 
Tel: +32 3 448.33.38 
Fax: +32 3 448.32.66 

PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14 57.00.90
Fax: +32 14 58.13.25

http://www.peopleware.be 
http://www.mobileware.be 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem adding user to Administrator list - part 2

It gets even weirder than that : it seems that this particular user has 
not been authentication against the PDC for some time now; (so, using 
cached data from his pc)
If he tries to log on to another machine in the domain, the machine 
complaints that the domain is not available. 
(The system cannot log you on now because the domain PEOPLEWARE is not 
available)

NO entries are being made in the samba logs. 




Regards,

Bert De Ridder

PeopleWare NV - Head Office
Cdt.Weynsstraat 85 
B-2660 Hoboken 
Tel: +32 3 448.33.38 
Fax: +32 3 448.32.66 

PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14 57.00.90
Fax: +32 14 58.13.25

http://www.peopleware.be 
http://www.mobileware.be 



[EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
18/01/2005 16:09

To
samba@lists.samba.org
cc

Subject
[Samba] Problem adding user to Administrator list






Hi, all,

We are using Samba 3.0.10 with an LDAP backend. 
It's been working fine for a long time.

One strange thing that has come up today : I cannot add 1 specific domain 
user to the local Administrator group of Windows servers that are also in 
the domain. 
Adding the user to the admin group on a workstation works just fine. 
Adding other users to the admin group on the Windows servers works fine as 

well. 

It is just this one user that is being refused. 

This is the logging from Samba : (for the failing user edockx)

[2005/01/18 15:37:00, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: edockx

This is the logging for another user : 

[2005/01/18 15:37:16, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
  init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
  init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
  init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: bpottiez

Any thoughts ? 

(Sorry about the lengthy message)




Regards,

Bert De Ridder

PeopleWare NV - Head Office
Cdt.Weynsstraat 85 
B-2660 Hoboken 
Tel: +32 3 448.33.38 
Fax: +32 3 448.32.66 

PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14

Re: [Samba] Curious timestamp bug in samba???

2005-01-18 Thread Christian Merrill

Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christian Merrill wrote:
| Testing indicates that when a file located on a linux
| samba share is  modified from a windows client, the creation
| date is modified along with the modification date.  It
| appears that samba doesn't differentiate  between the two?
| I know it's relatively minor in the great scheme of
| things, but we have seen a few complaints regarding
| this behavior.  Any feedback would be welcome.
See 'man 2 stat'.  This is one of the semantic differences
between UNIX file systems and Win32 ones.



cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
I never saved anything for the swim back. Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7STwIR7qMdg1EfYRAgvUAJwI213RzNe856f4HztjSGmT4963bgCguMaD
DucKexq8MiYrQyChmPrJQLw=
=6qEi
-END PGP SIGNATURE-
I'm an idiot, thanks for the quick feedback.
Christian
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] NetBIOS across subnets

2005-01-18 Thread Misty Stanley-Jones

Hi all,

I would like two Samba servers to be able to talk to each other via NetBIOS.  
The problem is that they are on two different subnets.  I have enabled 
broadcast ping on the routers, and the servers can each ping the other subnet 
with no trouble.  The two relevant IPs are 192.168.1.101 and 192.168.2.3.  
There is a T1 between two Cisco routers, and IP routing is all set up. 

Currently 192.168.1.x is the CORP domain. Samba PDC is acting as the WINS 
server.

192.168.2.x is the FURN server, and its Samba PDC is acting as its WINS 
server.

My Windows systems in CORP can browse to the FURN domain and see systems in 
it.

My Windows systems in FURN can browse to the CORP domain but can't see any 
systems in it.

Neither of my PDCs can see the other, so they cannot establish a trust.

Relevant settings for CORP PDC are:
wins support = yes
os level = 100
preferred master = yes
domain master = yes
remote announce = 192.168.2.255/CORP
remote browse sync = 192.168.2.255
name resolve order = bcast wins lmhosts host  (there is no lmhosts or host)
allow trusted domains = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

Relevant settings for FURN PDC are:
os level = 99
dns proxy = Yes
wins support = Yes
wins proxy = Yes
os level = 100
preferred master = yes
domain master = yes
local master = yes
remote announce = 192.168.1.255/FURN
remote browse sync = 192.168.1.255
# I put this one in to try to get it to hear the other server's broadcasts 
-- did not work 
   interfaces = 127.0.0.1 192.168.2.3/255.255.0.0
name resolve order = bcast wins lmhosts host
allow trusted domains = yes

Both servers are 3.0.11pre1.  Both are DHCP servers as well.  They are pushing 
out netbios server settings to the clients as follows:

CORP:
option netbios-name-servers 192.168.1.101, 192.168.2.3;
option netbios-node-type 8;

FURN:
option netbios-name-servers 192.168.2.3;
option netbios-node-type 8;

The fact that FURN is not giving out CORP as a netbios server might be 
significant why the users can't see CORP's computers, but it doesn't explain 
why the domains can't see each other.

If anybody has any information on how I can make this work I would love it.  I 
did look in Samba 3 By Example but it doesn't really go into the networking 
side of it at all.

Thanks,
Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem adding user to Administrator list - part 2

[EMAIL PROTECTED] wrote:
It gets even weirder than that : it seems that this particular user has 
not been authentication against the PDC for some time now; (so, using 
cached data from his pc)
If he tries to log on to another machine in the domain, the machine 
complaints that the domain is not available. 
(The system cannot log you on now because the domain PEOPLEWARE is not 
available)

NO entries are being made in the samba logs. 
I had similar symptoms when there were problems with name resolution and 
too restrictive firewall (The system cannot log you on now because the 
domain PEOPLEWARE is not available, NO entries are being made in the 
samba logs).

Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaPwdMustChange

2005-01-18 Thread Ryan Novosielski

Does this flag now do something? Last I checked, X was unused.
 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - User Support Spec. III
|$| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
On Mon, 17 Jan 2005, Gustavo Lima wrote:
Patrick,
This number is a timestamp. To figure out what day it means paste it in this 
url http://www.4webhelp.net/us/timestamp.php?action=stampstamp=timezone=0

To set an account to never expire it´s password you have to set 
sambaacctflags to [UX]

Regards,
Gustavo
- Original Message - From: Patrick DUBAU 
[EMAIL PROTECTED]
To: samba@lists.samba.org
Sent: Monday, January 17, 2005 1:14 PM
Subject: [Samba] sambaPwdMustChange


Hi,
i have samba 3.0.10 installed with LDAP.
I noticed few days ago that my adminsitrator account has expired. I think 
it's because of the sambaPwdMustChange field of LDAP. I changed the passwd 
now i have the value 1108741705 in it. What does it mean (when will i be 
prompted again to change my passwd) and do i have to put in this field so 
that the password will never expire ?

Thanks for any help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] lpq: Unknown destination pdf!

2005-01-18 Thread Ryan Novosielski

What I do personally is use the print spooler software to create PDF's, 
not Samba, so my destination actually exists. You could create a print 
queue called PDF that does nothing... or probably changing your lpq 
command would work, but I believe that's still global. Just some ideas. 
check 'man smb.conf' to test them.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - User Support Spec. III
|$| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
On Mon, 17 Jan 2005, Gregor Guncar wrote:
Hi!
How can I get rid off lpq: Unknown destination pdf! warning message in my 
/var/log/samba/smbd file. I have a pdf maker defined
in my smb.conf as follows and it works allright:
...
[pdf]
  comment = PDF creator
  printing = bsd
  path = /var/tmp
  printable = yes
  print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z
  create mask = 0600
  browseable = no
  guest ok = no
Thank you,
Gregor
--
___
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NetBIOS across subnets

Misty Stanley-Jones wrote:
 Hi all,

 I would like two Samba servers to be able to talk to each other via 
NetBIOS.  The problem is that they are on two different subnets.  I have 
enabled broadcast ping on the routers, and the servers can each ping the 
other subnet with no trouble.  The two relevant IPs are 192.168.1.101 
and 192.168.2.3.  There is a T1 between two Cisco routers, and IP 
routing is all set up.
 Currently 192.168.1.x is the CORP domain. Samba PDC is acting as the 
WINS server.

 192.168.2.x is the FURN server, and its Samba PDC is acting as its 
WINS server.

In my opinion, it is wrong.
On one server, set:
wins support = yes
On the other:
wins server = 192.168.5.2  # (IP of the first one)
wins proxy = yes
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Smbmount and permission denied

2005-01-18 Thread MATHIEU FRANCOIS-XAVIER

Hello,

Note that I found many place with similar problem, but I don't understand
any solution. Can you help me ?

I use Samba 3.0.10 on a Suse 8.2. 

My goal is to mount a shared directory from a XP machine to a directory on
my linux.

* I have created a directory in order to mount the XP directory
* a ls -l show me this directory
* I mount the XP directory with a valid command : smbmount
//be2a03xc/pmlist /home/team/monsysrv -o
username=NT_user,password=NT_password,workgroup=BE001
* This command gives no error message and mount command shows me that all
seems to be correct.
* When I do a ls -l, I see no more this directory, but I can enter in it
with cd
* a ls -l of this directory gives me permission denied.
* strange ? No ?

If you have any tips or additional question in order to solve this very
strange problem, do not hesitate to respond to me.

Kind regards,
François
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NetBIOS across subnets

Tomasz Chmielewski wrote:
  Currently 192.168.1.x is the CORP domain. Samba PDC is acting as the 
WINS server.
 
  192.168.2.x is the FURN server, and its Samba PDC is acting as its 
WINS server.

In my opinion, it is wrong.
On one server, set:
wins support = yes
On the other:
wins server = 192.168.5.2  # (IP of the first one)
wins proxy = yes
you will also have to allow certain hosts/subnets on each server:
hosts allow = 192.168.0. 192.168.5.2 127.0.0.1
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem adding user to Administrator list - part 2

Ok, I disabled the win firewall on the machine,and indeed I got another 
:-(  error message 

'A device attached to this system is not functioning'

Trying another user on the same machine without changing anything (on the 
same login window) : no problem




Regards, 

Bert De Ridder

PeopleWare NV - Head Office
Cdt.Weynsstraat 85 
B-2660 Hoboken 
Tel: +32 3 448.33.38 
Fax: +32 3 448.32.66 

PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14 57.00.90
Fax: +32 14 58.13.25

http://www.peopleware.be 
http://www.mobileware.be 



Tomasz Chmielewski [EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
18/01/2005 16:35

To
samba@lists.samba.org
cc

Subject
Re: [Samba] Problem adding user to Administrator list - part 2






[EMAIL PROTECTED] wrote:
 It gets even weirder than that : it seems that this particular user has 
 not been authentication against the PDC for some time now; (so, using 
 cached data from his pc)
 If he tries to log on to another machine in the domain, the machine 
 complaints that the domain is not available. 
 (The system cannot log you on now because the domain PEOPLEWARE is not 
 available)
 
 NO entries are being made in the samba logs. 

I had similar symptoms when there were problems with name resolution and 
too restrictive firewall (The system cannot log you on now because the 
domain PEOPLEWARE is not available, NO entries are being made in the 
samba logs).


Tomek

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbmount and permission denied

2005-01-18 Thread Tom Skeren

MATHIEU FRANCOIS-XAVIER wrote:
Hello,
Note that I found many place with similar problem, but I don't understand
any solution. Can you help me ?
I use Samba 3.0.10 on a Suse 8.2. 
 

On SuSE 9.2 I use
mount -t smbfs -U=user //machine_name/share /local/directory.  I think 
that's the right structure.  Sorry don't use linux much.

My goal is to mount a shared directory from a XP machine to a directory on
my linux.
* I have created a directory in order to mount the XP directory
* a ls -l show me this directory
* I mount the XP directory with a valid command : smbmount
//be2a03xc/pmlist /home/team/monsysrv -o
username=NT_user,password=NT_password,workgroup=BE001
* This command gives no error message and mount command shows me that all
seems to be correct.
* When I do a ls -l, I see no more this directory, but I can enter in it
with cd
* a ls -l of this directory gives me permission denied.
* strange ? No ?
If you have any tips or additional question in order to solve this very
strange problem, do not hesitate to respond to me.
Kind regards,
François
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NetBIOS across subnets

Misty Stanley-Jones wrote:
On Tuesday 18 January 2005 10:49, Tomasz Chmielewski wrote:
In my opinion, it is wrong.
On one server, set:
wins support = yes
On the other:
wins server = 192.168.5.2  # (IP of the first one)
wins proxy = yes

I did this, and I think it MIGHT have worked.  Not sure.  I get this:
oink:/usr/local/samba/var/locks # net rpc trustdom establish furn
Password:
Could not connect to server FURNSRV
Trust to domain FURN established
urnsrv:/usr/local/samba/var/locks # net rpc trustdom establish corp
Password:
Could not connect to server CORPSRV
Trust to domain CORP established
How in the world do I know if it worked or not.  Going to check it now.  
Either way those errors certainly are sending mixed signals.

It only will let me connect as a guest.  I don't know if that's the expected 
behavior -- need to read more.  The more important this is being able to join 
a domain on a different subnet, as that is what needs to happen when I 
combine the two domains into one.

don't know about joining a domain from another network - never tried.
I only tried joining the same domain (although in a different network).
This is how it works for me:
In the Network neighbourhood of your windows machine you should see 
hosts from both networks.

smbclient -L server should list hosts from each network.
Another problem you might have is too restrictive firewall between the 
two subnets - you will see the hosts, will be able to browse, but won't 
be able to join the domain.

Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Trying to get my local profile to sync with my roaming profile

2005-01-18 Thread Richmond Dyes

I am having a problem getting my original local profile to sync with my 
new roaming profile on a FC2 samba 3.0.9 server.  I have a user called 
John Doe who logs into a machine as a local user.  In samba his name 
is jdoe and I use the smbusers file to map him to John Doe.  When I 
decided to move from a workgroup set up to a domain setup my problem is 
now the roaming profile domain/jdoe does not sync with the 
localmahine/John Doe account.  Does anyone have an answer to this issue?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Tutorial: Samba as NT4 Primary Domain Controller

2005-01-18 Thread Pascal de Bruijn

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I'm writing a tutorial with which people can easily setup a Samba
machine as a NT4 Primary Domain Controller (using CentOS 3).
I'm handling just about everything that's related:
- - NTP
- - DHCP
- - Samba
- - SNMP
and more...
Note that this is only a preliminary version, it may contain errors.
But I'd really appriciate any kind of feedback!
http://members.home.nl/keizerflipje/sambapdc/samba.pdf
Regards,
Pascal de Bruijn
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7TweOauq/dYfFnQRAkOrAJ4hw02FRd0ejYXuq6KurKMvDJ8qogCdGZwL
+ojQNeI6ERjtQzBEgHPnCAg=
=joRI
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: samba periodically access the disk even when idle ?

2005-01-18 Thread gary ng

I have already tried to put smb.conf to /tmp which is
mounted to tmpfs but the disk access continues. I have
no idea why. 

--- Tomasz Chmielewski [EMAIL PROTECTED] wrote:

 Wil Cooley wrote:
  On 2005-01-18, gary ng [EMAIL PROTECTED]
 wrote:
  
  
 does samba server access the disk periodically
 even it
 is not serving any client ? I am trying to setup a
 home server which is not frequently used and set
 the
 HD to spin down after 60s inactivity. But it get
 kicks
 up again apparently by samba(stoping samba and the
 disk won't spin up anymore). I think it is a 3
 minute
 or so interval.
 
 Is there a way to tell it not to as I can
 sacrifice
 some performance in exchange for much less noise
 and
 some power savings.
  
  
  Short of a good answer, here's a guess: Logging
 with disk buffering.
  Set your loglevel to 0 and see if it stops.
 
 doesn't it also look into smb.conf periodically for
 changes? I'm not 
 sure if it can be disabled, though (putting this
 file in ramdisk would 
 be a solution if there is no other way to stop Samba
 from looking into 
 that file).
 
 
 Tomek
 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: samba periodically access the disk even when idle ?

gary ng wrote:
I have already tried to put smb.conf to /tmp which is
mounted to tmpfs but the disk access continues. I have
no idea why. 
you might also try:
lsof -n|grep smbd
lsof -n|grep nmbd
This will list any files opened by Samba.
Maybe you will find anything that could be read/written by Samba.
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 2k / NT4 trust and local/global groups

2005-01-18 Thread Spaceboy

Hi,
Got a 2k ADS server with a trust to NT4 PDC...
what I'm trying to achieve is to have users on the NT4 PDC assigned to 
security groups in Win2k AD, with Samba joined to the AD and 
authenticating users in AD.

I have the NT4 - 2k trust working fine both directions.
Samba has been joined to the 2k AD realm.
Running wbinfo -g I can see 2k global groups and NT4 groups however I 
cannot see 2k local domain groups.

The problem with this arrangement is that NT4 users can only be members 
of a 2k local domain group, and not a global group.

so, 2k local groups contain the users I want to authenticate, but I can 
only see 2k global groups (which can't contain NT users).

catch-22
any ideas?
I've tried creating global groups containing local domain groups - no joy.
I'm running in mixed mode for the trust to work.
any help / suggestions appreciated.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[samba] trustdoms

hello
i have setup two domains UNI-STAFF and UNI-STUD, both point at same ldap 
for auth and have different  domainSID's

What i would like but dont know how to do is
*Both domains to appear in the Windows Domain logon Box
*Accounts (in LDAP) which have the UNI-STAFF sambaSID to be able to 
logon to the UNI-STAFF domain (or UNI-STUD as i think this is how trusts 
work)
*Accounts (in LDAP) which have the UNI-STUD sambaSID to be only able to 
logon to the UNI-STUD domain

The important thing is students cant login to the staff domain.
i know i need to use the net rpc trustdom establish domain and 
smbpasswd -a -i domain  commands but i am not sure which command on 
which domain, i have tried and anyone can logon to any domain?

also which domain does the machines need to be added to? also which SID 
should my groups use ?

Any help?
--

Daniel Wilson
Systems Administrator
IT  Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road
Sunderland
SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. 
It is the responsibility of the recipient to ensure that this message and its attachments are virus free. 
Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically
stated.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Finished print jobs, Samba 3.0.9

2005-01-18 Thread Taylor, Marc

Has there been any further progress on the finished print jobs piling up
issue?  In the last few emails there was mention of a fix by Monday.
 
Any updates would be greatly appreciated.
 
If this is the wrong forum to ask about this please let me know and I
will post to the correct forum.
 
Marc Taylor
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Finished print jobs, Samba 3.0.9

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Taylor, Marc wrote:
| Has there been any further progress on the finished
| print jobs piling up issue?  In the last few emails
| there was mention of a fix by Monday.
|
| Any updates would be greatly appreciated.
I've got an increasing number of reports that this is
fixed in the latest SAMBA 3.0 svn code.
See https://bugzilla.samba.org/show_bug.cgi?id=2170
for detauls.


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7UpnIR7qMdg1EfYRAjq8AKCltrVA7cnDhgTV1l4V6/GIzAtTwACfajBk
xzVPtwPFs7jewboo5tv7ZGw=
=leJR
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbind PDC error

2005-01-18 Thread Xavier Callejas

Hola.

Hi.

I have an error when I try to run: wbinfo -u from the PDC itself (samba 3, 
FC3), I have runing winbind, smb, nmb on the PDC, this is the error:

[EMAIL PROTECTED] media]# wbinfo -u
Error looking up domain users

This is my smb.conf:
-
[global]
	workgroup = DOMAIN
	netbios name = brain
	server string = Controlador de dominio
	os level = 30
	debug level = 10
	max log size = 50
	log file = /var/log/samba/%m.log

# PDC
 	domain logons = yes
	preferred master = yes
	domain master = Yes
	logon drive = H:
	logon home = 
	logon path =
	# \\%L\%u\.w9xprfl
	time server = yes

# Usuarios y passwords
	smb passwd file = /etc/samba/smbpasswd
	encrypt passwords = yes
	username map = /etc/samba/smbusers
	unix password sync = Yes

	# Programas auxiliares y scripts
		passwd program = /usr/bin/passwd %u
		passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*
		add machine script = /usr/sbin/adduser -n -g machines -c Machine 
-d /dev/null -s /bin/false %u
		add user script = /usr/sbin/adduser -g users -s /bin/false -d /sbin/nologin 
-m %u
		delete user script = /usr/sbin/userdel -r %u
		add group script = /usr/sbin/groupadd %g
		delete group script = /usr/sbin/groupdel %g
		add user to group script = /usr/sbin/usermod -G %g %u

# Note: The following specifies the default logon script.
	logon script = %G.bat

# This sets the default profile path. Set per user paths with pdbedit
#	logon path = \\%L\profiles\mswprfl

# Impresi'on
	printcap name = cups
	cups options = raw
	printing = cups
	load printers = no
	printer admin = xavier,@root, root, @ntadmin, administrator

# Winbind
	idmap uid = 15000-2
	idmap gid = 15000-2
	winbind separator = +
#	winbind enable local accounts = yes
#	winbind trusted domains only = yes
#template primary group = Domain Users
#	winbind use default domain = yes
# Misc.
	wins support = yes
	getwd cache = yes
	admin users = xavier , root, @root
	#security = user
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	nt status support = yes
	template shell = /bin/bash

--

But when I run in the same server this command, there is no err:

		[EMAIL PROTECTED] squid]# net rpc testjoin
		Join to 'IBCINC' is OK
and:

		[EMAIL PROTECTED] squid]# wbinfo -t
		checking the trust secret via RPC calls succeeded

Why I can not list the usrs with wbinfo -u in the PDC server??? but if I do 
wbinfo -u from a smb client with a machine trust account in the domain, there 
is no problem linting the users.

-- 
Xavier Callejas

El Salvador
E-Mail + MSN: xcallejas at ibcinc.com.sv
ICQ: 6224
--
Open your Mind, use Open Source.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Users with changed passwords can't log on remotely (but can locally)

Ed Holden wrote:
Actually it's not a PDC.  Most of the clients are Mac OS X, with a few 
Windows machines here and there, so no client machines are actually 
joined to the domain.  The issue is purely with connecting.
so what do you mean by logging in? browsing a share protected with 
username/password, or what?

Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Unable to connect to smb shares from second machine in workgroup

2005-01-18 Thread Andrew DeFaria

Ed Holden wrote:
So you are connecting, but it seems to be rejecting just the password. 
That is odd.
As I said, it also appears that the SMB server is unaware of the machine 
named Starbase. Remember nmblookup is unable to locate the machine named 
Starbase.

Are you sure the username is valid?
Yes. Only one username is in play here, albeit mapped on the Linux 
machine, and that's Andrew DeFaria. It's the same username on Voyager 
and the same username on Starbase. Remember Starbase used to occupy 
Voyager's place. And smbusers maps Andrew DeFaria - andrew, which is 
my username on the Linux box Earth.

And remember, this mapping is currently working from Voyager\Andrew 
DeFaria - [EMAIL PROTECTED] Also, Starbase\Andrew DeFaria can map shares 
from Voyager and Voyager\Andrew DeFaria can map shares from Starbase. 
Voyager\Andrew DeFaria can map shares from Earth. It's only 
Starbase\Andrew DeFaria that cannot map shares nor browse shares on 
Earth. Note that Starbase can browse into the workgroup Universe and it 
sees some share names there (It sees Web for example, and a couple 
others, but not all of the ones that Voyager sees). If, however, I 
attempt to browse into Web, for instance, the username/password dialog 
box pops up and as I said, no username password combination works! :-( .

What if you use Explorer and input \\earth\web?  It should prompt you 
for a user and password?
Yes I do this all the time, usually as the test case. Yes it does prompt 
for a username/password. I have tried all of 
[Earth|Voyager|Starbase]\Andrew DeFaria. I've also tried 
[Earth|Voyager|Starbase]\andrew. Nothing works, with the one and only 
password for Starbase\Andrew DeFaria and [EMAIL PROTECTED] The password is 
the same for all user IDs being used here.

If I browse from Voyager to \\earth\web I get in no dialogs or prompts 
or problems.

What if you create a new user on earth and dry to connect as the new 
user?
Interesting and I will try that. However how exactly do I state that new 
user? Do you mean in the username/password dialog box presented on 
Starbase when I browse to \\earth\web I specify a username of say 
earth\root and then root's password. I believe I tried that. Didn't 
work, but I could try it again (actually I see that smbusers has a 
mapping for root - administrator and admin. Perhaps I should try 
earth\administrator?
--
I have six locks on my door all in a row. When I go out, I lock every 
other one. I figure no matter how long somebody stands there picking the 
locks, they are always locking three.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smb_add_request times out

2005-01-18 Thread Andrea Viana da Silva

have you sucsess about that ? i'm having the same problem, could you
help me?

-- 
Andrea Viana da Silva [EMAIL PROTECTED]
CSP Controle e Automaao Ltda
BRAZIL


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] request [*] timed out!

2005-01-18 Thread Andrea Viana da Silva

Diogo, verifiquei que vc estava nas listas devido ao samba. Voc
consegui resolver, pode me ajudar?
-- 
Andrea Viana da Silva [EMAIL PROTECTED]
CSP Controle e Automaao Ltda


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] auth samba+squid+ntlm

2005-01-18 Thread Xavier Callejas

Hi.

I need to use the ntlm_auth module to auth. users so a group can use Internet 
and other not, using squid. The users that belong to Internet group may use 
Internet.

I've being looking for info. about this but there is no much info. in google.

Until now this is the only info. that I had found:

for squid.conf:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp 
--require-membership-of=dominio+Internet

the dominio+internet: I made proof of dominio\internet , 
dominio\\internet and always there is an error like this:

[2005/01/18 11:58:23, 0] utils/ntlm_auth.c:get_require_membership_sid(237)
  Winbindd lookupname failed to resolve dominio+Internet into a SID!

so I tried the SID:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp 
--require-membership-of=S-1-5-21-2357639956-1676252757-504000632-2005

and:

[2005/01/18 11:59:20, 10] utils/ntlm_auth.c:manage_squid_request(1610)
  Got 'ibcinc+xavier acacadac' from squid (length: 22).
[2005/01/18 11:59:21, 3] utils/ntlm_auth.c:check_plaintext_auth(292)
  NT_STATUS_OK: Success (0x0)
OK

But, even doing this (putting the SID) the users can't be authenticated by the 
server. Squid and the smb PDC are the same box, is this possible???

this the error from log when a user run its web browser and ask for a 
user/password:

Jan 18 12:12:16 brain kernel: audit(1106071936.271:0): avc:  denied  
{ getattr } for  pid=17126 exe=/usr/bin/ntlm_auth path=/var/run/winbindd/pipe 
dev=hda7 ino=108681 scontext=root:system_r:squid_t 
tcontext=root:object_r:var_run_t tclass=sock_file

this are the permissions on the /var/cache/samba:
-rw---  1 root root   8192 ene 13 00:02 account_policy.tdb
-rw-r--r--  1 root root   8192 ene 17 08:52 brlock.tdb
-rw-r--r--  1 root root695 ene 18 12:13 browse.dat
-rw-r--r--  1 root root  16384 ene 14 08:00 connections.tdb
-rw-r--r--  1 root root   8192 ene 13 00:10 gencache.tdb
-rw---  1 root root   8192 ene 13 00:02 group_mapping.tdb
-rw-r--r--  1 root root  16384 ene 17 08:52 locking.tdb
-rw---  1 root root  16384 ene 14 08:56 messages.tdb
-rw-r--r--  1 root root  11438 ene 16 04:02 namelist.debug
-rw---  1 root root   8192 ene 13 03:50 netsamlogon_cache.tdb
-rw---  1 root root   8192 ene 13 00:02 ntdrivers.tdb
-rw---  1 root root696 ene 13 00:02 ntforms.tdb
-rw---  1 root root   8192 ene 13 00:02 ntprinters.tdb
drwxr-xr-x  2 root root   4096 ene 13 00:02 printing
-rw---  1 root root   8192 ene 13 00:02 registry.tdb
-rw-r--r--  1 root root  24576 ene 14 08:00 sessionid.tdb
-rw---  1 root root   8192 ene 13 00:02 share_info.tdb
-rw-r--r--  1 root root   8192 ene 13 19:08 unexpected.tdb
-rw---  1 root root  20172 ene 14 14:15 winbindd_cache.tdb
-rw-r--r--  1 root root   8192 ene 13 00:21 winbindd_idmap.tdb
drwxr-x---  2 root squid  4096 ene 14 14:15 winbindd_privileged
-rw-r--r--  1 root root   1523 ene 18 12:12 wins.dat

What can I do???

thanks!

-- 
Xavier Callejas

E-Mail + MSN: xcallejas at ibcinc.com.sv
ICQ: 6224
--
Open your Mind, use Open Source.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Tutorial: Samba as NT4 Primary Domain Controller

2005-01-18 Thread Pascal de Bruijn

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tomasz Chmielewski wrote:
| Pascal de Bruijn wrote:
|
| -BEGIN PGP SIGNED MESSAGE-
| Hash: SHA1
|
| Hello,
|
| I'm writing a tutorial with which people can easily setup a Samba
| machine as a NT4 Primary Domain Controller (using CentOS 3).
|
| I'm handling just about everything that's related:
| - - NTP
| - - DHCP
| - - Samba
| - - SNMP
| and more...
|
| Note that this is only a preliminary version, it may contain errors.
| But I'd really appriciate any kind of feedback!
|
| http://members.home.nl/keizerflipje/sambapdc/samba.pdf
|
|
| I just looked through that document very fast, (as I already have my PDC
| running), but didn't see anything about keeping password in an LDAP
| database.
| As I remember, this part (LDAP) was troublesome for me.
|
| It would be also nice to hear about software
| installation/updates/deploayment on clients, controlled from the PDC/BDC
| - I use WPKG for that - http://wpkg.sf.net
|
| My 3 cents, you asked for that :)
|
|
| Tomek
|
Hi,
Well LDAP is beyond the target scope of my article... It's intended for
small businesses only.
I really didn't want to both with LDAP, as I have no use for it... at
least not yet anyway...
And application deploy might be a thought for the future...
Thanks for your thoughts,
Pascal de Bruijn
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7VsrOauq/dYfFnQRAjCwAJ49SKfrCt4J03gKly2xbHh5mojF3wCeJlNG
NOaYjnsFritwACD4biPlPco=
=1Du8
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind fails to connect to \PIPE\NETLOGON with 3.0.10 and 3.0.9

2005-01-18 Thread Tom Dickson

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joining a mixed 2000 domain worked correctly for Samba 3.0.2a.
After upgrading to either samba 3.0.9 or 3.0.10, the net ads join command
completes successfully, and wbinfo -u returns a list of users, but any attempt 
to
actually authenticate those users fails with NT_STATUS_PIPE_NOT_AVAILABLE.
wbinfo -t also does not work, and produces the log file attached. The smb.conf 
is
identical to the 3.0.2 version. Joining in NT4 (rpc) mode works correctly. Are
there changes to the smb.conf that I am not aware of?
wbinfo -a bob
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc064)
error messsage was: No such user
Could not authenticate user bob with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc064)
error messsage was: No such user
Could not authenticate user bob with challenge/response
which produces these logs:
[2005/01/18 10:58:48, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(464)
~  [25073]: pam auth crap domain: MIXEDDOMAIN user: [EMAIL PROTECTED]
[2005/01/18 10:58:48, 8] lib/util.c:is_myname(1797)
~  is_myname(MIXEDDOMAIN) returns 1
[2005/01/18 10:58:48, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(498)
~  Authentication for domain MIXEDDOMAIN (local domain to this server) not
supported at this stage
[2005/01/18 10:58:48, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(637)
~  NTLM CRAP authentication for user [EMAIL PROTECTED] returned
NT_STATUS_NO_SUCH_USER (PAM: 10)
[2005/01/18 10:58:48, 10] nsswitch/winbindd.c:client_write(524)
I know my domain isn't that great, but is it really crap? :)
- -Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFB7Vp42dxAfYNwANIRAhbrAKCXeupnutlsB8z+enwchiaq8SHg0gCbBriN
EiFXyR1dq2ZhG4UyABVqiJo=
=SF8s
-END PGP SIGNATURE-
[2005/01/18 10:45:50, 10] nsswitch/winbindd.c:client_write(558)
  client_write: client_write: complete response written.
[2005/01/18 10:45:50, 6] nsswitch/winbindd.c:new_connection(356)
  accepted socket 20
[2005/01/18 10:45:50, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2005/01/18 10:45:50, 5] nsswitch/winbindd.c:winbind_client_read(475)
  read failed on sock 18, pid 22958: EOF
[2005/01/18 10:45:50, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/01/18 10:45:50, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn ENDPWENT
[2005/01/18 10:45:50, 3] nsswitch/winbindd_user.c:winbindd_endpwent(375)
  [22958]: endpwent
[2005/01/18 10:45:50, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/01/18 10:45:50, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2005/01/18 10:45:50, 5] nsswitch/winbindd.c:winbind_client_read(475)
  read failed on sock 20, pid 22958: EOF
[2005/01/18 10:45:53, 6] nsswitch/winbindd.c:new_connection(356)
  accepted socket 18
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn INTERFACE_VERSION
[2005/01/18 10:45:53, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [22964]: request interface version
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/01/18 10:45:53, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [22964]: request location of privileged pipe
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:client_write(569)
  client_write: need to write 35 extra data bytes.
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 35 bytes.
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:client_write(558)
  client_write: client_write: complete response written.
[2005/01/18 10:45:53, 6] nsswitch/winbindd.c:new_connection(356)
  accepted socket 20
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2005/01/18 10:45:53, 5] nsswitch/winbindd.c:winbind_client_read(475)
  read failed on sock 18, pid 22964: EOF
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/01/18 10:45:53, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn

Re: [Samba] how to check IP addresses of machines in the network?

2005-01-18 Thread Nick Soracco

Tomek, 

So you know the netbios name of the machine you want to access, but not
it's IP address.  My suggestion would be to modify the
/etc/nsswitch.conf file on whichever machine you need to VNC from.

Find the line containing hosts: files,dns (or something to that
effect) and appends wins to that list, eg: hosts: files,dns,wins

Now your machine should resolve netbios names as well as IP addresses,
so you could type: 'vncviewer SERWER:0' and be on your way.

There's also the nmblookup tool, which might be easier to use if you
don't have root access to modify nsswitch.conf.  

HTH,

-- Nick

p.s.: first post to this list, hope I followed the correct etiquette. 
p.p.s: the above suggestion works with Samba 3, I'm not sure about samba
2.2 or older.

Tomasz Chmielewski Wrote:
 So, if there is no better way, I think I would have to check wins.dat 
 file on a PDC machine (it's also w WINS server), it seems to have a
 copy 
 of all netbios names with corresponding IPs.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] user-rights

2005-01-18 Thread M. Buchbach

Hello!

 

I've got some problems with the user-rights setting to my linux-machine.

I want to create a file-server-system with samba where I can create a
copy-directory, too. To this copy-directory every person, who can connect to
the samba-machine, should be able to write through this directory and to
make changes on documents, like word-documents, which are saved in this
directory.

My problem is that only the person, who has created a file through this
directory, is able to make changes on this file. Other persons only can open
this file to watch the content. I have no idea, which options I must change
in the smb.conf-file so that every person is able to make changes on every
file that is saved in the copy-directory.

 

The security-level is set to user-security and every person connects with a
username and a password to the samba-machine.

 

Can anyone help me to solve my problem?

 

Thanks!

 

Buchbach

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Users with changed passwords can't log on remotely (but can locally)

Yes.  I have a share called NRL Folders  I can't browse it or any 
other shares.  On the local machine I can; that is, on the server I can 
use the smbclient to connect to 127.0.0.1 and list shares that way.  But 
not from another machine.

It's not a network thing, because it is user-specific.  Any user who has 
been added, or who has had his or her password changed, since the 
migration to the new machine cannot log on from other computers (but can 
connect with smbclient on 127.0.0.1).  So I assumed it was a problem 
related to secrets.tdb, since the names of the machines have changed and 
I know this sort of thing is in the secrets.tdb file.

-Ed
:: Ed Holden
:: Administrator, Research Information Systems
:: McLean Hospital
:: Tel: (617) 855-2822
:: Web: http://research.mclean.harvard.edu/ris
Tomasz Chmielewski wrote:
Ed Holden wrote:
Actually it's not a PDC.  Most of the clients are Mac OS X, with a few 
Windows machines here and there, so no client machines are actually 
joined to the domain.  The issue is purely with connecting.

so what do you mean by logging in? browsing a share protected with 
username/password, or what?

Tomek

Any information, including protected health information (PHI), transmitted
in this email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential and or
exempt from disclosure under applicable Federal or State law. Any review,
retransmission, dissemination or other use of or taking of any action in
reliance upon, protected health information (PHI) by persons or entities other
than the intended recipient is prohibited. If you received this email in error,
please contact the sender and delete the material from any computer.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Using ssh for samba authentication?

2005-01-18 Thread Jim C.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| I use ssh port forwarding to connect to a samba server from Windows
...
| ask for any password for shares?
Why not set ssh up for public key auth?  Coupled with Samba's own
encryption, it should be secure enough. ;-)
Jim C.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7Wgs57L0B7uXm9oRAptVAJ0XO5hOyTsvr3LGfJsjVOvUu0ln/ACfahD0
LKKCycfEbpZinPSV6JkQcK8=
=HDEt
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Entry in username-map being ignored

2005-01-18 Thread Michael St. Laurent

Samba version 3.0.10 seems to be ignoring the map file on my system.  I have
the line:

root = administrator

in the file but when the administrator account tries to access the system
the add user script is run for the user administrator.

-- 
Michael St. Laurent
Hartwell Corporation
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Users with changed passwords can't log on remotely (but can locally)

Ed Holden wrote:
Yes.  I have a share called NRL Folders  I can't browse it or any 
other shares.  On the local machine I can; that is, on the server I can 
use the smbclient to connect to 127.0.0.1 and list shares that way.  But 
not from another machine.

It's not a network thing, because it is user-specific.  Any user who has 
been added, or who has had his or her password changed, since the 
migration to the new machine cannot log on from other computers (but can 
connect with smbclient on 127.0.0.1).  So I assumed it was a problem 
related to secrets.tdb, since the names of the machines have changed and 
I know this sort of thing is in the secrets.tdb file.
So we can assume this has nothing to do with machine passwords, as it's 
not needed for browsing shares.

The only thing that comes to my mind is:
hosts allow =
hosts deny =
users allow =
etc.
in smb.conf - but I'm sure you already checked that?
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Users with changed passwords can't log on remotely (but can locally)

Yeah, I've checked that.  I have none of those settings enabled.  I did 
a diff between this smb.conf and the one on the old server, and they are 
identical.

-Ed
:: Ed Holden
:: Administrator, Research Information Systems
:: McLean Hospital
:: Tel: (617) 855-2822
:: Web: http://research.mclean.harvard.edu/ris
Tomasz Chmielewski wrote:
Ed Holden wrote:
Yes.  I have a share called NRL Folders  I can't browse it or any 
other shares.  On the local machine I can; that is, on the server I 
can use the smbclient to connect to 127.0.0.1 and list shares that 
way.  But not from another machine.

It's not a network thing, because it is user-specific.  Any user who 
has been added, or who has had his or her password changed, since the 
migration to the new machine cannot log on from other computers (but 
can connect with smbclient on 127.0.0.1).  So I assumed it was a 
problem related to secrets.tdb, since the names of the machines have 
changed and I know this sort of thing is in the secrets.tdb file.

So we can assume this has nothing to do with machine passwords, as it's 
not needed for browsing shares.

The only thing that comes to my mind is:
hosts allow =
hosts deny =
users allow =
etc.
in smb.conf - but I'm sure you already checked that?
Tomek

Any information, including protected health information (PHI), transmitted
in this email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential and or
exempt from disclosure under applicable Federal or State law. Any review,
retransmission, dissemination or other use of or taking of any action in
reliance upon, protected health information (PHI) by persons or entities other
than the intended recipient is prohibited. If you received this email in error,
please contact the sender and delete the material from any computer.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to check IP addresses of machines in the network?

Nick Soracco wrote:
Tomek, 

So you know the netbios name of the machine you want to access, but not
it's IP address.  My suggestion would be to modify the
/etc/nsswitch.conf file on whichever machine you need to VNC from.
Find the line containing hosts: files,dns (or something to that
effect) and appends wins to that list, eg: hosts: files,dns,wins
Now your machine should resolve netbios names as well as IP addresses,
so you could type: 'vncviewer SERWER:0' and be on your way.
this might work, but again, not in my case.
1) this network is separated from the others, that means that people 
that will VNC to these hosts don't use the same WINS/DNS - that's one 
problem (they can reach by IP only),

2) people that will VNC are rather windows technicians, helping with 
software etc. So they should enter a page: https://PDC/hosts - and then 
see list of hosts with corresponding IPs - after seeing that, they 
should know where to VNC.

So I guess I will stick with my WINS idea of parsing wins.dat file.
But smbclient -L --show-ips pdc  /var/www/html/hosts run from a cronjob 
would be so much easier - I will probably spend an hour to figure out 
how to parse wins.dat file to remove unnecessary stuff.
Well, one hour is about what I spent writing on this topic to the list 
anyway :))


There's also the nmblookup tool, which might be easier to use if you
don't have root access to modify nsswitch.conf.  


p.s.: first post to this list, hope I followed the correct etiquette. 
you should quote below the post / appropriate sentences etc. :)
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and ACL's

2005-01-18 Thread Travis Bullock

Hey All,

I am trying to get Samba to work with winbind and ACL's on Fedora Core 2. So
far so good as far as getting winbind to work with Samba but I am having
trouble getting Samba to recognize ACL's. I am wondering if there is a
command I can run to determine if my Samba install is ACL capable...

Any ideas?

Cheers,

Travis

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Entry in username-map being ignored

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael St. Laurent wrote:
| Samba version 3.0.10 seems to be ignoring the map file on my
| system.  I have the line:
|
| root = administrator
|
| in the file but when the administrator account tries to
| access the system the add user script is run for the
| user administrator.
Are you using either 'security = domain' or 'security = ads' ?
If so then read the WHATSNEW.  This change was documented
several releases back.  If not, then we'll need more details.
The username map works fine in my tests.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
I never saved anything for the swim back. Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7W6UIR7qMdg1EfYRAijQAJ9T0vhKpDxOQwqHAAjXvJHH6T6DcQCfcX5i
1hls3gLcxmznJ+jO/9XGg1A=
=IXyJ
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Users with changed passwords can't log on remotely (but can locally)

Ed Holden wrote:
Yeah, I've checked that.  I have none of those settings enabled.  I did 
a diff between this smb.conf and the one on the old server, and they are 
identical.
shouldn't you at least specify hosts allow?
it's getting late so my memory weakens... did you paste your config for 
that share here, and also samba logs when you try to browse this share 
(maybe with increased verbosity)?

Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: auth samba+squid+ntlm

2005-01-18 Thread Kevin Kobb

Xavier Callejas wrote:
Hi.
I need to use the ntlm_auth module to auth. users so a group can use Internet 
and other not, using squid. The users that belong to Internet group may use 
Internet.

I've being looking for info. about this but there is no much info. in google.
Until now this is the only info. that I had found:
for squid.conf:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp 
--require-membership-of=dominio+Internet

the dominio+internet: I made proof of dominio\internet , 
dominio\\internet and always there is an error like this:

[2005/01/18 11:58:23, 0] utils/ntlm_auth.c:get_require_membership_sid(237)
  Winbindd lookupname failed to resolve dominio+Internet into a SID!
so I tried the SID:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp 
--require-membership-of=S-1-5-21-2357639956-1676252757-504000632-2005

and:
[2005/01/18 11:59:20, 10] utils/ntlm_auth.c:manage_squid_request(1610)
  Got 'ibcinc+xavier acacadac' from squid (length: 22).
[2005/01/18 11:59:21, 3] utils/ntlm_auth.c:check_plaintext_auth(292)
  NT_STATUS_OK: Success (0x0)
OK
But, even doing this (putting the SID) the users can't be authenticated by the 
server. Squid and the smb PDC are the same box, is this possible???

this the error from log when a user run its web browser and ask for a 
user/password:

Is your winbind separator = + in the smb.conf file? By the first 
example you gave, I believe it should be.

On my box to get the --require-membership-of=domain.group to work, I 
had to tack on --username=%LOGIN as well. After that, it works like a 
champ.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Entry in username-map being ignored

2005-01-18 Thread Michael St. Laurent

Gerald (Jerry) Carter mailto:[EMAIL PROTECTED] wrote:
 Samba version 3.0.10 seems to be ignoring the map file on my system.
 I have the line: 
 
 root = administrator
 
 in the file but when the administrator account tries to
 access the system the add user script is run for the
 user administrator.
 
 Are you using either 'security = domain' or 'security = ads' ?
 If so then read the WHATSNEW.  This change was documented
 several releases back.  If not, then we'll need more details.
 The username map works fine in my tests.

Yes, security = domain.

Okay, got it.  I need to prefix the Windows login with the Domain so the
line should read:

root = OURDOMAIN\administrator

Thanks for the pointer.

-- 
Michael St. Laurent
Hartwell Corporation
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: auth samba+squid+ntlm

2005-01-18 Thread Andrew Bartlett

On Tue, 2005-01-18 at 15:20 -0500, Kevin Kobb wrote:

 On my box to get the --require-membership-of=domain.group to work, I 
 had to tack on --username=%LOGIN as well. After that, it works like a 
 champ.

I'm really not sure what you are doing there, but I can't see how --
username=%LOGON does anything...

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Winbind fails to connect to \PIPE\NETLOGON with 3.0.10 and 3.0.9

2005-01-18 Thread Tom Dickson

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
O.k. I've nailed the change down to the upgrade from 3.0.2a to 3.0.3. I'm going 
to
try and figure out what changed there.
Tom Dickson wrote:
| Joining a mixed 2000 domain worked correctly for Samba 3.0.2a.
|
| After upgrading to either samba 3.0.9 or 3.0.10, the net ads join command
| completes successfully, and wbinfo -u returns a list of users, but any
| attempt to
| actually authenticate those users fails with NT_STATUS_PIPE_NOT_AVAILABLE.
|
| wbinfo -t also does not work, and produces the log file attached. The
| smb.conf is
| identical to the 3.0.2 version. Joining in NT4 (rpc) mode works
| correctly. Are
| there changes to the smb.conf that I am not aware of?
|
| wbinfo -a bob
| plaintext password authentication failed
| error code was NT_STATUS_NO_SUCH_USER (0xc064)
| error messsage was: No such user
| Could not authenticate user bob with plaintext password
| challenge/response password authentication failed
| error code was NT_STATUS_NO_SUCH_USER (0xc064)
| error messsage was: No such user
| Could not authenticate user bob with challenge/response
|
| which produces these logs:
|
| [2005/01/18 10:58:48, 3]
| nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(464)
| ~  [25073]: pam auth crap domain: MIXEDDOMAIN user: [EMAIL PROTECTED]
| [2005/01/18 10:58:48, 8] lib/util.c:is_myname(1797)
| ~  is_myname(MIXEDDOMAIN) returns 1
| [2005/01/18 10:58:48, 3]
| nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(498)
| ~  Authentication for domain MIXEDDOMAIN (local domain to this server) not
| supported at this stage
| [2005/01/18 10:58:48, 2]
| nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(637)
| ~  NTLM CRAP authentication for user
| [EMAIL PROTECTED] returned
| NT_STATUS_NO_SUCH_USER (PAM: 10)
| [2005/01/18 10:58:48, 10] nsswitch/winbindd.c:client_write(524)
|
| I know my domain isn't that great, but is it really crap? :)
|
| -Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFB7XU12dxAfYNwANIRAj0OAJ9YaUmWwtDBJurneIWu7kYn/49YsgCeOWZr
pfNQQxGLV61l2/kmQ8zOMhE=
=O14x
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] [Fwd: password quality compliance]

2005-01-18 Thread Andrew Bartlett

On Tue, 2005-01-18 at 08:31 -0600, Chris Snider wrote:
 I would also like to see a force strong password feature added.

Which is has been.  Simo did the dirty work, and packaged my cracklib
code into an example app, and setup a 'script' hook to call it.  The
parameter missed documentation for a while, but should be in the latest
snapshot as 'check password script', with the cracklib code in
examples/auth/crackcheck.

(By using a script, simo allowed the silly exit(1) behaviour of cracklib
to continue, without killing smbd).

Hmm, we should make this a little easier to find - I was looking under
'password quality script' originally...

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [Fwd: password quality compliance]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew Bartlett wrote:
| Which is has been.  Simo did the dirty work, and packaged
| my cracklib code into an example app, and setup a 'script' hook
| to call it.  The parameter missed documentation for a while,
| but should be in the latest snapshot as 'check password script',
| with the cracklib code in examples/auth/crackcheck.
Ahh...I forgot about that that.  Thanks Andrew.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
I never saved anything for the swim back. Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7Xj2IR7qMdg1EfYRAtR6AJwNl28TRCe9ZevFRPAYjImtMI3b7wCfehQD
c8Qxh6WwQkisnTL253fSeAY=
=IZSp
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Re: Re: Question about win2000 and samba

2005-01-18 Thread Marco De Vitis

On 23/12/2004 Bart Hendrix wrote:
When I go to my computer, I see a red cross in every sharemapping. But
when I click on the sharemapping it seems to work fine end I can see
al files.

On 24/12/2004 Gémes Géza wrote:
Changed the NICs and other hardware (even the servers), and of course
the Samba release (a couple of times) since the problem first apeared in
2001 (then we got our first Win2k workstations). I haven't inspected
Samba logs (yet) haunting for such simptoms, but I've did it many times

Indeed, today I finally replaced the NIC on the machine which is giving me
the exact same problem, to no avail: the red crosses remained.

Small reminder: I manage a network of 12 Win2000 machines connected to a
Samba PDC and file server, and only one of them is having this problem.
The machine is almost identical to another one, both in hardware and
software (the OS was cloned from the other one); the main difference is
that it has a Pioneer DVD burner, beside the regular CD reader, and Nero
installed.

I already had the same problem in the past, which I eventually discovered
was caused by the installation of Easy CD Creator 5.

So, recalling something about past problems with Easy CD Creator, here's
what I did today: I removed the Upperfilters and Lowerfilters values from
the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
(I hope that's the right number at the end, I'm not at that machine now
and copied it from a MS article; anyway the two values were something like
Cdr4_2K and Cdralw2k.)

I then only had the possibility to test the machine for a few minutes, but
the problem seemed to be gone (it usually appeared right from login or
very soon after).

Can you try doing the same? Do a backup of the registry key before
deleting those values, you never know.

Please make me know if it helps, thanks.

--
Ciao,
Marco.

...You Had It Coming, Jeff Beck 2001

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Using ssh for samba authentication?

2005-01-18 Thread Igor Bukanov


On Tue, 18 Jan 2005 11:49:00 -0800, Jim C. [EMAIL PROTECTED]
said:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 | I use ssh port forwarding to connect to a samba server from Windows
 ...
 | ask for any password for shares?
 
 Why not set ssh up for public key auth?  Coupled with Samba's own
 encryption, it should be secure enough. ;-)

I already use public key authentication in ssh and for this reason the
additional password typing is annoyance that can potentially leak
passwords. So I thought that maybe there was a way to start samba from
ssh connection and assume that user already authentificated among the
lines of sftp subsystem in ssh.

Regards, Igor
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Permission denied when using RCS from windows with Samba 3.0.10

2005-01-18 Thread Bill Williams

We just upgraded our server to run Mandrake 10.1.  It is using kernel 
2.6.8 and we are now using Samba 3.0.10.

I am using the RCS commands on a Windows XP Professional computer. 
Before the upgrade, I had no problem checking files out with the co -l 
command no matter who owned the file.

Now I get a Permission denied error unless I'm the owner of the RCS 
control file.

The delete readonly option is set to yes but does not seem to be helping.
Any suggestions would be greatly appreciated.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: auth samba+squid+ntlm

2005-01-18 Thread Kevin Kobb

Andrew Bartlett wrote:
On Tue, 2005-01-18 at 15:20 -0500, Kevin Kobb wrote:

On my box to get the --require-membership-of=domain.group to work, I 
had to tack on --username=%LOGIN as well. After that, it works like a 
champ.

I'm really not sure what you are doing there, but I can't see how --
username=%LOGON does anything...
Andrew Bartlett

Well silly me. I swear at one time without this I couldn't get squid to 
work by AD group membership. However, I took it out and can indeed still 
get out with squid.

I have updated my OS and Samba since I set this config up many months 
ago, so maybe it was a problem, or perhaps I was just being foolish, 
which is probably much more likely ;-)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Finished print jobs, Samba 3.0.9

2005-01-18 Thread Thomas Bork

Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Taylor, Marc wrote:
| Has there been any further progress on the finished
| print jobs piling up issue?  In the last few emails
| there was mention of a fix by Monday.
|
| Any updates would be greatly appreciated.
I've got an increasing number of reports that this is
fixed in the latest SAMBA 3.0 svn code.
See https://bugzilla.samba.org/show_bug.cgi?id=2170
for detauls.
copying a mail to you:
###
Gerald (Jerry) Carter wrote:
 | printing/printing.c: In function `print_cache_expired':
 | printing/printing.c:1038: warning: passing arg 3 of `tdb_fetch_uint32'
 | from incompatible pointer type
 |
 | Could this be a problem?

 I don't think so.  The warning is from a cast of time_t* to uint32*.

 I'll look at the other messages soon.
here is an really good prepared log from the print queue update problem 
from Maximilian Pasternak:

http://download.eisfair.org/tombork/test/log.zip
Maybe it will take up to one hour till you can download the zipped log.
This is from 3.0.11pre1 with the little patch release_print_db(pdb);
###
Are there other fixes for the problem in SVN other than printig patch 
post 3.0.10v2 + patch release_print_db(pdb);?
Can you look at the log in

http://download.eisfair.org/tombork/test/log.zip
please?
der tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Windows XP deletes read-only files. Windows 98 does not.

2005-01-18 Thread Kuan Leng

Hi,
Perhaps someone can help. 
Recently, my office was set up with a new server and new XP machines.
The server is on Samba.
After porting files into the the server, the files can only be 
'read-only' by other machines.
Any suggestions?

Thanks in advance
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem adding user to Administrator list

2005-01-18 Thread Robert Schetterer

Hi,
i noticed this too
at my last ldap pdc smb setup with 3.0.10
i cant add any user to the Administrators group, this worked
in former versions of samba with an equal ldap setup, i opened a bug in 
bugzilla about that.
But maybe this is now by design , and i missed a changelog entry about that
Regards
.

[EMAIL PROTECTED] schrieb:
Hi, all,
We are using Samba 3.0.10 with an LDAP backend. 
It's been working fine for a long time.

One strange thing that has come up today : I cannot add 1 specific domain 
user to the local Administrator group of Windows servers that are also in 
the domain. 
Adding the user to the admin group on a workstation works just fine. 
Adding other users to the admin group on the Windows servers works fine as 
well. 

It is just this one user that is being refused. 

This is the logging from Samba : (for the failing user edockx)
[2005/01/18 15:37:00, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: edockx
[2005/01/18 15:37:00, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: edockx

This is the logging for another user : 

[2005/01/18 15:37:16, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
 init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
 init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
 init_group_from_ldap: Entry found for group: 100
[2005/01/18 15:37:16, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain PEOPLEWARE - 
S-1-5-21-2146849782-3868185098-1
958755654
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez
[2005/01/18 15:37:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: bpottiez

Any thoughts ? 

(Sorry about the lengthy message)

Regards,
Bert De Ridder
PeopleWare NV - Head Office
Cdt.Weynsstraat 85 
B-2660 Hoboken 
Tel: +32 3 448.33.38 
Fax: +32 3 448.32.66 

PeopleWare NV - Branch Office Geel
Kleinhoefstraat 5
B-2440 Geel
Tel: +32 14 57.00.90
Fax: +32 14 58.13.25
http://www.peopleware.be 
http://www.mobileware.be 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] missing smbpasswd program

2005-01-18 Thread John Brondyke

I am new to linux and am playing with debian woody trying to get samba working. 
 I have inadvertently deleted or some how corrupted the smbpasswd program file. 
 I have tried uninstalling and reinstalling the samba package but with no luck. 
 I am wondering how to get this file back.  Note it is not the smbpasswd 
database file but the program
 
Thanks in advance.
 
john


 
leap and the net will appear - zen saying
 
 






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Finished print jobs, Samba 3.0.9

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thomas Bork wrote:
| http://download.eisfair.org/tombork/test/log.zip
Yes.  I know.  I'm still working on that log file.   But I
have to finish up one more file on the privilege support for
3.0.11.  All I said is that some people are reporting success
with the current 3.0 code in svn.  Not everyone obviously.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
I never saved anything for the swim back. Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7Zu7IR7qMdg1EfYRApPvAKCQraobkiYsoT7jIpncdX0cKrzUrgCglGnO
Ua4HrI64UbUY4Adwjx8s1/U=
=G9HM
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] About access the samba server through VPN connection

2005-01-18 Thread Thomas M. Skeren III

John Wong wrote:

Dear all,

We are facing the problem for accessing the samba server through the VPN
connection.
  

How's the VPN done?

And  also using the samba-2.2.3a-6 with the Red Hat Linux 7.3 (Kernel
2.4.18-3).
  

Really old version. You should upgrade.

Any solution can provide??

Best regards,
John


  



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] windows problem with samba

2005-01-18 Thread (Anders Ma)

hi,
  Now I have tow computers, one is RH9 linux  , the other is windows 2000. I 
have configed samba 3.0.7  running on  linux, so  windows could share linux 
computer's files.
But there's a problem :  when windows using network neighborhood connect  linux 
samba server, I login into a folder using account and password for this folder, 
 windows will
remember this account and password,  and now I couldn't login into another 
folder using account and password for that folder until I use net use * /del 
command,
who can help me resolve this problem or who can analyse this problem detailedly?

Best regard
Anders Ma

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] About access the samba server through VPN connection

2005-01-18 Thread John Wong

Dear all,

Is there any restriction for access the samba server through the VPN
connection.

We are trying to do the remote access the samba server through the VPN
client.  And the VPN server isn't apply any rule for blocking any service.

Any suggestion we can do???

Best regards,
John Wong



-Original Message-
From: Thomas M. Skeren III [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 19, 2005 9:43 AM
To: John Wong
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] About access the samba server through VPN
connection


John Wong wrote:

Dear all,

We are facing the problem for accessing the samba server through the VPN
connection.


How's the VPN done?

And  also using the samba-2.2.3a-6 with the Red Hat Linux 7.3 (Kernel
2.4.18-3).


Really old version. You should upgrade.

Any solution can provide??

Best regards,
John







-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem adding user to Administrator list - part 2

This is the output from net groupmap list :

root (S-1-5-21-2146849782-3868185098-1958755654-512) - Domain Admins
Domain Users (S-1-5-21-2146849782-3868185098-1958755654-513) - Domain 
Users
Backup Operators (S-1-5-21-2146849782-3868185098-1958755654-551) - Backup 
Operators
Replicator (S-1-5-21-2146849782-3868185098-1958755654-552) - Replicator
Domain Computers (S-1-5-21-2146849782-3868185098-1958755654-553) - Domain 
Computers
users (S-1-5-21-2146849782-3868185098-1958755654-3001) - users
management (S-1-5-21-2146849782-3868185098-1958755654-1205) - management
projectgroup (S-1-5-21-2146849782-3868185098-1958755654-1207) - 
projectgroup
accounting (S-1-5-21-2146849782-3868185098-1958755654-1209) - accounting
lan (S-1-5-21-2146849782-3868185098-1958755654-1211) - lan
PPTP_USERS (S-1-5-21-2146849782-3868185098-1958755654-1205) - PPTP_USERS

Bert 





Thomas Bork [EMAIL PROTECTED] 
18-01-2005 17:20

To
[EMAIL PROTECTED]
cc

Subject
Re: [Samba] Problem adding user to Administrator list - part 2






Hi Bert,

 Ok, I disabled the win firewall on the machine,and indeed I got another 
 :-(  error message 
 
 'A device attached to this system is not functioning'

double mapping of Domain Admin Group?
Show net groupmap list.


der tom

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem adding user to Administrator list - part 2